Collaborative calculation and application of interreal and real interval relations to protect privacy

The determination of the relation between a number and a numerical interval is one of the core problems in the scientific calculation of privacy protection. The calculation of the relationship between two numbers and a numerical interval to protect privacy is also the basic problem of collaborative computing. It is widely used in data queries, location search and other fields. At present, most of the solutions are still fundamentally limited to the integer level, and there are few solutions at the real number level. To solve these problems, this paper first uses Bernoulli inequality generalization and a monotonic function property to extend the solution to the real number level and designs two new protocols based on the homomorphic encryption scheme, which can not only protect the data privacy of both parties involved in the calculation, but also extend the number domain to real numbers. In addition, this paper designs a solution to the confidential cooperative determination problem between real numbers by using the sign function and homomorphism multiplication. Theoretical analysis shows that the proposed solution is safe and efficient. Finally, some extension applications based on this protocol are given.


Introduction
With the rapid development of Internet technology, especially the rapid rise of big data computing, blockchains, artificial intelligence and other technologies, collaborative computing occupies an increasingly important position in humans' daily work and learning. However, while the users are assisting in completing some computations, the need for the privacy and security of the data information of each cooperative participant is particularly urgent. Secure Multiparty Computation (SMC) was first proposed by A.C. Yao in 1982 in [1]. In [2], the theory of SMC has been further developed and laid its theoretical foundation. Secure multiparty computation mainly solves the problem that in a multiuser network in which users do not trust each other, each user can cooperate to perform a reliable computing task without disclosing their own private input information [3]. Therefore, secure multiparty computation has become a research hotspot in the field of cryptography in recent years [4] and is a core technology that can solve the collaborative computing problem to protect data information privacy. In fact, it is impractical to use general protocols to solve some special instances in secure multiparty computation. In order to achieve high efficiency, some special methods are needed for some special problems [5]. In recent years, secure multiparty computation technology has been introduced by many scholars to the traditional fields of scientific computing, data mining, computational geometry, information retrieval and statistical analysis. Thus, new research directions, such as the correlation of protecting private information [6], privacy preserving cooperative scientific computations [7][8][9], Privacy Preserving Data Mining (PPDM) [10,11], Privacy Preserving Computation Geometry (PPCG for short) [12][13][14][15], Private Information Retrieval (PIR) [16], Privacy Preserving Statistical Analysis (PPSA) [17], and the question of preserving the data ranking of private information [18][19][20], and secure multiparty quantum computation [21,22] are generated, thus solving some important security application problems.
The relationship between and between numerical values is the core of the scientific computational problem of privacy protection. In reference [23], with the help of the theory of computational geometry, the input rational number or interval endpoint is taken as the straight line slope passing through the origin in the coordinate system, the problem of interval confidential calculation is transformed into the problem of a positional relation judgment between straight lines, and a solution providing a rational number and a rational interval confidential calculation is proposed. In reference [8], the positional relationship between rational numbers and rational intervals is transformed into other problems with the help of polynomials. It converts the problem into an integer vector to solve the issues of previous studies, which are confined to the rational number level and are still converted to an integer to solve. There are some limitations. The research purpose of this paper is to use the new technique to solve the decision problem of the relationship between the real and the real number interval and expand the real number level while improving the efficiency of the protocol. Furthermore, a new solution to the confidential cooperative determination problem between real numbers is designed by using the sign function and homomorphism multiplication.

Contributions of this paper
First, by combining Bernoulli inequality generalization with a monotonic function, the scope of the data size comparison with privacy protection is extended to real numbers. In addition, before collaborative comparison calculation, by means of the Bernoulli inequality extension technique, the numerical range of real numbers to be compared is reduced to the interval level, and the addition and decryption operations are reduced. Based on the ElGamal encryption system and Paillier encryption system, this paper constructs a real number size comparison protocol.
Second, using symbolic functions and homomorphic encryption systems, an efficient cooperative decision protocol for confidentiality between real numbers is designed with certain techniques. Finally, the protocol is designed and applied to solve the problem of confidential data queries and the problem of confidential cooperative relationships between real numbers.

Structure of this paper
Section 2 of this paper introduces the preparatory knowledge. In section 3, the designed protocol solves the problem of the collaborative calculation of the size comparison between real numbers to protect privacy. Section 4 designs a real number and the relationship between the real number confidentiality collaborative determination protocol. In section 5, the correctness and security of the protocol are analyzed, and simulation examples are used to prove that the protocol is secure. Section 6 analyzes the performance of the protocol, and Section 7 presents the specific extended applications of the three protocols. Section 8 summarizes this paper and forecasts future research directions.

Security definition
Semihonest participant [24]: In the secure multiparty computation protocol, participants are divided into three types according to their behaviors in the protocol: honest participants, semihonest participants and malicious participants. A semihonest participant in the implementation of the protocol will follow the protocol process in an honest way, but he may be corrupted by the attacker who discloses all his inputs, outputs and intermediate results to the attacker or deduces the information beyond the protocol or that of others based on the information he possesses.
Protocol security under the semihonesty model: According to Goldreich's study [24], since the secure multiparty protocol under the semihonesty model can be transformed into the new protocol under the malicious model in most cases, this paper only designs the protocol under the semihonesty model and gives the corresponding security simulation examples.
Assume that the two parties involved in the calculation are Alice and Bob. Alice owns x and Bob owns y. They need to cooperate in the calculation of function f(x,y) = (f 1 (x,y),f 2 (x,y)) on the premise of ensuring the privacy of x and y. The purpose of the collaborative computation is that Alice and Bob obtain the two components of f and of f 1 (x,y) and f 2 (x,y), respectively. Let π represent the calculated protocol of f, and the information sequences obtained by Alice and Bob during the implementation of the protocol are respectively recorded as: where r 1 and r 2 represent the independent random numbers of Alice and Bob, respectively; and m i 1 ði ¼ 1 � � � ; sÞ represents the ith message received by Alice. After the execution of protocol π, the output of Alice is denoted as f 1 (x,y). m j 2 ðj ¼ 1 � � � ; tÞ represents the jth message received by Bob. After the execution of protocol π, Bob obtains the output, which is denoted as f 2 (x,y).
Definition: For protocol π that computes function f, the probabilistic polynomial time algorithms S 1 and S 2 are as follows: Therefore, π computes the function f confidentially, where� c is computationally indistinguishable.
Therefore, in the calculation of the two sides in the process of those protocols, only information from their input and output calculations can be obtained and the participants are unable to obtain the other party's privacy information, thus proving that multiparty computation protocols are safe. You need to construct (3) and (4) set up the simulators of S 1 and S 2 , respectively; therefore, the security method is called simulation examples.

Paillier homomorphic encryption system
The Paillier encryption system is specifically described as follows [25].
Key generation: Select two large prime numbers p and q to calculate N = pq and λ = lcm(p −1,q−1). Define function LðxÞ ¼ xÀ 1 N and randomly select a generator g 2 Z � N 2 to make gcd(L (g λ mod N 2 ),N) = 1; then, the public key and private key of the encryption scheme are (g,N) and λ, respectively.
Encryption process: For plaintext m<N, random number r<N is selected to calculate ciphertext c = E(m).
Decryption process: For ciphertext c, calculate plaintext m = D(c).
Additive homomorphism: Because the following property is true, the Paillier encryption algorithm has additive homomorphism. Homomorphic multiplication: Because the following property is true, the Paillier encryption algorithm has homomorphism multiplication.

ElGamal homomorphic encryption system
The ElGamal encryption system is described as follows [26].
Key generation: Select parameter k, generate a large prime number p of k bits and a generator g 2 Z � p , and randomly select g 2 Z � p as the private key; then, the corresponding public key is h = g x mod p.
Encryption process: For plaintext m 2 Z � p , random number r is selected to calculate the ciphertext.
Decryption process: For ciphertext c, calculate the plaintext m = D(c).
Multiplicative homomorphism: Since the following property is true, the ElGamal encryption algorithm has multiplicative homomorphism.

Bernoulli inequality
The Bernoulli inequality is described as follows. For any integer n and for any real number h, the following inequality holds: If n is positive and even, the Bernoulli inequality can be extended to any real number h2R, that is: ð1 þ hÞ n � 1 þ nh; ðh 2 R; n is positive even numbersÞ ð13Þ Identification: When h>−1, the original inequality shows that for any integer n, (1+h) n �1 +nh is true.
According to the promotion, we can derive the following two properties: Property 1: For any real numbers x and y, n takes any even number. Then, if For any real numbers x and y, n takes any even number. Then, if

Monotonic function
In general, let the domain of the function f(x) be I. Regarding the values of x 1 and x 2 , for any two independent variables belonging to an interval of I, when , and then f(x) is an increasing function on this interval. When , and then f(x) is a negative function on this interval.

Symbolic function
Set the function sign(m,n) as any two real variables m and n following the following rules: The function is a symbol whose return value is the difference between the two real variables involved in the operation.

Problem description and calculation principle
Problem description: Alice has a real number x and Bob has a real number y (Fig 1). Through collaborative calculation, the two collaborative calculators can compare the size of the real number data they hold without revealing their own data information. Calculation principle: For any two real numbers x and y, according to the generalization of the Bernoulli inequality above, for any even number n, if y � t ¼ 1 þ xÀ 1 n À � n , then y�x; and if , then y�x. In order to protect the data privacy, any positive even n value passed by the protocol in each round later in this paper is randomly generated. For the residual case, this paper uses a homomorphic encryption system to construct a monotonic function containing the residual interval.

Specific protocol
Protocol 1. Collaborative calculation of the size between real numbers to protect privacy Input: Alice has a real number x, and Bob has a real number y. Output: The size comparison of x and y results in sign(x,y).
1. Alice sets a random positive even number n to construct t ¼ 1 þ xÀ 1 n À � n . Then, Alice sends it to Bob.
2. Bob calculates sign(t,y), that is, Bob compares the size of y and t and returns the result sign (t,y) = -1. Then, the process ends. Otherwise, go to step 3.
3. Alice sets a random positive even number n 0 to construct s ¼ 1 À n 0 þ n 0 x 1 n 0 � � and then sends it to Bob.

Bob calculates sign(s,y)
, that is, Bob compares the sizes of y and s and returns the result sign (s,y) = 1. Then, the process ends. Otherwise, go to step 5.
5. Bob selects Paillier, a homomorphic encryption mechanism, to obtain (g,N) and λ. Then, he encrypts his data value y to obtain ciphertext E(y), E(y 2 ) and sends it to Alice. Protocol analysis: In the first four steps in the protocol, Alice constructs x into new values t and s by selecting random positive even numbers, and then these are sent to Bob. On his side, Bob simultaneously calculates the rules of the calculation result according to the symbol function and returns the value. Therefore, those involved in the simultaneous calculations of the two sides are unable to get any information on the other side. In the second part of the protocol, Bob's master private key and his own y value encryption will be sent to Alice, so Bob's information is not leaked to Alice. In addition, the monotonic function is constructed and mastered by Alice, and Bob cannot solve the monotonic function according to f(s) and f(x).
Next, we use the multiplicative homomorphism of the ElGamal encryption system to construct a similar protocol to solve the problem of the collaborative calculation of the size comparison between real numbers that protect privacy. Protocol 2. Collaborative calculation of the sizes of real numbers to protect privacy Input: Alice has a real x, and Bob has a real y. Output: Size comparison of x and y results in sign(x,y).
1. Alice sets a random positive even number n to construct t ¼ 1 þ xÀ 1 n À � n . Then, she sends it to Bob.
2. Bob calculates sign(t,y), that is, Bob compares the sizes of y and t and returns the result sign (t,y) = -1. Then, the process ends. Otherwise, go to step 3.
3. Alice sets a random positive even number n 0 to construct s ¼ 1 À n 0 þ n 0 x 1 n 0 � � and then sends it to Bob. sign(s,y), that is, Bob compares the sizes of y and s and returns the result sign (s,y) = 1. Then, the process ends. Otherwise, go to step 5.

Bob calculates
5. Bob selects ElGamal a homomorphic encryption mechanism, to obtain (g,N) and λ. Then, he encrypts his data value y to obtain ciphertext E(y), E(y 2 ) and sends it to Alice.

Problem description and calculation principle
The problem description assumes that one of the two parties involved in the collaborative calculation has a real number and the other has an interval of real numbers. The two parties should work together to calculate the relationship between the real number and the interval of real numbers without revealing their respective data information. For example, Alice has a real number [s,x] and Bob has a real number interval y, and the two should secretly work together to determine the relationship between the real number and the interval of real numbers. In order to determine whether a real number is in an interval, the calculation principle can determine whether a real number is in an interval by calculating the sign of the difference between the real number and the value at both ends of the interval, that is, it can determine whether a real number is in an interval of real numbers by using a sign function. For example, for a real number point y, to determine whether y is in an interval of [s,x], then the sign of sign (y,[s,x]) = sign((x−y)(y−s)) can be determined. signðy; ½s; x�Þ From the above expansion, we can find the result value of sign(y(x+s)−xs−y 2 ).

Protocol 3. Confidential collaborative determination of the interval relationship between real numbers Input: Alice inputs real number [s,x], and Bob inputs real number interval y. Output: Bob outputs sign(y,[s,x]).
The protocol constructed in this paper is as follows: 1. Alice selects Paillier, a homomorphic encryption mechanism, and obtains (g,N) for the public key and λ for the private key. Alice calculates c 1 = −xs and c 2 = x+s based on her data values s and x, encrypts c 1 and c 2 , and obtains ciphertext E(c 1 ) and E(c 2 ). Then, she sends them to Bob.
2. Bob generates a random number v, encrypts the random number E(v). Then, Bob calculates E(v), y together with the received E(c 1 ) and E(c 2 ) as follows: 3. Bob sends � c to Alice.
4. Alice decrypts � c to obtain c _ ¼ yðx þ sÞ À xs þ n and sends c _ to Bob. ] or y is at the end point of the interval [s,x]; andĉ ¼ À 1 means that y is outside the interval [s,x]. Then, Bob sends the result to Alice.

Bob calculates:ĉ
Protocol analysis: In Protocol 3, Alice's data value s and x was mixed and encrypted before being sent to Bob who could not decrypt it. Bob added a random number v during the encryption operation, so although Alice decrypted � c, Alice could not obtain the specific information of y due to the existence of v.

Correctness analysis
Protocol 1, in steps 1 to 4, according to the generalized properties 1 and 2 of Bernoulli inequality, the protocol can correctly calculate the size of the variables x and y and reduce the range of sizes to (s,t). In step 6, Alice chooses random numbers α, β and γ, the tectonic domain range contains the monotonic function of (s,x), and Alice calculates Similarly, the correctness analysis of Protocol 2 is similarly verifiable. In Protocol 3, Bob calculates: Alice decrypts to get � c 0 ¼ yðx þ sÞ À xs þ n. In step 4, Bob replaces v with −y 2 to obtain y(x +s)−xs−y 2 = (x−y)(y−s). Then, the specific sign value can be calculated according to the sign function. Therefore, protocol 3 is correct.

Security analysis
Theorem 1. Protocol 1 can determine the size relationship between real numbers in a cooperative and confidential manner.
Proof: For the convenience of the description, this paper divides protocol 1 into two parts: part 1 is the first 4 steps, and part 2 is steps 5~7.
First, we will prove that the data are safe during the first 4 steps of the protocol's execution.
In the first and third steps of the protocol, there are positive even numbers n and n 0 randomly selected by Alice, and t and s are constructed. Because Bob does not obtain the values of n and n 0 , he cannot obtain the specific information for Alice.
In steps 2 and 4 of the protocol, Bob calculates according to information t and s his receives and his own data, and he only sends the symbol of the calculated result back to Alice, so Alice cannot obtain Bob's specific information. Therefore, the first 4 steps of the protocol are safe.
The following simulation example is used to strictly prove the security of steps 5~7 of the protocol, that is, the simulators are constructed to make formulas (1) and (2) hold in the security definition.
In this protocol, let f 1 (x,y) = f 2 (x,y) = sign(x,y), and construct simulator S 1 . S 1 accepts (x,f 1 (x, y)) as its input and proceeds as follows: Step 5: Accept input (x,f 1 (x,y)) = (x,sign(x,y)) Since S 1 has sign(x,y), it can pick any y 0 that satisfies sign(x,y) = sign(x,y 0 ). y 0 is encrypted according to protocol S 1 to obtain ciphertext E(y 0 ).
In this protocol, Therefore, protocol 1 can confidentially calculate the size relationship between real numbers. Theorem 2. Protocol 2 can determine the size relationship between real numbers in a cooperative and confidential manner.
The proof of theorem 2 is similar to that of theorem 1 and will not be detailed in this article. Theorem 3. Protocol 3 can determine the relationship between real points and intervals in a cooperative and confidential manner.
Identification: The security of the protocol is strictly proven by the simulation example below, that is, the emulators are constructed to make formula (1) and formula (2) hold in the security definition.
Step 2: S 1 generates a random number v 0 , encrypts the random number E(v 0 ), and computes: Step 4: Calculateĉ In this protocol,

Efficiency analysis
This section analyzes the efficiency of Protocols 1, 2 and 3 and comparatively analyzes protocol 3 and protocol 1 in references [23] and [8] and protocol 3 in this paper. Because the protocol uses a homomorphic encryption mechanism, the number of costly modular exponentiation operations is taken as an indicator to measure the computing costs while the other operations are ignored. In the Paillier encryption scheme, one encryption or decryption requires two modular exponentiation operations. In the ElGamal encryption scheme, one encryption requires two modular exponentiation operations, and one decryption requires one modular exponentiation operation.
Computational complexity analysis and communication complexity analysis: Protocol 1 and Protocol 2 have negligible computational overheads in the first four steps. In the fifth to seventh steps of Protocols 1 and 2, both Alice operations need two modular exponentiation operations, and Bob performs encryption and decryption once each. Therefore, no more than six modular exponentiation operations are required in Protocol 1, and no more than five modular exponentiation operations are required in Protocol 2. Although protocol 1 and Protocol 2 need to perform 6 (or 5) modular exponentiation operations in the worst case, the protocol in this paper can complete the computations without requiring modular exponentiation operations in the best case. Protocol 3 in reference [23] requires 13 modular exponentiation operations and 2 rounds of communication. Protocol 1 in reference [8] requires 12 modular exponentiation operations and 2 rounds of communication. In protocol 3 in this paper, Alice encrypts twice and decrypts once, which requires 6 modular exponentiation operations, Bob encrypts once and conducts ciphertext modular exponentiation operations once, which requires 3 modular exponentiation operations, a total of 9 modular exponentiation operations, and 2 rounds of communication.
In order to verify the efficiency of the protocol, we used the Java programming language to implement protocol 3 and the comparison protocol.
The experimental test environment is as follows: the operating system is the 64-bit Win-dows7 flagship version operating system, the processor is an Intel(R) Core(TM) i5-3470 3.20 GHz, and the amount of memory is 8.00 GB. The set value of each group was averaged after 1000 experiments. In the experiment, the large prime p and q bits used in the Paillier encryption algorithm are the same, both of which are 256 bits.
As seen in Tables 1 and 2, protocol 3 in this paper has fewer scheme modular exponentiation operations and has higher efficiency. Both the theoretical analysis and experimental results show that the protocol in this paper is efficient.

Confidential data query
The problem can be described as follows: one party participating in collaborative computing has an ordered data set, and the other party has a value to be searched. The two parties should cooperate to determine the specific location of the value in the data set without revealing their respective data information. For example, Alice has ordered data set {c 1 ,c 2 ,� � �c n }, Bob has data set s, and the two should work together confidentially to determine the specific location of numerical value s in data set {c 1 ,c 2 ,� � �c n }. Therefore, using binary search, protocol 1 or 2 can be used to compare the median of the data to be checked and the narrowing range of the data set for multiple times to achieve the required results.

Cooperative determination of the relationship between real number intervals to protect privacy
The problem can be described as follows: the two parties involved in the collaborative calculation have a real interval, and they should work together to calculate the relationship between In conclusion, the above scheme can be implemented by means of protocol 1 or 2 and Protocol 3 in this paper.

Conclusion and discussion
The determination of the relation between a number and a numerical interval is one of the core problems of scientific calculation to protect privacy, and the calculation of the relation between two numbers and numerical intervals on the premise of protecting privacy is also the basic problem of collaborative calculation. At present, most of the solutions reach the integer level while few reach the real number level. This article uses the Bernoulli inequality extension type and combines it with the monotonic function technique to extend the numerical interval to determine the relationship between the real number level, mainly the homomorphic encryption scheme based on two different design size comparisons between the two new real numbers. The Bernoulli inequality extension type reduces the scope of use of the homomorphic encryption system comparison to the range, reduces the encryption algorithm, and improves the efficiency. In addition, a protocol is designed to solve the confidential cooperative determination problem between real numbers by using symbolic functions and other techniques. The protocols in this paper are based on the fact that all parties involved in collaborative computing are semihonest, and the constructed protocols are secure under the semihonest model. The relationship between the number of privacy protections and the numerical interval under the malicious model will be the direction of our future work.