有鑑於此,本說明書提供一種資料查詢方法和裝置。
具體地,本說明書是透過如下技術方案實現的:
一種資料查詢方法,應用於面向資料持有方的資料查詢,所述資料持有方持有若干資料,所述若干資料分別對應不同的資料標識,所述方法應用於資料查詢方,包括:
確定本次查詢所使用的若干資料標識,所述若干資料標識中包括目標資料標識和干擾資料標識;
分別對每個資料標識的查詢權數進行同態加密,得到每個資料標識的加密權數,其中所述目標資料標識的查詢權數是1,所述干擾資料標識的查詢權數是0;
發送所述若干資料標識及其加密權數至所述資料持有方,以供所述資料持有方根據所述加密權數對所述資料標識對應的資料進行加權;
接收所述資料持有方返回的加權結果,並對所述加權結果進行同態解密,得到查詢結果。
一種資料查詢方法,應用於資料持有方,所述資料持有方持有若干資料,所述若干資料分別對應不同的資料標識,所述方法包括:
接收資料查詢方發送的若干資料標識及其加密權數,所述若干資料標識中包括目標資料標識和干擾資料標識,所述加密權數是所述資料查詢方對所述資料標識的查詢權數進行同態加密後得到,所述目標資料標識的查詢權數是1,所述干擾資料標識的查詢權數是0;
根據所述加密權數對所述資料標識對應的資料進行加權;
將加權結果返回給所述資料查詢方,以供所述資料查詢方對所述加權結果進行同態解密,得到查詢結果。
一種資料查詢方法,應用於面向資料持有方的資料查詢,所述資料持有方持有若干資料,所述若干資料分別對應不同的資料標識,所述方法包括:
資料查詢方確定本次查詢所使用的若干資料標識,所述若干資料標識中包括目標資料標識和干擾資料標識;
所述資料查詢方分別對每個資料標識的查詢權數進行同態加密,得到每個資料標識的加密權數,其中所述目標資料標識的查詢權數是1,所述干擾資料標識的查詢權數是0;
所述資料查詢方發送所述若干資料標識及其加密權數至所述資料持有方;
所述資料持有方根據所述加密權數對所述資料標識對應的資料進行加權;
所述資料持有方將加權結果返回給所述資料查詢方;
所述資料查詢方對所述加權結果進行同態解密,得到查詢結果。
一種資料查詢裝置,應用於面向資料持有方的資料查詢,所述資料持有方持有若干資料,所述若干資料分別對應不同的資料標識,所述裝置應用於資料查詢方,包括:
確定單元,確定本次查詢所使用的若干資料標識,所述若干資料標識中包括目標資料標識和干擾資料標識;
加密單元,分別對每個資料標識的查詢權數進行同態加密,得到每個資料標識的加密權數,其中所述目標資料標識的查詢權數是1,所述干擾資料標識的查詢權數是0;
發送單元,發送所述若干資料標識及其加密權數至所述資料持有方,以供所述資料持有方根據所述加密權數對所述資料標識對應的資料進行加權;
解密單元,接收所述資料持有方返回的加權結果,並對所述加權結果進行同態解密,得到查詢結果。
一種資料查詢裝置,應用於資料持有方,所述資料持有方持有若干資料,所述若干資料分別對應不同的資料標識,所述裝置包括:
接收單元,接收資料查詢方發送的若干資料標識及其加密權數,所述若干資料標識中包括目標資料標識和干擾資料標識,所述加密權數是所述資料查詢方對所述資料標識的查詢權數進行同態加密後得到,所述目標資料標識的查詢權數是1,所述干擾資料標識的查詢權數是0;
加權單元,根據所述加密權數對所述資料標識對應的資料進行加權;
返回單元,將加權結果返回給所述資料查詢方,以供所述資料查詢方對所述加權結果進行同態解密,得到查詢結果。
一種資料查詢裝置,包括:
處理器;
用於儲存機器可執行指令的記憶體;
其中,透過讀取並執行所述記憶體儲存的與資料查詢邏輯對應的機器可執行指令,所述處理器被促使:
確定本次查詢所使用的若干資料標識,所述若干資料標識中包括目標資料標識和干擾資料標識;
分別對每個資料標識的查詢權數進行同態加密,得到每個資料標識的加密權數,其中所述目標資料標識的查詢權數是1,所述干擾資料標識的查詢權數是0;
發送所述若干資料標識及其加密權數至所述資料持有方,以供所述資料持有方根據所述加密權數對所述資料標識對應的資料進行加權;
接收所述資料持有方返回的加權結果,並對所述加權結果進行同態解密,得到查詢結果。
由以上描述可以看出,在進行資料查詢時,本說明書可將目標資料標識的查詢權數設置為1,將干擾資料標識的查詢權數設置為0,然後利用同態加密演算法實現對目標資料標識的查詢,既可確保資料查詢方的查詢隱私,又可確保資料持有方的資料隱私安全。In view of this, this specification provides a data query method and device.
Specifically, this specification is implemented through the following technical solutions:
A data query method is applied to data query for a data holder. The data holder holds a number of data, each of which corresponds to a different data identifier. The method is applied to a data query, including:
Identify a number of data identifiers used in this query, including the target data identifier and interference data identifier;
Homomorphically encrypting the query weights of each data label to obtain the encryption weights of each data label, wherein the query weight of the target data label is 1 and the query weight of the interference data label is 0;
Sending the plurality of data identifiers and their encryption weights to the data holder for the data holder to weight the data corresponding to the data identifiers according to the encryption weights;
Receiving the weighted result returned by the data holder, and homomorphically decrypting the weighted result to obtain a query result.
A data query method is applied to a data holder. The data holder holds a number of materials corresponding to different data identifiers. The method includes:
Receiving a number of data identifiers and their encryption weights sent by the data query party, the plurality of data identifiers including target data identifiers and interference data identifiers, the encryption weights are homomorphisms of the data query parties' query weights Obtained after encryption, the query weight of the target data identification is 1, and the query weight of the interference data identification is 0;
Weight the data corresponding to the data identifier according to the encryption weight;
The weighted result is returned to the data query, so that the data query can homomorphically decrypt the weighted result to obtain the query result.
A data query method is applied to a data query for a data holder. The data holder holds a number of data, each of which corresponds to a different data identifier. The method includes:
The data query party determines a number of data identifiers used in this query, including the target data identifier and interference data identifier;
The data querying party homomorphically encrypts the query weights of each data identification to obtain the encryption weights of each data identification, wherein the query weight of the target data identification is 1, and the query weight of the interference data identification is 0 ;
The data query party sends the plurality of data identifications and their encryption weights to the data holder;
The data holder weights the data corresponding to the data identifier according to the encryption weight;
The data holder returns the weighted result to the data query party;
The data query party homomorphically decrypts the weighted result to obtain a query result.
A data query device is applied to data query for a data holder. The data holder holds a number of data, each of which corresponds to a different data identifier. The device is applied to a data query, including:
The determining unit determines several data identifiers used in this query, and the plurality of data identifiers includes target data identifiers and interference data identifiers;
The encryption unit separately homomorphically encrypts the query weight of each data label to obtain the encryption weight of each data label, wherein the query weight of the target data label is 1, and the query weight of the interference data label is 0;
A sending unit, sending the plurality of data identifiers and their encryption weights to the data holder, for the data holder to weight the data corresponding to the data identifier according to the encryption weights;
The decryption unit receives the weighted result returned by the data holder, and homomorphically decrypts the weighted result to obtain a query result.
A data query device is applied to a data holder. The data holder holds a number of materials corresponding to different data identifiers. The device includes:
The receiving unit receives a plurality of data identifiers and encryption weights sent by the data query party, the plurality of data identifiers includes target data identifiers and interference data identifiers, and the encryption weights are query weights of the data identifiers by the data query party Obtained after homomorphic encryption, the query weight of the target data identifier is 1, and the query weight of the interference data identifier is 0;
A weighting unit that weights the data corresponding to the data identifier according to the encryption weight;
The returning unit returns the weighted result to the data query, so that the data query can homomorphically decrypt the weighted result to obtain the query result.
A data query device, including:
processor;
Memory for storing machine executable instructions;
Wherein, by reading and executing machine-executable instructions stored in the memory corresponding to the data query logic, the processor is prompted to:
Identify a number of data identifiers used in this query, including the target data identifier and interference data identifier;
Homomorphically encrypting the query weights of each data label to obtain the encryption weights of each data label, wherein the query weight of the target data label is 1 and the query weight of the interference data label is 0;
Sending the plurality of data identifiers and their encryption weights to the data holder for the data holder to weight the data corresponding to the data identifiers according to the encryption weights;
Receiving the weighted result returned by the data holder, and homomorphically decrypting the weighted result to obtain a query result.
As can be seen from the above description, when performing data query, this specification can set the query weight of the target data label to 1, set the query weight of the interference data label to 0, and then use the homomorphic encryption algorithm to achieve the target data label Inquiries can not only ensure the inquiry privacy of the data inquiry party, but also ensure the data privacy security of the data holder.
這裡將詳細地對示例性實施例進行說明,其示例表示在圖式中。下面的描述涉及圖式時,除非另有表示,不同圖式中的相同數字表示相同或相似的要素。以下示例性實施例中所描述的實施方式並不代表與本說明書相一致的所有實施方式。相反,它們僅是與如所附申請專利範圍中所詳述的、本說明書的一些方面相一致的裝置和方法的例子。
在本說明書使用的術語是僅僅出於描述特定實施例的目的,而非旨在限制本說明書。在本說明書和所附申請專利範圍中所使用的單數形式的“一種”、“所述”和“該”也旨在包括多數形式,除非上下文清楚地表示其他含義。還應當理解,本文中使用的術語“和/或”是指並包含一個或多個相關聯的列出項目的任何或所有可能組合。
應當理解,儘管在本說明書可能採用術語第一、第二、第三等來描述各種資訊,但這些資訊不應限於這些術語。這些術語僅用來將同一類型的資訊彼此區分開。例如,在不脫離本說明書範圍的情況下,第一資訊也可以被稱為第二資訊,類似地,第二資訊也可以被稱為第一資訊。取決於語境,如在此所使用的詞語“如果”可以被解釋成為“在……時”或“當……時”或“回應於確定”。
在巨量資料時代,不同的服務提供者可能持有同一查詢對象的不同業務資料,在這種情況下,服務提供者在處理用戶業務時,可能需要到其他服務提供者處查詢該用戶的業務資料。然而,由於不同企業之間的競爭關係或者隱私保護的考慮,在查詢過程中既要保護資料持有方的資料隱私,又要保護資料查詢方的資料隱私。
例如,銀行持有各用戶的借款數額,P2P(peer-to-peer,互聯網金融點對點借貸)平台面向用戶提供個人借款業務,用戶在P2P平台借款時,P2P平台會去銀行查詢用戶的借款數額,然後綜合用戶的其他信貸情況決定是否借款以及借款額度。
在這個例子中,銀行是資料持有方,用戶的借款數額是資料持有方持有的資料,用戶身份證號是所述資料的資料標識,P2P平台是資料查詢方。假設張三申請在P2P平台借款,在本例中,要確保P2P平台可以從銀行查詢到張三的借款數額,但是銀行並不知曉P2P平台要查詢的人是張三,同時又不會洩露其他用戶在銀行的借款數額。
圖1是本說明書一示例性實施例示出的一種資料查詢方法的流程示意圖。
請參考圖1,所述資料查詢方法可以包括以下步驟:
步驟102,資料查詢方確定本次查詢所使用的若干資料標識,所述若干資料標識中包括目標資料標識和干擾資料標識。
在本實施例中,目標資料標識是資料查詢方真正想要查詢的資料標識,而干擾資料標識不是資料查詢方要查詢的資料標識。
資料查詢方在進行資料查詢時,可選取一個或多個干擾資料標識,將目標資料標識和干擾資料標識混合在一起,以隱藏資料查詢方真正想要查詢的目標資料標識。
其中,干擾資料標識的數量可以由資料查詢方隨機確定,也可預先設置固定的數量,本說明書對此不作特殊限制。
步驟104,資料查詢方分別對每個資料標識的查詢權數進行同態加密,得到每個資料標識的加密權數,其中所述目標資料標識的查詢權數是1,所述干擾資料標識的查詢權數是0。
在本實施例中,資料查詢方可生成用於同態加解密的公私鑰對,然後用公鑰加密各個資料標識的查詢權數,得到所述資料標識的加密權數。
在本實施例中,假設資料查詢方真正要查詢的目標資料標識是ID1,資料查詢方隨機挑選4個干擾資料標識,分別為ID2至ID5,請參考表1,可生成表1所示的加密權數示例。
表1
步驟106,資料查詢方發送所述若干資料標識及其加密權數至所述資料持有方。
在一個例子中,資料查詢方可先發送前述步驟102確定的若干資料標識至資料持有方,然後再發送所述若干資料標識的加密權數至資料持有方。
例如,資料查詢方可隨機將所述若干資料標識進行排序,然後發送對應的資料標識序列至資料持有方。仍以表1為例,資料查詢方可先發送資料標識序列(ID1,ID2,ID3,ID4,ID5)。
接著,資料查詢方可將各個資料標識的加密權數按照資料標識的排序進行排序,生成加密權數序列,然後將該加密權數序列發送至資料持有方。仍以表1為例,資料查詢方接著可發送加密權數序列(Enc(1),Enc(0),Enc(0),Enc(0),Enc(0))。
採用序列的形式發送資料標識及其加密權數,傳輸量較小,並且資料持有方根據序列元素的排列順序即可獲知資料標識及其加密權數之間的對應關係,實現簡單。
在另一個例子中,資料查詢方可將所述若干資料標識及其加密權數一同發送給資料持有方,本說明書對此不作特殊限制。
步驟108,資料持有方根據所述加密權數對所述資料標識對應的資料進行加權。
在本實施例中,資料持有方在接收到資料標識及其加密權數之後,可分別查找每個資料標識對應的資料,然後根據所述加密權數對所述資料標識對應的資料進行加權,得到加權結果。
例如,依據使用的同態加密演算法,資料持有方可採用資料查詢方的公鑰分別對資料標識對應的資料進行加密處理,得到對應的加密資料,並用加密資料乘以對應的加密權數,然後再求和,得到加權結果。
其中,所述資料查詢方的公鑰可由資料查詢方單獨發送給資料持有方,也可隨同資料標識及其加密權數一同發送,本說明書對此不作特殊限制。
表2
仍以表1的示例為例,請參考表2,假設資料標識1對應的資料是X1,資料標識2對應的資料是X2,以此類推,資料持有方在本步驟可計算得到加權結果:
Enc(1)×Enc(X1)+Enc(0)×Enc(X2)+Enc(0)×Enc(X3)+ Enc(0)×Enc(X4)+Enc(0)×Enc(X5)。
步驟110,資料持有方將加權結果返回給所述資料查詢方。
步驟112,資料查詢方對所述加權結果進行同態解密,得到查詢結果。
在本實施例中,資料查詢方對資料持有方的加權結果進行同態解密,以表2為例,對加權結果進行同態解密,可得到解密結果:
1×X1+0×X2+0×X3+0×X4+0×X5,
即解密結果是X1,是目標資料標識ID1對應的資料。換言之,解密結果就是查詢結果。
由此,資料查詢方可查詢到目標資料標識對應的資料,同時,無法獲知各個干擾資料標識對應的資料,實現對資料持有方的資料隱私安全的有效保護。
值得注意的是,對0進行同態加密之後得到的是亂數,因此即便所有干擾資料標識的查詢權數都是0,資料持有方也無法區分目標資料標識和干擾資料標識,從而有效保護資料查詢方所要查詢的資料。
由以上描述可以看出,在進行資料查詢時,本實施例可將目標資料標識的查詢權數設置為1,將干擾資料標識的查詢權數設置為0,然後利用同態加密演算法實現對目標資料標識的查詢,既可確保資料查詢方的查詢隱私,又可確保資料持有方的資料隱私安全。
本說明書記載的資料查詢方案還可實現對多個目標資料標識對應資料總和的查詢。
例如,李四申請在P2P平台借款,P2P平台要在銀行查詢李四及其愛人王五的借款總數額。
在本例中,假設李四的身份證號是ID6,王五的身份證號是ID7,ID6和ID7都是目標資料標識。P2P平台又選取兩個干擾用戶,其身份證號分別為ID8和ID9。
表3
請參考表3,P2P平台可生成表3所示的加密權數示例。P2P平台進而可將表3所示的資料標識及其加密權數發送給銀行。
表4
請參考表4,假設李四的借款數額是X6,干擾用戶ID8的借款數額是X8,王五的借款數額是X7,干擾用戶ID9的借款數額是X9,資料持有方在本步驟可計算得到加權結果:
Enc(1)×Enc(X6)+Enc(0)×Enc(X8)+Enc(1)×Enc(X7)+ Enc(0)×Enc(X9)。
P2P平台對上述加權結果進行解密,可得到解密結果:
1×X6+0×X8+1×X7+0×X9
即解密結果是X6+ X7,是李四和王五借款的總數額。
由此,P2P平台可查詢到李四和王五的借款總數額,但無法獲知干擾用戶的借款數額,同時銀行並不知曉P2P平台查詢的人是李四和王五,實現查詢雙方的資料隱私安全。
與前述資料查詢方法的實施例相對應,本說明書還提供了資料查詢裝置的實施例。
請參考圖2,本說明書資料查詢裝置200應用於面向資料持有方的資料查詢,所述資料持有方持有若干資料,所述若干資料分別對應不同的資料標識,所述裝置應用於資料查詢方,所述裝置200可包括:
確定單元201,確定本次查詢所使用的若干資料標識,所述若干資料標識中包括目標資料標識和干擾資料標識;
加密單元202,分別對每個資料標識的查詢權數進行同態加密,得到每個資料標識的加密權數,其中所述目標資料標識的查詢權數是1,所述干擾資料標識的查詢權數是0;
發送單元203,發送所述若干資料標識及其加密權數至所述資料持有方,以供所述資料持有方根據所述加密權數對所述資料標識對應的資料進行加權;
解密單元204,接收所述資料持有方返回的加權結果,並對所述加權結果進行同態解密,得到查詢結果。
請參考圖3,本說明書資料查詢裝置300應用於資料持有方,可包括:
接收單元301,接收資料查詢方發送的若干資料標識及其加密權數,所述若干資料標識中包括目標資料標識和干擾資料標識,所述加密權數是所述資料查詢方對所述資料標識的查詢權數進行同態加密後得到,所述目標資料標識的查詢權數是1,所述干擾資料標識的查詢權數是0;
加權單元302,根據所述加密權數對所述資料標識對應的資料進行加權;
返回單元303,將加權結果返回給所述資料查詢方,以供所述資料查詢方對所述加權結果進行同態解密,得到查詢結果。
可選的,所述加權單元302:
採用所述資料查詢方的公鑰分別對所述資料標識對應的資料進行加密,得到加密資料;
根據所述加密權數對所述資料標識對應的加密資料進行加權,得到加權結果。
上述裝置中各個單元的功能和作用的實現過程具體詳見上述方法中對應步驟的實現過程,在此不再贅述。
對於裝置實施例而言,由於其基本對應於方法實施例,所以相關之處參見方法實施例的部分說明即可。以上所描述的裝置實施例僅僅是示意性的,其中所述作為分離部件說明的單元可以是或者也可以不是物理上分開的,作為單元顯示的部件可以是或者也可以不是物理單元,即可以位於一個地方,或者也可以分佈到多個網路單元上。可以根據實際的需要選擇其中的部分或者全部模組來實現本說明書方案的目的。本領域普通技術人員在不付出創造性勞動的情況下,即可以理解並實施。
上述實施例闡明的系統、裝置、模組或單元,具體可以由電腦晶片或實體實現,或者由具有某種功能的產品來實現。一種典型的實現設備為電腦,電腦的具體形式可以是個人電腦、膝上型電腦、行動電話、相機電話、智慧型電話、個人數位助理、媒體播放機、導航設備、電子郵件收發設備、遊戲控制台、平板電腦、可穿戴設備或者這些設備中的任意幾種設備的組合。
與前述資料查詢方法的實施例相對應,本說明書還提供一種資料查詢裝置,該裝置包括:處理器以及用於儲存機器可執行指令的記憶體。其中,處理器和記憶體通常借由內部匯流排相互連接。在其他可能的實現方式中,所述設備還可能包括外部介面,以能夠與其他設備或者部件進行通信。
在本實施例中,透過讀取並執行所述記憶體儲存的與查詢邏輯對應的機器可執行指令,所述處理器被促使:
確定本次查詢所使用的若干資料標識,所述若干資料標識中包括目標資料標識和干擾資料標識;
分別對每個資料標識的查詢權數進行同態加密,得到每個資料標識的加密權數,其中所述目標資料標識的查詢權數是1,所述干擾資料標識的查詢權數是0;
發送所述若干資料標識及其加密權數至所述資料持有方,以供所述資料持有方根據所述加密權數對所述資料標識對應的資料進行加權;
接收所述資料持有方返回的加權結果,並對所述加權結果進行同態解密,得到查詢結果。
可選的,當所述若干資料標識中包括1個目標資料標識時,所述查詢結果是所述目標資料標識對應的資料;
當所述若干資料標識中包括多個目標資料標識時,所述查詢結果是所述多個目標資料標識對應資料的求和結果。
與前述資料查詢方法的實施例相對應,本說明書還提供一種電腦可讀儲存媒體,所述電腦可讀儲存媒體上儲存有電腦程式,該程式被處理器執行時實現以下步驟:
確定本次查詢所使用的若干資料標識,所述若干資料標識中包括目標資料標識和干擾資料標識;
分別對每個資料標識的查詢權數進行同態加密,得到每個資料標識的加密權數,其中所述目標資料標識的查詢權數是1,所述干擾資料標識的查詢權數是0;
發送所述若干資料標識及其加密權數至所述資料持有方,以供所述資料持有方根據所述加密權數對所述資料標識對應的資料進行加權;
接收所述資料持有方返回的加權結果,並對所述加權結果進行同態解密,得到查詢結果。
可選的,當所述若干資料標識中包括1個目標資料標識時,所述查詢結果是所述目標資料標識對應的資料;
當所述若干資料標識中包括多個目標資料標識時,所述查詢結果是所述多個目標資料標識對應資料的求和結果。
上述對本說明書特定實施例進行了描述。其它實施例在所附申請專利範圍的範圍內。在一些情況下,在申請專利範圍中記載的動作或步驟可以按照不同於實施例中的順序來執行並且仍然可以實現期望的結果。另外,在圖式中描繪的過程不一定要求示出的特定順序或者連續順序才能實現期望的結果。在某些實施方式中,多工處理和並行處理也是可以的或者可能是有利的。
以上所述僅為本說明書的較佳實施例而已,並不用以限制本說明書,凡在本說明書的精神和原則之內,所做的任何修改、等同替換、改進等,均應包含在本說明書保護的範圍之內。Exemplary embodiments will be described in detail here, examples of which are shown in the drawings. When the following description refers to drawings, unless otherwise indicated, the same numerals in different drawings represent the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with this specification. Rather, they are merely examples of devices and methods consistent with some aspects of this specification as detailed in the scope of the attached patent applications. The terminology used in this specification is for the purpose of describing particular embodiments only, and is not intended to limit this specification. The singular forms "a", "said" and "the" used in this specification and the appended patent applications are also intended to include most forms unless the context clearly indicates other meanings. It should also be understood that the term "and/or" as used herein refers to and includes any or all possible combinations of one or more associated listed items. It should be understood that although the terms first, second, third, etc. may be used in this specification to describe various information, the information should not be limited to these terms. These terms are only used to distinguish the same type of information from each other. For example, without departing from the scope of this specification, the first information may also be referred to as second information, and similarly, the second information may also be referred to as first information. Depending on the context, the word "if" as used herein can be interpreted as "when" or "when..." or "responsive to certainty". In the era of huge amounts of data, different service providers may hold different business data of the same query object. In this case, the service provider may need to go to other service providers to query the user's business when processing the user's business. data. However, due to competition between different enterprises or privacy protection considerations, both the data privacy of the data holder and the data privacy of the data query party must be protected during the query process. For example, the bank holds the loan amount of each user, and the P2P (peer-to-peer, Internet finance peer-to-peer lending) platform provides personal loan services to users. When users borrow on the P2P platform, the P2P platform will go to the bank to query the user's loan amount. Then, based on the user's other credit situation, it is decided whether to borrow and the loan amount. In this example, the bank is the data holder, the user's loan amount is the data held by the data holder, the user's ID number is the data identification of the data, and the P2P platform is the data query. Suppose Zhang San applies for a loan on the P2P platform. In this example, make sure that the P2P platform can query Zhang San’s loan amount from the bank, but the bank does not know that the person to be queried by the P2P platform is Zhang San. The amount of the user's bank loan. FIG. 1 is a schematic flowchart of a data query method shown in an exemplary embodiment of this specification. Please refer to FIG. 1, the data query method may include the following steps: Step 102, the data query party determines a number of data identifiers used in this query, and the plurality of data identifiers includes target data identifiers and interference data identifiers. In this embodiment, the target data identification is the data identification that the data querying party really wants to query, and the interference data identification is not the data identification to be queried by the data querying party. When the data querying party performs data querying, it can select one or more interfering data identifiers to mix the target data identifiers and the interfering data identifiers to hide the target data identifiers that the data querying party really wants to query. Among them, the number of interference data identifiers can be randomly determined by the data query, or a fixed number can be set in advance. This manual does not make special restrictions on this. Step 104: The data querying party homomorphically encrypts the query weights of each data identification to obtain the encryption weights of each data identification, wherein the query weight of the target data identification is 1, and the query weight of the interference data identification is 0. In this embodiment, the data query party can generate a public-private key pair for homomorphic encryption and decryption, and then use the public key to encrypt the query weight of each data identifier to obtain the encryption weight of the data identifier. In this embodiment, it is assumed that the target data identifier to be queried by the data queryer is ID1, and the data queryer randomly selects 4 interference data identifiers, which are ID2 to ID5, please refer to Table 1 to generate the encryption shown in Table 1. Examples of weights. Table 1 Step 106, the data query party sends the plurality of data identifiers and their encryption weights to the data holder. In one example, the data querying party may first send a number of the data identifiers determined in step 102 to the data holder, and then send the encryption weights of the plurality of data identifiers to the data holder. For example, the data query party may randomly sort the plurality of data identifiers, and then send the corresponding data identifier sequence to the data holder. Still taking Table 1 as an example, the data query can send the data identification sequence (ID1, ID2, ID3, ID4, ID5) first. Then, the data querying party may sort the encryption weights of the respective material identifiers according to the order of the material identifiers, generate an encryption weight sequence, and then send the encryption weight sequence to the data holder. Still taking Table 1 as an example, the data query party can then send the encryption weight sequence (Enc(1), Enc(0), Enc(0), Enc(0), Enc(0)). The data identification and its encryption weight are sent in the form of a sequence, the transmission volume is small, and the data holder can learn the corresponding relationship between the data identification and its encryption weight according to the arrangement order of the sequence elements, and the implementation is simple. In another example, the data query party may send the plurality of data identifications and their encryption weights to the data holder together, and this specification does not make special restrictions on this. Step 108: The data holder weights the data corresponding to the data identifier according to the encryption weight. In this embodiment, after receiving the data identification and its encryption weight, the data holder may separately search for the data corresponding to each data identification, and then weight the data corresponding to the data identification according to the encryption weight to obtain Weighted result. For example, according to the homomorphic encryption algorithm used, the data holder can use the public key of the data queryer to encrypt the data corresponding to the data identifier to obtain the corresponding encrypted data, and multiply the encrypted data by the corresponding encryption weight, Then sum them again to get the weighted result. Wherein, the public key of the data query party can be sent to the data holder alone by the data query party, or it can be sent along with the data identification and its encryption weight, which is not specifically limited in this specification. Table 2 still takes the example of Table 1 as an example, please refer to Table 2, assuming that the data corresponding to the data identifier 1 is X1, the data corresponding to the data identifier 2 is X2, and so on, the data holder can calculate the weight in this step Results: Enc(1)×Enc(X1)+Enc(0)×Enc(X2)+Enc(0)×Enc(X3)+ Enc(0)×Enc(X4)+Enc(0)×Enc(X5 ). Step 110: The data holder returns the weighted result to the data query. Step 112: The data query party homomorphically decrypts the weighted result to obtain a query result. In this embodiment, the data queryer homomorphically decrypts the weighted result of the data holder. Taking Table 2 as an example, the weighted result is homomorphically decrypted to obtain the decrypted result: 1×X1+0×X2+0 ×X3+0×X4+0×X5, that is, the decryption result is X1, which is the data corresponding to the target data ID ID1. In other words, the decryption result is the query result. As a result, the data query party can query the data corresponding to the target data identifier, and at the same time, cannot obtain the data corresponding to each interference data identifier, thereby effectively protecting the data privacy of the data holder. It is worth noting that after homomorphic encryption of 0, a random number is obtained, so even if the query weight of all interference data identifiers is 0, the data holder cannot distinguish between the target data identifier and the interference data identifier, thereby effectively protecting the data Information to be queried by the querying party. As can be seen from the above description, when performing data query, in this embodiment, the query weight of the target data identifier can be set to 1, the query weight of the interference data identifier can be set to 0, and then the homomorphic encryption algorithm can be used to achieve the target data The query of the logo can not only ensure the query privacy of the data query party, but also ensure the data privacy security of the data holder. The data query scheme described in this manual can also realize the query of the corresponding data sum of multiple target data labels. For example, Li Si applies for a loan on the P2P platform, and the P2P platform needs to check the total loan amount of Li Si and his lover Wang Wu at the bank. In this example, assume that Li Si’s ID card number is ID6, Wang Wu’s ID card number is ID7, and both ID6 and ID7 are target data IDs. The P2P platform also selects two interfering users, whose ID numbers are ID8 and ID9 respectively. Table 3 Please refer to Table 3, P2P platform can generate the encryption weight example shown in Table 3. The P2P platform can then send the data identification and encryption weight shown in Table 3 to the bank. Table 4 Please refer to Table 4, assuming that Li Si’s borrowing amount is X6, interference user ID8’s borrowing amount is X8, Wang Wu’s borrowing amount is X7, and interference user ID9’s borrowing amount is X9. The weighted result is calculated: Enc(1)×Enc(X6)+Enc(0)×Enc(X8)+Enc(1)×Enc(X7)+Enc(0)×Enc(X9). The P2P platform decrypts the above weighted result to obtain the decrypted result: 1×X6+0×X8+1×X7+0×X9, that is, the decrypted result is X6+X7, which is the total amount of loans borrowed by Li Si and Wang Wu. As a result, the P2P platform can query the total loan amount of Li Si and Wang Wu, but cannot know the amount of borrowing that interferes with the user. At the same time, the bank does not know that the person querying the P2P platform is Li Si and Wang Wu. Safety. Corresponding to the foregoing embodiments of the data query method, this specification also provides an embodiment of the data query device. Please refer to FIG. 2, the data query device 200 of this specification is applied to data query for data holders, the data holders hold a number of data, and the plurality of data correspond to different data identifiers respectively, and the device is applied to data For the inquiring party, the device 200 may include: a determining unit 201, which determines a number of data identifiers used in this query, and the plurality of data identifiers includes a target data identifier and an interference data identifier; an encryption unit 202, which separately identifies each data identifier The query weight of is homomorphically encrypted to obtain the encryption weight of each data identifier, wherein the query weight of the target data identifier is 1, and the query weight of the interference data identifier is 0; the sending unit 203 sends the several data identifiers And its encryption weight to the data holder for the data holder to weight the data corresponding to the data identifier according to the encryption weight; the decryption unit 204 receives the weight returned by the data holder As a result, the weighted result is homomorphically decrypted to obtain a query result. Referring to FIG. 3, the data query device 300 of this specification is applied to a data holder, and may include: a receiving unit 301, which receives a plurality of data identifiers and encryption weights sent by the data query party, and the plurality of data identifiers includes the target data identifier and Interference data identification, the encryption weight is obtained after the data query party homomorphically encrypts the query weight of the data identification, the query weight of the target data identification is 1, and the query weight of the interference data identification is 0 The weighting unit 302 weights the data corresponding to the data identifier according to the encryption weight; the return unit 303 returns the weighted result to the data query party for the data query party to perform the same on the weighted result Decrypt it to get the query result. Optionally, the weighting unit 302: separately encrypt the data corresponding to the data identifier using the public key of the data query party to obtain encrypted data; perform encryption data corresponding to the data identifier according to the encryption weight Weighted to get weighted results. For the implementation process of the functions and functions of the units in the above device, please refer to the implementation process of the corresponding steps in the above method for details, which will not be repeated here. As for the device embodiments, since they basically correspond to the method embodiments, the relevant parts can be referred to the description of the method embodiments. The device embodiments described above are only schematic, wherein the units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, may be located One place, or it can be distributed to multiple network units. Some or all of the modules can be selected according to actual needs to achieve the purpose of the solution in this specification. Those of ordinary skill in the art can understand and implement without paying creative labor. The system, device, module or unit explained in the above embodiments may be implemented by a computer chip or entity, or by a product with a certain function. A typical implementation device is a computer, and the specific form of the computer may be a personal computer, a laptop computer, a mobile phone, a camera phone, a smart phone, a personal digital assistant, a media player, a navigation device, an email sending and receiving device, and a game control Desk, tablet, wearable device, or any combination of these devices. Corresponding to the foregoing embodiments of the data query method, this specification also provides a data query device, which includes a processor and a memory for storing machine-executable instructions. Among them, the processor and the memory are usually connected to each other through an internal bus. In other possible implementations, the device may also include an external interface to be able to communicate with other devices or components. In this embodiment, by reading and executing machine-executable instructions stored in the memory corresponding to the query logic, the processor is prompted to: determine the data identifiers used in the query, the data identifiers Including the target data identifier and the interference data identifier; the query weights of each data identifier are homomorphically encrypted to obtain the encryption weight of each data identifier, wherein the query weight of the target data identifier is 1, the interference data identifier The query weight is 0; send the plurality of data identifiers and their encryption weights to the data holder for the data holder to weight the data corresponding to the data identifier according to the encryption weights; The weighted result returned by the data holder, and homomorphically decrypt the weighted result to obtain a query result. Optionally, when the plurality of data identifications includes one target data identification, the query result is data corresponding to the target data identification; when the plurality of data identifications include multiple target data identifications, the The query result is a summation result of the data corresponding to the multiple target data identifiers. Corresponding to the foregoing embodiment of the data query method, this specification also provides a computer-readable storage medium that stores a computer program on the computer-readable storage medium. When the program is executed by the processor, the following steps are implemented: Determine the query A number of data identifiers used, including target data identifiers and interference data identifiers; homomorphic encryption is performed on the query weights of each data identifier to obtain the encryption weights of each data identifier, wherein the target data The querying weight of the identifier is 1, and the querying weight of the interference data identifier is 0; the plurality of data identifiers and their encryption weights are sent to the data holder for the data holder to pair according to the encryption weights Weighting the data corresponding to the data identifier; receiving the weighted result returned by the data holder, and homomorphically decrypting the weighted result to obtain a query result. Optionally, when the plurality of data identifications includes one target data identification, the query result is data corresponding to the target data identification; when the plurality of data identifications include multiple target data identifications, the The query result is a summation result of the data corresponding to the multiple target data identifiers. The foregoing describes specific embodiments of the present specification. Other embodiments are within the scope of the attached patent application. In some cases, the actions or steps described in the scope of the patent application may be performed in a different order than in the embodiment and still achieve the desired result. In addition, the processes depicted in the drawings do not necessarily require the particular order shown or sequential order to achieve the desired results. In some embodiments, multiplexing and parallel processing are also possible or may be advantageous. The above are only the preferred embodiments of this specification and are not intended to limit this specification. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of this specification should be included in this specification Within the scope of protection.
