CN115688167B - Method, device and system for inquiring trace and storage medium - Google Patents

Method, device and system for inquiring trace and storage medium Download PDF

Info

Publication number
CN115688167B
CN115688167B CN202211252878.5A CN202211252878A CN115688167B CN 115688167 B CN115688167 B CN 115688167B CN 202211252878 A CN202211252878 A CN 202211252878A CN 115688167 B CN115688167 B CN 115688167B
Authority
CN
China
Prior art keywords
target
plaintext
data
tag data
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211252878.5A
Other languages
Chinese (zh)
Other versions
CN115688167A (en
Inventor
刘立伟
王新左
彭皓
张泽华
何杰
林战刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jingdong Century Trading Co Ltd
Beijing Wodong Tianjun Information Technology Co Ltd
Original Assignee
Beijing Jingdong Century Trading Co Ltd
Beijing Wodong Tianjun Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jingdong Century Trading Co Ltd, Beijing Wodong Tianjun Information Technology Co Ltd filed Critical Beijing Jingdong Century Trading Co Ltd
Priority to CN202211252878.5A priority Critical patent/CN115688167B/en
Publication of CN115688167A publication Critical patent/CN115688167A/en
Application granted granted Critical
Publication of CN115688167B publication Critical patent/CN115688167B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The disclosure provides a method, a device and a system for inquiring trace and a storage medium, relates to the technical field of computers, and particularly relates to the field of privacy calculation. According to the trace query scheme, the intersection of the data records of the data provider and the data query party is determined by means of encrypting identification data in a manner of solving the intersection without revealing privacy of the two parties, if it is determined that a plurality of target tag data corresponding to a plurality of target storage serial numbers in the intersection are stored in the same target plaintext, a ciphertext request is initiated to the data provider by utilizing ciphertext of index information of the target plaintext for the plurality of target storage serial numbers, ciphertext of the target plaintext in ciphertext response is decrypted, and the plurality of target tag data can be obtained from the target tag data. Therefore, a plurality of target tag data can be obtained at the same time through one ciphertext request and one ciphertext response, so that the communication cost and the calculation cost are reduced, and the trace query scheme can be operated efficiently.

Description

Method, device and system for inquiring trace and storage medium
Technical Field
The disclosure relates to the technical field of computers, in particular to the field of privacy computation, and particularly relates to a track inquiry method, a track inquiry device, a track inquiry system and a storage medium.
Background
The hidden inquiry is also called privacy information retrieval (Private Information Retrieval, PIR) and is used for protecting the inquiry privacy of a user, namely, when the data inquiry is submitted to a data provider, the data inquiry is completed under the condition that the inquiry information of the data inquirer is not leaked.
A method for inquiring the trace based on serial number includes such steps as generating a cipher text request for each data record, and obtaining the label data of the data record.
According to research, if the user wants to inquire the tag data of a plurality of data records, the data inquirer can acquire the tag data of the plurality of data records through a plurality of ciphertext requests and ciphertext responses aiming at a plurality of storage serial numbers of the plurality of data records, so that communication cost and calculation cost are relatively high.
Disclosure of Invention
According to the trace query scheme, the intersection of the data records of the data provider and the data query party is determined by means of encrypting identification data in a manner of solving the intersection without revealing privacy of the two parties, if it is determined that a plurality of target tag data corresponding to a plurality of target storage serial numbers in the intersection are stored in the same target plaintext, a ciphertext request is initiated to the data provider by utilizing ciphertext of index information of the target plaintext for the plurality of target storage serial numbers, ciphertext of the target plaintext in ciphertext response is decrypted, and the plurality of target tag data can be obtained from the target tag data. Therefore, a plurality of target tag data can be obtained at the same time through one ciphertext request and one ciphertext response, so that the communication cost and the calculation cost are reduced, and the trace query scheme can be operated efficiently.
Some embodiments of the present disclosure provide a method for a track query, including:
determining an intersection of a first encrypted identification data set and a second encrypted identification data set, wherein the first encrypted identification data set comprises encrypted identification data and a storage sequence number of each data record of a data provider, the second encrypted identification data set comprises encrypted identification data of each data record of a data querying party, each data record comprises identification data and tag data, and a plurality of tag data of each plurality of data records of the data provider are stored in a plaintext;
under the condition that a plurality of target label data of corresponding multi-item label data records are stored in the same target plaintext according to a plurality of target storage sequence numbers in the intersection, initiating a ciphertext request to a data provider by utilizing ciphertext of index information of the target plaintext according to the plurality of target storage sequence numbers;
receiving a ciphertext response returned by a data provider, and decrypting ciphertext of the target plaintext in the ciphertext response to obtain the target plaintext;
and acquiring the plurality of target tag data from the target plaintext.
In some embodiments, determining that the plurality of target tag data of the multi-entry tag data record is stored in the same target plaintext comprises:
Determining index information of a target plaintext stored in each target tag data of each target tag data record according to a plurality of target storage serial numbers of the multi-target tag data records and encoding parameters from the tag data to the plaintext;
when index information of target plaintext stored in a plurality of target tag data of a multi-entry tag data record is the same, it is determined that a plurality of target tag data of a multi-entry tag data record are stored in the same target plaintext.
In some embodiments, determining the index information of the target plaintext stored per target tag data of each target tag data record comprises:
determining the number of bits which can be stored in each plaintext according to the encoding parameters from the tag data to the plaintext;
determining the number of the label data which can be stored in each plaintext according to the number of the bits which can be stored in each plaintext and the number of the bits occupied by each label data;
and determining index information of the target plaintext stored in each target tag data of each target tag data record by dividing the number of the tag data which can be stored in each plaintext by each target storage sequence number of each target tag data record.
In some embodiments, obtaining the plurality of target tag data from the target plaintext comprises:
Determining the storage position of each target tag data record in a target plaintext according to a plurality of target storage serial numbers of the multi-target tag data records and the encoding parameters from the tag data to the plaintext;
and acquiring each target tag data from the target plaintext according to the storage position of each target tag data recorded in each target tag data in the target plaintext.
In some embodiments, determining the storage location of each target tag data record in the target plaintext comprises:
determining the number of bits which can be stored in each plaintext according to the encoding parameters from the tag data to the plaintext;
determining the number of the label data which can be stored in each plaintext according to the number of the bits which can be stored in each plaintext and the number of the bits occupied by each label data;
and determining the storage position of each target tag data record in the target plaintext by performing modular arithmetic on the number of the tag data which can be stored in each plaintext by each target storage sequence number of each target tag data record.
In some embodiments, further comprising: the number of tag data that can be stored per plaintext is increased by increasing the number of bits that can be stored per plaintext and decreasing the number of bits that each tag data occupies.
In some embodiments, the number of bits that can be stored per plaintext is increased by increasing at least one of the polynomial degree of the plaintext, the polynomial coefficient range of the plaintext, and the like.
In some embodiments, the number of bits occupied by each tag data is reduced by compression encoding.
In some embodiments, determining the intersection of the first encrypted identification data set and the second encrypted identification data set comprises:
according to the same ordering mode, the encrypted identification data in the first encrypted identification data set and the encrypted identification data in the second encrypted identification data set are arranged in ascending order or descending order;
an intersection of a first set of encrypted identification data with a second set of encrypted identification data having the same encrypted identification data is determined.
In some embodiments, the data querying party and the data provider adopt a agreed encryption method to encrypt the identification data of their own data records respectively to generate encrypted identification data.
In some embodiments, the index information of the target plaintext includes:
an index of the target plaintext; or alternatively, the process may be performed,
the target plaintext is at the position of a plaintext matrix formed by the various plaintext.
In some embodiments, initiating a ciphertext request to a data provider includes: dividing the target storage sequence numbers in the intersection into one or more batches, wherein each batch comprises one or more groups, the target storage sequence numbers of each group correspond to the same target plaintext, the target storage sequence numbers of different groups correspond to different target plaintext, and initiating a ciphertext request to a data provider for each batch, wherein the ciphertext carries the ciphertext of index information of each target plaintext corresponding to each group of the batch;
After receiving the ciphertext response returned by the data provider, decrypting the ciphertext of each target plaintext in the ciphertext response to obtain each target plaintext of the batch.
In some embodiments, further comprising: and the data provider performs the transmission and expansion on the ciphertext of the index information of the target plaintext in a blank mode to obtain a target vector of the ciphertext of the index information of the target plaintext, and performs matrix operation on a plaintext matrix formed by the plaintext and the target vector to obtain the ciphertext of the target plaintext.
Some embodiments of the present disclosure provide a track inquiry apparatus, including:
an intersection determination unit configured to determine an intersection of a first encrypted identification data set including encrypted identification data and a storage sequence number of each data record of the data provider and a second encrypted identification data set including encrypted identification data of each data record of the data inquirer, each data record including identification data and tag data, a plurality of tag data of each plurality of data records of the data provider being stored in one plain text;
a ciphertext request unit configured to initiate a ciphertext request to a data provider with ciphertext of index information of a corresponding multi-entry label data record, for a plurality of target storage sequence numbers, in a case where it is determined that the plurality of target label data of the corresponding multi-entry label data record are stored in the same target plaintext, based on the plurality of target storage sequence numbers;
The ciphertext response unit is configured to receive a ciphertext response returned by the data provider and decrypt the ciphertext of the target plaintext in the ciphertext response to obtain the target plaintext;
and the data acquisition unit is configured to acquire the plurality of target tag data from the target plaintext.
In some embodiments, the ciphertext request unit configured to determine that the plurality of target tag data of the multi-tag data record are stored in the same target plaintext comprises:
determining index information of a target plaintext stored in each target tag data of each target tag data record according to a plurality of target storage serial numbers of the multi-target tag data records and encoding parameters from the tag data to the plaintext;
when index information of target plaintext stored in a plurality of target tag data of a multi-entry tag data record is the same, it is determined that a plurality of target tag data of a multi-entry tag data record are stored in the same target plaintext.
In some embodiments, the data acquisition unit is configured to
Determining the storage position of each target tag data record in a target plaintext according to a plurality of target storage serial numbers of the multi-target tag data records and the encoding parameters from the tag data to the plaintext;
And acquiring each target tag data from the target plaintext according to the storage position of each target tag data recorded in each target tag data in the target plaintext.
Some embodiments of the present disclosure provide a track inquiry apparatus, including:
a memory; the method comprises the steps of,
a processor coupled to the memory, the processor configured to perform a track lookup method based on instructions stored in the memory.
Some embodiments of the present disclosure propose a track inquiry system comprising: a trace query means for a data querying party and a data providing means for a data provider.
Some embodiments of the present disclosure propose a non-transitory computer readable storage medium, on which a computer program is stored, which when executed by a processor implements the steps of a method of a track inquiry.
Drawings
The drawings that are required for use in the description of the embodiments or the related art will be briefly described below. The present disclosure will be more clearly understood from the following detailed description with reference to the accompanying drawings.
It will be apparent to those of ordinary skill in the art that the drawings in the following description are merely examples of the disclosure and that other drawings may be derived from them without inventive faculty.
Fig. 1 illustrates a flow diagram of a method of a track query in accordance with some embodiments of the present disclosure.
Fig. 2 shows a schematic diagram of a track query system in accordance with some embodiments of the present disclosure.
Fig. 3 illustrates a schematic structural diagram of a track-seeking device in accordance with some embodiments of the present disclosure.
Fig. 4 shows a schematic structural view of a track-hidden inquiry apparatus according to other embodiments of the present disclosure.
Detailed Description
The technical solutions in the embodiments of the present disclosure will be clearly and completely described below with reference to the drawings in the embodiments of the present disclosure.
Unless specifically stated otherwise, the descriptions of "first," "second," and the like in this disclosure are used for distinguishing between different objects and are not used for indicating a meaning of size or timing, etc.
Fig. 1 illustrates a flow diagram of a method of a track query in accordance with some embodiments of the present disclosure.
As shown in FIG. 1, the track inquiry method of the embodiment comprises the following steps: steps 110-170.
In step 110, the data querying party negotiates an encryption method with the data provider for encrypting the identification data of its own data record to generate encrypted identification data. An example is given for step 110-1 and step 110-2.
In step 110-1, the data querying party constructs an unintentional Pseudo-Random Function (OPRF) according to the negotiated encryption method, and the key (also called seed) of the Function (set as F) is K, where the unintentional Pseudo-Random Function and the key thereof are used to encrypt the identification data of the data record thereof to generate encrypted identification data.
Or the data inquiring party constructs a hash function according to the negotiated encryption method, and the hash function is used for encrypting the identification data recorded by the data inquiring party to generate encrypted identification data.
In step 110-2, the data provider constructs an careless pseudo-random function with a key of K according to the negotiated encryption method, and the careless pseudo-random function and the key thereof are used for encrypting the identification data of the own data record to generate encrypted identification data.
Or the data provider constructs a hash function according to the negotiated encryption method, and the hash function is used for encrypting the identification data recorded by the data provider to generate encrypted identification data.
Wherein each data record includes identification data and tag data. The identification data is used to uniquely identify a data record, and the identification data of different data records is also different. The identification data includes, for example, but is not limited to, user identification, device identification, etc. that can function as an identification. The tag data is service data of the data record, the service data is service related data, the service data corresponding to different services are different, and the embodiment of the disclosure is not limited to the specific type of the service data.
Sequence number Identity number Name of person Age of
1 0001 Name 1 30
2 0002 Name 2 10
3 0003 Name 3 of person 20
For example, the table has 3 data records, the identification number can be used as identification data, and the name and age of the person can be used as tag data.
The storage sequence number of a data record can characterize which row of the database the data record is stored in. Before the database is updated, the storage sequence number of the data record in the database is fixed, and the hidden trace inquiry can be realized by using the storage sequence number.
The data record of the data querying party may be stored in a database (DB 1) of the data querying party. The data record of the data provider may be stored in a database (DB 2) of the data provider.
In step 120, the data querying party and the data provider encrypt the identification data of their own data records by adopting a agreed encryption method to generate encrypted identification data, and form respective encrypted identification data sets, and the data provider also sends the encrypted identification data sets to the data querying party. An example is given for step 120-1 and step 120-2.
In step 120-1, the data querying party encrypts the identification data of its own data record (i.e., the second identification data set X) according to the negotiated encryption method, for example, using an inadvertent pseudo-random function and its key or using a hash function, to generate encrypted identification data, forming a second encrypted identification data set H X The second encrypted identification data set includes encrypted identification data for each data record of the data querying party.
In step 120-2, the data provider encrypts the identification data of its own data record (i.e., the first identification data set Y) according to a negotiated encryption method, e.g., using an inadvertent pseudo-random function and its key or using a hash function, to generate encrypted identification data, forming a first encrypted identification data set H Y And transmitting a first encrypted identification data set to the data querying party, wherein the first encrypted identification data set comprises the encrypted identification data and the storage sequence number of each data record of the data provider.
If the identification data is the same, the data querying party and the data provider generate the same encrypted identification data for the same identification data to determine the intersection of the two party data records.
In step 130, the data querying party determines an intersection X' =h of the first encrypted identification data set and the second encrypted identification data set x ∩H Y I.e. the first encrypted identification data set and the second encrypted identification data setThe portion of the identification data set having the same encrypted identification data is determined as an intersection of the first encrypted identification data set and the second encrypted identification data set.
In some embodiments, determining the intersection of the first encrypted identification data set and the second encrypted identification data set comprises: according to the same ordering mode, the encrypted identification data in the first encrypted identification data set and the encrypted identification data in the second encrypted identification data set are arranged in ascending order or descending order; then, an intersection of the first encrypted identification data set and the second encrypted identification data set having the same encrypted identification data is determined. Thus, intersections can be determined more quickly using the sorted encrypted identification data.
In step 140, the data provider pre-processes its own tag data set M' to obtain plaintext data M, where a plurality of tag data of each of a plurality of data records of the data provider are stored in one plaintext.
Step 140 may be performed at any step before the data provider responds to the query of the data querying party, or may be performed in advance.
The plaintext space is a remainder polynomial-like ring R t =Z t [x]/(x n +1) which is an n-degree polynomial, the coefficients are integers of 0,1,2,..and t-1, and the binary representation of the coefficients corresponds to the logt bits, and a plaintext polynomial can store the data of the nlogt bits. Assuming that each tag data occupies S bits, tag data y arranged by storage sequence number 1 ,y 2 ,...,y p After aligning their lengths, p×s bits of all tag data are put into a plaintext polynomial (i.e., plaintext) in sequence for each nlogt bit, and n=p×s/(nlogt) plaintext is obtained in total, thereby completing the encoding of tag data into plaintext. That is, for a certain tag data, it will be stored on several consecutive coefficients of a certain plaintext polynomial (i.e. plaintext).
Where nlogt/S denotes the number of tag data that a plaintext polynomial (i.e., plaintext) can store, which is a numerical value greater than 1. The number nlogt/S of tag data that can be stored per plaintext is increased by increasing the number nlogt of bits that can be stored per plaintext and decreasing the number S of bits that each tag data occupies. Therefore, the number of tag data which can be obtained by one ciphertext request/response is further increased, and the communication overhead and the calculation overhead are further reduced. The method comprises the steps of increasing the number of bits nlogt which can be stored in each plaintext by increasing at least one of polynomial degree n of the plaintext and polynomial coefficient value range t of the plaintext. And the bit quantity S occupied by each tag data is reduced by a compression coding mode.
Assume that: the polynomial value space is the surplus class ring R q =Z q [x]/(x n +1) is an n-degree polynomial with coefficients of 0,1,2, integers of q-1, and the like, the plaintext polynomial takes the value from R t =Z t [x]/(x n +1), which is an n-degree polynomial, the coefficients are integers 0,1,2,... In an isomorphic encryption algorithm (such as a BFV algorithm), a secret computation operation (such as plaintext-ciphertext multiplication, ciphertext rotation, etc.) increases noise, consumes a noise budget, and has an initial noise budget of 2log q/log, so that the larger the plaintext coefficient range t is, the smaller the initial budget is, and when the increased noise accumulation exceeds the initial noise budget, decryption fails, resulting in a trace query failure. Therefore, a large logt should be selected without exceeding the noise budget. For example, when each tag occupies s=41 bits and n=2048, the maximum of logt may take 16, and exceeding 16 may result in a suppressed trace query failure.
In step 150, the data querying party initiates a ciphertext request to the data provider by using ciphertext of index information of the target plaintext for the plurality of target storage sequence numbers when determining that the plurality of target tag data of the corresponding multi-entry tag data record are stored in the same target plaintext according to the plurality of target storage sequence numbers in the intersection.
The data inquiry party knows the coding mode from the data label to the plaintext of the data provider, so the data inquiry party can determine which plaintext the label data of the data record are stored to according to the storage serial number of the data record in the data provider and the coding parameter from the data label to the plaintext.
Wherein determining that the plurality of target tag data of the multi-tag data record is stored in the same target plaintext comprises: determining index information of a target plaintext stored in each target tag data of each target tag data record according to a plurality of target storage serial numbers of the multi-target tag data records and encoding parameters from the tag data to the plaintext; when index information of target plaintext stored in a plurality of target tag data of a multi-entry tag data record is the same, it is determined that a plurality of target tag data of a multi-entry tag data record are stored in the same target plaintext.
Wherein determining index information of the target plaintext stored per target tag data of each target tag data record includes: determining the number of bits which can be stored in each plaintext according to the encoding parameters from the tag data to the plaintext; determining the number of the label data which can be stored in each plaintext according to the number of the bits which can be stored in each plaintext and the number of the bits occupied by each label data; and determining index information of the target plaintext stored in each target tag data of each target tag data record by dividing the number of the tag data which can be stored in each plaintext by each target storage sequence number of each target tag data record.
Wherein, the index information for determining the target plaintext can be expressed by the following formula:
wherein index represents the index of the target plaintext, id represents the target storage sequence number of the target data record, nlogt represents the number of bits that can be stored in each plaintext determined according to the encoding parameters (polynomial degree n, polynomial coefficient value range t of plaintext), S represents the number of bits occupied by each tag data, nlogt/S represents the number of tag data that can be stored in each plaintext,representing a rounding down.
As can be seen from the index formula, the label data corresponding to the continuous nlogt/S storage sequence numbers corresponds to a plaintext; correspondingly, for any one or more storage sequence numbers in the continuous nlogt/S storage sequence numbers, a ciphertext request can be initiated to the data provider by utilizing index information of the same plaintext corresponding to the storage sequence numbers.
The index of the target plaintext can also be converted into the target plaintext M [ i, j ]]At the position [ i, j ] of the plaintext matrix M composed of the plaintext]Where i=index/T, j=index mod T, T represents the dimension of matrix M, assuming that N plaintext is obtained by encoding tag data
In summary, the index information of the target plaintext in the present embodiment has two forms, the first is the index of the target plaintext, and the second is the position [ i, j ] of the target plaintext in the plaintext matrix formed by the plaintext. Compared with the first plaintext inquiry positioning mode in vector form, the second plaintext inquiry positioning mode in matrix form has the advantages that the matrix can be positioned from two dimensions of rows and columns at the same time, and the length of a single dimension of the matrix is far smaller than that of a one-dimensional vector, so that the target plaintext can be inquired and positioned more quickly by utilizing the second mode, and the inquiry efficiency is improved.
And under the condition that the data querying party judges that a plurality of target label data of corresponding multi-item label data records are stored in the same target plaintext according to a plurality of target storage sequence numbers in the intersection, initiating a ciphertext request to a data provider by utilizing ciphertext of index information of the target plaintext aiming at the plurality of target storage sequence numbers.
Assuming that target tag data for multiple target storage sequence numbers (e.g., id2, id 4) in the intersection are stored in the same target plaintext, the foregoing formula is utilizedIndex of target plaintext can be determined, and the above-mentioned public can be usedFormula i=index/T, j=index mod T, and determining a target plaintext M [ i, j ] according to the need]At the position [ i, j ] of the plaintext matrix M composed of the plaintext]。
If a vector-form plaintext query positioning mode is adopted, the data query party performs homomorphic encryption (such as BFV encryption) by using the self public key to obtain Enc (x) index ) And one ciphertext is used as a ciphertext request and is sent to the data provider after serialization.
If a matrix-form plaintext inquiry positioning mode is adopted, the data inquiry party utilizes the self public key to make homomorphic encryption (such as BFV encryption) so as to obtain Enc (x) i ),Enc(x j ) And the two ciphertexts are used as ciphertext requests and are sent to the data provider after being serialized.
The public key for encryption in step 150 and the private key for decryption in step 170 are homomorphically encrypted key pairs of the data querying party. Homomorphic encryption can perform operations such as addition, multiplication, rotation, and the like based on ciphertext. For example, enc (a+b) =enc (a) +enc (b); kχenc (a) =enc (kχa), where Enc represents a homomorphic encryption operation.
In step 160, the data provider performs a blank transmission and expansion on the ciphertext of the index information of the target plaintext to obtain a target vector of the ciphertext of the index information of the target plaintext, performs a matrix operation on a plaintext matrix formed by the plaintext and the target vector to obtain the ciphertext of the target plaintext, and returns a ciphertext response to the data querying party.
If a matrix-form plaintext query positioning mode is adopted, the data provider deserializes the received data of the data query party, and the received two ciphertext encs (x i ),Enc(x j ) Performing a "confusing spread" results in two column vectors of dimension T, such as (Enc (0),..: for Enc (x i ) For the ciphertext of 1 to appear at the ith position, for Enc (x j ) In other words, the ciphertext of 1 appears at the j-th position, and the ciphertext bit of 1 cannot be judged for the data provider due to the semantic security of homomorphic encryptionAnd the device is arranged so that i, j which the data inquirer wants to inquire cannot be known.
Then, the data provider performs matrix-vector multiplication on the plaintext matrix M and the above two ciphertext vectors, namely, homomorphic encryption of Ming Wen Miwen, assuming that R ciphertext C is obtained 1 ,C 2 ,...,C R R is the ciphertext expansion coefficient as the target plaintext M [ i, j ]]After serialization, the ciphertext response is sent to the data querying party.
If a vector-form plaintext query positioning mode is adopted, the data provider deserializes the received data of the data querying party, and a received ciphertext Enc (x index ) Performing a "confusing transmission expansion" results in a column vector of dimension N in a form such as (Enc (0),.. index ) In other words, the ciphertext of 1 appears at the index position, and the data provider cannot determine the ciphertext position of 1 due to the semantic security of homomorphic encryption, so that the index that the data inquirer wants to inquire cannot be known.
Then, the data provider performs vector-vector multiplication on the plaintext vector formed by each plaintext and the above ciphertext vector, namely, the homomorphic encryption of the plaintext Wen Miwen is performed, and the R' ciphertext C is obtained 1 ,C 2 ,...,C R′ R' is the ciphertext expansion coefficient as the target plaintext M [ i, j ]]After serialization, the ciphertext response is sent to the data querying party.
In step 170, the data querying party receives the ciphertext response returned by the data provider, decrypts the ciphertext of the target plaintext in the ciphertext response to obtain the target plaintext, acquires the plurality of target tag data from the target plaintext, and may store the acquired target tag data in the database DB1. Thus, the data inquirer can utilize own tag data and the tag data of the data provider to develop service.
The received ciphertext response is reversely sequenced by the data query party, R ciphertext is combined and decrypted by utilizing a private key of the data query party, or R' ciphertext is combined and decrypted to obtain a target plaintext M [ i, j ], and then the target plaintext M [ i, j ] is decoded according to the encoding mode from the tag data to the plaintext, so that a plurality of tag data of a plurality of target storage serial numbers can be obtained.
Wherein obtaining the plurality of target tag data from the target plaintext by decoding comprises: determining the storage position of each target tag data record in a target plaintext according to a plurality of target storage serial numbers of the multi-target tag data records and the encoding parameters from the tag data to the plaintext; and acquiring each target tag data from the target plaintext according to the storage position of each target tag data recorded in each target tag data in the target plaintext.
Wherein determining the storage location of each target tag data record in the target plaintext comprises: determining the number of bits which can be stored in each plaintext according to the encoding parameters from the tag data to the plaintext; determining the number of the label data which can be stored in each plaintext according to the number of the bits which can be stored in each plaintext and the number of the bits occupied by each label data; and determining the storage position of each target tag data record in the target plaintext by performing modular arithmetic on the number of the tag data which can be stored in each plaintext by each target storage sequence number of each target tag data record.
Wherein, determining the storage location of the target tag data in the target plaintext can be represented by the following formula: offset=id mod (nlogt/S),
Wherein the offset represents the initial storage position of the target tag data in the target plaintext, id represents the target storage sequence number of the target data record, nlog represents the number of bits which can be stored in each plaintext and determined according to the coding parameters (polynomial degree n and polynomial coefficient value range t of the plaintext), S represents the number of bits occupied by each tag data, nlog/S represents the number of tag data which can be stored in each plaintext, and mod represents modulo arithmetic.
Knowing the starting storage location offset of the target tag data in the target plaintext, and the number of bits S each tag data occupies, the corresponding target tag data can be extracted from the target plaintext.
In some embodiments, the data inquirer may initiate a ciphertext request for each batch of storage sequence numbers in the intersection. Specifically, the data querying party divides the target storage sequence numbers in the intersection into one or more batches, each batch comprises one or more groups, the target storage sequence numbers of each group correspond to the same target plaintext, the target storage sequence numbers of different groups correspond to different target plaintext, and a ciphertext request is initiated to the data provider for each batch, wherein the ciphertext carries index information of each target plaintext corresponding to each group of the batch. Correspondingly, after receiving the ciphertext response returned by the data provider, the subsequent data querying party decrypts the ciphertext of each target plaintext in the ciphertext response to obtain each target plaintext of the batch, and then obtains corresponding target tag data from each target plaintext. In the case that one batch corresponds to a plurality of target plaintext, the communication overhead can be further reduced. Wherein the batch size parameter (batch size, i.e. the number of groups per batch) can be flexibly set. In addition, the data query party can use the data structure of the unordered_map to store the target label data in the initial storage position (namely offset) of the target plaintext as a value by taking index information (index or [ i, j ]) of the target plaintext as a key, so that the target label data is convenient to search.
According to the trace query scheme, the intersection of the data records of the data provider and the data query party is determined by means of encrypting identification data in a manner of solving the intersection without revealing privacy of the two parties, if it is determined that a plurality of target tag data corresponding to a plurality of target storage serial numbers in the intersection are stored in the same target plaintext, a ciphertext request is initiated to the data provider by utilizing ciphertext of index information of the target plaintext for the plurality of target storage serial numbers, ciphertext of the target plaintext in ciphertext response is decrypted, and the plurality of target tag data can be obtained from the target tag data. Therefore, a plurality of target tag data can be obtained simultaneously through one ciphertext request and one ciphertext response, and communication overhead and calculation overhead are reduced.
The communication overhead and the computation overhead are compared and analyzed as follows. Assuming that a matrix-form plaintext query positioning mode is adopted, 2 ciphertexts need to be transmitted for a request, R ciphertexts need to be transmitted for a response, the size of each ciphertext is assumed to be c, and if P data records are queried.
According to the related art scheme, ciphertext communication overhead of the data inquirer and the data provider is (r+2) ×p×c. According to the scheme of the embodiment of the disclosure, assuming that s data records are queried in the same ciphertext request on average, ciphertext communication overhead of a data querying party and a data provider is (R+2) multiplied by P multiplied by C/s. As can be seen, the scheme of the embodiments of the present disclosure greatly reduces ciphertext communication overhead.
For multiple data records corresponding to the same plaintext, the scheme of the embodiment of the present disclosure requires one-time secret state computation, while the scheme of the related art requires multiple secret state computation, so the scheme of the embodiment of the present disclosure greatly reduces the computation overhead.
Fig. 2 shows a schematic diagram of a track query system in accordance with some embodiments of the present disclosure.
As shown in FIG. 2, the track inquiry system 200 of this embodiment includes: a trace query means 210 for a data inquirer and a data providing means 220 for a data provider.
A track-seeking means 210 configured to determine an intersection of a first set of encrypted identification data comprising encrypted identification data and a storage sequence number for each data record of a data provider and a second set of encrypted identification data comprising encrypted identification data for each data record of a data-seeking party, each data record comprising identification data and tag data, a plurality of tag data for each plurality of data records of a data provider being stored in a plaintext;
under the condition that a plurality of target label data of corresponding multi-item label data records are stored in the same target plaintext according to a plurality of target storage sequence numbers in the intersection, initiating a ciphertext request to a data provider by utilizing ciphertext of index information of the target plaintext according to the plurality of target storage sequence numbers;
Receiving a ciphertext response returned by a data provider, and decrypting ciphertext of the target plaintext in the ciphertext response to obtain the target plaintext;
and acquiring the plurality of target tag data from the target plaintext.
The track-seeking means 210 configured to determine that a plurality of target tag data of a multi-entry tag data record are stored in the same target plaintext comprises:
determining index information of a target plaintext stored in each target tag data of each target tag data record according to a plurality of target storage serial numbers of the multi-target tag data records and encoding parameters from the tag data to the plaintext;
when index information of target plaintext stored in a plurality of target tag data of a multi-entry tag data record is the same, it is determined that a plurality of target tag data of a multi-entry tag data record are stored in the same target plaintext.
The track-seeking means 210 configured to determine index information of a target plaintext stored per target tag data of each target tag data record comprises:
determining the number of bits which can be stored in each plaintext according to the encoding parameters from the tag data to the plaintext;
determining the number of the label data which can be stored in each plaintext according to the number of the bits which can be stored in each plaintext and the number of the bits occupied by each label data;
And determining index information of the target plaintext stored in each target tag data of each target tag data record by dividing the number of the tag data which can be stored in each plaintext by each target storage sequence number of each target tag data record.
The track-hiding query device 210 configured to obtain the plurality of target tag data from the target plaintext includes:
determining the storage position of each target tag data record in a target plaintext according to a plurality of target storage serial numbers of the multi-target tag data records and the encoding parameters from the tag data to the plaintext;
and acquiring each target tag data from the target plaintext according to the storage position of each target tag data recorded in each target tag data in the target plaintext.
The track-seeking means 210 configured to determine the storage location of each target tag data record in the target plaintext comprises:
determining the number of bits which can be stored in each plaintext according to the encoding parameters from the tag data to the plaintext;
determining the number of the label data which can be stored in each plaintext according to the number of the bits which can be stored in each plaintext and the number of the bits occupied by each label data;
And determining the storage position of each target tag data record in the target plaintext by performing modular arithmetic on the number of the tag data which can be stored in each plaintext by each target storage sequence number of each target tag data record.
The track-seeking means 210 is configured to increase the amount of label data that can be stored per plaintext by increasing the amount of bits that can be stored per plaintext and decreasing the amount of bits that can be occupied per label data.
A trace query means 210 configured to increase the number of bits that can be stored per plaintext by increasing at least one of the polynomial degree of the plaintext, the polynomial coefficient range of the plaintext; or, the bit number occupied by each tag data is reduced by a compression coding mode.
The track-seeking means 210 configured to determine an intersection of the first encrypted identification data set and the second encrypted identification data set comprises:
according to the same ordering mode, the encrypted identification data in the first encrypted identification data set and the encrypted identification data in the second encrypted identification data set are arranged in ascending order or descending order;
an intersection of a first set of encrypted identification data with a second set of encrypted identification data having the same encrypted identification data is determined.
The data inquiring party and the data providing party adopt a agreed encryption method to encrypt the identification data of the data records of the data inquiring party and the data providing party respectively to generate encrypted identification data.
The index information of the target plaintext includes: an index of the target plaintext; or the target plaintext is at the position of a plaintext matrix formed by the various plaintext.
The track-hiding query means 210 is configured to initiate a ciphertext request to the data provider comprising: dividing the target storage sequence numbers in the intersection into one or more batches, wherein each batch comprises one or more groups, the target storage sequence numbers of each group correspond to the same target plaintext, the target storage sequence numbers of different groups correspond to different target plaintext, and initiating a ciphertext request to a data provider for each batch, wherein the ciphertext carries the ciphertext of index information of each target plaintext corresponding to each group of the batch; after receiving the ciphertext response returned by the data provider, decrypting the ciphertext of each target plaintext in the ciphertext response to obtain each target plaintext of the batch.
A data providing device 220 configured to: and carrying out the transmission and expansion on the ciphertext of the index information of the target plaintext in a blank mode to obtain a target vector of the ciphertext of the index information of the target plaintext, and carrying out matrix operation on a plaintext matrix formed by the plaintext and the target vector to obtain the ciphertext of the target plaintext.
Fig. 3 illustrates a schematic structural diagram of a track-seeking device in accordance with some embodiments of the present disclosure.
As shown in fig. 3, the track inquiry apparatus 210 of this embodiment includes: units 310-340.
An intersection determination unit 310 configured to determine an intersection of a first encrypted identification data set including encrypted identification data and a storage sequence number of each data record of the data provider and a second encrypted identification data set including encrypted identification data of each data record of the data inquirer, each data record including identification data and tag data, a plurality of tag data of each plurality of data records of the data provider being stored in one plain text;
a ciphertext request unit 320 configured to initiate a ciphertext request to a data provider with ciphertext of index information of a corresponding multi-entry label data record, for a plurality of target storage sequence numbers, in a case where it is determined that the plurality of target label data of the corresponding multi-entry label data record are stored in the same target plaintext, based on the plurality of target storage sequence numbers in the intersection;
the ciphertext response unit 330 is configured to receive a ciphertext response returned by the data provider, and decrypt the ciphertext of the target plaintext in the ciphertext response to obtain the target plaintext;
A data acquisition unit 340 configured to acquire the plurality of target tag data from the target plaintext.
Wherein the ciphertext request unit 320 configured to determine that the plurality of target tag data of the multi-tag data record are stored in the same target plaintext includes:
determining index information of a target plaintext stored in each target tag data of each target tag data record according to a plurality of target storage serial numbers of the multi-target tag data records and encoding parameters from the tag data to the plaintext;
when index information of target plaintext stored in a plurality of target tag data of a multi-entry tag data record is the same, it is determined that a plurality of target tag data of a multi-entry tag data record are stored in the same target plaintext.
Wherein the ciphertext request unit 320 configured to determine the index information of the target plaintext stored by each target tag data of each target tag data record includes:
determining the number of bits which can be stored in each plaintext according to the encoding parameters from the tag data to the plaintext;
determining the number of the label data which can be stored in each plaintext according to the number of the bits which can be stored in each plaintext and the number of the bits occupied by each label data;
And determining index information of the target plaintext stored in each target tag data of each target tag data record by dividing the number of the tag data which can be stored in each plaintext by each target storage sequence number of each target tag data record.
Wherein the data acquisition unit 340 is configured to:
determining the storage position of each target tag data record in a target plaintext according to a plurality of target storage serial numbers of the multi-target tag data records and the encoding parameters from the tag data to the plaintext;
and acquiring each target tag data from the target plaintext according to the storage position of each target tag data recorded in each target tag data in the target plaintext.
Wherein the data acquisition unit 340 is configured to: determining the storage location of each target tag data record in the target plaintext comprises:
determining the number of bits which can be stored in each plaintext according to the encoding parameters from the tag data to the plaintext;
determining the number of the label data which can be stored in each plaintext according to the number of the bits which can be stored in each plaintext and the number of the bits occupied by each label data;
and determining the storage position of each target tag data record in the target plaintext by performing modular arithmetic on the number of the tag data which can be stored in each plaintext by each target storage sequence number of each target tag data record.
The number of tag data that can be stored per plaintext is increased by increasing the number of bits that can be stored per plaintext and decreasing the number of bits that each tag data occupies. The number of bits which can be stored in each plaintext is increased by increasing at least one of the polynomial degree of the plaintext and the value range of the polynomial coefficient of the plaintext. The number of bits occupied by each tag data is reduced by the compression coding mode.
An intersection determination unit 310 configured to arrange the encrypted identification data in the first encrypted identification data set and the encrypted identification data in the second encrypted identification data set in ascending order or descending order in the same sort manner; an intersection of a first set of encrypted identification data with a second set of encrypted identification data having the same encrypted identification data is determined.
Ciphertext request unit 320 configured to initiate a ciphertext request to a data provider comprising: dividing the target storage sequence numbers in the intersection into one or more batches, wherein each batch comprises one or more groups, the target storage sequence numbers of each group correspond to the same target plaintext, the target storage sequence numbers of different groups correspond to different target plaintext, and initiating a ciphertext request to a data provider for each batch, wherein the ciphertext carries the ciphertext of index information of each target plaintext corresponding to each group of the batch; and the ciphertext response unit 330 is configured to decrypt ciphertext of each target plaintext in the ciphertext response to obtain each target plaintext of the batch after receiving the ciphertext response returned by the data provider.
Fig. 4 shows a schematic structural view of a track-hidden inquiry apparatus according to other embodiments of the present disclosure.
As shown in fig. 4, the track inquiry apparatus 210 of this embodiment includes: a memory 410 and a processor 420 coupled to the memory 410, the processor 420 being configured to execute the track lookup method of any of the foregoing embodiments based on instructions stored in the memory 410.
The track-seeking device 210 may also include an input-output interface 430, a network interface 440, a storage interface 450, and the like. These interfaces 430, 440, 450 and the memory 410 and the processor 420 may be connected, for example, by a bus 460.
The memory 410 may include, for example, system memory, fixed nonvolatile storage media, and the like. The system memory stores, for example, an operating system, application programs, boot Loader (Boot Loader), and other programs.
The processor 420 may be implemented as a discrete hardware component such as a general purpose processor, a digital signal processor (Digital Signal Processor, DSP), an application specific integrated circuit (Application Specific Integrated Circuit, ASIC), a field programmable gate array (Field Programmable Gate Array, FPGA), or other programmable logic device, discrete gates, or transistors.
The input/output interface 430 provides a connection interface for input/output devices such as a display, a mouse, a keyboard, a touch screen, and the like. Network interface 440 provides a connection interface for various networking devices. Storage interface 450 provides a connection interface for external storage devices such as SD cards, U-discs, and the like. Bus 460 may employ any of a variety of bus architectures. For example, bus structures include, but are not limited to, an industry standard architecture (Industry Standard Architecture, ISA) bus, a micro channel architecture (Micro Channel Architecture, MCA) bus, and a peripheral component interconnect (Peripheral Component Interconnect, PCI) bus.
It should be noted that, in the technical solution of the present disclosure, the acquisition, storage, application, etc. of the related personal information of the user all conform to the rules of the related laws and regulations, and do not violate the popular regulations of the public order.
It will be appreciated by those skilled in the art that embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more non-transitory computer-readable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that each flowchart and/or block of the flowchart illustrations and/or block diagrams, and combinations of flowcharts and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The foregoing description of the preferred embodiments of the present disclosure is not intended to limit the disclosure, but rather to enable any modification, equivalent replacement, improvement or the like, which fall within the spirit and principles of the present disclosure.

Claims (18)

1. A method of a track query, comprising:
determining an intersection of a first encrypted identification data set and a second encrypted identification data set, wherein the first encrypted identification data set comprises encrypted identification data and a storage sequence number of each data record of a data provider, the second encrypted identification data set comprises encrypted identification data of each data record of a data querying party, each data record comprises identification data and tag data, and a plurality of tag data of each plurality of data records of the data provider are stored in a plaintext;
Under the condition that a plurality of target label data of corresponding multi-item label data records are stored in the same target plaintext according to a plurality of target storage sequence numbers in the intersection, initiating a ciphertext request to a data provider by utilizing ciphertext of index information of the target plaintext according to the plurality of target storage sequence numbers;
receiving a ciphertext response returned by a data provider, and decrypting ciphertext of the target plaintext in the ciphertext response to obtain the target plaintext;
the plurality of target tag data is obtained from the target plaintext,
wherein determining that the plurality of target tag data of the corresponding multi-tag data record is stored in the same target plaintext comprises: determining index information of a target plaintext stored in each target tag data of each target tag data record; when index information of target plaintext stored in a plurality of target tag data of a multi-entry tag data record is the same, it is determined that a plurality of target tag data of a multi-entry tag data record are stored in the same target plaintext.
2. The method of trace query as claimed in claim 1, wherein determining index information of target plaintext stored per target tag data of each target tag data record comprises:
And determining index information of the target plaintext stored in each target tag data of each target tag data record according to the target storage serial numbers of the multiple target tag data records and the encoding parameters from the tag data to the plaintext.
3. The method of trace query as claimed in claim 2, wherein determining index information of target plaintext stored per target tag data of each target tag data record comprises:
determining the number of bits which can be stored in each plaintext according to the encoding parameters from the tag data to the plaintext;
determining the number of the label data which can be stored in each plaintext according to the number of the bits which can be stored in each plaintext and the number of the bits occupied by each label data;
and determining index information of the target plaintext stored in each target tag data of each target tag data record by dividing the number of the tag data which can be stored in each plaintext by each target storage sequence number of each target tag data record.
4. The method of concealed track inquiry according to claim 1, wherein obtaining the plurality of target tag data from the target plaintext comprises:
determining the storage position of each target tag data record in a target plaintext according to a plurality of target storage serial numbers of the multi-target tag data records and the encoding parameters from the tag data to the plaintext;
And acquiring each target tag data from the target plaintext according to the storage position of each target tag data recorded in each target tag data in the target plaintext.
5. The method of suppressing a trace query as defined in claim 4, wherein determining the storage location of each target tag data record in the target plaintext comprises:
determining the number of bits which can be stored in each plaintext according to the encoding parameters from the tag data to the plaintext;
determining the number of the label data which can be stored in each plaintext according to the number of the bits which can be stored in each plaintext and the number of the bits occupied by each label data;
and determining the storage position of each target tag data record in the target plaintext by performing modular arithmetic on the number of the tag data which can be stored in each plaintext by each target storage sequence number of each target tag data record.
6. The method of a track query as claimed in claim 3 or 5, further comprising:
the number of tag data that can be stored per plaintext is increased by increasing the number of bits that can be stored per plaintext and decreasing the number of bits that each tag data occupies.
7. The method of trace query as claimed in claim 6, wherein,
The number of bits which can be stored in each plaintext is increased by increasing at least one of the polynomial degree of the plaintext and the value range of the polynomial coefficient of the plaintext; or alternatively, the process may be performed,
the number of bits occupied by each tag data is reduced by the compression coding mode.
8. The method of a track-with-hidden query as claimed in any one of claims 1 to 5, wherein determining an intersection of the first encrypted identification data set and the second encrypted identification data set comprises:
according to the same ordering mode, the encrypted identification data in the first encrypted identification data set and the encrypted identification data in the second encrypted identification data set are arranged in ascending order or descending order;
an intersection of a first set of encrypted identification data with a second set of encrypted identification data having the same encrypted identification data is determined.
9. The track inquiry method according to any one of claims 1 to 5, wherein the data inquirer and the data provider encrypt the identification data of their own data records by using an agreed encryption method, respectively, to generate encrypted identification data.
10. The method of a track-hidden query as claimed in any one of claims 1 to 5, wherein the index information of the target plaintext comprises:
an index of the target plaintext; or alternatively, the process may be performed,
The target plaintext is at the position of a plaintext matrix formed by the various plaintext.
11. A method of suppressing a trace query as defined in any one of claims 1-5, the initiating a ciphertext request to a data provider comprising: dividing the target storage sequence numbers in the intersection into one or more batches, wherein each batch comprises one or more groups, the target storage sequence numbers of each group correspond to the same target plaintext, the target storage sequence numbers of different groups correspond to different target plaintext, and initiating a ciphertext request to a data provider for each batch, wherein the ciphertext carries the ciphertext of index information of each target plaintext corresponding to each group of the batch;
after receiving the ciphertext response returned by the data provider, decrypting the ciphertext of each target plaintext in the ciphertext response to obtain each target plaintext of the batch.
12. The method of a track query as claimed in any one of claims 1 to 5, further comprising:
and the data provider performs the transmission and expansion on the ciphertext of the index information of the target plaintext in a blank mode to obtain a target vector of the ciphertext of the index information of the target plaintext, and performs matrix operation on a plaintext matrix formed by the plaintext and the target vector to obtain the ciphertext of the target plaintext.
13. A track inquiry apparatus comprising:
an intersection determination unit configured to determine an intersection of a first encrypted identification data set including encrypted identification data and a storage sequence number of each data record of the data provider and a second encrypted identification data set including encrypted identification data of each data record of the data inquirer, each data record including identification data and tag data, a plurality of tag data of each plurality of data records of the data provider being stored in one plain text;
a ciphertext request unit configured to initiate a ciphertext request to a data provider with ciphertext of index information of a corresponding multi-entry label data record, for a plurality of target storage sequence numbers, in a case where it is determined that the plurality of target label data of the corresponding multi-entry label data record are stored in the same target plaintext, based on the plurality of target storage sequence numbers; wherein determining that the plurality of target tag data of the corresponding multi-tag data record is stored in the same target plaintext comprises: determining index information of a target plaintext stored in each target tag data of each target tag data record; under the condition that index information of target plaintext stored by a plurality of target tag data of the multi-item target data record is the same, judging that the plurality of target tag data of the multi-item target data record are stored in the same target plaintext;
The ciphertext response unit is configured to receive a ciphertext response returned by the data provider and decrypt the ciphertext of the target plaintext in the ciphertext response to obtain the target plaintext;
and the data acquisition unit is configured to acquire the plurality of target tag data from the target plaintext.
14. The trace query device of claim 13, wherein the ciphertext request unit is configured to determine the index information of the target plaintext stored per target tag data of each target data record based on a plurality of target storage sequence numbers of the multi-entry tag data record and a tag data to plaintext encoding parameter.
15. The trace query device as claimed in claim 13, wherein the data acquisition unit is configured to
Determining the storage position of each target tag data record in a target plaintext according to a plurality of target storage serial numbers of the multi-target tag data records and the encoding parameters from the tag data to the plaintext;
and acquiring each target tag data from the target plaintext according to the storage position of each target tag data recorded in each target tag data in the target plaintext.
16. A track inquiry apparatus comprising:
A memory; the method comprises the steps of,
a processor coupled to the memory, the processor configured to perform the track lookup method of any of claims 1-11 based on instructions stored in the memory.
17. A track query system, comprising:
a track-seeking means for a data querying party, configured to perform the track-seeking method of any one of claims 1 to 11; the method comprises the steps of,
the data providing device is used for a data provider and is configured to perform the blank transmission and expansion on the ciphertext of the index information of the target plaintext to obtain a target vector of the ciphertext of the index information of the target plaintext, and perform matrix operation on a plaintext matrix formed by the plaintext and the target vector to obtain the ciphertext of the target plaintext.
18. A non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the track lookup method of any of claims 1-12.
CN202211252878.5A 2022-10-13 2022-10-13 Method, device and system for inquiring trace and storage medium Active CN115688167B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211252878.5A CN115688167B (en) 2022-10-13 2022-10-13 Method, device and system for inquiring trace and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211252878.5A CN115688167B (en) 2022-10-13 2022-10-13 Method, device and system for inquiring trace and storage medium

Publications (2)

Publication Number Publication Date
CN115688167A CN115688167A (en) 2023-02-03
CN115688167B true CN115688167B (en) 2023-09-26

Family

ID=85064692

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211252878.5A Active CN115688167B (en) 2022-10-13 2022-10-13 Method, device and system for inquiring trace and storage medium

Country Status (1)

Country Link
CN (1) CN115688167B (en)

Families Citing this family (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116257887B (en) * 2023-05-16 2023-08-22 建信金融科技有限责任公司 Data query method, device, system, equipment and storage medium
CN116702215B (en) * 2023-08-07 2023-12-08 腾讯科技(深圳)有限公司 Query processing method, device, equipment and medium
CN116821461B (en) * 2023-08-28 2023-12-12 云阵(杭州)互联网技术有限公司 Resource query method and device
CN117010002B (en) * 2023-09-28 2024-01-05 腾讯科技(深圳)有限公司 Sample identifier alignment method and device, electronic equipment and storage medium
CN117194756A (en) * 2023-11-02 2023-12-08 北京信安世纪科技股份有限公司 Data processing method, device and storage medium

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114090638A (en) * 2022-01-20 2022-02-25 支付宝(杭州)信息技术有限公司 Combined data query method and device based on privacy protection
CN114139204A (en) * 2021-12-03 2022-03-04 杭州安恒信息技术股份有限公司 Method, device and medium for inquiring hiding trace
CN114943090A (en) * 2022-07-22 2022-08-26 图灵人工智能研究院(南京)有限公司 Large-scale face library hidden query method based on homomorphic encryption

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR3040842B1 (en) * 2015-09-03 2018-12-07 Commissariat A L'energie Atomique Et Aux Energies Alternatives METHOD OF CONFIDENTIAL INTERROGATION OF A GEODEPENDANT SERVICE BY HOMOMORPHIC CRYPTOGRAPHY

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114139204A (en) * 2021-12-03 2022-03-04 杭州安恒信息技术股份有限公司 Method, device and medium for inquiring hiding trace
CN114090638A (en) * 2022-01-20 2022-02-25 支付宝(杭州)信息技术有限公司 Combined data query method and device based on privacy protection
CN114943090A (en) * 2022-07-22 2022-08-26 图灵人工智能研究院(南京)有限公司 Large-scale face library hidden query method based on homomorphic encryption

Also Published As

Publication number Publication date
CN115688167A (en) 2023-02-03

Similar Documents

Publication Publication Date Title
CN115688167B (en) Method, device and system for inquiring trace and storage medium
US10489604B2 (en) Searchable encryption processing system and searchable encryption processing method
CN110895611B (en) Data query method, device, equipment and system based on privacy information protection
JP6180177B2 (en) Encrypted data inquiry method and system capable of protecting privacy
US20140233727A1 (en) Method for secure substring search
US7933404B2 (en) Primitives for fast secure hash functions and stream ciphers
US20170308580A1 (en) Data Aggregation/Analysis System and Method Therefor
CN111143865B (en) User behavior analysis system and method for automatically generating label on ciphertext data
CN100585670C (en) Computer system and method for safely adding multiple integers
US8600048B1 (en) Format-translating encryption systems
WO1997031449A1 (en) Communication method using common cryptographic key
US10831919B2 (en) Method for confidentially querying an encrypted database
Wu et al. SecEDMO: Enabling efficient data mining with strong privacy protection in cloud computing
Randall et al. Privacy preserving record linkage using homomorphic encryption
CN113434555B (en) Data query method and device based on searchable encryption technology
JP4594078B2 (en) Personal information management system and personal information management program
CN117150557A (en) Compression-supporting private information retrieval method and system based on secure multiparty computing
US20200389297A1 (en) Adaptive encryption for entity resolution
KR100995123B1 (en) Methods and apparatuses for cipher indexing in order to effective search of ciphered-database
CN115795514A (en) Private information retrieval method, device and system
CN115510490A (en) Method, device, system and equipment for inquiring encrypted data shared by non-secret keys
WO2024077948A1 (en) Private query method, apparatus and system, and storage medium
US11829512B1 (en) Protecting membership in a secure multi-party computation and/or communication
CN113965310B (en) Method for realizing mixed privacy calculation processing based on label capable of being controlled to be de-identified
CN114500006B (en) Query request processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant