CN113239046A - Data query method, system, computer device and storage medium - Google Patents

Data query method, system, computer device and storage medium Download PDF

Info

Publication number
CN113239046A
CN113239046A CN202110552465.8A CN202110552465A CN113239046A CN 113239046 A CN113239046 A CN 113239046A CN 202110552465 A CN202110552465 A CN 202110552465A CN 113239046 A CN113239046 A CN 113239046A
Authority
CN
China
Prior art keywords
data
query
target
ciphertext
provider
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110552465.8A
Other languages
Chinese (zh)
Inventor
李正扬
王健宗
黄章成
司世景
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN202110552465.8A priority Critical patent/CN113239046A/en
Publication of CN113239046A publication Critical patent/CN113239046A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to the field of data security technologies, and in particular, to a data query method, a data query system, a computing device, and a storage medium. The data query method is applied to a data query system; the data query system comprises a data provider and a data query party; the data query method comprises the following steps: the data inquiry method comprises the steps that a data inquiry party receives a public key sent by a data provider and generates a random number, and blinding processing is carried out on data to be inquired by adopting the public key and the random number to obtain a blinding result; the data inquiring party sends the blinding result to the data provider and receives a first ciphertext returned by the data provider; the data inquiring party carries out blindness removing processing on the first ciphertext, removes the random number and obtains a second ciphertext after blindness removing; the data inquiring party positions the target index based on the second ciphertext; and executing an oblivious transmission protocol based on the target index so that the data inquirer acquires target inquiry data corresponding to the target index returned by the data provider. The data query method can effectively ensure the security of data query.

Description

Data query method, system, computer device and storage medium
Technical Field
The present invention relates to the field of data security technologies, and in particular, to a data query method, a data query system, a computer device, and a storage medium.
Background
Data querying is a very commonly used and widespread technique. Generally, the data query process includes: and the data query party provides the data to be queried to the data provider, and the data provider retrieves the data to be queried in the database according to the received data and returns the retrieved result. However, in the data query process, the data provider knows what the specific content queried by the data querying party is, so that for the querying party, it is equivalent to expose the queried data, and privacy and security of the query cannot be guaranteed.
Disclosure of Invention
The embodiment of the invention provides a data query method, a data query system, computer equipment and a storage medium, which are used for solving the problem that the privacy and the safety of query cannot be ensured in the conventional data query process.
A data query method is applied to a data query system; the data query system comprises a data provider and a data querier; the data query method comprises the following steps:
receiving a public key sent by a data provider through the data inquirer, generating a random number, and performing blinding processing on data to be inquired by adopting the public key and the random number to obtain a blinding result;
the data inquiring party sends the blinding result to the data providing party and receives a first ciphertext returned by the data providing party; the first ciphertext is obtained by encrypting the blinding result by the data provider based on a private key corresponding to the public key;
carrying out blindness removal processing on the first ciphertext through the data inquiry party, and removing the random number to obtain a second ciphertext subjected to blindness removal;
locating, by the data requestor, a target index of the second ciphertext in a full amount of candidate query data stored by the data provider based on the second ciphertext;
and executing an oblivious transmission protocol based on the target index so that the data inquirer acquires target inquiry data corresponding to the target index returned by the data provider.
A data query system, comprising:
the blinding processing module is used for receiving a public key sent by a data provider through the data inquirer, generating a random number, and performing blinding processing on data to be inquired by adopting the public key and the random number to obtain a blinding result;
the first ciphertext receiving module is used for sending the blinding result to the data provider through the data inquirer and receiving a first ciphertext returned by the data provider; the first ciphertext is obtained by encrypting the blinding result by the data provider based on a private key corresponding to the public key;
the blindness removing module is used for carrying out blindness removing processing on the first ciphertext through the data inquiry party, removing the random number and obtaining a second ciphertext after blindness removing;
a target index positioning module, configured to position, by the data querying party, a target index of the second ciphertext in the full candidate query data stored by the data providing party based on the second ciphertext;
and the target query data acquisition module is used for executing an oblivious transmission protocol based on the target index so as to enable the data inquirer to acquire target query data corresponding to the target index returned by the data provider.
A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the steps of the data query method when executing the computer program.
A computer storage medium, which stores a computer program that, when executed by a processor, implements the steps of the above-described data query method.
In the data query method, the data query system, the computer device and the storage medium, the data query party receives and receives the public key sent by the data provider and generates the random number, so that the data to be queried is blinded by adopting the public key and the random number to obtain a blinding result, the data to be queried is disguised, and the privacy of the data to be queried is ensured. And then the blinding result is sent to the data provider, and a first ciphertext returned by the data provider is received, so that the first ciphertext is subjected to blinding removal processing, the random number is removed, and a second ciphertext subjected to blinding removal is obtained, so that a target index of the second ciphertext in the full amount of candidate query data stored by the data provider is positioned according to the second ciphertext, and a data source is provided for a subsequent non-transmission protocol. And finally, acquiring target query data corresponding to the target index returned by the data provider through an oblivious transmission protocol based on the target index, so that the data provider cannot know which candidate query data acquired by the data inquirer, and meanwhile, the data inquirer can only acquire the required target query data but cannot acquire other candidate query data, thereby achieving the purpose of bidirectional data privacy protection.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
FIG. 1 is a flow chart of a data query method according to an embodiment of the present invention;
FIG. 2 is a flow chart of a data query method according to an embodiment of the present invention;
FIG. 3 is a detailed flowchart of step S26 in FIG. 2;
FIG. 4 is a detailed flowchart of step S11 in FIG. 1;
FIG. 5 is a detailed flowchart of step S13 in FIG. 1;
FIG. 6 is a flow chart of a data query method according to an embodiment of the present invention;
FIG. 7 is a schematic diagram of a data query system in accordance with an embodiment of the present invention;
FIG. 8 is a schematic diagram of a computer device according to an embodiment of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The data query method provided by the invention can be applied to a data query system, the data query system comprises a data query party and a data provider, and the data provider and the data query party are connected through a network to realize communication. The data query method can effectively solve the problem that the privacy and the safety of query cannot be ensured in the conventional data query process.
In one embodiment, as shown in fig. 1, the data querying party performs the following steps to implement the data querying process:
s11: and receiving the public key sent by the data provider by the data inquirer, generating a random number, and performing blinding processing on the data to be inquired by adopting the public key and the random number to obtain a blinding result.
In this embodiment, the data provider is the data holder. The data to be queried is a query id, such as an identification number, a mobile phone number or a name, and is used for representing a unique identifier of the data to be queried. For example, the data querying party a needs to verify the integrity of the user due to business requirements, and at this time, it needs to obtain other data holders B (which may refer to one or more data holders) to query and obtain related data or blacklist data of the user, where the other data holders are the data providers in this embodiment.
Specifically, the data provider generates a key pair by an asymmetric key encryption algorithm, the key pair comprising a public key (e) and a corresponding private key (d). It can be understood that, in order to avoid that the data inquirer does not expose the data to be inquired when inquiring the data from the data provider, the blinding result, i.e. s r, can be obtained by generating a random number (r) and blinding the data(s) to be inquired by using the public key and the random numbere. The blinding process is to disguise the data to be queried through the random number and the public key, so as to ensure the privacy of the data to be queried.
S12: the blinding result is sent to a data provider through a data inquirer, and a first ciphertext returned by the data provider is received; and the first ciphertext is obtained by encrypting the blinding result by the data provider based on a private key corresponding to the public key.
The first ciphertext is the blindly encrypted data to be queried. The first ciphertext is obtained by encrypting the blinding result by the data provider based on a private key corresponding to the public key.
Specifically, the data provider sends the blinding result to the data provider to trigger an encryption module corresponding to the data provider to encrypt the blinding result by using a private key (d) corresponding to the public key (e) to obtain a first ciphertext, and the first ciphertext is sent to the data inquirer, so that the data inquirer receives the first ciphertext (P) returned by the data provider.
Understandably, the result s r is obtained by blindingeTherefore, when the blinding result is sent to the data provider for encryption, the data provider cannot know the specific random number (r) while the data provider cannot know the data to be queried, so that the privacy of the data sent by the data provider can be effectively ensured, and the data is not exposed.
S13: and carrying out blindness removal processing on the first ciphertext through a data inquiry party, and removing the random number to obtain a second ciphertext subjected to blindness removal.
Specifically, after receiving the first ciphertext, the data querying party performs blinding removal processing on the first ciphertext to obtain a second ciphertext, i.e., p r-1And removing the random number to obtain a second ciphertext after blindness removal. Can understandIf so, the second ciphertext is the ciphertext obtained by encrypting the candidate query data stored in the data provider through the private key (d). The second ciphertext may be used to indicate a target index of data to be queried among a full amount of candidate query data stored by a data provider.
S14: and positioning a target index of the second ciphertext in the full amount of candidate query data stored by the data provider based on the second ciphertext by the data provider.
The second cipher text is a binary number which can be mapped into a decimal number in the computer storage space; the decimal number may represent a target index of the data to be queried in the full amount of candidate query data stored by the data provider. The candidate query data refers to query data stored in the database and available for the data query party to query.
S15: and executing an oblivious transmission protocol based on the target index so that the data inquirer acquires target inquiry data corresponding to the target index returned by the data provider.
The target query data is a data item corresponding to the data to be queried, for example, the data to be queried is an identification number, and the target query data includes the identification number stored by the data provider, user identity information corresponding to the identification number, or other related information.
The oblivious transport protocol (OT protocol) is a cryptographic protocol in which a message sender (i.e., a data provider) sends a message from a number of messages to be sent to a message receiver (a data querier), but is not known which message was sent later), which is also known as a lost transport protocol.
Specifically, the target index is used as input data of a message receiver in an oblivious transmission protocol without a transmission protocol, the candidate index of the whole amount of candidate query data in a data provider is used as input data of a message sender in the oblivious transmission protocol to execute the oblivious transmission protocol, and the data querier obtains the target query data of the target index returned by the data provider, so that the data provider cannot know which candidate query data the data querier obtains, and meanwhile, the data querier can only obtain the required target query data, but cannot obtain other candidate query data, and the purpose of bidirectional data privacy protection is achieved.
Further, after executing an oblivious transmission protocol based on the target index, so that the data inquirer acquires target inquiry data corresponding to the target index returned by the data provider, the data inquirer can also compare whether the inquiry identifier in the target inquiry data is consistent with the data to be inquired, and if so, acquire the inquiry result of successful inquiry; and if not, acquiring the query result of the query failure.
Illustratively, the query identifier in the target query data is an identification number a, the data to be queried is an identification number B, and by comparing whether a is consistent with B, if so, it is proved that the data provider stores the identification number B, the query is successful, otherwise, the query is failed.
In the embodiment, the data inquiring party receives and receives the public key sent by the data providing party and generates the random number, so that the data to be inquired is subjected to blind processing by adopting the public key and the random number, a blind result is obtained, the data to be inquired is disguised, and the privacy of the data to be inquired is ensured. And then, the blinding result is sent to a data provider, and a first ciphertext returned by the data provider is received, so that the first ciphertext is subjected to blinding removal processing, a random number is removed, and a second ciphertext subjected to blinding removal is obtained, so that a target index of the second ciphertext in the full amount of candidate query data stored by the data provider is positioned according to the second ciphertext, and a data source is provided for a subsequent non-transmission protocol. And finally, acquiring target query data corresponding to the target index returned by the data provider through an oblivious transmission protocol based on the target index, so that the data provider cannot know which candidate query data acquired by the data inquirer, and meanwhile, the data inquirer can only acquire the required target query data but cannot acquire other candidate query data, thereby achieving the purpose of bidirectional data privacy protection.
In an embodiment, as shown in fig. 2, the data query method further includes the following steps:
s21: and receiving the public key sent by the data provider by the data inquirer, generating a random number, and performing blinding processing on the data to be inquired by adopting the public key and the random number to obtain a blinding result.
Specifically, the step S21 is consistent with the step S11, and is not repeated here to avoid repetition.
S22: and sending the blinding result to a data provider through the data inquirer, and receiving a first ciphertext returned by the data provider.
Specifically, the step S21 is consistent with the step S12, and is not repeated here to avoid repetition.
S23: and carrying out blindness removal processing on the first ciphertext through a data inquiry party, and removing the random number to obtain a second ciphertext subjected to blindness removal.
Specifically, the step S21 is consistent with the step S13, and is not repeated here to avoid repetition.
S24: and processing the second ciphertext through the data inquirer according to the fragment mapping function provided by the data provider to obtain a target inquiry fragment corresponding to the second ciphertext.
The fragment mapping function is a ciphertext obtained by encrypting all candidate query data stored in the library by a private key (d) in advance for a data provider, and fragments the candidate query data according to a preset fragment rule, so that the generated fragment mapping function is used for indicating the mapping relation between a target query fragment and a second ciphertext.
Specifically, the target query fragment corresponding to the second ciphertext can be obtained by inputting the second ciphertext into the fragment mapping function, so that the time spent on data query is reduced, and the target index can be quickly positioned.
S25: and positioning a target index of the second ciphertext in the full amount of candidate query data stored by the data provider based on the second ciphertext by the data provider.
Specifically, the step S25 is consistent with the step S14, and is not repeated here to avoid repetition.
S26: and executing an oblivious transmission protocol based on the target query fragment and the target index so that the data query party obtains target query data corresponding to the target index in the target query fragment returned by the data provider.
The query data is segmented in a combined manner, so that when a data provider queries the data, a target query segment of the data to be queried in the data provider is located first, and then an oblivious transmission protocol is executed on the basis of the target query segment, so that target query data corresponding to a target index in the target query segment returned by the data provider is obtained, the operation amount of the oblivious transmission protocol can be effectively reduced, and the query efficiency is greatly improved.
It should be noted that the steps S24 and S25 are not sequentially executed.
In an embodiment, as shown in fig. 3, in step S26, that is, based on the target query segment and the target index, an oblivious transmission protocol is executed to enable the data querying party to obtain the target query data corresponding to the target index in the target query segment returned by the data providing party, which specifically includes the following steps:
s31: the data provider is used as a sender corresponding to the careless transmission protocol; and taking the data inquiry party as a receiver corresponding to the inadvertent transmission protocol.
S32: and taking a plurality of candidate query data corresponding to the target query fragment as input data corresponding to the sender.
In this embodiment, the data provider is used as a sender corresponding to the oblivious transmission protocol, and the data inquirer is used as a receiver corresponding to the oblivious transmission protocol, so that the data inquiry and the oblivious transmission protocol are combined and applied. Specifically, a plurality of candidate query data (e.g., r) corresponding to the target query shards1,r2,......,rk) As input data corresponding to the sender.
S33: positioning a positioning index of the target index in the target query sub-slice by the data query party based on the target index and the initial index; wherein the initial index is used to indicate an index of a first candidate query data within the target query tile in the full amount of candidate query data.
The target index is an index in the data to be queried in the full amount of candidate data stored by the data provider, and the index in the sub-slice, namely the positioning index, needs to be further calculated. The initial index may be obtained by converting ciphertext corresponding to the first candidate query data in the target query tile into decimal numbers. The initial index is the index of the first candidate query data in the slice within the full amount of candidate query data. Specifically, subtraction operation is carried out on the initial index(s) corresponding to the first candidate query data in the target query fragment based on the target index (i), namely i-s +1(i-s is in the element of {1, k }), so that the positioning index of the data to be queried in the target query fragment is obtained.
Illustratively, a plurality of candidate query data within a slice is denoted as r1,r2,......,rkIf the corresponding initial index is s, then { r }1,,......,rk}={ys,......,ys+k-1K represents the data volume of the contained candidate query data.
{r1,,......,rk}={ys,……,ys+k-1And y is used for indicating the full-amount candidate query data stored in the database, and r is used for indicating the candidate query data in the target query slice.
S34: and taking the positioning index as input data corresponding to the receiver.
S35: and executing an oblivious transmission protocol based on the input data corresponding to the sender and the input data corresponding to the receiver so that the data inquirer obtains the target inquiry data corresponding to the target index in the target inquiry fragment returned by the data provider.
Specifically, the positioning index is used as input data corresponding to a receiver, namely, the index of the data to be queried in the target query fragment is used as the input data corresponding to the receiver; the candidate query data corresponding to the target query fragment are used as input data corresponding to a sender, and an oblivious transmission protocol is executed on the dimensionality of the target query fragment based on the input data corresponding to the sender and the input data corresponding to a receiver to obtain the target query data corresponding to the target index in the target query fragment returned by the data provider, so that the calculation amount of the oblivious transmission protocol can be greatly reduced, and the data query efficiency is effectively improved.
In an embodiment, as shown in fig. 4, in step S11, the blind processing is performed on the data to be queried by using the public key and the random number to obtain a blind result, which includes the following steps:
s41: and performing exponential exponentiation on the random number by taking the public key as an exponentiation to obtain an operation result.
S42: and multiplying the operation result by the data to be inquired to obtain a blinding result.
Specifically, the calculation process for steps S41-S42 is represented by the following formula: z ═ s ═ reWherein Z represents the blinded result; s represents data to be queried; r represents a random number; e denotes a public key.
In an embodiment, as shown in fig. 5, in step S13, the blinding processing is performed on the first ciphertext to obtain a second ciphertext after being blinded, which specifically includes the following steps:
s51: the inverse of the random number is obtained.
S52: and multiplying the reciprocal by the first ciphertext to remove the random number to obtain a second ciphertext after blindness removal.
Specifically, the calculation process for steps S51-S52 is represented by the following formula: m ═ p × r-1Wherein P represents a first ciphertext; r represents a random number; m denotes a second ciphertext.
In one embodiment, as shown in fig. 6, the method further includes the following steps before step S24:
s61: generating an asymmetric key pair by a data provider; wherein the asymmetric key pair comprises a public key and a corresponding private key.
S62: and encrypting each stored candidate query data by the data provider by using a private key to obtain an encrypted ciphertext corresponding to the candidate query data.
In particular, a data provider employs an asymmetric cryptographic algorithm (RSA) to generate an asymmetric key pair that includes a public key and a corresponding private key. In order to ensure that the subsequent data provider can realize the purpose of mapping fragments through the ciphertext when providing query data corresponding to the data inquirer, the candidate query data stored in the library needs to be encrypted in advance by adopting a private key so as to obtain an encrypted ciphertext corresponding to each candidate query data.
S63: and performing data confusion on the candidate query data with null values in the number domain corresponding to the encrypted ciphertext by the data provider to obtain the encrypted ciphertext of the continuous number domain.
The numerical field corresponding to the encrypted ciphertext refers to a numerical value representation field (such as a decimal number) of the encrypted ciphertext in the computer storage space, and the numerical value representation field corresponding to different encrypted ciphertexts may be discontinuous, so that the numerical value representation field of the encrypted ciphertext in the computer storage space is discontinuous, that is, a situation that a plaintext (i.e., query data not held by a data provider) corresponding to the encrypted ciphertext of a certain continuous numerical field is a null value exists, so that in order to ensure the continuity of the numerical field corresponding to the encrypted ciphertext, data confusion can be performed on candidate query data with the null value in the numerical field corresponding to the encrypted ciphertext, that is, a meaningless random value (such as 0) is adopted to fill in the missing value, and the purpose of data confusion is achieved.
Illustratively, the numerical value representation (e.g., corresponding decimal number) corresponding to a certain encrypted ciphertext a is 18, and the numerical value representation (e.g., corresponding decimal number) corresponding to an encrypted ciphertext B is 20, in order to ensure the continuity of the number domain corresponding to the encrypted ciphertext, that is, by supplementing plaintext data corresponding to the encrypted ciphertext, which is the numerical value representation 19, to fill the number domain corresponding to the encrypted ciphertext to obtain encrypted ciphertexts in consecutive number domains, each encrypted ciphertext corresponds to a candidate query data, thereby achieving the purpose of data obfuscation.
It should be noted that the numerical representation corresponding to the encrypted ciphertext can be used as an index of some candidate query data in the full amount of candidate query data, for example, if some candidate query data B has a numerical representation (e.g., decimal number) corresponding to the encrypted ciphertext a as i, then the full amount of candidate query data is represented as (y)1,......yn) Then the candidate query data B is in fullThe index in the candidate query data is yi
S64: and the data provider fragments the encrypted ciphertext of the continuous number domain to obtain a plurality of query fragments.
Specifically, the candidate query data of the continuous number domain may be fragmented according to a preset fragmentation rule to obtain a plurality of query fragments. For example, during fragmentation, the number domain corresponding to the continuous encrypted ciphertext may be divided into n equidistant fragments, so that the number of candidate query data in each fragment is k, and each query fragment obtains y by mapping the ciphertext with a function H. And n can be set according to actual conditions, the larger the n value is, the slower the query efficiency is, and the smaller the n value is, the faster the query efficiency is.
S65: and generating a fragment mapping function by the data provider based on the target query fragment and the encrypted ciphertext corresponding to each candidate query data in the target query fragment.
S66: and sending the public key of the asymmetric key and the fragment mapping function to a data inquiring party through a data providing party.
Specifically, a fragment mapping function is generated by constructing a mapping relationship between the target query fragment and the encrypted ciphertext in the target query fragment, so that a data querying party can locate the target query fragment corresponding to the data to be queried through the fragment mapping function.
Specifically, the public key and the fragment mapping function of the asymmetric key are sent to the data inquiring party, so that the data inquiring party can realize a safe data inquiring process.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
In one embodiment, a data query system is provided, and the data query system corresponds to the data query method in the above embodiments one to one. As shown in fig. 7, the data query system includes a blinding processing module 10, a first ciphertext receiving module 20, a de-blinding module 30, a target index locating module 40, and a target query data obtaining module 50. The functional modules are explained in detail as follows:
the blinding processing module 10 is configured to receive the public key sent by the data provider through the data querying party, generate a random number, and perform blinding processing on the data to be queried by using the public key and the random number to obtain a blinding result.
The first ciphertext receiving module 20 is configured to send the blinding result to the data provider through the data inquirer, and receive a first ciphertext returned by the data provider; and the first ciphertext is obtained by encrypting the blinding result by the data provider based on a private key corresponding to the public key.
And the blinding removing module 30 is configured to perform blinding removing processing on the first ciphertext through the data querying party, remove the random number, and obtain a second ciphertext after blinding removing.
And the target index positioning module 40 is configured to position, by the data querying party, a target index of the second ciphertext in the full amount of candidate query data stored by the data providing party based on the second ciphertext.
And the target query data acquisition module 50 is configured to execute an oblivious transmission protocol based on the target index, so that the data query party acquires target query data corresponding to the target index returned by the data provider.
Specifically, the data query system further comprises a fragment mapping module and a fragment target query data acquisition module.
The fragment mapping module is used for processing the second ciphertext through the data inquirer according to a fragment mapping function provided by the data provider to obtain a target inquiry fragment corresponding to the second ciphertext; the fragment mapping function is used for indicating the mapping relation between the ciphertext and the target query fragment.
And the target query data acquisition module in the fragment is used for executing an oblivious transmission protocol based on the target query fragment and the target index so as to enable the data query party to acquire the target query data corresponding to the target index in the target query fragment returned by the data provider.
Specifically, the intra-segment target query data acquisition module includes a protocol object determination unit, a first input data determination unit, a positioning index determination unit, a second input data determination unit, and a target query data acquisition unit.
The protocol object determining unit is used for taking the data provider as a sender corresponding to the careless transmission protocol; and taking the data inquiry party as a receiver corresponding to the inadvertent transmission protocol.
And the first input data determining unit is used for taking a plurality of candidate query data corresponding to the target query fragment as input data corresponding to the sender.
The positioning index determining unit is used for positioning a positioning index of the target index in the target query sub-slice by the data query party based on the target index and the initial index; wherein the initial index is used to indicate an index of a first candidate query data within the target query tile in the full amount of candidate query data.
And the second input data determining unit is used for taking the positioning index as the input data corresponding to the receiver.
And the target query data acquisition unit is used for executing an oblivious transmission protocol based on the input data corresponding to the sender and the input data corresponding to the receiver so that the data query party acquires the target query data corresponding to the target index in the target query fragment returned by the data provider.
Specifically, the blinding module comprises an exponential power operation unit and a blinding result acquisition unit.
And the exponential exponentiation unit is used for performing exponential exponentiation on the random number by taking the public key as an exponentiation to obtain an operation result.
And the blind adding result acquisition unit is used for multiplying the operation result and the data to be inquired to obtain a blind adding result.
Specifically, the de-blinding module comprises a reciprocal obtaining unit and a second ciphertext obtaining unit.
And a reciprocal obtaining unit for obtaining a reciprocal of the random number.
And the second ciphertext acquisition unit is used for multiplying the reciprocal by the first ciphertext to remove the random number and obtain the second ciphertext after blindness removal.
Specifically, the data query system further comprises a key generation module, an encryption module, a data obfuscation module, a data fragmentation module and a data transmission module.
The key generation module is used for generating an asymmetric key pair through a data provider; wherein the asymmetric key pair comprises a public key and a corresponding private key.
And the encryption module is used for encrypting each stored candidate query data by a data provider by using a private key to obtain an encrypted ciphertext corresponding to the candidate query data.
And the data confusion module is used for carrying out data confusion on the candidate query data with null values in the number domain corresponding to the ciphertext data through the data provider to obtain the encrypted ciphertext of the continuous number domain.
The data slicing module is used for slicing the encrypted ciphertext of the continuous number domain through a data provider to obtain a plurality of query slices; each query fragment corresponds to a plurality of encrypted ciphertexts.
And the fragment mapping function generation module is used for generating a fragment mapping function based on the target query fragment and the plurality of encrypted ciphertexts in the target query fragment by the data provider.
And the data sending module is used for sending the public key of the asymmetric key and the fragment mapping function to the data inquiring party through the data providing party.
Specifically, the data query system further comprises a first query result acquisition module and a second query result acquisition module.
And the first query result acquisition module is used for comparing the target query data with the data to be queried through the data query party, and acquiring a query result of successful data query if the target query data is consistent with the data to be queried.
And the second query result acquisition module is used for acquiring the query result of data query failure if the query results are inconsistent.
For specific limitations of the data query system, reference may be made to the above limitations of the data query method, which is not described herein again. The modules in the data query system can be implemented in whole or in part by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, and its internal structure diagram may be as shown in fig. 8. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a computer storage medium and an internal memory. The computer storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the computer storage media. The database of the computer device is used to store data generated or obtained during execution of the data query method, such as candidate query data. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a data query method.
In one embodiment, a computer device is provided, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and when the processor executes the computer program, the steps of the data query method in the above embodiments are implemented, for example, steps S11-S15 shown in fig. 1, or steps shown in fig. 2 to 7. Alternatively, the processor implements the functions of each module/unit in the embodiment of the data query system when executing the computer program, for example, the functions of each module/unit shown in fig. 8, and are not described here again to avoid repetition.
In an embodiment, a computer storage medium is provided, where a computer program is stored on the computer storage medium, and when executed by a processor, the computer program implements the steps of the data query method in the foregoing embodiments, for example, steps S11-S15 shown in fig. 1 or steps shown in fig. 2 to fig. 7, which are not repeated herein to avoid repetition. Alternatively, the computer program, when executed by the processor, implements the functions of each module/unit in the embodiment of the data query system, for example, the functions of each module/unit shown in fig. 8, and are not described here again to avoid repetition.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware related to instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules, so as to perform all or part of the functions described above.
The above examples are only for illustrating the technical solutions of the present invention and not for limiting the same, and although the present invention is described in detail with reference to the foregoing examples, those of ordinary skill in the art should understand that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.

Claims (10)

1. A data query method is characterized by being applied to a data query system; the data query system comprises a data provider and a data querier; the data query method comprises the following steps:
receiving the public key sent by the data provider by the data inquirer, generating a random number, and performing blinding processing on data to be inquired by adopting the public key and the random number to obtain a blinding result;
the data inquiring party sends the blinding result to the data providing party and receives a first ciphertext returned by the data providing party; the first ciphertext is obtained by encrypting the blinding result by the data provider based on a private key corresponding to the public key;
carrying out blindness removal processing on the first ciphertext through the data inquiry party, and removing the random number to obtain a second ciphertext subjected to blindness removal;
locating, by the data requestor, a target index of the second ciphertext in a full amount of candidate query data stored by the data provider based on the second ciphertext;
and executing an oblivious transmission protocol based on the target index so that the data inquirer acquires target inquiry data corresponding to the target index returned by the data provider.
2. The data query method of claim 1, wherein after the blinding removal processing is performed on the first ciphertext by the data query party, the random number is removed, and a second ciphertext after the blinding removal is obtained, the data query method further comprises:
processing the second ciphertext through the data inquirer according to a fragment mapping function provided by the data provider to obtain a target inquiry fragment corresponding to the second ciphertext; the fragment mapping function is used for indicating the mapping relation between the ciphertext and the target query fragment;
the executing an oblivious transmission protocol based on the target index to enable the data inquirer to obtain the target inquiry data corresponding to the target index returned by the data provider comprises:
and executing an oblivious transmission protocol based on the target query fragment and the target index, so that the data query party obtains target query data corresponding to the target index in the target query fragment returned by the data provider.
3. The data query method of claim 2, wherein the obtaining, based on the target query fragment and the target index, target query data corresponding to the target index in the target query fragment returned by the data provider through an oblivious transport protocol comprises:
the data provider is used as a sender corresponding to the oblivious transmission protocol; and using the data inquiring party as a receiver corresponding to the oblivious transmission protocol;
taking a plurality of candidate query data corresponding to the target query fragment as input data corresponding to the sender;
positioning, by the data querier, a positioning index of the target index within the target query tile based on the target index and an initial index; wherein the initial index is used to indicate an index of a first one of the candidate query data within the target query tile in the full amount of candidate query data;
taking the positioning index as input data corresponding to the receiver;
and executing an oblivious transmission protocol based on the input data corresponding to the sender and the input data corresponding to the receiver so that the data inquirer acquires target inquiry data corresponding to the target index in the target inquiry sub-slice returned by the data provider.
4. The data query method of claim 1, wherein the blinding the data to be queried by using the public key and the random number to obtain a blinding result, comprises:
performing exponential power operation on the random number by taking the public key as a power exponent to obtain an operation result;
and multiplying the operation result by the data to be inquired to obtain the blinding result.
5. The data query method of claim 1, wherein the blinding the first ciphertext to obtain a second ciphertext after blinding, comprises:
obtaining the reciprocal of the random number;
and multiplying the reciprocal by the first ciphertext to remove the random number to obtain a second ciphertext after blindness removal to obtain the second ciphertext after blindness removal.
6. The data query method of claim 2, wherein before the step of the data query party obtaining the target query data corresponding to the target index in the target query fragment returned by the data provider through an oblivious transmission protocol based on the target query fragment and the target index, the data query method further comprises:
generating, by the data provider, an asymmetric key pair; wherein the asymmetric key pair comprises a public key and a corresponding private key;
encrypting each stored candidate query data by the data provider by using the private key to obtain an encrypted ciphertext corresponding to the candidate query data;
performing data confusion on candidate query data with null values in the number domain corresponding to the ciphertext data through the data provider to obtain encrypted ciphertexts of continuous number domains;
fragmenting the encrypted ciphertext of the continuous number domain by the data provider to obtain a plurality of query fragments; each query fragment corresponds to a plurality of encrypted ciphertexts;
generating, by the data provider, the segment mapping function based on the target query segment and the plurality of encrypted ciphertexts within the target query segment;
and sending the public key of the asymmetric key and the fragment mapping function to the data inquirer through the data provider.
7. The data query method of claim 1, wherein after the performing an oblivious transfer protocol based on the target index to make the data query party obtain target query data corresponding to the target index returned by the data provider, further comprises:
comparing the target query data with the data to be queried through the data query party, and if the target query data is consistent with the data to be queried, acquiring a query result of successful data query;
and if not, acquiring the query result of data query failure.
8. A data query system, comprising:
the blinding processing module is used for receiving a public key sent by a data provider through the data inquirer, generating a random number, and performing blinding processing on data to be inquired by adopting the public key and the random number to obtain a blinding result;
the first ciphertext receiving module is used for sending the blinding result to the data provider through the data inquirer and receiving a first ciphertext returned by the data provider; the first ciphertext is obtained by encrypting the blinding result by the data provider based on a private key corresponding to the public key;
the blindness removing module is used for carrying out blindness removing processing on the first ciphertext through the data inquiry party, removing the random number and obtaining a second ciphertext after blindness removing;
a target index positioning module, configured to position, by the data querying party, a target index of the second ciphertext in the full candidate query data stored by the data providing party based on the second ciphertext;
and the target query data acquisition module is used for executing an oblivious transmission protocol based on the target index so as to enable the data inquirer to acquire target query data corresponding to the target index returned by the data provider.
9. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the steps of the data query method according to any one of claims 1 to 7 when executing the computer program.
10. A computer storage medium, in which a computer program is stored, which, when being executed by a processor, carries out the steps of the data query method according to any one of claims 1 to 7.
CN202110552465.8A 2021-05-20 2021-05-20 Data query method, system, computer device and storage medium Pending CN113239046A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110552465.8A CN113239046A (en) 2021-05-20 2021-05-20 Data query method, system, computer device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110552465.8A CN113239046A (en) 2021-05-20 2021-05-20 Data query method, system, computer device and storage medium

Publications (1)

Publication Number Publication Date
CN113239046A true CN113239046A (en) 2021-08-10

Family

ID=77137902

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110552465.8A Pending CN113239046A (en) 2021-05-20 2021-05-20 Data query method, system, computer device and storage medium

Country Status (1)

Country Link
CN (1) CN113239046A (en)

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114143000A (en) * 2021-11-29 2022-03-04 百保(上海)科技有限公司 Secret trace query method and device based on careless transmission protocol and secret sharing
CN114301594A (en) * 2022-03-01 2022-04-08 华控清交信息科技(北京)有限公司 Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission
CN114691759A (en) * 2022-06-01 2022-07-01 平安科技(深圳)有限公司 Data query statistical method, device, computer equipment and storage medium
CN114996305A (en) * 2022-08-03 2022-09-02 建信金融科技有限责任公司 Data query method, data query device, electronic equipment, storage medium and program product
CN115276961A (en) * 2022-09-23 2022-11-01 北京密码云芯科技有限公司 Data processing method and device based on OT protocol
WO2023077596A1 (en) * 2021-11-03 2023-05-11 深圳前海微众银行股份有限公司 Bidirectional hidden data query method and apparatus
WO2023178919A1 (en) * 2022-03-24 2023-09-28 深圳前海环融联易信息科技服务有限公司 Sort query system and method based on oblivious transfer protocol

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106294352A (en) * 2015-05-13 2017-01-04 姚猛 A kind of document handling method, device and file system
US9715546B1 (en) * 2016-02-18 2017-07-25 Yahoo! Inc. Method and system for searching encrypted data
CN109033248A (en) * 2018-07-05 2018-12-18 华为技术有限公司 The method and apparatus of storing data record, the method and apparatus for inquiring data record
CN110636070A (en) * 2019-09-26 2019-12-31 支付宝(杭州)信息技术有限公司 Data sending method, data query method, device, electronic equipment and system
CN110730167A (en) * 2019-09-26 2020-01-24 支付宝(杭州)信息技术有限公司 Data sending method, data query method, device, electronic equipment and system
CN111259060A (en) * 2020-02-18 2020-06-09 北京百度网讯科技有限公司 Data query method and device

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106294352A (en) * 2015-05-13 2017-01-04 姚猛 A kind of document handling method, device and file system
US9715546B1 (en) * 2016-02-18 2017-07-25 Yahoo! Inc. Method and system for searching encrypted data
CN109033248A (en) * 2018-07-05 2018-12-18 华为技术有限公司 The method and apparatus of storing data record, the method and apparatus for inquiring data record
CN110636070A (en) * 2019-09-26 2019-12-31 支付宝(杭州)信息技术有限公司 Data sending method, data query method, device, electronic equipment and system
CN110730167A (en) * 2019-09-26 2020-01-24 支付宝(杭州)信息技术有限公司 Data sending method, data query method, device, electronic equipment and system
CN111259060A (en) * 2020-02-18 2020-06-09 北京百度网讯科技有限公司 Data query method and device

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2023077596A1 (en) * 2021-11-03 2023-05-11 深圳前海微众银行股份有限公司 Bidirectional hidden data query method and apparatus
CN114143000A (en) * 2021-11-29 2022-03-04 百保(上海)科技有限公司 Secret trace query method and device based on careless transmission protocol and secret sharing
CN114301594A (en) * 2022-03-01 2022-04-08 华控清交信息科技(北京)有限公司 Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission
CN114301594B (en) * 2022-03-01 2022-05-17 华控清交信息科技(北京)有限公司 Inadvertent transmission method, multi-party secure computing platform and device for inadvertent transmission
WO2023178919A1 (en) * 2022-03-24 2023-09-28 深圳前海环融联易信息科技服务有限公司 Sort query system and method based on oblivious transfer protocol
CN114691759A (en) * 2022-06-01 2022-07-01 平安科技(深圳)有限公司 Data query statistical method, device, computer equipment and storage medium
CN114691759B (en) * 2022-06-01 2022-09-06 平安科技(深圳)有限公司 Data query statistical method, device, computer equipment and storage medium
CN114996305A (en) * 2022-08-03 2022-09-02 建信金融科技有限责任公司 Data query method, data query device, electronic equipment, storage medium and program product
CN115276961A (en) * 2022-09-23 2022-11-01 北京密码云芯科技有限公司 Data processing method and device based on OT protocol
CN115276961B (en) * 2022-09-23 2023-01-17 北京密码云芯科技有限公司 Data processing method and device based on OT protocol

Similar Documents

Publication Publication Date Title
CN113239046A (en) Data query method, system, computer device and storage medium
CN109510703B (en) Data encryption and decryption method and device
CN108123800B (en) Key management method, key management device, computer equipment and storage medium
CN109462602B (en) Login information storage method, login verification method, device, equipment and medium
US11973867B2 (en) Encrypted search
US20130290733A1 (en) Systems and methods for caching security information
EP3598714A1 (en) Method, device, and system for encrypting secret key
CN113346998B (en) Key updating and file sharing method, device, equipment and computer storage medium
US20210258148A1 (en) Key management method, security chip, service server and information system
CN111565107A (en) Key processing method and device based on cloud service platform and computer equipment
CN112182630B (en) Symmetric searchable encryption method, device, equipment and medium
CN111404952B (en) Transformer substation data encryption transmission method and device, computer equipment and storage medium
CN110781140B (en) Method, device, computer equipment and storage medium for signing data in blockchain
CN113032357A (en) File storage method and device and server
CN112671733A (en) Data communication method, key management system, device, and storage medium
CN111294203A (en) Information transmission method
CN111666558B (en) Key rotation method, device, computer equipment and storage medium
CN115150821A (en) Offline package transmission and storage method and device
CN114499836A (en) Key management method, key management device, computer equipment and readable storage medium
CN111931204A (en) Encryption and de-duplication storage method and terminal equipment for distributed system
CN107968793B (en) Method, device and storage medium for downloading white box key
CN113824713B (en) Key generation method, system and storage medium
CN115834113A (en) OT communication method, OT communication device, electronic device, and storage medium
CN112187750B (en) Information encryption method and system based on Internet
CN112769744B (en) Data sending method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination