CN106991148B - Database verification system and method supporting full-update operation - Google Patents

Abstract

The invention belongs to the technical field of databases, discloses a database verification system and a database verification method supporting full-update operation, provides an incremental reversible bloom filter with commitment, and solves the problem of rapid data reverse index in a limited range; on the basis, a database verification system and a method supporting full-update operation (insertion, deletion and replacement) are provided, the defect that the traditional verification method only supports the verification of a static database with a fixed size is overcome, the expense of vector commitment recalculation and verification in the database expansion process is eliminated, the database verification efficiency is improved, the method is suitable for most dynamic database systems used in the existing network, and the integrity of a cloud database is guaranteed.

Description

Database verification system and method supporting full-update operation

Technical Field

The invention belongs to the technical field of databases, and particularly relates to a database verification system and a database verification method supporting full-update operation.

Background

With the rapid development of communication networks and cloud computing technologies, enterprises and individuals subjected to resource constraints outsource large databases of the enterprises and individuals to cloud storage servers. The storage, organization, management, reliability and availability of the data are all ensured by the cloud service provider, so that the user does not need to construct a data center of the user, and the cost of the user is reduced. However, the cloud storage technology brings great storage convenience to people and also brings great security challenges. Because the position and the organization mode of the data are transparent to the user, in an incompletely trusted cloud storage environment of a cloud platform and a cloud service provider, the data stored on the cloud server is likely to be deleted, tampered and polluted by a malicious attacker, or the stored data is lost due to damage and breakdown of the cloud storage server.

At present, there are many achievements for integrity verification and recovery of cloud storage data, methods such as Merkle hash trees (CN201310185462.0, CN201310246856.0), dynamic pors (of retrievability) (CN201410350589.8) and the like are used for verification, but an effective verification method is still lacked for the whole cloud database. In order to realize integrity verification of cloud databases, Benabbas, Gennaro and Vahlis introduced for the first time a concept of verifiable databases (VDB for short), so that resource-constrained clients can verify a very large database stored in the cloud under a limited resource environment, and convenience is provided for efficient retrieval and update of database records in the future (backs M, fire D, Reischuk R M. verifiable distribution of computing on output data [ C ]. Proceedings of the 2013 ACM SIGSAC conference Computer & communications security. acm,2013:863 @.). If the server attempts to tamper with the database, it will be detected by the user. Meanwhile, the computation and storage resources used by the client in the VDB scheme do not depend on the size of the database. The first practical VDB scheme is constructed by using a primitive of a verifiable delegate of a polynomial. However, this scheme does not have publicly verifiable properties. That is, only the owner of the database can verify the correctness of the data, and third party arbitration verification is not supported. To this end, Catalano and fiere propose to construct publicly verifiable VDB schemes based on original Vector commitments (d.catalano and d.fiere, Vector recommendations and the applications, PKC 2013, LNCS 7778, Springer-Verlag, pp.55-72,2013.). On the basis of the scheme, Chen points out the security weakness of the VDB framework of Catalano-Fiore, and then proposes a new VDB scheme which can be publicly verified by using the idea of commitment constraint. Wherein all computational structures are based on standard size assumptions in bilinear groups and are therefore Efficient for real world applications (x.chen, j.li, x.huang, j.ma, and w.lou, New public Verifiable Databases with Efficient Updates, IEEE Transactions on dependent and Secure Computing, press, 2015).

However, existing VDB schemes only support replacement of such update operations, mainly because the number of data records of the outsourced database must be fixed, when the database is subjected to an insert operation, the newly added data cannot be verified, the common parameters and the commitment vector need to be recalculated and generated, and the complexity is at a power level of o (q) (where q represents the size of the database), which will bring huge additional overhead to the configuration phase of the client. In 2016, Miao proposed a hierarchical commitment vector-based VDB method to support full-update operations (insert, delete, replace) (m.miao, j.wang, j.ma, and w.susilo, public vertical data bases with efficiency operations, Journal of Computer and System Sciences). However, the number of levels in the hierarchical commitment increases linearly as the client inserts data records consecutively at the same location of the database. Thus, the computing and storage overload of the cloud server (rather than the client) will also increase linearly, and this reduces the efficiency of the VDB scheme.

In order to ensure that data cannot be modified by an illegal user, an untrusted third party and an untrusted cloud server in the storage process, the integrity of the database needs to be verified. Conventional database verification schemes may support alternative update operations, but are limited to fixed-size databases and require recalculation of vector commitments when an insert update operation occurs, incurring significant overhead. However, there are increasing application requirements that users frequently insert, replace, delete, and the like data stored in the cloud, and when data is dynamically updated, the overhead caused by dynamic update of data is required to be as small as possible. Therefore, the existing database verification method cannot be directly applied in the storage environment of the dynamic cloud database.

In summary, the problems of the prior art are as follows: because the common parameters and vector commitment cost required by regeneration verification are large, the traditional database verification scheme limited by fixed size only supports replacement operation and cannot support insertion and deletion operation. Today, with the rapid development of informatization, the fixed size of the database cannot meet the increasing data storage requirement. For this reason, how to implement support (insertion, deletion, and replacement) for full update operations of dynamic databases under the requirement of ensuring client performance is a main contribution point of the present invention.

Disclosure of Invention

Aiming at the problems in the prior art, the invention provides a database verification system and a database verification method supporting full-update operation.

The invention is realized by designing a new data index structure based on the bloom filter, namely an incremental reversible bloom filter with commitments, in order to eliminate the additional overhead of recalculation of common parameter and vector commitments in a database caused by insertion operation. The present invention provides a reversible bloom filter with commitment, which is defined as follows:

order to

Two random hash functions; defining each CIBF Unit B [ i ]](1. ltoreq. i. ltoreq. q) comprises three fields:

a "count" field, with an initial value of 0: a counter field in which the number of all elements in the memory cell B [ i ] is 1. ltoreq. i.ltoreq.q; the insertion or deletion of element x in B [ i ] is equal to B [ i ] count plus 1 or minus 1;

an "idHash" field having an initial value χ (0): a commitment value field storing hash values χ (-) of all ordered elements in B [ i ];

b [ q +1]. count and B [ q +1]. idHash fields represent vector commitments of f (count) and idHash of the first q items of data of the database, respectively, i.e., B [ q +1]. count ═ VC (f (B [0]. count),..., f (B [ q ]. count)), B [ q +1]. idHash ═ VC (χ (B [0]. count),. χ (B [ q ]. count)), and. Based on the above definitions, another object of the present invention is to design an incremental reversible bloom filter with commitment, the incremental reversible bloom filter with commitment is specifically extended as follows:

definition of

Defining the "count" field as an incrementing sequence (b)₁,b₂,...,b_q) (ii) a The indexing process of the data is as follows:

1) indexing for queries

The server firstly determines a unit index x, x is more than or equal to 1 and less than or equal to q

2) The server sends b_x-1And b_xThe information and the corresponding authentication credential are handed to the client;

3) if the proof of certification is legal, the client determines the index

Is the l-th element in the x-th unit, i.e.

Wherein

It is another object of the present invention to provide a database validation method using the incremental reversible bloom filter with commitment, the database validation method comprising:

(1) a configuration stage: initialization Setup (1) of verifiable databases by clients^kDB), defining common parameters PP, computing vector commitments C_CGenerating verification parameters (a public key PK, a database code S and a private key SK), uploading relevant information together with the database to a server for verifying the integrity of the database in the subsequent data query process of a user; configuration function Setup (1)^kDB) where k denotes the security parameter and DB denotes the database operated, i.e. DB ═ x, v_x),1≤x≤q；

(2) And (3) an inquiry stage: client submitting query request

The database locates the data inquired by the client, calculates the verification credential according to the verification parameters and then sends the data together to the client;query operations

Where PK represents the public key, S represents the database code,

querying an index of data on behalf of a client;

(3) a verification stage: client-side authentication of server credentials

Verifying the legally output inquired data; otherwise, outputting a verification error;

(4) and (3) an updating stage: when the client side is subjected to replacement, deletion and insertion operations, the database at the server side is updated, and meanwhile, the client side is cooperated with the server to correct the verification parameters.

Further, the specific configuration process of (1) is as follows:

1) defining common parameters PP

Order to

And

the cyclic multiplication group expressing prime order p has bilinear correspondence

g represents

The generating function of (a) is to be used,

representing a cryptographic hash function;

from prime space

Randomly selecting q elements

And calculate

I is more than or equal to 1, j is more than or equal to q, and i is not equal to j;

generating common parameters

Wherein the message space

2) Computing vector commitment C_CGenerating subsequent verification parameters

Calculating a vector commitment for the count field (1, 2.., q) from the common parameter PP

And data recording (v)₁,v₂,...,v_q) Vector commitment of

Client randomly selects 1 element

G is formed^yThen calculate

And reacting H₀Sending the data to a server; wherein T represents a counter and the initial value is 0;

if H is₀Legally, the server will (H)₀,C_C,C_RT) information is added to the auxiliary information aux;

after the calculation is completed, the following verification parameters are configured: public key PK ═ (PP, Y, C)_C,C_R) The database code S ═ (PP, aux, DB), and the private key SK ═ y.

Further, the specific process of (2) is as follows:

the number of current count fields isb₁,b₂,...,b_q) Wherein

Definition of

Then there is

And is

Given a query index

The server firstly determines that x is more than or equal to 1 and less than or equal to q of the unit index and satisfies

(definition b)₀＝0)；

Then the server calculates

And

generating authentication credentials

The server returns the authentication credentials to the client along with the data.

Further, the specific process of (3) is as follows: the client calculates e (H) according to the information in the server certificate₀G) and

and

and e (pi)_xG); and the following three conditions were verifiedWhether or not:

1)e(H₀g) is equal to

2)

Is equal to

3)

Is equal to e (pi)_x,g)；

When the three conditions are simultaneously met, the database is not tampered, and the verification is passed; client-side basis

Obtaining data to be accessed

Further, the replacing operation in (4) includes:

the client first obtains the current record from the server

Namely, the client obtains the certificate tau from the server and verifies the certificate tau;

then, T +1 is updated,

at the same time, the client calculates C_C′＝C_C，

And

the client side will

Sending the data to a server;

if t_x' legal, server use

To replace the data stored in the data unit x in the database, i.e.

Meanwhile, the server updates the public key PK ═ (PP, Y, C)_C′,C_R') and encodes the auxiliary information in the database S (H)₀,C_C,C_RT) is updated to (T)_x′,C_C′,C_R′,T)。

Further, the update procedure of the delete operation in (4) is v in the replace operation_x' is the case.

Further, the inserting operation of (4) includes:

when the client is in data unit x

After which the data v is inserted^*I.e. by

Then, updating T-T + 1; at the same time, the client calculates

And

the client side will

Sending the data to a server;

if t_x' legal, server use

To replace the data stored in the data unit x in the database, i.e.

At the same time, the server updates the count fields of all units i (x ≦ i ≦ q) after data unit x in the bloom filter, i.e., b_i＝b_i+ 1; finally, the server updates the public key PK ═ as (PP, Y, C)_C′,C_R') and encodes the auxiliary information in the database S (H)₀,C_C,C_RT) is updated to (T)_x′,C_C′,C_R′,T)。

It is another object of the present invention to provide a dynamic database system that applies the reversible bloom filter with commitment.

The invention has the advantages and positive effects that: the reversible bloom filter with commitment and the incremental reversible bloom filter with commitment are provided, and the problem of reverse index of data in a limited range is solved; on the basis, a bloom filter and a commitment vector calculation method are combined, a VDB method supporting full update operation (insertion, replacement and deletion) is provided, the extra overhead of recalculation of public parameters and vector commitments caused by the fixed size of a database in the traditional verification system and method is avoided, the efficiency of the VDB system and method is improved, the dynamic change of the size of the VDB system is supported, and the VDB system is more suitable for most dynamic database systems used in the current network. Technical support is provided for safety verification of the dynamic cloud database, and integrity of the cloud database is guaranteed.

Drawings

Fig. 1 is a flowchart of a database verification method supporting a full update operation according to an embodiment of the present invention.

Fig. 2 is a schematic diagram of operations of inserting and deleting a CIBF according to an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

The following detailed description of the principles of the invention is provided in connection with the accompanying drawings.

As shown in fig. 1, the database verification method supporting full update operation according to the embodiment of the present invention includes the following steps:

s101: a configuration stage: initializing, by a client, a Verifiable Database (VDB): defining public parameters, calculating vector commitment, generating verification parameters, uploading relevant information and the database to a server together, and verifying the integrity of the database in the subsequent data query process of a user;

s102: and (3) an inquiry stage: the client submits a query request, the database locates the data queried by the client, calculates a verification credential according to the verification parameter, and then sends the data together to the client;

s103: a verification stage: the client verifies the server certificate and outputs the inquired data in a legal way; otherwise, outputting a verification error;

s104: and (3) an updating stage: when the client side carries out replacement, deletion and insertion operations (updating operations), the database at the server side is updated, and meanwhile, the client side is cooperated with the server to correct the verification parameters.

The application of the principles of the present invention will now be described in further detail with reference to the accompanying drawings.

In order to expand the database verification method with fixed size, the invention mainly comprises two parts, namely a reversible bloom filter with commitment firstly, and a database verification method supporting full operation secondly.

1. Reversible bloom filter with commitment

(1) Reversible bloom filter definition with commitment

The reversible bloom filter with Commitment (CIBF) is a data structure after expanding the bloom filter, and has both the functions of element query and vector commitment, and is used for querying elements in a large data set S in which insertion and deletion operations exist. The specific definition is as follows:

order to

Two random hash functions. Defining each CIBF Cell (Cell) B [ i ]](1. ltoreq. i. ltoreq. q) comprises three fields:

a "count" field (initial value 0): a counter field in which the number of all elements in the memory cell B [ i ] is 1. ltoreq. i.ltoreq.q. Note that the insertion (or deletion) of element x in B [ i ] is equal to B [ i ]. count plus 1 (or minus 1).

"idHash" field (with initial value χ (0)): the commitment value field, which stores the hash value χ (·) of all ordered elements in B [ i ].

B [ q +1]. count and B [ q +1]. idHash fields represent vector commitments of f (count) and idHash of the first q items of data of the database, respectively, i.e., B [ q +1]. count ═ VC (f (B [0]. count),..., f (B [ q ]. count)), B [ q +1]. idHash ═ VC (χ (B [0]. count),. χ (B [ q ]. count)), and.

An example of the insertion and deletion operations of a CIBF is shown in fig. 2.

Note that insert/delete is an ordered operation. The data records (x, y) and (y, x) in a CIBF unit (Cell) are different. Here, the record (x, y) indicates that y is inserted behind x. In addition, under this structure, it is allowed to constantly perform the same operation insertion operation (for example, insert x in the same unit a plurality of times). In contrast to the IBF model, when x is already an element in the set, no more insertion operations can be done. On the other hand, if we want to delete a record y from a CIBF unit, then y must be an element of this unit. Also for the IBF model, elements y that are not present in the set cannot be deleted.

When some update (delete/insert/replace) operations are performed on the database DB, the representation of the CIBF is in the form shown in table 1.

TABLE 1

Wherein, a_iI is more than or equal to 0, and i is more than or equal to 1 and less than or equal to q represents the number of data records in a determination unit;

a vector of all (ordered) data records in the same unit i is represented.

(2) Incremental reversible bloom filter with commitment

The efficient and safe updating of the large database is realized under the support of the promised reversible bloom filter. In order to ensure correct indexing of data records in the verification process, an incremental reversible bloom filter with commitment (incremental CIBF) is designed, i.e. the count is an incremental sequence for B [ i ] in a unit. The specific extension is defined as follows:

for a generic CIBF data structure as shown in FIG. 2, definitions are provided

On this basis, the "count" field is defined as the increment sequence (b)₁,b₂,...,b_q) As shown in table 2.

For the database described with the incremental reversible bloom filter with commitment, the indexing process of the data is as follows:

TABLE 2

1) Indexing for queries

The server firstly determines a unit index x, x is more than or equal to 1 and less than or equal to q

2) The server sends b_x-1And b_xAnd the corresponding authentication credential is handed to the client.

3) If the validation credentials are valid, the client may determine the index

Is the l-th element in the x-th unit, i.e.

Wherein

2. Database validation process supporting full update operations

The incremental CIBF structure enables efficient indexing of database data, however, directly updating the vector commitment on the counter field is very inefficient. If an insert operation is performed in element x, then for all x ≦ j ≦ q, its counter and hash value fields need to be updated. Wherein the counter field is b_j←b_j+1 update operation, while the hash value field needs to be executed by the client

The computational overhead of exponentiation of q-x +1 in (1).

Here, split hashing (Hash Splitting) is used to solve this problem. Here, the commit operation on the counter field (i.e., VC (f (b)) is ordered₁),...,f(b₂),...,f(b_q) ))) is:

the commitment of the updated counter field is defined as:

so that there are

In this way, remove

Except for the multiplication of q-x +1, only the power of 1 operation is needed. In addition to this, in order to reduce client computing overhead,

the value of (c) may be calculated in advance as a common parameter. Therefore, the client can efficiently update the commitment value corresponding to the counter field.

Consider now the general case of updating the counter field. Note that the original counter field of the DB is (1, 1., 1), so the incremental bloom filter is denoted as (1, 2., q). Assume updated counter field (b)₁,b₂,...,b_q) We can recursively calculate the commitment value

Thus, the client can be based on x, b_x-x and corresponding information such as authentication credentials, etc. to calculate the counting section b of unit x to be updated_x。

The database verification process supporting the full update operation includes the following 4 stages:

(1) a configuration stage: initialization Setup (1) of a Verifiable Database (VDB) by a client^kDB), defining common parameters PP, computing vector commitments C_CAnd C_RAnd generating verification parameters (a public key PK, a database code S and a private key SK), uploading the relevant information and the database to a server together, and verifying the integrity of the database in the subsequent data query process of the user. This stage is mainly performed by the client. Therein, the configuration function Setup (1)^kDB) where k denotes the security parameter and DB denotes the database operated, i.e. DB ═ x, v_x) And x is more than or equal to 1 and less than or equal to q. The specific configuration process is as follows:

1) defining common parameters PP

Order to

And

a cyclic multiplication set representing prime order p and having bilinear correspondence

g represents

The generating function of (a) is to be used,

representing a cryptographic hash function.

From prime space

Of q elements (i.e. database size)

And calculate

I is not less than 1, j is not less than q, and i is not equal to j.

Generating common parameters

Wherein the message space

2) Computing vector commitment C_CGenerating subsequent verification parameters

Calculating a vector commitment for the count field (1, 2.., q) from the common parameter PP

And data recording (v)₁,v₂,...,v_q) Vector commitment of

Client randomly selects 1 element

G is formed^yThen calculate

And reacting H₀And sending the data to a server side. Wherein T represents a counter and the initial value is 0.

If H is₀Legally, the server will (H)₀,C_C,C_RT) information is added to the auxiliary information aux.

After the calculation is completed, the following verification parameters are configured: let public key PK be (PP, Y, C)_C,C_R) The database code S ═ (PP, aux, DB), and the private key SK ═ y.

Thus, the database verification configuration is completed, and the client can verify the integrity of the database in the subsequent query process.

(2) And (3) an inquiry stage: client submitting query request

The database locates the data queried by the client, calculates the authentication credential according to the public parameter, and then sends the authentication credential together with the data to the client. Query operations

Where PK represents the public key, S represents the database code,

an index of data is queried on behalf of the client.

Assume that the number of current count fields is (b)₁,b₂,...,b_q) Wherein

Definition of

Then there is

And is

Given a query index

The server firstly determines that x is more than or equal to 1 and less than or equal to q of the unit index and satisfies

(definition b)₀＝0)。

Then the server calculates

And

generating authentication credentials

The server returns the authentication credentials to the client along with the data.

(3) A verification stage: client-side authentication of server credentials

Verifying the legally output inquired data; otherwise, the verification error is output.

The client calculates e (H) according to the information in the server certificate₀G) and

and

and e (pi)_xG); and verifying whether the following three conditions are satisfied:

1)e(H₀g) is equal to

2)

Is equal to

3)

Is equal to e (pi)_x,g)。

When the three conditions are simultaneously met, the database is not tampered, and the verification is passed. Client-side basis

Obtaining data to be accessed

(4) And (3) an updating stage: when the client side carries out replacement, deletion and insertion operations (updating operations), the database at the server side is updated, and meanwhile, the client side is cooperated with the server to correct the verification parameters.

1) Replacement operation

To replace the index

The client first obtains the current record from the server

I.e. the client gets the certificate from the server and verifies it.

Then, T +1 is updated,

at the same time, the client calculates C_C′＝C_C，

And

the client side will

And sending the data to a server.

If t_x' legal, server use

To replace the data stored in the data unit x in the database, i.e.

Meanwhile, the server updates the public key PK ═ (PP, Y, C)_C′,C_R') and encodes the auxiliary information in the database S (H)₀,C_C,C_RT) is updated to (T)_x′,C_C′,C_R′,T)。

At this point, the replacement operation data and the verification parameter update are complete and the new verification parameters will be used in subsequent data accesses.

2) Delete operation

The updating process of the deletion operation is basically consistent with the replacement operation, namely v in the replacement operation_x' is the case.

3) Insertion operation

When the client is in data unit x

After which the data v is inserted^*I.e. by

Then, updating T-T + 1; at the same time, the client calculates

And

the client side will

And sending the data to a server.

If t_x' legal, server use

To replace the data stored in the data unit x in the database, i.e.

At the same time, the server updates the count fields of all units i (x ≦ i ≦ q) after data unit x in the bloom filter, i.e., b_i＝b_i+1. Finally, the server updates the public key PK ═ as (PP, Y, C)_C′,C_R') and encodes the auxiliary information in the database S (H)₀,C_C,C_RT) is updated to (T)_x′,C_C′,C_R′,T)。

At this point, the insertion operation data and the verification parameter update are completed, and the new verification parameter will be used in the subsequent data access.

The above description is only for the purpose of illustrating the preferred embodiments of the present invention and is not to be construed as limiting the invention, and any modifications, equivalents and improvements made within the spirit and principle of the present invention are intended to be included within the scope of the present invention.

Claims (6)

1. An incremental reversible bloom filter with commitment, wherein the incremental reversible bloom filter with commitment extension is defined as follows:

let f, χ: {0,1}^*→Z_pTwo random hash functions; defining each reversible bloom filter with commitment, CIBF Unit B [ i ]]The method comprises the following steps: i is more than or equal to 1 and less than or equal to q;

a "count" field, with an initial value of 0: a counter field in which the number of all elements in the memory cell B [ i ] is 1. ltoreq. i.ltoreq.q; the insertion or deletion of element x in B [ i ] is equal to B [ i ] count plus 1 or minus 1;

an "idHash" field having an initial value χ (0): a commitment value field storing hash values χ (-) of all ordered elements in B [ i ];

defining B [ q +1]. count and B [ q +1]. idHash fields to represent the vector commitments of f (count) and idHash of the first q items of data of the database, respectively, i.e. B [ q +1]. count ═ VC (f (B [0]. count),..., f (B [ q ]. count)), B [ q +1]. idHash ═ VC (χ (B [0]. count),. χ (B [ q ]. count));

definition of

Defining the "count" field as an incrementing sequence (b)₁,b₂,...,b_q) (ii) a The database indexing process is as follows:

1) indexing for queries

The server firstly determines a unit index x, x is more than or equal to 1 and less than or equal to q

2) The server sends b_x-1And b_xThe information and the corresponding authentication credential are handed to the client;

3) if the validation credentials are valid, the client may determine the index

Is the l-th element in the x-th unit, i.e.

Wherein

2. A database validation method using the incremental reversible bloom filter with commitment as defined in claim 1, the database validation method comprising:

(1) a configuration stage: initialization Setup (1) of verifiable databases by clients^kDB), defining common parameters PP, computing vector commitments C_CGenerating a verification parameter public key PK, a database code S and a private key SK, uploading relevant information together with the database to a server for verifying the integrity of the database in the subsequent data query process of a user; configuration function Setup (1)^kDB) where k denotes the security parameter and DB denotes the database operated, i.e. DB ═ x, v_x) X is more than or equal to 1 and less than or equal to q; the specific configuration process of (1) is as follows:

1) defining common parameters PP

Let G₁And G₂The cyclic multiplication group representing prime order p has bilinear correspondence e: G₁×G₁→G₂(ii) a G represents G₁G of₁×G₁×{{0,1}^*→G₁Representing a cryptographic hash function;

from prime space Z_pIn the random selection of q elements z_i∈_RZ_pAnd calculate

And i is not equal to j;

generating a common parameter PP ═ p, q, G₁,G₂,H,e,g,{h_i}_1≤i≤q,{h_i,j}_{1≤i,j≤q,i≠j}) Wherein the message space M ═ Z_p；

2) Computing vector commitment C_CGenerate, generateSubsequent verification parameters

Calculating a vector commitment for the count field (1, 2.., q) from the common parameter PP

And data recording (v)₁,v₂,...,v_q) Vector commitment of

The client randomly selects 1 element y belonging to the E_RZ_pGenerating Y ═ g^yThen calculate H₀＝H(C_C,C_R,T)^yAnd is combined with H₀Sending the data to a server; wherein T represents a counter and the initial value is 0;

if H is₀Legally, the server will (H)₀,C_C,C_RT) information is added to the auxiliary information aux;

after the calculation is completed, the following verification parameters are configured: public key PK ═ (PP, Y, C)_C,C_R) The database code S ═ (PP, aux, DB), and the private key SK ═ y;

y∈_RZ_pis e of_RFor symbols common to cryptography, the representation is from the set Z_pRandomly selecting an element y; parameter h_i，h_i,j，

G, Y are both bilinear pairs G₁The calculation result after the operation of the generating function g is jointly used for representing the public parameter PP; wherein

And

to generate a power operation of the function g; g is a bilinear pairMiddle G₁A generating function of (a); g represents Y^y；

(2) And (3) an inquiry stage: client submitting query request

The database locates the data inquired by the client, calculates the verification credential according to the verification parameters and then sends the data together to the client; query operations

Where PK represents the public key, S represents the database code,

querying an index of data on behalf of a client;

the specific process of (2) is as follows:

the number of the current counting field is (b)₁,b₂,...,b_q) Wherein

Definition of

Then there is

And is

Given a query index

The server firstly determines that x is more than or equal to 1 and less than or equal to q of the unit index and satisfies

Definition b₀＝0；

Then the server calculates

And

generating authentication credentials

The server returns the verification certificate and the data to the client together;

(3) a verification stage: client-side authentication of server credentials

Verifying the legally output inquired data; otherwise, outputting a verification error; the parameter t represents an authentication credential, wherein

(4) And (3) an updating stage: when the client side is subjected to replacement, deletion and insertion operations, the database at the server side is updated, and meanwhile, the client side is cooperated with the server to correct verification parameters;

the replacing operation in (4) comprises:

the client first obtains the current record from the server

The client obtains the certificate t from the server and verifies the certificate t;

then, T +1 is updated,

at the same time, the client calculates C_C′＝C_C，

And t_x′＝H(C_C′,C_R′,T)^y(ii) a CustomerEnd will

Sending the data to a server; v. of_xIs an original record in a data unit x

Replaced data record, x represents index in database DB, v_xRepresenting the data record corresponding to the index;

if t_x' legal, server use

To replace the data stored in the data unit x in the database, i.e.

Meanwhile, the server updates the public key PK ═ (PP, Y, C)_C′,C_R') and encodes the auxiliary information in the database S (H)₀,C_C,C_RT) is updated to (T)_x′,C_C′,C_R′,T)。

3. The database verification method according to claim 2, wherein the specific process of (3) is as follows: the client respectively calculates e (H) according to the information in the server certificate t₀G) and e (H (C)_C,C_R,T),Y)，

And

and e (pi)_xG); and verifying whether the following three conditions are satisfied:

1)e(H₀g) is equal to e (H (C)_C,C_R,T),Y)；

2)

Is equal to

3)

Is equal to e (pi)_x,g)；

When the three conditions are simultaneously met, the database is not tampered, and the verification is passed; client-side basis

Obtaining data to be accessed

e denotes a bilinear correspondence e: G₁×G₁→G₂。

4. The database verification method according to claim 2, wherein the update procedure of the delete operation in (4) is v in replace operation_x' is the case.

5. The database verification method of claim 2, wherein the insert operation of (4) comprises:

when the client is in data unit x

After which the data v is inserted^*I.e. by

Then, updating T-T + 1; at the same time, the client calculates

And t_x′＝H(C_C′,C_R′,T)^y(ii) a The client side will

Sending the data to a server;

if t_x' legal, server use

To replace the data stored in the data unit x in the database, i.e.

Meanwhile, the server updates the counting fields of all units i behind the data unit x in the bloom filter, wherein x is more than or equal to i and less than or equal to q, namely b_i＝b_i+ 1; finally, the server updates the public key PK ═ as (PP, Y, C)_C′,C_R') and encodes the auxiliary information in the database S (H)₀,C_C,C_RT) is updated to (T)_x′,C_C′,C_R′,T)；

x denotes an index in the database DB, v_xIndicating the data record to which the index corresponds,

an index representing the location of the inserted location in the database,

representation index

Corresponding data record, v^*Indicating that the new data is being inserted and,

indicating the recording state of the data unit x after new data is inserted;

t represents a counter and has an initial value of 0, C_C' vector commitment representing updated count field, the calculation formula of which is derived as

C_RVector commitment for original data record, C_RFor a new vector commitment after insertion of an update data record, the calculation formula is

Representing data records

The hash value of (a);

H:G₁×G₁×{{0,1}^*→G₁representing a cryptographic hash function, formula t_x′＝H(C_C′,C_R′,T)^yRepresents a pair C_C′、C_R' and T carries out exponentiation operation on the value after encryption and hashing, and T is obtained through calculation_x' value; t is t_x' for authentication;

indicating that the data stored in the x cells after replacement in the database is

b_iRepresents an incremented count value of the ith data unit,

i.e. the sum of the first i cell counts; after adding 1 strip to the data record, inserting all the increment count values b after the position_iPlus 1, i.e. b_i＝b_i+1；

Public key PK ═ (PP, Y, C)_C′,C_R') where PP denotes the common parameter, Y denotes the parameter generated by g, C_C' vector commitment to represent updated count field, C_R' update data for insertedA new vector commitment after logging;

(H₀,C_C,C_Rt) is auxiliary information for subsequent verification and updating, where H₀＝H(C_C,C_R,T)^yIndicating that the exponent operation is performed after the vector commitment of the initial count field, the vector commitment of the data record and the counter value are encrypted and hashed, and the calculated value is taken as H₀A value;

(t_x′,C_C′,C_R', T) represents updated auxiliary information for subsequent verification and update use, where T_x′、C_C′、C_RThe meaning of' and T is consistent with the above explanation.

6. A dynamic database system applying the incremental reversible bloom filter with commitment of claim 1.

Images