CN113987584B

CN113987584B - Hidden query method and system

Info

Publication number: CN113987584B
Application number: CN202111334612.0A
Authority: CN
Inventors: 张二毛; 吴磊; 李鑫; 熊佩; 谢丹力; 孙曼; 孙超
Original assignee: CCB Finetech Co Ltd
Current assignee: CCB Finetech Co Ltd
Priority date: 2021-11-11
Filing date: 2021-11-11
Publication date: 2024-08-20
Anticipated expiration: 2041-11-11
Also published as: CN113987584A

Abstract

The application provides a hidden inquiring method and a system, wherein a data inquiring node receives all inquireable information and corresponding first public keys sent by a data providing node, generates a random code, encrypts the random code by adopting the first public keys corresponding to data to be inquired to obtain ciphertext, decrypts the ciphertext by adopting each first private key to obtain corresponding decrypted plaintext, carries out exclusive-or operation on each decrypted plaintext and corresponding inquireable data to obtain corresponding first exclusive-or codes, carries out exclusive-or operation on the random code and each first exclusive-or code to generate a plurality of second exclusive-or codes, and takes the second exclusive-or codes corresponding to the first public keys corresponding to the data to be inquired as the data to be inquired. And encrypting an arbitrary random code by using an asymmetric key, decrypting the encrypted random code by using all first private keys to obtain a corresponding decrypted plaintext, and performing exclusive OR operation on all the decrypted plaintext, corresponding data and random numbers, thereby improving the privacy in the hidden inquiry process.

Description

Hidden query method and system

Technical Field

The application relates to the technical field of information security, in particular to a hidden query method and a hidden query system.

Background

The hidden query, also called private information retrieval, means that a query party hides the keyword or client ID information of the queried object, and a data service party provides a matched query result but cannot know which query object is specifically corresponding to. The data is not going out and can be calculated, and the possibility of data caching is avoided.

Quantum computing has been proposed from the 80 s of the last century, and has evolved over thirty years, with significant advances in quantum computing, quantum algorithms, quantum computers, and quantum programming. If a large-scale quantum computer becomes a reality, the cryptographic technology widely used at present is mainly public key cryptographic technology, and the public key cryptographic technology is no longer secure. Theoretically, under a completely stable quantum environment, a large quantum computer with thousands of quantum bits can thoroughly crack public key cryptosystems such as ECC, SM2, etc. in a period of several minutes, so that a significant security risk occurs in conventional hidden inquiry protocols based on ECC or SM 2.

Disclosure of Invention

Aiming at the problems in the prior art, the application provides a hidden query method and a hidden query system, which are mainly used for enhancing the anti-quantum security aiming at the conventional hidden query protocol so as to realize the anti-quantum security of the query protocol.

In order to solve the technical problems, the application provides the following technical scheme:

In a first aspect, the present application provides a method for concealing a query, performed by a data providing node, the data providing node including all queriable data, each queriable data corresponding to a first public-private key pair one-to-one, each public-private key pair including a first public key and a first private key, each queriable data corresponding to an identification information, the method for concealing a query comprising:

Transmitting all the identification information and the corresponding first public key to a data query node, wherein the data query node generates a random code, and encrypts the random code by adopting the first public key corresponding to the data to be queried to obtain a first ciphertext;

Each first private key is adopted to decrypt the first ciphertext to obtain a corresponding decrypted plaintext, and exclusive-or operation is carried out on each decrypted plaintext and corresponding queriable data to obtain a corresponding first exclusive-or code;

and sending all the first exclusive-or codes to the data query node so that the data query node performs exclusive-or operation on the random code and each first exclusive-or code to generate a second exclusive-or code corresponding to one by one, wherein the second exclusive-or code corresponding to the first public key corresponding to the data to be queried is the data to be queried.

Further, the data providing node includes a second public-private key pair, the second public-private key pair includes a second public key and a second private key, the data querying node includes the second private key, and the hidden querying method further includes:

encrypting all the identification information and the corresponding first public key by adopting a second private key to obtain a second ciphertext;

correspondingly, all the identification information and the corresponding first public key are sent to the data query node, including:

and sending the second ciphertext to a data query node.

Further, the hidden query method further includes:

Negotiating with the data query node to generate the second public-private key pair based on a key negotiation algorithm; after the first ciphertext is generated, the data query node encrypts the first ciphertext by adopting the second public key to obtain a third ciphertext;

each first private key is adopted to decrypt the first ciphertext to obtain a corresponding decrypted plaintext, and exclusive-or operation is carried out on each decrypted plaintext and corresponding queriable data to obtain a corresponding first exclusive-or code, and the method further comprises the following steps:

And decrypting the third ciphertext by adopting the second private key to obtain the first ciphertext.

Further, the first public-private key pair is generated by an ECC algorithm or an SM2 algorithm.

In a second aspect, the present application provides a method of suppressed query performed by a data query node, comprising:

Receiving all identification information and corresponding first public keys sent by a data providing node, wherein the data providing node comprises all queriable data, each queriable data corresponds to a first public and private key pair one by one, each first public and private key pair comprises a first public key and a first private key, and each queriable data corresponds to one identification information;

Generating a random code, and encrypting the random code by adopting a first public key corresponding to data to be queried to obtain a first ciphertext;

Receiving all first exclusive-or codes sent by a data query node, wherein the data providing node adopts each first private key to decrypt the first ciphertext to obtain a corresponding decrypted plaintext, and performing exclusive-or operation on each decrypted plaintext and corresponding queriable data to obtain a corresponding first exclusive-or code;

And performing exclusive-or operation on the random code and each first exclusive-or code to generate a second exclusive-or code in one-to-one correspondence, wherein the second exclusive-or code corresponding to the first public key corresponding to the data to be queried is the data to be queried.

and receiving the second ciphertext sent by the data query node, wherein the data providing node encrypts all the identification information and the corresponding first public key by adopting a second private key to obtain the second ciphertext.

Further, the hidden query method further includes:

Negotiating with the data query node to generate the second public-private key pair based on a key negotiation algorithm;

and encrypting the first ciphertext by adopting the second public key to obtain a third ciphertext, wherein the data providing node adopts the second private key to decrypt the third ciphertext to obtain the first ciphertext.

In a third aspect, the present application provides a method for concealing and querying, a data providing node including all queriable data, each queriable data corresponding to a first public-private key pair one to one, each public-private key pair including a first public key and a first private key, each queriable data corresponding to an identification information, the method for concealing and querying comprising:

The data providing node sends all the identification information and the corresponding first public key to the data query node;

The data query node generates a random code, and encrypts the random code by adopting a first public key corresponding to data to be queried to obtain a first ciphertext;

The data providing node adopts each first public key to decrypt the first ciphertext sent by the data query node to obtain a corresponding decrypted plaintext, and performs exclusive-or operation on each decrypted plaintext and corresponding queriable data to obtain a corresponding first exclusive-or code;

And the data query node performs exclusive-or operation on the random code and each first exclusive-or code sent by the data providing node to generate a second exclusive-or code in one-to-one correspondence, wherein the second exclusive-or code corresponding to the first public key corresponding to the data to be queried is the data to be queried.

Further, the data providing node includes a second public key and a second private key, the data querying node includes the second private key, and the hidden querying method further includes:

the data providing node encrypts all the identification information and the corresponding first public key by adopting a second private key to obtain a second ciphertext;

the data providing node sends all the identification information and the corresponding first public key to the data query node, and the data query node comprises:

the data providing node sends the second ciphertext to a data querying node.

Further, the hidden query method further includes:

The data providing node negotiates with the data inquiring node based on a negotiation algorithm to form the second public key and the second private key; after the first ciphertext is generated, the data query node encrypts the first ciphertext by adopting the second public key to obtain a third ciphertext;

The data providing node adopts each first private key to decrypt the first ciphertext sent by the data query node to obtain a corresponding decrypted plaintext, and the method comprises the following steps:

And the data providing node decrypts the third ciphertext by adopting the second private key to obtain the first ciphertext.

In a fourth aspect, the present application provides a data providing node, the data providing node including all queriable data, each queriable data corresponding to a first public-private key pair one to one, each first public-private key pair including a first public key and a first private key, each queriable data corresponding to an identification information, the data providing node comprising:

A first data transmission module: transmitting all the identification information and the corresponding first public key to a data query node, wherein the data query node generates a random code, and encrypts the random code by adopting the first public key corresponding to the data to be queried to obtain a first ciphertext;

Decryption module: each first private key is adopted to decrypt the first ciphertext to obtain a corresponding decrypted plaintext, and exclusive-or operation is carried out on each decrypted plaintext and corresponding queriable data to obtain a corresponding first exclusive-or code;

And a second data transmission module: and sending all the first exclusive-or codes to the data query node so that the data query node performs exclusive-or operation on the random code and each first exclusive-or code to generate a second exclusive-or code corresponding to one by one, wherein the second exclusive-or code corresponding to the first public key corresponding to the data to be queried is the data to be queried.

In a fifth aspect, the present application provides a data query node comprising:

A first data receiving module: receiving all identification information and corresponding first public keys sent by a data providing node, wherein the data providing node comprises all queriable data, each queriable data corresponds to a first public and private key pair one by one, each first public and private key pair comprises a first public key and a first private key, and each queriable data corresponds to one identification information;

A random code encryption module: generating a random code, and encrypting the random code by adopting a first public key corresponding to data to be queried to obtain a first ciphertext;

and a second data receiving module: receiving all first exclusive-or codes sent by a data query node, wherein the data providing node adopts each first private key to decrypt the first ciphertext to obtain a corresponding decrypted plaintext, and performing exclusive-or operation on each decrypted plaintext and corresponding queriable data to obtain a corresponding first exclusive-or code;

And a data query module: and performing exclusive-or operation on the random code and each first exclusive-or code to generate a second exclusive-or code in one-to-one correspondence, wherein the second exclusive-or code corresponding to the first public key corresponding to the data to be queried is the data to be queried.

In a sixth aspect, the present application provides a suppressed query system comprising: a data providing node and a data inquiring node;

the data providing node adopts each first private key to decrypt the first ciphertext to obtain a corresponding decrypted plaintext, performs exclusive-or operation on each decrypted plaintext and corresponding queriable data to obtain a corresponding first exclusive-or code, and sends the first exclusive-or code to the data querying node;

The data query node performs exclusive-or operation on the random code and each first exclusive-or code to generate a second exclusive-or code in one-to-one correspondence, wherein the second exclusive-or code corresponding to the first public key corresponding to the data to be queried is the data to be queried;

The data providing node comprises all queriable data, each queriable data corresponds to a first public and private key pair one by one, each first public and private key pair comprises a first public key and a first private key, and each queriable data corresponds to identification information.

In a seventh aspect, the present application provides an electronic device comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the hidden inquiry method when executing the program.

In an eighth aspect, the present application provides a computer readable storage medium having stored thereon a computer program which when executed by a processor implements the suppressed query method.

As can be seen from the above technical scheme, the method and system for hidden inquiry provided by the application comprise the following steps: the data query node receives all the queriable information and the corresponding first public keys sent by the data providing node, generates a random code, encrypts the random code by the first public keys corresponding to the data to be queried to obtain ciphertext, decrypts the ciphertext by each first private key to obtain corresponding decrypted plaintext, performs exclusive-or operation on each decrypted plaintext and the corresponding queriable data to obtain corresponding first exclusive-or codes, performs exclusive-or operation on the random code and each first exclusive-or code to generate a plurality of second exclusive-or codes, and the second exclusive-or codes corresponding to the first public keys corresponding to the data to be queried are the data to be queried. And encrypting an arbitrary random code by using an asymmetric key, decrypting the encrypted random code by using all first private keys to obtain a corresponding decrypted plaintext, and performing exclusive OR operation on all the decrypted plaintext, corresponding data and random numbers, thereby improving the privacy in the hidden inquiry process.

Drawings

In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described, and it is obvious that the drawings in the following description are some embodiments of the present application, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.

Fig. 1 is a flow chart of a data providing node in a hidden query method according to an embodiment of the present application.

Fig. 2 is a schematic flow chart of a data query node in the hidden query method according to an embodiment of the present application.

Fig. 3 is a flow chart of a hidden query method in an embodiment of the application.

Fig. 4 is a flowchart of a specific embodiment of a secret querying method based on the SM2 algorithm in the embodiment of the present application.

Fig. 5 is a schematic diagram of a data providing node in a hidden query method according to an embodiment of the present application.

Fig. 6 is a schematic diagram of a data query node in a hidden query method according to an embodiment of the present application.

FIG. 7 is a schematic diagram of a hidden query system in accordance with an embodiment of the present application.

Fig. 8 is a schematic structural diagram of an electronic device in an embodiment of the present application.

Detailed Description

For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.

It should be noted that the hidden query method, system, electronic device and computer readable storage medium disclosed by the application can be used in the technical field of information security, and can also be used in any field except the technical field of information security.

Under a completely stable quantum environment, a large quantum computer with thousands of quantum bits can thoroughly crack public key cryptosystems such as ECC or SM2 in a period of several minutes, so that a significant security risk occurs in conventional hidden inquiry protocols based on ECC or SM 2. The application provides a hidden inquiring method, a system, electronic equipment and a computer readable storage medium, wherein a data inquiring node receives all inquireable information and corresponding first public keys sent by a data providing node, generates a random code, encrypts the random code by adopting the first public keys corresponding to data to be inquired to obtain ciphertext, the data providing node adopts each first private key to decrypt the ciphertext to obtain corresponding decrypted plaintext, and carries out exclusive-or operation on each decrypted plaintext and corresponding inquireable data to obtain corresponding first exclusive-or codes, the data inquiring node carries out exclusive-or operation on the random code and each first exclusive-or code to generate a plurality of second exclusive-or codes, and the second exclusive-or codes corresponding to the first public keys of the data to be inquired are the data to be inquired. And encrypting an arbitrary random code by using an asymmetric key, decrypting the encrypted random code by using all first private keys to obtain a corresponding decrypted plaintext, and performing exclusive OR operation on all the decrypted plaintext, corresponding data and random numbers, thereby improving the privacy in the hidden inquiry process.

Based on the foregoing, the present application further provides a concealment query system for implementing the concealment query method provided in one or more embodiments of the present application, where the concealment query system includes a data providing node and a data query node, where the data query node may be communicatively connected to a client device, and where a plurality of client terminal devices may be provided, and the concealment query system may specifically access the client terminal device through an application server.

The hidden inquiring system comprises a data providing node and a data inquiring node, wherein the data inquiring node can receive information to be inquired from client terminal equipment, the data inquiring node receives all the inquireable information and corresponding first public keys sent by the data providing node and generates a random code, the random code is encrypted by the first public keys corresponding to the data to be inquired to obtain first ciphertext, the data providing node adopts each first private key to decrypt the first ciphertext to obtain corresponding decrypted plaintext, and performs exclusive-or operation on each decrypted plaintext and corresponding inquireable data to obtain corresponding first exclusive-or codes, and the data inquiring node performs exclusive-or operation on each random code and each first exclusive-or code to generate one-to-one second exclusive-or codes, wherein the second exclusive-or codes corresponding to the first public keys corresponding to the data to be inquired are the data to be inquired.

It is understood that the client device may include a smart phone, a tablet electronic device, a portable computer, a desktop computer, a Personal Digital Assistant (PDA), and the like.

The client device may have a communication module (i.e. a communication unit) and may be connected to a remote server in a communication manner, so as to implement data transmission with the server. For example, the communication unit may send the information to be queried to a server of the data query node, so that the data query node encrypts the random code according to the information to be queried; the communication unit may also send the encrypted random code to the data providing node. The communication unit may also receive a first exclusive or code transmitted by the data providing node. The server may include a single computer device, a server cluster formed by a plurality of servers, or a server structure of a distributed device.

Any suitable network protocol may be used between the server and the client device, including those not yet developed on the filing date of the present application. The network protocols may include, for example, TCP/IP protocol, UDP/IP protocol, HTTP protocol, HTTPS protocol, etc. Of course, the network protocol may also include, for example, RPC protocol (Remote Procedure Call Protocol ), REST protocol (Representational STATE TRANSFER) or the like used above the above-described protocol.

The application provides a hidden inquiring method, a system, electronic equipment and a computer readable storage medium, wherein a data inquiring node receives all inquireable information and corresponding first public keys sent by a data providing node, generates a random code, encrypts the random code by adopting the first public keys corresponding to data to be inquired to obtain ciphertext, the data providing node adopts each first private key to decrypt the ciphertext to obtain corresponding decrypted plaintext, and carries out exclusive-or operation on each decrypted plaintext and corresponding inquireable data to obtain corresponding first exclusive-or codes, the data inquiring node carries out exclusive-or operation on the random code and each first exclusive-or code to generate a plurality of second exclusive-or codes, and the second exclusive-or codes corresponding to the first public keys corresponding to the data to be inquired are the data to be inquired. And encrypting an arbitrary random code by using an asymmetric key, decrypting the encrypted random code by using all first private keys to obtain a corresponding decrypted plaintext, and performing exclusive OR operation on all the decrypted plaintext, corresponding data and random numbers, thereby improving the privacy in the hidden inquiry process.

The following embodiments and application examples are described in detail.

The application provides an embodiment of a hidden query method, which is executed by a data providing node, wherein the data providing node comprises all queriable data, each queriable data corresponds to a first public and private key pair one by one, each public and private key pair comprises a first public key and a first private key, each queriable data corresponds to identification information, and referring to fig. 1, the hidden query method specifically comprises the following contents:

step S100: and sending all the identification information and the corresponding first public key to a data query node, wherein the data query node generates a random code, and encrypting the random code by adopting the first public key corresponding to the data to be queried to obtain a first ciphertext.

In step 100, each piece of identification information corresponds to the first public-private key pair one by one, all pieces of identification information of the queriable data and the corresponding first public key are sent to the data query node, the data query node extracts the first public key corresponding to the data to be queried, and the first public key is adopted to encrypt a random generated random code to obtain a first ciphertext. The first public-private key pair is generated by adopting an ECC elliptic encryption algorithm or a national encryption SM2 algorithm.

In combination with a specific embodiment, when the first public-private key pair is generated by adopting an ECC elliptic encryption algorithm, the data providing node includes two queriable data D1 and D2, the corresponding identification information is ID1 and ID2, the corresponding first public keys are Q1 and Q2, the corresponding first private keys are D1 and D2, respectively, and the data providing node sends Q1, Q2, ID1 and ID2 to the data querying node; the data query node determines a first public key Q1 corresponding to data D1 to be queried, randomly selects a random code r, encrypts the random code r by adopting the Q1 to obtain a first ciphertext, and sends the first ciphertext to the data providing node.

When the first public-private key pair is generated by adopting a national secret SM2 algorithm, the data providing node comprises two queriable data D1 and D2, the corresponding identification information is ID1 and ID2, the corresponding first public keys are pk1 and pk2 respectively, the corresponding first private keys are sk1 and sk2 respectively, and the data providing node sends pk1, pk2, ID1 and ID2 to the data querying node; the data query node determines a first public key pk1 corresponding to the data D1 to be queried, randomly selects a random code r, encrypts the random code r by adopting pk1 to obtain a first ciphertext, and sends the first ciphertext to the data providing node.

Step S200: and adopting each first private key to decrypt the first ciphertext to obtain a corresponding decrypted plaintext, and performing exclusive-or operation on each decrypted plaintext and corresponding queriable data to obtain a corresponding first exclusive-or code.

It can be understood that, since the data providing node does not know which group of the first public keys is used by the data querying node to encrypt the random code, the data providing node needs to decrypt the first ciphertext by using the first private keys of all the queriable data to obtain corresponding decrypted plaintext, and performs an exclusive-or operation on each decrypted plaintext and the corresponding queriable data to obtain the corresponding first exclusive-or code.

In combination with the specific embodiment, the data providing node decrypts the first ciphertext by using all the first private keys D1 and D2 to obtain corresponding decryption results k1 and k2, and then exclusive-ors the decryption results k1 and k2 with the corresponding data D1 and D2And E1, E2 are sent to the data query node.

Step S300: and sending all the first exclusive-or codes to the data query node so that the data query node performs exclusive-or operation on the random code and each first exclusive-or code to generate a second exclusive-or code corresponding to one by one, wherein the second exclusive-or code corresponding to the first public key corresponding to the data to be queried is the data to be queried.

As can be seen from the foregoing description, in the hidden query method provided by the embodiment of the present application, the data query node receives all the queriable information and the corresponding first public key sent by the data providing node, generates a random code, encrypts the random code by using the first public key corresponding to the data to be queried to obtain a ciphertext, the data providing node decrypts the ciphertext by using each first private key to obtain a corresponding decrypted plaintext, and performs an exclusive-or operation on each decrypted plaintext and the corresponding queriable data to obtain a corresponding first exclusive-or code, and the data query node performs an exclusive-or operation on each random code and each first exclusive-or code to generate a plurality of second exclusive-or codes, and the second exclusive-or codes corresponding to the first public key corresponding to the data to be queried are the data to be queried. And encrypting an arbitrary random code by using an asymmetric key, decrypting the encrypted random code by using all first private keys to obtain a corresponding decrypted plaintext, and performing exclusive OR operation on all the decrypted plaintext, corresponding data and random numbers, thereby improving the privacy in the hidden inquiry process.

In an embodiment of the method for concealing and querying provided by the present application, a preferred mode of encrypting queriable data is provided, the data providing node includes a second public-private key pair, the second public-private key pair includes a second public key and a second private key, the data querying node includes the second private key, and the concealing and querying specifically further includes:

and sending the second ciphertext to a data query node.

It can be understood that the data providing node encrypts all the identification information and the corresponding first public key by using the second private key to obtain a second ciphertext, and sends the second ciphertext to the data query node, and the data query node decrypts the second ciphertext by using the second public key to obtain all the identification information and the corresponding first public key. The first public-private key pair is generated by an ECC algorithm or an SM2 algorithm.

In combination with a specific embodiment, when the first public-private key pair is generated by adopting an ECC elliptic encryption algorithm, the data providing node includes two queriable data D1 and D1, the corresponding identification information is ID1 and ID2, the corresponding first public keys are Q1 and Q2, the corresponding first private keys are D1 and D2, the data providing node encrypts Q1, Q2, ID1 and ID2 by adopting a second private key to obtain a second ciphertext E, and the second ciphertext E is sent to the data querying node.

When the first public-private key pair is generated by adopting a national secret SM2 algorithm, the data providing node comprises two queriable data D1 and D2, the corresponding identification information is ID1 and ID2, the corresponding first public keys are pk1 and pk2 respectively, the corresponding first private keys are sk1 and sk2 respectively, the data providing node encrypts the pk1, pk2, ID1 and ID2 by adopting a second private key to obtain a second ciphertext E, and the second ciphertext E is sent to the data querying node.

In one embodiment of the method for hidden inquiry provided by the present application, a preferred mode of encryption of inquireable data is provided, and the hidden inquiry specifically further includes the following contents:

It will be appreciated that the second public-private key pair is generated by an asymmetric encryption algorithm negotiated by the data providing node and the data querying node based on the key agreement algorithm PQC _kem. The data providing node sends the public key of the key negotiation algorithm PQC _kem to the data inquiring node, the data inquiring node and the data providing node negotiate a second public key and a second private key, the data inquiring node and the data providing node share the second public key, and the second private key only exists in the data providing node. The data query node extracts a first public key corresponding to the data to be queried, encrypts a random code generated randomly by adopting the first public key to obtain a first ciphertext, encrypts the first ciphertext by adopting a second public key to obtain a third ciphertext, the data providing node decrypts the third ciphertext by adopting a second private key to obtain the first ciphertext, because the data providing node does not know which group of first public keys are used by the data inquiring node to encrypt the random codes, the data providing node decrypts the first ciphertext by using the first private keys of all the inquireable data to obtain corresponding decrypted plaintext, and performs exclusive-or operation on each decrypted plaintext and the corresponding inquireable data to obtain the corresponding first exclusive-or codes.

As can be seen from the above description, the most significant feature of the hidden query method provided by the embodiment of the present application is that the anti-quantum characteristic of the post-quantum key negotiation algorithm PQC _kem is utilized, the second public-private key pair is negotiated by using PQC _kem, then the transmission data in the hidden query is protected by using the second public-private key, and the anti-quantum characteristic of the whole algorithm is realized by using the anti-quantum characteristics of PQC _kem and the second public-private key pair, because the E sent by the data providing node encrypts the second private key, the encryption key of the second public-private key pair is determined by PQC _kem, and the second public-private key pair is asymmetrically encrypted, and both algorithms have the anti-quantum characteristics, so that the algorithm has the anti-quantum characteristic. The random number r sent by the data query node is encrypted by the second public and private key on the basis of ECC encryption or SM2 encryption, so that the random number r has quantum resistance. From the anti-quantum properties of r, the anti-quantum properties of E ₁,E₂ can be deduced, so the whole algorithm has anti-quantum properties.

The application provides an embodiment of a hidden query method, which is executed by a data query node, and referring to fig. 2, the hidden query method specifically comprises the following contents:

step S400: and receiving all the identification information and the corresponding first public keys sent by the data providing node, wherein the data providing node comprises all the queriable data, each queriable data corresponds to a first public and private key pair one by one, each first public and private key pair comprises a first public key and a first private key, and each queriable data corresponds to one identification information.

It can be understood that after the data query node receives all the identification information and the corresponding first public key sent by the data providing node, the first public key corresponding to the data to be queried is determined.

In combination with a specific embodiment, when the first public-private key pair is generated by adopting an ECC elliptic encryption algorithm, the data query node receives all the identification information ID1 and ID2 and the corresponding first public keys pk1 and pk2 sent by the data providing node, and selects the first public key pk1 corresponding to the data D1 to be queried.

When the first public-private key pair is generated by adopting a national secret SM2 algorithm, the data query node receives all the identification information ID1 and ID2 and the corresponding first public keys Q1 and Q2 sent by the data providing node, and selects the first public key Q1 corresponding to the data D1 to be queried.

Step S500: and generating a random code, and encrypting the random code by adopting a first public key corresponding to the data to be queried to obtain a first ciphertext.

It can be understood that the data query node randomly selects a random code, encrypts the random code by using a first public key corresponding to the data to be queried to obtain a first ciphertext, and sends the first ciphertext to the data providing node. For example, the data query node randomly selects the random code r, encrypts the random code r by using a first public key corresponding to the data to be queried to obtain a first ciphertext, and sends the first ciphertext to the data providing node.

Step S600: and receiving all the first exclusive-or codes sent by the data query node, wherein the data providing node adopts each first private key to decrypt the first ciphertext to obtain a corresponding decrypted plaintext, and performing exclusive-or operation on each decrypted plaintext and corresponding queriable data to obtain a corresponding first exclusive-or code.

It can be understood that, since the data providing node does not know which group of the first public keys is used by the data querying node to encrypt the random code, the data providing node needs to decrypt the first ciphertext by using the first private keys of all the queriable data to obtain corresponding decrypted plaintext, and perform an exclusive-or operation on each decrypted plaintext and the corresponding queriable data to obtain corresponding first exclusive-or codes, and the data providing node sends all the first exclusive-or codes to the data querying node. For example, the data providing node decrypts the first ciphertext using all of the first private keys D1 and D2 to obtain corresponding decryption results k1, k2, and xoring the decryption results k1, k2 with the corresponding digital queriable data D1 and D2The data query node receives all the first exclusive-or codes E1, E2 sent by the data providing node.

Step S700: and performing exclusive-or operation on the random code and each first exclusive-or code to generate a second exclusive-or code in one-to-one correspondence, wherein the second exclusive-or code corresponding to the first public key corresponding to the data to be queried is the data to be queried.

It can be understood that the data query node uses the random code generated before and each first exclusive-or code to perform exclusive-or operation to obtain a corresponding second exclusive-or code, and the second exclusive-or code corresponding to the first public key corresponding to the data to be queried is the data to be queried. For example, the data query node uses the random code r to respectively exclusive-or with E1 and E2 to obtainThe second exclusive or code R1 corresponds to the public key of the data D1 to be queried, and the data query node extracts the query data d1=r1.

As can be seen from the foregoing description, in the secret query method provided by the embodiment of the present application, the data query node receives all the queriable information and the corresponding first public key sent by the data providing node, generates a random code, encrypts the random code by using the first public key corresponding to the data to be queried to obtain a ciphertext, the data providing node decrypts the ciphertext by using each first private key to obtain a corresponding decrypted plaintext, and performs an exclusive-or operation on each decrypted plaintext and the corresponding queriable data to obtain a corresponding first exclusive-or code, and the data query node performs an exclusive-or operation on each random code and each first exclusive-or code to generate a plurality of second exclusive-or codes, and the second exclusive-or codes corresponding to the first public key corresponding to the data to be queried are the data to be queried. And encrypting an arbitrary random code by using an asymmetric key, decrypting the encrypted random code by using all first private keys to obtain a corresponding decrypted plaintext, and performing exclusive OR operation on all the decrypted plaintext, corresponding data and random numbers, thereby improving the privacy in the hidden inquiry process.

In one embodiment of the method for concealing and inquiring provided by the present application, the data providing node includes a second public-private key pair, the second public-private key pair includes a second public key and a second private key, the data inquiring node includes the second private key, and the concealing and inquiring method specifically further includes:

It can be understood that the data providing node encrypts all the identification information and the corresponding first public key by using the second private key to obtain a second ciphertext, and sends the second ciphertext to the data query node, the data query node decrypts the second ciphertext by using the second public key to obtain all the identification information and the corresponding first public key, and the first public key pair is generated by an ECC algorithm or an SM2 algorithm.

In combination with a specific embodiment, when the first public-private key pair is generated by adopting an ECC elliptic encryption algorithm, the data providing node includes two queriable data D1 and D1, the corresponding identification information is ID1 and ID2, the corresponding first public keys are Q1 and Q2, the corresponding first private keys are D1 and D2, the data providing node encrypts Q1, Q2, ID1 and ID2 by adopting a second private key to obtain a second ciphertext E, and the second ciphertext E is sent to the data querying node. The data query node receives the second ciphertext E, decrypts the second ciphertext E by adopting the second public key, and determines a first public key Q1 corresponding to the data D1 to be queried.

When the first public-private key pair is generated by adopting a national secret SM2 algorithm, the data providing node comprises two queriable data D1 and D2, the corresponding identification information is ID1 and ID2, the corresponding first public keys are pk1 and pk2 respectively, the corresponding first private keys are sk1 and sk2 respectively, the data providing node encrypts the pk1, pk2, ID1 and ID2 by adopting a second private key to obtain a second ciphertext E, and the second ciphertext E is sent to the data querying node. The data query node receives the second ciphertext E, decrypts the second ciphertext E by adopting the second public key, and determines a first public key pk1 corresponding to the data D1 to be queried.

As can be seen from the above description, the most significant feature of the hidden query method provided by the embodiment of the present application is that the anti-quantum characteristic of the post-quantum key negotiation algorithm PQC _kem is utilized, the second public-private key pair is negotiated by using PQC _kem, then the transmission data in the hidden query is protected by using the second public-private key, and the anti-quantum characteristic of the whole algorithm is realized by using the anti-quantum characteristics of PQC _ken and the second public-private key pair, because the E sent by the data providing node encrypts the second private key, the encryption key of the second public-private key pair is determined by PQC _kem, and the second public-private key pair is asymmetrically encrypted, and both algorithms have the anti-quantum characteristics, so that the algorithm has the anti-quantum characteristic. The random number r sent by the data query node is encrypted by the second public and private key on the basis of ECC encryption or SM2 encryption, so that the random number r has quantum resistance. From the anti-quantum properties of r, the anti-quantum properties of E ₁,E₂ can be deduced, so the whole algorithm has anti-quantum properties.

Referring to fig. 3, a data providing node includes all queriable data, each queriable data corresponds to a first public-private key pair one by one, each public-private key pair includes a first public key and a first private key, each queriable data corresponds to an identification information, and the hidden query method specifically includes the following contents:

Step S001: the data providing node sends all the identification information and the corresponding first public key to the data query node;

it can be understood that each piece of identification information corresponds to a first public-private key pair one by one, the first public-private key pair is generated by adopting an ECC algorithm or a national secret SM2 algorithm, and the identification information of all the queriable data and the corresponding first public key are sent to the data query node.

Step S002: and the data query node generates a random code, and encrypts the random code by adopting a first public key corresponding to the data to be queried to obtain a first ciphertext.

It can be understood that the data query node extracts the first public key corresponding to the data to be queried from the received identification information of all the data capable of being queried and the first public key corresponding to the identification information, and encrypts a random code generated randomly by using the first public key to obtain the first ciphertext.

Step S003: and the data providing node adopts each first private key to decrypt the first ciphertext sent by the data query node to obtain a corresponding decrypted plaintext, and performs exclusive-or operation on each decrypted plaintext and corresponding queriable data to obtain a corresponding first exclusive-or code.

Step S004: and the data query node performs exclusive-or operation on the random code and each first exclusive-or code sent by the data providing node to generate a second exclusive-or code in one-to-one correspondence, wherein the second exclusive-or code corresponding to the first public key corresponding to the data to be queried is the data to be queried.

It can be understood that the data query node uses the random code generated before and each first exclusive-or code to perform exclusive-or operation to obtain a corresponding second exclusive-or code, and the second exclusive-or code corresponding to the first public key corresponding to the data to be queried is the data to be queried.

In one embodiment of the concealment query method provided by the present application, the data providing node includes a second public key and a second private key, the data query node includes a second private key, and the concealment query method specifically further includes the following contents:

the data providing node sends the second ciphertext to a data querying node.

It can be understood that the data providing node encrypts all the identification information and the corresponding first public key by using the second private key to obtain a second ciphertext, and sends the second ciphertext to the data query node, and the data query node decrypts the second ciphertext by using the second public key to obtain all the identification information and the corresponding first public key.

Taking the example when the first public-private key pair is generated by using the national secret SM2 algorithm, the hidden inquiry method is described below with reference to the specific embodiment, see fig. 4.

Step 1: the data querying node and the data providing node determine a public key of the quantum key agreement algorithm PQC _kem、PQC_kem, an asymmetric encryption algorithm (including the second public key E _k and the second private key D _k), and a national encryption algorithm SM2 (including the encryption algorithm)And decryption algorithm)。

Step 2: the data providing node sends the public key P _k of the key agreement algorithm PQC _kem to the data querying node.

Step 3: the data query node negotiates with the data providing node a secret k shared by both parties, the secret k being an input secret of the asymmetric encryption algorithm.

Step 4: the data providing node determines the ID corresponding to all the queriable data and the first public and private key pair pk1, pk2, ID1, ID2, then encrypts by using an asymmetric encryption algorithm D _k to obtain an encryption result E, and the data providing node sends the E to the data querying node.

Step 5: after receiving E, the data query node decrypts by using an asymmetric encryption algorithm E _k, determines a first public key pk1 corresponding to the target query data D1, randomly selects a random number r, and encrypts r by using the first public key pk1 of the SM2 algorithmAnd obtaining an encryption result m1, then encrypting E _k (m 1) the m1 by using an asymmetric encryption algorithm to obtain an encryption result m2, and sending the m2 to the data providing node by the data query node.

Step 6: after receiving m2, the data providing node firstly uses an asymmetric encryption algorithm to decrypt to obtain m1. Since the data providing node does not know which set of first public keys m1 is used for encryption, decryption using all first private keys is required, i.eThen exclusive OR operation is carried out on the decryption result k1 and k2 and the corresponding data D1 and D2 respectivelyAnd E1, E2 is obtained, and the data providing node sends E1, E2 to the data query node.

Step 7: the data query node exclusive-ors the random number r and the random number E1 and the random number E2 generated beforeThe target query data d1=r1 is successfully extracted.

In order to solve the problem of privacy of hidden query in the software aspect, referring to fig. 5, in one embodiment of the data providing node provided by the present application, the data providing node includes all queriable data, each queriable data corresponds to a first public-private key pair one by one, each first public-private key pair includes a first public key and a first private key, each queriable data corresponds to an identification information, and the data providing node specifically includes:

The first data transmission module 10: and sending all the identification information and the corresponding first public key to a data query node, wherein the data query node generates a random code, and encrypting the random code by adopting the first public key corresponding to the data to be queried to obtain a first ciphertext.

It may be understood that each identification information corresponds to a first public-private key pair one by one, the first public-private key pair is generated by adopting an ECC algorithm or an SM2 algorithm, the first data transmission module 10 sends identification information of all queriable data and a first public key corresponding to the identification information to the data query node, the data query node extracts the first public key corresponding to the data to be queried, and a random code generated randomly is encrypted by adopting the first public key to obtain a first ciphertext. In some specific embodiments, the first data transmission module 10 may further encrypt all the identification information and the corresponding first public key with the second private key to obtain a second ciphertext, and send the second ciphertext to the data query node. The second private key is generated based on the asymmetric encryption algorithm, the first data transmission module 10 sends the public key of the key negotiation algorithm PQC _kem to the data query node, and the data providing node and the data query node negotiate to obtain the input key of the asymmetric encryption algorithm based on the key negotiation algorithm PQC _kem.

Decryption module 20: and adopting each first private key to decrypt the first ciphertext to obtain a corresponding decrypted plaintext, and performing exclusive-or operation on each decrypted plaintext and corresponding queriable data to obtain a corresponding first exclusive-or code.

It can be appreciated that, since the data providing node does not know which set of the first public keys is used by the data querying node to encrypt the random code, the decryption module 20 needs to decrypt the first ciphertext using the first private keys of all the queriable data to obtain corresponding decrypted plaintext, and performs an exclusive-or operation on each decrypted plaintext and the corresponding queriable data to obtain the corresponding first exclusive-or code.

In some specific embodiments, the data query node extracts a first public key corresponding to the data to be queried, encrypts a random code generated randomly by using the first public key to obtain a first ciphertext, encrypts the first ciphertext by using a second public key to obtain a third ciphertext, decrypts the third ciphertext by using a second private key to obtain the first ciphertext, decrypts the first ciphertext by using the first private keys of all the queriable data to obtain a corresponding decrypted plaintext, and performs an exclusive-or operation on each decrypted plaintext and the corresponding queriable data to obtain a corresponding first exclusive-or code.

The second data transmission module 30: and sending all the first exclusive-or codes to the data query node so that the data query node performs exclusive-or operation on the random code and each first exclusive-or code to generate a second exclusive-or code corresponding to one by one, wherein the second exclusive-or code corresponding to the first public key corresponding to the data to be queried is the data to be queried.

In one embodiment of the data query node provided by the present application, referring to fig. 6, the data query node specifically includes the following contents:

The first data receiving module 40: and receiving all the identification information and the corresponding first public key sent by the data providing node, wherein the data query node generates a random code, and encrypts the random code by adopting the first public key corresponding to the data to be queried to obtain a first ciphertext.

It can be understood that, after the first data receiving module 40 receives all the identification information and the corresponding first public key sent by the first data transmitting module 10, the first public key corresponding to the data to be queried is determined. In some specific embodiments, the data providing node encrypts all the identification information and the first public key corresponding to the identification information by using the second private key to obtain a second ciphertext, and sends the second ciphertext to the data querying node, and the first data receiving module 40 may further decrypt the second ciphertext by using the second public key to determine the first public key corresponding to the data to be queried.

The random code encryption module 50: and generating a random code, and encrypting the random code by adopting a first public key corresponding to the data to be queried to obtain a first ciphertext.

It can be appreciated that the random code encryption module 50 randomly selects a random code, encrypts the random code by using a first public key corresponding to the data to be queried to obtain a first ciphertext, and sends the first ciphertext to the data providing node. In some specific embodiments, the first data receiving module 40 extracts a first public key corresponding to the data to be queried, the random code encrypting module 50 encrypts a random code generated randomly by using the first public key to obtain a first ciphertext, encrypts the first ciphertext by using the second public key to obtain a third ciphertext, the data providing node decrypts the third ciphertext by using the second private key to obtain the first ciphertext, decrypts the first ciphertext by using the first private keys of all the queriable data to obtain a corresponding decrypted plaintext, and performs an exclusive-or operation on each decrypted plaintext and the corresponding queriable data to obtain a corresponding first exclusive-or code.

The second data receiving module 60: and receiving all the first exclusive-or codes sent by the data query node, wherein the data providing node adopts each first private key to decrypt the first ciphertext to obtain a corresponding decrypted plaintext, and performing exclusive-or operation on each decrypted plaintext and corresponding queriable data to obtain a corresponding first exclusive-or code.

It will be appreciated that since the data providing node does not know which set of first public keys is used by the data querying node to encrypt the random codes, the data providing node needs to decrypt the first ciphertext using the first private keys of all the queriable data to obtain corresponding decrypted plaintext, and exclusive-or each decrypted plaintext and the corresponding queriable data to obtain corresponding first exclusive-or codes, and the second data receiving module 60 receives all the first exclusive-or codes transmitted by the second data transmitting module 30 of the data providing node.

The data query module 70: and performing exclusive-or operation on the random code and each first exclusive-or code to generate a second exclusive-or code in one-to-one correspondence, wherein the second exclusive-or code corresponding to the first public key corresponding to the data to be queried is the data to be queried.

It can be appreciated that the data query module 70 performs an exclusive-or operation with the random code generated previously and each first exclusive-or code to obtain a corresponding second exclusive-or code, where the second exclusive-or code corresponding to the first public key corresponding to the data to be queried is the data to be queried.

In one embodiment of the suppressed query system provided by the present application, referring to FIG. 7, the suppressed query system comprises: a data providing node and a data inquiring node;

It can be understood that each identification information corresponds to a first public-private key pair one by one, the first public-private key pair is generated by adopting an ECC algorithm or an SM2 algorithm, the data providing node sends the identification information of all the queriable data and the first public key corresponding to the identification information to the data querying node, the data querying node extracts the first public key corresponding to the data to be queried, and a random generated random code is encrypted by adopting the first public key to obtain a first ciphertext. In some specific embodiments, the data providing node may further encrypt all the identification information and the first public key corresponding to the identification information with the second private key to obtain a second ciphertext, and send the second ciphertext to the data querying node. The second private key is generated based on the asymmetric encryption algorithm, the data providing node sends the public key of the key negotiation algorithm PQC _kem to the data query node, and the data providing node and the data query node negotiate to obtain the input key of the asymmetric encryption algorithm based on the key negotiation algorithm PQC _kem.

It can be understood that the data query node randomly selects a random code, encrypts the random code by using a first public key corresponding to the data to be queried to obtain a first ciphertext, and sends the first ciphertext to the data providing node. In some specific embodiments, the data query node extracts a first public key corresponding to the data to be queried, encrypts a random code generated randomly by using the first public key to obtain a first ciphertext, encrypts the first ciphertext by using a second public key to obtain a third ciphertext, and sends the third ciphertext to the data providing node.

It can be understood that, since the data providing node does not know which group of the first public keys is used by the data querying node to encrypt the random code, the data providing node needs to decrypt the first ciphertext by using the first private keys of all the queriable data to obtain corresponding decrypted plaintext, and performs an exclusive-or operation on each decrypted plaintext and the corresponding queriable data to obtain the corresponding first exclusive-or code. In some specific embodiments, the data query node extracts a first public key corresponding to the data to be queried, encrypts a random code generated randomly by using the first public key to obtain a first ciphertext, encrypts the first ciphertext by using a second public key to obtain a third ciphertext, decrypts the third ciphertext by using a second private key to obtain the first ciphertext, decrypts the first ciphertext by using the first private keys of all the queriable data to obtain corresponding decrypted plaintext, and performs exclusive-or operation on each decrypted plaintext and the corresponding queriable data to obtain the corresponding first exclusive-or code.

As can be seen from the above description, the hidden query system provided by the embodiment of the present application encrypts an arbitrary random code by using an asymmetric key, decrypts the encrypted random code by using all private keys to obtain a corresponding decrypted plaintext, and performs an exclusive-or operation on all the decrypted plaintext, the corresponding data and the random number, thereby improving the privacy in the hidden query process. Meanwhile, the anti-quantum characteristic of the quantum key negotiation algorithm PQC _kem is utilized, the PQC _kem is utilized to negotiate the input key of the asymmetric encryption algorithm, then the transmission data in the hidden inquiry is protected by the asymmetric encryption algorithm, and the anti-quantum characteristic of the PQC _kem and the anti-quantum characteristic of the asymmetric encryption algorithm are utilized, so that the anti-quantum characteristic of the whole algorithm is realized.

In order to solve the problem of disclosure of the existing hidden query privacy from the hardware level, the application provides an embodiment of an electronic device for implementing all or part of the contents in the hidden query method, where the electronic device specifically includes the following contents:

Fig. 8 is a schematic block diagram of a system configuration of an electronic device 9600 according to an embodiment of the present application. As shown in fig. 8, the electronic device 9600 may include a central processor 9100 and a memory 9140; the memory 9140 is coupled to the central processor 9100. Notably, this fig. 8 is exemplary; other types of structures may also be used in addition to or in place of the structures to implement telecommunications functions or other functions.

In one embodiment, the suppressed query function may be integrated into the central processor. Wherein the central processor may be configured to control:

In another embodiment, the suppressed query system may be configured separately from the central processor 9100, e.g., the suppressed query system may be configured as a chip connected to the central processor 9100, with the control of the central processor implementing the blockchain data interaction function.

As shown in fig. 8, the electronic device 9600 may further include: a communication module 9110, an input unit 9120, an audio processor 9130, a display 9160, and a power supply 9170. It is noted that the electronic device 9600 need not include all of the components shown in fig. 8; in addition, the electronic device 9600 may further include components not shown in fig. 8, and reference may be made to the related art.

As shown in fig. 8, the central processor 9100, sometimes referred to as a controller or operational control, may include a microprocessor or other processor device and/or logic device, which central processor 9100 receives inputs and controls the operation of the various components of the electronic device 9600.

The memory 9140 may be, for example, one or more of a buffer, a flash memory, a hard drive, a removable media, a volatile memory, a non-volatile memory, or other suitable device. The information about failure may be stored, and a program for executing the information may be stored. And the central processor 9100 can execute the program stored in the memory 9140 to realize information storage or processing, and the like.

The input unit 9120 provides input to the central processor 9100. The input unit 9120 is, for example, a key or a touch input device. The power supply 9170 is used to provide power to the electronic device 9600. The display 9160 is used for displaying display objects such as images and characters. The display may be, for example, but not limited to, an LCD display.

The memory 9140 may be a solid state memory such as Read Only Memory (ROM), random Access Memory (RAM), SIM card, etc. But also a memory which holds information even when powered down, can be selectively erased and provided with further data, an example of which is sometimes referred to as EPROM or the like. The memory 9140 may also be some other type of device. The memory 9140 includes a buffer memory 9141 (sometimes referred to as a buffer). The memory 9140 may include an application/function storage portion 9142, the application/function storage portion 9142 storing application programs and function programs or a flow for executing operations of the electronic device 9600 by the central processor 9100.

The memory 9140 may also include a data store 9143, the data store 9143 for storing data, such as contacts, digital data, pictures, sounds, and/or any other data used by an electronic device. The driver storage portion 9144 of the memory 9140 may include various drivers of the electronic device for communication functions and/or for performing other functions of the electronic device (e.g., messaging applications, address book applications, etc.).

The communication module 9110 is a transmitter/receiver 9110 that transmits and receives signals via an antenna 9111. A communication module (transmitter/receiver) 9110 is coupled to the central processor 9100 to provide input signals and receive output signals, as in the case of conventional mobile communication terminals.

Based on different communication technologies, a plurality of communication modules 9110, such as a cellular network module, a bluetooth module, and/or a wireless local area network module, etc., may be provided in the same electronic device. The communication module (transmitter/receiver) 9110 is also coupled to a speaker 9131 and a microphone 9132 via an audio processor 9130 to provide audio output via the speaker 9131 and to receive audio input from the microphone 9132 to implement usual telecommunications functions. The audio processor 9130 can include any suitable buffers, decoders, amplifiers and so forth. In addition, the audio processor 9130 is also coupled to the central processor 9100 so that sound can be recorded locally through the microphone 9132 and sound stored locally can be played through the speaker 9131.

An embodiment of the present application further provides a computer readable storage medium capable of implementing all the steps in the hidden query method in the above embodiment, where the computer readable storage medium stores a computer program, and when the computer program is executed by a processor, the computer program implements all the steps in the hidden query method in the above embodiment in which an execution subject is a server or a client, for example, the processor implements the following steps when executing the computer program:

It will be apparent to those skilled in the art that embodiments of the present invention may be provided as a method, apparatus, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (devices), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

The principles and embodiments of the present invention have been described in detail with reference to specific examples, which are provided to facilitate understanding of the method and core ideas of the present invention; meanwhile, as those skilled in the art will have variations in the specific embodiments and application scope in accordance with the ideas of the present invention, the present description should not be construed as limiting the present invention in view of the above.

Claims

1. A method of latent inquiry, characterized in that the method is performed by a data providing node, the data providing node includes all queriable data, each queriable data corresponds to a first public-private key pair one to one, each public-private key pair includes a first public key and a first private key, each queriable data corresponds to an identification information, the method of latent inquiry includes:

all the first exclusive-or codes are sent to the data query node, so that the data query node performs exclusive-or operation on the random code and each first exclusive-or code to generate a second exclusive-or code corresponding to one by one, wherein the second exclusive-or code corresponding to the first public key corresponding to the data to be queried is the data to be queried;

The data providing node comprises a second public-private key pair, the second public-private key pair comprises a second public key and a second private key, the data query node comprises the second private key, and the hidden query method further comprises:

and sending the second ciphertext to a data query node.

2. The suppressed query method of claim 1, wherein the suppressed query method further comprises:

3. The concealment query method as claimed in claim 1, wherein said first public-private key pair is generated by an ECC algorithm or an SM2 algorithm.

4. A method of suppressed query performed by a data query node, comprising:

Performing exclusive-or operation on the random code and each first exclusive-or code to generate a second exclusive-or code in one-to-one correspondence, wherein the second exclusive-or code corresponding to the first public key corresponding to the data to be queried is the data to be queried;

And receiving a second ciphertext sent by the data query node, wherein the data providing node encrypts all the identification information and the corresponding first public key by adopting a second private key to obtain the second ciphertext.

5. The suppressed query method of claim 4, wherein the suppressed query method further comprises:

6. The concealment query method as claimed in claim 4, wherein said first public-private key pair is generated by an ECC algorithm or an SM2 algorithm.

7. A method for hidden querying, wherein a data providing node includes all queriable data, each queriable data corresponds to a first public-private key pair one by one, each public-private key pair includes a first public key and a first private key, each queriable data corresponds to an identification information, the method for hidden querying includes:

The data query node performs exclusive-or operation on the random code and each first exclusive-or code sent by the data providing node to generate a second exclusive-or code in one-to-one correspondence, wherein the second exclusive-or code corresponding to the first public key corresponding to the data to be queried is the data to be queried;

The data providing node comprises a second public key and a second private key, the data query node comprises the second private key, and the hidden query method further comprises:

the data providing node sends the second ciphertext to a data querying node.

8. The suppressed query method of claim 7, wherein the suppressed query method further comprises:

9. The concealment query method as claimed in claim 7, wherein said first public-private key pair is generated by an ECC algorithm or an SM2 algorithm.

10. A data providing node for use in the hidden query method of any one of claims 1 to 9, wherein the data providing node includes all queriable data, each queriable data being in one-to-one correspondence with a first public-private key pair, each first public-private key pair including a first public key and a first private key, each queriable data corresponding to an identification information, the data providing node comprising:

11. A data querying node for use in the suppressed query method of any of claims 1 to 9, comprising:

12. A suppressed query system for use in the suppressed query method of any one of claims 1 to 9, comprising: a data providing node and a data inquiring node;

13. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the steps of the hidden inquiry method of any one of claims 1 to 9 when the computer program is executed by the processor.

14. A computer readable storage medium having stored thereon a computer program, wherein the computer program when executed by a processor implements the steps of the hidden query method of any of claims 1 to 9.