CN109117676A - It is a kind of that search method is compared based on the data base ciphertext for letting out sequence algorithm - Google Patents

It is a kind of that search method is compared based on the data base ciphertext for letting out sequence algorithm Download PDF

Info

Publication number
CN109117676A
CN109117676A CN201811237729.5A CN201811237729A CN109117676A CN 109117676 A CN109117676 A CN 109117676A CN 201811237729 A CN201811237729 A CN 201811237729A CN 109117676 A CN109117676 A CN 109117676A
Authority
CN
China
Prior art keywords
ciphertext
database
data
algorithm
sql sentence
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201811237729.5A
Other languages
Chinese (zh)
Other versions
CN109117676B (en
Inventor
杨万年
牛自宾
滕海明
李卫明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Frank Information Safety Technology Co Ltd
Original Assignee
Hangzhou Frank Information Safety Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Frank Information Safety Technology Co Ltd filed Critical Hangzhou Frank Information Safety Technology Co Ltd
Priority to CN201811237729.5A priority Critical patent/CN109117676B/en
Publication of CN109117676A publication Critical patent/CN109117676A/en
Application granted granted Critical
Publication of CN109117676B publication Critical patent/CN109117676B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present invention, which discloses, a kind of compares search method based on the data base ciphertext for letting out sequence algorithm.The data base ciphertext compares search method and mainly adds a database broker among database client and database server; sql sentence is rewritten in database broker completion; it is encrypted including sequence algorithm is let out in the sensitive data use in sql sentence; sensitive data rating unit is realized using database user custom function; sequence decipherment algorithm is let out to search result use, operation is decrypted, to complete to compare search operaqtion in database server side ciphertext.It is higher with safety that this data base ciphertext compares searching algorithm, and enciphering rate is fast, and the feature that expansion rate is lower.

Description

It is a kind of that search method is compared based on the data base ciphertext for letting out sequence algorithm
Technical field
The invention belongs to field of information security technology, and in particular to one kind is based on letting out sequence algorithm (Order- RevealingEncryption, ORE) data base ciphertext compare search method.
Background technique
With the high speed development of cloud computing technology, many enterprises and personal user store data into cloud server, In recent years since the illegal invasion of hacker and the improper operation of cloud server administrator cause a lot of a large number of users data Event is revealed with private data.In order to guarantee data security, enterprises and individuals user will use Encryption Algorithm and add to data It is close, data are stored in cloud server with ciphertext form, in this way, can search for encryption technology (searchable Encryption, SE) just come into being.
An application scenarios of the invention: user is searched in the database using the sql sentence comprising WHERE comparison condition Qualified record.Since data are ciphertext storages, plaintext searching method is ineffective.Sequence calculation is let out in present invention use Method, the User-Defined Functions of database (User-Defined Function, UDF), SQL statement are rewritten technology and are solved well It has determined the problem.
Employed herein lets out a kind of sequence Encryption Algorithm essentially symmetric encipherment algorithm, with order-preserving Encryption Algorithm (Order-Preserving Encryption, OPE) is similar, and order-preserving Encryption Algorithm is that a kind of support ciphertext data compare size Encryption Algorithm, after this algorithm for encryption plaintext, directly can obtain size relation by ciphertext data, that is, to any plaintext p1> p2, the ciphertext obtained after encryption meets c1>c2.Using this algorithm, ciphertext data can be carried out Data Matching, range query with And the operation such as sequence, but this algorithm has revealed size between clear data, by can restore more than half after Inference Attack Clear data.
Relative to order-preserving Encryption Algorithm, sequence Encryption Algorithm is let out with higher safety, such algorithm requires encrypted Ciphertext data do not keep the size relation of former clear data, to carry out size comparison by special comparison function, that is, to any Clear data p1>p2, the ciphertext data c that is obtained after encryption1、c2, meet comparison function Compare (c1,c2)>0。
It lets out sequence Encryption Algorithm and carries out operation using the bit bit of clear data, leakage is only first in clear data A different bit, since it is that step-by-step carries out operation, enciphering rate is very fast, and ciphertext expansion rate is smaller.
Summary of the invention
It is an object of the invention to propose that a kind of data base ciphertext based on algorithm of divulging a secret compares search method, sequence algorithm is let out Have the characteristics that safety is higher, speed is fast, expansion rate is low.
The technical solution adopted by the present invention to solve the technical problems is:
One kind, which is divulged a secret, encrypts ORE method, method the following steps are included:
Step 1: p is expressed as bit shape if p has n-bit position by input encryption key key and clear data p to be encrypted Formula are as follows: p=m0m1…mnIf each bit of clear data is extended to out_blk_len in ciphertext, plaintext p is close after encrypting Text is ctxt;
Step 2: calculating block_mask=2^out_blk_len-1;
Step 3: initialize array prf_input_buf, if i represents i-th of bit of p;
Step 4: the byte sequence that calculating plaintext i-th bit bit is located at clear data is denoted as byteind;
Step 5: the i-th bit mask for calculating clear data is denoted as mask and the byte offsets of plaintext p are denoted as offset;
Step 6: calculating ciphertext blocks ctxt_block=F (key, prf_input_buf), wherein F is encryption function;
Step 7: if mask > 0 of i-th bit, then ctxt_block=ctxt_block+1;
Step 8:ctxt_block does and operates with block_mask;
Step 9:ctxt_block moves to left (n-i-1) * out_blk_len;
Step 10:ctxt and ctxt_block do xor operation;
Step 11: updating prf_input_buf;
Step 12: repeating step 4 to step 11, completed until each bit of plaintext p traverses;
Step 13: exporting encrypted ciphertext ctxt.
A kind of decryption method based on encryption of divulging a secret, method the following steps are included:
Step 1: input ciphertext data are denoted as ctxt, and encryption key is denoted as key, and the number of bits of clear data is denoted as Nbits, each plaintext bit extends in ciphertext is denoted as out_blk_len.
Step 2: initialization clear data is expressed as p=m by the form of bit0m1…mi…mn-1, wherein p is indicated bright Text, the number of bits of n expression p, i expression following table, i ∈ [0, n-1).
Step 3: the mask of ciphertext data after the encryption of clear data i-th bit is calculated, if mask are as follows: block_mask=(2 ^out_blk_len-1) < < (n-i-1) * out_blk_len.
Step 4: ciphertext data ctxt and block_mask do logical AND operation, then move to right (n-1-i) * out_blk_ Len, the value being calculated is denoted as Ci
Step 5: utilizing encryption function F and encryption key key, calculate encrypted value and be denoted as F (key, m0...mi-1)。
Step 6: comparing CiWith F (key, m0...mi-1) value it is whether equal, if not equal mi=1, otherwise mi=0.
Step 7: so circulation until i=n-1, solves all bits of clear data, is obtained using operations such as displacements Clear data.
A kind of ciphertext comparative approach based on algorithm of divulging a secret, method the following steps are included:
Step 1: input needs the ciphertext data of the two ORE algorithm for encryption compared to be denoted as ctxt1, ctxt2.
Step 2: checking whether the parameter of two ciphertext data ctxt1 and ctxt2 match, if mismatched, directly exit.
Step 3: the parameter according to ciphertext data, which calculates clear data, n-bit position, and each bit expands in ciphertext Exhibition out_blk_len counts i=0.
Step 4: judging i < n, if ineligible, the corresponding plaintext numerical value of ciphertext for returning to output ctxt1 is equal to The corresponding plaintext numerical value of the ciphertext of ctxt2 executes step 5 if eligible.
Step 5: the mask of ciphertext data after the encryption of clear data i-th bit is calculated, if mask is are as follows: block_mask= (2^out_blk_len-1) < < (n-i-1) * out_blk_len.
Step 6: ciphertext data ctxt1 and block_mask do logical AND operation, then move to right (n-1-i) * out_blk_ Len, the value being calculated is denoted as T1.Ciphertext data ctxt2 and block_mask do logical AND operation, then move to right (n-1- I) * out_blk_len, the value being calculated is denoted as T2
Step 7: comparing T1And T2Size, if T1Greater than T2, plaintext value of the plaintext value greater than ctxt2 of ctxt1 is returned, If T1Less than T2, plaintext value of the plaintext value less than ctxt1 of ctxt1 is returned, otherwise, executes step 8
Step 8: counter i adds 1.Execute step 4.
A kind of to compare search method based on the data base ciphertext for letting out sequence algorithm, the technology of being related to includes letting out the encryption calculation of sequence algorithm Method, the decipherment algorithm for letting out sequence algorithm, sql paraphrasing, the ciphertext for letting out sequence algorithm that database user custom function UDF is realized Comparison algorithm, which is characterized in that method the following steps are included:
Step 1: database client (db client) inputs sql sentence, sends sql sentence to database broker (db proxy)。
Step 2: database broker receives the sql sentence of client transmission, parses first to sql, to sql sentence Middle sensitive data is rewritten, such as: when being inserted into data, the encryption of sequence Encryption Algorithm is let out to sensitive data use, in retrieval number According to when, in sql sentence sensitive data rating unit call User-Defined Functions be compared.
Step 3: database broker sends revised sql to database server (db server), database server Sql sentence is executed, data storage is completed, is compared retrieval using the customized UDF function of user.
Step 4: database server sends sql sentence implementing result to database broker.
Step 5: in database broker inspection result whether comprising sensitive field as a result, if comprising sensitive field as a result, Ciphertext data are decrypted using sequence Encryption Algorithm corresponding decipherment algorithm is let out, finally send final result to database client End.
Step 6: database client receives sql sentence implementing result.
Detailed description of the invention
Fig. 1 is a kind of ORE Encryption Algorithm schematic diagram
Fig. 2 is a kind of ORE Encryption Algorithm flow chart
Fig. 3 is a kind of decipherment algorithm flow chart of ORE Encryption Algorithm
Fig. 4 is that a kind of ORE algorithm ciphertext data compare flow chart
Fig. 5 compares search method schematic diagram based on the data base ciphertext for letting out sequence algorithm to be a kind of
Fig. 6 is a kind of based on the database data flow chart for letting out sequence algorithm
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to the accompanying drawings and embodiments, right The present invention is further elaborated.
Fig. 1 is a kind of schematic diagram of bit progress ORE Encryption Algorithm by plaintext, each clear data bit bit manipulation It is that all bits and encryption key application pseudo-random function before current bit position are being added after the output of pseudo-random function Then and so on value on the upper current position bit, the entire clear data of encryption, finally exports the secret value similar to figure one.
Fig. 2 is a kind of ORE Encryption Algorithm flow chart, is illustrated below by specific example:
In step s201, encryption key key=" heming123456789 " and clear data p=to be encrypted are inputted 1610612739=230+229+21+20, the number of bits of p is n=31;
In step s202, if each bit of clear data is extended to out_blk_len=10, encrypted cipher text in ciphertext It is denoted as ctxt;
In step s203, block_mask=2^out_blk_len-1=2^10-1=1023, byte offsets are calculated Offset=(8- (n%8)) %8=1;
In step s204, the initialization of prf_input_buf array, i=0 when initial represents the i-th bit bit of p;
In step s205, i < n is judged, go to s206 step when the condition is satisfied, otherwise go to s215 step;
In step s206, the byte sequence that plaintext i-th bit bit is located at clear data is calculated, byteind=(n+7)/ 8-1- (i+offset)/8, as i=0, byteind=3;
In step s207, mask mask, mask=p [byteind] & (1 < < ((7-i- of plaintext i-th bit is calculated Offset) %8), as i=0, computer uses little endian mode mask=64;
It in step s208, calculates ciphertext blocks ctxt_block=F (key, prf_input_buf), wherein F is encryption letter Number.The present embodiment uses AES encryption mode, as i=0, ctxt_block=63743;
In step s209, mask > 0 is judged, after meeting condition, execute step s210, ctxt_block=ctxt_block+ 1, it is no to then follow the steps s212;
In step s210, as i=0, mask=64 > 0, ctxt_block=ctxt_block+1=63744;
In step s211, ctxt_block does and operates with block_mask, works as i=0, ctxt_block&block_ Mask=256;
(n-i-1) * out_blk_len, as i=0, ctxt_block=are moved to left in step s212, ctxt_block 256, after moving to left 30, ctxt_block=521481209941628438084722096 ... 728256;
Xor operation i.e. ctxt=ctxt is in step s213, ctxt and ctxt_block | ctxt_block works as i=0 When, ctxt=ctxt at this time | ctxt_block=521481209941628438084722096 ... 728256;
Prf_input_buf array, prf_input_buf [0]=i+1, prf_input_buf are updated in step s214 [byteind+1] |=mask, as i=0, prf_input_buf [0]=1, prf_input_buf [4]=64, Fig. 3 is shown Prf_input_buf renewal process;
S205 to s214 operation is repeated, is completed until all bits of plaintext p traverse;
In step s215, ciphertext blocks ctxt is exported.
Fig. 3 is the flow chart of the decipherment algorithm of ORE Encryption Algorithm, and computer is little endian mode, encryption function using it is pseudo- with Machine function AES, clear data p=1610612739=230+229+21+20, the bit number of clear data is n=31, Mei Geming Literary data bit Bits Expanding is 10 bit, out_blk_len=10 is denoted as, using pseudo-random function AES and key to clear data After 1610612739 are encrypted, it is as follows to decrypt basic operation process by ciphertext ctxt=14803069411772771925:
In step s301, first ciphertext data and encryption key of the input by ORE encryption.
In step s302, the parameter carried to ciphertext data and encryption key is matched.
In step s303, number of bits out_ after clear data number of bits n and each plaintext bit Bits Expanding is calculated Blk_len, n=31, out_blk_len=10 in the present embodiment represent i-th of bit of clear data p with season i, initially Value sets i=0.
In step s304, i < n, i.e., 0 < 31 are judged.
In step s305, the mask of ciphertext data after the i-th=0 bit bit encryption is calculated, block_mask is denoted as, this When block_mask=(2out_blk_len- 1) < < (n-i-1) * out_blk_len, as i=0, block_mask=(210) < < 300.
Logical AND operation is done in step s306, ciphertext data ctxt and block_mask, first moves to right (n-1-i) * out_ Blk_len, the value obtained after calculating is denoted as Ci, as i=0, C0=496.
In step s307, pseudo-random function AES and encryption key used in Encryption Algorithm and preceding i-1 bit are utilized Position, calculates encrypted value, is denoted as F (key, m0…mi-1), as i=0, added using initial input value ε (generally 0) and AES Close function calculates postscript F (key, ε)=495.
In step s308, CiWith F (key, m0…mi-1) compare, if equal, the i-th bit bit of clear data is at this time 0, it is otherwise 1, i.e. mi=0 or 1, as i=0, C at this time0≠ F (key, ε), i.e., 496 ≠ 495, m at this time0=1.
In step s309, miTo moving to left n-i-1, logic or operation, as i=0, m are done with p0To moving to left 30.
In step s310, i value increases by 1, and executes s304.
In step s311, if i < n, step s305-s311 is repeated, until s304 no longer meets condition, can be seen at this time To m0=1, m1=1, m30=1, i.e., upper bit of the 0th, 1,30 of clear data is 1.
Clear data after step s312, output decryption, this clear data p=1610612739.
In step s313, terminate decrypting process.
Fig. 4 is the flow chart that the ciphertext of ORE Encryption Algorithm compares, and clear data is p=1610612739=in this example 230+229+21+20, the bit number of clear data is n=31, and each clear data bit Bits Expanding is 10 bit, is denoted as out_ Blk_len=10, ciphertext 1 are ctxt1=14803069411772771925, and ciphertext 2 is ctxt1= 14803069411772771925, illustrate that the basic operation process for comparing ctxt1 and ctxt2 is as follows here:
In step s401, first ciphertext data ctxt1 and ctxt2 of the input by ORE encryption.
In step s402, the parameter carried to ciphertext data is checked.
In step s403, number of bits out_ after clear data number of bits n and each plaintext bit Bits Expanding is calculated Blk_len, n=31, out_blk_len=10 in the present embodiment represent i-th of bit of clear data p with season i, initially Value sets i=0.
In step s404, i < n, i.e., 0 < 31 are judged.
In step s405, the mask of ciphertext data after the i-th=0 bit bit encryption is calculated, block_mask is denoted as, this When block_mask=(2out_blk_len- 1) < < (n-i-1) * out_blk_len, as i=0, block_mask=(210) < < 300.
Logical AND operation is done in step s406, ciphertext data ctxt1 and block_mask, first moves to right (n-1-i) * out_ Blk_len, the value obtained after calculating is denoted as C1i, as i=0, C10=496.Calculate ciphertext data ctxt2 and block_ Mask does logical AND operation, first moves to right (n-1-i) * out_blk_len, and the value obtained after calculating is denoted as C2i, as i=0, C20=496.
In step s407, compare C1iWith C2iSize relation, if C1iGreater than C2i, the ciphertext for returning to ctxt1 is corresponding Plaintext numerical value is greater than the corresponding plaintext numerical value of ciphertext of ctxt2.If C1iLess than C2i, return to the corresponding plaintext of ciphertext of ctxt1 Numerical value is less than the corresponding plaintext numerical value of ciphertext of ctxt2.If C1iEqual to C2i, execute s408.
In step s408, i value increases by 1, and executes s404.
In step s409, if i < n, step s405-s409 is repeated, until s404 no longer meets condition, this is to return The corresponding plaintext numerical value of the ciphertext of ctxt1 is equal to the corresponding plaintext numerical value of ciphertext of ctxt2.
In step s410, terminate comparison procedure.
Fig. 5 compares search method overall framework figure based on the data base ciphertext for letting out sequence algorithm to be a kind of.Pass through database generation Reason rewrites sql, such as ORE Encryption Algorithm is called to encrypt data, calls database UDF function to ciphertext data It is compared retrieval.
In step s501, database client inputs the sql sentence needed to be implemented.Sql sentence is sent to database broker.
In step s502, the sql sentence that database client is sent is received, is parsed, judgement, which wherein whether there is, to be needed The field data to be rewritten.If it does, being rewritten to sql sentence, such as INSERT sql sentence calls ORE Encryption Algorithm Data are encrypted, when SELECT statement is replaced WHERE condition using UDF function.
In step s503, revised sql sentence is sent to database server, executes sql sentence, return executes knot Fruit, ciphertext is compared retrieval and is realized using UDF function call ORE ciphertext comparison algorithm here.
In step s504, the data that database broker returns to database server are handled, main comprising utilizing ORE The corresponding decipherment algorithm decryption of Encryption Algorithm, returns to plaintext result to database client.
In step s505, database client receives query result.
Fig. 6 is a kind of based on the database data flow chart for letting out sequence algorithm.Sql is rewritten by database broker, ORE Encryption Algorithm is called to encrypt data.For this example uses students database, have in student database One table student_info table includes id (student number), name (name), three fields of age (age), it is desirable that age field It encrypts, and searching ciphertext can be carried out by age.ORE ciphertext size of data compares the UDF for needing to call database Function cryptdb_func_compare, first parameter of the function are the field for needing to compare, and second parameter is to carry out The ciphertext constant compared, third parameter are comparison pattern character string, return to the Boolean type end value of comparison result.For not Same input, this example can illustrate the storage (INSERT) and retrieval (SELECT) of data.
Following steps illustrate the associated operating steps of data storage:
In step s601, User-Defined Functions are created in database server.
In step s602, the sql sentence needed to be implemented is inputted in database client, sends sql sentence to database generation Reason, data store sentence " INSERT INTO student_info VALUES (1, " FLK ", 8);"
In step s603, database broker receives the sql sentence that database client is sent, is parsed, judge the sql Whether sentence, which needs, is rewritten.
Include the age field for needing encipherment protection in step s604, database broker discovery sql sentence, needs to utilize ORE Encryption Algorithm is to age field data " it 8 " encrypts, sql sentence is rewritten, following to show:
In step s605, database broker sends revised sql sentence to database server.
In step s606, database server executes sql sentence, saves in the data to data library that age field is ciphertext.
In step s607, database server sends sql sentence implementing result to database broker.
In step s608, database broker judges whether at the result data for needing to return to database server Reason.Since INSERT implementing result does not need to handle, step s609 is skipped.
In step s610, database broker returns result to database client.
In step s611, database client receives result data, completes data storage operations.
Following steps can illustrate the relevant operation of data retrieval (SELECT).
In step s601, User-Defined Functions are created in database server.
In step s602, the sql sentence needed to be implemented is inputted in database client.Sql sentence is sent to database generation Reason, database retrieval sentence " age > 8 SELECT*FROM student_infoWHERE;".
In step s603, database broker receives the sql sentence that database client is sent, is parsed, judge the sql Whether sentence, which needs, is rewritten.
In step s604, database broker discovery wherein includes the comparison operation of age field, utilizes ORE Encryption Algorithm pair Age field data " 8 " is encrypted, and calls UDF function cryptdb_func_compare, first parameter " age " table Show and participate in the field that size compares, second parameter indicates the constant for participating in comparing, and third parameter " gt " expression is greater than, completes The comparison result for being greater than " 8 " to age field data is retrieved, and sql sentence is rewritten, following to show:
In step s605, database broker sends revised sql sentence to database server.
In step s606, database server executes sql sentence, calls database user custom function cryptdb_ Func_compare carries out size comparison to ORE encrypted cipher text, returns to the result set for meeting comparison result.Here it returns all The result set of age > 8.
In step s607, database server sends sql sentence implementing result to database broker.
In step s608, database broker judges whether at the result data for needing to return to database server Reason.Here include ciphertext field age in the result field returned, need that result is decrypted.
In step s609, database broker is using the corresponding decipherment algorithm of ORE Encryption Algorithm to age field ciphertext data solution It is close.
In step s610, result that database broker returns to that treated is to database client.
In step s611, database client receives result data, completes data retrieval operation.
The foregoing is merely illustrative of the preferred embodiments of the present invention, all in spirit of the invention not to limit the present invention With any modifications, equivalent replacements, and improvements made within principle etc., should all be included in the protection scope of the present invention.

Claims (5)

1. a kind of compare search method based on the data base ciphertext for letting out sequence algorithm, which has safety higher and encrypts Speed is fast, the low feature of expansion rate, it is characterised in that comprise the steps of:
Step 1: database client inputs sql sentence, sends sql sentence to database broker;
Step 2: database broker receives the sql sentence of client transmission, parses first to sql, to quick in sql sentence Sense data are rewritten, such as: when being inserted into data, the encryption of sequence Encryption Algorithm is let out to sensitive data use, to quick in sql sentence The rating unit of sense data is compared using User-Defined Functions;
Step 3: sending revised sql to database server, and execute sql sentence, complete data storage, use user Customized UDF function is compared retrieval;
Step 4: database server sends sql sentence implementing result to database broker;
Step 5: whether including sensitive field in database broker inspection result as a result, if comprising sensitive field as a result, using It lets out the corresponding decipherment algorithm of sequence Encryption Algorithm ciphertext data are decrypted, finally sends final result to database client;
Step 6: database client receives sql sentence implementing result.
A kind of search method is compared based on the data base ciphertext for letting out sequence algorithm 2. according to claim 1, which is characterized in that Sql sentence is rewritten in step 2 using letting out sequence Encryption Algorithm ORE.
A kind of search method is compared based on the data base ciphertext for letting out sequence algorithm 3. according to claim 1, which is characterized in that Sql sentence is rewritten using the UDF function based on ORE ciphertext comparison algorithm in step 2.
A kind of search method is compared based on the data base ciphertext for letting out sequence algorithm 4. according to claim 1, which is characterized in that The UDF function based on ORE ciphertext comparison algorithm is used in step 3 in database server, completes ciphertext ratio in the database Compared with search operaqtion.
A kind of search method is compared based on the data base ciphertext for letting out sequence algorithm 5. according to claim 1, which is characterized in that The ciphertext result returned in database server is decrypted using ORE decipherment algorithm in step 5.
CN201811237729.5A 2018-10-23 2018-10-23 Database ciphertext comparison and retrieval method based on order-releasing algorithm Active CN109117676B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811237729.5A CN109117676B (en) 2018-10-23 2018-10-23 Database ciphertext comparison and retrieval method based on order-releasing algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811237729.5A CN109117676B (en) 2018-10-23 2018-10-23 Database ciphertext comparison and retrieval method based on order-releasing algorithm

Publications (2)

Publication Number Publication Date
CN109117676A true CN109117676A (en) 2019-01-01
CN109117676B CN109117676B (en) 2022-02-25

Family

ID=64855444

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811237729.5A Active CN109117676B (en) 2018-10-23 2018-10-23 Database ciphertext comparison and retrieval method based on order-releasing algorithm

Country Status (1)

Country Link
CN (1) CN109117676B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112115488A (en) * 2019-06-20 2020-12-22 华控清交信息科技(北京)有限公司 Data processing method and device and electronic equipment
CN112115487A (en) * 2019-06-20 2020-12-22 华控清交信息科技(北京)有限公司 Data processing method and device and electronic equipment
CN117113422A (en) * 2023-10-24 2023-11-24 中电科网络安全科技股份有限公司 Database encryption method, device, equipment and medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104620533A (en) * 2012-06-22 2015-05-13 联邦科学技术研究组织 Homomorphic encryption for database querying
CN104881280A (en) * 2015-05-13 2015-09-02 南京邮电大学 Multi-search supporting design method for encrypted database middleware
CN108512840A (en) * 2018-03-21 2018-09-07 杭州弗兰科信息安全科技有限公司 One kind is based on letting out the encrypted cipher text retrieval method of sequence

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104620533A (en) * 2012-06-22 2015-05-13 联邦科学技术研究组织 Homomorphic encryption for database querying
CN104881280A (en) * 2015-05-13 2015-09-02 南京邮电大学 Multi-search supporting design method for encrypted database middleware
CN108512840A (en) * 2018-03-21 2018-09-07 杭州弗兰科信息安全科技有限公司 One kind is based on letting out the encrypted cipher text retrieval method of sequence

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
B DAN: "《Semantically Secure Order-Revealing Encryption: Multi-input Functional Encryption Without Obfuscation》", 《INTERNATIONAL CONFERENCE ON THE THEORY & APPLICATIONS OF CRYPTOGRAPHIC TECHNIQUES》 *
一个未入门DE情报学胖子: "《ore加密与解密方案梳理》", 《LEANOTE官方博客》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112115488A (en) * 2019-06-20 2020-12-22 华控清交信息科技(北京)有限公司 Data processing method and device and electronic equipment
CN112115487A (en) * 2019-06-20 2020-12-22 华控清交信息科技(北京)有限公司 Data processing method and device and electronic equipment
CN117113422A (en) * 2023-10-24 2023-11-24 中电科网络安全科技股份有限公司 Database encryption method, device, equipment and medium

Also Published As

Publication number Publication date
CN109117676B (en) 2022-02-25

Similar Documents

Publication Publication Date Title
CN107077469B (en) Server device, search system, terminal device, and search method
US10489604B2 (en) Searchable encryption processing system and searchable encryption processing method
CN110214325B (en) Method and system for data shielding
US10476662B2 (en) Method for operating a distributed key-value store
Yuan et al. Enckv: An encrypted key-value store with rich queries
CN107038383A (en) A kind of method and apparatus of data processing
CN105320613B (en) System and method for dynamic data storage
Liu et al. Efficient searchable symmetric encryption for storing multiple source dynamic social data on cloud
CN111587452B (en) Registration device, search operation device, data management device, and computer-readable storage medium
CN109117676A (en) It is a kind of that search method is compared based on the data base ciphertext for letting out sequence algorithm
JP6599066B1 (en) Registration device, server device, secret search system, secret search method, registration program, and server program
US10733317B2 (en) Searchable encryption processing system
CN109934001A (en) A kind of data ciphering method based on normal cloud model
CN108512840A (en) One kind is based on letting out the encrypted cipher text retrieval method of sequence
CN108370312B (en) Encryption device, search device, computer-readable recording medium, encryption method, and search method
JPWO2019053788A1 (en) Data processing device, data processing method, and data processing program
Malik et al. A homomorphic approach for security and privacy preservation of Smart Airports
CN111046431B (en) Data processing method, query method, device, electronic equipment and system
CN111046408A (en) Judgment result processing method, query method, device, electronic equipment and system
Ti et al. Benchmarking dynamic searchable symmetric encryption scheme for cloud-internet of things applications
CN109495430A (en) It is a kind of based on let out sequence encryption decipherment algorithm
Yamamoto Secure automata-based substring search scheme on encrypted data
JP6918253B2 (en) Confidential search system and Confidential search method
Chinni et al. Enabling fine-grained multi-keyword search supporting classified sub-dictionaries over encrypted cloud data
Nita et al. Searchable Encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant