CN109144993B - Data query method and device - Google Patents
Data query method and device Download PDFInfo
- Publication number
- CN109144993B CN109144993B CN201710457947.9A CN201710457947A CN109144993B CN 109144993 B CN109144993 B CN 109144993B CN 201710457947 A CN201710457947 A CN 201710457947A CN 109144993 B CN109144993 B CN 109144993B
- Authority
- CN
- China
- Prior art keywords
- encryption
- vector
- query
- data
- vectors
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 74
- 239000013598 vector Substances 0.000 claims abstract description 348
- 238000006243 chemical reaction Methods 0.000 claims description 32
- 230000009466 transformation Effects 0.000 claims description 8
- 238000010276 construction Methods 0.000 claims description 4
- 230000008569 process Effects 0.000 abstract description 20
- 241000183024 Populus tremula Species 0.000 description 11
- 238000010586 diagram Methods 0.000 description 5
- 230000001360 synchronised effect Effects 0.000 description 4
- 238000005516 engineering process Methods 0.000 description 3
- 238000012545 processing Methods 0.000 description 3
- 238000004088 simulation Methods 0.000 description 3
- 230000003068 static effect Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 238000005034 decoration Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 239000011159 matrix material Substances 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 238000002474 experimental method Methods 0.000 description 1
- 239000002184 metal Substances 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a data query method and a data query device, wherein the data query method comprises the following steps: the method comprises the steps of obtaining an encrypted data set corresponding to a queried data set and a first encrypted vector corresponding to a query point vector, respectively converting a second encrypted vector in the encrypted data set to obtain a converted data set composed of a third encrypted vector, converting the first encrypted vector to obtain a fourth encrypted vector, constructing an index tree based on the converted data set, and performing neighbor query on the index tree by using the fourth encrypted vector to obtain a query result. The scheme of the invention can carry out neighbor query on the index tree constructed based on the encrypted and converted data set, obtains the sub-linear query efficiency on the premise of ensuring the security of the queried data set and the correctness of the query result, and can quickly finish the query process even if the data volume of the queried data set is larger because the constructed index tree is used for carrying out neighbor query.
Description
Technical Field
The present invention relates to the field of data processing technologies, and in particular, to a data query method and apparatus.
Background
In recent years, in the field of spatial database research, a K Nearest Neighbor (KNN) query method is a research focus and focus. By K-nearest neighbor query is generally meant that K (one or more) nearest data points are sought in the queried data set to a given query point.
Currently, in order to ensure the security of a queried data set, when a query point vector is used to perform K neighbor query on the queried data set, a data point vector in the queried data set is usually encrypted to obtain an encrypted data set, and then the K neighbor query is performed based on the encrypted data set. One method for encrypting the queried data set is, for example, an ASPE encryption (i.e., asymmetric number product preserving encryption) method.
Although the method for performing the K neighbor query based on the encrypted data set can ensure the security of the queried data set, each encrypted data point vector in the encrypted data set needs to be traversed in the K neighbor query process, the query complexity is high, the sub-linear query efficiency cannot be obtained, and the method is not suitable for large-scale data sets.
Disclosure of Invention
The embodiment of the invention aims to provide a data query method and a data query device, and aims to solve the problem that the existing method for K neighbor query based on an encrypted data set cannot achieve sub-linear query efficiency.
In a first aspect, an embodiment of the present invention provides a data query method, including:
acquiring an encrypted data set corresponding to a queried data set and a first encrypted vector corresponding to a query point vector, wherein the encrypted data set comprises a plurality of second encrypted vectors, and each second encrypted vector corresponds to a data point vector in the queried data set;
respectively converting second encryption vectors in the encryption data sets to obtain conversion data sets consisting of third encryption vectors, and converting the first encryption vectors to obtain fourth encryption vectors, wherein the magnitude relation between the distances between the fourth encryption vectors and any two third encryption vectors is consistent with the magnitude relation between the distances between the query point vectors and the data point vectors corresponding to any two third encryption vectors;
constructing an index tree based on the transformation dataset;
and performing neighbor query on the index tree by using the fourth encryption vector to obtain a query result.
In a second aspect, an embodiment of the present invention further provides a data query apparatus, including:
the device comprises a first obtaining module, a second obtaining module and a third obtaining module, wherein the first obtaining module is used for obtaining an encrypted data set corresponding to a queried data set and a first encrypted vector corresponding to a query point vector, the encrypted data set comprises a plurality of second encrypted vectors, and each second encrypted vector corresponds to a data point vector in the queried data set;
the conversion module is used for respectively converting second encryption vectors in the encryption data sets to obtain conversion data sets consisting of third encryption vectors and converting the first encryption vectors to obtain fourth encryption vectors, wherein the magnitude relation between the distances between the fourth encryption vectors and any two third encryption vectors is consistent with the magnitude relation between the distances between the query point vectors and the data point vectors corresponding to any two third encryption vectors;
a construction module for constructing an index tree based on the transformation dataset;
and the first query module is used for performing neighbor query on the index tree by using the fourth encryption vector to obtain a query result.
In a third aspect, an embodiment of the present invention further provides a server, including a memory, a processor, and a data query program stored on the memory and executable on the processor, where the processor executes the data query program, so as to implement the steps in the data query method.
In a fourth aspect, an embodiment of the present invention further provides a computer-readable storage medium, on which a data query program is stored, where the data query program, when executed by a processor, implements the steps in the data query method.
The data query method of the embodiment of the invention obtains the encrypted data set corresponding to the queried data set and the first encrypted vector corresponding to the query point vector, respectively converts the second encrypted vector in the encrypted data set to obtain the converted data set consisting of the third encrypted vector, and, converting the first encryption vector to obtain a fourth encryption vector, constructing an index tree based on the conversion data set, performing neighbor query on the index tree by using the fourth encryption vector to obtain a query result, thereby being capable of carrying out neighbor query on the index tree constructed based on the encrypted and converted data set, on the premise of ensuring the safety of the queried data set and the correctness of the query result, the query efficiency of the sub-linearity is obtained, and because the constructed index tree is used for carrying out neighbor query, the query process can be completed faster even if the data volume of the queried data set is larger.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required to be used in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive labor.
FIG. 1 is a diagram illustrating a scenario in which a data query method according to an embodiment of the present invention is applicable;
FIG. 2 is a schematic diagram of the internal structure of the server in FIG. 1;
FIG. 3 is a flow chart of a data query method of an embodiment of the present invention;
FIG. 4 is a schematic structural diagram of a data query device according to an embodiment of the present invention;
FIG. 5 is a second schematic diagram of a data query device according to an embodiment of the present invention;
fig. 6 is a schematic structural diagram of a server according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, not all, embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 1 is a schematic view of a scenario in which the data query method according to the embodiment of the present invention is applicable, and as shown in fig. 1, the scenario includes a terminal 101 and a server 102, and the terminal 101 and the server 102 communicate with each other through a network. The terminal 101 may be a smart phone, a tablet computer, a notebook computer, a desktop computer, or the like, but is not limited thereto. The server 102 may be a cloud server. Alternatively, the internal structure of the server 102 in fig. 1 is as shown in fig. 2, and the server 102 includes a processor, a storage medium, a memory, and a network interface connected by a system bus. The storage medium of the server 102 stores an operating system, a database for storing data, such as an encrypted data set corresponding to an inquired data set, and a data query apparatus for implementing a data query method suitable for the server 102. The processors of the server 102 are used to provide computing and control capabilities to support the operation of the entire server 102. The memory of the server 102 provides an environment for the operation of the data querying device in the storage medium. The network interface of the server 102 is used for communicating with the external terminal 101 through a network connection, such as receiving an encrypted data set corresponding to the queried data set and an encrypted vector corresponding to the query point vector sent by the terminal, and sending the query result to the terminal 101.
The data query method of the present invention is described below with some specific embodiments.
Referring to fig. 3, an embodiment of the present invention provides a data query method applied to a server, including:
step 301: and acquiring an encrypted data set corresponding to the queried data set and a first encrypted vector corresponding to the query point vector.
The queried data set comprises a plurality of data point vectors, the data point vectors are encrypted to obtain second encryption vectors, namely the encryption data set corresponding to the queried data set comprises a plurality of second encryption vectors, and each second encryption vector corresponds to one data point vector in the queried data set. The server in the embodiment of the present invention may specifically be a cloud server.
Step 302: and respectively converting the second encryption vectors in the encryption data sets to obtain conversion data sets consisting of third encryption vectors, and converting the first encryption vectors to obtain fourth encryption vectors.
The conversion of the encrypted data set into the converted data set is mainly to prepare for the subsequent construction of the index tree, and the result consistent with that obtained when the queried data set is used for neighbor query can be obtained when neighbor query is carried out on the index tree constructed based on the converted data set. Specifically, after the conversion in step 302, the magnitude relationship between the distances between the fourth encryption vector and any two third encryption vectors may be consistent with the magnitude relationship between the distances between the query point vector and the data point vectors corresponding to the any two third encryption vectors. In the embodiment of the present invention, the distance may specifically be a euclidean distance.
Step 303: an index tree is constructed based on the transformed dataset.
The index tree constructed in the embodiment of the present invention may be an R tree or a KD tree, as long as the index tree is suitable for neighbor query, and the embodiment of the present invention does not limit the type of the index tree.
Step 304: and performing neighbor query on the index tree by using the fourth encryption vector to obtain a query result.
The neighbor query performed on the index tree may specifically be a k neighbor query. After obtaining the query result, the server can send the query result to the terminal.
The data query method of the embodiment of the invention obtains the encrypted data set corresponding to the queried data set and the first encrypted vector corresponding to the query point vector, respectively converts the second encrypted vector in the encrypted data set to obtain the converted data set consisting of the third encrypted vector, and, converting the first encryption vector to obtain a fourth encryption vector, constructing an index tree based on the conversion data set, performing neighbor query on the index tree by using the fourth encryption vector to obtain a query result, thereby being capable of carrying out neighbor query on the index tree constructed based on the encrypted and converted data set, on the premise of ensuring the safety of the queried data set and the correctness of the query result, the query efficiency of the sub-linearity is obtained, and because the constructed index tree is used for carrying out neighbor query, the query process can be completed faster even if the data volume of the queried data set is larger.
In the embodiment of the present invention, in order to ensure the security of the queried data set, a manner for the server to obtain the encrypted data set corresponding to the queried data set and the first encrypted vector corresponding to the query point vector may specifically be:
and receiving an encrypted data set corresponding to the queried data set and a first encrypted vector corresponding to the query point vector, which are sent by the terminal.
Therefore, the terminal encrypts the queried data set, the server can only acquire the encrypted data set corresponding to the queried data set and does not know the queried data, and therefore the security of the queried data set can be guaranteed in the data query process.
Specifically, when encrypting the queried data set, the encryption may be performed based on a dot product comparison of encrypted data. After encryption, the following correspondence relationship may exist between the queried data set and the encrypted data set: the magnitude relation between the number products of the first encryption vector and any two second encryption vectors is consistent with the magnitude relation between the distance between the query point vector and the data point vectors corresponding to the any two second encryption vectors. The common encryption method is, for example, an ASPE encryption method, that is, the queried data set in the embodiment of the present invention may be converted into a corresponding encrypted data set through ASPE encryption.
Next, an encryption process in the embodiment of the present invention will be described by taking an ASPE encryption method as an example.
Assume that the queried data set is { P }1,P2,…,PnWith each data point vector PiHaving d dimensions, i.e.Pi=(Pi1,Pi2,…,Pid) (ii) a The query point vector is denoted as Q, and has d dimensions, i.e., Q ═ Q (Q)1,Q2,…,Qd);PiAnd the result after Q encryption is Pi'and Q'. Vector of data points PiThe distance from the query point vector Q is the Euclidean distance and is recorded as
For example, the specific process of ASPE encryption may be: first, randomly selecting a matrix M of (d +1) × (d + 1); then, calculate
And
wherein the content of the first and second substances,
thus, for any of i and h, there is
Therefore, the temperature of the molten metal is controlled,
if and only if D (P)i,Q)>D(PhQ). And further obtaining P through the encryption of the matrix Mi′Q′>Ph'Q' is if and only if D (P)i,Q)>D(Ph,Q)。
In the embodiment of the present invention, to ensure that the subsequently constructed index tree can perform correct neighbor query, the conversion process performed by the server on the second encryption vector and the first encryption vector may specifically be:
respectively encrypting second encryption vectors P in the encryption data sets according to a first formula by using a preset positive number Ti' conversion to obtain the third encrypted vector Ai(ii) a And
converting the first encryption vector Q' according to a second formula to obtain a fourth encryption vector B;
wherein the first formula is:
the second formula is: b (-k)3Q′,0,b)。
Wherein, Pi'and Q' have the same dimension, a and b are preset vectors of a first dimension, the first dimension is greater than or equal to 0, and
k2||Pi′||2<T,k1k3>0。
in the following, with reference to the above-mentioned ASPE encryption process, it is described that the conversion process according to the embodiment of the present invention can ensure that the subsequently constructed index tree can perform correct neighbor query.
For example, Pi' conversion to give AiQ' conversion to obtain B, D (A)iAnd B) represents the vector AiAnd the euclidean distance of B may be specifically expressed as:
D(Ai,B)2=(k1Pi′+k3Q′)2+(T-k2||Pi′||2)+(a-b)2
=(||k1Pi′||2+2k1k3Pi′Q′+||k3Q′||2)+(T-k2||Pi′||2)+(a-b)2
=2k1k3Pi′Q′+(||k3Q′||2+T)+(k1 2-k2)||Pi′||2+(a-b)2
=2k1k3Pi′Q′+(||k3Q′||2+T)+(a-b)2
then, for any of i and h: d (A)i,B)2-D(Ah,B)2=2k1k3Pi′Q′-2k1k3Ph'Q'. Due to k1k3> 0, so that: d (A)i,B)>D(AhB) if and only if Pi′Q′>Ph′Q′。
Further, since P is obtained based on the ASPE encryption process described abovei′Q′>Ph'Q' is if and only if D (P)i,Q)>D(PhQ), therefore, D (A) can be obtained after the conversion process of the embodiment of the inventioni,B)>D(AhB) if and only if D (P)i,Q)>D(PhQ), that is, when a neighbor query is performed on an index tree constructed based on the transformation data set, a correct query result can be obtained.
In the embodiment of the invention, because the index tree for neighbor query is constructed based on the conversion data set and is not processed after the construction is finished, when the queried data set is updated, the existing index tree can be updated directly according to the encryption vector corresponding to the data point vector to be updated after the encryption vector corresponding to the data point vector to be updated is determined, and the updated index tree is obtained.
Based on this, the data query method of the embodiment of the present invention may further include:
acquiring indication information of a data point vector to be updated sent by a terminal, wherein the data point vector to be updated comprises at least one of the following vectors: adding a data point vector, a data point vector to be deleted and a data point vector to be modified;
determining a third encryption vector corresponding to the data point vector to be updated according to the indication information;
updating the index tree according to a third encryption vector corresponding to the data point vector to be updated to obtain an updated index tree;
and performing neighbor query on the updated index tree by using the fourth encryption vector to obtain an updated query result.
For example, when the data point vector to be updated is a new data point vector, the server obtains the indication information of the data point vector to be updated may specifically be to receive a second encryption vector corresponding to the new data point vector sent by the terminal, and after receiving the second encryption vector corresponding to the new data point vector, the server may calculate a third encryption vector corresponding to the new data point vector by using the first formula, update the index tree by using the third encryption vector, and perform neighbor query on the updated index tree to obtain an updated query result.
For another example, when the data point vector to be updated is the data point vector to be deleted, the server obtains the indication information of the data point vector to be updated, which may specifically be that the receiving terminal sends a number corresponding to the data point vector to be deleted, and after receiving the number corresponding to the data point vector to be deleted, the server may directly delete the third encrypted vector corresponding to the data point vector to be deleted from the index tree according to the number to update the index tree, and perform neighbor query on the updated index tree to obtain the updated query result.
For another example, when the data point vector to be updated is the data point vector to be modified, the server obtains the indication information of the data point vector to be updated, which may specifically be, after receiving the second encrypted vector and the number corresponding to the data point vector to be modified sent by the terminal, the server may first delete the third encrypted vector corresponding to the number in the index tree according to the number, then calculate the third encrypted vector corresponding to the data point vector to be modified, update the index tree by using the third encrypted vector, and perform neighbor query on the updated index tree to obtain the updated query result.
Therefore, the data query method of the embodiment of the invention can effectively support the dynamic change of the queried data set, when the queried data set is updated (data point vectors are added, deleted or modified), the updating of the corresponding index tree can be completed only by acquiring the relevant information of the data point vectors to be updated, the whole queried data set does not need to be considered in the process of updating the index tree, the updating process is simplified, and the updating efficiency of the server is improved.
In the following, the results of the simulation experiments are compared to illustrate that compared with the data query method based on the ASPE encryption, the data query method according to the embodiment of the present invention can save a large amount of query time.
In the simulation experiment, the configuration environment of the experiment platform is an Intel Core i33.3ghz CPU 8G memory, and the operating system is Ubuntu 14.04. The results of the simulation run are shown in table 1. In Table 1, T1Represents the time (average of 10 runs in ms), T, of the ASPE encryption-based data query method2Represents the running time (average value of 10 runs, unit is ms) of the data query method of the embodiment of the invention, n represents the number of data points in the queried data set, p represents the saving ratio, and
| n | 5 ten thousand | 10 ten thousand | 20 ten thousand | 40 ten thousand | 60 ten thousand | 80 ten thousand | 100 ten thousand |
| T1 | 77.5 | 130.1 | 269 | 537 | 784.6 | 1035 | 1308 |
| T2 | 8.4 | 21.2 | 62.7 | 137.8 | 190.3 | 244.1 | 270.3 |
| p | 89.2% | 83.7% | 76.7% | 74.3% | 75.7% | 76.4% | 79.3% |
TABLE 1
As can be seen from table 1, compared with the data query method based on ASPE encryption, the data query method according to the embodiment of the present invention can save about more than 74% of the query time, that is, under the same condition, the query time used by the data query method according to the embodiment of the present invention is only 1/4 of the query time used by the data query method based on ASPE encryption.
The above embodiments describe the data query method of the present invention, and the data query device of the present invention will be described with reference to the embodiments and the drawings.
Referring to fig. 4, an embodiment of the present invention further provides an apparatus for sending information, including:
a first obtaining module 41, configured to obtain an encrypted data set corresponding to a queried data set and a first encrypted vector corresponding to a query point vector, where the encrypted data set includes a plurality of second encrypted vectors, and each second encrypted vector corresponds to one data point vector in the queried data set;
a conversion module 42, configured to convert the second encryption vectors in the encryption data sets to obtain a conversion data set composed of third encryption vectors, and convert the first encryption vector to obtain a fourth encryption vector, where a magnitude relationship between a distance between the fourth encryption vector and any two third encryption vectors is consistent with a magnitude relationship between a distance between the query point vector and a data point vector corresponding to any two third encryption vectors;
a building module 43 for building an index tree based on the transformation dataset;
and the first query module 44 is configured to perform neighbor query on the index tree by using the fourth encryption vector to obtain a query result.
In this embodiment of the present invention, the first obtaining module 41 is specifically configured to:
and receiving an encrypted data set corresponding to the queried data set and a first encrypted vector corresponding to the query point vector, which are sent by a terminal.
Specifically, the following correspondence exists between the queried data set and the encrypted data set: and the magnitude relation between the number product of the first encryption vector and any two second encryption vectors is consistent with the magnitude relation between the distance between the query point vector and the data point vector corresponding to any two second encryption vectors.
In the embodiment of the present invention, the conversion module 42 is specifically configured to:
respectively encrypting second encryption vectors P in the encryption data sets according to a first formula by using a preset positive number Ti' conversion to obtain the third encrypted vector Ai(ii) a And
converting the first encryption vector Q' according to a second formula to obtain a fourth encryption vector B;
wherein the first formula is:
the second formula is: b (-k)3Q′,0,b);
Pi'and Q' have the same dimension, a and b are preset vectors of a first dimension, the first dimension is greater than or equal to 0, and
k2||Pi′||2<T,k1k3>0。
in the embodiment of the present invention, referring to fig. 5, the apparatus further includes:
a second obtaining module 45, configured to obtain indication information of a data point vector to be updated sent by a terminal, where the data point vector to be updated includes at least one of the following vectors: adding a data point vector, a data point vector to be deleted and a data point vector to be modified;
a determining module 46, configured to determine, according to the indication information, a third encrypted vector corresponding to the data point vector to be updated;
an updating module 47, configured to update the index tree according to the third encrypted vector corresponding to the data point vector to be updated, to obtain an updated index tree;
a second query module 48, configured to perform neighbor query on the updated index tree by using the fourth encrypted vector, so as to obtain an updated query result.
Specifically, the index tree may be an R tree or a KD tree.
The data query device of the embodiment of the invention obtains the encrypted data set corresponding to the queried data set and the first encrypted vector corresponding to the query point vector, respectively converts the second encrypted vector in the encrypted data set to obtain the converted data set consisting of the third encrypted vector, and, converting the first encryption vector to obtain a fourth encryption vector, constructing an index tree based on the conversion data set, performing neighbor query on the index tree by using the fourth encryption vector to obtain a query result, thereby being capable of carrying out neighbor query on the index tree constructed based on the encrypted and converted data set, on the premise of ensuring the safety of the queried data set and the correctness of the query result, the query efficiency of the sub-linearity is obtained, and because the constructed index tree is used for carrying out neighbor query, the query process can be completed faster even if the data volume of the queried data set is larger.
In addition, an embodiment of the present invention further provides a server, which includes a memory, a processor, and a data query program stored on the memory and executable on the processor, where the processor executes the data query program to implement the steps in the data query method.
Specifically, referring to fig. 6, the embodiment of the present invention further provides a server, where the server includes a bus 61, a transceiver 62, an antenna 63, a bus interface 64, a processor 65, and a memory 66.
The processor 65 is configured to read the program in the memory 66, and execute the following processes:
acquiring an encrypted data set corresponding to a queried data set and a first encrypted vector corresponding to a query point vector, wherein the encrypted data set comprises a plurality of second encrypted vectors, and each second encrypted vector corresponds to a data point vector in the queried data set;
respectively converting second encryption vectors in the encryption data sets to obtain conversion data sets consisting of third encryption vectors, and converting the first encryption vectors to obtain fourth encryption vectors, wherein the magnitude relation between the distances between the fourth encryption vectors and any two third encryption vectors is consistent with the magnitude relation between the distances between the query point vectors and the data point vectors corresponding to any two third encryption vectors;
constructing an index tree based on the transformation dataset;
and performing neighbor query on the index tree by using the fourth encryption vector to obtain a query result.
A transceiver 62 for receiving and transmitting data under the control of a processor 65.
Specifically, the processor 65 is further configured to: the control transceiver 62 receives the encrypted data set corresponding to the queried data set and the first encrypted vector corresponding to the query point vector sent by the terminal.
Specifically, the following correspondence exists between the queried data set and the encrypted data set: and the magnitude relation between the number product of the first encryption vector and any two second encryption vectors is consistent with the magnitude relation between the distance between the query point vector and the data point vector corresponding to any two second encryption vectors.
Specifically, the processor 65 is further configured to: respectively encrypting second encryption vectors P in the encryption data sets according to a first formula by using a preset positive number Ti' conversion to obtain the third encrypted vector Ai(ii) a Converting the first encryption vector Q' according to a second formula to obtain a fourth encryption vector B;
wherein the first formula is:
the second formula is: b (-k)3Q′,0,b);
Pi'and Q' have the same dimension, a and b are preset vectors of a first dimension, the first dimension is greater than or equal to 0, and
k2||Pi′||2<T,k1k3>0。
specifically, the processor 65 is further configured to: acquiring indication information of a data point vector to be updated sent by a terminal, wherein the data point vector to be updated comprises at least one of the following vectors: adding a data point vector, a data point vector to be deleted and a data point vector to be modified, determining a third encryption vector corresponding to the data point vector to be updated according to the indication information, updating the index tree according to the third encryption vector corresponding to the data point vector to be updated to obtain an updated index tree, and performing neighbor query on the updated index tree by using the fourth encryption vector to obtain an updated query result.
In fig. 6, a bus architecture (represented by bus 61), bus 61 may include any number of interconnected buses and bridges, bus 61 linking together various circuits including one or more processors, represented by processor 65, and memory, represented by memory 66. The bus 61 may also link together various other circuits such as peripherals, voltage regulators, power management circuits, and the like, which are well known in the art, and therefore, will not be described any further herein. A bus interface 64 provides an interface between the bus 61 and the transceiver 62. The transceiver 62 may be one element or a plurality of elements, such as a plurality of receivers and transmitters, providing a means for communicating with various other apparatus over a transmission medium. The data processed by the processor 65 is transmitted over a wireless medium via the antenna 63, and further, the antenna 63 receives the data and transmits the data to the processor 65.
The processor 65 is responsible for managing the bus 61 and general processing and may also provide various functions including timing, peripheral interfaces, voltage regulation, power management, and other control functions. And the memory 66 may be used to store data used by the processor 65 in performing operations.
Alternatively, the processor 65 may be a CPU, ASIC, FPGA or CPLD.
It will be appreciated that the memory 66 in embodiments of the invention may be either volatile memory or nonvolatile memory, or may include both volatile and nonvolatile memory. The non-volatile Memory may be a Read-Only Memory (ROM), a Programmable ROM (PROM), an Erasable PROM (EPROM), an Electrically Erasable PROM (EEPROM), or a flash Memory. Volatile Memory can be Random Access Memory (RAM), which acts as external cache Memory. By way of illustration and not limitation, many forms of RAM are available, such as Static random access memory (Static RAM, SRAM), Dynamic Random Access Memory (DRAM), Synchronous Dynamic random access memory (Synchronous DRAM, SDRAM), Double Data Rate Synchronous Dynamic random access memory (ddr Data Rate SDRAM, ddr SDRAM), Enhanced Synchronous SDRAM (ESDRAM), Synchlink DRAM (SLDRAM), and Direct Rambus RAM (DRRAM). The memory 66 of the systems and methods described herein is intended to comprise, without being limited to, these and any other suitable types of memory.
In some embodiments, memory 66 stores the following elements, executable modules or data structures, or a subset thereof, or an expanded set thereof: an operating system and an application program.
The operating system includes various system programs, such as a framework layer, a core library layer, a driver layer, and the like, and is used for implementing various basic services and processing hardware-based tasks. The application programs, including various application programs such as a Media Player (Media Player), a Browser (Browser), etc., are used to implement various application services. The program for implementing the method of the embodiment of the present invention may be included in the application program.
The server of the embodiment of the invention respectively converts the second encryption vectors in the encryption data sets by acquiring the encryption data set corresponding to the queried data set and the first encryption vector corresponding to the query point vector to obtain the conversion data set consisting of the third encryption vectors, and, converting the first encryption vector to obtain a fourth encryption vector, constructing an index tree based on the conversion data set, performing neighbor query on the index tree by using the fourth encryption vector to obtain a query result, thereby being capable of carrying out neighbor query on the index tree constructed based on the encrypted and converted data set, on the premise of ensuring the safety of the queried data set and the correctness of the query result, the query efficiency of the sub-linearity is obtained, and because the constructed index tree is used for carrying out neighbor query, the query process can be completed faster even if the data volume of the queried data set is larger.
An embodiment of the present invention further provides a computer-readable storage medium, on which a data query program is stored, where the data query program, when executed by a processor, implements the following steps:
acquiring an encrypted data set corresponding to a queried data set and a first encrypted vector corresponding to a query point vector, wherein the encrypted data set comprises a plurality of second encrypted vectors, and each second encrypted vector corresponds to a data point vector in the queried data set;
respectively converting second encryption vectors in the encryption data sets to obtain conversion data sets consisting of third encryption vectors, and converting the first encryption vectors to obtain fourth encryption vectors, wherein the magnitude relation between the distances between the fourth encryption vectors and any two third encryption vectors is consistent with the magnitude relation between the distances between the query point vectors and the data point vectors corresponding to any two third encryption vectors;
constructing an index tree based on the transformation dataset;
and performing neighbor query on the index tree by using the fourth encryption vector to obtain a query result.
Optionally, the data query program when executed by the processor may further implement the steps of: and receiving an encrypted data set corresponding to the queried data set and a first encrypted vector corresponding to the query point vector, which are sent by a terminal.
Optionally, the queried data set and the encrypted data set have a correspondence as follows: and the magnitude relation between the number product of the first encryption vector and any two second encryption vectors is consistent with the magnitude relation between the distance between the query point vector and the data point vector corresponding to any two second encryption vectors.
Optionally, the data query program when executed by the processor may further implement the steps of: respectively encrypting second encryption vectors P in the encryption data sets according to a first formula by using a preset positive number Ti' conversion to obtain the third encrypted vector Ai(ii) a Converting the first encryption vector Q' according to a second formula to obtain a fourth encryption vector B;
wherein the first formula is:
the second formula is: b (-k)3Q′,0,b);
Pi'and Q' have the same dimension, a and b are preset vectors of a first dimension, the first dimension is greater than or equal to 0, and
k2||Pi′||2<T,k1k3>0。
optionally, the data query program when executed by the processor may further implement the steps of: acquiring indication information of a data point vector to be updated sent by a terminal, wherein the data point vector to be updated comprises at least one of the following vectors: adding a data point vector, a data point vector to be deleted and a data point vector to be modified, determining a third encryption vector corresponding to the data point vector to be updated according to the indication information, updating the index tree according to the third encryption vector corresponding to the data point vector to be updated to obtain an updated index tree, and performing neighbor query on the updated index tree by using the fourth encryption vector to obtain an updated query result.
Computer-readable media, which include both non-transitory and non-transitory, removable and non-removable media, may implement the information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solutions of the present invention may be embodied in the form of a software product, which is stored in a storage medium (such as ROM/RAM, magnetic disk, optical disk) and includes instructions for enabling a terminal device (such as a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The foregoing is only a preferred embodiment of the present invention, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present invention, and these modifications and decorations should also be regarded as the protection scope of the present invention.
Claims (12)
1. A method for querying data, comprising:
acquiring an encrypted data set corresponding to a queried data set and a first encrypted vector corresponding to a query point vector, wherein the encrypted data set comprises a plurality of second encrypted vectors, and each second encrypted vector corresponds to a data point vector in the queried data set;
respectively converting second encryption vectors in the encryption data sets to obtain conversion data sets consisting of third encryption vectors, and converting the first encryption vectors to obtain fourth encryption vectors, wherein the magnitude relation between the distances between the fourth encryption vectors and any two third encryption vectors is consistent with the magnitude relation between the distances between the query point vectors and the data point vectors corresponding to any two third encryption vectors;
constructing an index tree based on the transformation dataset;
and performing neighbor query on the index tree by using the fourth encryption vector to obtain a query result.
2. The method according to claim 1, wherein the step of obtaining the encrypted data set corresponding to the queried data set and the first encrypted vector corresponding to the query point vector comprises:
and receiving an encrypted data set corresponding to the queried data set and a first encrypted vector corresponding to the query point vector, which are sent by a terminal.
3. The method of claim 1, wherein the queried data set and the encrypted data set have a correspondence as follows: and the magnitude relation between the number product of the first encryption vector and any two second encryption vectors is consistent with the magnitude relation between the distance between the query point vector and the data point vector corresponding to any two second encryption vectors.
4. The method according to claim 3, wherein said separately converting the second encrypted vectors in the encrypted data sets to obtain converted data sets comprising third encrypted vectors comprises:
respectively encrypting second encryption vectors P in the encryption data sets according to a first formula by using a preset positive number Ti' conversion to obtain the third encrypted vector Ai;
The converting the first encryption vector to obtain a fourth encryption vector includes:
converting the first encryption vector Q' according to a second formula to obtain a fourth encryption vector B;
wherein the first formula is:
the second formula is: b (-k)3Q′,0,b);
Pi'and Q' have the same dimension, a and b are preset vectors of a first dimension, the first dimension is greater than or equal to 0, and
k2||Pi′||2<T,k1k3>0。
5. the method of claim 1, further comprising:
acquiring indication information of a data point vector to be updated sent by a terminal, wherein the data point vector to be updated comprises at least one of the following vectors: adding a data point vector, a data point vector to be deleted and a data point vector to be modified;
determining a third encryption vector corresponding to the data point vector to be updated according to the indication information;
updating the index tree according to a third encryption vector corresponding to the data point vector to be updated to obtain an updated index tree;
and performing neighbor query on the updated index tree by using the fourth encryption vector to obtain an updated query result.
6. A data query apparatus, comprising:
the device comprises a first obtaining module, a second obtaining module and a third obtaining module, wherein the first obtaining module is used for obtaining an encrypted data set corresponding to a queried data set and a first encrypted vector corresponding to a query point vector, the encrypted data set comprises a plurality of second encrypted vectors, and each second encrypted vector corresponds to a data point vector in the queried data set;
the conversion module is used for respectively converting second encryption vectors in the encryption data sets to obtain conversion data sets consisting of third encryption vectors and converting the first encryption vectors to obtain fourth encryption vectors, wherein the magnitude relation between the distances between the fourth encryption vectors and any two third encryption vectors is consistent with the magnitude relation between the distances between the query point vectors and the data point vectors corresponding to any two third encryption vectors;
a construction module for constructing an index tree based on the transformation dataset;
and the first query module is used for performing neighbor query on the index tree by using the fourth encryption vector to obtain a query result.
7. The apparatus of claim 6, wherein the first obtaining module is specifically configured to:
and receiving an encrypted data set corresponding to the queried data set and a first encrypted vector corresponding to the query point vector, which are sent by a terminal.
8. The apparatus of claim 6, wherein the queried data set and the encrypted data set have a correspondence as follows: and the magnitude relation between the number product of the first encryption vector and any two second encryption vectors is consistent with the magnitude relation between the distance between the query point vector and the data point vector corresponding to any two second encryption vectors.
9. The apparatus of claim 8, wherein the conversion module is specifically configured to:
respectively encrypting second encryption vectors P in the encryption data sets according to a first formula by using a preset positive number Ti' conversion to obtain the third encrypted vector Ai(ii) a And
converting the first encryption vector Q' according to a second formula to obtain a fourth encryption vector B;
wherein the first formula is:
the second formula is: b (-k)3Q′,0,b);
Pi'and Q' have the same dimension, a and b are preset vectors of a first dimension, the first dimension is greater than or equal to 0, and
k2||Pi′||2<T,k1k3>0。
10. the apparatus of claim 6, further comprising:
a second obtaining module, configured to obtain indication information of a data point vector to be updated, where the data point vector to be updated includes at least one of the following vectors: adding a data point vector, a data point vector to be deleted and a data point vector to be modified;
the determining module is used for determining a third encryption vector corresponding to the data point vector to be updated according to the indication information;
the updating module is used for updating the index tree according to the third encryption vector corresponding to the data point vector to be updated to obtain an updated index tree;
and the second query module is used for performing neighbor query on the updated index tree by using the fourth encryption vector to obtain an updated query result.
11. A server comprising a memory, a processor and a data query program stored on the memory and operable on the processor, wherein the processor implements the steps of the data query method according to any one of claims 1 to 5 when executing the data query program.
12. A computer-readable storage medium having a data query program stored thereon, wherein the data query program, when executed by a processor, implements the steps in the data query method according to any one of claims 1 to 5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710457947.9A CN109144993B (en) | 2017-06-16 | 2017-06-16 | Data query method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201710457947.9A CN109144993B (en) | 2017-06-16 | 2017-06-16 | Data query method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109144993A CN109144993A (en) | 2019-01-04 |
| CN109144993B true CN109144993B (en) | 2021-07-27 |
Family
ID=64830550
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201710457947.9A Active CN109144993B (en) | 2017-06-16 | 2017-06-16 | Data query method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109144993B (en) |
Families Citing this family (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN112445943A (en) * | 2019-09-05 | 2021-03-05 | 阿里巴巴集团控股有限公司 | Data processing method, device and system |
| CN113779197B (en) * | 2021-09-09 | 2023-07-04 | 中国电子科技集团公司信息科学研究院 | Data set searching method and device, storage medium and terminal |
Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101821736A (en) * | 2007-09-06 | 2010-09-01 | 王秦胜塞希亚 | Method and system of interacting with server, and method and system for generating and presenting search results |
| CN103345526A (en) * | 2013-07-22 | 2013-10-09 | 武汉大学 | Efficient privacy protection encrypted message querying method in cloud environment |
| CN103744976A (en) * | 2014-01-13 | 2014-04-23 | 北京工业大学 | Secure image retrieval method based on homomorphic encryption |
| CN103886106A (en) * | 2014-04-14 | 2014-06-25 | 北京工业大学 | Remote sensing image safe-retrieval method based on spectral feature protection |
| CN104408070A (en) * | 2014-10-31 | 2015-03-11 | 北京邮电大学 | Similar sub-image inquiring method and system for protecting privacy under cloud computing environment |
| CN104615692A (en) * | 2015-01-23 | 2015-05-13 | 重庆邮电大学 | Search encryption method supporting dynamic updating and multi-keyword safe ranking |
| CN106096548A (en) * | 2016-06-12 | 2016-11-09 | 北京电子科技学院 | A kind of many intelligent terminal based on cloud environment share face secret recognition methods |
| CN106133810A (en) * | 2014-03-28 | 2016-11-16 | 索尼公司 | Cipher processing apparatus, cipher processing method and program |
| CN106790069A (en) * | 2016-12-21 | 2017-05-31 | 电子科技大学 | Secret protection K NN sorting techniques based on vectorial homomorphic cryptography |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9825758B2 (en) * | 2014-12-02 | 2017-11-21 | Microsoft Technology Licensing, Llc | Secure computer evaluation of k-nearest neighbor models |
| EP3182640B1 (en) * | 2015-12-14 | 2018-04-25 | Panasonic Intellectual Property Corporation of America | Search method, search device, search system, and program |
-
2017
- 2017-06-16 CN CN201710457947.9A patent/CN109144993B/en active Active
Patent Citations (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101821736A (en) * | 2007-09-06 | 2010-09-01 | 王秦胜塞希亚 | Method and system of interacting with server, and method and system for generating and presenting search results |
| CN103345526A (en) * | 2013-07-22 | 2013-10-09 | 武汉大学 | Efficient privacy protection encrypted message querying method in cloud environment |
| CN103744976A (en) * | 2014-01-13 | 2014-04-23 | 北京工业大学 | Secure image retrieval method based on homomorphic encryption |
| CN106133810A (en) * | 2014-03-28 | 2016-11-16 | 索尼公司 | Cipher processing apparatus, cipher processing method and program |
| CN103886106A (en) * | 2014-04-14 | 2014-06-25 | 北京工业大学 | Remote sensing image safe-retrieval method based on spectral feature protection |
| CN104408070A (en) * | 2014-10-31 | 2015-03-11 | 北京邮电大学 | Similar sub-image inquiring method and system for protecting privacy under cloud computing environment |
| CN104615692A (en) * | 2015-01-23 | 2015-05-13 | 重庆邮电大学 | Search encryption method supporting dynamic updating and multi-keyword safe ranking |
| CN106096548A (en) * | 2016-06-12 | 2016-11-09 | 北京电子科技学院 | A kind of many intelligent terminal based on cloud environment share face secret recognition methods |
| CN106790069A (en) * | 2016-12-21 | 2017-05-31 | 电子科技大学 | Secret protection K NN sorting techniques based on vectorial homomorphic cryptography |
Non-Patent Citations (3)
| Title |
|---|
| A kNN query processing algorithm using a tree index structure on the encrypted database;Hyeong-Il Kim等;《2016 International Conference on Big Data and Smart Computing (BigComp)》;20160307;93-100 * |
| Efficient Privacy-Preserving Location-Based Query Over Outsourced Encrypted Data;Lichun Li等;《IEEE Internet of Things Journal 》;20150817;第3卷(第2期);206 - 218 * |
| 云环境下基于安全k近邻的加密数据检索技术研究;王心慧;《中国优秀硕士学位论文全文数据库 信息科技辑》;20160115(第1期);I138-37 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109144993A (en) | 2019-01-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| TWI677828B (en) | Business customization device, method, and computer readable storage media based on data source | |
| JP6348937B2 (en) | Method and apparatus for updating object data in object storage system | |
| US20140289190A1 (en) | Classification of data objects in a distributed file system based on application creation and/or access information | |
| KR101732491B1 (en) | Mechanism for facilitating encryption-free integrity protection of storage data at computing systems | |
| EP3975474B1 (en) | Methods and apparatuses for chaining service data | |
| US20140033267A1 (en) | Type mining framework for automated security policy generation | |
| CN111831675A (en) | Storage model training method and device, computer equipment and storage medium | |
| US11050550B2 (en) | Methods and systems for reading data based on plurality of blockchain networks | |
| CN109144993B (en) | Data query method and device | |
| US20210374159A1 (en) | System for implementing sub-database replication | |
| WO2014110929A1 (en) | Method, device, and system for uploading data | |
| US20140148140A1 (en) | Policy-based mobile device management system (mdms) based on access history information | |
| CN112016502A (en) | Safety belt detection method and device, computer equipment and storage medium | |
| US10776323B2 (en) | Data storage for mobile terminals | |
| CN104021216A (en) | Message proxy server and information publish subscription method and system | |
| JP2020042343A (en) | Data processing apparatus, data processing method, and data processing program | |
| Liu et al. | Improved provable data transfer from provable data possession and deletion in cloud storage | |
| CN111278085B (en) | Method and device for acquiring target network | |
| CN110059091B (en) | Index construction method, device, client, server and system | |
| CN110837499B (en) | Data access processing method, device, electronic equipment and storage medium | |
| CN115794316A (en) | Method, apparatus, medium, and program product for building a cloud computing experimental environment | |
| Zhang et al. | DT-KST: Distributed top-k similarity query on big trajectory streams | |
| US11507320B2 (en) | USB based cloud disk and disk segment management system | |
| US20210157787A1 (en) | Methods and systems for reading data based on plurality of blockchain networks | |
| US10114864B1 (en) | List element query support and processing |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |