CN114519064A - Data query method, device and storage medium - Google Patents
Data query method, device and storage medium Download PDFInfo
- Publication number
- CN114519064A CN114519064A CN202210038169.0A CN202210038169A CN114519064A CN 114519064 A CN114519064 A CN 114519064A CN 202210038169 A CN202210038169 A CN 202210038169A CN 114519064 A CN114519064 A CN 114519064A
- Authority
- CN
- China
- Prior art keywords
- secret
- random numbers
- query
- data
- result
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
- G06F16/2433—Query languages
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/27—Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Mathematical Physics (AREA)
- Computational Linguistics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a data query method, a data query device and a storage medium, wherein the method comprises the following steps: determining a ciphertext calculation file based on the acquired query statement information; sending the ciphertext calculation file and the determined first group of local secret random numbers of the local data to the cooperative node, and receiving a first group of partner secret random numbers fed back by the cooperative node in response to the ciphertext calculation file; based on the ciphertext calculation file, determining a first secret result by utilizing a second group of predicted local secret random numbers and a first group of partner secret random numbers and combining a secret sharing form conversion strategy; receiving a second secret result fed back by the cooperative node, and determining a query result by combining the first secret result and the second secret result; the second secret result and the first set of partner secret random numbers are determined by the partner node based on the ciphertext computation file. The scheme improves the efficiency of determining the query result.
Description
Technical Field
The embodiment of the invention relates to the technical field of internet and computers, in particular to a data query method, a data query device and a storage medium.
Background
In the related art, the inquiring party has a relational data table RAThe partner has a relationship data table RB。RA、RBThe inquiring party wants to complete some statistical inquiring operations which cannot be realized under the condition of a single party by using data tables of both parties, but the data held by the inquiring party is very private and cannot leave the local place. The current general technical means is that an inquiring party inquires a preset data parameter from a partner through a written back-end code, and then a final inquiry result is calculated by combining a fixed secret sharing mode. However, the early preparation time of the process of writing the back-end code is long, so that the inquiring party needs to wait, and the calculation efficiency of the fixed secret sharing mode is low, thereby causing the efficiency of determining the inquiry result to be low.
Disclosure of Invention
The data query method, the data query device and the storage medium provided by the embodiment of the invention can improve the efficiency of determining the query result.
The technical scheme of the invention is realized as follows:
the embodiment of the invention provides a data query method, which is applied to a query node and comprises the following steps:
determining a ciphertext calculation file based on the acquired query statement information;
sending the ciphertext computing file and the determined first group of local secret random numbers of the local data to a cooperative node, and receiving a first group of partner secret random numbers fed back by the cooperative node in response to the ciphertext computing file;
based on the ciphertext calculation file, determining a first secret result by utilizing a second group of predicted local secret random numbers and the first group of partner secret random numbers and combining a secret sharing form conversion strategy; the first group of local secret random numbers and the second group of local secret random numbers are two groups of random numbers obtained by splitting the local data according to the preset secret sharing mode;
receiving a second secret result fed back by the cooperative node, and determining a query result by combining the first secret result and the second secret result; the second secret result and the first set of partner secret random numbers are determined by the partner node based on the ciphertext computation file.
In the foregoing solution, the determining a ciphertext computation file based on the obtained query statement information includes:
forming a query list by analyzing the query statement information through grammar; the query list includes: a conditional query identifier, a query source data identifier, and a plurality of computation operation identifiers;
determining the condition query identifier, the query source data identifier, the plurality of calculation operation identifiers and corresponding preset code templates respectively;
and converting the query list into a query code by using the preset code template, and compiling the query code to form the ciphertext computing file.
In the foregoing solution, before determining the ciphertext computation file based on the obtained query statement information, the method further includes:
acquiring the query statement information; the query statement information is written by the user according to the predicted data structure of the local data and the partner data.
In the foregoing solution, the predetermined secret sharing manner includes: arithmetic sharing;
before the sending the ciphertext computation file and the determined first set of local secret random numbers of the local data to the cooperative node and receiving the first set of partner secret random numbers fed back by the cooperative node in response to the ciphertext computation file, the method further includes:
compiling the local data into a plurality of random numbers in the form of arithmetic sharing;
dividing the plurality of random numbers into two groups to obtain the first group of local secret random numbers and the second group of local secret random numbers.
In the above scheme, the determining, based on the ciphertext calculation file, a first secret result by using a second set of predicted local secret random numbers and the first set of secret random numbers of the partner in combination with a secret sharing form conversion policy includes:
running the ciphertext computing file, and solving a random number intersection of the second group of local secret random numbers and the first group of partner secret random numbers according to a preset attribute; the predetermined attribute is a data attribute contained in the local data and the partner data;
converting the random number in the random number intersection into data in a circuit form of the Yao to obtain an intermediate data set;
performing connection calculation operation on the intermediate data set to obtain a first intermediate data set, and recovering the number of data in the first intermediate data set to the number in the intermediate data set to obtain a second intermediate data set;
and sequencing or removing the duplicate of the second intermediate data set to obtain the first secret result.
In the foregoing scheme, the determining, based on the ciphertext computation file, a first secret result by using a second group of predicted local secret random numbers and the first group of partner secret random numbers and combining a secret sharing form conversion policy includes:
and running the ciphertext computing file, and performing a plurality of computing operations by using the second group of local secret random numbers and the first group of partner secret random numbers and combining a secret sharing form conversion strategy to obtain a first secret result.
In the above solution, the plurality of calculation operations includes k calculation operations; k is a positive integer greater than 1;
the obtaining the first secret result by performing a plurality of calculation operations by using the second group of local secret random numbers and the first group of partner secret random numbers in combination with a secret sharing form conversion policy, includes:
performing 1 st calculation operation on the second group of local secret random numbers and the first group of partner secret random numbers, and converting a calculation result into a2 nd calculation operation matched first random number set in a secret sharing mode;
and performing the 2 nd calculation operation on the first random number set, converting the calculation result into a second random number set in a secret sharing mode matched with the 3 rd calculation operation, and stopping the calculation until the k-th calculation operation is performed on the k-1 th random number set to obtain the first secret result.
In the foregoing solution, the receiving a second secret result fed back by the cooperative node, and determining a query result by combining the first secret result and the second secret result includes:
combining the first secret result and the second secret result to obtain an intermediate secret result;
and decrypting the intermediate secret result to obtain the query result.
The embodiment of the invention also provides a data query method, which is applied to the cooperative node and comprises the following steps:
receiving a ciphertext calculation file and a first group of local secret random numbers sent by a query node; the ciphertext calculation file is determined by the query node based on the acquired query statement information;
responding to the ciphertext calculation file, determining a first group of partner secret random numbers corresponding to partner data, and feeding back the first group of partner secret random numbers to the query node;
determining a second secret result by utilizing a secret random number of a second group of partners and the first group of local secret random numbers and combining a secret sharing form conversion strategy; the first group of partner secret random numbers and the second group of partner secret random numbers are two groups of random numbers obtained by splitting the partner data according to the preset secret sharing mode;
and feeding back the second secret result to the query node, so that the query node determines a query result according to the second secret result and the determined first secret result.
In the above scheme, the determining, in response to the ciphertext computation file, a first set of partner secret random numbers corresponding to partner data includes:
responding to the ciphertext calculation file, and determining the partner data in a database;
determining the first set of partner secret random numbers based on the partner data.
In the above solution, the determining the data of the partner in a database in response to the ciphertext computation file includes:
analyzing the ciphertext calculation file to obtain a condition query identifier and a query source data identifier;
determining the partner data in a database based on the conditional query identifier and the query source data identifier.
In the above solution, the determining the first set of partner secret random numbers based on the partner data includes:
compiling the partner data into a plurality of partner random numbers in the form of the arithmetic sharing;
dividing the plurality of partner random numbers into two groups to obtain the first group of partner secret random numbers and the second group of partner secret random numbers.
An embodiment of the present invention further provides a data query device, applied to a query node, including:
the determining unit is used for determining a ciphertext calculation file based on the acquired query statement information;
a first receiving unit, configured to send the ciphertext computation file and the first set of local secret random numbers of the determined local data to a cooperative node, and receive a first set of partner secret random numbers fed back by the cooperative node in response to the ciphertext computation file;
the determining unit is further configured to determine a first secret result by using a second group of predicted local secret random numbers and the first group of partner secret random numbers based on the ciphertext calculation file and combining a secret sharing form conversion strategy; the first group of local secret random numbers and the second group of local secret random numbers are two groups of random numbers obtained by splitting the local data according to the preset secret sharing mode;
the determining unit is further configured to receive a second secret result fed back by the cooperative node, and determine a query result by combining the first secret result and the second secret result; the second secret result and the first set of partner secret random numbers are determined by the partner node based on the ciphertext computation file.
The embodiment of the invention also provides a data query device, which is applied to the cooperative node and comprises the following steps:
the second receiving unit is used for receiving the ciphertext calculation file and the first group of local secret random numbers sent by the query node; the ciphertext calculation file is determined by the query node based on the acquired query statement information;
the response unit is used for responding to the ciphertext calculation file, determining a first group of partner secret random numbers corresponding to partner data, and feeding back the first group of partner secret random numbers to the query node;
the response unit is further configured to determine a second secret result by using the secret random number of the second group of partners and the first group of local secret random numbers in combination with a secret sharing form conversion policy; the first group of partner secret random numbers and the second group of partner secret random numbers are two groups of random numbers obtained by splitting the partner data according to the preset secret sharing mode;
and the feedback unit is used for feeding the second secret result back to the query node, so that the query node determines a query result according to the second secret result and the determined first secret result.
The embodiment of the invention also provides a data query device, which comprises a first memory and a first processor, wherein the first memory stores a computer program capable of running on the first processor, and the first processor executes the computer program to realize the steps of the method on the query node side.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, which, when executed by a first processor, implements the steps in the method on the query node side.
The embodiment of the invention also provides a data query device, which comprises a second memory and a second processor, wherein the second memory stores a computer program capable of running on the second processor, and the second processor executes the computer program to realize the steps of the method on the cooperative node side.
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, which, when executed by the second processor, implements the steps in the method on the cooperative node side.
In the embodiment of the invention, a ciphertext calculation file is determined based on the acquired query statement information; sending the ciphertext calculation file and the determined first group of local secret random numbers of the local data to the cooperative node, and receiving a first group of partner secret random numbers fed back by the cooperative node in response to the ciphertext calculation file; based on the ciphertext calculation file, determining a first secret result by utilizing a second group of predicted local secret random numbers and a first group of partner secret random numbers and combining a secret sharing form conversion strategy; the first group of local secret random numbers and the second group of local secret random numbers are two groups of random numbers obtained by splitting local data according to a preset secret sharing mode; receiving a second secret result fed back by the cooperative node, and determining a query result by combining the first secret result and the second secret result; the second secret result and the first set of partner secret random numbers are determined by the partner node based on the ciphertext computation file. According to the scheme, the ciphertext calculation file can be determined by utilizing the query sentence information to perform data query, the preparation time is short, and the secret sharing form conversion strategy is utilized, so that the secret sharing forms can be mutually converted, the calculation efficiency is improved, and the efficiency of determining the query result is improved.
Drawings
Fig. 1 is a schematic flow chart of an alternative data query method according to an embodiment of the present invention;
fig. 2 is a schematic diagram illustrating an optional effect of the data query method according to the embodiment of the present invention;
fig. 3 is an alternative flow chart of a data query method according to an embodiment of the present invention;
fig. 4 is an alternative flow chart of the data query method according to the embodiment of the present invention;
fig. 5 is an alternative flow chart of a data query method according to an embodiment of the present invention;
fig. 6 is a schematic diagram illustrating an optional effect of the data query method according to the embodiment of the present invention;
fig. 7 is an alternative flow chart of a data query method according to an embodiment of the present invention;
FIG. 8 is a schematic flow chart of an alternative data query method according to an embodiment of the present invention;
fig. 9 is an alternative flow chart of a data query method according to an embodiment of the present invention;
FIG. 10 is an interaction diagram of a data query method according to an embodiment of the present invention;
fig. 11 is a first schematic structural diagram of a data query apparatus according to an embodiment of the present invention;
fig. 12 is a first diagram illustrating a hardware entity of the data query apparatus according to the embodiment of the present invention;
fig. 13 is a schematic structural diagram of a data query apparatus according to an embodiment of the present invention;
fig. 14 is a hardware entity diagram of a data query apparatus according to an embodiment of the present invention.
Detailed Description
Fig. 1 is an optional flowchart of a data query method according to an embodiment of the present invention, which will be described with reference to the steps shown in fig. 1.
S101, determining a ciphertext calculation file based on the acquired query statement information.
In the embodiment of the invention, the query node determines the ciphertext calculation file based on the acquired query statement information.
In the embodiment of the invention, a user firstly writes query statement information according to the data structure of the local data of the query node and the data structure of the partner data of the partner node. Wherein the data structure of the partner data is pre-acquired. And the user inputs the query sentence information through the human-computer interaction equipment of the query node. And the query node analyzes and compiles the query statement information to obtain a ciphertext calculation file.
In the embodiment of the present invention, the Query statement information may be Structured Query Language (SQL). The ciphertext Computation file may be an executable file that a Secure Multi-Party Computation (MPC) may process.
In the embodiment of the invention, the inquiry node and the cooperation node can be a server, a terminal or a mobile terminal.
In the embodiment of the invention, the user of the query node writes the SQL statement according to the data structures of the disclosed local data and the partner data and the service to be queried. The query node acquires the SQL statement, and an SQL parsing and compiling module configured by the query node parses the input SQL statement to form a corresponding Token list (the Token list comprises Token identifier objects such as Join, Aggregate and the like). And combining the query node with a pre-compiled code template to generate a corresponding back-end code so as to form a ciphertext calculation file.
S102, sending the ciphertext calculation file and the first group of local secret random numbers of the determined local data to the cooperative node, and receiving the first group of partner secret random numbers fed back by the cooperative node in response to the ciphertext calculation file.
In the embodiment of the invention, the inquiry node sends the ciphertext calculation file and the first group of local secret random numbers of the determined local data to the cooperative node, and receives the first group of partner secret random numbers fed back by the cooperative node in response to the ciphertext calculation file.
In the embodiment of the invention, the query node determines two groups of random numbers in a preset secret sharing mode corresponding to local data according to the local data: a first set of local secret random numbers and a second set of local secret random numbers. And the query node sends the ciphertext calculation file and the first group of local secret random numbers to the cooperative node. And the cooperative node determines the data of the cooperative party in the database according to the ciphertext calculation file, and determines a first group of secret random numbers of the cooperative party and a second group of secret random numbers of the cooperative party in a preset secret sharing mode according to the data of the cooperative party. The cooperating node sends the first set of secret random numbers to the querying node.
In the embodiment of the invention, the predetermined secret sharing mode can be any one of arithmetic sharing, Boolean sharing and a Yao circuit.
Illustratively, in conjunction with fig. 2, the SQL statements obtained by the query node 100 form corresponding ciphertext computation files through the SQL parsing and compiling module 103. At the same time, the query node extracts local data in the first database 104. The query node 100 performs data reading encryption on the local data to obtain a first set of local secret random numbers and a second set of local secret random numbers in a predetermined secret sharing mode. The query node 100 transmits the first local secret random number and the ciphertext calculation file to the cooperative node 101. The partner node 101 parses the ciphertext computation file, extracts partner data in the second database 105, and encrypts to form a first set of partner secret random numbers and a second set of partner secret random numbers. The cooperator node 101 sends a first set of cooperator secret random numbers to the enquiring node 100.
In this embodiment of the present invention, the first set of local secret random numbers, the second set of local secret random numbers, the first set of partner secret random numbers, and the second set of partner secret random numbers may all be a set of numbers.
S103, based on the ciphertext calculation file, a first secret result is determined by utilizing the second group of predicted local secret random numbers and the first group of partner secret random numbers and combining a secret sharing form conversion strategy.
In the embodiment of the invention, the query node determines a first secret result by using a second group of predicted local secret random numbers and a first group of partner secret random numbers based on a ciphertext computing file and combining a secret sharing form conversion strategy. The first group of local secret random numbers and the second group of local secret random numbers are two groups of random numbers obtained by splitting local data according to a preset secret sharing mode.
In the embodiment of the invention, the query node runs the ciphertext calculation file, and performs a plurality of calculation operations by using the second group of local secret random numbers and the first group of partner secret random numbers and combining a conversion strategy of a preset secret sharing mode and other secret sharing modes to obtain a first secret result. In the embodiment of the invention, after each calculation operation, the query node converts the obtained result into a result in a secret sharing mode matched with the next calculation operation, and then performs the next calculation operation until the last calculation operation is performed to obtain a first secret result.
In embodiments of the present invention, the plurality of compute operations may include a join operation and an Aggregate compute operation.
Illustratively, in conjunction with fig. 2, the querying node 100 performs a plurality of computing operations on the second set of local secret random numbers and the first set of partner secret random numbers by the first secure multi-party computing engine 106 in conjunction with a conversion policy of the secret sharing format and other secret sharing formats to obtain a first secret result.
And S104, receiving a second secret result fed back by the cooperative node, and determining a query result by combining the first secret result and the second secret result.
In the embodiment of the invention, the query node receives the second secret result fed back by the cooperative node, and the query result is determined by combining the first secret result and the second secret result. And the second secret result and the first group of partner secret random numbers are determined by the partner nodes based on the ciphertext calculation file.
In the embodiment of the present invention, with reference to fig. 2, the cooperative node 101 performs multiple computing operations on the first group of local secret random numbers and the second group of partner secret random numbers through the second secure multiparty computing engine 107 in combination with a conversion policy of a predetermined secret sharing format and another secret sharing format to obtain a second secret result, and returns the result. Cooperative node 101 sends the second secret result to querying node 100. The query node 100 forms an intermediate secret result by combining the first secret result and the second secret result, and the query node 100 decrypts the intermediate secret result to obtain a query result.
In the embodiment of the invention, the query node can decrypt the intermediate secret result in a corresponding manner according to the secret sharing manner of the first secret result and the second secret result.
In the embodiment of the invention, the cooperative node runs the ciphertext calculation file, and performs a plurality of calculation operations by using the secret random number of the second group of cooperative parties and the first group of local secret random numbers and combining the conversion strategy of the preset secret sharing mode and other secret sharing modes to obtain a second secret result. In the embodiment of the invention, after each calculation operation, the cooperative node converts the obtained result into a result in a secret sharing form matched with the next calculation operation, and then performs the next calculation operation until the last calculation operation is performed to obtain a second secret result.
In the embodiment of the invention, a ciphertext calculation file is determined based on the acquired query statement information; sending the ciphertext calculation file and the determined first group of local secret random numbers of the local data to the cooperative node, and receiving a first group of partner secret random numbers fed back by the cooperative node in response to the ciphertext calculation file; based on the ciphertext calculation file, determining a first secret result by utilizing a second group of predicted local secret random numbers and a first group of partner secret random numbers and combining a secret sharing form conversion strategy; the first group of local secret random numbers and the second group of local secret random numbers are two groups of random numbers obtained by splitting local data according to a preset secret sharing mode; receiving a second secret result fed back by the cooperative node, and determining a query result by combining the first secret result and the second secret result; the second secret result and the first set of partner secret random numbers are determined by the partner nodes based on the ciphertext computation file. According to the scheme, the ciphertext calculation file can be determined by using the query statement information to perform data query, the preparation time is short, and the secret sharing form conversion strategy is used, so that the secret sharing forms can be mutually converted, the calculation efficiency is improved, and the efficiency of determining the query result is improved.
In some embodiments, referring to fig. 3, fig. 3 is an optional flowchart of the data query method provided by the embodiment of the present invention, and S101 shown in fig. 1 may be implemented by S105 to S108, which will be described with reference to the steps.
S105, acquiring query statement information; the query statement information is written by the user according to the data structure of the predicted local data and the partner data.
In the embodiment of the invention, the query node acquires the query statement information. The query statement information is written by the user according to the predicted data structure of the local data and the partner data.
In the embodiment of the invention, a user writes query statement information through the human-computer interaction equipment of the query node.
S106, forming a query list by analyzing the query statement information through syntax; the query list includes: a conditional query identifier, a query source data identifier, and a plurality of computation operation identifiers.
In the embodiment of the invention, the query node forms the query statement information into a query list through syntactic analysis. Wherein the query list includes: a conditional query identifier, a query source data identifier, and a plurality of computation operation identifiers.
In real time, the query node parses the obtained SQL statement into a query list through a parser (parser).
And S107, determining the condition query identifier, the query source data identifier and the plurality of calculation operation identifiers, which correspond to the preset code templates respectively.
In the embodiment of the invention, the query node determines the condition query identifier, the query source data identifier and the plurality of calculation operation identifiers, and the preset code templates respectively correspond to the condition query identifier, the query source data identifier and the plurality of calculation operation identifiers.
In the embodiment of the invention, the code templates corresponding to various identifiers are stored in the database of the query node, and the query node determines the preset code templates corresponding to the identifiers in the query list in the database.
And S108, converting the query list into a query code by using a preset code template, and compiling the query code to form a ciphertext computing file.
In the embodiment of the invention, the query node converts the query list into the query code by using the preset code template, and then compiles the query code to form the ciphertext computing file.
In the embodiment of the invention, the query node converts the query list into the query code by using the condition query identifier, the query source data identifier and the preset code template corresponding to each of the plurality of calculation operation identifiers. And the query node compiles the query code by using a compiler to form a ciphertext calculation file.
In the embodiment of the invention, the query node performs syntactic analysis and compiling processing on the acquired query statement information to obtain the ciphertext computing file, and then the ciphertext computing file can be sent to the query node to obtain the query result, so that the preparation time is short, and the efficiency of determining the query result is improved.
In some embodiments, referring to fig. 4, fig. 4 is an optional flowchart of the data query method provided by the embodiment of the present invention, and S105 to S108 shown in fig. 3 may be implemented by S401 to S407, which will be described with reference to each step.
S401, obtaining query statement information.
In the embodiment of the invention, the query node acquires the conditional query statement information.
And S402, analyzing.
And S403, querying the list.
In the embodiment of the present invention, the query node analyzes the query statement information to obtain a query list, which includes: Join/W here/Aggregate et al, Tokens.
S404, Join template, Agg template, and other declaration templates.
In the embodiment of the invention, the query node determines a Join template, an Agg template and other declaration templates.
S405, back-end codes.
And S406, compiling.
S407, ciphertext calculation files.
In the embodiment of the invention, the query node compiles the determined back-end code into a ciphertext calculation file through a compiler.
In the embodiment of the invention, a user inputs a legal SQL query statement to a query node, and an SQL analysis module of the query node analyzes the SQL query statement into a corresponding Tokens list (identifiers or token objects such as Where, From, Aggregate and the like) through parser. And the query node matches the corresponding code template according to the identifier in the Token list, so as to generate a corresponding code. Such as:
SQL query statement: select ra.id from RA where ra.id is rb.id; part of the pseudo-code is as follows:
# statement RA, RB
Relation::RA;RA.load_data(RA_data_path);
Relation::RB;RB.load_data(RB_data_path);
As a result of # RA Join RB, semi Join, the relationship is still in RA
RA.aggregate(RA.id);RB.aggregate(RB.id);
RA.join(RB,join_attribute=(RA.id,RB.id));
# returns results to queries
RA.revealToParty(A);
And finally, the query node compiles the generated code at the C + + rear end through a compiler and generates a corresponding executable MPC file (namely a ciphertext calculation file), and executes a corresponding private data fusion query task in an MPC calculation engine.
In some embodiments, referring to fig. 3, fig. 3 is an optional flowchart of the data query method provided by the embodiment of the present invention, and S102 shown in fig. 1 further includes an implementation of S109-S110, which will be described with reference to each step.
And S109, compiling the local data into a plurality of random numbers in an arithmetic sharing mode.
In the embodiment of the invention, the query node compiles the local data into a plurality of random numbers in an arithmetic sharing mode.
S110, dividing the plurality of random numbers into two groups to obtain a first group of local secret random numbers and a second group of local secret random numbers.
In the embodiment of the invention, the query node divides a plurality of random numbers into two groups to obtain a first group of local secret random numbers and a second group of local secret random numbers.
In the embodiment of the invention, the query node can averagely divide the plurality of random numbers into two groups, and also can divide the plurality of random numbers into two groups according to a certain proportion.
In the embodiment of the invention, the query node processes the local data into the first group of local secret random numbers and the second group of local secret random numbers in an arithmetic sharing mode, thereby ensuring the confidentiality in the query process.
In some embodiments, referring to fig. 5, fig. 5 is an optional flowchart of the data query method provided by the embodiment of the present invention, and S103 shown in fig. 1 may be implemented by S111 to S114, which will be described with reference to each step.
And S111, operating the ciphertext calculation file, and solving the random number intersection of the second group of local secret random numbers and the first group of partner secret random numbers according to the preset attribute.
In the embodiment of the invention, the query node runs the ciphertext calculation file and finds the random number intersection of the second group of local secret random numbers and the first group of partner secret random numbers according to the preset attribute.
The predetermined attribute is a data attribute contained in the local data and the partner data.
Illustratively, the query node determines an intersection of random numbers corresponding to the same identification information from the second set of local secret random numbers and the first set of partner secret random numbers. The local data and the partner data are respectively corresponding to identification information, and the arrays in the secret random numbers of each group also correspond to the identification information.
In the embodiment of the present invention, the query node performs Privacy Set Intersection (PSI) calculation on the second group of local secret random numbers and the first group of partner secret random numbers. PSI is privacy set intersection based on secret sharing, and is mainly used for solving a common set of candidate attributes used for intersection in the second group of local secret random numbers and the first group of partner secret random numbers in Join operation. PSI means that the two participating parties obtain the intersection of the data held by the two parties under the condition that no additional information is leaked. Herein, the additional information refers to any information other than the data intersection of both parties. The PSI based on secret sharing is that the data input by double-sending is in a secret sharing mode, and after intersection calculation is carried out, the result is still in the secret sharing mode. The PSI used in this patent is based on secret sharing.
Wherein, secret sharing: the idea of Secret Sharing (SS) is to split a Secret in an appropriate manner, each split share is managed by a different participant, a single participant cannot recover Secret information, and only a plurality of participants cooperate together can recover the Secret information.
S112, converting the random numbers in the random number intersection into data in the form of a Yao circuit to obtain an intermediate data set.
In the embodiment of the invention, the query node converts the random numbers in the random number intersection into the data in the form of the Yao circuit to obtain an intermediate data set.
In the embodiment of the invention, the second group of local secret random numbers and the first group of partner secret random numbers are both secret random numbers in an arithmetic sharing mode. And the random number intersection is also a secret random number in the form of an arithmetic share. The query node firstly converts the random number in the random number intersection into data in the form of a Yao circuit to obtain an intermediate data set.
S113, performing connection calculation operation on the intermediate data sets to obtain a first intermediate data set, and restoring the number of the data in the first intermediate data set to the number in the intermediate data set to obtain a second intermediate data set.
In the embodiment of the invention, the query node performs connection calculation operation on the intermediate data sets to obtain a first intermediate data set, and restores the number of data in the first intermediate data set to the number in the intermediate data set to obtain a second intermediate data set.
Wherein the join calculation operation is also a join calculation operation.
In the embodiment of the present invention, after the query node obtains the first intermediate data set, the first intermediate data is subjected to inadvertent Extended persistence (OEP). The spread permutation is a function f:{1,.. m } - {1,. er.,. n } for passage through bi=af(i)The n-element vector a is mapped to a vector b of m elements. While an inadvertent extension of the permutation function allows this function mapping to be done while protecting the privacy of a, b, and f in a secure multiparty computing protocol.
S114, sequencing or de-duplicating the second intermediate data set to obtain a first secret result.
In the embodiment of the invention, the second intermediate data set of the query node is subjected to sequencing or deduplication operation to obtain a first secret result.
Wherein the sorting or deduplication operation is an Aggregate calculation operation.
Illustratively, in conjunction with fig. 6, the query node acquires local data to be subjected to fusion computation from the first database, and performs secret sharing on the local data. And the cooperative node acquires the data of the cooperative parties needing fusion calculation from the second database and carries out secret sharing on the data. And carrying out MPC ciphertext calculation on the shared local data and the partner data at the partner node and the query node respectively so as to complete privacy fusion query. In the calculation process, both the calculation parties deploy an MPC calculation engine, and the engines of both the calculation parties execute the executable MPC back-end code generated in the previous step, wherein the back-end code is a specific executed MPC operation, such as Join and Aggregate operations.
Wherein, the hybrid two-party secure multi-party computing framework: (arithmetallic-Boolean-Yao, ABY), can combine Arithmetic sharing (arithmetallic sharing), Boolean sharing (Boolean sharing) and Yao's Garbled Circuits' safe computational scheme (GC) high-efficiently, calculate and offer the best practice solution for safe two-party. When the protocol starts, a sender has some secret information, and after the protocol ends, a receiver obtains part of the secret information in a certain way. And the sender does not know which part of the secret information the recipient has learned at all.
Three sharing modes in ABY include:
arithmetic sharing (a): the secret S is share _0+ share _ 1.
Boolean sharing (B): the secret S is share _0 share _ 1.
Yao circuit (Y): the secret S is LSB (share _0 share _ 1).
Local data, the form of secret sharing selected by the partner data is arithmetic sharing:
the query node splits the local data and the partner data into two secret share _0 and share _1 (random numbers) respectively:
arithmetic sharing (a): the secret S is share _0+ share _ 1.
The inquiry node randomly sends one of a plurality of random numbers of the local data to the local and the other to the cooperative node.
And the query node uses ABY as a bottom layer security protocol for the secret shared local data and partner data. The ABY can be switched among three methods of arithmetic sharing, Boolean sharing and Yao circuit according to specific calculation requirements, and the conversion mode is as follows:
A2Y: arithmetic sharing → Yao circuit.
Y2B: yao circuit → Boolean sharing.
B2A: boolean sharing → arithmetic sharing.
B2Y: boolean sharing → yao's circuit.
The query node is based on ABY and OT protocols, and PSI/OEP basic operators are constructed on the upper layer of the query node. The functional operators of Join operation and Aggregation operation of private data fusion operation realized by the query node are realized based on PSI, OEP, ABY and other basic operators, wherein:
PSI: the privacy set intersection based on secret sharing is mainly used for solving a common set of candidate attributes used for intersection in Join operation, namely a secret random number of a first group of partners, and a local secret random number of a second group
OEP (OEP): for privacy protection of the size of the data set: firstly, in Aggregate aggregation operation, sequencing and duplicate removal operation are often performed, and the size of a data set after duplicate removal is generally smaller than that of an original data set; in Join operation, the size of the returned intersection is generally smaller than that of the original data; in order to prevent the specific information of the data from being pushed back by the size of the data set after the operation, the intermediate result of Aggregate and Join needs to be expanded to the size of the original data.
In the embodiment of the invention, after the query node performs the connection calculation operation, the number of the data in the first intermediate data set is recovered to the number in the intermediate data set, the second intermediate data set is obtained, and then the sorting or the duplication removing operation is performed to obtain the first secret result, so that the data can be effectively prevented from being decoded, and the data security is improved.
In some embodiments, referring to fig. 7, fig. 7 is an optional flowchart of the data query method provided by the embodiment of the present invention, and S103 shown in fig. 1 may be implemented by S115, which will be described with reference to each step.
And S115, running the ciphertext calculation file, and performing a plurality of calculation operations by using the second group of local secret random numbers and the first group of partner secret random numbers in combination with a secret sharing type conversion strategy to obtain a first secret result.
In the embodiment of the invention, the query node runs the ciphertext calculation file, and performs a plurality of calculation operations by using the second group of local secret random numbers and the first group of partner secret random numbers and combining a conversion strategy of a preset secret sharing mode and other secret sharing modes to obtain a first secret result.
In some embodiments, referring to fig. 8, fig. 8 is an optional flowchart of the data query method provided by the embodiment of the present invention, and S115 to S104 shown in fig. 7 may be implemented by S116 to S119, which will be described with reference to the steps.
S116, performing the 1 st calculation operation on the second group of local secret random numbers and the first group of partner secret random numbers, and converting the calculation result into a first random number set in a secret sharing form matched with the 2 nd calculation operation.
In the embodiment of the invention, the inquiry node performs the 1 st calculation operation on the second group of local secret random numbers and the first group of partner secret random numbers, and converts the calculation result into the 2 nd calculation operation matched first random number set in a secret sharing mode.
Wherein the plurality of computing operations comprise: k calculation operations, k being a positive integer greater than 1.
In the embodiment of the invention, if the secret sharing mode matched with the 2 nd calculation operation is the Yao circuit, the inquiry node converts the calculation result into the first random number set in the form of the Yao circuit.
And S117, performing the 2 nd calculation operation on the first random number set, converting the calculation result into a second random number set in a secret sharing mode matched with the 3 rd calculation operation, and stopping the calculation until the kth calculation operation is performed on the kth-1 th random number set to obtain a first secret result.
In the embodiment of the invention, the query node performs the 2 nd calculation operation on the first random number set, and converts the calculation result into the 3 rd calculation operation matched second random number set in a secret sharing mode, and the operation is stopped until the k-th calculation operation is performed on the k-1 th random number set, so that the first secret result is obtained.
And S118, combining the first secret result and the second secret result to obtain an intermediate secret result.
In the embodiment of the invention, the query node combines the first secret result and the second secret result to obtain an intermediate secret result.
S119, decrypting the intermediate secret result to obtain a query result.
In the embodiment of the invention, the inquiry node decrypts the intermediate secret result to obtain the inquiry result.
In the embodiment of the invention, the query node decrypts the intermediate secret result according to the decryption method of the corresponding secret sharing mode to obtain the query result.
In the embodiment of the invention, after each calculation operation, the query node converts the calculation result into the data in the secret sharing form matched with the next calculation, so that the efficiency of data query can be improved.
In some embodiments, referring to fig. 9, fig. 9 is an optional flowchart of the data query method according to the embodiment of the present invention, and will be described with reference to steps.
S201, receiving a ciphertext calculation file and a first group of local secret random numbers sent by a query node; the ciphertext calculation file is determined by the query node based on the acquired query statement information.
In the embodiment of the invention, a cooperative node receives a ciphertext calculation file and a first group of local secret random numbers sent by a query node; the ciphertext calculation file is determined by the query node based on the acquired query statement information.
S202, responding to the ciphertext calculation file, determining a first group of partner secret random numbers corresponding to the partner data, and feeding the first group of partner secret random numbers back to the query node.
In the embodiment of the invention, the cooperative node responds to the ciphertext calculation file, determines a first group of partner secret random numbers corresponding to the partner data, and feeds back the first group of partner secret random numbers to the query node.
S203, determining a second secret result by using the secret random number of the second group of partners and the first group of local secret random numbers and combining a secret sharing form conversion strategy.
In the embodiment of the invention, the cooperative node determines the second secret result by using the secret random number of the second group of cooperative parties and the first group of local secret random numbers and combining the secret sharing form conversion strategy. The first group of partner secret random numbers and the second group of partner secret random numbers are two groups of random numbers obtained by splitting partner data according to a preset secret sharing mode.
And S204, feeding the second secret result back to the query node, so that the query node determines a query result according to the second secret result and the determined first secret result.
In the embodiment of the invention, the cooperative node feeds back the second secret result to the query node, so that the query node determines the query result according to the second secret result and the determined first secret result.
According to the scheme, the ciphertext calculation file can be determined by utilizing the query sentence information to perform data query, the preparation time is short, and the secret sharing form conversion strategy is utilized, so that the secret sharing forms can be mutually converted, the calculation efficiency is improved, and the efficiency of determining the query result is improved.
In some embodiments, S202 shown in fig. 9 may be implemented by S205-S206, which will be described in conjunction with the various steps.
And S205, responding to the ciphertext calculation file, and determining the partner data in the database.
In the embodiment of the invention, the cooperative node responds to the ciphertext calculation file and determines the data of the cooperative party in the database.
In the embodiment of the invention, the cooperative node analyzes the ciphertext calculation file to obtain the conditional query identifier and the query source data identifier. And the cooperative node determines the cooperative data in the database based on the condition query identifier and the query source data identifier according to a preset program instruction.
S206, determining a first group of partner secret random numbers based on the partner data.
In the embodiment of the invention, the cooperative node determines the secret random number of the first group of cooperative parties based on the cooperative party data.
In the embodiment of the invention, the cooperative node compiles the cooperative data into a plurality of cooperative random numbers in an arithmetic sharing mode. The plurality of partner random numbers are divided into two groups to obtain a first group of partner secret random numbers and a second group of partner secret random numbers.
In the embodiment of the invention, the cooperative node determines the secret random number of the first group of cooperative parties according to the ciphertext calculation file, and the ciphertext calculation file is determined by the query node through the acquired query statement information, so that the preparation time is shortened, and the efficiency of determining the query data result is improved.
In some embodiments, S203 shown in fig. 9 may be implemented by S207-S208, which will be described in conjunction with the various steps.
S207, performing the 1 st calculation operation on the second group of partner secret random numbers and the first group of local secret random numbers, and converting the calculation result into a first partner random number set in a secret sharing form matched with the 2 nd calculation operation.
In the embodiment of the invention, the cooperative node performs the 1 st calculation operation on the secret random numbers of the second group of cooperative parties and the first group of local secret random numbers, and converts the calculation result into the first cooperative party random number set in a secret sharing mode matched with the 2 nd calculation operation.
And S208, performing 2 nd calculation operation on the first partner random number set, converting the calculation result into a second partner random number set in a secret sharing mode matched with the 3 rd calculation operation, and stopping until kth calculation operation is performed on the k-1 th partner random number set to obtain a second secret result.
In the embodiment of the invention, the cooperative node performs the 2 nd calculation operation on the first cooperative random number set, converts the calculation result into a second cooperative random number set in a secret sharing mode matched with the 3 rd calculation operation, and stops performing the kth calculation operation on the k-1 th cooperative random number set to obtain a second secret result.
In some embodiments, S203 shown in fig. 9 may be implemented by S209-S212, which will be described in conjunction with various steps.
S209, operating the ciphertext calculation file, and solving the partner random number intersection of the second set of partner secret random numbers and the first set of local secret random numbers according to the preset attribute.
In the embodiment of the invention, the cooperative node runs the ciphertext calculation file and finds the cooperative party random number intersection of the second group of cooperative party secret random numbers and the first group of local secret random numbers according to the preset attribute.
S210, converting the random number in the random number intersection of the cooperative party into data in a Yao circuit form to obtain a cooperative party intermediate data set.
In the embodiment of the invention, the cooperative node converts the random number in the intersection of the random numbers of the cooperative party into the data in the form of the Yao circuit to obtain a cooperative party intermediate data set.
S211, performing connection calculation operation on the partner intermediate data set to obtain a first partner intermediate data set, and restoring the number of data in the first partner intermediate data set to the number in the partner intermediate data set to obtain a second partner intermediate data set.
In the embodiment of the invention, the cooperative node performs connection calculation operation on the cooperative intermediate data set to obtain a first cooperative intermediate data set, and restores the number of data in the first cooperative intermediate data set to the number in the cooperative intermediate data set to obtain a second cooperative intermediate data set.
S212, sequencing or de-duplicating the intermediate data set of the second partner to obtain a second secret result.
In the embodiment of the invention, the cooperative node performs sequencing or duplicate removal operation on the intermediate data set of the second cooperative party to obtain a second secret result.
In some embodiments, referring to fig. 10, fig. 10 is an interaction diagram of a data query method provided by an embodiment of the present invention, which will be described with reference to steps.
S301, the query node determines a ciphertext calculation file based on the acquired query statement information.
The detailed implementation of step S301 is consistent with that of S101, and is not described herein again.
S302, the inquiry node sends the ciphertext calculation file and the first group of local secret random numbers of the determined local data to the cooperative node, and receives the first group of partner secret random numbers fed back by the cooperative node in response to the ciphertext calculation file.
The detailed implementation of step S302 is consistent with the implementation of step S102, and is not described herein again.
S303, the query node calculates the file based on the ciphertext, and determines a first secret result by using the second group of predicted local secret random numbers and the first group of partner secret random numbers and combining a secret sharing form conversion strategy.
The detailed implementation of step S303 is consistent with that of S103, and is not described herein again.
S304, the query node receives the second secret result fed back by the cooperative node, and the query result is determined by combining the first secret result and the second secret result.
The detailed implementation of step S304 is consistent with the implementation of step S104, and is not described herein again.
Referring to fig. 11, fig. 11 is a schematic structural diagram of a data query apparatus according to an embodiment of the present invention.
The embodiment of the present invention further provides a data query device 800, which is applied to query nodes, and includes: a determining unit 803 and a first receiving unit 804.
A determining unit 803, configured to determine a ciphertext computation file based on the obtained query statement information;
a first receiving unit 804, configured to send the ciphertext computation file and the first set of local secret random numbers of the determined local data to a cooperative node, and receive the first set of partner secret random numbers fed back by the cooperative node in response to the ciphertext computation file;
the determining unit 803 is further configured to determine, based on the ciphertext calculation file, a first secret result by using a second set of predicted local secret random numbers and the first set of partner secret random numbers, and combining a secret sharing form conversion policy; the first group of local secret random numbers and the second group of local secret random numbers are two groups of random numbers obtained by splitting the local data according to a preset secret sharing mode;
the determining unit 804 is further configured to receive a second secret result fed back by the cooperative node, and determine a query result by combining the first secret result and the second secret result; the second secret result and the first set of partner secret random numbers are determined by the partner node based on the ciphertext computation file.
In this embodiment of the present invention, the determining unit 803 in the data querying apparatus 800 is configured to form a query list by parsing the query statement information; the query list includes: a conditional query identifier, a query source data identifier, and a plurality of computation operation identifiers; determining preset code templates corresponding to the condition query identifier, the query source data identifier and the plurality of calculation operation identifiers respectively; and converting the query list into a query code by using the preset code template, and compiling the query code to form the ciphertext computing file.
In this embodiment of the present invention, the data query device 800 is configured to obtain the query statement information; the query statement information is written by the user according to the predicted data structure of the local data and the partner data.
In an embodiment of the present invention, the predetermined secret sharing manner includes: arithmetic sharing; the determining unit 803 in the data querying device 800 is configured to compile the local data into a plurality of random numbers in the form of the arithmetic sharing; dividing the plurality of random numbers into two groups to obtain the first group of local secret random numbers and the second group of local secret random numbers.
In this embodiment of the present invention, the determining unit 803 in the data querying apparatus 800 is configured to run the ciphertext computation file, and obtain, according to a predetermined attribute, a random number intersection between the second set of local secret random numbers and the first set of partner secret random numbers; the predetermined attribute is a data attribute contained in the local data and the partner data; converting the random number in the random number intersection into data in a Yao circuit form to obtain an intermediate data set; performing connection calculation operation on the intermediate data set to obtain a first intermediate data set, and recovering the number of data in the first intermediate data set to the number in the intermediate data set to obtain a second intermediate data set; and sequencing or removing the duplicate of the second intermediate data set to obtain the first secret result.
In this embodiment of the present invention, the determining unit 803 in the data querying apparatus 800 is configured to run the ciphertext computation file, and perform multiple computation operations by using the second set of local secret random numbers and the first set of partner secret random numbers in combination with a secret sharing format conversion policy to obtain the first secret result.
In an embodiment of the present invention, the plurality of calculation operations includes k calculation operations; k is a positive integer greater than 1; the determining unit 803 in the data querying device 800 is configured to perform a 1 st computation operation on the second set of local secret random numbers and the first set of partner secret random numbers, and convert the computation result into a first random number set in a secret sharing form matched with the 2 nd computation operation; and performing the 2 nd calculation operation on the first random number set, converting the calculation result into a second random number set in a secret sharing mode matched with the 3 rd calculation operation, and stopping the calculation until the k-th calculation operation is performed on the k-1 th random number set to obtain the first secret result.
In this embodiment of the present invention, the determining unit 803 in the data querying apparatus 800 is configured to combine the first secret result and the second secret result to obtain an intermediate secret result; and decrypting the intermediate secret result to obtain the query result.
In the embodiment of the present invention, a ciphertext calculation file is determined based on the obtained query statement information by the determining unit 803; sending the ciphertext calculation file and the determined first group of local secret random numbers of the local data to the cooperative node through a first receiving unit 804, and receiving a first group of partner secret random numbers fed back by the cooperative node in response to the ciphertext calculation file; determining a first secret result by the determining unit 803 based on the ciphertext calculation file by using a second group of predicted local secret random numbers and a first group of partner secret random numbers in combination with a secret sharing form conversion strategy; the first group of local secret random numbers and the second group of local secret random numbers are two groups of random numbers obtained by splitting local data according to a preset secret sharing mode; receiving, by the determining unit 803, a second secret result fed back by the cooperative node, and determining a query result by combining the first secret result and the second secret result; the second secret result and the first set of partner secret random numbers are determined by the partner nodes based on the ciphertext computation file. According to the scheme, the ciphertext calculation file can be determined by using the query statement information to perform data query, the preparation time is short, and the secret sharing form conversion strategy is used, so that the secret sharing forms can be mutually converted, the calculation efficiency is improved, and the efficiency of determining the query result is improved.
It should be noted that, in the embodiment of the present invention, if the data query method is implemented in the form of a software functional module and is sold or used as an independent product, the data query method may also be stored in a computer-readable storage medium. Based on such understanding, the technical solutions of the embodiments of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a data query device (which may be a personal computer or the like) to perform all or part of the methods according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a Read Only Memory (ROM), a magnetic disk, or an optical disk. Thus, embodiments of the invention are not limited to any specific combination of hardware and software.
Correspondingly, the embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements the steps of the above-mentioned method.
Correspondingly, an embodiment of the present invention provides a data query device, which includes a first memory 802 and a first processor 801, where the first memory 802 stores a computer program operable on the first processor 801, and the first processor 801 implements the steps in the method when executing the computer program.
Here, it should be noted that: the above description of the storage medium and apparatus embodiments is similar to the description of the method embodiments above, with similar beneficial effects as the method embodiments. For technical details not disclosed in the embodiments of the storage medium and the apparatus according to the invention, reference is made to the description of the embodiments of the method according to the invention.
It should be noted that fig. 12 is a schematic diagram of a hardware entity of a data query apparatus according to an embodiment of the present invention, as shown in fig. 12, the hardware entity of the data query apparatus 800 includes: a first processor 801 and a first memory 802, wherein;
the first processor 801 generally controls the overall operation of the data querying device 800.
The first Memory 802 is configured to store instructions and applications executable by the first processor 801, and may also buffer data (e.g., image data, audio data, voice communication data, and video communication data) to be processed or already processed by each module in the first processor 801 and the data query apparatus 800, and may be implemented by a FLASH Memory (FLASH) or a Random Access Memory (RAM).
Referring to fig. 13, fig. 13 is a schematic structural diagram of a data query apparatus according to an embodiment of the present invention.
The embodiment of the present invention further provides a data query apparatus 900, which is applied to a cooperative node, and includes: a second receiving unit 903, a response unit 904 and a feedback unit 905.
A second receiving unit 903, configured to receive the ciphertext calculation file and the first set of local secret random numbers sent by the query node; the ciphertext calculation file is determined by the query node based on the acquired query statement information;
a response unit 904, configured to determine, in response to the ciphertext computation file, a first set of partner secret random numbers corresponding to the partner data, and feed back the first set of partner secret random numbers to the query node;
the response unit 904 is further configured to determine, by using the secret random number of the second group of partners and the first group of local secret random numbers, a second secret result in combination with a secret sharing form conversion policy; the first group of partner secret random numbers and the second group of partner secret random numbers are two groups of random numbers obtained by splitting the partner data according to the preset secret sharing mode;
and the feedback unit 905 is configured to feed back the second secret result to the query node, so that the query node determines a query result according to the second secret result and the determined first secret result.
In this embodiment of the present invention, the response unit 904 in the data query apparatus 900 is configured to run the ciphertext computation file, and determine the partner data in the database; determining the first set of partner secret random numbers based on the partner data.
In this embodiment of the present invention, the response unit 904 in the data query apparatus 900 is configured to analyze the ciphertext calculation file to obtain a conditional query identifier and a query source data identifier; determining the partner data in a database based on the conditional query identifier and the query source data identifier.
In this embodiment of the present invention, the response unit 904 in the data query apparatus 900 is configured to compile the partner data into a plurality of partner random numbers in the form of arithmetic sharing; dividing the plurality of partner random numbers into two groups to obtain the first group of partner secret random numbers and the second group of partner secret random numbers.
In this embodiment of the present invention, the second receiving unit 903 is configured to receive a ciphertext computation file and a first set of local secret random numbers that are sent by a query node; the ciphertext calculation file is determined by the query node based on the acquired query statement information; a response unit 904, configured to determine, in response to the ciphertext computation file, a first set of partner secret random numbers corresponding to the partner data, and feed back the first set of partner secret random numbers to the query node; the response unit 904 is further configured to determine, by using the secret random number of the second group of partners and the first group of local secret random numbers, a second secret result in combination with a secret sharing form conversion policy; the first group of partner secret random numbers and the second group of partner secret random numbers are two groups of random numbers obtained by splitting the partner data according to the preset secret sharing mode; and the feedback unit 905 is configured to feed back the second secret result to the query node, so that the query node determines a query result according to the second secret result and the determined first secret result. According to the scheme, the ciphertext calculation file can be determined by utilizing the query statement information to perform data query, the preparation time is short, and the secret sharing form conversion strategy is utilized, so that secret sharing forms can be mutually shared
Correspondingly, the embodiment of the present invention provides a data query apparatus, which includes a second memory 902 and a second processor 901, where the second memory 902 stores a computer program that can be executed on the second processor 901, and the second processor 901 implements the steps in the above method when executing the program.
Here, it should be noted that: the above description of the storage medium and apparatus embodiments is similar to the description of the method embodiments above, with similar beneficial effects as the method embodiments. For technical details not disclosed in the embodiments of the storage medium and the apparatus according to the invention, reference is made to the description of the embodiments of the method according to the invention.
It should be noted that fig. 14 is a schematic diagram of a hardware entity of the data query apparatus according to the embodiment of the present invention, as shown in fig. 14, the hardware entity of the data query apparatus 900 includes: a second processor 901 and a second memory 902, wherein;
the second processor 901 generally controls the overall operation of the data query apparatus 900.
The second Memory 902 is configured to store instructions and applications executable by the second processor 901, and may also buffer data (e.g., image data, audio data, voice communication data, and video communication data) to be processed or already processed by each module in the second processor 901 and the data query apparatus 900, and may be implemented by a FLASH Memory (FLASH) or a Random Access Memory (RAM).
The above description is only an embodiment of the present invention, but the scope of the present invention is not limited thereto, and any person skilled in the art can easily conceive of changes or substitutions within the technical scope of the present invention, and all such changes or substitutions are included in the scope of the present invention. Therefore, the protection scope of the present invention shall be subject to the protection scope of the appended claims.
Claims (12)
1. A data query method is applied to a query node and comprises the following steps:
determining a ciphertext calculation file based on the acquired query statement information;
sending the ciphertext computing file and the determined first group of local secret random numbers of the local data to a cooperative node, and receiving a first group of partner secret random numbers fed back by the cooperative node in response to the ciphertext computing file;
based on the ciphertext calculation file, determining a first secret result by utilizing a second group of predicted local secret random numbers and the first group of partner secret random numbers and combining a secret sharing form conversion strategy; the first group of local secret random numbers and the second group of local secret random numbers are two groups of random numbers obtained by splitting the local data according to a preset secret sharing mode;
receiving a second secret result fed back by the cooperative node, and determining a query result by combining the first secret result and the second secret result; the second secret result and the first set of partner secret random numbers are determined by the partner node based on the ciphertext computation file.
2. The data query method of claim 1, wherein determining the ciphertext computation file based on the obtained query statement information comprises:
forming a query list by analyzing the query statement information through grammar; the query list includes: a conditional query identifier, a query source data identifier, and a plurality of computation operation identifiers;
determining the condition query identifier, the query source data identifier, the plurality of calculation operation identifiers and corresponding preset code templates respectively;
and converting the query list into a query code by using the preset code template, and compiling the query code to form the ciphertext computing file.
3. The data query method according to claim 1, wherein before determining the ciphertext computation file based on the obtained query statement information, the method further comprises:
acquiring the query statement information; the query statement information is written by the user according to the predicted data structure of the local data and the partner data.
4. The data query method of claim 1, wherein the predetermined secret sharing form comprises: arithmetic sharing;
before the sending the ciphertext computation file and the determined first set of local secret random numbers of the local data to the cooperative node and receiving the first set of partner secret random numbers fed back by the cooperative node in response to the ciphertext computation file, the method further includes:
compiling the local data into a plurality of random numbers in the form of arithmetic sharing;
dividing the plurality of random numbers into two groups to obtain the first group of local secret random numbers and the second group of local secret random numbers.
5. The data query method of claim 1, wherein the determining a first secret result by using a second set of secret random numbers which are predicted and the first set of partner secret random numbers based on the ciphertext computing file in combination with a secret sharing form conversion strategy comprises:
running the ciphertext computing file, and solving a random number intersection of the second group of local secret random numbers and the first group of partner secret random numbers according to a preset attribute; the predetermined attribute is a data attribute contained in the local data and the partner data;
converting the random number in the random number intersection into data in a Yao circuit form to obtain an intermediate data set;
performing connection calculation operation on the intermediate data set to obtain a first intermediate data set, and recovering the number of data in the first intermediate data set to the number in the intermediate data set to obtain a second intermediate data set;
and sequencing or removing the duplicate of the second intermediate data set to obtain the first secret result.
6. The data query method of claim 1, wherein the determining, based on the ciphertext computation file, a first secret result by using a second set of predicted local secret random numbers and the first set of partner secret random numbers in combination with a secret sharing form conversion policy comprises:
and operating the ciphertext calculation file, and performing multiple calculation operations by using the second group of local secret random numbers and the first group of partner secret random numbers and combining a secret sharing form conversion strategy to obtain a first secret result.
7. The data query method of claim 6, wherein the plurality of computing operations comprises k computing operations; k is a positive integer greater than 1;
the obtaining the first secret result by performing a plurality of calculation operations by using the second group of local secret random numbers and the first group of partner secret random numbers in combination with a secret sharing form conversion policy, includes:
performing 1 st calculation operation on the second group of local secret random numbers and the first group of partner secret random numbers, and converting a calculation result into a2 nd calculation operation matched first random number set in a secret sharing mode;
and performing the 2 nd calculation operation on the first random number set, converting the calculation result into a second random number set in a secret sharing mode matched with the 3 rd calculation operation, and stopping the calculation until the k-th calculation operation is performed on the k-1 th random number set to obtain the first secret result.
8. The data query method according to any one of claims 1 to 7, wherein the receiving a second secret result fed back by the cooperative node, and determining a query result by combining the first secret result and the second secret result comprises:
combining the first secret result and the second secret result to obtain an intermediate secret result;
and decrypting the intermediate secret result to obtain the query result.
9. A data query method is applied to a cooperative node and comprises the following steps:
receiving a ciphertext calculation file and a first group of local secret random numbers sent by a query node; the ciphertext calculation file is determined by the query node based on the acquired query statement information;
responding to the ciphertext calculation file, determining a first group of partner secret random numbers corresponding to partner data, and feeding back the first group of partner secret random numbers to the query node;
determining a second secret result by utilizing a secret random number of a second group of partners and the first group of local secret random numbers and combining a secret sharing form conversion strategy; the first group of partner secret random numbers and the second group of partner secret random numbers are two groups of random numbers obtained by splitting the partner data according to a preset secret sharing mode;
and feeding back the second secret result to the query node, so that the query node determines a query result according to the second secret result and the determined first secret result.
10. A data query device, applied to a query node, comprising:
the determining unit is used for determining a ciphertext calculation file based on the acquired query statement information;
a first receiving unit, configured to send the ciphertext computation file and the first set of local secret random numbers of the determined local data to a cooperative node, and receive a first set of partner secret random numbers fed back by the cooperative node in response to the ciphertext computation file;
the determining unit is further configured to determine a first secret result by using a second group of predicted local secret random numbers and the first group of partner secret random numbers based on the ciphertext calculation file and combining a secret sharing form conversion strategy; the first group of local secret random numbers and the second group of local secret random numbers are two groups of random numbers obtained by splitting the local data according to a preset secret sharing mode;
the determining unit is further configured to receive a second secret result fed back by the cooperative node, and determine a query result by combining the first secret result and the second secret result; the second secret result and the first set of partner secret random numbers are determined by the partner node based on the ciphertext computation file.
11. A data query device comprising a first memory and a first processor, the first memory storing a computer program operable on the first processor, the first processor implementing the steps of the method of any one of claims 1 to 8 when executing the program.
12. A computer-readable storage medium, on which a computer program is stored which, when being executed by a first processor, carries out the steps of the method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210038169.0A CN114519064A (en) | 2022-01-13 | 2022-01-13 | Data query method, device and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210038169.0A CN114519064A (en) | 2022-01-13 | 2022-01-13 | Data query method, device and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114519064A true CN114519064A (en) | 2022-05-20 |
Family
ID=81596502
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210038169.0A Pending CN114519064A (en) | 2022-01-13 | 2022-01-13 | Data query method, device and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114519064A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115499254A (en) * | 2022-11-18 | 2022-12-20 | 华控清交信息科技(北京)有限公司 | User data processing method, device and system and readable storage medium |
| CN116484432A (en) * | 2023-06-21 | 2023-07-25 | 杭州金智塔科技有限公司 | Longitudinal joint query method and device based on multiparty security calculation |
-
2022
- 2022-01-13 CN CN202210038169.0A patent/CN114519064A/en active Pending
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115499254A (en) * | 2022-11-18 | 2022-12-20 | 华控清交信息科技(北京)有限公司 | User data processing method, device and system and readable storage medium |
| CN116484432A (en) * | 2023-06-21 | 2023-07-25 | 杭州金智塔科技有限公司 | Longitudinal joint query method and device based on multiparty security calculation |
| CN116484432B (en) * | 2023-06-21 | 2023-09-19 | 杭州金智塔科技有限公司 | Longitudinal joint query method and device based on multiparty security calculation |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111382174B (en) | Multi-party data joint query method, device, server and storage medium | |
| CN114519064A (en) | Data query method, device and storage medium | |
| US10721063B2 (en) | Secure computation data utilization system, method, apparatus and non-transitory medium | |
| US10664610B2 (en) | Method and system for range search on encrypted data | |
| Chung et al. | Physical randomness extractors: generating random numbers with minimal assumptions | |
| Bellare et al. | Point-function obfuscation: a framework and generic constructions | |
| CN112437060B (en) | Data transmission method and device, computer equipment and storage medium | |
| CN113239395A (en) | Data query method, device, equipment, storage medium and program product | |
| Dong et al. | Fuzzy keyword search over encrypted data in the public key setting | |
| JP6504405B2 (en) | Ciphertext Comparison System, Ciphertext Comparison Method, Encryption Device and Ciphertext Comparison Device, and Control Method and Control Program Therefor | |
| Brakerski et al. | Multi-input functional encryption in the private-key setting: Stronger security from weaker assumptions | |
| CN112074889B (en) | Hidden search device and hidden search method | |
| KR20200047002A (en) | Method for comparing ciphertext using homomorphic encryption and apparatus for executing thereof | |
| CN114547078A (en) | Federal cross-feature query method, device, medium and equipment based on privacy computation | |
| CN111010266A (en) | Message encryption and decryption, reading and writing method and device, computer equipment and storage medium | |
| CN115603907A (en) | Method, device, equipment and storage medium for encrypting storage data | |
| Poh et al. | Searchable symmetric encryption over multiple servers | |
| CN112948878A (en) | Privacy-protecting set intersection calculation method and device | |
| WO2023185360A1 (en) | Data processing method, apparatus, system and device, and storage medium | |
| CN111046408A (en) | Judgment result processing method, query method, device, electronic equipment and system | |
| Salvail et al. | Quantifying the leakage of quantum protocols for classical two-party cryptography | |
| US20230344628A1 (en) | Secure massively parallel computation for dishonest majority | |
| JP2009038416A (en) | Multicast communication system, and group key management server | |
| Kerschbaum | Oblivious outsourcing of garbled circuit generation | |
| JP7440662B2 (en) | Multi-key information search |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |