CN117972795A - Secure retrieval method and device for secret space keywords based on exclusive or filter - Google Patents

Secure retrieval method and device for secret space keywords based on exclusive or filter Download PDF

Info

Publication number
CN117972795A
CN117972795A CN202410382369.7A CN202410382369A CN117972795A CN 117972795 A CN117972795 A CN 117972795A CN 202410382369 A CN202410382369 A CN 202410382369A CN 117972795 A CN117972795 A CN 117972795A
Authority
CN
China
Prior art keywords
xor
secure
filter
security
query
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202410382369.7A
Other languages
Chinese (zh)
Other versions
CN117972795B (en
Inventor
陈振娅
邓宇燊
杨明
吴晓明
霍吉东
王鑫
穆超
徐硕
吴法宗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qilu University of Technology
National Supercomputing Center in Jinan
Original Assignee
Qilu University of Technology
National Supercomputing Center in Jinan
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qilu University of Technology, National Supercomputing Center in Jinan filed Critical Qilu University of Technology
Priority to CN202410382369.7A priority Critical patent/CN117972795B/en
Publication of CN117972795A publication Critical patent/CN117972795A/en
Application granted granted Critical
Publication of CN117972795B publication Critical patent/CN117972795B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/31Indexing; Data structures therefor; Storage structures
    • G06F16/316Indexing structures
    • G06F16/322Trees
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/33Querying
    • G06F16/3331Query processing
    • G06F16/3332Query translation
    • G06F16/3334Selection or weighting of terms from queries, including natural language queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Bioethics (AREA)
  • Artificial Intelligence (AREA)
  • Computational Linguistics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to the technical field of data security, and particularly relates to a secure retrieval method and device for a secret space keyword based on an exclusive or filter. The method comprises the following steps: the data owner end builds a security tree index based on the security exclusive OR filter and the geographic hash code, encrypts the space text data set by using a secret key, and uploads the security tree index and the encrypted space text data set to the cloud server end; giving a query by a user terminal, generating a trapdoor based on the query, and uploading the trapdoor to a cloud server terminal; the cloud server searches the target space object in the security tree index according to the trapdoor, and returns a result set formed by ciphertext of the target space object to the user side; and the user side inquires complete ciphertext information according to the result set, and decrypts the ciphertext information by using the key to obtain plaintext information. The invention realizes the return of the space text data information which the user expects to inquire in a certain space range, provides privacy protection and improves the accuracy of the inquiry result.

Description

基于异或过滤器的密态空间关键字安全检索方法及装置Method and device for secure retrieval of keywords in secret space based on XOR filter

技术领域Technical Field

本发明属于数据安全的技术领域,更具体地,涉及一种基于异或过滤器的密态空间关键字安全检索方法及装置。The present invention belongs to the technical field of data security, and more specifically, relates to a method and device for secure retrieval of keywords in a secret space based on an XOR filter.

背景技术Background technique

随着移动互联网和GPS设备的普及,空间文本数据被广泛应用于基于位置的服务、个性化查询服务等各种服务中。在空间文本数据库中存在一种典型的查询,即布尔范围查询(Boolean Range Query),该查询要考虑空间几何范围和文本关键字,它能够给定一个查询范围和一组空间对象的文本关键字,用户可从空间文本数据集中检索出符合要求的所有空间对象。With the popularity of mobile Internet and GPS devices, spatial text data is widely used in various services such as location-based services and personalized query services. There is a typical query in spatial text databases, namely Boolean Range Query, which takes into account spatial geometric range and text keywords. It can give a query range and a set of text keywords of spatial objects, and users can retrieve all spatial objects that meet the requirements from the spatial text dataset.

越来越多的数据拥有者出于成本节约和服务灵活性的考虑,选择将他们的数据服务外包给云计算。然而,外包给云计算的数据和服务需得到隐私保护。目前很多支持隐私保护的空间关键字查询方案在设计索引时会使用布隆过滤器进行编码。More and more data owners choose to outsource their data services to cloud computing for cost savings and service flexibility. However, the data and services outsourced to cloud computing need to be privacy protected. Currently, many spatial keyword query solutions that support privacy protection use Bloom filters for encoding when designing indexes.

中国专利文献CN117349878A公开一种智慧医疗中关键字搜索和多维范围查询隐私保护方法,医疗机构将拥有的医疗数据通过索引树R-tree进行索引,并外包给云服务器来提供数据查询服务;双云服务器拥有强大的计算能力和存储空间,存储外包的加密数据,共同为授权用户提供多维范围查询服务;授权用户需要进行关键字搜索和多维范围查询的实体,授权用户在系统中注册时,系统会将身份id和哈希消息认证码发送给授权用户,用于在之后对查询数据进行隐私计算;其中,在对多维数据进行编码时,采用布隆过滤器BF对其进行编码。该方法确保云服务器提供多维范围查询服务的安全性与可靠性,同时满足多维范围查询多样性的查询需求。Chinese patent document CN117349878A discloses a privacy protection method for keyword search and multi-dimensional range query in smart medical care. Medical institutions index their medical data through the index tree R-tree and outsource it to the cloud server to provide data query services. The dual cloud servers have powerful computing power and storage space to store outsourced encrypted data and jointly provide multi-dimensional range query services for authorized users. Authorized users need to perform keyword search and multi-dimensional range query entities. When the authorized user registers in the system, the system will send the identity ID and hash message authentication code to the authorized user for privacy calculation of the query data later. When encoding the multi-dimensional data, the Bloom filter BF is used to encode it. This method ensures the security and reliability of the multi-dimensional range query service provided by the cloud server, while meeting the query requirements of the diversity of multi-dimensional range queries.

中国专利文献CN111935141A公开一种针对密态数据的单次不经意抗链接的查询系统与方法,是应用于由多个数据上传模块、多个数据请求模块与一个数据云存储模块所构成的网络环境中;数据上传模块计算数据的安全树索引,并与加密数据一起上传到数据云存储模块且与一些数据上传模块共享密钥;数据请求模块生成查询令牌,将令牌提交到数据云存储模块,等待数据发回后解密匹配的数据,否则一直等待有效数据;数据云存储模块从数据上传模块接收安全树索引与加密数据,从数据请求模块接收令牌,使用令牌搜索安全树索引并返回查询结果,否则返回空值;其中,数据上传方初始化一个空的无法区分布隆过滤器Bn,并设置从而将一组前缀Sn中的第k个前缀prk与一个随机数rn嵌入到布隆过滤器Bn中,数据上传方将由布隆过滤器Bn和随机数rn构成的安全树索引以及加密后的数据提交到所述数据云存储方。该方法能够保护数据请求方的隐私不受不可信的数据云存储方的侵害。Chinese patent document CN111935141A discloses a single inadvertent anti-link query system and method for confidential data, which is applied to a network environment composed of multiple data upload modules, multiple data request modules and a data cloud storage module; the data upload module calculates the security tree index of the data, and uploads it to the data cloud storage module together with the encrypted data and shares the key with some data upload modules; the data request module generates a query token, submits the token to the data cloud storage module, waits for the data to be sent back and decrypts the matching data, otherwise it waits for valid data; the data cloud storage module receives the security tree index and encrypted data from the data upload module, receives the token from the data request module, uses the token to search the security tree index and returns the query result, otherwise it returns a null value; wherein, the data uploader initializes an empty indistinguishable Bloom filter Bn, and sets so that the kth prefix prk in a set of prefixes Sn and a random number rn are embedded in the Bloom filter Bn, and the data uploader submits the security tree index composed of the Bloom filter Bn and the random number rn and the encrypted data to the data cloud storage party. The method can protect the privacy of the data requester from being infringed by the untrusted data cloud storage party.

然而,布隆过滤器需要存储多个哈希函数的结果,占用大量空间,并且存在较高的误判率,可能导致查询到的结果不准确。However, Bloom filters need to store the results of multiple hash functions, which takes up a lot of space and has a high misjudgment rate, which may lead to inaccurate query results.

发明内容Summary of the invention

本发明旨在克服上述现有技术的至少一种缺陷,提供一种基于异或过滤器的密态空间关键字安全检索方法,用于在一定空间范围内返回用户期望查询的空间文本数据信息并提供隐私保护,同时提高查询结果的准确性。The present invention aims to overcome at least one defect of the above-mentioned prior art and provide a dense spatial keyword security retrieval method based on XOR filter, which is used to return the spatial text data information that the user expects to query within a certain spatial range and provide privacy protection, while improving the accuracy of the query results.

本发明还公开一种加载有基于异或过滤器的密态空间关键字安全检索方法的装置。The invention also discloses a device loaded with a secret space keyword security retrieval method based on an XOR filter.

本发明详细的技术方案如下:The detailed technical scheme of the present invention is as follows:

一种基于异或过滤器的密态空间关键字安全检索方法,所述方法包括:A method for secure retrieval of keywords in a secret space based on an XOR filter, the method comprising:

S1、数据拥有者端构建安全异或过滤器,并基于安全异或过滤器和地理哈希编码构建安全树索引,使用密钥对空间文本数据集进行加密,并将所述安全树索引以及加密后的所述空间文本数据集上传至云服务器端;S1. The data owner constructs a secure XOR filter and builds a secure tree index based on the secure XOR filter and geo-hash encoding, using the key Encrypting the spatial text data set, and uploading the security tree index and the encrypted spatial text data set to the cloud server;

S2、用户端给定查询,基于所述查询/>生成陷门/>,并将所述陷门上传至云服务器端,其中,所述查询/>,/>表示查询点的位置信息,/>表示查询关键字信息,/>表示查询点的空间范围;S2. User-side query , based on the query/> Generate a trapdoor/> , and the trapdoor Upload to the cloud server, where the query/> ,/> Indicates the location information of the query point, /> Indicates query keyword information, /> Indicates the spatial range of the query point;

S3、云服务器端根据所述陷门在所述安全树索引中搜索目标空间对象/>,并将由所述目标空间对象/>的密文/>构成的结果集/>返回给用户端;S3, the cloud server side according to the trap door Search the target space object in the security tree index/> , and will be represented by the target space object/> The ciphertext/> The result set is composed of Return to the user end;

S4、用户端根据所述结果集查询完整的密文信息/>,并使用密钥对所述密文信息/>进行解密,得到明文信息。S4: The user terminal determines the result set Query complete ciphertext information/> , and use the key The ciphertext information/> Decrypt and get the plaintext information.

根据本发明优选的,所述步骤S1中,所述构建安全异或过滤器,具体包括:Preferably, according to the present invention, in step S1, constructing a secure XOR filter specifically includes:

S10、将集合中的元素映射到安全异或过滤器/>中,得到:S10, will gather The elements in are mapped to the safe XOR filter /> In, we get:

(2); (2);

式(2)中,为集合/>的安全异或过滤器,/>为异或过滤器,/>为随机数;In formula (2), For the collection/> Security XOR filter, /> is an XOR filter, /> is a random number;

S11、将集合中的元素依次添加到数组/>中,每个元素/>分别对应生成三组哈希函数/>、/>和/>,基于所述哈希函数/>、/>和/>,计算得到元素/>对应的三个哈希值,即/>、/>和/>;其中/>,/>表示集合/>的长度;S11. Gather The elements in are added to the array in sequence /> In this case, each element Generate three sets of hash functions respectively/> 、/> and/> , based on the hash function/> 、/> and/> , calculate the element/> The corresponding three hash values are: 、/> and/> ; where /> ,/> Represents a collection /> length;

S12、基于每个元素的三个哈希值/>、/>和/>,将所述元素/>放置到数组/>对应的位置上,对数组/>进行迭代,以找出仅包含一个元素/>的位置,并初始化一个队列,将该元素/>的下标/>加入队列中;S12, based on each element The three hash values of /> 、/> and/> , the element /> Put into array /> At the corresponding position, the array /> Iterate to find the list containing only one element/> Position, and initialize a queue, the element/> Subscript /> Join the queue;

S13、从所述队列的队首取出存放的下标,并从数组/>中获取所述下标对应的元素/>,再将其以/>的形式记录到一个栈中,同时从数组/>中移除元素/>,当数组/>中再次出现只包含一个元素/>的位置时,将该元素/>的下标/>添加到队列中,直至数组/>的位置上不再出现元素/>,然后继续依次从所述队列的队中取出存放的下标/>,并重复上述操作,直至队列为空;S13, taking out the stored index from the head of the queue and from the array /> Get the subscript Corresponding elements/> , and then use/> The form is recorded into a stack, and at the same time from the array /> Remove elements from /> , when the array /> It appears again in the same directory containing only one element /> , place the element /> Subscript /> Add to the queue until the array /> No more elements appear at the position of /> , and then continue to take out the stored indexes from the queue in turn/> , and repeat the above steps until the queue is empty;

S14、创建一个与数组等长的新数组,并将新数组的初始值全部填充为随机值,从所述栈的栈顶中逐个取出记录的/>,计算元素/>的/>标识值,并将所述/>标识值更新到安全异或过滤器/>中;S14. Create an array A new array of the same length is created, and the initial values of the new array are all filled with random values, and the records are taken out one by one from the top of the stack. , calculation element/> /> Identify the value and put the /> The flag value is updated to the security XOR filter /> middle;

S15、找出每个元素的三个哈希值/>、/>和/>中与其下标/>不一致的两个哈希值,获取在安全异或过滤器/>中以这两个哈希值为下标的值,并将其与所述标识值进行异或运算,最后在安全异或过滤器/>中对异或运算结果进行更新。S15. Find each element The three hash values of /> 、/> and/> In and its subscript/> If the two hash values are inconsistent, get the secure XOR filter /> The two hash values are used as subscripts in the The identification value is XORed and finally in the security XOR filter/> Update the XOR operation result in .

根据本发明优选的,所述步骤S1中,所述构建安全树索引的表达式为:Preferably, according to the present invention, in step S1, the expression for constructing the security tree index is:

(3); (3);

式(3)中,为安全树索引,/>为空间文本数据;In formula (3), is a safe tree index,/> It is spatial text data;

所述基于安全异或过滤器和地理哈希编码构建安全树索引,具体包括:The construction of a secure tree index based on a secure XOR filter and a geographic hash code specifically includes:

S16、利用字符随机分配的方式,根据空间文本数据的地理哈希编码,将空间对象以的形式生成叶节点,构建明文的树索引,其中,/>表示空间对象的唯一标识符,/>表示空间对象的地理哈希编码的前缀编码簇,表示空间对象的关键字集;S16, using the random character distribution method, according to the geographic hash code of the spatial text data, the spatial object is Generate leaf nodes in the form of and construct a tree index of plain text, where, /> A unique identifier representing a spatial object. A cluster of prefix codes representing the geohash codes of spatial objects. A set of keywords representing spatial objects;

S17、对构建的所述明文的树索引进行加密,在非叶节点中,使用伪随机计数器生成伪随机数种子/>,再使用伪随机数种子/>生成由/>分配的字符集对应的/>值,并将其映射到安全异或过滤器/>中,即:S17, encrypt the constructed tree index of the plaintext, and use a pseudo-random counter in the non-leaf node Generate a pseudo-random number seed/> , and then use the pseudo-random number seed/> Generated by /> The assigned character set corresponds to /> value and map it to the secure XOR filter /> In Chinese, that is:

(4); (4);

式(4)中,为非叶节点的安全异或过滤器,/>为异或过滤器,表示字符集对应的/>值;In formula (4), is a safe XOR filter for non-leaf nodes,/> is an XOR filter, Indicates the character set corresponding to /> value;

在叶节点中,使用密钥对空间对象的/>进行加密,得到空间对象/>的密文,使用伪随机数种子/>将地理哈希编码的前缀编码簇/>包含的所有前缀编码生成对应的/>值,并将生成的所有/>值映射到安全异或过滤器/>中,即:In the leaf node, use the key For spatial objects/> Encrypt and get the space object/> The ciphertext , using a pseudo-random number seed/> The prefix encoding cluster of geo-hashed codes/> All prefix codes included generate corresponding /> value, and all generated /> Values are mapped to safe XOR filters /> In Chinese, that is:

(5); (5);

式(5)中,为前缀编码簇的安全异或过滤器,/>为异或过滤器,/>表示地理哈希编码的前缀编码簇/>包含的所有前缀编码对应的/>值;In formula (5), A secure XOR filter for prefix encoding clusters, /> is an XOR filter, /> Prefix code cluster representing geographic hash code/> All prefix codes included correspond to/> value;

并且,在叶节点中,使用伪随机数种子将关键字集/>中所有的关键字分别生成对应/>值,并映射到安全异或过滤器/>中,即:And, in the leaf nodes, use the pseudo-random number seed Set keyword /> All keywords in the above code generate corresponding /> Value, and mapped to the security XOR filter /> In Chinese, that is:

(6); (6);

式(6)中,为关键字的安全异或过滤器,/>为异或过滤器,/>表示关键字集/>中所有的关键字对应的/>值。In formula (6), A safe XOR filter for keywords, /> is an XOR filter, /> Indicates a keyword set/> All keywords in the corresponding /> value.

根据本发明优选的,所述步骤S1中,所述使用密钥对空间文本数据集进行加密,具体为:According to a preferred embodiment of the present invention, in step S1, the key is used Encrypt the spatial text dataset, specifically:

(7); (7);

式(7)中,为加密后的空间文本数据集,/>为空间文本数据集,包括了空间数据和文本数据,/>为密钥。In formula (7), is the encrypted spatial text dataset, /> It is a spatial text dataset, including spatial data and text data./> is the key.

根据本发明优选的,所述步骤S2中,基于所述查询生成陷门/>,具体为:According to a preferred embodiment of the present invention, in step S2, based on the query Generate a trapdoor/> ,Specifically:

(8); (8);

式(8)中,为陷门,/>表示查询点的位置信息,/>表示查询关键字信息,/>表示查询点的空间范围;In formula (8), For trapdoor, /> Indicates the location information of the query point, /> Indicates query keyword information, /> Indicates the spatial range of the query point;

其中,对于查询点的位置信息,将其中的查询坐标转变为地理哈希编码,并根据给定的空间范围/>,计算出对应的前缀编码/>,使用伪随机数种子/>计算所述前缀编码/>本身的/>值/>以及前缀编码/>中每个字符的/>值/>Among them, for the location information of the query point , converting the query coordinates into geographic hash codes and sparsely according to the given spatial range/> , calculate the corresponding prefix code/> , using a pseudo-random number seed/> Calculate the prefix code/> Its own/> Value/> And prefix encoding/> For each character in /> Value/> :

(9); (9);

式(9)中,为前缀编码/>本身的/>值,/>表示前缀编码中第/>个字符的/>值,/>表示前缀编码/>中每个字符的/>值构成的集合,/>表示前缀编码/>的字符长度;In formula (9), Encode the prefix /> Its own/> Value, /> Indicates prefix encoding Middle/> Characters/> Value, /> Indicates prefix code/> For each character in /> A collection of values, /> Indicates prefix code/> The character length of

对于查询关键字信息,使用伪随机数种子/>分别计算关键字集/>中所有关键字的/>值,将其表示为/>For query keyword information , using a pseudo-random number seed/> Calculate the keyword set separately/> All keywords in /> Value, expressed as /> :

(10); (10);

式(10)中,表示关键字集/>中所有关键字的/>值构成的集合,表示关键字集/>中第/>个关键字的/>值,/>表示关键字集中关键字的数量。In formula (10), Indicates a keyword set/> All keywords in /> A collection of values, Indicates a keyword set/> Middle/> Keywords/> Value, /> Represents a keyword set The number of keywords in .

根据本发明优选的,所述步骤S3中,所述结果集的表达式为:According to a preferred embodiment of the present invention, in step S3, the result set The expression is:

(11); (11);

式(11)中,表示陷门,/>表示安全树索引;In formula (11), Indicates a trapdoor, /> Represents a safe tree index;

所述云服务器端根据所述陷门在所述安全树索引中搜索目标空间对象,具体包括:The cloud server end according to the trap door Searching for a target spatial object in the secure tree index , specifically including:

S31、遍历所述前缀编码中每个字符的/>值/>构成的集合/>,在所述安全树索引中搜索所述/>值/>所存在的安全异或过滤器/>对应的非叶节点,以确定搜索范围;S31, traversing the prefix code For each character in /> Value/> The collection of components /> , search the security tree index for the /> Value/> Existing security XOR filters/> The corresponding non-leaf nodes to determine the search range;

S32、找出所述搜索范围内的所有叶节点,判断每个叶节点中的前缀编码是否在安全异或过滤器/>中,若在,则继续判断其关键字集/>中的所有关键字是否在安全异或过滤器/>中,若在,则将该叶节点中存储的空间对象确定为目标空间对象/>,并将该目标空间对象/>的密文/>加入结果集/>中。S32, find all leaf nodes within the search range, and determine the prefix code in each leaf node Is it in the security XOR filter/> If it is in, continue to judge its keyword set/> Are all keywords in the security XOR filter/> If so, the spatial object stored in the leaf node is determined as the target spatial object/> , and the target space object/> The ciphertext/> Add result set /> middle.

根据本发明优选的,所述步骤S4中,使用密钥对所述密文信息/>进行解密,具体为:According to the preferred embodiment of the present invention, in step S4, a key is used The ciphertext information/> Decryption, specifically:

(12); (12);

式(12)中,为解密后得到的明文信息,/>表示根据结果集找到的完整密文信息,/>为密钥。In formula (12), is the plaintext information obtained after decryption,/> Indicates the complete ciphertext information found according to the result set,/> is the key.

在本发明的另一个方面当中,提供了一种实现基于异或过滤器的密态空间关键字安全检索方法的装置,所述装置包括数据拥有者端、用户端以及云服务器端,其中:In another aspect of the present invention, a device for implementing a method for secure keyword retrieval in a secret space based on an XOR filter is provided, the device comprising a data owner end, a user end, and a cloud server end, wherein:

所述数据拥有者端用于构建安全异或过滤器,并基于安全异或过滤器和地理哈希编码构建安全树索引,使用密钥对空间文本数据集进行加密,并将所述安全树索引以及加密后的所述空间文本数据集上传至云服务器端;The data owner is used to construct a secure XOR filter and to construct a secure tree index based on the secure XOR filter and the geographic hash code, using the key Encrypting the spatial text data set, and uploading the security tree index and the encrypted spatial text data set to the cloud server;

所述用户端用于给定查询,基于所述查询/>生成陷门/>,并将所述陷门上传至云服务器端;以及用于根据结果集/>查询完整的密文信息/>,并使用密钥/>对所述密文信息/>进行解密,得到明文信息;The client is used to give a query , based on the query/> Generate a trapdoor/> , and the trapdoor Upload to the cloud server; and use it according to the result set/> Query complete ciphertext information/> , and use the key /> The ciphertext information/> Decrypt and obtain the plaintext information;

所述云服务器端用于根据所述陷门在所述安全树索引中搜索目标空间对象/>,并将由所述目标空间对象/>的密文/>构成的结果集/>返回给用户端。The cloud server is used to Search the target space object in the security tree index/> , and will be represented by the target space object/> The ciphertext/> The result set is composed of Return to the user.

在本发明的另一个方面当中,还提供了一种电子设备,包括:In another aspect of the present invention, there is also provided an electronic device, comprising:

至少一个处理器;以及at least one processor; and

存储器,所述存储器存储指令,当所述指令被所述至少一个处理器执行时,使得所述至少一个处理器执行如上所述的基于异或过滤器的密态空间关键字安全检索方法。A memory storing instructions, which, when executed by the at least one processor, enables the at least one processor to execute the encrypted space keyword security retrieval method based on XOR filter as described above.

在本发明的另一个方面当中,还提供了一种机器可读存储介质,其存储有可执行指令,所述指令当被执行时使得所述机器执行如上所述的基于异或过滤器的密态空间关键字安全检索方法。In another aspect of the present invention, a machine-readable storage medium is provided, which stores executable instructions, and when the instructions are executed, the machine executes the encrypted space keyword security retrieval method based on XOR filter as described above.

与现有技术相比,本发明的有益效果为:Compared with the prior art, the present invention has the following beneficial effects:

(1)本发明提供的一种基于异或过滤器的密态空间关键字安全检索方法,结合安全异或过滤器以及地理哈希编码构建安全树索引,并将其上传至云服务器端,使得云服务器端在执行查询处理中,能够以较高准确率以及较少的内存占用空间查询空间对象。(1) The present invention provides a method for secure retrieval of keywords in a dense space based on an XOR filter, which combines a secure XOR filter and a geographic hash code to construct a secure tree index, and uploads it to a cloud server, so that the cloud server can query spatial objects with higher accuracy and less memory usage during query processing.

(2)本发明中,用户端可根据云服务器端返回的结果集查询完整的密文信息,并使用密钥/>对该密文信息/>进行解密,得到明文信息,从而完成空间关键字的查询,这一过程实现在云服务器端上高效准确地检索符合用户查询条件的空间对象,没有泄露任何信息,保证了数据隐私,在保证较强安全性的同时实现高效搜索。(2) In the present invention, the user end can use the result set returned by the cloud server end to Query complete ciphertext information , and use the key /> For this ciphertext information/> Decryption is performed to obtain plaintext information, thereby completing the query of spatial keywords. This process enables efficient and accurate retrieval of spatial objects that meet the user's query conditions on the cloud server side without leaking any information, ensuring data privacy and achieving efficient search while ensuring strong security.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1是本发明所述基于异或过滤器的密态空间关键字安全检索方法的执行流程图。FIG1 is an execution flow chart of the method for secure keyword retrieval in a secret space based on an XOR filter according to the present invention.

图2是本发明实施例1中异或过滤器和布隆过滤器在相同的过滤器长度下随着插入数据数量的增加产生误判率的对比图。FIG2 is a comparison diagram of the misjudgment rates of the XOR filter and the Bloom filter in Example 1 of the present invention as the amount of inserted data increases at the same filter length.

图3是本发明实施例1中的索引生成时间图。FIG. 3 is a time chart of index generation in Embodiment 1 of the present invention.

具体实施方式Detailed ways

下面结合附图与实施例对本公开做进一步说明。The present disclosure is further described below in conjunction with the accompanying drawings and embodiments.

应该指出,以下详细说明都是示例性的,旨在对本公开提供进一步的说明。除非另有指明,本文使用的所有技术和科学术语具有与本公开所属技术领域的普通技术人员通常理解的相同含义。It should be noted that the following detailed descriptions are exemplary and are intended to provide further explanation of the present disclosure. Unless otherwise specified, all technical and scientific terms used herein have the same meanings as those commonly understood by those skilled in the art to which the present disclosure belongs.

需要注意的是,这里所使用的术语仅是为了描述具体实施方式,而非意图限制根据本公开的示例性实施方式。如在这里所使用的,除非上下文另外明确指出,否则单数形式也意图包括复数形式,此外,还应当理解的是,当在本说明书中使用术语“包含”和/或“包括”时,其指明存在特征、步骤、操作、器件、组件和/或它们的组合。It should be noted that the terms used herein are only for describing specific embodiments and are not intended to limit the exemplary embodiments according to the present disclosure. As used herein, unless the context clearly indicates otherwise, the singular form is also intended to include the plural form. In addition, it should be understood that when the terms "comprising" and/or "including" are used in this specification, it indicates the presence of features, steps, operations, devices, components and/or combinations thereof.

在不冲突的情况下,本公开中的实施例及实施例中的特征可以相互组合。In the absence of conflict, the embodiments in the present disclosure and the features in the embodiments may be combined with each other.

实施例1、Embodiment 1,

参图1,本实施例提供一种基于异或过滤器的密态空间关键字安全检索方法,所述方法包括:Referring to FIG. 1 , this embodiment provides a method for secure keyword retrieval in a secret space based on an XOR filter, the method comprising:

S1、数据拥有者端构建安全异或过滤器,并基于安全异或过滤器和地理哈希编码构建安全树索引,使用密钥对空间文本数据集进行加密,并将所述安全树索引以及加密后的所述空间文本数据集上传至云服务器端。S1. The data owner constructs a secure XOR filter and builds a secure tree index based on the secure XOR filter and geo-hash encoding, using the key The spatial text data set is encrypted, and the security tree index and the encrypted spatial text data set are uploaded to the cloud server.

本实施例中,密钥是由数据拥有者端使用安全参数/>生成的,该密钥/>是用于加密空间文本数据。密钥的生成由下式表示:In this embodiment, the key The data owner uses security parameters/> Generated, the key /> It is used to encrypt spatial text data. The key generation is expressed as follows:

(1)。 (1).

异或过滤器是一种用于高效检查一个元素是否存在于一个集合中的数据结构,通常用于高性能的数据存储和检索系统。异或过滤器的设计受到布隆过滤器的启发,但它在某些方面表现出更高的准确性和更低的内存占用。相对于布隆过滤器,异或过滤器在误判率和空间效率方面表现更优越。而本实施例中,在异或过滤器构建阶段,将数组初始化时的值全部填充为随机数,可以增强异或过滤器的安全性。XOR filter is a data structure used to efficiently check whether an element exists in a set, and is usually used in high-performance data storage and retrieval systems. The design of XOR filter is inspired by Bloom filter, but it shows higher accuracy and lower memory usage in some aspects. Compared with Bloom filter, XOR filter is superior in terms of false positive rate and space efficiency. In this embodiment, in the XOR filter construction stage, all the values of the array are filled with random numbers when it is initialized, which can enhance the security of the XOR filter.

本实施例中,所述步骤S1中,构建安全异或过滤器,具体包括:In this embodiment, in step S1, constructing a secure XOR filter specifically includes:

S10、将集合中的元素映射到安全异或过滤器/>中,可得到:S10, will gather The elements in are mapped to the safe XOR filter /> In this case, we can get:

(2); (2);

式(2)中,为集合/>的安全异或过滤器,/>为异或过滤器,/>为随机数。In formula (2), For the collection/> Security XOR filter, /> is an XOR filter, /> Is a random number.

S11、在构建安全异或过滤器时,先将集合/>中的元素依次添加到数组/>中,每个元素/>分别对应生成三组哈希函数/>、/>和/>,基于生成的三组哈希函数/>、/>和/>,计算得到元素/>对应的三个哈希值,即/>、/>和/>;其中/>,/>表示集合/>的长度。S11. Building a secure XOR filter When , first set the collection /> The elements in are added to the array in sequence /> In this case, each element Generate three sets of hash functions respectively/> 、/> and/> , based on the three sets of hash functions generated/> 、/> and/> , calculate the element/> The corresponding three hash values are: 、/> and/> ; where /> ,/> Represents a collection /> length.

此处,使用三个哈希函数可以最小化实现空间优势所需的内存访问次数。Here, using three hash functions can minimize the number of memory accesses required to achieve space advantage.

S12、接着,根据每个元素的三个哈希值/>、/>和/>,将元素/>放置到数组/>对应的位置上,对数组/>进行迭代,以找出仅包含一个元素/>的位置,并初始化一个队列,将该元素/>的下标/>加入队列中。S12. Then, according to each element The three hash values of /> 、/> and/> , the element /> Put into array /> At the corresponding position, the array /> Iterate to find the list containing only one element/> Position, and initialize a queue, the element/> Subscript /> Join the queue.

S13、然后,从上述队列的队首取出存放的下标,并从数组/>中获取该下标/>对应的元素/>,再将其以/>的形式记录到一个栈中,同时从数组/>中移除元素/>;当数组/>中再次出现只包含一个元素/>的位置时,将该元素/>的下标添加到队列中,直至数组/>的位置上不再出现元素/>;之后,继续依次从队列的队中取出存放的下标/>,并重复上述操作,直至队列为空。S13, then, take out the stored index from the head of the queue and from the array /> Get the subscript in/> Corresponding elements/> , and then use/> The form is recorded into a stack, and at the same time from the array /> Remove elements from /> ; When array /> It appears again in the same directory containing only one element /> , place the element /> Subscript Add to the queue until the array /> No more elements appear at the position of /> ; After that, continue to take out the stored indexes from the queue in turn/> , and repeat the above steps until the queue is empty.

S14、创建一个与数组等长的新数组,并将新数组的初始值全部填充为随机值,从记录的栈的栈顶中逐个取出记录的/>,计算元素/>的/>标识值,/>标识值代表元素/>的唯一标识,再将该/>标识值更新到安全异或过滤器/>中。S14. Create an array Create a new array of equal length, and fill the initial values of the new array with random values, and take out the records one by one from the top of the stack of records. , calculation element/> /> Identification value, /> The identifier value represents the element/> The unique identifier of the The flag value is updated to the security XOR filter /> middle.

S15、找出每个元素的三个哈希值/>、/>和/>中与其下标/>不一致的两个哈希值,获取在安全异或过滤器/>中以这两个哈希值为下标的值,并将其与标识值进行异或运算,最后在安全异或过滤器/>中对异或运算结果进行更新。S15. Find each element The three hash values of /> 、/> and/> In and its subscript/> If the two hash values are inconsistent, get the secure XOR filter /> The two hash values are used as subscripts in the The identification value is XORed and finally in the security XOR filter/> Update the XOR operation result in .

上述为本实施例中构建安全异或过滤器的具体实现过程,基于上述过程,本实施例在构建安全树索引时,结合其应用参数,可分别构建安全树索引的非叶节点的安全异或过滤器以及叶节点中的前缀编码簇的安全异或过滤器/>和关键字的安全异或过滤器/>The above is a specific implementation process of constructing a secure XOR filter in this embodiment. Based on the above process, when constructing a secure tree index, this embodiment can construct secure XOR filters for non-leaf nodes of the secure tree index in combination with its application parameters. and secure XOR filters for prefix-coded clusters in leaf nodes/> Safe XOR filter with keyword /> .

进一步地,本实施例中,构造安全树索引的原理如下:Furthermore, in this embodiment, the principle of constructing the security tree index is as follows:

安全树索引包括非叶节点和叶节点。首先对于树的非叶节点,从其根节点开始,每个非叶节点会按照四叉树的规律,向下延伸四个子节点,这四个子节点,会根据Base32的字符集随机分配8个字符至子节点,然后子节点会对字符进行加密,即将字符映射到相应的安全异或过滤器中。The security tree index includes non-leaf nodes and leaf nodes. First, for the non-leaf nodes of the tree, starting from its root node, each non-leaf node will extend four child nodes downward according to the rules of the quadtree. These four child nodes will randomly assign 8 characters to the child nodes according to the Base32 character set, and then the child nodes will encrypt the characters, that is, map the characters to the corresponding security XOR filter.

然后对于树的叶节点,每个叶节点都对应存储有一个空间对象的文本信息,包括空间对象/>id编码、地理哈希编码的前缀编码簇/>和关键字集/>。其中空间对象/>id是经过密钥/>加密的密文,而地理哈希编码的前缀编码簇和关键字集/>分别会被映射到其对应的安全异或过滤器中。Then for the leaf nodes of the tree, each leaf node stores a corresponding space object. Text information, including spatial objects/> ID encoding, geographic hash encoding prefix encoding cluster/> and keyword set/> . Wherein the spatial object/> The id is passed through the key/> Encrypted ciphertext, while geo-hashed prefix-encoded clusters and keyword set/> They will be mapped to their corresponding security XOR filters respectively.

其中,构建安全树索引可由下式表示:Among them, building a safe tree index can be expressed as follows:

(3); (3);

式(3)中,为安全树索引,/>为空间文本数据。In formula (3), is a safe tree index,/> It is spatial text data.

具体来说,基于安全异或过滤器和地理哈希编码构建安全树索引,具体包括:Specifically, a secure tree index is constructed based on secure XOR filters and geographic hash coding, including:

S16、利用字符随机分配的方式,根据空间文本数据的地理哈希编码,将空间对象以的形式生成叶节点,构建明文的树索引,其中,/>表示空间对象的唯一标识符,/>表示空间对象的地理哈希编码的前缀编码簇,表示空间对象的关键字集。S16, using the random character distribution method, according to the geographic hash code of the spatial text data, the spatial object is Generate leaf nodes in the form of and construct a tree index of plain text, where, /> A unique identifier representing a spatial object. A cluster of prefix codes representing the geohash codes of spatial objects. A set of keywords representing spatial objects.

S17、接着,对构建的所述明文的树索引进行加密,在非叶节点中,使用伪随机计数器生成伪随机数种子/>,再使用伪随机数种子/>生成由/>分配的字符集对应的/>值,并将其映射到安全异或过滤器/>中,即:S17, then, encrypt the constructed tree index of the plaintext, and use a pseudo-random counter in the non-leaf node Generate a pseudo-random number seed/> , and then use the pseudo-random number seed/> Generated by /> The assigned character set corresponds to /> value and map it to the secure XOR filter /> In Chinese, that is:

(4); (4);

式(4)中,为非叶节点的安全异或过滤器,/>为异或过滤器,表示字符集对应的/>值。In formula (4), is a safe XOR filter for non-leaf nodes,/> is an XOR filter, Indicates the character set corresponding to /> value.

而在叶节点中,首先使用密钥对空间对象的/>进行加密,得到空间对象/>的密文/>,使用伪随机数种子/>将地理哈希编码的前缀编码簇/>包含的所有前缀编码生成对应的/>值,并将生成的所有/>值映射到安全异或过滤器中,即:In the leaf node, the key is first used For spatial objects/> Encrypt and get the space object/> The ciphertext/> , using a pseudo-random number seed/> The prefix encoding cluster of geo-hashed codes/> All prefix codes included generate corresponding /> value, and all generated /> Values are mapped to safe XOR filters In Chinese, that is:

(5); (5);

式(5)中,为前缀编码簇的安全异或过滤器,/>为异或过滤器,/>表示地理哈希编码的前缀编码簇/>包含的所有前缀编码对应的/>值。In formula (5), A secure XOR filter for prefix encoding clusters, /> is an XOR filter, /> Prefix code cluster representing geographic hash code/> All prefix codes included correspond to/> value.

同时,在叶节点中,对于关键字集,使用伪随机数种子/>将关键字集中所有的关键字分别生成对应/>值,并映射到安全异或过滤器/>中,即:At the same time, in the leaf node, for the keyword set , using a pseudo-random number seed/> Keyword Set All keywords in the above code generate corresponding /> Value, and mapped to the security XOR filter /> In Chinese, that is:

(6); (6);

式(6)中,为关键字的安全异或过滤器,/>为异或过滤器,/>表示关键字集/>中所有的关键字对应的/>值。In formula (6), A safe XOR filter for keywords, /> is an XOR filter, /> Indicates a keyword set/> All keywords in the corresponding /> value.

当安全树索引构建完成后,使用密钥对空间文本数据集进行加密,即有:When the secure tree index is built, use the key Encrypt the spatial text dataset, that is,

(7); (7);

式(7)中,为加密后的空间文本数据集,/>为空间文本数据集,包括了空间数据和文本数据,/>为密钥。In formula (7), is the encrypted spatial text dataset, /> It is a spatial text dataset, including spatial data and text data./> is the key.

最后,将得到的安全树索引以及加密后的所有空间文本数据一起上传至云服务器端。Finally, the obtained security tree index And all encrypted spatial text data Upload them to the cloud server together.

如此,结合安全异或过滤器以及地理哈希编码构建的安全树索引结构,将其上传至云服务器端,在查询处理中,能够较为以较高准确率以及较少的内存占用空间查询空间对象。In this way, the secure tree index structure constructed by combining the secure XOR filter and the geographic hash code is uploaded to the cloud server. During the query processing, the spatial objects can be queried with higher accuracy and less memory usage.

S2、用户端给定查询,基于所述查询/>生成陷门/>,并将所述陷门上传至云服务器端,其中,所述查询/>,/>表示查询点的位置信息,/>表示查询关键字信息,/>表示查询点的空间范围。S2. User-side query , based on the query/> Generate a trapdoor/> , and the trapdoor Upload to the cloud server, where the query/> ,/> Indicates the location information of the query point, /> Indicates query keyword information, /> Indicates the spatial extent of the query points.

具体地,用户给定一个查询,并基于该查询/>生成陷门/>,可由下式表示:Specifically, the user gives a query , and based on this query/> Generate a trapdoor/> , which can be expressed by the following formula:

(8)。 (8).

首先,对于查询点的位置信息,将其中的查询坐标/>转变为地理哈希编码,并根据给定的空间范围/>,计算出对应的前缀编码/>,使用伪随机数种子/>计算所述前缀编码/>本身的/>值/>以及前缀编码/>中每个字符的/>,即有:First, for the location information of the query point , where the query coordinates/> Transformed into a geohash code and based on the given spatial range/> , calculate the corresponding prefix code/> , using a pseudo-random number seed/> Calculate the prefix code/> Its own/> Value/> And prefix encoding/> For each character in /> value , that is:

(9); (9);

式(9)中,为前缀编码/>本身的/>值,/>表示前缀编码中第/>个字符的/>值,/>表示前缀编码/>中每个字符的/>值构成的集合,/>表示前缀编码/>的字符长度。In formula (9), Encode the prefix /> Its own/> Value, /> Indicates prefix encoding Middle/> Characters/> Value, /> Indicates prefix code/> For each character in /> A collection of values, /> Indicates prefix code/> The character length of

而对于查询关键字信息,使用伪随机数种子/>分别计算关键字集/>中所有关键字的/>值,将其表示为/>,即有:For query keyword information , using a pseudo-random number seed/> Calculate the keyword set separately/> All keywords in /> Value, expressed as /> , that is:

(10); (10);

式(10)中,表示关键字集/>中所有关键字的/>值构成的集合,表示关键字集/>中第/>个关键字的/>值,/>表示关键字集中关键字的数量。In formula (10), Indicates a keyword set/> All keywords in /> A collection of values, Indicates a keyword set/> Middle/> Keywords/> Value, /> Represents a keyword set The number of keywords in .

S3、云服务器端根据所述陷门在所述安全树索引中搜索目标空间对象/>,并将由所述目标空间对象/>的密文/>构成的结果集/>返回给用户端。S3, the cloud server side according to the trap door Search the target space object in the security tree index/> , and will be represented by the target space object/> The ciphertext/> The result set is composed of Return to the user.

即,在查询时,通过陷门中的前缀编码哈希值,在安全树索引中找到搜索范围内的叶节点,每个叶节点存储有一个空间对象,从而可以找到相应的目标空间对象/>。同时,查询关键字的哈希值可用于验证叶节点是否符合查询条件。That is, when querying, through the trapdoor The prefix encoding hash value in the search range is used to find the leaf nodes in the secure tree index. Each leaf node stores a spatial object, so that the corresponding target spatial object can be found./> At the same time, the hash value of the query keyword can be used to verify whether the leaf node meets the query conditions.

当云服务器接收到查询陷门后,根据陷门/>,在安全树索引中搜索符合要求的目标空间对象/>,最后将由所有搜索到的符合要求的目标空间对象/>的密文/>构成的结果集/>返回给用户端,其过程可以由以下公式表示:When the cloud server receives the query trap Then, according to the trapdoor/> , in the security tree index Search for target space objects that meet the requirements/> Finally, all searched target space objects that meet the requirements will be The ciphertext/> The result set is composed of The process of returning to the user end can be expressed by the following formula:

(11)。 (11).

具体实现过程如下:The specific implementation process is as follows:

S31、遍历所述前缀编码中每个字符的/>值/>构成的集合/>,在所述安全树索引中搜索所述/>值/>所存在的安全异或过滤器/>对应的非叶节点,以确定搜索范围。S31, traversing the prefix code For each character in /> Value/> The collection of components /> , search the security tree index for the /> Value/> Existing security XOR filters/> The corresponding non-leaf nodes are used to determine the search scope.

具体过程为:遍历前缀编码中每个字符的/>值/>构成的集合/>,计算每个字符的哈希值/>的/>标识值以及每个字符对应的三个哈希值/>、/>和/>;并将它们在非叶节点的安全异或过滤器/>中的值进行异或,如果异或结果与其/>标识值相等,那么证明该字符的哈希值/>存在于非叶节点的安全异或过滤器/>中。The specific process is: traversing the prefix code For each character in /> Value/> The collection of components /> , calculate the hash value of each character/> /> The identification value and the three hash values corresponding to each character/> 、/> and/> ; and apply them to the security XOR filter in non-leaf nodes/> XOR the values in the If the identification value is equal, then the hash value of the character is proved/> Safe XOR filter present in non-leaf nodes/> middle.

基于上述方式,可以在安全树索引中搜索每个字符的值/>所存在的安全异或过滤器/>对应的非叶节点,从而确定搜索范围。Based on the above method, each character can be searched in the security tree index. Value/> Existing security XOR filters/> The corresponding non-leaf nodes are used to determine the search range.

遍历结束后,则需要继续检验已搜索到的非叶节点下面的叶节点。After the traversal is completed, it is necessary to continue to check the leaf nodes below the non-leaf nodes that have been searched.

S32、找出所述搜索范围内的所有叶节点,判断每个叶节点中的前缀编码是否在安全异或过滤器/>中,若在,则继续判断其关键字集/>中的所有关键字是否在安全异或过滤器/>中,若在,则将该叶节点中存储的空间对象确定为目标空间对象/>,并将该目标空间对象/>的密文/>加入结果集/>中。S32, find all leaf nodes within the search range, and determine the prefix code in each leaf node Is it in the security XOR filter/> If it is in, continue to judge its keyword set/> Are all keywords in the security XOR filter/> If so, the spatial object stored in the leaf node is determined as the target spatial object/> , and the target space object/> The ciphertext/> Add result set /> middle.

对于每个叶节点,先使用前缀编码的哈希值/>判断前缀编码是否在安全异或过滤器/>中,如果不在,则接着判断下一个叶节点;如果在,则接着使用关键字的哈希值/>判断每个关键字是否在安全异或过滤器/>中,如果不在其过滤器/>中,则接着判断下一个叶节点;如果所有关键字的哈希值/>都在其过滤器/>中,则将该叶节点中存储的空间对象确定为目标空间对象/>,并将该目标空间对象/>的密文/>加入结果集/>中。最后所有叶节点都判断结束后,将最终得到的结果集/>返回给用户端。For each leaf node, first use prefix encoding The hash value of /> Determine the prefix code Is it in the security XOR filter/> If it is not in, then determine the next leaf node; if it is in, then use the hash value of the keyword/> Determine whether each keyword is in the security XOR filter/> If not in its filter/> Then, the next leaf node is determined; if the hash values of all keywords are All in its filter /> In the example, the spatial object stored in the leaf node is determined as the target spatial object/> , and the target space object/> The ciphertext/> Add result set /> In. Finally, after all leaf nodes are judged, the final result set is obtained. Return to the user.

S4、用户端根据所述结果集查询完整的密文信息/>,并使用密钥对所述密文信息/>进行解密,得到明文信息。S4: The user terminal determines the result set Query complete ciphertext information/> , and use the key The ciphertext information/> Decrypt and get the plaintext information.

用户收到结果集后,根据/>中的目标空间对象/>的密文/>找到完整的密文信息/>,然后使用密钥/>进行解密,最终得到明文信息,即有:The user receives the result set After that, according to/> The target space object in /> The ciphertext/> Find the complete ciphertext information/> , then use the key /> Decrypt and finally get the plaintext information, that is:

(12); (12);

式(12)中,为解密后得到的明文信息,/>表示根据结果集找到的完整密文信息,/>为密钥。In formula (12), is the plaintext information obtained after decryption,/> Indicates the complete ciphertext information found according to the result set,/> is the key.

如此,即完成了空间关键字的查询,且这一过程在云服务器端高效准确地检索符合用户查询条件的空间对象,同时没有泄露任何信息,保证了数据隐私,能够在保证较强安全性的同时实现高效搜索。In this way, the query of spatial keywords is completed, and this process efficiently and accurately retrieves spatial objects that meet the user's query conditions on the cloud server side without leaking any information, ensuring data privacy and achieving efficient search while ensuring strong security.

图2示出了异或过滤器(Xor Filter)和布隆过滤器(Bloom Filter)在相同的过滤器长度下随着插入数据数量的增加产生误判率的对比图。在相同的过滤器长度下,改变插入的数据数量,进行误判率的对比分析。结果显示,随着插入数据数量的增加,布隆过滤器的误判率显著上升,而异或过滤器保持着较低误判率,同时误判率一直稳定在0.4%左右。Figure 2 shows a comparison of the false positive rates of Xor Filter and Bloom Filter with the same filter length as the number of inserted data increases. Under the same filter length, the number of inserted data is changed to conduct a comparative analysis of the false positive rates. The results show that with the increase in the number of inserted data, the false positive rate of Bloom filter increases significantly, while the XOR filter maintains a low false positive rate, and the false positive rate has been stable at around 0.4%.

图3示出了索引生成时间图,用于展示选取不同数量(10、1k、10k、20k、50k、100k)的数据构建安全树索引所需的时间,在处理小规模的数据时具有较好的可伸缩性。Figure 3 shows an index generation time graph, which is used to demonstrate the time required to construct a security tree index by selecting different amounts of data (10, 1k, 10k, 20k, 50k, 100k). It has good scalability when processing small-scale data.

实施例2、Embodiment 2,

本实施例提供一种实现基于异或过滤器的密态空间关键字安全检索方法的装置,所述装置包括数据拥有者端、用户端以及云服务器端,其中:This embodiment provides a device for implementing a method for secure keyword retrieval in a secret space based on an XOR filter, the device comprising a data owner end, a user end, and a cloud server end, wherein:

所述数据拥有者端用于构建安全异或过滤器,并基于安全异或过滤器和地理哈希编码构建安全树索引,使用密钥对空间文本数据集进行加密,并将所述安全树索引以及加密后的所述空间文本数据集上传至云服务器端;The data owner is used to construct a secure XOR filter and to construct a secure tree index based on the secure XOR filter and the geographic hash code, using the key Encrypting the spatial text data set, and uploading the security tree index and the encrypted spatial text data set to the cloud server;

所述用户端用于给定查询,基于所述查询/>生成陷门/>,并将所述陷门上传至云服务器端;以及用于根据结果集/>查询完整的密文信息/>,并使用密钥/>对所述密文信息/>进行解密,得到明文信息;The client is used to give a query , based on the query/> Generate a trapdoor/> , and the trapdoor Upload to the cloud server; and use it according to the result set/> Query complete ciphertext information/> , and use the key /> The ciphertext information/> Decrypt and obtain the plaintext information;

所述云服务器端用于根据所述陷门在所述安全树索引中搜索目标空间对象/>,并将由所述目标空间对象/>的密文/>构成的结果集/>返回给用户端。The cloud server is used to Search the target space object in the security tree index/> , and will be represented by the target space object/> The ciphertext/> The result set is composed of Return to the user.

实施例3、Embodiment 3,

本实施例还提供一种电子设备,包括:This embodiment also provides an electronic device, including:

至少一个处理器;以及at least one processor; and

存储器,所述存储器存储指令,当所述指令被所述至少一个处理器执行时,使得所述至少一个处理器执行如上所述的基于异或过滤器的密态空间关键字安全检索方法。A memory storing instructions, which, when executed by the at least one processor, enables the at least one processor to execute the encrypted space keyword security retrieval method based on XOR filter as described above.

在本实施例中,电子设备可以包括但不限于:个人计算机、服务器计算机、工作站、桌面型计算机、膝上型计算机、笔记本计算机、移动计算设备、智能电话、平板计算机、蜂窝电话、个人数字助理(PDA)、手持装置、消息收发设备、可佩戴计算设备、消费电子设备等等。In this embodiment, the electronic device may include, but is not limited to: personal computers, server computers, workstations, desktop computers, laptop computers, notebook computers, mobile computing devices, smart phones, tablet computers, cellular phones, personal digital assistants (PDAs), handheld devices, messaging devices, wearable computing devices, consumer electronic devices, and the like.

实施例4、Embodiment 4,

本实施例还提供了一种机器可读存储介质,其存储有可执行指令,所述指令当被执行时使得所述机器执行如上所述的基于异或过滤器的密态空间关键字安全检索方法。This embodiment also provides a machine-readable storage medium storing executable instructions, which, when executed, enable the machine to execute the above-mentioned method for secure keyword retrieval in a secret space based on an XOR filter.

具体地,可以提供配有可读存储介质的系统或者装置,在该可读存储介质上存储着实现上述实施例中任一实施例的功能的软件程序代码,且使该系统或者装置的计算机或处理器读出并执行存储在该可读存储介质中的指令。Specifically, a system or device equipped with a readable storage medium can be provided, on which software program codes that implement the functions of any of the above-mentioned embodiments are stored, and a computer or processor of the system or device can read and execute instructions stored in the readable storage medium.

在这种情况下,从可读介质读取的程序代码本身可实现上述实施例中任何一项实施例的功能,因此机器可读代码和存储机器可读代码的可读存储介质构成了本说明书的一部分。In this case, the program code itself read from the machine-readable medium can realize the function of any one of the above embodiments, and thus the machine-readable code and the machine-readable storage medium storing the machine-readable code constitute part of this specification.

可读存储介质的实施例包括软盘、硬盘、磁光盘、光盘(如CD-ROM、CD-R、CD-RW、DVD-ROM、DVD-RAM、DVD-RW、DVD-RW)、磁带、非易失性存储卡和ROM。可选择地,可以由通信网络从服务器计算机上或云上下载程序代码。Examples of readable storage media include floppy disks, hard disks, magneto-optical disks, optical disks (such as CD-ROM, CD-R, CD-RW, DVD-ROM, DVD-RAM, DVD-RW, DVD-RW), magnetic tapes, non-volatile memory cards, and ROMs. Optionally, the program code may be downloaded from a server computer or a cloud via a communication network.

本领域内的技术人员应明白,本发明的实施例可提供为方法、系统、或计算机程序产品。因此,本发明可采用完全硬件实施例、完全软件实施例、或结合软件和硬件方面的实施例的形式。而且,本发明可采用在一个或多个其中包含有计算机可用程序代码的计算机可用存储介质(包括但不限于磁盘存储器、CD-ROM、光学存储器等)上实施的计算机程序产品的形式。Those skilled in the art will appreciate that embodiments of the present invention may be provided as methods, systems, or computer program products. Therefore, the present invention may take the form of a complete hardware embodiment, a complete software embodiment, or an embodiment combining software and hardware. Moreover, the present invention may take the form of a computer program product implemented on one or more computer-usable storage media (including but not limited to disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.

本发明是参照根据本发明实施例的方法、设备(系统)、和计算机程序产品的流程图和/或方框图来描述的。应理解可由计算机程序指令实现流程图和/或方框图中的每一流程和/或方框、以及流程图和/或方框图中的流程和/或方框的结合。可提供这些计算机程序指令到通用计算机、专用计算机、嵌入式处理机或其他可编程数据处理设备的处理器以产生一个机器,使得通过计算机或其他可编程数据处理设备的处理器执行的指令产生用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的装置。The present invention is described with reference to the flowchart and/or block diagram of the method, device (system), and computer program product according to the embodiment of the present invention. It should be understood that each process and/or box in the flowchart and/or block diagram, as well as the combination of the process and/or box in the flowchart and/or block diagram can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, a special-purpose computer, an embedded processor or other programmable data processing device to produce a machine, so that the instructions executed by the processor of the computer or other programmable data processing device produce a device for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

这些计算机程序指令也可存储在能引导计算机或其他可编程数据处理设备以特定方式工作的计算机可读存储器中,使得存储在该计算机可读存储器中的指令产生包括指令装置的制造品,该指令装置实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能。These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing device to work in a specific manner, so that the instructions stored in the computer-readable memory produce a manufactured product including an instruction device that implements the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

这些计算机程序指令也可装载到计算机或其他可编程数据处理设备上,使得在计算机或其他可编程设备上执行一系列操作步骤以产生计算机实现的处理,从而在计算机或其他可编程设备上执行的指令提供用于实现在流程图一个流程或多个流程和/或方框图一个方框或多个方框中指定的功能的步骤。These computer program instructions may also be loaded onto a computer or other programmable data processing device so that a series of operational steps are executed on the computer or other programmable device to produce a computer-implemented process, whereby the instructions executed on the computer or other programmable device provide steps for implementing the functions specified in one or more processes in the flowchart and/or one or more boxes in the block diagram.

显然,本发明的上述实施例仅仅是为清楚地说明本发明技术方案所作的举例,而并非是对本发明的具体实施方式的限定。凡在本发明权利要求书的精神和原则之内所做的任何修改、等同替换和改进等,均应包含在本发明权利要求的保护范围之内。Obviously, the above embodiments of the present invention are merely examples for clearly illustrating the technical solution of the present invention, and are not intended to limit the specific implementation methods of the present invention. Any modifications, equivalent substitutions, and improvements made within the spirit and principles of the claims of the present invention shall be included in the protection scope of the claims of the present invention.

Claims (10)

1.一种基于异或过滤器的密态空间关键字安全检索方法,其特征在于,所述方法包括:1. A method for secure keyword retrieval in a secret space based on an XOR filter, characterized in that the method comprises: S1、数据拥有者端构建安全异或过滤器,并基于安全异或过滤器和地理哈希编码构建安全树索引,然后使用密钥对空间文本数据集进行加密,并将所述安全树索引以及加密后的空间文本数据集上传至云服务器端;S1. The data owner constructs a secure XOR filter and a secure tree index based on the secure XOR filter and geo-hash encoding, and then uses the key Encrypting the spatial text data set, and uploading the security tree index and the encrypted spatial text data set to the cloud server; S2、用户端给定查询,基于所述查询/>生成陷门/>,并将所述陷门/>上传至云服务器端,其中,所述查询/>,/>表示查询点的位置信息,/>表示查询关键字信息,/>表示查询点的空间范围;S2. User-side query , based on the query/> Generate a trapdoor/> , and the trapdoor/> Upload to the cloud server, where the query/> ,/> Indicates the location information of the query point, /> Indicates query keyword information, /> Indicates the spatial range of the query point; S3、云服务器端根据所述陷门在所述安全树索引中搜索目标空间对象/>,并将由所述目标空间对象/>的密文/>构成的结果集/>返回给用户端;S3, the cloud server side according to the trap door Search the target space object in the security tree index/> , and will be represented by the target space object/> The ciphertext/> The result set is composed of Return to the user end; S4、用户端根据所述结果集查询完整的密文信息/>,并使用密钥/>对所述密文信息/>进行解密,得到明文信息。S4: The user terminal determines the result set Query complete ciphertext information/> , and use the key /> The ciphertext information/> Decrypt and get the plaintext information. 2.根据权利要求1所述的基于异或过滤器的密态空间关键字安全检索方法,其特征在于,所述步骤S1中,所述构建安全异或过滤器,具体包括:2. The method for secure keyword retrieval in a dense space based on an XOR filter according to claim 1, characterized in that in the step S1, constructing a secure XOR filter specifically comprises: S10、将集合中的元素映射到安全异或过滤器/>中,得到:S10, will gather The elements in are mapped to the safe XOR filter /> In, we get: (2); (2); 式(2)中,为集合/>的安全异或过滤器,/>为异或过滤器,/>为随机数;In formula (2), For the collection/> Security XOR filter, /> is an XOR filter, /> is a random number; S11、将集合中的元素依次添加到数组/>中,每个元素/>分别对应生成三组哈希函数/>、/>和/>,基于所述哈希函数/>、/>和/>,计算得到元素/>对应的三个哈希值,即/>、/>和/>;其中/>,/>表示集合/>的长度;S11. Gather The elements in are added to the array in sequence /> In this case, each element Generate three sets of hash functions respectively/> 、/> and/> , based on the hash function/> 、/> and/> , calculate the element/> The corresponding three hash values are: 、/> and/> ; where /> ,/> Represents a collection /> length; S12、基于每个元素的三个哈希值/>、/>和/>,将所述元素/>放置到数组对应的位置上,对数组/>进行迭代,以找出仅包含一个元素/>的位置,并初始化一个队列,将该元素/>的下标/>加入队列中;S12, based on each element The three hash values of /> 、/> and/> , the element /> Place into array At the corresponding position, the array /> Iterate to find the list containing only one element/> Position, and initialize a queue, the element/> Subscript /> Join the queue; S13、从所述队列的队首取出存放的下标,并从数组/>中获取所述下标/>对应的元素/>,再将其以/>的形式记录到一个栈中,同时从数组/>中移除元素/>,当数组/>中再次出现只包含一个元素/>的位置时,将该元素/>的下标/>添加到队列中,直至数组/>的位置上不再出现元素/>,然后继续依次从所述队列的队中取出存放的下标/>,并重复上述操作,直至队列为空;S13, taking out the stored index from the head of the queue and from the array /> Get the subscript in/> Corresponding elements/> , and then use/> The form is recorded into a stack, and at the same time from the array /> Remove elements from /> , when the array /> It appears again in the same directory containing only one element /> , place the element /> Subscript /> Add to the queue until the array /> No more elements appear at the position of /> , and then continue to take out the stored indexes from the queue in turn/> , and repeat the above steps until the queue is empty; S14、创建一个与数组等长的新数组,并将新数组的初始值全部填充为随机值,从所述栈的栈顶中逐个取出记录的/>,计算元素/>的/>标识值,并将所述/>标识值更新到安全异或过滤器/>中;S14. Create an array A new array of the same length is created, and the initial values of the new array are all filled with random values, and the records are taken out one by one from the top of the stack. , calculation element/> /> Identify the value and put the /> The flag value is updated to the security XOR filter /> middle; S15、找出每个元素的三个哈希值/>、/>和/>中与其下标/>不一致的两个哈希值,获取在安全异或过滤器/>中以这两个哈希值为下标的值,并将其与所述标识值进行异或运算,最后在安全异或过滤器/>中对异或运算结果进行更新。S15. Find each element The three hash values of /> 、/> and/> In and its subscript/> If the two hash values are inconsistent, get the secure XOR filter /> The two hash values are used as subscripts in the The identification value is XORed and finally in the security XOR filter/> Update the XOR operation result in . 3.根据权利要求2所述的基于异或过滤器的密态空间关键字安全检索方法,其特征在于,所述步骤S1中,所述构建安全树索引的表达式为:3. The method for secure keyword retrieval in a dense space based on an XOR filter according to claim 2, characterized in that in step S1, the expression for constructing a secure tree index is: (3); (3); 式(3)中,为安全树索引,/>为空间文本数据;In formula (3), is a safe tree index,/> It is spatial text data; 所述基于安全异或过滤器和地理哈希编码构建安全树索引,具体包括:The construction of a secure tree index based on a secure XOR filter and a geographic hash code specifically includes: S16、利用字符随机分配的方式,根据空间文本数据的地理哈希编码,将空间对象以的形式生成叶节点,构建明文的树索引,其中,/>表示空间对象的唯一标识符,/>表示空间对象的地理哈希编码的前缀编码簇,表示空间对象的关键字集;S16, using the random character distribution method, according to the geographic hash code of the spatial text data, the spatial object is Generate leaf nodes in the form of and construct a tree index of plain text, where, /> A unique identifier representing a spatial object. A cluster of prefix codes representing the geohash codes of spatial objects. A set of keywords representing spatial objects; S17、对构建的所述明文的树索引进行加密,在非叶节点中,使用伪随机计数器生成伪随机数种子/>,再使用伪随机数种子/>生成由/>分配的字符集对应的/>值,并将其映射到安全异或过滤器/>中,即:S17, encrypt the constructed tree index of the plaintext, and use a pseudo-random counter in the non-leaf node Generate a pseudo-random number seed/> , and then use the pseudo-random number seed/> Generated by /> The assigned character set corresponds to /> value and map it to the secure XOR filter /> In Chinese, that is: (4); (4); 式(4)中,为非叶节点的安全异或过滤器,/>为异或过滤器,/>表示字符集对应的/>值;In formula (4), is a safe XOR filter for non-leaf nodes,/> is an XOR filter, /> Indicates the character set corresponding to /> value; 在叶节点中,使用密钥对空间对象的/>进行加密,得到空间对象/>的密文,使用伪随机数种子/>将地理哈希编码的前缀编码簇/>包含的所有前缀编码生成对应的/>值,并将生成的所有/>值映射到安全异或过滤器中,即:In the leaf node, use the key For spatial objects/> Encrypt and get the space object/> The ciphertext , using a pseudo-random number seed/> The prefix encoding cluster of geo-hashed codes/> All prefix codes included generate corresponding /> value, and all generated /> Values are mapped to safe XOR filters In Chinese, that is: (5); (5); 式(5)中,为前缀编码簇的安全异或过滤器,/>为异或过滤器,/>表示地理哈希编码的前缀编码簇/>包含的所有前缀编码对应的/>值;In formula (5), A secure XOR filter for prefix encoding clusters, /> is an XOR filter, /> Prefix code cluster representing geographic hash code/> All prefix codes included correspond to/> value; 并且,在叶节点中,使用伪随机数种子将关键字集/>中所有的关键字分别生成对应/>值,并映射到安全异或过滤器/>中,即:And, in the leaf nodes, use the pseudo-random number seed Set keyword /> All keywords in the generate corresponding /> Value, and mapped to the security XOR filter /> In Chinese, that is: (6); (6); 式(6)中,为关键字的安全异或过滤器,/>为异或过滤器,/>表示关键字集/>中所有的关键字对应的/>值。In formula (6), A safe XOR filter for keywords, /> is an XOR filter, /> Indicates a keyword set/> All keywords in the corresponding /> value. 4.根据权利要求1所述的基于异或过滤器的密态空间关键字安全检索方法,其特征在于,所述步骤S1中,所述使用密钥对空间文本数据集进行加密,具体为:4. The method for secure keyword retrieval in a secret space based on an XOR filter according to claim 1, characterized in that in step S1, the key is used Encrypt the spatial text dataset, specifically: (7); (7); 式(7)中,为加密后的空间文本数据集,/>为空间文本数据集,包括空间数据和文本数据,/>为密钥。In formula (7), is the encrypted spatial text dataset, /> It is a spatial text dataset, including spatial data and text data./> is the key. 5.根据权利要求1所述的基于异或过滤器的密态空间关键字安全检索方法,其特征在于,所述步骤S2中,基于所述查询生成陷门/>,具体为:5. The method for secure keyword retrieval in a dense space based on an XOR filter according to claim 1, characterized in that in step S2, based on the query Generate a trapdoor/> ,Specifically: (8); (8); 式(8)中,为陷门,/>表示查询点的位置信息,/>表示查询关键字信息,/>表示查询点的空间范围;In formula (8), For trapdoor, /> Indicates the location information of the query point, /> Indicates query keyword information, /> Indicates the spatial range of the query point; 其中,对于查询点的位置信息,将其中的查询坐标转变为地理哈希编码,并根据给定的空间范围/>,计算出对应的前缀编码/>,使用伪随机数种子/>计算所述前缀编码本身的/>值/>以及前缀编码/>中每个字符的/>值/>Among them, for the location information of the query point , converting the query coordinates into geographic hash codes and sparsely according to the given spatial range/> , calculate the corresponding prefix code/> , using a pseudo-random number seed/> Calculate the prefix code Its own/> Value/> And prefix encoding/> For each character in /> Value/> : (9); (9); 式(9)中,为前缀编码/>本身的/>值,/>表示前缀编码/>中第/>个字符的/>值,/>表示前缀编码/>中每个字符的/>值构成的集合,表示前缀编码/>的字符长度;In formula (9), Encode the prefix /> Its own/> Value, /> Indicates prefix code/> Middle/> Characters/> Value, /> Indicates prefix code/> For each character in /> A collection of values, Indicates prefix code/> The character length of 对于查询关键字信息,使用伪随机数种子/>分别计算关键字集/>中所有关键字的/>值,将其表示为/>For query keyword information , using a pseudo-random number seed/> Calculate the keyword set separately/> All keywords in /> Value, expressed as /> : (10); (10); 式(10)中,表示关键字集/>中所有关键字的/>值构成的集合,表示关键字集/>中第/>个关键字的/>值,/>表示关键字集中关键字的数量。In formula (10), Indicates a keyword set/> All keywords in /> A collection of values, Indicates a keyword set/> Middle/> Keywords/> Value, /> Represents a keyword set The number of keywords in . 6.根据权利要求5所述的基于异或过滤器的密态空间关键字安全检索方法,其特征在于,所述步骤S3中,所述结果集的表达式为:6. The method for secure keyword retrieval in a dense space based on an XOR filter according to claim 5, characterized in that in step S3, the result set The expression is: (11); (11); 式(11)中,表示陷门,/>表示安全树索引;In formula (11), Indicates a trapdoor, /> Represents a safe tree index; 所述云服务器端根据所述陷门在所述安全树索引中搜索目标空间对象/>,具体包括:The cloud server end according to the trap door Search the target space object in the security tree index/> , specifically including: S31、遍历所述前缀编码中每个字符的/>值/>构成的集合/>,在所述安全树索引中搜索所述/>值/>所存在的安全异或过滤器/>对应的非叶节点,以确定搜索范围;S31, traversing the prefix code For each character in /> Value/> The collection of components /> , search the security tree index for the /> Value/> Existing security XOR filters/> The corresponding non-leaf nodes to determine the search range; S32、找出所述搜索范围内的所有叶节点,判断每个叶节点中的前缀编码是否在安全异或过滤器/>中,若在,则继续判断其关键字集/>中的所有关键字是否在安全异或过滤器/>中,若在,则将该叶节点中存储的空间对象确定为目标空间对象,并将该目标空间对象/>的密文/>加入结果集/>中。S32, find all leaf nodes within the search range, and determine the prefix code in each leaf node Is it in the security XOR filter/> If it is in, continue to judge its keyword set/> Are all keywords in the security XOR filter/> If so, the spatial object stored in the leaf node is determined as the target spatial object. , and the target space object/> The ciphertext/> Add result set /> middle. 7.根据权利要求1所述的基于异或过滤器的密态空间关键字安全检索方法,其特征在于,所述步骤S4中,使用密钥对所述密文信息/>进行解密,具体为:7. The method for secure keyword retrieval in a secret space based on an XOR filter according to claim 1, characterized in that in step S4, a key is used The ciphertext information/> Decryption, specifically: (12); (12); 式(12)中,为解密后得到的明文信息,/>表示根据结果集找到的完整密文信息,/>为密钥。In formula (12), is the plaintext information obtained after decryption,/> Indicates the complete ciphertext information found according to the result set,/> is the key. 8.一种实现基于异或过滤器的密态空间关键字安全检索方法的装置,其特征在于,所述装置包括数据拥有者端、用户端以及云服务器端,其中:8. A device for implementing a secure keyword retrieval method in a secret space based on an XOR filter, characterized in that the device comprises a data owner end, a user end, and a cloud server end, wherein: 所述数据拥有者端用于构建安全异或过滤器,并基于安全异或过滤器和地理哈希编码构建安全树索引,使用密钥对所述安全树索引中的空间文本数据进行加密,并将所述安全树索引以及加密后的所述空间文本数据上传至云服务器端;The data owner is used to construct a secure XOR filter and to construct a secure tree index based on the secure XOR filter and the geographic hash code, using the key Encrypting the spatial text data in the security tree index, and uploading the security tree index and the encrypted spatial text data to a cloud server; 所述用户端用于给定查询,基于所述查询/>生成陷门/>,并将所述陷门上传至云服务器端;以及用于根据结果集/>查询完整的密文信息,并使用密钥/>对所述密文信息/>进行解密,得到明文信息;The client is used to give a query , based on the query/> Generate a trapdoor/> , and the trapdoor Upload to the cloud server; and use it according to the result set/> Query complete ciphertext information , and use the key /> The ciphertext information/> Decrypt and obtain the plaintext information; 所述云服务器端用于根据所述陷门在所述安全树索引中搜索目标空间对象,并将由所述目标空间对象/>的密文/>构成的结果集/>返回给用户端。The cloud server is used to Searching for a target spatial object in the secure tree index , and will be represented by the target space object/> The ciphertext/> The result set is composed of Return to the user. 9.一种电子设备,其特征在于,包括:9. An electronic device, comprising: 至少一个处理器;以及at least one processor; and 存储器,所述存储器存储指令,当所述指令被所述至少一个处理器执行时,使得所述至少一个处理器执行如权利要求1至7中任一项所述的基于异或过滤器的密态空间关键字安全检索方法。A memory storing instructions, which, when executed by the at least one processor, enables the at least one processor to execute the encrypted space keyword security retrieval method based on an XOR filter as described in any one of claims 1 to 7. 10.一种机器可读存储介质,其特征在于,其存储有可执行指令,所述指令当被执行时使得所述机器执行如权利要求1至7中任一项所述的基于异或过滤器的密态空间关键字安全检索方法。10. A machine-readable storage medium, characterized in that it stores executable instructions, which, when executed, enable the machine to execute the encrypted space keyword security retrieval method based on XOR filter as described in any one of claims 1 to 7.
CN202410382369.7A 2024-04-01 2024-04-01 Method and device for secure retrieval of keywords in secret space based on XOR filter Active CN117972795B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410382369.7A CN117972795B (en) 2024-04-01 2024-04-01 Method and device for secure retrieval of keywords in secret space based on XOR filter

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410382369.7A CN117972795B (en) 2024-04-01 2024-04-01 Method and device for secure retrieval of keywords in secret space based on XOR filter

Publications (2)

Publication Number Publication Date
CN117972795A true CN117972795A (en) 2024-05-03
CN117972795B CN117972795B (en) 2024-06-11

Family

ID=90855060

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410382369.7A Active CN117972795B (en) 2024-04-01 2024-04-01 Method and device for secure retrieval of keywords in secret space based on XOR filter

Country Status (1)

Country Link
CN (1) CN117972795B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118643055A (en) * 2024-08-13 2024-09-13 山东省计算中心(国家超级计算济南中心) Privacy-preserving dynamic spatial keyword query method, device, electronic device, and storage medium under multi-attribute cost constraints
CN118759314A (en) * 2024-09-05 2024-10-11 国网山东省电力公司日照供电公司 A ground wire status monitoring method and related equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130010950A1 (en) * 2011-07-08 2013-01-10 Sap Ag Public-Key Encrypted Bloom Filters With Applications To Private Set Intersection
CN105681280A (en) * 2015-12-29 2016-06-15 西安电子科技大学 Searchable encryption method based on Chinese in cloud environment
JP2018148493A (en) * 2017-03-08 2018-09-20 日本放送協会 KEY GENERATION DEVICE, INTERMEDIATE ENCRYPTION DEVICE, CONFERENCE ENCRYPTION DEVICE, DATA SEARCH DEVICE, DECRYPTION DEVICE, AND PROGRAM THEREOF
CN113132085A (en) * 2021-04-14 2021-07-16 上海同态信息科技有限责任公司 Ciphertext query method based on searchable encryption
CN114416720A (en) * 2021-12-08 2022-04-29 西安电子科技大学 Efficient, flexible and verifiable multi-attribute range retrieval method and system in cloud environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130010950A1 (en) * 2011-07-08 2013-01-10 Sap Ag Public-Key Encrypted Bloom Filters With Applications To Private Set Intersection
CN105681280A (en) * 2015-12-29 2016-06-15 西安电子科技大学 Searchable encryption method based on Chinese in cloud environment
JP2018148493A (en) * 2017-03-08 2018-09-20 日本放送協会 KEY GENERATION DEVICE, INTERMEDIATE ENCRYPTION DEVICE, CONFERENCE ENCRYPTION DEVICE, DATA SEARCH DEVICE, DECRYPTION DEVICE, AND PROGRAM THEREOF
CN113132085A (en) * 2021-04-14 2021-07-16 上海同态信息科技有限责任公司 Ciphertext query method based on searchable encryption
CN114416720A (en) * 2021-12-08 2022-04-29 西安电子科技大学 Efficient, flexible and verifiable multi-attribute range retrieval method and system in cloud environment

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN118643055A (en) * 2024-08-13 2024-09-13 山东省计算中心(国家超级计算济南中心) Privacy-preserving dynamic spatial keyword query method, device, electronic device, and storage medium under multi-attribute cost constraints
CN118759314A (en) * 2024-09-05 2024-10-11 国网山东省电力公司日照供电公司 A ground wire status monitoring method and related equipment

Also Published As

Publication number Publication date
CN117972795B (en) 2024-06-11

Similar Documents

Publication Publication Date Title
CN117972795B (en) Method and device for secure retrieval of keywords in secret space based on XOR filter
CN106127075B (en) A searchable encryption method based on privacy protection in cloud storage environment
CN111026788B (en) A multi-keyword ciphertext sorting and retrieval method based on homomorphic encryption in hybrid cloud
CN108197499B (en) Verifiable ciphertext data range query method
CN110166466A (en) It is a kind of efficiently the multi-user of renewal authority to can search for encryption method and system
CN117932125B (en) Verifiable space keyword query method and device supporting privacy protection
Peng et al. LS-RQ: A lightweight and forward-secure range query on geographically encrypted data
Kim et al. Hilbert-curve based cryptographic transformation scheme for protecting data privacy on outsourced private spatial data
CN114416720B (en) Efficient, flexible and verifiable multi-attribute range retrieval method and system in cloud environment
CN108011713B (en) A ciphertext retrieval method based on homomorphic encryption in cloud storage
CN108337085B (en) Approximate neighbor search construction method supporting dynamic update
CN106874379B (en) Ciphertext cloud storage-oriented multi-dimensional interval retrieval method and system
Xiong et al. An efficient searchable symmetric encryption scheme for smart grid data
CN117194418A (en) Verifiable multi-mode space-time data index structure and space-time range query verification method
CN113722366B (en) Safety data retrieval method based on careless ciphertext inverted index
Guo et al. Privacy preserving weighted similarity search scheme for encrypted data
CN111026754B (en) A Safe and Efficient Method for Uploading and Querying Data in a Circular Range, Corresponding Storage Medium and Electronic Device
CN116107967A (en) Multi-keyword ciphertext search method and system based on homomorphic encryption and tree structure
CN115017389A (en) Spatial data range query method and device based on base tree
CN109582818B (en) A Searchable Encryption-Based Cloud Retrieval Method for Music Library
CN118643055B (en) Privacy-preserving dynamic spatial keyword query method, device, electronic device, and storage medium under multi-attribute cost constraints
YueJuan et al. A searchable ciphertext retrieval method based on counting bloom filter over cloud encrypted data
Talha et al. DISC: Query processing on the cloud service provider for dynamic spatial databases
Liu et al. K-nearest neighbor queries over encrypted data
Agrawal et al. Secure data management in the cloud

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant