安全多方计算应用的隐私度量方法

信息安全研究 ›› 2024, Vol. 10 ›› Issue (1): 6-.

安全多方计算应用的隐私度量方法

熊维1王海洋2唐祎飞3刘伟1

1(神州融安数字科技(北京)有限公司北京100086)
2(北京国际大数据交易有限公司北京100020)
3(大数据协同安全技术国家工程研究中心北京100071)

出版日期:2024-01-10 发布日期:2024-01-21
通讯作者: 熊维硕士.主要研究方向为信息安全和密码学. wei.xiong@ronganchina.com
作者简介:熊维硕士.主要研究方向为信息安全和密码学. wei.xiong@ronganchina.com 王海洋博士.主要研究方向为数据流通和数据交易平台. wanghaiyang@bfhg.com 唐祎飞高级工程师.主要研究方向为数据安全和数据流通. tangyifei@360.cn 刘伟博士.主要研究方向为信息安全和隐私保护. wei.liu@ronganchina.com

Privacy Measures for Secure Multiparty Computing Applications

Xiong Wei1, Wang Haiyang2, Tang Yifei3, and Liu Wei1#br#

#br#

1(Rongan China Digital Technology(Beijing) Co., Ltd., Beijing 100086)
2(Beijing International Data Exchange Co., Ltd., Beijing 100020)
3(National Engineering Research Center for Big Data Collaborative Security Technology, Beijing 100071)

Online:2024-01-10 Published:2024-01-21

摘要/Abstract

摘要： 安全多方计算应用对输入信息的隐私保护能力，一方面依靠底层的安全机制，另一方面依靠具体的目标函数.目前对安全多方计算的研究主要集中于防止计算过程泄露信息的安全机制；而对部署安全多方计算的目标函数对参与者的输入信息的隐私保护能力的度量或评估方法研究较少.目标函数的各参与者通过合法的输入和输出推导其他参与者的输入信息的问题不能由安全多方计算的安全机制阻止，因此对目标函数的隐私保护强度的度量关乎安全多方计算方案的具体实施应用.根据信息熵模型，从攻击者的角度定义平均熵和特定熵的概念，提出计算信息收益的方法.进而，通过计算目标函数的理想隐私损耗和实际安全多方计算应用中的实际隐私损耗，衡量安全多方计算具体应用方案的隐私保护强度.

关键词: 安全多方计算, 隐私度量, 信息熵, 计算信息收益, 隐私损耗

Abstract: The privacy protection ability of secure multiparty computing application to input information depends on the underlying security mechanism on the one hand, and on the other hand depends on the task functions. At present, the research on secure multiparty computing mainly focuses on the security mechanism to prevent information leakage in the process of computing. However, there are few studies on the measure of task functions’ ability to protect the input information of the participants. The problem that each participant of the task function deduces the input information of other participants through the legitimate input and output cannot be prevented by the security mechanism of secure multiparty computing, so the measurements of the privacy protection power of the task function are related to the concrete implementation and application of secure multiparty computing schemes. In this paper, according to the information entropy model, the concepts of average entropy and specific entropy are defined from the point of view of the attacker, and a method to calculate information benefits is proposed. Then, the privacy protection strength of the specific application scheme of secure multiparty computing schemes is measured by calculating the ideal privacy loss of the objective function and the actual privacy loss of the actual secure multiparty computing application.

Key words: secure multiparty computing, privacy metric, information entropy, computing information benefits, privacy loss

中图分类号:

TP309.2

熊维, 王海洋, 唐祎飞, 刘伟, . 安全多方计算应用的隐私度量方法[J]. 信息安全研究, 2024, 10(1): 6-.

参考文献

［1］Yao A C. Protocols for secure computations［C］ Proc of the 23rd Annual IEEE Symp on Foundations of Computer Science. Piscataway, NJ: IEEE, 1982: 160164［2］Shannon C E. A mathematical theory of communication［J］. Bell System Technical Journal, 1948, 27(3): 379423［3］王彩梅, 郭亚军, 郭艳华. 位置服务中用户轨迹的隐私度量［J］. 软件学报, 2012, 23(2): 352360［4］Reiter M K, Rubin A D. Crowds: Anonymity for Web transactions［J］. ACM Trans on Information and System Security, 1998, 1(1): 6692［5］Wright M, Adler M, Levine B, et al. An analysis of the degradation of anonymous protocols［C］ Proc of the Network and Distributed System Security Symp. San Diego: The Internet Society, 2002: 112［6］Shmatikov V. Probabilistic analysis of anonymity［C］ Proc of the IEEE Computer Security Foundations Workshop. Piscataway, NJ: IEEE, 2002: 119128［7］Schneider S, Sidiropoulos A. CSP and anonymity［C］ Proc of European Symp on Research in Computer Security. Berlin: Springer, 1996: 198218［8］Shmatikov V. Probabilistic analysis of an anonymity system［J］. Journal of Computer Security, 2004, 12(34): 355377［9］Syverson P F, Gray J W. The epistemic representation of information flow security inprobabilistic systems［C］ Proc of the 8th Computer Security Foundations Workshop. Piscataway, NJ: IEEE, 1995: 152166［10］彭长根, 丁红发, 朱义杰, 等. 隐私保护的信息熵模型及其度量方法［J］. 软件学报, 2016, 27(8): 18911903［11］中国信息通信研究院安全研究所. 隐私保护计算技术研究报告(2020)［EBOL］. 北京: 中国信息通信研究院, 2020 ［20230511］. http:www.caict.ac.cnkxyjqwfbztbg202011t20201110_361696.htm［12］马英. 一种基于隐私计算的数据共享模型研究［J］. 信息安全研究, 2022, 8(2): 122128［13］Shamir A. How to share a secret［J］. Communications of the ACM, 1979, 22(11): 612613［14］Gentry C. Fully homomorphic encryption using ideal lattices［C］ Proc of Annual ACM Symp on Theory of Computing. New York: ACM, 2009: 169178［15］Lindell Y. Secure multiparty computation (MPC)［EBOL］. 2020 ［20230511］. https:eprint.iacr.org2020300

[1]	沈传年, 徐彦婷, 陈滢霞. 隐私计算关键技术及研究展望[J]. 信息安全研究, 2023, 9(8): 714-.
[2]	马龙, 张乐, 寇猛, 董睿. 基于多方安全攻防博弈的民航旅客隐私数据保护模型[J]. 信息安全研究, 2023, 9(8): 799-.
[3]	高大伟, 申杰, 沈学利, 王兆福, . 基于生物免疫原理的DDoS攻击检测方法研究[J]. 信息安全研究, 2022, 8(11): 1129-.
[4]	祖婷方群何昕. 基于服务感知的可信QoS评价模型[J]. 信息安全研究, 2018, 4(4): 307-314.