CN115086027B - Random scrambling method supporting double-server secure access - Google Patents

Random scrambling method supporting double-server secure access Download PDF

Info

Publication number
CN115086027B
CN115086027B CN202210672106.0A CN202210672106A CN115086027B CN 115086027 B CN115086027 B CN 115086027B CN 202210672106 A CN202210672106 A CN 202210672106A CN 115086027 B CN115086027 B CN 115086027B
Authority
CN
China
Prior art keywords
server
data
switching circuit
random number
database
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210672106.0A
Other languages
Chinese (zh)
Other versions
CN115086027A (en
Inventor
李延凯
梁栋
邢航
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Primitive Technology Co ltd
Original Assignee
Beijing Primitive Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Primitive Technology Co ltd filed Critical Beijing Primitive Technology Co ltd
Priority to CN202210672106.0A priority Critical patent/CN115086027B/en
Publication of CN115086027A publication Critical patent/CN115086027A/en
Application granted granted Critical
Publication of CN115086027B publication Critical patent/CN115086027B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention provides a random scrambling method supporting double-server security access, which comprises the following steps: the database owners perform exclusive or sharing on the database data to be stored and send the database data to the double servers, the query users perform exclusive or sharing on the query data and send the query data to the double servers, the double servers perform query according to the query data and return the query results to the query users, after the query results are returned, the double servers perform parameter initialization on the stored database data, and in a query gap, the double servers perform scrambling operation on the stored database data. The random scrambling method supporting the double-server secure access realizes the random scrambling method of the double servers, can protect the confidentiality and the integrity of database data, and can prevent the servers from deducing information about stored data and query data through an access mode.

Description

Random scrambling method supporting double-server secure access
Technical Field
The invention relates to the technical field of data privacy protection based on double servers, in particular to a random scrambling method supporting double-server security access.
Background
Nowadays, due to the continuous maturity of related technologies for cloud server storage, in order to save local storage space, companies, universities or individuals often adopt the form of outsourced storage data, and the data owned by the companies, universities or individuals are outsourced to the cloud server, so that the advantages of high performance and large storage space of the server are utilized to help calculation. However, due to the privacy and confidential nature of the data, a company, college or individual does not want the server to obtain the plaintext data it owns, for example: personal genetic data, corporate customer information, and other privacy data. Therefore, the data are commonly shared by adopting a double-server mode and are respectively stored on two servers, and only the double servers are required to be ensured not to be combined to steal the data, so that the original information cannot be recovered by the single server. Based on the above, two-side secure computing technology is adopted, computation is carried out between two servers, and query information of clients is returned. Although the data is already divided and stored, after the dual server calculates the query information of the client, the returned result leaks the access mode information and the data storage location. By analyzing the access patterns, the dual server can infer information about the stored data, such as: the stored data are genetic data, the genetic data contain a large amount of personal privacy information, the positions of genes also contain related information, and for the leakage of the access mode, a server can deduce what genetic data the positions are through multiple inquiry, so that data leakage is caused. Thus, while ensuring that data owners share and study their data, the dual server also requires some replacement protocols to ensure that access patterns are not compromised.
Currently, some of the techniques in cryptography can be used to solve this problem, such as the same state encryption technique, the confusing random access mechanism, and the trusted execution environment. However, these schemes still have a certain bottleneck, and the homomorphic encryption technology causes larger calculation overhead and lower efficiency; the confusing random access mechanism causes larger communication cost; the existing trusted execution environment still has the risk of side channel attack, so that the existing scheme cannot efficiently realize random scrambling protocols for realizing safe access while protecting the privacy and data security of all participants. It is therefore necessary to devise a random scrambling method that supports secure access to dual servers.
Disclosure of Invention
The invention aims to provide a random scrambling method supporting double-server secure access, which realizes the random scrambling method of double servers, can protect confidentiality and integrity of database data and can prevent servers from deducing information about stored data and query data through an access mode.
In order to achieve the above object, the present invention provides the following solutions:
a random scrambling method supporting dual server security access includes the following steps:
step 1: the database owners exclusive-or share the database data to be stored and send the data to the double servers;
step 2: the query user performs exclusive or sharing on the query data and sends the query data to the double servers, the double servers perform query according to the query data and return the query result to the query user, and after the query result is returned, the double servers perform parameter initialization on the stored database data;
step 3: and in the inquiry gap, the double servers scramble the stored database data.
Optionally, in step 1, the database owner performs exclusive or sharing on the database data to be stored, and sends the data to the dual server, specifically:
database data db= { DB that the database owner owns 1 ,DB 2 ,...,DB n Exclusive or sharing, i.eOne part of the data is sent to a first server in the double servers, and the other part of the data is shared with a second server, namely the first server obtains the data of DB 1 ={<DB 11 ,...,<DB n1 The second server gets < DB > 2 ={<DB 12 ,...,<DB n2 }。
Optionally, in step 3, in the querying gap, the dual server performs scrambling operation on the stored database data, and specifically includes the following steps:
step 301: the first server generates a first exchange circuit, a first permutation function and a first random number set, takes the first random number set and the first permutation function as the input of the first exchange circuit, and sends the first random number set and the first permutation function to the second server;
step 302: the second server generates a second random number set and a second permutation function, takes the second random number set and the second permutation function as the input of the first switching circuit, and finally obtains the random number set after secondary scrambling;
step 303: the first server generates a third random number set and a second exchange circuit, takes the third random number set and the first permutation function as the input of the second exchange circuit, and sends the third random number set and the first permutation function to the second server;
step 304: the second server calculates exclusive OR results of the data of the database owned by the second server and the second random number set, takes the exclusive OR results as the input of a second switching circuit, generates a third switching circuit, takes the output of the second switching circuit as the input of the third switching circuit, and sends the output of the second switching circuit to the first server;
step 305: the first server judges the third exchange circuit, if the judgment is correct, the first server calculates exclusive OR results of the data base, the first random number set and the third random number set, and takes the exclusive OR results as input of the third exchange circuit, the first server and the second server respectively obtain new data base data to finish random scrambling operation, and if the judgment is wrong, the operation is stopped.
Optionally, in step 301, the first server generates a first switching circuit, a first permutation function, and a first set of random numbers, and the first server uses the first set of random numbers and the first permutation function as inputs of the first switching circuit and sends the first set of random numbers and the first permutation function to the second server, specifically:
first server generates first switched circuit C based on Yao Shi garbled circuit protocol and Wackmann network 1 The first server generates a first random number set u= { u equal to the data quantity of the database 1 ,...,u n A first set of random numbers u= { u }, where 1 ,...,u n The random numbers in the sequence are all randomly generated, and the first server generates a first permutation function pi 1 Wherein the first permutation function pi 1 Is n-! The first server gathers the first random number u= { u 1 ,...,u n First permutation function pi 1 As a means ofFirst switching circuit C 1 And will first switch circuit C 1 And sending the message to a second server.
Optionally, in step 302, the second server generates a second set of random numbers and a second permutation function, and uses the second set of random numbers and the second permutation function as input of the first switching circuit, so as to finally obtain the set of random numbers after the second scrambling, specifically:
the second server generates a second random number set r= { r equal to the data quantity of the database 1 ,...,r n Second permutation function pi for permutation 2 Wherein the random numbers in the second random number set are randomly generated, and the second permutation function pi 2 Is n-! The second server sets a second random number r= { r 1 ,...,r n As received first switching circuit C 1 After circuit operation, the second server obtains the random number set after scrambling asBy a second permutation function pi 2 Scrambling the random number to obtain a random number set of +.>
Optionally, in step 303, the first server generates a third set of random numbers and a second switching circuit, uses the third set of random numbers and the first permutation function as inputs of the second switching circuit, and sends the third set of random numbers and the first permutation function to the second server, specifically:
first server generates second switching circuit C based on Yao Shi garbled circuit protocol and Wackmann network 2 The first server generates a third random number set v= { v equal to the data quantity of the database 1 ,...,v n A third set of random numbers v= { v 1 ,...,v n The random numbers in the first random number set v= { v 1 ,...,v n First permutation function pi 1 As a second switching powerRoad C 2 And will second switching circuit C 2 And sending the message to a second server.
Optionally, in step 304, the second server calculates the exclusive or result of the database data and the second random number set, and uses the exclusive or result as the input of the second switching circuit, the second server generates a third switching circuit, uses the output of the second switching circuit as the input of the third switching circuit, and sends the output of the second switching circuit to the first server, specifically:
the second server calculates the data of the data database owned by the second server < DB > 2 A second set of random numbers r= { r 1 ,...,r n Exclusive or result, i.eAnd uses the exclusive-or result as the second switching circuit C 2 Is calculated as:
the second server generates a third switching circuit C based on Yao Shi garbled circuit protocol and a Wackmann network 3 And the third switching circuit C 3 Is set to a second permutation function pi 2 Second switching circuit C 2 Is the output of the third switching circuit C 3 And will third switching circuit C 3 And sending the data to the first server.
Optionally, in step 305, the first server determines the third switching circuit, if the determination is correct, the first server calculates the exclusive or result of the database data, the first random number set and the third random number set, and uses the exclusive or result as the input of the third switching circuit, the first server and the second server respectively obtain new database data, and complete the random scrambling operation, if the determination is incorrect, the operation is stopped, specifically:
first server pair third switching circuit C 3 Judging whether the input is n data, if n data, the firstThe server calculates the data of the database owned by the server, and the first random number set u= { u 1 ,...,u n Third random number set v= { v 1 ,...,v n Exclusive or result of }, i.e.:
will exclusive-or resultAs the third switching circuit C 3 Is calculated:
obtainingAfter the replacement is completed, the first server gets +.>The second server gets->Respectively serving as new shared data of the database to finish random scrambling operation, and judging the received third switching circuit C if the input is not n data 3 And (5) making an error and stopping operation.
According to the specific embodiment provided by the invention, the invention discloses the following technical effects: the invention provides a random scrambling method supporting dual-server secure access, which comprises that a database owner performs exclusive-or sharing on database data to be stored and sends the database data to a dual server, a query user performs exclusive-or sharing on query data and sends the query data to the dual server, the dual server performs query according to the query data and returns a query result to the query user, after the query is completed, the dual server performs parameter initialization on the stored database data, the first server generates a first exchange circuit, a first permutation function and a first random number set, the first server takes the first random number set and the first permutation function as input of the first exchange circuit and sends the first random number set and the first permutation function to a second server, the second server generates a second random number set and a second permutation function, takes the second random number set and the second permutation function as input of the first exchange circuit, finally, a random number set after secondary scrambling is obtained, the first server generates a third random number set and a second exchange circuit, the third random number set and the first replacement function are used as the input of the second exchange circuit and are sent to the second server, the second server calculates exclusive OR results of database data owned by the second server and the second random number set and is used as the input of the second exchange circuit, the second server generates a third exchange circuit, the output of the second exchange circuit is used as the input of the third exchange circuit and is sent to the first server, the first server judges the third exchange circuit, if judging is successful, the first server takes the received calculation result of the third exchange circuit as a new analysis of the replaced database, if judging is failed, stopping; the method can realize a random scrambling method of the double servers, can protect confidentiality and integrity of data, prevent the servers from deducing information about stored data and query data through access modes, realize the replacement between the double servers by using a garbled circuit and a replacement network, has high calculation efficiency, can enable the double servers to finish scrambling operation in a query gap, and can finish efficient random scrambling while not losing the efficiency of the servers responding to query user information, thereby ensuring the safety of the data.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the drawings that are needed in the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic flow chart of a random scrambling method supporting dual server security access according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a scrambling operation performed by a dual server on stored database data;
FIG. 3 is a schematic diagram of a system architecture used in a random scrambling method supporting dual server security access according to an embodiment of the present invention.
Fig. 4 is a diagram illustrating a circuit-switched design.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The invention aims to provide a random scrambling method supporting double-server secure access, which realizes the random scrambling method of double servers, can protect confidentiality and integrity of database data and can prevent servers from deducing information about stored data and query data through an access mode.
In order that the above-recited objects, features and advantages of the present invention will become more readily apparent, a more particular description of the invention will be rendered by reference to the appended drawings and appended detailed description.
As shown in fig. 1 and fig. 3, the random scrambling method supporting dual server security access provided by the embodiment of the invention includes the following steps:
step 1: the database owners exclusive-or share the database data to be stored and send the data to the double servers;
step 2: the query user performs exclusive or sharing on the query data and sends the query data to the double servers, the double servers perform query according to the query data and return the query result to the query user, and after the query result is returned, the double servers perform parameter initialization on the stored database data;
step 3: and in the inquiry gap, the double servers scramble the stored database data.
In the process of realizing data query under the data query scene based on the double servers, the invention not only protects the privacy and data security of all the participants, but also randomly scrambles the stored data by the servers, thereby ensuring that the servers cannot infer information about the database and query data through a data access mode.
In step 1, the database owner performs exclusive or sharing on the database data to be stored, and sends the data to the dual server, specifically:
database data db= { DB that the database owner owns 1 ,DB 2 ,...,DB n Exclusive or sharing, i.eOne part of the data is sent to a first server in the double servers, and the other part of the data is shared with a second server, namely the first server obtains the data of DB 1 ={<DB 11 ,...,<DB n1 The second server gets < DB > 2 ={<DB 12 ,...,<DB n2 }。
In step 2, the query user performs exclusive or sharing on the query data, and sends the query data to the dual server, the dual server performs query according to the query data, and returns the query result to the query user, and after the query is completed, the dual server performs parameter initialization on the stored database data, specifically:
the query user performs exclusive or sharing on the query data and sends the query data to the double servers, the first server and the second server of the double servers execute two-party computing protocols, the query result of the user is returned, and after the return is finished, the double servers perform parameter initialization on the stored database data.
When the server finishes scrambling the data, the server responds to the other inquiry requests of the clients, so that the server is prevented from deducing the information of the database through multiple accesses and the accessed positions of the clients.
As shown in fig. 2, in step 3, in the inquiry gap, the dual server performs scrambling operation on the stored database data, and specifically includes the following steps:
step 301: the first server generates a first exchange circuit, a first permutation function and a first random number set, takes the first random number set and the first permutation function as the input of the first exchange circuit, and sends the first random number set and the first permutation function to the second server;
step 302: the second server generates a second random number set and a second permutation function, takes the second random number set and the second permutation function as the input of the first switching circuit, and finally obtains the random number set after secondary scrambling;
step 303: the first server generates a third random number set and a second exchange circuit, takes the third random number set and the first permutation function as the input of the second exchange circuit, and sends the third random number set and the first permutation function to the second server;
step 304: the second server calculates exclusive OR results of the data of the database owned by the second server and the second random number set, takes the exclusive OR results as the input of a second switching circuit, generates a third switching circuit, takes the output of the second switching circuit as the input of the third switching circuit, and sends the output of the second switching circuit to the first server;
step 305: the first server judges the third exchange circuit, if the judgment is correct, the first server calculates exclusive OR results of the data base, the first random number set and the third random number set, and takes the exclusive OR results as input of the third exchange circuit, the first server and the second server respectively obtain new data base data to finish random scrambling operation, and if the judgment is wrong, the operation is stopped.
In step 301, a first server generates a first switching circuit, a first permutation function, and a first set of random numbers, and the first server uses the first set of random numbers and the first permutation function as inputs of the first switching circuit and sends the first set of random numbers and the first permutation function to a second server, specifically:
as shown in fig. 4The first server generates a first switched circuit C based on Yao Shi garbled circuit protocol (Yao's Garbled Circuit) and a wakman Network (wakman Network) 1 The n data can be replaced according to the preset replacement function under the condition that the intermediate result is not leaked, and the first server generates a first random number set u= { u which is equal to the data quantity of the database 1 ,...,u n A first set of random numbers u= { u }, where 1 ,...,u n The random numbers in the sequence are all randomly generated, and the first server generates a first permutation function pi 1 Wherein the first permutation function pi 1 Is n-! The first server gathers the first random number u= { u 1 ,...,u n First permutation function pi 1 As the first switching circuit C 1 And will first switch circuit C 1 And sending the message to a second server.
In step 302, the second server generates a second set of random numbers and a second permutation function, and uses the second set of random numbers and the second permutation function as inputs of the first switching circuit to finally obtain a set of random numbers after secondary scrambling, specifically:
the second server generates a second random number set r= { r equal to the data quantity of the database 1 ,...,r n Second permutation function pi for permutation 2 Wherein the random numbers in the second random number set are randomly generated, and the second permutation function pi 2 Is n-! The second server sets a second random number r= { r 1 ,...,r n As received first switching circuit C 1 After circuit operation, the second server obtains the random number set after scrambling asBy a second permutation function pi 2 Scrambling the random number to obtain a random number set of +.>
In step 303, the first server generates a third set of random numbers and a second switching circuit, uses the third set of random numbers and the first permutation function as inputs of the second switching circuit, and sends them to the second server, specifically:
first server generates second switching circuit C based on Yao Shi garbled circuit protocol and Wackmann network 2 The first server generates a third random number set v= { v equal to the data quantity of the database 1 ,...,v n A third set of random numbers v= { v 1 ,...,v n The random numbers in the first random number set v= { v 1 ,...,v n First permutation function pi 1 As the second switching circuit C 2 And will second switching circuit C 2 And sending the message to a second server.
In step 304, the second server calculates the exclusive or result of the database data and the second random number set, and uses the exclusive or result as the input of the second switching circuit, the second server generates a third switching circuit, uses the output of the second switching circuit as the input of the third switching circuit, and sends the output of the second switching circuit to the first server, specifically:
the second server calculates the data of the data database owned by the second server < DB > 2 A second set of random numbers r= { r 1 ,...,r n Exclusive or result, i.eAnd uses the exclusive-or result as the second switching circuit C 2 Is calculated as:
the second server generates a third switching circuit C based on Yao Shi garbled circuit protocol and a Wackmann network 3 And the third switching circuit C 3 Is set to a second permutation function pi 2 Second switching circuit C 2 Is the output of the third switching circuit C 3 And will third switching circuit C 3 And sending the data to the first server.
In step 305, the first server determines the third switching circuit, if the determination is correct, the first server calculates the exclusive or result of the database data, the first random number set and the third random number set, and uses the exclusive or result as the input of the third switching circuit, the first server and the second server respectively obtain new database data, and complete the random scrambling operation, if the determination is incorrect, the operation is stopped, specifically:
first server pair third switching circuit C 3 Judging whether the input is n data, if n data are input, the first server calculates the data of the database owned by the first server and the first random number set u= { u 1 ,...,u n Third random number set v= { v 1 ,...,v n Exclusive or result of }, i.e.:
will exclusive-or resultAs the third switching circuit C 3 Is calculated:
obtainingAfter the replacement is completed, the first server gets +.>The second server gets->Respectively serving as new shared data of the database to finish random scramblingIn operation, if the input is not n data, the third switching circuit C is judged to be received 3 And (5) making an error and stopping operation.
The invention provides a random scrambling method supporting dual-server secure access, which comprises that a database owner performs exclusive-or sharing on database data to be stored and sends the database data to a dual server, a query user performs exclusive-or sharing on query data and sends the query data to the dual server, the dual server performs query according to the query data and returns a query result to the query user, after the query is completed, the dual server performs parameter initialization on the stored database data, the first server generates a first exchange circuit, a first permutation function and a first random number set, the first server takes the first random number set and the first permutation function as input of the first exchange circuit and sends the first random number set and the first permutation function to a second server, the second server generates a second random number set and a second permutation function, takes the second random number set and the second permutation function as input of the first exchange circuit, finally, a random number set after secondary scrambling is obtained, the first server generates a third random number set and a second exchange circuit, the third random number set and the first replacement function are used as the input of the second exchange circuit and are sent to the second server, the second server calculates exclusive OR results of database data owned by the second server and the second random number set and is used as the input of the second exchange circuit, the second server generates a third exchange circuit, the output of the second exchange circuit is used as the input of the third exchange circuit and is sent to the first server, the first server judges the third exchange circuit, if judging is successful, the first server takes the received calculation result of the third exchange circuit as a new analysis of the replaced database, if judging is failed, stopping; the method can realize a random scrambling method of the double servers, can protect confidentiality and integrity of data, prevent the servers from deducing information about stored data and query data through access modes, realize the replacement between the double servers by using a garbled circuit and a replacement network, has high calculation efficiency, can enable the double servers to finish scrambling operation in a query gap, and can finish efficient random scrambling while not losing the efficiency of the servers responding to query user information, thereby ensuring the safety of the data.
The principles and embodiments of the present invention have been described herein with reference to specific examples, the description of which is intended only to assist in understanding the methods of the present invention and the core ideas thereof; also, it is within the scope of the present invention to be modified by those of ordinary skill in the art in light of the present teachings. In view of the foregoing, this description should not be construed as limiting the invention.

Claims (7)

1. A random scrambling method supporting secure access of dual servers, comprising the steps of:
step 1: the database owners exclusive-or share the database data to be stored and send the data to the double servers;
step 2: the query user performs exclusive or sharing on the query data and sends the query data to the double servers, the double servers perform query according to the query data and return the query result to the query user, and after the query result is returned, the double servers perform parameter initialization on the stored database data;
step 3: in the inquiry gap, the double servers scramble the stored database data;
step 301: the first server generates a first exchange circuit, a first permutation function and a first random number set, takes the first random number set and the first permutation function as the input of the first exchange circuit, and sends the first random number set and the first permutation function to the second server;
step 302: the second server generates a second random number set and a second permutation function, takes the second random number set and the second permutation function as the input of the first switching circuit, and finally obtains the random number set after secondary scrambling;
step 303: the first server generates a third random number set and a second exchange circuit, takes the third random number set and the first permutation function as the input of the second exchange circuit, and sends the third random number set and the first permutation function to the second server;
step 304: the second server calculates exclusive OR results of the data of the database owned by the second server and the second random number set, takes the exclusive OR results as the input of a second switching circuit, generates a third switching circuit, takes the output of the second switching circuit as the input of the third switching circuit, and sends the output of the second switching circuit to the first server;
step 305: the first server judges the third exchange circuit, if the judgment is correct, the first server calculates exclusive OR results of the data base, the first random number set and the third random number set, and takes the exclusive OR results as input of the third exchange circuit, the first server and the second server respectively obtain new data base data to finish random scrambling operation, and if the judgment is wrong, the operation is stopped.
2. The random scrambling method for supporting dual server secure access according to claim 1, wherein in step 1, the database owner performs exclusive or sharing on the database data to be stored, and sends the data to the dual server, specifically:
database data db= { DB that the database owner owns 1 ,DB 2 ,...,DB n Exclusive or sharing, i.eOne part of the data is sent to a first server in the double servers, and the other part of the data is shared with a second server, namely the first server obtains the data of DB 1 ={<DB 11 ,...,<DB n1 The second server gets < DB > 2 ={<DB 12 ,...,<DB n2 }。
3. The random scrambling method of claim 2, wherein in step 301, the first server generates a first switching circuit, a first permutation function, and a first set of random numbers, and the first server uses the first set of random numbers and the first permutation function as inputs of the first switching circuit and sends them to the second server, specifically:
first server generates first switched circuit C based on Yao Shi garbled circuit protocol and Wackmann network 1 The first server generates a first random number set u= { u equal to the data quantity of the database 1 ,...,u n A first set of random numbers u= { u }, where 1 ,...,u n The random numbers in the sequence are all randomly generated, and the first server generates a first permutation function pi 1 Wherein the first permutation function pi 1 Is n-! The first server gathers the first random number u= { u 1 ,...,u n First permutation function pi 1 As the first switching circuit C 1 And will first switch circuit C 1 And sending the message to a second server.
4. The random scrambling method for supporting dual server security access according to claim 3, wherein in step 302, the second server generates a second set of random numbers and a second permutation function, and uses the second set of random numbers and the second permutation function as input of the first switching circuit, so as to finally obtain a set of random numbers after secondary scrambling, specifically:
the second server generates a second random number set r= { r equal to the data quantity of the database 1 ,...,r n Second permutation function pi for permutation 2 Wherein the random numbers in the second random number set are randomly generated, and the second permutation function pi 2 Is n-! The second server sets a second random number r= { r 1 ,...,r n As received first switching circuit C 1 After circuit operation, the second server obtains the random number set after scrambling asBy a second permutation function pi 2 Scrambling the random number to obtain a random number set of +.>
5. The method of claim 4, wherein in step 303, the first server generates a third set of random numbers and a second switching circuit, takes the third set of random numbers and the first permutation function as inputs of the second switching circuit, and sends the third set of random numbers and the first permutation function to the second server, specifically:
first server generates second switching circuit C based on Yao Shi garbled circuit protocol and Wackmann network 2 The first server generates a third random number set v= { v equal to the data quantity of the database 1 ,...,v n A third set of random numbers v= { v 1 ,...,v n The random numbers in the first random number set v= { v 1 ,...,v n First permutation function pi 1 As the second switching circuit C 2 And will second switching circuit C 2 And sending the message to a second server.
6. The method according to claim 5, wherein in step 304, the second server calculates the exclusive or result of the database data and the second random number set, and uses the exclusive or result as the input of the second switching circuit, and the second server generates the third switching circuit, uses the output of the second switching circuit as the input of the third switching circuit, and sends the output of the third switching circuit to the first server, specifically:
the second server calculates the database data < DB > -owned by the second server 2 A second set of random numbers r= { r 1 ,...,r n Exclusive or result, i.eAnd uses the exclusive-or result as the second switching circuit C 2 Is calculated as:
the second server generates a third switching circuit C based on Yao Shi garbled circuit protocol and a Wackmann network 3 And the third switching circuit C 3 Is set to a second permutation function pi 2 Second switching circuit C 2 Is the output of the third switching circuit C 3 And will third switching circuit C 3 And sending the data to the first server.
7. The method of claim 6, wherein in step 305, the first server determines the third switching circuit, if the determination is correct, the first server calculates the exclusive or result of the database data, the first set of random numbers and the third set of random numbers owned by the first server, and uses the exclusive or result as the input of the third switching circuit, the first server and the second server obtain new database data respectively, complete the random scrambling operation, and if the determination is incorrect, stop the operation, specifically:
first server pair third switching circuit C 3 Judging whether the input is n data, if n data are input, the first server calculates the data of the database owned by the first server and the first random number set u= { u 1 ,...,u n Third random number set v= { v 1 ,...,v n Exclusive or result of }, i.e.:
will exclusive-or resultAs the third switching circuit C 3 Is calculated:
obtainingAfter the replacement is completed, the first server gets +.>The second server gets->Respectively serving as new shared data of the database to finish random scrambling operation, and judging the received third switching circuit C if the input is not n data 3 And (5) making an error and stopping operation.
CN202210672106.0A 2022-06-14 2022-06-14 Random scrambling method supporting double-server secure access Active CN115086027B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210672106.0A CN115086027B (en) 2022-06-14 2022-06-14 Random scrambling method supporting double-server secure access

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210672106.0A CN115086027B (en) 2022-06-14 2022-06-14 Random scrambling method supporting double-server secure access

Publications (2)

Publication Number Publication Date
CN115086027A CN115086027A (en) 2022-09-20
CN115086027B true CN115086027B (en) 2024-02-13

Family

ID=83252305

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210672106.0A Active CN115086027B (en) 2022-06-14 2022-06-14 Random scrambling method supporting double-server secure access

Country Status (1)

Country Link
CN (1) CN115086027B (en)

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104883370A (en) * 2015-06-03 2015-09-02 上海交通大学 Spatial data safety system based on access mode protection
CN110427762A (en) * 2019-07-23 2019-11-08 湖南匡安网络技术有限公司 A kind of encryption and decryption approaches for realizing the transmission of electric power monitoring system Video security
CN112037870A (en) * 2020-07-20 2020-12-04 北京航空航天大学 Double-server light searchable encryption method and system supporting data partitioning
CN112966281A (en) * 2021-03-19 2021-06-15 西安电子科技大学 Privacy protection association rule mining method based on sparse data set

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2014119486A (en) * 2012-12-13 2014-06-30 Hitachi Solutions Ltd Secret retrieval processing system, secret retrieval processing method, and secret retrieval processing program

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104883370A (en) * 2015-06-03 2015-09-02 上海交通大学 Spatial data safety system based on access mode protection
CN110427762A (en) * 2019-07-23 2019-11-08 湖南匡安网络技术有限公司 A kind of encryption and decryption approaches for realizing the transmission of electric power monitoring system Video security
CN112037870A (en) * 2020-07-20 2020-12-04 北京航空航天大学 Double-server light searchable encryption method and system supporting data partitioning
CN112966281A (en) * 2021-03-19 2021-06-15 西安电子科技大学 Privacy protection association rule mining method based on sparse data set

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
关于大数据下动态数据安全传输仿真;严伟中;;计算机仿真(第02期);全文 *
基于安卓平台的多云存储系统;孔琰;赵帅兵;刘若琳;梁爽;庄园;冯世舫;王刚;刘晓光;李忠伟;;计算机应用(第S1期);全文 *
基于混沌理论的网络多媒体信息安全保密的研究;黄剑, 张小红;南方冶金学院学报(第04期);全文 *

Also Published As

Publication number Publication date
CN115086027A (en) 2022-09-20

Similar Documents

Publication Publication Date Title
Ganapathy A secured storage and privacy-preserving model using CRT for providing security on cloud and IoT-based applications
US10616186B2 (en) Data tokenization
Tsai et al. Novel anonymous authentication scheme using smart cards
CN103493427B (en) Method and apparatus for the discovery of security association
EP4343597A1 (en) Method, apparatus and system for acquiring data authorization
US20020106085A1 (en) Security breach management
CA3107237C (en) Key generation for use in secured communication
KR20210139344A (en) Methods and devices for performing data-driven activities
EP1995908B1 (en) Method, system, apparatus and bsf entity for preventing bsf entity from attack
US11595365B1 (en) Method and apparatus for third-party managed data transference and corroboration via tokenization
Kulkarni et al. Security frameworks for mobile cloud computing: A survey
Olakanmi et al. A certificateless keyword searchable encryption scheme in multi‐user setting for fog‐enhanced Industrial Internet of Things
Lin et al. Secure deduplication schemes for content delivery in mobile edge computing
CN115086027B (en) Random scrambling method supporting double-server secure access
JP4133215B2 (en) Data division method, data restoration method, and program
CN115473655B (en) Terminal authentication method, device and storage medium for access network
Kwon et al. Efficient key exchange and authentication protocols protecting weak secrets
Audithan et al. Anonymous authentication for secure mobile agent based internet business
Wu et al. Verified CSAC-based CP-ABE access control of cloud storage in SWIM
CN111031075B (en) Network service security access method, terminal, system and readable storage medium
CN116418602B (en) Metadata protection anonymous communication method and system based on trusted hardware
CN115996210B (en) Address port hopping method of source variable mode
Gupta et al. An efficient scheme to secure cloud with diversified fortified mechanisms
Karabulut-Kurt et al. Privacy-Preserving Authentication Scheme for Connected Autonomous Vehicles
Jiang et al. Computer Data Security and Encryption Algorithm Based on Mobile Edge Computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant