CN114253943A - Method, device, medium and equipment for constructing encrypted database - Google Patents

Method, device, medium and equipment for constructing encrypted database Download PDF

Info

Publication number
CN114253943A
CN114253943A CN202111402632.7A CN202111402632A CN114253943A CN 114253943 A CN114253943 A CN 114253943A CN 202111402632 A CN202111402632 A CN 202111402632A CN 114253943 A CN114253943 A CN 114253943A
Authority
CN
China
Prior art keywords
data
added
trapdoor
keyword
algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111402632.7A
Other languages
Chinese (zh)
Inventor
徐培明
杨祎巍
蒋屹新
陈霖
张宇南
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CSG Electric Power Research Institute
Original Assignee
CSG Electric Power Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CSG Electric Power Research Institute filed Critical CSG Electric Power Research Institute
Priority to CN202111402632.7A priority Critical patent/CN114253943A/en
Publication of CN114253943A publication Critical patent/CN114253943A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • G06F16/211Schema design and management
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Bioethics (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a method, a device, a medium and equipment for constructing an encryption database, wherein the method comprises the following steps: encrypting data by using a symmetric encryption algorithm, encrypting a symmetric key by using a public key encryption algorithm, encrypting and retrieving keywords by using a searchable encryption algorithm, and constructing data adding operation, data query operation and data deletion operation of an encrypted database based on a block chain; the embodiment of the invention can effectively solve the problems of weak security and low reliability of the preposed agent of the encrypted database.

Description

Method, device, medium and equipment for constructing encrypted database
Technical Field
The invention relates to the technical field of computers, in particular to a method, a device, a medium and equipment for constructing an encryption database.
Background
Data is both a resource and a wealth. Under the environment of explosive growth of data caused by rapid development of social informatization networking, protecting important data from being leaked has become a major problem of general attention of the international society. The database is used as an essential tool for large data storage, and has become an indispensable data file cabinet for governments, enterprises and even individuals in various countries, and the safety of the file cabinet is a hot problem for countless researchers.
At present, a pre-proxy and encryption gateway technology is usually adopted for an encryption database, that is, a security proxy service is added before the database, a user accessing the database must pass through the security proxy service, security policies such as data encryption and decryption, access control and the like are realized in the security proxy service, and then the security proxy service realizes data storage through an access interface of the database. The security agent service exists between the client application and the database storage engine and is responsible for completing the encryption and decryption work of data, and the encrypted data is stored in the security agent service. Therefore, the security of the security agent directly affects the data security of the entire encrypted database scheme, and once the security agent is breached or exists and is maliciously utilized, the encrypted database behaves as a dummy. Therefore, it is necessary to research a method for constructing an encrypted database, which can effectively solve the problem of weak security of the pre-proxy.
Disclosure of Invention
The invention provides a method, a device, a medium and equipment for constructing an encryption database, which are used for solving the problem of weak safety of a pre-proxy in the prior art, fully utilize the excellent characteristics of distributed block chains, tamper resistance, repudiation resistance, traceability, safety and credibility, serve as the pre-proxy of the encryption database, can effectively solve the problems of weak safety and low credibility of the pre-proxy of the encryption database, and improve the safety and the credibility of the pre-proxy of the encryption database.
In order to achieve the above object, an embodiment of the present invention provides an encryption database construction method, including:
the operation method for constructing the encryption database comprises data adding operation, data query operation and data deleting operation;
the data adding operation comprises:
when a user adds data to be added to the encrypted database, the user generates a plurality of keywords to be added corresponding to the data to be added; searching relevant data corresponding to the data to be added according to a preset corresponding relation, and encrypting the data to be added and the relevant data by using a randomly generated symmetric key and a symmetric encryption algorithm to obtain a data cipher text to be added; encrypting the symmetric key by using a public key encryption algorithm to obtain a key ciphertext; encrypting each keyword to be increased by utilizing a keyword encryption algorithm capable of searching an encryption algorithm to obtain a keyword ciphertext to be increased; generating a trapdoor to be added corresponding to each keyword to be added by utilizing a trapdoor algorithm capable of searching an encryption algorithm; sending the data cipher text to be added, the key cipher text, the keyword cipher text to be added and the trapdoor to be added to a block chain, and calling a first intelligent contract;
when the block chain receives the data cipher text to be added, the key cipher text, the keyword cipher text to be added and the trapdoor to be added, the first intelligent contract sends the data cipher text to be added and the key cipher text to the encryption database, the encryption database inserts the data cipher text to be added and the key cipher text into the encryption database, and returns data { id } corresponding to the data to be added; after the first intelligent contract receives the data { id }, the first intelligent contract traverses each trapdoor pair ciphertext, and searches back from the latest first block data in the block chain by using a search algorithm of a searchable encryption algorithm to finish the data adding operation; each trapdoor pair ciphertext comprises a keyword ciphertext to be added and a trapdoor to be added, wherein the keyword ciphertext to be added corresponds to the keyword to be added;
the data query operation comprises:
when a user retrieves keywords to be queried, generating trapdoors to be queried corresponding to the keywords to be queried by utilizing a trapdoor algorithm capable of searching an encryption algorithm, sending the trapdoors to be queried to a block chain, and calling a second intelligent contract;
when the blockchain receives the trapdoor to be queried, the second intelligent contract utilizes a searching algorithm of a searchable encryption algorithm to retrieve the latest second blockdata in the blockchain back to obtain the encrypted data corresponding to the keyword to be queried;
after a user receives encrypted data, decrypting a key ciphertext by using a private key generated by the user to obtain a symmetric key, and decrypting the encrypted data by using the symmetric key to obtain original data;
the data deletion operation comprises:
when a user deletes data to be deleted in the encrypted database, sending the id corresponding to the data to be deleted to a block chain, and calling a third intelligent contract;
and when the block chain receives the id corresponding to the data to be deleted, the third intelligent contract reads the encrypted database and deletes the data to be deleted.
As an improvement of the above solution, the searchable encryption algorithm includes: a keyword encryption algorithm, a trapdoor algorithm and a search algorithm;
wherein three finite cyclic groups G of order prime q are selected1,G2And GTAnd bilinear mapping e: G1×G2→GTG1, wherein any two elements G and h satisfy the condition that G belongs to G1,h∈G2Any two integers x and y satisfy e (g)x,hy)=e(g,h)xy∈GT
Randomly selecting an integer skseAs a private key of a searchable encryption algorithm, randomly selecting G e G1One-way hash function h → GTThen, for any keyword w:
the keyword encryption algorithm comprises the following steps:
Figure BDA0003371293360000031
wherein r is an integer selected randomly;
the trapdoor algorithm comprises:
Figure BDA0003371293360000032
wherein r' is an integer selected randomly;
the search algorithm comprises:
e(Tr1',C2')?=e(Tr1',Tr2') represents judgment e (Tr)1',C2') and e (Tr)1',Tr2') is equal, if equal, the block data matches the trapdoor successfully.
As an improvement of the above solution, after the first intelligent contract receives the data { id }, the first intelligent contract traverses each trapdoor pair ciphertext, and searches back from the latest first block data in the block chain by using a search algorithm of a searchable encryption algorithm to end the data addition operation, including:
after the first intelligent contract receives the data { id }, the first intelligent contract traverses each trapdoor pair cipher text, retrieves back from the latest first chunk data in the blockchain using a search algorithm of the searchable encryption algorithm:
when the retrieved first block data is successfully matched with the trapdoor to be added, reading the first block data, inserting the data { id } into the first block data to obtain new first block data, uploading the new first block data to a block chain again, and ending the retrieval;
when the first block data and the trapdoor to be added are searched and not matched successfully, uploading block data consisting of newly generated key word ciphertext to be added and the data { id } to a block chain;
and when all the trapdoor pair ciphertexts are traversed, ending the data adding operation.
As an improvement of the above solution, when the blockchain receives the trapdoor to be queried, the second intelligent contract uses a search algorithm of a searchable encryption algorithm to retrieve the latest second blockchain data in the blockchain back to obtain the encrypted data corresponding to the keyword to be queried, including:
when a blockchain receives the trapdoor to be queried, the second smart contract retrieves back from the second newest blockdata in the blockchain using a search algorithm of the searchable encryption algorithm:
when the retrieved second block data is successfully matched with the trapdoor to be inquired, reading the second block data, inquiring the encrypted data corresponding to the id of the second block data from the encrypted database, and returning the encrypted data to a user; if any encrypted data corresponding to the id of the second block data does not exist, deleting the id from the second block data to obtain new second block data, and uploading the new second block data to the block chain again;
and when the second block data is not successfully matched with the trapdoor to be queried, returning no retrieval content to the user.
As an improvement of the above scheme, the finding out the related data corresponding to the data to be added according to a preset corresponding relationship, and encrypting the data to be added and the related data by using a randomly generated symmetric key and a symmetric encryption algorithm to obtain a ciphertext of the data to be added includes:
and searching each line of data where the data to be added is located according to a preset corresponding relation, and encrypting the data to be added and each line of data by using a randomly generated symmetric key and a symmetric encryption algorithm to obtain a data cipher text to be added.
In order to achieve the above object, an embodiment of the present invention further provides a method including: a controller;
the controller is configured to: data adding operation, data inquiring operation and data deleting operation;
the data adding operation comprises:
when a user adds data to be added to the encrypted database, the user generates a plurality of keywords to be added corresponding to the data to be added; searching relevant data corresponding to the data to be added according to a preset corresponding relation, and encrypting the data to be added and the relevant data by using a randomly generated symmetric key and a symmetric encryption algorithm to obtain a data cipher text to be added; encrypting the symmetric key by using a public key encryption algorithm to obtain a key ciphertext; encrypting each keyword to be increased by utilizing a keyword encryption algorithm capable of searching an encryption algorithm to obtain a keyword ciphertext to be increased; generating a trapdoor to be added corresponding to each keyword to be added by utilizing a trapdoor algorithm capable of searching an encryption algorithm; sending the data cipher text to be added, the key cipher text, the keyword cipher text to be added and the trapdoor to be added to a block chain, and calling a first intelligent contract;
when the block chain receives the data cipher text to be added, the key cipher text, the keyword cipher text to be added and the trapdoor to be added, the first intelligent contract sends the data cipher text to be added and the key cipher text to the encryption database, the encryption database inserts the data cipher text to be added and the key cipher text into the encryption database, and returns data { id } corresponding to the data to be added; after the first intelligent contract receives the data { id }, the first intelligent contract traverses each trapdoor pair ciphertext, and searches back from the latest first block data in the block chain by using a search algorithm of a searchable encryption algorithm to finish the data adding operation; each trapdoor pair ciphertext comprises a keyword ciphertext to be added and a trapdoor to be added, wherein the keyword ciphertext to be added corresponds to the keyword to be added;
the data query operation comprises:
when a user retrieves keywords to be queried, generating trapdoors to be queried corresponding to the keywords to be queried by utilizing a trapdoor algorithm capable of searching an encryption algorithm, sending the trapdoors to be queried to a block chain, and calling a second intelligent contract;
when the blockchain receives the trapdoor to be queried, the second intelligent contract utilizes a searching algorithm of a searchable encryption algorithm to retrieve the latest second blockdata in the blockchain back to obtain the encrypted data corresponding to the keyword to be queried;
after a user receives encrypted data, decrypting a key ciphertext by using a private key generated by the user to obtain a symmetric key, and decrypting the encrypted data by using the symmetric key to obtain original data;
the data deletion operation comprises:
when a user deletes data to be deleted in the encrypted database, sending the id corresponding to the data to be deleted to a block chain, and calling a third intelligent contract;
and when the block chain receives the id corresponding to the data to be deleted, the third intelligent contract reads the encrypted database and deletes the data to be deleted.
As an improvement of the above solution, the searchable encryption algorithm includes: a keyword encryption algorithm, a trapdoor algorithm and a search algorithm;
wherein three finite cyclic groups G of order prime q are selected1,G2And GTAnd bilinear mapping e: G1×G2→GTG1, wherein any two elements G and h satisfy the condition that G belongs to G1,h∈G2Any two integers x and y satisfy e (g)x,hy)=e(g,h)xy∈GT
Randomly selecting an integer skseAs a private key of a searchable encryption algorithm, randomly selecting G e G1One-way hash function h → GTThen, for any keyword w:
the keyword encryption algorithm comprises the following steps:
Figure BDA0003371293360000061
wherein r is an integer selected randomly;
the trapdoor algorithm comprises:
Figure BDA0003371293360000062
wherein r' is an integer selected randomly;
the search algorithm comprises:
e(Tr1',C2')?=e(Tr1',Tr2') represents judgment e (Tr)1',C2') and e (Tr)1',Tr2') is equal, if equal, the block data matches the trapdoor successfully.
As an improvement of the above scheme, the finding out the related data corresponding to the data to be added according to a preset corresponding relationship, and encrypting the data to be added and the related data by using a randomly generated symmetric key and a symmetric encryption algorithm to obtain a ciphertext of the data to be added includes:
and searching each line of data where the data to be added is located according to a preset corresponding relation, and encrypting the data to be added and each line of data by using a randomly generated symmetric key and a symmetric encryption algorithm to obtain a data cipher text to be added.
To achieve the above object, an embodiment of the present invention further provides a computer-readable storage medium, which includes a stored computer program; wherein the computer program, when running, controls the device on which the computer-readable storage medium is located to execute the encryption database construction method as described above.
To achieve the above object, an embodiment of the present invention further provides an encrypted database construction device, including a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, where the processor implements the encrypted database construction method as described above when executing the computer program.
Compared with the prior art, the encryption database construction method, the device, the medium and the equipment provided by the embodiment of the invention construct the encryption database based on the block chain, and the block chain is used as the front-end proxy of the encryption database, so that the problems of weak security and low reliability of the front-end proxy of the encryption database can be effectively solved, and the security and the reliability of the front-end proxy of the encryption database are improved. Furthermore, the embodiment of the invention fully utilizes the searchable encryption algorithm, and can solve the problem of low retrieval efficiency of the encrypted database, so that the embodiment of the invention integrates the preposed agent and the application layer reconstruction technology, can improve the security of the encrypted database, effectively solves the problem of weak security of the preposed agent, and simultaneously improves the retrieval efficiency.
Drawings
Fig. 1 is a flowchart of an encryption database construction method according to an embodiment of the present invention;
fig. 2 is a block diagram of an encrypted database construction device according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a flowchart of an encrypted database construction method provided in an embodiment of the present invention, where the encrypted database construction method includes:
the operation method for constructing the encryption database comprises a data adding operation S1, a data querying operation S2 and a data deleting operation S3;
the data adding operation S1 includes:
s11, when the user adds the data to be added in the encrypted database, the user generates a plurality of keywords to be added corresponding to the data to be added; searching relevant data corresponding to the data to be added according to a preset corresponding relation, and encrypting the data to be added and the relevant data by using a randomly generated symmetric key and a symmetric encryption algorithm to obtain a data cipher text to be added; encrypting the symmetric key by using a public key encryption algorithm to obtain a key ciphertext; encrypting each keyword to be increased by utilizing a keyword encryption algorithm capable of searching an encryption algorithm to obtain a keyword ciphertext to be increased; generating a trapdoor to be added corresponding to each keyword to be added by utilizing a trapdoor algorithm capable of searching an encryption algorithm; sending the data cipher text to be added, the key cipher text, the keyword cipher text to be added and the trapdoor to be added to a block chain, and calling a first intelligent contract;
s12, when a block chain receives the data cipher text to be added, the key cipher text, the key word cipher text to be added and the trapdoor to be added, the first intelligent contract sends the data cipher text to be added and the key cipher text to the encryption database, the encryption database inserts the data cipher text to be added and the key cipher text into the encryption database, and returns data { id } corresponding to the data to be added; after the first intelligent contract receives the data { id }, the first intelligent contract traverses each trapdoor pair ciphertext, and searches back from the latest first block data in the block chain by using a search algorithm of a searchable encryption algorithm to finish the data adding operation; each trapdoor pair ciphertext comprises a keyword ciphertext to be added and a trapdoor to be added, wherein the keyword ciphertext to be added corresponds to the keyword to be added;
the data query operation S2 includes:
s21, when a user retrieves a keyword to be queried, generating a trapdoor to be queried corresponding to the keyword to be queried by using a trapdoor algorithm capable of searching an encryption algorithm, sending the trapdoor to be queried to a block chain, and calling a second intelligent contract;
s22, when the trapdoor to be queried is received by the block link, the second intelligent contract utilizes the searching algorithm of the searchable encryption algorithm to retrieve the latest second block data in the block chain back to obtain the encrypted data corresponding to the keyword to be queried;
s23, after the user receives the encrypted data, decrypting the key ciphertext by using a private key generated by the user to obtain a symmetric key, and decrypting the encrypted data by using the symmetric key to obtain original data;
the data deleting operation S3 includes:
s31, when the user deletes the data to be deleted in the encrypted database, sending the id corresponding to the data to be deleted to a block chain, and calling a third intelligent contract;
and S32, when the block chain receives the id corresponding to the data to be deleted, the third intelligent contract reads the encrypted database and deletes the data to be deleted.
It should be noted that, in the embodiment of the present invention, a symmetric encryption algorithm (Enc) is usedsys,Decsys) Encrypting the data using a public key encryption algorithm (Enc)pub,Decpub) Encrypting the symmetric key using a searchable encryption algorithm (Enc)seTrap, Search) encrypts and retrieves the keywords; wherein EncsysAn encryption algorithm, Dec, representing a symmetric encryption algorithmsysDecryption Algorithm, Enc, representing a symmetric encryption AlgorithmpubAn encryption algorithm, Dec, representing a public key encryption algorithmpubDecryption algorithm, Enc, representing a public key encryption algorithmseA keyword encryption algorithm representing a searchable encryption algorithm, Trapdoor algorithm representing a searchable encryption algorithm, and Search represents a searchable encryption algorithm.
And the user firstly generates { pk, sk } as a public key and a private key of a public key encryption algorithm; { SkseAs the private key of the searchable encryption algorithm.
Specifically, the searchable encryption algorithm includes: a keyword encryption algorithm, a trapdoor algorithm and a search algorithm;
wherein three finite cyclic groups G of order prime q are selected1,G2And GTAnd bilinear mapping e: G1×G2→GTG1, wherein any two elements G and h satisfy the condition that G belongs to G1,h∈G2Any two integers x and y satisfy e (g)x,hy)=e(g,h)xy∈GT
Randomly selecting an integer skseAs a private key of a searchable encryption algorithm, randomly selecting G e G1One-way hash function h → GTThen toAny keyword w:
the keyword encryption algorithm comprises the following steps:
Figure BDA0003371293360000091
wherein r is an integer selected randomly;
the trapdoor algorithm comprises:
Figure BDA0003371293360000101
wherein r' is an integer selected randomly;
the search algorithm comprises:
e(Tr1',C2')?=e(Tr1',Tr2') represents judgment e (Tr)1',C2') and e (Tr)1',Tr2') is equal, if equal, the block data matches the trapdoor successfully.
It will be appreciated that the keyword ciphertext C consists of C1'、C2' two parts, trapdoor Tr consists of Tr1'、Tr2' two parts.
Specifically, the searching for the related data corresponding to the data to be added according to the preset corresponding relationship and encrypting the data to be added and the related data by using a randomly generated symmetric key and a symmetric encryption algorithm to obtain a ciphertext of the data to be added includes:
and searching each line of data where the data to be added is located according to a preset corresponding relation, and encrypting the data to be added and each line of data by using a randomly generated symmetric key and a symmetric encryption algorithm to obtain a data cipher text to be added.
Specifically, after the first intelligent contract receives the data { id }, the first intelligent contract traverses each trapdoor pair ciphertext, and searches back from the latest first block data in the block chain by using a search algorithm of a searchable encryption algorithm to finish the data addition operation, and the method comprises the following steps:
after the first intelligent contract receives the data { id }, the first intelligent contract traverses each trapdoor pair cipher text, retrieves back from the latest first chunk data in the blockchain using a search algorithm of the searchable encryption algorithm:
when the retrieved first block data is successfully matched with the trapdoor to be added, reading the first block data, inserting the data { id } into the first block data to obtain new first block data, uploading the new first block data to a block chain again, and ending the retrieval;
when the first block data and the trapdoor to be added are searched and not matched successfully, uploading block data consisting of newly generated key word ciphertext to be added and the data { id } to a block chain;
and when all the trapdoor pair ciphertexts are traversed, ending the data adding operation.
In one embodiment, the data adding operation includes:
the user: when a row of data (namely the data to be added) is added to the encrypted database, a user firstly generates a plurality of keywords to be added { w ] corresponding to the row of data1,w2,...,wn}; then randomly generating a symmetric key { sksysEncrypting each line of data of the line of data by using a symmetric key to obtain a data ciphertext { c } to be added; then, the symmetric key { sk ] is paired by using a public key encryption algorithmsysThe key is encrypted to obtain a key ciphertext (C)sk}; then, all the keywords to be added are encrypted by utilizing the keyword encryption algorithm capable of searching the encryption algorithm to obtain a ciphertext { C of the keywords to be added1,C2,...,CnAnd then, utilizing a trapdoor algorithm capable of searching an encryption algorithm to produce a trapdoor to be added { Tr) corresponding to the keyword to be added1,Tr2,...,Trn}; finally, the user adds the data cipher text { C } and the key cipher text { C } to be addedsk}, ciphertext of keyword to be added { C1,C2,., Cn and trapdoor to be added Tr1,Tr2,...,TrnSending the contract to a block chain, and calling a first intelligent contract; it will be appreciated that the first intelligent approximate numberAccording to the intelligent contract of the operation, the function of data increase can be realized;
block chains: when receiving user data added to be added data cipher text { C }, cipher key cipher text { C }sk}, ciphertext of keyword to be added { C1,C2,...,CnAnd trapdoor to be added { Tr }1,Tr2,...,TrnWhen the first intelligent contract is started, the first intelligent contract directly sends the ciphertext { C, C }skSending the data to an encryption database, and returning data { id } corresponding to the row of data by the encryption database; after the first intelligent contract receives the data { id }, the first intelligent contract traverses the trapdoor pair ciphertext { C) of each keyword to be added1,Tr1Retrieving the latest first chunk data from the chunk chain back using a searchable encryption search algorithm:
firstly, when the first block data and the trap door T to be added are searchedr1And when the matching is successful, reading the first block data to obtain first block data { C: id1、id2、...、idmAnd inserting the data { id } into the first block data to obtain new first block data { C: id1、id2、...、idmId, new first block data { C: id1、id2、...、idmId, upload block chain again, and finish searching; it can be understood that the first block data in this step is composed of the key words C and id to be added1、id2、...、idmThe new first block data is composed of new key word cryptographs C and id to be added1、id2、...、idmAnd id;
when the first block data and the trapdoor T to be added are searchedr1And when the matching is not successful, the block data { C } formed by the newly generated key word ciphertext to be added and the data { id } is: id is uploaded to the blockchain. It can be understood that the keyword ciphertext C to be added in this step is not necessarily linked to the keyword ciphertext C to be added in the above step r, and both represent the newly generated keyword ciphertext to be added.
And after traversing and searching all the keywords to be added, ending the data adding operation.
It can be understood that step (i) and step (ii) are parallel, step (i) refers to retrieving the first block data that matches in the block chain; step two, the first block data which is not matched is searched by traversing the block chain.
Specifically, when the trapdoor to be queried is received by the block link, the second intelligent contract retrieves the latest second block data in the block chain back by using the search algorithm of the searchable encryption algorithm to obtain the encrypted data corresponding to the keyword to be queried, including:
when a blockchain receives the trapdoor to be queried, the second smart contract retrieves back from the second newest blockdata in the blockchain using a search algorithm of the searchable encryption algorithm:
when the retrieved second block data is successfully matched with the trapdoor to be inquired, reading the second block data, inquiring the encrypted data corresponding to the id of the second block data from the encrypted database, and returning the encrypted data to a user; if any encrypted data corresponding to the id of the second block data does not exist, deleting the id from the second block data to obtain new second block data, and uploading the new second block data to the block chain again;
and when the second block data is not successfully matched with the trapdoor to be queried, returning no retrieval content to the user.
In a specific embodiment, the data query operation includes:
the user: when a user needs to retrieve a keyword w to be queried, generating a trapdoor Tr to be queried corresponding to the keyword w to be queried by using a trapdoor algorithm capable of searching an encryption algorithm, and sending the trapdoor Tr to be queried to a block chain and a second intelligent contract; it is understood that the second intelligent contract is an intelligent contract of the data query operation, and can realize the function of data query;
block chains: when receiving the trapdoor Tr to be queried, the second intelligent contract utilizes a searchable encryption search algorithm to retrieve back from the newest second block data of the block chain:
when the second block data is successfully matched with the trapdoor Tr to be inquired, reading the second block data, and obtaining the second block data to obtain { C: id1、id2、...、idmInquiring the encryption database to obtain id1, id2mEncrypting data (namely encrypted data) by a corresponding line, and returning the encrypted data by the line to the user; if id1, id2,. and id appearmIn the case where the line encryption data corresponding to any one id does not exist, the second block data { C: id1、id2、...、idmAnd deleting the nonexistent id to obtain new second block data, and then uploading the second block data to the block chain again. It can be understood that the second block data in this step is composed of the ciphertext C and id of the keyword to be added1、id2、...、idmComposition, cryptographs C and id of the keywords to be added in the step1、id2、...、idmAnd the step in the previous embodiment (i) cryptographs C and id of the keywords to be added to the first block data1、id2、...、idmAnd the key word cryptograph and the corresponding id are only represented without necessarily being connected.
And when the second block data is not successfully matched with the trapdoor Tr to be inquired, returning no retrieval content to the user.
The user: after receiving the encrypted data, the user firstly decrypts the key ciphertext by using the private key sk to obtain a symmetric key, and then decrypts the encrypted data by using the symmetric key to obtain the original data.
In a specific embodiment, the data deleting operation includes:
the user: when a user needs to delete the row data of a certain id (namely, the data to be deleted), sending the corresponding id to the block chain, and calling a third intelligent contract; it can be understood that the third intelligent contract is an intelligent contract for data deletion operation, and can realize the function of data deletion;
block chains: and directly reading the encrypted database by the third intelligent contract, and directly deleting the row data corresponding to the id.
According to the encrypted database construction method provided by the embodiment of the invention, the encrypted database is constructed based on the block chain, and the block chain is used as the front proxy of the encrypted database, so that the problems of weak security and low reliability of the front proxy of the encrypted database can be effectively solved. Therefore, the embodiment of the invention integrates the preposed agent and the application layer transformation technology, can improve the security of the encrypted database, effectively solves the problem of weak safety of the preposed agent, and simultaneously improves the retrieval efficiency.
The embodiment of the invention provides an encryption database construction device, which comprises: a controller;
the controller is configured to: data adding operation, data inquiring operation and data deleting operation;
the data adding operation comprises:
when a user adds data to be added to the encrypted database, the user generates a plurality of keywords to be added corresponding to the data to be added; searching relevant data corresponding to the data to be added according to a preset corresponding relation, and encrypting the data to be added and the relevant data by using a randomly generated symmetric key and a symmetric encryption algorithm to obtain a data cipher text to be added; encrypting the symmetric key by using a public key encryption algorithm to obtain a key ciphertext; encrypting each keyword to be increased by utilizing a keyword encryption algorithm capable of searching an encryption algorithm to obtain a keyword ciphertext to be increased; generating a trapdoor to be added corresponding to each keyword to be added by utilizing a trapdoor algorithm capable of searching an encryption algorithm; sending the data cipher text to be added, the key cipher text, the keyword cipher text to be added and the trapdoor to be added to a block chain, and calling a first intelligent contract;
when the block chain receives the data cipher text to be added, the key cipher text, the keyword cipher text to be added and the trapdoor to be added, the first intelligent contract sends the data cipher text to be added and the key cipher text to the encryption database, the encryption database inserts the data cipher text to be added and the key cipher text into the encryption database, and returns data { id } corresponding to the data to be added; after the first intelligent contract receives the data { id }, the first intelligent contract traverses each trapdoor pair ciphertext, and searches back from the latest first block data in the block chain by using a search algorithm of a searchable encryption algorithm to finish the data adding operation; each trapdoor pair ciphertext comprises a keyword ciphertext to be added and a trapdoor to be added, wherein the keyword ciphertext to be added corresponds to the keyword to be added;
the data query operation comprises:
when a user retrieves keywords to be queried, generating trapdoors to be queried corresponding to the keywords to be queried by utilizing a trapdoor algorithm capable of searching an encryption algorithm, sending the trapdoors to be queried to a block chain, and calling a second intelligent contract;
when the blockchain receives the trapdoor to be queried, the second intelligent contract utilizes a searching algorithm of a searchable encryption algorithm to retrieve the latest second blockdata in the blockchain back to obtain the encrypted data corresponding to the keyword to be queried;
after a user receives encrypted data, decrypting a key ciphertext by using a private key generated by the user to obtain a symmetric key, and decrypting the encrypted data by using the symmetric key to obtain original data;
the data deletion operation comprises:
when a user deletes data to be deleted in the encrypted database, sending the id corresponding to the data to be deleted to a block chain, and calling a third intelligent contract;
and when the block chain receives the id corresponding to the data to be deleted, the third intelligent contract reads the encrypted database and deletes the data to be deleted.
Preferably, the searchable encryption algorithm comprises: a keyword encryption algorithm, a trapdoor algorithm and a search algorithm;
wherein three finite cyclic groups G of order prime q are selected1,G2And GTAnd bilinear mapping e: G1×G2→GTG1, wherein any two elements G and h satisfy the condition that G belongs to G1,h∈G2Any two integers x and y satisfy e (g)x,hy)=e(g,h)xy∈GT
Randomly selecting an integer skseAs a private key of a searchable encryption algorithm, randomly selecting G e G1One-way hash function h → GTThen, for any keyword w:
the keyword encryption algorithm comprises the following steps:
Figure BDA0003371293360000151
wherein r is an integer selected randomly;
the trapdoor algorithm comprises:
Figure BDA0003371293360000152
wherein r' is an integer selected randomly;
the search algorithm comprises:
e(Tr1,C2)?=e(Tr1,Tr2) Denotes judgment e (Tr)1,C2) And e (Tr)1,Tr2) And if so, successfully matching the block data with the trap door.
Preferably, after the first intelligent contract receives the data { id }, the first intelligent contract traverses each trapdoor pair ciphertext, and retrieves the latest first block data in the block chain back by using a search algorithm of a searchable encryption algorithm to end the data addition operation, including:
after the first intelligent contract receives the data { id }, the first intelligent contract traverses each trapdoor pair cipher text, retrieves back from the latest first chunk data in the blockchain using a search algorithm of the searchable encryption algorithm:
when the retrieved first block data is successfully matched with the trapdoor to be added, reading the first block data, inserting the data { id } into the first block data to obtain new first block data, uploading the new first block data to a block chain again, and ending the retrieval;
when the first block data and the trapdoor to be added are searched and not matched successfully, uploading block data consisting of newly generated key word ciphertext to be added and the data { id } to a block chain;
and when all the trapdoor pair ciphertexts are traversed, ending the data adding operation.
Preferably, when the trapdoor to be queried is received by the block link, the second intelligent contract retrieves the latest second block data in the block chain back by using a search algorithm of the searchable encryption algorithm to obtain the encrypted data corresponding to the keyword to be queried, including:
when a blockchain receives the trapdoor to be queried, the second smart contract retrieves back from the second newest blockdata in the blockchain using a search algorithm of the searchable encryption algorithm:
when the retrieved second block data is successfully matched with the trapdoor to be inquired, reading the second block data, inquiring the encrypted data corresponding to the id of the second block data from the encrypted database, and returning the encrypted data to a user; if any encrypted data corresponding to the id of the second block data does not exist, deleting the id from the second block data to obtain new second block data, and uploading the new second block data to the block chain again;
and when the second block data is not successfully matched with the trapdoor to be queried, returning no retrieval content to the user.
Preferably, the searching for the related data corresponding to the data to be added according to the preset corresponding relationship, and encrypting the data to be added and the related data by using a randomly generated symmetric key and a symmetric encryption algorithm to obtain a ciphertext of the data to be added includes:
and searching each line of data where the data to be added is located according to a preset corresponding relation, and encrypting the data to be added and each line of data by using a randomly generated symmetric key and a symmetric encryption algorithm to obtain a data cipher text to be added.
It should be noted that, in the working process of the encrypted database construction apparatus according to the embodiment of the present invention, reference may be made to the working process of the encrypted database construction method according to the above embodiment, which is not described herein again.
An embodiment of the present invention provides a computer-readable storage medium, which includes a stored computer program; wherein, when running, the computer program controls the device on which the computer-readable storage medium is located to execute the encryption database construction method according to any of the above embodiments.
Referring to fig. 2, fig. 2 is a block diagram of an encrypted database construction apparatus 20 according to an embodiment of the present invention, where the encrypted database construction apparatus 20 includes: a processor 21, a memory 22 and a computer program stored in said memory 22 and executable on said processor 21. The processor 21 implements the steps in the above-described embodiment of the encryption database construction method when executing the computer program. Alternatively, the processor 21 implements the functions of the modules/units in the above-described device embodiments when executing the computer program.
Illustratively, the computer program may be divided into one or more modules/units, which are stored in the memory 22 and executed by the processor 21 to accomplish the present invention. The one or more modules/units may be a series of computer program instruction segments capable of performing specific functions, which are used to describe the execution process of the computer program in the encrypted database construction apparatus 20.
The encryption database construction device 20 may be a desktop computer, a notebook, a palm computer, a cloud server, or other computing devices. The encryption database construction apparatus 20 may include, but is not limited to, a processor 21 and a memory 22. It will be appreciated by those skilled in the art that the schematic diagram is merely an example of the encrypted database construction apparatus 20, and does not constitute a limitation of the encrypted database construction apparatus 20, and may include more or less components than those shown, or combine some components, or different components, for example, the encrypted database construction apparatus 20 may further include an input-output device, a network access device, a bus, etc.
The Processor 21 may be a Central Processing Unit (CPU), other general purpose Processor, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a Field Programmable Gate Array (FPGA) or other Programmable logic device, discrete Gate or transistor logic device, discrete hardware component, or the like. The general purpose processor may be a microprocessor or the processor may be any conventional processor or the like, and the processor 21 is a control center of the encryption database construction apparatus 20, and various interfaces and lines are used to connect various parts of the entire encryption database construction apparatus 20.
The memory 22 may be used to store the computer programs and/or modules, and the processor 21 implements various functions of the encrypted database construction apparatus 20 by running or executing the computer programs and/or modules stored in the memory 22 and calling data stored in the memory 22. The memory 22 may mainly include a program storage area and a data storage area, wherein the program storage area may store an operating system, an application program required by at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may store data (such as audio data, a phonebook, etc.) created according to the use of the cellular phone, and the like. In addition, the memory 22 may include high speed random access memory, and may also include non-volatile memory, such as a hard disk, a memory, a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), at least one magnetic disk storage device, a Flash memory device, or other volatile solid state storage device.
Wherein, the module/unit integrated by the encryption database construction device 20 can be stored in a computer readable storage medium if it is implemented in the form of software functional unit and sold or used as a stand-alone product. Based on such understanding, all or part of the flow of the method according to the above embodiments may be implemented by a computer program, which may be stored in a computer readable storage medium and used by the processor 21 to implement the steps of the above embodiments of the method. Wherein the computer program comprises computer program code, which may be in the form of source code, object code, an executable file or some intermediate form, etc. The computer-readable medium may include: any entity or device capable of carrying the computer program code, recording medium, usb disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM), Random Access Memory (RAM), electrical carrier wave signals, telecommunications signals, software distribution medium, and the like.
It should be noted that the above-described device embodiments are merely illustrative, where the units described as separate parts may or may not be physically separate, and the parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. In addition, in the drawings of the embodiment of the apparatus provided by the present invention, the connection relationship between the modules indicates that there is a communication connection between them, and may be specifically implemented as one or more communication buses or signal lines. One of ordinary skill in the art can understand and implement it without inventive effort.
While the foregoing is directed to the preferred embodiment of the present invention, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention.

Claims (10)

1. An encryption database construction method, comprising:
the operation method for constructing the encryption database comprises data adding operation, data query operation and data deleting operation;
the data adding operation comprises:
when a user adds data to be added to the encrypted database, the user generates a plurality of keywords to be added corresponding to the data to be added; searching relevant data corresponding to the data to be added according to a preset corresponding relation, and encrypting the data to be added and the relevant data by using a randomly generated symmetric key and a symmetric encryption algorithm to obtain a data cipher text to be added; encrypting the symmetric key by using a public key encryption algorithm to obtain a key ciphertext; encrypting each keyword to be increased by utilizing a keyword encryption algorithm capable of searching an encryption algorithm to obtain a keyword ciphertext to be increased; generating a trapdoor to be added corresponding to each keyword to be added by utilizing a trapdoor algorithm capable of searching an encryption algorithm; sending the data cipher text to be added, the key cipher text, the keyword cipher text to be added and the trapdoor to be added to a block chain, and calling a first intelligent contract;
when the block chain receives the data cipher text to be added, the key cipher text, the keyword cipher text to be added and the trapdoor to be added, the first intelligent contract sends the data cipher text to be added and the key cipher text to the encryption database, the encryption database inserts the data cipher text to be added and the key cipher text into the encryption database, and returns data { id } corresponding to the data to be added; after the first intelligent contract receives the data { id }, the first intelligent contract traverses each trapdoor pair ciphertext, and searches back from the latest first block data in the block chain by using a search algorithm of a searchable encryption algorithm to finish the data adding operation; each trapdoor pair ciphertext comprises a keyword ciphertext to be added and a trapdoor to be added, wherein the keyword ciphertext to be added corresponds to the keyword to be added;
the data query operation comprises:
when a user retrieves keywords to be queried, generating trapdoors to be queried corresponding to the keywords to be queried by utilizing a trapdoor algorithm capable of searching an encryption algorithm, sending the trapdoors to be queried to a block chain, and calling a second intelligent contract;
when the blockchain receives the trapdoor to be queried, the second intelligent contract utilizes a searching algorithm of a searchable encryption algorithm to retrieve the latest second blockdata in the blockchain back to obtain the encrypted data corresponding to the keyword to be queried;
after a user receives encrypted data, decrypting a key ciphertext by using a private key generated by the user to obtain a symmetric key, and decrypting the encrypted data by using the symmetric key to obtain original data;
the data deletion operation comprises:
when a user deletes data to be deleted in the encrypted database, sending the id corresponding to the data to be deleted to a block chain, and calling a third intelligent contract;
and when the block chain receives the id corresponding to the data to be deleted, the third intelligent contract reads the encrypted database and deletes the data to be deleted.
2. The encryption database construction method according to claim 1, wherein the searchable encryption algorithm includes: a keyword encryption algorithm, a trapdoor algorithm and a search algorithm;
wherein three finite cyclic groups G of order prime q are selected1,G2And GTAnd bilinear mapping e: G1×G2→GTG1, wherein any two elements G and h satisfy the condition that G belongs to G1,h∈G2Any two integers x and y satisfy e (g)x,hy)=e(g,h)xy∈GT
Randomly selecting an integer sksePrivate key as searchable encryption algorithmRandomly selecting G e G1One-way hash function h → GTThen, for any keyword w:
the keyword encryption algorithm comprises the following steps:
Figure FDA0003371293350000021
wherein r is an integer selected randomly;
the trapdoor algorithm comprises:
Figure FDA0003371293350000022
wherein r' is an integer selected randomly;
the search algorithm comprises:
e(Tr1',C2')?=e(Tr1',Tr2') represents judgment e (Tr)1',C2') and e (Tr)1',Tr2') is equal, if equal, the block data matches the trapdoor successfully.
3. The method of claim 1, wherein said first intelligent contract, upon receiving said data { id } by said first intelligent contract, traverses each trapdoor pair cipher text and retrieves back from the newest first chunk data in the blockchain using a search algorithm of the searchable encryption algorithm to end said data addition operation, comprising:
after the first intelligent contract receives the data { id }, the first intelligent contract traverses each trapdoor pair cipher text, retrieves back from the latest first chunk data in the blockchain using a search algorithm of the searchable encryption algorithm:
when the retrieved first block data is successfully matched with the trapdoor to be added, reading the first block data, inserting the data { id } into the first block data to obtain new first block data, uploading the new first block data to a block chain again, and ending the retrieval;
when the first block data and the trapdoor to be added are searched and not matched successfully, uploading block data consisting of newly generated key word ciphertext to be added and the data { id } to a block chain;
and when all the trapdoor pair ciphertexts are traversed, ending the data adding operation.
4. The method for constructing an encrypted database according to claim 1, wherein when the blockchain receives the trapdoor to be queried, the second intelligent contract retrieves the latest second blockchain data in the blockchain back by using a search algorithm of a searchable encryption algorithm to obtain the encrypted data corresponding to the keyword to be queried, comprising:
when a blockchain receives the trapdoor to be queried, the second smart contract retrieves back from the second newest blockdata in the blockchain using a search algorithm of the searchable encryption algorithm:
when the retrieved second block data is successfully matched with the trapdoor to be inquired, reading the second block data, inquiring the encrypted data corresponding to the id of the second block data from the encrypted database, and returning the encrypted data to a user; if any encrypted data corresponding to the id of the second block data does not exist, deleting the id from the second block data to obtain new second block data, and uploading the new second block data to the block chain again;
and when the second block data is not successfully matched with the trapdoor to be queried, returning no retrieval content to the user.
5. The method for constructing an encrypted database according to claim 1, wherein the searching for the related data corresponding to the data to be added according to the preset corresponding relationship and encrypting the data to be added and the related data by using a randomly generated symmetric key and a symmetric encryption algorithm to obtain a ciphertext of the data to be added comprises:
and searching each line of data where the data to be added is located according to a preset corresponding relation, and encrypting the data to be added and each line of data by using a randomly generated symmetric key and a symmetric encryption algorithm to obtain a data cipher text to be added.
6. An encryption database construction apparatus, comprising: a controller;
the controller is configured to: data adding operation, data inquiring operation and data deleting operation;
the data adding operation comprises:
when a user adds data to be added to the encrypted database, the user generates a plurality of keywords to be added corresponding to the data to be added; searching relevant data corresponding to the data to be added according to a preset corresponding relation, and encrypting the data to be added and the relevant data by using a randomly generated symmetric key and a symmetric encryption algorithm to obtain a data cipher text to be added; encrypting the symmetric key by using a public key encryption algorithm to obtain a key ciphertext; encrypting each keyword to be increased by utilizing a keyword encryption algorithm capable of searching an encryption algorithm to obtain a keyword ciphertext to be increased; generating a trapdoor to be added corresponding to each keyword to be added by utilizing a trapdoor algorithm capable of searching an encryption algorithm; sending the data cipher text to be added, the key cipher text, the keyword cipher text to be added and the trapdoor to be added to a block chain, and calling a first intelligent contract;
when the block chain receives the data cipher text to be added, the key cipher text, the keyword cipher text to be added and the trapdoor to be added, the first intelligent contract sends the data cipher text to be added and the key cipher text to the encryption database, the encryption database inserts the data cipher text to be added and the key cipher text into the encryption database, and returns data { id } corresponding to the data to be added; after the first intelligent contract receives the data { id }, the first intelligent contract traverses each trapdoor pair ciphertext, and searches back from the latest first block data in the block chain by using a search algorithm of a searchable encryption algorithm to finish the data adding operation; each trapdoor pair ciphertext comprises a keyword ciphertext to be added and a trapdoor to be added, wherein the keyword ciphertext to be added corresponds to the keyword to be added;
the data query operation comprises:
when a user retrieves keywords to be queried, generating trapdoors to be queried corresponding to the keywords to be queried by utilizing a trapdoor algorithm capable of searching an encryption algorithm, sending the trapdoors to be queried to a block chain, and calling a second intelligent contract;
when the blockchain receives the trapdoor to be queried, the second intelligent contract utilizes a searching algorithm of a searchable encryption algorithm to retrieve the latest second blockdata in the blockchain back to obtain the encrypted data corresponding to the keyword to be queried;
after a user receives encrypted data, decrypting a key ciphertext by using a private key generated by the user to obtain a symmetric key, and decrypting the encrypted data by using the symmetric key to obtain original data;
the data deletion operation comprises:
when a user deletes data to be deleted in the encrypted database, sending the id corresponding to the data to be deleted to a block chain, and calling a third intelligent contract;
and when the block chain receives the id corresponding to the data to be deleted, the third intelligent contract reads the encrypted database and deletes the data to be deleted.
7. The encryption database construction apparatus according to claim 6, wherein the searchable encryption algorithm includes: a keyword encryption algorithm, a trapdoor algorithm and a search algorithm;
wherein three finite cyclic groups G of order prime q are selected1,G2And GTAnd bilinear mapping e: G1×G2→GTG1, wherein any two elements G and h satisfy the condition that G belongs to G1,h∈G2Any two integers x and y satisfy e (g)x,hy)=e(g,h)xy∈GT
Randomly selecting an integer skseAs searchable encryption algorithmsThe private key is randomly selected G E G1One-way hash function h → GTThen, for any keyword w:
the keyword encryption algorithm comprises the following steps:
Figure FDA0003371293350000061
wherein r is an integer selected randomly;
the trapdoor algorithm comprises:
Figure FDA0003371293350000062
wherein r' is an integer selected randomly;
the search algorithm comprises:
e(Tr1',C2')?=e(Tr1',Tr2') represents judgment e (Tr)1',C2') and e (Tr)1',Tr2') is equal, if equal, the block data matches the trapdoor successfully.
8. The encrypted database construction device according to claim 6, wherein the searching for the relevant data corresponding to the data to be added according to the preset correspondence, and encrypting the data to be added and the relevant data by using a randomly generated symmetric key and a symmetric encryption algorithm to obtain a ciphertext of the data to be added comprises:
and searching each line of data where the data to be added is located according to a preset corresponding relation, and encrypting the data to be added and each line of data by using a randomly generated symmetric key and a symmetric encryption algorithm to obtain a data cipher text to be added.
9. A computer-readable storage medium, characterized in that the computer-readable storage medium comprises a stored computer program; wherein the computer program, when running, controls the device in which the computer-readable storage medium is located to perform the encryption database construction method according to any one of claims 1 to 5.
10. An encrypted database construction apparatus comprising a processor, a memory, and a computer program stored in the memory and configured to be executed by the processor, the processor implementing the encrypted database construction method according to any one of claims 1 to 5 when executing the computer program.
CN202111402632.7A 2021-11-24 2021-11-24 Method, device, medium and equipment for constructing encrypted database Pending CN114253943A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111402632.7A CN114253943A (en) 2021-11-24 2021-11-24 Method, device, medium and equipment for constructing encrypted database

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111402632.7A CN114253943A (en) 2021-11-24 2021-11-24 Method, device, medium and equipment for constructing encrypted database

Publications (1)

Publication Number Publication Date
CN114253943A true CN114253943A (en) 2022-03-29

Family

ID=80793209

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111402632.7A Pending CN114253943A (en) 2021-11-24 2021-11-24 Method, device, medium and equipment for constructing encrypted database

Country Status (1)

Country Link
CN (1) CN114253943A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116388970A (en) * 2023-03-03 2023-07-04 京信数据科技有限公司 Centralized cloud computing implementation method and device based on multiparty data

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116388970A (en) * 2023-03-03 2023-07-04 京信数据科技有限公司 Centralized cloud computing implementation method and device based on multiparty data
CN116388970B (en) * 2023-03-03 2023-11-28 京信数据科技有限公司 Centralized cloud computing implementation method and device based on multiparty data

Similar Documents

Publication Publication Date Title
Yuan et al. Secure cloud data deduplication with efficient re-encryption
CN109493017B (en) Trusted outsourcing storage method based on block chain
Wang et al. Achieving usable and privacy-assured similarity search over outsourced cloud data
Salam et al. Implementation of searchable symmetric encryption for privacy-preserving keyword search on cloud storage
Zhu et al. A novel verifiable and dynamic fuzzy keyword search scheme over encrypted data in cloud computing
WO2018122287A1 (en) Method and system for search pattern oblivious dynamic symmetric searchable encryption
Ren et al. Toward secure and effective data utilization in public cloud
CN112328606B (en) Keyword searchable encryption method based on block chain
CN114048448A (en) Block chain based dynamic searchable encryption method and device
Wang et al. Towards secure and effective utilization over encrypted cloud data
CN108038128A (en) A kind of search method, system, terminal device and storage medium for encrypting file
CN109213731B (en) Multi-keyword ciphertext retrieval method based on iterative encryption in cloud environment
CN114253943A (en) Method, device, medium and equipment for constructing encrypted database
Zou et al. A Data Sorting and Searching Scheme Based on Distributed Asymmetric Searchable Encryption.
Ti et al. Benchmarking dynamic searchable symmetric encryption scheme for cloud-internet of things applications
Elizabeth et al. Verifiable top-k searchable encryption for cloud data
WO2023019762A1 (en) Storage and similarity retrieval methods and apparatuses for encrypted document, device, and medium
Zhang Semantic-based searchable encryption in cloud: issues and challenges
Al-Sakran et al. Efficient Cryptographic Technique for Securing and Accessing Outsourced Data
Sun et al. Research of data security model in cloud computing platform for SMEs
Barde et al. Secured multiple-keyword search over Encrypted Cloud Data
Kale et al. A survey on different techniques for encrypted cloud data
Ferreira et al. Searching private data in a cloud encrypted domain
Mu et al. Encrypted data retrieval scheme based on bloom filter
Kamini et al. Encrypted multi-keyword ranked search supporting gram based search technique

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination