CN115642999A - Method and system for efficient retrieval of private information - Google Patents

Method and system for efficient retrieval of private information Download PDF

Info

Publication number
CN115642999A
CN115642999A CN202211111841.0A CN202211111841A CN115642999A CN 115642999 A CN115642999 A CN 115642999A CN 202211111841 A CN202211111841 A CN 202211111841A CN 115642999 A CN115642999 A CN 115642999A
Authority
CN
China
Prior art keywords
key
query
vector
ciphertext
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211111841.0A
Other languages
Chinese (zh)
Inventor
周启贤
罗赛男
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202211111841.0A priority Critical patent/CN115642999A/en
Publication of CN115642999A publication Critical patent/CN115642999A/en
Pending legal-status Critical Current

Links

Images

Abstract

The invention discloses a method for efficiently retrieving private information, which comprises the following steps: fitting to obtain a function in a polynomial form based on data stored in a server, wherein each piece of data comprises a query key and a private information value, the function takes the query key as input and takes the private information value corresponding to the input query key as output; combining the coefficients of each item in the function into a vector as a coefficient vector; generating a private key and a public key which are paired, and homomorphically encrypting the coefficient vector based on the public key to obtain a ciphertext coefficient vector; when receiving a ciphertext query key vector sent by a user, calculating to obtain a ciphertext query result based on the ciphertext query key vector and a ciphertext coefficient vector; and sending the ciphertext query result to a user, and decrypting the ciphertext query result by the user by using a decryption key to obtain a plaintext result of the private information value corresponding to the query key. Accordingly, the present invention discloses a system for efficient retrieval of private information.

Description

Method and system for efficient retrieval of private information
Technical Field
The present invention relates to computer technologies, and in particular, to a method and system for retrieving private information.
Background
With the application and development of computer technology in various fields, the realization of invisible and available data privacy calculation has more and more important significance in the aspect of protecting data privacy, especially in the fields of medical health, military, financial services and the like involved in secret.
Among them, private information retrieval (PIR for short) is an important issue in privacy calculation. The technical problem to be solved by private information retrieval is as follows: when a user submits a query to a database, how to complete the query without revealing private information of the user, wherein the disclosure of private information includes disclosure of private information not to a third party and disclosure of private information not to a server.
In the prior art, some technical solutions for implementing private information query are known. For example, private information retrieval is based on fully homomorphic encryption. However, private information retrieval based on fully homomorphic encryption requires multiple multiplication operations, which greatly reduces the efficiency of private information retrieval.
In view of this, it is desirable to obtain a new private information retrieval scheme that can significantly improve private information retrieval efficiency while protecting private information from being leaked.
Disclosure of Invention
One of the objectives of the present invention is to provide a method for efficiently retrieving private information, which converts multiple multiplications of a ciphertext into a matrix operation when retrieving private information, thereby significantly improving the information retrieval efficiency while protecting the private information from being leaked.
Based on the above object, the present invention provides a method for efficient retrieval of private information, comprising the steps of:
fitting to obtain a function in a polynomial form based on data stored in a server, wherein each piece of data comprises a query key and a private information value, the function takes the query key as input and takes the private information value corresponding to the input query key as output;
combining the coefficients of each item in the function into a vector as a coefficient vector;
generating a private key and a public key which are paired, and homomorphically encrypting the coefficient vector based on the public key to obtain a ciphertext coefficient vector;
when receiving a ciphertext query key vector sent by a user, calculating to obtain a ciphertext query result based on the ciphertext query key vector and a ciphertext coefficient vector; the ciphertext query key vector is obtained by homomorphically encrypting the query key vector based on an authorization key sent to the user by the user on the basis of the server; the query key vector is obtained based on the query key and the frequency information of the function;
and sending the ciphertext query result to the user, and decrypting the ciphertext query result by the user by using a decryption key to obtain a plaintext result of the private information value corresponding to the query key.
In the present invention, for n pieces of data stored in a server (where each piece of data includes a query key and a private information value corresponding to the query key), a polynomial function with the highest degree being n may be fitted, where the polynomial function may be expressed as f (x) = a n x n +a n-1 x n-1 +…+a 1 x+a 0 . It can be seen that the function contains coefficient information a n 、a n-1 、……、a 1 、a 0 And the times information n, n-1, \8230, 1, 0.
A coefficient vector X can be obtained based on the coefficient information, and a query key vector K can be obtained based on the frequency information. Different from the fully homomorphic encryption in the prior art, the method carries out homomorphic encryption on the coefficient vector X based on the public key generated by the server so as to obtain a ciphertext coefficient vector X c And a ciphertext query key vector K obtained based on the query key vector K c And ciphertext coefficient vector X c Computing ciphertext query result V c =K c ×X c Therefore, multiple multiplication operations of the fully homomorphic encryption are converted into one matrix operation, and the operation efficiency is greatly improved.
Further, in some embodiments, the authorization key is obtained based on the following steps:
the user sends identity information to the server to register;
the server randomly generates a reversible matrix pair;
the server generates an authorization key based on the reversible matrix pair and the private key, and sends the authorization key to the user.
Still further, in some embodiments, the reversible matrix pairs randomly generated by the server may be represented as
Figure BDA0003843682510000021
I represents an identity matrix;
an authorization key SK generated based on the reversible matrix pair and the private key SK u Can be expressed as
Figure BDA0003843682510000031
The authorization key is sent by the server to the user for use by the user in subsequent steps.
Further, in some embodiments, the decryption key is generated based on a generated random matrix and a randomly generated reversible matrix pair.
Further, in some embodiments, the generated random matrices may be represented as T 'and a'; the randomly generated invertible matrix pair may be denoted as P' s ·P′ m = I, I denotes an identity matrix; the generated decryption key SK ' may be denoted SK ' = [ I, T ']×P′ s
Further, in some embodiments, the ciphertext query key vector is obtained based on:
randomly generating reversible matrix pairs;
generating a random matrix;
and generating a ciphertext query key vector based on the reversible matrix pair, the random matrix, the query key vector and the authorization key.
Further, in some embodiments, the generated random matrices may be denoted as T 'and a'; the randomly generated reversible matrix pair may be represented as P' s ·P′ m = I, I stands for monoA bit matrix; then the ciphertext query key vector K c Can be expressed as
Figure BDA0003843682510000032
Where K represents the query key vector, SK u Representing an authorization key.
Further, in some embodiments, when the same user wants to perform a plurality of private information queries at a time, i.e. to perform batch processing, the query key vector is the number information based on the function and a plurality of query keys, e.g. k 1 ,k 2 ,…,k m And constructing a query key vector matrix.
Further, in some embodiments, the query key vector matrix may be represented as
Figure BDA0003843682510000033
Further, in certain embodiments, the function is obtained using a least squares fit.
Of course, in other embodiments, the function may be obtained in other ways known to those skilled in the art, such as interpolation or the like.
Another objective of the present invention is to provide a system for efficiently retrieving private information, which can convert multiple multiplications of a ciphertext into one matrix operation when retrieving private information, so as to significantly improve the information retrieval efficiency while protecting the private information from being leaked.
Based on the above object, the present invention further provides a system for efficient retrieval of private information, which includes a server and a client processing module in data communication with the server, wherein:
the server fits to obtain a function in a polynomial form based on data stored in the server, wherein each piece of data comprises a query key and a value, the function takes the query key as input and takes the value corresponding to the input query key as output; and combining the coefficients of the terms in the function into a vector as a coefficient vector; the server generates a private key and a public key which are paired, and homomorphic encryption is carried out on the coefficient vector based on the public key to obtain a ciphertext coefficient vector;
the user side processing module obtains a query key vector based on the query key and the frequency information of the function sent by the server; the user side processing module also performs homomorphic encryption on the query key vector based on an authorization key sent by the server to obtain a ciphertext query key vector and sends the ciphertext query key vector to the server;
when the server receives a ciphertext query key vector sent by a user side processing module, calculating to obtain a ciphertext query result based on the ciphertext query key vector and the ciphertext coefficient vector, and sending the ciphertext query result to the user side processing module;
and the user side processing module decrypts the ciphertext query result by adopting a decryption key so as to obtain a plaintext result of the private information value corresponding to the query key.
Further, in some embodiments, when the user-side processing module sends user identity information to a server for registration, the server randomly generates a reversible matrix pair, generates an authorization key based on the reversible matrix pair and the private key, and sends the authorization key to the user-side processing module.
Still further, in some embodiments, the reversible matrix pairs randomly generated by the server may be represented as
Figure BDA0003843682510000041
I represents an identity matrix; an authorization key SK generated based on the reversible matrix pair and the private key SK u Can be expressed as
Figure BDA0003843682510000042
Further, in some embodiments, the client processing module randomly generates a reversible matrix pair and generates a random matrix, and then generates the decryption key based on the reversible matrix pair and the random matrix.
Further, in some embodiments, the random matrix generated by the client-side processing module can be represented as T 'and a'; the reversible matrix pair randomly generated by the client side processing module can be represented as P' s ·P′ m = I, I denotes an identity matrix; the decryption key SK ' generated by the client side processing module may be denoted as SK ' = [ I, T ']×P′ s
Further, in some embodiments, the user-side processing module randomly generates a reversible matrix pair and a random matrix, and then generates a ciphertext query key vector based on the reversible matrix pair, the random matrix, and the query key vector and the authorization key.
Further, in some embodiments, the random matrix generated by the user-side processing module can be represented as T 'and a'; the reversible matrix pair randomly generated by the client side processing module can be represented as P' s ·P′ m = I, I denotes an identity matrix; then the ciphertext query key vector K c Can be expressed as
Figure BDA0003843682510000051
Where K represents the query key vector, SK u Representing an authorization key.
The system of the invention can not only realize single query of a single user, but also realize batch query of the user in some embodiments, namely, the same user can simultaneously inquire a plurality of private information. In this case, the client processing module is based on a plurality of query keys, e.g. k 1 ,k 2 ,…,k m And constructing a query key vector matrix by using the time information of the function as the query key vector.
Further, in some embodiments, the query key vector matrix may be expressed as
Figure BDA0003843682510000052
Further, in some embodiments, the server uses a least squares fit to obtain the function.
Of course, in other embodiments, the server may also be obtained by other means known to those skilled in the art, such as interpolation or the like, and the function is fitted.
It is yet another object of the present invention to provide a server for efficient retrieval of private information.
In view of the above object, the present invention also provides a server for efficient retrieval of private information, configured to perform the following steps:
fitting to obtain a function in a polynomial form based on data stored in a server, wherein each piece of data comprises a query key and a private information value, the function takes the query key as input and takes the private information value corresponding to the input query key as output;
combining the coefficients of the various items in the function into a vector as a coefficient vector;
generating a private key and a public key which are paired, and homomorphically encrypting the coefficient vector based on the public key to obtain a ciphertext coefficient vector;
calculating to obtain a ciphertext query result based on the ciphertext coefficient vector and the received ciphertext query key vector, and sending the ciphertext query result out; the ciphertext query key vector is generated by carrying out homomorphic encryption on the query key vector by adopting an authorization key generated by a server; the query key vector is obtained based on the query key and the frequency information of the function.
Further, in some embodiments, when the server receives the user identity information sent from the outside, it randomly generates a reversible matrix pair, generates the authorization key based on the reversible matrix pair and the private key, and sends out the authorization key.
Still further, in some embodiments, the reversible matrix pairs randomly generated by the server may be represented as
Figure BDA0003843682510000061
I represents an identity matrix; an authorization key SK generated based on the reversible matrix pair and the private key SK u Can be expressed as
Figure BDA0003843682510000062
Further, in some embodiments, the server uses a least squares fit to derive the function.
Of course, in other embodiments, the server may also obtain the polynomial with the highest order n by other methods known to those skilled in the art, such as interpolation or the like.
It is yet another object of the present invention to provide a client-side processing module for efficient retrieval of private information.
In view of the above object, the present invention further provides a client-side processing module for efficient private information retrieval, configured to perform the following steps:
obtaining a query key vector based on the query key and the received time information of the function in the polynomial form;
based on the received authorization key, carrying out homomorphic encryption on the query key vector to obtain a ciphertext query key vector, and sending out the ciphertext query key vector;
and receiving a ciphertext query result obtained based on the ciphertext query key vector, and decrypting the ciphertext query result by adopting a decryption key to obtain a plaintext result of the private information value corresponding to the query key.
Further, in some embodiments, the user-side processing module generates the decryption key based on the generated random matrix and the randomly generated reversible matrix pair.
Further, in some embodiments, the random matrix generated by the user-side processing module can be represented as T 'and a'; the reversible matrix pair randomly generated by the client side processing module can be represented as P' s ·P′ m = I, I denotes an identity matrix; the decryption key SK ' generated by the user side processing module may be denoted SK ' = [ I, T ']×P′ s
Further, in some embodiments, the user-side processing module randomly generates a reversible matrix pair and a random matrix, and then generates a ciphertext query key vector based on the reversible matrix pair, the random matrix, and the query key vector and the authorization key.
Further, in some embodiments, the random matrix generated by the user-side processing module can be represented as T 'and a'; the reversible matrix pair randomly generated by the client side processing module can be represented as P' s ·P′ m = I, I denotes an identity matrix; then the ciphertext query key vector K c Can be expressed as
Figure BDA0003843682510000071
Where K represents the query key vector, SK u Representing an authorization key.
In some embodiments, the user-side processing module according to the present invention may also perform query of multiple pieces of private information by the same user at the same time. In this case, the client processing module is based on a plurality of query keys, e.g. k 1 ,k 2 ,…,k m And constructing a query key vector matrix by using the time information of the function as the query key vector.
Further, in some embodiments, the query key vector matrix may be represented as
Figure BDA0003843682510000072
The present invention also provides a computer-readable storage medium having stored thereon a computer program which, when executed on a computer, causes the computer to perform the steps performed by the server of the present invention.
The present invention further provides a computer-readable storage medium, on which a computer program is stored, which, when executed in a computer, causes the computer to perform the steps performed by the user-side processing module of the present invention.
The present invention also provides a computing device comprising a memory having stored therein executable code and a processor that, when executing the executable code, performs the steps performed by the server of the present invention.
The invention also provides a computing device comprising a memory and a processor, wherein the memory stores executable codes, and when the processor executes the executable codes, the processor executes the steps executed by the user-side processing module.
The method and the system for efficiently retrieving the private information have the following beneficial effects:
firstly, the invention obtains a function in a polynomial form by fitting stored data, extracts the second number information and the coefficient information to obtain a coefficient vector and a query key vector, then performs homomorphic encryption on the coefficient vector to obtain a ciphertext coefficient vector, and calculates to obtain a ciphertext query result based on the ciphertext coefficient vector and the ciphertext query key vector obtained based on the query key vector, so that the invention can convert multiple multiplication operations of the fully homomorphic encryption into one matrix operation, thereby greatly improving the operation efficiency and the retrieval efficiency.
Compared with the traditional private information retrieval method which only can protect the private information queried by the user from being leaked to the server, the private information retrieval method can protect the query of the user from being leaked to the server and can ensure that the query result is not leaked to the server, namely the server does not know what the query result is.
Moreover, the server can be respectively in communication connection with different users, and each user has the authorization key and the decryption key, so that the method and the system support any number of users to carry out secret query on the same database, and other data of the server, query data of different users and results are independent.
In some embodiments of the present invention, when the user has a requirement for batch processing of queries, the present invention also supports multiple queries simultaneously by a single user, and the batch processing does not significantly increase the computation cost or decrease the efficiency of private information query.
Drawings
Fig. 1 is a schematic flow chart of a method for efficient private information retrieval according to an embodiment of the present invention.
Fig. 2 is a schematic diagram illustrating a system architecture of the system for efficient retrieval of private information according to an embodiment of the present invention.
Fig. 3 is a flowchart illustrating steps performed by the system for efficient retrieval of private information according to an embodiment of the present invention.
Fig. 4 exemplarily shows steps performed by the server for efficient retrieval of private information according to the present invention in one embodiment.
Fig. 5 exemplarily shows steps performed by the user-side processing module for efficient retrieval of private information according to an embodiment of the present invention.
Detailed Description
The method, system, server and user-side processing module for efficient private information retrieval according to the present invention will be described in further detail with reference to the accompanying drawings and specific embodiments, but the detailed description is not intended to limit the present invention.
For homomorphic encryption, the operation in the ciphertext domain is equivalent to the corresponding operation in the plaintext domain after decryption. That is, the encrypted data can still be subjected to corresponding calculations, such as addition and multiplication. Therefore, the value obtained by decrypting the ciphertext calculation result is equal to the calculation result of the corresponding plaintext data in the plaintext. Generally, homomorphic encryption can be represented by the following equation:
Enc(f(m 1 ,m 2 ))=f(Enc(m 1 ),Enc(m 2 ))
wherein m is 1 And m 2 Representing plaintext data, enc (m) 1 ) And Enc (m) 2 ) Representing ciphertext data, and f represents an operation.
The equation represents: plaintext m 1 And m 2 Encryption first and then operation is equivalent to encryption first and then operation.The above equation represents the basic property of homomorphic encryption, that is, homomorphism to operation, and the calculation result in the ciphertext domain is decrypted and equal to the calculation result in the plaintext domain.
Homomorphic encryption includes fully homomorphic encryption, which requires multiple multiplications during encryption, thereby affecting the efficiency of information retrieval.
The invention also provides a scheme for efficient retrieval of private information based on a homomorphic encryption basic theory. But different from the fully homomorphic encryption, the invention innovatively provides a method which can convert multiple multiplications of the fully homomorphic encryption into one matrix operation, thereby greatly improving the information retrieval efficiency.
In the invention, n pieces of data are stored in a database of a server, and each piece of data comprises a query key k and a private information value v corresponding to the query key. These n pieces of data can be expressed as (k) 1 ,v 1 ),(k 2 ,v 2 ),…,(k n ,v n ). Each piece of data can thus be regarded as a point on a two-dimensional plane, and the invention can fit the data of these n points to a curve, expressed as a function f (x) in polynomial form, which satisfies: f (k) i )=v i ,i∈[0,1,…,n]Wherein k is i Representing a query key, v i Presentation and query key k i The corresponding private information value.
In one embodiment of the present invention, a method for efficient retrieval of private information stored in a database is presented. Fig. 1 exemplarily shows a flow diagram of a method for efficient retrieval of private information according to an embodiment of the present invention.
As shown in fig. 1, the method for efficient retrieval of private information includes the steps of:
100: fitting n pieces of data stored in the server to obtain a function f (x) = a in a polynomial form with the highest degree n n x n +a n-1 x n-1 +…+a 1 x+a 0
In a more specific embodiment, the polynomial may be derived using a least squares fit.
200: combining the coefficients of the function into a coefficient vector
Figure BDA0003843682510000101
300: a key generator KeyGen (lambda) is called to generate a private key SK and a public key PK in pair, and the coefficient vector X is homomorphically encrypted Enc (X, PK, e) based on the public key PK to obtain a ciphertext coefficient vector X c =PK·(wX)+e。
The steps are based on the following requirements between the ciphertext and the plaintext of vector homomorphic encryption: SK × c = wX + e, where e denotes an error vector, w denotes a large integer, and c and X denote corresponding ciphertext and plaintext, respectively.
In a particular embodiment, the private key generated by invoking the key generator KeyGen (λ) may be expressed as SK = [ I, T =]P s The generated public key can be expressed as
Figure BDA0003843682510000102
Wherein P is s And P m Is a pair of invertible matrices, P s ·P m = I, I denotes the identity matrix, a and T both denote random matrices, and λ denotes the security parameter.
400: the order information [ n, n-1, \ 8230;, 1,0] of the function f (x) is transmitted to the user.
500: when a user queries a private information value based on a query key, a query key vector K is obtained by calculation in a plaintext according to the frequency information of the function f (x), and then an authorization key SK sent to the user by a server is used u Encrypting the query key vector K to generate a ciphertext query key vector K c
600: key vector K is inquired based on cryptograph c And ciphertext coefficient vector X c Computing ciphertext query result V c =K c ×X c And querying the ciphertext query result V c And sending the data to the user.
700: the user uses the decryption key SK' to query the result V of the ciphertext c Carry out decryption
Figure BDA0003843682510000111
Figure BDA0003843682510000112
To get a plaintext result v for the corresponding private information value, where w represents the large integer sent by the server to the user.
As can be seen from the above description, for the private information to be queried, the server only sends the number information of the function to the user, and does not send the coefficient information of the function to the user, so that any data of the database is not leaked.
In addition, the server is computed in the ciphertext domain, so it is obviously unaware of the user's query key vector K c What is. Meanwhile, the query result is also a ciphertext, and the server does not have a decryption key of the ciphertext, so the server cannot know what the query result is, and the method and the system have strong privacy protection.
It should be noted that the user making the private information query first needs to have an authorization key. In some specific embodiments, the authorization key SK u Can be obtained based on the following steps:
the user sends identity information to the server for registration, wherein the identity information can be a user ID, a mailbox, a telephone number or other identity information known in the art;
the server randomly generates a pair of invertible matrix pairs
Figure BDA0003843682510000113
I represents an identity matrix;
server generates authorization key based on reversible matrix pair and private key SK
Figure BDA0003843682510000114
The server sends the authorization key SK u And sending the data to the user.
In the present invention, the ciphertext query key vector is generated at the user side. In some embodiments, the ciphertext query key vector K c The method is generated based on the following steps:
randomly generating a pair of invertible matrices P' s ·P′ m = I, I denotes an identity matrix;
randomly generating matrixes T 'and A';
based on inquiry key vector K and authorization key SK u Generating ciphertext query key vectors
Figure BDA0003843682510000115
The ciphertext query key vector K c Is sent to the server for querying the private information.
In the present invention, the decryption key is also generated at the user side. In some specific embodiments, the decryption key is generated based on the following steps:
generating reversible matrix pair P 'randomly' s ·P′ m = I, I denotes an identity matrix;
generating random matrixes T 'and A';
generating a decryption key SK' based on the reversible matrix pair and the random matrix: SK '= [ I, T']×P′ s
In another embodiment, the method of the present invention may also implement batch query of a user, that is, the same user simultaneously performs multiple private information queries. In this case, the query may obtain pieces of private information based on the following steps:
order information [ n, n-1, \ 8230; 1, 0;) based on a plurality of query keys and a function f (x)]Calculating an obtained query key vector matrix K in a plaintext:
Figure BDA0003843682510000121
randomly generating a pair of invertible matrices P' s ·P′ m = I, I denotes an identity matrix;
randomly generating matrixes T 'and A';
based on query key vector matrix K and authorization key SK u Generating ciphertext query key vectors
Figure BDA0003843682510000122
The ciphertext query key vector K c Is sent to the server for querying the private information.
In another embodiment of the invention, a system for efficient retrieval of private information is presented. Fig. 2 schematically shows an architecture diagram of the system for efficiently retrieving private information according to an embodiment of the present invention.
As shown in fig. 2, there are two parties in the private information retrieval, one of which is a server having a database in which n pieces of data are stored, each piece of data including a query key k and a private information value v corresponding to the query key. The other side is a user side which is provided with a query key k, and the user wants to obtain a private information value v corresponding to the query key in the server.
The system for efficiently retrieving the private information comprises a server and a plurality of user side processing modules in data communication connection with the server, wherein each user side processing module corresponds to one user, so that the system supports any number of users to carry out secret query on the same database, and each user uses an independent authorization key and an independent decryption key, thereby ensuring the independence of query of each user.
Fig. 3 is a flowchart illustrating steps performed by the system for efficient retrieval of private information according to an embodiment of the present invention.
As shown in FIG. 3, in some embodiments, the system for efficient retrieval of private information performs the following steps:
100: the server fits a polynomial function f (x) = a with the highest order n based on n pieces of data stored in the server n x n +a n-1 x n-1 +…+a 1 x+a 0
In a more specific embodiment, the polynomial may be derived using a least squares fit.
200: the server combines the coefficients of the function into a coefficient vector
Figure BDA0003843682510000131
300: the server calls a key generator KeyGen (lambda) to generate a private key SK and a public key PK in pair, and homomorphic encryption Enc (X, PK, e) is carried out on the coefficient vector X based on the public key PK to obtain a ciphertext coefficient vector X c = PK · (wX) + e, where e denotes an error vector and w denotes a large integer.
In a particular embodiment, the private key generated by the server-invoked key generator KeyGen (λ) may be denoted as SK = [ I, T =]P s The generated public key can be expressed as
Figure BDA0003843682510000132
Wherein P is s And P m Is a pair of invertible matrices, P s ·P m I, I denotes an identity matrix, a and T both denote random matrices, and λ denotes a security parameter.
400: the server sends the frequency information [ n, n-1, \8230;, 1,0] of the function f (x) to the user side processing module.
500: when the user side processing module inquires the private information value based on the inquiry key, the user side processing module calculates in the plaintext according to the frequency information of the function f (x) to obtain an inquiry key vector K, and then sends an authorization key SK to the user side processing module according to the server u Encrypting the query key vector K to generate a ciphertext query key vector K c
600: server queries key vector K based on ciphertext c And ciphertext coefficient vector X c Computing ciphertext query result V c =K c ×X c And the ciphertext query result V c And sending the data to a user side processing module.
700: the user side processing module adopts the decryption key SK' to search the result V of the ciphertext query c Carry out decryption
Figure BDA0003843682510000141
To get a plaintext result v for the corresponding private information value, where w represents the large integer sent by the server to the user.
In the invention, private information inquiry is carried outThe user of (a) first needs to have an authorization key. In some specific embodiments, the authorization key SK u Can be obtained based on the following steps:
the user side processing module sends the identity information of the corresponding user to the server for registration, wherein the identity information can be user ID, mailbox, telephone number or other identity information known in the field;
the server randomly generates a pair of reversible matrix pairs
Figure BDA0003843682510000142
I represents an identity matrix;
server generates authorization key based on reversible matrix pair and private key SK
Figure BDA0003843682510000143
The server sends the authorization key SK u And sending the data to a user side processing module.
In the invention, the ciphertext query key vector is generated by the user side processing module. In some embodiments, the ciphertext query key vector K c The method is generated based on the following steps:
the user side processing module randomly generates a pair of invertible matrixes P' s ·P′ m = I, I denotes an identity matrix;
the user side processing module randomly generates matrixes T 'and A';
the user side processing module is based on the query key vector K and the authorization key SK u Generating ciphertext query key vectors
Figure BDA0003843682510000144
The ciphertext query key vector K c Is sent to the server for querying the private information.
In the present invention, the decryption key is also generated by the client processing module. In some specific embodiments, the decryption key is generated based on the following steps:
user side processing module randomly generates reversible matrix pair P' s ·P′ m = I, I denotes an identity matrix;
the user side processing module generates random matrixes T 'and A';
the user side processing module generates a decryption key SK' based on the reversible matrix pair and the random matrix: SK '= [ I, T']×P′ s
In another embodiment of the present invention, the system of the present invention may also implement batch query of the user, that is, the same user simultaneously performs queries of multiple pieces of private information. In this case, the query may obtain pieces of private information based on the following steps:
the user side processing module calculates an obtained query key vector matrix K in a plaintext based on a plurality of query keys and the time information [ n, n-1, \ 8230;, 1,0] of the function f (x):
Figure BDA0003843682510000151
the user side processing module randomly generates a pair of reversible matrixes P 's.P'm = I, wherein I represents a unit matrix;
the user side processing module randomly generates matrixes T 'and A';
user side processing module based on query key vector matrix K and authorization key SK u Generating ciphertext query key vectors
Figure BDA0003843682510000152
The ciphertext query key vector K c Is sent to the server for querying the private information.
The invention further provides a server for efficient retrieval of private information.
Fig. 4 exemplarily shows steps performed by the server for efficient retrieval of private information according to the present invention in one embodiment.
As shown in fig. 4, the server is arranged to perform the following steps:
100: the server obtains the highest order based on the fitting of the n pieces of data stored in the serverFunction f (x) = a of polynomial form of n n x n +a n-1 x n-1 +…+a 1 x+a 0
In a specific embodiment, the server may use a least squares fit to derive the function.
200: the server combines the coefficients of the function into a coefficient vector
Figure BDA0003843682510000153
300: the server calls a key generator KeyGen (lambda) to generate a private key SK and a public key PK in pair, and homomorphic encryption Enc (X, PK, e) is carried out on the coefficient vector X based on the public key PK to obtain a ciphertext coefficient vector X c = PK · (wX) + e, where e denotes an error vector and w denotes a large integer.
In a particular embodiment, the private key generated by the server-invoked key generator KeyGen (λ) may be denoted as SK = [ I, T =]P s The generated public key can be expressed as
Figure BDA0003843682510000154
Wherein P is s And P m Is a pair of invertible matrices, P s ·P m = I, I denotes the identity matrix, a and T both denote random matrices, and λ denotes the security parameter.
400: the server sends out the frequency information [ n, n-1, \8230;, 1,0] of the function f (x).
500: the server receives the ciphertext query key vector K generated based on the frequency information c Then, based on the ciphertext, inquiring the key vector K c And ciphertext coefficient vector X c Computing ciphertext query result V c =K c ×X c And the ciphertext query result V c And sending out.
In some embodiments, the server generates the authorization key by performing the following steps:
the server receives identity information sent by the user for registration, wherein the identity information can be a user ID, a mailbox, a telephone number or other information known in the art for representing identity;
the server randomly generates a pair of invertible matrix pairs
Figure BDA0003843682510000161
I represents an identity matrix;
server generates authorization key based on reversible matrix pair and private key SK
Figure BDA0003843682510000162
The server sends the authorization key SK u And sending out.
An embodiment of the present invention also provides a computer-readable storage medium on which a computer program is stored, which, when executed in a computer, causes the computer to perform the steps performed by the server in the above-described embodiment of the present invention. Since the steps performed thereby are the same as those performed by the server described above, the description will not be repeated here.
An embodiment of the present invention further provides a computing device, which includes a memory and a processor, wherein the memory stores executable codes, and when the processor executes the executable codes, the processor executes the steps executed by the server in the above embodiment of the present invention. Since the steps performed thereby are the same as those performed by the server described above, the description will not be repeated here.
An embodiment of the present invention further provides a client processing module for efficient retrieval of private information.
Fig. 5 exemplarily shows steps performed by the user-side processing module for efficient retrieval of private information according to an embodiment of the present invention.
As shown in fig. 5, the client-side processing module is configured to perform the following steps:
100: the order information [ n, n-1, \ 8230;, 1,0] of the function f (x) is received.
200: calculating in a plaintext according to the query key and the frequency information to obtain a query key vector K; and based on the received authorization key SK u The query key vector K is encrypted toGenerating ciphertext query key vector K c (ii) a The cipher text is inquired about the key vector K c Sent out to obtain a cipher text based query key vector K c Obtained ciphertext query result V c
300: obtaining a decryption key SK' to search a result V of the ciphertext c Carry out decryption
Figure BDA0003843682510000171
Figure BDA0003843682510000172
To get a plaintext result v for the corresponding private information value, where w represents the large integer sent by the server to the user.
In some embodiments, the client-side processing module generates the ciphertext query key vector K based on the following steps c
The user side processing module randomly generates a pair of invertible matrixes P' s ·P′ m = I, I denotes an identity matrix;
the user side processing module randomly generates matrixes T 'and A';
the user side processing module is based on the query key vector K and the authorization key SK u Generating ciphertext query key vectors
Figure BDA0003843682510000173
In some specific embodiments, the client-side processing module generates the decryption key based on the following steps:
user side processing module randomly generates reversible matrix pair P' s ·′P′ m = I, I denotes an identity matrix;
the user side processing module generates random matrixes T 'and A';
the user side processing module generates a decryption key SK' based on the reversible matrix pair and the random matrix: SK '= [ I, T']×P′ s
In another embodiment, the client processing module according to the present invention may also implement batch query of a user, that is, the same user performs multiple queries simultaneously. At this time, the user side processing module:
based on a plurality of inquiry keys k 1 ,k 2 ,…,k m And received times information [ n, n-1, \8230; 1,0]And (3) calculating an obtained query key vector matrix K in the clear text:
Figure BDA0003843682510000174
randomly generating a pair of invertible matrices P' s ·P′ m = I, I denotes an identity matrix;
randomly generating matrixes T 'and A';
generating a decryption key SK '= [ I, T']×P′ s
Based on inquiry key vector matrix K and authorization key SK u Generating ciphertext query key vectors
Figure BDA0003843682510000175
An embodiment of the present invention further provides a computer-readable storage medium, on which a computer program is stored, which, when the computer program is executed in a computer, causes the computer to execute the steps executed by the client-side processing module in the above-mentioned embodiment of the present invention. Since the steps performed by the processing module at the user end are the same as those performed by the processing module at the user end, the description is not repeated here.
One embodiment of the present invention provides a computing device, which includes a memory and a processor, wherein the memory stores executable codes, and when the processor executes the executable codes, the processor executes the steps executed by the client-side processing module in the above embodiment of the present invention. Since the steps performed by the processing module are the same as those performed by the processing module at the user end, the description is not repeated here.
In order to verify the technical effects of the method, the system, the server and the user side processing module for efficiently retrieving the private information, the decryption process is expanded as follows:
Figure BDA0003843682510000181
e' in the above formula represents noise,
Figure BDA0003843682510000182
the above result is divided by a large integer w to give: v = f (k), i.e. the final decryption result.
It can be seen that the decryption result is equal to the calculation result of the polynomial form function in plaintext, and also equal to the query result.
Based on multiple inquiry keys k for one user by using same method 1 ,k 2 ,…,k m Simultaneously inquiring the technical effect of the corresponding pieces of private information for verification, wherein the final decryption mode is as follows:
Figure BDA0003843682510000183
the result is equal to:
Figure BDA0003843682510000191
it can be seen that when batch processing is performed, the decryption result is also equal to the calculation result of the polynomial form function in the plain text, and is also equal to the query result.
It should be noted that the above-mentioned embodiments are only specific examples of the present invention, and obviously, the present invention is not limited to the above-mentioned embodiments, and many similar variations exist. All modifications which can be derived or suggested by the person skilled in the art from the present disclosure are intended to be within the scope of the present invention.

Claims (23)

1. A method for efficient retrieval of private information, comprising the steps of:
fitting to obtain a function in a polynomial form based on data stored in a server, wherein each piece of data comprises a query key and a private information value, the function takes the query key as input and takes the private information value corresponding to the input query key as output;
combining the coefficients of the various items in the function into a vector as a coefficient vector;
generating a private key and a public key which are paired, and homomorphically encrypting the coefficient vector based on the public key to obtain a ciphertext coefficient vector;
when receiving a ciphertext query key vector sent by a user, calculating to obtain a ciphertext query result based on the ciphertext query key vector and a ciphertext coefficient vector; the ciphertext query key vector is obtained by homomorphic encrypting the query key vector based on an authorization key sent to the user by the server;
the query key vector is obtained based on the query key and the frequency information of the function;
and sending the ciphertext query result to the user, and decrypting the ciphertext query result by the user by using a decryption key to obtain a plaintext result of the private information value corresponding to the query key.
2. The method for efficient retrieval of private information of claim 1, wherein the authorization key is obtained based on the steps of:
the user sends identity information to the server to register;
the server randomly generates a reversible matrix pair;
the server generates the authorization key based on the reversible matrix pair and the private key, and sends the authorization key to the user.
3. A method for efficient retrieval of private information as defined in claim 1, wherein the decryption key is generated based on a generated random matrix and a randomly generated reversible matrix pair.
4. The method for efficient retrieval of private information of claim 1, wherein the ciphertext query key vector is obtained based on:
randomly generating reversible matrix pairs;
generating a random matrix;
and generating a ciphertext query key vector based on the reversible matrix pair, the random matrix, the query key vector and the authorization key.
5. The method for efficient retrieval of private information of claim 1, wherein the query key vector is a query key vector matrix constructed based on the number of times information of the function and a plurality of query keys.
6. The method for efficient retrieval of private information of claim 1, wherein the function is fit using a least squares method.
7. A system for efficient retrieval of private information, comprising a server, and a client-side processing module in data communication with the server, characterized by:
the server fits to obtain a function in a polynomial form based on data stored in the server, wherein each piece of data comprises a query key and a value, the function takes the query key as input and takes the value corresponding to the input query key as output; and combining the coefficients of the terms in the function into a vector as a coefficient vector; the server generates a private key and a public key which are paired, and homomorphic encryption is carried out on the coefficient vector based on the public key to obtain a ciphertext coefficient vector;
the user side processing module obtains a query key vector based on the query key and the frequency information of the function sent by the server; the user side processing module also performs homomorphic encryption on the query key vector based on an authorization key sent by the server to obtain a ciphertext query key vector and sends the ciphertext query key vector to the server;
when the server receives a ciphertext query key vector sent by a user side processing module, a ciphertext query result is obtained through calculation based on the ciphertext query key vector and the ciphertext coefficient vector, and the ciphertext query result is sent to the user side processing module;
and the user side processing module decrypts the ciphertext query result by adopting a decryption key so as to obtain a plaintext result of the private information value corresponding to the query key.
8. The system for efficient retrieval of private information of claim 7, wherein when the user-side processing module sends user identity information to a server for registration, the server randomly generates a reversible matrix pair and generates an authorization key based on the reversible matrix pair and the private key and sends the authorization key to the user-side processing module.
9. The system for efficient retrieval of private information of claim 7, wherein the client processing module randomly generates a reversible matrix pair and generates a random matrix, and then generates the decryption key based on the reversible matrix pair and random matrix.
10. The system for efficient retrieval of private information of claim 7, wherein the client-side processing module randomly generates a reversible matrix pair and a random matrix, and then generates a ciphertext query key vector based on the reversible matrix pair, the random matrix, and the obtained query key vector and an authorization key.
11. The system for efficient retrieval of private information of claim 7, wherein the client-side processing module constructs a query key vector matrix as the query key vector based on the number information of the functions and a plurality of query keys.
12. The system for efficient retrieval of private information of claim 7, wherein the server uses a least squares fit to derive the function.
13. A server for efficient retrieval of private information, characterized in that it is arranged to perform the following steps:
fitting to obtain a function in a polynomial form based on data stored in a server, wherein each piece of data comprises a query key and a private information value, the function takes the query key as input and takes the private information value corresponding to the input query key as output;
combining the coefficients of the various items in the function into a vector as a coefficient vector;
generating a private key and a public key which are paired, and homomorphically encrypting the coefficient vector based on the public key to obtain a ciphertext coefficient vector;
calculating to obtain a ciphertext query result based on the ciphertext coefficient vector and the received ciphertext query key vector, and sending the ciphertext query result out; the ciphertext query key vector is generated by carrying out homomorphic encryption on the query key vector by adopting an authorization key generated by a server; the query key vector is obtained based on the query key and the frequency information of the function.
14. The server according to claim 13, wherein when it receives user identity information transmitted from outside, it randomly generates a reversible matrix pair, and generates the authorization key based on the reversible matrix pair and the private key, and transmits the authorization key.
15. The server of claim 13, wherein the function is derived using a least squares fit.
16. A client-side processing module for efficient retrieval of private information, configured to perform the steps of:
obtaining a query key vector based on the query key and the received times information of the function in the polynomial form; based on the received authorization key, carrying out homomorphic encryption on the query key vector to obtain a ciphertext query key vector, and sending the ciphertext query key vector out;
and receiving a ciphertext query result obtained based on the ciphertext query key vector, and decrypting the ciphertext query result by adopting a decryption key to obtain a plaintext result of the private information value corresponding to the query key.
17. The customer premises processing module of claim 16, wherein it generates the decryption key based on a generated random matrix and a randomly generated reversible matrix pair.
18. The user-side processing module of claim 16, which generates a random matrix, and randomly generates a reversible matrix pair, and then generates the ciphertext query key vector based on the reversible matrix pair, the random matrix, the query key vector, and the authorization key.
19. The user-side processing module of claim 16, wherein the query key vector is a query key vector matrix constructed by the user-side processing module based on the number information of the functions and a plurality of query keys.
20. A computer-readable storage medium, on which a computer program is stored, which, when the computer program is executed in a computer, causes the computer to carry out the steps performed by the server according to any one of claims 13-15.
21. A computer-readable storage medium, on which a computer program is stored, which, when being executed in a computer, causes the computer to carry out the steps performed by the user-side processing module according to any one of claims 16-19.
22. A computing device comprising a memory and a processor, wherein the memory has stored therein executable code that when executed by the processor performs the steps performed by the server of any one of claims 13-15.
23. A computing device comprising a memory and a processor, wherein the memory has stored therein executable code that when executed by the processor performs the steps performed by the user-side processing module of any of claims 16-19.
CN202211111841.0A 2022-09-13 2022-09-13 Method and system for efficient retrieval of private information Pending CN115642999A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211111841.0A CN115642999A (en) 2022-09-13 2022-09-13 Method and system for efficient retrieval of private information

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211111841.0A CN115642999A (en) 2022-09-13 2022-09-13 Method and system for efficient retrieval of private information

Publications (1)

Publication Number Publication Date
CN115642999A true CN115642999A (en) 2023-01-24

Family

ID=84941522

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211111841.0A Pending CN115642999A (en) 2022-09-13 2022-09-13 Method and system for efficient retrieval of private information

Country Status (1)

Country Link
CN (1) CN115642999A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116702215A (en) * 2023-08-07 2023-09-05 腾讯科技(深圳)有限公司 Query processing method, device, equipment and medium

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116702215A (en) * 2023-08-07 2023-09-05 腾讯科技(深圳)有限公司 Query processing method, device, equipment and medium
CN116702215B (en) * 2023-08-07 2023-12-08 腾讯科技(深圳)有限公司 Query processing method, device, equipment and medium

Similar Documents

Publication Publication Date Title
Liu et al. An efficient privacy-preserving outsourced calculation toolkit with multiple keys
US11882218B2 (en) Matching system, method, apparatus, and program
US9571268B2 (en) Method and system for homomorphicly randomizing an input
EP2228942B1 (en) Securing communications sent by a first user to a second user
JP6180177B2 (en) Encrypted data inquiry method and system capable of protecting privacy
JP5542474B2 (en) Method and system for verifying similarity between a first signal and a second signal
WO1997031449A1 (en) Communication method using common cryptographic key
Emura et al. Generic constructions of secure‐channel free searchable encryption with adaptive security
CN110147681B (en) Privacy protection big data processing method and system supporting flexible access control
CN110120873B (en) Frequent item set mining method based on cloud outsourcing transaction data
CN113434878B (en) Modeling and application method, device, equipment and storage medium based on federal learning
Liang et al. VPAMS: Verifiable and practical attribute-based multi-keyword search over encrypted cloud data
Yi et al. Practical privacy-preserving user profile matching in social networks
WO2014030706A1 (en) Encrypted database system, client device and server, method and program for adding encrypted data
CN115642999A (en) Method and system for efficient retrieval of private information
CN114564730A (en) Symmetric encryption-based federal packet statistic calculation method, device and medium
CN117150557A (en) Compression-supporting private information retrieval method and system based on secure multiparty computing
JP2011118387A (en) Method and system for determining result of applying function to signal
Harn et al. A novel threshold cryptography with membership authentication and key establishment
JP2886517B2 (en) Common key communication system
JP2886516B2 (en) Encryption key sharing system
Youn et al. Practical additive homomorphic encryption for statistical analysis over encrypted data
Tran et al. An efficient cacheable secure scalar product protocol for privacy-preserving data mining
Delgosha et al. Stream cipher using finite-field wavelets
Sakarkar et al. Attribute-based encryption with equality test in cloud computing using key-policy

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination