WO2022099891A1 - Data query method, apparatus and system, and data set processing method - Google Patents

Data query method, apparatus and system, and data set processing method Download PDF

Info

Publication number
WO2022099891A1
WO2022099891A1 PCT/CN2020/140634 CN2020140634W WO2022099891A1 WO 2022099891 A1 WO2022099891 A1 WO 2022099891A1 CN 2020140634 W CN2020140634 W CN 2020140634W WO 2022099891 A1 WO2022099891 A1 WO 2022099891A1
Authority
WO
WIPO (PCT)
Prior art keywords
data
queried
candidate
current
group
Prior art date
Application number
PCT/CN2020/140634
Other languages
French (fr)
Chinese (zh)
Inventor
邱炜伟
李伟
蔡亮
汪小益
刘敬
Original Assignee
杭州趣链科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 杭州趣链科技有限公司 filed Critical 杭州趣链科技有限公司
Publication of WO2022099891A1 publication Critical patent/WO2022099891A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/64Protecting data integrity, e.g. using checksums, certificates or signatures

Definitions

  • the present application relates to the field of computer technology, and in particular, to a data query method, apparatus, system, computer equipment and storage medium, as well as a data set processing method, apparatus, computer equipment and storage medium.
  • PSI Privacy-Preserving Set Intersection
  • the privacy-preserving set intersection computing technology needs to allow two parties holding their respective sets to jointly calculate the intersection operation of the two sets. This method may easily lead to data leakage during the data query process and cannot guarantee the privacy of the query data. Querying data is not secure.
  • a data query method comprising the following steps: sending a data query request to a device to be queried; receiving an ordered interval point set, where the ordered interval point set includes the device to be queried obtaining according to the data query request Ordered data group interval points corresponding to the candidate data set; obtain the data to be queried, and determine the current data group serial number corresponding to the to-be-queried data according to the to-be-queried data and the ordered interval point set; according to the first preset prime number, the second preset The prime number and the data to be queried are calculated to obtain the first encrypted data, and the first preset prime number, the first encrypted data and the current data group serial number are sent to the to-be-queried device, so that the to-be-queried device obtains at least one current data corresponding to the current data group serial number , calculate and obtain the first encrypted data set according to the third preset prime number, the first preset prime number and at least one current data, calculate and obtain the second encrypted data according
  • a data query device includes: a query request sending module, used for sending a data query request to a device to be queried; an ordered interval set receiving module, used for receiving ordered interval points
  • the ordered interval point set includes the ordered data group interval points corresponding to the candidate data set obtained by the device to be queried according to the data query request; the data group serial number determination module is used to obtain the to-be-queried data, according to the to-be-queried data and the ordered interval
  • the point set determines the sequence number of the current data group corresponding to the data to be queried;
  • the encrypted data calculation module is used to calculate and obtain the first encrypted data according to the first preset prime number, the second preset prime number and the data to be queried, and calculate the first preset prime number,
  • the first encrypted data and the sequence number of the current data group are sent to the device to be queried, so that the device to be queried obtains at least one current data corresponding to the sequence number of the current data group, and calculates according to the third preset
  • a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implements the following steps when executing the computer program: Send a data query request to the device to be queried; receive an ordered interval point set, where the ordered interval point set includes the device to be queried obtains an ordered data group interval point corresponding to the candidate data set according to the data query request; The query data and the ordered interval point set determine the current data group serial number corresponding to the data to be queried; the first encrypted data is obtained by calculating according to the first preset prime number, the second preset prime number, and the data to be queried, and the first preset prime number, the first An encrypted data and the sequence number of the current data group are sent to the device to be queried, so that the device to be queried obtains at least one current data corresponding to the sequence number of the current data group, and is calculated according to the third preset prime number, the first preset prime number and the at least one current data.
  • a computer-readable storage medium on which a computer program is stored, and when the computer program is executed by a processor, the following steps are implemented: sending a data query request to a device to be queried; receiving in an orderly manner The interval point set, the ordered interval point set includes that the device to be queried obtains the interval points of the ordered data group corresponding to the candidate data set according to the data query request; obtains the data to be queried, and determines the data to be queried according to the data to be queried and the ordered interval point set
  • the corresponding current data group serial number; the first encrypted data is calculated according to the first preset prime number, the second preset prime number and the data to be queried, and the first preset prime number, the first encrypted data and the current data group serial number are sent to the to-be-queried data device, so that the device to be queried obtains at least one current data corresponding to the serial number of the current data group, calculates and obtains the first encrypted data set according to the third preset prime
  • a data query system comprising: a query device for acquiring a data query request and sending the data query request to the device to be queried;
  • the query request obtains the ordered interval point set corresponding to the candidate data set, and returns the ordered interval point set to the query device, where the ordered interval point set includes the ordered data group interval points corresponding to the candidate data set;
  • the query device also uses Receiving the ordered interval point set, obtaining the data to be queried, determining the current data group serial number corresponding to the to-be-queried data according to the to-be-queried data and the ordered interval point set, and according to the first preset prime number, the second preset prime number and the to-be-queried data
  • the first encrypted data is obtained by calculation, and the first preset prime number, the first encrypted data and the current data group serial number are sent to the device to be inquired; the device to be inquired is also used to obtain at least one current data corresponding to the current data group serial number, according to the first The first encrypted data set
  • the query device is further configured to receive the first encrypted data set and the second encrypted data, calculate and obtain the second encrypted data set according to the first encrypted data set and the second preset prime number, and obtain the second encrypted data set according to the second encrypted data set.
  • the data and the second encrypted data set determine a query result corresponding to the data to be queried.
  • a data set processing method comprising the following steps: obtaining a candidate data set, the candidate data set includes at least one candidate data; The data is processed to obtain a target candidate data set, and the target candidate data set includes at least one candidate hash data; the target candidate data set is grouped according to preset rules to obtain a plurality of candidate data groups; The hash data determines the corresponding data group interval points, and generates an ordered data group interval point set according to each data group interval point.
  • the query device sends a data query request to the device to be queried, and the data query request includes the data to be queried.
  • Sequential interval point set, the ordered interval point set includes the ordered data group interval points corresponding to the candidate data set obtained by the device to be queried according to the data query request, and the current data corresponding to the to-be-queried data is determined according to the to-be-queried data and the ordered interval point set Group serial number, calculate and obtain the first encrypted data according to the first preset prime number, the second preset prime number and the data to be queried, and send the first preset prime number, the first encrypted data and the current data group serial number to the device to be queried, so that the The device to be queried obtains the current data corresponding to the serial number of the current data set, calculates the first encrypted data set according to the third preset prime number, the first preset prime number and the current data, and obtains the first encrypted
  • Second encrypted data receive the first encrypted data set and the second encrypted data, calculate and obtain the second encrypted data set according to the first encrypted data set and the second preset prime number, and determine the to-be-queried data according to the second encrypted data and the second encrypted data set The query result corresponding to the data.
  • the ordered interval point set sent by the device to be queried is not a candidate data set in the device to be queried, the interval points of the ordered data groups in these ordered interval point sets are meaningless by themselves, and do not set the interval points to be queried.
  • the candidate data set in the device is sent to the query device, which avoids the leakage of the candidate data set in the device to be queried, and ensures the privacy of the query data, and the data sent by the device to be queried and the query device to the other party are all through the confidential large data.
  • the prime numbers are obtained by encrypted calculation. Since their own data and exponents are kept secret, they cannot deduce each other's real data, thereby improving the security and privacy of query data.
  • FIG. 1 is an application environment diagram of the data query method according to Embodiment 1 of the present application.
  • FIG. 2 is a schematic flowchart of a data query method according to Embodiment 1 of the present application.
  • FIG. 3 is a structural block diagram of a data query apparatus according to Embodiment 1 of the present application.
  • FIG. 4 is a structural block diagram of the data query system according to Embodiment 1 of the present application.
  • FIG. 5 is a structural block diagram of a computer device according to Embodiment 1 of the present application.
  • Words like "connected,” “connected,” “coupled,” and the like referred to in this application are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect.
  • the “plurality” referred to in this application refers to two or more.
  • “And/or” describes the association relationship between associated objects, indicating that there can be three kinds of relationships. For example, “A and/or B” can mean that A exists alone, A and B exist at the same time, and B exists alone.
  • the character “/” generally indicates that the associated objects are an “or” relationship.
  • the terms “first”, “second”, “third”, “fourth”, etc. involved in this application are only to distinguish similar objects, and do not represent a specific order for the objects.
  • FIG. 1 is an application environment diagram of a data query method in one embodiment.
  • the data query method is applied to a data query system.
  • the data query system includes a query device 101 and a device to be queried 102 .
  • the inquiring device 101 and the device to be inquired 102 are connected through a network.
  • the query device 101 may specifically be a desktop terminal or a mobile terminal or a device to be queried, and the mobile terminal may specifically be at least one of a mobile phone, a tablet computer, a notebook computer, and the like.
  • the device 102 to be queried can be implemented by an independent server or a server cluster composed of multiple servers.
  • the query device 101 obtains the data query request to the device to be queried 102, and after the query device 102 receives the data query request, obtains the ordered interval point set corresponding to the candidate data set according to the data query request, and assigns the ordered interval point The set is returned to the query device 101, and the ordered interval point set includes the ordered data group interval points corresponding to the candidate data set.
  • the query device 101 receives the ordered interval point set, obtains the data to be queried, and according to the Determine the current data group serial number corresponding to the data to be queried, calculate and obtain the first encrypted data according to the first preset prime number, the second preset prime number and the data to be queried, and combine the first preset prime number, the first encrypted data and the current data group serial number Send to the device 102 to be queried, and the device 102 to be queried obtains at least one current data corresponding to the serial number of the current data group, and obtains the first encrypted data set according to the third preset prime number, the first preset prime number, and at least one current data set, according to the first encrypted data set.
  • An encrypted data and a third preset prime number are calculated to obtain second encrypted data, and the first encrypted data set and the second encrypted data are returned to the query device 101 . Further, the query device 101 receives the first encrypted data set and the second encrypted data, calculates and obtains the second encrypted data set according to the first encrypted data set and the second preset prime number, and determines according to the second encrypted data and the second encrypted data set. The query result corresponding to the data to be queried.
  • a data query method is provided, and the method is applied to the query device in FIG. 1 as an example for description, including the following steps:
  • Step 201 Send a data query request to the device to be queried.
  • the inquiring device may be the device where the data inquirer is located, and may be, but is not limited to, an inquiring terminal or a device to be inquired, and the device to be inquired here may be the device to be inquired where the data user is located, storing the candidate data set, the candidate data
  • the set includes at least one candidate data set, the candidate data set is processed to obtain a target candidate data set, the target candidate data set is grouped to obtain a plurality of candidate data sets, and the corresponding data set interval points are determined according to the data in each candidate data set , sort these data group interval points to obtain an ordered data group interval point set.
  • the data query request here is used to request the device to be queried to perform data query.
  • the data query request can be triggered and generated by an operation on the query device.
  • the query device is provided with a related query application, and the query application
  • the relevant interface is provided with a query button, and the operation of the query button triggers the generation of a data query request, wherein the operation includes but is not limited to a click operation, a voice operation or an operation triggered by a timed event.
  • Step 202 Receive an ordered interval point set, where the ordered interval point set includes the ordered data group interval points corresponding to the candidate data set obtained by the device to be queried according to the data query request.
  • the ordered interval point set here refers to a set consisting of data group interval points in a certain order
  • the data group interval point refers to the interval value between the candidate data groups corresponding to the candidate data set, and the pre-set on the device to be queried
  • Store a candidate data set the candidate data set includes at least one candidate data, process the candidate data set to obtain a target candidate data set, group the target candidate data set, and obtain a plurality of candidate data sets, according to the data in each candidate data set
  • Corresponding data group interval points are determined, and these data group interval points are sorted to obtain an ordered data group interval point set.
  • the method of determining the corresponding data group interval point according to the data in each candidate data group can be customized, and the customization can be to obtain the current candidate data group, obtain the current candidate data corresponding to the current candidate data group, and obtain the previous candidate data.
  • the target candidate data corresponding to the group calculate the interval point of the current data group according to the current candidate data and the target candidate data, obtain the next candidate data group, take the next candidate data group as the current candidate data group, and return to the step to obtain the corresponding data group of the current candidate data group the current candidate data until the interval points of each data group are obtained.
  • the current candidate data may be the first candidate data in the current candidate data group
  • the target candidate data may be the last candidate data in the previous candidate data group.
  • the device to be queried may obtain the current candidate data group and obtain the current candidate data.
  • the first candidate data in the group obtain the last candidate data in the previous candidate data group, calculate the interval point of the current data group according to the first candidate data and the last candidate data, obtain the next candidate data group, and put the next candidate data group
  • the return step obtains the first candidate data in the current candidate data group until the data group interval point is obtained.
  • the current candidate data group is: [317, 553]
  • the previous candidate data group is: [55, 270]
  • the current candidate data is the first candidate data in the current candidate data group: 317
  • the target candidate data is the previous one
  • the method of determining the interval point of the data group can also be customized by obtaining the current candidate data group, obtaining the current candidate data corresponding to the current candidate data group, and obtaining the target candidate data corresponding to the previous candidate data group. Randomly select a number between the current candidate data and the target candidate data to determine the interval point of the current data group, obtain the next candidate data group, take the next candidate data group as the current candidate data group, and return to the step to obtain the corresponding data group of the current candidate data group the current candidate data until the interval points of each data group are obtained.
  • the current candidate data may be the first candidate data in the current candidate data group
  • the target candidate data may be the last candidate data in the previous candidate data group.
  • the device to be queried may obtain the current candidate data group and obtain the current candidate data.
  • the first candidate data in the group obtain the last candidate data in the previous candidate data group, randomly select a number between the first candidate data and the last candidate data to determine the interval point of the current data group, and obtain the next candidate data group , taking the next candidate data group as the current candidate data group, and returning to the step to obtain the current candidate data corresponding to the current candidate data group until the interval points of each data group are obtained.
  • the current candidate data group is: [317, 553]
  • the previous candidate data group is: [55, 270]
  • the current candidate data is the first candidate data in the current candidate data group: 317
  • the target candidate data is the previous one
  • the current candidate data group interval point can be a number randomly selected from the first candidate data and the last candidate data, for example, 300 can be selected as the current candidate data group interval point.
  • all candidate data in the candidate data set are processed by the same hash function to obtain the target candidate data by the following formula, and the target candidate data set is composed of the target candidate data:
  • sort the target candidate data according to a certain order where the certain order can be ascending or descending, and group them according to the fixed size of each group to obtain multiple candidate data groups, wherein the fixed size It can be pre-determined according to business requirements, product requirements or actual application scenarios, wherein, in another embodiment, after sorting the target candidate data in a certain order, it can also be grouped according to different sizes of each group. , that is, the groups can be grouped according to the non-fixed size of each group, and the group size corresponding to each candidate data group can be determined according to business requirements, product requirements and actual application scenarios. Some of the group sizes corresponding to the data groups may be the same, and some may be different, which can be determined according to the actual situation.
  • data group interval points are obtained by calculation according to the target candidate data in each candidate data group, and these data group interval points are sorted to obtain ordered data group interval points. Specifically, when the query device sends a data query request to the device to be queried, the device to be queried obtains an ordered set of interval points according to the data query request, and returns the obtained set of ordered interval points to the query device.
  • Step 203 Acquire the data to be queried, and determine the sequence number of the current data group corresponding to the data to be queried according to the data to be queried and the ordered interval point set.
  • the data to be queried is data waiting to be queried.
  • the data to be queried can be the data processed by a hash function, and the data to be queried can be obtained by calling from a local database or obtained through other devices. Specifically, it can be based on business requirements, actual application scenarios, and product requirements. Sure get it.
  • the sequence number of the current data group here is the sequence number corresponding to the data group where the data to be queried is located.
  • the sequence number of the data group can be specifically obtained by obtaining two adjacent target interval points from the ordered interval point set according to the data to be queried, and then determining the current data group sequence number corresponding to the data to be queried according to the two target interval points. Wherein, if the data to be queried is equal to one of two adjacent target interval points, or the data to be queried has only one adjacent interval point, it means that the data to be queried is not in the candidate data set, and the data query is ended.
  • the target candidate data set obtained by hash function processing on the candidate data set is: 55, 270, 317, 553, 682, 847, and the target candidate data set is grouped to obtain: [55, 270], [317, 553] , [682, 847], the ordered interval point set is: the data group interval point between the first group and the second group is 293.5, and the data group interval point between the second group and the third group is 617.5.
  • the query data is processed by the hash function, it is 583.
  • the data to be queried is between 293.5 and 617.5, it can be determined that the current data group serial number corresponding to the data to be queried is 2, that is, if the data to be queried is to be inserted into the candidate data set, then Need to be inserted into the second group.
  • the data group interval point between the first group and the second group can be calculated according to the last target candidate data of the first group and the first target candidate data of the second group, for example, the last target of the first group
  • the candidate data is 270
  • the first target candidate data of the second group is 317
  • the data group interval point between the second group and the third group can be calculated according to the last target candidate data of the second group and the first target candidate data of the third group, for example, the last position of the second group
  • Step 204 Calculate and obtain the first encrypted data according to the first preset prime number, the second preset prime number and the data to be queried, and send the first preset prime number, the first encrypted data and the serial number of the current data group to the device to be queried, so that the The device to be queried obtains at least one current data corresponding to the serial number of the current data set, calculates and obtains the first encrypted data set according to the third preset prime number, the first preset prime number and the at least one current data, and obtains the first encrypted data set according to the first encrypted data and the third preset prime number.
  • the prime number calculation obtains the second encrypted data.
  • the first preset prime number and the second preset prime number are both randomly generated prime numbers that are large enough. Based on the discrete logarithm intractability guarantee, the original data cannot be inversely deduced from the encrypted data. Due to the particularity of the encryption algorithm, it can be The result of data encrypted multiple times is guaranteed to be independent of the order of encryption.
  • When generating a prime number randomly first randomly select an odd number with a given number of bits, and then use the prime number discrimination method to determine whether it is a prime number. If not, reselect.
  • the randomly generated prime numbers in the embodiments of the present application are all preferably 2048 bits, more than 2048 bits, the computational efficiency is reduced, and less than 2048 bits, the security cannot be satisfied. When the computing power is exhausted, the computing power required for the number of digits is large. At present, 2048 bits are generally used in important occasions.
  • the query device randomly generates two prime numbers as the first preset prime number and the second preset prime number, respectively, and obtains the first encrypted data according to the first preset prime number, the second preset prime number and the data to be queried, wherein,
  • the calculation method may be, using the first preset prime number as the modulus of the first encryption, using the second preset prime number as the index of the data to be queried, and performing the first encryption calculation on the data to be queried, wherein the first encryption calculation may be: is the modulo exponent calculation, thereby obtaining the first encrypted data.
  • a 2048-bit first preset prime number N and a second preset prime number P are randomly generated, the first preset prime number N is used as the modulus of encryption, and the second preset prime number P is used as the index of the data B to be queried.
  • the modulus index calculation is performed on the data B to obtain the first encrypted data Bp, which can be specifically shown in the following formula:
  • the inquiring device sends the first preset prime number, the first encrypted data and the current group serial number to the device to be inquired together, and after the inquiring device receives the first preset prime number, the first encrypted data and the current group serial number, it randomly generates
  • the third preset prime number, the third preset prime number can be a 2048-bit prime number, and at least one corresponding current data is obtained according to the current group serial number, where the current data can refer to the data elements in the current group serial number, and the current data can be All the data in the current group serial number can also be the target data in the current group serial number.
  • the quantity of target data can be determined according to business requirements and actual application conditions.
  • the candidate data set is processed to obtain the target candidate data set, and the The target candidate data sets are grouped to obtain multiple candidate data groups.
  • Each candidate data group includes the corresponding target candidate data and the corresponding group serial number. Therefore, all target candidate data in the current group serial number can be used as the current data. .
  • the third preset prime number can be used as the exponent of the current data
  • the first preset prime number can be used as the modulus of the second encryption
  • the current data can be encrypted for the second time. The first encrypted dataset.
  • the modulus index calculation is performed on the current data A i to obtain the first encrypted data set, which can be specifically shown in the following formula:
  • the third preset prime number can also be used as the index of the first encrypted data, and the first encrypted data can be encrypted for the third time.
  • the third encryption calculation may be modulo exponential calculation to obtain the second encrypted data.
  • a 2048-bit first preset prime number N and a second preset prime number P are randomly generated, the first preset prime number N is used as the modulus of encryption, and the second preset prime number P is used as the exponent of the data B to be queried.
  • Query the data B to perform modulus index calculation to obtain the first encrypted data Bp which can be specifically shown in the following formula:
  • the device to be inquired obtains the first encrypted data set and the second encrypted data by calculation, the first encrypted data set and the second encrypted data need to be returned to the inquiring device.
  • the device to be queried can first obtain the second encrypted data according to the first encrypted data and the third preset prime number, and then calculate and obtain the first encrypted data according to the third preset prime number, the first preset prime number and at least one current data. Set, the two steps are in no order and can be interchanged.
  • Step 205 Receive the first encrypted data set and the second encrypted data, and calculate and obtain the second encrypted data set according to the first encrypted data set and the second preset prime number.
  • the querying device may encrypt the first encrypted data set to obtain the second encrypted data set, wherein the encryption process may be based on the first encrypted data set.
  • An encrypted data set and a second preset index are encrypted and calculated to obtain a second encrypted data set.
  • the second preset index is used as the index of the first encrypted data set
  • the first encrypted data set is encrypted for the fourth time
  • the fourth encryption can be modulo index calculation to obtain the second encrypted data set.
  • the current group serial number is i
  • a 2048-bit third preset prime number Q is randomly generated
  • the third preset prime number Q is used as the exponent of the current data A i
  • the first preset prime number N is used as the modulus of the second encryption
  • the inquiring device receives the first encrypted data set sent by the device to be inquired Encrypt data for the second time Perform another encryption calculation, and use the second preset prime number P as the first encrypted data set
  • the exponent of the first encrypted dataset Perform the modulus index calculation to obtain the second encrypted data set Specifically, it can be shown in the following formula:
  • Step 206 Determine a query result corresponding to the data to be queried according to the second encrypted data and the second encrypted data set.
  • the query device can determine the query result corresponding to the data to be queried according to the second encrypted data and the second encrypted data set, and specifically, compare the second encrypted data with the second encrypted data set. 2. Whether the encrypted data set matches, wherein if the second encrypted data matches the second encrypted data set, the query result corresponding to the data to be queried is determined to be the first query result, and the first query result indicates that the data to be queried is in the candidate data set , if the second encrypted data does not match the second encrypted data set, the query result corresponding to the data to be queried is determined to be the second query result, and the second query result indicates that the data to be queried is not in the candidate data set. Wherein, whether the second encrypted data matches the second encrypted data set may be comparing whether the second encrypted data and the second encrypted data set are the same, or comparing whether the second encrypted data and the second encrypted data set are equal.
  • the ordered interval point set sent by the device to be queried is not a candidate data set in the device to be queried, and because of the characteristics of the hash function, the interval points of the ordered data groups in these ordered interval point sets are meaningless by themselves. It does not send the candidate data set in the device to be queried to the query device, which avoids the leakage of the candidate data set in the device to be queried, and ensures the privacy of the query data.
  • the data is obtained by encrypting and calculating the large prime numbers that are kept secret. Since their own data and indices are kept secret, they cannot deduce each other's real data, thereby improving the security and privacy of the query data.
  • the query device sends a data query request to the device to be queried, and receives an ordered interval point set, where the ordered interval point set includes the device to be queried obtains an ordered data group interval point corresponding to the candidate data set according to the data query request.
  • the data to be queried obtains the data to be queried, determine the serial number of the current data group corresponding to the data to be queried according to the data to be queried and the ordered interval point set, and obtain the first encrypted data according to the first preset prime number, the second preset prime number and the data to be queried, Send the first preset prime number, the first encrypted data and the current data group serial number to the device to be queried, so that the device to be queried obtains at least one current data corresponding to the current data group serial number, according to the third preset prime number, the first preset The prime number and at least one current data are calculated to obtain the first encrypted data set, the second encrypted data is obtained by calculating the first encrypted data and the third preset prime number, the first encrypted data set and the second encrypted data are received, and the first encrypted data set is received according to the first encrypted data set.
  • the second encrypted data set is obtained by calculating with the second preset prime number, and the query result corresponding to the data to be queried is determined according to the second encrypted data and the
  • the ordered interval point set sent by the device to be queried is not a candidate data set in the device to be queried, the interval points of the ordered data groups in these ordered interval point sets are meaningless by themselves, and do not set the interval points to be queried.
  • the candidate data set in the device is sent to the query device, which avoids the leakage of the candidate data set in the device to be queried, and ensures the privacy of the query data, and the data sent by the device to be queried and the query device to the other party are all through the confidential large data.
  • the prime numbers are obtained by encrypted calculation. Since their own data and exponents are kept secret, they cannot deduce each other's real data, thereby improving the security and privacy of query data.
  • the current data group sequence number corresponding to the data to be queried is determined according to the data to be queried and the ordered interval point set, including:
  • Step 301 Acquire two adjacent target interval points corresponding to the data to be queried from the ordered interval point set.
  • Step 302 Determine the current data group serial number corresponding to the data to be queried according to the two target interval points.
  • the ordered interval point set here refers to a set consisting of data group interval points in a certain order
  • the data group interval point refers to the interval value between the candidate data groups corresponding to the candidate data set, and the pre-set on the device to be queried
  • Store a candidate data set the candidate data set includes at least one candidate data, process the candidate data set to obtain a target candidate data set, group the target candidate data set, and obtain a plurality of candidate data sets, according to the data in each candidate data set
  • Corresponding data group interval points are determined, and these data group interval points are sorted to obtain an ordered data group interval point set.
  • the corresponding data group interval points are determined according to the data in each candidate data group. Specifically, the current candidate data group is obtained, the current candidate hash data corresponding to the current candidate data group is obtained, and the target corresponding to the previous candidate data group is obtained.
  • the candidate hash data according to the current candidate hash data and the target candidate hash data, to obtain the current data group interval point, obtain the next candidate data group, take the next candidate data group as the current candidate data group, and return to the step to obtain the current candidate data
  • the current candidate hash data corresponding to the group is obtained until the interval points of each data group are obtained, and the interval points of each data group are sorted to obtain an ordered set of interval points of the data group.
  • the current candidate hash data may be the first candidate hash data of the current candidate data group
  • the target candidate hash data may be the last candidate hash data of the previous candidate data group.
  • the sequence number of the current data group here is the sequence number corresponding to the data group where the data to be queried is located.
  • the current data group serial number may be, specifically, obtaining two adjacent target interval points from the ordered interval point set according to the data to be queried, and then determining the current data group serial number corresponding to the data to be queried according to the two target interval points. Wherein, if the data to be queried is equal to one of two adjacent target interval points, or the data to be queried has only one adjacent interval point, it means that the data to be queried is not in the candidate data set, and the data query is ended.
  • the target candidate data set obtained by hash function processing on the candidate data set is: 55, 270, 317, 553, 682, 847, 987, 1203, and the target candidate data set is grouped to obtain: [55, 270], [ 317, 553], [682, 847], [987, 1203], the ordered interval point set is: the data group interval point between the first group and the second group is 293.5, between the second group and the third group The interval point of the data group is 617.5, and the interval point of the data group between the third and fourth groups is 917. If the data to be queried is processed by the hash function, it is 583. Since the data to be queried is between 293.5 and 617.5, therefore, It can be determined that the current data group serial number corresponding to the data to be queried is 2.
  • the first encrypted data is calculated according to the first preset prime number, the second preset prime number and the data to be queried, and the first preset prime number, the first encrypted data and the current data group serial number are sent to the device to be queried , so that the device to be queried obtains at least one current data corresponding to the sequence number of the current data set, calculates the first encrypted data set according to the third preset prime number, the first preset prime number and at least one current data, and obtains the first encrypted data set according to the first encrypted data and the first encrypted data set.
  • Three preset prime numbers are calculated to obtain the second encrypted data, including:
  • Step 401 Randomly generate a first preset prime number and a second preset prime number.
  • Step 402 Use the first preset prime number as the modulus of the first encryption, use the second preset prime number as the exponent of the data to be queried, and perform a modulus exponent operation calculation on the data to be queried to obtain the first encrypted data.
  • the first preset prime number and the second preset prime number are both large enough prime numbers generated randomly.
  • prime numbers randomly first randomly select an odd number with a given bit number, and then use the prime number discrimination method to determine whether it is a prime number. If not, reselect.
  • the prime number theorem given a number x, the number of prime numbers less than x is about x/lnx, that is, given a number, the probability of it being a prime number is about 1/lnx. Even if the given number is odd, its probability can only go up to 2/lnx.
  • prime number requirement is 2048 bits
  • the randomly generated prime numbers in the embodiments of the present application are all preferably 2048 bits, more than 2048 bits, the computational efficiency is reduced, and less than 2048 bits, the security cannot be satisfied. When the computing power is exhausted, the computing power required for the number of digits is large. At present, 2048 bits are generally used in important occasions.
  • the query device randomly generates two prime numbers as the first preset prime number and the second preset prime number, respectively, and obtains the first encrypted data according to the first preset prime number, the second preset prime number and the data to be queried, wherein,
  • the calculation method may be as follows: the first preset prime number is used as the modulus of the first encryption, the second preset prime number is used as the index of the data to be queried, and the first modulus index calculation is performed on the data to be queried to obtain the first encrypted data.
  • a 2048-bit first preset prime number N and a second preset prime number P are randomly generated, the first preset prime number N is used as the modulus of encryption, and the second preset prime number P is used as the index of the data B to be queried.
  • the modulus index calculation is performed on the data B to obtain the first encrypted data Bp, which can be specifically shown in the following formula:
  • Step 403 Send the first preset prime number, the first encrypted data and the current data group serial number to the device to be queried, so that the device to be queried obtains at least one corresponding current data according to the current data group serial number, and randomly generates a third preset prime number , using the third preset prime number as the exponent of the current data, using the first preset prime number as the modulus of the second encryption, performing modulus exponent calculation on at least one current data to obtain the first encrypted data set, and using the third preset prime number as the modulus of the second encryption.
  • modulo exponent calculation is performed on the first encrypted data to obtain the second encrypted data.
  • the inquiring device sends the first preset prime number, the first encrypted data and the current group serial number together to the device to be inquired, and after the inquiring device receives the first preset prime number, the first encrypted data and the current group serial number, it randomly generates The third preset prime number.
  • the third preset prime number can be a 2048-bit prime number.
  • the corresponding current data is obtained according to the current group serial number.
  • the current data here refers to all the data in the current group serial number.
  • the candidate data set is obtained after processing.
  • the target candidate data set is grouped, and multiple candidate data groups are obtained. Each candidate data group includes the corresponding target candidate data and the corresponding group serial number.
  • Candidate data can be used as current data.
  • the third preset prime number may be used as the exponent of the current data
  • the first preset prime number may be used as the modulus of the second encryption
  • the second modulus exponent calculation may be performed on the current data, thereby obtaining the first encrypted data set.
  • the current group serial number is i
  • a 2048-bit third preset prime number Q is randomly generated
  • the third preset prime number Q is used as the exponent of the current data A i
  • the first preset prime number N is used as the modulus of the second encryption
  • the third preset prime number Q can be used as the prime number of each current data A i
  • the first preset prime number N can be used as the modulus of the second encryption. All current data in the group serial number i is subjected to modulo index calculation to obtain the corresponding first encrypted data set.
  • the third preset prime number can also be used as the index of the first encrypted data, and the first encrypted data can be encrypted for the third time.
  • the third encryption calculation may be modulo exponential calculation to obtain the second encrypted data.
  • the query device randomly generates a 2048-bit first preset prime number N and a second preset prime number P, uses the first preset prime number N as the encrypted modulus, and uses the second preset prime number P as the index of the data B to be queried,
  • the modulus index calculation is performed on the data B with query to obtain the first encrypted data Bp, which can be specifically shown in the following formula:
  • the inquiring device sends the first encrypted data Bp to the device to be inquired, the device to be inquired randomly generates a 2048-bit third preset prime number Q, uses the third preset prime number Q as an index of the first encrypted data, and performs The modulus index is calculated to obtain the second encrypted data B PQ , which can be shown in the following formula:
  • the device to be inquired obtains the first encrypted data set and the second encrypted data by calculation, the first encrypted data set and the second encrypted data need to be returned to the inquiring device.
  • calculating and obtaining the second encrypted data set according to the first encrypted data set and the second preset prime number includes: using the second preset prime number as an index of the first encrypted data set, and performing The modulus index is calculated to obtain the second encrypted data set.
  • the querying device may encrypt the first encrypted data set again to obtain the second encrypted data set, wherein the encryption process may be based on
  • the first encrypted data set and the second preset index are encrypted and calculated to obtain a second encrypted data set.
  • the second preset index is used as the index of the first encrypted data set
  • the fourth modular index calculation is performed on the first encrypted data set to obtain the second encrypted data set.
  • the current group serial number is i
  • a 2048-bit third preset prime number Q is randomly generated
  • the third preset prime number Q is used as the exponent of the current data A i
  • the first preset prime number N is used as the modulus of the second encryption
  • the inquiring device receives the first encrypted data set sent by the device to be inquired Encrypt data for the second time Perform another encryption calculation, and use the second preset prime number P as the first encrypted data set
  • the exponent of the first encrypted dataset Perform the modulus index calculation to obtain the second encrypted data set Specifically, it can be shown in the following formula:
  • determining a query result corresponding to the data to be queried according to the second encrypted data and the second encrypted data set includes:
  • Step 501 When the second encrypted data is the same as an element of the second encrypted data set, determine that the query result corresponding to the data to be queried is the first query result, and the first query result is that the data to be queried is in the candidate data set.
  • Step 502 When the second encrypted data is different from any element of the second encrypted data set, determine that the query result corresponding to the data to be queried is the second query result, and the second query result is that the data to be queried is not in the candidate data set.
  • the query device can determine the query result corresponding to the data to be queried according to the second encrypted data and the second encrypted data set. Specifically, the query device can compare the second encrypted data and the second encrypted data set. Whether the second encrypted data set matches, wherein if the second encrypted data matches an element of the second encrypted data set, the query result corresponding to the data to be queried is determined to be the first query result, and the first query result indicates the data to be queried.
  • the query result corresponding to the data to be queried is determined to be the second query result, and the second query result indicates that the data to be queried is not in the candidate data set in the data set.
  • whether the second encrypted data matches the second encrypted data set may be comparing whether an element of the second encrypted data and the second encrypted data set is the same, or comparing the second encrypted data and any element of the second encrypted data set Are all equal.
  • each second encrypted data is associated with each piece of data.
  • the second encrypted data sets are compared, and if any second encrypted data is identical or equal to any second encrypted data set, it can be determined that the query result corresponding to the data to be queried is the first query result, indicating that the data to be queried is in the In the candidate data set, if there is no second encrypted data that is identical or equal to any second encrypted data set, it can be determined that the query result corresponding to the data to be queried is the second query result, indicating that the data to be queried is not in the candidate data. in the collection.
  • the generating step of the ordered interval point set includes:
  • Step 601 The device to be queried acquires a candidate data set, where the candidate data set includes at least one candidate data.
  • Step 602 The device to be queried processes the candidate data in the candidate data set according to the preset hash function to obtain a target candidate data set, where the target candidate data set includes at least one candidate hash data.
  • the device to be queried here may be the device to be queried where the data user is located, and stores a candidate data set.
  • the candidate data set includes at least one candidate data.
  • the candidate data set is processed to obtain a target candidate data set, and the target candidate data set is processed.
  • Grouping is performed to obtain a plurality of candidate data groups, corresponding data group interval points are determined according to the data in each candidate data group, and these data group interval points are sorted to obtain an ordered data group interval point set.
  • the ordered interval point set here refers to a set consisting of data group interval points in a certain order
  • the data group interval point refers to the interval value between the candidate data groups corresponding to the candidate data set, and the pre-set on the device to be queried
  • a candidate data set is stored, where the candidate data set includes at least one candidate data, and the candidate data set is processed to obtain a target candidate data set.
  • the candidate data set is processed to obtain the target candidate data set. Specifically, a preset hash function is obtained, and each candidate data in the candidate data set is hashed by the preset hash function to obtain the corresponding candidate data set. Hash data, the target candidate data set is composed of each candidate hash data.
  • all candidate data in the candidate data set are processed by the same hash (hash) function to obtain candidate hash data by the following formula, and the target candidate data set is composed of the candidate hash data:
  • Step 603 The device to be queried groups the target candidate data sets according to preset rules to obtain multiple candidate data groups.
  • Step 604 The device to be queried determines the corresponding data group interval points according to the candidate hash data in each candidate data group, and generates an ordered data group interval point set according to each data group interval point.
  • the device to be queried groups the target candidate data set to obtain multiple candidate data groups.
  • Corresponding data group interval points are determined, and these data group interval points are sorted to obtain an ordered data group interval point set.
  • the device to be queried groups the target candidate data set according to a preset rule to obtain multiple candidate data groups, wherein the preset rule may be to sort the candidate hash data in the target candidate data set , the sorting can be in ascending order or descending order to obtain the sorted target candidate data set, and then group the sorted target candidate data set according to the preset group size, thereby obtaining multiple candidate data groups.
  • the candidate hash data in the target candidate data set may be sorted according to an ascending rule, or the candidate hash data in the target candidate data set may be sorted in descending order according to a descending rule to obtain the sorted target candidate data Set, and then obtain the preset group size.
  • the so-called group size refers to the maximum bearing capacity corresponding to the corresponding group.
  • the preset group size can be determined according to business requirements, application scenarios or product requirements, and the sorted targets are based on the preset group size.
  • the candidate data sets are grouped to obtain each grouped candidate data group. Further, the corresponding data group interval points are determined according to the data in each candidate data group.
  • the current candidate data group is obtained, the current candidate hash data corresponding to the current candidate data group is obtained, and the last candidate data group is obtained.
  • the target candidate hash data of the The current candidate hash data corresponding to the candidate data group is obtained until each data group interval point is obtained, and the various data group interval points are sorted to obtain an ordered data group interval point set.
  • the current candidate hash data may be the first candidate hash data of the current candidate data group
  • the target candidate hash data may be the last candidate hash data of the previous candidate data group.
  • the target candidate data set obtained by hash function processing on the candidate data set is: 55, 270, 317, 553, 682, 847, 987, 1203, and the target candidate data set is grouped to obtain: [55, 270], [ 317, 553], [682, 847], [987, 1203], the ordered interval point set is: the data group interval point between the first group and the second group is 293.5, between the second group and the third group The data group interval point is 617.5, the data group interval point between the third and fourth groups is 917, and the ordered data group interval point set is: ⁇ 293.5, 617.5, 917 ⁇ .
  • the data group interval point between the first group and the second group can be calculated according to the last candidate hash data of the first group and the first candidate hash data of the second group, for example, the last candidate hash data of the first group
  • the bit candidate hash data is 270
  • the first candidate hash data of the second group is 317
  • the data group interval point between the third group and the fourth group can be calculated according to the last candidate hash data of the third group and the first candidate hash data of the fourth group.
  • the last candidate hash data of the third group The hash data is 847
  • the first candidate hash data of the fourth group is 987
  • the device to be queried determines the corresponding data group interval points according to the candidate hash data in each candidate data group, including: the device to be queried obtains the current candidate data group, and obtains the current candidate hash in the current candidate data group. data, obtain the target candidate hash data in the previous candidate data group, calculate the interval point of the current data group according to the current candidate hash data and the target candidate hash data, obtain the next candidate data group, and use the next candidate data group as For the current candidate data group, the returning step obtains the current candidate hash data in the current candidate data group until the data group interval point is obtained. Specifically, the corresponding data group interval points are determined according to the data in each candidate data group.
  • the current candidate data group may be obtained, the current candidate hash data corresponding to the current candidate data group may be obtained, and the current candidate data group corresponding to the current candidate data group may be obtained.
  • the target candidate hash data calculate the current data group interval point, obtain the next candidate data group, take the next candidate data group as the current candidate data group, and return to the step to obtain the current candidate data group.
  • the current candidate hash data corresponding to the data group is obtained until each data group interval point is obtained, and the data group interval points are sorted to obtain an ordered data group interval point set.
  • the current candidate data group may be randomly selected from each candidate data group as the current candidate data group, or the candidate data group may be determined as the current candidate data group in sequence.
  • the current candidate hash data may be the first candidate hash data in the current candidate data group
  • the target candidate hash data may be the last candidate hash data in the previous candidate data group.
  • the device to be queried obtains the current candidate data group, obtains the first candidate hash data in the current candidate data group, and obtains the last candidate hash data in the previous candidate data group, according to the first candidate hash data and the last candidate hash data. Calculate the interval point of the current data group, obtain the next candidate data group, take the next candidate data group as the current candidate data group, and return to the step to obtain the first candidate hash data in the current candidate data group, until the interval point of the data group is obtained.
  • the data query method further includes: sending a current ordered interval point set version number query request to the device to be queried, where the current ordered interval point set version number query request includes the current ordered interval point set version number, so that The device to be queried obtains the version number of the candidate ordered interval point set, and compares whether the version number of the current ordered interval point set is consistent with the version number of the candidate ordered interval point set.
  • the version number of the candidate ordered interval point set is the version number corresponding to the current ordered interval point set in the device to be queried
  • receive the first version number information returned by the device to be queried and obtain the history Ordered interval point set, take the historical ordered interval point set as the ordered interval point set, and enter the step to obtain the data to be queried, or; after receiving the second version number information returned by the device to be queried, enter the step to send a data query request to Device to be queried.
  • the current ordered interval point set version number query request here is used to request to query the current ordered interval point set version number
  • the current ordered interval point set version number is the version identification number corresponding to the current ordered interval point set
  • Each time the current ordered interval point set sent by the device to be queried includes the corresponding version number of the current ordered interval point set.
  • the inquiring device carries the current ordered interval point set version number query request to the to-be-queried device, and the to-be-queried device compares the current ordered interval point set version numbers.
  • the version number of the candidate interval point set stored locally is consistent, if it is consistent, it is determined as the first version number information, if not, it is determined as the second version number information, and returned, where the version number of the candidate ordered interval point set is The version number corresponding to the current ordered interval point set in the device to be queried, and the first version number information or the second version number information is returned to the query device.
  • the ordered interval point cached by the inquiring device itself can be determined. It is an ordered interval point set. Specifically, the historical ordered interval point set can be obtained.
  • the so-called historical ordered interval point set refers to the ordered interval point set cached locally by the query device, and the historical ordered interval point set is used as the ordered interval point. Set, enter the step to obtain the data to be queried.
  • the query device receives the second version number information, it means that the version number of the current ordered interval point set is inconsistent with the version number of the candidate interval point set stored locally by the device to be queried, and then enters the step of sending a data query request to the device to be queried. , and replace the subsequently received ordered interval point set with the historical ordered interval point set stored locally by the query device, that is, update the locally stored historical ordered interval point set according to the subsequently received ordered interval point set.
  • a data query method which specifically includes the following steps:
  • the device to be queried acquires a candidate data set, where the candidate data set includes at least one candidate data.
  • the device to be queried processes the candidate data in the candidate data set according to the preset hash function to obtain a target candidate data set, where the target candidate data set includes at least one candidate hash data.
  • the device to be queried groups the target candidate data sets according to preset rules to obtain multiple candidate data groups.
  • the device to be queried determines a corresponding data group interval point according to the candidate hash data in each candidate data group, and generates an ordered data group interval point set according to each data group interval point.
  • the query device obtains at least one current data corresponding to the serial number of the current data set, calculates and obtains the first encrypted data set according to the third preset prime number, the first preset prime number and the at least one current data, and obtains the first encrypted data set according to the first encrypted data and the third preset prime number Calculated to obtain the second encrypted data.
  • a data set processing method including the following steps: obtaining a candidate data set, the candidate data set includes at least one candidate data, and performing a processing on the at least one candidate data in the candidate data set according to a preset hash function processing to obtain a target candidate data set, the target candidate data set including at least one candidate hash data, grouping the target candidate data set according to a preset rule to obtain a plurality of candidate data groups, and according to the candidate hash data in each candidate data group
  • the data determines the corresponding data group interval points, and generates an ordered data group interval point set according to each data group interval point.
  • determining the corresponding data group interval point according to the candidate hash data in each candidate data group includes: acquiring the current candidate data group, acquiring the current candidate hash data in the current candidate data group, acquiring the previous candidate data group For the target candidate hash data in the data group, calculate the interval point of the current data group according to the current candidate hash data and the target candidate hash data, obtain the next candidate data group, take the next candidate data group as the current candidate data group, and return The step is to obtain the current candidate hash data in the current candidate data group until the data group interval point is obtained.
  • the data set processing method further includes: receiving newly added candidate hash data, inserting the newly added candidate hash data into its corresponding first data group, and determining whether the amount of data in the first data group is If it exceeds the set range, if it is, then re-determine the data group interval points from the first data group, and update the ordered data group interval point set according to each data group interval point.
  • the first data group here refers to the data group into which the newly added candidate hash data needs to be inserted, and the first data group corresponding to the newly added candidate hash data can be determined according to the interval point of each data group, and then the first data group Whether the amount of data in the data exceeds the set range, and if so, then re-determine the data group interval points from the first data group, and update the ordered data group interval point set according to each data group interval point.
  • the data group interval point between the first group and the second group is 293.5
  • the data group interval point between the second group and the third group is 617.5
  • the newly added candidate hash data is 530, then it is determined that the new addition
  • the candidate hash data is that the second group is the first data group, and then it is judged whether the amount of data in the first data group exceeds the set range.
  • Data group interval points update the ordered data group interval point set.
  • steps in the above flow charts are shown in sequence according to the arrows, these steps are not necessarily executed in the sequence shown by the arrows. Unless explicitly stated herein, the execution of these steps is not strictly limited to the order, and the steps may be executed in other orders. Moreover, at least a part of the steps in the above flow chart may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily executed at the same time, but may be executed at different times. The order of execution is also not necessarily sequential, but may be performed alternately or alternately with other steps or at least a portion of sub-steps or stages of other steps.
  • a data query device 700 including: a query request sending module 701, an ordered interval set receiving module 702, a data group serial number determination module 703, an encrypted data calculation module 704, The encrypted data processing module 705 and the query result determination module 706, wherein: the query request sending module 701 is used for sending a data query request to the device to be queried.
  • the ordered interval set receiving module 702 is configured to receive an ordered interval point set, where the ordered interval point set includes the ordered data group interval points corresponding to the candidate data set obtained by the device to be queried according to the data query request.
  • the data group serial number determining module 703 is configured to acquire the data to be queried, and determine the current data group serial number corresponding to the data to be queried according to the data to be queried and the ordered interval point set.
  • the encrypted data calculation module 704 is used to calculate and obtain the first encrypted data according to the first preset prime number, the second preset prime number and the data to be queried, and send the first preset prime number, the first encrypted data and the current data group serial number to the to-be-queried data.
  • the query device so that the device to be queried obtains at least one current data corresponding to the serial number of the current data set, calculates and obtains the first encrypted data set according to the third preset prime number, the first preset prime number and the at least one current data, and obtains the first encrypted data set according to the first encrypted data and the third preset prime number to obtain the second encrypted data.
  • the encrypted data processing module 705 is configured to receive the first encrypted data set and the second encrypted data, and calculate and obtain the second encrypted data set according to the first encrypted data set and the second preset prime number.
  • the query result determination module 706 is configured to determine the query result corresponding to the data to be queried according to the second encrypted data and the second encrypted data set.
  • Each module in the above-mentioned data query device can be implemented in whole or in part by software, hardware and combinations thereof.
  • the above modules can be embedded in or independent of the processor in the computer device in the form of hardware, or stored in the memory in the computer device in the form of software, so that the processor can call and execute the operations corresponding to the above modules.
  • a data query system 800 is provided.
  • the system includes: a query device 801 for acquiring a data query request and sending the data query request to the device to be queried.
  • the device to be queried 802 is configured to obtain the ordered interval point set corresponding to the candidate data set according to the data query request, and return the ordered interval point set to the query device, where the ordered interval point set includes the ordered data corresponding to the candidate data set Group interval points.
  • the query device 801 is further configured to receive the ordered interval point set, obtain the data to be queried, determine the sequence number of the current data group corresponding to the to-be-queried data according to the to-be-queried data and the ordered interval point set, and according to the first preset prime number, the second preset
  • the first encrypted data is obtained by calculating the prime number and the data to be queried, and the first preset prime number, the first encrypted data and the serial number of the current data group are sent to the device to be queried.
  • the device to be queried 802 is further configured to obtain at least one current data corresponding to the serial number of the current data set, calculate and obtain a first encrypted data set according to the third preset prime number, the first preset prime number and the at least one current data, and obtain the first encrypted data set according to the first encrypted data and the third preset prime number to obtain second encrypted data, and return the first encrypted data set and the second encrypted data to the query device.
  • the query device 801 is further configured to receive the first encrypted data set and the second encrypted data, calculate and obtain the second encrypted data set according to the first encrypted data set and the second preset prime number, and obtain the second encrypted data set according to the second encrypted data and the second encrypted data set Determine the query result corresponding to the data to be queried.
  • a computer device may be a query device, the query device may be a server, and an internal structure diagram thereof may be shown in FIG. 5 .
  • the computer device includes a processor, memory, a network interface, and a database connected by a system bus. Among them, the processor of the computer device is used to provide computing and control capabilities.
  • the memory of the computer device includes a non-volatile storage medium, an internal memory.
  • the nonvolatile storage medium stores an operating system, a computer program, and a database.
  • the internal memory provides an environment for the execution of the operating system and computer programs in the non-volatile storage medium.
  • the computer device's database is used to store ordered interval point sets and query results.
  • the network interface of the computer device is used to communicate with an external terminal through a network connection.
  • the computer program when executed by the processor, implements a data query method.
  • FIG. 5 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation on the computer equipment to which the solution of the present application is applied. Include more or fewer components than shown in the figures, or combine certain components, or have a different arrangement of components.

Abstract

The present application relates to a data query method, apparatus and system, and a data set processing method. The data query method comprises: performing calculation to obtain first encrypted data according to a first preset prime number, a second preset prime number and data to be queried, and sending the first preset prime number, the first encrypted data and the current data group sequence number to a device to be queried, so that said device acquires a first encrypted data set and second encrypted data; receiving the first encrypted data set and the second encrypted data, and performing calculation to obtain a second encrypted data set according to the first encrypted data set and the second preset prime number; and determining, according to the second encrypted data and the second encrypted data set, a query result corresponding to the data to be queried.

Description

数据查询方法、装置、系统和数据集处理方法Data query method, device, system and data set processing method
相关申请Related applications
本申请要求2020年11月10日申请的,申请号为202011249438.5,发明名称为“数据查询方法、装置、系统和数据集处理方法”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed on November 10, 2020, the application number is 202011249438.5, and the invention title is "Data query method, device, system and data set processing method", the entire content of which is incorporated herein by reference Applying.
技术领域technical field
本申请涉及计算机技术领域,特别是涉及一种数据查询方法、装置、系统、计算机设备和存储介质,以及数据集处理方法、装置、计算机设备和存储介质。The present application relates to the field of computer technology, and in particular, to a data query method, apparatus, system, computer equipment and storage medium, as well as a data set processing method, apparatus, computer equipment and storage medium.
背景技术Background technique
保护数据集合的隐私性是在很多场景下是自然甚至是必要的需求,比如当集合是某用户的通讯录或是某基因诊断服务用户的基因组,这样的输入就一定要通过密码学的手段进行保护。隐私保护集合交集(Private Set Intersection,PSI)计算技术允许持有各自集合的两方来共同计算两个集合的交集运算。在协议交互的最后,一方或是两方应该得到正确的交集,而且不会得到交集以外另一方集合中的任何信息。Protecting the privacy of data collections is a natural or even necessary requirement in many scenarios. For example, when the collection is the address book of a user or the genome of a genetic diagnosis service user, such input must be performed through cryptographic means. Protect. The Privacy-Preserving Set Intersection (PSI) computing technique allows two parties holding their respective sets to jointly compute the intersection of the two sets. At the end of the protocol interaction, one or both parties should get the correct intersection, and not get any information in the other party's set outside the intersection.
然而,隐私保护集合交集计算技术,需要允许持有各自集合的两方来共同计算两个集合的交集运算,这种方式,在数据查询过程中容易导致数据泄露,无法保证查询数据的隐私性,查询数据不安全。However, the privacy-preserving set intersection computing technology needs to allow two parties holding their respective sets to jointly calculate the intersection operation of the two sets. This method may easily lead to data leakage during the data query process and cannot guarantee the privacy of the query data. Querying data is not secure.
发明内容SUMMARY OF THE INVENTION
根据本申请的各种实施例,提供一种数据查询方法,包括以下步骤:发送数据查询请求至待查询设备;接收有序间隔点集,有序间隔点集包括待查询设备根据数据查询请求获取与候选数据集合对应的有序数据组间隔点;获取待查询数据,根据待查询数据和有序间隔点集确定待查询数据对应的当前数据组序号;根据第一预设质数、第二预设质数和待查询数据计算得到第一加密数据,将第一预设质数、第一加密数据和当前数据组序号发送至待查询设备,以使待查询设备获取当前数据组序号对应的至少一个当前数据,根据第三预设质数、第一预设质数和至少一个当前数据计算得到第一加密数据集,根据第一加密数据和第三预设质数计算得到第二加密数据;接收第一加密数据集和第二加密数据,根据第一加密数据集和第二预设质数计算得到第二加密数据集;根据第二加密数据和第二加密数据集确定待查询数据对应的查询结果。According to various embodiments of the present application, a data query method is provided, comprising the following steps: sending a data query request to a device to be queried; receiving an ordered interval point set, where the ordered interval point set includes the device to be queried obtaining according to the data query request Ordered data group interval points corresponding to the candidate data set; obtain the data to be queried, and determine the current data group serial number corresponding to the to-be-queried data according to the to-be-queried data and the ordered interval point set; according to the first preset prime number, the second preset The prime number and the data to be queried are calculated to obtain the first encrypted data, and the first preset prime number, the first encrypted data and the current data group serial number are sent to the to-be-queried device, so that the to-be-queried device obtains at least one current data corresponding to the current data group serial number , calculate and obtain the first encrypted data set according to the third preset prime number, the first preset prime number and at least one current data, calculate and obtain the second encrypted data according to the first encrypted data and the third preset prime number; receive the first encrypted data set and the second encrypted data, the second encrypted data set is calculated according to the first encrypted data set and the second preset prime number; the query result corresponding to the data to be queried is determined according to the second encrypted data and the second encrypted data set.
根据本申请的另一个方面,提供了一种数据查询装置,该装置包括:查询请求发送模块,用于发送数据查询请求至待查询设备;有序间隔集接收模块,用于接收有序间隔点集,有序间隔点集包括待查询设备根据数据查询请求获取与候选数据集合对应的有序数据组间隔点;数据组序号确定模块,用于获取待查询数据,根据待查询数据和有序间隔点集确定待查询数据对应的当前数据组序号;加密数据计算模块,用于根据第一预设质数、第二预设质数和待查询数据计算得到第一加密数据,将第一预设质数、第一加 密数据和当前数据组序号发送至待查询设备,以使待查询设备获取当前数据组序号对应的至少一个当前数据,根据第三预设质数、第一预设质数和至少一个当前数据计算得到第一加密数据集,根据第一加密数据和第三预设质数计算得到第二加密数据;加密数据处理模块,用于接收第一加密数据集和第二加密数据,根据第一加密数据集和第二预设质数计算得到第二加密数据集;以及查询结果确定模块,用于根据第二加密数据和第二加密数据集确定待查询数据对应的查询结果。According to another aspect of the present application, a data query device is provided, the device includes: a query request sending module, used for sending a data query request to a device to be queried; an ordered interval set receiving module, used for receiving ordered interval points The ordered interval point set includes the ordered data group interval points corresponding to the candidate data set obtained by the device to be queried according to the data query request; the data group serial number determination module is used to obtain the to-be-queried data, according to the to-be-queried data and the ordered interval The point set determines the sequence number of the current data group corresponding to the data to be queried; the encrypted data calculation module is used to calculate and obtain the first encrypted data according to the first preset prime number, the second preset prime number and the data to be queried, and calculate the first preset prime number, The first encrypted data and the sequence number of the current data group are sent to the device to be queried, so that the device to be queried obtains at least one current data corresponding to the sequence number of the current data group, and calculates according to the third preset prime number, the first preset prime number and the at least one current data Obtain the first encrypted data set, and calculate and obtain the second encrypted data according to the first encrypted data and the third preset prime number; the encrypted data processing module is used for receiving the first encrypted data set and the second encrypted data, according to the first encrypted data set and a second preset prime number to obtain a second encrypted data set; and a query result determination module, configured to determine a query result corresponding to the data to be queried according to the second encrypted data and the second encrypted data set.
根据本申请的另一个方面,提供了一种计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,所述处理器执行所述计算机程序时实现以下步骤:发送数据查询请求至待查询设备;接收有序间隔点集,有序间隔点集包括待查询设备根据数据查询请求获取与候选数据集合对应的有序数据组间隔点;获取待查询数据,根据待查询数据和有序间隔点集确定待查询数据对应的当前数据组序号;根据第一预设质数、第二预设质数和待查询数据计算得到第一加密数据,将第一预设质数、第一加密数据和当前数据组序号发送至待查询设备,以使待查询设备获取当前数据组序号对应的至少一个当前数据,根据第三预设质数、第一预设质数和至少一个当前数据计算得到第一加密数据集,根据第一加密数据和第三预设质数计算得到第二加密数据;接收第一加密数据集和第二加密数据,根据第一加密数据集和第二预设质数计算得到第二加密数据集;根据第二加密数据和第二加密数据集确定待查询数据对应的查询结果。According to another aspect of the present application, a computer device is provided, comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implements the following steps when executing the computer program: Send a data query request to the device to be queried; receive an ordered interval point set, where the ordered interval point set includes the device to be queried obtains an ordered data group interval point corresponding to the candidate data set according to the data query request; The query data and the ordered interval point set determine the current data group serial number corresponding to the data to be queried; the first encrypted data is obtained by calculating according to the first preset prime number, the second preset prime number, and the data to be queried, and the first preset prime number, the first An encrypted data and the sequence number of the current data group are sent to the device to be queried, so that the device to be queried obtains at least one current data corresponding to the sequence number of the current data group, and is calculated according to the third preset prime number, the first preset prime number and the at least one current data The first encrypted data set is calculated according to the first encrypted data and the third preset prime number to obtain the second encrypted data; the first encrypted data set and the second encrypted data are received, and calculated according to the first encrypted data set and the second preset prime number. A second encrypted data set; determining a query result corresponding to the data to be queried according to the second encrypted data and the second encrypted data set.
根据本申请的另一个方面,提供了一种计算机可读存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时实现以下步骤:发送数据查询请求至待查询设备;接收有序间隔点集,有序间隔点集包括待查询设备根据数据查询请求获取与候选数据集合对应的有序数据组间隔点;获取待查询数据,根据待查询数据和有序间隔点集确定待查询数据对应的当前数据组序号;根据第一预设质数、第二预设质数和待查询数据计算得到第一加密数据,将第一预设质数、第一加密数据和当前数据组序号发送至待查询设备,以使待查询设备获取当前数据组序号对应的至少一个当前数据,根据第三预设质数、第一预设质数和至少一个当前数据计算得到第一加密数据集,根据第一加密数据和第三预设质数计算得到第二加密数据;接收第一加密数据集和第二加密数据,根据第一加密数据集和第二预设质数计算得到第二加密数据集;根据第二加密数据和第二加密数据集确定待查询数据对应的查询结果。According to another aspect of the present application, a computer-readable storage medium is provided, on which a computer program is stored, and when the computer program is executed by a processor, the following steps are implemented: sending a data query request to a device to be queried; receiving in an orderly manner The interval point set, the ordered interval point set includes that the device to be queried obtains the interval points of the ordered data group corresponding to the candidate data set according to the data query request; obtains the data to be queried, and determines the data to be queried according to the data to be queried and the ordered interval point set The corresponding current data group serial number; the first encrypted data is calculated according to the first preset prime number, the second preset prime number and the data to be queried, and the first preset prime number, the first encrypted data and the current data group serial number are sent to the to-be-queried data device, so that the device to be queried obtains at least one current data corresponding to the serial number of the current data group, calculates and obtains the first encrypted data set according to the third preset prime number, the first preset prime number and the at least one current data, and obtains the first encrypted data set according to the first encrypted data and The third preset prime number is calculated to obtain the second encrypted data; the first encrypted data set and the second encrypted data are received, and the second encrypted data set is obtained by calculating the first encrypted data set and the second preset prime number; according to the second encrypted data and The second encrypted data set determines the query result corresponding to the data to be queried.
根据本申请的另一个方面,提供了一种数据查询系统,该系统包括:查询设备,用于获取数据查询请求,并将数据查询请求发送至待查询设备;以及待查询设备,用于根据数据查询请求获取与候选数据集合对应的有序间隔点集,并将有序间隔点集返回至查询设备,有序间隔点集包括候选数据集合对应的有序数据组间隔点;查询设备,还用于接收有序间隔点集,获取待查询数据,根据待查询数据和有序间隔点集确定待查询数据对应的当前数据组序号,根据第一预设质数、第二预设质数和待查询数据计算得到第一加密数据,将第一预设质数、第一加密数据和当前数据组序号发送至待查询设备;待查询设备,还用于获取当前数据组序号对应的至少一个当前数据,根据第三预设质数、第一预设质数和至少一个当前数据计算得到第一加密数据集,根据第一加密数据和第三预设质数计算得到第二加密数据,并将第一加密数据集和第二加密数据返回至查询设备;查询设备,还用于接收第一加密数据集和第二加密数据,根据第一加密数 据集和第二预设质数计算得到第二加密数据集,根据第二加密数据和第二加密数据集确定待查询数据对应的查询结果。According to another aspect of the present application, a data query system is provided, the system comprising: a query device for acquiring a data query request and sending the data query request to the device to be queried; The query request obtains the ordered interval point set corresponding to the candidate data set, and returns the ordered interval point set to the query device, where the ordered interval point set includes the ordered data group interval points corresponding to the candidate data set; the query device also uses Receiving the ordered interval point set, obtaining the data to be queried, determining the current data group serial number corresponding to the to-be-queried data according to the to-be-queried data and the ordered interval point set, and according to the first preset prime number, the second preset prime number and the to-be-queried data The first encrypted data is obtained by calculation, and the first preset prime number, the first encrypted data and the current data group serial number are sent to the device to be inquired; the device to be inquired is also used to obtain at least one current data corresponding to the current data group serial number, according to the first The first encrypted data set is obtained by calculating the three preset prime numbers, the first preset prime number and at least one current data, the second encrypted data is obtained by calculating the first encrypted data and the third preset prime number, and the first encrypted data set and the third 2. Return the encrypted data to the query device; the query device is further configured to receive the first encrypted data set and the second encrypted data, calculate and obtain the second encrypted data set according to the first encrypted data set and the second preset prime number, and obtain the second encrypted data set according to the second encrypted data set. The data and the second encrypted data set determine a query result corresponding to the data to be queried.
根据本申请的另一个方面,提供了一种数据集处理方法,包括以下步骤:获取候选数据集合,候选数据集合包括至少一个候选数据;根据预设哈希函数对候选数据集合中的至少一个候选数据进行处理,得到目标候选数据集合,目标候选数据集合包括至少一个候选哈希数据;按照预设的规则对目标候选数据集合进行分组,得到多个候选数据组;根据各个候选数据组中的候选哈希数据确定对应的数据组间隔点,根据各个数据组间隔点生成有序数据组间隔点集。According to another aspect of the present application, a data set processing method is provided, comprising the following steps: obtaining a candidate data set, the candidate data set includes at least one candidate data; The data is processed to obtain a target candidate data set, and the target candidate data set includes at least one candidate hash data; the target candidate data set is grouped according to preset rules to obtain a plurality of candidate data groups; The hash data determines the corresponding data group interval points, and generates an ordered data group interval point set according to each data group interval point.
上述数据查询方法、装置、系统、计算机设备和存储介质,以及数据集处理方法、装置、计算机设备和存储介质,查询设备发送数据查询请求至待查询设备,数据查询请求包括待查询数据,接收有序间隔点集,有序间隔点集包括待查询设备根据数据查询请求获取与候选数据集合对应的有序数据组间隔点,根据待查询数据和有序间隔点集确定待查询数据对应的当前数据组序号,根据第一预设质数、第二预设质数和待查询数据计算得到第一加密数据,将第一预设质数、第一加密数据和当前数据组序号发送至待查询设备,以使待查询设备获取当前数据组序号对应的当前数据,根据第三预设质数、第一预设质数和当前数据计算得到第一加密数据集,根据第一加密数据和第三预设质数计算得到第二加密数据,接收第一加密数据集和第二加密数据,根据第一加密数据集和第二预设质数计算得到第二加密数据集,根据第二加密数据和第二加密数据集确定待查询数据对应的查询结果。The above data query method, device, system, computer equipment and storage medium, and data set processing method, device, computer equipment and storage medium, the query device sends a data query request to the device to be queried, and the data query request includes the data to be queried. Sequential interval point set, the ordered interval point set includes the ordered data group interval points corresponding to the candidate data set obtained by the device to be queried according to the data query request, and the current data corresponding to the to-be-queried data is determined according to the to-be-queried data and the ordered interval point set Group serial number, calculate and obtain the first encrypted data according to the first preset prime number, the second preset prime number and the data to be queried, and send the first preset prime number, the first encrypted data and the current data group serial number to the device to be queried, so that the The device to be queried obtains the current data corresponding to the serial number of the current data set, calculates the first encrypted data set according to the third preset prime number, the first preset prime number and the current data, and obtains the first encrypted data set according to the first encrypted data and the third preset prime number. Second encrypted data, receive the first encrypted data set and the second encrypted data, calculate and obtain the second encrypted data set according to the first encrypted data set and the second preset prime number, and determine the to-be-queried data according to the second encrypted data and the second encrypted data set The query result corresponding to the data.
因此,由于待查询设备发送查询设备的有序间隔点集本身不是待查询设备内的候选数据集合,这些有序间隔点集中的有序数据组间隔点本身就是没有意义的,并没有将待查询设备内的候选数据集合发送至查询设备中,避免了待查询设备内的候选数据集合泄露,保证了查询数据的隐私性,而且待查询设备和查询设备发送给对方的数据都是通过保密的大质数进行加密计算得到的,由于自己的数据和指数都是保密的,互相无法反推出对方的真实数据,从而提高查询数据的安全性和隐私性。Therefore, since the ordered interval point set sent by the device to be queried is not a candidate data set in the device to be queried, the interval points of the ordered data groups in these ordered interval point sets are meaningless by themselves, and do not set the interval points to be queried. The candidate data set in the device is sent to the query device, which avoids the leakage of the candidate data set in the device to be queried, and ensures the privacy of the query data, and the data sent by the device to be queried and the query device to the other party are all through the confidential large data. The prime numbers are obtained by encrypted calculation. Since their own data and exponents are kept secret, they cannot deduce each other's real data, thereby improving the security and privacy of query data.
本申请的一个或多个实施例的细节在以下附图和描述中提出,以使本申请的其他特征、目的和优点更加简明易懂。The details of one or more embodiments of the application are set forth in the accompanying drawings and the description below in order to make other features, objects and advantages of the application more apparent.
附图说明Description of drawings
为了更好地描述和说明这里公开的那些发明的实施例和/或示例,可以参考一幅或多幅附图。用于描述附图的附加细节或示例不应当被认为是对所公开的发明、目前描述的实施例和/或示例以及目前理解的这些发明的最佳模式中的任何一者的范围的限制。In order to better describe and illustrate embodiments and/or examples of those inventions disclosed herein, reference may be made to one or more of the accompanying drawings. The additional details or examples used to describe the drawings should not be construed as limiting the scope of any of the disclosed inventions, the presently described embodiments and/or examples, and the best mode presently understood of these inventions.
图1为本申请实施例1的数据查询方法的应用环境图。FIG. 1 is an application environment diagram of the data query method according to Embodiment 1 of the present application.
图2为本申请实施例1的数据查询方法的流程示意图。FIG. 2 is a schematic flowchart of a data query method according to Embodiment 1 of the present application.
图3为本申请实施例1的数据查询装置的结构框图。FIG. 3 is a structural block diagram of a data query apparatus according to Embodiment 1 of the present application.
图4为本申请实施例1的数据查询系统的结构框图。FIG. 4 is a structural block diagram of the data query system according to Embodiment 1 of the present application.
图5为本申请实施例1的计算机设备的结构框图。FIG. 5 is a structural block diagram of a computer device according to Embodiment 1 of the present application.
具体实施方式Detailed ways
为了使本申请的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本申请进行进一步详细说明。应当理解,此处描述的具体实施例仅仅用以解释本申请,并不用于限定本申请。In order to make the purpose, technical solutions and advantages of the present application more clearly understood, the present application will be described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present application, but not to limit the present application.
在本申请中提及“实施例”意味着,结合实施例描述的特定特征、结构或特性可以包含在本申请的至少一个实施例中。在说明书中的各个位置出现该短语并不一定均是指相同的实施例,也不是与其它实施例互斥的独立的或备选的实施例。本领域普通技术人员显式地和隐式地理解的是,本申请所描述的实施例在不冲突的情况下,可以与其它实施例相结合。Reference in this application to an "embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor a separate or alternative embodiment that is mutually exclusive of other embodiments. It is explicitly and implicitly understood by those of ordinary skill in the art that the embodiments described in this application may be combined with other embodiments without conflict.
除非另作定义,本申请所涉及的技术术语或者科学术语应当为本申请所属技术领域内具有一般技能的人士所理解的通常意义。本申请所涉及的“一”、“一个”、“一种”、“该”等类似词语并不表示数量限制,可表示单数或复数。本申请所涉及的术语“包括”、“包含”、“具有”以及它们任何变形,意图在于覆盖不排他的包含;例如包含了一系列步骤或模块(单元)的过程、方法、系统、产品或设备没有限定于已列出的步骤或单元,而是可以还包括没有列出的步骤或单元,或可以还包括对于这些过程、方法、产品或设备固有的其它步骤或单元。本申请所涉及的“连接”、“相连”、“耦接”等类似的词语并非限定于物理的或者机械的连接,而是可以包括电气的连接,不管是直接的还是间接的。本申请所涉及的“多个”是指两个或两个以上。“和/或”描述关联对象的关联关系,表示可以存在三种关系,例如,“A和/或B”可以表示:单独存在A,同时存在A和B,单独存在B这三种情况。字符“/”一般表示前后关联对象是一种“或”的关系。本申请所涉及的术语“第一”、“第二”、“第三”、“第四”等仅仅是区别类似的对象,不代表针对对象的特定排序。Unless otherwise defined, the technical or scientific terms involved in this application shall have the usual meanings understood by those with ordinary skill in the technical field to which this application belongs. Words such as "a", "an", "an", "the" and the like mentioned in this application do not denote a quantitative limitation, and may denote the singular or the plural. The terms "comprising", "comprising", "having" and any of their variants referred to in this application are intended to cover non-exclusive inclusion; for example, a process, method, system, product or process comprising a series of steps or modules (units) The apparatus is not limited to the steps or units listed, but may further include steps or units not listed, or may further include other steps or units inherent to the process, method, product or apparatus. Words like "connected," "connected," "coupled," and the like referred to in this application are not limited to physical or mechanical connections, but may include electrical connections, whether direct or indirect. The "plurality" referred to in this application refers to two or more. "And/or" describes the association relationship between associated objects, indicating that there can be three kinds of relationships. For example, "A and/or B" can mean that A exists alone, A and B exist at the same time, and B exists alone. The character "/" generally indicates that the associated objects are an "or" relationship. The terms "first", "second", "third", "fourth", etc. involved in this application are only to distinguish similar objects, and do not represent a specific order for the objects.
图1为一个实施例中数据查询方法的应用环境图。参照图1,该数据查询方法应用于数据查询系统。该数据查询系统包括查询设备101和待查询设备102。查询设备101和待查询设备102通过网络连接。查询设备101具体可以是台式终端或移动终端或查询待查询设备,移动终端具体可以手机、平板电脑、笔记本电脑等中的至少一种。待查询设备102可以用独立的服务器或者是多个服务器组成的服务器集群来实现。FIG. 1 is an application environment diagram of a data query method in one embodiment. Referring to FIG. 1, the data query method is applied to a data query system. The data query system includes a query device 101 and a device to be queried 102 . The inquiring device 101 and the device to be inquired 102 are connected through a network. The query device 101 may specifically be a desktop terminal or a mobile terminal or a device to be queried, and the mobile terminal may specifically be at least one of a mobile phone, a tablet computer, a notebook computer, and the like. The device 102 to be queried can be implemented by an independent server or a server cluster composed of multiple servers.
具体地,查询设备101获取数据查询请求至待查询设备102,待查询设备102接收到数据查询请求后,根据数据查询请求获取与候选数据集合对应的有序间隔点集,并将有序间隔点集返回至查询设备101,有序间隔点集包括候选数据集合对应的有序数据组间隔点,查询设备101接收有序间隔点集,获取待查询数据,根据待查询数据和有序间隔点集确定待查询数据对应的当前数据组序号,根据第一预设质数、第二预设质数和待查询数据计算得到第一加密数据,将第一预设质数、第一加密数据和当前数据组序号发送至待查询设备102,待查询设备102获取当前数据组序号对应的至少一个当前数据,根据第三预设质数、第一预设质数和至少一个当前数据计算得到第一加密数据集,根据第一加密数据和第三预设质数计算得到第二加密数据,并将第一加密数据集和第二加密数据返回至查询设备101。进一步地,查询设备101接收第一加密数据集和第二加密数据,根据第一加密数据集和第二预设质数计算得到第二加密数据集,根据第 二加密数据和第二加密数据集确定待查询数据对应的查询结果。Specifically, the query device 101 obtains the data query request to the device to be queried 102, and after the query device 102 receives the data query request, obtains the ordered interval point set corresponding to the candidate data set according to the data query request, and assigns the ordered interval point The set is returned to the query device 101, and the ordered interval point set includes the ordered data group interval points corresponding to the candidate data set. The query device 101 receives the ordered interval point set, obtains the data to be queried, and according to the Determine the current data group serial number corresponding to the data to be queried, calculate and obtain the first encrypted data according to the first preset prime number, the second preset prime number and the data to be queried, and combine the first preset prime number, the first encrypted data and the current data group serial number Send to the device 102 to be queried, and the device 102 to be queried obtains at least one current data corresponding to the serial number of the current data group, and obtains the first encrypted data set according to the third preset prime number, the first preset prime number, and at least one current data set, according to the first encrypted data set. An encrypted data and a third preset prime number are calculated to obtain second encrypted data, and the first encrypted data set and the second encrypted data are returned to the query device 101 . Further, the query device 101 receives the first encrypted data set and the second encrypted data, calculates and obtains the second encrypted data set according to the first encrypted data set and the second preset prime number, and determines according to the second encrypted data and the second encrypted data set. The query result corresponding to the data to be queried.
在一个实施例中,提供了一种数据查询方法,以该方法应用于图1中的查询设备为例进行说明,包括以下步骤:In one embodiment, a data query method is provided, and the method is applied to the query device in FIG. 1 as an example for description, including the following steps:
步骤201:发送数据查询请求至待查询设备。Step 201: Send a data query request to the device to be queried.
其中,查询设备可以是数据查询方所在的设备,可以是但不限于查询终端或查询待查询设备,而这里的待查询设备可以是数据用户方所在的待查询设备,存储候选数据集合,候选数据集合包括至少一个候选数据,对候选数据集合进行处理,得到目标候选数据集合,对目标候选数据集合进行分组,得到多个候选数据组,根据各个候选数据组中的数据确定对应的数据组间隔点,对这些数据组间隔点进行排序,得到有序数据组间隔点集。The inquiring device may be the device where the data inquirer is located, and may be, but is not limited to, an inquiring terminal or a device to be inquired, and the device to be inquired here may be the device to be inquired where the data user is located, storing the candidate data set, the candidate data The set includes at least one candidate data set, the candidate data set is processed to obtain a target candidate data set, the target candidate data set is grouped to obtain a plurality of candidate data sets, and the corresponding data set interval points are determined according to the data in each candidate data set , sort these data group interval points to obtain an ordered data group interval point set.
其中,这里的数据查询请求是用来请求待查询设备进行数据查询的,数据查询请求可以在查询设备上进行操作触发生成的,具体可以是,在查询设备上设有相关查询应用,在查询应用相关界面设有查询按钮,对查询按钮进行操作,触发生成数据查询请求,其中,操作包括但不限于点击操作、语音操作或者定时事件触发操作。The data query request here is used to request the device to be queried to perform data query. The data query request can be triggered and generated by an operation on the query device. Specifically, the query device is provided with a related query application, and the query application The relevant interface is provided with a query button, and the operation of the query button triggers the generation of a data query request, wherein the operation includes but is not limited to a click operation, a voice operation or an operation triggered by a timed event.
步骤202:接收有序间隔点集,有序间隔点集包括待查询设备根据数据查询请求获取与候选数据集合对应的有序数据组间隔点。Step 202: Receive an ordered interval point set, where the ordered interval point set includes the ordered data group interval points corresponding to the candidate data set obtained by the device to be queried according to the data query request.
其中,这里的有序间隔点集是指存在一定顺序的数据组间隔点组成的集合,而数据组间隔点是指候选数据集合对应的候选数据组之间的间隔值,而待查询设备上预先存储候选数据集合,候选数据集合包括至少一个候选数据,对候选数据集合进行处理,得到目标候选数据集合,对目标候选数据集合进行分组,得到多个候选数据组,根据各个候选数据组中的数据确定对应的数据组间隔点,对这些数据组间隔点进行排序,得到有序数据组间隔点集。Among them, the ordered interval point set here refers to a set consisting of data group interval points in a certain order, and the data group interval point refers to the interval value between the candidate data groups corresponding to the candidate data set, and the pre-set on the device to be queried Store a candidate data set, the candidate data set includes at least one candidate data, process the candidate data set to obtain a target candidate data set, group the target candidate data set, and obtain a plurality of candidate data sets, according to the data in each candidate data set Corresponding data group interval points are determined, and these data group interval points are sorted to obtain an ordered data group interval point set.
其中,根据各个候选数据组中的数据确定对应的数据组间隔点的确定方式可自定义,自定义可以是获取当前候选数据组,获取当前候选数据组对应的当前候选数据,获取上一个候选数据组对应的目标候选数据,根据当前候选数据与目标候选数据计算得到当前数据组间隔点,获取下一个候选数据组,将下一个候选数据组作为当前候选数据组,返回步骤获取当前候选数据组对应的当前候选数据,直至得到各个数据组间隔点。Among them, the method of determining the corresponding data group interval point according to the data in each candidate data group can be customized, and the customization can be to obtain the current candidate data group, obtain the current candidate data corresponding to the current candidate data group, and obtain the previous candidate data. The target candidate data corresponding to the group, calculate the interval point of the current data group according to the current candidate data and the target candidate data, obtain the next candidate data group, take the next candidate data group as the current candidate data group, and return to the step to obtain the corresponding data group of the current candidate data group the current candidate data until the interval points of each data group are obtained.
其中,当前候选数据可以是当前候选数据组中的首位候选数据,目标候选数据可以是上一个候选数据组中的末位候选数据,具体可以是待查询设备获取当前候选数据组,获取当前候选数据组中的首位候选数据,获取上一个候选数据组中的末位候选数据,根据首位候选数据和末位候选数据计算得到当前数据组间隔点,获取下一个候选数据组,将下一个候选数据组作为当前候选数据组,返回步骤获取当前候选数据组中的首位候选数据,直至得到数据组间隔点。The current candidate data may be the first candidate data in the current candidate data group, and the target candidate data may be the last candidate data in the previous candidate data group. Specifically, the device to be queried may obtain the current candidate data group and obtain the current candidate data. The first candidate data in the group, obtain the last candidate data in the previous candidate data group, calculate the interval point of the current data group according to the first candidate data and the last candidate data, obtain the next candidate data group, and put the next candidate data group As the current candidate data group, the return step obtains the first candidate data in the current candidate data group until the data group interval point is obtained.
例如,当前候选数据组为:[317、553],上一个候选数据组为:[55、270],当前候选数据为当前候选数据组中的首位候选数据为:317,目标候选数据为上一个候选数据组中的末位候选数据:270,则当前候选数据组间隔点可以是根据首位候选数据和末位候选数据计算得到当前数据组间隔点:(270+317) /2=293.5。For example, the current candidate data group is: [317, 553], the previous candidate data group is: [55, 270], the current candidate data is the first candidate data in the current candidate data group: 317, the target candidate data is the previous one The last candidate data in the candidate data group: 270, then the current candidate data group interval point can be calculated according to the first candidate data and the last candidate data to obtain the current data group interval point: (270+317)/2=293.5.
在另一个实施例中,数据组间隔点的确定方式自定义还可以是,获取当前候选数据组,获取当前候选数据组对应的当前候选数据,获取上一个候选数据组对应的目标候选数据,可以随机从当前候选数据和目标候选数据之间任意选取一个数字确定为当前数据组间隔点,获取下一个候选数据组,将下一个候选数据组作为当前候选数据组,返回步骤获取当前候选数据组对应的当前候选数据,直至得到各个数据组间隔点。In another embodiment, the method of determining the interval point of the data group can also be customized by obtaining the current candidate data group, obtaining the current candidate data corresponding to the current candidate data group, and obtaining the target candidate data corresponding to the previous candidate data group. Randomly select a number between the current candidate data and the target candidate data to determine the interval point of the current data group, obtain the next candidate data group, take the next candidate data group as the current candidate data group, and return to the step to obtain the corresponding data group of the current candidate data group the current candidate data until the interval points of each data group are obtained.
其中,当前候选数据可以是当前候选数据组中的首位候选数据,目标候选数据可以是上一个候选数据组中的末位候选数据,具体可以是待查询设备获取当前候选数据组,获取当前候选数据组中的首位候选数据,获取上一个候选数据组中的末位候选数据,随机从首位候选数据和末位候选数据之间任意选取一个数字确定为当前数据组间隔点,获取下一个候选数据组,将下一个候选数据组作为当前候选数据组,返回步骤获取当前候选数据组对应的当前候选数据,直至得到各个数据组间隔点。The current candidate data may be the first candidate data in the current candidate data group, and the target candidate data may be the last candidate data in the previous candidate data group. Specifically, the device to be queried may obtain the current candidate data group and obtain the current candidate data. The first candidate data in the group, obtain the last candidate data in the previous candidate data group, randomly select a number between the first candidate data and the last candidate data to determine the interval point of the current data group, and obtain the next candidate data group , taking the next candidate data group as the current candidate data group, and returning to the step to obtain the current candidate data corresponding to the current candidate data group until the interval points of each data group are obtained.
例如,当前候选数据组为:[317、553],上一个候选数据组为:[55、270],当前候选数据为当前候选数据组中的首位候选数据为:317,目标候选数据为上一个候选数据组中的末位候选数据:270,则当前候选数据组间隔点可以是随机从首位候选数据和末位候选数据之间任意选取的一个数字,例如,可以选取300为当前候选数据组间隔点。For example, the current candidate data group is: [317, 553], the previous candidate data group is: [55, 270], the current candidate data is the first candidate data in the current candidate data group: 317, the target candidate data is the previous one The last candidate data in the candidate data group: 270, then the current candidate data group interval point can be a number randomly selected from the first candidate data and the last candidate data, for example, 300 can be selected as the current candidate data group interval point.
例如,候选数据集合中的所有候选数据都通过相同的hash(哈希)函数通过以下公式处理得到目标候选数据,由目标候选数据组成目标候选数据集合:For example, all candidate data in the candidate data set are processed by the same hash function to obtain the target candidate data by the following formula, and the target candidate data set is composed of the target candidate data:
Figure PCTCN2020140634-appb-000001
Figure PCTCN2020140634-appb-000001
然后,将目标候选数据按照一定的顺序进行排序,其中,一定的顺序可以是升序,也可以是降序,按照每组固定的大小的方式进行分组,得到多个候选数据组,其中,固定的大小可以根据业务需求、产品需求或者实际应用场景进行预先确定得到,其中,在另一个实施例中,在将目标候选数据按照一定的顺序进行排序后,还可以按照每组不同的大小的方式进行分组,即可以按照每组非固定的大小的方式进行分组,每个候选数据组对应的分组大小可以根据业务需求、产品需求以及实际应用场景具体确定得到,其中,在又一个实施例中,各个候选数据组对应的分组大小有些可以相同,有些可以不同,具体可以根据实际情况确定得到。Then, sort the target candidate data according to a certain order, where the certain order can be ascending or descending, and group them according to the fixed size of each group to obtain multiple candidate data groups, wherein the fixed size It can be pre-determined according to business requirements, product requirements or actual application scenarios, wherein, in another embodiment, after sorting the target candidate data in a certain order, it can also be grouped according to different sizes of each group. , that is, the groups can be grouped according to the non-fixed size of each group, and the group size corresponding to each candidate data group can be determined according to business requirements, product requirements and actual application scenarios. Some of the group sizes corresponding to the data groups may be the same, and some may be different, which can be determined according to the actual situation.
进一步地,再根据各个候选数据组中的目标候选数据计算得到数据组间隔点,对这些数据组间隔点进行排序,从而得到有序数据组间隔点。具体地,当查询设备发送数据查询请求至待查询设备时,待查询设备根据数据查询请求获取有序间隔点集合,并将获取到的有序间隔点集合返回至查询设备。Further, data group interval points are obtained by calculation according to the target candidate data in each candidate data group, and these data group interval points are sorted to obtain ordered data group interval points. Specifically, when the query device sends a data query request to the device to be queried, the device to be queried obtains an ordered set of interval points according to the data query request, and returns the obtained set of ordered interval points to the query device.
步骤203:获取待查询数据,根据待查询数据和有序间隔点集确定待查询数据对应的当前数据组序号。Step 203: Acquire the data to be queried, and determine the sequence number of the current data group corresponding to the data to be queried according to the data to be queried and the ordered interval point set.
其中,待查询数据是等待进行查询的数据。其中,待查询数据可以是经过hash(哈希)函数处理后的数据,待查询数据可以从本地数据库中调用得到,也可以通过其他设备获取得到,具体可以根据业务需求、实际应用场景、产品需求确定得到。而这里的当前数据组序号是待查询数据所在的数据组对应的序 号,具体地,在接收到有序间隔点集后,可以根据待查询数据和有序间隔点集确定待查询数据对应的当前数据组序号,具体可以是,根据待查询数据从有序间隔点集中获取对应的相邻的两个目标间隔点,再根据两个目标间隔点确定待查询数据对应的当前数据组序号。其中,若待查询数据与相邻的两个目标间隔点中的一个相等,或者待查询数据只有一个相邻间隔点,则说明待查询数据不在候选数据集合中,结束数据查询。The data to be queried is data waiting to be queried. Among them, the data to be queried can be the data processed by a hash function, and the data to be queried can be obtained by calling from a local database or obtained through other devices. Specifically, it can be based on business requirements, actual application scenarios, and product requirements. Sure get it. The sequence number of the current data group here is the sequence number corresponding to the data group where the data to be queried is located. The sequence number of the data group can be specifically obtained by obtaining two adjacent target interval points from the ordered interval point set according to the data to be queried, and then determining the current data group sequence number corresponding to the data to be queried according to the two target interval points. Wherein, if the data to be queried is equal to one of two adjacent target interval points, or the data to be queried has only one adjacent interval point, it means that the data to be queried is not in the candidate data set, and the data query is ended.
例如,候选数据集合进行hash函数处理得到的目标候选数据集合为:55、270、317、553、682、847,对目标候选数据集合进行分组,得到:[55、270]、[317、553]、[682、847],有序间隔点集为:第一组和第二组之间的数据组间隔点为293.5、第二组和第三组之间的数据组间隔点为617.5,若待查询数据进行hash函数处理后为583,由于待查询数据位于293.5和617.5之间,因此,可以确定待查询数据对应的当前数据组序号为2,即待查询数据如果要插入候选数据集合中,则需要插入第二组中。其中,第一组和第二组之间的数据组间隔点可以根据第一组的末位目标候选数据和第二组的首位目标候选数据进行计算得到的,例如,第一组的末位目标候选数据为270,第二组的首位目标候选数据为317,第一组和第二组之间的数据组间隔点可以为:(270+317)/2=293.5。同样地,第二组和第三组之间的数据组间隔点可以根据第二组的末位目标候选数据和第三组的首位目标候选数据进行计算得到的,例如,第二组的末位目标候选数据为553,第三组的首位目标候选数据为682,第二组和第三组之间的数据组间隔点可以为:(553+682)/2=617.5。For example, the target candidate data set obtained by hash function processing on the candidate data set is: 55, 270, 317, 553, 682, 847, and the target candidate data set is grouped to obtain: [55, 270], [317, 553] , [682, 847], the ordered interval point set is: the data group interval point between the first group and the second group is 293.5, and the data group interval point between the second group and the third group is 617.5. After the query data is processed by the hash function, it is 583. Since the data to be queried is between 293.5 and 617.5, it can be determined that the current data group serial number corresponding to the data to be queried is 2, that is, if the data to be queried is to be inserted into the candidate data set, then Need to be inserted into the second group. Wherein, the data group interval point between the first group and the second group can be calculated according to the last target candidate data of the first group and the first target candidate data of the second group, for example, the last target of the first group The candidate data is 270, the first target candidate data of the second group is 317, and the data group interval point between the first group and the second group may be: (270+317)/2=293.5. Similarly, the data group interval point between the second group and the third group can be calculated according to the last target candidate data of the second group and the first target candidate data of the third group, for example, the last position of the second group The target candidate data is 553, the first target candidate data of the third group is 682, and the data group interval point between the second group and the third group may be: (553+682)/2=617.5.
步骤204:根据第一预设质数、第二预设质数和待查询数据计算得到第一加密数据,将第一预设质数、第一加密数据和当前数据组序号发送至待查询设备,以使待查询设备获取当前数据组序号对应的至少一个当前数据,根据第三预设质数、第一预设质数和至少一个当前数据计算得到第一加密数据集,根据第一加密数据和第三预设质数计算得到第二加密数据。Step 204: Calculate and obtain the first encrypted data according to the first preset prime number, the second preset prime number and the data to be queried, and send the first preset prime number, the first encrypted data and the serial number of the current data group to the device to be queried, so that the The device to be queried obtains at least one current data corresponding to the serial number of the current data set, calculates and obtains the first encrypted data set according to the third preset prime number, the first preset prime number and the at least one current data, and obtains the first encrypted data set according to the first encrypted data and the third preset prime number. The prime number calculation obtains the second encrypted data.
其中,第一预设质数、第二预设质数都是随机生成的足够大的质数,基于离散对数难解性保证无法根据加密后的数据逆推出原数据,由于加密算法的特殊性,可以保证多次加密的数据的结果与加密的顺序无关。随机生成质数时,先随机选择一个给定位数的奇数,然后用质数判别法判断其是否为质数。如果不是,则重新选择。但是,根据质数定理,给定一个数x,小于x的质数个数约为x/lnx,也就是说,给定一个数,其为质数的概率约为1/lnx。就算给定的数是个奇数,其概率也只能上升到2/lnx。如果质数要求是2048位,那么随机取一个奇数,其能通过质数检验的概率约为2/2048*log(e)=0.22%。也就是说,大约要选500次才能有一次通过质数判断,如果位数大,选取的次数就要增加,效率就低。本申请实施例中随机生成的质数均优选为2048位,超过2048位,计算效率下降,不足2048位,安全性得不到满足,在之前密码学中都是用的1024位,但是已出现通过算力穷举被攻击的情况,位数长需要的算力就大,目前在重要场合一般使用2048位。Among them, the first preset prime number and the second preset prime number are both randomly generated prime numbers that are large enough. Based on the discrete logarithm intractability guarantee, the original data cannot be inversely deduced from the encrypted data. Due to the particularity of the encryption algorithm, it can be The result of data encrypted multiple times is guaranteed to be independent of the order of encryption. When generating a prime number randomly, first randomly select an odd number with a given number of bits, and then use the prime number discrimination method to determine whether it is a prime number. If not, reselect. However, according to the prime number theorem, given a number x, the number of prime numbers less than x is about x/lnx, that is, given a number, the probability of it being a prime number is about 1/lnx. Even if the given number is odd, its probability can only go up to 2/lnx. If the prime number requirement is 2048 bits, then an odd number is randomly selected, and the probability that it can pass the prime number test is about 2/2048*log(e)=0.22%. That is to say, it takes about 500 selections to pass the prime number judgment once. If the number of digits is large, the number of selections will increase, and the efficiency will be low. The randomly generated prime numbers in the embodiments of the present application are all preferably 2048 bits, more than 2048 bits, the computational efficiency is reduced, and less than 2048 bits, the security cannot be satisfied. When the computing power is exhausted, the computing power required for the number of digits is large. At present, 2048 bits are generally used in important occasions.
具体地,查询设备随机生成两个质数,分别作为第一预设质数和第二预设质数,根据第一预设质数、第二预设质数和待查询数据计算得到第一加密数据,其中,计算方式可以是,将第一预设质数作为第一次加密的模,将第二预设质数作为待查询数据的指数,对待查询数据进行第一次加密计算,其中,第一 次加密计算可以是模指数计算,从而得到第一加密数据。Specifically, the query device randomly generates two prime numbers as the first preset prime number and the second preset prime number, respectively, and obtains the first encrypted data according to the first preset prime number, the second preset prime number and the data to be queried, wherein, The calculation method may be, using the first preset prime number as the modulus of the first encryption, using the second preset prime number as the index of the data to be queried, and performing the first encryption calculation on the data to be queried, wherein the first encryption calculation may be: is the modulo exponent calculation, thereby obtaining the first encrypted data.
例如,随机生成2048位第一预设质数N和第二预设质数P,并将第一预设质数N作为加密的模,将第二预设质数P作为待查询数据B的指数,对待查询数据B进行模指数计算,得到第一加密数据Bp,具体可以以以下公式所示:For example, a 2048-bit first preset prime number N and a second preset prime number P are randomly generated, the first preset prime number N is used as the modulus of encryption, and the second preset prime number P is used as the index of the data B to be queried. The modulus index calculation is performed on the data B to obtain the first encrypted data Bp, which can be specifically shown in the following formula:
B P=B PmodN B P = B P modN
进一步地,查询设备将第一预设质数、第一加密数据和当前组序号一起发送至待查询设备,待查询设备接收到第一预设质数、第一加密数据和当前组序号后,随机生成第三预设质数,第三预设质数可以是2048位的质数,同时根据当前组序号获取对应的至少一个当前数据,这里的当前数据可以是指当前组序号内的数据元素,当前数据可以是当前组序号内的所有数据,也可以是当前组序号内的目标数据,目标数据的数量可以根据业务需求、实际应用情况确定得到,其中,候选数据集合经过处理后得到目标候选数据集合,并对目标候选数据集合进行分组,得到多个候选数据组,各个候选数据组内都包括相应的目标候选数据和相应的组序号,因此,可将当前组序号内的所有目标候选数据都可作为当前数据。其次,可将第三预设质数作为当前数据的指数,将第一预设质数作为第二次加密的模,对当前数据进行第二次加密,第二次加密可以是模指数计算,从而得到第一加密数据集。Further, the inquiring device sends the first preset prime number, the first encrypted data and the current group serial number to the device to be inquired together, and after the inquiring device receives the first preset prime number, the first encrypted data and the current group serial number, it randomly generates The third preset prime number, the third preset prime number can be a 2048-bit prime number, and at least one corresponding current data is obtained according to the current group serial number, where the current data can refer to the data elements in the current group serial number, and the current data can be All the data in the current group serial number can also be the target data in the current group serial number. The quantity of target data can be determined according to business requirements and actual application conditions. The candidate data set is processed to obtain the target candidate data set, and the The target candidate data sets are grouped to obtain multiple candidate data groups. Each candidate data group includes the corresponding target candidate data and the corresponding group serial number. Therefore, all target candidate data in the current group serial number can be used as the current data. . Secondly, the third preset prime number can be used as the exponent of the current data, the first preset prime number can be used as the modulus of the second encryption, and the current data can be encrypted for the second time. The first encrypted dataset.
例如,当前组序号为i,随机生成2048位的第三预设质数Q,将第三预设质数Q作为当前数据A i的指数,将第一预设质数N作为第二次加密的模,对当前数据A i进行模指数计算,得到第一加密数据集,具体可以以以下公式所示: For example, if the current group serial number is i, a 2048-bit third preset prime number Q is randomly generated, the third preset prime number Q is used as the exponent of the current data A i , and the first preset prime number N is used as the modulus of the second encryption, The modulus index calculation is performed on the current data A i to obtain the first encrypted data set, which can be specifically shown in the following formula:
Figure PCTCN2020140634-appb-000002
Figure PCTCN2020140634-appb-000002
进一步地,待查询设备接收到第一预设质数、第一加密数据和当前组序号后,还可以将第三预设质数作为第一加密数据的指数,对第一加密数据进行第三次加密计算,第三次加密计算可以是模指数计算,得到第二加密数据。Further, after the inquiring device receives the first preset prime number, the first encrypted data and the current group serial number, the third preset prime number can also be used as the index of the first encrypted data, and the first encrypted data can be encrypted for the third time. Calculation, the third encryption calculation may be modulo exponential calculation to obtain the second encrypted data.
例如,随机生成2048位第一预设质数N和第二预设质数P,并将第一预设质数N作为加密的模,将第二预设质数P作为待查询数据B的指数,对带查询数据B进行模指数计算,得到第一加密数据Bp,具体可以以以下公式所示:For example, a 2048-bit first preset prime number N and a second preset prime number P are randomly generated, the first preset prime number N is used as the modulus of encryption, and the second preset prime number P is used as the exponent of the data B to be queried. Query the data B to perform modulus index calculation to obtain the first encrypted data Bp, which can be specifically shown in the following formula:
B P=B PmodN B P = B P modN
再随机生成2048位的第三预设质数Q,将第三预设质数Q作为第一加密数据的指数,对第一加密数据进行模指数计算,得到第二加密数据,具体可以以以下公式所示:Then randomly generate a 2048-bit third preset prime number Q, use the third preset prime number Q as the index of the first encrypted data, and perform a modulus exponent calculation on the first encrypted data to obtain the second encrypted data. Specifically, the following formula can be used: Show:
B PQ=(B P) QmodN=B PQmodN B PQ =(B P ) Q modN=B PQ modN
其中,待查询设备计算得到第一加密数据集和第二加密数据后,需要将第一加密数据集和第二加密数据返回至查询设备。Wherein, after the device to be inquired obtains the first encrypted data set and the second encrypted data by calculation, the first encrypted data set and the second encrypted data need to be returned to the inquiring device.
其中,待查询设备可以先根据第一加密数据和第三预设质数计算得到第二加密数据后,再根据第三预设质数、第一预设质数和至少一个当前数据计算得到第一加密数据集,这两个步骤之间不分顺序,可以相互交换。The device to be queried can first obtain the second encrypted data according to the first encrypted data and the third preset prime number, and then calculate and obtain the first encrypted data according to the third preset prime number, the first preset prime number and at least one current data. Set, the two steps are in no order and can be interchanged.
步骤205:接收第一加密数据集和第二加密数据,根据第一加密数据集和第二预设质数计算得到第二加密数据集。Step 205: Receive the first encrypted data set and the second encrypted data, and calculate and obtain the second encrypted data set according to the first encrypted data set and the second preset prime number.
其中,查询设备在接收到待查询设备返回的第一加密数据集和第二加密数据后,可以再对第一加密数据集进行加密,得到第二加密数据集,其中,加密过程可以是根据第一加密数据集和第二预设指数进行加密计算得到第二加密数据集。具体可以是,将第二预设指数作为第一加密数据集的指数,对第一加密数据集进行第四次加密,第四次加密可以是模指数计算,得到第二加密数据集。Wherein, after receiving the first encrypted data set and the second encrypted data returned by the device to be queried, the querying device may encrypt the first encrypted data set to obtain the second encrypted data set, wherein the encryption process may be based on the first encrypted data set. An encrypted data set and a second preset index are encrypted and calculated to obtain a second encrypted data set. Specifically, the second preset index is used as the index of the first encrypted data set, and the first encrypted data set is encrypted for the fourth time, and the fourth encryption can be modulo index calculation to obtain the second encrypted data set.
例如,当前组序号为i,随机生成2048位的第三预设质数Q,将第三预设质数Q作为当前数据A i的指数,将第一预设质数N作为第二次加密的模,对当前数据A i进行模指数计算,得到第一加密数据集
Figure PCTCN2020140634-appb-000003
具体可以以以下公式所示: For example, if the current group serial number is i, a 2048-bit third preset prime number Q is randomly generated, the third preset prime number Q is used as the exponent of the current data A i , and the first preset prime number N is used as the modulus of the second encryption, Perform modulo index calculation on the current data A i to obtain the first encrypted data set
Figure PCTCN2020140634-appb-000003
Specifically, it can be shown in the following formula:
Figure PCTCN2020140634-appb-000004
Figure PCTCN2020140634-appb-000004
查询设备接收到待查询设备发送的第一加密数据集
Figure PCTCN2020140634-appb-000005
对第二次加密数据
Figure PCTCN2020140634-appb-000006
进行再次加密计算,将第二预设质数P作为第一加密数据集
Figure PCTCN2020140634-appb-000007
的指数,对第一加密数据集
Figure PCTCN2020140634-appb-000008
进行模指数计算,得到第二加密数据集
Figure PCTCN2020140634-appb-000009
具体可以以以下公式所示: The inquiring device receives the first encrypted data set sent by the device to be inquired
Figure PCTCN2020140634-appb-000005
Encrypt data for the second time
Figure PCTCN2020140634-appb-000006
Perform another encryption calculation, and use the second preset prime number P as the first encrypted data set
Figure PCTCN2020140634-appb-000007
The exponent of the first encrypted dataset
Figure PCTCN2020140634-appb-000008
Perform the modulus index calculation to obtain the second encrypted data set
Figure PCTCN2020140634-appb-000009
Specifically, it can be shown in the following formula:
Figure PCTCN2020140634-appb-000010
Figure PCTCN2020140634-appb-000010
步骤206:根据第二加密数据和第二加密数据集确定待查询数据对应的查询结果。Step 206: Determine a query result corresponding to the data to be queried according to the second encrypted data and the second encrypted data set.
其中,查询设备在得到第二加密数据和第二加密数据集后,可以根据第二加密数据和第二加密数据集确定待查询数据对应的查询结果,具体可以是,比较第二加密数据和第二加密数据集是否匹配,其中,若第二加密数据和第二加密数据集匹配,则确定待查询数据对应的查询结果为第一查询结果,第一查询结果说明待查询数据在候选数据集合中,若第二加密数据和第二加密数据集不匹配时,则确定待查询数据对应的查询结果为第二查询结果,第二查询结果说明待查询数据不在候选数据集合中。其中,第二加密数据和第二加密数据集是否匹配可以是,比较第二加密数据和第二加密数据集是否相同,或者比较第二加密数据和第二加密数据集是否相等。Wherein, after obtaining the second encrypted data and the second encrypted data set, the query device can determine the query result corresponding to the data to be queried according to the second encrypted data and the second encrypted data set, and specifically, compare the second encrypted data with the second encrypted data set. 2. Whether the encrypted data set matches, wherein if the second encrypted data matches the second encrypted data set, the query result corresponding to the data to be queried is determined to be the first query result, and the first query result indicates that the data to be queried is in the candidate data set , if the second encrypted data does not match the second encrypted data set, the query result corresponding to the data to be queried is determined to be the second query result, and the second query result indicates that the data to be queried is not in the candidate data set. Wherein, whether the second encrypted data matches the second encrypted data set may be comparing whether the second encrypted data and the second encrypted data set are the same, or comparing whether the second encrypted data and the second encrypted data set are equal.
其中,由于待查询设备发送查询设备的有序间隔点集本身不是待查询设备内的候选数据集合,同时由于hash函数的特性,这些有序间隔点集中的有序数据组间隔点本身就是没有意义的,并没有将待查询设备内的候选数据集合发送至查询设备中,避免了待查询设备内的候选数据集合泄露,保证了查询数据的隐私性,而且待查询设备和查询设备发送给对方的数据都是通过保密的大质数进行加密计算得到的,由于自己的数据和指数都是保密的,互相无法反推出对方的真实数据,从而提高查询数据的安全性和隐私性。Among them, because the ordered interval point set sent by the device to be queried is not a candidate data set in the device to be queried, and because of the characteristics of the hash function, the interval points of the ordered data groups in these ordered interval point sets are meaningless by themselves. It does not send the candidate data set in the device to be queried to the query device, which avoids the leakage of the candidate data set in the device to be queried, and ensures the privacy of the query data. The data is obtained by encrypting and calculating the large prime numbers that are kept secret. Since their own data and indices are kept secret, they cannot deduce each other's real data, thereby improving the security and privacy of the query data.
上述数据查询方法中,查询设备发送数据查询请求至待查询设备,接收有序间隔点集,有序间隔点集包括待查询设备根据数据查询请求获取与候选数据集合对应的有序数据组间隔点,获取待查询数据,根据待查询数据和有序间隔点集确定待查询数据对应的当前数据组序号,根据第一预设质数、第二预设质数和待查询数据计算得到第一加密数据,将第一预设质数、第一加密数据和当前数据组序号发送至待查询设备,以使待查询设备获取当前数据组序号对应的至少一个当前数据,根据第三预设质数、第一预设质数和至少一个当前数据计算得到第一加密数据集,根据第一加密数据和第三预设质数计算得到第二加密数 据,接收第一加密数据集和第二加密数据,根据第一加密数据集和第二预设质数计算得到第二加密数据集,根据第二加密数据和第二加密数据集确定待查询数据对应的查询结果。In the above data query method, the query device sends a data query request to the device to be queried, and receives an ordered interval point set, where the ordered interval point set includes the device to be queried obtains an ordered data group interval point corresponding to the candidate data set according to the data query request. , obtain the data to be queried, determine the serial number of the current data group corresponding to the data to be queried according to the data to be queried and the ordered interval point set, and obtain the first encrypted data according to the first preset prime number, the second preset prime number and the data to be queried, Send the first preset prime number, the first encrypted data and the current data group serial number to the device to be queried, so that the device to be queried obtains at least one current data corresponding to the current data group serial number, according to the third preset prime number, the first preset The prime number and at least one current data are calculated to obtain the first encrypted data set, the second encrypted data is obtained by calculating the first encrypted data and the third preset prime number, the first encrypted data set and the second encrypted data are received, and the first encrypted data set is received according to the first encrypted data set. The second encrypted data set is obtained by calculating with the second preset prime number, and the query result corresponding to the data to be queried is determined according to the second encrypted data and the second encrypted data set.
因此,由于待查询设备发送查询设备的有序间隔点集本身不是待查询设备内的候选数据集合,这些有序间隔点集中的有序数据组间隔点本身就是没有意义的,并没有将待查询设备内的候选数据集合发送至查询设备中,避免了待查询设备内的候选数据集合泄露,保证了查询数据的隐私性,而且待查询设备和查询设备发送给对方的数据都是通过保密的大质数进行加密计算得到的,由于自己的数据和指数都是保密的,互相无法反推出对方的真实数据,从而提高查询数据的安全性和隐私性。Therefore, since the ordered interval point set sent by the device to be queried is not a candidate data set in the device to be queried, the interval points of the ordered data groups in these ordered interval point sets are meaningless by themselves, and do not set the interval points to be queried. The candidate data set in the device is sent to the query device, which avoids the leakage of the candidate data set in the device to be queried, and ensures the privacy of the query data, and the data sent by the device to be queried and the query device to the other party are all through the confidential large data. The prime numbers are obtained by encrypted calculation. Since their own data and exponents are kept secret, they cannot deduce each other's real data, thereby improving the security and privacy of query data.
在一个实施例中,根据待查询数据和有序间隔点集确定待查询数据对应的当前数据组序号,包括:In one embodiment, the current data group sequence number corresponding to the data to be queried is determined according to the data to be queried and the ordered interval point set, including:
步骤301:从有序间隔点集中获取与待查询数据对应的相邻的两个目标间隔点。Step 301: Acquire two adjacent target interval points corresponding to the data to be queried from the ordered interval point set.
步骤302:根据两个目标间隔点确定待查询数据对应的当前数据组序号。Step 302: Determine the current data group serial number corresponding to the data to be queried according to the two target interval points.
其中,这里的有序间隔点集是指存在一定顺序的数据组间隔点组成的集合,而数据组间隔点是指候选数据集合对应的候选数据组之间的间隔值,而待查询设备上预先存储候选数据集合,候选数据集合包括至少一个候选数据,对候选数据集合进行处理,得到目标候选数据集合,对目标候选数据集合进行分组,得到多个候选数据组,根据各个候选数据组中的数据确定对应的数据组间隔点,对这些数据组间隔点进行排序,得到有序数据组间隔点集。Among them, the ordered interval point set here refers to a set consisting of data group interval points in a certain order, and the data group interval point refers to the interval value between the candidate data groups corresponding to the candidate data set, and the pre-set on the device to be queried Store a candidate data set, the candidate data set includes at least one candidate data, process the candidate data set to obtain a target candidate data set, group the target candidate data set, and obtain a plurality of candidate data sets, according to the data in each candidate data set Corresponding data group interval points are determined, and these data group interval points are sorted to obtain an ordered data group interval point set.
其中,根据各个候选数据组中的数据确定对应的数据组间隔点,具体可以是,获取当前候选数据组,获取当前候选数据组对应的当前候选哈希数据,获取上一个候选数据组对应的目标候选哈希数据,根据当前候选哈希数据与目标候选哈希数据计算得到当前数据组间隔点,获取下一个候选数据组,将下一个候选数据组作为当前候选数据组,返回步骤获取当前候选数据组对应的当前候选哈希数据,直至得到各个数据组间隔点,各个数据组间隔点之间进行排序,得到有序数据组间隔点集。其中,当前候选哈希数据可以是当前候选数据组的第一个候选哈希数据,而目标候选哈希数据可以是上一个候选数据组的最后一个候选哈希数据。The corresponding data group interval points are determined according to the data in each candidate data group. Specifically, the current candidate data group is obtained, the current candidate hash data corresponding to the current candidate data group is obtained, and the target corresponding to the previous candidate data group is obtained. The candidate hash data, according to the current candidate hash data and the target candidate hash data, to obtain the current data group interval point, obtain the next candidate data group, take the next candidate data group as the current candidate data group, and return to the step to obtain the current candidate data The current candidate hash data corresponding to the group is obtained until the interval points of each data group are obtained, and the interval points of each data group are sorted to obtain an ordered set of interval points of the data group. Wherein, the current candidate hash data may be the first candidate hash data of the current candidate data group, and the target candidate hash data may be the last candidate hash data of the previous candidate data group.
其中,这里的当前数据组序号是待查询数据所在的数据组对应的序号,具体地,在接收到有序间隔点集后,可以根据待查询数据和有序间隔点集确定待查询数据对应的当前数据组序号,具体可以是,根据待查询数据从有序间隔点集中获取对应的相邻的两个目标间隔点,再根据两个目标间隔点确定待查询数据对应的当前数据组序号。其中,若待查询数据与相邻的两个目标间隔点中的一个相等,或者待查询数据只有一个相邻间隔点,则说明待查询数据不在候选数据集合中,结束数据查询。The sequence number of the current data group here is the sequence number corresponding to the data group where the data to be queried is located. The current data group serial number may be, specifically, obtaining two adjacent target interval points from the ordered interval point set according to the data to be queried, and then determining the current data group serial number corresponding to the data to be queried according to the two target interval points. Wherein, if the data to be queried is equal to one of two adjacent target interval points, or the data to be queried has only one adjacent interval point, it means that the data to be queried is not in the candidate data set, and the data query is ended.
例如,候选数据集合进行hash函数处理得到的目标候选数据集合为:55、270、317、553、682、847、987、1203,对目标候选数据集合进行分组,得到:[55、270]、[317、553]、[682、847]、[987、1203],有序间隔点集为:第一组和第二组之间的数据组间隔点为293.5、第二组和第三组之间的数据组间隔点为617.5,第三组和第四组之间的数据组间隔点为917,若待查询数据进行hash函数处理后为583,由于待查询数据位于293.5和617.5之间,因此,可以确定待查询数据对应的当前数据组序号为2。For example, the target candidate data set obtained by hash function processing on the candidate data set is: 55, 270, 317, 553, 682, 847, 987, 1203, and the target candidate data set is grouped to obtain: [55, 270], [ 317, 553], [682, 847], [987, 1203], the ordered interval point set is: the data group interval point between the first group and the second group is 293.5, between the second group and the third group The interval point of the data group is 617.5, and the interval point of the data group between the third and fourth groups is 917. If the data to be queried is processed by the hash function, it is 583. Since the data to be queried is between 293.5 and 617.5, therefore, It can be determined that the current data group serial number corresponding to the data to be queried is 2.
在一个实施例中,根据第一预设质数、第二预设质数和待查询数据计算得到第一加密数据,将 第一预设质数、第一加密数据和当前数据组序号发送至待查询设备,以使待查询设备获取当前数据组序号对应的至少一个当前数据,根据第三预设质数、第一预设质数和至少一个当前数据计算得到第一加密数据集,根据第一加密数据和第三预设质数计算得到第二加密数据,包括:In one embodiment, the first encrypted data is calculated according to the first preset prime number, the second preset prime number and the data to be queried, and the first preset prime number, the first encrypted data and the current data group serial number are sent to the device to be queried , so that the device to be queried obtains at least one current data corresponding to the sequence number of the current data set, calculates the first encrypted data set according to the third preset prime number, the first preset prime number and at least one current data, and obtains the first encrypted data set according to the first encrypted data and the first encrypted data set. Three preset prime numbers are calculated to obtain the second encrypted data, including:
步骤401:随机生成第一预设质数和第二预设质数。Step 401: Randomly generate a first preset prime number and a second preset prime number.
步骤402:将第一预设质数作为第一次加密的模,将第二预设质数作为待查询数据的指数,对待查询数据进行模指数运算计算,得到第一加密数据。Step 402: Use the first preset prime number as the modulus of the first encryption, use the second preset prime number as the exponent of the data to be queried, and perform a modulus exponent operation calculation on the data to be queried to obtain the first encrypted data.
其中,第一预设质数、第二预设质数都是随机生成的足够大的质数,随机生成质数时,先随机选择一个给定位数的奇数,然后用质数判别法判断其是否为质数。如果不是,则重新选择。但是,根据质数定理,给定一个数x,小于x的质数个数约为x/lnx,也就是说,给定一个数,其为质数的概率约为1/lnx。就算给定的数是个奇数,其概率也只能上升到2/lnx。如果质数要求是2048位,那么随机取一个奇数,其能通过质数检验的概率约为2/2048*log(e)=0.22%。本申请实施例中随机生成的质数均优选为2048位,超过2048位,计算效率下降,不足2048位,安全性得不到满足,在之前密码学中都是用的1024位,但是已出现通过算力穷举被攻击的情况,位数长需要的算力就大,目前在重要场合一般使用2048位。The first preset prime number and the second preset prime number are both large enough prime numbers generated randomly. When generating prime numbers randomly, first randomly select an odd number with a given bit number, and then use the prime number discrimination method to determine whether it is a prime number. If not, reselect. However, according to the prime number theorem, given a number x, the number of prime numbers less than x is about x/lnx, that is, given a number, the probability of it being a prime number is about 1/lnx. Even if the given number is odd, its probability can only go up to 2/lnx. If the prime number requirement is 2048 bits, then an odd number is randomly selected, and the probability that it can pass the prime number test is about 2/2048*log(e)=0.22%. The randomly generated prime numbers in the embodiments of the present application are all preferably 2048 bits, more than 2048 bits, the computational efficiency is reduced, and less than 2048 bits, the security cannot be satisfied. When the computing power is exhausted, the computing power required for the number of digits is large. At present, 2048 bits are generally used in important occasions.
具体地,查询设备随机生成两个质数,分别作为第一预设质数和第二预设质数,根据第一预设质数、第二预设质数和待查询数据计算得到第一加密数据,其中,计算方式可以是,将第一预设质数作为第一次加密的模,将第二预设质数作为待查询数据的指数,对待查询数据进行第一次模指数计算,从而得到第一加密数据。Specifically, the query device randomly generates two prime numbers as the first preset prime number and the second preset prime number, respectively, and obtains the first encrypted data according to the first preset prime number, the second preset prime number and the data to be queried, wherein, The calculation method may be as follows: the first preset prime number is used as the modulus of the first encryption, the second preset prime number is used as the index of the data to be queried, and the first modulus index calculation is performed on the data to be queried to obtain the first encrypted data.
例如,随机生成2048位第一预设质数N和第二预设质数P,并将第一预设质数N作为加密的模,将第二预设质数P作为待查询数据B的指数,对待查询数据B进行模指数计算,得到第一加密数据Bp,具体可以以以下公式所示:For example, a 2048-bit first preset prime number N and a second preset prime number P are randomly generated, the first preset prime number N is used as the modulus of encryption, and the second preset prime number P is used as the index of the data B to be queried. The modulus index calculation is performed on the data B to obtain the first encrypted data Bp, which can be specifically shown in the following formula:
B P=B PmodN B P = B P modN
步骤403:将第一预设质数、第一加密数据和当前数据组序号发送至待查询设备,以使待查询设备根据当前数据组序号获取对应的至少一个当前数据,随机生成第三预设质数,将第三预设质数作为当前数据的指数,将第一预设质数作为第二次加密的模,对至少一个当前数据进行模指数计算,得到第一加密数据集,将第三预设质数作为第一加密数据的指数,对第一加密数据进行模指数计算,得到第二加密数据。Step 403: Send the first preset prime number, the first encrypted data and the current data group serial number to the device to be queried, so that the device to be queried obtains at least one corresponding current data according to the current data group serial number, and randomly generates a third preset prime number , using the third preset prime number as the exponent of the current data, using the first preset prime number as the modulus of the second encryption, performing modulus exponent calculation on at least one current data to obtain the first encrypted data set, and using the third preset prime number as the modulus of the second encryption. As the exponent of the first encrypted data, modulo exponent calculation is performed on the first encrypted data to obtain the second encrypted data.
具体地,查询设备将第一预设质数、第一加密数据和当前组序号一起发送至待查询设备,待查询设备接收到第一预设质数、第一加密数据和当前组序号后,随机生成第三预设质数,第三预设质数可以是2048位的质数,同时根据当前组序号获取对应的当前数据,这里的当前数据是指当前组序号内的所有数据,候选数据集合经过处理后得到目标候选数据集合,并对目标候选数据集合进行分组,得到多个候选数据组,各个候选数据组内都包括相应的目标候选数据和相应的组序号,因此,可将当前组序号内的所有目标候选数据都可作为当前数据。其次,可将第三预设质数作为当前数据的指数,将第一预设质数作为第二次加密的模,对当前数据进行第二次模指数计算,从而得到第一加密数据集。Specifically, the inquiring device sends the first preset prime number, the first encrypted data and the current group serial number together to the device to be inquired, and after the inquiring device receives the first preset prime number, the first encrypted data and the current group serial number, it randomly generates The third preset prime number. The third preset prime number can be a 2048-bit prime number. At the same time, the corresponding current data is obtained according to the current group serial number. The current data here refers to all the data in the current group serial number. The candidate data set is obtained after processing. The target candidate data set is grouped, and multiple candidate data groups are obtained. Each candidate data group includes the corresponding target candidate data and the corresponding group serial number. Therefore, all the targets in the current group serial number can be Candidate data can be used as current data. Secondly, the third preset prime number may be used as the exponent of the current data, the first preset prime number may be used as the modulus of the second encryption, and the second modulus exponent calculation may be performed on the current data, thereby obtaining the first encrypted data set.
例如,当前组序号为i,随机生成2048位的第三预设质数Q,将第三预设质数Q作为当前数据A i 的指数,将第一预设质数N作为第二次加密的模,对当前数据A i进行模指数计算,得到第一加密数据集
Figure PCTCN2020140634-appb-000011
具体可以以以下公式所示: For example, if the current group serial number is i, a 2048-bit third preset prime number Q is randomly generated, the third preset prime number Q is used as the exponent of the current data A i , and the first preset prime number N is used as the modulus of the second encryption, Perform modulo index calculation on the current data A i to obtain the first encrypted data set
Figure PCTCN2020140634-appb-000011
Specifically, it can be shown in the following formula:
Figure PCTCN2020140634-appb-000012
Figure PCTCN2020140634-appb-000012
其中,若当前组序号i内的当前数据为多个,则可以将第三预设质数Q作为各个当前数据A i的质数,将第一预设质数N作为第二次加密的模,对当前组序号i内的所有当前数据进行模指数计算,得到对应的第一加密数据集。 Wherein, if there are multiple current data in the current group number i, the third preset prime number Q can be used as the prime number of each current data A i , and the first preset prime number N can be used as the modulus of the second encryption. All current data in the group serial number i is subjected to modulo index calculation to obtain the corresponding first encrypted data set.
进一步地,待查询设备接收到第一预设质数、第一加密数据和当前组序号后,还可以将第三预设质数作为第一加密数据的指数,对第一加密数据进行第三次加密计算,第三次加密计算可以是模指数计算,得到第二加密数据。Further, after the inquiring device receives the first preset prime number, the first encrypted data and the current group serial number, the third preset prime number can also be used as the index of the first encrypted data, and the first encrypted data can be encrypted for the third time. Calculation, the third encryption calculation may be modulo exponential calculation to obtain the second encrypted data.
例如,查询设备随机生成2048位第一预设质数N和第二预设质数P,并将第一预设质数N作为加密的模,将第二预设质数P作为待查询数据B的指数,对带查询数据B进行模指数计算,得到第一加密数据Bp,具体可以以以下公式所示:For example, the query device randomly generates a 2048-bit first preset prime number N and a second preset prime number P, uses the first preset prime number N as the encrypted modulus, and uses the second preset prime number P as the index of the data B to be queried, The modulus index calculation is performed on the data B with query to obtain the first encrypted data Bp, which can be specifically shown in the following formula:
B P=B PmodN B P = B P modN
查询设备把第一加密数据Bp发送至待查询设备,待查询设备随机生成2048位的第三预设质数Q,将第三预设质数Q作为第一加密数据的指数,对第一加密数据进行模指数计算,得到第二加密数据B PQ,具体可以以以下公式所示: The inquiring device sends the first encrypted data Bp to the device to be inquired, the device to be inquired randomly generates a 2048-bit third preset prime number Q, uses the third preset prime number Q as an index of the first encrypted data, and performs The modulus index is calculated to obtain the second encrypted data B PQ , which can be shown in the following formula:
B PQ=(B P) QmodN=B PQmodN B PQ =(B P ) Q modN=B PQ modN
其中,待查询设备计算得到第一加密数据集和第二加密数据后,需要将第一加密数据集和第二加密数据返回至查询设备。Wherein, after the device to be inquired obtains the first encrypted data set and the second encrypted data by calculation, the first encrypted data set and the second encrypted data need to be returned to the inquiring device.
在一个实施例中,根据第一加密数据集和第二预设质数计算得到第二加密数据集,包括:将第二预设质数作为第一加密数据集的指数,对第一加密数据集进行模指数计算,得到第二加密数据集。In one embodiment, calculating and obtaining the second encrypted data set according to the first encrypted data set and the second preset prime number includes: using the second preset prime number as an index of the first encrypted data set, and performing The modulus index is calculated to obtain the second encrypted data set.
其中,查询设备在接收到待查询设备返回的第一加密数据集和第二加密数据后,可以通过再次对第一加密数据集进行加密,得到第二加密数据集,其中,加密过程可以是根据第一加密数据集和第二预设指数进行加密计算得到第二加密数据集。具体可以是,将第二预设指数作为第一加密数据集的指数,对第一加密数据集进行第四次模指数计算,得到第二加密数据集。Wherein, after receiving the first encrypted data set and the second encrypted data returned by the device to be queried, the querying device may encrypt the first encrypted data set again to obtain the second encrypted data set, wherein the encryption process may be based on The first encrypted data set and the second preset index are encrypted and calculated to obtain a second encrypted data set. Specifically, the second preset index is used as the index of the first encrypted data set, and the fourth modular index calculation is performed on the first encrypted data set to obtain the second encrypted data set.
例如,当前组序号为i,随机生成2048位的第三预设质数Q,将第三预设质数Q作为当前数据A i的指数,将第一预设质数N作为第二次加密的模,对当前数据A i进行模指数计算,得到第一加密数据集
Figure PCTCN2020140634-appb-000013
具体可以以以下公式所示: For example, if the current group serial number is i, a 2048-bit third preset prime number Q is randomly generated, the third preset prime number Q is used as the exponent of the current data A i , and the first preset prime number N is used as the modulus of the second encryption, Perform modulo index calculation on the current data A i to obtain the first encrypted data set
Figure PCTCN2020140634-appb-000013
Specifically, it can be shown in the following formula:
Figure PCTCN2020140634-appb-000014
Figure PCTCN2020140634-appb-000014
查询设备接收到待查询设备发送的第一加密数据集
Figure PCTCN2020140634-appb-000015
对第二次加密数据
Figure PCTCN2020140634-appb-000016
进行再次加密计算,将第二预设质数P作为第一加密数据集
Figure PCTCN2020140634-appb-000017
的指数,对第一加密数据集
Figure PCTCN2020140634-appb-000018
进行模指数计算,得到第二加密数据集
Figure PCTCN2020140634-appb-000019
具体可以以以下公式所示: The inquiring device receives the first encrypted data set sent by the device to be inquired
Figure PCTCN2020140634-appb-000015
Encrypt data for the second time
Figure PCTCN2020140634-appb-000016
Perform another encryption calculation, and use the second preset prime number P as the first encrypted data set
Figure PCTCN2020140634-appb-000017
The exponent of the first encrypted dataset
Figure PCTCN2020140634-appb-000018
Perform the modulus index calculation to obtain the second encrypted data set
Figure PCTCN2020140634-appb-000019
Specifically, it can be shown in the following formula:
Figure PCTCN2020140634-appb-000020
Figure PCTCN2020140634-appb-000020
在一个实施例中,根据第二加密数据和第二加密数据集确定待查询数据对应的查询结果,包括:In one embodiment, determining a query result corresponding to the data to be queried according to the second encrypted data and the second encrypted data set includes:
步骤501:在第二加密数据与第二加密数据集的某一元素相同时,确定待查询数据对应的查询结果为第一查询结果,第一查询结果为待查询数据在候选数据集合中。Step 501: When the second encrypted data is the same as an element of the second encrypted data set, determine that the query result corresponding to the data to be queried is the first query result, and the first query result is that the data to be queried is in the candidate data set.
步骤502:在第二加密数据与第二加密数据集任一元素均不相同时,确定待查询数据对应的查询结果为第二查询结果,第二查询结果为待查询数据不在候选数据集合中。Step 502: When the second encrypted data is different from any element of the second encrypted data set, determine that the query result corresponding to the data to be queried is the second query result, and the second query result is that the data to be queried is not in the candidate data set.
具体地,查询设备在得到第二加密数据和第二加密数据集后,可以根据第二加密数据和第二加密数据集确定待查询数据对应的查询结果,具体可以是,比较第二加密数据和第二加密数据集是否匹配,其中,若第二加密数据和第二加密数据集的某一元素匹配,则确定待查询数据对应的查询结果为第一查询结果,第一查询结果说明待查询数据在候选数据集合中,若第二加密数据和第二加密数据集任一元素均不匹配时,则确定待查询数据对应的查询结果为第二查询结果,第二查询结果说明待查询数据不在候选数据集合中。其中,第二加密数据和第二加密数据集是否匹配可以是,比较第二加密数据和第二加密数据集的某一元素是否相同,或者比较第二加密数据和第二加密数据集任一元素均是否相等。Specifically, after obtaining the second encrypted data and the second encrypted data set, the query device can determine the query result corresponding to the data to be queried according to the second encrypted data and the second encrypted data set. Specifically, the query device can compare the second encrypted data and the second encrypted data set. Whether the second encrypted data set matches, wherein if the second encrypted data matches an element of the second encrypted data set, the query result corresponding to the data to be queried is determined to be the first query result, and the first query result indicates the data to be queried. In the candidate data set, if the second encrypted data does not match any element of the second encrypted data set, the query result corresponding to the data to be queried is determined to be the second query result, and the second query result indicates that the data to be queried is not in the candidate data set in the data set. Wherein, whether the second encrypted data matches the second encrypted data set may be comparing whether an element of the second encrypted data and the second encrypted data set is the same, or comparing the second encrypted data and any element of the second encrypted data set Are all equal.
其中,若待查询数据为多个,且当前组序号内的数据也为多个时,则第二加密数据为多个,第二加密数据集也为多个,将各个第二加密数据与各个第二加密数据集进行比较,若存在任何一个第二加密数据与任何一个第二加密数据集相同或者相等时,则可确定待查询数据对应的查询结果为第一查询结果,说明待查询数据在候选数据集合中,若不存在任何一个第二加密数据与任何一个第二加密数据集相同或者相等时,则可确定待查询数据对应的查询结果为第二查询结果,说明待查询数据不在候选数据集合中。Wherein, if there are multiple pieces of data to be queried and there are multiple pieces of data in the current group serial number, then there are multiple pieces of second encrypted data and multiple sets of second encrypted data, and each second encrypted data is associated with each piece of data. The second encrypted data sets are compared, and if any second encrypted data is identical or equal to any second encrypted data set, it can be determined that the query result corresponding to the data to be queried is the first query result, indicating that the data to be queried is in the In the candidate data set, if there is no second encrypted data that is identical or equal to any second encrypted data set, it can be determined that the query result corresponding to the data to be queried is the second query result, indicating that the data to be queried is not in the candidate data. in the collection.
在一个实施例中,有序间隔点集的生成步骤包括:In one embodiment, the generating step of the ordered interval point set includes:
步骤601:待查询设备获取候选数据集合,候选数据集合包括至少一个候选数据。Step 601: The device to be queried acquires a candidate data set, where the candidate data set includes at least one candidate data.
步骤602:待查询设备根据预设哈希函数对候选数据集合中的候选数据进行处理,得到目标候选数据集合,目标候选数据集合包括至少一个候选哈希数据。Step 602: The device to be queried processes the candidate data in the candidate data set according to the preset hash function to obtain a target candidate data set, where the target candidate data set includes at least one candidate hash data.
其中,这里的待查询设备可以是数据用户方所在的待查询设备,存储候选数据集合,候选数据集合包括至少一个候选数据,对候选数据集合进行处理,得到目标候选数据集合,对目标候选数据集合进行分组,得到多个候选数据组,根据各个候选数据组中的数据确定对应的数据组间隔点,对这些数据组间隔点进行排序,得到有序数据组间隔点集。Wherein, the device to be queried here may be the device to be queried where the data user is located, and stores a candidate data set. The candidate data set includes at least one candidate data. The candidate data set is processed to obtain a target candidate data set, and the target candidate data set is processed. Grouping is performed to obtain a plurality of candidate data groups, corresponding data group interval points are determined according to the data in each candidate data group, and these data group interval points are sorted to obtain an ordered data group interval point set.
其中,这里的有序间隔点集是指存在一定顺序的数据组间隔点组成的集合,而数据组间隔点是指候选数据集合对应的候选数据组之间的间隔值,而待查询设备上预先存储候选数据集合,候选数据集合包括至少一个候选数据,对候选数据集合进行处理,得到目标候选数据集合。Among them, the ordered interval point set here refers to a set consisting of data group interval points in a certain order, and the data group interval point refers to the interval value between the candidate data groups corresponding to the candidate data set, and the pre-set on the device to be queried A candidate data set is stored, where the candidate data set includes at least one candidate data, and the candidate data set is processed to obtain a target candidate data set.
其中,对候选数据集合进行处理,得到目标候选数据集,具体可以是,获取预设哈希函数,通过预设哈希函数对候选数据集合中的各个候选数据进行哈希处理,得到相应的候选哈希数据,由各个候选哈希数据组成目标候选数据集合。The candidate data set is processed to obtain the target candidate data set. Specifically, a preset hash function is obtained, and each candidate data in the candidate data set is hashed by the preset hash function to obtain the corresponding candidate data set. Hash data, the target candidate data set is composed of each candidate hash data.
例如,候选数据集合中的所有候选数据都通过相同的hash(哈希)函数通过以下公式处理得到候选哈希数据,由候选哈希数据组成目标候选数据集合:For example, all candidate data in the candidate data set are processed by the same hash (hash) function to obtain candidate hash data by the following formula, and the target candidate data set is composed of the candidate hash data:
Figure PCTCN2020140634-appb-000021
Figure PCTCN2020140634-appb-000021
步骤603:待查询设备根据按照预设的规则对目标候选数据集合进行分组,得到多个候选数据组。Step 603: The device to be queried groups the target candidate data sets according to preset rules to obtain multiple candidate data groups.
步骤604:待查询设备根据各个候选数据组中的候选哈希数据确定对应的数据组间隔点,根据各个数据组间隔点生成有序数据组间隔点集。Step 604: The device to be queried determines the corresponding data group interval points according to the candidate hash data in each candidate data group, and generates an ordered data group interval point set according to each data group interval point.
具体地,待查询设备在得到目标候选数据集合,目标候选数据集合包括至少一个候选哈希数据后,再对目标候选数据集合进行分组,得到多个候选数据组,根据各个候选数据组中的数据确定对应的数据组间隔点,对这些数据组间隔点进行排序,得到有序数据组间隔点集。其中,具体可以是,待查询设备按照预设的规则对目标候选数据集合进行分组,得到多个候选数据组,其中,预设的规则可以是对目标候选数据集合中的候选哈希数据进行排序,排序可以是升序或降序,得到排序后的目标候选数据集合,再根据预设分组大小对排序后的目标候选数据集合进行分组,从而得到多个候选数据组。Specifically, after obtaining the target candidate data set, which includes at least one candidate hash data, the device to be queried groups the target candidate data set to obtain multiple candidate data groups. According to the data in each candidate data group Corresponding data group interval points are determined, and these data group interval points are sorted to obtain an ordered data group interval point set. Specifically, the device to be queried groups the target candidate data set according to a preset rule to obtain multiple candidate data groups, wherein the preset rule may be to sort the candidate hash data in the target candidate data set , the sorting can be in ascending order or descending order to obtain the sorted target candidate data set, and then group the sorted target candidate data set according to the preset group size, thereby obtaining multiple candidate data groups.
具体可以是,可以根据升序的规则对目标候选数据集合中的候选哈希数据进行排序,或者可以根据降序的规则对目标候选数据集合中的候选哈希数据进行降序,得到排序后的目标候选数据集合,再获取预设分组大小,所谓分组大小是指相应组对应的最大承受能力,预设分组大小可以根据业务需求、应用场景或产品需求进行确定得到,根据预设分组大小对排序后的目标候选数据集合进行分组,得到分组后的各个候选数据组。进一步地,再根据各个候选数据组中的数据确定对应的数据组间隔点,具体可以是,获取当前候选数据组,获取当前候选数据组对应的当前候选哈希数据,获取上一个候选数据组对应的目标候选哈希数据,根据当前候选哈希数据与目标候选哈希数据计算得到当前数据组间隔点,获取下一个候选数据组,将下一个候选数据组作为当前候选数据组,返回步骤获取当前候选数据组对应的当前候选哈希数据,直至得到各个数据组间隔点,各个数据组间隔点之间进行排序,得到有序数据组间隔点集。其中,当前候选哈希数据可以是当前候选数据组的第一个候选哈希数据,而目标候选哈希数据可以是上一个候选数据组的最后一个候选哈希数据。Specifically, the candidate hash data in the target candidate data set may be sorted according to an ascending rule, or the candidate hash data in the target candidate data set may be sorted in descending order according to a descending rule to obtain the sorted target candidate data Set, and then obtain the preset group size. The so-called group size refers to the maximum bearing capacity corresponding to the corresponding group. The preset group size can be determined according to business requirements, application scenarios or product requirements, and the sorted targets are based on the preset group size. The candidate data sets are grouped to obtain each grouped candidate data group. Further, the corresponding data group interval points are determined according to the data in each candidate data group. Specifically, the current candidate data group is obtained, the current candidate hash data corresponding to the current candidate data group is obtained, and the last candidate data group is obtained. The target candidate hash data of the The current candidate hash data corresponding to the candidate data group is obtained until each data group interval point is obtained, and the various data group interval points are sorted to obtain an ordered data group interval point set. Wherein, the current candidate hash data may be the first candidate hash data of the current candidate data group, and the target candidate hash data may be the last candidate hash data of the previous candidate data group.
例如,候选数据集合进行hash函数处理得到的目标候选数据集合为:55、270、317、553、682、847、987、1203,对目标候选数据集合进行分组,得到:[55、270]、[317、553]、[682、847]、[987、1203],有序间隔点集为:第一组和第二组之间的数据组间隔点为293.5、第二组和第三组之间的数据组间隔点为617.5,第三组和第四组之间的数据组间隔点为917,有序数据组间隔点集为:{293.5、617.5、917}。其中,第一组和第二组之间的数据组间隔点可以根据第一组的末位候选哈希数据和第二组的首位候选哈希数据进行计算得到的,例如,第一组的末位候选哈希数据为270,第二组的首位候选哈希数据为317,第一组和第二组之间的数据组间隔点可以为:(270+317)/2=293.5。同样地,第二组和第三组之间的数据组间隔点可以根据第二组的末位候选哈希数据和第三组的首位候选哈希数据进行计算得到的,例如,第二组的末位候选哈希数据为553,第三组的首位候选哈希数据为682,第二组和第三组之间的数据组间隔点可以为:(553+682)/2=617.5。依次类推,第三组和第四组之间的数据组间隔点可以根据第三组末位候选哈希数据和第四组首位候选哈希数据进行计算得到的,例如,第三组末位候选哈希数据为847,第四组的首位候选哈希数据为987,第三组和第四组之间的数据组间隔点可以为:(847+987)/2=917。For example, the target candidate data set obtained by hash function processing on the candidate data set is: 55, 270, 317, 553, 682, 847, 987, 1203, and the target candidate data set is grouped to obtain: [55, 270], [ 317, 553], [682, 847], [987, 1203], the ordered interval point set is: the data group interval point between the first group and the second group is 293.5, between the second group and the third group The data group interval point is 617.5, the data group interval point between the third and fourth groups is 917, and the ordered data group interval point set is: {293.5, 617.5, 917}. Wherein, the data group interval point between the first group and the second group can be calculated according to the last candidate hash data of the first group and the first candidate hash data of the second group, for example, the last candidate hash data of the first group The bit candidate hash data is 270, the first candidate hash data of the second group is 317, and the data group interval point between the first group and the second group may be: (270+317)/2=293.5. Similarly, the data group interval point between the second group and the third group can be calculated according to the last candidate hash data of the second group and the first candidate hash data of the third group, for example, the second group of The last candidate hash data is 553, the first candidate hash data of the third group is 682, and the data group interval point between the second group and the third group may be: (553+682)/2=617.5. By analogy, the data group interval point between the third group and the fourth group can be calculated according to the last candidate hash data of the third group and the first candidate hash data of the fourth group. For example, the last candidate hash data of the third group The hash data is 847, the first candidate hash data of the fourth group is 987, and the data group interval point between the third group and the fourth group may be: (847+987)/2=917.
在一个实施例中,待查询设备根据各个候选数据组中的候选哈希数据确定对应的数据组间隔点,包括:待查询设备获取当前候选数据组,获取当前候选数据组中的当前候选哈希数据,获取上一个候选数据组中的目标候选哈希数据,根据当前候选哈希数据和目标候选哈希数据计算得到当前数据组间隔点,获取下一个候选数据组,将下一个候选数据组作为当前候选数据组,返回步骤获取当前候选数据组中的当前候选哈希数据,直至得到数据组间隔点。具体地,根据各个候选数据组中的数据确定对应的数据组间隔点,具体可以是,获取当前候选数据组,获取当前候选数据组对应的当前候选哈希数据,获取上一个候选数据组对应的目标候选哈希数据,根据当前候选哈希数据与目标候选哈希数据计算得到当前数据组间隔点,获取下一个候选数据组,将下一个候选数据组作为当前候选数据组,返回步骤获取当前候选数据组对应的当前候选哈希数据,直至得到各个数据组间隔点,各个数据组间隔点之间进行排序,得到有序数据组间隔点集。其中,当前候选数据组可以从各个候选数据组中随机抽取一个作为当前候选数据组,或者还可以是依次将候选数据组确定为当前候选数据组。In one embodiment, the device to be queried determines the corresponding data group interval points according to the candidate hash data in each candidate data group, including: the device to be queried obtains the current candidate data group, and obtains the current candidate hash in the current candidate data group. data, obtain the target candidate hash data in the previous candidate data group, calculate the interval point of the current data group according to the current candidate hash data and the target candidate hash data, obtain the next candidate data group, and use the next candidate data group as For the current candidate data group, the returning step obtains the current candidate hash data in the current candidate data group until the data group interval point is obtained. Specifically, the corresponding data group interval points are determined according to the data in each candidate data group. Specifically, the current candidate data group may be obtained, the current candidate hash data corresponding to the current candidate data group may be obtained, and the current candidate data group corresponding to the current candidate data group may be obtained. The target candidate hash data, according to the current candidate hash data and the target candidate hash data, calculate the current data group interval point, obtain the next candidate data group, take the next candidate data group as the current candidate data group, and return to the step to obtain the current candidate data group The current candidate hash data corresponding to the data group is obtained until each data group interval point is obtained, and the data group interval points are sorted to obtain an ordered data group interval point set. The current candidate data group may be randomly selected from each candidate data group as the current candidate data group, or the candidate data group may be determined as the current candidate data group in sequence.
在另一个实施例中,当前候选哈希数据可以是当前候选数据组中的首位候选哈希数据,目标候选哈希数据可以是上一个候选数据组中的末位候选哈希数据,具体可以是待查询设备获取当前候选数据组,获取当前候选数据组中的首位候选哈希数据,获取上一个候选数据组中的末位候选哈希数据,根据首位候选哈希数据和末位候选哈希数据计算得到当前数据组间隔点,获取下一个候选数据组,将下一个候选数据组作为当前候选数据组,返回步骤获取当前候选数据组中的首位候选哈希数据,直至得到数据组间隔点。In another embodiment, the current candidate hash data may be the first candidate hash data in the current candidate data group, and the target candidate hash data may be the last candidate hash data in the previous candidate data group. Specifically, it may be The device to be queried obtains the current candidate data group, obtains the first candidate hash data in the current candidate data group, and obtains the last candidate hash data in the previous candidate data group, according to the first candidate hash data and the last candidate hash data. Calculate the interval point of the current data group, obtain the next candidate data group, take the next candidate data group as the current candidate data group, and return to the step to obtain the first candidate hash data in the current candidate data group, until the interval point of the data group is obtained.
在一个实施例中,数据查询方法还包括:发送当前有序间隔点集版本号查询请求至待查询设备,当前有序间隔点集版本号查询请求包括当前有序间隔点集版本号,以使待查询设备获取候选有序间隔点集版本号,比较当前有序间隔点集版本号和候选有序间隔点集版本号是否一致,若一致,则确定为第一版本号信息,若不一致,则确定为第二版本号信息,并返回,其中候选有序间隔点集版本号为待查询设备中目前有序间隔点集对应的版本号,接收待查询设备返回的第一版本号信息,获取历史有序间隔点集,则将历史有序间隔点集作为有序间隔点集,进入步骤获取待查询数据,或;接收待查询设备返回的第二版本号信息,则进入步骤发送数据查询请求至待查询设备。In one embodiment, the data query method further includes: sending a current ordered interval point set version number query request to the device to be queried, where the current ordered interval point set version number query request includes the current ordered interval point set version number, so that The device to be queried obtains the version number of the candidate ordered interval point set, and compares whether the version number of the current ordered interval point set is consistent with the version number of the candidate ordered interval point set. Determine the second version number information, and return it, where the version number of the candidate ordered interval point set is the version number corresponding to the current ordered interval point set in the device to be queried, receive the first version number information returned by the device to be queried, and obtain the history Ordered interval point set, take the historical ordered interval point set as the ordered interval point set, and enter the step to obtain the data to be queried, or; after receiving the second version number information returned by the device to be queried, enter the step to send a data query request to Device to be queried.
其中,这里的当前有序间隔点集版本号查询请求是用来请求查询当前有序间隔点集版本号的,当前有序间隔点集版本号是当前有序间隔点集对应的版本标识号,每一次待查询设备发送的当前有序间隔点集都包括对应的当前有序间隔点集版本号,在查询设备第一次向待查询设备发送有序间隔点集版本号查询请求时,会保存待查询设备返回的有序间隔点集版本号,在后续查询时,查询设备携带当前有序间隔点集版本号查询请求向待查询设备查询时,待查询设备比较当前有序间隔点集版本号与本地存储的候选间隔点集版本号是否一致,若一致,则确定为第一版本号信息,若不一致,则确定为第二版本号信息,并返回,其中候选有序间隔点集版本号为待查询设备中目前有序间隔点集对应的版本号,并将第一版本号信息或第二版本号信息返回至查询设备。Among them, the current ordered interval point set version number query request here is used to request to query the current ordered interval point set version number, and the current ordered interval point set version number is the version identification number corresponding to the current ordered interval point set, Each time the current ordered interval point set sent by the device to be queried includes the corresponding version number of the current ordered interval point set. The ordered interval point set version number returned by the device to be queried. In subsequent queries, the inquiring device carries the current ordered interval point set version number query request to the to-be-queried device, and the to-be-queried device compares the current ordered interval point set version numbers. Whether the version number of the candidate interval point set stored locally is consistent, if it is consistent, it is determined as the first version number information, if not, it is determined as the second version number information, and returned, where the version number of the candidate ordered interval point set is The version number corresponding to the current ordered interval point set in the device to be queried, and the first version number information or the second version number information is returned to the query device.
进一步地,查询设备接收到第一版本号信息,说明当前有序间隔点集版本号与待查询设备本地存储的候选间隔点集版本号一致,则可以将查询设备本身缓存的有序间隔点确定为有序间隔点集,具体可以 是,获取历史有序间隔点集,所谓历史有序间隔点集是查询设备本地缓存的有序间隔点集,将历史有序间隔点集作为有序间隔点集,进入步骤获取待查询数据。Further, if the inquiring device receives the first version number information, indicating that the version number of the current ordered interval point set is consistent with the version number of the candidate interval point set locally stored by the device to be inquired, then the ordered interval point cached by the inquiring device itself can be determined. It is an ordered interval point set. Specifically, the historical ordered interval point set can be obtained. The so-called historical ordered interval point set refers to the ordered interval point set cached locally by the query device, and the historical ordered interval point set is used as the ordered interval point. Set, enter the step to obtain the data to be queried.
其中,若查询设备接收到的是第二版本号信息,说明当前有序间隔点集版本号与待查询设备本地存储的候选间隔点集版本号不一致,则进入步骤发送数据查询请求至待查询设备,并将后续接收到的有序间隔点集替换查询设备本地存储的历史有序间隔点集,即根据后续接收到的有序间隔点集更新本地存储的历史有序间隔点集。Among them, if the query device receives the second version number information, it means that the version number of the current ordered interval point set is inconsistent with the version number of the candidate interval point set stored locally by the device to be queried, and then enters the step of sending a data query request to the device to be queried. , and replace the subsequently received ordered interval point set with the historical ordered interval point set stored locally by the query device, that is, update the locally stored historical ordered interval point set according to the subsequently received ordered interval point set.
在一个具体的实施例中,提供了一种数据查询方法,具体包括以下步骤:In a specific embodiment, a data query method is provided, which specifically includes the following steps:
1、待查询设备获取候选数据集合,候选数据集合包括至少一个候选数据。1. The device to be queried acquires a candidate data set, where the candidate data set includes at least one candidate data.
2、待查询设备根据预设哈希函数对候选数据集合中的候选数据进行处理,得到目标候选数据集合,目标候选数据集合包括至少一个候选哈希数据。2. The device to be queried processes the candidate data in the candidate data set according to the preset hash function to obtain a target candidate data set, where the target candidate data set includes at least one candidate hash data.
3、待查询设备根据按照预设的规则对目标候选数据集合进行分组,得到多个候选数据组。3. The device to be queried groups the target candidate data sets according to preset rules to obtain multiple candidate data groups.
4、待查询设备根据各个候选数据组中的候选哈希数据确定对应的数据组间隔点,根据各个数据组间隔点生成有序数据组间隔点集。4. The device to be queried determines a corresponding data group interval point according to the candidate hash data in each candidate data group, and generates an ordered data group interval point set according to each data group interval point.
5、发送当前有序间隔点集版本号查询请求至待查询设备,确定第一版本号信息或二版本号信息。5. Send the current ordered interval point set version number query request to the device to be queried, and determine the first version number information or the second version number information.
6、接收待查询设备返回的第一版本号信息,获取历史有序间隔点集,则将历史有序间隔点集作为有序间隔点集,进入步骤10。6. Receive the first version number information returned by the device to be queried, obtain the historical ordered interval point set, then use the historical ordered interval point set as the ordered interval point set, and go to step 10 .
7、接收待查询设备返回的第二版本号信息,则进入步骤8。7. Receive the second version number information returned by the device to be queried, and go to step 8.
8、发送数据查询请求至待查询设备。8. Send a data query request to the device to be queried.
9、接收有序间隔点集,有序间隔点集包括待查询设备根据数据查询请求获取与候选数据集合对应的有序数据组间隔点。9. Receive an ordered interval point set, where the ordered interval point set includes the ordered data group interval points corresponding to the candidate data set obtained by the device to be queried according to the data query request.
10、获取待查询数据,根据待查询数据和有序间隔点集确定待查询数据对应的当前数据组序号。10. Acquire the data to be queried, and determine the serial number of the current data group corresponding to the data to be queried according to the data to be queried and the ordered interval point set.
11、根据第一预设质数、第二预设质数和待查询数据计算得到第一加密数据,将第一预设质数、第一加密数据和当前数据组序号发送至待查询设备,以使待查询设备获取当前数据组序号对应的至少一个当前数据,根据第三预设质数、第一预设质数和至少一个当前数据计算得到第一加密数据集,根据第一加密数据和第三预设质数计算得到第二加密数据。11. Calculate and obtain the first encrypted data according to the first preset prime number, the second preset prime number and the data to be queried, and send the first preset prime number, the first encrypted data and the serial number of the current data group to the device to be queried, so that the data to be queried is sent to the device to be queried. The query device obtains at least one current data corresponding to the serial number of the current data set, calculates and obtains the first encrypted data set according to the third preset prime number, the first preset prime number and the at least one current data, and obtains the first encrypted data set according to the first encrypted data and the third preset prime number Calculated to obtain the second encrypted data.
12、接收第一加密数据集和第二加密数据,根据第一加密数据集和第二预设质数计算得到第二加密数据集。12. Receive the first encrypted data set and the second encrypted data, and calculate and obtain the second encrypted data set according to the first encrypted data set and the second preset prime number.
13、根据第二加密数据和第二加密数据集确定待查询数据对应的查询结果。13. Determine a query result corresponding to the data to be queried according to the second encrypted data and the second encrypted data set.
在一个实施例中,提供了一种数据集处理方法,包括以下步骤:获取候选数据集合,候选数据集合包括至少一个候选数据,根据预设哈希函数对候选数据集合中的至少一个候选数据进行处理,得到目标候选数据集合,目标候选数据集合包括至少一个候选哈希数据,按照预设的规则对目标候选数据集合进行分组,得到多个候选数据组,根据各个候选数据组中的候选哈希数据确定对应的数据组间隔点,根据各个数据组间隔点生成有序数据组间隔点集。In one embodiment, a data set processing method is provided, including the following steps: obtaining a candidate data set, the candidate data set includes at least one candidate data, and performing a processing on the at least one candidate data in the candidate data set according to a preset hash function processing to obtain a target candidate data set, the target candidate data set including at least one candidate hash data, grouping the target candidate data set according to a preset rule to obtain a plurality of candidate data groups, and according to the candidate hash data in each candidate data group The data determines the corresponding data group interval points, and generates an ordered data group interval point set according to each data group interval point.
在一个实施例中,根据各个候选数据组中的候选哈希数据确定对应的数据组间隔点,包括:获取当前候选数据组,获取当前候选数据组中的当前候选哈希数据,获取上一个候选数据组中的目标候选哈希数据,根据当前候选哈希数据和目标候选哈希数据计算得到当前数据组间隔点,获取下一个候选数据组,将下一个候选数据组作为当前候选数据组,返回步骤获取当前候选数据组中的当前候选哈希数据,直至得到数据组间隔点。In one embodiment, determining the corresponding data group interval point according to the candidate hash data in each candidate data group includes: acquiring the current candidate data group, acquiring the current candidate hash data in the current candidate data group, acquiring the previous candidate data group For the target candidate hash data in the data group, calculate the interval point of the current data group according to the current candidate hash data and the target candidate hash data, obtain the next candidate data group, take the next candidate data group as the current candidate data group, and return The step is to obtain the current candidate hash data in the current candidate data group until the data group interval point is obtained.
在一个实施例中,数据集处理方法还包括:接收新增加的候选哈希数据,将新增加的候选哈希数据插入其对应的第一数据组内,判断第一数据组内的数据数量是否超出设定范围,若是,则从第一数据组内后重新确定数据组间隔点,根据各个数据组间隔点更新有序数据组间隔点集。In one embodiment, the data set processing method further includes: receiving newly added candidate hash data, inserting the newly added candidate hash data into its corresponding first data group, and determining whether the amount of data in the first data group is If it exceeds the set range, if it is, then re-determine the data group interval points from the first data group, and update the ordered data group interval point set according to each data group interval point.
其中,这里的第一数据组是指新增加的候选哈希数据需要插入的数据组,可以根据各个数据组间隔点确定新增加的候选哈希数据对应的第一数据组,再第一数据组内的数据数量是否超出设定范围,若是,则从第一数据组内后重新确定数据组间隔点,根据各个数据组间隔点更新有序数据组间隔点集。例如,第一组和第二组之间的数据组间隔点为293.5、第二组和第三组之间的数据组间隔点为617.5,新增加的候选哈希数据为530,则确定新增加的候选哈希数据为第二组为第一数据组,再判断第一数据组内的数据数量是否超出设定范围,若是,则从第一数据组内后重新确定数据组间隔点,根据各个数据组间隔点更新有序数据组间隔点集。The first data group here refers to the data group into which the newly added candidate hash data needs to be inserted, and the first data group corresponding to the newly added candidate hash data can be determined according to the interval point of each data group, and then the first data group Whether the amount of data in the data exceeds the set range, and if so, then re-determine the data group interval points from the first data group, and update the ordered data group interval point set according to each data group interval point. For example, the data group interval point between the first group and the second group is 293.5, the data group interval point between the second group and the third group is 617.5, and the newly added candidate hash data is 530, then it is determined that the new addition The candidate hash data is that the second group is the first data group, and then it is judged whether the amount of data in the first data group exceeds the set range. Data group interval points update the ordered data group interval point set.
应该理解的是,虽然上述流程图中的各个步骤按照箭头的指示依次显示,但是这些步骤并不是必然按照箭头指示的顺序依次执行。除非本文中有明确的说明,这些步骤的执行并没有严格的顺序限制,这些步骤可以以其它的顺序执行。而且,上述流程图中的至少一部分步骤可以包括多个子步骤或者多个阶段,这些子步骤或者阶段并不必然是在同一时刻执行完成,而是可以在不同的时刻执行,这些子步骤或者阶段的执行顺序也不必然是依次进行,而是可以与其它步骤或者其它步骤的子步骤或者阶段的至少一部分轮流或者交替地执行。It should be understood that although the steps in the above flow charts are shown in sequence according to the arrows, these steps are not necessarily executed in the sequence shown by the arrows. Unless explicitly stated herein, the execution of these steps is not strictly limited to the order, and the steps may be executed in other orders. Moreover, at least a part of the steps in the above flow chart may include multiple sub-steps or multiple stages. These sub-steps or stages are not necessarily executed at the same time, but may be executed at different times. The order of execution is also not necessarily sequential, but may be performed alternately or alternately with other steps or at least a portion of sub-steps or stages of other steps.
在一个实施例中,如图3所示,提供了一种数据查询装置700,包括:查询请求发送模块701、有序间隔集接收模块702、数据组序号确定模块703、加密数据计算模块704、加密数据处理模块705和查询结果确定模块706,其中:查询请求发送模块701,用于发送数据查询请求至待查询设备。有序间隔集接收模块702,用于接收有序间隔点集,有序间隔点集包括待查询设备根据数据查询请求获取与候选数据集合对应的有序数据组间隔点。数据组序号确定模块703,用于获取待查询数据,根据待查询数据和有序间隔点集确定待查询数据对应的当前数据组序号。加密数据计算模块704,用于根据第一预设质数、第二预设质数和待查询数据计算得到第一加密数据,将第一预设质数、第一加密数据和当前数据组序号发送至待查询设备,以使待查询设备获取当前数据组序号对应的至少一个当前数据,根据第三预设质数、第一预设质数和至少一个当前数据计算得到第一加密数据集,根据第一加密数据和第三预设质数计算得到第二加密数据。加密数据处理模块705,用于接收第一加密数据集和第二加密数据,根据第一加密数据集和第二预设质数计算得到第二加密数据集。查询结果确定模块706,用于根据第二加密数据和第二加密数据集确定待查询数据对应的查询结果。In one embodiment, as shown in FIG. 3, a data query device 700 is provided, including: a query request sending module 701, an ordered interval set receiving module 702, a data group serial number determination module 703, an encrypted data calculation module 704, The encrypted data processing module 705 and the query result determination module 706, wherein: the query request sending module 701 is used for sending a data query request to the device to be queried. The ordered interval set receiving module 702 is configured to receive an ordered interval point set, where the ordered interval point set includes the ordered data group interval points corresponding to the candidate data set obtained by the device to be queried according to the data query request. The data group serial number determining module 703 is configured to acquire the data to be queried, and determine the current data group serial number corresponding to the data to be queried according to the data to be queried and the ordered interval point set. The encrypted data calculation module 704 is used to calculate and obtain the first encrypted data according to the first preset prime number, the second preset prime number and the data to be queried, and send the first preset prime number, the first encrypted data and the current data group serial number to the to-be-queried data. The query device, so that the device to be queried obtains at least one current data corresponding to the serial number of the current data set, calculates and obtains the first encrypted data set according to the third preset prime number, the first preset prime number and the at least one current data, and obtains the first encrypted data set according to the first encrypted data and the third preset prime number to obtain the second encrypted data. The encrypted data processing module 705 is configured to receive the first encrypted data set and the second encrypted data, and calculate and obtain the second encrypted data set according to the first encrypted data set and the second preset prime number. The query result determination module 706 is configured to determine the query result corresponding to the data to be queried according to the second encrypted data and the second encrypted data set.
关于数据查询装置的具体限定可以参见上文中对于数据查询方法的限定,在此不再赘述。上述数据查询装置中的各个模块可全部或部分通过软件、硬件及其组合来实现。上述各模块可以硬件形式内嵌于或独立于计算机设备中的处理器中,也可以以软件形式存储于计算机设备中的存储器中,以便于处理器调用执行以上各个模块对应的操作。For the specific limitation of the data query device, reference may be made to the limitation of the data query method above, which will not be repeated here. Each module in the above-mentioned data query device can be implemented in whole or in part by software, hardware and combinations thereof. The above modules can be embedded in or independent of the processor in the computer device in the form of hardware, or stored in the memory in the computer device in the form of software, so that the processor can call and execute the operations corresponding to the above modules.
在一个实施例中,如图4所示,提供了一种数据查询系统800,该系统包括:查询设备801,用于获取数据查询请求,并将数据查询请求发送至待查询设备。待查询设备802,用于根据数据查询请求获取与候选数据集合对应的有序间隔点集,并将有序间隔点集返回至查询设备,有序间隔点集包括候选数据集合对应的有序数据组间隔点。查询设备801,还用于接收有序间隔点集,获取待查询数据,根据待查询数据和有序间隔点集确定待查询数据对应的当前数据组序号,根据第一预设质数、第二预设质数和待查询数据计算得到第一加密数据,将第一预设质数、第一加密数据和当前数据组序号发送至待查询设备。待查询设备802,还用于获取当前数据组序号对应的至少一个当前数据,根据第三预设质数、第一预设质数和至少一个当前数据计算得到第一加密数据集,根据第一加密数据和第三预设质数计算得到第二加密数据,并将第一加密数据集和第二加密数据返回至查询设备。查询设备801,还用于接收第一加密数据集和第二加密数据,根据第一加密数据集和第二预设质数计算得到第二加密数据集,根据第二加密数据和第二加密数据集确定待查询数据对应的查询结果。In one embodiment, as shown in FIG. 4 , a data query system 800 is provided. The system includes: a query device 801 for acquiring a data query request and sending the data query request to the device to be queried. The device to be queried 802 is configured to obtain the ordered interval point set corresponding to the candidate data set according to the data query request, and return the ordered interval point set to the query device, where the ordered interval point set includes the ordered data corresponding to the candidate data set Group interval points. The query device 801 is further configured to receive the ordered interval point set, obtain the data to be queried, determine the sequence number of the current data group corresponding to the to-be-queried data according to the to-be-queried data and the ordered interval point set, and according to the first preset prime number, the second preset The first encrypted data is obtained by calculating the prime number and the data to be queried, and the first preset prime number, the first encrypted data and the serial number of the current data group are sent to the device to be queried. The device to be queried 802 is further configured to obtain at least one current data corresponding to the serial number of the current data set, calculate and obtain a first encrypted data set according to the third preset prime number, the first preset prime number and the at least one current data, and obtain the first encrypted data set according to the first encrypted data and the third preset prime number to obtain second encrypted data, and return the first encrypted data set and the second encrypted data to the query device. The query device 801 is further configured to receive the first encrypted data set and the second encrypted data, calculate and obtain the second encrypted data set according to the first encrypted data set and the second preset prime number, and obtain the second encrypted data set according to the second encrypted data and the second encrypted data set Determine the query result corresponding to the data to be queried.
在一个实施例中,提供了一种计算机设备,该计算机设备可以是查询设备,查询设备可以是服务器,其内部结构图可以如图5所示。该计算机设备包括通过系统总线连接的处理器、存储器、网络接口和数据库。其中,该计算机设备的处理器用于提供计算和控制能力。该计算机设备的存储器包括非易失性存储介质、内存储器。该非易失性存储介质存储有操作系统、计算机程序和数据库。该内存储器为非易失性存储介质中的操作系统和计算机程序的运行提供环境。该计算机设备的数据库用于存储有序间隔点集和查询结果。该计算机设备的网络接口用于与外部的终端通过网络连接通信。该计算机程序被处理器执行时以实现一种数据查询方法。In one embodiment, a computer device is provided, the computer device may be a query device, the query device may be a server, and an internal structure diagram thereof may be shown in FIG. 5 . The computer device includes a processor, memory, a network interface, and a database connected by a system bus. Among them, the processor of the computer device is used to provide computing and control capabilities. The memory of the computer device includes a non-volatile storage medium, an internal memory. The nonvolatile storage medium stores an operating system, a computer program, and a database. The internal memory provides an environment for the execution of the operating system and computer programs in the non-volatile storage medium. The computer device's database is used to store ordered interval point sets and query results. The network interface of the computer device is used to communicate with an external terminal through a network connection. The computer program, when executed by the processor, implements a data query method.
本领域技术人员可以理解,图5中示出的结构,仅仅是与本申请方案相关的部分结构的框图,并不构成对本申请方案所应用于其上的计算机设备的限定,具体的计算机设备可以包括比图中所示更多或更少的部件,或者组合某些部件,或者具有不同的部件布置。Those skilled in the art can understand that the structure shown in FIG. 5 is only a block diagram of a part of the structure related to the solution of the present application, and does not constitute a limitation on the computer equipment to which the solution of the present application is applied. Include more or fewer components than shown in the figures, or combine certain components, or have a different arrangement of components.
以上实施例的各技术特征可以进行任意的组合,为使描述简洁,未对上述实施例中的各个技术特征所有可能的组合都进行描述,然而,只要这些技术特征的组合不存在矛盾,都应当认为是本说明书记载的范围。The technical features of the above embodiments can be combined arbitrarily. For the sake of brevity, all possible combinations of the technical features in the above embodiments are not described. However, as long as there is no contradiction in the combination of these technical features, all It is considered to be the range described in this specification.
以上所述实施例仅表达了本申请的几种实施方式,其描述较为具体和详细,但并不能因此而理解为对发明专利范围的限制。应当指出的是,对于本领域的普通技术人员来说,在不脱离本申请构思的前提下,还可以做出若干变形和改进,这些都属于本申请的保护范围。因此,本申请专利的保护范围应以所附权利要求为准。The above-mentioned embodiments only represent several embodiments of the present application, and the descriptions thereof are specific and detailed, but should not be construed as a limitation on the scope of the invention patent. It should be pointed out that for those skilled in the art, without departing from the concept of the present application, several modifications and improvements can be made, which all belong to the protection scope of the present application. Therefore, the scope of protection of the patent of the present application shall be subject to the appended claims.

Claims (15)

  1. 一种数据查询方法,其特征在于,所述方法包括:A data query method, characterized in that the method comprises:
    发送数据查询请求至待查询设备;Send a data query request to the device to be queried;
    接收有序间隔点集,所述有序间隔点集包括所述待查询设备根据所述数据查询请求获取与候选数据集合对应的有序数据组间隔点;receiving an ordered interval point set, where the ordered interval point set includes the to-be-queried device acquiring ordered data group interval points corresponding to the candidate data set according to the data query request;
    获取待查询数据,根据所述待查询数据和所述有序间隔点集确定所述待查询数据对应的当前数据组序号;Obtaining the data to be queried, and determining the current data group serial number corresponding to the data to be queried according to the data to be queried and the ordered interval point set;
    根据第一预设质数、第二预设质数和所述待查询数据计算得到第一加密数据,将所述第一预设质数、所述第一加密数据和所述当前数据组序号发送至所述待查询设备,以使所述待查询设备获取所述当前数据组序号对应的至少一个当前数据,根据第三预设质数、所述第一预设质数和所述至少一个当前数据计算得到第一加密数据集,根据所述第一加密数据和所述第三预设质数计算得到第二加密数据;Calculate the first encrypted data according to the first preset prime number, the second preset prime number and the data to be queried, and send the first preset prime number, the first encrypted data and the current data group serial number to the the device to be queried, so that the device to be queried obtains at least one current data corresponding to the serial number of the current data group, and obtains the first an encrypted data set, calculating and obtaining second encrypted data according to the first encrypted data and the third preset prime number;
    接收所述第一加密数据集和所述第二加密数据,根据所述第一加密数据集和所述第二预设质数计算得到第二加密数据集;receiving the first encrypted data set and the second encrypted data, and calculating the second encrypted data set according to the first encrypted data set and the second preset prime number;
    根据所述第二加密数据和所述第二加密数据集确定所述待查询数据对应的查询结果。A query result corresponding to the data to be queried is determined according to the second encrypted data and the second encrypted data set.
  2. 根据权利要求1所述的方法,其特征在于,所述根据所述待查询数据和所述有序间隔点集确定所述待查询数据对应的当前数据组序号,包括:The method according to claim 1, wherein the determining the current data group serial number corresponding to the data to be queried according to the data to be queried and the ordered interval point set comprises:
    从所述有序间隔点集中获取与所述待查询数据对应的相邻的两个目标间隔点;Obtain two adjacent target interval points corresponding to the data to be queried from the ordered interval point set;
    根据所述两个目标间隔点确定所述待查询数据对应的当前数据组序号。The current data group serial number corresponding to the data to be queried is determined according to the two target interval points.
  3. 根据权利要求1所述的方法,其特征在于,所述方法还包括:The method according to claim 1, wherein the method further comprises:
    发送当前有序间隔点集版本号查询请求至待查询设备,所述当前有序间隔点集版本号查询请求包括当前有序间隔点集版本号,以使所述待查询设备获取候选有序间隔点集版本号,比较所述当前有序间隔点集版本号和所述候选有序间隔点集版本号是否一致,若一致,则确定为第一版本号信息,若不一致,则确定为第二版本号信息,并返回,其中候选有序间隔点集版本号为待查询设备中目前有序间隔点集对应的版本号;Send the current ordered interval point set version number query request to the device to be queried, the current ordered interval point set version number query request includes the current ordered interval point set version number, so that the to-be-queried device obtains the candidate ordered interval Point set version number, compare whether the current ordered interval point set version number and the candidate ordered interval point set version number are consistent, if they are consistent, it is determined as the first version number information, if not, it is determined as the second version number. The version number information is returned, where the version number of the candidate ordered interval point set is the version number corresponding to the current ordered interval point set in the device to be queried;
    接收所述待查询设备返回的第一版本号信息,获取历史有序间隔点集,则将所述历史有序间隔点集作为有序间隔点集,进入步骤获取待查询数据,或;Receive the first version number information returned by the device to be queried, and obtain the historical ordered interval point set, then use the historical ordered interval point set as the ordered interval point set, and enter the step to obtain the data to be queried, or;
    接收所述待查询设备返回的第二版本号信息,则进入步骤发送数据查询请求至待查询设备。After receiving the second version number information returned by the device to be queried, enter the step of sending a data query request to the device to be queried.
  4. 根据权利要求1所述的方法,其特征在于,所述根据第一预设质数、第二预设质数和所述待查询数据计算得到第一加密数据,将所述第一预设质数、所述第一加密数据和所述当前数据组序号发送至所述待查询设备,以使所述待查询设备获取所述当前数据组序号对应的至少一个当前数据,根据第三预设质数、所述第一预设质数和所述至少一个当前数据计算得到第一加密数据集,根据所述第一加密数据和所述第三预设质数计算得到第二加密数据,包括:The method according to claim 1, wherein the first encrypted data is obtained by calculating according to the first preset prime number, the second preset prime number and the data to be queried, and the first preset prime number, the all The first encrypted data and the sequence number of the current data group are sent to the device to be queried, so that the device to be queried obtains at least one current data corresponding to the sequence number of the current data group, according to the third preset prime number, the The first encrypted data set is obtained by calculating the first preset prime number and the at least one current data, and the second encrypted data is obtained by calculating the first encrypted data and the third preset prime number, including:
    随机生成第一预设质数和第二预设质数;randomly generating a first preset prime number and a second preset prime number;
    将所述第一预设质数作为第一次加密的模,将所述第二预设质数作为所述待查询数据的指数,对所述待查询数据进行模指数运算计算,得到第一加密数据;The first preset prime number is used as the modulus of the first encryption, the second preset prime number is used as the exponent of the data to be queried, and the modulus exponent calculation is performed on the data to be queried to obtain the first encrypted data ;
    将所述第一预设质数、所述第一加密数据和所述当前数据组序号发送至待查询设备,以使所述待查询设备根据所述当前数据组序号获取对应的至少一个当前数据,随机生成第三预设质数,将所述第三预设质数作为所述当前数据的指数,将所述第一预设质数作为第二次加密的模,对所述至少一个当前数据进行模指数计算,得到第一加密数据集,将所述第三预设质数作为所述第一加密数据的指数,对所述第一加密数据进行模指数计算,得到第二加密数据。sending the first preset prime number, the first encrypted data and the current data group sequence number to the device to be queried, so that the device to be queried obtains at least one corresponding current data according to the current data group sequence number, Randomly generating a third preset prime number, using the third preset prime number as the exponent of the current data, using the first preset prime number as the modulus of the second encryption, and performing the modulus exponent on the at least one current data calculating to obtain a first encrypted data set, using the third preset prime number as an exponent of the first encrypted data, and performing modulo exponent calculation on the first encrypted data to obtain second encrypted data.
  5. 根据权利要求1所述的方法,其特征在于,所述根据所述第一加密数据集和所述第二预设质数计算得到第二加密数据集,包括:The method according to claim 1, wherein the calculating and obtaining the second encrypted data set according to the first encrypted data set and the second preset prime number comprises:
    将所述第二预设质数作为所述第一加密数据集的指数,对所述第一加密数据集进行模指数计算,得到第二加密数据集。The second preset prime number is used as an exponent of the first encrypted data set, and a modulo exponent calculation is performed on the first encrypted data set to obtain a second encrypted data set.
  6. 根据权利要求1所述的方法,其特征在于,所述根据所述第二加密数据和所述第二加密数据集确定所述待查询数据对应的查询结果,包括:The method according to claim 1, wherein the determining the query result corresponding to the data to be queried according to the second encrypted data and the second encrypted data set comprises:
    在所述第二加密数据与所述第二加密数据集的某一元素相同时,确定所述待查询数据对应的查询结果为第一查询结果,所述第一查询结果为所述待查询数据在所述候选数据集合中;When the second encrypted data is the same as an element of the second encrypted data set, it is determined that the query result corresponding to the data to be queried is the first query result, and the first query result is the data to be queried in the candidate data set;
    在所述第二加密数据与所述第二加密数据集任一元素均不相同时,确定所述待查询数据对应的查询结果为第二查询结果,所述第二查询结果为所述待查询数据不在所述候选数据集合中。When the second encrypted data is different from any element of the second encrypted data set, it is determined that the query result corresponding to the data to be queried is the second query result, and the second query result is the to-be-queried data Data is not in the candidate data set.
  7. 根据权利要求1所述的方法,其特征在于,所述有序间隔点集的生成步骤包括:The method according to claim 1, wherein the step of generating the ordered interval point set comprises:
    待查询设备获取候选数据集合,所述候选数据集合包括至少一个候选数据;The device to be queried acquires a candidate data set, where the candidate data set includes at least one candidate data;
    所述待查询设备根据预设哈希函数对所述候选数据集合中的候选数据进行处理,得到目标候选数据集合,所述目标候选数据集合包括至少一个候选哈希数据;The device to be queried processes the candidate data in the candidate data set according to a preset hash function to obtain a target candidate data set, where the target candidate data set includes at least one candidate hash data;
    所述待查询设备按照预设的规则对所述目标候选数据集合进行分组,得到多个候选数据组;The device to be queried groups the target candidate data set according to a preset rule to obtain a plurality of candidate data groups;
    所述待查询设备根据各个所述候选数据组中的候选哈希数据确定对应的数据组间隔点,根据各个所述数据组间隔点生成有序数据组间隔点集。The device to be queried determines a corresponding data group interval point according to the candidate hash data in each of the candidate data groups, and generates an ordered data group interval point set according to each of the data group interval points.
  8. 根据权利要求7所述的方法,其特征在于,所述待查询设备根据各个所述候选数据组中的候选哈希数据确定对应的数据组间隔点,包括:The method according to claim 7, wherein the device to be queried determines the corresponding data group interval points according to the candidate hash data in each of the candidate data groups, comprising:
    所述待查询设备获取当前候选数据组,获取当前候选数据组中的当前候选哈希数据,获取上一个候选数据组中的目标候选哈希数据,根据所述当前候选哈希数据和所述目标候选哈希数据计算得到当前数据组间隔点,获取下一个候选数据组,将所述下一个候选数据组作为当前候选数据组,返回步骤获取当前候选数据组中的当前候选哈希数据,直至得到所述数据组间隔点。The device to be queried obtains the current candidate data group, obtains the current candidate hash data in the current candidate data group, and obtains the target candidate hash data in the previous candidate data group, according to the current candidate hash data and the target The candidate hash data is calculated to obtain the current data group interval point, the next candidate data group is obtained, the next candidate data group is used as the current candidate data group, and the return step is to obtain the current candidate hash data in the current candidate data group, until the The data set interval points.
  9. 一种数据集处理方法,其特征在于,包括:A data set processing method, comprising:
    获取候选数据集合,所述候选数据集合包括至少一个候选数据;Obtaining a candidate data set, the candidate data set includes at least one candidate data;
    根据预设哈希函数对所述候选数据集合中的至少一个候选数据进行处理,得到目标候选数据集合,所 述目标候选数据集合包括至少一个候选哈希数据;According to the preset hash function, at least one candidate data in the candidate data set is processed to obtain a target candidate data set, and the target candidate data set includes at least one candidate hash data;
    按照预设的规则对所述目标候选数据集合进行分组,得到多个候选数据组;Group the target candidate data sets according to preset rules to obtain multiple candidate data groups;
    根据各个所述候选数据组中的候选哈希数据确定对应的数据组间隔点,根据各个所述数据组间隔点生成有序数据组间隔点集。A corresponding data group interval point is determined according to the candidate hash data in each of the candidate data groups, and an ordered data group interval point set is generated according to each of the data group interval points.
  10. 根据权利要求9所述的方法,其特征在于,所述根据各个所述候选数据组中的候选哈希数据确定对应的数据组间隔点,包括:The method according to claim 9, wherein the determining a corresponding data group interval point according to the candidate hash data in each of the candidate data groups comprises:
    获取当前候选数据组,获取当前候选数据组中的当前候选哈希数据,获取上一个候选数据组中的目标候选哈希数据,根据所述当前候选哈希数据和所述目标候选哈希数据计算得到当前数据组间隔点,获取下一个候选数据组,将所述下一个候选数据组作为当前候选数据组,返回步骤获取当前候选数据组中的当前候选哈希数据,直至得到所述数据组间隔点。Obtain the current candidate data group, obtain the current candidate hash data in the current candidate data group, obtain the target candidate hash data in the previous candidate data group, and calculate according to the current candidate hash data and the target candidate hash data Obtain the current data group interval point, obtain the next candidate data group, take the next candidate data group as the current candidate data group, and return to the step to obtain the current candidate hash data in the current candidate data group, until the data group interval is obtained point.
  11. 根据权利要求9或10所述的方法,其特征在于,所述方法还包括:The method according to claim 9 or 10, wherein the method further comprises:
    接收新增加的候选哈希数据,将新增加的候选哈希数据插入其对应的第一数据组内;Receive the newly added candidate hash data, and insert the newly added candidate hash data into its corresponding first data group;
    判断所述第一数据组内的数据数量是否超出设定范围:Determine whether the amount of data in the first data group exceeds the set range:
    若是,则从所述第一数据组内重新确定数据组间隔点,根据各个数据组间隔点更新有序数据组间隔点集。If so, re-determine the data group interval points from the first data group, and update the ordered data group interval point set according to each data group interval point.
  12. 一种数据查询装置,其特征在于,所述装置包括:A data query device, characterized in that the device comprises:
    查询请求发送模块,用于发送数据查询请求至待查询设备;The query request sending module is used to send a data query request to the device to be queried;
    有序间隔集接收模块,用于接收有序间隔点集,所述有序间隔点集包括所述待查询设备根据所述数据查询请求获取与候选数据集合对应的有序数据组间隔点;an ordered interval set receiving module, configured to receive an ordered interval point set, where the ordered interval point set includes the ordered data group interval points corresponding to the candidate data set obtained by the device to be queried according to the data query request;
    数据组序号确定模块,用于获取待查询数据,根据所述待查询数据和所述有序间隔点集确定所述待查询数据对应的当前数据组序号;a data group serial number determining module, configured to acquire the data to be queried, and determine the current data group serial number corresponding to the data to be queried according to the data to be queried and the ordered interval point set;
    加密数据计算模块,用于根据第一预设质数、第二预设质数和所述待查询数据计算得到第一加密数据,将所述第一预设质数、所述第一加密数据和所述当前数据组序号发送至待查询设备,以使所述待查询设备获取所述当前数据组序号对应的至少一个当前数据,根据第三预设质数、所述第一预设质数和所述至少一个当前数据计算得到第一加密数据集,根据所述第一加密数据和所述第三预设质数计算得到第二加密数据;An encrypted data calculation module, configured to calculate and obtain the first encrypted data according to the first preset prime number, the second preset prime number and the data to be queried, and calculate the first preset prime number, the first encrypted data and the The serial number of the current data group is sent to the device to be queried, so that the device to be queried obtains at least one current data corresponding to the serial number of the current data group, according to the third preset prime number, the first preset prime number and the at least one The current data is calculated to obtain the first encrypted data set, and the second encrypted data is obtained by calculation according to the first encrypted data and the third preset prime number;
    加密数据处理模块,用于接收所述第一加密数据集和所述第二加密数据,根据所述第一加密数据集和所述第二预设质数计算得到第二加密数据集;以及an encrypted data processing module, configured to receive the first encrypted data set and the second encrypted data, and calculate and obtain a second encrypted data set according to the first encrypted data set and the second preset prime number; and
    查询结果确定模块,用于根据所述第二加密数据和所述第二加密数据集确定所述待查询数据对应的查询结果。A query result determination module, configured to determine a query result corresponding to the data to be queried according to the second encrypted data and the second encrypted data set.
  13. 一种数据查询系统,其特征在于,所述系统包括:A data query system, characterized in that the system includes:
    查询设备,用于获取数据查询请求,并将所述数据查询请求发送至待查询设备;以及an inquiry device, configured to obtain a data inquiry request and send the data inquiry request to the device to be inquired; and
    待查询设备,用于根据所述数据查询请求获取与候选数据集合对应的有序间隔点集,并将所述有序间 隔点集返回至所述查询设备,所述有序间隔点集包括所述候选数据集合对应的有序数据组间隔点;A device to be queried, configured to obtain an ordered interval point set corresponding to the candidate data set according to the data query request, and return the ordered interval point set to the query device, where the ordered interval point set includes all The ordered data group interval corresponding to the candidate data set;
    所述查询设备,还用于接收有序间隔点集,获取待查询数据,根据所述待查询数据和所述有序间隔点集确定所述待查询数据对应的当前数据组序号,根据第一预设质数、第二预设质数和所述待查询数据计算得到第一加密数据,将所述第一预设质数、所述第一加密数据和所述当前数据组序号发送至所述待查询设备;The query device is further configured to receive an ordered interval point set, obtain the data to be queried, determine the current data group serial number corresponding to the to-be-queried data according to the to-be-queried data and the ordered interval point set, and according to the first The preset prime number, the second preset prime number and the data to be queried are calculated to obtain the first encrypted data, and the first preset prime number, the first encrypted data and the sequence number of the current data group are sent to the to-be-queried data equipment;
    所述待查询设备,还用于获取所述当前数据组序号对应的至少一个当前数据,根据第三预设质数、所述第一预设质数和所述至少一个当前数据计算得到第一加密数据集,根据所述第一加密数据和所述第三预设质数计算得到第二加密数据,并将所述第一加密数据集和所述第二加密数据返回至所述查询设备;The device to be queried is further configured to obtain at least one current data corresponding to the current data group serial number, and obtain the first encrypted data according to the third preset prime number, the first preset prime number and the at least one current data set, calculate and obtain second encrypted data according to the first encrypted data and the third preset prime number, and return the first encrypted data set and the second encrypted data to the query device;
    所述查询设备,还用于接收所述第一加密数据集和所述第二加密数据,根据所述第一加密数据集和所述第二预设质数计算得到第二加密数据集,根据所述第二加密数据和所述第二加密数据集确定所述待查询数据对应的查询结果。The query device is further configured to receive the first encrypted data set and the second encrypted data, calculate and obtain a second encrypted data set according to the first encrypted data set and the second preset prime number, and obtain the second encrypted data set according to the first encrypted data set and the second preset prime number. The second encrypted data and the second encrypted data set determine a query result corresponding to the data to be queried.
  14. 一种计算机设备,包括存储器、处理器及存储在存储器上并可在处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时实现权利要求1至11中任一项所述方法的步骤。A computer device, comprising a memory, a processor and a computer program stored on the memory and running on the processor, characterized in that, when the processor executes the computer program, any one of claims 1 to 11 is implemented the steps of the method.
  15. 一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时实现权利要求1至11中任一项所述的方法的步骤。A computer-readable storage medium on which a computer program is stored, characterized in that, when the computer program is executed by a processor, the steps of the method according to any one of claims 1 to 11 are implemented.
PCT/CN2020/140634 2020-11-10 2020-12-29 Data query method, apparatus and system, and data set processing method WO2022099891A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011249438.5 2020-11-10
CN202011249438.5A CN112328640A (en) 2020-11-10 2020-11-10 Data query method, device and system and data set processing method

Publications (1)

Publication Number Publication Date
WO2022099891A1 true WO2022099891A1 (en) 2022-05-19

Family

ID=74317749

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/140634 WO2022099891A1 (en) 2020-11-10 2020-12-29 Data query method, apparatus and system, and data set processing method

Country Status (2)

Country Link
CN (1) CN112328640A (en)
WO (1) WO2022099891A1 (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104038349A (en) * 2014-07-03 2014-09-10 西安电子科技大学 Effective and verifiable public key searching encryption method based on KP-ABE
CN104794237A (en) * 2015-05-07 2015-07-22 中国人民大学 Web page information processing method and device
US20180365315A1 (en) * 2016-02-18 2018-12-20 Oath Inc. Method and system for searching encrypted data
US20190102571A1 (en) * 2017-10-03 2019-04-04 Servicenow, Inc. Searching for encrypted data within cloud based platform
CN110096899A (en) * 2019-04-29 2019-08-06 腾讯科技(深圳)有限公司 A kind of data query method and device
CN111541679A (en) * 2020-04-17 2020-08-14 武汉大学 Image security retrieval method based on secret sharing in cloud environment

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104038349A (en) * 2014-07-03 2014-09-10 西安电子科技大学 Effective and verifiable public key searching encryption method based on KP-ABE
CN104794237A (en) * 2015-05-07 2015-07-22 中国人民大学 Web page information processing method and device
US20180365315A1 (en) * 2016-02-18 2018-12-20 Oath Inc. Method and system for searching encrypted data
US20190102571A1 (en) * 2017-10-03 2019-04-04 Servicenow, Inc. Searching for encrypted data within cloud based platform
CN110096899A (en) * 2019-04-29 2019-08-06 腾讯科技(深圳)有限公司 A kind of data query method and device
CN111541679A (en) * 2020-04-17 2020-08-14 武汉大学 Image security retrieval method based on secret sharing in cloud environment

Also Published As

Publication number Publication date
CN112328640A (en) 2021-02-05

Similar Documents

Publication Publication Date Title
CN107807951B (en) Block chain generation method, data verification method, node and system
Pasupuleti et al. An efficient and secure privacy-preserving approach for outsourced data of resource constrained mobile devices in cloud computing
CN107948152B (en) Information storage method, information acquisition method, information storage device, information acquisition device and information acquisition equipment
CN108197499B (en) Verifiable ciphertext data range query method
CN114398427A (en) Improving searching ability of special encrypted data
CN109766707B (en) Data processing method, device, equipment and medium based on block chain
CN112347508A (en) Block chain data sharing encryption and decryption method and system
Zhang et al. Dynamic and Efficient Private Keyword Search over Inverted Index--Based Encrypted Data
EP3289483A1 (en) Secure multi-party information retrieval
CN111788791A (en) Computer-implemented voting process and system
Xu et al. DNA similarity search with access control over encrypted cloud data
WO2020140626A1 (en) Salt-based data possession verification method and terminal device
WO2022099893A1 (en) Data query method, apparatus and system, and data set processing method
CN113901425A (en) Method, device, storage medium and equipment for solving intersection safely by multiple parties
Zhu et al. Privacy-preserving search for a similar genomic makeup in the cloud
CN113434906B (en) Data query method, device, computer equipment and storage medium
Ibrahim et al. Towards efficient yet privacy-preserving approximate search in cloud computing
Popic et al. Privacy-preserving read mapping using locality sensitive hashing and secure kmer voting
WO2022099891A1 (en) Data query method, apparatus and system, and data set processing method
WO2022110716A1 (en) Cold start recommendation method and apparatus, computer device and storage medium
CN111464312B (en) Method and device for processing account addresses in blockchain and electronic equipment
WO2021052033A1 (en) Data calling method and apparatus, and device and computer readable storage medium
CN115310137A (en) Secrecy method and related device of intelligent settlement system
CN112468521B (en) Data processing method and device based on privacy protection and server
CN114140115A (en) Block chain transaction pool fragmentation method, system, storage medium and computer system

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20961444

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20961444

Country of ref document: EP

Kind code of ref document: A1