{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"兩富翁某地相遇,彼此看對方不順眼,想要把對方比下去。對於單調且枯燥的有錢人而言,最直接的方式就是比比誰更有錢,但是出於隱私,倆人都不想讓對方知道自己財富的具體數字,也不想像頭圖中石崇王愷比富那樣無聊燒錢。如何在不借助第三方的情況下,讓兩人知道他們之間究竟誰更有錢呢?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這就是1982年姚期智博士(計算機領域最高獎圖靈獎獲得者)提出的著名的“百萬富翁”問題,通過這個問題,他提出了多方計算((Multiparty Computation, MPC)的概念,併成爲了密碼學的重要分支。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"多方計算,聯同同態加密、零知識證明等技術一起,在個人隱私要求越來越高、信息泄漏事件越來越多的當今環境中,將作爲底層技術框架發揮巨大作用,最終推動信息安全保護措施的變革。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"此外,我們都知道區塊鏈的一個重要特徵就是它是一個公開的數據庫,所有鏈上的交易信息都公開可追溯,雖然這在一定程度上可以解決信息不對稱和欺詐的問題,但也對交易隱私造成了很大的危害;雖然錢包地址是隨機的,但本質上區塊鏈是一個半匿名性質的數據庫,通過閉包、關聯分析等技術可以對賬戶畫像,賬戶隱私、資產隱私也面臨重大威脅。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"基於此,本文將對上述技術的技術原理進行介紹,分析技術的應用場景,看看“富豪比富”的幾種姿勢,說不定,未來你我都用得上。"}]},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"1、技術簡介"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本質上,多方計算、同態加密、零知識證明都是一種間接、迂迴的方法,它們"},{"type":"text","marks":[{"type":"strong"}],"text":"不直接使用關鍵信息,而是通過比較、計算、處理與關鍵信息對應的衍生信息,得到與比較、計算、處理關鍵信息同樣的結果。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"1.1 多方計算原理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"下面將用兩個例子,來講一下多方計算不同實現方式的原理。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1.1.1 不經意傳輸"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"假設某旅行社擁有N個景點的旅遊資料,我想去其中的A景點遊玩,希望向旅行社購買相關資料做好出遊功課。但是我非常在意自己的隱私,不希望向旅行社泄露自己的目的地是哪裏。因此雙方希望這筆交易能夠滿足以下隱私條件:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我不希望向旅行社泄露“我準備去A地”這一信息;"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"旅行社只希望出售我出錢購買的那份資料,而不泄露我未購買的其他資料;"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"乍看之下這種隱私條件似乎是無法滿足的:旅行社只要把A地的資料給到我,就必然瞭解了“我正在關注A地”這一信息;除非旅行社把所有資料都給出,但是這又違背了旅行社的利益。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但是神奇的多方計算可以讓交易在這種“不可能的條件”下達成。在"},{"type":"text","marks":[{"type":"strong"}],"text":"多方計算協議中,旅行社把他擁有的N份資料使用某種雙方協商同意的加密算法和參數進行加密,然後發送給我;我可以從密文中解密出A的資料,之後就無法再解密其他N-1份資料。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"以下以N=2爲例,基於Diffie-Hellman密鑰交換協議,給出一種1 of 2 的多方計算實現方法的描述:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"其中S(Sender)=旅行社,R(Receiver)=我,S擁有兩份資料M0(假設是北京)、M1(假設是上海),我想去北京,所以想看資料M0:"}]}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/12/12a8e3bec56276e7dd3ca5e1d9f0149d.png","alt":null,"title":"","style":[{"key":"width","value":"100%"},{"key":"bordertype","value":"border"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這是多方計算的一種實現方式,不經意傳輸(Oblivious Transfer, OT),算法背後的原理是數學中的指數冪運算。實際操作時需要對我提供信息、旅行社提供資料的方式做設計,以避免追溯。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1.1.2 祕密共享"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"假設,"},{"type":"text","marks":[{"type":"strong"}],"text":"你、小王和小李想知道三人的平均薪資,但又不想透露自己的具體薪資"},{"type":"text","text":",那麼要用什麼方法達到這個目的呢?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果有可信第三方,問題很容易解決。你、小王和小李有一個共同信任的老大哥,你們可以各自把自己的工資告訴大哥,大哥保證不泄漏任何一位的薪資,並計算出三人的平均薪資。最後,將平均薪資告訴大家。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但是在區塊鏈這種不可信任網絡中呢?在這種情況下,就能使用安全多方計算來解決問題了。簡而言之,就是用算法代替可信第三方。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/d2/d296026e3dbae088bdf47394978906c6.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"border"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"numberedlist","attrs":{"start":null,"normalizeStart":1},"content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"你、小王和小李,各自選擇一條拋物線,拋物線和Y軸的交點是自己的工資數。比如你的工資是100,你選擇了一條拋物線y = 2x2+ x + 100。然後,在這條拋物線上取出3個點(1 , 103)、 (2, 110)、(3, 121), 自己保留一個點(1 , 103),將另外兩個點(2,110),(3, 121)信息分別加密傳給小王和小李。同樣的,小王將x=1的點加密傳給你,x=2的點保留,x=3的點給小李;小李則把x=1的點加密傳給你,x=2的點加密傳給小王,x=3的點保留;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"至此,每個人都擁有了三個密碼碎片(不同拋物線上的點), 以你爲例,你擁有(1,103),來自小王的(1, y2),小李的(1, y3),可以算出一個點(1, 103+y2+y3),小王可以算出一個點(2, ......),小李可以算出一個點(3, ......);"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"三人將各自算出的不同的三個點互通有無,這樣每個人都有3個點,在此基礎上,可以還原出一條拋物線(即一個二元二次方程),得到拋物線的截距,將截距除以3,得到的值就是三個人的薪資之和了。"}]}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/27/276eb4efac8df7957cdd6232b0dcf79c.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"border"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這種方案下,三個人的薪資是保密的,因爲,每個人只得到了對方拋物線的一個點,無法還原出對方的拋物線,因此無法算出截距,即使兩人合謀掌握了2個點,仍然無法還原出另一個人的拋物線。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這是多方計算的另一種實現方式,祕密共享,算法背後的原理是數學中的方程運算。祕密共享是以適當的方式拆分祕密,拆分後的每一個份額由不同的參與者管理,單個參與者無法恢復祕密信息,只有若干個參與者一同協作才能恢復祕密消息。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"1.2 同態加密原理"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1.2.1 原理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"同態加密(homomorphic encryption ,簡稱HE)是一種"},{"type":"text","marks":[{"type":"strong"}],"text":"無須對加密數據進行解密,直接對加密數據進行處理的方法,如果數據庫中的數據已經是加密存放的,則同態加密技術不會對加密後數據產生任何影響,"},{"type":"text","text":"存儲、傳輸的過程中,都不需要還原加密數據。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"同態加密的思想是在1978年提出來的,當時考慮的背景是,如果對加密數據(即密文)的操作是在不可信設備上進行的,我們希望這些設備並不知道數據的真實值(即明文),只發回給我們對密文操作後的結果,並且我們可以解密這些操作後的結果。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據同態加密算法的不同,可以分以下幾類:"}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果滿足 f(A)+f(B)=f(A+B), 我們將這種加密函數叫做加法同態"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果滿足 f(A)×f(B)=f(A×B), 我們將這種加密函數叫做乘法同態。"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果一個加密函數只滿足加法同態,就只能進行加減法運算;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果一個加密函數只滿足乘法同態,就只能進行乘除法運算;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果一個加密函數同時滿足加法同態和乘法同態,稱爲全同態加密,這也是最牛的。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"現有算法中,RSA 算法對於乘法操作是同態的,Paillier 算法則是對加法同態的,Gentry算法則是全同態的(目前也只是方案設計層面,不算落地可用)。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1.2.2 舉例"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"舉一個簡單的例子:"}]},{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"n個學生和1個老師通信,每個學生都有1個數據要發給老師,老師需要知道這n個數據之和,而學生們不想讓老師知道每個數據的真實值。"}]},{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"採用同態加密的話,每個學生可以用加法同態加密函數將各自數據加密,再將這密文發給老師;老師只需要把n個密文相加,再將相加後的結果(即密文之和)解密,即可得到n個數據之和(即明文之和)。這樣就保護了n個數據不被老師所知道,而且老師也得到了n個數據之和。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"此外,很多地方都喜歡用下面這個例子來解釋同態加密,雖然我覺得不太貼切,比如工人不應該能夠看到金子,但能在很大程度上說明問題,特別能體現同態加密對數據處理過程中保護隱私信息的能力:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"A買到了一大塊金子,她想讓工人把這塊金子打造成一個項鍊,但是工人在打造的過程中有可能會偷金子,畢竟就是一克金子也值很多錢的說,因此他想到給金子裝一個盒子的方法,讓工人可以對金塊進行加工,但是不能得到任何金子:"}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"A將金子鎖在一個密閉的盒子裏面,並且給這個盒子安裝了一個手套,這個時候“金子”就變成了加密後的“金子+盒子”;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"工人可以帶着這個手套,對盒子內部的金子進行處理。但是盒子是鎖着的,所以工人不僅拿不到金塊,連處理過程中掉下的任何金子都拿不到,這個時候對“金子”的處理,其實是對“金子+盒子”的處理;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"加工完成後,A拿回這個盒子,把鎖打開,得到了項鍊。這個時候其實是對“項鍊+盒子”進行解密,拿到了“項鍊”。"}]}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/c1/c1e3199c295ef0a28c442e85c3828510.png","alt":null,"title":"","style":[{"key":"width","value":"50%"},{"key":"bordertype","value":"border"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"1.3 零知識證明原理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"零知識證明(Zero Knowledge Proof,ZKP)概念最早出現在1985年,後來成爲密碼學的研究課題,在這一技術下,驗證者可以驗證證明者的某個觀點是真實的,且證明者無須提供、也不會泄露除了該觀點是正確的之外的任何信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"舉個例子,四十大盜抓住了阿里巴巴,想讓阿里巴巴帶路,但是他不想泄漏自己的密碼“芝麻開門”,於是他跟四十大盜商量:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我有一個辦法,你們不需要知道咒語就可以確定我是知道開門密碼的。這樣,你們離我一箭之地,用弓箭指着我,你們舉起右手我就念密碼打開石門,舉起左手我就念密碼關上石門,如果我做不到或逃跑,你們就用弓箭射死我。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"(待續)"}]}]}
除了直接看餘額,誰更有錢還能怎麼比(一)
{"type":"doc","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"兩富翁某地相遇,彼此看對方不順眼,想要把對方比下去。對於單調且枯燥的有錢人而言,最直接的方式就是比比誰更有錢,但是出於隱私,倆人都不想讓對方知道自己財富的具體數字,也不想像頭圖中石崇王愷比富那樣無聊燒錢。如何在不借助第三方的情況下,讓兩人知道他們之間究竟誰更有錢呢?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這就是1982年姚期智博士(計算機領域最高獎圖靈獎獲得者)提出的著名的“百萬富翁”問題,通過這個問題,他提出了多方計算((Multiparty Computation, MPC)的概念,併成爲了密碼學的重要分支。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"多方計算,聯同同態加密、零知識證明等技術一起,在個人隱私要求越來越高、信息泄漏事件越來越多的當今環境中,將作爲底層技術框架發揮巨大作用,最終推動信息安全保護措施的變革。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"此外,我們都知道區塊鏈的一個重要特徵就是它是一個公開的數據庫,所有鏈上的交易信息都公開可追溯,雖然這在一定程度上可以解決信息不對稱和欺詐的問題,但也對交易隱私造成了很大的危害;雖然錢包地址是隨機的,但本質上區塊鏈是一個半匿名性質的數據庫,通過閉包、關聯分析等技術可以對賬戶畫像,賬戶隱私、資產隱私也面臨重大威脅。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"基於此,本文將對上述技術的技術原理進行介紹,分析技術的應用場景,看看“富豪比富”的幾種姿勢,說不定,未來你我都用得上。"}]},{"type":"heading","attrs":{"align":null,"level":1},"content":[{"type":"text","text":"1、技術簡介"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"本質上,多方計算、同態加密、零知識證明都是一種間接、迂迴的方法,它們"},{"type":"text","marks":[{"type":"strong"}],"text":"不直接使用關鍵信息,而是通過比較、計算、處理與關鍵信息對應的衍生信息,得到與比較、計算、處理關鍵信息同樣的結果。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"1.1 多方計算原理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"下面將用兩個例子,來講一下多方計算不同實現方式的原理。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1.1.1 不經意傳輸"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"假設某旅行社擁有N個景點的旅遊資料,我想去其中的A景點遊玩,希望向旅行社購買相關資料做好出遊功課。但是我非常在意自己的隱私,不希望向旅行社泄露自己的目的地是哪裏。因此雙方希望這筆交易能夠滿足以下隱私條件:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我不希望向旅行社泄露“我準備去A地”這一信息;"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"旅行社只希望出售我出錢購買的那份資料,而不泄露我未購買的其他資料;"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"乍看之下這種隱私條件似乎是無法滿足的:旅行社只要把A地的資料給到我,就必然瞭解了“我正在關注A地”這一信息;除非旅行社把所有資料都給出,但是這又違背了旅行社的利益。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但是神奇的多方計算可以讓交易在這種“不可能的條件”下達成。在"},{"type":"text","marks":[{"type":"strong"}],"text":"多方計算協議中,旅行社把他擁有的N份資料使用某種雙方協商同意的加密算法和參數進行加密,然後發送給我;我可以從密文中解密出A的資料,之後就無法再解密其他N-1份資料。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"以下以N=2爲例,基於Diffie-Hellman密鑰交換協議,給出一種1 of 2 的多方計算實現方法的描述:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"其中S(Sender)=旅行社,R(Receiver)=我,S擁有兩份資料M0(假設是北京)、M1(假設是上海),我想去北京,所以想看資料M0:"}]}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/12/12a8e3bec56276e7dd3ca5e1d9f0149d.png","alt":null,"title":"","style":[{"key":"width","value":"100%"},{"key":"bordertype","value":"border"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這是多方計算的一種實現方式,不經意傳輸(Oblivious Transfer, OT),算法背後的原理是數學中的指數冪運算。實際操作時需要對我提供信息、旅行社提供資料的方式做設計,以避免追溯。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1.1.2 祕密共享"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"假設,"},{"type":"text","marks":[{"type":"strong"}],"text":"你、小王和小李想知道三人的平均薪資,但又不想透露自己的具體薪資"},{"type":"text","text":",那麼要用什麼方法達到這個目的呢?"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果有可信第三方,問題很容易解決。你、小王和小李有一個共同信任的老大哥,你們可以各自把自己的工資告訴大哥,大哥保證不泄漏任何一位的薪資,並計算出三人的平均薪資。最後,將平均薪資告訴大家。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"但是在區塊鏈這種不可信任網絡中呢?在這種情況下,就能使用安全多方計算來解決問題了。簡而言之,就是用算法代替可信第三方。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/d2/d296026e3dbae088bdf47394978906c6.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"border"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"numberedlist","attrs":{"start":null,"normalizeStart":1},"content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":1,"align":null,"origin":null},"content":[{"type":"text","text":"你、小王和小李,各自選擇一條拋物線,拋物線和Y軸的交點是自己的工資數。比如你的工資是100,你選擇了一條拋物線y = 2x2+ x + 100。然後,在這條拋物線上取出3個點(1 , 103)、 (2, 110)、(3, 121), 自己保留一個點(1 , 103),將另外兩個點(2,110),(3, 121)信息分別加密傳給小王和小李。同樣的,小王將x=1的點加密傳給你,x=2的點保留,x=3的點給小李;小李則把x=1的點加密傳給你,x=2的點加密傳給小王,x=3的點保留;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":2,"align":null,"origin":null},"content":[{"type":"text","text":"至此,每個人都擁有了三個密碼碎片(不同拋物線上的點), 以你爲例,你擁有(1,103),來自小王的(1, y2),小李的(1, y3),可以算出一個點(1, 103+y2+y3),小王可以算出一個點(2, ......),小李可以算出一個點(3, ......);"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":3,"align":null,"origin":null},"content":[{"type":"text","text":"三人將各自算出的不同的三個點互通有無,這樣每個人都有3個點,在此基礎上,可以還原出一條拋物線(即一個二元二次方程),得到拋物線的截距,將截距除以3,得到的值就是三個人的薪資之和了。"}]}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/27/276eb4efac8df7957cdd6232b0dcf79c.png","alt":null,"title":"","style":[{"key":"width","value":"75%"},{"key":"bordertype","value":"border"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這種方案下,三個人的薪資是保密的,因爲,每個人只得到了對方拋物線的一個點,無法還原出對方的拋物線,因此無法算出截距,即使兩人合謀掌握了2個點,仍然無法還原出另一個人的拋物線。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"這是多方計算的另一種實現方式,祕密共享,算法背後的原理是數學中的方程運算。祕密共享是以適當的方式拆分祕密,拆分後的每一個份額由不同的參與者管理,單個參與者無法恢復祕密信息,只有若干個參與者一同協作才能恢復祕密消息。"}]},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"1.2 同態加密原理"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1.2.1 原理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"同態加密(homomorphic encryption ,簡稱HE)是一種"},{"type":"text","marks":[{"type":"strong"}],"text":"無須對加密數據進行解密,直接對加密數據進行處理的方法,如果數據庫中的數據已經是加密存放的,則同態加密技術不會對加密後數據產生任何影響,"},{"type":"text","text":"存儲、傳輸的過程中,都不需要還原加密數據。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"同態加密的思想是在1978年提出來的,當時考慮的背景是,如果對加密數據(即密文)的操作是在不可信設備上進行的,我們希望這些設備並不知道數據的真實值(即明文),只發回給我們對密文操作後的結果,並且我們可以解密這些操作後的結果。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"根據同態加密算法的不同,可以分以下幾類:"}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果滿足 f(A)+f(B)=f(A+B), 我們將這種加密函數叫做加法同態"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果滿足 f(A)×f(B)=f(A×B), 我們將這種加密函數叫做乘法同態。"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果一個加密函數只滿足加法同態,就只能進行加減法運算;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果一個加密函數只滿足乘法同態,就只能進行乘除法運算;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"如果一個加密函數同時滿足加法同態和乘法同態,稱爲全同態加密,這也是最牛的。"}]}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"現有算法中,RSA 算法對於乘法操作是同態的,Paillier 算法則是對加法同態的,Gentry算法則是全同態的(目前也只是方案設計層面,不算落地可用)。"}]},{"type":"heading","attrs":{"align":null,"level":3},"content":[{"type":"text","text":"1.2.2 舉例"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"舉一個簡單的例子:"}]},{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"n個學生和1個老師通信,每個學生都有1個數據要發給老師,老師需要知道這n個數據之和,而學生們不想讓老師知道每個數據的真實值。"}]},{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"採用同態加密的話,每個學生可以用加法同態加密函數將各自數據加密,再將這密文發給老師;老師只需要把n個密文相加,再將相加後的結果(即密文之和)解密,即可得到n個數據之和(即明文之和)。這樣就保護了n個數據不被老師所知道,而且老師也得到了n個數據之和。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"此外,很多地方都喜歡用下面這個例子來解釋同態加密,雖然我覺得不太貼切,比如工人不應該能夠看到金子,但能在很大程度上說明問題,特別能體現同態加密對數據處理過程中保護隱私信息的能力:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"A買到了一大塊金子,她想讓工人把這塊金子打造成一個項鍊,但是工人在打造的過程中有可能會偷金子,畢竟就是一克金子也值很多錢的說,因此他想到給金子裝一個盒子的方法,讓工人可以對金塊進行加工,但是不能得到任何金子:"}]},{"type":"bulletedlist","content":[{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"A將金子鎖在一個密閉的盒子裏面,並且給這個盒子安裝了一個手套,這個時候“金子”就變成了加密後的“金子+盒子”;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"工人可以帶着這個手套,對盒子內部的金子進行處理。但是盒子是鎖着的,所以工人不僅拿不到金塊,連處理過程中掉下的任何金子都拿不到,這個時候對“金子”的處理,其實是對“金子+盒子”的處理;"}]}]},{"type":"listitem","content":[{"type":"paragraph","attrs":{"indent":1,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"加工完成後,A拿回這個盒子,把鎖打開,得到了項鍊。這個時候其實是對“項鍊+盒子”進行解密,拿到了“項鍊”。"}]}]}]},{"type":"image","attrs":{"src":"https://static001.geekbang.org/infoq/c1/c1e3199c295ef0a28c442e85c3828510.png","alt":null,"title":"","style":[{"key":"width","value":"50%"},{"key":"bordertype","value":"border"}],"href":"","fromPaste":false,"pastePass":false}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"heading","attrs":{"align":null,"level":2},"content":[{"type":"text","text":"1.3 零知識證明原理"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"零知識證明(Zero Knowledge Proof,ZKP)概念最早出現在1985年,後來成爲密碼學的研究課題,在這一技術下,驗證者可以驗證證明者的某個觀點是真實的,且證明者無須提供、也不會泄露除了該觀點是正確的之外的任何信息。"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"舉個例子,四十大盜抓住了阿里巴巴,想讓阿里巴巴帶路,但是他不想泄漏自己的密碼“芝麻開門”,於是他跟四十大盜商量:"}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"blockquote","content":[{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"我有一個辦法,你們不需要知道咒語就可以確定我是知道開門密碼的。這樣,你們離我一箭之地,用弓箭指着我,你們舉起右手我就念密碼打開石門,舉起左手我就念密碼關上石門,如果我做不到或逃跑,你們就用弓箭射死我。"}]}]},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null}},{"type":"paragraph","attrs":{"indent":0,"number":0,"align":null,"origin":null},"content":[{"type":"text","text":"(待續)"}]}]}
發表評論
所有評論
還沒有人評論,想成為第一個評論的人麼? 請在上方評論欄輸入並且點擊發布.
相關文章