US 12,135,827 B2
Anti-malicious method, device and medium for secure three-party computation
Haogang Zhu, Beijing (CN); Shizhao Peng, Beijing (CN); and Jiarui Tu, Beijing (CN)
Assigned to BEIHANG UNIVERSITY, (CN)
Filed by BEIHANG UNIVERSITY, Beijing (CN)
Filed on Oct. 4, 2023, as Appl. No. 18/376,722.
Claims priority of application No. 202310354833.7 (CN), filed on Apr. 4, 2023.
Prior Publication US 2024/0338489 A1, Oct. 10, 2024
Int. Cl. G06F 21/64 (2013.01); H04L 9/08 (2006.01); G06F 21/60 (2013.01); G06F 21/62 (2013.01)
CPC G06F 21/64 (2013.01) [H04L 9/0861 (2013.01); G06F 21/602 (2013.01); G06F 21/6245 (2013.01); H04L 9/0869 (2013.01); H04L 2209/46 (2013.01)] 12 Claims
OG exemplary drawing
 
1. An anti-malicious computer implemented method for secure three-party computation, wherein the method is being implemented by a computer processor to perform steps comprising:
determining a first private data matrix, a second private data matrix, and a third private data matrix, wherein the first private data matrix is in n×s dimensions, held by a first participant, and stored in a first compute node associated with the first participant, the second private data matrix is in s×t dimensions, held by a second participant, and stored in a second compute node associated with the second participant, and the third private data matrix is in t×m dimensions, held by a third participant, and stored in a third compute node associated with the third participant;
receiving, by the first participant, a first random matrix pair generated by a commodity server node, wherein the first random matrix pair comprises a first random matrix in the n×s dimensions and a second random matrix in n×m dimensions;
receiving, by the second participant, a second random matrix pair generated by the commodity server node, wherein the second random matrix pair comprises a third random matrix in the s×t dimensions and a fourth random matrix in the n×m dimensions;
receiving, by the third participant, a third random matrix pair generated by the commodity server node, wherein the third random matrix pair comprises a fifth random matrix in the t×m dimensions and a sixth random matrix in the n×m dimensions;
determining whether a collusion behavior exists when the first participant, the second participant, and the third participant perform a secure computation process;
if no collusion behavior exists, performing a first computational process that meets a first security constraint, a second computational process without a security constraint, or a third computational process that meets a second security constraint, to obtain a first output matrix output by the first participant, a second output matrix output by the second participant, and a third output matrix output by the third participant;
if the collusion behavior exists, performing a first computational process that meets a third security constraint, a second computational process that meets a fourth security constraint, or a third computational process that meets a fifth security constraint, to obtain a first output matrix output by the first participant, a second output matrix output by the second participant, and a third output matrix output by the third participant;
obtaining, by a computation requestor, the first output matrix, the second output matrix, and the third output matrix, and performing an operation on the first output matrix, the second output matrix, and the third output matrix according to a target requirement;
the first computational process comprising:
computing, by the first participant, a first internal matrix according to a formula Â=A+Ra, and sending the first internal matrix to the second participant, wherein  represents the first internal matrix, A represents the first private data matrix, and Ra represents the first random matrix;
computing, by the third participant, a third internal matrix according to a formula Ĉ=C+Rc, and sending the third internal matrix to the second participant, wherein Ĉ represents the third internal matrix, C represents the third private data matrix, and Rc, represents the fifth random matrix;
computing, by the second participant, a second internal matrix, a second M matrix, a first intermediate term matrix, a second intermediate term matrix, a third intermediate term matrix, and a fourth intermediate term matrix according to formulas B=B+Bb, Mb=·Rb·Ĉ, φ1=·B, γ1=·Rb, φ2=B·Ĉ and γ2=Rb·Ĉ, sending the third intermediate term matrix and the fourth intermediate term matrix to the first participant, and sending the first intermediate term matrix and the second intermediate term matrix to the third participant, wherein B represents the second internal matrix, Mb represents the second M matrix, φ1 represents the first intermediate term matrix, γ1 represents the second intermediate term matrix, φ2 represents the third intermediate term matrix, γ2 represents the fourth intermediate term matrix, B represents the second private data matrix, and Rb represents the third random matrix;
computing, by the first participant, a first S matrix and a first M matrix according to formulas Sa=Ra·γ2=Ra·RbĈ and Ma2=A·B·Ĉ, wherein Sa represents the first S matrix, and Ma represents the first M matrix;
computing, by the third participant, a third S matrix and a third M matrix according to formulas Sc1·Rc=ÂRb·Rc and Mc1·Rc=·B·Rc, wherein Sc represents the third S matrix, and Mc represents the third M matrix;
splitting, by the second participant, the second internal matrix into a column full rank matrix and a row full rank matrix by means of full rank decomposition, sending the column full rank matrix to the first participant, and sending the row full rank matrix to the third participant;
generating, by the first participant, a first output matrix based on the column full rank matrix, computing a first T matrix and a first t matrix according to formulas Ta=Ma+Sa−Va−ra and t1=RaB1, and sending the first T matrix and the first t matrix to the second participant, wherein Ta represents the first T matrix, t1 represents the first t matrix, Va represents the first output matrix, ra represents the second random matrix, B1 represents the column full rank matrix, and a space in which B1 belongs to is in s×r dimensions;
computing, by the third participant, a second t matrix according to a formula t2=B2Rc, and sending the second t matrix to the second participant, wherein t2 represents the second t matrix, B2 represents the row full rank matrix, and a space in which B2 belongs to is in r×t dimensions;
generating, by the second participant, a second output matrix based on the first T matrix, the first t matrix, and the second t matrix, computing a second S matrix according to a formula Sb=t1·t2=RaB1·B2Rc=RaBRc, computing a second T matrix through a formula Tb=Ta−Mb+Sb−Vb−rb according to the second S matrix, and sending the second T matrix to the third participant, wherein Sb represents the second S matrix, Tb represents the second T matrix, Vb represents the second output matrix, and Rb represents the fourth random matrix; and
computing, by the third participant, a third output matrix according to a formula Vc=Tb−Mc+Sc−rc, wherein Vc represents the third output matrix, and rc represents the sixth random matrix;
the second computational process comprising:
computing, by the first participant, a first internal matrix according to a formula Â=A+Ra, and sending the first internal matrix to the second participant;
computing, by the third participant, a third internal matrix according to a formula Ĉ=C+Rc, and sending the third internal matrix to the second participant;
computing, by the second participant, a second internal matrix, a second M matrix, a first intermediate term matrix, a second intermediate term matrix, a third intermediate term matrix, and a fourth intermediate term matrix according to formulas B=B+Bb, Mb=·Rb·Ĉ, φ1=·B, γ1=·Rb, φ2=B·Ĉ and γ2=Rb·Ĉ, sending the third intermediate term matrix and the fourth intermediate term matrix to the first participant, and sending the first intermediate term matrix and the second intermediate term matrix to the third participant;
computing, by the first participant, a first S matrix and a first M matrix according to formulas Sa=Ra·γ2=Ra·RbĈ and Ma=A·φ2=A·B·Ĉ;
computing, by the third participant, a third S matrix and a third M matrix according to formulas Sc1·Rc=ÂRb·Rc and Mc1·Rc=·B·Rc;
splitting, by the second participant, the second internal matrix into a column full rank matrix and a row full rank matrix by means of full rank decomposition, sending the column full rank matrix to the first participant, and sending the row full rank matrix to the third participant;
generating, by the first participant, a first output matrix based on the column full rank matrix, computing a first T matrix and a first t matrix according to formulas Ta=Ma+Sa−Va−Ta and t1=RaB1, sending the first T matrix to the second participant, and sending the first t matrix to the third participant;
computing, by the third participant, a second t matrix according to a formula t2=B2Rc;
generating, by the second participant, a second output matrix based on the first T matrix, computing a second T matrix according to a formula Tb=Ta−Mb−Vb−rb, and sending the second T matrix to the third participant;
computing, by the third participant, a second S matrix according to the formula Sb=t1·t2=RaB1·B2Rc=RaBRc, and computing a third output matrix through a formula Vc=Tb+Sb−Mc+Sc−rc, according to the second S matrix and the second T matrix;
the third computational process comprising:
computing, by the first participant, a first internal matrix according to a formula Â=A+Ra, and sending the first internal matrix to the second participant;
computing, by the third participant, a third internal matrix according to a formula Ĉ=C+Rc, and sending the third internal matrix to the second participant;
computing, by the second participant, a second internal matrix, a second M matrix, a first intermediate term matrix, a second intermediate term matrix, a third intermediate term matrix, and a fourth intermediate term matrix according to formulas B=B+Bb, Mb=·Rb·Ĉ, φ1=·B, γ1=·Rb, φ2=B·Ĉ and γ2=Rb·Ĉ, sending the third intermediate term matrix and the fourth intermediate term matrix to the first participant, and sending the first intermediate term matrix and the second intermediate term matrix to the third participant;
computing, by the first participant, a first S matrix and a first M matrix according to formulas Sa=Ra·γ2=Ra·RbĈ and Ma=A·φ2=A·B·Ĉ;
computing, by the third participant, a third S matrix and a third M matrix according to formulas Sc1·Rc=ÂRb·Rc and Mc1·Rc=·B·Rc;
sending, by the second participant, the second internal matrix to the first participant;
generating, by the first participant, a first output matrix based on the second internal matrix, computing a first T matrix and a first t matrix according to formulas Ta=Ma+Sa−Va−ra and t1=RaB, sending the first T matrix to the second participant, and sending the first t matrix to the third participant;
computing, by the third participant, a second S matrix according to a formula Sb=t·Rc=RaBRc;
generating, by the second participant, a second output matrix based on the first T matrix, computing a second T matrix according to a formula Tb=Ta−Mb−Vb−rb, and sending the second T matrix to the third participant; and
computing, by the third participant, a third output matrix according to a formula Vc=Tb+Sb−Mc+Sc−rc, wherein
the first security constraint is r(B)<min{s,t}, the second security constraint is r(B)<s, the third security constraint is r(Â)<s, r(B)<min{s,t} and r(Ĉ)<t, the fourth security constraint is r(Â)<s, r(Ĉ)<t and r(B1)<s, the fifth security constraint is r(Â)<s, r(B)<s and r(Ĉ)<t, and r( ) represents a rank of a matrix.