CN116894025A - Database migration method, device, equipment and medium based on lattice cryptographic algorithm - Google Patents

Database migration method, device, equipment and medium based on lattice cryptographic algorithm Download PDF

Info

Publication number
CN116894025A
CN116894025A CN202310889737.2A CN202310889737A CN116894025A CN 116894025 A CN116894025 A CN 116894025A CN 202310889737 A CN202310889737 A CN 202310889737A CN 116894025 A CN116894025 A CN 116894025A
Authority
CN
China
Prior art keywords
data
database
source
public key
cryptographic algorithm
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310889737.2A
Other languages
Chinese (zh)
Inventor
苏健涛
容达锋
卢智彬
汤仲淳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Industrial and Commercial Bank of China Ltd ICBC
Original Assignee
Industrial and Commercial Bank of China Ltd ICBC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Industrial and Commercial Bank of China Ltd ICBC filed Critical Industrial and Commercial Bank of China Ltd ICBC
Priority to CN202310889737.2A priority Critical patent/CN116894025A/en
Publication of CN116894025A publication Critical patent/CN116894025A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • G06F16/214Database migration support
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2282Tablespace storage structures; Management thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2211/00Indexing scheme relating to details of data-processing equipment not covered by groups G06F3/00 - G06F13/00
    • G06F2211/007Encryption, En-/decode, En-/decipher, En-/decypher, Scramble, (De-)compress
    • G06F2211/008Public Key, Asymmetric Key, Asymmetric Encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The disclosure provides a database migration method and device based on a lattice cryptographic algorithm, which are applied to a target database, and can be applied to the technical field of information security. The method comprises the following steps: generating a public key and a private key based on a lattice cryptographic algorithm, wherein the public key comprises two parameters A and b, A is an m multiplied by n random matrix, and b is an m-dimensional vector calculated based on A and a private key s; sending the public key to a source database; receiving a temporary table sent by a source database, wherein the temporary table stores encrypted data, each encrypted data comprises paired data u and v, and the paired data u and v are obtained by encrypting plaintext data x to be migrated in the source database by using a public key based on a lattice cryptographic algorithm; and decrypting the plaintext data x from each encrypted data using the private key s. The disclosure also provides a database migration method and device based on the lattice cryptographic algorithm, which are applied to the source database, and an electronic device, a storage medium and a program product.

Description

Database migration method, device, equipment and medium based on lattice cryptographic algorithm
Technical Field
The present disclosure relates to the field of information security technologies, and in particular, to a method, an apparatus, a device, a medium, and a program product for database migration based on a lattice cryptographic algorithm.
Background
Database data migration refers to the process of transferring data in a database from one storage system or computing environment to another. The security guarantee in the migration process is extremely important, and if the migration process is attacked by a network and migration data is intercepted, security risks such as data leakage and the like can be possibly caused. For example, when the backup restoring method is used for database migration, the backup file needs to be brought into the target database through a network or a physical medium, potential safety hazards may exist in the network transmission process, if the backup file is transmitted through the physical medium, the transmission cost is high, and the possibility of loss still exists. If the data is attacked during migration, problems such as migration failure and data leakage are possibly caused, and a large potential safety hazard exists.
Disclosure of Invention
In view of the foregoing, the present disclosure provides a method, apparatus, device, medium, and program product for database migration based on a lattice-password algorithm, which can improve security and reliability in data transmission during database migration.
According to a first aspect of the present disclosure, a database migration method based on a lattice cryptographic algorithm is provided, which can be applied to a target database. Wherein the method comprises the following steps: generating a public key and a private key based on a lattice cryptographic algorithm, wherein the public key comprises two parameters A and b, A is an m multiplied by n random matrix, b=As+e, e is an m-dimensional error vector, s is a private key corresponding to the public key, and s is an n-dimensional random vector; sending the public key to a source database; receiving a temporary table sent by the source database, wherein the temporary table stores encrypted data, each encrypted data comprises paired data u and v, and the paired data u and v are obtained by encrypting plaintext data x to be migrated in the source database by utilizing the public key based on the lattice cryptographic algorithm; and decrypting the plaintext data x from each encrypted data using the private key s.
According to an embodiment of the disclosure, decrypting the plaintext data x from each piece of encrypted data using the private key s includes: during decryption, w=v-us is calculated, and then plaintext data x=w mod q is calculated, wherein q is a modulus selected when the target database generates the public key and the private key based on the lattice cryptographic algorithm.
According to an embodiment of the present disclosure, the generating the public key and the private key based on the lattice cryptographic algorithm includes:
obtaining basic parameters, wherein the basic parameters comprise a modulus q, a dimension n, error distribution χ and a random matrix A; and calculating the public key and the private key based on the basic parameter and the lattice cryptographic algorithm, wherein e in b=as+e is a vector extracted from the error distribution χ.
According to an embodiment of the present disclosure, the method further comprises: receiving a table name relation corresponding table, wherein the table name relation corresponding table stores the table name of a temporary table sent by the source end database outwards and the naming rule corresponding relation of the table name of the source table stored in the source end database; obtaining the table name of the temporary table; creating a target table consistent with the table name of the source table according to the naming rule corresponding relation in the table name relation corresponding table; and outputting the decrypted plaintext data to the target table.
According to an embodiment of the present disclosure, the temporary table further stores table structure conversion information, where the table structure conversion information includes a data structure conversion relationship when outputting data in each field of the source table to the same field of the target table, and outputting decrypted plaintext data to the target table further includes: and converting the data structure of the plaintext data according to the field where the decrypted plaintext data is located and the data structure conversion relation, and outputting the conversion result to the target table.
In a second aspect of the embodiments of the present disclosure, a database migration method based on a lattice cryptographic algorithm is provided, which may be applied to a source database. The method comprises the following steps: receiving a public key issued by a target end database, wherein the public key is generated based on a lattice cryptographic algorithm and comprises two parameters A and b, wherein A is an m multiplied by n random matrix, and b is an m-dimensional vector; creating a temporary table corresponding to the source table; encrypting plaintext data x to be migrated in the source table by using the public key based on the lattice cryptographic algorithm to obtain encrypted data corresponding to the plaintext data x, wherein the encrypted data comprises paired data u and v, wherein u=ar, v=br+x, and r is a random vector selected by the source database; outputting the encrypted data to the temporary table; encrypting all plaintext data to be migrated in the source table and outputting the encrypted plaintext data to the temporary table, and then sending the temporary table to the target database; the target end database stores a private key s corresponding to the public key, wherein b=as+e, e is an m-dimensional error vector, and s is an n-dimensional random vector; the target end database can decrypt the encrypted data by utilizing the private key s based on the lattice cryptographic algorithm to obtain the plaintext data.
According to an embodiment of the present disclosure, the creating the temporary table corresponding to the source table includes: acquiring the capacity of a storage space for storing the temporary table in the source database; and creating the temporary table when the capacity of the storage space for storing the temporary table meets the requirement.
According to an embodiment of the present disclosure, the method further comprises: creating a table name relation corresponding table, wherein the table name relation corresponding table stores the table name of the temporary table and the naming rule corresponding relation of the table name of the source table; and sending the table name relation corresponding table to the target end database.
According to an embodiment of the disclosure, before the sending the temporary table to the target database, the method further includes: when the types of the source end database and the target end database are different, generating table structure conversion information, wherein the table structure conversion information comprises a data structure conversion relation when data in each field in the source table is output to the same field in the target table; and storing the table structure conversion information to the temporary table.
In a third aspect of the embodiments of the present disclosure, a database migration device based on a lattice cryptographic algorithm is provided, and the database migration device is disposed in a target database. The device comprises a key calculation module, a key release module, a data receiving initialization module and a data decryption module. And the secret key calculation module is used for generating a public key and a private key based on a lattice cryptographic algorithm, wherein the public key comprises two parameters A and b, A is an m multiplied by n random matrix, b=As+e, e is an m-dimensional error vector, s is a private key corresponding to the public key, and s is an n-dimensional random vector. The secret key issuing module is used for sending the public key generated based on the lattice cryptographic algorithm to the source end database. The data receiving initialization module is used for receiving a temporary table sent by the source database, wherein the temporary table stores encrypted data, each encrypted data comprises paired data u and v, and the paired data u and v are obtained by encrypting plaintext data x to be migrated in the source database by utilizing the public key based on the lattice cryptographic algorithm. The data decryption module is used for decrypting the plaintext data x from each encrypted data by using the private key s.
In a fourth aspect of the embodiments of the present disclosure, a database migration method based on a lattice cryptographic algorithm is provided, and the method is set in a source database. The device comprises a temporary table establishment module, an encryption result generation module, a ciphertext storage module and a ciphertext sending module. The temporary table establishing module is used for establishing a temporary table corresponding to the source table. The encryption result generation module is used for: receiving a public key issued by a target end database, wherein the public key is generated based on a lattice cryptographic algorithm and comprises two parameters A and b, wherein A is an m multiplied by n random matrix, and b is an m-dimensional random vector; and encrypting the plaintext data x to be migrated in the source table by using the public key based on the lattice cryptographic algorithm to obtain encrypted data corresponding to the plaintext data x, wherein the encrypted data comprises paired data u and v, wherein u=ar, v=br+x, and r is a random vector selected by the source database. The ciphertext storage module is used for outputting the encrypted data to the temporary table. The ciphertext sending module is used for sending the temporary table to the target end database after encrypting and outputting all plaintext data to be migrated in the source table to the temporary table; the target end database stores a private key s corresponding to the public key, wherein b=as+e, e is an m-dimensional error vector, and s is an n-dimensional random vector; the target end database can decrypt the encrypted data by utilizing the private key s based on the lattice cryptographic algorithm to obtain the plaintext data.
In a fifth aspect of embodiments of the present disclosure, an electronic device is provided. The electronic product comprises: one or more processors; and a memory for storing one or more programs, wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method described above.
In a sixth aspect of the disclosed embodiments, there is also provided a computer readable storage medium having stored thereon executable instructions that, when executed by a processor, cause the processor to perform the above-described method.
A seventh aspect of the disclosed embodiments also provides a computer program product comprising a computer program which, when executed by a processor, implements the above method.
One or more of the above embodiments have the following advantages or benefits: according to the embodiment of the disclosure, the data can be encrypted by applying the lattice cryptographic algorithm in the data migration process, even if the data is intercepted in the network transmission process, due to the difficulty of LWE (LWE) problem, an attacker knows that the public key (A, b) is difficult to recover the plaintext data x from the encrypted data (u, v). Meanwhile, due to the homomorphism of the LWE problem, even if the addition or scalar multiplication operation is carried out on the encrypted data (u, v) in the data transmission process, the decryption result is not influenced, and the data security, the data anti-theft and anti-theft capabilities in the database migration process can be effectively improved.
Drawings
The foregoing and other objects, features and advantages of the disclosure will be more apparent from the following description of embodiments of the disclosure with reference to the accompanying drawings, in which:
FIG. 1 schematically illustrates a system architecture of a method, apparatus, device, medium and program product for database migration based on a lattice cryptographic algorithm in accordance with an embodiment of the present disclosure;
FIG. 2 schematically illustrates a flowchart of a method for database migration based on a lattice-password algorithm applied to a source database in an embodiment of the present disclosure;
FIG. 3 schematically illustrates a flowchart of a database migration method based on a lattice-password algorithm applied to a target-side database in an embodiment of the present disclosure;
FIG. 4 schematically illustrates a flow chart of a process of a key generation module generating a key in a target database according to an embodiment of the disclosure;
FIG. 5 schematically illustrates a process flow diagram of a data encryption module encrypting data to be migrated in a source database in an embodiment of the present disclosure;
FIG. 6 schematically illustrates a flowchart of a process of performing decryption conversion on received encrypted data in a target database by a decryption conversion module according to an embodiment of the disclosure;
FIG. 7 schematically illustrates a flowchart of a method of database migration based on a lattice cryptographic algorithm in accordance with another embodiment of the present disclosure;
FIG. 8 schematically illustrates a block diagram of a database migration apparatus based on a lattice-password algorithm disposed in a source database according to an embodiment of the present disclosure;
FIG. 9 is a block diagram schematically illustrating a database migration apparatus according to another embodiment of the present disclosure, which is based on a lattice-password algorithm and is provided in a target database; and
fig. 10 schematically illustrates a block diagram of an electronic device adapted to implement a method for database migration based on a lattice cryptographic algorithm according to an embodiment of the present disclosure.
Detailed Description
Hereinafter, embodiments of the present disclosure will be described with reference to the accompanying drawings. It should be understood that the description is only exemplary and is not intended to limit the scope of the present disclosure. In the following detailed description, for purposes of explanation, numerous specific details are set forth in order to provide a thorough understanding of the embodiments of the present disclosure. It may be evident, however, that one or more embodiments may be practiced without these specific details. In addition, in the following description, descriptions of well-known structures and techniques are omitted so as not to unnecessarily obscure the concepts of the present disclosure.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the disclosure. The terms "comprises," "comprising," and/or the like, as used herein, specify the presence of stated features, steps, operations, and/or components, but do not preclude the presence or addition of one or more other features, steps, operations, or components.
All terms (including technical and scientific terms) used herein have the same meaning as commonly understood by one of ordinary skill in the art unless otherwise defined. It should be noted that the terms used herein should be construed to have meanings consistent with the context of the present specification and should not be construed in an idealized or overly formal manner.
The term "Lattice cipher algorithm" refers to a Lattice-based cipher algorithm, english is called Lattice-based cryptography, and refers to an asymmetric encryption algorithm constructed based on Lattice problems, which can encrypt and decrypt data and has homomorphism, i.e. can perform arithmetic operation to a certain extent on a ciphertext domain without affecting the accuracy of an operation result on a plaintext domain.
Fig. 1 schematically illustrates a system architecture of a method, apparatus, device, medium and program product for database migration based on a lattice cryptographic algorithm according to an embodiment of the present disclosure.
As shown in fig. 1, the system architecture 100 may include a source database 001, a target database 002, and a data migration system 003.
The data migration system 003 may include a key generation module 1, a data encryption module 2, and a decryption conversion module 3. The key generating module 1 and the decryption and conversion module 3 are disposed in the target database 002, and the data encrypting module 2 is disposed in the source database 001.
The key generation module 1 may generate a public key and a private key according to a lattice cryptographic algorithm, provide the public key and the private key to the target database 002, keep the private key by an administrator in the target database 002, and issue the public key to the outside, for example, send the public key to the source database 001.
The public key generation module 1 generates a public key including two parameters a and b, wherein a is an m×n random matrix, b is an m-dimensional vector, b=as+e, e is an m-dimensional error vector, s is an n-dimensional random vector, and s is a private key corresponding to the public key (a, b).
After receiving the public key (a, b), the data encryption module 2 encrypts the data to be migrated in the source database 001, encrypts the data by using the public key in the source database 001, and stores the encrypted data in a temporary table. The encrypted data has homomorphism, namely, arithmetic operation can be performed to a certain extent on the ciphertext domain, and the correctness of an operation result on the ciphertext domain is not affected.
The decryption conversion module 3 decrypts and converts the received data in the target database 002. Specifically, the target database 002 decrypts the received encrypted data using the private key s, adapts and converts the data format according to the structure and format of the target database 002, and stores the decrypted and converted data in the target database 002.
In this way, the embodiment of the disclosure can encrypt data by applying the lattice cryptographic algorithm in the data migration process, and can improve the security in the data transmission process. And the efficiency of encrypting database data by using the lattice cipher algorithm is higher, the lattice cipher algorithm can utilize efficient mathematical tools such as fast Fourier transform and the like to operate, so that the encryption and decryption speeds are improved, and the database migration security is ensured, and meanwhile, the efficiency is high.
It will be appreciated that fig. 1 illustrates only an example of a system architecture in which embodiments of the present disclosure may be employed to assist those skilled in the art in understanding the teachings of the present disclosure, but is not meant to imply that embodiments of the present disclosure may not be employed in other devices, systems, environments, or scenarios.
It should be noted that the database migration method and device based on the lattice cryptographic algorithm determined in the embodiments of the present disclosure may be used in the financial field, and may also be used in any field other than the financial field, where the application field is not limited by the present disclosure.
Fig. 2 schematically illustrates a flowchart of a database migration method based on a lattice-password algorithm applied to a source database 001 in an embodiment of the present disclosure.
As shown in fig. 2, according to an embodiment of the present disclosure, a database migration method applied to a source database 001 may include operations S201 to S205. In the system architecture 100, the method may be performed by the data encryption module 2.
Firstly, in operation S201, a public key issued by a target database is received, wherein the public key is generated based on a lattice cryptographic algorithm and includes two parameters a and b, a is an m×n random matrix, and b is an m-dimensional random vector.
Then, in operation S202, a temporary table corresponding to the source table is created. The source table is a data table which needs to be migrated in the source database 001. In one embodiment, before the temporary table is created, the capacity of the storage space for storing the temporary table in the source database 001 is acquired, and when the capacity of the storage space for storing the temporary table meets the requirement, the temporary table is created again.
Next, in operation S203, the plaintext data x to be migrated in the source table is encrypted by using the public key based on the lattice cryptographic algorithm to obtain encrypted data corresponding to the plaintext data x, where the encrypted data includes paired data u and v, where u=ar, v=br+x, and r is a random vector selected by the source database.
Then, in operation S204, the encrypted data is output to the temporary table. In one embodiment, when the source database 001 and the destination database 002 are of different types, table structure conversion information including a data structure conversion relationship when outputting data in each field in the source table to the same field in the destination table may also be generated and stored to the temporary table.
Thereafter, in operation S205, after encrypting and outputting all plaintext data to be migrated in the source table to the temporary table, the temporary table is transmitted to the target database 002. Wherein, the target database 002 stores a private key s corresponding to the public key, where b=as+e, e is an m-dimensional error vector, and s is an n-dimensional random vector; the target end database can decrypt the encrypted data by using the private key s based on the lattice cryptographic algorithm to obtain plaintext data. In an embodiment, after the plaintext data is decrypted, the structure or format of the plaintext data may be converted correspondingly according to the data structure conversion relationship stored in the temporary table and then output.
In some embodiments, after the source database 001 creates the temporary table, the temporary table may be named according to a certain naming rule, and the temporary table and the name of the corresponding source table are corresponding through the naming rule correspondence, and the naming rule correspondence may be recorded in the table name correspondence table. Thus, when the temporary table is transmitted to the target-side database 002 in operation S205, the table name relationship correspondence table may also be transmitted to the target-side database 002, so that the target-side database 002 conveniently sets the name of the target table for outputting the plain data to a name consistent with the source table.
Fig. 3 schematically illustrates a flowchart of a database migration method based on a lattice-password algorithm applied to the target-side database 002 in an embodiment of the present disclosure.
As shown in fig. 3, according to this embodiment, the database migration method applied to the target database 002 may include operations S301 to S304. In the system architecture 100, the method may be performed by a key generation module 1 and a decryption conversion module 3.
First, in operation S301, a public key and a private key are generated based on a lattice cryptographic algorithm, where the public key includes two parameters a and b, a is an m×n random matrix, b=as+e, e is an m-dimensional error vector, S is a private key corresponding to the public key, and S is an n-dimensional random vector.
Next, in operation S302, the public key (a, b) is transmitted to the source database.
The above-described operations S301 and S302 may be performed by the key generation module 1. Operations S303 and S304 described below may be performed by the decryption conversion module 3.
Specifically, in operation S303, a temporary table sent by the source database 001 is received, where encrypted data is stored in the temporary table, and each encrypted data includes paired data u and v, where paired data u and v are obtained by encrypting plaintext data x to be migrated in the source database by using a public key based on a lattice cryptographic algorithm.
Next, in operation S304, the plaintext data x is decrypted from each piece of encrypted data using the private key S. During decryption, w=v-us can be calculated first, and then x=w mod q is calculated to obtain plaintext data, wherein q is a modulus selected when the target-side database generates a public key and a private key based on a lattice cryptographic algorithm.
In one embodiment, when the table structure conversion information is stored in the temporary table, after obtaining the plaintext data, the data structure conversion relationship may be queried from the table structure conversion relationship according to the field in which the plaintext data is located, the data structure of the plaintext data may be converted, and the conversion result may be output to the target table.
In one embodiment, if a table name relationship corresponding table is received in addition to the temporary table, where the table name relationship corresponding table stores a corresponding relationship between a table name of the temporary table sent by the source database to the outside and a naming rule of a table name of the source table stored in the source database. The name of the target table for outputting the plaintext data can be set according to the naming rule correspondence, so that the target table can be consistent with the source table naming in the source database 001, and whether the migration of the application end to the database is insensitive is realized.
Fig. 4 schematically illustrates a flowchart of a process of generating a key in the target database 002 by the key generating module 1 according to an embodiment of the present disclosure.
As shown in fig. 4, the key generation module 1 according to this embodiment may include a parameter generation module 11, a key calculation module 12, and a key distribution module 13.
First, before database data migration, the following parameters are generated by the parameter generation module 11: a modulus q, a dimension n, an error distribution χ, a random matrix A ε Z (m n), where Z represents an integer. These parameters are then passed to the key calculation module 12 to calculate the public and private keys.
The key calculation module 12 then calculates the public key and the private key. The public key and the private key are asymmetric encryption algorithms constructed by a base Yu Ge cryptographic problem (such as a learning belt error problem Learning With Errors, abbreviated as LWE). Specifically, the key calculation module 12 receives the modulus q, the dimension n, the error distribution χ, and the random matrix a generated by the parameter generation module 11, and then the key calculation module 12 selects a random vector s∈zn, and calculates b=as+e, where e∈χ m is an error vector, and b∈zm is calculated accordingly. After obtaining a, b, s, the key calculation module 12 passes the three parameters to the key distribution module 13.
After the public key and the private key are generated, the key issuing module 13 notifies an administrator who passes authentication to issue (a, b) as the public key and to store s as the private key.
Fig. 5 schematically illustrates a process flow diagram of the data encryption module 2 encrypting data to be migrated in the source database 001 according to an embodiment of the present disclosure.
As shown in fig. 5, the data encryption module 2 may include a storage space calculation module 21, a temporary table creation module 22, an encryption result generation module 23, a table structure storage module 24, a table structure conversion module 25, a ciphertext storage module 26, and a ciphertext transmission module 27. The data processing procedure of each module and the calling relation are described in detail as follows.
The storage space calculation module 21: the module is responsible for calculating whether the storage space for storing the temporary table meets the requirement, and the temporary table is established after the storage space meets the requirement, otherwise, error information is returned. The judgment of whether the temporary table is in conformity with the requirements may be, for example, to estimate the size of the temporary table based on the size of the source table, and then to judge whether the storage space is larger than a plurality of times (for example, 1.2 times) the estimated size of the temporary table, so as to provide a certain margin for the creation space of the temporary table.
Temporary table creation module 22: a temporary table corresponding to the source table of the data to be migrated in the source database 001 is created. Each temporary table corresponds to the table name of the source table according to a certain naming rule, and a table name relation corresponding table is established to store the corresponding relations, so that the related inquiry is conveniently carried out when the target end database 002 at the later stage restores the encrypted data.
Encryption result generation module 23: specifically, the source database 001 regards each data x to be migrated as a plaintext and encrypts it using the public key (a, b). The encryption process is as follows: first, the source database 001 selects a random vector r∈χ ζ and calculates the encrypted data: u=ar and v=br+x. And passes the paired data u, v, and the corresponding x to the ciphertext storage module 26.
Table structure storage module 24: for different tables, a corresponding table structure needs to be stored, and the table structure conversion module 25 will be called to transfer the table to be converted and the type of the target database 002. Upon receiving the table structure conversion information transmitted from the table structure conversion module 25, the ciphertext storage module 26 is called to store the temporary table.
Table structure conversion module 25: for migration among different databases, the table structure needs to be converted into a corresponding table structure, precision and other information among different types need to be controlled, and proper table structure conversion information is output. The table structure conversion information may specifically include a data structure conversion relationship such as a unit of measure of data, a reserved decimal number, and the like when outputting the data in each field in the source table to the same field in the corresponding table of the target-side database 002.
Ciphertext storage module 26: the result (u, v) obtained by the encryption result generation module 23 and the corresponding x are received, and then (u, v) is used as encryption data and stored in a temporary table.
Ciphertext transmitting module 27: after receiving the connection confirmation with the target database 002, the module is used to send the encrypted data in the temporary table, the original table name corresponding thereto and the table structure conversion information to the target database 002. Since there are a plurality of temporary tables, the temporary tables can be sent to the target-side database 002 in the order of the tables. When one temporary table is sent, a signal is sent to inform the target end database 002 that the information of the current temporary table is sent.
Because of the difficulty of LWE problems, when transmitting a temporary table from a source database 001 to a target database, even if the temporary table or data in the temporary table is intercepted, it is difficult for an attacker to recover plaintext data x from encrypted data (u, v) knowing the public key (a, b). Meanwhile, due to the homomorphism of the LWE problem, even if the addition or scalar multiplication operation is performed on the encrypted data (u, v), the decryption result is not affected.
In this way, the embodiment of the disclosure can effectively improve the security of data in the process of database migration, and even if the data is intercepted in the process of network transmission, the original real data cannot be obtained.
Fig. 6 schematically illustrates a flowchart of a process of performing decryption conversion on received encrypted data in the target database 002 by the decryption conversion module 3 in an embodiment of the present disclosure.
As shown in fig. 6, the decryption conversion module 3 may include a connection establishment module 31, a data reception initialization module 32, a data decryption module 33, and a format conversion module 34, and the processing procedure and the inter-call relationship of each module are described in detail below.
The connection establishment module 31: a secure network connection may be established between the source database 001 and the destination database 002 and the encrypted data in the temporary table may be transferred to the destination database 002 via the connection. Since the data is already encrypted, even if intercepted or tampered with during transmission, the confidentiality and integrity of the data will not be compromised or destroyed.
Specifically, an SSL/TLS protocol may be used between the source database 001 and the destination database 002 to establish a secure channel and transfer data through the channel. The SSL/TLS protocol can guarantee data integrity, confidentiality and identity authentication during transmission.
Data reception initialization module 32: the temporary table and table name relationship correspondence table transmitted from the source database 001 may be received. Wherein the encrypted data and the table structure conversion information may be written in the temporary table. The table name relationship correspondence table stores the correspondence relationship between the table name of the temporary table sent from the source database 001 to the outside and the naming rule of the table name of the source table stored in the source database 001. The data reception initialization module 32 may call the data decryption module 33 to decrypt the encrypted data.
Specifically, the data reception initializing module 32 may first establish a table corresponding to the received temporary table (i.e., a target table) in the target-side database 002, and name the target table with the table name of the source table corresponding to the temporary table, and then transfer the encrypted data to the data decrypting module 33, and store the decrypted plain text data in the target table.
The data decryption module 33: the target database 002 decrypts each received ciphertext (u, v) using the private key s. The decryption process is as follows: first, the target database 001 calculates w=v-us. Then, the target database calculates w mod q and regards the result as plaintext data x, where x ε Z. The decrypted plaintext data is then passed to format conversion module 34.
Format conversion module 34: the target database 002 adapts and converts the data structure of x according to the corresponding table structure conversion information, and stores the conversion result in the target database. For example, if MySQL is used for the target database, the target database may convert x into a corresponding data type, such as an integer, floating point number, string, etc., and insert it into the target table.
Fig. 7 schematically illustrates a flowchart of a database migration method based on a lattice cryptographic algorithm according to another embodiment of the present disclosure.
As shown in fig. 7, in conjunction with fig. 1, the method may include the following steps S1-S8.
S1, an administrator selects a database to be migrated, and after a target end database is determined, the encryption system is started and relevant encryption parameters are transmitted into the target end database.
S2, in the target end database, the secret key generation module generates a public key and a private key according to related parameters transmitted by an administrator, and starts an abnormality monitoring program to record an abnormality generated in the current migration process and record an abnormality log.
S3, the data encryption module in the source database 001 performs storage space inspection, and after the storage space inspection, a temporary table is created according to the source table to be migrated.
S4, selecting the data needing to be encrypted in the source table from the source database 001 to encrypt, and storing the encrypted data into the temporary table.
S5, establishing network connection communication between the source end database 001 and the target end database 002.
S6, the network communication is established successfully, and when the temporary table data is inserted, the source end database 001 sends encrypted data to the target end database 002. The data decryption module 3 of the target database 002 decrypts the encrypted data.
S7, the target end database 002 carries out structure and format conversion on the decrypted plaintext data according to the table structure conversion information and inserts the plaintext data into the target table.
S8, after all the encrypted data in the temporary tables are decrypted and inserted, checking an exception report to see whether an exception exists in the migration process.
In the data migration process, the embodiment of the disclosure applies the lattice cryptographic algorithm to encrypt and decrypt the data, so that the security in the data transmission process can be improved. Moreover, no known effective attack method exists for the lattice cryptographic algorithm at present, so that the lattice cryptographic algorithm is applied to encrypt data and then transmit the encrypted data, the risk of information leakage in the data migration process can be greatly reduced, and the attack of a quantum computer can be even resisted.
The efficiency of encrypting database data by using the lattice cipher algorithm is higher, the lattice cipher algorithm can utilize efficient mathematical tools such as fast Fourier transform and the like to operate, the encryption and decryption speeds are improved, and the database migration security is ensured, and meanwhile, the efficiency is high.
Fig. 8 schematically illustrates a block diagram of a database migration apparatus 800 based on a lattice-password algorithm disposed in a source database according to an embodiment of the present disclosure.
As shown in fig. 8, the apparatus 800 may include a temporary table creation module 22, an encryption result generation module 23, a ciphertext storage module 26, and a ciphertext transmission module 27. The apparatus 800 may be disposed in a source database 001.
The temporary table creation module 22 is configured to create a temporary table corresponding to the source table.
The encryption result generation module 23 is configured to: receiving a public key issued by a target end database, wherein the public key is generated based on a lattice cryptographic algorithm and comprises two parameters A and b, wherein A is an m multiplied by n random matrix, and b is an m-dimensional random vector; and encrypting the plaintext data x to be migrated in the source table by using a public key based on a lattice cryptographic algorithm to obtain encrypted data corresponding to the plaintext data x, wherein the encrypted data comprises paired data u and v, wherein u=ar, v=br+x, and r is a random vector selected by a source database.
The ciphertext storage module 26 may be configured to output the encrypted data to a temporary table.
The ciphertext sending module 27 is configured to send the temporary table to the target database after encrypting and outputting all plaintext data to be migrated in the source table to the temporary table; the target end database stores a private key s corresponding to the public key, wherein b=As+e, e is an m-dimensional error vector, and s is an n-dimensional random vector; the target end database can decrypt the encrypted data by using the private key s based on the lattice cryptographic algorithm to obtain plaintext data.
The apparatus 800 may perform the data migration method described with reference to fig. 2, and may be specifically described with reference to the foregoing description, which is not repeated herein.
Fig. 9 schematically illustrates a block diagram of a database migration apparatus 900 based on a lattice-password algorithm disposed in a target database according to another embodiment of the present disclosure.
As shown in fig. 9, the apparatus 900 may include a key calculation module 12, a key distribution module 13, a data reception initialization module 32, and a data decryption module 33. The apparatus 900 may be provided in the target database 002.
The key calculation module 12 is configured to generate a public key and a private key based on a lattice cryptographic algorithm, where the public key includes two parameters a and b, a is an m×n random matrix, b=as+e, e is an m-dimensional error vector, s is a private key corresponding to the public key, and s is an n-dimensional random vector.
The key issuing module 13 is configured to send the public key generated based on the lattice cryptographic algorithm to the source database.
The data receiving initialization module 32 is configured to receive a temporary table sent by the source database, where the temporary table stores encrypted data, and each encrypted data includes paired data u and v, where the paired data u and v are obtained by encrypting plaintext data x to be migrated in the source database by using a public key based on a lattice cryptographic algorithm.
The data decryption module 33 is configured to decrypt the plaintext data x from each piece of encrypted data using the private key s.
The apparatus 900 may perform the data migration method described with reference to fig. 3, and may be specifically described with reference to the foregoing description, which is not repeated herein.
According to the embodiment of the present disclosure, any of the key generation module 1, the parameter generation module 11, the key calculation module 12, the key distribution module 13, the data encryption module 2, the storage space calculation module 21, the temporary table creation module 22, the encryption result generation module 23, the table structure storage module 24, the table structure conversion module 25, the ciphertext storage module 26, the ciphertext transmission module 27, the decryption conversion module 3, the connection creation module 31, the data reception initialization module 32, the data decryption module 33, and the format conversion module 34 may be incorporated in one module to be implemented without collision, or any of the modules may be split into a plurality of modules. Alternatively, in the absence of a conflict, at least some of the functions of one or more of these modules may be combined with at least some of the functions of the other modules and implemented in one module. According to embodiments of the present disclosure, at least one of the key generation module 1, the parameter generation module 11, the key calculation module 12, the key distribution module 13, the data encryption module 2, the storage space calculation module 21, the temporary table creation module 22, the encryption result generation module 23, the table structure storage module 24, the table structure conversion module 25, the ciphertext storage module 26, the ciphertext transmission module 27, the decryption conversion module 3, the connection creation module 31, the data reception initialization module 32, the data decryption module 33, and the format conversion module 34 may be implemented at least in part as hardware circuitry, such as a Field Programmable Gate Array (FPGA), a Programmable Logic Array (PLA), a system on a chip, a system on a package, an Application Specific Integrated Circuit (ASIC), or any other reasonable way of integrating or packaging the circuitry, or any other hardware or firmware, or any suitable combination of three implementations of software, hardware, and firmware. Alternatively, at least one of the key generation module 1, the parameter generation module 11, the key calculation module 12, the key distribution module 13, the data encryption module 2, the storage space calculation module 21, the temporary table creation module 22, the encryption result generation module 23, the table structure storage module 24, the table structure conversion module 25, the ciphertext storage module 26, the ciphertext transmission module 27, the decryption conversion module 3, the connection creation module 31, the data reception initialization module 32, the data decryption module 33, and the format conversion module 34 may be at least partially implemented as a computer program module that, when executed, performs the corresponding functions.
Fig. 10 schematically illustrates a block diagram of an electronic device adapted to implement a method for database migration based on a lattice cryptographic algorithm according to an embodiment of the present disclosure.
As shown in fig. 10, an electronic device 1000 according to an embodiment of the present disclosure includes a processor 1001 that can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 1002 or a program loaded from a storage section 1008 into a Random Access Memory (RAM) 1003. The processor 1001 may include, for example, a general purpose microprocessor (e.g., a CPU), an instruction set processor and/or an associated chipset and/or a special purpose microprocessor (e.g., an Application Specific Integrated Circuit (ASIC)), or the like. The processor 1001 may also include on-board memory for caching purposes. The processor 1001 may include a single processing unit or multiple processing units for performing different actions of the method flows according to embodiments of the present disclosure.
In the RAM 1003, various programs and data necessary for the operation of the electronic apparatus 1000 are stored. The processor 1001, ROM 1002, and RAM 1003 are connected to each other through a bus 1004. The processor 1001 performs various operations of the method flow according to the embodiment of the present disclosure by executing programs in the ROM 1002 and/or the RAM 1003. Note that the program may be stored in one or more memories other than the ROM 1002 and the RAM 1003. The processor 1001 may also perform various operations of the method flow according to the embodiments of the present disclosure by executing programs stored in the one or more memories.
According to an embodiment of the disclosure, the electronic device 1000 may also include an input/output (I/O) interface 1005, the input/output (I/O) interface 1005 also being connected to the bus 1004. The electronic device 1000 may also include one or more of the following components connected to the I/O interface 1005: an input section 1006 including a keyboard, a mouse, and the like; an output portion 1007 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), etc., and a speaker, etc.; a storage portion 1008 including a hard disk or the like; and a communication section 1009 including a network interface card such as a LAN card, a modem, or the like. The communication section 1009 performs communication processing via a network such as the internet. The drive 1010 is also connected to the I/O interface 1005 as needed. A removable medium 1011, such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like, is installed as needed in the drive 1010, so that a computer program read out therefrom is installed as needed in the storage section 1008.
The present disclosure also provides a computer-readable storage medium that may be embodied in the apparatus/device/system described in the above embodiments; or may exist alone without being assembled into the apparatus/device/system. The computer-readable storage medium carries one or more programs which, when executed, implement methods in accordance with embodiments of the present disclosure.
According to embodiments of the present disclosure, the computer-readable storage medium may be a non-volatile computer-readable storage medium, which may include, for example, but is not limited to: a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this disclosure, a computer-readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. For example, according to embodiments of the present disclosure, the computer-readable storage medium may include ROM 1002 and/or RAM 1003 and/or one or more memories other than ROM 1002 and RAM 1003 described above.
Embodiments of the present disclosure also include a computer program product comprising a computer program containing program code for performing the methods shown in the flowcharts. The program code, when executed in a computer system, causes the computer system to perform the methods provided by embodiments of the present disclosure.
The above-described functions defined in the system/apparatus of the embodiments of the present disclosure are performed when the computer program is executed by the processor 1001. The systems, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
In one embodiment, the computer program may be based on a tangible storage medium such as an optical storage device, a magnetic storage device, or the like. In another embodiment, the computer program may also be transmitted in the form of signals on a network medium, distributed, and downloaded and installed via the communication section 1009, and/or installed from the removable medium 1011. The computer program may include program code that may be transmitted using any appropriate network medium, including but not limited to: wireless, wired, etc., or any suitable combination of the foregoing.
In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 1009, and/or installed from the removable medium 1011. The above-described functions defined in the system of the embodiments of the present disclosure are performed when the computer program is executed by the processor 1001. The systems, devices, apparatus, modules, units, etc. described above may be implemented by computer program modules according to embodiments of the disclosure.
According to embodiments of the present disclosure, program code for performing computer programs provided by embodiments of the present disclosure may be written in any combination of one or more programming languages, and in particular, such computer programs may be implemented in high-level procedural and/or object-oriented programming languages, and/or assembly/machine languages. Programming languages include, but are not limited to, such as Java, c++, python, "C" or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, partly on a remote computing device, or entirely on the remote computing device or server. In the case of remote computing devices, the remote computing device may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to an external computing device (e.g., connected via the Internet using an Internet service provider).
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present disclosure. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
Those skilled in the art will appreciate that the features recited in the various embodiments of the disclosure and/or in the claims may be combined in various combinations and/or combinations, even if such combinations or combinations are not explicitly recited in the disclosure. In particular, the features recited in the various embodiments of the present disclosure and/or the claims may be variously combined and/or combined without departing from the spirit and teachings of the present disclosure. All such combinations and/or combinations fall within the scope of the present disclosure.
The embodiments of the present disclosure are described above. However, these examples are for illustrative purposes only and are not intended to limit the scope of the present disclosure. Although the embodiments are described above separately, this does not mean that the measures in the embodiments cannot be used advantageously in combination. The scope of the disclosure is defined by the appended claims and equivalents thereof. Various alternatives and modifications can be made by those skilled in the art without departing from the scope of the disclosure, and such alternatives and modifications are intended to fall within the scope of the disclosure.

Claims (14)

1. A database migration method based on a lattice cryptographic algorithm is applied to a target-side database, wherein the method comprises the following steps:
Generating a public key and a private key based on a lattice cryptographic algorithm, wherein the public key comprises two parameters A and b, wherein A is an m×n random matrix, b=As+e, e is an m-dimensional error vector, s is a private key corresponding to the public key, and s is an n-dimensional random vector;
sending the public key to a source database;
receiving a temporary table sent by the source database, wherein the temporary table stores encrypted data, each encrypted data comprises paired data u and v, and the paired data u and v are obtained by encrypting plaintext data x to be migrated in the source database by utilizing the public key based on the lattice cryptographic algorithm; and
and decrypting the plaintext data x from each piece of encrypted data by using the private key s.
2. The method of claim 1, wherein said decrypting plaintext data x from each piece of encrypted data using the private key s comprises:
when decrypting, calculating w=v-us, and then calculating plaintext data x=w mod q;
and q is a modulus selected when the target database generates the public key and the private key based on the lattice cryptographic algorithm.
3. The method of claim 1, wherein the generating public and private keys based on a lattice-password algorithm comprises:
Obtaining basic parameters, wherein the basic parameters comprise a modulus q, a dimension n, error distribution χ and a random matrix A; and
based on the basic parameters, the public key and the private key are calculated based on the lattice cryptographic algorithm, wherein e in b=as+e is a vector extracted from the error distribution χ.
4. The method of claim 1, wherein the method further comprises:
receiving a table name relation corresponding table, wherein the table name relation corresponding table stores the table name of a temporary table sent by the source end database outwards and the naming rule corresponding relation of the table name of the source table stored in the source end database;
reading the table name of the temporary table;
creating a target table consistent with the table name of the source table according to the naming rule corresponding relation in the table name relation corresponding table; and
outputting the decrypted plaintext data to the target table.
5. The method of claim 4, wherein the temporary table further stores therein table structure conversion information including a data structure conversion relationship when outputting data in each field of the source table to the same field of the target table, and the outputting decrypted plaintext data to the target table further comprises:
And converting the data structure of the plaintext data according to the field where the decrypted plaintext data is located and the data structure conversion relation, and outputting the conversion result to the target table.
6. A database migration method based on a lattice cryptographic algorithm is applied to a source database, wherein the method comprises the following steps:
receiving a public key issued by a target end database, wherein the public key is generated based on a lattice cryptographic algorithm and comprises two parameters A and b, wherein A is an m multiplied by n random matrix, and b is an m-dimensional vector;
creating a temporary table corresponding to the source table;
encrypting plaintext data x to be migrated in the source table by using the public key based on the lattice cryptographic algorithm to obtain encrypted data corresponding to the plaintext data x, wherein the encrypted data comprises paired data u and v, wherein u=ar, v=br+x, and r is a random vector selected by the source database;
outputting the encrypted data to the temporary table; and
after encrypting all plaintext data to be migrated in the source table and outputting the encrypted plaintext data to the temporary table, sending the temporary table to the target database; the target end database stores a private key s corresponding to the public key, wherein b=as+e, e is an m-dimensional error vector, and s is an n-dimensional random vector; the target end database can decrypt the encrypted data by utilizing the private key s based on the lattice cryptographic algorithm to obtain the plaintext data.
7. The method of claim 6, wherein the creating a temporary table corresponding to a source table comprises:
acquiring the capacity of a storage space for storing the temporary table in the source database; and
when the capacity of the storage space for storing the temporary table meets the requirement, the temporary table is created.
8. The method of claim 6, wherein the method further comprises:
creating a table name relation corresponding table, wherein the table name relation corresponding table stores the table name of the temporary table and the naming rule corresponding relation of the table name of the source table; and
and sending the table name relation corresponding table to the target end database.
9. The method of claim 6, wherein prior to said sending the temporary table to the target database, the method further comprises:
when the types of the source end database and the target end database are different, generating table structure conversion information, wherein the table structure conversion information comprises a data structure conversion relation when data in each field in the source table is output to the same field in the target table; and
and storing the table structure conversion information into the temporary table.
10. A database migration device based on a lattice cryptographic algorithm, which is disposed in a target database, wherein the device comprises:
the secret key calculation module is used for generating a public key and a private key based on a lattice cryptographic algorithm, wherein the public key comprises two parameters A and b, A is an m multiplied by n random matrix, b=As+e, e is an m-dimensional error vector, s is a private key corresponding to the public key, and s is an n-dimensional random vector;
the secret key issuing module is used for sending the public key to the source end database;
the data receiving initialization module is used for receiving a temporary table sent by the source end database, wherein the temporary table stores encrypted data, each encrypted data comprises paired data u and v, and the paired data u and v are obtained by encrypting plaintext data x to be migrated in the source end database by utilizing the public key based on the lattice cryptographic algorithm; and
and the data decryption module is used for decrypting the plaintext data x from each encrypted data by using the private key s.
11. A database migration device based on a lattice cryptographic algorithm, disposed in a source database, wherein the device includes:
the temporary table establishing module is used for establishing a temporary table corresponding to the source table;
An encryption result generation module, configured to:
receiving a public key issued by a target end database, wherein the public key is generated based on a lattice cryptographic algorithm and comprises two parameters A and b, wherein A is an m multiplied by n random matrix, and b is an m-dimensional random vector; and
encrypting plaintext data x to be migrated in the source table by using the public key based on the lattice cryptographic algorithm to obtain encrypted data corresponding to the plaintext data x, wherein the encrypted data comprises paired data u and v, wherein u=ar, v=br+x, and r is a random vector selected by the source database;
the ciphertext storage module is used for outputting the encrypted data to the temporary table;
the ciphertext sending module is used for sending the temporary table to the target end database after encrypting and outputting all plaintext data to be migrated in the source table to the temporary table; the target end database stores a private key s corresponding to the public key, wherein b=as+e, e is an m-dimensional error vector, and s is an n-dimensional random vector; the target end database can decrypt the encrypted data by utilizing the private key s based on the lattice cryptographic algorithm to obtain the plaintext data.
12. An electronic device, comprising:
one or more processors;
a memory for storing one or more programs,
wherein the one or more programs, when executed by the one or more processors, cause the one or more processors to perform the method of any of claims 1-9.
13. A computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the method of any of claims 1 to 9.
14. A computer program product comprising computer program instructions which, when executed by a processor, implement the method of any one of claims 1 to 9.
CN202310889737.2A 2023-07-19 2023-07-19 Database migration method, device, equipment and medium based on lattice cryptographic algorithm Pending CN116894025A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310889737.2A CN116894025A (en) 2023-07-19 2023-07-19 Database migration method, device, equipment and medium based on lattice cryptographic algorithm

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310889737.2A CN116894025A (en) 2023-07-19 2023-07-19 Database migration method, device, equipment and medium based on lattice cryptographic algorithm

Publications (1)

Publication Number Publication Date
CN116894025A true CN116894025A (en) 2023-10-17

Family

ID=88311906

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310889737.2A Pending CN116894025A (en) 2023-07-19 2023-07-19 Database migration method, device, equipment and medium based on lattice cryptographic algorithm

Country Status (1)

Country Link
CN (1) CN116894025A (en)

Similar Documents

Publication Publication Date Title
CN110417726B (en) Key management method and related equipment
US9152805B2 (en) Security device
CN102546607B (en) Providing security services on the cloud
US20170310479A1 (en) Key Replacement Direction Control System and Key Replacement Direction Control Method
CN111555880B (en) Data collision method and device, storage medium and electronic equipment
CN108632031B (en) Key generation device and method, encryption device and method
CN111131278A (en) Data processing method and device, computer storage medium and electronic equipment
US20190327088A1 (en) Method for Leakage-Resilient Distributed Function Evaluation with CPU-Enclaves
US20220006615A1 (en) Computer-implemented system and method for distributing shares of digitally signed data
KR20210151016A (en) Key protection processing method, apparatus, device and storage medium
CN105071935A (en) Data processing method, heterogeneous system and integrated system
US7894608B2 (en) Secure approach to send data from one system to another
CN111783129A (en) Data processing method and system for protecting privacy
US11431489B2 (en) Encryption processing system and encryption processing method
US9571273B2 (en) Method and system for the accelerated decryption of cryptographically protected user data units
US11658806B2 (en) Identity-based hash proof system configuration apparatus, identity-based encryption apparatus, identity-based hash proof system configuration method and program
US10333703B2 (en) Key exchange process
CN113595742B (en) Data transmission method, system, computer device and storage medium
KR100817048B1 (en) Method and apparatus of Different Faults AnalysisDFA countermeasure based on different point representation for Elliptic Curve CryptographyECC
CN111125788B (en) Encryption calculation method, computer equipment and storage medium
JP4995667B2 (en) Information processing apparatus, server apparatus, information processing program, and method
CN115883212A (en) Information processing method, device, electronic equipment and storage medium
CN115396179A (en) Data transmission method, device, medium and equipment based on block chain
CN116894025A (en) Database migration method, device, equipment and medium based on lattice cryptographic algorithm
CN110955883B (en) Method, device, equipment and storage medium for generating user key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination