CN113672980B - Inter-institution real-time privacy data query method, device and storage medium - Google Patents
Inter-institution real-time privacy data query method, device and storage medium Download PDFInfo
- Publication number
- CN113672980B CN113672980B CN202110967367.0A CN202110967367A CN113672980B CN 113672980 B CN113672980 B CN 113672980B CN 202110967367 A CN202110967367 A CN 202110967367A CN 113672980 B CN113672980 B CN 113672980B
- Authority
- CN
- China
- Prior art keywords
- data
- real
- matrix
- server
- time
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 75
- 238000003860 storage Methods 0.000 title claims abstract description 15
- 239000011159 matrix material Substances 0.000 claims abstract description 61
- 230000005540 biological transmission Effects 0.000 claims abstract description 28
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 16
- 230000006870 function Effects 0.000 claims description 62
- 230000008569 process Effects 0.000 claims description 19
- 238000004590 computer program Methods 0.000 claims description 18
- 238000012546 transfer Methods 0.000 claims description 8
- 238000012217 deletion Methods 0.000 claims description 7
- 230000037430 deletion Effects 0.000 claims description 7
- 230000004048 modification Effects 0.000 claims description 7
- 238000012986 modification Methods 0.000 claims description 7
- 230000008859 change Effects 0.000 claims description 4
- 238000010276 construction Methods 0.000 claims description 4
- 238000007792 addition Methods 0.000 claims description 3
- 238000004364 calculation method Methods 0.000 description 10
- 238000012545 processing Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 230000003993 interaction Effects 0.000 description 6
- 230000003068 static effect Effects 0.000 description 6
- 230000004044 response Effects 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 230000000977 initiatory effect Effects 0.000 description 3
- 230000008520 organization Effects 0.000 description 3
- 230000007246 mechanism Effects 0.000 description 2
- 238000012360 testing method Methods 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000005336 cracking Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000001172 regenerating effect Effects 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/23—Updating
- G06F16/2379—Updates performed during online database operations; commit processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Bioethics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Physics & Mathematics (AREA)
- General Health & Medical Sciences (AREA)
- Databases & Information Systems (AREA)
- Software Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Medical Informatics (AREA)
- Computing Systems (AREA)
- Data Mining & Analysis (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method, equipment and a storage medium for inquiring real-time privacy data among institutions, which comprise the steps of initializing the total quantity of data, refreshing stock data, inquiring the real-time privacy data and updating the real-time privacy data; initializing the total data: the requester and the server negotiate to obtain each initialization parameter through DH algorithm; the request party generates a random number, and the service party generates a beta group of random key pairs; the request initiates the execution of the unintentional transmission to the service side, and the request side obtains the selected secret key; the server generates a matrix T, U and V, and sends the V to the requester; creating an index M; the requesting party generates a matrix Q; real-time privacy data query: the requester calculates y 'according to the label y to be queried and sends y' to the server; the server inquires y 'in M, if hit, AES encrypts data x to return result data'; the requestor decrypts data' to data [ x ]. The invention realizes real-time dynamic privacy inquiry among institutions.
Description
Technical Field
The invention relates to the technical field of data query, in particular to a method, equipment and storage medium for querying real-time privacy data among institutions.
Background
There are three common data alignment schemes between institutions:
the first scheme is that the first institution copies out own data directly to the safe movable storage, and the data is carried to the second institution for alignment on site. The scheme is suitable for one-time alignment of fixed data and cannot timely cope with data update because the two operators are required to go to the site for operation.
The second scheme is that the first organization and the second organization perform data interaction transmission on the Internet through https protocols by using a traditional summary algorithm, such as SHA, SM3 and the like, and perform data matching. The scheme only uses a summary algorithm and https protocol for the privacy data, and related tools are rich, full in verification and optimized in place, so that the scheme is a main mode of real-time privacy data interaction between existing institutions. However, the scheme can exchange all abstracts, and for a semi-honest organization, the abstracts can be subjected to violent cracking in a library collision mode. For a malicious attack party, data can be maliciously acquired and tampered in a mode of man-in-the-middle attack and the like in the https stage.
The third approach is to use published psi algorithms such as dh-psi, ot-psi, etc. The scheme is based on a cryptography public key system, and can effectively ensure data security. The scheme is used for controlling the average overhead when the timing batch data are aligned. But for a real-time privacy query scene, the size of the set of the queried party is fixed to be 1, and the queried party is set to be 10 7 The level at which some compromise in performance and security has to be made.
However, the solution of the prior art Scalable Private Set Intersection Based on OT Extension is to provide a solution for large-scale static privacy data interaction, and cannot implement real-time dynamic privacy query.
Disclosure of Invention
The invention aims to solve the technical problems that the existing inter-institution data query can only realize large-scale static privacy data exchange and cannot realize real-time dynamic privacy query. The invention aims to provide a method, equipment and storage medium for inquiring real-time privacy data among institutions, and the method, equipment and storage medium are used for realizing real-time dynamic privacy inquiry among institutions.
The invention is realized by the following technical scheme:
in a first aspect, the present invention provides a method for querying real-time privacy data between institutions, the method comprising initializing a data volume, querying real-time privacy data and updating real-time privacy data;
initializing the total data: the requester negotiates with the server through DH algorithm and constructs four hash functions G, C, rnk, idx and a large constant gamma; the requesting party generates a random number s and the serving party generates a β set of random key pairs (k 0 ,k 1 ) The method comprises the steps of carrying out a first treatment on the surface of the The request initiates execution of an inadvertent transmission OT to the service party, and the request party obtains the selected key k s The method comprises the steps of carrying out a first treatment on the surface of the The server negotiates and constructs a hash function and a large constant according to the data set X held by the server, and a beta group random key pair (k 0 ,k 1 ) Generating matrices T, U and V, where V is derived from T, U and sends V to the requestor and creates an index M; the requester constructs a hash function, a random number s and a secret key k according to the negotiation s Generating a matrix Q by the matrix V;
real-time privacy data update: the method comprises three cases of real-time data addition, modification and deletion; for the new and modification of real-time data, the server side adds and modifies the data (x, data x]) Update matrix T, U, V and index M and change line V Δ Sending to a requesting party; the requester is provided with a hash function, a random number s and a secret key k s Based on all unchanged, according to V Δ Updating the matrix Q; for real-time data deletion, only a server side is required to delete the data corresponding to the index;
real-time privacy data query: the requester calculates y 'according to the label y to be inquired and sends y' to the server; the server queries y 'in M, if y' is queried, symmetric key is used
For data x]Performing AES encryption, returning a result data ', and returning random data if y' is not queried; the requestor uses->
AES decrypting the data' to obtain data [ x ]]Verifying the correctness of the data format;
the invention combines the data volume initialization, the real-time privacy data inquiry and the real-time privacy data update to realize the real-time dynamic privacy inquiry between the requesting party and the service party.
The scheme based on the prior art Scalable Private Set Intersection Based on OT Extension provides a scheme for solving large-scale static privacy data interaction, and cannot realize real-time dynamic privacy inquiry. The invention adopts the improved OT-PSI based real-time privacy data inquiry among the implementation mechanisms, and is used for realizing the real-time privacy data update by additionally configuring a hash function G and creating an index M in the data full initialization stage on the basis of the prior art; the real-time privacy data updating stage is increased, and the real-time dynamic privacy query between the requester and the server is realized by combining the data volume initialization, the real-time privacy data query and the real-time privacy data updating.
The present invention provides a solution for cross-institution private data querying over an untrusted network. In the implementation process of the scheme, a DH algorithm is used for negotiating the configuration constant of the hash function, and the random keys k and p are transmitted by using asymmetric encryption through careless transmission. Whereas decryption of matrix V requires a random key k, p and an inverse hash function. Therefore, when a malicious third party steals the intermediate result, for V, the parameter of the hash function cannot be known, x cannot be obtained by reverse operation, and for data', γ cannot be obtained, and data [ x ] cannot be enumerated and released.
The invention provides protection for a dishonest partner. For the requestor, the correct data [ x ] can be obtained if and only if x is equal to y]If t is not present j When y' is equal, the server returns random data if t j When y 'is equal and x is not equal to y, the requester cannot correctly spell the data' key, and further cannot decrypt to obtain the data plaintext. For matrix V, since there is 15% random data in it, and the proportion will continuously rise during the update of data by the server, requestThe party cannot independently determine which data in V is valid and which is invalid. For the server, after receiving y', if t is not present j Equal to y', since the server does not know the private key s, the plaintext information of y cannot be obtained.
The invention provides a private data query scheme in a low-bandwidth environment. After the data full initialization stage is completed, in daily use, one bandwidth of 2m can meet the requirement. Even in the data full initialization phase, for 3×10 6 For stripe-level data sizes, data transmission and processing can also be completed within 1 hour.
Further, the method further comprises the step of refreshing the stock data, wherein the step of refreshing the stock data comprises the following steps:
on the basis that the requester keeps the random number s, the hash function and the large constant unchanged, the server generates a beta group of random key pairs (p 0 ,p 1 ) The method comprises the steps of carrying out a first treatment on the surface of the The request initiates execution of an inadvertent transmission OT to the service party, and the request obtains the selected increment key p s The method comprises the steps of carrying out a first treatment on the surface of the Based on the hash function and the large constant, the server side performs the hash function according to the beta group random key pair (p 0 ,p 1 ) Updating the matrix T and the index M, and updating the secret key by the server; the requester uses the increment key p on the basis of the unchanged random number s, hash function and large constant s The matrix Q is updated, and the key is updated at the same time.
Further, the stock data refreshing specifically includes the following steps:
step 10, the requester holds a random number s e {0,1} β The hash function G, C, rnk, idx and the large constant gamma are all unchanged: the service side generates a beta group random key pair (p 0 ,p 1 )∈{0,1} 2κ The request initiates execution of an inadvertent transmission to the service party
The requester obtains the selected increment key p s ;
Step 11, the server side based on the hash function G, C, rnk, idx and the large constant gamma, based on the beta group random keyKey pair (p) 0 ,p 1 ) Updating the matrix T; for the following
Updating the index M: t is t j →Data[x]The method comprises the steps of carrying out a first treatment on the surface of the For->
Is kept unchanged; at the same time the server updates the key +.>
The requester uses the increment secret key p on the basis of the unchanged random number s, the hash function G, C, rnk, idx and the large constant gamma s Update matrix Q->
At the same time the requester updates the key->
Wherein t is i Represents the ith column, T, of the matrix T j Represents the j-th row of matrix T;
representing an exclusive-or operation; />
Arbitrary is indicated and will not be explained in detail in the following.
Further, the configuration process of the hash function G is as follows: first negotiating a random small prime alpha by DH algorithm<2 31 Second construct a function
Then, use g-construction ∈ ->
Further, the set size of the server index M is 10 7 A level.
Further, a large constant γ<2 192 。
Further, the data volume initialization specifically includes the following steps:
step 20, the requester and the server negotiate a plurality of constants through DH algorithm to configure four hash functions
C:{0,1} * →{0,1} β 、Rnk:{0,1} * →[0,κ)、Idx:{0,1} * →{0,1} m And a large constant γ;
step 21, the requester generates a random number s E {0,1} β The service side generates beta group random key pair
The request initiates the execution of an unintentional transfer to the server>
The requester gets the selected key k s ;
Step 22, the server negotiates the hash function and the large constant, β -group random key pair (k 0 ,k 1 ) Generating matrices T, U and V for
Calculation of
And creates an index M: t is t j →Data[x]For->
Generating random data, and generating a line number not lower than 0.15 x|X|; and transmitting V to the requestor in a row vector list format; wherein t is i Represents the ith column, T, of the matrix T j Represents the j-th row of matrix T; />
Representing an exclusive-or operation;
step 23, the requester constructs a hash function and a large constant, a random number s and a secret key k according to the negotiation s Generating a matrix Q by the matrix V; wherein, 
for the elements of the j-th row and i-th column of matrix Q, -/->
Further, the method is used for cross-institution privacy data query and protection of dishonest partners on an untrusted network.
In a second aspect, the present invention further provides a computer device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the method for querying private data in real time between institutions when executing the computer program.
In a third aspect, the present invention also provides a computer readable storage medium storing a computer program, which when executed by a processor implements the method for querying private data in real time between institutions.
Compared with the prior art, the invention has the following advantages and beneficial effects:
1. the present invention provides a solution for cross-institution private data querying over an untrusted network. In the implementation process of the scheme, a DH algorithm is used for negotiating the configuration constant of the hash function, and the random keys k and p are transmitted by using asymmetric encryption through careless transmission. Whereas decryption of matrix V requires a random key k, p and an inverse hash function. Therefore, when a malicious third party steals the intermediate result, for V, the parameter of the hash function cannot be known, x cannot be obtained by reverse operation, and for data', γ cannot be obtained, and data [ x ] cannot be enumerated and released.
2. The invention provides protection for a dishonest partner. For the requestor, the correct data [ x ] can be obtained if and only if x is equal to y]If t is not present j When y' is equal, the server returns random data if t j When y 'is equal and x is not equal to y, the requester cannot correctly spell the data' key, and further cannot decrypt to obtain the data plaintext. For matrix V, since there is 15% random data, and this proportion will continue to rise during the update of data by the server, the requestor cannot independently determine which data in V is valid and which is invalid. For the server, after receiving y', if t is not present j Equal to y', since the server does not know the private key s, the plaintext information of y cannot be obtained.
3. The invention provides a private data query scheme in a low-bandwidth environment. After the data full initialization stage is completed, in daily use, one bandwidth of 2m can meet the requirement. Even in the data full initialization phase, for 3×10 6 For stripe-level data sizes, data transmission and processing can also be completed within 1 hour.
4. The invention realizes real-time dynamic privacy query among institutions, but not static privacy data query.
5. The single inquiry transmission quantity of the scheme of the invention is lower than 1kb, and the occupied bandwidth per second is lower than 1mb for 500 requests and updates per second. Compared with the prior art, the traditional ot-psi query consumes similar resources, real-time update is not supported, dh-psi does not consume bandwidth during update, and the query stage consumes too much. With a data size of 3 x 10 6 For example, when 750 elements are aggregated in a subset to provide dh-psi query service, a single transmission consumes more than 180kb of bandwidth, and at least 36mb of bandwidth is required to achieve a 200tps throughput. Identical toUnder pressure, the bandwidth consumed by a single query in the scheme is lower than 1kb, and the bandwidth occupied per second is lower than 1mb.
6. The result can be obtained through one-time back and forth communication in the query process of the scheme, the response of 1s can be averagely achieved under the throughput of 200tps, and the calculated amount of both sides of a single query is within 1000 times. Compared with the prior art, the traditional ot-psi query consumes similar resources, does not support real-time updating, dh-psi needs to be communicated back and forth at least twice, and under the 100tps throughput state, the test needs to be carried out for an average 3s time response. With a data size of 3 x 10 6 For example, in the dh-psi scheme single query calculation process, both the A and the B need to exceed 3.9.10 4 And twice.
Drawings
The accompanying drawings, which are included to provide a further understanding of embodiments of the invention and are incorporated in and constitute a part of this application, illustrate embodiments of the invention. In the drawings:
FIG. 1 is a flow chart of data volume initialization of an inter-institution real-time privacy data query method of the present invention.
FIG. 2 is a flow chart of the inventory data refreshing of the inter-institution real-time privacy data query method of the present invention.
Fig. 3 is a flow chart of real-time private data query of the inter-institution real-time private data query method of the present invention.
Fig. 4 is a flowchart (new and modified) of a real-time privacy data update method of an inter-institution real-time privacy data query method according to the present invention.
Fig. 5 is a second flowchart (delete) of real-time privacy data update of an inter-institution real-time privacy data query method according to the present invention.
Detailed Description
For the purpose of making apparent the objects, technical solutions and advantages of the present invention, the present invention will be further described in detail with reference to the following examples and the accompanying drawings, wherein the exemplary embodiments of the present invention and the descriptions thereof are for illustrating the present invention only and are not to be construed as limiting the present invention.
Example 1
As shown in fig. 1 to 5, the method for querying real-time privacy data between institutions, which is based on the scheme of large-scale static privacy data interaction in the prior art, cannot realize real-time dynamic privacy query. The invention adopts the improved OT-PSI based real-time privacy data inquiry among the implementation mechanisms, and is used for realizing the real-time privacy data update by additionally configuring a hash function G and creating an index M in the data full initialization stage on the basis of the prior art; the real-time privacy data updating stage is increased, and the real-time dynamic privacy query between the requester and the server is realized by combining the data volume initialization, the real-time privacy data query and the real-time privacy data updating.
The method comprises four stages of data total initialization, stock data refreshing, real-time privacy data query and real-time privacy data updating. The interactive transmission matrix V is transmitted in the form of a row Vector list, where each row includes two elements, a row number LineNo and a specific matrix data Vector. In the process described below, the model is described in which the server b holds Data, and the request Fang Jia initiates a query to the server b. For index x, the Data held by server B is denoted as Data [ x ].
In the following description, the requestor may be referred to as a and the server may be referred to as b.
Initializing the total data: the A and the B negotiate and construct four hash functions G, C, rnk, idx and a large constant gamma through DH algorithm; generating random number s by A and generating beta group random key pair (k by B 0 ,k 1 ) The method comprises the steps of carrying out a first treatment on the surface of the Initiating execution of an unintentional transfer of OT from A to B, and obtaining a selected key k by A s The method comprises the steps of carrying out a first treatment on the surface of the B negotiates the hash function and the large constant obtained by construction according to the data set X held by itself, and the beta group random key pair (k 0 ,k 1 ) Generating matrices T, U and V, where V is derived from T, U and sends V to the requestor and creates an index M; a, constructing a hash function and a large constant, a random number s and a secret key k according to negotiation s Generating a matrix Q by the matrix V;
in specific implementation, the data volume initialization specifically includes the following steps:
step 20, negotiating a plurality of constants by DH algorithm to configure four hash functions
C:{0,1} * →{0,1} β 、Rnk:{0,1} * →[0,κ)、Idx:{0,1} * →{0,1} m In practical application, k=128, m=64, and β=128 are taken. And B holds a data set X. For F, A.fwdarw.B, a function F is described, which defines the domain as A and the value domain as B. For {0,1} a A binary number of length a is described.
The configuration process of the hash function G is as follows: first negotiating a random small prime alpha by DH algorithm<2 31 Second construct a function
Then, use g-construction ∈ ->
The negotiated constant contains a large constant gamma for result symmetric encryption key assembly<2 192 。
Step 21, A generates a random number s ε {0,1} β Beta group random key pair
Initiating execution of an unintentional transfer from A to B>
First obtains the selected key k s The method comprises the steps of carrying out a first treatment on the surface of the Wherein (1)>
The description is as follows.
Step 22, the second step is to negotiate the hash function and the large constant, β group random key pair (k 0 ,k 1 ) Generating matrices T, U and V for
Calculate->
/>
And creates an index M: t is t j →Data[x]For->
Generating random data, and generating a line number not lower than 0.15 x|X|; and transmitting V to A in a row vector list format; wherein t is i Represents the ith column, T, of the matrix T j Represents the j-th row of matrix T; />
Representing an exclusive-or operation;
step 23, A constructs hash function and large constant, random number s, secret key k according to negotiation s Generating a matrix Q by the matrix V; wherein, 
for the elements of the j-th row and i-th column of matrix Q, -/->
Stock data refreshing: for the storage data refreshing stage, the bandwidth consumption is far lower than that of the data full initializing stage, the matrix refreshing is completed, and the data safety is improved, including: a keeps the random number s, hash function and large constant unchanged, B generates a beta group random key pair (p 0 ,p 1 ) The method comprises the steps of carrying out a first treatment on the surface of the Initiating execution of unintentional transmission of OT from A to B, and obtaining the selected increment secret key p by A s The method comprises the steps of carrying out a first treatment on the surface of the Based on the hash function and the large constant, the second method uses the beta group random key pair (p 0 ,p 1 ) Updating the matrix T and the index M, and updating the secret key by the second step; a, based on the random number s, hash function and large constant, according to the increment key p s The matrix Q is updated, and the key is updated at the same time.
In specific implementation, the stock data refreshing specifically includes the following steps:
step 10, A keeps the random number s epsilon {0,1} β The hash function G, C, rnk, idx and the large constant gamma are all unchanged: beta group random key pair (p) 0 ,p 1 )∈{0,1} 2κ Initiating an execution of an unintentional transfer from A to B
The first obtains the selected increment key p s ;
Step 11, based on the hash function G, C, rnk, idx and the large constant γ, the second step is performed according to the β group random key pair (p 0 ,p 1 ) Updating the matrix T; for the following
Updating the index M: t is t j →Data[x]The method comprises the steps of carrying out a first treatment on the surface of the For->
Is kept unchanged; at the same time, update key->
A is based on the random number s, hash function G, C, rnk, idx and large constant gamma, according to the increment key p s The matrix Q is updated and,
at the same time the A update key->
Wherein t is i Represents the ith column, T, of the matrix T j Represents the j-th row of matrix T;
representing an exclusive-or operation; />
Is arbitrarily represented, hereinafter not to be interpreted one by oneReleasing.
Real-time privacy data query: for the real-time privacy data query stage, the first can initiate privacy data query to the second in real time, including: calculating y 'according to the label y to be inquired, and sending y' to the second; b queries y 'in M, if y' is queried, symmetric key is used
For data x]Performing AES encryption, returning a result data ', and returning random data if y' is not queried; first use +.>
AES decrypting the data' to obtain data [ x ]]Verifying the correctness of the data format;
real-time privacy data update: the method comprises three cases of real-time data addition, modification and deletion; for the new and modification of real-time data, based on the unchanged hash function, B is added according to the modified data (x, data [ x ]]) Update matrix T, U, V and index M and change line V Δ Sending to the first; first hash function, random number s, secret key k s Based on all unchanged, according to V Δ Updating the matrix Q; for real-time data deletion, only the data corresponding to the index is deleted;
in specific implementation, the updating of the real-time privacy data specifically includes the following steps:
for the new or added real-time data, assuming that the new data is (x, data [ x ]), comprising the steps of:
step 1: and updating the matrix T. Note j=idx (x), update
/>
Updating the index M: tj→Data [ x ]]. For->
Randomly find 3 to4 lines, regenerating random data, and adding 1 to 2 lines to generate new random data. And will change the row V Δ To the nail.
Step 2: a updates matrix Q. For all of
For real-time data deletion, only the data of the corresponding index need to be deleted.
Wherein, inadvertent transmission (OT):
nail holding data (m) 0 And m 1 ) The second holds a selection mark r epsilon {0,1}, and both sides perform an unintentional transmission process. After the process is finished, B obtains the requested data m r . Meanwhile, the A does not know r, and the B does not know m 1-r . This process is denoted as OT ((m) 0 ,m 1 ) Nail armor ,r Second step ). For m number of unintentional transmissions, k number of transmissions may be abbreviated as
The total transmission overhead is 8ml bit, the A calculation overhead is +.>
Computing overhead bit of B->
The unintentional transfer (OT) process includes the steps of:
step 1: first generating an asymmetric key (P 0 ,p 0 ) And (P) 1 ,p 1 ). And publishes public key P 0 、P 1 。
Step 2: and generating a random number b. According to the selection mark r, P is used r Encrypting b, obtaining and transmitting the request parameter X.
Step 3: the specific value of r is not known to the first party, using the private keyp 0 、p 1 Decrypting X to obtain an exclusive OR code k 0 、k 1 . Calculation of
Transmits the result pair (y 0 、y 1 )。
Step 4: second calculation
The final result is obtained.
Privacy Set Intersection (PSI):
eand share three hash functions, G: {0,1}, respectively κ →{0,1} m 、C:{0,1} * →{0,1} β ,Idx:{0,1} * →[m]. Holds set X, holds set Y, and the element is less than m. The Privacy Set Intersection (PSI) process includes the steps of:
step 1: a generates a random number s E {0,1} β . Beta group random key pair
Initiating execution of an unintentional transfer from A to B>
First obtains the selected key k s 。
Step 2: the b generates matrices T, U and V. Wherein, 
and transmits V to the nail.
Step 3: a matrix Q is generated. Wherein, 
for->
Calculation of
And R is sent to b.
Step 4: and B contrasts with the matrixes R and T. If R is j ==T j There is Idx -1 (j)∈X∩Y。
1. Proof when y' =t j When y=idx -1 (j)。
∵k s =OT((k 0 ,k 1 ),s)
When t is present j When y' is equal, C (y) is equal to C (x);
the definition and value ranges of C are sufficiently large;
it is considered that at this time, x and y are equal.
The technical scheme of the invention has the following characteristics:
the real-time single-row inquiry is taken as a core requirement, the data security is ensured through multiparty security calculation, and the communication efficiency and the calculation efficiency are both considered. So that the two parties can complete psi calculation by using 3 8 core computers under the 2mb bandwidth network.
The data amount N of the second data is estimated to be 3×10 6 Bar level, taking this as the blue book, the consumption estimate at each stage is as follows:
in the data full initialization phase, the total transmission amount is 576.13mb. The calculated amount of the first is as follows: 2.5.10 10 The calculated amount of the second is as follows: 4.4.10 10 . This process was run once in a set of months.
In the stored data refresh phase, the total transfer size is 128kb. The calculated amount of the first is as follows: 2.19.10 10 The calculated amount of the second is as follows: 2.20.10 10 . This process was run once a day in the early morning.
In the real-time privacy Data query phase, the total transmission amount of a single request depends on the length of one row in Data, which is less than 1kb in practical application. The calculated amount of the first is less than: 2.10 3 The calculated amount of the second is smaller than that: 2.10 3 . This should in principle be no more than 500 calls per second.
In the real-time privacy data update phase, 500 changes per second are assumed, and the total transmission amount is 427kb. The calculated amount of the first is as follows: 3.65.10 6 The calculated amount of the second is as follows: 7.74.10 6 . This process runs once per second.
The present invention provides a solution for cross-institution private data querying over an untrusted network. In the implementation process of the scheme, a DH algorithm is used for negotiating the configuration constant of the hash function, and the random keys k and p are transmitted by using asymmetric encryption through careless transmission. Whereas decryption of matrix V requires a random key k, p and an inverse hash function. Therefore, when a malicious third party steals the intermediate result, for V, the parameter of the hash function cannot be known, x cannot be obtained by reverse operation, and for data', γ cannot be obtained, and data [ x ] cannot be enumerated and released.
The invention provides protection for a dishonest partner. For the requestor, the correct data [ x ] can be obtained if and only if x is equal to y]If t is not present j When y' is equal, the server returns random data if t j When y 'is equal and x is not equal to y, the requester cannot correctly spell the data' key, and further cannot decrypt to obtain the data plaintext. For matrix V, since there is 15% random data, and this proportion will continue to rise during the update of data by the server, the requestor cannot independently determine which data in V is valid and which is invalid. For the server, after receiving y', if t is not present j Equal to y', since the server does not know the private key s, the plaintext information of y cannot be obtained.
The invention provides a private data query scheme in a low-bandwidth environment. After the data full initialization stage is completed, in daily use, one bandwidth of 2m can meet the requirement. Even in the data full initialization phase, for 3×10 6 For stripe-level data sizes, data transmission and processing can also be completed within 1 hour.
Compared with the closest prior art, the method has the following technical advantages:
1. compared with the prior art Scalable Private Set Intersection Based on OT Extension, the invention provides a real-time dynamic privacy query scheme, and the prior art only provides a scheme for large-scale static privacy data interaction.
2. The single inquiry transmission quantity of the scheme of the invention is lower than 1kb, and the occupied bandwidth per second is lower than 1mb for 500 requests and updates per second. Compared with the prior art, the traditional ot-psi query consumes similar resources, real-time update is not supported, dh-psi does not consume bandwidth during update, and the query stage consumes too much. With a data size of 3 x 10 6 For example, when 750 elements are aggregated in a subset to provide dh-psi query service, a single transmission consumes more than 180kb of bandwidth, and at least 36mb of bandwidth is required to achieve a 200tps throughput. Under the same pressure, the bandwidth consumed by a single query in the scheme is lower than 1kb, and the bandwidth occupied per second is lower than 1mb.
3. The result can be obtained through one-time back and forth communication in the query process of the scheme, the response of 1s can be averagely achieved under the throughput of 200tps, and the calculated amount of both sides of a single query is within 1000 times. Compared with the prior art, the traditional ot-psi query consumes similar resources, does not support real-time updating, dh-psi needs to be communicated back and forth at least twice, and under the 100tps throughput state, the test needs to be carried out for an average 3s time response. With a data size of 3 x 10 6 For example, in the dh-psi scheme single query calculation process, both the A and the B need to exceed 3.9.10 4 And twice.
In addition, the invention also provides computer equipment, which comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor realizes the inter-mechanism real-time privacy data query method when executing the computer program.
In addition, the invention also provides a computer readable storage medium, wherein the computer readable storage medium stores a computer program, and the computer program realizes the inter-institution real-time privacy data query method when being executed by a processor.
It will be appreciated by those skilled in the art that embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing description of the embodiments has been provided for the purpose of illustrating the general principles of the invention, and is not meant to limit the scope of the invention, but to limit the invention to the particular embodiments, and any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the invention are intended to be included within the scope of the invention.
Claims (10)
1. The method is characterized by comprising the steps of initializing the total data, inquiring the real-time privacy data and updating the real-time privacy data;
initializing the total data: the requester negotiates with the server through DH algorithm and constructs four hash functions G, C, rnk, idx and a large constant gamma; the requesting party generates a random number s and the serving party generates a β set of random key pairs (k 0 ,k 1 ) The method comprises the steps of carrying out a first treatment on the surface of the The request initiates execution of an inadvertent transmission OT to the service party, and the request party obtains the selected key k s The method comprises the steps of carrying out a first treatment on the surface of the The server negotiates and constructs a hash function and a large constant according to the data set X held by the server, and a beta group random key pair (k 0 ,k 1 ) Generating matrices T, U and V, sending V to the requestor, and creating an index M; the requester constructs a hash function, a random number s and a secret key k according to the negotiation s Generating a matrix Q by the matrix V;
real-time privacy data update: the method comprises three cases of real-time data addition, modification and deletion; for the new and modification of real-time data, the server side adds and modifies the data (x, data x]) Update matrix T, U, V and index M and change line V Δ Sending to a requesting party; the requester is provided with a hash function, a random number s and a secret key k s Based on all unchanged, according to V Δ Updating the matrix Q; for real-time data deletion, the server side deletes the data corresponding to the index;
real-time privacy data query: the requester calculates y 'according to the label y to be inquired and sends y' to the server; the server inquires y 'in M, if y' is inquired, AES encryption is carried out on data [ x ] by combining a large constant gamma with x, a result data 'is returned, and if y' is not inquired, random data is returned; AES decryption is carried out on the data' by a requester to obtain data [ x ];
the generation of matrix T, U, V is: the server negotiates and constructs a hash function and a large constant according to the data set X held by the server, and a beta group random key pair (k 0 ,k 1 ) Generating matrices T, U and V for
Calculate->
And creates an index M: t is t j →Data[x]For->
Generating random data, and generating a line number not lower than 0.15 x|X|; and transmitting V to the requestor in a row vector list format; wherein t is i Represents the ith column, T, of the matrix T j Represents the j-th row of matrix T; />
Representing an exclusive-or operation;
the generation of matrix Q is: the requester constructs a hash function and a large constant, a random number s and a secret key k according to negotiation s Generating a matrix Q by the matrix V; wherein, 
for the elements of the j-th row and i-th column of matrix Q, -/->
2. The method for querying real-time private data among institutions according to claim 1, wherein the data volume initialization specifically comprises the following steps:
step 20, the requester and the server negotiate a plurality of constants through DH algorithm and configure four hash functions G:
C:{0,1} * →{0,1} β 、Rnk:{0,1} * →[0,κ)、Idx:{0,1} * →{0,1} m and a large constant γ;
step 21, the requester generates a random number s E {0,1} β The service side generates beta group random key pair
The request initiates the execution of an unintentional transfer to the server>
The requester gets the selected key k s 。
3. The method for querying real-time private data between institutions according to claim 1, further comprising a stock data refresh, wherein said stock data refresh comprises:
on the basis that the requester keeps the random number s, the hash function and the large constant unchanged, the server generates a beta group of random key pairs (p 0 ,p 1 ) The method comprises the steps of carrying out a first treatment on the surface of the The request initiates execution of an inadvertent transmission OT to the service party, and the request obtains the selected increment key p s The method comprises the steps of carrying out a first treatment on the surface of the Based on the hash function and the large constant, the server side performs the hash function according to the beta group random key pair (p 0 ,p 1 ) Updating the matrix T and the index M, and updating the secret key by the server; the requester uses the increment key p on the basis of the unchanged random number s, hash function and large constant s The matrix Q is updated, and the key is updated at the same time.
4. The method for querying real-time private data among institutions according to claim 3, wherein the stock data refreshing comprises the following steps:
step 10, the requester holds a random number s e {0,1} β The hash function G, C, rnk, idx and the large constant gamma are all unchanged: the service side generates a beta group random key pair (p 0 ,p 1 )∈{0,1} 2κ The request initiates execution of an inadvertent transmission to the service party
The requester obtains the selected increment key p s ;
Step 11, the server side performs a hash function G, C, rnk, idx and a large constant gamma, based on the β group random key pair (p 0 ,p 1 ) Updating the matrix T; for the following
Updating the index M: t is t j →Data[x]The method comprises the steps of carrying out a first treatment on the surface of the For->
Is kept unchanged; at the same time the server updates the key +.>
The requester uses the increment secret key p on the basis of the unchanged random number s, the hash function G, C, rnk, idx and the large constant gamma s Update matrix Q->
At the same time the requester updates the key->
Wherein t is i Represents the ith column, T, of the matrix T j Represents the j-th row of matrix T;
representing an exclusive or operation.
5. The method for querying real-time private data between institutions according to claim 1, wherein the configuration process of the hash function G is as follows: first negotiating a random small prime number alpha < 2 through DH algorithm 31 Which is provided withSecondary constructor function
Then, use g-construction ∈ ->
6. The method for querying inter-institution real-time private data according to claim 1, wherein the set size of the server index M is 10 7 A level.
7. The method for querying real-time private data between institutions according to claim 1, wherein the large constant γ < 2 192 。
8. The method of claim 1, wherein the method is used for cross-institution private data query and protection of dishonest partners on an untrusted network.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements an inter-institution real-time privacy data querying method as claimed in any of claims 1 to 8 when the computer program is executed.
10. A computer readable storage medium storing a computer program, wherein the computer program when executed by a processor implements an inter-institution real-time private data querying method according to any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110967367.0A CN113672980B (en) | 2021-08-23 | 2021-08-23 | Inter-institution real-time privacy data query method, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110967367.0A CN113672980B (en) | 2021-08-23 | 2021-08-23 | Inter-institution real-time privacy data query method, device and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113672980A CN113672980A (en) | 2021-11-19 |
| CN113672980B true CN113672980B (en) | 2023-05-30 |
Family
ID=78545057
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110967367.0A Active CN113672980B (en) | 2021-08-23 | 2021-08-23 | Inter-institution real-time privacy data query method, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113672980B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111931207A (en) * | 2020-08-07 | 2020-11-13 | 北京百度网讯科技有限公司 | Method, device and equipment for obtaining privacy set intersection and storage medium |
| CN112270006A (en) * | 2020-11-02 | 2021-01-26 | 重庆邮电大学 | Searchable encryption method for hiding search mode and access mode in e-commerce platform |
| CN113169976A (en) * | 2018-12-18 | 2021-07-23 | 国际商业机器公司 | Secure multi-detection of sensitive data using Private Set Intersection (PSI) |
| CN113225186A (en) * | 2021-05-31 | 2021-08-06 | 平安科技(深圳)有限公司 | Private data intersection solving method and device, computer equipment and storage medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US10268834B2 (en) * | 2014-06-26 | 2019-04-23 | Telefonaktiebolaget Lm Ericsson (Publ) | Privacy-preserving querying mechanism on privately encrypted data on semi-trusted cloud |
-
2021
- 2021-08-23 CN CN202110967367.0A patent/CN113672980B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113169976A (en) * | 2018-12-18 | 2021-07-23 | 国际商业机器公司 | Secure multi-detection of sensitive data using Private Set Intersection (PSI) |
| CN111931207A (en) * | 2020-08-07 | 2020-11-13 | 北京百度网讯科技有限公司 | Method, device and equipment for obtaining privacy set intersection and storage medium |
| CN112270006A (en) * | 2020-11-02 | 2021-01-26 | 重庆邮电大学 | Searchable encryption method for hiding search mode and access mode in e-commerce platform |
| CN113225186A (en) * | 2021-05-31 | 2021-08-06 | 平安科技(深圳)有限公司 | Private data intersection solving method and device, computer equipment and storage medium |
Non-Patent Citations (4)
| Title |
|---|
| A More Efficient Private Set Intersection Protocol Based on Random OT and Balance Hash;Liyan Shen 等;《 ICC 2019 - 2019 IEEE International Conference on Communications (ICC)》;1-7 * |
| Scalable Private Set Intersection Based on OT Extension;Benny Pinkas 等;《ACM Transactions on Privacy and Security》;第21卷(第2期);1-35 * |
| 一种改进PSI协议的基因数据隐私保护方案;田美金;马建峰;刘志全;冯丙文;魏凯敏;;西安电子科技大学学报(04);94-101 * |
| 基于同态加密和Bloom过滤器的云外包多方隐私集合比较协议;张恩 等;《计算机应用》;第38卷(第08期);2256-2260 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113672980A (en) | 2021-11-19 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109768987B (en) | Block chain-based data file safe and private storage and sharing method | |
| Li et al. | Privacy-preserving machine learning with multiple data providers | |
| CN113424185B (en) | Fast inadvertent transmission | |
| CN108390876B (en) | Multi-authorization-center access control method capable of supporting outsourcing revocation and verification and cloud server | |
| Xu et al. | Lightweight and expressive fine-grained access control for healthcare Internet-of-Things | |
| JP6941183B2 (en) | Data tokenization | |
| Xhafa et al. | Designing cloud-based electronic health record system with attribute-based encryption | |
| US6937726B1 (en) | System and method for protecting data files by periodically refreshing a decryption key | |
| US7356688B1 (en) | System and method for document distribution | |
| US6859533B1 (en) | System and method for transferring the right to decode messages in a symmetric encoding scheme | |
| Fan et al. | TraceChain: A blockchain‐based scheme to protect data confidentiality and traceability | |
| JP6770075B2 (en) | Encrypted message search method, message sending / receiving system, terminal, program | |
| JP4010766B2 (en) | Public and non-commutative encoding method and encryption method of message | |
| CN112966022B (en) | Information query method, device and system of data transaction platform | |
| US7286665B1 (en) | System and method for transferring the right to decode messages | |
| Huang et al. | Efficient migration for mobile computing in distributed networks | |
| CN114697042A (en) | Block chain-based Internet of things security data sharing proxy re-encryption method | |
| CN113672980B (en) | Inter-institution real-time privacy data query method, device and storage medium | |
| Lan et al. | An efficient and revocable attribute-based data sharing scheme with rich expression and escrow freedom | |
| CN113904818B (en) | Lightweight fine-grained access control method supporting ciphertext sharing and aggregation | |
| US20010009583A1 (en) | Secret key registration method, secret key register, secret key issuing method, cryptographic communication method and cryptographic communication system | |
| Swetha et al. | Security on mobile cloud computing using cipher text policy and attribute based encryption scheme | |
| CN114020793A (en) | Method, device, equipment and storage medium for querying private data among multiple mechanisms | |
| EP1130843A2 (en) | System and method for transferring the right to decode messages in a symmetric encoding scheme | |
| Chung et al. | Efficient migration access control for mobile agents |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |