WO2024066013A1 - Privacy information retrieval implementation - Google Patents
Privacy information retrieval implementation Download PDFInfo
- Publication number
- WO2024066013A1 WO2024066013A1 PCT/CN2022/135370 CN2022135370W WO2024066013A1 WO 2024066013 A1 WO2024066013 A1 WO 2024066013A1 CN 2022135370 W CN2022135370 W CN 2022135370W WO 2024066013 A1 WO2024066013 A1 WO 2024066013A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- server
- client
- identifier
- encrypted
- database
- Prior art date
Links
- 238000000034 method Methods 0.000 claims abstract description 68
- 230000008569 process Effects 0.000 claims abstract description 28
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 21
- 230000003993 interaction Effects 0.000 claims abstract description 14
- 230000006870 function Effects 0.000 description 18
- 238000005516 engineering process Methods 0.000 description 16
- 230000006872 improvement Effects 0.000 description 9
- 238000004364 calculation method Methods 0.000 description 8
- 238000004590 computer program Methods 0.000 description 7
- 238000010586 diagram Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 7
- 239000000047 product Substances 0.000 description 6
- 238000004891 communication Methods 0.000 description 4
- 238000013461 design Methods 0.000 description 4
- 230000008878 coupling Effects 0.000 description 3
- 238000010168 coupling process Methods 0.000 description 3
- 238000005859 coupling reaction Methods 0.000 description 3
- 201000010099 disease Diseases 0.000 description 3
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000014509 gene expression Effects 0.000 description 2
- 239000000463 material Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- OAWXYINGQXLWOE-UHFFFAOYSA-N (2-acetyloxybenzoyl) 2-acetyloxybenzoate Chemical compound CC(=O)OC1=CC=CC=C1C(=O)OC(=O)C1=CC=CC=C1OC(C)=O OAWXYINGQXLWOE-UHFFFAOYSA-N 0.000 description 1
- OKTJSMMVPCPJKN-UHFFFAOYSA-N Carbon Chemical compound [C] OKTJSMMVPCPJKN-UHFFFAOYSA-N 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 239000006227 byproduct Substances 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000007405 data analysis Methods 0.000 description 1
- 239000003814 drug Substances 0.000 description 1
- 229940079593 drug Drugs 0.000 description 1
- 230000009977 dual effect Effects 0.000 description 1
- 229910021389 graphene Inorganic materials 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 229920001296 polysiloxane Polymers 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 239000010979 ruby Substances 0.000 description 1
- 229910001750 ruby Inorganic materials 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
- 239000007787 solid Substances 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/40—Network security protocols
Abstract
Provided in one or more embodiments of the present description are a method, system, server and client for implementing privacy information retrieval. The method for implementing privacy information retrieval comprises: a server encrypting a database to obtain a query base, and sending the query base to a client; and the client and the server executing encryption/decryption on the same target by using an encryption/decryption algorithm capable of exchanging an order. In one retrieval process, the method comprises: the client sending to the server a sensitive field encrypted by the client itself, and obtaining, by means of interaction with the server, the same sensitive field encrypted by the server; the client performing retrieval in the query base according to the sensitive field encrypted by the server, so as to obtain an identifier matching a record, and returning the identifier to the server; and the server returning to the client a record corresponding to the identifier in the database/the value of a field of interest in the corresponding record.
Description
本说明书实施例属于隐私计算技术领域,尤其涉及一种实现隐私信息检索的方法、系统、服务端和客户端。The embodiments of this specification belong to the field of privacy computing technology, and in particular, relate to a method, system, server, and client for implementing privacy information retrieval.
隐私保护计算(Privacy-Preserving Computing)是在保护数据本身不对外泄露的前提下实现数据分析计算的技术集合,实现数据的可用不可见。通过隐私保护计算技术,可以在充分保护数据和隐私安全的前提下,实现数据价值的转化和释放。Privacy-Preserving Computing is a collection of technologies that implement data analysis and computing on the premise of protecting the data itself from external disclosure, making the data available but invisible. Through privacy-preserving computing technology, the value of data can be transformed and released while fully protecting data and privacy security.
目前实现隐私保护计算的主流技术主要包括三大方向:第一类是以多方安全计算(Secure Multi-Party Computation,SMPC)为代表的基于密码学的隐私计算技术;第二类是以联邦学习(Federated Learning,FL)为代表的人工智能与隐私保护技术融合衍生的技术;第三类是以可信执行环境(Trust Execution Environment)为代表的基于可信硬件的机密计算(Confidential Computing,CC)技术。此外,还包括差分隐私(Differential Privacy,DP)等。差分隐私(Differential Privacy,DP)实际则是对计算结果的保护,而不是针对计算过程;联邦学习、安全多方计算以及机密计算则是对计算过程以及计算过程中间结果进行保护。At present, the mainstream technologies for realizing privacy-preserving computing mainly include three directions: the first category is the privacy computing technology based on cryptography represented by Secure Multi-Party Computation (SMPC); the second category is the technology derived from the integration of artificial intelligence and privacy protection technology represented by Federated Learning (FL); the third category is the confidential computing (CC) technology based on trusted hardware represented by Trusted Execution Environment (Trust Execution Environment). In addition, it also includes Differential Privacy (DP) and so on. Differential Privacy (DP) actually protects the calculation results, not the calculation process; Federated Learning, Secure Multi-Party Computation and Confidential Computing protect the calculation process and the intermediate results of the calculation process.
第一类的多方安全计算,又包括四大基础技术,分别是混淆电路(Garbled Circuit,GC)、秘密分享(Secret Sharing)、不经意传输(Oblivious Transfer)和同态加密(Homomorphic Encryption,HE)。其中,同态加密是一种特殊的加密算法,在密文基础上直接进行计算,与基于解密后的明文是一样的计算结果,其又包括半同态加密(Partially Homomorphic Encryption,PHE)和全同态加密(Fully Homomorphic Encryption,FHE)。The first type of multi-party secure computing includes four basic technologies, namely, Garbled Circuit (GC), Secret Sharing, Oblivious Transfer and Homomorphic Encryption (HE). Among them, homomorphic encryption is a special encryption algorithm that directly performs calculations based on ciphertext, and the calculation results are the same as those based on decrypted plaintext. It includes semi-homomorphic encryption (Partially Homomorphic Encryption, PHE) and fully homomorphic encryption (Fully Homomorphic Encryption, FHE).
安全多方计算凭借其坚实的安全理论基础提供输入秘密数据的隐私保护能力,实现隐私保护计算过程的安全。目前安全多方计算主要有两条实施技术路线,包括通用安全多方计算和特定问题安全多方计算。前者可以解决各类计算问题,但是这种“万能型”的技术路线通常体系庞大,各种开销较大;后者针对特定问题设计专用协议,如隐私集合求交PSI(Private Set Intersection,PSI),隐私信息检索(Privacy Information Retrieval,PIR)等,往往能够以比通用安全多方计算协议更低的代价得到计算结果,但是需要领 域专家针对应用场景进行精心设计,一般无法适用于通用场景且设计成本较高。Secure multi-party computing provides privacy protection for input secret data with its solid security theoretical foundation, thus achieving the security of the privacy-preserving computing process. At present, there are two main implementation technology routes for secure multi-party computing, including general secure multi-party computing and specific problem secure multi-party computing. The former can solve various computing problems, but this "universal" technology route usually has a large system and high overhead; the latter designs special protocols for specific problems, such as Private Set Intersection PSI (PSI), Privacy Information Retrieval (PIR), etc., which can often obtain computing results at a lower cost than general secure multi-party computing protocols, but requires domain experts to carefully design for application scenarios, and is generally not applicable to general scenarios and has a high design cost.
隐私集合求交是参与双方在不泄露任何额外信息的情况下,得到双方持有数据的交集。额外的信息指的是除了双方的数据交集以外的任何信息。隐私集合求交在现实场景中非常有用,比如在纵向联邦学习中做数据对齐,或是在社交软件中通过通讯录做好友发现等。Private set intersection is a method for two parties to obtain the intersection of their data without revealing any additional information. Additional information refers to any information other than the intersection of the data of both parties. Private set intersection is very useful in real-world scenarios, such as data alignment in vertical federated learning, or friend discovery through address books in social software.
隐私信息检索是客户端从数据库检索信息的一种方法。检索过程中,查询方隐藏查询目标标识,数据服务方提供匹配的查询结果却无法获知具体的查询对象。Privacy information retrieval is a method by which a client retrieves information from a database. During the retrieval process, the querying party hides the query target identifier, and the data service provider provides matching query results but cannot know the specific query object.
发明内容Summary of the invention
本说明书的目的在于提供一种实现隐私信息检索的方法、系统、服务端和客户端,包括:一种实现隐私信息检索的方法,服务端将数据库加密后得到查询基,并发送该查询基至客户端;客户端与服务端对同一目标执行的加/解密采用可交换顺序的加/解密算法。在一次检索过程中,包括:所述客户端发送经自身加密的敏感字段至服务端,并通过与服务端的交互得到由服务端加密的同一敏感字段;所述客户端在查询基中根据所述由服务端加密的敏感字段检索,得到匹配记录的标识,并将该标识返回至服务端;所述服务端返回所述数据库中所述标识对应记录/对应记录中感兴趣字段的值至所述客户端。The purpose of this specification is to provide a method, system, server and client for implementing private information retrieval, including: a method for implementing private information retrieval, the server encrypts the database to obtain a query base, and sends the query base to the client; the encryption/decryption performed by the client and the server on the same target uses an encryption/decryption algorithm with interchangeable order. In a retrieval process, it includes: the client sends the sensitive field encrypted by itself to the server, and obtains the same sensitive field encrypted by the server through interaction with the server; the client searches the query base according to the sensitive field encrypted by the server, obtains the identifier of the matching record, and returns the identifier to the server; the server returns the record corresponding to the identifier in the database/the value of the field of interest in the corresponding record to the client.
一种实现隐私信息检索的系统,包括服务端与客户端,客户端与服务端对同一目标执行的加/解密采用可交换顺序的加/解密算法,且所述服务端配置有数据库,并将该数据库加密后得到查询基,并发送该查询基至客户端。在一次检索过程中:所述客户端发送经自身加密的敏感字段至服务端,并通过与服务端的交互得到由服务端加密的同一敏感字段;在查询基中根据所述由服务端加密的敏感字段检索,得到匹配记录的标识,并将该标识返回至服务端;所述服务端接收所述客户端发送的经自身加密的敏感字段并再次加密后返回至所述客户端;还接收所述客户端发送的检索标识;并返回所述数据库中所述标识对应记录/对应记录中感兴趣字段的值至所述客户端。A system for implementing private information retrieval includes a server and a client. The encryption/decryption performed by the client and the server on the same target adopts an encryption/decryption algorithm with interchangeable order, and the server is configured with a database, and obtains a query base after encrypting the database, and sends the query base to the client. In a retrieval process: the client sends a sensitive field encrypted by itself to the server, and obtains the same sensitive field encrypted by the server through interaction with the server; retrieves the sensitive field encrypted by the server in the query base, obtains the identifier of the matching record, and returns the identifier to the server; the server receives the sensitive field encrypted by itself sent by the client, encrypts it again, and returns it to the client; also receives the retrieval identifier sent by the client; and returns the value of the record corresponding to the identifier in the database/the field of interest in the corresponding record to the client.
一种实现隐私信息检索的服务端,所述服务端与客户端对同一目标执行的加/解密采用可交换顺序的加/解密算法,且所述服务端配置有数据库,并将该数据库加密后得到查询基,并发送该查询基至客户端。在一次检索过程中:所述服务端接收所述客户端发送的经自身加密的敏感字段并再次加密后返回至所述客户端;还接收所述客户端发送的检索标识;并返回所述数据库中所述标识对应记录/对应记录中感兴趣字段的值至所述客户端。A server for implementing private information retrieval, wherein the encryption/decryption performed by the server and the client on the same target adopts an encryption/decryption algorithm with interchangeable order, and the server is configured with a database, and obtains a query base after encrypting the database, and sends the query base to the client. During a retrieval process: the server receives the sensitive field encrypted by itself sent by the client, encrypts it again and returns it to the client; it also receives the retrieval identifier sent by the client; and returns the record corresponding to the identifier in the database/the value of the field of interest in the corresponding record to the client.
一种实现隐私信息检索的客户端,该客户端与服务端对同一目标执行的加/解密采用可交换顺序的加/解密算法,且所述客户端配置有查询基,所述查询基由所述服务端将数据库加密后得到。在一次检索过程中:所述客户端发送经自身加密的敏感字段至服务端,并通过与服务端的交互得到由服务端加密的同一敏感字段;在查询基中根据所述由服务端加密的敏感字段检索,得到匹配记录的标识,并将该标识返回至服务端。A client for implementing private information retrieval, the encryption/decryption performed by the client and the server on the same target adopts an encryption/decryption algorithm with interchangeable order, and the client is configured with a query base, which is obtained by the server after encrypting the database. In a retrieval process: the client sends a sensitive field encrypted by itself to the server, and obtains the same sensitive field encrypted by the server through interaction with the server; the query base is searched according to the sensitive field encrypted by the server, the identification of the matching record is obtained, and the identification is returned to the server.
上述实施例中,通过将查询基预先配置到客户端的形式,实现不暴露数据库明文的情况下由客户端通过与服务端交互及查询基定位要查询的字段在查询基中的标识,进一步根据标识向服务端发起查询,保证了服务端对数据库的隐私保护,且可以支持结构化查询语句。In the above embodiment, by pre-configuring the query base to the client, the client can interact with the server and the query base to locate the identifier of the field to be queried in the query base without exposing the plain text of the database, and further initiate a query to the server based on the identifier, thereby ensuring the privacy protection of the database by the server and supporting structured query statements.
为了更清楚地说明本说明书实施例的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本说明书中记载的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions of the embodiments of this specification, the drawings required for use in the description of the embodiments will be briefly introduced below. Obviously, the drawings described below are only some embodiments recorded in this specification. For ordinary technicians in this field, other drawings can be obtained based on these drawings without paying creative labor.
图1是一实施例的流程示意图。FIG. 1 is a schematic diagram of a flow chart of an embodiment.
为了使本技术领域的人员更好地理解本说明书中的技术方案,下面将结合本说明书实施例中的附图,对本说明书实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本说明书一部分实施例,而不是全部的实施例。基于本说明书中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都应当属于本说明书保护的范围。In order to enable those skilled in the art to better understand the technical solutions in this specification, the technical solutions in the embodiments of this specification will be clearly and completely described below in conjunction with the drawings in the embodiments of this specification. Obviously, the described embodiments are only part of the embodiments of this specification, not all of the embodiments. Based on the embodiments in this specification, all other embodiments obtained by ordinary technicians in this field without creative work should fall within the scope of protection of this specification.
如前所述,PIR是客户端从数据库检索信息的一种方法。PIR方案是由Chor B等在1995年提出的解决保护用户查询隐私的方案。PIR方案的主要目的是,保证查询用户向服务器上的数据库提交的查询请求,在用户查询的隐私信息不被泄漏的条件下完成查询,即在检索过程中服务器不知道用户具体查询信息及检索出的数据项。As mentioned above, PIR is a method for clients to retrieve information from a database. The PIR scheme was proposed by Chor B et al. in 1995 to protect the privacy of user queries. The main purpose of the PIR scheme is to ensure that the query request submitted by the query user to the database on the server is completed without leaking the user's private information, that is, during the retrieval process, the server does not know the user's specific query information and the retrieved data items.
隐私信息检索的应用场景包括有:病患想通过医药系统查询其疾病的治疗药物,如果以该疾病名为查询条件,医疗系统将会得知该病人可能患有这样的疾病,从而病人的隐私被泄露,通过隐私信息查询可以避免此类泄露问题。The application scenarios of privacy information retrieval include: patients want to query the treatment drugs for their diseases through the medical system. If the disease name is used as the query condition, the medical system will know that the patient may have such a disease, and the patient's privacy will be leaked. Such leakage problems can be avoided through privacy information query.
在域名、商标申请过程,用户需要首相向相关数据库提交自己申请的域名或商标信息以查询是否已存在,但有不想让服务提供方知晓自己的申请名称,从而能够抢先注册。During the domain name and trademark application process, users need to submit their applied domain name or trademark information to the relevant database to check whether it already exists, but they do not want the service provider to know their applied name so that they can register it first.
在证券市场中,某用户想查询某个股票信息,但又不能将自己感兴趣的股票泄露给服务方从而影响股票价格和自己的偏好。In the securities market, a user wants to query the information of a certain stock, but cannot disclose the stock he is interested in to the service provider so as to affect the stock price and his own preferences.
一个简单的实现方案是数据库把所有数据发送给客户端,但无法保护数据库安全,即无法保证服务端的隐私。能够同时保证客户端和数据库隐私安全的PIR,称为对称的PIR(Symmetrical PIR,SPIR),同时保证客户端和数据库两者之一隐私安全的PIR,称为非对称的PIR(Asymmetrical PIR,APIR)。根据数据库副本的个数分为多副本PIR和单副本PIR。多副本PIR协议要求多个数据库副本之间不能合谋,这在现实场景中很难满足,因此考虑更多的是单副本PIR。单副本PIR只能达到计算安全(Computational PIR,CPIR)。在大多数PIR方案中,总是假设客户端知道想要检索的是数据库的第几个比特(单比特)。但是在现实场景中,客户端往往是根据关键字检索(并不知道该关键字对应数据库的具体位置),且希望取回的是字符串(多比特)。总而言之,一个实用的PIR通常需要最好同时满足对称、单副本、按关键字检索、返回字符串等多个条件,并达到计算效率和通信效率的平衡。通过同态加密、不经意传输(Oblivious Transfer,OT)、单向陷门函数(One-way Trapdoor Function)等密码学技术,可以满足或部分满足上述条件。A simple implementation is that the database sends all data to the client, but it cannot protect the database security, that is, it cannot guarantee the privacy of the server. PIR that can guarantee the privacy security of both the client and the database is called symmetric PIR (SPIR), and PIR that guarantees the privacy security of either the client or the database is called asymmetrical PIR (APIR). According to the number of database copies, it is divided into multi-copy PIR and single-copy PIR. The multi-copy PIR protocol requires that multiple database copies cannot collude, which is difficult to meet in real scenarios, so single-copy PIR is more considered. Single-copy PIR can only achieve computational security (CPIR). In most PIR schemes, it is always assumed that the client knows which bit of the database it wants to retrieve (single bit). However, in real scenarios, the client often searches based on keywords (without knowing the specific location of the keyword in the database), and hopes to retrieve a string (multiple bits). In short, a practical PIR usually needs to meet multiple conditions such as symmetry, single copy, keyword search, and string return at the same time, and achieve a balance between computational efficiency and communication efficiency. The above conditions can be met or partially met through cryptographic techniques such as homomorphic encryption, oblivious transfer (OT), and one-way trapdoor function.
本说明书提供一种实现隐私信息检索的方法实施例。This specification provides an embodiment of a method for implementing private information retrieval.
该实施例中,服务端(Server)可以预先将数据库加密后得到查询基,并发送该查询基至客户端。In this embodiment, the server may encrypt the database in advance to obtain a query base, and send the query base to the client.
一般的,服务端本地具有数据库,可以供客户端查询。服务端本地的数据库例如为如下:Generally, the server has a local database that can be queried by the client. For example, the local database of the server is as follows:
| IDID | NameName | Job_numberJob_number | AgeAge | Native_placeNative_place |
| id_0id_0 | AA | 263158263158 | 24twenty four | anhuianhui |
| id_1id_1 | BB | 223700223700 | 2525 | shanghaishanghai |
| id_2id_2 | CC | 193267193267 | 3030 | anhuianhui |
| id_3id_3 | DD | 183456183456 | 4646 | henanhenan |
| id_4id_4 | EE | 193345193345 | 3434 | shandongshandong |
| id_5id_5 | FF | 271156271156 | 5454 | shanghaishanghai |
| id_6id_6 | GG | 223455223455 | 24twenty four | beijingbeijing |
| id_7id_7 | HH | 274500274500 | 2525 | zhejiangzhejiang |
| id_8id_8 | II | 805591805591 | 4242 | guangdongguangdong |
| id_9id_9 | JJ | 708947708947 | 5656 | zhejiangzhejiang |
表1、服务端具有的数据库Table 1. Databases available on the server
上述表1的例子中,包括ID、Name、Job_number、Age、Native_place这5个字段,例如有id_0,...id_9共10条记录,每一行为一个记录。其中,id_0,...id_9为每一行记录的标识。In the example of Table 1 above, there are five fields including ID, Name, Job_number, Age, and Native_place. For example, there are 10 records, id_0, ..., id_9, and each row is a record. Among them, id_0, ..., id_9 are the identifiers of each row of records.
为了让客户端可以进行检索,而又不暴露服务端的隐私安全,服务端可以加密该数据库,得到查询基。加密方式可以采用RSA(一种使用广泛的非对称加密算法,1977年由罗纳德·李维斯特(Ron Rivest)、阿迪·萨莫尔(Adi Shamir)和伦纳德·阿德曼(Leonard Adleman)一起提出的)或ECC(Elliptical Curve Cryptography,椭圆曲线密码学)加密。具体的,服务端可以使用RSA私钥/ECC私钥α对数据加密,即对除了ID列的其它每个字段(即每个单元格中的数据)采用RSA私钥/ECC私钥α进行加密。In order to allow the client to search without exposing the privacy and security of the server, the server can encrypt the database to obtain the query base. The encryption method can use RSA (a widely used asymmetric encryption algorithm proposed by Ronald Rivest, Adi Shamir and Leonard Adleman in 1977) or ECC (Elliptical Curve Cryptography) encryption. Specifically, the server can use RSA private key/ECC private key α to encrypt the data, that is, use RSA private key/ECC private key α to encrypt each field except the ID column (that is, the data in each cell).
采用ECC加解密算法的情况下,具体的,服务端可以生成一个秘密值α并妥善保存,该秘密值α也就是ECC私钥。此外,服务端可以将name字段的值通过一个哈希函数转换为椭圆曲线上的一个点,可以表达为Hash(C)或表达为H(C)。When the ECC encryption and decryption algorithm is used, specifically, the server can generate a secret value α and properly store it. The secret value α is also the ECC private key. In addition, the server can convert the value of the name field into a point on the elliptic curve through a hash function, which can be expressed as Hash(C) or H(C).
根据椭圆曲线上标量乘法的运算性质,椭圆曲线上的一个点P和一个整数k,计算Q=kP很容易,且得到的结果Q也是该椭圆曲线上的一个点;反之,如果知道椭圆曲线上的一个点对P、Q,求解Q=kP中使等式成立的k的值很难。According to the operational properties of scalar multiplication on elliptic curves, it is easy to calculate Q=kP for a point P and an integer k on the elliptic curve, and the result Q is also a point on the elliptic curve; conversely, if a point pair P and Q on the elliptic curve is known, it is difficult to find the value of k that makes the equation valid in Q=kP.
这里,根据椭圆曲线上的标量乘法运算α·H(C)很容易计算得到,但是知道α·H(C)的结果和H(C)却很难推算出α的值。很难得到α的值的情况下,知道α·H(C)的结果,也很难得到知道H(C)的值。Here, α·H(C) is easy to calculate based on the scalar multiplication operation on the elliptic curve, but it is difficult to deduce the value of α by knowing the result of α·H(C) and H(C). When it is difficult to get the value of α, it is also difficult to know the value of H(C) by knowing the result of α·H(C).
进而,服务端采用秘密值α加密后的数据库如下所示:Furthermore, the database encrypted by the server using the secret value α is as follows:
| IDID | NameName | Job_numberJob_number | AgeAge | Native_placeNative_place |
| id_0id_0 | α·H(A)α·H(A) | α·H(263158)α·H(263158) | α·H(24)α·H(24) | α·H(anhui)α·H(anhui) |
| id_1id_1 | α·H(B)α·H(B) | α·H(223700)α·H(223700) | α·H(25)α·H(25) | α·H(shanghai)α·H(shanghai) |
| id_2id_2 | α·H(C)α·H(C) | α·H(193267)α·H(193267) | α·H(30)α·H(30) | α·H(anhui)α·H(anhui) |
| id_3id_3 | α·H(D)α·H(D) | α·H(183456)α·H(183456) | α·H(46)α·H(46) | α·H(henan)α·H(henan) |
| id_4id_4 | α·H(E)α·H(E) | α·H(193345)α·H(193345) | α·H(34)α·H(34) | α·H(shandong)α·H(shandong) |
| id_5id_5 | α·H(F)α·H(F) | α·H(271156)α·H(271156) | α·H(54)α·H(54) | α·H(shanghai)α·H(shanghai) |
| id_6id_6 | α·H(G)α·H(G) | α·H(223455)α·H(223455) | α·H(24)α·H(24) | α·H(beijing)α·H(beijing) |
| id_7id_7 | α·H(H)α·H(H) | α·H(274500)α·H(274500) | α·H(25)α·H(25) | α·H(zhejiang)α·H(zhejiang) |
| id_8id_8 | α·H(I)α·H(I) | α·H(805591)α·H(805591) | α·H(42)α·H(42) | α·H(guangdong)α·H(guangdong) |
| id_9id_9 | α·H(J)α·H(J) | α·H(708947)α·H(708947) | α·H(56)α·H(56) | α·H(zhejiang)α·H(zhejiang) |
表2、服务端采用ECC私钥加密后的查询基Table 2. Query base encrypted by ECC private key on the server
需要说明的是,上述hash函数,不仅能将原始输入转换为固定长度和格式的输出,还能将输出转换为椭圆曲线上的一个点的x轴坐标。例如采用curve25519这样的椭圆曲线,任意的256bits数据都可以作为这条椭圆曲线上的一个合法的x轴坐标。相应的,可以采用sha256或sha3-256,也可以采用sha384、sha512或者sha3-384、sha3-512的结果中截取256bits。更广泛的说,任意hash值(不局限于hash结果是256bits)可以对椭圆曲线的阶取模,取模结果与生成元点乘之积(标量乘法)即为该椭圆曲线上的一个点。It should be noted that the above hash function can not only convert the original input into an output of fixed length and format, but also convert the output into the x-axis coordinate of a point on the elliptic curve. For example, using an elliptic curve such as curve25519, any 256-bit data can be used as a legal x-axis coordinate on this elliptic curve. Correspondingly, sha256 or sha3-256 can be used, or 256 bits can be intercepted from the results of sha384, sha512, or sha3-384, sha3-512. More broadly speaking, any hash value (not limited to hash results of 256 bits) can be modulo the order of the elliptic curve, and the product of the modulo result and the generator point multiplication (scalar multiplication) is a point on the elliptic curve.
进而,服务端可以将该查询基发送至需要进行检索的客户端。一种方式中,服务端可以直接发送该查询基至客户端,例如直接发送至客户端的设备,或者发送至客户端的代理服务器之类;另一种方式中,服务端可以在一个统一资源定位系统(Uniform Resource Locator,URL)上发布该查询基,进而客户端可以从该URL上获取该查询基。Then, the server can send the query base to the client that needs to perform the search. In one way, the server can directly send the query base to the client, such as directly to the client's device, or to the client's proxy server; in another way, the server can publish the query base on a Uniform Resource Locator (URL), and then the client can obtain the query base from the URL.
相应的,客户端可以接收到该查询基,并将接收到的查询基保存在本地。Correspondingly, the client can receive the query base and save the received query base locally.
类似的,采用RSA的情况下,服务端可以生成一个秘密值α并妥善保存,该秘密值也就是RSA私钥。此外,服务端可以将name字段的值通过一个哈希函数转换为椭圆曲线上的一个点,可以表达为Hash(C)或表达为H(C)。Similarly, when using RSA, the server can generate a secret value α and store it properly. This secret value is the RSA private key. In addition, the server can convert the value of the name field into a point on the elliptic curve through a hash function, which can be expressed as Hash(C) or H(C).
根据模幂运算的性质,已知秘密值α,对于一个大质数q和底数g,计算p=g
αmod q很容易;反之,如果知道p、q和底数g,求解p=g
αmod q中使等式成立的α的值很难。底数g也称为原根。
According to the properties of modular exponentiation, if the secret value α is known, it is easy to calculate p = g α mod q for a large prime number q and base g; conversely, if p, q and base g are known, it is difficult to solve the value of α that makes the equation true in p = g α mod q. The base g is also called the primitive root.
这里,根据模拟运算计算(H(C))
αmod q很容易,但是知道(H(C))
αmod q的结果和H(C)、q却很难推算出α的值。很难得到α的值的情况下,知道(H(C))
αmod q的结果,也很难得到知道H(C)的值。后续,将形如(H(C))
αmod q的表达式省略mod q,简略表示为(H(C))
α。
Here, it is easy to calculate (H(C)) α mod q by simulation operation, but it is difficult to infer the value of α when the result of (H(C)) α mod q and H(C) and q are known. When it is difficult to obtain the value of α, it is also difficult to obtain the value of H(C) when the result of (H(C)) α mod q is known. Subsequently, expressions such as (H(C)) α mod q are abbreviated to (H(C)) α by omitting mod q.
进而,服务端采用秘密值α加密后的数据库如下所示:Furthermore, the database encrypted by the server using the secret value α is as follows:
| IDID | NameName | Job_numberJob_number | AgeAge | Native_placeNative_place |
| id_0id_0 | (H(A)) α (H(A)) α | (H(263158)) α (H(263158)) α | (H(24)) α (H(24)) α | (H(anhui)) α (H(anhui)) α |
| id_1id_1 | (H(B)) α (H(B)) α | (H(223700)) α (H(223700)) α | (H(25)) α (H(25)) α | (H(shanghai)) α (H(shanghai)) α |
| id_2id_2 | (H(C)) α (H(C)) α | (H(193267)) α (H(193267)) α | (H(30)) α (H(30)) α | (H(anhui)) α (H(anhui)) α |
| id_3id_3 | (H(D)) α (H(D)) α | (H(183456)) α (H(183456)) α | (H(46)) α (H(46)) α | (H(henan)) α (H(henan)) α |
| id_4id_4 | (H(E)) α (H(E)) α | (H(193345)) α (H(193345)) α | (H(34)) α (H(34)) α | (H(shandong)) α (H(shandong)) α |
| id_5id_5 | (H(F)) α (H(F)) α | (H(271156)) α (H(271156)) α | (H(54)) α (H(54)) α | (H(shanghai)) α (H(shanghai)) α |
| id_6id_6 | (H(G)) α (H(G)) α | (H(223455)) α (H(223455)) α | (H(24)) α (H(24)) α | (H(beijing)) α (H(beijing)) α |
| id_7id_7 | (H(H)) α (H(H)) α | (H(274500)) α (H(274500)) α | (H(25)) α (H(25)) α | (H(zhejiang)) α (H(zhejiang)) α |
| id_8id_8 | (H(I)) α (H(I)) α | (H(805591)) α (H(805591)) α | (H(42)) α (H(42)) α | (H(guangdong)) α (H(guangdong)) α |
| id_9id_9 | (H(J)) α (H(J)) α | (H(708947)) α (H(708947)) α | (H(56)) α (H(56)) α | (H(zhejiang)) α (H(zhejiang)) α |
表3、服务端采用RSA私钥加密后的查询基Table 3. Query base encrypted by RSA private key on the server
进而,服务端可以将该查询基发送至需要进行检索的客户端。类似的,服务端可以直接发送该查询基至客户端,例如直接发送至客户端的设备,或者发送至客户端的代理服务器之类;另一种方式中,服务端可以在一个统一资源定位系统(Uniform Resource Locator,URL)上发布该查询基,进而客户端可以从该URL上获取该查询基。Then, the server can send the query base to the client that needs to perform the search. Similarly, the server can directly send the query base to the client, such as directly to the client's device, or to the client's proxy server; in another way, the server can publish the query base on a Uniform Resource Locator (URL), and then the client can obtain the query base from the URL.
相应的,客户端可以接收到该查询基,并将接收到的查询基保存在本地。Correspondingly, the client can receive the query base and save the received query base locally.
S110:客户端发送经自身加密的敏感字段至服务端,并通过与服务端的交互得到由服务端加密的同一敏感字段。S110: The client sends the sensitive field encrypted by itself to the server, and obtains the same sensitive field encrypted by the server through interaction with the server.
例如,客户端的检索条件为Age字段值为24,而24为敏感字段,即不希望让对端知道。为了避免让服务端知道客户端检索条件是Age字段的值24,客户端可以将该24加密。例如,采用RSA/ECC私钥加密,客户端采用的加密算法与服务端生成查询基采用的加密算法相同。For example, the client's search condition is that the value of the Age field is 24, but 24 is a sensitive field, that is, the client does not want to let the other party know. In order to prevent the server from knowing that the client's search condition is the value of the Age field 24, the client can encrypt the 24. For example, RSA/ECC private key encryption is used, and the encryption algorithm used by the client is the same as the encryption algorithm used by the server to generate the query base.
具体的,采用RSA私钥加密的情况下,客户端自身生成秘密β并妥善保存。进而,客户端可以采用自身私钥β对24加密。具体的,可以是对24或对24的hash值加密。这里以对24的hash加密为例加以说明,对24直接加密的情况类似,客户端与服务端采用相同的hash算法。例如,客户端采用与服务端相同的大质数q作为模数。客户端可以将对24采用β对24的hash值进行RSA加密,得到(H(24))
β。则客户端发送至服务端的敏感字段可以为(H(24))
β,其中,(H(24))
β表示敏感字段的值24的密文。
Specifically, when RSA private key encryption is used, the client generates a secret β by itself and keeps it properly. Then, the client can encrypt 24 with its own private key β. Specifically, 24 or the hash value of 24 can be encrypted. Here, the hash encryption of 24 is taken as an example. The direct encryption of 24 is similar, and the client and the server use the same hash algorithm. For example, the client uses the same large prime number q as the server as the modulus. The client can perform RSA encryption on the hash value of 24 using β to obtain (H(24)) β . Then the sensitive field sent by the client to the server can be (H(24)) β , where (H(24)) β represents the ciphertext of the value 24 of the sensitive field.
另一方面,客户端也可以构造检索语句,并将检索语句中的敏感字段加密后得到隐 私字段,并用隐私字段替换敏感字段,将替换后的隐私检索语句发送至服务端。On the other hand, the client can also construct a search statement, encrypt the sensitive fields in the search statement to obtain the private fields, replace the sensitive fields with the private fields, and send the replaced private search statement to the server.
例如,客户端构造的查询语句为select Name where Age=24。For example, the query statement constructed by the client is select Name where Age=24.
为了保护隐私,即不让服务端获得查询的是Age=24这个条件,例如是将其中的24隐私保护起来,结果如下:In order to protect privacy, the server is not allowed to obtain the condition Age=24. For example, the privacy of 24 is protected. The result is as follows:
select Name where Age=?select Name where Age=?
其中,?表示替换后的检索语句。Among them, ? represents the search statement after replacement.
具体的,客户端可以将24用RSA私钥加密。例如,客户端可以将对24采用与服务端相同hash函数进行hash计算,进而采用β对24的hash值进行RSA加密,得到(H(24))
β。则客户端发送至服务端的查询语句例如为如下:
Specifically, the client can encrypt 24 with an RSA private key. For example, the client can use the same hash function as the server to perform hash calculation on 24, and then use β to perform RSA encryption on the hash value of 24 to obtain (H(24)) β . Then the query statement sent by the client to the server is, for example, as follows:
select Name where Age=(H(24))
β
select Name where Age=(H(24)) β
如前所述,(H(24))
β为密文,即为上面检索语句中的“?”代表的内容,服务端获得后并不能知晓其中的β和24。
As mentioned above, (H(24)) β is the ciphertext, which is the content represented by “?” in the above search statement. After obtaining it, the server cannot know β and 24.
采用ECC私钥加密的情况下,客户端采用与服务端相同的椭圆曲线,即具有相同的椭圆曲线参数和生成元。客户端自身生成秘密β并妥善保存。进而,客户端可以采用自身私钥β对24加密。具体的,可以是对24的hash值加密,客户端与服务端采用相同的hash算法。例如,客户端可以采用β对24的hash值进行ECC加密,得到β·H(24)。则客户端发送至服务端的敏感字段可以为β·H(24),其中,β·H(24)表示敏感字段的值24的密文。When using ECC private key encryption, the client uses the same elliptic curve as the server, that is, it has the same elliptic curve parameters and generators. The client generates the secret β itself and keeps it properly. Then, the client can use its own private key β to encrypt 24. Specifically, the hash value of 24 can be encrypted, and the client and the server use the same hash algorithm. For example, the client can use β to perform ECC encryption on the hash value of 24 to obtain β·H(24). Then the sensitive field sent by the client to the server can be β·H(24), where β·H(24) represents the ciphertext of the value 24 of the sensitive field.
另一方面,客户端也可以构造检索语句,并将检索语句中的敏感字段加密后得到隐私字段,并用隐私字段替换敏感字段,将替换后的隐私检索语句发送至服务端。On the other hand, the client can also construct a search statement, encrypt the sensitive fields in the search statement to obtain the privacy fields, replace the sensitive fields with the privacy fields, and send the replaced privacy search statement to the server.
例如,客户端构造的查询语句为select Name where Age=24。For example, the query statement constructed by the client is select Name where Age=24.
为了保护隐私,即不让服务端获得查询的是Age=24这个条件,例如是将其中的24隐私保护起来,结果如下:In order to protect privacy, the server is not allowed to obtain the condition Age=24. For example, the privacy of 24 is protected. The result is as follows:
select Name where Age=?select Name where Age=?
其中,?表示替换后的检索语句。Among them, ? represents the search statement after replacement.
具体的,客户端可以将24用ECC私钥加密。例如,客户端采用与服务端相同的椭圆曲线,即具有相同的椭圆曲线参数和生成元。客户端可以将检索语句中的敏感字段用 自身ECC私钥加密后替换,将替换后的隐私检索语句发送至服务端。例如客户端自身生成秘密β并妥善保存。此外,客户端可以将对24采用与服务端相同hash函数进行hash计算,进而采用β对24的hash值进行ECC加密,得到β·H(24)。则客户端发送至服务端的查询语句例如为如下:Specifically, the client can encrypt 24 with an ECC private key. For example, the client uses the same elliptic curve as the server, that is, it has the same elliptic curve parameters and generators. The client can replace the sensitive fields in the search statement with its own ECC private key and send the replaced privacy search statement to the server. For example, the client generates a secret β and saves it properly. In addition, the client can use the same hash function as the server to perform hash calculation on 24, and then use β to perform ECC encryption on the hash value of 24 to obtain β·H(24). Then the query statement sent by the client to the server is, for example, as follows:
select Name where Age=β·H(24)select Name where Age=β·H(24)
如前所述,β·H(24)为密文,即为上面检索语句中的“?”代表的内容,服务端获得后并不能知晓其中的β和24。As mentioned above, β·H(24) is the ciphertext, which is the content represented by “?” in the above search statement. After obtaining it, the server cannot know β and 24.
所述客户端通过与服务端的交互得到由服务端加密的同一敏感字段,可以包括服务端采用自身密钥对由客户端加密的敏感字段再次加密后发送至客户端,客户端采用自身密钥对两次加密后的敏感字段解密得到由服务端加密的敏感字段。该内容的核心是需要找到一个满足连续两次加密操作(两方先后加密)可以交换顺序进行解密的加密算法。根据ECC的密码学性质,双方约定采用相同的椭圆曲线,即具有相同的椭圆曲线参数和生成元,各自持有密钥α和β,加密操作为用α(或β)进行标量乘法运算,不论先用α加密后用β加密还是先用β加密后用α加密,都可以用相同或不同的顺序解密,即可以对加密结果用不同的顺序解密。类似的,根据RSA的密码学性质加密,双方约定采用一个相同的大质数q和原根g,各自持有私钥α和β,加密操作为用α(或β)求幂并用q取模,不论先用α加密后用β加密还是先用β加密后用α加密,都可以用相同或不同的顺序解密,即可以对加密结果用不同的顺序解密。整体来说,这里客户端和服务端对同一目标执行的加/解密采用可交换顺序的加/解密算法。The client obtains the same sensitive field encrypted by the server through interaction with the server, which may include the server using its own key to re-encrypt the sensitive field encrypted by the client and then sending it to the client, and the client using its own key to decrypt the sensitive field encrypted twice to obtain the sensitive field encrypted by the server. The core of this content is to find an encryption algorithm that can exchange the order of decryption for two consecutive encryption operations (two parties encrypt successively). According to the cryptographic properties of ECC, the two parties agree to use the same elliptic curve, that is, have the same elliptic curve parameters and generators, each holding keys α and β, and the encryption operation is to perform scalar multiplication with α (or β). Regardless of whether it is encrypted with α first and then β or encrypted with β first and then α, it can be decrypted in the same or different order, that is, the encryption results can be decrypted in different orders. Similarly, according to the cryptographic properties of RSA encryption, both parties agree to use the same large prime number q and primitive root g, each holding private keys α and β. The encryption operation is to use α (or β) to exponentiate and modulo q. No matter whether α is used for encryption first and β is used for encryption or β is used for encryption first and α is used for encryption, the encryption results can be decrypted in the same or different order. In general, the encryption/decryption performed by the client and the server on the same target uses an encryption/decryption algorithm with interchangeable order.
具体的,可以是服务端收到隐私检索语句后,对隐私字段再次加密后返回至客户端,也可以是服务端收到客户端发送的经客户端自身加密的敏感字段后,服务端对加密的敏感字段再次用服务端自身密钥加密后返回至客户端。进而,客户端采用自身密钥对两次加密后的敏感字段解密得到由服务端加密的敏感字段。Specifically, after receiving the privacy search statement, the server may encrypt the privacy field again and return it to the client, or after receiving the sensitive field sent by the client and encrypted by the client itself, the server may encrypt the encrypted sensitive field again with the server's own key and return it to the client. Then, the client uses its own key to decrypt the twice encrypted sensitive field to obtain the sensitive field encrypted by the server.
例如,情况1:服务端可以接收到客户端发送的(H(24))
β。
For example, case 1: the server can receive (H(24)) β sent by the client.
服务端可以对加密后的敏感字段(亦即隐私字段)再次加密,并将再次加密后的敏感字段返回至客户端。具体的,服务端可以对隐私字段(H(24))
β采用自身的RSA私钥α进行再次加密,得到((H(24))
β)
α。
The server can re-encrypt the encrypted sensitive field (ie, the private field) and return the re-encrypted sensitive field to the client. Specifically, the server can re-encrypt the private field (H(24)) β using its own RSA private key α to obtain ((H(24)) β ) α .
例如,情况1':服务端可以接收到客户端发送的隐私检索语句select Name where Age=(H(24))
β。这样,服务端可以获得该隐私检索语句中的隐私字段(H(24))
β。
For example, in case 1': the server may receive the privacy search statement select Name where Age=(H(24)) β sent by the client. In this way, the server may obtain the privacy field (H(24)) β in the privacy search statement.
服务端可以对隐私字段再次加密,并将再次加密后的隐私字段返回至客户端。The server can encrypt the private field again and return the re-encrypted private field to the client.
具体的,服务端可以对隐私字段(H(24))
β采用自身的RSA私钥α进行再次加密,得到((H(24))
β)
α,具体过程类似上述,这里不再赘述。
Specifically, the server can re-encrypt the privacy field (H(24)) β using its own RSA private key α to obtain ((H(24)) β ) α . The specific process is similar to the above and will not be repeated here.
例如,情况2:服务端可以接收到客户端发送的β·H(24)。For example, case 2: the server can receive β·H(24) sent by the client.
服务端可以对隐私字段再次加密,并将再次加密后的隐私字段返回至客户端。具体的,服务端可以对隐私字段β·H(24)采用自身的ECC私钥α进行再次加密,得到α·β·H(24)。The server can re-encrypt the private field and return the re-encrypted private field to the client. Specifically, the server can re-encrypt the private field β·H(24) using its own ECC private key α to obtain α·β·H(24).
例如,情况2':服务端可以接收到客户端发送的隐私检索语句select Name where Age=β·H(24)。这样,服务端可以获得该隐私检索语句中的隐私字段β·H(24)。For example, in case 2': the server can receive the privacy search statement select Name where Age=β·H(24) sent by the client. In this way, the server can obtain the privacy field β·H(24) in the privacy search statement.
服务端可以对隐私字段再次加密,并将再次加密后的隐私字段返回至客户端。The server can encrypt the private field again and return the re-encrypted private field to the client.
具体的,服务端可以对隐私字段β·H(24)采用自身的ECC私钥α进行再次加密,得到α·β·H(24),具体过程类似上述,这里不再赘述。Specifically, the server can re-encrypt the privacy field β·H(24) using its own ECC private key α to obtain α·β·H(24). The specific process is similar to the above and will not be repeated here.
服务端采用自身密钥对由客户端加密的敏感字段(即隐私字段)再次加密后发送至客户端后,客户端可以采用自身密钥对两次加密后的隐私字段解密得到由服务端加密的敏感字段。After the server uses its own key to re-encrypt the sensitive field (i.e., the privacy field) encrypted by the client and sends it to the client, the client can use its own key to decrypt the twice-encrypted privacy field to obtain the sensitive field encrypted by the server.
例如,对应上面情况1和1',客户端接收到服务端发送的((H(24))
β)
α,其中的幂次方运算存在性质如下:((H(24))
β)
α=(H(24))
βα=(H(24))
αβ=((H(24))
α)
β。进而,客户端可以采用自身密钥β的逆元
对两次加密后的敏感字段解密,如下:
这样,客户端得到由服务端加密的同一敏感字段,即(H(24))
α。
For example, corresponding to the above cases 1 and 1', the client receives ((H(24)) β ) α sent by the server, where the power operation has the following property: ((H(24)) β ) α =(H(24)) βα =(H(24)) αβ =((H(24)) α ) β . Furthermore, the client can use the inverse element of its own key β Decrypt the twice encrypted sensitive fields as follows: In this way, the client obtains the same sensitive field encrypted by the server, namely (H(24)) α .
对应上面情况2和2',客户端接收到服务端发送的α·β·H(24),其中的标量乘法运算存在性质如下:α·β·H(24)=β·α·H(24)。进而,客户端可以采用自身密钥β的逆元β
-1对两次加密后的敏感字段解密,如下:β
-1·α·β·H(24)=β
-1·β·α·H(24)=α·H(24)。这样,客户端同样得到由服务端加密的同一敏感字段,即α·H(24)。
Corresponding to the above cases 2 and 2', the client receives α·β·H(24) sent by the server, where the scalar multiplication operation has the following property: α·β·H(24)=β·α·H(24). Furthermore, the client can use the inverse element β -1 of its own key β to decrypt the twice encrypted sensitive field, as follows: β -1 ·α·β·H(24)=β -1 ·β·α·H(24)=α·H(24). In this way, the client also obtains the same sensitive field encrypted by the server, namely α·H(24).
需要说明的是,RSA中,根据欧拉定理,pk·sk=1mod(p-1)·(q-1),其中p和q两个大质数,所以pk和sk互为逆元。类似的,ECC中,pk=sk*G,G为ECC选定曲线上的的一个生成元,所以pk和sk也是互为逆元。It should be noted that in RSA, according to Euler's theorem, pk·sk=1mod(p-1)·(q-1), where p and q are two large prime numbers, so pk and sk are inverses of each other. Similarly, in ECC, pk=sk*G, G is a generator on the ECC selected curve, so pk and sk are also inverses of each other.
S120:客户端在查询基中根据所述由服务端加密的敏感字段检索,得到匹配记录的标识,并将该标识返回至服务端。S120: The client searches the query base according to the sensitive field encrypted by the server, obtains the identifier of the matching record, and returns the identifier to the server.
S110执行后,客户端可以得到由服务端加密的同一敏感字段。After S110 is executed, the client can obtain the same sensitive field encrypted by the server.
客户端可以基于该由服务端加密的敏感字段在查询基中查询。例如,客户端解密后得到由服务端加密的隐私字段α·H(24)或(H(24))
α,从而客户端基于该隐私字段在查询基中查询,例如分别在表2或表3中查询,可以得到Age中包含该隐私字段的记录为ID=d_0和ID=id_6的两条记录,ID为这两条记录的标识。这样,客户基于该由服务端加密的隐私字段在查询基中查询,匹配到记录后可以定位得到匹配记录的标识。
The client can query in the query base based on the sensitive field encrypted by the server. For example, after decryption, the client obtains the privacy field α·H(24) or (H(24)) α encrypted by the server, so that the client queries in the query base based on the privacy field, for example, querying in Table 2 or Table 3 respectively, and can obtain two records with ID=d_0 and ID=id_6 containing the privacy field in Age, where ID is the identifier of the two records. In this way, the client queries in the query base based on the privacy field encrypted by the server, and can locate the identifier of the matching record after matching the record.
所述客户端将匹配记录的标识返回至服务端,可以包括两种情况。The client returns the identifier of the matching record to the server, which may include two situations.
一种是S110中,客户端构造检索语句,并将检索语句中的敏感字段加密后得到隐私字段,并用隐私字段替换敏感字段,将替换后的隐私检索语句发送至服务端的情况。该情况下,客户端可以直接将匹配记录的标识返回至服务端。One is that in S110, the client constructs a search statement, encrypts the sensitive fields in the search statement to obtain the private fields, replaces the sensitive fields with the private fields, and sends the replaced private search statement to the server. In this case, the client can directly return the identifier of the matching record to the server.
另一种是S110中,客户端发送经自身加密的敏感字段的值至服务端的情况。该情况下,S120中,客户端可以构造检索语句,例如检索语句为:Another case is that in S110, the client sends the value of the sensitive field encrypted by itself to the server. In this case, in S120, the client can construct a search statement, for example, the search statement is:
select Name where ID=id_0 or ID=id_6select Name where ID=id_0 or ID=id_6
这样,S120中,客户端可以将构造的上述检索式发送至服务端,该检索式中包含了匹配记录的标识,并指示感兴趣的字段是Name,也就是select后面紧跟的字段名称。Thus, in S120, the client may send the constructed search formula to the server, where the search formula includes the identifier of the matching record and indicates that the field of interest is Name, that is, the field name immediately following select.
换句话说,S110和S120这两个步骤中,可以选择在其中的一个步骤中发送检索式,该检索式中包含了感兴趣字段。In other words, in the two steps S110 and S120, you can choose to send a search formula in one of the steps, and the search formula contains the field of interest.
S130:服务端返回所述数据库中所述标识对应记录中的感兴趣字段的值至客户端。S130: The server returns the value of the field of interest in the record corresponding to the identifier in the database to the client.
仍然按照上述例子,服务端接收到客户端发来的标识后,可以在所述数据库中查找所述标识对应记录,并按照S110或S120的感兴趣字段取出查找到的记录中的相应值,并将该取出的感兴趣字段的值返回至客户端。例如,返回id_0对应记录中的Name=A和id_6对应记录中的Name=G,即返回A和G至客户端。Still according to the above example, after receiving the identifier sent by the client, the server can search the database for the record corresponding to the identifier, and extract the corresponding value in the found record according to the field of interest in S110 or S120, and return the extracted value of the field of interest to the client. For example, return Name=A in the record corresponding to id_0 and Name=G in the record corresponding to id_6, that is, return A and G to the client.
上述实施例中,通过将查询基预先配置到客户端的形式,实现不暴露数据库明文的情况下由客户端通过与服务端交互及查询基定位要查询的字段在查询基中的标识,进一步根据标识向服务端发起查询,得到标识对应记录中的感兴趣字段的值。相对于传统的多副本PIR,显然不需要多个副本数据库之间不能合谋的前提假设,实用性更好。相对 于传统的单副本PIR中只能实现比特位检索的情形,本实施例不需要关注要检索的关键字在数据库中的具体位置(比特位置),可以实现字符串的查询,且可以支持结构化查询语句(Structured Query Language,SQL)。本实施例中数据库仍然保持在服务端,同时将数据库加密得到的查询基配置到客户端,以便于客户端检索时基于查询基进行数据定位以得到记录的标识,同时查询基的加密特性使得客户端不会获得数据库的内容,保证了服务端对数据库的隐私保护。整体来说,本实施例中数据库、查询基的形式,在一个服务端配置数据库和一个客户端配置查询基的情况下可以称为“非对称双副本”,在多个客户端配置查询基的情况下可以称为“非对称多副本”。In the above embodiment, by pre-configuring the query base to the client, the client can locate the identifier of the field to be queried in the query base through interaction with the server and the query base without exposing the plain text of the database, and further initiate a query to the server according to the identifier to obtain the value of the field of interest in the record corresponding to the identifier. Compared with the traditional multi-copy PIR, it is obviously not necessary to assume that multiple copy databases cannot collude, and the practicality is better. Compared with the situation that only bit retrieval can be achieved in the traditional single-copy PIR, this embodiment does not need to pay attention to the specific position (bit position) of the keyword to be retrieved in the database, can realize the query of the string, and can support structured query language (Structured Query Language, SQL). In this embodiment, the database is still kept on the server, and the query base obtained by encrypting the database is configured to the client, so that the client can locate the data based on the query base to obtain the identifier of the record when searching. At the same time, the encryption characteristics of the query base prevent the client from obtaining the content of the database, ensuring the privacy protection of the database by the server. In general, the form of the database and query base in this embodiment can be called "asymmetric dual copies" when a database is configured on a server and a query base is configured on a client, and can be called "asymmetric multiple copies" when query bases are configured on multiple clients.
上述实施例中,通过SQL查询语句,客户端可以发起对感兴趣字段的查询,例如上述select Name...中要查询的Name字段。这在一定程度上暴露了客户端的感兴趣字段。另一种方式中,可以查询符合条件的记录,即符合条件的整行数据,这样可以保护客户端的隐私,但是需要服务端返回整条记录,这就一定程度上暴露了服务端的整行数据。例如S110/S120中通过“select*where Age=?”或“select*where ID=id_0 or ID=id_6”这样的检索语句。这样,服务端返回的结果可以是id_0、id_6这两行的记录,例如如下:In the above embodiment, through the SQL query statement, the client can initiate a query on the field of interest, such as the Name field to be queried in the above select Name... This exposes the client's fields of interest to a certain extent. In another way, you can query the records that meet the conditions, that is, the entire row of data that meets the conditions, which can protect the privacy of the client, but requires the server to return the entire record, which exposes the entire row of data on the server to a certain extent. For example, in S110/S120, through the search statement such as "select*where Age=?" or "select*where ID=id_0 or ID=id_6". In this way, the result returned by the server can be the records of the two rows of id_0 and id_6, for example as follows:
id_0A26315824anhuiid_0A26315824anhui
id_6G22345524beijingid_6G22345524beijing
另外,为了保证传输过程的安全,所述服务端可以加密返回所述数据库中所述标识对应记录/对应记录中感兴趣字段的值至所述客户端。例如,服务端可以采用与客户端协商所得的对称密钥对数据库中所述标识对应记录/对应记录中感兴趣字段的值加密后返回至所述客户端,或者采用所述客户端的非对称密钥中的公钥对数据库中所述标识对应记录/对应记录中感兴趣字段的值加密后返回至所述客户端,从而客户端可以用自身私钥解密,以及采用数字信封方式等等。In addition, in order to ensure the security of the transmission process, the server can encrypt and return the record corresponding to the identifier in the database/the value of the field of interest in the corresponding record to the client. For example, the server can use the symmetric key negotiated with the client to encrypt the record corresponding to the identifier in the database/the value of the field of interest in the corresponding record and return it to the client, or use the public key in the asymmetric key of the client to encrypt the record corresponding to the identifier in the database/the value of the field of interest in the corresponding record and return it to the client, so that the client can decrypt it with its own private key, and use a digital envelope method, etc.
以下介绍本说明书一种实现隐私信息检索的系统实施例,包括服务端与客户端,客户端与服务端对同一目标执行的加/解密采用可交换顺序的加/解密算法,且:所述服务端配置有数据库,并将该数据库加密后得到查询基,并发送该查询基至客户端;在一次检索过程中:所述客户端发送经自身加密的敏感字段至服务端,并通过与服务端的交互得到由服务端加密的同一敏感字段;在查询基中根据所述由服务端加密的敏感字段检索,得到匹配记录的标识,并将该标识返回至服务端;所述服务端接收所述客户端发送的经自身加密的敏感字段并再次加密后返回至所述客户端;还接收所述客户端发送的检索标识;并返回所述数据库中所述标识对应记录/对应记录中感兴趣字段的值至所述客户端。The following introduces a system embodiment of the present specification for implementing privacy information retrieval, including a server and a client, wherein the encryption/decryption performed by the client and the server on the same target adopts an encryption/decryption algorithm with an interchangeable order, and: the server is configured with a database, and obtains a query base after encrypting the database, and sends the query base to the client; in a retrieval process: the client sends a sensitive field encrypted by itself to the server, and obtains the same sensitive field encrypted by the server through interaction with the server; retrieves the sensitive field encrypted by the server in the query base, obtains the identifier of the matching record, and returns the identifier to the server; the server receives the sensitive field encrypted by itself sent by the client, encrypts it again and returns it to the client; also receives a retrieval identifier sent by the client; and returns the record corresponding to the identifier in the database/the value of the field of interest in the corresponding record to the client.
以下介绍本说明书一种实现隐私信息检索的服务端实施例,所述服务端与客户端对同一目标执行的加/解密采用可交换顺序的加/解密算法,且:所述服务端配置有数据库,并将该数据库加密后得到查询基,并发送该查询基至客户端;在一次检索过程中:所述服务端接收所述客户端发送的经自身加密的敏感字段并再次加密后返回至所述客户端;还接收所述客户端发送的检索标识;并返回所述数据库中所述标识对应记录/对应记录中感兴趣字段的值至所述客户端。The following introduces a server embodiment of the present specification for implementing private information retrieval, in which the encryption/decryption performed by the server and the client on the same target adopts an encryption/decryption algorithm with an interchangeable order, and: the server is configured with a database, and encrypts the database to obtain a query base, and sends the query base to the client; during a retrieval process: the server receives the sensitive field encrypted by itself sent by the client, encrypts it again and returns it to the client; it also receives the retrieval identifier sent by the client; and returns the record corresponding to the identifier in the database/the value of the field of interest in the corresponding record to the client.
以下介绍本说明书一种实现隐私信息检索的客户端实施例,该客户端与服务端对同一目标执行的加/解密采用可交换顺序的加/解密算法,且:所述客户端配置有查询基,所述查询基由所述服务端将数据库加密后得到;在一次检索过程中:所述客户端发送经自身加密的敏感字段至服务端,并通过与服务端的交互得到由服务端加密的同一敏感字段;在查询基中根据所述由服务端加密的敏感字段检索,得到匹配记录的标识,并将该标识返回至服务端。The following introduces a client embodiment of the present specification for implementing privacy information retrieval, in which the encryption/decryption performed by the client and the server on the same target adopts an encryption/decryption algorithm with an interchangeable order, and: the client is configured with a query base, and the query base is obtained by the server after encrypting the database; in a retrieval process: the client sends the sensitive field encrypted by itself to the server, and obtains the same sensitive field encrypted by the server through interaction with the server; the query base is searched according to the sensitive field encrypted by the server, the identification of the matching record is obtained, and the identification is returned to the server.
在20世纪90年代,对于一个技术的改进可以很明显地区分是硬件上的改进(例如,对二极管、晶体管、开关等电路结构的改进)还是软件上的改进(对于方法流程的改进)。然而,随着技术的发展,当今的很多方法流程的改进已经可以视为硬件电路结构的直接改进。设计人员几乎都通过将改进的方法流程编程到硬件电路中来得到相应的硬件电路结构。因此,不能说一个方法流程的改进就不能用硬件实体模块来实现。例如,可编程逻辑器件(Programmable Logic Device,PLD)(例如现场可编程门阵列(Field Programmable Gate Array,FPGA))就是这样一种集成电路,其逻辑功能由用户对器件编程来确定。由设计人员自行编程来把一个数字系统“集成”在一片PLD上,而不需要请芯片制造厂商来设计和制作专用的集成电路芯片。而且,如今,取代手工地制作集成电路芯片,这种编程也多半改用“逻辑编译器(logic compiler)”软件来实现,它与程序开发撰写时所用的软件编译器相类似,而要编译之前的原始代码也得用特定的编程语言来撰写,此称之为硬件描述语言(Hardware Description Language,HDL),而HDL也并非仅有一种,而是有许多种,如ABEL(Advanced Boolean Expression Language)、AHDL(Altera Hardware Description Language)、Confluence、CUPL(Cornell University Programming Language)、HDCal、JHDL(Java Hardware Description Language)、Lava、Lola、MyHDL、PALASM、RHDL(Ruby Hardware Description Language)等,目前最普遍使用的是VHDL(Very-High-Speed Integrated Circuit Hardware Description Language)与Verilog。本领域技术人员也应该清楚,只需要将方法流程用上述几种硬件描述语言稍作逻辑编程并编程到集成电路中,就可以很容易得到实现该逻辑方法流程的硬件电路。In the 1990s, it was very clear whether the improvement of a technology was hardware improvement (for example, improvement of the circuit structure of diodes, transistors, switches, etc.) or software improvement (improvement of the method flow). However, with the development of technology, many of the improvements of the method flow today can be regarded as direct improvements of the hardware circuit structure. Designers almost always obtain the corresponding hardware circuit structure by programming the improved method flow into the hardware circuit. Therefore, it cannot be said that the improvement of a method flow cannot be implemented with hardware entity modules. For example, a programmable logic device (PLD) (such as a field programmable gate array (FPGA)) is such an integrated circuit whose logical function is determined by the user's programming of the device. Designers can "integrate" a digital system on a PLD by programming themselves, without having to ask chip manufacturers to design and make dedicated integrated circuit chips. Moreover, nowadays, instead of manually making integrated circuit chips, this kind of programming is mostly implemented by "logic compiler" software, which is similar to the software compiler used when developing programs. The original code before compilation must also be written in a specific programming language, which is called Hardware Description Language (HDL). There is not only one kind of HDL, but many kinds, such as ABEL (Advanced Boolean Expression Language), AHDL (Altera Hardware Description Language), Confluence, CUPL (Cornell University Programming Language), HDCal, JHDL (Java Hardware Description Language), Lava, Lola, MyHDL, PALASM, RHDL (Ruby Hardware Description Language), etc., and the most commonly used ones are VHDL (Very-High-Speed Integrated Circuit Hardware Description Language) and Verilog. Those skilled in the art should also know that it is only necessary to program the method flow slightly in the above-mentioned hardware description languages and program it into the integrated circuit, and then it is easy to obtain the hardware circuit that realizes the logic method flow.
控制器可以按任何适当的方式实现,例如,控制器可以采取例如微处理器或处理器以及存储可由该(微)处理器执行的计算机可读程序代码(例如软件或固件)的计算机可读介质、逻辑门、开关、专用集成电路(Application Specific Integrated Circuit,ASIC)、可编程逻辑控制器和嵌入微控制器的形式,控制器的例子包括但不限于以下微控制器:ARC 625D、Atmel AT91SAM、Microchip PIC18F26K20以及Silicone Labs C8051F320,存储器控制器还可以被实现为存储器的控制逻辑的一部分。本领域技术人员也知道,除了以纯计算机可读程序代码方式实现控制器以外,完全可以通过将方法步骤进行逻辑编程来使得控制器以逻辑门、开关、专用集成电路、可编程逻辑控制器和嵌入微控制器等的形式来实现相同功能。因此这种控制器可以被认为是一种硬件部件,而对其内包括的用于实现各种功能的装置也可以视为硬件部件内的结构。或者甚至,可以将用于实现各种功能的装置视为既可以是实现方法的软件模块又可以是硬件部件内的结构。The controller may be implemented in any suitable manner, for example, the controller may take the form of a microprocessor or processor and a computer readable medium storing a computer readable program code (e.g., software or firmware) executable by the (micro)processor, a logic gate, a switch, an application specific integrated circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include but are not limited to the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, and the memory controller may also be implemented as part of the control logic of the memory. It is also known to those skilled in the art that in addition to implementing the controller in a purely computer readable program code manner, the controller may be implemented in the form of a logic gate, a switch, an application specific integrated circuit, a programmable logic controller, and an embedded microcontroller by logically programming the method steps. Therefore, such a controller may be considered as a hardware component, and the means for implementing various functions included therein may also be considered as a structure within the hardware component. Or even, the means for implementing various functions may be considered as both a software module for implementing the method and a structure within the hardware component.
上述实施例阐明的系统、装置、模块或单元,具体可以由计算机芯片或实体实现,或者由具有某种功能的产品来实现。一种典型的实现设备为服务器系统。当然,本说明书不排除随着未来计算机技术的发展,实现上述实施例功能的计算机例如可以为个人计算机、膝上型计算机、车载人机交互设备、蜂窝电话、相机电话、智能电话、个人数字助理、媒体播放器、导航设备、电子邮件设备、游戏控制台、平板计算机、可穿戴设备或者这些设备中的任何设备的组合。The systems, devices, modules or units described in the above embodiments may be implemented by computer chips or entities, or by products with certain functions. A typical implementation device is a server system. Of course, this specification does not exclude that with the development of computer technology in the future, the computer that implements the functions of the above embodiments may be, for example, a personal computer, a laptop computer, a vehicle-mounted human-computer interaction device, a cellular phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
虽然本说明书一个或多个实施例提供了如实施例或流程图所述的方法操作步骤,但基于常规或者无创造性的手段可以包括更多或者更少的操作步骤。实施例中列举的步骤顺序仅仅为众多步骤执行顺序中的一种方式,不代表唯一的执行顺序。在实际中的装置或终端产品执行时,可以按照实施例或者附图所示的方法顺序执行或者并行执行(例如并行处理器或者多线程处理的环境,甚至为分布式数据处理环境)。术语“包括”、“包含”或者其任何其他变体意在涵盖非排他性的包含,从而使得包括一系列要素的过程、方法、产品或者设备不仅包括那些要素,而且还包括没有明确列出的其他要素,或者是还包括为这种过程、方法、产品或者设备所固有的要素。在没有更多限制的情况下,并不排除在包括所述要素的过程、方法、产品或者设备中还存在另外的相同或等同要素。例如若使用到第一,第二等词语用来表示名称,而并不表示任何特定的顺序。Although one or more embodiments of the present specification provide method operation steps as described in the embodiments or flow charts, more or less operation steps may be included based on conventional or non-creative means. The order of steps listed in the embodiments is only one way of executing the order of many steps, and does not represent the only execution order. When the device or terminal product in practice is executed, it can be executed in sequence or in parallel according to the method shown in the embodiments or the drawings (for example, a parallel processor or a multi-threaded processing environment, or even a distributed data processing environment). The term "include", "include" or any other variant thereof is intended to cover non-exclusive inclusion, so that the process, method, product or equipment including a series of elements includes not only those elements, but also includes other elements that are not explicitly listed, or also includes elements inherent to such process, method, product or equipment. In the absence of more restrictions, it is not excluded that there are other identical or equivalent elements in the process, method, product or equipment including the elements. For example, if the words first, second, etc. are used to represent the name, they do not represent any specific order.
为了描述的方便,描述以上装置时以功能分为各种模块分别描述。当然,在实施本说明书一个或多个时可以把各模块的功能在同一个或多个软件和/或硬件中实现,也可以将实现同一功能的模块由多个子模块或子单元的组合实现等。以上所描述的装置实施例 仅仅是示意性的,例如,所述单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。For the convenience of description, the above devices are described in various modules according to their functions. Of course, when implementing one or more of the present specification, the functions of each module can be implemented in the same or more software and/or hardware, or the module implementing the same function can be implemented by a combination of multiple sub-modules or sub-units. The device embodiments described above are only schematic. For example, the division of the units is only a logical function division. There may be other division methods in actual implementation. For example, multiple units or components can be combined or integrated into another system, or some features can be ignored or not executed. Another point is that the mutual coupling or direct coupling or communication connection shown or discussed can be through some interfaces, indirect coupling or communication connection of devices or units, which can be electrical, mechanical or other forms.
本说明书是参照根据本说明书实施例的方法、装置(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。This specification is described with reference to the flowchart and/or block diagram of the method, device (system), and computer program product according to the embodiment of this specification. It should be understood that each process and/or box in the flowchart and/or block diagram, as well as the combination of the process and/or box in the flowchart and/or block diagram can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, an embedded processor or other programmable data processing device to produce a machine, so that the instructions executed by the processor of the computer or other programmable data processing device produce a device for implementing the functions specified in one process or multiple processes in the flowchart and/or one box or multiple boxes in the block diagram.
这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer-readable memory produce a manufactured product including an instruction device that implements the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.
这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions may also be loaded onto a computer or other programmable data processing device so that a series of operational steps are executed on the computer or other programmable device to produce a computer-implemented process, whereby the instructions executed on the computer or other programmable device provide steps for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.
在一个典型的配置中,计算设备包括一个或多个处理器(CPU)、输入/输出接口、网络接口和内存。In a typical configuration, a computing device includes one or more processors (CPU), input/output interfaces, network interfaces, and memory.
内存可能包括计算机可读介质中的非永久性存储器,随机存取存储器(RAM)和/或非易失性内存等形式,如只读存储器(ROM)或闪存(flash RAM)。内存是计算机可读介质的示例。Memory may include non-permanent storage in a computer-readable medium, in the form of random access memory (RAM) and/or non-volatile memory, such as read-only memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
计算机可读介质包括永久性和非永久性、可移动和非可移动媒体可以由任何方法或技术来实现信息存储。信息可以是计算机可读指令、数据结构、程序的模块或其他数据。计算机的存储介质的例子包括,但不限于相变内存(PRAM)、静态随机存取存储器(SRAM)、动态随机存取存储器(DRAM)、其他类型的随机存取存储器(RAM)、只读存储 器(ROM)、电可擦除可编程只读存储器(EEPROM)、快闪记忆体或其他内存技术、只读光盘只读存储器(CD-ROM)、数字多功能光盘(DVD)或其他光学存储、磁盒式磁带,磁带磁磁盘存储、石墨烯存储或其他磁性存储设备或任何其他非传输介质,可用于存储可以被计算设备访问的信息。按照本文中的界定,计算机可读介质不包括暂存电脑可读媒体(transitory media),如调制的数据信号和载波。Computer readable media include permanent and non-permanent, removable and non-removable media that can be implemented by any method or technology to store information. Information can be computer readable instructions, data structures, program modules or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technology, compact disk read-only memory (CD-ROM), digital versatile disk (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage, graphene storage or other magnetic storage devices or any other non-transmission media that can be used to store information that can be accessed by a computing device. As defined in this article, computer readable media does not include temporary computer readable media (transitory media), such as modulated data signals and carrier waves.
本领域技术人员应明白,本说明书一个或多个实施例可提供为方法、系统或计算机程序产品。因此,本说明书一个或多个实施例可采用完全硬件实施例、完全软件实施例或结合软件和硬件方面的实施例的形式。而且,本说明书一个或多个实施例可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。It should be understood by those skilled in the art that one or more embodiments of the present specification may be provided as a method, system or computer program product. Therefore, one or more embodiments of the present specification may take the form of a complete hardware embodiment, a complete software embodiment or an embodiment combining software and hardware. Moreover, one or more embodiments of the present specification may take the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.
本说明书一个或多个实施例可以在由计算机执行的计算机可执行指令的一般上下文中描述,例如程序模块。一般地,程序模块包括执行特定任务或实现特定抽象数据类型的例程、程序、对象、组件、数据结构等等。也可以在分布式计算环境中实践本本说明书一个或多个实施例,在这些分布式计算环境中,由通过通信网络而被连接的远程处理设备来执行任务。在分布式计算环境中,程序模块可以位于包括存储设备在内的本地和远程计算机存储介质中。One or more embodiments of this specification may be described in the general context of computer-executable instructions executed by a computer, such as program modules. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform specific tasks or implement specific abstract data types. One or more embodiments of this specification may also be practiced in distributed computing environments where tasks are performed by remote processing devices connected through a communication network. In a distributed computing environment, program modules may be located in local and remote computer storage media, including storage devices.
本说明书中的各个实施例均采用递进的方式描述,各个实施例之间相同相似的部分互相参见即可,每个实施例重点说明的都是与其他实施例的不同之处。尤其,对于系统实施例而言,由于其基本相似于方法实施例,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。在本说明书的描述中,参考术语“一个实施例”、“一些实施例”、“示例”、“具体示例”、或“一些示例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或者特点包含于本说明书的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不必须针对的是相同的实施例或示例。而且,描述的具体特征、结构、材料或者特点可以在任一个或多个实施例或示例中以合适的方式结合。此外,在不相互矛盾的情况下,本领域的技术人员可以将本说明书中描述的不同实施例或示例以及不同实施例或示例的特征进行结合和组合。Each embodiment in this specification is described in a progressive manner, and the same and similar parts between the embodiments can be referred to each other, and each embodiment focuses on the differences from other embodiments. In particular, for the system embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant parts can be referred to the partial description of the method embodiment. In the description of this specification, the description of the reference terms "one embodiment", "some embodiments", "example", "specific example", or "some examples" means that the specific features, structures, materials or characteristics described in conjunction with the embodiment or example are included in at least one embodiment or example of this specification. In this specification, the schematic representation of the above terms does not necessarily target the same embodiment or example. Moreover, the specific features, structures, materials or characteristics described can be combined in any one or more embodiments or examples in a suitable manner. In addition, those skilled in the art can combine and combine the different embodiments or examples described in this specification and the features of different embodiments or examples without contradiction.
以上所述仅为本说明书一个或多个实施例的实施例而已,并不用于限制本本说明书一个或多个实施例。对于本领域技术人员来说,本说明书一个或多个实施例可以有各种更改和变化。凡在本说明书的精神和原理之内所作的任何修改、等同替换、改进等,均应包含在权利要求范围之内。The above description is only an example of one or more embodiments of this specification and is not intended to limit one or more embodiments of this specification. For those skilled in the art, one or more embodiments of this specification may have various changes and variations. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this specification should be included in the scope of the claims.
Claims (10)
- 一种实现隐私信息检索的方法,服务端将数据库加密后得到查询基,并发送该查询基至客户端;客户端与服务端对同一目标执行的加/解密采用可交换顺序的加/解密算法;A method for realizing private information retrieval, wherein a server obtains a query base after encrypting a database, and sends the query base to a client; encryption/decryption performed by the client and the server on the same target adopts an encryption/decryption algorithm with interchangeable order;在一次检索过程中,包括:In a search process, including:所述客户端发送经自身加密的敏感字段至服务端,并通过与服务端的交互得到由服务端加密的同一敏感字段;The client sends the sensitive field encrypted by itself to the server, and obtains the same sensitive field encrypted by the server through interaction with the server;所述客户端在查询基中根据所述由服务端加密的敏感字段检索,得到匹配记录的标识,并将该标识返回至服务端;The client searches the query base according to the sensitive field encrypted by the server, obtains the identifier of the matching record, and returns the identifier to the server;所述服务端返回所述数据库中所述标识对应记录/对应记录中感兴趣字段的值至所述客户端。The server returns the record corresponding to the identifier in the database/the value of the field of interest in the corresponding record to the client.
- 如权利要求1所述的方法,所述客户端发送经自身加密的敏感字段至服务端,包括:The method according to claim 1, wherein the client sends the sensitive field encrypted by itself to the server, comprising:客户端发送经自身加密的敏感字段的值至服务端。The client sends the value of the sensitive field encrypted by itself to the server.
- 如权利要求1所述的方法,所述客户端发送经自身加密的敏感字段至服务端,包括:The method according to claim 1, wherein the client sends the sensitive field encrypted by itself to the server, comprising:所述客户端构造检索语句,并将检索语句中的敏感字段加密后得到隐私字段,并用隐私字段替换敏感字段,将替换后的隐私检索语句发送至服务端。The client constructs a search statement, encrypts the sensitive fields in the search statement to obtain a privacy field, replaces the sensitive field with the privacy field, and sends the replaced privacy search statement to the server.
- 如权利要求1所述的方法,所述客户端通过与服务端的交互得到由服务端加密的同一敏感字段,包括:The method as claimed in claim 1, wherein the client obtains the same sensitive field encrypted by the server through interaction with the server, comprising:服务端采用自身密钥对由客户端加密的敏感字段再次加密后发送至客户端,客户端采用自身密钥对两次加密后的敏感字段解密得到由服务端加密的敏感字段。The server uses its own key to encrypt the sensitive field encrypted by the client again and sends it to the client. The client uses its own key to decrypt the sensitive field encrypted twice to obtain the sensitive field encrypted by the server.
- 如权利要求2所述的方法,所述客户端将该标识返回至服务端,包括:The method according to claim 2, wherein the client returns the identifier to the server, comprising:所述客户端构造检索语句,并将构造的检索语句发送至服务端,该检索语句中包含匹配记录的标识。The client constructs a search statement and sends the constructed search statement to the server, wherein the search statement includes an identifier of a matching record.
- 如权利要求3或5所述的方法,所述检索语句中包括或不包括所述感兴趣字段。According to the method of claim 3 or 5, the search statement includes or does not include the field of interest.
- 如权利要求1-6中任一项所述的方法,所述服务端返回所述数据库中所述标识对应记录/对应记录中感兴趣字段的值至所述客户端,包括:The method according to any one of claims 1 to 6, wherein the server returns the record corresponding to the identifier in the database/the value of the field of interest in the corresponding record to the client, comprising:所述服务端加密返回所述数据库中所述标识对应记录/对应记录中感兴趣字段的值至所述客户端。The server encrypts and returns the record corresponding to the identifier in the database/the value of the field of interest in the corresponding record to the client.
- 一种实现隐私信息检索的系统,包括服务端与客户端,客户端与服务端对同一 目标执行的加/解密采用可交换顺序的加/解密算法,且:A system for realizing private information retrieval includes a server and a client. The encryption/decryption performed by the client and the server on the same target adopts an encryption/decryption algorithm with an interchangeable order, and:所述服务端配置有数据库,并将该数据库加密后得到查询基,并发送该查询基至客户端;The server is configured with a database, and obtains a query base after encrypting the database, and sends the query base to the client;在一次检索过程中:During a search:所述客户端发送经自身加密的敏感字段至服务端,并通过与服务端的交互得到由服务端加密的同一敏感字段;在查询基中根据所述由服务端加密的敏感字段检索,得到匹配记录的标识,并将该标识返回至服务端;The client sends the sensitive field encrypted by itself to the server, and obtains the same sensitive field encrypted by the server through interaction with the server; retrieves the sensitive field encrypted by the server in the query base, obtains the identifier of the matching record, and returns the identifier to the server;所述服务端接收所述客户端发送的经自身加密的敏感字段并再次加密后返回至所述客户端;还接收所述客户端发送的检索标识;并返回所述数据库中所述标识对应记录/对应记录中感兴趣字段的值至所述客户端。The server receives the sensitive fields encrypted by itself sent by the client, encrypts them again and returns them to the client; it also receives the search identifier sent by the client; and returns the record corresponding to the identifier/the value of the field of interest in the corresponding record in the database to the client.
- 一种实现隐私信息检索的服务端,所述服务端与客户端对同一目标执行的加/解密采用可交换顺序的加/解密算法,且:A server for implementing private information retrieval, wherein the server and the client use encryption/decryption algorithms with interchangeable sequences for encryption/decryption of the same target, and:所述服务端配置有数据库,并将该数据库加密后得到查询基,并发送该查询基至客户端;The server is configured with a database, and obtains a query base after encrypting the database, and sends the query base to the client;在一次检索过程中:During a search:所述服务端接收所述客户端发送的经自身加密的敏感字段并再次加密后返回至所述客户端;还接收所述客户端发送的检索标识;并返回所述数据库中所述标识对应记录/对应记录中感兴趣字段的值至所述客户端。The server receives the sensitive fields encrypted by itself sent by the client, encrypts them again and returns them to the client; it also receives the search identifier sent by the client; and returns the record corresponding to the identifier/the value of the field of interest in the corresponding record in the database to the client.
- 一种实现隐私信息检索的客户端,该客户端与服务端对同一目标执行的加/解密采用可交换顺序的加/解密算法,且:A client for implementing private information retrieval, wherein the encryption/decryption performed by the client and the server on the same target adopts an encryption/decryption algorithm with an interchangeable order, and:所述客户端配置有查询基,所述查询基由所述服务端将数据库加密后得到;The client is configured with a query base, and the query base is obtained by the server after encrypting the database;在一次检索过程中:During a search:所述客户端发送经自身加密的敏感字段至服务端,并通过与服务端的交互得到由服务端加密的同一敏感字段;在查询基中根据所述由服务端加密的敏感字段检索,得到匹配记录的标识,并将该标识返回至服务端。The client sends the sensitive field encrypted by itself to the server, and obtains the same sensitive field encrypted by the server through interaction with the server; retrieves the sensitive field encrypted by the server in the query base, obtains the identifier of the matching record, and returns the identifier to the server.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211216291.9 | 2022-09-30 | ||
| CN202211216291.9A CN115640601A (en) | 2022-09-30 | 2022-09-30 | Method, system, server and client for realizing private information retrieval |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| WO2024066013A1 true WO2024066013A1 (en) | 2024-04-04 |
Family
ID=84941198
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| PCT/CN2022/135370 WO2024066013A1 (en) | 2022-09-30 | 2022-11-30 | Privacy information retrieval implementation |
Country Status (2)
| Country | Link |
|---|---|
| CN (1) | CN115640601A (en) |
| WO (1) | WO2024066013A1 (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104995632A (en) * | 2012-12-28 | 2015-10-21 | 阿尔卡特朗讯公司 | A privacy-preserving database system |
| CN108494768A (en) * | 2018-03-22 | 2018-09-04 | 深圳大学 | A kind of cipher text searching method and system for supporting access control |
| US10691754B1 (en) * | 2015-07-17 | 2020-06-23 | Hrl Laboratories, Llc | STAGS: secure, tunable, and accountable generic search in databases |
| CN113378228A (en) * | 2021-06-29 | 2021-09-10 | 招商局金融科技有限公司 | Private information retrieval method, device, equipment and storage medium |
| CN114448640A (en) * | 2021-12-22 | 2022-05-06 | 深圳市领存技术有限公司 | Double-blind information distribution method and device and computer readable storage medium |
-
2022
- 2022-09-30 CN CN202211216291.9A patent/CN115640601A/en active Pending
- 2022-11-30 WO PCT/CN2022/135370 patent/WO2024066013A1/en unknown
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104995632A (en) * | 2012-12-28 | 2015-10-21 | 阿尔卡特朗讯公司 | A privacy-preserving database system |
| US10691754B1 (en) * | 2015-07-17 | 2020-06-23 | Hrl Laboratories, Llc | STAGS: secure, tunable, and accountable generic search in databases |
| CN108494768A (en) * | 2018-03-22 | 2018-09-04 | 深圳大学 | A kind of cipher text searching method and system for supporting access control |
| CN113378228A (en) * | 2021-06-29 | 2021-09-10 | 招商局金融科技有限公司 | Private information retrieval method, device, equipment and storage medium |
| CN114448640A (en) * | 2021-12-22 | 2022-05-06 | 深圳市领存技术有限公司 | Double-blind information distribution method and device and computer readable storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115640601A (en) | 2023-01-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Miao et al. | Lightweight fine-grained search over encrypted data in fog computing | |
| Liu et al. | Efficient and privacy-preserving outsourced calculation of rational numbers | |
| Wang et al. | Inverted index based multi-keyword public-key searchable encryption with strong privacy guarantee | |
| Gahi et al. | A secure database system using homomorphic encryption schemes | |
| JP2014002365A (en) | Encrypted data inquiry method and system which can protect privacy | |
| US20240104234A1 (en) | Encrypted information retrieval | |
| US20230254126A1 (en) | Encrypted search with a public key | |
| Zhang et al. | Secure and efficient searchable public key encryption for resource constrained environment based on pairings under prime order group | |
| CN116346310A (en) | Method and device for inquiring trace based on homomorphic encryption and computer equipment | |
| Zeng et al. | P3GQ: a practical privacy-preserving generic location-based services query scheme | |
| Niu et al. | A data-sharing scheme that supports multi-keyword search for electronic medical records | |
| JP2023518452A (en) | Fuzzy Data Matching Using Homomorphic Encryption | |
| US20230006813A1 (en) | Encrypted information retrieval | |
| WO2024066013A1 (en) | Privacy information retrieval implementation | |
| WO2024066015A1 (en) | Implementing privacy information retrieval | |
| WO2024066008A1 (en) | Method and system for implementing retrieval of privacy information, and server and client | |
| WO2024077734A1 (en) | Method and client for realizing construction of confusion set | |
| JP6732887B2 (en) | Method and system for database queries | |
| WO2024087312A1 (en) | Database access method, computing device and server | |
| US20230318809A1 (en) | Multi-key information retrieval | |
| Bhaskar et al. | A survey of ciphertext processing techniques | |
| Yu et al. | Keyword Guessing Attacks on Some Proxy Re-Encryption with Keyword Search Schemes | |
| Yin et al. | Attribute-Based Secure Keyword Search for Cloud Computing | |
| Bera et al. | Searchable Attribute-Based Proxy Re-encryption: Keyword Privacy, Verifiable Expressive Search, and Outsourced Decryption | |
| He et al. | Hierarchical conditional proxy re-encryption: A new insight of fine-grained secure data sharing |