CN113987582A - RSA algorithm-based secret query method and system - Google Patents

RSA algorithm-based secret query method and system Download PDF

Info

Publication number
CN113987582A
CN113987582A CN202111334584.2A CN202111334584A CN113987582A CN 113987582 A CN113987582 A CN 113987582A CN 202111334584 A CN202111334584 A CN 202111334584A CN 113987582 A CN113987582 A CN 113987582A
Authority
CN
China
Prior art keywords
data
exclusive
node
ciphertext
code
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111334584.2A
Other languages
Chinese (zh)
Inventor
张二毛
吴磊
李鑫
熊佩
谢丹力
孙超
孙曼
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CCB Finetech Co Ltd
Original Assignee
CCB Finetech Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CCB Finetech Co Ltd filed Critical CCB Finetech Co Ltd
Priority to CN202111334584.2A priority Critical patent/CN113987582A/en
Publication of CN113987582A publication Critical patent/CN113987582A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2453Query optimisation
    • G06F16/24534Query rewriting; Transformation
    • G06F16/24537Query rewriting; Transformation of operators
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a hidden query method and a system based on an RSA algorithm, comprising the following steps: the data query node receives all the queryable information sent by the data providing node and the corresponding public keys, generates a random code, encrypts the random code by the public keys corresponding to the data to be queried to obtain a ciphertext, decrypts the ciphertext by the data providing node by each public key to obtain a corresponding decrypted plaintext, and performs exclusive OR operation on each decrypted plaintext and the corresponding queryable data to obtain a corresponding first exclusive OR code, the data query node performs exclusive OR operation on the random code and each first exclusive OR code to generate a plurality of second exclusive OR codes, and the second exclusive OR codes corresponding to the public keys corresponding to the data to be queried are the data to be queried. Any random code is encrypted by adopting the asymmetric key, the encrypted random code is decrypted by adopting all private keys to obtain a corresponding decrypted plaintext, and then exclusive OR operation is carried out on all the decrypted plaintext, corresponding data and random numbers, so that the privacy in the process of secret query is improved.

Description

RSA algorithm-based secret query method and system
Technical Field
The application relates to the technical field of information security, in particular to a method and a system for secret query based on an RSA algorithm.
Background
The hidden query, also called private information retrieval, means that a query party hides keywords or client ID information of a queried object, and a data service party provides a matched query result but cannot know which query object specifically corresponds to. Data can not go out and can be calculated, and the possibility of data caching is avoided. Privacy Information Retrieval (PIR), is a policy adopted to ensure privacy of personal privacy on a public network platform. When the user searches information on the database, the user adopts a certain method to prevent the database server from knowing the relevant information of the user query statement, thereby protecting the query privacy of the user. The development and popularization of private information retrieval require not only the continuous improvement of privacy technologies but also the continuous enhancement of people's awareness of privacy protection. In the current real life, the private information retrieval has a large application space in the fields with high requirements for the hidden retrieval of the private information, such as medicine databases and patent databases.
Disclosure of Invention
Aiming at the problems in the prior art, the application provides a method and a system for hiding query based on an RSA algorithm, and the hiding performance of the whole query is realized by adopting an RSA asymmetric encryption technical means.
In order to solve the technical problem, the application provides the following technical scheme:
in a first aspect, the present application provides a secret query method based on RSA algorithm, executed by the data providing node, where the data providing node includes all queriable data, each of the queriable data corresponds to a public-private key pair in a one-to-one manner, each of the public-private key pair includes a public key and a private key, each of the queriable data corresponds to identification information, and the secret query method includes:
sending all the identification information and the corresponding public keys to a data query node, wherein the data query node generates a random code, and encrypting the random code by adopting the public key corresponding to the data to be queried to obtain a first ciphertext;
decrypting the first ciphertext by adopting each public key to obtain a corresponding decrypted plaintext, and performing exclusive OR operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive OR code;
and sending all the first exclusive-or codes to the data query node so that the data query node performs exclusive-or operation on the random code and each first exclusive-or code to generate second exclusive-or codes in one-to-one correspondence, wherein the second exclusive-or codes corresponding to the public key corresponding to the data to be queried are the data to be queried.
Further, the method for hiding the query further comprises the following steps:
encrypting all the identification information and the corresponding public key by adopting a symmetric key to obtain a second ciphertext;
correspondingly, sending all the identification information and the corresponding public keys to the data query node, including:
and sending the second ciphertext to a data query node.
In a second aspect, the present application provides a hidden query method based on an RSA algorithm, which is executed by the data query node, and the hidden query method includes:
receiving all identification information and corresponding public keys sent by a data providing node;
generating a random code, and encrypting the random code by adopting a public key corresponding to data to be inquired to obtain a first ciphertext;
receiving all first exclusive-or codes sent by a data query node, wherein the data providing node decrypts the first ciphertext by adopting each public key to obtain corresponding decrypted plaintext, and performs exclusive-or operation on each decrypted plaintext and corresponding queryable data to obtain corresponding first exclusive-or codes;
and respectively carrying out exclusive OR operation on the random code and each first exclusive OR code to generate second exclusive OR codes in one-to-one correspondence, wherein the second exclusive OR codes corresponding to the public keys corresponding to the data to be queried are the data to be queried.
Further, the data providing node encrypts all the identification information and the corresponding public key by using a symmetric key to obtain a second ciphertext, and the receiving all the identification information and the corresponding public key sent by the data providing node includes:
and receiving the second ciphertext sent by the data query node.
In a third aspect, the present application provides a secret query method based on RSA algorithm, where the data providing node includes all queriable data, each queriable data corresponds to a public-private key pair in a one-to-one manner, each public-private key pair includes a public key and a private key, and each queriable data corresponds to identification information, and the secret query method includes:
the data providing node sends all the identification information and the corresponding public keys to the data query node;
the data query node generates a random code, and encrypts the random code by using a public key corresponding to the data to be queried to obtain a first ciphertext;
the data providing node decrypts the first ciphertext sent by the data query node by adopting each public key to obtain corresponding decrypted plaintext, and performs exclusive OR operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive OR code;
and the data query node carries out exclusive-or operation on the random code and each first exclusive-or code sent by the data providing node to generate one-to-one corresponding second exclusive-or codes, wherein the second exclusive-or codes corresponding to the public key corresponding to the data to be queried are the data to be queried.
Further, the method for hiding the query further comprises the following steps:
encrypting all the identification information and the corresponding public key by adopting a symmetric key to obtain a second ciphertext;
correspondingly, the data providing node sends all the identification information and the corresponding public keys to the data query node, and the method comprises the following steps:
and the data providing node sends the second ciphertext to the data query node.
In a fourth aspect, the present application provides a data providing node, where the data providing node includes all queryable data, each queryable data corresponds to a public-private key pair, each public-private key pair includes a public key and a private key, and each queryable data corresponds to identification information, and the data providing node includes:
a first data transmission module: sending all the identification information and the corresponding public keys to a data query node, wherein the data query node generates a random code, and encrypting the random code by adopting the public key corresponding to the data to be queried to obtain a first ciphertext;
a decryption module: decrypting the first ciphertext by adopting each public key to obtain a corresponding decrypted plaintext, and performing exclusive OR operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive OR code;
the second data transmission module: and sending all the first exclusive-or codes to the data query node so that the data query node performs exclusive-or operation on the random code and each first exclusive-or code to generate second exclusive-or codes in one-to-one correspondence, wherein the second exclusive-or codes corresponding to the public key corresponding to the data to be queried are the data to be queried.
In a fifth aspect, the present application provides a data query node, comprising:
a first data receiving module: receiving all identification information and corresponding public keys sent by a data providing node;
a random code encryption module: generating a random code, and encrypting the random code by adopting a public key corresponding to data to be inquired to obtain a first ciphertext;
the second data receiving module: receiving all first exclusive-or codes sent by a data query node, wherein the data providing node decrypts the first ciphertext by adopting each public key to obtain corresponding decrypted plaintext, and performs exclusive-or operation on each decrypted plaintext and corresponding queryable data to obtain corresponding first exclusive-or codes;
a data query module: and respectively carrying out exclusive OR operation on the random code and each first exclusive OR code to generate second exclusive OR codes in one-to-one correspondence, wherein the second exclusive OR codes corresponding to the public keys corresponding to the data to be queried are the data to be queried.
In a sixth aspect, the present application provides a hidden query system based on RSA algorithm, including: the data query method comprises the following steps that a data providing node and a data query node are arranged;
the data providing node sends all the identification information and the corresponding public keys to the data query node;
the data query node generates a random code, and encrypts the random code by using a public key corresponding to the data to be queried to obtain a first ciphertext;
the data providing node decrypts the first ciphertext by adopting each public key to obtain a corresponding decrypted plaintext, performs exclusive OR operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive OR code, and sends the first exclusive OR code to the data querying node;
the data query node carries out exclusive-or operation on the random code and each first exclusive-or code to generate second exclusive-or codes in one-to-one correspondence, wherein the second exclusive-or codes corresponding to the public key corresponding to the data to be queried are the data to be queried;
the data providing node comprises all queryable data, each queryable data is in one-to-one correspondence with a public and private key pair, each public and private key pair comprises a public key and a private key, and each queryable data corresponds to identification information.
In a seventh aspect, the present application provides an electronic device, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the hidden query method when executing the program.
In an eighth aspect, the present application provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the suppressed query method.
According to the technical scheme, the method and the system for the secret query based on the RSA algorithm comprise the following steps: the data query node receives all the queryable information sent by the data providing node and the corresponding public keys thereof, generates a random code, encrypts the random code by the public key corresponding to the data to be queried to obtain a first ciphertext, decrypts the first ciphertext by each public key to obtain a corresponding decrypted plaintext, and performs exclusive OR operation on each decrypted plaintext and the corresponding queryable data to obtain a corresponding first exclusive OR code, and the data query node performs exclusive OR operation on the random code and each first exclusive OR code to generate second exclusive OR codes in one-to-one correspondence, wherein the second exclusive OR code corresponding to the public key corresponding to the data to be queried is the data to be queried. Any random code is encrypted by adopting the asymmetric key, the encrypted random code is decrypted by adopting all private keys to obtain a corresponding decrypted plaintext, and then exclusive OR operation is carried out on all the decrypted plaintext, corresponding data and random numbers, so that the privacy in the process of secret query is improved.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
Fig. 1 is a schematic flow chart of a data providing node in the RSA algorithm-based covert query method according to the embodiment of the present application.
Fig. 2 is a schematic flow chart of a data query node in the RSA algorithm-based covert query method in the embodiment of the present application.
Fig. 3 is a flowchart illustrating a method for hiding a query based on an RSA algorithm in an embodiment of the present application.
Fig. 4 is a schematic structural diagram of a data providing node in the RSA algorithm-based hiding query method in the embodiment of the present application.
Fig. 5 is a schematic structural diagram of a data query node in the RSA algorithm-based hiding query method in the embodiment of the present application.
Fig. 6 is a schematic structural diagram of the RSA algorithm-based hiding query system in the embodiment of the present application.
Fig. 7 is a schematic structural diagram of an electronic device in an embodiment of the present application.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
It should be noted that the RSA algorithm-based covert query method, system, electronic device, and computer-readable storage medium disclosed in the present application may be used in the technical field of information security, and may also be used in any field other than the technical field of information security.
The hidden query, also called private information retrieval, means that a query party hides keywords or client ID information of a queried object, and a data service party provides a matched query result but cannot know which query object specifically corresponds to. The data can be calculated without going out, and the possibility of data caching, data leakage and data selling is avoided. The application provides a hidden query method, a system, electronic equipment and a computer readable storage medium based on an RSA algorithm, wherein a data query node receives all queryable information and corresponding public keys sent by a data providing node and generates a random code, a random code is encrypted by the public key corresponding to data to be queried to obtain a ciphertext, the data providing node decrypts the ciphertext by each public key to obtain a corresponding decrypted plaintext, and performs exclusive OR operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive OR code, the data query node performs exclusive OR operation on the random code and each first exclusive OR code to generate a plurality of second exclusive OR codes, and the second exclusive OR codes corresponding to the public key corresponding to the data to be queried are the data to be queried. Any random code is encrypted by adopting the asymmetric key, the encrypted random code is decrypted by adopting all private keys to obtain a corresponding decrypted plaintext, and then exclusive OR operation is carried out on all the decrypted plaintext, corresponding data and random numbers, so that the privacy in the process of secret query is improved.
Based on the above, the present application further provides a hidden query system for implementing the hidden query method provided in one or more embodiments of the present application, where the hidden query system includes a data providing node and a data querying node, the data querying node may be in communication connection with a client device, the client terminal devices may be multiple, and the hidden query system may specifically access the client terminal devices through an application server.
The secret query system comprises a data providing node and a data query node, wherein the data query node can receive information to be queried from client terminal equipment, the data query node receives all queryable information sent by the data providing node and public keys corresponding to the queryable information and generates a random code, the random code is encrypted by the public key corresponding to the data to be queried to obtain a first ciphertext, the data providing node decrypts the first ciphertext by each public key to obtain a corresponding decrypted plaintext, and performs exclusive OR operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive OR code, the data query node performs exclusive OR operation on the random code and each first exclusive OR code to generate a one-to-one corresponding second exclusive OR code, and the second exclusive OR code corresponding to the public key corresponding to the data to be queried is the data to be queried.
It will be appreciated that the client devices may include smart phones, tablet electronic devices, portable computers, desktop computers, Personal Digital Assistants (PDAs), and the like.
The client device may have a communication module (i.e., a communication unit), and may be communicatively connected to a remote server to implement data transmission with the server. For example, the communication unit may send the information to be queried to a server of the data query node, so that the data query node encrypts the random code according to the information to be queried; the communication unit may also transmit the encrypted random code to the data providing node. The communication unit may also receive a first xor-code transmitted by the data providing node. The server may include a single computer device, or may include a server cluster formed by a plurality of servers, or a server structure of a distributed apparatus.
The server and the client device may communicate using any suitable network protocol, including network protocols not yet developed at the filing date of this application. The network protocol may include, for example, a TCP/IP protocol, a UDP/IP protocol, an HTTP protocol, an HTTPS protocol, or the like. Of course, the network Protocol may also include, for example, an RPC Protocol (Remote Procedure Call Protocol), a REST Protocol (Representational State Transfer Protocol), and the like used above the above Protocol.
According to the secret query method, the system, the electronic device and the computer readable storage medium, a data query node receives all queryable information and corresponding public keys sent by a data providing node and generates a random code, the random code is encrypted by the public keys corresponding to data to be queried to obtain ciphertext, the data providing node decrypts the ciphertext by each public key to obtain corresponding decrypted plaintext, and performs exclusive OR operation on each decrypted plaintext and corresponding queryable data to obtain corresponding first exclusive OR codes, the data query node performs exclusive OR operation on the random code and each first exclusive OR code to generate a plurality of second exclusive OR codes, and the second exclusive OR codes corresponding to the public keys corresponding to the data to be queried are the data to be queried. Any random code is encrypted by adopting the asymmetric key, the encrypted random code is decrypted by adopting all private keys to obtain a corresponding decrypted plaintext, and then exclusive OR operation is carried out on all the decrypted plaintext, corresponding data and random numbers, so that the privacy in the process of secret query is improved.
The following embodiments and application examples are specifically and respectively described.
The application provides an embodiment of a secret query method based on RSA algorithm, by the data provide node carries out, the data provide node includes all queriable data, every queriable data and a public private key pair one-to-one, every public private key pair includes a public key and a private key, every queriable data corresponds an identification information, refer to FIG. 1, the secret query method specifically includes the following contents:
step S100: and sending all the identification information and the corresponding public keys to a data query node, wherein the data query node generates a random code, and encrypting the random code by adopting the public key corresponding to the data to be queried to obtain a first ciphertext.
In step 100, each identification information corresponds to a public and private key pair, the public and private key pair is generated by using an RSA asymmetric encryption algorithm, the identification information of all queryable data and corresponding public keys thereof are sent to a data query node, the data query node extracts the public key corresponding to the data to be queried, and a randomly generated random code is encrypted by using the public key to obtain a first ciphertext. For example, the data providing node includes two queryable data D1 and D1, the corresponding identification information is ID1 and ID2, the corresponding public keys are n1, e and n2, e, the corresponding private keys are D1 and D2, respectively, the data providing node sends e, n1, n2, ID1 and ID2 to the data querying node; the data query node randomly selects a random code r, and encrypts the random code r by adopting a public key e, n1 corresponding to the data to be queried to obtain a first ciphertext remod n1, the first ciphertext remod n1 is sent to the data providing node.
The RSA algorithm is a commonly used asymmetric encryption algorithm based on a number theory fact: it is quite easy to multiply two large prime numbers, but it is then extremely difficult to factor their product, so the product can be disclosed as an encryption key, i.e. a public key, and the two large prime numbers combined into a private key. The public key is distributable for anyone to use, the private key is owned by the person, the decryptor for decryption owns the private key, and the public key generated by the private key calculation is distributed to the encryptor. The encryption uses the public key to encrypt and send the ciphertext to the decrypter, which decrypts the ciphertext into plaintext using the private key.
Step S200: and decrypting the first ciphertext by adopting each public key to obtain a corresponding decrypted plaintext, and performing exclusive OR operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive OR code.
It can be understood that, since the data providing node does not know which set of public keys used by the data querying node encrypts the random code, the data providing node needs to decrypt the first ciphertext by using the private keys of all queryable data to obtain corresponding decrypted plaintext, and perform an exclusive or operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive or code. For example, the data providing node uses all private keys d1 and d2 to encrypt the first ciphertext remod n1 to obtain the corresponding decryption result k1 ═ rd1mod n1=r,k2=rd2mod n2, and then the decryption result k1 is rd1mod n1,k2=rd2mod n2 is XORed with the corresponding number queryable data D1 and D2
Figure BDA0003350069690000081
Figure BDA0003350069690000082
E1, E2 are sent to the data query node.
Step S300: and sending all the first exclusive-or codes to the data query node so that the data query node performs exclusive-or operation on the random code and each first exclusive-or code to generate second exclusive-or codes in one-to-one correspondence, wherein the second exclusive-or codes corresponding to the public key corresponding to the data to be queried are the data to be queried.
As can be seen from the above description, in the secret query method provided in this embodiment of the present application, the data query node receives all queryable information and corresponding public keys sent by the data providing node, and generates a random code, encrypts the random code with the public key corresponding to the data to be queried to obtain a ciphertext, decrypts the ciphertext with each public key by the data providing node, obtains a corresponding decrypted plaintext, and performs an exclusive or operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive or code, and the data query node performs an exclusive or operation on the random code and each first exclusive or code to generate a plurality of second exclusive or codes, where the second exclusive or code corresponding to the public key corresponding to the data to be queried is the data. Any random code is encrypted by adopting the asymmetric key, the encrypted random code is decrypted by adopting all private keys to obtain a corresponding decrypted plaintext, and then exclusive OR operation is carried out on all the decrypted plaintext, corresponding data and random numbers, so that the privacy in the process of secret query is improved.
In an embodiment of the suppressed query method provided by the present application, a preferred method for queryable data is provided, where the suppressed query specifically further includes the following contents:
encrypting all the identification information and the corresponding public key by adopting a symmetric key to obtain a second ciphertext;
correspondingly, the step 100 further includes the following steps:
and sending the second ciphertext to a data query node.
It can be understood that, the data providing node encrypts all the identification information and the corresponding public key by using the symmetric key to obtain a second ciphertext, sends the second ciphertext to the data querying node, and the data querying node decrypts the second ciphertext by using the symmetric key to obtain all the identification information and the corresponding public key, for example, the data providing node includes two queriable data D1 and D1, whose corresponding identification information is ID1 and ID2, and whose corresponding public keys are n1, e and n2, e, and whose corresponding private keys are D1 and D2, and the data providing node uses the pair of e, n1, n2, ID1 and ID2 to obtain a second ciphertext, and sends the second ciphertext to the data querying node, and the data querying node decrypts the second ciphertext by using the symmetric key to obtain all the identification information and the corresponding public key, and sends the second ciphertext to the data providing node respectivelyKey balance
Figure BDA0003350069690000092
Encrypting to obtain a second ciphertext E and a symmetric key
Figure BDA0003350069690000091
And obtaining by adopting an SM4 algorithm, and sending the second ciphertext E to the data query node.
The SM4 algorithm is a block cipher algorithm. The packet length is 128 bits, and the key length is also 128 bits. The encryption algorithm and the key expansion algorithm both adopt 32-round nonlinear iteration structures, encryption operation is carried out by taking a word (32 bits) as a unit, and each iteration operation is a round of transformation function F. The SM4 algorithm encryption/decryption algorithm is the same in structure, except that the round keys are used instead, where the decryption round keys are the reverse order of the encryption round keys.
The present application provides an embodiment of a hidden query method based on RSA algorithm, executed by the data query node, see fig. 2, where the hidden query method specifically includes the following contents:
step S400: and receiving all the identification information and the corresponding public key sent by the data providing node.
It can be understood that, after the data query node receives all the identification information and the corresponding public keys sent by the data providing node, the data query node determines the public key corresponding to the data to be queried, for example, the data query node receives all the identification information ID1 and ID2 and the corresponding public keys e, n1 and e, n2 sent by the data providing node, and selects the public key e, n1 corresponding to the data D1 to be queried.
Step S500: and generating a random code, and encrypting the random code by adopting a public key corresponding to the data to be inquired to obtain a first ciphertext.
It can be understood that the data query node arbitrarily selects the random code, encrypts the random code by using the public key corresponding to the data to be queried to obtain a first ciphertext, and sends the first ciphertext to the data providing node. For example, the data query node randomly selects a random code r, and encrypts the random code r by using a public key e, n1 corresponding to the data to be queried to obtain a first ciphertext remod n1, combining the first ciphertext remod n1 is sent to the data providing node.
Step S600: and receiving all first exclusive-or codes sent by the data query node, wherein the data providing node decrypts the first ciphertext by adopting each public key to obtain corresponding decrypted plaintext, and performs exclusive-or operation on each decrypted plaintext and corresponding queryable data to obtain corresponding first exclusive-or codes.
It can be understood that, since the data providing node does not know which set of public keys used by the data querying node encrypts the random code, the data providing node needs to decrypt the first ciphertext by using the private keys of all queryable data to obtain corresponding decrypted plaintext, perform an exclusive-or operation on each decrypted plaintext and corresponding queryable data to obtain corresponding first exclusive-or codes, and send all the first exclusive-or codes to the data querying node. For example, the data providing node uses all private keys d1 and d2 to encrypt the first ciphertext remod n1 to obtain the corresponding decryption result k1 ═ rd1mod n1=r,k2=rd2mod n2, and then the decryption result k1 is rd1mod n1=r,k2=rd2mod n2 is XORed with the corresponding number queryable data D1 and D2
Figure BDA0003350069690000101
The data query node receives all the first exclusive-or codes E1, E2 sent by the data providing node.
Step S700: and respectively carrying out exclusive OR operation on the random code and each first exclusive OR code to generate second exclusive OR codes in one-to-one correspondence, wherein the second exclusive OR codes corresponding to the public keys corresponding to the data to be queried are the data to be queried.
It can be understood that, the data query node performs an exclusive or operation using the previously generated random code and each first exclusive or code to obtain a corresponding second exclusive or code, and the second exclusive or code corresponding to the public key corresponding to the data to be queried is the data to be queried. For example, the data query node is obtained by performing exclusive-or operation on the random codes r and the random codes E1 and E2 respectively
Figure BDA0003350069690000102
The second exclusive-or code R1 corresponds to the public key of the data D1 to be queried, and the data query node extracts data D1 ═ R1 with query.
As can be seen from the above description, in the secret query method provided in this embodiment of the present application, the data query node receives all queryable information and corresponding public keys sent by the data providing node, and generates a random code, encrypts the random code with the public key corresponding to the data to be queried to obtain a ciphertext, decrypts the ciphertext with each public key by the data providing node, obtains a corresponding decrypted plaintext, and performs an exclusive or operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive or code, and the data query node performs an exclusive or operation on the random code and each first exclusive or code to generate a plurality of second exclusive or codes, where the second exclusive or code corresponding to the public key corresponding to the data to be queried is the data. Any random code is encrypted by adopting the asymmetric key, the encrypted random code is decrypted by adopting all private keys to obtain a corresponding decrypted plaintext, and then exclusive OR operation is carried out on all the decrypted plaintext, corresponding data and random numbers, so that the privacy in the process of secret query is improved.
In an embodiment of the confidential query method provided by the present application, a preferred manner of querying data is provided, where the data providing node encrypts all the identification information and the corresponding public key by using a symmetric key to obtain a second ciphertext, and the step S400 further includes the following steps:
step 221: and receiving the second ciphertext sent by the data query node.
It can be understood that, the data providing node encrypts all the identification information and the corresponding public key by using the symmetric key to obtain a second ciphertext, sends the second ciphertext to the data querying node, and the data querying node decrypts the second ciphertext by using the symmetric key to obtain all the identification information and the corresponding public key thereof, for example, the data providing node includes two queryable data D1 and D1, whose corresponding identification information is ID1 and ID2, and whose corresponding public keys are n1, e and n2, e, and whose corresponding private keys are D1 and n 3683, respectivelyd2, the data providing node uses symmetric keys for e, n1, n2, ID1 and ID2
Figure BDA0003350069690000111
Encrypting to obtain a second ciphertext E and a symmetric key
Figure BDA0003350069690000112
And obtaining by adopting an SM4 algorithm, and sending the second ciphertext E to the data query node. The data query node receives the second ciphertext E and adopts the SM4 decryption algorithm
Figure BDA0003350069690000113
And decrypting to determine the public key e, n1 corresponding to the data D1 to be queried.
The application provides an embodiment of a secret query method based on an RSA algorithm, referring to fig. 3, the data providing node includes all queriable data, each queriable data corresponds to a public-private key pair in a one-to-one manner, each public-private key pair includes a public key and a private key, each queriable data corresponds to an identification information, and the secret query method specifically includes the following contents:
step S001: the data providing node sends all the identification information and the corresponding public keys to the data query node;
it can be understood that each identification information corresponds to a public and private key pair in a one-to-one manner, the public and private key pair is generated by adopting an RSA asymmetric encryption algorithm, and the identification information of all queryable data and the corresponding public keys thereof are sent to the data querying node. For example, the data providing node includes two queryable data D1 and D1, the corresponding identification information is ID1 and ID2, the corresponding public keys are n1, e and n2, e, the corresponding private keys are D1 and D2, respectively, and the data providing node sends e, n1, n2, ID1 and ID2 to the data querying node.
Step S002: and the data query node generates a random code, and encrypts the random code by adopting a public key corresponding to the data to be queried to obtain a first ciphertext.
It will be appreciated that the data querying node receives an identification of all queryable data fromAnd extracting a public key corresponding to the data to be inquired from the information and the public key corresponding to the information, and encrypting a random code generated randomly by adopting the public key to obtain a first ciphertext. For example, the data query node randomly selects a random code r, and encrypts the random code r by using a public key e, n1 corresponding to the data to be queried to obtain a first ciphertext remod n1, the first ciphertext remod n1 is sent to the data providing node.
Step S003: the data providing node decrypts the first ciphertext sent by the data query node by adopting each public key to obtain a corresponding decrypted plaintext, and performs exclusive OR operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive OR code.
It can be understood that, since the data providing node does not know which set of public keys used by the data querying node encrypts the random code, the data providing node needs to decrypt the first ciphertext by using the private keys of all queryable data to obtain corresponding decrypted plaintext, and perform an exclusive or operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive or code. For example, the data providing node uses all private keys d1 and d2 to encrypt the first ciphertext remod n1 to obtain the corresponding decryption result k1 ═ rd1mod n1=r,k2=rd2mod n2, and then the decryption result k1 is rd1mod n1,k2=rd2mod n2 is XORed with the corresponding number queryable data D1 and D2
Figure BDA0003350069690000121
Figure BDA0003350069690000122
E1, E2 are sent to the data query node.
Step S004: and the data query node carries out exclusive-or operation on the random code and each first exclusive-or code sent by the data providing node to generate one-to-one corresponding second exclusive-or codes, wherein the second exclusive-or codes corresponding to the public key corresponding to the data to be queried are the data to be queried.
As can be appreciated, data lookupAnd the inquiring node performs exclusive OR operation by using the previously generated random code and each first exclusive OR code to obtain a corresponding second exclusive OR code, wherein the second exclusive OR code corresponding to the public key corresponding to the data to be inquired is the data to be inquired. For example, the data query node is obtained by performing exclusive-or operation on the random codes r and the random codes E1 and E2 respectively
Figure BDA0003350069690000123
The second exclusive-or code R1 corresponds to the public key of the data D1 to be queried, and the data query node extracts data D1 ═ R1 with query.
As can be seen from the above description, in the secret query method provided in this embodiment of the present application, the data query node receives all queryable information and corresponding public keys sent by the data providing node, and generates a random code, encrypts the random code with the public key corresponding to the data to be queried to obtain a ciphertext, decrypts the ciphertext with each public key by the data providing node, obtains a corresponding decrypted plaintext, and performs an exclusive or operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive or code, and the data query node performs an exclusive or operation on the random code and each first exclusive or code to generate a plurality of second exclusive or codes, where the second exclusive or code corresponding to the public key corresponding to the data to be queried is the data. Any random code is encrypted by adopting the asymmetric key, the encrypted random code is decrypted by adopting all private keys to obtain a corresponding decrypted plaintext, and then exclusive OR operation is carried out on all the decrypted plaintext, corresponding data and random numbers, so that the privacy in the process of secret query is improved.
From the aspect of software, in order to solve the problem of privacy of query, an embodiment of the data providing node provided in the present application, referring to fig. 4, includes all queryable data, each queryable data is in one-to-one correspondence with a public and private key pair, each public and private key pair includes a public key and a private key, each queryable data corresponds to an identification information, and the data providing node specifically includes the following contents:
the first data transmission module 10: and sending all the identification information and the corresponding public keys to a data query node, wherein the data query node generates a random code, and encrypting the random code by adopting the public key corresponding to the data to be queried to obtain a first ciphertext.
It can be understood that each identification information corresponds to a public and private key pair, the public and private key pair is generated by adopting an RSA asymmetric encryption algorithm, the first data transmission module 10 sends the identification information of all queryable data and the corresponding public key thereof to the data query node, the data query node extracts the public key corresponding to the data to be queried, and encrypts a randomly generated random code by using the public key to obtain a first ciphertext. For example, the data providing node includes two queryable data D1 and D1, the corresponding identification information is ID1 and ID2, the corresponding public keys are n1, e and n2, e, the corresponding private keys are D1 and D2, respectively, the first data transmission module 10 sends e, n1, n2, ID1 and ID2 to the data querying node; the data query node randomly selects a random code r, and encrypts the random code r by adopting a public key e, n1 corresponding to the data to be queried to obtain a first ciphertext remod n1, the first ciphertext remod n1 is sent to the data providing node. In some specific embodiments, the data providing node encrypts all the identification information and the corresponding public key using a symmetric key to obtain a second ciphertext, sends the second ciphertext to the data querying node, and the data querying node decrypts the second ciphertext using the symmetric key to obtain all the identification information and the corresponding public key, for example, the data providing node uses symmetric keys to encrypt e, n1, n2, ID1, and ID2
Figure BDA0003350069690000131
Encrypting to obtain a second ciphertext E and a symmetric key
Figure BDA0003350069690000132
And obtaining by adopting an SM4 algorithm, and sending the second ciphertext E to the data query node.
The RSA algorithm is a commonly used asymmetric encryption algorithm based on a number theory fact: it is quite easy to multiply two large prime numbers, but it is then extremely difficult to factor their product, so the product can be disclosed as an encryption key, i.e. a public key, and the two large prime numbers combined into a private key. The public key is distributable for anyone to use, the private key is owned by the person, the decryptor for decryption owns the private key, and the public key generated by the private key calculation is distributed to the encryptor. The encryption uses the public key to encrypt and send the ciphertext to the decrypter, which decrypts the ciphertext into plaintext using the private key.
The decryption module 20: and decrypting the first ciphertext by adopting each public key to obtain a corresponding decrypted plaintext, and performing exclusive OR operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive OR code.
It can be understood that, since the data providing node does not know which set of public keys used by the data querying node is used to encrypt the random code, the decryption module 20 needs to decrypt the first ciphertext using the private keys of all queryable data to obtain corresponding decrypted plaintext, and perform an exclusive-or operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive-or code. For example, decryption module 20 uses all private keys d1 and d2 to generate first ciphertext remod n1 to obtain the corresponding decryption result k1 ═ rd1mod n1=r,k2=rd2mod n2, and then the decryption result k1 is rd1mod n1,k2=rd2mod n2 is XORed with the corresponding number queryable data D1 and D2
Figure BDA0003350069690000141
Figure BDA0003350069690000142
E1, E2 are sent to the data query node.
The second data transmission module 30: and sending all the first exclusive-or codes to the data query node so that the data query node performs exclusive-or operation on the random code and each first exclusive-or code to generate second exclusive-or codes in one-to-one correspondence, wherein the second exclusive-or codes corresponding to the public key corresponding to the data to be queried are the data to be queried.
In an embodiment of the data query node provided in the present application, referring to fig. 5, the data query node specifically includes the following contents:
the first data receiving module 40: and receiving all the identification information and the corresponding public key sent by the data providing node.
It can be understood that, after the first data receiving module 40 receives all the identification information and the corresponding public keys sent by the first data transmitting module 10, the first data receiving module 40 determines the public key corresponding to the data to be queried, for example, the first data receiving module 40 receives all the identification information ID1 and ID2 and the corresponding public keys e, n1 and e, n2 sent by the first data transmitting module 10, and selects the public key e, n1 corresponding to the data to be queried D1.
The random code encryption module 50: and generating a random code, and encrypting the random code by adopting a public key corresponding to the data to be inquired to obtain a first ciphertext.
It can be understood that the random code encryption module 50 randomly selects a random code, encrypts the random code by using the public key corresponding to the data to be queried to obtain a first ciphertext, and sends the first ciphertext to the data providing node. For example, the random code encryption module 50 randomly selects the random code r, and encrypts the random code r by using the public key e, n1 corresponding to the data to be queried to obtain the first ciphertext remod n1, the first ciphertext remod n1 is sent to the data providing node.
The second data receiving module 60: and receiving all first exclusive-or codes sent by the data query node, wherein the data providing node decrypts the first ciphertext by adopting each public key to obtain corresponding decrypted plaintext, and performs exclusive-or operation on each decrypted plaintext and corresponding queryable data to obtain corresponding first exclusive-or codes.
It can be understood that, since the data providing node does not know which set of public keys used by the data querying node encrypts the random code, the data providing node needs to decrypt the first ciphertext using the private keys of all queryable data to obtain corresponding decrypted plaintext, and perform an exclusive-or operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive-or code, and the second data receiving module 60 receives all the first exclusive-or codes sent by the second data transmitting module 30 of the data providing node. For exampleThe decryption module 20 of the data providing node uses all the private keys d1 and d2 to decrypt the first ciphertext remod n1 to obtain the corresponding decryption result k1 ═ rd1mod n1=r,k2=rd2mod n2, and then the decryption result k1 is rd1mod n1=r,k2=rd2mod n2 is XORed with the corresponding number queryable data D1 and D2
Figure BDA0003350069690000151
Figure BDA0003350069690000152
The second data receiving module 60 receives all the first exclusive-or codes E1, E2 sent by the data providing node second data transmitting module 30.
The data query module 70: and respectively carrying out exclusive OR operation on the random code and each first exclusive OR code to generate second exclusive OR codes in one-to-one correspondence, wherein the second exclusive OR codes corresponding to the public keys corresponding to the data to be queried are the data to be queried.
It can be understood that, the data querying module 70 performs an exclusive or operation using the previously generated random code and each first exclusive or code to obtain a corresponding second exclusive or code, where the second exclusive or code corresponding to the public key corresponding to the data to be queried is the data to be queried. For example, the data query module 70 performs an exclusive-or operation on the random codes r and the random codes E1 and E2 respectively to obtain
Figure BDA0003350069690000153
The second exclusive-or code R1 corresponds to the public key of the data D1 to be queried, and the data query module 70 extracts data D1 — R1 with query.
In one embodiment of the suppressed query system provided herein, with reference to fig. 6, the suppressed query system comprises: the data query method comprises the following steps that a data providing node and a data query node are arranged;
the data providing node sends all the identification information and the corresponding public keys to the data query node;
it can be understood that each identification information corresponds to a public and private key pair in a one-to-one manner, the public and private key pair is generated by adopting an RSA asymmetric encryption algorithm, and the identification information of all queryable data and the corresponding public keys thereof are sent to the data querying node. For example, the data providing node includes two queryable data D1 and D1, the corresponding identification information is ID1 and ID2, the corresponding public keys are n1, e and n2, e, the corresponding private keys are D1 and D2, respectively, and the data providing node sends e, n1, n2, ID1 and ID2 to the data querying node.
The data query node generates a random code, and encrypts the random code by using a public key corresponding to the data to be queried to obtain a first ciphertext;
it can be understood that, the data query node extracts the public key corresponding to the data to be queried from the received identification information of all the queryable data and the corresponding public keys thereof, and encrypts a randomly generated random code by using the public key to obtain a first ciphertext. For example, the data query node randomly selects a random code r, and encrypts the random code r by using a public key e, n1 corresponding to the data to be queried to obtain a first ciphertext remod n1, the first ciphertext remod n1 is sent to the data providing node.
The data providing node decrypts the first ciphertext by adopting each public key to obtain a corresponding decrypted plaintext, performs exclusive OR operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive OR code, and sends the first exclusive OR code to the data querying node;
it can be understood that, since the data providing node does not know which set of public keys used by the data querying node encrypts the random code, the data providing node needs to decrypt the first ciphertext by using the private keys of all queryable data to obtain corresponding decrypted plaintext, and perform an exclusive or operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive or code. For example, the data providing node uses all private keys d1 and d2 to encrypt the first ciphertext remod n1 to obtain the corresponding decryption result k1 ═ rd1mod n1=r,k2=rd2mod n2, and then the decryption result k1 is rd1mod n1,k2=rd2mod n2 is XORed with the corresponding number queryable data D1 and D2Making
Figure BDA0003350069690000161
Figure BDA0003350069690000162
E1, E2 are sent to the data query node.
The data query node carries out exclusive-or operation on the random code and each first exclusive-or code to generate second exclusive-or codes in one-to-one correspondence, wherein the second exclusive-or codes corresponding to the public key corresponding to the data to be queried are the data to be queried;
the data providing node comprises all queryable data, each queryable data is in one-to-one correspondence with a public and private key pair, each public and private key pair comprises a public key and a private key, and each queryable data corresponds to identification information.
It can be understood that, the data query node performs an exclusive or operation using the previously generated random code and each first exclusive or code to obtain a corresponding second exclusive or code, and the second exclusive or code corresponding to the public key corresponding to the data to be queried is the data to be queried. For example, the data query node is obtained by performing exclusive-or operation on the random codes r and the random codes E1 and E2 respectively
Figure BDA0003350069690000163
The second exclusive-or code R1 corresponds to the public key of the data D1 to be queried, and the data query node extracts data D1 ═ R1 with query.
As can be seen from the above description, in the secret query system provided in this embodiment of the present application, the data query node receives all queryable information and corresponding public keys sent by the data providing node, and generates a random code, encrypts the random code with the public key corresponding to the data to be queried to obtain a ciphertext, decrypts the ciphertext with each public key by the data providing node, obtains a corresponding decrypted plaintext, and performs an exclusive or operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive or code, and the data query node performs an exclusive or operation on the random code and each first exclusive or code to generate a plurality of second exclusive or codes, where the second exclusive or code corresponding to the public key corresponding to the data to be queried is the data. Any random code is encrypted by adopting the asymmetric key, the encrypted random code is decrypted by adopting all private keys to obtain a corresponding decrypted plaintext, and then exclusive OR operation is carried out on all the decrypted plaintext, corresponding data and random numbers, so that the privacy in the process of secret query is improved.
From a hardware level, in order to solve the problem of privacy disclosure of the existing hidden query, the present application provides an embodiment of an electronic device for implementing all or part of the contents in the hidden query method, where the electronic device specifically includes the following contents:
fig. 7 is a schematic block diagram of a system configuration of an electronic device 9600 according to an embodiment of the present application. As shown in fig. 7, the electronic device 9600 can include a central processor 9100 and a memory 9140; the memory 9140 is coupled to the central processor 9100. Notably, this fig. 7 is exemplary; other types of structures may also be used in addition to or in place of the structure to implement telecommunications or other functions.
In one embodiment, the suppressed query function may be integrated into the central processor. Wherein the central processor may be configured to control:
step S001: the data providing node sends all the identification information and the corresponding public keys to the data query node;
it can be understood that each identification information corresponds to a public and private key pair in a one-to-one manner, the public and private key pair is generated by adopting an RSA asymmetric encryption algorithm, and the identification information of all queryable data and the corresponding public keys thereof are sent to the data querying node. For example, the data providing node includes two queryable data D1 and D1, the corresponding identification information is ID1 and ID2, the corresponding public keys are n1, e and n2, e, the corresponding private keys are D1 and D2, respectively, and the data providing node sends e, n1, n2, ID1 and ID2 to the data querying node.
Step S002: and the data query node generates a random code, and encrypts the random code by adopting a public key corresponding to the data to be queried to obtain a first ciphertext.
It will be appreciated that the data query node is fromAnd extracting a public key corresponding to the data to be queried from the received identification information of all the queryable data and the corresponding public keys thereof, and encrypting a random code generated randomly by adopting the public key to obtain a first ciphertext. For example, the data query node randomly selects a random code r, and encrypts the random code r by using a public key e, n1 corresponding to the data to be queried to obtain a first ciphertext remod n1, the first ciphertext remod n1 is sent to the data providing node.
Step S003: the data providing node decrypts the first ciphertext sent by the data query node by adopting each public key to obtain a corresponding decrypted plaintext, and performs exclusive OR operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive OR code.
It can be understood that, since the data providing node does not know which set of public keys used by the data querying node encrypts the random code, the data providing node needs to decrypt the first ciphertext by using the private keys of all queryable data to obtain corresponding decrypted plaintext, and perform an exclusive or operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive or code. For example, the data providing node uses all private keys d1 and d2 to encrypt the first ciphertext remod n1 to obtain the corresponding decryption result k1 ═ rd1mod n1=r,k2=rd2mod n2, and then the decryption result k1 is rd1mod n1,k2=rd2mod n2 is XORed with the corresponding number queryable data D1 and D2
Figure BDA0003350069690000181
Figure BDA0003350069690000182
E1, E2 are sent to the data query node.
Step S004: and the data query node carries out exclusive-or operation on the random code and each first exclusive-or code sent by the data providing node to generate one-to-one corresponding second exclusive-or codes, wherein the second exclusive-or codes corresponding to the public key corresponding to the data to be queried are the data to be queried.
It can be understood that, the data query node performs an exclusive or operation using the previously generated random code and each first exclusive or code to obtain a corresponding second exclusive or code, and the second exclusive or code corresponding to the public key corresponding to the data to be queried is the data to be queried. For example, the data query node is obtained by performing exclusive-or operation on the random codes r and the random codes E1 and E2 respectively
Figure BDA0003350069690000183
The second exclusive-or code R1 corresponds to the public key of the data D1 to be queried, and the data query node extracts data D1 ═ R1 with query.
As can be seen from the above description, in the electronic device provided in this embodiment of the application, the data query node receives all queryable information and corresponding public keys sent by the data providing node, and generates a random code, encrypts the random code with the public key corresponding to the data to be queried to obtain a ciphertext, decrypts the ciphertext with each public key by the data providing node, obtains a corresponding decrypted plaintext, and performs an exclusive or operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive or code, and the data query node performs an exclusive or operation on the random code and each first exclusive or code to generate a plurality of second exclusive or codes, where the second exclusive or code corresponding to the public key corresponding to the data to be queried is the data. Any random code is encrypted by adopting the asymmetric key, the encrypted random code is decrypted by adopting all private keys to obtain a corresponding decrypted plaintext, and then exclusive OR operation is carried out on all the decrypted plaintext, corresponding data and random numbers, so that the privacy in the process of secret query is improved.
In another embodiment, the hidden query system may be configured separately from the central processor 9100, for example, the hidden query system may be configured as a chip connected to the central processor 9100, and the block chain data interaction function is realized by the control of the central processor.
As shown in fig. 7, the electronic device 9600 may further include: a communication module 9110, an input unit 9120, an audio processor 9130, a display 9160, and a power supply 9170. It is noted that the electronic device 9600 also does not necessarily include all of the components shown in fig. 7; further, the electronic device 9600 may further include components not shown in fig. 7, which may be referred to in the art.
As shown in fig. 7, a central processor 9100, sometimes referred to as a controller or operational control, can include a microprocessor or other processor device and/or logic device, which central processor 9100 receives input and controls the operation of the various components of the electronic device 9600.
The memory 9140 can be, for example, one or more of a buffer, a flash memory, a hard drive, a removable media, a volatile memory, a non-volatile memory, or other suitable device. The information relating to the failure may be stored, and a program for executing the information may be stored. And the central processing unit 9100 can execute the program stored in the memory 9140 to realize information storage or processing, or the like.
The input unit 9120 provides input to the central processor 9100. The input unit 9120 is, for example, a key or a touch input device. Power supply 9170 is used to provide power to electronic device 9600. The display 9160 is used for displaying display objects such as images and characters. The display may be, for example, an LCD display, but is not limited thereto.
The memory 9140 can be a solid state memory, e.g., Read Only Memory (ROM), Random Access Memory (RAM), a SIM card, or the like. There may also be a memory that holds information even when power is off, can be selectively erased, and is provided with more data, an example of which is sometimes called an EPROM or the like. The memory 9140 could also be some other type of device. Memory 9140 includes a buffer memory 9141 (sometimes referred to as a buffer). The memory 9140 may include an application/function storage portion 9142, the application/function storage portion 9142 being used for storing application programs and function programs or for executing a flow of operations of the electronic device 9600 by the central processor 9100.
The memory 9140 can also include a data store 9143, the data store 9143 being used to store data, such as contacts, digital data, pictures, sounds, and/or any other data used by an electronic device. The driver storage portion 9144 of the memory 9140 may include various drivers for the electronic device for communication functions and/or for performing other functions of the electronic device (e.g., messaging applications, contact book applications, etc.).
The communication module 9110 is a transmitter/receiver 9110 that transmits and receives signals via an antenna 9111. The communication module (transmitter/receiver) 9110 is coupled to the central processor 9100 to provide input signals and receive output signals, which may be the same as in the case of a conventional mobile communication terminal.
Based on different communication technologies, a plurality of communication modules 9110, such as a cellular network module, a bluetooth module, and/or a wireless local area network module, may be provided in the same electronic device. The communication module (transmitter/receiver) 9110 is also coupled to a speaker 9131 and a microphone 9132 via an audio processor 9130 to provide audio output via the speaker 9131 and receive audio input from the microphone 9132, thereby implementing ordinary telecommunications functions. The audio processor 9130 may include any suitable buffers, decoders, amplifiers and so forth. In addition, the audio processor 9130 is also coupled to the central processor 9100, thereby enabling recording locally through the microphone 9132 and enabling locally stored sounds to be played through the speaker 9131.
An embodiment of the present application further provides a computer-readable storage medium capable of implementing all the steps in the confidential query method in the above embodiment, where the computer-readable storage medium stores a computer program, and the computer program, when executed by a processor, implements all the steps of the confidential query method in which an execution subject in the above embodiment is a server or a client, for example, the processor implements the following steps when executing the computer program:
step S001: the data providing node sends all the identification information and the corresponding public keys to the data query node;
it can be understood that each identification information corresponds to a public and private key pair in a one-to-one manner, the public and private key pair is generated by adopting an RSA asymmetric encryption algorithm, and the identification information of all queryable data and the corresponding public keys thereof are sent to the data querying node. For example, the data providing node includes two queryable data D1 and D1, the corresponding identification information is ID1 and ID2, the corresponding public keys are n1, e and n2, e, the corresponding private keys are D1 and D2, respectively, and the data providing node sends e, n1, n2, ID1 and ID2 to the data querying node.
Step S002: and the data query node generates a random code, and encrypts the random code by adopting a public key corresponding to the data to be queried to obtain a first ciphertext.
It can be understood that, the data query node extracts the public key corresponding to the data to be queried from the received identification information of all the queryable data and the corresponding public keys thereof, and encrypts a randomly generated random code by using the public key to obtain a first ciphertext. For example, the data query node randomly selects a random code r, and encrypts the random code r by using a public key e, n1 corresponding to the data to be queried to obtain a first ciphertext remod n1, the first ciphertext remod n1 is sent to the data providing node.
Step S003: the data providing node decrypts the first ciphertext sent by the data query node by adopting each public key to obtain a corresponding decrypted plaintext, and performs exclusive OR operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive OR code.
It can be understood that, since the data providing node does not know which set of public keys used by the data querying node encrypts the random code, the data providing node needs to decrypt the first ciphertext by using the private keys of all queryable data to obtain corresponding decrypted plaintext, and perform an exclusive or operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive or code. For example, the data providing node uses all private keys d1 and d2 to encrypt the first ciphertext remod n1 to obtain the corresponding decryption result k1 ═ rd1mod n1=r,k2=rd2mod n2, and then the decryption result k1 is rd1mod n1,k2=rd2mod n2 is XORed with the corresponding number queryable data D1 and D2
Figure BDA0003350069690000201
Figure BDA0003350069690000202
E1, E2 are sent to the data query node.
Step S004: and the data query node carries out exclusive-or operation on the random code and each first exclusive-or code sent by the data providing node to generate one-to-one corresponding second exclusive-or codes, wherein the second exclusive-or codes corresponding to the public key corresponding to the data to be queried are the data to be queried.
It can be understood that, the data query node performs an exclusive or operation using the previously generated random code and each first exclusive or code to obtain a corresponding second exclusive or code, and the second exclusive or code corresponding to the public key corresponding to the data to be queried is the data to be queried. For example, the data query node is obtained by performing exclusive-or operation on the random codes r and the random codes E1 and E2 respectively
Figure BDA0003350069690000211
The second exclusive-or code R1 corresponds to the public key of the data D1 to be queried, and the data query node extracts data D1 ═ R1 with query.
As can be seen from the above description, in the computer-readable medium provided in this embodiment of the present application, the data query node receives all queryable information and corresponding public keys sent by the data providing node, and generates a random code, encrypts the random code with the public key corresponding to the data to be queried to obtain a ciphertext, decrypts the ciphertext with each public key by the data providing node, obtains a corresponding decrypted plaintext, and performs an exclusive or operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive or code, and the data query node performs an exclusive or operation on the random code and each first exclusive or code to generate a plurality of second exclusive or codes, where the second exclusive or code corresponding to the public key corresponding to the data to be queried is the data. Any random code is encrypted by adopting the asymmetric key, the encrypted random code is decrypted by adopting all private keys to obtain a corresponding decrypted plaintext, and then exclusive OR operation is carried out on all the decrypted plaintext, corresponding data and random numbers, so that the privacy in the process of secret query is improved.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The principle and the implementation mode of the invention are explained by applying specific embodiments in the invention, and the description of the embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (11)

1. A secret query method based on RSA algorithm, executed by the data providing node, wherein the data providing node includes all queryable data, each queryable data corresponds to a public-private key pair, each public-private key pair includes a public key and a private key, each queryable data corresponds to an identification information, the secret query method comprising:
sending all the identification information and the corresponding public keys to a data query node, wherein the data query node generates a random code, and encrypting the random code by adopting the public key corresponding to the data to be queried to obtain a first ciphertext;
decrypting the first ciphertext by adopting each public key to obtain a corresponding decrypted plaintext, and performing exclusive OR operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive OR code;
and sending all the first exclusive-or codes to the data query node so that the data query node performs exclusive-or operation on the random code and each first exclusive-or code to generate second exclusive-or codes in one-to-one correspondence, wherein the second exclusive-or codes corresponding to the public key corresponding to the data to be queried are the data to be queried.
2. The suppressed query method as defined in claim 1, further comprising:
encrypting all the identification information and the corresponding public key by adopting a symmetric key to obtain a second ciphertext;
correspondingly, sending all the identification information and the corresponding public keys to the data query node, including:
and sending the second ciphertext to a data query node.
3. A hidden query method based on RSA algorithm is characterized in that the hidden query method is executed by the data query node, and comprises the following steps:
receiving all identification information and corresponding public keys sent by a data providing node;
generating a random code, and encrypting the random code by adopting a public key corresponding to data to be inquired to obtain a first ciphertext;
receiving all first exclusive-or codes sent by a data query node, wherein the data providing node decrypts the first ciphertext by adopting each public key to obtain corresponding decrypted plaintext, and performs exclusive-or operation on each decrypted plaintext and corresponding queryable data to obtain corresponding first exclusive-or codes;
and respectively carrying out exclusive OR operation on the random code and each first exclusive OR code to generate second exclusive OR codes in one-to-one correspondence, wherein the second exclusive OR codes corresponding to the public keys corresponding to the data to be queried are the data to be queried.
4. The method as claimed in claim 3, wherein the data providing node encrypts all the identification information and the corresponding public key with a symmetric key to obtain a second ciphertext, and the receiving all the identification information and the corresponding public key sent by the data providing node comprises:
and receiving the second ciphertext sent by the data query node.
5. A secret query method based on RSA algorithm is characterized in that a data providing node comprises all queriable data, each queriable data is in one-to-one correspondence with a public and private key pair, each public and private key pair comprises a public key and a private key, each queriable data corresponds to identification information, and the secret query method comprises the following steps:
the data providing node sends all the identification information and the corresponding public keys to the data query node;
the data query node generates a random code, and encrypts the random code by using a public key corresponding to the data to be queried to obtain a first ciphertext;
the data providing node decrypts the first ciphertext sent by the data query node by adopting each public key to obtain corresponding decrypted plaintext, and performs exclusive OR operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive OR code;
and the data query node carries out exclusive-or operation on the random code and each first exclusive-or code sent by the data providing node to generate one-to-one corresponding second exclusive-or codes, wherein the second exclusive-or codes corresponding to the public key corresponding to the data to be queried are the data to be queried.
6. The suppressed query method as defined in claim 5, further comprising:
encrypting all the identification information and the corresponding public key by adopting a symmetric key to obtain a second ciphertext;
correspondingly, the data providing node sends all the identification information and the corresponding public keys to the data query node, and the method comprises the following steps:
and the data providing node sends the second ciphertext to the data query node.
7. A data providing node, said data providing node comprising a plurality of queryable data, each queryable data corresponding one-to-one to a public-private key pair, each said public-private key pair comprising a public key and a private key, each queryable data corresponding to identification information, said data providing node comprising:
a first data transmission module: sending all the identification information and the corresponding public keys to a data query node, wherein the data query node generates a random code, and encrypting the random code by adopting the public key corresponding to the data to be queried to obtain a first ciphertext;
a decryption module: decrypting the first ciphertext by adopting each public key to obtain a corresponding decrypted plaintext, and performing exclusive OR operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive OR code;
the second data transmission module: and sending all the first exclusive-or codes to the data query node so that the data query node performs exclusive-or operation on the random code and each first exclusive-or code to generate second exclusive-or codes in one-to-one correspondence, wherein the second exclusive-or codes corresponding to the public key corresponding to the data to be queried are the data to be queried.
8. A data query node, comprising:
a first data receiving module: receiving all identification information and corresponding public keys sent by a data providing node;
a random code encryption module: generating a random code, and encrypting the random code by adopting a public key corresponding to data to be inquired to obtain a first ciphertext;
the second data receiving module: receiving all first exclusive-or codes sent by a data query node, wherein the data providing node decrypts the first ciphertext by adopting each public key to obtain corresponding decrypted plaintext, and performs exclusive-or operation on each decrypted plaintext and corresponding queryable data to obtain corresponding first exclusive-or codes;
a data query module: and respectively carrying out exclusive OR operation on the random code and each first exclusive OR code to generate second exclusive OR codes in one-to-one correspondence, wherein the second exclusive OR codes corresponding to the public keys corresponding to the data to be queried are the data to be queried.
9. A system for hidden query based on RSA algorithm, comprising: the data query method comprises the following steps that a data providing node and a data query node are arranged;
the data providing node sends all the identification information and the corresponding public keys to the data query node;
the data query node generates a random code, and encrypts the random code by using a public key corresponding to the data to be queried to obtain a first ciphertext;
the data providing node decrypts the first ciphertext by adopting each public key to obtain a corresponding decrypted plaintext, performs exclusive OR operation on each decrypted plaintext and corresponding queryable data to obtain a corresponding first exclusive OR code, and sends the first exclusive OR code to the data querying node;
the data query node carries out exclusive-or operation on the random code and each first exclusive-or code to generate second exclusive-or codes in one-to-one correspondence, wherein the second exclusive-or codes corresponding to the public key corresponding to the data to be queried are the data to be queried;
the data providing node comprises all queryable data, each queryable data is in one-to-one correspondence with a public and private key pair, each public and private key pair comprises a public key and a private key, and each queryable data corresponds to identification information.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the steps of the silent query method as claimed in any one of claims 1 to 6 are performed by the processor when executing the computer program.
11. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the steps of the suppressed query method as claimed in any one of claims 1 to 6.
CN202111334584.2A 2021-11-11 2021-11-11 RSA algorithm-based secret query method and system Pending CN113987582A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111334584.2A CN113987582A (en) 2021-11-11 2021-11-11 RSA algorithm-based secret query method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111334584.2A CN113987582A (en) 2021-11-11 2021-11-11 RSA algorithm-based secret query method and system

Publications (1)

Publication Number Publication Date
CN113987582A true CN113987582A (en) 2022-01-28

Family

ID=79747987

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111334584.2A Pending CN113987582A (en) 2021-11-11 2021-11-11 RSA algorithm-based secret query method and system

Country Status (1)

Country Link
CN (1) CN113987582A (en)

Similar Documents

Publication Publication Date Title
US10785019B2 (en) Data transmission method and apparatus
US10652736B2 (en) Session protocol for backward security between paired devices
CN111130803B (en) Method, system and device for digital signature
CN104144049B (en) A kind of encryption communication method, system and device
CN113987583A (en) Method and system for hiding query
CN113987584A (en) Method and system for hiding query
JP2016523391A (en) Method and apparatus for encrypting plaintext data
CN105208028A (en) Data transmission method and related device and equipment
WO2017107047A1 (en) User attribute matching method and terminal
CN111935197A (en) Bidding document encryption and decryption method and device
CN111431922A (en) Internet of things data encryption transmission method and system
US9473471B2 (en) Method, apparatus and system for performing proxy transformation
CN111277605B (en) Data sharing method and device, computer equipment and storage medium
CN112534790A (en) Encryption device, communication system and method for exchanging encrypted data in communication network
KR101922965B1 (en) Implicit Certificate Issuing Method and System for Applying Key Expansion
CN116248359A (en) Data transmission system, method and device based on careless transmission protocol
CN114257402B (en) Encryption algorithm determining method, device, computer equipment and storage medium
CN115459909A (en) Key data processing method and device
CN113987582A (en) RSA algorithm-based secret query method and system
US9154471B2 (en) Method and apparatus for unified encrypted messaging
JP2007507146A (en) Data encryption method and apparatus
CN115001733B (en) Data determination method and device, storage medium and terminal
JP2003124919A (en) Cipher communicating apparatus
WO2024024103A1 (en) Network storage for processing cryptographic files while keeping private key secret in key terminal
CN101247219A (en) Main unit and sub-unit of split type terminal, and data transmission method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination