当前位置：网站首页>How to realize secret computation without knowing the secret value?
How to realize secret computation without knowing the secret value?
20201208 12:28:55 【Ontology】
In the last issue, we introduced what is “ secure multiparty computation ”： It is an important area of data privacy protection, which was introduced by Mr. Yao Qizhi, a Turing prize winner, through the millionaire problem .
This is from the Internet
Yao's million question can be expressed as ：Alice and Bob It's two millionaires , They want to know who is richer , But they don't want to reveal any information about their wealth to each other . In this case , Both sides don't want to reveal their true information , Compare the wealth of two people , And give credible proof .
We from
1.1 Security model （ Malicious adversary model ）
1.2 Circuit selection （ Boolean circuits and arithmetic circuits ）
Two aspects are introduced . This issue will focus on the calculation process .
Previous review ? Under the premise of fully protecting privacy , How to know about two “ Horse Dad ” Who is richer ？
2. The calculation process
In the case of arithmetic circuit model and malicious adversary model , Secure multiparty computation can be reduced to the following problem ： Suppose and have two secret values respectively （ be called secret）, How to make the participants without knowing （ except I know , know ） Work out the sum ？
1. First of all, we should let all the participants get the relevant information , That is, how to disclose part of the information to the participants . Secret sharing （Secret Sharing） The solution is an important way to solve this problem . Consider from the characteristics of arithmetic circuits , Linear secret sharing is a good way to think about it . One of the simplest ways , namely , Random selection , bring , And let the corresponding participants grasp , Each is called a participant about share. This process can be implemented as follows ： Every random selection , And tell , Set up . It can be noted that , This random selection process can be completed in advance by preprocessing before calculation , In the calculation process, as long as the random number selected in advance can be told to the data owner .
2. Suppose each participant has secretly owned and , And satisfy and . here , We need to consider how to add and multiply .
 For addition , Yes . therefore , It's very simple for addition , Each participant can add their secret values together , namely
And the result .
 Multiplication is a little more complicated .. In order to ensure safety , This will involve public key cryptography . therefore , The amount of calculation in this step is relatively large .
Using the idea of randomization to establish a preprocessing process can reduce the amount of calculation . Suppose there are random values that satisfy , Design and , that Well . therefore , Think of sum as a constant , If each participant grasps satisfaction , and , Then each participant only needs to do a simple linear calculation
And the result .
What you can see is , The value of is selected randomly , It has nothing to do with , It can be established in advance by preprocessing . therefore , The question becomes how to randomize the participants Of , And meet the conditions .
In every known case , Each can compute and broadcast locally and . When participants receive all and , Add to get the sum .
2.1 The guarantee of correct calculation
In the process of operation , There's an important question to consider , How to know that the participants have calculated correctly , That is, how to ensure that the correct values are calculated and published .
This is from the Internet
Because secrets are shared linearly , Message authentication code using linear structure （Message Authentication Code,MAC） Certification is the right choice . Through 1 and 2 Calculation method of , You can see ,MAC It is also required to provide a calculation method in accordance with these two formulas , That is the two one. MAC Value addition ,MAC Value multiplication constant ,MAC Value plus constant .
This is from the Internet
An effective way to reduce the amount of data is to use global MAC programme , Using the same key pair secret Conduct authentication . without doubt , This violates the onetime Principles of use , Linearly constructed MAC Will no longer be safe . A common way to solve this problem is to construct time Of MAC. Another consideration is to disperse authentication key and authentication code , After the calculation , Combine the key and authentication code to verify .
Because of the dispersion of authentication codes and keys ,MAC Can be simplified to . At the same time, we need to satisfy MAC The calculation of additive constants requires , The final MAC structure by , Where is a constant （ Take zero ）. The key can be defined as , Where is the random number selected by the participants . therefore , Also need to be certified . The authentication is achieved by holding the key , To authenticate . meanwhile , The certification results also need to be decentralized , The process of dispersion is similar to that of share The dispersion of .
To be continued ......
▿ Click on the past to read the original
This article is from WeChat official account.  Ontology Research Institute （ontologyresearch） , author ：0x6d78
The source and reprint of the original text are detailed in the text , If there is any infringement , Please contact the yunjia_community@tencent.com Delete .
Original publication time ： 20201124
Participation of this paper Tencent cloud media sharing plan , You are welcome to join us , share .
版权声明
本文为[Ontology]所创，转载请带上原文链接，感谢
https://chowdera.com/2020/12/20201208122832798x.html
边栏推荐
 C++ 数字、string和char*的转换
 C++学习——centos7上部署C++开发环境
 C++学习——一步步学会写Makefile
 C++学习——临时对象的产生与优化
 C++学习——对象的引用的用法
 C++编程经验（6）：使用C++风格的类型转换
 Won the CKA + CKS certificate with the highest gold content in kubernetes in 31 days!
 C + + number, string and char * conversion
 C + + Learning  capacity() and resize() in C + +
 C + + Learning  about code performance optimization
猜你喜欢

C + + programming experience (6): using C + + style type conversion

Latest party and government work report ppt  Park ppt

在线身份证号码提取生日工具

Online ID number extraction birthday tool

️野指针？悬空指针？️ 一文带你搞懂！

Field pointer? Dangling pointer? This article will help you understand!

HCNA Routing＆Switching之GVRP

GVRP of hcna Routing & Switching

Seq2Seq实现闲聊机器人

【闲聊机器人】seq2seq模型的原理
随机推荐
 LeetCode 91. 解码方法
 Seq2seq implements chat robot
 [chat robot] principle of seq2seq model
 Leetcode 91. Decoding method
 HCNA Routing＆Switching之GVRP
 GVRP of hcna Routing & Switching
 HDU7016 Random Walk 2
 [Code+＃1]Yazid 的新生舞会
 CF1548C The Three Little Pigs
 HDU7033 Typing Contest
 HDU7016 Random Walk 2
 [code + 1] Yazid's freshman ball
 CF1548C The Three Little Pigs
 HDU7033 Typing Contest
 Qt Creator 自动补齐变慢的解决
 HALCON 20.11：如何处理标定助手品质问题
 HALCON 20.11：标定助手使用注意事项
 Solution of QT creator's automatic replenishment slowing down
 Halcon 20.11: how to deal with the quality problem of calibration assistant
 Halcon 20.11: precautions for use of calibration assistant
 “十大科学技术问题”揭晓！青年科学家50²论坛
 "Top ten scientific and technological issues" announced Young scientists 50 ² forum
 求反转链表
 Reverse linked list
 js的数据类型
 JS data type
 记一次文件读写遇到的bug
 Remember the bug encountered in reading and writing a file
 单例模式
 Singleton mode
 在这个 N 多编程语言争霸的世界，C++ 究竟还有没有未来？
 In this world of N programming languages, is there a future for C + +?
 es6模板字符
 js Promise
 js 数组方法 回顾
 ES6 template characters
 js Promise
 JS array method review
 【Golang】️走进 Go 语言️ 第一课 Hello World
 [golang] go into go language lesson 1 Hello World