Let $\mathcal{X}$ and $\mathcal{Y}$ be two sets and suppose that a set of participants $P=\{P_1,P_2,\dots,P_n\}$ would like to calculate the keyed hash value of some message $m\in\mathcal{X}$ known to a single participant in $P$ called the data owner. Also, suppose that each participant $P_i$ knows a secret value $x_i\in\mathcal{X}$. In this paper, we will propose a protocol that enables the participants in this setup to calculate the value $y=H(m,x_1,x_2,\dots ,x_n)$ of a hash function $H:\mathcal{X}^{n+1}\rightarrow\mathcal{Y}$ such that the function $H$ is a one-way function, participants in $P\backslash\{P_i\}$ cannot obtain $x_i$, participants other than the data owner cannot obtain $m$, and the hash value $y=H(m,x_1,x_2,\dots ,x_n)$ remains the same regardless the order of the secret $x_i$ values.

翻译：设 $\mathcal{X}$ 和 $\mathcal{Y}$ 为两个集合，并假设参与者集合 $P=\{P_1,P_2,\dots,P_n\}$ 希望计算某条消息 $m\in\mathcal{X}$ 的带密钥哈希值，该消息仅被 $P$ 中的单个参与者（称为数据所有者）所知。同时，假设每个参与者 $P_i$ 拥有一个秘密值 $x_i\in\mathcal{X}$。本文提出一种协议，使得该设置下的参与者能够计算哈希函数 $H:\mathcal{X}^{n+1}\rightarrow\mathcal{Y}$ 的输出值 $y=H(m,x_1,x_2,\dots ,x_n)$，满足以下性质：函数 $H$ 为单向函数；集合 $P\backslash\{P_i\}$ 中的参与者无法获取 $x_i$；除数据所有者外的参与者无法获取 $m$；且哈希值 $y=H(m,x_1,x_2,\dots ,x_n)$ 与秘密值 $x_i$ 的输入顺序无关。