CN117033466A - Encryption query method, device, storage medium and apparatus - Google Patents

Encryption query method, device, storage medium and apparatus Download PDF

Info

Publication number
CN117033466A
CN117033466A CN202311049380.3A CN202311049380A CN117033466A CN 117033466 A CN117033466 A CN 117033466A CN 202311049380 A CN202311049380 A CN 202311049380A CN 117033466 A CN117033466 A CN 117033466A
Authority
CN
China
Prior art keywords
encryption
query
encryption algorithm
data
target
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311049380.3A
Other languages
Chinese (zh)
Inventor
叶可可
关志
方有轩
赖思为
赵思远
潘晓丰
王雪龙
陈钟
王珂
王启奡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Peking University
China Mobile Communications Group Co Ltd
China Mobile Information Technology Co Ltd
Original Assignee
Peking University
China Mobile Communications Group Co Ltd
China Mobile Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Peking University, China Mobile Communications Group Co Ltd, China Mobile Information Technology Co Ltd filed Critical Peking University
Priority to CN202311049380.3A priority Critical patent/CN117033466A/en
Publication of CN117033466A publication Critical patent/CN117033466A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/27Replication, distribution or synchronisation of data between databases or within a distributed database system; Distributed database system architectures therefor
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Abstract

The invention belongs to the technical field of data processing, and discloses an encryption query method, equipment, a storage medium and a device, wherein the method is used for acquiring a query request based on a preset query engine; selecting a target encryption algorithm from preset comprehensive encryption algorithms according to the data type corresponding to the query request; according to the method, the encrypted data on the chain support complex query processing operation, the privacy security of the user data is improved, and meanwhile, the efficient query of the encrypted content on the chain is supported.

Description

Encryption query method, device, storage medium and apparatus
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to an encryption query method, an encryption query device, a storage medium, and an encryption query device.
Background
Currently, blockchain technology is widely used, such as supply chain management, digital content rights verification, inter-enterprise large-scale data consensus, and the like. Blockchain technology, while supported by modern cryptographic algorithms, stores data on the chain in plaintext form, while doing so gives blockchain transparency, sacrifices privacy for the individual parties. The existing on-chain data privacy protection scheme is directly encrypted by using a trusted hardware execution environment or a cryptographic algorithm, wherein the trusted hardware execution environment is limited by the scarce memory capacity of the trusted execution environment and cannot be accessed in a large scale, and the cryptographic algorithm is limited by the content of the encrypted data and cannot execute query operation, so to speak of complex query processing.
The foregoing is provided merely for the purpose of facilitating understanding of the technical solutions of the present invention and is not intended to represent an admission that the foregoing is prior art.
Disclosure of Invention
The invention mainly aims to provide an encryption query method, equipment, a storage medium and a device, and aims to solve the technical problems of poor safety and low query efficiency caused by various defects of a data protection scheme on a block chain in the prior art.
In order to achieve the above object, the present invention provides an encryption inquiry method, comprising the steps of:
acquiring a query request based on a preset query engine;
selecting a target encryption algorithm from preset comprehensive encryption algorithms according to the data type corresponding to the query request;
encrypting the query request according to the target encryption algorithm, and querying target data according to an encryption result.
Optionally, the step of selecting the target encryption algorithm from the preset comprehensive encryption algorithms according to the data type corresponding to the query request includes:
if the data type corresponding to the plaintext data in the query request is a character string type, selecting a searchable encryption algorithm from preset comprehensive encryption algorithms as a target encryption algorithm;
and if the data type corresponding to the plaintext data in the query request is an integer type or a floating point type, selecting a deterministic encryption algorithm, a sequence-preserving encryption algorithm or an addition homomorphic encryption algorithm from a preset comprehensive encryption algorithm as a target encryption algorithm.
Optionally, if the data type corresponding to the plaintext data in the query request is an integer type or a floating point type, selecting a deterministic encryption algorithm, a sequence-preserving encryption algorithm or an addition homomorphic encryption algorithm from a preset comprehensive encryption algorithm as the target encryption algorithm, including:
if the data type corresponding to the plaintext data in the query request is an integer type or a floating point type, acquiring a query state type corresponding to the query request;
and selecting a deterministic encryption algorithm, a sequence-preserving encryption algorithm or an addition homomorphic encryption algorithm from a preset comprehensive encryption algorithm according to the query state type as a target encryption algorithm.
Optionally, the step of selecting the deterministic encryption algorithm, the order-preserving encryption algorithm or the addition homomorphic encryption algorithm from the preset comprehensive encryption algorithm as the target encryption algorithm according to the query state type includes:
if the query state type is equivalent query, selecting a deterministic encryption algorithm from preset comprehensive encryption algorithms as a target encryption algorithm;
if the query state type is interval query or sequencing request, selecting a sequence-preserving encryption algorithm from a preset comprehensive encryption algorithm as a target encryption algorithm;
and if the query state is addition update or multiplication update, selecting an addition homomorphic encryption algorithm from a preset comprehensive encryption algorithm as a target encryption algorithm.
Optionally, the step of encrypting the query request according to the target encryption algorithm and querying target data according to an encryption result includes:
semantic segmentation is carried out on plaintext data in the query request, and a segmentation result is obtained;
screening redundant keywords in the segmentation result, and disturbing the screened keywords to obtain target keyword information;
encrypting the target keyword information according to the searchable encryption algorithm and a preset random number stream cipher encryption method, and inquiring target data according to an encryption result.
Optionally, the step of querying the target data according to the encryption result includes:
acquiring target encrypted state data from the block chain according to an encrypted ciphertext in an encrypted result;
and decrypting the target secret state data to obtain target data.
Optionally, the step of decrypting the target secret data to obtain target data includes:
decrypting the random number stream cipher and the target encryption algorithm contained in the target secret state data to obtain a decryption result;
and determining target data according to the decryption result.
In addition, in order to achieve the above object, the present invention also proposes an encryption inquiry apparatus including a memory, a processor, and an encryption inquiry program stored on the memory and executable on the processor, the encryption inquiry program being configured to implement the steps of encryption inquiry as described above.
In addition, in order to achieve the above object, the present invention also proposes a storage medium having stored thereon an encryption inquiry program which, when executed by a processor, implements the steps of the encryption inquiry method as described above.
In addition, in order to achieve the above object, the present invention also proposes an encryption inquiry apparatus, including:
the request acquisition module is used for acquiring a query request based on a preset query engine;
the algorithm determining module is used for selecting a target encryption algorithm from preset comprehensive encryption algorithms according to the data type corresponding to the query request;
and the encryption query module is used for encrypting the query request according to the target encryption algorithm and querying target data according to an encryption result.
The method comprises the steps of obtaining a query request based on a preset query engine; selecting a target encryption algorithm from preset comprehensive encryption algorithms according to the data type corresponding to the query request; according to the method, the encrypted data on the chain support complex query processing operation, the privacy security of the user data is improved, and meanwhile, the efficient query of the encrypted content on the chain is supported.
Drawings
FIG. 1 is a schematic diagram of the structure of an encryption query device in a hardware operating environment according to an embodiment of the present invention;
FIG. 2 is a flowchart of a first embodiment of the encryption query method of the present invention;
FIG. 3 is a schematic diagram of an architecture for performing complex query processing on encrypted data on a chain according to a first embodiment of the encryption query method of the present invention;
FIG. 4 is a diagram of multi-layer encrypted data according to a first embodiment of the encryption query method of the present invention;
FIG. 5 is a flowchart of a second embodiment of the encryption query method of the present invention;
FIG. 6 is a schematic diagram of an encryption query flow chart of a second embodiment of the encryption query method of the present invention;
fig. 7 is a block diagram of a first embodiment of the encryption inquiry apparatus of the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
Referring to fig. 1, fig. 1 is a schematic structural diagram of an encryption query device in a hardware running environment according to an embodiment of the present invention.
As shown in fig. 1, the encryption inquiry apparatus may include: a processor 1001, such as a central processing unit (Central Processing Unit, CPU), a communication bus 1002, a user interface 1003, a network interface 1004, a memory 1005. Wherein the communication bus 1002 is used to enable connected communication between these components. The user interface 1003 may include a Display (Display), and the optional user interface 1003 may also include a standard wired interface, a wireless interface, and the wired interface for the user interface 1003 may be a USB interface in the present invention. The network interface 1004 may optionally include a standard wired interface, a Wireless interface (e.g., a Wireless-Fidelity (Wi-Fi) interface). The Memory 1005 may be a high-speed random access Memory (Random Access Memory, RAM) or a stable Memory (NVM), such as a disk Memory. The memory 1005 may also optionally be a storage device separate from the processor 1001 described above.
Those skilled in the art will appreciate that the structure shown in fig. 1 does not constitute a limitation of the encryption query apparatus, and may include more or fewer components than shown, or may combine certain components, or may be arranged in a different arrangement of components.
As shown in fig. 1, an operating system, a network communication module, a user interface module, and an encrypted query program may be included in a memory 1005, which is considered to be one type of computer storage medium.
In the encryption query device shown in fig. 1, the network interface 1004 is mainly used for connecting to a background server, and performing data communication with the background server; the user interface 1003 is mainly used for connecting user equipment; the encryption inquiry apparatus calls an encryption inquiry program stored in the memory 1005 through the processor 1001 and executes the encryption inquiry method provided by the embodiment of the present invention.
Based on the above hardware structure, an embodiment of the encryption query method of the present invention is provided.
Referring to fig. 2, fig. 2 is a flowchart of a first embodiment of the encryption query method according to the present invention, and the first embodiment of the encryption query method according to the present invention is provided.
In this embodiment, the encryption query method includes the following steps:
step S10: and acquiring a query request based on a preset query engine.
It should be noted that, the execution body in this embodiment may be a device including a data encryption query system including a blockchain and a query agent (query engine), such as: the computer, tablet, mobile phone or notebook may be any other device capable of implementing the same or similar functions, which is not limited in this embodiment. In this embodiment and the following embodiments, a computer is used as an example to describe the encryption inquiry method of the present invention.
It should be appreciated that the preset query engine may be a preset program for querying, where the solution consists of two parts, a query agent and a blockchain, each node running the query agent in addition to participating in blockchain consensus, requests from clients being processed by the query agent. This scheme is based on the assumption that any one of the consensus nodes is a malicious adversary, i.e. they may use a behaviour that does not follow the protocol to obtain as much private data as possible, this security assumption being in line with realistic demands, for example: the nodes are operated by the participants which are not trusted and have collision in interests, and have strong motivation to sniff private data of the other parties. Thanks to the consensus mechanism, the blockchain technique can operate normally in the presence of no more than half of malicious nodes in the network. Therefore, the security of the blockchain part does not need to pay extra attention, only the security of the query agency needs to be ensured, the method of the invention ensures the confidentiality and the integrity of data by placing the query agency into a hardware trusted execution environment to run, and the method can concretely refer to the architecture schematic diagram of the on-chain encrypted data execution complex query processing shown in fig. 3.
It can be appreciated that the query request may be a query request instruction issued by the user, and in the plaintext space, the user sends the content that needs to be queried to the blockchain server. And then, the server retrieves according to the data, and finally, the retrieval result is returned to the user. Since both the user data and the query are stored in plaintext form on the blockchain server, leakage of the user data and the query-related information will result. To protect the privacy of the data, the user chooses to encrypt the data before uploading it to the blockchain for storage and computation.
Step S20: and selecting a target encryption algorithm from preset comprehensive encryption algorithms according to the data type corresponding to the query request.
It should be noted that, the data type corresponding to the query request may be a constant data type in the content to be queried in the query request, where the constant data type may be an integer type, a character string type or a floating point type.
It can be understood that the preset comprehensive encryption algorithm may be an encryption algorithm including various data types, where the preset comprehensive encryption algorithm includes a correspondence between data types and encryption algorithms, and the preset comprehensive encryption algorithm includes encryption algorithms such as searchable encryption, deterministic encryption, order-preserving encryption, addition homomorphic encryption, and the like.
It should be understood that in the present invention, the user as the data holder has the corresponding key, the query agent is operated by the consensus node, and the encrypted data is stored in the form of blockchain. The plaintext data is assumed to be classified into a string type, an integer type, and a floating point type. The string type data is encrypted using a searchable encryption algorithm, and the integer type and floating point type data is encrypted using a order preserving encryption algorithm and a deterministic encryption algorithm.
In the specific implementation, the query request is encrypted by determining the type of data contained in the content to be queried in the query request and selecting a target encryption algorithm from encryption algorithms such as searchable encryption, deterministic encryption, order-preserving encryption, addition homomorphic encryption and the like.
Step S30: encrypting the query request according to the target encryption algorithm, and querying target data according to an encryption result.
It should be noted that, the target encryption algorithm encrypts the query request to generate first secret data, and queries the target secret data on the blockchain through the first secret data, so as to determine the target data through the target secret data.
It can be understood that the data stored on the blockchain are encrypted secret data, in the scheme, after the query request is encrypted, the query request is matched with the secret data stored on the blockchain to obtain matched secret data, and the matched secret data is fed back to the local for decryption to obtain decrypted target data.
Further, the step of querying the target data according to the encryption result includes: acquiring target encrypted state data from the block chain according to an encrypted ciphertext in an encrypted result; and decrypting the target secret state data to obtain target data.
It should be noted that, according to the key corresponding to the secret state data in the encryption result, the target secret state data is obtained from the blockchain, and the main idea in the scheme is to store one or more parts of secret state data on the blockchain, and the secret state data is formed by iterative encryption of multiple encryption algorithms, and dynamically selects the encryption layer corresponding to the specified secret state data according to different inquiry requests to realize adaptability.
It can be understood that the target data is obtained by matching the first encrypted secret data of the query request with the secret data of multiple types stored in the blockchain, further determining the target secret data according to the matching result, and decrypting the target secret data locally.
Further, the step of decrypting the target secret data to obtain target data includes: decrypting the random number stream cipher and the target encryption algorithm contained in the target secret state data to obtain a decryption result; and determining target data according to the decryption result.
It should be noted that the secret state data stored in the blockchain is multi-layer secret state data generated by encrypting the secret state data through a plurality of encryption algorithms and then encrypting the secret state data through a random number stream cipher.
It can be understood that in the decryption process, the random number stream cipher is decrypted first, and then the encryption algorithm is decrypted, so that plaintext data is obtained.
In a specific implementation, the generated multi-layer secret data schematic diagram can be used iteratively by referring to multiple encryption algorithms shown in fig. 4, wherein the multi-layer secret data adopted by adaptive encryption is shown, and in the process of processing a query request, because the query is strictly ordered, the performance influence caused by encrypting the data in each query is considered, the method for storing multiple multi-layer secret data in a chain in a redundancy way is adopted, and only the corresponding secret data needs to be decrypted when a specific query is processed. Therefore, when the inquiry request is encrypted, the plaintext data is encrypted by the comprehensive encryption algorithm and then encrypted by the random number stream cipher, and when the inquiry request is decrypted, the random number stream cipher is decrypted first and then the comprehensive encryption algorithm is decrypted, so that the plaintext data is obtained.
The embodiment obtains a query request based on a preset query engine; selecting a target encryption algorithm from preset comprehensive encryption algorithms according to the data type corresponding to the query request; according to the method, the query request is encrypted according to the target encryption algorithm, target data is queried according to the encryption result, and compared with the protection limitation caused by the fact that a block chain data protection scheme is subjected to hardware and algorithm encryption imperfection in the prior art, the method and the device enable encrypted secret state data to support complex query processing operation, improve user data privacy security and support efficient query of secret state content on a chain through performing adaptive encryption on the chain data.
Referring to fig. 5, fig. 5 is a flowchart illustrating a second embodiment of the encryption inquiry method according to the present invention, and based on the first embodiment shown in fig. 2, the second embodiment of the encryption inquiry method according to the present invention is provided.
In this embodiment, the step S20 includes:
step S201: and if the data type corresponding to the plaintext data in the query request is a character string type, selecting a searchable encryption algorithm from preset comprehensive encryption algorithms as a target encryption algorithm.
It should be noted that the searchable encryption algorithm may be a preset algorithm for encrypting the data of the character string type. The encryption process is to encrypt plaintext data through a symmetric key cryptography algorithm and a first key, and to generate a random number through a pseudo-random number generation algorithm in combination with a second key, wherein the first key is held by a client, and the second key is held by the client and a common node.
It can be understood that when the type of the plaintext data in the query request to be encrypted is string type data, a searchable encryption algorithm is selected as a target encryption algorithm and is combined with a pseudo-random number generation algorithm to encrypt the plaintext data, so as to obtain the encrypted data, so that the encrypted data on the blockchain can be matched according to the encrypted data (ciphertext) in the later period. The ciphertext may be ciphertext data generated from the keyword.
Further, when encrypting the data of the character string type, carrying out semantic segmentation on the plaintext data in the query request to obtain a segmentation result; screening redundant keywords in the segmentation result, and disturbing the screened keywords to obtain target keyword information; encrypting the target keyword information according to the searchable encryption algorithm and a preset random number stream cipher encryption method, and inquiring target data according to an encryption result.
It should be noted that, the segmentation result may be a plurality of keywords segmented with respect to a character string included in the plaintext data, where the segmentation result includes a plurality of keywords, and the redundant keywords in the segmentation result are screened and removed, so that the remaining keywords are disturbed, and the disturbed target keyword information is obtained. And encrypting the target keyword information by a searchable encryption algorithm and a preset random number stream cipher encryption method, and inquiring target data according to an encryption result.
It should be understood that the present invention uses the searchable encryption technique to implement keyword search on the encrypted data, firstly, the character string is divided into a plurality of keywords by means of semantic segmentation, after deleting the redundant keywords, the sequence of each keyword is disordered, then all the keywords are filled to a fixed length by means of adding zeros at the end, finally, the keyword is encrypted by using the searchable encryption technique, fig. 6 is a schematic flow chart of the searchable encryption technique, k a Held by the data owner, k b The encryption party and the inquiring party hold the data together, and after the user is taken as the data holding party to encrypt the data, the inquiring party inquires the keyword W and then sequentially carries out the encryption and inquiry with each ciphertext C i Performing exclusive-or operation to obtainNext, judge +.>Whether or not it is true, if so, then the descriptionThe keyword exists.
It will be appreciated that, to further illustrate the execution flow of the searchable encryption algorithm, reference may be made to the flowchart of the searchable encryption algorithm shown in fig. 6, in which when a client newly writes a plaintext string data, the string is first divided into a plurality of keywords according to semantics, the dividing method may be specified by the user, and if the string itself is a keyword, no division is required. The segmented keywords are de-duplicated and disordered, each keyword needs to be filled to a fixed length because the lengths of the segmented keywords are different, the fixed length is recorded as n, and each filled keyword is W for facilitating subsequent description i . E (·) is a symmetric key cryptographic algorithm, E sk (x) The plaintext p is encrypted using algorithm E (·) and with key sk. F (-) is a secure pseudo-random number generation algorithm, i.e. a preset random number stream cipher encryption algorithm, F pk (x) The generation of a random number using seed x and key pk is indicated, where sk is the private key held by the client and pk is the public key held by both the client and the consensus node. The client side performs the processing of each keyword W i Calculate X i =E sk (W i ) Then X with length n i Is divided into two parts, the first half part with the length of n-m is L i The latter half of length m is R i . Then by L i Obtaining a subkey k for seeds by a random number generation algorithm i =F pk (L i ). The client then uses another random number generator to generate a string Si of length n-m, calculates a ciphertext of length m using the subkey ki as a keyFinally obtain ciphertextFinal consensus node handle C i And storing the data into a block chain.
In a specific implementation, when a client queries a keyword W on the encrypted data t When it is, it handles X t Sending the data to consensus nodes, and sequentially calculating each node by the consensus nodesCiphertext C i And X is t Obtaining the exclusive OR value<SL i ,SR i >Then determine SR i =F pk (SL i ) If so, the keyword matching is successfully performed, otherwise, the matching is failed. And when the matching is successful, extracting target secret state data from the on-chain data, and decrypting the target secret state data to obtain the target data.
Step S202: and if the data type corresponding to the plaintext data in the query request is an integer type or a floating point type, selecting a deterministic encryption algorithm, a sequence-preserving encryption algorithm or an addition homomorphic encryption algorithm from a preset comprehensive encryption algorithm as a target encryption algorithm.
It should be noted that the deterministic encryption algorithm may be an encryption algorithm preset for integer-type data, where the deterministic encryption algorithm Dec (K, enc (K, m))=m holds true for any plaintext m and a secret key K, the same (m, K) corresponds to the same ciphertext, such encryption algorithm is called deterministic algorithm encryption, the secret key K is held by the client, and the secret key and the deterministic encryption algorithm are used for encryption each time plaintext integer-type data is written. In addition, for homomorphic encryption algorithms, the Paillier encryption algorithm is used to implement the addition homomorphic, and the RSA encryption algorithm is used to implement the multiplication homomorphic.
It can be appreciated that for the order-preserving encryption algorithm, it has been theoretically proven that if the ciphertext is stateless, the linear length order-preserving encryption scheme cannot achieve the ideal security of IND-OCPA (indistinguishability under ordered chosen plaintext attack), i.e. does not reveal any plaintext information except for the plaintext sequence, so the present invention adopts a security definition that is slightly weaker than the ideal security: ROPF (random order preserving function) in the form of an order-preserving encryption scheme pi= (Gen, enc, query, dec), plaintext space D, ciphertext space R, and satisfying |d|r| scheme pi is considered ROPF secure. An implementation of ROPF is given below, where f: A.fwdarw.B is a order preserving function, i.e., for any i, j.epsilon.A there is f (i) > f (j) and if and only if i > j.
In specific implementation, to illustrate the processing procedure of the order-preserving encryption algorithm and the processing procedure of the decryption algorithm, refer to the order-preserving encryption algorithm in table 1 below and the decryption algorithm in table 2 below;
table 1 order preserving encryption algorithm
Table 2 decryption algorithm
Further, the step S202 further includes: if the data type corresponding to the plaintext data in the query request is an integer type or a floating point type, acquiring a query state type corresponding to the query request; and selecting a deterministic encryption algorithm, a sequence-preserving encryption algorithm or an addition homomorphic encryption algorithm from a preset comprehensive encryption algorithm according to the query state type as a target encryption algorithm.
It should be noted that, the floating point type may refer to a data type in which the position of a decimal point of a number is not fixed, but may float, where the floating point may be used to represent a real number, and with respect to a fixed point, the floating point may use the position of an exponential decimal point to float up and down as needed, so that a larger range of real numbers may be flexibly expressed.
It can be understood that the query state type may be a query instruction type contained in the query content, where the query instruction type may include equivalent query, interval query, data ordering, keyword searching, etc., and in the case of different query instruction types, the corresponding encryption algorithms are different, and in this scheme, by combining the query state type and the data type corresponding to the query request, more accurate data encryption query may be implemented.
Further, the step of selecting a deterministic encryption algorithm, a sequence-preserving encryption algorithm or an addition homomorphic encryption algorithm from preset comprehensive encryption algorithms according to the query state type as a target encryption algorithm includes: if the query state type is equivalent query, selecting a deterministic encryption algorithm from preset comprehensive encryption algorithms as a target encryption algorithm; if the query state type is interval query or sequencing request, selecting a sequence-preserving encryption algorithm from a preset comprehensive encryption algorithm as a target encryption algorithm; and if the query state is addition update or multiplication update, selecting an addition homomorphic encryption algorithm from a preset comprehensive encryption algorithm as a target encryption algorithm.
It should be noted that, the adaptive encryption scheme integrating multiple encryption algorithms is the core content of the present invention, and aims to make the secret data have the highest security under the condition of meeting the current query request. In the state without inquiry request, the one-time pad random number stream cipher encryption algorithm with highest security is used, in the state with equivalent inquiry request, the deterministic encryption algorithm is used, and in the state with interval inquiry or ordering request, the order-preserving encryption algorithm is used. The main idea of the adaptive encryption scheme is to store one or more parts of secret state data on the blockchain, wherein the secret state data is formed by iterative encryption of a plurality of encryption algorithms, and the corresponding encryption layers of the specified secret state data are dynamically selected according to different inquiry requests to realize the adaptability.
In particular, once the query agent receives a query request, it encrypts the constants in the query request with the corresponding encryption methods. For example, if the query contains WHERE age=32, the proxy encrypts 32 using a deterministic encryption algorithm; if the query contains WHERE Age >32, the agent encrypts 32 using a sequence preserving encryption algorithm; if the query contains UPDATE age=age+10, the proxy encrypts 10 using an additive homomorphic encryption algorithm; and then replace 32 with the resulting ciphertext.
The embodiment obtains a query request based on a preset query engine; selecting a target encryption algorithm from preset comprehensive encryption algorithms according to the data type corresponding to the query request; according to the method, the query request is encrypted according to the target encryption algorithm, target data is queried according to the encryption result, and compared with the protection limitation caused by the fact that a block chain data protection scheme is subjected to hardware and algorithm encryption imperfection in the prior art, the method and the device enable encrypted secret state data to support complex query processing operation, improve user data privacy security and support efficient query of secret state content on a chain through performing adaptive encryption on the chain data.
In addition, in order to achieve the above object, the present invention also proposes a storage medium having stored thereon an encryption inquiry program which, when executed by a processor, implements the steps of the encryption inquiry method as described above.
Referring to fig. 7, fig. 7 is a block diagram illustrating the structure of a first embodiment of the encryption inquiry apparatus according to the present invention.
As shown in fig. 7, an encryption query apparatus according to an embodiment of the present invention includes:
a request acquisition module 10, configured to acquire a query request based on a preset query engine;
the algorithm determining module 20 is configured to select a target encryption algorithm from preset comprehensive encryption algorithms according to a data type corresponding to the query request;
the encryption query module 30 is configured to encrypt the query request according to the target encryption algorithm, and query target data according to an encryption result.
The embodiment obtains a query request based on a preset query engine; selecting a target encryption algorithm from preset comprehensive encryption algorithms according to the data type corresponding to the query request; according to the method, the query request is encrypted according to the target encryption algorithm, target data is queried according to the encryption result, and compared with the protection limitation caused by the fact that a block chain data protection scheme is subjected to hardware and algorithm encryption imperfection in the prior art, the method and the device enable encrypted secret state data to support complex query processing operation, improve user data privacy security and support efficient query of secret state content on a chain through performing adaptive encryption on the chain data.
Further, the algorithm determining module 20 is further configured to select a searchable encryption algorithm from preset comprehensive encryption algorithms as a target encryption algorithm if the data type corresponding to the plaintext data in the query request is a string type; and if the data type corresponding to the plaintext data in the query request is an integer type or a floating point type, selecting a deterministic encryption algorithm, a sequence-preserving encryption algorithm or an addition homomorphic encryption algorithm from a preset comprehensive encryption algorithm as a target encryption algorithm.
Further, the algorithm determining module 20 is further configured to obtain a query status type corresponding to the query request if a data type corresponding to plaintext data in the query request is an integer type or a floating point type; and selecting a deterministic encryption algorithm, a sequence-preserving encryption algorithm or an addition homomorphic encryption algorithm from a preset comprehensive encryption algorithm according to the query state type as a target encryption algorithm.
Further, the algorithm determining module 20 is further configured to select a deterministic encryption algorithm from preset comprehensive encryption algorithms as a target encryption algorithm if the query status type is an equivalent query; if the query state type is interval query or sequencing request, selecting a sequence-preserving encryption algorithm from a preset comprehensive encryption algorithm as a target encryption algorithm; and if the query state is addition update or multiplication update, selecting an addition homomorphic encryption algorithm from a preset comprehensive encryption algorithm as a target encryption algorithm.
Further, the encryption query module 30 is further configured to perform semantic segmentation on plaintext data in the query request to obtain a segmentation result; screening redundant keywords in the segmentation result, and disturbing the screened keywords to obtain target keyword information; encrypting the target keyword information according to the searchable encryption algorithm and a preset random number stream cipher encryption method, and inquiring target data according to an encryption result.
Further, the encryption query module 30 is further configured to obtain target encrypted state data from the blockchain according to the encrypted ciphertext in the encryption result; and decrypting the target secret state data to obtain target data.
Further, the encryption query module 30 is further configured to decrypt the random number stream cipher and the target encryption algorithm included in the target secret data, to obtain a decryption result; and determining target data according to the decryption result.
It should be understood that the foregoing is illustrative only and is not limiting, and that in specific applications, those skilled in the art may set the invention as desired, and the invention is not limited thereto.
It should be noted that the above-described working procedure is merely illustrative, and does not limit the scope of the present invention, and in practical application, a person skilled in the art may select part or all of them according to actual needs to achieve the purpose of the embodiment, which is not limited herein.
In addition, technical details that are not described in detail in this embodiment may refer to the encryption query method provided in any embodiment of the present invention, which is not described herein.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments. In the unit claims enumerating several means, several of these means may be embodied by one and the same item of hardware. The use of the terms first, second, third, etc. do not denote any order, but rather the terms first, second, third, etc. are used to interpret the terms as names.
From the above description of the embodiments, it will be clear to those skilled in the art that the above-described embodiment method may be implemented by means of software plus a necessary general hardware platform, but of course may also be implemented by means of hardware, but in many cases the former is a preferred embodiment. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product stored in a storage medium (e.g. read only memory mirror (Read Only Memory image, ROM)/random access memory (Random Access Memory, RAM), magnetic disk, optical disk), comprising instructions for causing a terminal device (which may be a mobile phone, a computer, a server, or a network device, etc.) to perform the method according to the embodiments of the present invention.
The foregoing description is only of the preferred embodiments of the present invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalents of the structures or equivalent processes disclosed herein or in the alternative, which may be employed directly or indirectly in other related arts.

Claims (10)

1. An encryption query method is characterized by comprising the following steps:
acquiring a query request based on a preset query engine;
selecting a target encryption algorithm from preset comprehensive encryption algorithms according to the data type corresponding to the query request;
encrypting the query request according to the target encryption algorithm, and querying target data according to an encryption result.
2. The encryption query method according to claim 1, wherein the step of selecting the target encryption algorithm from the preset comprehensive encryption algorithms according to the data type corresponding to the query request comprises:
if the data type corresponding to the plaintext data in the query request is a character string type, selecting a searchable encryption algorithm from preset comprehensive encryption algorithms as a target encryption algorithm;
and if the data type corresponding to the plaintext data in the query request is an integer type or a floating point type, selecting a deterministic encryption algorithm, a sequence-preserving encryption algorithm or an addition homomorphic encryption algorithm from a preset comprehensive encryption algorithm as a target encryption algorithm.
3. The encryption query method according to claim 2, wherein the step of selecting a deterministic encryption algorithm, a sequence-preserving encryption algorithm or an addition homomorphic encryption algorithm from a preset comprehensive encryption algorithm as a target encryption algorithm if the data type corresponding to the plaintext data in the query request is an integer type or a floating point type, comprises:
if the data type corresponding to the plaintext data in the query request is an integer type or a floating point type, acquiring a query state type corresponding to the query request;
and selecting a deterministic encryption algorithm, a sequence-preserving encryption algorithm or an addition homomorphic encryption algorithm from a preset comprehensive encryption algorithm according to the query state type as a target encryption algorithm.
4. The encryption query method as claimed in claim 3, wherein the step of selecting a deterministic encryption algorithm, a order-preserving encryption algorithm or an addition homomorphic encryption algorithm from preset comprehensive encryption algorithms as a target encryption algorithm according to the query state type comprises:
if the query state type is equivalent query, selecting a deterministic encryption algorithm from preset comprehensive encryption algorithms as a target encryption algorithm;
if the query state type is interval query or sequencing request, selecting a sequence-preserving encryption algorithm from a preset comprehensive encryption algorithm as a target encryption algorithm;
and if the query state is addition update or multiplication update, selecting an addition homomorphic encryption algorithm from a preset comprehensive encryption algorithm as a target encryption algorithm.
5. The encryption query method as claimed in claim 2, wherein the step of encrypting the query request according to the target encryption algorithm and querying target data according to the encryption result comprises:
semantic segmentation is carried out on plaintext data in the query request, and a segmentation result is obtained;
screening redundant keywords in the segmentation result, and disturbing the screened keywords to obtain target keyword information;
encrypting the target keyword information according to the searchable encryption algorithm and a preset random number stream cipher encryption method, and inquiring target data according to an encryption result.
6. The encryption query method according to any one of claims 1 to 5, wherein the step of querying the target data based on the encryption result comprises:
acquiring target encrypted state data from the block chain according to an encrypted ciphertext in an encrypted result;
and decrypting the target secret state data to obtain target data.
7. The method of claim 6, wherein the step of decrypting the target encrypted data to obtain target data comprises:
decrypting the random number stream cipher and the target encryption algorithm contained in the target secret state data to obtain a decryption result;
and determining target data according to the decryption result.
8. An encryption inquiry apparatus, characterized in that the encryption inquiry apparatus includes: memory, a processor and an encrypted query program stored on the memory and executable on the processor, which when executed by the processor implements the encrypted query method of any one of claims 1 to 7.
9. A storage medium having stored thereon an encrypted inquiry program which, when executed by a processor, implements the encrypted inquiry method according to any one of claims 1 to 7.
10. An encryption inquiry apparatus, characterized in that the encryption inquiry apparatus comprises:
the request acquisition module is used for acquiring a query request based on a preset query engine;
the algorithm determining module is used for selecting a target encryption algorithm from preset comprehensive encryption algorithms according to the data type corresponding to the query request;
and the encryption query module is used for encrypting the query request according to the target encryption algorithm and querying target data according to an encryption result.
CN202311049380.3A 2023-08-18 2023-08-18 Encryption query method, device, storage medium and apparatus Pending CN117033466A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311049380.3A CN117033466A (en) 2023-08-18 2023-08-18 Encryption query method, device, storage medium and apparatus

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311049380.3A CN117033466A (en) 2023-08-18 2023-08-18 Encryption query method, device, storage medium and apparatus

Publications (1)

Publication Number Publication Date
CN117033466A true CN117033466A (en) 2023-11-10

Family

ID=88626175

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311049380.3A Pending CN117033466A (en) 2023-08-18 2023-08-18 Encryption query method, device, storage medium and apparatus

Country Status (1)

Country Link
CN (1) CN117033466A (en)

Similar Documents

Publication Publication Date Title
EP3058678B1 (en) System and method for dynamic, non-interactive, and parallelizable searchable symmetric encryption
Salam et al. Implementation of searchable symmetric encryption for privacy-preserving keyword search on cloud storage
US20180124026A1 (en) Searchable encryption enabling encrypted search based on document type
US8533489B2 (en) Searchable symmetric encryption with dynamic updating
EP2901359B1 (en) Secure private database querying with content hiding bloom filters
CN111026788B (en) Homomorphic encryption-based multi-keyword ciphertext ordering and retrieving method in hybrid cloud
US20090138698A1 (en) Method of searching encrypted data using inner product operation and terminal and server therefor
CN108111587B (en) Cloud storage searching method based on time release
WO2018047698A1 (en) Encoded message retrieval method, message transmission/reception system, server, terminal, and program
CN117223002A (en) Encrypted information retrieval
CN116346310A (en) Method and device for inquiring trace based on homomorphic encryption and computer equipment
Gahi et al. Privacy preserving scheme for location-based services
Yagoub et al. An adaptive and efficient fully homomorphic encryption technique
CN115795514A (en) Private information retrieval method, device and system
Hoang et al. A multi-server oblivious dynamic searchable encryption framework
CN109672525B (en) Searchable public key encryption method and system with forward index
CN108920968B (en) File searchable encryption method based on connection keywords
EP4185978A1 (en) Encrypted information retrieval
CN117033466A (en) Encryption query method, device, storage medium and apparatus
JP2003296331A (en) Data retrieval method and system, retrieval keyword generation device and its computer program
US20210126906A1 (en) Communication device, server device, concealed communication system, methods for the same, and program
US20230318809A1 (en) Multi-key information retrieval
KR100924796B1 (en) System and method of order-preserving symmetric encryption for numeric data using beta expansion
Guo et al. High Efficient Secure Data Deduplication Method for Cloud Computing
Rajendran et al. An Efficient Ranked Multi-Keyword Search for Multiple Data Owners Over Encrypted Cloud Data: Survey

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination