CN110474764B - Ciphertext data set intersection calculation method, device, system, client, server and medium - Google Patents

Ciphertext data set intersection calculation method, device, system, client, server and medium Download PDF

Info

Publication number
CN110474764B
CN110474764B CN201910644183.3A CN201910644183A CN110474764B CN 110474764 B CN110474764 B CN 110474764B CN 201910644183 A CN201910644183 A CN 201910644183A CN 110474764 B CN110474764 B CN 110474764B
Authority
CN
China
Prior art keywords
ciphertext data
user
data set
authorization
authorization level
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910644183.3A
Other languages
Chinese (zh)
Other versions
CN110474764A (en
Inventor
黄琼
王元昊
肖媚燕
苗莹
刘文博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
South China Agricultural University
Original Assignee
South China Agricultural University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by South China Agricultural University filed Critical South China Agricultural University
Priority to CN201910644183.3A priority Critical patent/CN110474764B/en
Publication of CN110474764A publication Critical patent/CN110474764A/en
Application granted granted Critical
Publication of CN110474764B publication Critical patent/CN110474764B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method, a device, a system, a client, a server and a medium for calculating the intersection of ciphertext data sets, wherein the method comprises the following steps: encrypting the plaintext data set according to the public key of the user to obtain a ciphertext data set, and sending the ciphertext data set to the server; generating authorization information of the authorization level according to the authorization level selected by the user; sending the authorization information to a server so that the server calculates to obtain an intermediate value set according to the ciphertext data set and the authorization information, performing intersection calculation on the ciphertext data sets of two users according to the intermediate value sets of the two users meeting the authorization level to generate a ciphertext data set intersection, and sending the ciphertext data set intersection to the client of the corresponding user; receiving a ciphertext data set intersection sent by a server; and decrypting the intersection of the ciphertext data sets according to the intersection of the ciphertext data sets input by the user and the private key to obtain the intersection of the plaintext data sets. The invention obviously improves the flexibility on the premise of ensuring the safety.

Description

Ciphertext data set intersection calculation method, device, system, client, server and medium
Technical Field
The invention relates to a method, a device, a system, a client, a server and a medium for calculating the intersection of ciphertext data sets, and belongs to the field of data security.
Background
Cloud storage is an important service in cloud computing, so that data backup and data sharing are facilitated, data loss is prevented, and the storage cost of data can be effectively reduced. With the development of cloud storage technology and the frequent occurrence of data leakage accidents in recent years, users pay more attention to the security of data in cloud storage.
The data uploaded to the cloud by businesses and users may be confidential data, such as personnel files and medical records. The data is encrypted and uploaded, so that the safety of the data can be effectively improved, and the original structure and characteristics of the data are damaged. Therefore, it is difficult to perform calculation on the ciphertext data. Because set intersection calculation is involved in data mining, duplicate file inspection and gene detection and is used for acquiring data features or labels for classification, the set intersection calculation of encrypted data needs to be realized.
Currently, there are two major types of encryption data set intersection calculation methods, which are a two-party calculation protocol and a multi-party calculation protocol. The former, such as patent literature (publication No.: CN109657489A, published 2019, 4/19), requires users to directly participate in computing, requires users to have sufficient computing power, and is not easily converted into a version on the cloud. The latter, for example, patent document (publication No. CN105812141A, published: 2016, 7, 27), encrypts data for a plurality of users, uploads the encrypted data to a cloud server, provides authorization, performs set intersection calculation by the cloud server, returns the encrypted calculation result to the user, and decrypts the user locally. However, the authorization provided by the user in this method can enable the cloud server to freely perform set intersection calculation on all data of the user, and cannot implement fine-grained authorization, that is, the cloud server cannot operate only on part of the data, and cannot specify the user performing the set intersection calculation. For example, the first user, the second user and the third user upload encrypted gene data to the cloud server, the first user wishes to perform paternity testing with the second user (the technology requires set intersection calculation), and therefore needs to submit authorization to the cloud server, but the cloud server cannot be prohibited from performing set intersection operation on own data and data of the third user.
Disclosure of Invention
In view of this, the present invention provides a method, an apparatus, a computer device, and a storage medium for calculating an intersection of ciphertext data sets, which enable a user to select a user who allows a server to operate a specified ciphertext data set and to perform the intersection of ciphertext data sets, and significantly improve flexibility while ensuring security.
The first purpose of the present invention is to provide a ciphertext data set intersection calculation method, which is applied to a client.
The second objective of the present invention is to provide a ciphertext data set intersection calculation method, which is applied to a server.
The third objective of the present invention is to provide a ciphertext data set intersection calculation apparatus, which is applied to a client.
A fourth object of the present invention is to provide a ciphertext data set intersection calculation apparatus, which is applied to a server.
A fifth object of the present invention is to provide a ciphertext data set intersection calculation system.
A sixth object of the present invention is to provide a client.
A seventh object of the present invention is to provide a server.
An eighth object of the present invention is to provide a storage medium.
The first purpose of the invention can be achieved by adopting the following technical scheme:
a ciphertext data set intersection calculation method is applied to a client, and comprises the following steps:
generating a public key and a private key of a user;
encrypting the plaintext data set according to the plaintext data set and the public key input by the user to obtain a ciphertext data set, and sending the ciphertext data set to the server so that the server stores the ciphertext data set in a ciphertext database;
generating authorization information of the authorization level according to the authorization level selected by the user;
sending the authorization information to a server so that the server acquires a ciphertext data set from a ciphertext database, calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information, performing intersection calculation on the ciphertext data sets of two users according to the intermediate value sets of the two users in accordance with authorization levels to generate a ciphertext data set intersection, and sending the ciphertext data set intersection to a client of the corresponding user;
receiving a ciphertext data set intersection sent by a server;
and decrypting the intersection of the ciphertext data sets according to the intersection of the ciphertext data sets input by the user and the private key to obtain the intersection of the plaintext data sets.
Further, the generating of the authorization information of the level according to the authorization level selected by the user specifically includes:
when the user selects the first authorization level, obtaining the private key of the user, and calculating the authorization information of the first authorization level, as follows:
Figure GDA0002893568860000021
wherein, yiIs an element in the private key of the user i, and w is a system parameter;
when the user selects the second authorization level, obtaining the private key of the user and the public key of the appointed user, and calculating the authorization information of the second authorization level, as follows:
Figure GDA0002893568860000031
wherein, yiAnd ziFor two elements in the private key of user i,
Figure GDA0002893568860000032
and
Figure GDA0002893568860000033
two elements in a public key of a designated user j;
when the user selects the third authorization level, obtaining the private key of the user and each ciphertext data of the designated ciphertext data set, and calculating the authorization information of the third authorization level, as follows:
Figure GDA0002893568860000034
wherein, yiIs an element of the private key of user i, Cp,2One element for each ciphertext data in the specified ciphertext data set;
when the user selects the fourth authorization level, obtaining the private key of the user, the public key of the specified user and each ciphertext data of the specified ciphertext data set, and calculating the authorization information of the fourth authorization level, as follows:
Figure GDA0002893568860000035
wherein, yiFor one element in the private key of user i,
Figure GDA0002893568860000036
to specify an element in the public key of user j, Cp,2One element for each ciphertext data in the specified ciphertext data set;
the first authorization level is to allow the server to perform intersection calculation on all ciphertext data sets and all user ciphertext data sets; the second authorization level is to allow the server to perform intersection calculation on all ciphertext data sets and the ciphertext data set of the specified user; the third authorization level is to allow the server to perform intersection calculation on the designated ciphertext data set and the ciphertext data sets of all users; the fourth authorization level refers to allowing the server to perform intersection calculations on the specified ciphertext data set with the ciphertext data set of the specified user.
The second purpose of the invention can be achieved by adopting the following technical scheme:
a ciphertext data set intersection calculation method is applied to a server and comprises the following steps:
receiving a ciphertext data set sent by a client, and storing the ciphertext data set in a ciphertext database;
receiving authorization information sent by a client; the authorization information is the authorization information of the authorization level generated according to the authorization level selected by the user;
acquiring a ciphertext data set from the ciphertext database, and calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information;
and performing intersection calculation on the ciphertext data sets of the two users according to the intermediate value sets of the two users which accord with the authorization level to generate a ciphertext data set intersection, and sending the ciphertext data set intersection to the client of the corresponding user.
Further, the calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information specifically includes:
when the user selects the first authorization level, calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information of the first authorization level; wherein each intermediate value in the set of intermediate values is calculated as follows:
Figure GDA0002893568860000041
in the formula, Cp,2And Cp,4Two elements, Td, of each ciphertext data in the ciphertext data set for user i1,iAuthorization information of a first authorization level for user i, TpFor each intermediate value in the set of intermediate values for user i;
when the user selects the second authorization level, calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information of the second authorization level; wherein each intermediate value in the set of intermediate values is calculated as follows:
Figure GDA0002893568860000042
Figure GDA0002893568860000043
in the formula, Cp,2、Cp,3And Cp,4For each of the three elements, Td, of the ciphertext data set of user i2,i,jA、 Td2,i,jB are two elements of authorization information of a second authorization level of user i, TpFor each intermediate value in the set of intermediate values for user i;
when the user selects the third authorization level, calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information of the third authorization level; wherein each intermediate value in the set of intermediate values is calculated as follows:
Figure GDA0002893568860000044
in the formula, Cp,2And Cp,4For user i two elements of each ciphertext data in the specified ciphertext data set,
Figure GDA0002893568860000048
authorization information of a third authorization level for user i, TpFor each intermediate value in the set of intermediate values for user i, w is a system parameter;
when the user selects the fourth authorization level, calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information of the fourth authorization level; wherein each intermediate value in the set of intermediate values is calculated as follows:
Figure GDA0002893568860000045
Figure GDA0002893568860000046
in the formula, Cp,3And Cp,4For user i two elements of each ciphertext data in the specified ciphertext data set,
Figure GDA0002893568860000049
authorization information for a fourth authorization level for user i,
Figure GDA0002893568860000047
to specify an element in the public key of user j, TpFor each intermediate value in the set of intermediate values for user i;
the first authorization level is to allow the server to perform intersection calculation on all ciphertext data sets and all user ciphertext data sets; the second authorization level is to allow the server to perform intersection calculation on all ciphertext data sets and the ciphertext data set of the specified user; the third authorization level is to allow the server to perform intersection calculation on the designated ciphertext data set and the ciphertext data sets of all users; the fourth authorization level refers to allowing the server to perform intersection calculations on the specified ciphertext data set with the ciphertext data set of the specified user.
The third purpose of the invention can be achieved by adopting the following technical scheme:
a ciphertext data set intersection calculation apparatus for use at a client, the apparatus comprising:
the first generation module is used for generating a public key and a private key of a user;
the encryption module is used for encrypting the plaintext data set according to the plaintext data set and the public key input by the user to obtain a ciphertext data set and sending the ciphertext data set to the server so that the server stores the ciphertext data set in the ciphertext database;
the second generation module is used for generating the authorization information of the authorization level according to the authorization level selected by the user;
the sending module is used for sending the authorization information to the server so that the server can acquire a ciphertext data set from the ciphertext database, calculate to obtain an intermediate value set according to the ciphertext data set and the authorization information, perform intersection calculation on the ciphertext data sets of two users according to the intermediate value sets of the two users meeting the authorization level to generate a ciphertext data set intersection, and send the ciphertext data set intersection to the client sides of the corresponding users;
the receiving module is used for receiving the ciphertext data set intersection sent by the server side;
and the decryption module is used for decrypting the ciphertext data set intersection according to the ciphertext data set intersection and the private key input by the user to obtain the plaintext data set intersection.
The fourth purpose of the invention can be achieved by adopting the following technical scheme:
a ciphertext data set intersection calculation apparatus applied to a server, the apparatus comprising:
the first receiving module is used for receiving the ciphertext data set sent by the client and storing the ciphertext data set in the ciphertext database;
the second receiving module is used for receiving the authorization information sent by the client; the authorization information is the authorization information of the authorization level generated according to the authorization level selected by the user;
the first calculation module is used for acquiring a ciphertext data set from the ciphertext database and calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information;
and the second calculation module is used for performing intersection calculation on the ciphertext data sets of the two users according to the intermediate value sets of the two users meeting the authorization level to generate a ciphertext data set intersection and sending the ciphertext data set intersection to the client of the corresponding user.
The fifth purpose of the invention can be achieved by adopting the following technical scheme:
a ciphertext data set intersection calculation system comprises a plurality of clients and a server, wherein the clients are respectively connected with the server;
the client is used for executing the ciphertext data set intersection calculation method applied to the client;
the server is used for executing the ciphertext data set intersection calculation method applied to the server.
The sixth purpose of the invention can be achieved by adopting the following technical scheme:
the client comprises a processor and a memory for storing an executable program of the processor, and when the processor executes the program stored in the memory, the ciphertext data set intersection calculation method applied to the client is realized.
The seventh purpose of the invention can be achieved by adopting the following technical scheme:
a server comprises a processor and a memory for storing a processor executable program, wherein when the processor executes the program stored in the memory, the ciphertext data set intersection calculation method applied to the server is realized.
The eighth purpose of the invention can be achieved by adopting the following technical scheme:
a storage medium stores a program that, when executed by a processor, implements the above-described ciphertext data set intersection calculation method.
Compared with the prior art, the invention has the following beneficial effects:
1. the method stores the ciphertext data set of the user in the ciphertext database of the server in a special plaintext data set encryption mode, if the server does not obtain the authorization of the user, decryption and data set intersection calculation cannot be carried out, and if the server obtains the authorization of the user, data set intersection calculation of a corresponding level can be carried out; the method can perform fine-grained authorization on the premise of ensuring safe data storage, namely, the cloud server is enabled to operate only on the designated ciphertext data set, or designate users for performing the intersection calculation of the ciphertext data set.
2. The invention adopts the ciphertext data outsourcing form, on one hand, the data backup and the data sharing are convenient, the data loss is prevented, on the other hand, the local storage cost is saved, the ciphertext data set intersection calculation is carried out on the server, the problem of insufficient calculation capacity of a local client is solved, the calculation can be carried out on the premise of ensuring the data safety, the decryption is carried out on the local client, and the data leakage is effectively prevented.
3. The invention effectively ensures the data security based on the example of the assumption of the deterministic bilinear Diffie-Hellman and the computational bilinear Diffie-Hellman.
4. The invention can be connected with most of ciphertext databases, so that a user can select a user which allows the server to operate the appointed ciphertext data set and appoint the user to carry out the intersection calculation of the ciphertext data set, and the flexibility is obviously improved.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the structures shown in the drawings without creative efforts.
Fig. 1 is a flowchart of a ciphertext data set intersection calculation method according to embodiment 1 of the present invention.
Fig. 2 is a flowchart of public key and private key calculation of a user according to embodiment 1 of the present invention.
Fig. 3 is a flowchart of data set encryption according to embodiment 1 of the present invention.
Fig. 4 is a schematic diagram of a first authorization level in embodiment 1 of the present invention.
Fig. 5 is a diagram illustrating a second authorization level according to embodiment 1 of the present invention.
Fig. 6 is a diagram illustrating a third authorization level according to embodiment 1 of the present invention.
Fig. 7 is a diagram illustrating a fourth authorization level according to embodiment 1 of the present invention.
Fig. 8 is a flowchart of authorization information generation in embodiment 1 of the present invention.
Fig. 9 is a flowchart of a ciphertext data set intersection calculation method in embodiment 2 of the present invention.
FIG. 10 is a flowchart of the intermediate value set calculation according to embodiment 2 of the present invention.
Fig. 11 is a flowchart of intersection calculation in embodiment 2 of the present invention.
Fig. 12 is a block diagram of a ciphertext data set intersection calculation system according to embodiment 3 of the present invention.
Fig. 13 is a flowchart of ciphertext data set decryption in embodiment 3 of the present invention.
Fig. 14 is a block diagram of a client according to embodiment 3 of the present invention.
Fig. 15 is a block diagram of a server according to embodiment 3 of the present invention.
Fig. 16 is a block diagram of a structure of a ciphertext data set intersection calculation apparatus in embodiment 4 of the present invention.
Fig. 17 is a block diagram of a structure of a ciphertext data set intersection calculation apparatus in embodiment 5 of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some embodiments of the present invention, but not all embodiments, and all other embodiments obtained by a person of ordinary skill in the art without creative efforts based on the embodiments of the present invention belong to the protection scope of the present invention.
Example 1:
as shown in fig. 1, this embodiment provides a ciphertext data set intersection calculation method, which is applied to a client, and includes the following steps:
s101, generating a public key and a private key of a user.
Each user uses one client, and for a certain user i, the public key and the private key of the user i are both generated by the client used by the user i, as shown in fig. 2, specifically including:
s1011, after the user i starts the client and selects to register, the client generates a random number xi,yi,
Figure GDA0002893568860000081
S1012, the client calculates the public key of the user i
Figure GDA0002893568860000082
And private key (x)i,yi,zi)。
S102, encrypting the plaintext data set according to the plaintext data set and the public key input by the user to obtain a ciphertext data set, and sending the ciphertext data set to the server.
As shown in fig. 3, the step S102 specifically includes the following steps:
s1021, user i inputs plaintext data set D ═ D (D)1,…,Dn) And public key
Figure GDA0002893568860000083
To the client, the client obtains the public key of the user i
Figure GDA0002893568860000084
And a plaintext data set D ═ D (D)1,…,Dn)。
S1022, for each in the plaintext data set DIndividual data Dp(p is more than or equal to 1 and less than or equal to n), the client generates a random number
Figure GDA0002893568860000085
S1023, calculating ciphertext C corresponding to each plaintext data in the client plaintext data set Dp,Cp= (Cp,1,Cp,2,Cp,3,Cp,4,Cp,5)。
Figure GDA0002893568860000086
All plaintext data are encrypted to obtain ciphertext data set C ═ C (C)1,…,Cn) Each ciphertext data in the ciphertext data set C is Cp(1≤p≤n)。
And S1024, the client sends the ciphertext data set to the server, and the server stores the ciphertext data set in the ciphertext database after receiving the ciphertext data set sent by the client.
S103, generating authorization information of the authorization level according to the authorization level selected by the user.
After a user sends a ciphertext data set intersection calculation request to a server through a client, four authorization levels can be selected, as follows:
1) the first authorization level: allowing the server to perform intersection calculation on all ciphertext data sets and ciphertext data sets of all users, as shown in fig. 4, taking three users as an example, the three users are a first user, a second user and a third user, respectively, and the ciphertext data set of the first user may perform intersection calculation with the ciphertext data set of the second user or may perform intersection calculation with the ciphertext data set of the third user.
2) The second authorization level: allowing the server to perform intersection calculation on all ciphertext data sets and ciphertext data sets of the designated users, as shown in fig. 5, taking three users as an example, the three users are a first user, a second user and a third user respectively, wherein the second user is the designated user, and the ciphertext data set of the first user may only perform intersection calculation with the ciphertext data set of the second user, but may not perform intersection calculation with the ciphertext data set of the third user.
3) The third authorization level: allowing the server to perform intersection calculation on the designated ciphertext data set and the ciphertext data sets of all users, as shown in fig. 6, taking three users as an example, the three users are a first user, a second user and a third user respectively, where part of files (such as file 1, file 2, etc.) of the first user are designated files, and a corresponding designated ciphertext data set thereof may perform intersection calculation with the ciphertext data set of the second user or may perform intersection calculation with the ciphertext data set of the third user, and the corresponding ciphertext data sets of the remaining files (such as file n, etc.) of the first user may neither perform intersection calculation with the ciphertext data set of the second user nor perform intersection calculation with the ciphertext data set of the third user.
4) A fourth authorization level: allowing the server to perform intersection calculation on the designated ciphertext data set and the ciphertext data set of the designated user, as shown in fig. 7, taking three users as an example, where the three users are a first user, a second user and a third user respectively, where a part of files (such as file 1, file 2, etc.) of the first user are designated files, the second user is the designated user, the designated ciphertext data set corresponding to the designated file of the first user may only perform intersection calculation with the ciphertext data set of the second user and may not perform intersection calculation with the ciphertext data set of the third user, and the ciphertext data sets corresponding to the remaining files (such as file n, etc.) of the first user may neither perform intersection calculation with the ciphertext data set of the second user nor perform intersection calculation with the ciphertext data set of the third user.
As shown in fig. 8, the step S103 specifically includes the following steps:
s1031, if the user i selects the first authorization level, the client obtains the private key of the user i, and calculates authorization information of the first authorization level, as follows:
Figure GDA0002893568860000091
wherein, yiTo useOne element, w, in the private key of user i is a system parameter.
S1032, if the user i selects the second authorization level, the client acquires the private key of the user i and the public key of the designated user j, and calculates the authorization information of the second authorization level, as follows:
Figure GDA0002893568860000092
wherein, yiAnd ziFor two elements in the private key of user i,
Figure GDA0002893568860000093
and
Figure GDA0002893568860000094
two elements of the public key of a given user j.
S1033, if the user i selects the third authorization level, the client acquires the private key of the user i and each ciphertext data C of the designated ciphertext data setpAnd calculating authorization information of a third authorization level, as follows:
Figure GDA0002893568860000101
wherein, yiIs an element of the private key of user i, Cp,2One element for each ciphertext data in the specified set of ciphertext data.
S1034, if the user i selects the fourth authorization level, the client acquires the private key of the user i, the public key of the designated user j and each ciphertext data C of the designated ciphertext data setpAnd calculating authorization information of a fourth authorization level as follows:
Figure GDA0002893568860000102
wherein, yiIs an element, h, in the private key of user izjTo an element in the public key of a given user j,Cp,2One element for each ciphertext data in the specified set of ciphertext data.
And S104, sending the authorization information to a server.
The client side sends the authorization information of the authorization level selected by the user to the server, the server obtains a ciphertext data set from the ciphertext database after receiving the authorization information, an intermediate value set is obtained through calculation according to the ciphertext data set and the authorization information, intersection calculation is carried out on the ciphertext data sets of the two users according to the intermediate value sets of the two users meeting the authorization level, a ciphertext data set intersection is generated, and the ciphertext data set intersection is sent to the client side of the corresponding user.
And S105, receiving the ciphertext data set intersection sent by the server.
And S106, decrypting the intersection of the ciphertext data sets according to the intersection of the ciphertext data sets input by the user and the private key to obtain the intersection of the plaintext data sets.
As shown in fig. 9, the step S106 specifically includes:
s1061, inputting ciphertext data aggregation and private key (x) by user ii,yi,zi) To the client, the client obtains the private key of the user i, and obtains the ciphertext data set of the user i from the ciphertext database of the server 1302;
s1062, the client calculates each ciphertext data C in the ciphertext data intersection according to the ciphertext data intersection and the private key input by the user ip(1. ltoreq. p. ltoreq.n) corresponding plaintext data DpThe following formula:
Figure GDA0002893568860000103
after all the ciphertext data are decrypted, the plaintext data intersection D ═ D is obtained1,…,Dn) For display to user i.
Example 2:
as shown in fig. 10, this embodiment provides a ciphertext data set intersection calculation method, where the method is applied to a server, and includes the following steps:
s1001, receiving the ciphertext data set sent by the client, and storing the ciphertext data set in a ciphertext database.
The client encrypts the plaintext data set according to the plaintext data set and the public key input by the user to obtain a ciphertext data set, sends the ciphertext data set to the server, and the server stores the ciphertext data set in the ciphertext database after receiving the ciphertext data set sent by the client.
S1002, receiving authorization information sent by a client.
After a user sends a ciphertext data set intersection calculation request to a server through a client, as described in embodiment 1, four authorization levels (a first authorization level, a second authorization level, a third authorization level, and a fourth authorization level) may be selected, authorization information of the authorization level is generated according to the authorization level selected by the user, and the authorization information is sent to the server and received by the server.
S1003, acquiring the ciphertext data set from the ciphertext database, and calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information.
As shown in fig. 11, the step S1003 specifically includes the following steps:
s10031, if the user selects the first authorization level, that is, the authorization information is the authorization information of the first authorization level, the server calculates to obtain an intermediate value set according to the ciphertext data set and the authorization information of the first authorization level.
For a certain user i, the intermediate value is calculated as follows:
Figure GDA0002893568860000111
in the formula, Cp,2And Cp,4Two elements, Td, of each ciphertext data in the ciphertext data set for user i1,iAuthorization information of a first authorization level for user i, TpFor each intermediate value in the set of intermediate values for user i;
and after all the ciphertext data of the ciphertext data set of the user i are processed, obtaining an intermediate value set of the user i.
S10032, if the user selects the second authorization level, that is, the authorization information is the authorization information of the second authorization level, the server calculates to obtain an intermediate value set according to the ciphertext data set and the authorization information of the second authorization level.
For a certain user i, the intermediate value is calculated as follows:
Figure GDA0002893568860000112
Figure GDA0002893568860000113
in the formula, Cp,2、Cp,3And Cp,4For each of the three elements, Td, of the ciphertext data set of user i2,i,jA、 Td2,i,jB are two elements of authorization information of a second authorization level of user i, TpFor each intermediate value in the set of intermediate values for user i;
and after all the ciphertext data of the ciphertext data set of the user i are processed, obtaining an intermediate value set of the user i.
S10033, if the user selects the third authorization level, that is, the authorization information is the authorization information of the third authorization level, the server calculates to obtain an intermediate value set according to the ciphertext data set and the authorization information of the third authorization level.
For a certain user i, the intermediate value is calculated as follows:
Figure GDA0002893568860000121
in the formula, Cp,2And Cp,4For user i two elements of each ciphertext data in the specified ciphertext data set,
Figure GDA0002893568860000126
authorization information of a third authorization level for user i, TpFor each intermediate value in the set of intermediate values for user i;
and after all the ciphertext data of the designated ciphertext data set of the user i are processed, obtaining an intermediate value set of the user i.
S10034, if the user selects the fourth authorization level, that is, the authorization information is the authorization information of the fourth authorization level, calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information of the fourth authorization level.
For a certain user i, the intermediate value is calculated as follows:
Figure GDA0002893568860000122
Figure GDA0002893568860000123
in the formula, Cp,3And Cp,4For user i two elements of each ciphertext data in the specified ciphertext data set,
Figure GDA0002893568860000124
authorization information for a fourth authorization level for user i,
Figure GDA0002893568860000125
to specify an element in the public key of user j, TpFor each intermediate value in the set of intermediate values for user i;
and after all the ciphertext data of the designated ciphertext data set of the user i are processed, obtaining an intermediate value set of the user i.
And S1004, performing intersection calculation on the ciphertext data sets of the two users according to the intermediate value sets of the two users meeting the authorization level to generate a ciphertext data set intersection, and sending the ciphertext data set intersection to the client of the corresponding user.
As shown in fig. 12, the step S1004 specifically includes the following steps:
s10041, traversing the intermediate value sets of the two users meeting the authorization level, respectively storing the ciphertexts corresponding to the equal intermediate values in respective calculation result lists, and generating a cipher text data set intersection.
Suppose that two users meeting the authorization level are user i and user j respectively, and each ciphertext data in the ciphertext data set of user j is CqThe calculation can be seen in step S102 of embodiment 1, above, where each intermediate value in the set of intermediate values for user j is TqFor the calculation, see step S1003 above, and are not described in detail here.
The server maintains two initially empty calculation result lists L1And L2For each ciphertext data C in the user i's ciphertext data setpEach ciphertext data C of the ciphertext data set with user jqComparing the intermediate values in the intermediate value set of the user i with the intermediate values in the intermediate value set of the user j one by one if Tp=TqThen C will bepDeposit into L1Mixing C withqDeposit into L2Is prepared by mixing L1And L2As the ciphertext data set intersection.
S10042, sending the ciphertext data set intersection to the client of the corresponding user.
After all comparisons are completed, L is compared1Sending L to client of user i2And sending the decrypted data to a client of a user j, decrypting the ciphertext data set intersection of the user i by the client of the user i, and decrypting the ciphertext data set intersection of the user j by the client of the user j.
Those skilled in the art will appreciate that all or part of the steps in the method of embodiments 1-2 may be implemented by a program to instruct related hardware, and the corresponding program may be stored in a computer readable storage medium.
It should be noted that although the method operations of embodiments 1-2 above are depicted in the drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Rather, the depicted steps may change the order of execution. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
Example 3:
as shown in fig. 13, this embodiment provides a ciphertext data set intersection calculation system, which includes n clients 1301 and a server 1302, where the n clients 1301 have the same function, but are used by different users, that is, there are n users in total, and each user uses one client 1301, and the n clients 1301 cannot communicate with each other, and are connected to and communicate with the server 1302 respectively.
The client 1301 is used for generating a public key and a private key of a user; encrypting the plaintext data set according to the plaintext data set and the public key input by the user to obtain a ciphertext data set, and sending the ciphertext data set to the server 1302; generating authorization information of the authorization level according to the authorization level selected by the user; sending authorization information to the server 1302; receiving the ciphertext data set intersection sent by the server 1302; and decrypting the intersection of the ciphertext data sets according to the intersection of the ciphertext data sets input by the user and the private key to obtain the intersection of the plaintext data sets.
The user may also obtain the ciphertext data set of the user from the ciphertext database of the server 1302 through the client 1301, then the user inputs the ciphertext data set and the private key, and the client decrypts the ciphertext data set according to the ciphertext data set and the private key input by the user to obtain a plaintext data set to be displayed to the user.
The server 1302 receives the ciphertext data set sent by the client 1301 and stores the ciphertext data set in a ciphertext database; receiving authorization information sent by a client 1301, wherein the authorization information is generated according to an authorization level selected by a user; acquiring a ciphertext data set from the ciphertext database, and calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information; and performing intersection calculation on the ciphertext data sets of the two users according to the intermediate value sets of the two users meeting the authorization level to generate a ciphertext data set intersection, and sending the ciphertext data set intersection to the client 1301 of the corresponding user.
As shown in fig. 14, the client 1301 may be a computer, a mobile phone, a tablet computer, or the like, the first processor 13011, the first memory 13012, the input unit 13013, the display unit 13014, the transmission module 13015, or the like, the first memory 13012, the input unit 13013, the display unit 13014, and the transmission module 13015 are respectively connected to the first processor 13011, the first memory 13012 may be used to store a computer program, and when the first processor 13011 runs the computer program stored in the first memory 13012, the functions of the client 1301 are implemented.
As shown in fig. 15, the server 1302 includes a second processor 13022, a first memory, and a network interface 13023 connected by a system bus 13021; wherein the second processor 13022 is used to provide computing and control capabilities, the first memory includes a nonvolatile storage medium 13024 and an internal memory 13025, the nonvolatile storage medium 13024 stores an operating system, a computer program and a database, the internal memory 13025 provides an environment for the operating system and the computer program in the nonvolatile storage medium to run, and the computer program, when executed by the second processor 13022, implements the functions of the server 1302 as described above.
Example 4:
as shown in fig. 16, the present embodiment provides a ciphertext data set intersection calculation apparatus, which is applied to a client, and includes a first generation module 1601, an encryption module 1602, a second generation module 1603, a sending module 1604, a receiving module 1605, and a decryption module 1606, where specific functions of each module are as follows:
the first generating module 1601 is configured to generate a public key and a private key of a user.
The encrypting module 1602 is configured to encrypt the plaintext data set according to the plaintext data set and the public key input by the user to obtain a ciphertext data set, and send the ciphertext data set to the server, so that the server stores the ciphertext data set in the ciphertext database.
The second generating module 1603 is configured to generate authorization information of the authorization level according to the authorization level selected by the user.
The sending module 1604 is configured to send the authorization information to the server, so that the server obtains a ciphertext data set from the ciphertext database, calculates an intermediate value set according to the ciphertext data set and the authorization information, performs intersection calculation on the ciphertext data sets of two users according to the intermediate value sets of the two users that meet the authorization level, generates a ciphertext data set intersection, and sends the ciphertext data set intersection to the users.
The receiving module 1605 is configured to receive a ciphertext data set intersection sent by the server;
the decryption module 1606 is configured to decrypt the ciphertext data set intersection according to the ciphertext data set intersection and the public key input by the user, so as to obtain a plaintext data set intersection.
For specific implementation of each module in this embodiment, reference may be made to embodiment 1, which is not described herein again.
Example 5:
as shown in fig. 17, the present embodiment provides a ciphertext data set intersection calculation apparatus, which is applied to a server, and includes a first receiving module 1701, a second receiving module 1702, a first calculation module 1703, and a second calculation module 1704, where specific functions of each module are as follows:
the first receiving module 1701 is configured to receive a ciphertext data set sent by a client, and store the ciphertext data set in a ciphertext database.
The second receiving module 1702 is configured to receive authorization information sent by the client; the authorization information is the authorization information of the authorization level generated according to the authorization level selected by the user.
The first calculating module 1703 is configured to obtain a ciphertext data set from the ciphertext database, and calculate an intermediate value set according to the ciphertext data set and the authorization information.
The second calculating module 1704 is configured to perform intersection calculation on the ciphertext data sets of the two users according to the intermediate value sets of the two users that meet the authorization level, generate a ciphertext data set intersection, and send the ciphertext data set intersection to the client of the corresponding user.
For specific implementation of each module in this embodiment, reference may be made to embodiment 2 above, and details are not described here.
It should be noted that the apparatuses provided in embodiments 4 to 5 are only illustrated by dividing the functional modules, and in practical applications, the functions may be distributed by different functional modules according to needs, that is, the internal structure may be divided into different functional modules to complete all or part of the functions described above.
It is to be understood that the terms "first", "second", and the like used in the devices of the above embodiments 4 to 5 may be used to describe various units, but the units are not limited by these terms. These terms are only used to distinguish one module from another. For example, a first computing module may be referred to as a second computing module, and similarly, a second computing module may be referred to as a first computing module, both the first and second computing modules being computing modules, but not the same, without departing from the scope of the present disclosure.
Example 6:
the present embodiment provides a storage medium, which is a computer-readable storage medium, and stores a computer program, and when the program is executed by a processor and the processor executes the computer program stored in the memory, the method for computing the intersection of ciphertext data sets of the foregoing embodiment 1 is implemented as follows:
generating a public key and a private key of a user;
encrypting the plaintext data set according to the plaintext data set and the public key input by the user to obtain a ciphertext data set, and sending the ciphertext data set to the server so that the server stores the ciphertext data set in a ciphertext database;
generating authorization information of the authorization level according to the authorization level selected by the user;
sending the authorization information to a server so that the server acquires a ciphertext data set from a ciphertext database, calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information, performing intersection calculation on the ciphertext data sets of two users according to the intermediate value sets of the two users in accordance with authorization levels to generate a ciphertext data set intersection, and sending the ciphertext data set intersection to a client of the corresponding user;
receiving a ciphertext data set intersection sent by a server;
and decrypting the intersection of the ciphertext data sets according to the intersection of the ciphertext data sets input by the user and the private key to obtain the intersection of the plaintext data sets.
Example 7:
the present embodiment provides a storage medium, which is a computer-readable storage medium, and stores a computer program, and when the program is executed by a processor and the processor executes the computer program stored in the memory, the method for computing the intersection of ciphertext data sets of the foregoing embodiment 2 is implemented as follows:
receiving a ciphertext data set sent by a client, and storing the ciphertext data set in a ciphertext database;
receiving authorization information sent by a client; the authorization information is the authorization information of the authorization level generated according to the authorization level selected by the user;
acquiring a ciphertext data set from the ciphertext database, and calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information;
and performing intersection calculation on the ciphertext data sets of the two users according to the intermediate value sets of the two users which accord with the authorization level to generate a ciphertext data set intersection, and sending the ciphertext data set intersection to the client of the corresponding user.
The storage medium in embodiments 6 to 7 may be a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM), a Random Access Memory (RAM), a usb disk, a removable hard disk, or the like.
In summary, the ciphertext data set of the user is stored in the ciphertext database of the server through a special plaintext data set encryption mode, if the server does not obtain the authorization of the user, decryption and data set intersection calculation cannot be performed, and if the server obtains the authorization of the user, data set intersection calculation of a corresponding level can be performed; the method can perform fine-grained authorization on the premise of ensuring safe data storage, namely, the cloud server is enabled to operate only on the designated ciphertext data set, or designate users for performing the intersection calculation of the ciphertext data set.
The above description is only for the preferred embodiments of the present invention, but the protection scope of the present invention is not limited thereto, and any person skilled in the art can substitute or change the technical solution and the inventive concept of the present invention within the scope of the present invention.

Claims (8)

1. A ciphertext data set intersection calculation method is applied to a client, and is characterized by comprising the following steps:
generating a public key and a private key of a user;
encrypting the plaintext data set according to the plaintext data set and the public key input by the user to obtain a ciphertext data set, and sending the ciphertext data set to the server so that the server stores the ciphertext data set in a ciphertext database;
generating authorization information of the authorization level according to the authorization level selected by the user;
sending the authorization information to a server so that the server acquires a ciphertext data set from a ciphertext database, calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information, performing intersection calculation on the ciphertext data sets of two users according to the intermediate value sets of the two users in accordance with authorization levels to generate a ciphertext data set intersection, and sending the ciphertext data set intersection to a client of the corresponding user;
receiving a ciphertext data set intersection sent by a server;
decrypting the ciphertext data set intersection according to the ciphertext data set intersection and the private key input by the user to obtain a plaintext data set intersection;
the generating of the authorization information of the authorization level according to the authorization level selected by the user specifically includes:
when the user selects the first authorization level, obtaining the private key of the user, and calculating the authorization information of the first authorization level, as follows:
Figure FDA0002893568850000011
wherein, yiIs an element in the private key of the user i, and w is a system parameter;
when the user selects the second authorization level, obtaining the private key of the user and the public key of the appointed user, and calculating the authorization information of the second authorization level, as follows:
Figure FDA0002893568850000012
wherein, yiAnd ziFor two elements in the private key of user i,
Figure FDA0002893568850000013
and
Figure FDA0002893568850000014
two elements in a public key of a designated user j;
when the user selects the third authorization level, obtaining the private key of the user and each ciphertext data of the designated ciphertext data set, and calculating the authorization information of the third authorization level, as follows:
Figure FDA0002893568850000015
wherein, yiIs an element of the private key of user i, Cp,2One element for each ciphertext data in the specified ciphertext data set;
when the user selects the fourth authorization level, obtaining the private key of the user, the public key of the specified user and each ciphertext data of the specified ciphertext data set, and calculating the authorization information of the fourth authorization level, as follows:
Figure FDA0002893568850000021
wherein, yiFor one element in the private key of user i,
Figure FDA0002893568850000022
to specify an element in the public key of user j, Cp,2One element for each ciphertext data in the specified ciphertext data set;
the first authorization level is to allow the server to perform intersection calculation on all ciphertext data sets and all user ciphertext data sets; the second authorization level is to allow the server to perform intersection calculation on all ciphertext data sets and the ciphertext data set of the specified user; the third authorization level is to allow the server to perform intersection calculation on the designated ciphertext data set and the ciphertext data sets of all users; the fourth authorization level refers to allowing the server to perform intersection calculations on the specified ciphertext data set with the ciphertext data set of the specified user.
2. A ciphertext data set intersection calculation method is applied to a server, and is characterized by comprising the following steps:
receiving a ciphertext data set sent by a client, and storing the ciphertext data set in a ciphertext database;
receiving authorization information sent by a client; the authorization information is the authorization information of the authorization level generated according to the authorization level selected by the user;
acquiring a ciphertext data set from the ciphertext database, and calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information;
according to the intermediate value sets of the two users which accord with the authorization level, performing intersection calculation on the ciphertext data sets of the two users to generate a ciphertext data set intersection, and sending the ciphertext data set intersection to the client sides of the corresponding users;
the calculating to obtain the intermediate value set according to the ciphertext data set and the authorization information specifically includes:
when the user selects the first authorization level, calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information of the first authorization level; wherein each intermediate value in the set of intermediate values is calculated as follows:
Figure FDA0002893568850000023
in the formula, Cp,2And Cp,4Two elements, Td, of each ciphertext data in the ciphertext data set for user i1,iAuthorization information of a first authorization level for user i, TpFor each intermediate value in the set of intermediate values for user i;
when the user selects the second authorization level, calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information of the second authorization level; wherein each intermediate value in the set of intermediate values is calculated as follows:
Figure FDA0002893568850000024
Figure FDA0002893568850000025
in the formula, Cp,2、Cp,3And Cp,4For each of the three elements, Td, of the ciphertext data set of user i2,i,jA、Td2,i, jB are two elements of authorization information of a second authorization level of user i, TpFor each intermediate value in the set of intermediate values for user i;
when the user selects the third authorization level, calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information of the third authorization level; wherein each intermediate value in the set of intermediate values is calculated as follows:
Figure FDA0002893568850000031
in the formula, Cp,2And Cp,4Is a finger of user iTwo elements of each ciphertext data in the set of ciphertext data are determined,
Figure FDA0002893568850000032
authorization information of a third authorization level for user i, TpFor each intermediate value in the set of intermediate values for user i, w is a system parameter;
when the user selects the fourth authorization level, calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information of the fourth authorization level; wherein each intermediate value in the set of intermediate values is calculated as follows:
Figure FDA0002893568850000033
Figure FDA0002893568850000034
in the formula, Cp,3And Cp,4For user i two elements of each ciphertext data in the specified ciphertext data set,
Figure FDA0002893568850000035
authorization information for a fourth authorization level for user i,
Figure FDA0002893568850000036
to specify an element in the public key of user j, TpFor each intermediate value in the set of intermediate values for user i;
the first authorization level is to allow the server to perform intersection calculation on all ciphertext data sets and all user ciphertext data sets; the second authorization level is to allow the server to perform intersection calculation on all ciphertext data sets and the ciphertext data set of the specified user; the third authorization level is to allow the server to perform intersection calculation on the designated ciphertext data set and the ciphertext data sets of all users; the fourth authorization level refers to allowing the server to perform intersection calculations on the specified ciphertext data set with the ciphertext data set of the specified user.
3. An intersection calculation device of ciphertext data sets, applied to a client, the device comprising:
the first generation module is used for generating a public key and a private key of a user;
the encryption module is used for encrypting the plaintext data set according to the plaintext data set and the public key input by the user to obtain a ciphertext data set and sending the ciphertext data set to the server so that the server stores the ciphertext data set in the ciphertext database;
the second generation module is used for generating the authorization information of the authorization level according to the authorization level selected by the user;
the sending module is used for sending the authorization information to the server so that the server can acquire a ciphertext data set from the ciphertext database, calculate to obtain an intermediate value set according to the ciphertext data set and the authorization information, perform intersection calculation on the ciphertext data sets of two users according to the intermediate value sets of the two users meeting the authorization level to generate a ciphertext data set intersection, and send the ciphertext data set intersection to the client sides of the corresponding users;
the receiving module is used for receiving the ciphertext data set intersection sent by the server side;
the decryption module is used for decrypting the ciphertext data set intersection according to the ciphertext data set intersection and the private key input by the user to obtain a plaintext data set intersection;
the generating of the authorization information of the authorization level according to the authorization level selected by the user specifically includes:
when the user selects the first authorization level, obtaining the private key of the user, and calculating the authorization information of the first authorization level, as follows:
Figure FDA0002893568850000041
wherein, yiIs an element in the private key of the user i, and w is a system parameter;
when the user selects the second authorization level, obtaining the private key of the user and the public key of the appointed user, and calculating the authorization information of the second authorization level, as follows:
Figure FDA0002893568850000042
wherein, yiAnd ziFor two elements in the private key of user i,
Figure FDA0002893568850000043
and
Figure FDA0002893568850000044
two elements in a public key of a designated user j;
when the user selects the third authorization level, obtaining the private key of the user and each ciphertext data of the designated ciphertext data set, and calculating the authorization information of the third authorization level, as follows:
Figure FDA0002893568850000045
wherein, yiIs an element of the private key of user i, Cp,2One element for each ciphertext data in the specified ciphertext data set;
when the user selects the fourth authorization level, obtaining the private key of the user, the public key of the specified user and each ciphertext data of the specified ciphertext data set, and calculating the authorization information of the fourth authorization level, as follows:
Figure FDA0002893568850000046
wherein, yiFor one element in the private key of user i,
Figure FDA0002893568850000047
to specify an element in the public key of user j, Cp,2One element for each ciphertext data in the specified ciphertext data set;
the first authorization level is to allow the server to perform intersection calculation on all ciphertext data sets and all user ciphertext data sets; the second authorization level is to allow the server to perform intersection calculation on all ciphertext data sets and the ciphertext data set of the specified user; the third authorization level is to allow the server to perform intersection calculation on the designated ciphertext data set and the ciphertext data sets of all users; the fourth authorization level refers to allowing the server to perform intersection calculations on the specified ciphertext data set with the ciphertext data set of the specified user.
4. An intersection calculation apparatus of ciphertext data sets, applied to a server, the apparatus comprising:
the first receiving module is used for receiving the ciphertext data set sent by the client and storing the ciphertext data set in the ciphertext database;
the second receiving module is used for receiving the authorization information sent by the client; the authorization information is the authorization information of the authorization level generated according to the authorization level selected by the user;
the first calculation module is used for acquiring a ciphertext data set from the ciphertext database and calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information;
the second calculation module is used for performing intersection calculation on the ciphertext data sets of the two users according to the intermediate value sets of the two users meeting the authorization level to generate a ciphertext data set intersection and sending the ciphertext data set intersection to the client sides of the corresponding users;
the calculating to obtain the intermediate value set according to the ciphertext data set and the authorization information specifically includes:
when the user selects the first authorization level, calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information of the first authorization level; wherein each intermediate value in the set of intermediate values is calculated as follows:
Figure FDA0002893568850000051
in the formula, Cp,2And Cp,4Two elements, Td, of each ciphertext data in the ciphertext data set for user i1,iAuthorization information of a first authorization level for user i, TpFor each intermediate value in the set of intermediate values for user i;
when the user selects the second authorization level, calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information of the second authorization level; wherein each intermediate value in the set of intermediate values is calculated as follows:
Figure FDA0002893568850000052
Figure FDA0002893568850000053
in the formula, Cp,2、Cp,3And Cp,4For each of the three elements, Td, of the ciphertext data set of user i2,i,jA、Td2,i, jB are two elements of authorization information of a second authorization level of user i, TpFor each intermediate value in the set of intermediate values for user i;
when the user selects the third authorization level, calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information of the third authorization level; wherein each intermediate value in the set of intermediate values is calculated as follows:
Figure FDA0002893568850000054
in the formula, Cp,2And Cp,4For user i two elements of each ciphertext data in the specified ciphertext data set,
Figure FDA0002893568850000061
authorization information of a third authorization level for user i, TpFor each intermediate value in the set of intermediate values for user i, w is a system parameter;
when the user selects the fourth authorization level, calculating to obtain an intermediate value set according to the ciphertext data set and the authorization information of the fourth authorization level; wherein each intermediate value in the set of intermediate values is calculated as follows:
Figure FDA0002893568850000062
Figure FDA0002893568850000063
in the formula, Cp,3And Cp,4For user i two elements of each ciphertext data in the specified ciphertext data set,
Figure FDA0002893568850000064
authorization information for a fourth authorization level for user i,
Figure FDA0002893568850000065
to specify an element in the public key of user j, TpFor each intermediate value in the set of intermediate values for user i;
the first authorization level is to allow the server to perform intersection calculation on all ciphertext data sets and all user ciphertext data sets; the second authorization level is to allow the server to perform intersection calculation on all ciphertext data sets and the ciphertext data set of the specified user; the third authorization level is to allow the server to perform intersection calculation on the designated ciphertext data set and the ciphertext data sets of all users; the fourth authorization level refers to allowing the server to perform intersection calculations on the specified ciphertext data set with the ciphertext data set of the specified user.
5. A ciphertext data set intersection calculation system is characterized by comprising a plurality of clients and a server, wherein the clients are respectively connected with the server;
the client, configured to execute the ciphertext data set intersection calculation method of claim 1;
the server is configured to execute the ciphertext data set intersection calculation method of claim 2.
6. A client comprising a processor and a memory for storing a program executable by the processor, wherein the processor implements the method for computing intersection of ciphertext data sets as claimed in claim 1 when executing the program stored by the memory.
7. A server comprising a processor and a memory for storing a program executable by the processor, wherein the processor implements the method of calculating the intersection of ciphertext data sets as claimed in claim 2 when executing the program stored in the memory.
8. A storage medium storing a program which, when executed by a processor, implements the ciphertext data set intersection calculation method of any one of claims 1 to 2.
CN201910644183.3A 2019-07-17 2019-07-17 Ciphertext data set intersection calculation method, device, system, client, server and medium Active CN110474764B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910644183.3A CN110474764B (en) 2019-07-17 2019-07-17 Ciphertext data set intersection calculation method, device, system, client, server and medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910644183.3A CN110474764B (en) 2019-07-17 2019-07-17 Ciphertext data set intersection calculation method, device, system, client, server and medium

Publications (2)

Publication Number Publication Date
CN110474764A CN110474764A (en) 2019-11-19
CN110474764B true CN110474764B (en) 2021-03-26

Family

ID=68509596

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910644183.3A Active CN110474764B (en) 2019-07-17 2019-07-17 Ciphertext data set intersection calculation method, device, system, client, server and medium

Country Status (1)

Country Link
CN (1) CN110474764B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113553602A (en) * 2020-04-26 2021-10-26 华为技术有限公司 Data processing method, device, system, equipment and medium
CN112887089B (en) * 2021-01-25 2022-08-12 华南农业大学 Ciphertext similarity calculation method, device and system and storage medium
CN113132345B (en) * 2021-03-04 2022-07-26 北京航空航天大学 Agent privacy set intersection method with searchable function

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107122449A (en) * 2017-04-25 2017-09-01 安徽大学 File classification method and system based on public key encryption in multi-user environment
CN108132977A (en) * 2017-12-12 2018-06-08 华南农业大学 Ciphertext database querying method and system based on vertical division
CN109246098A (en) * 2018-08-31 2019-01-18 桂林电子科技大学 A method of support the synchronous ciphertext of backup server to compare
CN109902501A (en) * 2019-03-19 2019-06-18 中国海洋大学 A kind of structuring encryption method and system carrying out equality test based on cloud service platform

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10476662B2 (en) * 2017-04-10 2019-11-12 City University Of Hong Kong Method for operating a distributed key-value store
CN109088721B (en) * 2018-10-02 2022-01-28 复旦大学 Entrustable uncovering and encrypting method
CN109981614B (en) * 2019-03-12 2020-04-17 华南农业大学 Data encryption method, data decryption method, data query method and data query device based on user group

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107122449A (en) * 2017-04-25 2017-09-01 安徽大学 File classification method and system based on public key encryption in multi-user environment
CN108132977A (en) * 2017-12-12 2018-06-08 华南农业大学 Ciphertext database querying method and system based on vertical division
CN109246098A (en) * 2018-08-31 2019-01-18 桂林电子科技大学 A method of support the synchronous ciphertext of backup server to compare
CN109902501A (en) * 2019-03-19 2019-06-18 中国海洋大学 A kind of structuring encryption method and system carrying out equality test based on cloud service platform

Also Published As

Publication number Publication date
CN110474764A (en) 2019-11-19

Similar Documents

Publication Publication Date Title
US10903976B2 (en) End-to-end secure operations using a query matrix
US10581603B2 (en) Method and system for secure delegated access to encrypted data in big data computing clusters
Tong et al. Cloud-assisted mobile-access of health data with privacy and auditability
CN110089071B (en) Secure distributed data processing
CN110474764B (en) Ciphertext data set intersection calculation method, device, system, client, server and medium
CN109214201B (en) Data sharing method, terminal equipment and computer readable storage medium
CN111611623B (en) Private data processing method and device
CN109040076A (en) A kind of data processing method, system, device, equipment and medium
CN110224984A (en) A kind of multi-party authorization method and device based on block chain technology
CN114039785B (en) Data encryption, decryption and processing methods, devices, equipment and storage medium
CN107204997A (en) The method and apparatus for managing cloud storage data
CN110378128A (en) Data ciphering method, device and terminal device
Qiu et al. Categorical quantum cryptography for access control in cloud computing
CN116401686A (en) Homomorphic encryption-based multiparty privacy set operation method and system
WO2018208786A1 (en) Method and system for secure delegated access to encrypted data in big data computing clusters
CN109981551A (en) A kind of data transmission system based on block chain, method and relevant device
WO2019148335A1 (en) Secure data processing
CN116502732B (en) Federal learning method and system based on trusted execution environment
WO2023241142A1 (en) Data processing method and apparatus, storage medium, and electronic device
Hong et al. Constructing conditional PKEET with verification mechanism for data privacy protection in intelligent systems
WO2023185360A1 (en) Data processing method, apparatus, system and device, and storage medium
Kanna et al. An improved privacy aware secure multi-cloud model with proliferate ElGamal encryption for big data storage
Anjos et al. Fast-Sec: an approach to secure Big Data processing in the cloud
Patil Enhanced-elliptic curve Diffie Hellman algorithm for secure data storage in multi cloud environment
CN115333811B (en) Secure channel-free public key authentication searchable encryption method with multiple keyword search functions and related device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant