CN115905210A - Database system and database processing method - Google Patents
Database system and database processing method Download PDFInfo
- Publication number
- CN115905210A CN115905210A CN202210516107.6A CN202210516107A CN115905210A CN 115905210 A CN115905210 A CN 115905210A CN 202210516107 A CN202210516107 A CN 202210516107A CN 115905210 A CN115905210 A CN 115905210A
- Authority
- CN
- China
- Prior art keywords
- index
- ciphertext
- ore
- item
- execution environment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
A database system and a database processing method are disclosed. The system comprises: a key generation server for generating different encryption keys for different indices within a trusted execution environment; the index encryption server is used for encrypting the index items of the respective indexes by using corresponding encryption keys in the trusted execution environment to obtain the sequence visible encryption (ORE) ciphertext index items of the respective indexes; the index data structure construction server is used for generating an index data structure by using the ORE ciphertext index items of all indexes outside the trusted execution environment; and an index database for storing the generated index data structure. By using the ORE ciphertext as an indexing item, the index construction and the subsequent index search can realize encryption comparison of the indexing item without entering TEE and decrypting data, so that the search item can be quickly positioned with the performance close to that of a plaintext index. In addition, the original index data structure of the system can be used, and the reconstruction cost of the full-encryption database is reduced.
Description
Technical Field
The present disclosure relates to the field of databases, and in particular, to a database system and a database processing method.
Background
The fully encrypted database encrypts data in a full link (from a client to a database instance, including a network, a memory and storage), aims to eliminate hidden data leakage hazards of the database at any time during operation, avoids the possibility that a platform and operation and maintenance personnel contact plaintext data, and ensures complete ownership of data on cloud of a user.
Index lookup is a basic function of databases. Although ciphertext data processing based on a Trusted Execution Environment (TEE) meets the privacy protection requirement of a user when the user uses a cloud platform, for ciphertext data, a large number of comparison operations in an index all need to call the TEE and decrypt the data, and the number of times of calling and decrypting is reduced because the index data structure is difficult to be integrally placed in the TEE due to limited resources of the TEE, so that the index performance is greatly reduced.
For this reason, a scheme capable of improving the index efficiency while ensuring data security is required.
Disclosure of Invention
One technical problem to be solved by the present disclosure is to provide a database processing scheme, in which an ORE ciphertext is used as an index entry, so that an index lookup process can implement encryption comparison in an index data structure without entering a TEE and decrypting data, and thus, an entry can be quickly located and looked up with performance close to that of a plaintext index. Furthermore, because the scheme only relates to the encryption of the index item, the original index data structure of the database system can be used, and the reconstruction cost of the full-encryption database is greatly reduced.
According to a first aspect of the present disclosure, there is provided a database system comprising: a key generation server for generating different encryption keys for different indices within a trusted execution environment; the index encryption server is used for encrypting the index items of the respective indexes by using corresponding encryption keys in the trusted execution environment to obtain the ORE ciphertext index items of the respective indexes; an index data structure construction server for generating an index data structure of each index using an ORE (order visible encryption) ciphertext indexing item of each index outside the trusted execution environment; and an index database for storing the index data structure of each generated index.
Optionally, the database system further comprises: and the query server is used for comparing the ORE ciphertext of the query condition aiming at the specific index with the ORE ciphertext index item in the index data structure of the specific index outside the trusted execution environment and returning a search result based on the comparison result, wherein the ORE ciphertext of the query condition is obtained by ORE encryption on the query condition by using the encryption key of the specific index in the trusted execution environment or at the client.
According to a second aspect of the present disclosure, there is provided a database processing method including: generating an encryption key within the trusted execution environment for encrypting the current index; encrypting the index item of the current index by using the encryption key in a trusted execution environment to obtain a sequence visible encrypted ORE ciphertext index item of the current index; and generating an index data structure of the current index using the ORE ciphertext indexing item outside a trusted execution environment.
Optionally, generating the index data structure of the current index using the ORE ciphertext includes: and constructing the index data structure of the current index according to the comparison result of the ORE ciphertext index item based on the same construction rule as the plaintext construction.
Optionally, when the current index includes an index item pointing to a ciphertext data barcode, the ORE ciphertext index item is a key, and actual ciphertext data corresponding to the ORE ciphertext index item is a value.
Optionally, the method further comprises: encrypting the newly added indexing item by using the current indexing encryption key to obtain an ORE ciphertext of the newly added indexing item; and updating the index data structure of the current index by using the ORE ciphertext of the newly added index item as the index item of the newly added ORE ciphertext to obtain an updated index data structure.
Optionally, the method further comprises: acquiring an encryption key of a current index; encrypting the query condition by using the encryption key to obtain an ORE ciphertext of the query condition; comparing an ORE ciphertext of the query condition with an ORE ciphertext indexing item in an index data structure of a current index based on an ORE comparison algorithm under the condition of not entering a trusted execution environment, wherein the ORE ciphertext indexing item is obtained by encrypting the indexing item of the current index by using the encryption key; and returning a search result based on the comparison result.
Optionally, returning the search result based on the comparison result includes at least one of: when the ORE ciphertext index item serving as the comparison result points to the corresponding ciphertext item, returning the pointed corresponding ciphertext item data; and when the ORE ciphertext index item serving as the comparison result points to a plurality of ciphertext items, entering a trusted execution environment for subsequent comparison, and returning ciphertext item data meeting the query condition.
According to a third aspect of the present disclosure, there is provided a data query method including: acquiring a current index encryption key of a current index from a trusted execution environment of a server; encrypting the query condition by using the current index encryption key in a trusted execution environment of the server or in a client to obtain an ORE ciphertext of the query condition; and acquiring a search result returned by the server comparing the ORE ciphertext of the query condition with the ORE ciphertext index item in the index data structure of the current index based on an ORE comparison algorithm outside the trusted execution environment.
According to a fourth aspect of the present disclosure, there is provided a computing device comprising: a processor; and a memory having executable code stored thereon, which when executed by the processor, causes the processor to perform the method according to the second and/or third aspect.
According to a fifth aspect of the present disclosure, there is provided a non-transitory machine-readable storage medium having stored thereon executable code, which when executed by a processor of an electronic device, causes the processor to perform the method as described in the second and/or third aspect above.
Thus, the present invention encrypts the indexing item through the ORE and thus constructs an index data structure based on the sequential index, so that the indexing item and the query condition can be directly compared in an encrypted form, and thus locates the contents to be searched. Because index lookup is performed under the condition that both the index item and the query condition are encrypted, the need of entering TEE for decryption comparison is eliminated, and the overall performance of the fully encrypted database is greatly improved.
Drawings
The above and other objects, features and advantages of the present disclosure will become more apparent by describing in greater detail exemplary embodiments thereof with reference to the attached drawings, in which like reference numerals generally represent like parts throughout.
FIGS. 1A-B illustrate examples of tree index data structures.
FIG. 2 shows a block diagram of a database system according to one embodiment of the invention.
FIG. 3 shows a schematic flow diagram of a database processing method according to one embodiment of the invention.
FIG. 4 shows a schematic flow diagram of an index query substep in a database processing method according to one embodiment of the invention.
FIG. 5 shows a schematic flow diagram of a database processing method according to one embodiment of the invention.
Fig. 6 is a schematic structural diagram of a computing device that can be used to implement the database processing method according to an embodiment of the present invention.
Fig. 7 shows an example of index query on sequential indexes derived from ORE ciphertext.
Detailed Description
Preferred embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While the preferred embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited to the embodiments set forth herein. Rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the scope of the disclosure to those skilled in the art.
To quickly find among the mass records of a relational database, an index is used. An index is a data structure in a relational database that pre-orders the values of a column or columns. By using the index, the database system can directly locate the records meeting the conditions without scanning the whole table, thereby greatly accelerating the query speed. The sequential index maintains the order among the data entries, which is a common method to speed up comparisons and range queries. Common index data structures for sequential indexing include tree structures such as binary trees, balanced binary trees, B-trees (i.e., balance-trees), B + trees (B + trees), and so on. The introduction of the index data result can greatly reduce the comparison times required for searching one data item in the data table. FIGS. 1A-B illustrate examples of tree index data structures. For example, in a data table made up of IDs and their respective pointers, a tree-type index data structure may be constructed by the values of the ID column as an index, and fig. 1A shows an example of a binary tree. Binary trees are the simplest indexing data structures. Specifically, the IDs may be arranged sequentially (ID values shown as 19, 28, 31, 33, 35, 40, 45, and 48) and a binary tree may be constructed such that no comparison is made more than 4 times for any one ID (i.e., if the contents of ID 48 are looked up, four comparisons are made to obtain a result equal to). Because the binary tree has the problem of simple structure but deep hierarchy, b-trees and b + trees with better query performance can be introduced. The B + tree is a multi-way balanced search tree, an example of which is shown in FIG. 1B. As shown, each node may store more than one data value, and each node may have more than two children. All keys appear at the leaf nodes and each key (e.g., as an ID of the index entry) may point to the entry contents of the entry to which it belongs.
As can be seen from the examples of fig. 1A and 1B, the sequential index maintains the order among the data entries, i.e., the data gradually increases from left to right of the tree structure, and can determine the index entry by comparing the query condition (e.g., the query ID 40 is desired in fig. 1A) with the data in the node in a stepwise manner, and thereby obtain the content of the entry pointed to by the index entry.
For plaintext data, the performance requirement can be met by directly establishing indexes by using the data because the comparison operation cost is low. However, with the popularization of fully-encrypted databases, it is a common requirement that information of corresponding index items is not revealed when index lookup is performed. Ciphertext data processing based on a Trusted Execution Environment (TEE) meets the privacy protection requirement when a user uses a cloud platform, but performance is reduced due to the expenditure of calling the TEE and decrypting the ciphertext.
This is because, in order to perform encryption query on the encrypted index, a large number of comparison operations in the index all need to call the TEE and perform data decryption, and it is difficult for the TEE limited resources to place the entire index data structure in the TEE to reduce the number of calls and decryption times, which greatly reduces the index performance. For example, when a database usually adopts a B + tree as a data structure of sequential indexes, each node of the B + tree has a large number of index entries to be compared, and multiple comparisons (meaning multiple calls and decryptions of TEE) are usually required to complete one index, which is not favorable for indexing ciphertext data.
Therefore, the invention provides an improved database processing method, by using the ORE ciphertext as an index item, the encryption comparison in the index data structure can be realized without entering TEE and decryption data in the index searching process, and the searched item can be quickly positioned with the performance close to that of a plaintext index. Furthermore, because the scheme only relates to the encryption of the index item, the original index data structures of the database and other systems can be used, and the modification cost of the full-encryption database is greatly reduced.
Herein, order visible Encryption (ORE) refers to a type of Encryption algorithm that allows ciphertext to maintain the same Order as plaintext through a specific comparison method. The ORE allows the use of a special comparison function, is relatively more versatile, and is robust against inference attacks, compared to the Order-preserving encryption (OPE), which is a special case of the ORE and directly reflects the plaintext Order. In one embodiment of the invention, a pseudo-random number may be generated using the AES-CBC encryption algorithm for implementation of the ORE. In other embodiments, other cryptographic algorithms with similar sequential visibility characteristics may be relied upon, and even algorithms developed in the future that implement the ORE characteristics.
According to the scheme, the ciphertext sequential index is accelerated through the ORE, so that the sequential index searching process does not need to call TEE (text enhanced engine) or even decrypt data, and the performance is improved compared with the performance of directly constructing the index by using the original ciphertext; compared with the method that the sequence index is constructed by directly using the original ciphertext, the method does not reveal additional information; and may be implemented without relying on a specific data structure and ORE algorithm.
The first aspect of the present invention may be implemented as a database system. FIG. 2 shows a block diagram of a database system according to one embodiment of the invention. As shown, database system 200 may include a key generation server 210, an index encryption server 220, an index data structure construction server 230, and an index database 240.
The key generation server 210 is used to generate different encryption keys for different indices within the trusted execution environment. The generated index encryption key is then transmitted to the index encryption server 220. The index encryption server 220 is configured to encrypt the index items indexed by each index in the trusted execution environment by using the corresponding encryption key, so as to obtain the ORE ciphertext index items indexed by each index. The ORE ciphertext indexing items of each index may then be transmitted to the index data structure construction server 230. The index data structure construction server 530 is used to generate index data structures for the respective indexes, e.g., b + trees in the form of ORE ciphertexts, using the ORE cipher text indexing items of the respective indexes outside the trusted execution environment. The index database 240 is used to store index data structures of the respective generated indexes.
Further, the database system 200 may further include a query server 250, configured to compare, outside the trusted execution environment, the ORE ciphertext of the query condition for a specific index with the ORE ciphertext index entry in the index data structure of the specific index, and return a search result based on the comparison result, where the ORE ciphertext of the query condition is obtained by ORE-encrypting the query condition using the encryption key of the specific index, within the trusted execution environment or at the client. Specifically, the query server 250 may look up the ORE ciphertext b + tree of a particular index in the index database 240, compare it with the user-entered query condition ORE ciphertext, and then return the query result to the user.
As shown, the database system using the present invention can be located outside the TEE without additional disclosure of user information, except that the key generation server 510 and the index encryption server 220 are located inside the TEE.
The present invention can also be realized as a processing method executed by the above database system. FIG. 3 shows a schematic flow diagram of a database processing method according to one embodiment of the invention.
In step S310, an encryption key for encrypting the current index may be generated. As described above, different encryption keys may be generated for different indexes, so that ORE ciphertexts between different indexes cannot be compared with each other, and leakage of additional information is avoided.
In step S320, the index item of the current index is encrypted by using the encryption key, so as to obtain an ORE ciphertext index item of the current index. Here, the current index may be a column selected for use as an index in the current data table, for example, an ID column of each entry in the current data table. Each ID entry in the ID column may then be encrypted using the current index encryption key, thereby resulting in an ORE ciphertext for each ID.
Since ORE encryption can still reveal the order of the size of the data, the index data structure of the current index can be generated using the ORE ciphertext indexing item at step S330. For example, the ORE ciphertext indexing item may be used directly to construct a sequential index, e.g., an ORE encrypted b + tree using an ORE encrypted ID column.
Here, the key generation operation of step S310 and the ORE ciphertext acquisition operation of step S320 as described above need to be performed within the trusted execution environment on the server side. Thereby, the encryption key and the index plaintext are protected. The subsequent index data structure generation operation at step S330 does not need to be performed within the trusted execution environment since the index entry is encrypted.
Further, generating an index data structure of the current index using the ORE ciphertext includes: and constructing the index data structure of the current index according to the comparison result of the ORE ciphertext index item based on the same construction rule as the plaintext construction. For example, if the database originally used the b + tree when the plaintext constructed the index data structure, the ORE ciphertext could also construct a b + tree that is identical to the plaintext structure (since ORE encryption can preserve order information).
Further, a key-value structure may be used for data storage. Therefore, when the current index comprises an indexing item pointing to a ciphertext data bar code, the ORE ciphertext indexing item is a key, and the actual ciphertext data is a value when the ORE ciphertext indexing item corresponds to the ORE ciphertext indexing item.
For index item addition, the index construction method of the present invention may further include: encrypting the newly added indexing item by using the current indexing encryption key to obtain an ORE ciphertext of the newly added indexing item; and using the ORE ciphertext of the newly added index item as a newly added ORE ciphertext index item to update the index data structure of the current index to obtain an updated index data structure. Both addition and deletion of an indexing item may involve changes in the hierarchy and structure of the indexing data structure (e.g., b + tree), but since the ORE ciphertext retains order, the addition, deletion, and modification of the indexing data structure for the ORE ciphertext indexing item may be the same as in the plaintext.
After the ORE ciphertext index is constructed, a corresponding data query may be executed. FIG. 4 shows a schematic flow diagram of the data query substep of a database processing method according to one embodiment of the invention. The method may be implemented, inter alia, by a database server that encrypts the indexing items as ORE ciphertext indexing items as described above.
In step S410, the encryption key of the current index is acquired. In one embodiment, different indices may be encrypted using different index encryption keys. Therefore, different keys are used by different indexes, ORE ciphertexts among different indexes cannot be compared with each other, and extra information cannot be leaked. Since the index encryption key has already been generated when used to encrypt the indexing item to obtain the ORE ciphertext, the current index encryption key previously used to encrypt the current index may be obtained during the data query phase.
The purpose of obtaining the current index encryption key is to perform encryption based on the same key (and the same encryption algorithm) for the query condition to generate an ORE ciphertext of the query condition for facilitating subsequent comparison. Here, the "query condition" may refer to query information given by a user to query a specific data entry of the current data table, for example, for the index of fig. 1A, the input query condition may be "ID =35" and is intended to acquire the content of the entry pointed to by ID 35. For the index of FIG. 1B, the input query condition may be "ID greater than 30 and less than 70" and thus obtain the contents of the entry pointed to by each of IDs 40, 50, 55, 60, and 69.
Then, in step S420, the query condition is encrypted by using the current index encryption key, and an ORE ciphertext of the query condition is obtained. In order to ensure data security, an encryption key of a current index can be acquired from the TEE of the server, sent to the client through encryption communication, and ORE encryption aiming at the query condition is completed at the client; or the client sends the query condition to the TEE of the server through encrypted communication, and directly obtains the current index encryption key in the TEE of the server and encrypts the sent query condition.
After the ORE ciphertext of the query condition is obtained, the ORE ciphertext of the query condition may be compared with the ORE ciphertext indexing item in the index data structure of the current index based on an ORE comparison algorithm in step S430. Since the ORE ciphertext indexing item is obtained by encrypting using the current indexing encryption key as described above, in the indexing data structure of the current index, although the ORE encrypted ciphertext of the indexing item is encrypted, the same sequence relation as the plaintext indexing item is maintained between the indexing items. This enables the query conditions, which are also encrypted using the current index encryption key, to perform the comparisons needed to locate a particular entry or entries in the index data structure directly in the state of the ORE ciphertext. Subsequently, the search result can be returned based on the comparison result at step S440.
Therefore, the invention can still reveal (reveal) sequence relation after encrypting by using the index encrypted by the ORE, so that the comparison between the ORE ciphertext of the query condition and the ORE ciphertext index item can be carried out under the condition of not entering a trusted execution environment, namely, the encrypted index query can be realized outside the TEE.
When the ORE ciphertext index item as the comparison result points to a corresponding ciphertext entry, returning a lookup result based on the comparison result may include returning the pointed corresponding ciphertext entry data. And when the ORE ciphertext index item as the comparison result points to a plurality of ciphertext entries, returning the search result based on the comparison result may include entering a trusted execution environment for subsequent comparison and returning ciphertext entry data that meets the query condition.
Further, the present invention can also be implemented as a database processing method implemented by a client. The method is used by a client for database query. FIG. 5 shows a schematic flow diagram of a database processing method according to one embodiment of the invention.
At step S510, the encryption key of the current index is obtained from within the trusted execution environment of the server. In step S520, the query condition is encrypted by using the encryption key in the trusted execution environment of the server or in the client, so as to obtain an ORE ciphertext of the query condition. In step S530, a search result returned by the server comparing the ORE ciphertext of the query condition with the ORE ciphertext index entry in the index data structure of the current index based on the ORE comparison algorithm outside the trusted execution environment is obtained.
FIG. 6 illustrates a block diagram of a computing device that may be used to implement the data query and/or index construction method described above, according to one embodiment of the invention.
Referring to fig. 6, computing device 600 includes memory 610 and processor 620.
The processor 620 may be a multi-core processor or may include a plurality of processors. In some embodiments, processor 620 may include a general-purpose host processor and one or more special coprocessors such as a Graphics Processor (GPU), a Digital Signal Processor (DSP), or the like. In some embodiments, processor 620 may be implemented using custom circuits, such as an Application Specific Integrated Circuit (ASIC) or a Field Programmable Gate Array (FPGA).
The memory 610 may include various types of storage units, such as system memory, read Only Memory (ROM), and permanent storage. Wherein the ROM may store static data or instructions that are required by the processor 620 or other modules of the computer. The persistent storage device may be a read-write storage device. The persistent storage may be a non-volatile storage device that does not lose stored instructions and data even after the computer is powered off. In some embodiments, the persistent storage device employs a mass storage device (e.g., magnetic or optical disk, flash memory) as the persistent storage device. In other embodiments, the permanent storage may be a removable storage device (e.g., floppy disk, optical drive). The system memory may be a read-write memory device or a volatile read-write memory device, such as a dynamic random access memory. The system memory may store instructions and data that some or all of the processors require at runtime. Further, the memory 610 may include any combination of computer-readable storage media, including various types of semiconductor memory chips (DRAM, SRAM, SDRAM, flash, programmable read only memory), magnetic and/or optical disks may also be employed. In some embodiments, memory 610 may include a removable storage device that is readable and/or writable, such as a Compact Disc (CD), a read-only digital versatile disc (e.g., DVD-ROM, dual layer DVD-ROM), a read-only Blu-ray disc, an ultra-density optical disc, a flash memory card (e.g., SD card, min SD card, micro-SD card, etc.), a magnetic floppy disc, or the like. Computer-readable storage media do not contain carrier waves or transitory electronic signals transmitted by wireless or wired means.
The memory 610 has stored thereon executable code that, when processed by the processor 620, may cause the processor 620 to perform the data query and/or index construction methods described above.
Therefore, the ORE ciphertext is used as an index item, the TEE and the decrypted data do not need to be entered in the index searching process, the TEE is possibly entered and the ciphertext is decrypted only when the returned ciphertext data is finally determined, and the performance is close to that of plaintext index. Therefore, by using the scheme of the invention, the original index data structures of systems such as a database and the like can be used only by using the specific index item without modifying the index data structure. The present invention is based on the observation that a sequential index data structure is not dependent on a particular sequential index data structure.
Application example
In order to deepen understanding of the principle of the invention, the scheme of the invention is explained in detail from three scenes of index creation, index query and index update as follows. In terms of security, a client may be considered to be a trusted environment under the control of a user; and the server side only considers the TEE as a trusted environment.
I. Creating an index
1. The server generates and records a current index encryption key for the current index in the TEE (here, the server can generate different index encryption keys for the index to be encrypted one by one in the TEE and record the different index encryption keys in a key list);
2. decrypting the obtained original ciphertext (the original ciphertext can be obtained by encrypting the current plaintext index by using an original key, the purpose is to safely transmit the original ciphertext into the TEE, and the original key is different from a subsequent index encryption key), and selecting a proper ORE algorithm to encrypt the generated current index encryption key to obtain a corresponding ORE ciphertext;
3. and taking the ORE ciphertext as an index item according to the comparison result to realize the same index data structure as the plaintext. Note that here the index data structure itself does not need to be encrypted, only the ciphertext indexing item needs to be used;
4. the ciphertext data of the original entry content may remain unchanged. When the index has an index item directly pointing to the ciphertext data entry, the key is the ORE ciphertext and the value is the actual ciphertext data.
Index query
1. The trusted environment executing the encryption obtains a key of the index to be queried: when the client side encrypts the query conditions, a secret key needs to be acquired from a server side TEE; when the server side encrypts the query conditions, a secret key needs to be obtained inside the TEE;
2. in a client or a server TEE, selecting a proper ORE algorithm for encrypting the query conditions by using the acquired secret key to obtain an ORE ciphertext corresponding to the conditions;
3. comparing the conditional ORE ciphertext with the index item by using an ORE comparison algorithm without decrypting and entering a TEE;
4. and returning a search result. When the index finally points to the actual ciphertext entry, directly returning pointed ciphertext data; otherwise, when the index points to a plurality of ciphertext data, the TEE is required to be entered for comparison, and the ciphertext data meeting the condition is returned.
Fig. 7 shows an example of index query on sequential indexes derived from ORE ciphertext. As shown, the clear query conditions 137 (shown as a white-bottom dashed box) may be ORE encrypted within the trusted environment of the client or TEE, resulting in ORE encrypted query conditions (ORE ciphertext shown as a grey-bottom circular box). Encrypted 137 (it can be understood that while still shown as 137 for ease of understanding, the value of the ORE encrypted 137 in the grey-bottom circular box is not equal to 137, and similarly the various index entries in the b + tree are also the various values representing the ORE encryption, not the values themselves) may then be directly compared to the ORE ciphertext index entries in the b + tree, without entering the trusted context, until the corresponding index entry is found.
Additionally, it should be understood that while the illustrated sequential index has index entries that are increasingly numerical entries, in other implementations, the index entries may be other than numerical entries, so long as the entries themselves can be represented numerically in the database system.
Index update
1. Acquiring a key of an index to be updated (for example, a "current index encryption key" of a "current index" in the part I) in the server TEE;
2. decrypting the newly added ciphertext in the TEE of the server side, and selecting a proper ORE algorithm to encrypt by using the obtained secret key to obtain a corresponding ORE ciphertext;
3. and updating the data structure by using the generated ORE ciphertext as an index item. When an index item directly pointing to the ciphertext data entry is newly added, the key is the new ciphertext corresponding to the ORE ciphertext, and the value is the new ciphertext data.
The data query and/or index construction scheme according to the present invention has been described in detail above with reference to the accompanying drawings. The invention provides a method for accelerating ciphertext sequential indexes through ORE, and realizes the following characteristics:
the sequential index searching process does not need to call TEE and decrypt data, and compared with the method of directly using the original ciphertext to construct the index, the performance is improved;
compared with the method of directly constructing the sequential index by using the original ciphertext, the method does not leak additional information;
in the scheme, the index searching process uses an ORE comparison algorithm, a TEE and decryption data are not required to be entered, only when the returned ciphertext data is finally determined, the TEE is possibly entered and the ciphertext is decrypted, and the performance is close to that of a plaintext index;
for a single index, the sequential index data structure itself exposes the sequential information, and ORE does not reveal additional information;
for multiple indexes, the ORE ciphertexts cannot be compared with each other and no additional information is revealed because different indexes use different keys;
choosing the appropriate ORE algorithm for different data types, more data types can be supported with the most recent algorithm.
Furthermore, the method according to the invention may also be implemented as a computer program or computer program product comprising computer program code instructions for carrying out the above-mentioned steps defined in the above-mentioned method of the invention.
Alternatively, the invention may also be embodied as a non-transitory machine-readable storage medium (or computer-readable storage medium, or machine-readable storage medium) having stored thereon executable code (or a computer program, or computer instruction code) which, when executed by a processor of an electronic device (or computing device, server, etc.), causes the processor to perform the steps of the above-described method according to the invention.
Those of skill would further appreciate that the various illustrative logical blocks, modules, circuits, and algorithm steps described in connection with the disclosure herein may be implemented as electronic hardware, computer software, or combinations of both.
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems and methods according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
While embodiments of the present invention have been described above, the above description is illustrative, not exhaustive, and not limited to the disclosed embodiments. Many modifications and variations will be apparent to those of ordinary skill in the art without departing from the scope and spirit of the described embodiments. The terminology used herein is chosen in order to best explain the principles of the embodiments, the practical application, or improvements made to the technology in the marketplace, or to enable others of ordinary skill in the art to understand the embodiments disclosed herein.
Claims (11)
1. A database system, comprising:
a key generation server for generating different encryption keys for different indices within a trusted execution environment;
the index encryption server is used for encrypting the indexing items of the respective indexes by using corresponding encryption keys in the trusted execution environment to obtain order visible encryption (ORE) ciphertext indexing items of the respective indexes;
an index data structure construction server for generating index data structures of the respective indexes by using ORE ciphertext index items of the respective indexes outside the trusted execution environment; and
and the index database is used for storing the generated index data structure of each index.
2. The database system of claim 1, further comprising:
and the query server is used for comparing the ORE ciphertext of the query condition aiming at the specific index with the ORE ciphertext index item in the index data structure of the specific index outside the trusted execution environment and returning a search result based on the comparison result, wherein the ORE ciphertext of the query condition is obtained by ORE encryption on the query condition by using the encryption key of the specific index in the trusted execution environment or at the client.
3. A database processing method, comprising:
generating an encryption key within the trusted execution environment for encrypting the current index;
encrypting the index item of the current index by using the encryption key in the trusted execution environment to obtain an ORE ciphertext index item of the current index;
generating an index data structure for the current index using the ORE ciphertext indexing item outside of the trusted execution environment.
4. The method of claim 3, wherein generating the index data structure of the current index using the ORE ciphertext indexing item comprises:
and constructing the index data structure of the current index according to the comparison result of the ORE ciphertext index item based on the same construction rule as the plaintext construction.
5. The method of claim 3, wherein, when the current index includes an indexing item pointing to a ciphertext data barcode, the ORE ciphertext indexing item is a key and the actual ciphertext data corresponding to the ORE ciphertext indexing item is a value.
6. The method of claim 3, further comprising:
encrypting the newly added indexing item by using the encryption key to obtain an ORE ciphertext of the newly added indexing item;
and updating the index data structure of the current index by using the ORE ciphertext of the newly added index item as the index item of the newly added ORE ciphertext to obtain an updated index data structure.
7. The method of claim 3, further comprising:
acquiring an encryption key of a current index;
encrypting the query condition by using the encryption key to obtain an ORE ciphertext of the query condition;
comparing an ORE ciphertext of the query condition with an ORE ciphertext index item in an index data structure of a current index outside the trusted execution environment based on an ORE comparison algorithm, wherein the ORE ciphertext index item is obtained by encrypting the index item of the current index by using the encryption key; and
and returning a search result based on the comparison result.
8. The method of claim 7, wherein returning the search result based on the comparison comprises at least one of:
when the ORE ciphertext index item serving as the comparison result points to the corresponding ciphertext item, returning the pointed corresponding ciphertext item data; and
and when the ORE ciphertext index item serving as the comparison result points to a plurality of ciphertext items, entering a trusted execution environment for subsequent comparison, and returning ciphertext item data meeting the query condition.
9. A database processing method, comprising:
acquiring an encryption key of a current index from a trusted execution environment of a server;
encrypting the query condition by using the encryption key in a trusted execution environment of the server or in a client to obtain an ORE ciphertext of the query condition;
causing the server to compare an ORE ciphertext of the query condition with an ORE ciphertext indexing item in an index data structure of a current index, based on an ORE comparison algorithm, outside the trusted execution environment, wherein the ORE ciphertext indexing item is obtained by encrypting the indexing item of the current index by using the encryption key; and
and obtaining a search result returned by the server based on the comparison result.
10. A computing device, comprising:
a processor; and
a memory having executable code stored thereon, which when executed by the processor, causes the processor to perform the method of any of claims 3 to 9.
11. A non-transitory machine-readable storage medium having stored thereon executable code, which when executed by a processor of an electronic device, causes the processor to perform the method of any of claims 3 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210516107.6A CN115905210A (en) | 2022-05-12 | 2022-05-12 | Database system and database processing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210516107.6A CN115905210A (en) | 2022-05-12 | 2022-05-12 | Database system and database processing method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115905210A true CN115905210A (en) | 2023-04-04 |
Family
ID=86482872
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210516107.6A Pending CN115905210A (en) | 2022-05-12 | 2022-05-12 | Database system and database processing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115905210A (en) |
-
2022
- 2022-05-12 CN CN202210516107.6A patent/CN115905210A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10985902B2 (en) | Dynamic symmetric searchable encryption | |
| EP3168771B1 (en) | Poly-logarythmic range queries on encrypted data | |
| US11637689B2 (en) | Efficient encrypted data management system and method | |
| CN101587479B (en) | Database management system kernel oriented data encryption/decryption system and method thereof | |
| US9740879B2 (en) | Searchable encryption with secure and efficient updates | |
| WO2018122287A1 (en) | Method and system for search pattern oblivious dynamic symmetric searchable encryption | |
| JP2008517354A (en) | A computer with a method of building an encrypted database index for database table search | |
| Peng et al. | LS-RQ: A lightweight and forward-secure range query on geographically encrypted data | |
| CN113886418B (en) | Data processing method, device, electronic equipment and machine-readable storage medium | |
| Hiemenz et al. | Dynamic searchable symmetric encryption for storing geospatial data in the cloud | |
| CN103414555B (en) | The key management method that array is encrypted based on I/O block | |
| Avni et al. | SSSDB: database with private information search | |
| US11947684B2 (en) | Searching encrypted data | |
| CN106874379B (en) | Ciphertext cloud storage-oriented multi-dimensional interval retrieval method and system | |
| CN115905210A (en) | Database system and database processing method | |
| Pramanick et al. | Searchable encryption with pattern matching for securing data on cloud server | |
| US11669506B2 (en) | Searchable encryption | |
| US11003783B1 (en) | Searchable encrypted data stores | |
| Sridhar et al. | Querying methods of Encrypted Cloud Data | |
| Mohammed et al. | Index seek technique for Querying Encrypted Databases | |
| WO2022002350A1 (en) | Data storage server and client devices for securely storing data | |
| CN115576987A (en) | Encrypted data query method and device, storage medium, processor and terminal equipment | |
| CN116089976A (en) | Relational database management method and device | |
| CN115687535A (en) | Management method and device of relational database | |
| Tu | Lecture 20: Security and privacy for data processing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |