CN114691759B - Data query statistical method, device, computer equipment and storage medium - Google Patents

Data query statistical method, device, computer equipment and storage medium Download PDF

Info

Publication number
CN114691759B
CN114691759B CN202210615783.9A CN202210615783A CN114691759B CN 114691759 B CN114691759 B CN 114691759B CN 202210615783 A CN202210615783 A CN 202210615783A CN 114691759 B CN114691759 B CN 114691759B
Authority
CN
China
Prior art keywords
data
calculation
result
providing module
data providing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210615783.9A
Other languages
Chinese (zh)
Other versions
CN114691759A (en
Inventor
李正扬
王健宗
黄章成
肖京
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN202210615783.9A priority Critical patent/CN114691759B/en
Publication of CN114691759A publication Critical patent/CN114691759A/en
Application granted granted Critical
Publication of CN114691759B publication Critical patent/CN114691759B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2458Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
    • G06F16/2462Approximate or statistical queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Probability & Statistics with Applications (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Mathematical Physics (AREA)
  • Fuzzy Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to the technical field of artificial intelligence, and discloses a data query statistical method, a device, computer equipment and a storage medium, wherein the data query statistical method receives a first ciphertext returned by a data providing module; blind removal processing is carried out on the first encryption result to obtain a target index value, and an inadvertent transmission protocol is executed on the basis of the target index value and the data providing module to determine a data calculation result; one data providing module corresponds to one data calculation result; carrying out ciphertext calculation on data calculation results corresponding to the data providing modules to obtain ciphertext calculation results, and sending the ciphertext calculation results to a third-party platform; receiving an introspection joint statistical result fed back by the third-party platform; and the secret trail joint statistical result is obtained by decrypting the ciphertext calculation result through the third-party platform. The invention improves the query privacy and the security of the data query module and the data providing module.

Description

Data query statistical method, device, computer equipment and storage medium
Technical Field
The invention relates to the field of data query, in particular to a data query statistical method, a data query statistical device, computer equipment and a storage medium.
Background
Currently, when commodity recommendation or service recommendation is performed on a user, user data (such as historical purchase data) is often required to be collected, but the user data is often distributed in a plurality of different platforms (such as shopping platforms), so that data collection causes difficulty in commodity recommendation or service recommendation.
In the prior art, generally, user data is queried in each different platform, so that the queried user data is summarized and then recommended for goods or services. However, as data privacy is more important, the existing platform performs multi-layer privacy protection on user data, and the inquiring party also needs to protect information such as inquiry intention, so the above method is easy to expose the user data and the inquiry intention, and further the statistical security of data inquiry is low.
Disclosure of Invention
The embodiment of the invention provides a data query statistical method, a data query statistical device, computer equipment and a storage medium, and aims to solve the problem of low security of data query statistics in the prior art.
A data query statistics method, comprising:
receiving a first ciphertext returned by the data providing module; the first ciphertext comprises a first encryption result obtained by encrypting a first blinding result by the data providing module by using a first private key; the first blinding result is obtained by carrying out blinding processing on data to be queried according to a first public key; the first private key corresponds to the first public key;
blind-removing the first encryption result to obtain a target index value, and determining a data calculation result based on the target index value and an inadvertent transmission protocol executed by the data providing module; one data providing module corresponds to one data calculation result;
carrying out ciphertext calculation on data calculation results corresponding to the data providing modules to obtain ciphertext calculation results, and sending the ciphertext calculation results to a third-party platform;
receiving an implicit joint statistical result fed back by the third-party platform; and the secret trail joint statistical result is obtained by decrypting the ciphertext calculation result through the third-party platform.
A data query statistics apparatus, comprising:
the ciphertext receiving sub-module is used for receiving a first ciphertext returned by the data providing module; the first ciphertext comprises a first encryption result obtained by encrypting a first blinding result by the data providing module by using a first private key; the first blinding result is obtained by carrying out blinding processing on data to be queried according to a first public key; the first private key corresponds to the first public key;
the blind removing processing submodule is used for carrying out blind removing processing on the first encryption result to obtain a target index value, and determining a data calculation result based on the target index value and the data providing module to execute an inadvertent transmission protocol; one data providing module corresponds to one data calculation result;
the ciphertext calculation sub-module is used for performing ciphertext calculation on the data calculation results corresponding to the data providing modules to obtain ciphertext calculation results and sending the ciphertext calculation results to a third-party platform;
the result receiving submodule is used for receiving an elimination trail joint statistical result fed back by the third-party platform; and the secret trail joint statistical result is obtained by decrypting the ciphertext calculation result through the third-party platform.
A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, the processor implementing the above data query statistics method when executing the computer program.
A computer-readable storage medium, in which a computer program is stored, which, when executed by a processor, implements the above-mentioned data query statistical method.
The data query statistical method, the data query statistical device, the computer equipment and the storage medium receive a first ciphertext returned by the data providing module; the first ciphertext comprises a first encryption result obtained by encrypting a first blinding result by the data providing module by using a first private key; the first blinding result is obtained by carrying out blinding processing on data to be queried according to a first public key; the first private key corresponds to the first public key; blind-removing the first encryption result to obtain a target index value, and determining a data calculation result based on the target index value and an inadvertent transmission protocol executed by the data providing module; one data providing module corresponds to one data calculation result; carrying out ciphertext calculation on data calculation results corresponding to the data providing modules to obtain ciphertext calculation results, and sending the ciphertext calculation results to a third-party platform; receiving an implicit joint statistical result fed back by the third-party platform; and the secret trail joint statistical result is obtained by decrypting the ciphertext calculation result through the third-party platform.
The data query module can encrypt and hide the query intention (such as data to be queried) through a public key (such as a first public key) provided by a third party platform, and the data providing module can encrypt and hide the stored data or the data (such as a first blinding result) sent by the data query module through a private key (such as the first private key) provided by the third party platform, so that the query privacy and the security of the data query module and the data providing module can be improved. Furthermore, the data providing module cannot know the query intention of the data query module by executing the careless transmission protocol, and the ciphertext is decrypted by the third-party platform, so that the query privacy and the security of the data query module and the data providing module are further improved.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments of the present invention will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art that other drawings can be obtained according to these drawings without inventive labor.
FIG. 1 is a diagram illustrating an application environment of a statistical method for data query according to an embodiment of the present invention;
FIG. 2 is a flow chart of a statistical method for data query according to an embodiment of the present invention;
FIG. 3 is a schematic block diagram of a data query statistics apparatus according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of a computer device according to an embodiment of the invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The data query statistical method provided by the embodiment of the invention can be applied to an application environment shown in fig. 1. Specifically, the data query statistical method is applied to a data query statistical system, which includes a data query module and a data providing module shown in fig. 1, where the data query module and the data providing module communicate with each other through a network, so as to solve the problem of low security of data query statistics in the prior art. The data query module is a data query party, and can be implemented by an independent server or a server cluster consisting of a plurality of servers. The data providing module is a data holder, and the data providing module can be a data storage unit such as a database.
In an embodiment, as shown in fig. 2, a statistical method for data query is provided, which is described by taking the data query module in fig. 1 as an example, and includes the following steps:
s10: receiving a first ciphertext returned by the data providing module; the first ciphertext comprises a first encryption result obtained by encrypting a first blinding result by using a first private key through the data providing module; the first blinding result is obtained by blinding the data to be queried according to the first public key; the first private key corresponds to the first public key.
It is understood that the data providing module is a data holder, and the data providing module may be a data storage unit such as a database. In the application, a plurality of data providing modules exist, that is, a plurality of different databases exist, for example, historical shopping records of a user on different shopping platforms need to be acquired in a commodity recommendation scene, and one shopping platform can be regarded as one data providing module. Furthermore, because the privacy of the data cannot directly inquire the required data from each data providing module, a third-party platform is introduced in the application, the third-party platform comprises a key generating module, the key generating module is used for generating a public-private key pair, and one public-private key pair comprises a public key and a private key corresponding to the public key; in this embodiment, the key generation module of the third-party platform generates a public-private key pair for homomorphic encryption and a public-private key pair for asymmetric encryption, where the key pair of the first public key and the first private key is the public-private key pair for asymmetric encryption, and the key pair of the second public key and the second private key in the subsequent step is the public-private key pair for homomorphic encryption. Further, after the third-party platform generates the two public-private key pairs, the two public-private key pairs are respectively sent to the data providing modules, and then the data providing modules send the public keys in the public-private key pairs to the data query module.
Further, the data to be queried is a query id, and for example, an identification number, a mobile phone number, or a name may be used as the data to be queried. The first blinding result is a result obtained by blinding the data to be queried through the first public key, that is, the first blinding result is a result hiding the query intention (that is, the data to be queried) of the data query module. After the data query module sends the first blinding result to the data providing module, because the data providing module cannot resolve the data to be queried in the first blinding result, the data providing module encrypts the first blinding result by using a first private key corresponding to the first public key to obtain a first encrypted result, and the first encrypted result is a part of the first ciphertext.
S20: and performing blind-removing processing on the first encryption result to obtain a target index value, and determining a data calculation result based on the target index value and an oblivious transmission protocol executed by the data providing module. One of the data providing modules corresponds to one of the data calculation results.
It can be understood that, in the above description, it is indicated that the first encryption result is obtained by the data providing module encrypting the first blinding result by using the first private key, and the first blinding result is obtained by the data querying module blinding the data to be queried according to the first public key, and the data querying module cannot decrypt the first encryption result, but the data querying module may perform blinding removal on the first encryption result, and after the blinding removal, the first encryption result is the result of encrypting the data to be queried by using the first private key, and then the data querying party may compare the first encryption result after the blinding removal with the second encryption result sent by the data providing module, so as to obtain the target index value. The second encryption result is obtained by the data providing module encrypting the local query data (corresponding to the data to be queried, the local query data is a label of data stored in a storage unit of the data providing module, such as a database, and the like, and is a query id, such as an identity card number, a mobile phone number, a name, and the like) of the data providing module by using the first private key.
Further, the oblivious transport protocol (OT protocol) is a cryptographic protocol in which a message sender (i.e., a data providing module) sends a message from a number of messages to be sent to a message receiver (i.e., a data querying module), but after the fact that which message is sent is still unknown, the protocol is also called a blank transport protocol. Therefore, the privacy and the safety of the data providing module and the data query module can be ensured. For example, in a service recommendation scenario, a data querying party (i.e., a data querying module) needs to obtain the deposit balances of a user on different platforms (i.e., the data providing module), and the data calculation result is the deposit balance of the user on the platform. One data providing module corresponds to one data calculation result.
S30: and carrying out ciphertext calculation on the data calculation results corresponding to the data providing modules to obtain ciphertext calculation results, and sending the ciphertext calculation results to a third-party platform.
Specifically, after the data calculation result is determined based on the target index value and the data providing module executing the oblivious transmission protocol, because the data calculation result is still in the encrypted state, and the data query module cannot decrypt the data calculation result corresponding to each data providing module, ciphertext calculation of paillier homomorphic encryption (i.e., addition homomorphic encryption), that is, addition or summation, needs to be performed on the data calculation result corresponding to each data providing module in the encrypted state, so as to obtain a ciphertext calculation result, and the ciphertext calculation result is sent to the third-party platform. The ciphertext calculation result is the sum of the data calculation results of all the data providing modules.
S40: receiving an implicit joint statistical result fed back by the third-party platform; and the secret trail joint statistical result is obtained by decrypting the ciphertext calculation result through the third-party platform.
Specifically, after the data calculation results corresponding to the data providing modules are subjected to ciphertext calculation to obtain ciphertext calculation results, the ciphertext calculation results are sent to a third-party platform, the ciphertext calculation results are still in an encrypted state at the moment, the ciphertext calculation results can be decrypted through the third-party platform, and because the two public-private key pairs are generated and distributed to the data providing modules by the key generating module of the third-party platform and then sent to the data query module by the data providing module, the third-party platform has decryption authority corresponding to the public-private key pairs, and the third-party platform performs paillier homomorphic decryption on the ciphertext calculation results to obtain a hidden combined statistical result. Wherein, the joint statistic result of the track hiding is the sum of all the data calculation results in the decryption state. Exemplarily, in a service recommendation scenario, a data querying party (i.e., a data querying module) needs to obtain deposit balances of users on different platforms (i.e., data providing modules), a data calculation result is a deposit balance in an encryption state, a ciphertext calculation result is a sum of data calculation results corresponding to the data providing modules, and the combined statistics result of the hiding trace is a sum of deposit balances of users in the data providing modules in a decryption state.
In this embodiment, the data query module may encrypt and hide the query intention (e.g., data to be queried) through a public key (e.g., a first public key) provided by the third party platform, and the data provision module may encrypt and hide the stored data or the data (e.g., a first blinding result) sent by the data query module through a private key (e.g., a first private key) provided by the third party platform, so that query privacy and security of both the data query module and the data provision module may be improved. Furthermore, the data providing module cannot know the query intention of the data query module by executing the careless transmission protocol, and the ciphertext is decrypted by the third-party platform, so that the query privacy and the security of the data query module and the data providing module are further improved.
In an embodiment, before step S10, that is, before the receiving the first ciphertext returned by the data providing module, the method further includes:
receiving the first public key sent by the data providing module; the first public key is sent to the data providing module by the third party platform.
It should be understood that, in the above description, it is pointed out that the key generation module of the third party platform generates a public-private key pair for homomorphic encryption and a public-private key pair for asymmetric encryption, where the key pair of the first public key and the first private key is referred to as the public-private key pair for asymmetric encryption. Further, after the third-party platform generates the two public-private key pairs, the two public-private key pairs are respectively sent to the data providing modules, and then the data providing modules send the public keys in the public-private key pairs to the data query module.
And generating a first random number, and performing blind processing on the data to be queried according to the first public key and the first random number to obtain a first blind result.
It can be understood that, in order to ensure that the query intention of the data query module is not revealed to the data providing module, a random number, that is, the first random number, may be generated, so that the first public key and the first random number are used to perform blind processing on the data to be queried, that is, the first public key and the first random number are used to disguise the data to be queried, so as to obtain a first blind result, so as to ensure the privacy of the data to be queried of the data query module.
In an embodiment, the first ciphertext further includes a second encryption result; the second encryption result is obtained by the data providing module encrypting the local query data of the data providing module by using the first private key;
in step S20, that is, the blinding processing the first encryption result to obtain the target index value includes:
and carrying out blind removal processing on the first encryption result to obtain a first blind removal result.
It can be understood that, in the above description, it is indicated that the first encryption result is obtained by the data providing module encrypting the first blinding result by using the first private key, and the first blinding result is obtained by the data querying module blinding the data to be queried according to the first public key, and the data querying module cannot decrypt the first encryption result, but the data querying module may perform blinding processing on the first encryption result, and the first encryption result is the result of encrypting the data to be queried by using the first private key after the blinding processing is performed.
And comparing the first blinding removal result with the second encryption result.
It can be understood that the first blindness removing result is a result of encrypting the data to be queried by the first private key, the second encrypted result is obtained by the data providing module encrypting the local query data of the data providing module by using the first private key, the local query data is corresponding to the data to be queried, the local query data is a tag of data stored in a storage unit of the data providing module, such as a database, and the like, i.e. a query id, such as an identity number, a mobile phone number, or a name, and the first blindness removing result and the second encrypted result are both results obtained by encrypting the id by using the first private key, so that the first blindness removing result and the second encrypted result can be directly compared.
Recording the second encryption result matched with the first blinding-removed result as the target index value.
Specifically, the first blindness removing result is compared with the second encryption result, and if the second encryption result matched with the first blindness removing result exists, the second encryption result matched with the first blindness removing result can be recorded as a target index value.
In an embodiment, the step S20, namely, the determining the data calculation result based on the target index value and the data providing module executing the oblivious transmission protocol, includes:
determining a reference selection threshold and a second random number, and generating first calculation data according to the reference selection threshold, the second random number and the target index value; the second random number is less than the reference selection threshold.
It is understood that the reference selection threshold referred to in this embodiment may be any prime number, and the reference selection threshold may be a larger prime number (e.g., a prime number greater than 20). The second random number is any one that is less than the reference selection threshold.
Specifically, after the first encryption result is blind-removed to obtain the target index value, a larger prime number is randomly selected as a reference selection threshold, the reference selection threshold can be disclosed to all data providing modules, any random number smaller than the reference selection threshold is selected as a second random number after the reference selection threshold is selected, and the first calculation data can be determined according to the reference selection threshold, the second random number and the target index value.
Further, the first calculation data may be determined according to the following expression:
Figure 333157DEST_PATH_IMAGE001
wherein the content of the first and second substances,
Figure 453560DEST_PATH_IMAGE002
calculating data for the first calculation;
Figure 498876DEST_PATH_IMAGE003
is a hash operation function;
Figure 97347DEST_PATH_IMAGE004
is a target index value;
Figure 380561DEST_PATH_IMAGE005
is a second random number;
Figure 468603DEST_PATH_IMAGE006
is a remainder function;
Figure 188166DEST_PATH_IMAGE007
a threshold is chosen for reference.
Sending the first calculation data to the data providing module so as to enable the data providing module to generate second calculation data and a calculation data set according to the first calculation data, the third random number and a reference selection threshold; the third random number is less than the reference selection threshold.
It is understood that the third random number is a random number that is arbitrarily selected by the data providing module and is smaller than the reference selection threshold.
Specifically, after first calculation data is generated according to the reference selection threshold, the second random number and the target index value, the first calculation data can be sent to the data providing module, so that the second calculation data is determined by the data providing module according to the first calculation data, the third random number and the reference selection threshold. Further, the second calculation data may be determined according to the following expression:
Figure 652646DEST_PATH_IMAGE008
wherein the content of the first and second substances,
Figure 524787DEST_PATH_IMAGE009
second calculation data;
Figure 518150DEST_PATH_IMAGE010
calculating data for the first calculation;
Figure 538059DEST_PATH_IMAGE011
is a third random number;
Figure 478333DEST_PATH_IMAGE012
is a remainder function;
Figure 267298DEST_PATH_IMAGE007
a threshold value is chosen for reference.
Further, the data providing module determines a calculation data set according to the third random number, the reference selection threshold, the total amount of the preset data and the third encryption result. The preset data total amount refers to the data total amount stored in the data providing module, and the preset data total amount can be determined according to the local query data contained in the data providing module, that is, the number of the local query id can be used as the preset data total amount. The third encryption result is a result obtained by the data providing module encrypting the local feature data of the data providing module by using the second private key, where the local feature data is a numerical type feature column stored in the data providing module.
In an embodiment, the causing the data providing module to generate a calculation data set according to the first calculation data, the third random number and a reference selection threshold includes:
and receiving the reference selection threshold value sent by the data query module through the data providing module, and randomly selecting a third random number smaller than the reference selection threshold value.
Specifically, after the data query module selects the reference selection threshold, the reference selection threshold may be disclosed to all the data providing modules, and then after the data providing modules receive the reference selection threshold sent by the data query module, the third random number smaller than the reference selection threshold may be randomly selected.
And determining a hash data set according to the third random number, the reference selection threshold and the preset data total amount through the data providing module.
Specifically, after the data providing module selects the third random number smaller than the reference selection threshold, the data providing module may obtain the total amount of data stored in the database from the database, for example, determine the number of local query data included in the database as the preset total amount of data, and then perform hash operation according to the third random number, the reference selection threshold, and the preset total amount of data, to obtain a hash data set.
Further, the hash data set may be determined according to the following expression:
Figure 697142DEST_PATH_IMAGE013
wherein the content of the first and second substances,
Figure 142030DEST_PATH_IMAGE014
is as follows
Figure 682733DEST_PATH_IMAGE015
Hash calculation data corresponding to the local query data, all
Figure 277269DEST_PATH_IMAGE014
Forming a hash data set;
Figure 878014DEST_PATH_IMAGE016
is a hash operation function;
Figure 810198DEST_PATH_IMAGE011
is a third random number;
Figure 154592DEST_PATH_IMAGE017
is a remainder function;
Figure 855832DEST_PATH_IMAGE007
a threshold is chosen for reference.
Generating the calculation data set according to the hash data set and a third encryption result through the data providing module; and the third encryption result is obtained by encrypting the local characteristic data of the data providing module by using a second private key.
Specifically, after the hash data set is determined by the data providing module according to the third random number, the reference selection threshold and the preset data total amount, the data providing module can perform hash operation on the hash data set, and splice the third encryption result with each local query data to obtain a spliced encryption result, and then perform and or operation on the hash data set after the hash operation and the spliced encryption result to determine a calculation data set. The third encryption result is obtained by the data providing module encrypting the local feature data of the data providing module by using the second private key, where the local feature data is a numerical feature column stored in the data providing module, and exemplarily, the data providing module is assumed to be a deposit platform, a user name of a user in the deposit platform can be used as local query data, and a deposit balance of the user on the deposit platform is the local feature data.
Further, the set of calculation data may be determined according to the following expression:
Figure 627478DEST_PATH_IMAGE018
wherein the content of the first and second substances,
Figure 843696DEST_PATH_IMAGE019
is as follows
Figure 929464DEST_PATH_IMAGE015
Calculated data corresponding to the local query data, all
Figure 547527DEST_PATH_IMAGE019
Forming a set of calculation data;
Figure 942605DEST_PATH_IMAGE020
is as follows
Figure 380540DEST_PATH_IMAGE015
Splicing and encrypting results corresponding to the local query data;
Figure 66736DEST_PATH_IMAGE014
is as follows
Figure 742568DEST_PATH_IMAGE015
All of hash calculation data corresponding to local query data
Figure 121597DEST_PATH_IMAGE014
Forming a hash data set;
Figure 250090DEST_PATH_IMAGE016
is a hash operation function.
In an embodiment, the generating, by the data providing module, the calculation data set according to the hash data set and a third encryption result includes:
and splicing the third encryption result and the local query data of the data providing module through the data providing module to obtain a spliced encryption result corresponding to each local query data.
It can be understood that the local query data corresponds to the data to be queried of the data query module, and the local query data is a tag of data stored in a storage unit such as a database of the data providing module, that is, a query id such as an identification number, a mobile phone number, or a name. Specifically, after the data providing module encrypts the local feature data of the data providing module by using the second private key to obtain a third encryption result, the third encryption result and the local query data of the data providing module may be spliced to obtain a spliced encryption result corresponding to each local query data, and the data providing module may use the spliced encryption result as an input of the oblivious transmission protocol, while the data querying module may use the target index value as an input of the oblivious transmission protocol.
And determining the calculation data set according to the splicing encryption result and the hash data set through the data providing module.
Specifically, after the hash data set is determined by the data providing module according to the third random number, the reference selection threshold and the preset data total amount, the data providing module can perform hash operation on the hash data set, and splice the third encryption result with each local query data to obtain a spliced encryption result, and then perform and or operation on the hash data set after the hash operation and the spliced encryption result to determine a calculation data set.
Receiving the second calculation data and the calculation data set sent by the data providing module, and determining the data calculation result according to the second calculation data and the calculation data set.
Specifically, after the data providing module generates second calculation data and a calculation data set according to the first calculation data, the third random number and the reference selection threshold, the data providing module sends the second calculation data and the calculation data set to the data query module, so that the data query module can determine the calculation data set according to the second calculation data and the calculation data set.
In an embodiment, the determining the data calculation result according to the second calculation data and the calculation data set includes:
determining third calculation data according to the second calculation data, the second random number and a reference selection threshold; the third calculation data comprises a plurality of subdata; one of the sub-data corresponds to local query data of one of the data providing modules.
Specifically, after the data providing module generates the second calculation data according to the first calculation data, the third random number and the reference selection threshold, the second calculation data, the second random number and the reference selection threshold may be calculated to determine the third calculation data.
Further, the third calculation data may be determined according to the following expression:
Figure 739977DEST_PATH_IMAGE021
wherein, the first and the second end of the pipe are connected with each other,
Figure 801474DEST_PATH_IMAGE022
calculating data for the third calculation;
Figure 289087DEST_PATH_IMAGE023
second calculation data;
Figure 967193DEST_PATH_IMAGE005
is a second random number;
Figure 949187DEST_PATH_IMAGE017
is a remainder function;
Figure 396348DEST_PATH_IMAGE007
a threshold is chosen for reference.
And determining an encryption calculation value corresponding to each subdata according to the subdata and the calculation data set.
Specifically, after the third calculation data is determined according to the second calculation data, the second random number and the reference selection threshold, the sub-data may be subjected to the hash operation, and the and-or operation is further performed on the sub-data and the calculation data set after the hash operation, so as to determine the encryption calculation value corresponding to each sub-data.
Further, the encryption calculation value may be determined according to the following expression:
Figure 586021DEST_PATH_IMAGE024
wherein the content of the first and second substances,
Figure 689107DEST_PATH_IMAGE019
is as follows
Figure 520796DEST_PATH_IMAGE026
Calculated data corresponding to the local query data, all
Figure 25727DEST_PATH_IMAGE019
Forming a set of calculation data;
Figure 651880DEST_PATH_IMAGE028
is as follows
Figure 242262DEST_PATH_IMAGE015
Subdata corresponding to the local query data, all
Figure DEST_PATH_IMAGE029
Third calculation data is formed.
And carrying out data splitting on the encrypted calculation value according to the local query data to obtain the data calculation result.
Specifically, after the encryption calculation value corresponding to each subdata is determined according to the subdata and the calculation data set, since the subdata and the calculation data in the calculation data set both correspond to the local query data one to one, and further the characterization encryption calculation value also corresponds to the local query data one to one, the data splitting can be performed on the encryption calculation value according to the local query data corresponding to the encryption calculation value, and a data calculation result is obtained.
It should be understood that, the sequence numbers of the steps in the foregoing embodiments do not imply an execution sequence, and the execution sequence of each process should be determined by its function and inherent logic, and should not constitute any limitation to the implementation process of the embodiments of the present invention.
In an embodiment, a data query statistics system is provided, where the data query statistics system includes a data query module and a plurality of data providing modules, and the data query statistics system corresponds to the data query statistics method in the foregoing embodiment one to one. As shown in fig. 3, the data query module includes a ciphertext receiving sub-module 10, a blind removing sub-module 20, a ciphertext calculation sub-module 30, and a result receiving sub-module 40. The functional modules are explained in detail as follows:
the ciphertext receiving sub-module 10 is configured to receive a first ciphertext returned by the data providing module; the first ciphertext comprises a first encryption result obtained by encrypting a first blinding result by the data providing module by using a first private key; the first blinding result is obtained by carrying out blinding processing on data to be queried according to a first public key; the first private key corresponds to the first public key;
a blind removing processing sub-module 20, configured to perform blind removing processing on the first encryption result to obtain a target index value, and determine a data calculation result based on the target index value and an inadvertent transmission protocol executed by the data providing module; one data providing module corresponds to one data calculation result;
the ciphertext calculation sub-module 30 is configured to perform ciphertext calculation on the data calculation results corresponding to the data providing modules to obtain ciphertext calculation results, and send the ciphertext calculation results to a third-party platform;
a result receiving submodule 40, configured to receive an implicit joint statistical result fed back by the third-party platform; and the secret trail joint statistical result is obtained by decrypting the ciphertext calculation result through the third-party platform.
Preferably, the data query module further comprises:
the public key receiving submodule is used for receiving the first public key sent by the data providing module; the first public key is sent to the data providing module by the third party platform;
and the blind processing submodule is used for generating a first random number and carrying out blind processing on the data to be inquired according to the first public key and the first random number to obtain a first blind result.
Preferably, the blind removal processing submodule 20 comprises:
the blind removing processing unit is used for carrying out blind removing processing on the first encryption result to obtain a first blind removing result;
a result comparison unit, configured to compare the first blindness removal result with the second encryption result;
an index determining unit, configured to record the second encryption result matched with the first blinding removal result as the target index value.
Preferably, the blind removal processing submodule 20 further includes:
the first data calculation unit is used for determining a reference selection threshold value and a second random number and generating first calculation data according to the reference selection threshold value, the second random number and the target index value; the second random number is smaller than the reference selection threshold;
the second data calculation unit is used for sending the first calculation data to the data providing module so as to enable the data providing module to generate second calculation data and a calculation data set according to the first calculation data, the third random number and a reference selection threshold value; the third random number is less than the reference selection threshold;
and the third data calculation unit is used for receiving the second calculation data and the calculation data set sent by the data providing module and determining the data calculation result according to the second calculation data and the calculation data set.
Preferably, the data providing module includes:
the numerical value selection submodule is used for receiving the reference selection threshold value sent by the data query module through the data providing module and randomly selecting a third random number smaller than the reference selection threshold value;
the first set determining submodule is used for determining a hash data set according to the third random number, the reference selection threshold and the preset data total amount through the data providing module;
a second set determining submodule, configured to generate, by the data providing module, the computed data set according to the hash data set and a third encryption result; and the third encryption result is obtained by encrypting the local characteristic data of the data providing module by using a second private key.
Preferably, the second set determination submodule includes:
the data splicing unit is used for splicing the third encryption result and the local query data of the data providing module through the data providing module to obtain a spliced encryption result corresponding to each local query data;
and the set determining unit is used for determining the calculation data set according to the splicing encryption result and the hash data set through the data providing module.
Preferably, the third data calculation unit includes:
the data calculation subunit is used for determining third calculation data according to the second calculation data, the second random number and a reference selection threshold; the third calculation data comprises a plurality of subdata; one piece of the subdata corresponds to local query data of one data providing module;
an encryption calculation subunit, configured to determine, according to the sub data and the calculation data set, an encryption calculation value corresponding to each of the sub data;
and the data splitting subunit is used for performing data splitting on the encrypted calculation value according to the local query data to obtain the data calculation result.
The specific definition of the data query statistic device can be referred to the definition of the data query statistic method in the foregoing, and is not described herein again. The modules in the data query statistics device can be wholly or partially implemented by software, hardware and a combination thereof. The modules can be embedded in a hardware form or independent from a processor in the computer device, and can also be stored in a memory in the computer device in a software form, so that the processor can call and execute operations corresponding to the modules.
In one embodiment, a computer device is provided, which may be a server, the internal structure of which may be as shown in fig. 4. The computer device includes a processor, a memory, a network interface, and a database connected by a system bus. Wherein the processor of the computer device is configured to provide computing and control capabilities. The memory of the computer device comprises a nonvolatile storage medium and an internal memory. The non-volatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the operation of an operating system and computer programs in the non-volatile storage medium. The database of the computer device is used for storing the data used in the data query statistical method in the above embodiments. The network interface of the computer device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a statistical method of data query.
In one embodiment, a computer device is provided, which includes a memory, a processor, and a computer program stored on the memory and executable on the processor, and when the processor executes the computer program, the data query statistical method in the above embodiments is implemented.
In one embodiment, a computer-readable storage medium is provided, on which a computer program is stored, which when executed by a processor implements the data query statistics method in the above embodiments.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by hardware instructions of a computer program, which can be stored in a non-volatile computer-readable storage medium, and when executed, can include the processes of the embodiments of the methods described above. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), Synchronous Link DRAM (SLDRAM), Rambus Direct RAM (RDRAM), direct bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
It should be clear to those skilled in the art that, for convenience and simplicity of description, the foregoing division of the functional units and modules is only used for illustration, and in practical applications, the above function distribution may be performed by different functional units and modules as needed, that is, the internal structure of the apparatus may be divided into different functional units or modules to perform all or part of the above described functions.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; such modifications and substitutions do not substantially depart from the spirit and scope of the embodiments of the present invention, and are intended to be included within the scope of the present invention.

Claims (8)

1. A data query statistical method is applied to a data query module of a data query statistical system, the data query statistical system further comprises a plurality of data providing modules, and the data query statistical method comprises the following steps:
receiving a first ciphertext returned by the data providing module; the first ciphertext comprises a first encryption result obtained by encrypting a first blinding result by the data providing module by using a first private key; the first blinding result is obtained by blinding the data to be queried according to the first public key; the first private key corresponds to the first public key;
blind removal processing is carried out on the first encryption result to obtain a target index value, and an inadvertent transmission protocol is executed on the basis of the target index value and the data providing module to determine a data calculation result; one data providing module corresponds to one data calculation result;
carrying out ciphertext calculation on data calculation results corresponding to the data providing modules to obtain ciphertext calculation results, and sending the ciphertext calculation results to a third-party platform;
receiving an introspection joint statistical result fed back by the third-party platform; the secret trail joint statistical result is obtained by decrypting the ciphertext calculation result through the third-party platform;
the determining a data calculation result based on the target index value and the data providing module executing an oblivious transmission protocol includes:
determining a reference selection threshold and a second random number, and generating first calculation data according to the reference selection threshold, the second random number and the target index value; the second random number is smaller than the reference selection threshold;
sending the first calculation data to the data providing module so as to enable the data providing module to generate second calculation data and a calculation data set according to the first calculation data, the third random number and a reference selection threshold; the third random number is less than the reference selection threshold;
receiving the second calculation data and the calculation data set sent by the data providing module, and determining the data calculation result according to the second calculation data and the calculation data set;
the causing the data providing module to generate a calculation data set according to the first calculation data, the third random number and the reference selection threshold includes:
receiving the reference selection threshold value sent by the data query module through the data providing module, and randomly selecting a third random number smaller than the reference selection threshold value;
determining a hash data set according to the third random number, a reference selection threshold and a preset data total amount through the data providing module;
generating the calculation data set according to the hash data set and a third encryption result through the data providing module; and the third encryption result is obtained by encrypting the local characteristic data of the data providing module by using a second private key.
2. The data query statistics method of claim 1, wherein before receiving the first ciphertext returned by the data providing module, the method further comprises:
receiving the first public key sent by the data providing module; the first public key is sent to the data providing module by the third party platform;
and generating a first random number, and performing blind processing on the data to be queried according to the first public key and the first random number to obtain a first blind result.
3. The statistical method of data queries of claim 1, wherein the first ciphertext further comprises a second encryption result; the second encryption result is obtained by the data providing module encrypting the local query data of the data providing module by using the first private key;
the blind removal processing on the first encryption result to obtain a target index value includes:
carrying out blindness removing processing on the first encryption result to obtain a first blindness removing result;
comparing the first blindness-removing result with the second encryption result;
recording the second encryption result matched with the first blinding-removed result as the target index value.
4. The data query statistics method of claim 1, wherein the generating, by the data providing module, the set of computed data from the set of hashed data and a third encryption result comprises:
splicing the third encryption result and the local query data of the data providing module through the data providing module to obtain spliced encryption results corresponding to the local query data;
and determining the calculation data set according to the splicing encryption result and the hash data set through the data providing module.
5. The statistical method of data queries according to claim 1, wherein said determining the data computation result from the second computation data and the set of computation data comprises:
determining third calculation data according to the second calculation data, the second random number and a reference selection threshold; the third calculation data comprises a plurality of subdata; one piece of the subdata corresponds to local query data of one data providing module;
determining an encryption calculation value corresponding to each subdata according to the subdata and the calculation data set;
and carrying out data splitting on the encrypted calculation value according to the local query data to obtain the data calculation result.
6. A data query statistical system is characterized by comprising a data query module and a plurality of data providing modules; the data query module comprises:
the ciphertext receiving sub-module is used for receiving a first ciphertext returned by the data providing module; the first ciphertext comprises a first encryption result obtained by encrypting a first blinding result by the data providing module by using a first private key; the first blinding result is obtained by blinding the data to be queried according to the first public key; the first private key corresponds to the first public key;
the blind removing processing submodule is used for carrying out blind removing processing on the first encryption result to obtain a target index value, and determining a data calculation result based on the target index value and the data providing module to execute an inadvertent transmission protocol; one data providing module corresponds to one data calculation result;
the ciphertext calculation sub-module is used for performing ciphertext calculation on the data calculation results corresponding to the data providing modules to obtain ciphertext calculation results and sending the ciphertext calculation results to a third-party platform;
the result receiving submodule is used for receiving an elimination trail joint statistical result fed back by the third-party platform; the secret trail joint statistical result is obtained by decrypting the ciphertext calculation result through the third-party platform;
the blind removing processing submodule comprises:
the first data calculation unit is used for determining a reference selection threshold value and a second random number and generating first calculation data according to the reference selection threshold value, the second random number and the target index value; the second random number is smaller than the reference selection threshold;
the second data calculation unit is used for sending the first calculation data to the data providing module so as to enable the data providing module to generate second calculation data and a calculation data set according to the first calculation data, the third random number and a reference selection threshold value; the third random number is less than the reference selection threshold;
the third data calculation unit is used for receiving the second calculation data and the calculation data set sent by the data providing module and determining the data calculation result according to the second calculation data and the calculation data set;
the data providing module includes:
the numerical value selection submodule is used for receiving the reference selection threshold value sent by the data query module through the data providing module and randomly selecting a third random number smaller than the reference selection threshold value;
the first set determining submodule is used for determining a hash data set according to the third random number, the reference selection threshold and the preset data total amount through the data providing module;
a second set determining submodule, configured to generate, by the data providing module, the computed data set according to the hash data set and a third encryption result; and the third encryption result is obtained by encrypting the local characteristic data of the data providing module by using a second private key.
7. A computer device comprising a memory, a processor and a computer program stored in the memory and executable on the processor, wherein the processor implements the data query statistics method of any one of claims 1 to 5 when executing the computer program.
8. A computer-readable storage medium, in which a computer program is stored, which, when being executed by a processor, implements the data query statistics method according to any one of claims 1 to 5.
CN202210615783.9A 2022-06-01 2022-06-01 Data query statistical method, device, computer equipment and storage medium Active CN114691759B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210615783.9A CN114691759B (en) 2022-06-01 2022-06-01 Data query statistical method, device, computer equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210615783.9A CN114691759B (en) 2022-06-01 2022-06-01 Data query statistical method, device, computer equipment and storage medium

Publications (2)

Publication Number Publication Date
CN114691759A CN114691759A (en) 2022-07-01
CN114691759B true CN114691759B (en) 2022-09-06

Family

ID=82131240

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210615783.9A Active CN114691759B (en) 2022-06-01 2022-06-01 Data query statistical method, device, computer equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114691759B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109582818A (en) * 2018-11-07 2019-04-05 南京邮电大学 It is a kind of based on can search for encryption song library cloud search method
CN113190584A (en) * 2021-04-07 2021-07-30 四川新网银行股份有限公司 Concealed trace query method based on oblivious transmission protocol
CN113239046A (en) * 2021-05-20 2021-08-10 平安科技(深圳)有限公司 Data query method, system, computer device and storage medium
CN114091054A (en) * 2021-11-03 2022-02-25 深圳前海微众银行股份有限公司 Bidirectional hidden data query method and device
CN114329599A (en) * 2021-12-30 2022-04-12 北京瑞莱智慧科技有限公司 Data query method and device and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10268834B2 (en) * 2014-06-26 2019-04-23 Telefonaktiebolaget Lm Ericsson (Publ) Privacy-preserving querying mechanism on privately encrypted data on semi-trusted cloud
CN113656648A (en) * 2021-08-09 2021-11-16 杭州安恒信息技术股份有限公司 Data query method, related device and medium

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109582818A (en) * 2018-11-07 2019-04-05 南京邮电大学 It is a kind of based on can search for encryption song library cloud search method
CN113190584A (en) * 2021-04-07 2021-07-30 四川新网银行股份有限公司 Concealed trace query method based on oblivious transmission protocol
CN113239046A (en) * 2021-05-20 2021-08-10 平安科技(深圳)有限公司 Data query method, system, computer device and storage medium
CN114091054A (en) * 2021-11-03 2022-02-25 深圳前海微众银行股份有限公司 Bidirectional hidden data query method and device
CN114329599A (en) * 2021-12-30 2022-04-12 北京瑞莱智慧科技有限公司 Data query method and device and storage medium

Also Published As

Publication number Publication date
CN114691759A (en) 2022-07-01

Similar Documents

Publication Publication Date Title
CN112613077B (en) Privacy-protecting multi-party data processing method, device and system
US11546348B2 (en) Data service system
US20090138708A1 (en) Cryptographic module distribution system, apparatus, and program
CN112613076B (en) Privacy-protecting multi-party data processing method, device and system
CN112822255B (en) Block chain-based mail processing method, mail sending end, receiving end and equipment
CN111178884A (en) Information processing method, device, equipment and readable storage medium
CN111741268B (en) Video transmission method, device, server, equipment and medium
US20220209945A1 (en) Method and device for storing encrypted data
CN111917711B (en) Data access method and device, computer equipment and storage medium
CN110688666A (en) Data encryption and storage method in distributed storage
CN115099959A (en) Homomorphic encryption algorithm-based visitor risk control method and device
CN114244524B (en) Block chain-based data sharing method and system
US11101975B2 (en) Ciphertext matching system and ciphertext matching method
CN117371011A (en) Data hiding query method, electronic device and readable storage medium
CN117371010A (en) Data trace query method, electronic device and readable storage medium
JP2022545809A (en) Secure environment for cryptographic key generation
CN114691759B (en) Data query statistical method, device, computer equipment and storage medium
CN112395633B (en) Method and device for carrying out data statistics by combining multiple parties for protecting privacy
CN115694921A (en) Data storage method, device and medium
CN113946862A (en) Data processing method, device and equipment and readable storage medium
CN113824713A (en) Key generation method, system and storage medium
CN112836239A (en) Method and device for cooperatively determining target object data by two parties for protecting privacy
Liu et al. Proofs of encrypted data retrievability with probabilistic and homomorphic message authenticators
CN111431846A (en) Data transmission method, device and system
CN116318899B (en) Data encryption and decryption processing method, system, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant