CN114756886B - Method and device for inquiring hiding trace - Google Patents

Method and device for inquiring hiding trace Download PDF

Info

Publication number
CN114756886B
CN114756886B CN202210660740.2A CN202210660740A CN114756886B CN 114756886 B CN114756886 B CN 114756886B CN 202210660740 A CN202210660740 A CN 202210660740A CN 114756886 B CN114756886 B CN 114756886B
Authority
CN
China
Prior art keywords
pieces
information
server
ciphertext
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210660740.2A
Other languages
Chinese (zh)
Other versions
CN114756886A (en
Inventor
黄熹之
李艺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huakong Tsingjiao Information Technology Beijing Co Ltd
Original Assignee
Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huakong Tsingjiao Information Technology Beijing Co Ltd filed Critical Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority to CN202210660740.2A priority Critical patent/CN114756886B/en
Publication of CN114756886A publication Critical patent/CN114756886A/en
Application granted granted Critical
Publication of CN114756886B publication Critical patent/CN114756886B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Medical Informatics (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The embodiment of the invention provides an implicit track query method and device and a device for the implicit track query. The method comprises the following steps: receiving a ciphertext query word sent by a client, wherein the ciphertext query word is obtained by encrypting the query word by the client based on a key held by the client; inquiring ciphertext keywords matched with the ciphertext inquiry words in black box data, wherein the black box data are obtained by performing pre-calculation based on a secure calculation protocol according to a secret key held by a client and n pieces of first information held by a server, the black box data comprise n pieces of second information, each piece of second information comprises a ciphertext keyword and ciphertext data corresponding to the ciphertext keyword, the n pieces of second information are disorder arrangement of ciphertexts of the n pieces of first information under the secret key, and the disorder used by the disorder arrangement is held by the client or a third party; and returning the ciphertext data corresponding to the ciphertext keyword matched with the ciphertext query word to the client. The embodiment of the invention can improve the efficiency of track hiding query.

Description

Method and device for inquiring hiding trace
Technical Field
The invention relates to the field of multi-party security computing, in particular to an insider trace query method and device and a device for insider trace query.
Background
The Privacy Information Retrieval (PIR) is an important technology in the field of privacy computing, has a wide application scenario, can query sensitive privacy data in financial and industrial scenarios, protects the privacy of an inquiring party and an inquired party as much as possible, and can greatly promote data circulation.
The track of confidence query is: the server S is provided with a database, the client C is provided with a query condition k, and the client queries the database of the server according to k to obtain data d corresponding to k. In the whole query process, the server cannot obtain any information of k and also cannot obtain any information of the query result d, the client can only obtain the query result d corresponding to k, and cannot know any information of other data in the server database (except general information such as the total number of the databases).
The track hiding query is realized based on the cryptography technologies of asymmetric encryption, careless transmission and the like. However, in the actual track-hiding query scenario, the database of the server typically has a large amount of data, e.g., 1 billion, while the client-initiated queries are mostly real-time and numerous in small amounts. In each track hiding query, the server needs to scan the database once, the calculation complexity is O (n), and the communication of several GB or even dozens of GB is difficult to bear in each query, so that the track hiding query efficiency is low, and the real-time requirement of a user cannot be met.
Disclosure of Invention
The embodiment of the invention provides a method and a device for the covert trace query, which can improve the efficiency of the covert trace query so as to realize the online real-time covert trace query.
In a first aspect, an embodiment of the present invention discloses an implicit track query method, which is applied to a server, where n pieces of first information are stored in the server, and each piece of first information includes a keyword and data corresponding to the keyword, where the method includes:
receiving a ciphertext query word sent by a client, wherein the ciphertext query word is obtained by encrypting the query word by the client based on a key held by the client;
inquiring ciphertext keywords matched with the ciphertext inquiry words in black box data, wherein the black box data are obtained by performing pre-calculation based on a secure calculation protocol according to a secret key held by the client and n pieces of first information held by the server, the black box data are held by the server, the black box data comprise n pieces of second information, each piece of second information comprises one ciphertext keyword and ciphertext data corresponding to the ciphertext keyword, the n pieces of second information are disorder arrangement of ciphertexts of the n pieces of first information under the secret key, and disorder used by the disorder arrangement is held by the client or a third party;
and returning ciphertext data corresponding to the ciphertext keywords matched with the ciphertext query words to the client.
In a second aspect, the embodiment of the invention discloses an implicit track query method, which is applied to a client, and the method comprises the following steps:
encrypting the query word based on the held key to obtain a ciphertext query word;
sending the ciphertext query word to a server, so that the server queries a ciphertext keyword matched with the ciphertext query word in black box data, wherein the black box data is obtained by performing pre-calculation on the basis of a security calculation protocol according to a secret key held by the client and n pieces of first information held by the server, the black box data is held by the server, the black box data comprises n pieces of second information, each piece of second information comprises a ciphertext keyword and ciphertext data corresponding to the ciphertext keyword, the n pieces of second information are disorder arrangement of ciphertexts of the n pieces of first information under the secret key, and disorder used by the disorder arrangement is held by the client or a third party;
and receiving ciphertext data which are returned by the server and correspond to the ciphertext keywords matched with the ciphertext query words.
In a third aspect, the embodiment of the invention discloses an introspection query system, which comprises a client and a server, wherein the server stores n pieces of first information, each piece of first information comprises a keyword and data corresponding to the keyword, wherein,
the client is used for encrypting the query word based on the held key to obtain a ciphertext query word and sending the ciphertext query word to the server;
the server is used for inquiring the ciphertext keywords matched with the ciphertext inquiry words in the black box data and returning the ciphertext data corresponding to the ciphertext keywords matched with the ciphertext inquiry words to the client; the black box data is obtained by performing pre-calculation based on a secure calculation protocol according to a secret key held by the client and n pieces of first information held by the server, the black box data is held by the server, the black box data comprises n pieces of second information, each piece of second information comprises a ciphertext keyword and ciphertext data corresponding to the ciphertext keyword, the n pieces of second information are disorder arrangement of ciphertexts of the n pieces of first information under the secret key, and disorder used by the disorder arrangement is held by the client or a third party.
In a fourth aspect, an embodiment of the present invention discloses an implicit query apparatus, which is applied to a server, where n pieces of first information are stored in the server, and each piece of first information includes a keyword and data corresponding to the keyword, and the apparatus includes:
the query word receiving module is used for receiving a ciphertext query word sent by a client, wherein the ciphertext query word is obtained by encrypting the query word by the client based on a key held by the client;
the data query module is used for querying ciphertext keywords matched with the ciphertext query words in black box data, the black box data are obtained by performing pre-computation based on a secure computation protocol according to a secret key held by the client and n pieces of first information held by the server, the black box data are held by the server, the black box data comprise n pieces of second information, each piece of second information comprises a ciphertext keyword and ciphertext data corresponding to the ciphertext keyword, the n pieces of second information are disorder arrangement of ciphertexts of the n pieces of first information under the secret key, and the disorder used by the disorder arrangement is held by the client or a third party;
and the result returning module is used for returning the ciphertext data corresponding to the ciphertext keyword matched with the ciphertext query word to the client.
In a fifth aspect, an embodiment of the present invention discloses an implicit track query apparatus, which is applied to a client, and the apparatus includes:
the query word encryption module is used for encrypting the query word based on the held key to obtain a ciphertext query word;
the query word sending module is used for sending the ciphertext query word to a server so that the server queries a ciphertext keyword matched with the ciphertext query word in black box data, the black box data are obtained by performing pre-calculation on the basis of a security calculation protocol according to a key held by the client and n pieces of first information held by the server, the black box data are held by the server, the black box data comprise n pieces of second information, each piece of second information comprises a ciphertext keyword and ciphertext data corresponding to the ciphertext keyword, the n pieces of second information are disorder arrangement of ciphertexts of the n pieces of first information under the key, and disorder used by the disorder arrangement is held by the client or a third party;
and the result receiving module is used for receiving the ciphertext data which is returned by the server and corresponds to the ciphertext keyword matched with the ciphertext query word.
In a sixth aspect, embodiments of the present invention disclose a device for introspecting queries, comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by one or more processors, the one or more programs comprising instructions for performing one or more of the introspecting query methods described above.
In a seventh aspect, an embodiment of the invention discloses a machine-readable medium having stored thereon instructions which, when executed by one or more processors of an apparatus, cause the apparatus to perform one or more of the introspection query methods described above.
The embodiment of the invention has the following advantages:
the embodiment of the invention provides a track hiding query method based on pre-calculation, which puts most of calculation and communication expenses in an offline pre-calculation process. In the pre-calculation (off-line calculation) stage, both the client and the server complete the pre-calculation process based on the secure calculation protocol (referred to as black box protocol in the embodiment of the present invention), and the server obtains the black box data output by the black box protocol after the pre-calculation is completed. The black box data is held by the server side, the black box data comprises n pieces of second information, each piece of second information comprises a ciphertext keyword and ciphertext data corresponding to the ciphertext keyword, and the n pieces of second information are disorder arrangement of ciphertexts of the n pieces of first information under the secret key. The whole process only needs to carry out 1 encryption process (the process of encrypting the query word by the key at the client) and 1 decryption process (the process of decrypting the ciphertext data obtained by the query by the key at the client) every time the client queries 1 query word. Compared with a plaintext inquiry scene, the online track hiding inquiry process only adds the processes of 1 encryption and 1 decryption operation, even if single encryption and decryption by adopting public key cryptography can be completed in a millisecond level, so that the whole online inquiry process can be completed in the millisecond level, and the real-time performance of online inquiry can be ensured. In addition, the communication volume in the online query process of the embodiment of the invention only comprises 2 ciphertexts (ciphertext query words and ciphertext data) transmitted back and forth by both the client and the server, and is the same magnitude as the communication volume of plaintext query. Therefore, the time consumption and the communication quantity of the hiding trace query method and the clear text query method are in the same magnitude, namely, no matter how large the data quantity n of the server side is, the online query of the embodiment of the invention can be completed in millisecond level, the efficiency of the hiding trace query is greatly improved, and the online real-time hiding trace query can be realized.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
FIG. 1 is a flow diagram of the steps of an embodiment of an introspection query method of the present invention;
FIG. 2 is a schematic diagram of black box data generation using out-of-order encryption circuitry in one example of the present invention;
FIG. 3 is a flow diagram of the steps of another method embodiment of an introspection query of the present invention;
FIG. 4 is a block diagram of an embodiment of an introspection query device of the present invention;
FIG. 5 is a block diagram of another embodiment of an insider trace query device according to the present invention;
FIG. 6 is a block diagram of the architecture of an embodiment of an introspection query system of the present invention;
FIG. 7 is a block diagram of an apparatus 800 for obfuscating trace queries in accordance with the present invention;
fig. 8 is a schematic diagram of a server in some embodiments of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The terms first, second and the like in the description and in the claims of the present invention are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that embodiments of the invention may be practiced other than those illustrated or described herein, and that the words "first", "second", etc. do not necessarily distinguish one element from another, but rather denote any number of elements, e.g., a first element may be one or more than one. Furthermore, the term "and/or" in the specification and claims is used to describe an association relationship of associated objects, meaning that three relationships may exist, e.g., a and/or B, may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship. The term "plurality" in the embodiments of the present invention means two or more, and other terms are similar thereto.
Referring to fig. 1, a flow chart of steps of an embodiment of the method for implicit track query according to the present invention is shown, the method is applicable to a server, the server stores n pieces of first information, each piece of first information includes a keyword and data corresponding to the keyword, and the method may include the following steps:
step 101, receiving a ciphertext query word sent by a client, wherein the ciphertext query word is obtained by encrypting the query word by the client based on a key held by the client;
102, searching ciphertext keywords matched with the ciphertext query words in black box data, wherein the black box data are obtained by performing pre-calculation based on a secure calculation protocol according to a secret key held by the client and n pieces of first information held by the server, the black box data are held by the server, the black box data comprise n pieces of second information, each piece of second information comprises a ciphertext keyword and ciphertext data corresponding to the ciphertext keyword, the n pieces of second information are disorder arrangement of ciphertexts of the n pieces of first information under the secret key, and the disorder used by the disorder arrangement is held by the client or a third party;
and 103, returning ciphertext data corresponding to the ciphertext keyword matched with the ciphertext query word to the client.
The embodiment of the invention provides an implicit track query method which can be applied to a server side, wherein n pieces of first information are stored in a database of the server side, n is a positive integer, and the value of n is not limited in the embodiment of the invention. Each piece of first information is stored in the form of a data pair, and each piece of first information comprises a keyword and data corresponding to the keyword. The method for inquiring the track of the hiding is a keyword inquiring method, n pieces of first information are stored in a database of a server, each piece of first information is in a data pair form, a keyword is a keyword, and data is data corresponding to the keyword. The one-time track hiding query initiated by the client side is as follows: the client provides a certain query word k, the server queries whether the query word k is in a keyword column of a database of the client, namely, the server queries whether a keyword matched with the query word k exists in the database, and if yes, the client hopes to obtain data corresponding to the keyword matched with the query word k. In the query process, the server cannot obtain any information of the query word k (including whether the query word k is in the keyword column), and if the query word k is in the keyword column in the server database, the client can only obtain the data corresponding to the query word k, and no other data in the server database is known.
In order to realize the above-mentioned process of the track query and improve the efficiency of the track query, the embodiment of the invention provides a track query method based on pre-calculation, which puts most of the calculation and communication overhead in the off-line pre-calculation process, and the server can obtain black box data through pre-calculation. The black box data comprises n pieces of second information, each piece of second information comprises a ciphertext keyword and ciphertext data corresponding to the ciphertext keyword, the n pieces of second information are obtained by encrypting the n pieces of first information of the server side according to a secret key of the client side and sequencing the n pieces of first information out of order, namely, the n pieces of second information are arranged out of order of the ciphertexts of the n pieces of first information under the secret key. The disorder used by the disorder arrangement may be generated by the client or generated by a third party, that is, the disorder is held by the client or the third party, and the server cannot know the disorder.
In the pre-calculation (off-line calculation) stage, both the client and the server complete the pre-calculation process based on the secure calculation protocol (referred to as black box protocol in the embodiment of the present invention), and the server obtains the black box data output by the black box protocol after the pre-calculation is completed. The embodiment of the present invention does not limit the type of the Secure computing protocol, for example, the Secure computing protocol may be an MPC (Multi-party Secure computing) protocol, in a Secure computing system based on the MPC protocol, multiple parties may perform cooperative computing by using a Multi-party Secure computing technique to obtain a computing result on the premise that their own data is not leaked, and the data, the intermediate result, and the final result participating in the computing may be ciphertext. In the process of executing the pre-calculation, the client side does not reveal own key information, and the server side does not reveal data information in the database of the server side.
In a specific implementation, the key held by the client may be a private key of AES (Advanced Encryption Standard), which is a symmetric Encryption algorithm, and the same key is used for Encryption and decryption.
In particular, the client generates a key (as sk) c ) The client sends the key sk c And as the input of the black box protocol, the server takes the n pieces of first information in the database as the input of the black box protocol. The two parties execute the black box protocol, and finally the server obtains black box data output by the black box protocol, wherein the black box data are keys sk of n pieces of first information of the server at the client c The following scrambled arrangement of the ciphertext.
In one example, the database of the server includes the following n pieces of first information: (k) 1 ,x 1 )、(k 2 ,x 2 )、……、(k n ,x n ). In the pre-calculation stage, the client and the server execute a black box protocol, and the input of the black box protocol comprises a secret key sk generated by the client c And n pieces of first information of the server: (k) of 1 ,x 1 )、(k 2 ,x 2 )、……、(k n ,x n ). The output of the black box protocol executed by both the client and the server is black box data, namely the key sk of the n pieces of first information of the server at the client c The following scrambled arrangement of the ciphertext. If the black box data includes the following n pieces of second information: ([ k) π(1) ],[x π(1) ])、([k π(2) ],[x π(2) ])、……、([k π(n) ],[x π(n) ]). Each piece of second information is stored in a data pair mode, and each piece of second information comprises a ciphertext keyword and ciphertext data corresponding to the ciphertext keyword. For example, for the second information ([ k ] π(1) ],[x π(1) ]),[k π(1) ]Is a ciphertext key, [ x ] π(1) ]As a ciphertext key word k π(1) ]Corresponding ciphertext data. In the embodiment of the present invention, [ x ]]Key sk indicating utilization of client c The ciphertext resulting from encrypting x, i.e. using the key sk c To [ x ]]Decryption can result in x.
Wherein, pi (1), pi (2), … … and pi (n) represent a disorder. For example, assuming that the disorder is (3,5,2,6,1,4), pi (1) =3, pi (2) =5, pi (3) =2, pi (4) =6, pi (5) =1, pi (6) = 4.
In the embodiment of the present invention, out-of-order refers to a sequence that can be used to reorder elements in another sequence (such as an array), and elements in out-of-order are used to indicate the order of elements in the reordered array. The length of the disorder may be equal to the length of the sequence to be sorted, for example, the length of the disorder may be equal to the length of the sequence composed of the first information stored in the server database, that is, the length of the disorder may be n. The method for generating the disorder is not limited in the embodiment of the present invention, and for example, assuming that n =6, a sequential sequence, such as (1,2,3,4,5,6), may be generated first, and then the sequential sequence is randomly scrambled, so as to obtain a disorder, such as (3,5,2,6,1, 4). It should be noted that the disorder adopted for a certain pre-calculation may be generated randomly, and the disorder is not unique.
In one example, assuming that n =3, the 3 pieces of first information of the server include: (k) 1 ,x 1 )、(k 2 ,x 2 )、(k 3 ,x 3 ) If the disorder is (3,1,2), the client and the server execute the black box protocol to obtain 3 pieces of second information, including: ([ k ] π(1) ],[x π(1) ])、([k π(2) ],[x π(2) ])、([k π(2) ],[x π(2) ]) Wherein pi (1) =3, pi (2) =1, pi (3) = 2. Displaying the 3 pieces of second information as plaintext is: (k) 3 ,x 3 )、(k 1 ,x 1 )、(k 2 ,x 2 )。
After the offline precomputation is completed, the server side can obtain black box data, and online track hiding query can be performed by using the black box data. Exemplarily, it is assumed that a client queries data corresponding to a certain query word k. First, the client uses the key sk c Encrypting the query word k to obtain a ciphertext query word k]. The key used by the client when the introspection query is performed online is the same as the key used by the client when the introspection query is performed online. Client side inquires ciphertext query word [ k ]]Sending the data to a server, searching in the black box data by the server, and inquiring whether the ciphertext query word [ k ] exists]And matching the ciphertext keywords. If so, the ciphertext query word [ k ]]Matching ciphertext keys, e.g. [ k ] π(i) ]=[k]Then obtain the ciphertext keyword [ k ] π(i) ]Corresponding ciphertext data [ x ] π(i) ]And is combined withThe ciphertext data [ x ] π(i) ]And returning the data to the client. Key sk for client c For the ciphertext data [ x π(i) ]Decrypting to obtain the ciphertext data [ x π(i) ]And obtaining the query result corresponding to the query word k.
Because the ciphertext keyword and the ciphertext query word are obtained by encrypting the same key generated by the client, the process of searching whether the ciphertext keyword matched with the ciphertext query word exists in the black box data by the server is equivalent to the searching process in the plaintext sense. The whole process only needs to carry out 1 encryption process (the process of encrypting the query word by the key at the client) and 1 decryption process (the process of decrypting the ciphertext data obtained by the query by the key at the client) every time the client queries 1 query word. Compared with the method for directly querying by using a plaintext, the method for querying the online query only adds the processes of 1 encryption operation and 1 decryption operation in the online query process of the embodiment of the invention, and even if single encryption and decryption by adopting a public key password can be completed in a millisecond level, so that the whole online query process can be completed in the millisecond level, and the real-time performance of online query can be ensured. In addition, the communication volume in the online query process of the embodiment of the invention only comprises 2 ciphertexts (such as a cipher text query word [ k ]) transmitted back and forth by both the client and the server]And ciphertext data [ x ] π(i) ]) The communication volume with the plaintext inquiry is the same order of magnitude. Therefore, the time consumption and the communication quantity of the hiding trace query method and the clear text query method are in the same magnitude, namely, no matter how large the data quantity n of the server side is, the online query of the embodiment of the invention can be completed in millisecond level, the efficiency of the hiding trace query is greatly improved, and the online real-time hiding trace query can be realized.
At the server, the disorder is generated by the client or a third party, and the server cannot know the disorder information, so that from the perspective of the server, the n pieces of second information in the black box data are meaningless random numbers, and the server cannot know the plaintext information of the n pieces of second information. Furthermore, the server side searches whether the ciphertext query word [ k ] exists in the black box data or not]In the process of matching the ciphertext keyword, if the matched ciphertext keyword exists, the ciphertext query wordk]Matching ciphertext keys, e.g. [ k ] π(i) ]=[k]Then obtain the ciphertext keyword [ k ] π(i) ]Corresponding ciphertext data [ x ] π(i) ]And combines the ciphertext data [ x ] π(i) ]And returning to the client. Because the ciphertext query word, the ciphertext keyword and the ciphertext data are obtained by encrypting the client key and the server cannot acquire the client key, the server cannot acquire the ciphertext keyword [ k ] π(i) ]And ciphertext data [ x ] π(i) ]The server can not obtain the query related information of the client. At the client, the client can only obtain the query result (such as ciphertext data [ x ]) returned by the server π(i) ]) There is no knowledge about other data information in the server database. Therefore, the method for inquiring the hiding trace greatly improves the efficiency of the hiding trace inquiry, realizes the online real-time hiding trace inquiry, and can protect the data privacy safety of both the client and the server.
In an optional embodiment of the present invention, before the receiving the ciphertext query word sent by the client in step 101, the method may further include: and the server and the client execute two-party cooperative multi-party safety calculation to obtain the black box data.
The embodiment of the invention does not limit the safety calculation protocol (black box protocol) adopted by the server and the client for pre-calculation. The secure computing protocol may be an MPC protocol, and specifically, may be an MPC protocol in which two parties cooperate with each other between the server and the client. The MPC protocol may include, but is not limited to, any of the following: garbled circuits, inadvertent transmissions, homomorphic encryption, etc.
In an optional embodiment of the present invention, the performing, with the client, a multiparty security calculation in cooperation with two parties to obtain the black box data may include:
step S11, inputting the n pieces of first information to a disorder encryption circuit, wherein the disorder encryption circuit is a garbled circuit and also receives a key and disorder input by the client;
and step S12, acquiring n pieces of second information output by the disorder encryption circuit, wherein the n pieces of second information are obtained by encrypting the n pieces of first information by the disorder encryption circuit according to the key and then sequencing according to the disorder.
In an optional implementation manner, the server and the client may implement a black box protocol through an out-of-order encryption circuit to generate black box data, where the out-of-order encryption circuit is a garbled circuit. Referring to fig. 2, a schematic diagram of black box data generation using an out-of-order encryption circuit in one example of the invention is shown. As shown in fig. 2, the client 201 generates the key sk c And out of order pi, and apply the secret key sk c And an out-of-order pi input out-of-order encryption circuit 203. The server 202 inputs n pieces of first information into the out-of-order encryption circuit, where the n pieces of first information include: (k) 1 ,x 1 )、(k 2 ,x 2 )、……、(k n ,x n ). The output of the out-of-order encryption circuit 203 is black box data, which includes the following n pieces of second information: ([ k) π(1) ],[x π(1) ])、([k π(2) ],[x π(2) ])、……、([k π(n) ],[x π(n) ])。
Out-of-order encryption circuits can be implemented by constructing a garbled circuit, which is a cryptographic protocol that enables participants to compute a function that can be represented by a logic circuit without the knowledge of each other's data. The input of the circuit and the structure of the circuit are covered by encrypting the circuit, so that privacy information of each participant is kept secret, and an objective function of multi-party security calculation is realized through circuit calculation.
The overall calculation process of the garbled circuit may comprise two stages: a circuit generation phase and an execution phase. The circuit generation phase refers to converting the function of the secure computation into a circuit. The execution phase refers to an execution circuit that utilizes OT (Oblivious Transfer), cryptographic primitives such as encryption, and the like.
In specific implementation, a secure computation task may be constructed, where the secure computation task is used to encrypt n pieces of first information input by a server using a key input by a client, then arrange ciphertexts obtained by encryption in an out-of-order manner, and finally output an arrangement result (i.e., output black box data). Since the garbled circuit is capable of performing any binary computation, the secure computation task may be performed by the garbled circuit. For example, the secure computing task may be described using functions and the functions of the secure computing task may be converted into circuitry, such as a complex obfuscation circuit, to construct an out-of-order encryption circuit that may implement the secure computing task.
In the above process, the client cannot obtain any data information input into the garbled circuit by the server, and the server cannot obtain any data information input into the garbled circuit by the client. The embodiment of the invention utilizes the garbled circuit, and can output the disorder arrangement of the ciphertext of n pieces of first information of the server under the key of the client on the premise of protecting the privacy of data input by both the client and the server.
In an optional embodiment of the present invention, the performing, with the client, a multiparty security calculation in cooperation with two parties to obtain the black box data may include:
step S21, generating a first public and private key pair of proxy re-encryption, wherein the first public and private key pair comprises a first public key and a first private key;
step S22, encrypting the n pieces of first information by using the first public key to obtain n pieces of first encrypted data, where the n pieces of first encrypted data can be decrypted by the first private key;
step S23, sending the n pieces of first encrypted data and the first public key to a broker, where the broker further receives a second public key sent by the client and obtains the second public key out of order, where the second public key is a public key in a second public-private key pair generated by the client and re-encrypted by the broker, and the second public-private key pair includes a second public key and a second private key;
step S24, obtaining n pieces of second information output by the agent, where the n pieces of second information are obtained by the agent converting the first encrypted data into second encrypted data based on an encryption state, and then sorting the second encrypted data according to the disorder, where the second encrypted data can be decrypted by the second private key.
The encryption-based state refers to that an operator cannot know any information of a plaintext corresponding to data operated by the operator in the operation process.
In an optional embodiment, the server and the client may implement a black box protocol through Proxy Re-Encryption (PRE), so as to generate black box data. The proxy re-encryption is a key conversion mechanism among ciphertexts, and mainly converts the ciphertexts of one user into the ciphertexts which can be decrypted by another user through a proxy party without revealing the private key and the plaintext information of the user. In the process, the agent side cannot obtain plaintext information of the data, and the risk of data leakage can be prevented.
Specifically, the server side can generate a first public and private key pair for proxy re-encryption, wherein the first public and private key pair comprises a first public key and a first private key. The server side encrypts the n pieces of first information by using the first public key to obtain n pieces of first encrypted data, and the n pieces of first encrypted data can be decrypted by the first private key. And the server side sends the n pieces of first encrypted data and the first public key to the agent side. The client generates a second public-private key pair comprising a second public key and a second private key that is proxy re-encrypted. And the client sends the second public key to the agent.
In embodiments of the invention, the disorder may be generated by the client or generated by a third party. And in the case that the client generates the disorder, the client also sends the generated disorder to the agent. In the event that a third party generates an out-of-order, the third party may be the agent, which may be used to perform an agent re-encryption operation.
The agent performs an agent re-encryption operation on the n pieces of first encrypted data sent by the server, that is, the agent converts the n pieces of first encrypted data (which can be decrypted by the first private key of the server) of the server into n pieces of second encrypted data (which can be decrypted by the second private key of the client). And the agent side arranges the second encrypted data according to the disorder order to obtain the black box data which needs to be output to the server.
The first public and private key pair generated by the server and the second public and private key pair generated by the client and used for agent re-encryption are both a public and private key pair generated by the agent and used for agent re-encryption, and the public and private key pair generated by the agent and used for agent re-encryption can realize the function of agent re-encryption (namely, an agent party can execute key conversion operation in a ciphertext state), which cannot be realized by a common public and private key pair.
The embodiment of the invention realizes the black box protocol by using the proxy re-encryption, so that the offline pre-calculation process can be carried out at the proxy, and the proxy cannot know the first private key of the server and the second private key of the client, namely cannot know the data information of the server and the query information of the client, thereby protecting the privacy and the safety of the data of the client and the server.
The embodiment of the present invention does not limit the type of the agent, for example, the agent may be an independent server, or the agent may also be a cloud server with rich computing resources. When the agent side is a cloud server, the offline pre-computation process can be completed in a short time, and the pre-computation efficiency can be improved.
In an optional embodiment of the invention, the method may further comprise:
step S31, when the n pieces of first information are subjected to data updating, m pieces of updated first information are obtained;
step S32, performing pre-calculation based on the updated m pieces of first information and the updated key held by the client, and obtaining updated black box data.
In practical applications, after a client performs 1 off-line pre-calculation process by using a generated key and a server, the client can perform real-time introspection query for many times at any time by using the key without changing a database of the server. It can be understood that, when there are multiple clients that need to perform the introspection query, each of the multiple clients may perform offline pre-calculation with the server using the key held by each client, and the server may obtain the black box data corresponding to each client. Thus, different clients can use the own key to perform online confidential inquiry.
When the n pieces of first information are updated (that is, when the database of the server is changed), for example, one or more pieces of the n pieces of first information are modified, or the n pieces of first information are deleted or newly added with the first information, and the like, the updated m pieces of first information are obtained. m may be a positive integer greater than or equal to or less than n.
Under the condition that the database of the server side is changed, the client side can regenerate a new key to obtain an updated key. And the server performs offline pre-calculation again based on the updated m pieces of first information and the updated key of the client to obtain updated black box data. Further, the newly generated out-of-order may be utilized when re-performing the pre-computation.
After the updated black box data is obtained, online track hiding query can be performed by using the updated black box data, and the updated key is used by the client, so that potential safety hazards caused by original key leakage can be prevented.
Referring to fig. 3, a flow diagram illustrating the steps of another embodiment of an introspection query method of the present invention, applicable to a client, may include:
step 301, encrypting the query word based on the held key to obtain a ciphertext query word;
step 302, sending the ciphertext query word to a server, so that the server queries a ciphertext keyword matched with the ciphertext query word in black box data, where the black box data is obtained by performing pre-calculation based on a secure computing protocol according to a secret key held by the client and n pieces of first information held by the server, the black box data is held by the server, the black box data includes n pieces of second information, each piece of second information includes a ciphertext keyword and ciphertext data corresponding to the ciphertext keyword, the n pieces of second information are disorder arrangements of ciphertexts of the n pieces of first information under the secret key, and the disorder used by the disorder arrangements is held by the client or a third party;
and step 303, receiving ciphertext data which is returned by the server and corresponds to the ciphertext keyword matched with the ciphertext query word.
The embodiment of the invention provides an introspection query method which can be applied to a client side, wherein the client side can request an introspection query aiming at a certain query word from a server side. The database of the server side stores n pieces of first information, each piece of first information is stored in a data pair mode, and each piece of first information comprises a keyword and data corresponding to the keyword. The hiding trace query method of the embodiment of the invention is a keyword query method.
In order to improve the efficiency of track hiding query and realize online real-time track hiding query, the embodiment of the invention provides a track hiding query method based on pre-calculation, most of calculation and communication expenses are put in an offline pre-calculation process, and a server can obtain black box data through pre-calculation. The black box data can be used for realizing online real-time track hiding query.
The process of performing pre-computation and the process of performing online introspection query by both the client and the server have been described in detail in the foregoing embodiments, and therefore, no further description is given in this embodiment.
In an optional embodiment of the invention, the method may further comprise: and decrypting the ciphertext data returned by the server side based on the held key to obtain a query result corresponding to the query word.
In an optional embodiment of the present invention, before encrypting the query term based on the held key in step 301, the method may further include: and executing multiparty security calculation cooperated with the two parties with the server so that the server obtains the black box data.
In an optional embodiment of the present invention, the performing, with the server, a multiparty security calculation in cooperation with two parties to make the server obtain the black box data may include:
generating a key and a disorder order, and inputting the key and the disorder order to a disorder encryption circuit, so that the disorder encryption circuit encrypts n pieces of first information input by a server according to the key and then sorts the n pieces of first information according to the disorder order to obtain n pieces of second information, wherein the disorder encryption circuit is a garbled circuit, and the disorder encryption circuit also receives the n pieces of first information input by the server and outputs the n pieces of second information to the server.
In an optional embodiment of the present invention, the performing, with the server, a multiparty security calculation in cooperation with two parties to make the server obtain the black box data may include:
generating a second public-private key pair of proxy re-encryption, the second public-private key pair comprising a second public key and a second private key;
sending the second public key to an agent, wherein the agent also receives n pieces of first encrypted data sent by the server and obtains disorder, so that after the agent converts the first encrypted data into second encrypted data based on an encryption state, the agent sorts the second encrypted data according to the disorder to obtain n pieces of second information, and sends the n pieces of second information to the server; the n pieces of first encrypted data are obtained by encrypting the n pieces of first information by the server side through a first public key, the first public key is a public key in a first public-private key pair generated by the server side and subjected to proxy re-encryption, the first public-private key pair subjected to proxy re-encryption comprises the first public key and a first private key, the n pieces of first encrypted data can be decrypted by the first private key, and the second encrypted data can be decrypted by the second private key.
In an optional embodiment of the invention, the method may further comprise:
generating an updated key under the condition that the n pieces of first information of the server side are subjected to data updating to obtain m pieces of updated first information;
and performing pre-calculation based on the updated key and the updated m pieces of first information by the server, so that the server obtains updated black box data.
In summary, the embodiment of the present invention provides a method for track searching based on pre-computation, which puts most of the computation and communication overhead in the off-line pre-computation process. In the pre-calculation (off-line calculation) stage, both the client and the server complete the pre-calculation process based on the secure calculation protocol (referred to as black box protocol in the embodiment of the present invention), and the server obtains the black box data output by the black box protocol after the pre-calculation is completed. The black box data is held by the server side, the black box data comprises n pieces of second information, each piece of second information comprises a ciphertext keyword and ciphertext data corresponding to the ciphertext keyword, and the n pieces of second information are disorder arrangement of ciphertexts of the n pieces of first information under the secret key. The whole process only needs to carry out 1 encryption process (the process of encrypting the query word by the key at the client) and 1 decryption process (the process of decrypting the ciphertext data obtained by the query by the key at the client) every time the client queries 1 query word. Compared with the method for directly querying by using a plaintext, the method for online querying only adds the processes of 1 encryption operation and 1 decryption operation in the online querying process of the embodiment of the invention, and even if the single encryption and decryption of the public key password are adopted, the single encryption and decryption can be completed in a millisecond level, so that the whole online querying process can be completed in the millisecond level, and the real-time performance of online querying can be ensured. In addition, the communication volume in the online query process of the embodiment of the invention only comprises 2 ciphertexts (ciphertext query words and ciphertext data) transmitted back and forth by both the client and the server, and is the same magnitude as the communication volume of plaintext query. Therefore, the time consumption and the communication quantity of the hiding trace query method and the clear text query method are in the same magnitude, namely, no matter how large the data quantity n of the server side is, the online query of the embodiment of the invention can be completed in millisecond level, the efficiency of the hiding trace query is greatly improved, and the online real-time hiding trace query can be realized.
It should be noted that, for simplicity of description, the method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the illustrated order of acts, as some steps may occur in other orders or concurrently in accordance with the embodiments of the present invention. Further, those skilled in the art will appreciate that the embodiments described in the specification are presently preferred and that no particular act is required to implement the invention.
Referring to fig. 4, a block diagram illustrating an embodiment of an implicit query apparatus according to the present invention is shown, where the apparatus is applicable to a server, where n pieces of first information are stored in the server, each piece of first information includes a keyword and data corresponding to the keyword, and the apparatus may include:
the query word receiving module 401 is configured to receive a ciphertext query word sent by a client, where the ciphertext query word is obtained by encrypting the query word by the client based on a key held by the client;
a data query module 402, configured to query ciphertext keywords that are matched with the ciphertext query words in black box data, where the black box data is obtained by performing pre-computation based on a secure computation protocol according to a secret key held by the client and n pieces of first information held by the server, the black box data is held by the server, the black box data includes n pieces of second information, each piece of second information includes a ciphertext keyword and ciphertext data corresponding to the ciphertext keyword, the n pieces of second information are disorder arrangements of ciphertexts of the n pieces of first information under the secret key, and the disorder used by the disorder arrangements is held by the client or a third party;
and a result returning module 403, configured to return, to the client, ciphertext data corresponding to the ciphertext keyword that matches the ciphertext query word.
Optionally, the apparatus further comprises:
and the first collaborative computing module is used for executing multiparty security computing cooperated with the client side to obtain the black box data.
Optionally, the first collaborative computing module includes:
the first input submodule is used for inputting the n pieces of first information to a disorder encryption circuit, the disorder encryption circuit is a garbled circuit, and the disorder encryption circuit also receives a secret key and disorder input by the client;
and the first obtaining submodule is used for obtaining n pieces of second information output by the out-of-order encryption circuit, and the n pieces of second information are obtained by encrypting the n pieces of first information by the out-of-order encryption circuit according to the secret key and then sequencing according to the out-of-order.
Optionally, the first collaborative computing module includes:
the first generation submodule is used for generating a first public and private key pair subjected to proxy re-encryption, and the first public and private key pair comprises a first public key and a first private key;
the encryption submodule is used for encrypting the n pieces of first information by using the first public key to obtain n pieces of first encrypted data, and the n pieces of first encrypted data can be decrypted by the first private key;
the first sending submodule is used for sending the n pieces of first encrypted data and the first public key to an agent, the agent also receives a second public key sent by the client and obtains the second public key out of order, the second public key is a public key in a second public and private key pair which is generated by the client and is encrypted again by the agent, and the second public and private key pair comprises a second public key and a second private key;
and the second obtaining submodule is used for obtaining n pieces of second information output by the agent, the n pieces of second information are obtained by sequencing second encrypted data according to the disorder after the agent converts the first encrypted data into the second encrypted data based on the encryption state, and the second encrypted data can be decrypted by the second private key.
Optionally, the apparatus further comprises:
the first updating module is used for obtaining m pieces of updated first information when the n pieces of first information are subjected to data updating;
and the second updating module is used for executing pre-calculation based on the updated m pieces of first information and the updated key held by the client side to obtain updated black box data.
Referring to fig. 5, a block diagram of another embodiment of an introspection query apparatus of the present invention is shown, the apparatus being applicable to a client, and the apparatus may comprise:
a query word encryption module 501, configured to encrypt a query word based on a held key to obtain a ciphertext query word;
a query word sending module 502, configured to send the ciphertext query word to a server, so that the server queries a ciphertext keyword matched with the ciphertext query word in black box data, where the black box data is obtained by performing pre-calculation based on a secure computing protocol according to a secret key held by the client and n pieces of first information held by the server, the black box data is held by the server, the black box data includes n pieces of second information, each piece of second information includes a ciphertext keyword and ciphertext data corresponding to the ciphertext keyword, the n pieces of second information are out-of-order permutation of ciphertexts of the n pieces of first information under the secret key, and the out-of-order permutation is held by the client or a third party;
and the result receiving module 503 is configured to receive ciphertext data corresponding to the ciphertext keyword matched with the ciphertext query word, where the ciphertext data is returned by the server.
Optionally, the apparatus further comprises:
and the result decryption module is used for decrypting the ciphertext data returned by the server based on the held key to obtain the query result corresponding to the query word.
Optionally, the apparatus further comprises:
and the second cooperative computing module is used for executing multiparty safety computing cooperated with the two parties with the server so that the server obtains the black box data.
Optionally, the second collaborative computing module is specifically configured to generate a key and a disorder, and input the key and the disorder to a disorder encryption circuit, so that the disorder encryption circuit encrypts n pieces of first information input by a server according to the key and then sorts the n pieces of first information according to the disorder to obtain n pieces of second information, the disorder encryption circuit is a garbled circuit, and the disorder encryption circuit further receives the n pieces of first information input by the server and outputs the n pieces of second information to the server.
Optionally, the second collaborative computing module includes:
a second generation submodule, configured to generate a second public-private key pair for proxy re-encryption, where the second public-private key pair includes a second public key and a second private key;
the second sending submodule is used for sending the second public key to an agent, the agent also receives n pieces of first encrypted data sent by the server and obtains disorder, so that the agent converts the first encrypted data into second encrypted data based on an encryption state, sorts the second encrypted data according to the disorder to obtain n pieces of second information, and sends the n pieces of second information to the server; the n pieces of first encrypted data are obtained by encrypting the n pieces of first information by the server side through a first public key, the first public key is a public key in a first public-private key pair generated by the server side and subjected to proxy re-encryption, the first public-private key pair subjected to proxy re-encryption comprises the first public key and a first private key, the n pieces of first encrypted data can be decrypted by the first private key, and the second encrypted data can be decrypted by the second private key.
Optionally, the apparatus further comprises:
the key updating module is used for generating an updated key under the condition that the n pieces of first information of the server side are subjected to data updating to obtain m pieces of updated first information;
and the black box updating module is used for executing pre-calculation based on the updated key and the updated m pieces of first information of the server so that the server obtains updated black box data.
Referring to fig. 6, a block diagram of an embodiment of the system 600 for introspection query according to the present invention is shown, the system includes a client 601 and a server 602, the server 602 stores n pieces of first information, each piece of first information includes a keyword and data corresponding to the keyword, wherein,
the client 601 is configured to encrypt the query word based on a held key to obtain a ciphertext query word, and send the ciphertext query word to the server;
the server 602 is configured to query the ciphertext keyword matched with the ciphertext query word in the black box data, and return ciphertext data corresponding to the ciphertext keyword matched with the ciphertext query word to the client; the black box data is obtained by performing pre-calculation based on a secure calculation protocol according to a secret key held by the client and n pieces of first information held by the server, the black box data is held by the server, the black box data comprises n pieces of second information, each piece of second information comprises a ciphertext keyword and ciphertext data corresponding to the ciphertext keyword, the n pieces of second information are disorder arrangement of ciphertexts of the n pieces of first information under the secret key, and disorder used by the disorder arrangement is held by the client or a third party.
Optionally, the client 601 is further configured to decrypt ciphertext data returned by the server based on the held key to obtain a query result corresponding to the query word.
Optionally, the server 602 is further configured to perform multiparty security computation with the client in cooperation with the two parties, so as to obtain the black box data; the client 601 is further configured to execute multiparty security computation cooperating with the server, so that the server obtains the black box data.
Optionally, the system 600 further comprises an out-of-order encryption circuit, the out-of-order encryption circuit being a garbled circuit;
the client 601 is further configured to input a key held by the client 601 to the out-of-order encryption circuit and an out-of-order;
the server 602 is further configured to input the n pieces of first information held by the server to the out-of-order encryption circuit, and acquire n pieces of second information output by the out-of-order encryption circuit;
the disorder encryption circuit is used for receiving a key and a disorder input by the client and n pieces of first information input by the server, encrypting the n pieces of first information according to the key, then sequencing the n pieces of first information according to the disorder to obtain n pieces of second information, and outputting the n pieces of second information to the server.
Optionally, the system 600 further comprises an agent;
the server 602 is further configured to generate a first public-private key pair for proxy re-encryption, where the first public-private key pair includes a first public key and a first private key, encrypt the n pieces of first information by using the first public key to obtain n pieces of first encrypted data, and send the n pieces of first encrypted data and the first public key to the proxy, where the n pieces of first encrypted data may be decrypted by the first private key;
the client 601 is further configured to generate a second public-private key pair for proxy re-encryption, where the second public-private key pair includes a second public key and a second private key, and send the second public key to the proxy;
the agent is used for receiving the n pieces of first encrypted data and the first public key sent by the server, receiving the second public key sent by the client, obtaining disorder, converting the first encrypted data into second encrypted data based on an encryption state, sequencing the second encrypted data according to the disorder to obtain n pieces of second information, and sending the n pieces of second information to the server, wherein the second encrypted data can be decrypted by the second private key;
the server 602 is further configured to receive the n pieces of second information sent by the agent.
Optionally, the server 602 is further configured to obtain m pieces of updated first information when the n pieces of first information are subjected to data update, and perform pre-calculation based on the m pieces of updated first information and an updated key held by the client, so as to obtain updated black box data;
the client 601 is further configured to generate an updated key when data update occurs in the n pieces of first information of the server to obtain m pieces of updated first information, and perform pre-calculation based on the updated key and the m pieces of updated first information of the server, so that the server obtains updated black box data.
The embodiment of the invention puts most of calculation and communication overhead in an off-line pre-calculation process. In the pre-calculation (off-line calculation) stage, both the client and the server complete the pre-calculation process based on the secure calculation protocol (referred to as black box protocol in the embodiment of the present invention), and the server obtains the black box data output by the black box protocol after the pre-calculation is completed. The black box data is held by the server side, the black box data comprises n pieces of second information, each piece of second information comprises a ciphertext keyword and ciphertext data corresponding to the ciphertext keyword, and the n pieces of second information are disorder arrangement of ciphertexts of the n pieces of first information under the secret key. The whole process only needs to carry out 1 encryption process (the process of encrypting the query word by the key at the client) and 1 decryption process (the process of decrypting the ciphertext data obtained by the query by the key at the client) every time the client queries 1 query word. Compared with the method for directly querying by using a plaintext, the method for querying the online query only adds the processes of 1 encryption operation and 1 decryption operation in the online query process of the embodiment of the invention, and even if single encryption and decryption by adopting a public key password can be completed in a millisecond level, so that the whole online query process can be completed in the millisecond level, and the real-time performance of online query can be ensured. In addition, the communication volume in the online query process of the embodiment of the invention only comprises 2 ciphertexts (ciphertext query words and ciphertext data) transmitted back and forth by both the client and the server, and is the same magnitude as the communication volume of plaintext query. Therefore, the time consumption and the communication quantity of the hidden trace query device and the plaintext query are in the same order, namely, the online query of the embodiment of the invention can be completed in millisecond level no matter how large the data quantity n of the server is, so that the efficiency of the hidden trace query is greatly improved, and the online real-time hidden trace query can be realized.
For the device embodiment, since it is basically similar to the method embodiment, the description is simple, and for the relevant points, refer to the partial description of the method embodiment.
The embodiments in the present specification are described in a progressive manner, each embodiment focuses on differences from other embodiments, and the same and similar parts among the embodiments are referred to each other.
With regard to the apparatus in the above-described embodiment, the specific manner in which each module performs the operation has been described in detail in the embodiment related to the method, and will not be elaborated here.
The embodiment of the invention provides a device for the track query, which comprises a memory and more than one program, wherein the more than one program is stored in the memory and is configured to be executed by more than one processor to execute the instructions of the track query method in one or more of the embodiments.
FIG. 7 is a block diagram illustrating an apparatus 800 for obfuscating a trace query, according to an example embodiment. For example, the apparatus 800 may be a mobile phone, a computer, a digital broadcast terminal, a messaging device, a game console, a tablet device, a medical device, an exercise device, a personal digital assistant, and the like.
Referring to fig. 7, the apparatus 800 may include one or more of the following components: processing component 802, memory 804, power component 806, multimedia component 808, audio component 810, input/output (I/O) interface 812, sensor component 814, and communications component 816.
The processing component 802 generally controls overall operation of the device 800, such as operations associated with display, telephone calls, data communications, camera operations, and recording operations. The processing element 802 may include one or more processors 820 to execute instructions to perform all or a portion of the steps of the methods described above. Further, the processing component 802 can include one or more modules that facilitate interaction between the processing component 802 and other components. For example, the processing component 802 can include a multimedia module to facilitate interaction between the multimedia component 808 and the processing component 802.
The memory 804 is configured to store various types of data to support operation at the device 800. Examples of such data include instructions for any application or method operating on device 800, contact data, phonebook data, messages, pictures, videos, and so forth. The memory 804 may be implemented by any type or combination of volatile or non-volatile memory devices such as Static Random Access Memory (SRAM), electrically erasable programmable read-only memory (EEPROM), erasable programmable read-only memory (EPROM), programmable read-only memory (PROM), read-only memory (ROM), magnetic memory, flash memory, magnetic or optical disks.
A power supply component 806 provides power to the various components of the device 800. The power components 806 may include a power management system, one or more power supplies, and other components associated with generating, managing, and distributing power for the apparatus 800.
The multimedia component 808 includes a screen that provides an output interface between the device 800 and a user. In some embodiments, the screen may include a Liquid Crystal Display (LCD) and a Touch Panel (TP). If the screen includes a touch panel, the screen may be implemented as a touch screen to receive an input signal from a user. The touch panel includes one or more touch sensors to sense touch, slide, and gestures on the touch panel. The touch sensor may not only sense the boundary of a touch or slide action, but also detect the duration and pressure associated with the touch or slide operation. In some embodiments, the multimedia component 808 includes a front facing camera and/or a rear facing camera. The front-facing camera and/or the rear-facing camera may receive external multimedia data when the device 800 is in an operating mode, such as a shooting mode or a video mode. Each front camera and rear camera may be a fixed optical lens system or have a focal length and optical zoom capability.
The audio component 810 is configured to output and/or input audio signals. For example, the audio component 810 includes a Microphone (MIC) configured to receive external audio signals when the apparatus 800 is in an operational mode, such as a call mode, a recording mode, and a voice information processing mode. The received audio signals may further be stored in the memory 804 or transmitted via the communication component 816. In some embodiments, audio component 810 also includes a speaker for outputting audio signals.
The I/O interface 812 provides an interface between the processing component 802 and peripheral interface modules, which may be keyboards, click wheels, buttons, etc. These buttons may include, but are not limited to: a home button, a volume button, a start button, and a lock button.
The sensor assembly 814 includes one or more sensors for providing various aspects of state assessment for the device 800. For example, the sensor assembly 814 may detect the open/closed state of the device 800, the relative positioning of components, such as a display and keypad of the apparatus 800, the sensor assembly 814 may also search for a change in the position of the apparatus 800 or a component of the apparatus 800, the presence or absence of user contact with the apparatus 800, orientation or acceleration/deceleration of the apparatus 800, and a change in the temperature of the apparatus 800. Sensor assembly 814 may include a proximity sensor configured to detect the presence of a nearby object without any physical contact. The sensor assembly 814 may also include a light sensor, such as a CMOS or CCD image sensor, for use in imaging applications. In some embodiments, the sensor assembly 814 may also include an acceleration sensor, a gyroscope sensor, a magnetic sensor, a pressure sensor, or a temperature sensor.
The communication component 816 is configured to facilitate communications between the apparatus 800 and other devices in a wired or wireless manner. The device 800 may access a wireless network based on a communication standard, such as WiFi, 2G or 3G, or a combination thereof. In an exemplary embodiment, the communication component 816 receives a broadcast signal or broadcast related information from an external broadcast management system via a broadcast channel. In an exemplary embodiment, the communication component 816 further includes a Near Field Communication (NFC) module to facilitate short-range communications. For example, the NFC module may be implemented based on radio frequency information processing (RFID) technology, infrared data association (IrDA) technology, Ultra Wideband (UWB) technology, Bluetooth (BT) technology, and other technologies.
In an exemplary embodiment, the apparatus 800 may be implemented by one or more Application Specific Integrated Circuits (ASICs), Digital Signal Processors (DSPs), Digital Signal Processing Devices (DSPDs), Programmable Logic Devices (PLDs), Field Programmable Gate Arrays (FPGAs), controllers, micro-controllers, microprocessors or other electronic components for performing the above-described methods.
In an exemplary embodiment, a non-transitory computer-readable storage medium comprising instructions, such as the memory 804 comprising instructions, executable by the processor 820 of the device 800 to perform the above-described method is also provided. For example, the non-transitory computer readable storage medium may be a ROM, a Random Access Memory (RAM), a CD-ROM, a magnetic tape, a floppy disk, an optical data storage device, and the like.
Fig. 8 is a schematic diagram of a server in some embodiments of the invention. The server 1900 may vary widely by configuration or performance and may include one or more Central Processing Units (CPUs) 1922 (e.g., one or more processors) and memory 1932, one or more storage media 1930 (e.g., one or more mass storage devices) storing applications 1942 or data 1944. Memory 1932 and storage medium 1930 can be, among other things, transient or persistent storage. The program stored in the storage medium 1930 may include one or more modules (not shown), each of which may include a series of instructions operating on a server. Still further, a central processor 1922 may be provided in communication with the storage medium 1930 to execute a series of instruction operations in the storage medium 1930 on the server 1900.
The server 1900 may also include one or more power supplies 1926, one or more wired or wireless network interfaces 1950, one or more input-output interfaces 1958, one or more keyboards 1956, and/or one or more operating systems 1941, such as Windows Server, Mac OS XTM, UnixTM, LinuxTM, FreeBSDTM, etc.
A non-transitory computer readable storage medium having instructions therein which, when executed by a processor of an apparatus (server or terminal), enable the apparatus to perform the introspection query method shown in fig. 1 or fig. 3.
A non-transitory computer readable storage medium, wherein instructions of the storage medium, when executed by a processor of a device (server or terminal), enable the device to perform the description of the implicit trace query method in the embodiment corresponding to fig. 1 or fig. 3, and therefore, the detailed description thereof will not be repeated herein. In addition, the beneficial effects of the same method are not described in detail. For technical details not disclosed in the embodiments of the computer program product or the computer program referred to in the present application, reference is made to the description of the embodiments of the method of the present application.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This invention is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It will be understood that the invention is not limited to the precise arrangements described above and shown in the drawings and that various modifications and changes may be made without departing from the scope thereof. The scope of the invention is limited only by the appended claims.
The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents, improvements and the like that fall within the spirit and principle of the present invention are intended to be included therein.
The method, the device and the device for the covert trace query provided by the invention are described in detail, and the principle and the implementation mode of the invention are explained by applying specific examples, and the description of the examples is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.

Claims (30)

1. The method for inquiring the track in the hiding way is applied to a server side, wherein n pieces of first information are stored in the server side, each piece of first information comprises a keyword and data corresponding to the keyword, and the method comprises the following steps:
receiving a ciphertext query word sent by a client, wherein the ciphertext query word is obtained by encrypting the query word by the client based on a key held by the client;
inquiring ciphertext keywords matched with the ciphertext inquiry words in black box data, wherein the black box data are obtained by performing pre-calculation based on a secure calculation protocol according to a secret key held by the client and n pieces of first information held by the server, the black box data are held by the server, the black box data comprise n pieces of second information, each piece of second information comprises one ciphertext keyword and ciphertext data corresponding to the ciphertext keyword, the n pieces of second information are disorder arrangement of ciphertexts of the n pieces of first information under the secret key, and disorder used by the disorder arrangement is held by the client or a third party;
and returning ciphertext data corresponding to the ciphertext keywords matched with the ciphertext query words to the client.
2. The method of claim 1, wherein before receiving the ciphertext query word sent by the client, the method further comprises:
and performing multi-party safety calculation cooperated with the client to obtain the black box data.
3. The method of claim 2, wherein the performing two-party cooperative multi-party security computation with the client to obtain the black-box data comprises:
inputting the n pieces of first information to a disorder encryption circuit, wherein the disorder encryption circuit is a garbled circuit and also receives a key and disorder input by the client;
and acquiring n pieces of second information output by the disorder encryption circuit, wherein the n pieces of second information are obtained by encrypting the n pieces of first information by the disorder encryption circuit according to the secret key and then sequencing according to the disorder.
4. The method of claim 2, wherein the performing a multiparty security computation in cooperation with the client to obtain the black box data comprises:
generating a first public-private key pair of proxy re-encryption, the first public-private key pair comprising a first public key and a first private key;
encrypting the n pieces of first information by using the first public key to obtain n pieces of first encrypted data, wherein the n pieces of first encrypted data can be decrypted by the first private key;
sending the n pieces of first encrypted data and the first public keys to an agent, wherein the agent also receives a second public key sent by the client and obtains the second public key out of order, the second public key is a public key in a second public and private key pair which is generated by the client and is encrypted again by the agent, and the second public and private key pair comprises a second public key and a second private key;
and acquiring n pieces of second information output by the agent, wherein the n pieces of second information are obtained by the agent by sequencing second encrypted data according to the disorder after the agent converts the first encrypted data into the second encrypted data based on the encryption state, and the second encrypted data can be decrypted by the second private key.
5. The method of claim 1, further comprising:
when the n pieces of first information are subjected to data updating, m pieces of updated first information are obtained;
and performing pre-calculation based on the updated m pieces of first information and the updated key held by the client to obtain updated black box data.
6. An introspection query method applied to a client, the method comprising:
encrypting the query word based on the held key to obtain a ciphertext query word;
sending the ciphertext query word to a server, so that the server queries a ciphertext keyword matched with the ciphertext query word in black box data, wherein the black box data is obtained by performing pre-calculation on the basis of a security calculation protocol according to a secret key held by the client and n pieces of first information held by the server, the black box data is held by the server, the black box data comprises n pieces of second information, each piece of second information comprises a ciphertext keyword and ciphertext data corresponding to the ciphertext keyword, the n pieces of second information are disorder arrangement of ciphertexts of the n pieces of first information under the secret key, and disorder used by the disorder arrangement is held by the client or a third party;
and receiving ciphertext data which are returned by the server and correspond to the ciphertext keywords matched with the ciphertext query words.
7. The method of claim 6, further comprising:
and decrypting the ciphertext data returned by the server side based on the held key to obtain a query result corresponding to the query word.
8. The method of claim 6, wherein prior to encrypting the query term based on the held key, the method further comprises:
and executing multiparty safety calculation cooperated with the two parties with the server so that the server obtains the black box data.
9. The method of claim 8, wherein the performing of multiparty security computation in cooperation with the server to make the server obtain the black box data comprises:
generating a key and a disorder order, and inputting the key and the disorder order to a disorder encryption circuit, so that the disorder encryption circuit encrypts n pieces of first information input by a server according to the key and then sorts the n pieces of first information according to the disorder order to obtain n pieces of second information, wherein the disorder encryption circuit is a garbled circuit, and the disorder encryption circuit also receives the n pieces of first information input by the server and outputs the n pieces of second information to the server.
10. The method of claim 8, wherein the performing of multiparty security computation in cooperation with the server to make the server obtain the black box data comprises:
generating a second public and private key pair with agent re-encryption, wherein the second public and private key pair comprises a second public key and a second private key;
sending the second public key to an agent, wherein the agent also receives n pieces of first encrypted data sent by the server and obtains disorder, so that after the agent converts the first encrypted data into second encrypted data based on an encryption state, the agent sorts the second encrypted data according to the disorder to obtain n pieces of second information, and sends the n pieces of second information to the server; the n pieces of first encrypted data are obtained by encrypting the n pieces of first information by the server side through a first public key, the first public key is a public key in a first public-private key pair generated by the server side and subjected to proxy re-encryption, the first public-private key pair subjected to proxy re-encryption comprises the first public key and a first private key, the n pieces of first encrypted data can be decrypted by the first private key, and the second encrypted data can be decrypted by the second private key.
11. The method of claim 6, further comprising:
generating an updated key under the condition that the n pieces of first information of the server side are subjected to data updating to obtain m pieces of updated first information;
and performing pre-calculation based on the updated key and the updated m pieces of first information by the server, so that the server obtains updated black box data.
12. The system is characterized by comprising a client and a server, wherein the server stores n pieces of first information, each piece of first information comprises a keyword and data corresponding to the keyword, wherein,
the client is used for encrypting the query word based on the held key to obtain a ciphertext query word and sending the ciphertext query word to the server;
the server is used for inquiring the ciphertext keywords matched with the ciphertext inquiry words in the black box data and returning the ciphertext data corresponding to the ciphertext keywords matched with the ciphertext inquiry words to the client; the black box data is obtained by performing pre-calculation based on a secure calculation protocol according to a secret key held by the client and n pieces of first information held by the server, the black box data is held by the server, the black box data comprises n pieces of second information, each piece of second information comprises a ciphertext keyword and ciphertext data corresponding to the ciphertext keyword, the n pieces of second information are disorder arrangement of ciphertexts of the n pieces of first information under the secret key, and disorder used by the disorder arrangement is held by the client or a third party.
13. The system of claim 12, wherein the client is further configured to decrypt ciphertext data returned by the server based on the held key to obtain a query result corresponding to the query word.
14. The system according to claim 12, wherein the server is further configured to perform a multiparty security computation cooperating with the client to obtain the black box data; the client is also used for executing multiparty safety calculation cooperated with the server so that the server obtains the black box data.
15. The system of claim 12, further comprising an out-of-order encryption circuit, the out-of-order encryption circuit being an obfuscation circuit;
the client is also used for inputting the held key and the disorder to the disorder encryption circuit;
the server is further used for inputting the n pieces of first information held by the server to the out-of-order encryption circuit and acquiring n pieces of second information output by the out-of-order encryption circuit;
the disorder encryption circuit is used for receiving a key and a disorder input by the client and n pieces of first information input by the server, encrypting the n pieces of first information according to the key, then sequencing the n pieces of first information according to the disorder to obtain n pieces of second information, and outputting the n pieces of second information to the server.
16. The system of claim 12, wherein the system further comprises an agent;
the server is further configured to generate a first public-private key pair for proxy re-encryption, where the first public-private key pair includes a first public key and a first private key, encrypt the n pieces of first information by using the first public key to obtain n pieces of first encrypted data, and send the n pieces of first encrypted data and the first public key to the proxy, where the n pieces of first encrypted data can be decrypted by the first private key;
the client is further used for generating a second public and private key pair subjected to proxy re-encryption, wherein the second public and private key pair comprises a second public key and a second private key, and the second public key is sent to the proxy party;
the agent is used for receiving the n pieces of first encrypted data and the first public key sent by the server, receiving the second public key sent by the client, obtaining disorder, converting the first encrypted data into second encrypted data based on an encryption state, sequencing the second encrypted data according to the disorder to obtain n pieces of second information, and sending the n pieces of second information to the server, wherein the second encrypted data can be decrypted by the second private key;
the server is further configured to receive the n pieces of second information sent by the agent.
17. The system according to claim 12, wherein the server is further configured to obtain m pieces of updated first information when the n pieces of first information are subjected to data update, and perform pre-calculation based on the m pieces of updated first information and an updated key held by the client, so as to obtain updated black box data;
the client is further configured to generate an updated key when data update occurs in the n pieces of first information of the server to obtain m pieces of updated first information, and perform pre-calculation based on the updated key and the m pieces of updated first information of the server, so that the server obtains updated black box data.
18. The tracks hiding query device is applied to a server side, wherein n pieces of first information are stored in the server side, each piece of first information comprises a keyword and data corresponding to the keyword, and the device comprises:
the query word receiving module is used for receiving a ciphertext query word sent by a client, wherein the ciphertext query word is obtained by encrypting the query word by the client based on a key held by the client;
the data query module is used for querying ciphertext keywords matched with the ciphertext query words in black box data, the black box data are obtained by performing pre-computation based on a secure computation protocol according to a secret key held by the client and n pieces of first information held by the server, the black box data are held by the server, the black box data comprise n pieces of second information, each piece of second information comprises a ciphertext keyword and ciphertext data corresponding to the ciphertext keyword, the n pieces of second information are disorder arrangement of ciphertexts of the n pieces of first information under the secret key, and the disorder used by the disorder arrangement is held by the client or a third party;
and the result returning module is used for returning the ciphertext data corresponding to the ciphertext keyword matched with the ciphertext query word to the client.
19. The apparatus of claim 18, further comprising:
and the first collaborative computing module is used for executing multiparty security computing cooperated with the client side to obtain the black box data.
20. The apparatus of claim 19, wherein the first collaborative computing module comprises:
the first input submodule is used for inputting the n pieces of first information to a disorder encryption circuit, the disorder encryption circuit is a garbled circuit, and the disorder encryption circuit also receives a secret key and disorder input by the client;
and the first obtaining submodule is used for obtaining n pieces of second information output by the disorder encryption circuit, and the n pieces of second information are obtained by encrypting the n pieces of first information by the disorder encryption circuit according to the secret key and then sequencing according to the disorder.
21. The apparatus of claim 19, wherein the first collaborative computing module comprises:
the first generation submodule is used for generating a first public and private key pair subjected to proxy re-encryption, and the first public and private key pair comprises a first public key and a first private key;
the encryption submodule is used for encrypting the n pieces of first information by using the first public key to obtain n pieces of first encrypted data, and the n pieces of first encrypted data can be decrypted by the first private key;
the first sending submodule is used for sending the n pieces of first encrypted data and the first public key to an agent, the agent also receives a second public key sent by the client and obtains the second public key out of order, the second public key is a public key in a second public and private key pair which is generated by the client and is encrypted again by the agent, and the second public and private key pair comprises a second public key and a second private key;
and the second obtaining submodule is used for obtaining n pieces of second information output by the agent, the n pieces of second information are obtained by sequencing second encrypted data according to the disorder after the agent converts the first encrypted data into the second encrypted data based on the encryption state, and the second encrypted data can be decrypted by the second private key.
22. The apparatus of claim 18, further comprising:
the first updating module is used for obtaining m pieces of updated first information when the n pieces of first information are subjected to data updating;
and the second updating module is used for executing pre-calculation based on the updated m pieces of first information and the updated key held by the client side to obtain updated black box data.
23. An introspection query apparatus, applied to a client, the apparatus comprising:
the query word encryption module is used for encrypting the query word based on the held key to obtain a ciphertext query word;
the query word sending module is used for sending the ciphertext query word to a server so that the server queries a ciphertext keyword matched with the ciphertext query word in black box data, the black box data are obtained by performing pre-calculation on the basis of a security calculation protocol according to a key held by the client and n pieces of first information held by the server, the black box data are held by the server, the black box data comprise n pieces of second information, each piece of second information comprises a ciphertext keyword and ciphertext data corresponding to the ciphertext keyword, the n pieces of second information are disorder arrangement of ciphertexts of the n pieces of first information under the key, and disorder used by the disorder arrangement is held by the client or a third party;
and the result receiving module is used for receiving the ciphertext data which is returned by the server and corresponds to the ciphertext keyword matched with the ciphertext query word.
24. The apparatus of claim 23, further comprising:
and the result decryption module is used for decrypting the ciphertext data returned by the server based on the held key to obtain the query result corresponding to the query word.
25. The apparatus of claim 23, further comprising:
and the second cooperative computing module is used for executing multiparty safety computing cooperated with the two parties with the server so that the server obtains the black box data.
26. The apparatus according to claim 25, wherein the second cooperative computing module is specifically configured to generate a key and an out-of-order, and input the key and the out-of-order to an out-of-order encryption circuit, so that the out-of-order encryption circuit encrypts, according to the key, n pieces of first information input by the server and then sorts the n pieces of first information according to the out-of-order to obtain n pieces of second information, the out-of-order encryption circuit is a obfuscation circuit, and the out-of-order encryption circuit further receives the n pieces of first information input by the server and outputs the n pieces of second information to the server.
27. The apparatus of claim 25, wherein the second collaborative computing module comprises:
the second generation submodule is used for generating a second public and private key pair for proxy re-encryption, and the second public and private key pair comprises a second public key and a second private key;
the second sending submodule is used for sending the second public key to an agent, the agent also receives n pieces of first encrypted data sent by the server and obtains disorder, so that the agent converts the first encrypted data into second encrypted data based on an encryption state, sorts the second encrypted data according to the disorder to obtain n pieces of second information, and sends the n pieces of second information to the server; the n pieces of first encrypted data are obtained by encrypting the n pieces of first information by the server side through a first public key, the first public key is a public key in a first public-private key pair generated by the server side and subjected to proxy re-encryption, the first public-private key pair subjected to proxy re-encryption comprises the first public key and a first private key, the n pieces of first encrypted data can be decrypted by the first private key, and the second encrypted data can be decrypted by the second private key.
28. The apparatus of claim 23, further comprising:
the key updating module is used for generating an updated key under the condition that the n pieces of first information of the server side are subjected to data updating to obtain m pieces of updated first information;
and the black box updating module is used for executing pre-calculation based on the updated key and the updated m pieces of first information of the server so that the server obtains updated black box data.
29. An apparatus for implicit query, comprising a memory, and one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by one or more processors, the one or more programs comprising instructions for performing the method of implicit query as claimed in any of claims 1 to 5 or 6 to 11.
30. A machine-readable medium having instructions stored thereon, which when executed by one or more processors of an apparatus, cause the apparatus to perform the introspection query method of any of claims 1 to 5 or 6 to 11.
CN202210660740.2A 2022-06-13 2022-06-13 Method and device for inquiring hiding trace Active CN114756886B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210660740.2A CN114756886B (en) 2022-06-13 2022-06-13 Method and device for inquiring hiding trace

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210660740.2A CN114756886B (en) 2022-06-13 2022-06-13 Method and device for inquiring hiding trace

Publications (2)

Publication Number Publication Date
CN114756886A CN114756886A (en) 2022-07-15
CN114756886B true CN114756886B (en) 2022-08-16

Family

ID=82336642

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210660740.2A Active CN114756886B (en) 2022-06-13 2022-06-13 Method and device for inquiring hiding trace

Country Status (1)

Country Link
CN (1) CN114756886B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115098549B (en) * 2022-08-25 2022-10-28 北京数牍科技有限公司 Fair data track hiding query method, device, equipment and storage medium
CN115168455B (en) * 2022-09-07 2022-12-06 华控清交信息科技(北京)有限公司 Fuzzy query method and device, multi-party security computing system and readable storage medium
CN115269938B (en) * 2022-09-22 2023-02-14 深圳市洞见智慧科技有限公司 Homomorphic encryption-based keyword track hiding query method, system and related device
CN115664723A (en) * 2022-09-30 2023-01-31 蚂蚁区块链科技(上海)有限公司 Method, system, server and client for realizing private information retrieval
CN115408451B (en) * 2022-11-01 2023-01-17 北京信安世纪科技股份有限公司 Confidential trace query method and storage medium
CN115828310B (en) * 2023-02-14 2023-06-09 蓝象智联(杭州)科技有限公司 Data query method and device based on privacy calculation and storage medium
CN115982424B (en) * 2023-03-15 2023-05-12 华控清交信息科技(北京)有限公司 Privacy keyword query method and device and electronic equipment
CN116032667B (en) * 2023-03-29 2023-06-20 深圳市洞见智慧科技有限公司 Online trace query method, system and related equipment supporting efficient update
CN116108496B (en) * 2023-04-13 2023-06-23 北京百度网讯科技有限公司 Method, device, equipment and storage medium for inquiring trace
CN116257887B (en) * 2023-05-16 2023-08-22 建信金融科技有限责任公司 Data query method, device, system, equipment and storage medium
CN117235802B (en) * 2023-11-13 2024-01-26 翼方健数(北京)信息科技有限公司 Condition trace query method, system and medium based on privacy calculation

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102176709A (en) * 2010-12-13 2011-09-07 北京交通大学 Method and device with privacy protection function for data sharing and publishing
CN103914541A (en) * 2014-04-03 2014-07-09 小米科技有限责任公司 Information search method and device
WO2019142268A1 (en) * 2018-01-17 2019-07-25 三菱電機株式会社 Registration device, search operation device, data management device, registration program, search operation program, and data management program
CN111726363A (en) * 2020-06-24 2020-09-29 暨南大学 Attribute-based multi-user connection keyword searchable encryption method
CN113254982A (en) * 2021-07-13 2021-08-13 深圳市洞见智慧科技有限公司 Secret track query method and system supporting keyword query

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102176709A (en) * 2010-12-13 2011-09-07 北京交通大学 Method and device with privacy protection function for data sharing and publishing
CN103914541A (en) * 2014-04-03 2014-07-09 小米科技有限责任公司 Information search method and device
WO2019142268A1 (en) * 2018-01-17 2019-07-25 三菱電機株式会社 Registration device, search operation device, data management device, registration program, search operation program, and data management program
CN111726363A (en) * 2020-06-24 2020-09-29 暨南大学 Attribute-based multi-user connection keyword searchable encryption method
CN113254982A (en) * 2021-07-13 2021-08-13 深圳市洞见智慧科技有限公司 Secret track query method and system supporting keyword query

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
云环境下一种隐私文件分类存储与保护方案;李勇等;《计算机应用研究》;20171212(第11期);全文 *
加密数据库快速关键词查询技术;张曼等;《计算机工程与应用》;20180701(第13期);全文 *

Also Published As

Publication number Publication date
CN114756886A (en) 2022-07-15

Similar Documents

Publication Publication Date Title
CN114756886B (en) Method and device for inquiring hiding trace
US20200145208A1 (en) Method and device for encrypting and decrypting softphone, and computer-readable storage medium
CN107196926B (en) Cloud outsourcing privacy set comparison method and device
CN115967491B (en) Privacy intersection method, system and readable storage medium
CN115396100B (en) Careless random disorganizing method and system based on secret sharing
CN114301594B (en) Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission
CN115396101B (en) Secret sharing based careless disorganizing method and system
US9641328B1 (en) Generation of public-private key pairs
CN112688779B (en) Data processing method and device and data processing device
CN114884645B (en) Privacy calculation method and device and readable storage medium
CN114547668A (en) Secret trace query method and device based on country secret and index confusion
CN114978512B (en) Privacy intersection method and device and readable storage medium
CN109246110B (en) Data sharing method and device and computer readable storage medium
CN112667674A (en) Data processing method and device and data processing device
CN114301609B (en) Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission
CN115941181B (en) Out-of-order secret sharing method, system and readable storage medium
CN117319086A (en) System, method, electronic device and storage medium for inadvertent transmission
CN114885038B (en) Encryption protocol conversion method, result acquisition node and privacy calculation node
CN105120452A (en) Information transmission method, device and system
CN114448631B (en) Multi-party security computing method, system and device for multi-party security computing
CN112671530B (en) Data processing method and device and data processing device
CN114915455A (en) Ciphertext data transmission method and device for ciphertext data transmission
CN113868505A (en) Data processing method and device, electronic equipment, server and storage medium
CN114880691B (en) Character encoding and decoding method and device for character encoding and decoding
Abdulhamid et al. Development of blowfish encryption scheme for secure data storage in public and commercial cloud computing environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant