CN103425933A - Data homomorphic encrypting and unloading method of multi-data source - Google Patents
Data homomorphic encrypting and unloading method of multi-data source Download PDFInfo
- Publication number
- CN103425933A CN103425933A CN2013103289413A CN201310328941A CN103425933A CN 103425933 A CN103425933 A CN 103425933A CN 2013103289413 A CN2013103289413 A CN 2013103289413A CN 201310328941 A CN201310328941 A CN 201310328941A CN 103425933 A CN103425933 A CN 103425933A
- Authority
- CN
- China
- Prior art keywords
- data
- encrypted
- prime number
- mod
- homomorphic
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a data homomorphic encrypting and unloading method of a multi-data source. The data homomorphic encrypting and unloading method of the multi-data source comprises the steps that (1) two prime numbers which are p and q are selected, wherein p and q are relatively prime numbers, the prime number range of p and q is determined according to the security level of data, pq is used as a public key of the homomorphic encryption algorithm, and p is used as a private key of the homomorphic encryption algorithm; (2) two prime numbers which are r and p are selected and serve as encryption interference parameters, wherein rp belongs to Zp, rq belongs to Zq, and rp and rq are relatively prime numbers; (3) data to be encrypted and unloaded are obtained from the selected data source and are converted XML structural data; (4) a character string x is extracted from the converted into XML structural data and then is encrypted with the homomorphic encryption algorithm according to the parameters (p, q, rp and rq) to obtain a ciphertext c; (5) the ciphertext c is stored in an XML homomorphic database. The data homomorphic encrypting and unloading method of the multi-data source has the advantages that safety of the data is guaranteed, the computation speed is improved, and performance is greatly improved.
Description
Technical field
The present invention relates to a kind of data encryption dump method, relate in particular to a kind of data homomorphic cryptography dump method of multi-data source, belong to the computer security field of storage.
Background technology
U.S. Crypto Section scholars in 1978 have proposed the concept of privacy homomorphism, and privacy homomorphism makes the user directly to ciphertext, to carry out operational transformation, make the secret space inner conversion of data an encryption, have effectively contained attack expressly.Along with the arrival of large data age, this concept is very useful in encryption and cloud computing field.But global researchist is being perplexed in the enforcement of privacy homomorphism concept all the time always.
2009, IBM researcher Craig Gentry broke through the difficult math question of homomorphic cryptography, made the homomorphism data encryption become a reality.This technological achievement provides theoretical support for homomorphism data encryption storage, cloud computing.
The homomorphic cryptography algorithm of increasing income that a lot of issues have been arranged at present, IBM researcher Victor Shoup and Shai Halevi have issued the homomorphic cryptography storehouse HElib that increases income (the HElib homomorphic cryptography algorithm storehouse of increasing income, with reference to network address: https: //github.com/shaih/HElib), adopt C++ to write.Thep (The Homomorphic Encryption Project) storehouse, also that (realize in Thep data homomorphic cryptography storehouse in a data homomorphic cryptography storehouse of increasing income, with reference to network address: http://code.google.com/p/thep/), the present invention has adopted the HElib storehouse of improvement to be encrypted computing.Effectively raise arithmetic speed, for the invention provides support.
Also not about the system of data homomorphic cryptography dump, there is no relevant solution at present yet.At present, the enterprise that some level of securitys are higher is starting to attempt using the homomorphism database to carry out data operation, but the Data Migration problem between the available data of existence and homomorphism database, and speed is slower, therefore, the subject matter that the present invention solves is fast by data homomorphic cryptography and the dump of a plurality of data sources.
Summary of the invention
For the technical matters existed in prior art, the object of the present invention is to provide a kind of data homomorphic cryptography dump method of multi-data source.The present invention has improved existing HElib homomorphic cryptography storehouse, optimize existing HElib cryptographic algorithm, the data in the raw data source have been converted into to an effective XML document, submitted to the homomorphic cryptography interface, encipher interface is calculated as ciphertext by data, then is submitted to the homomorphism database.
Implementation process of the present invention:
1. add corresponding plug-in unit in native system.(comprise from data source and obtain data, data are changed into to XML, by data encryption);
2. obtain the data (clear data) in available data source, the method for access data sources and password can be arranged in this programme;
3. plug-in unit carries out data-switching, raw data is converted to the structural data of XML;
Because the database homomorphism computing of this method is to be based upon on the XML database, therefore need to be converted to XML is stored, in order to reduce as much as possible data volume, this transfer process adopts Huffman encoding to compress, and the basic structure of conversion comprises: the SQL statement of the organization definition of tables of data and data division.Its structure as shown in Figure 1.
Its DTD is defined as follows:
<?xml?version=″1.0″encoding=″UTF-8″?>
<!ELEMENT?table(meta-data,data)>
<!ELEMENT?meta-data(ddl,rows,encoding,size?,created?,engine?)>
<!ELEMENT?data(r*)><!ELEMENT?ddl(#PCDATA)>
<!ELEMENT?rows(#PCDATA)>
<!ELEMENT?encoding(#PCDATA)>
<!ELEMENT?size(#PCDATA)>
<!ELEMENT?created(#PCDATA)>
<!ELEMENT?engine(#PCDATA)>
<!ATTLIST?table?name?CDATA#REQUIRED>
<!ATTLIST?table?compress(yes|no)>
This DTD (dtd——data type definition) has described a minimal definition that the tables of data data in relevant database is expressed as to the XML structural data, in transfer process, needs the data item of considering.But also have the more option of controlling in actual transfer process, these are controlled options and have assisted data to control and to mean, it is the known properties in the data with existing storehouse that the above lists what describe in structure.
4. system is encrypted (describing in " optimization of homomorphic cryptography algorithm " joint);
5. the system storing encrypt data is in the homomorphism database.
Compared with prior art, good effect of the present invention is:
The present invention provides a unified method for the dump of data homomorphic cryptography, and traditional database data is converted to the storage of homomorphism data encryption structure, has strengthened the confidentiality of data.The present invention is also a dump framework, can in framework, insert and encrypt plug-in unit.Such as better homomorphic encryption scheme is arranged, the user can insert homomorphic encryption scheme dynamically, thus improved system performance and security.Based on existing homomorphic cryptography method, the present invention adopts the parameter optimization means, within making and calculating and to be controlled at certain scale, also controlled the noise calculated, both guaranteed data security, and also improved computing velocity, the more existing scheme of the performance of overall plan is compared larger performance boost.
The accompanying drawing explanation
Fig. 1 is the structural drawing of the XML structural data after changing;
Fig. 2 is data homomorphic cryptography system construction drawing of the present invention;
Fig. 3 is method flow diagram of the present invention.
Embodiment
System construction drawing as shown in Figure 2.
System just provides the interface of an abstract standard to process the data in all data sources like this, also can data be reduced by the interface of standard.The component of a system is described as follows:
Connection manager: manage the connection of a plurality of data sources;
Security manager: key (PKI and private key) and the Access Control List (ACL) of management bottom;
Plugin manager: management plug-in unit;
The plug-in unit definition, each plug-in unit has defined following information:
(1) agreement in connection data storehouse (common protocol is such as JDBC, JDBC-ODBC etc.);
(2) resolve the request msg of corresponding database;
(3) the definition transformation rule, realized how database being converted to available XML data;
(4) the definition cryptographic algorithm is the homomorphic cryptography algorithm;
(5) producing method of definition PKI and private key, according to PKI and the private key producing method of data security level definition.
The optimization of homomorphic cryptography algorithm:
Algorithm flow in the present invention as shown in Figure 3, is based on the HE algorithm of EHlib exploitation, and the HELib algorithm is further optimized, and has obtained arithmetic speed faster.Settlement steps to deal is as follows:
(1) produce the prime number matrix;
(2) choose two large prime number p and q, and p and the q prime number each other that satisfies condition, but guarantee that p and q are in certain controlled range; Calculate thus m=pq; Selected the prime number scope according to the level of security of data, embodiment is the prime number first be chosen in the limit value scope, then selects another one in this limit value scope and and the coprime number of first prime number of having selected.The PKI that pq is the homomorphic cryptography algorithm, can outwards issue, and the private key that p is the homomorphic cryptography algorithm can not outwards be issued, and the PKI of generation and private key are by the security manager unified management of system.
(3) choose security parameter n.
(4) choose two prime number r from the prime number matrix
p, r
q, meet respectively r
p∈ Z
p, r
q∈ Z
q, and meet r
p, r
qPrime number is as the encryption interference parameter of homomorphic cryptography algorithm each other;
(5) determine K=(p, q, r
p, r
q);
(6) extracting character string x from the structural data conversion is encrypted: plaintext space T=Z
m(Z
mFor being less than the nonnegative integer set of Z), x is divided into to part for n at random, satisfy condition: x
i∈ Z
m, i=(1,2 ..., n),
And adopt Chinese remainder theorem to try to achieve the residue group, with existing homomorphic cryptography algorithm, character string x is encrypted, i.e. E
k(x)=([x
1r
pMod p, x
1r
qMod q], [x
2r
p 2Mod p, x
2r
q 2Mod q], [x
3r
p 3Mod p, x
3r
q 3Mod q] ... [x
nr
p nModp, x
nr
q nMod q]), draw ciphertext c by this computing.This cryptographic algorithm has been optimized choosing of parameter, and all parameters are taken from the prime number matrix (first step) that algorithm generates, and in order to guarantee security, parameter can be adjusted as required, and has reduced the computing noise.
(7) adjust parameter, reduce noise
Adjust parameter when Selecting All Parameters.Pq is regarded as PKI, and PKI is disclosed, takes ciphertext c and can obtain formula: c-pq=x+2r
p, due to r
pInterference, so generally be difficult to draw expressly x+2r
pBecome noise.C mod p=x+2r must satisfy condition in decrypting process
p<p/2 could correctly decipher ciphertext, so system can be adjusted parameter, makes it meet deciphering noise formula.
Homomorphism data analysis and computing:
The homomorphic cryptography data operation comprises: inquiry, upgrade, and delete update.The user carries out data manipulation with crossing SQL (the Structured Query Language) statement and HEQL (the Homomorphic Encyption Query Language) query language that send response.
Claims (7)
1. the data homomorphic cryptography dump method of a multi-data source, the steps include:
1) choose two prime number p and q, and p and q prime number each other; The prime number scope of p and q is determined according to the level of security of data; PKI using pq as the homomorphic cryptography algorithm, p is as the private key of homomorphic cryptography algorithm;
2) choose two prime number r
p, r
qEncryption interference parameter as the homomorphic cryptography algorithm; Wherein, r
p∈ Zp, r
q∈ Zq, and r
p, r
qPrime number each other;
3) obtain the data of unloading to be encrypted from the selected data source, and be converted into the structural data of XML;
4) extract a character string x from the structural data conversion, according to above-mentioned parameter (p, q, r
p, r
q) adopt the homomorphic cryptography algorithm to be encrypted character string x, obtain ciphertext c;
5) ciphertext c is saved in XML homomorphism database.
2. the method for claim 1, it is characterized in that the method that the data of unloading to be encrypted is converted to the structural data of XML is: at first adopt Huffman encoding to be compressed the data of unloading to be encrypted, then be converted into following structure: Huffman tree, metadata and table data obtain the XML structural data.
3. method as claimed in claim 2, is characterized in that described metadata comprises the size of data of list structure, unloading to be encrypted, the data encoding of unloading to be encrypted.
4. as claim 1 or 2 or 3 described methods, it is characterized in that model one prime number matrix, choose prime number p from this prime number matrix, q, r
p, r
q.
5. as claim 1 or 2 or 3 described methods, it is characterized in that character string x is divided into to n part, and satisfy condition: i ∈ Zm, i=1,2 ..., n; Wherein, Zm is the nonnegative integer set that is less than Z, expressly space T=Zm; Then adopt the homomorphic cryptography algorithm to be encrypted every a character string, obtain ciphertext c.
6. method as claimed in claim 5, is characterized in that adopting formula E
k(x)=([x
1r
pMod p, x
1r
qMod q], [x
2r
p 2Modp, x
2r
q 2Mod q], [x
3r
p 3Mod p, x3r
q 3Mod q] ... [x
nr
p nMod p, x
nr
q nMod q]) character string x is encrypted to computing, obtain ciphertext c.
7. the method for claim 1, is characterized in that adopting formula c-pq=x+2r
pTo parameter p, q, r
pCarry out dynamically adjusting in real time, make x+2r
pThe value minimum.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310328941.3A CN103425933B (en) | 2013-07-31 | 2013-07-31 | A kind of data homomorphic cryptography dump method of multi-data source |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310328941.3A CN103425933B (en) | 2013-07-31 | 2013-07-31 | A kind of data homomorphic cryptography dump method of multi-data source |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103425933A true CN103425933A (en) | 2013-12-04 |
| CN103425933B CN103425933B (en) | 2016-02-24 |
Family
ID=49650654
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310328941.3A Active CN103425933B (en) | 2013-07-31 | 2013-07-31 | A kind of data homomorphic cryptography dump method of multi-data source |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103425933B (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104883580A (en) * | 2015-06-03 | 2015-09-02 | 合肥工业大学 | System and method for video security convolution calculation based on homomorphic encryption |
| US9900147B2 (en) | 2015-12-18 | 2018-02-20 | Microsoft Technology Licensing, Llc | Homomorphic encryption with optimized homomorphic operations |
| CN108476136A (en) * | 2016-01-18 | 2018-08-31 | 三菱电机株式会社 | Encryption device, ciphertext conversion equipment, encipheror, ciphertext conversion program, encryption method and ciphertext conversion method |
| US10075289B2 (en) | 2015-11-05 | 2018-09-11 | Microsoft Technology Licensing, Llc | Homomorphic encryption with optimized parameter selection |
| CN108650092A (en) * | 2018-04-28 | 2018-10-12 | 广州大学 | A kind of implementation method of the public-key cryptosystem based on Big prime |
| US10153894B2 (en) | 2015-11-05 | 2018-12-11 | Microsoft Technology Licensing, Llc | Homomorphic encryption with optimized encoding |
| CN109728907A (en) * | 2019-01-31 | 2019-05-07 | 上海易点时空网络有限公司 | Large-scale data circulation method and device |
| US10296709B2 (en) | 2016-06-10 | 2019-05-21 | Microsoft Technology Licensing, Llc | Privacy-preserving genomic prediction |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102710757A (en) * | 2012-05-21 | 2012-10-03 | 北京航空航天大学 | Distributed cloud storage data integrity protection method |
| CN102984156A (en) * | 2012-11-30 | 2013-03-20 | 无锡赛思汇智科技有限公司 | Verifiable distributed privacy data comparing and sorting method and device |
| WO2013067542A1 (en) * | 2011-11-03 | 2013-05-10 | Genformatic, Llc | Device, system and method for securing and comparing genomic data |
-
2013
- 2013-07-31 CN CN201310328941.3A patent/CN103425933B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2013067542A1 (en) * | 2011-11-03 | 2013-05-10 | Genformatic, Llc | Device, system and method for securing and comparing genomic data |
| CN102710757A (en) * | 2012-05-21 | 2012-10-03 | 北京航空航天大学 | Distributed cloud storage data integrity protection method |
| CN102984156A (en) * | 2012-11-30 | 2013-03-20 | 无锡赛思汇智科技有限公司 | Verifiable distributed privacy data comparing and sorting method and device |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104883580A (en) * | 2015-06-03 | 2015-09-02 | 合肥工业大学 | System and method for video security convolution calculation based on homomorphic encryption |
| CN104883580B (en) * | 2015-06-03 | 2020-12-11 | 合肥工业大学 | Video security convolution computing system and method based on homomorphic encryption |
| US10075289B2 (en) | 2015-11-05 | 2018-09-11 | Microsoft Technology Licensing, Llc | Homomorphic encryption with optimized parameter selection |
| US10153894B2 (en) | 2015-11-05 | 2018-12-11 | Microsoft Technology Licensing, Llc | Homomorphic encryption with optimized encoding |
| US9900147B2 (en) | 2015-12-18 | 2018-02-20 | Microsoft Technology Licensing, Llc | Homomorphic encryption with optimized homomorphic operations |
| CN108476136A (en) * | 2016-01-18 | 2018-08-31 | 三菱电机株式会社 | Encryption device, ciphertext conversion equipment, encipheror, ciphertext conversion program, encryption method and ciphertext conversion method |
| CN108476136B (en) * | 2016-01-18 | 2021-01-05 | 三菱电机株式会社 | Ciphertext conversion apparatus, computer-readable recording medium, and ciphertext conversion method |
| US10296709B2 (en) | 2016-06-10 | 2019-05-21 | Microsoft Technology Licensing, Llc | Privacy-preserving genomic prediction |
| CN108650092A (en) * | 2018-04-28 | 2018-10-12 | 广州大学 | A kind of implementation method of the public-key cryptosystem based on Big prime |
| CN109728907A (en) * | 2019-01-31 | 2019-05-07 | 上海易点时空网络有限公司 | Large-scale data circulation method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103425933B (en) | 2016-02-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN103425933B (en) | A kind of data homomorphic cryptography dump method of multi-data source | |
| Ferreira et al. | Privacy-preserving content-based image retrieval in the cloud | |
| CN114065265B (en) | Fine-grained cloud storage access control method, system and equipment based on blockchain technology | |
| US8812877B2 (en) | Database encryption system, method, and program | |
| Zhou et al. | Efficient and secure data storage operations for mobile cloud computing | |
| CN105760781B (en) | The storage method, restoration methods and operating method of large data files can be deduced in order | |
| CN111143471B (en) | Ciphertext retrieval method based on blockchain | |
| Burkhalter et al. | {TimeCrypt}: Encrypted data stream processing at scale with cryptographic access control | |
| CN104967693A (en) | Document similarity calculation method facing cloud storage based on fully homomorphic password technology | |
| CN105100083A (en) | Attribute-based encryption method and attribute-based encryption system capable of protecting privacy and supporting user Undo | |
| CN105306194A (en) | Multiple encryption method and multiple encryption system for encrypting file and/or communication protocol | |
| Hadavi et al. | Database as a service: towards a unified solution for security requirements | |
| CN115859362A (en) | Data storage system, method, device and medium based on block chain side chain | |
| CN103425934A (en) | Homomorphic decryption storage method based on MySQL database | |
| Mironov et al. | Incremental deterministic public-key encryption | |
| Zhang et al. | Efficient and provable security searchable asymmetric encryption in the cloud | |
| CN106888213B (en) | Cloud ciphertext access control method and system | |
| Peng et al. | LS-RQ: A lightweight and forward-secure range query on geographically encrypted data | |
| Ding et al. | Policy based on homomorphic encryption and retrieval scheme in cloud computing | |
| Zheng et al. | Modified ciphertext‐policy attribute‐based encryption scheme with efficient revocation for PHR system | |
| He et al. | A lightweight secure conjunctive keyword search scheme in hybrid cloud | |
| CN107329911B (en) | Cache replacement method based on CP-ABE attribute access mechanism | |
| Ba et al. | A Blockchain‐Based CP‐ABE Scheme with Partially Hidden Access Structures | |
| Zhang | Semantic-based searchable encryption in cloud: issues and challenges | |
| Zhang et al. | Secure deduplication based on Rabin fingerprinting over wireless sensing data in cloud computing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |