CN114969128A - Secret query method, system and storage medium based on secure multi-party computing technology - Google Patents

Secret query method, system and storage medium based on secure multi-party computing technology Download PDF

Info

Publication number
CN114969128A
CN114969128A CN202210895387.6A CN202210895387A CN114969128A CN 114969128 A CN114969128 A CN 114969128A CN 202210895387 A CN202210895387 A CN 202210895387A CN 114969128 A CN114969128 A CN 114969128A
Authority
CN
China
Prior art keywords
data
query
information
party
encryption key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210895387.6A
Other languages
Chinese (zh)
Other versions
CN114969128B (en
Inventor
潘光明
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Basebit Shanghai Information Technology Co ltd
Wing Fang Jianshu Beijing Information Technology Co ltd
Original Assignee
Basebit Shanghai Information Technology Co ltd
Wing Fang Jianshu Beijing Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Basebit Shanghai Information Technology Co ltd, Wing Fang Jianshu Beijing Information Technology Co ltd filed Critical Basebit Shanghai Information Technology Co ltd
Priority to CN202210895387.6A priority Critical patent/CN114969128B/en
Publication of CN114969128A publication Critical patent/CN114969128A/en
Application granted granted Critical
Publication of CN114969128B publication Critical patent/CN114969128B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/46Secure multiparty computation, e.g. millionaire problem

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Software Systems (AREA)
  • Computational Linguistics (AREA)
  • Data Mining & Analysis (AREA)
  • Medical Informatics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The application provides a hidden query method, a system and a storage medium based on a secure multi-party computing technology. The index result matched with the query id information in the data party is searched through the PSI protocol, the encryption key information corresponding to the index result is obtained through the OT protocol according to the index result, the encryption plaintext data corresponding to the data party is decrypted according to the obtained encryption key information, and the plaintext data of the index result is generated and fed back to the query party. According to the method, the secret query is realized by adopting the MPC encryption technology and the symmetric encryption technology, the query condition of the query party cannot be leaked to the data party under the condition that the query result is correct, the data other than the data meeting the query condition cannot be leaked to the query party, and the data privacy protection of the query party and the data party can be realized; in addition, the method is superior to the traditional plaintext query scheme in confidentiality, superior to the TEE technology in security and superior to the FHE query technology in query performance.

Description

Secure multi-party computing technology-based secret query method, system and storage medium
Technical Field
The application belongs to the technical field of big data security, and particularly relates to a secret query method, a secret query system and a storage medium based on a secure multi-party computing technology.
Background
In the traditional database query application, a query party submits plaintext query conditions to a database (a data party), the data party can acquire the query conditions of the query party, the query party cannot hide the query conditions of the query party, the privacy of the query conditions of the query party cannot be protected, and the safety problems of user data leakage and the like exist. In the concealed query, the data side cannot acquire the query condition of the query side, and meanwhile, the query side is not influenced to query the data meeting the query condition. At present, the application range of the hiding query algorithm is wide, and the hiding query algorithm can be used in a database query scene for protecting the privacy of a query party.
As a privacy protection technology, the homomorphic encryption FHE can realize ciphertext data calculation and comparison, but the technology has higher requirement on calculation resources, in a general IT environment, the running time of a hiding query algorithm based on the FHE technology is far greater than that of a plaintext algorithm, and the calculation performance is lower. The trusted execution environment TEE is used as a privacy protection technology of the trusted execution environment, data plaintext calculation is allowed to be carried out in a safe environment, plaintext data cannot be seen by any attacker except the safe environment, and therefore data privacy safety can be guaranteed. However, the privacy calculation program based on the TEE technology needs to run on a CPU supporting the TEE technology, and therefore needs to be absolutely trusted by a CPU manufacturer, which also results in that the security model of the TEE technology needs to be dependent on the CPU manufacturer.
Disclosure of Invention
In view of this, the present application provides a secure multi-party computing technology-based covert query method, system and storage medium, which can improve the computational performance of covert query without relying on a fixed processor while ensuring the secure transmission of data between a querying party and a data party.
The specific technical scheme of the application is as follows:
the first aspect of the present application provides a secure multi-party computing technology-based covert query method, which includes the following steps:
receiving query id information from a query party, and searching an index result matched with the query id information in a data party through a PSI (program specific information) protocol;
receiving encrypted plaintext data from a data side, and acquiring encryption key information corresponding to an index result through an OT protocol according to the index result;
and decrypting the encrypted plaintext data corresponding to the data party according to the obtained encryption key information, generating plaintext data of the index result and feeding the plaintext data back to the inquiring party.
Preferably, the method further comprises the following steps:
sending the encrypted plaintext data from the data side to the inquiring side, and searching the received encrypted plaintext data for an index result matched with the inquiry id information;
and the inquiring party acquires the encryption key information corresponding to the index result through an OT protocol according to the index result.
Preferably, the searching of the index result matched with the query id information in the data party through the PSI protocol specifically includes:
setting data identifications for all resource data of a data party, and generating data id information corresponding to each data;
respectively carrying out encryption setting on the query id information and the data id information by adopting the same encryption algorithm to generate analog id information;
and screening the analog data id information meeting the requirement by comparing the characteristic values of the analog query id information and the analog data id information, and feeding the analog data id information serving as an index result back to the querying party.
Preferably, the searching of the index result matched with the query id information in the data party through the PSI protocol specifically includes:
introducing a feature tag according to the character combination and arrangement mode of the query id information;
the data id information corresponding to part of resource data in the data party is called by using the identification function of the feature tag on the data id information;
and respectively carrying out data normalization processing on the query id information and the data id information by adopting the same type of conversion rules, and searching the data id information meeting the requirements by utilizing a set threshold value.
Preferably, the encrypted plaintext data specifically includes:
numbering each resource data of a data side, and generating an encryption key of each corresponding number by using a mode of generating a random number;
and encrypting the resource data of each corresponding number by using the encryption key information through a symmetric encryption algorithm to generate encrypted plaintext data.
Preferably, the obtaining of the encryption key information corresponding to the index result by the OT protocol according to the index result specifically includes:
encoding the encrypted key information and establishing a key encoding set to be sent to an inquiring party;
and acquiring the position of the index result in the key coding set, and acquiring corresponding encryption key information according to the position.
Preferably, the method further comprises the following steps:
partitioning the serial number of the resource data according to the data type and the data value, and setting different random schemes for the resource data in each partition to generate an encryption key;
and analyzing the data type and the data value of the index result, preselecting the encryption key according to a threshold set by the analysis result, and then establishing a key coding set for the selected encryption key information.
Preferably, the obtaining of the encryption key information corresponding to the index result by the OT protocol according to the index result specifically includes:
arranging and uploading the encryption key information to a transfer station according to the coding sequence;
collecting a core character string of an index result and filtering encryption key information in the transfer station according to the core character information;
and sending the filtered encryption key information to the inquiring party.
A second aspect of the present application provides a secure multi-party computing technology-based hidden query system, which includes a memory and a processor, where the memory includes a secure multi-party computing technology-based hidden query program, and when the secure multi-party computing technology-based hidden query program is executed by the processor, the following steps are implemented:
receiving query id information from a query party, and searching an index result matched with the query id information in a data party through a PSI (program specific information) protocol;
receiving encrypted plaintext data from a data side, and acquiring encryption key information corresponding to an index result through an OT protocol according to the index result;
and decrypting the encrypted plaintext data corresponding to the data party according to the obtained encryption key information, generating plaintext data of the index result and feeding the plaintext data back to the inquiring party.
Preferably, the method further comprises the following steps:
sending the encrypted plaintext data from the data side to the inquiring side, and searching the received encrypted plaintext data for an index result matched with the inquiry id information;
and the inquiring party acquires the encryption key information corresponding to the index result through an OT protocol according to the index result.
Preferably, the searching of the index result matched with the query id information in the data party through the PSI protocol specifically includes:
setting data identifications for all resource data of a data party, and generating data id information corresponding to each data;
respectively carrying out encryption setting on the query id information and the data id information by adopting the same encryption algorithm to generate analog id information;
and screening the analog data id information meeting the requirement by comparing the characteristic values of the analog query id information and the analog data id information, and feeding the analog data id information serving as an index result back to the querying party.
Preferably, the searching of the index result matched with the query id information in the data party through the PSI protocol specifically includes:
introducing a characteristic label according to the character combination and arrangement mode of the query id information;
the data id information corresponding to part of resource data in the data party is called by using the identification function of the feature tag on the data id information;
and respectively carrying out data normalization processing on the query id information and the data id information by adopting the same type of conversion rules, and searching the data id information meeting the requirements by utilizing a set threshold value.
Preferably, the encrypted plaintext data specifically includes:
numbering each resource data of a data side, and generating an encryption key of each corresponding number by using a mode of generating a random number;
and encrypting the resource data of each corresponding number by using the encryption key information through a symmetric encryption algorithm to generate encrypted plaintext data.
Preferably, the obtaining of the encryption key information corresponding to the index result by the OT protocol according to the index result specifically includes:
encoding the encrypted key information and establishing a key encoding set to be sent to an inquiring party;
and acquiring the position of the index result in the key coding set, and acquiring corresponding encryption key information according to the position.
Preferably, the method further comprises the following steps:
partitioning the serial number of the resource data according to the data type and the data value, and setting different random schemes for the resource data in each partition to generate an encryption key;
and analyzing the data type and the data value of the index result, preselecting the encryption key according to a threshold set by the analysis result, and then establishing a key coding set for the selected encryption key information.
Preferably, the obtaining of the encryption key information corresponding to the index result by the OT protocol according to the index result specifically includes:
arranging and uploading the encryption key information to a transfer station according to the coding sequence;
acquiring a core character string of an index result and filtering encryption key information in the transfer station according to the core character information;
and sending the filtered encryption key information to the inquiring party.
A third aspect of the present application provides a computer-readable storage medium, where the computer-readable storage medium includes a secure multi-party computing technology-based hidden query program, and when the secure multi-party computing technology-based hidden query program is executed by a processor, the steps of the secure multi-party computing technology-based hidden query method are implemented.
In summary, the present application provides a hidden query method, system and storage medium based on secure multi-party computing technology. The index result matched with the query id information in the data party is searched through the PSI protocol, the encryption key information corresponding to the index result is obtained through the OT protocol according to the index result, the encryption plaintext data corresponding to the data party is decrypted according to the obtained encryption key information, and the plaintext data of the index result is generated and fed back to the query party. The method and the device adopt the MPC encryption technology and the symmetric encryption technology to realize the secret query, the query condition of the query party cannot be leaked to the data party under the condition of meeting the correct query result, the data except the data meeting the query condition of the data party cannot be leaked to the query party, and the privacy protection of the data of the query party and the data party can be realized; in addition, the method is superior to the traditional plaintext query scheme in confidentiality, and is superior to TEE and FHE query technologies in security and query performance.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings needed to be used in the description of the embodiments or the prior art will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained according to the drawings without inventive exercise.
FIG. 1 is a flow chart of a secure multi-party computing technology-based covert query method of the present application;
FIG. 2 is a block diagram of a secure multi-party computing technology-based covert query system of the present application.
Detailed Description
In order to make the objects, features and advantages of the present application more obvious and understandable, the technical solutions in the embodiments of the present application are clearly and completely described, and it is obvious that the embodiments described below are only a part of the embodiments of the present application, and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
A first aspect of the embodiments of the present application provides a secure multi-party computing technology-based hidden query method, including the following steps:
receiving query id information from a query party, and searching an index result matched with the query id information in a data party through a PSI (private Set interaction) protocol;
receiving encrypted plaintext data from a data party, and acquiring encryption key information corresponding to an index result through an OT (Obivious transfer) protocol according to the index result;
and decrypting the encrypted plaintext data corresponding to the data party according to the obtained encryption key information, generating plaintext data of the index result and feeding the plaintext data back to the inquiring party.
It should be noted that the query id is to perform digital identification on query information, so as to facilitate data processing such as indexing and extraction. The index result refers to data id information corresponding to the query result provided by the data side. The encryption and decryption process for encrypting plaintext data may be implemented using symmetric encryption algorithms as are conventional in the art. When receiving the encrypted plaintext data from the data side, the encryption key information therein may also be extracted, which is determined by the actual needs of those skilled in the art.
According to the embodiment of the application, the method further comprises the following steps:
sending the encrypted plaintext data from the data side to the inquiring side, and searching the received encrypted plaintext data for an index result matched with the inquiry id information;
and the inquiring party acquires the encryption key information corresponding to the index result through an OT protocol according to the index result.
It should be noted that the encrypted plaintext data of the data side can be directly sent to the inquiring side, the inquiring and screening processes can be completed by the inquiring side, a fixed processing medium is not required, and the data management process of follow-up re-inquiring can be simplified under the condition that the inquiring information amount of the inquiring side is large.
According to the embodiment of the application, the searching of the index result matched with the query id information in the data party through the PSI protocol specifically comprises the following steps:
setting data identifications for all resource data of a data party, and generating data id information corresponding to each data;
respectively carrying out encryption setting on the query id information and the data id information by adopting the same encryption algorithm to generate analog id information;
and screening the analog data id information meeting the requirement by comparing the characteristic values of the analog query id information and the analog data id information, and feeding the analog data id information serving as an index result back to the querying party.
It should be noted that the id information of the data to be queried input by the querying party can be expressed as
Figure 442018DEST_PATH_IMAGE001
Data side input𝑛Data of a person
Figure 42763DEST_PATH_IMAGE002
The data id corresponding to the n data is
Figure 834002DEST_PATH_IMAGE003
. The inquiring party and the data party operate the privacy negotiation algorithm PSI, and the inquiring party knows
Figure 745107DEST_PATH_IMAGE004
The data index matched on the data side results in𝑚I.e. by
Figure 508664DEST_PATH_IMAGE005
. The privacy intersection algorithm can ensure that only the inquiring party knows𝑚Value, the data side cannot know𝑚The value is obtained.
According to the embodiment of the application, the searching of the index result matched with the query id information in the data party through the PSI protocol specifically comprises the following steps:
introducing a feature tag according to the character combination and arrangement mode of the query id information;
the data id information corresponding to part of resource data in the data party is called by using the identification function of the feature tag on the data id information;
and respectively carrying out data normalization processing on the query id information and the data id information by adopting the same type of conversion rules, and searching the data id information meeting the requirements by utilizing a set threshold value.
It should be noted that, the data id information of the data side is pre-screened in a partitioned manner by using the feature tag, the data processing aperture is unified by using a data normalization manner, and the index result required by the inquiring side is screened by using the threshold, so that the data operation amount can be reduced, and the data transmission time consumption can be shortened.
According to the embodiment of the present application, the encrypted plaintext data specifically includes:
numbering each resource data of a data side, and generating an encryption key of each corresponding number by using a mode of generating a random number;
and encrypting the resource data of each corresponding number by using the encryption key information through a symmetric encryption algorithm to generate encrypted plaintext data.
It should be noted that the data side generates randomly𝑛Secret key
Figure 811469DEST_PATH_IMAGE006
Then through a symmetric encryption algorithm pair𝑛Data of a person
Figure 90004DEST_PATH_IMAGE007
Is encrypted to obtain𝑛Ciphertext data
Figure 769247DEST_PATH_IMAGE008
. Specifically the first
Figure 482250DEST_PATH_IMAGE009
Secret key
Figure 690377DEST_PATH_IMAGE010
To the first
Figure 987366DEST_PATH_IMAGE011
Number of
Figure 673563DEST_PATH_IMAGE012
Encrypted to obtain ciphertext data
Figure 706984DEST_PATH_IMAGE013
. Data sideNeed to be aligned with𝑛Secret key
Figure 882751DEST_PATH_IMAGE014
And (6) carrying out confidentiality. The data side will𝑛Ciphertext data
Figure 870298DEST_PATH_IMAGE015
And sending the information to the inquiring party. The security of the symmetric encryption algorithm ensures that the inquiring party cannot acquire the data plaintext of the data party without knowing the secret key.
According to the embodiment of the present application, obtaining the encryption key information corresponding to the index result through the OT protocol according to the index result specifically includes:
encoding the encrypted key information and establishing a key encoding set to be sent to an inquiring party;
and acquiring the position of the index result in the key coding set, and acquiring corresponding encryption key information according to the position.
It should be noted that, in the embodiment of the present application, the querying party and the data party run the n-to-1 OT protocol. The two parties interact through a multi-round protocol, and the data party provides n messages
Figure 953661DEST_PATH_IMAGE016
The inquiring party according to the transmission
Figure 782202DEST_PATH_IMAGE017
Selection acceptance
Figure 394449DEST_PATH_IMAGE018
. The OT protocol can ensure that the data side cannot acquire the b value of the inquiring side and the inquiring side cannot acquire the b value of the inquiring side
Figure 72555DEST_PATH_IMAGE019
And (4) contents other than the contents. The querier input value is
Figure 428450DEST_PATH_IMAGE020
Data side input
Figure 141191DEST_PATH_IMAGE021
. Check theThe inquirer obtains the random key of the data side through the n-selected 1 OT protocol
Figure 909294DEST_PATH_IMAGE022
The OT protocol security ensures that the inquiring party can not acquire the data party
Figure 605855DEST_PATH_IMAGE023
Other keys than the one. Finally, the inquiring party uses through the symmetric encryption algorithm
Figure 234282DEST_PATH_IMAGE024
For ciphertext data
Figure 598267DEST_PATH_IMAGE025
Decrypting to obtain plaintext data
Figure 788202DEST_PATH_IMAGE026
According to the embodiment of the application, the method further comprises the following steps:
partitioning the serial number of the resource data according to the data type and the data value, and setting different random schemes for the resource data in each partition to generate an encryption key;
and analyzing the data type and the data value of the index result, preselecting the encryption key according to a threshold set by the analysis result, and then establishing a key coding set for the selected encryption key information.
It should be noted that the resource data of the data side are partitioned according to different scenes or functional properties, and a specific encryption algorithm for each partition is established, so that when the index result is matched with the encryption key information, information can be quickly screened through data analysis, and the data operation efficiency is improved.
According to the embodiment of the present application, obtaining the encryption key information corresponding to the index result through the OT protocol according to the index result specifically includes:
arranging and uploading the encryption key information to a transfer station according to the coding sequence;
collecting a core character string of an index result and filtering encryption key information in the transfer station according to the core character information;
and sending the filtered encryption key information to the inquiring party.
It should be noted that the encryption key information may also be placed in the transfer station, and is sent to the inquiring party after being screened by the core character, the core character string may be implemented by way of numeric editing, data type analysis, and the like, and both the index result and the data type in the encryption key information may be associated with the core character string.
Referring to fig. 1, fig. 1 is a flowchart illustrating a hidden query method based on secure multi-party computing technology according to the present application. Wherein, the A party is the inquiring party, and the B party is the data party. Through the operation of S1-S7, an index result matched with the query id information in the data side is searched through a PSI protocol, encryption key information corresponding to the index result is obtained through an OT protocol according to the index result, encrypted plaintext data corresponding to the data side is decrypted according to the obtained encryption key information, and finally plaintext data of the index result is generated and fed back to the query side.
In another embodiment of the present application, the searching for the index result matching the query id information in the data party by the PSI protocol specifically includes:
acquiring all resource data from a data party, carrying out hash value encryption setting and sending the resource data to an inquiring party;
carrying out hash value encryption setting on the query id information, and screening the resource data meeting the requirements by comparing the query id information with the hash value of the resource data;
and analyzing the hash value of the resource data by adopting a preset algorithm to generate an index result and feeding the index result back to the inquiring party.
It should be noted that, in the embodiment of the present application, a privacy rendezvous algorithm is implemented based on hash encryption. The data side will𝑛Encrypting the data into a hash value to obtain𝑛Hash ciphertext data
Figure 237638DEST_PATH_IMAGE027
Then will be
Figure 873019DEST_PATH_IMAGE028
And sending the information to the inquiring party. According to hash letterDue to the number characteristic, the hash value cannot reversely deduce the plaintext of the corresponding data, so that the plaintext data of a data party is safe and cannot be known by an inquiring party. The inquiring party will inquire
Figure 825931DEST_PATH_IMAGE029
Encrypted to hash value
Figure 950882DEST_PATH_IMAGE030
Then will be
Figure 120570DEST_PATH_IMAGE031
And
Figure 559642DEST_PATH_IMAGE032
comparing one by one to obtain matched data index results
Figure 898219DEST_PATH_IMAGE033
In another embodiment of the present application, the method further comprises:
setting time periods of encryption keys in the encrypted plaintext data, and generating corresponding encryption keys in a dynamic random number mode for each small-range time period;
and clearing the encrypted plaintext data exceeding a preset time period.
It should be noted that, because all plaintext data of the data side are temporarily stored in the inquiring side, a large amount of data cache is generated to influence the smooth use feeling, and regular cleaning is required to be set through a time period, so that the data security is also improved while the inquiring performance is ensured.
In another embodiment of the present application, the method further comprises:
acquiring generation time information of an encryption key;
the generation time of the encryption key is connected with the encryption key in an associated manner;
and judging whether the generation time of the encryption key is greater than a second preset threshold value, if so, obtaining the encryption key failure information.
It should be noted that the encryption key of the plaintext data has timeliness, when the encryption key is generated, the encryption key is printed with a generation time stamp, the inquiring party needs to input the encryption key in time, and when the storage time of the encryption key exceeds a second preset threshold, the encryption key is invalid, for example, the generation time of the encryption key is adjusted at 9 o 'clock of the day, and the second preset threshold is 30 minutes, and when the time is 30 minutes at 9 o' clock of the day, the encryption key is invalid.
In another embodiment of the present application, the method further comprises:
acquiring the use frequency information of an encryption key;
and judging whether the use times of the encryption key is greater than a third preset threshold value, if so, obtaining invalid information of the encryption key.
It should be noted that the encryption key of the plaintext data has a finite number of inputs, and after the inquiry page is closed by the inquiring party in a faulty operation, the encryption key can be re-input to continue to check the plaintext data without re-applying for obtaining the encryption key, so that time is saved, and meanwhile, after the number of times of use of the encryption key reaches a third preset threshold, the encryption key loses effect, for example, the third preset threshold is set to 3, the encryption key can be repeatedly used for three times within a specified time, and when the same encryption key is used for the 4 th time, the encryption key is displayed to be invalid.
In another embodiment of the present application, the method further comprises:
acquiring IP address information of an inquiring party;
and judging whether the IP addresses of the inquirer are consistent when the inquirer uses the same encryption key for multiple times, if so, granting access, and if not, invalidating the encryption key.
It should be noted that one encryption key is only valid for one user and the same IP address, and when the same inquiring party accesses the same id information through different IP addresses, the corresponding encryption key information needs to be acquired to prevent the occurrence of security accidents such as theft of the inquiring party.
In another embodiment of the present application, the method further comprises:
obtaining historical query id information;
and storing the historical query id according to the time sequence.
It should be noted that, when an inquiring party inputs inquiry id information each time, the background server stores the inquiry id, the historical inquiry id storage only stores a link of the inquiry id, plaintext data included in the inquiry id is not stored, when the inquiring party inputs a partial name of the inquiry id, the server displays the associated historical inquiry id, and the inquiring party can access according to the displayed historical inquiry id, so that the time of the inquiring party is saved.
Referring to fig. 2, fig. 2 is a block diagram of a hidden query system based on secure multi-party computing technology according to the present application.
A second aspect of the embodiment of the present application provides a secure multi-party computing technology-based hidden query system, which includes a memory 21 and a processor 22, where the memory 21 includes a secure multi-party computing technology-based hidden query program, and when the secure multi-party computing technology-based hidden query program is executed by the processor 22, the following steps are implemented:
receiving query id information from a query party, and searching an index result matched with the query id information in a data party through a PSI (program specific information) protocol;
receiving encrypted plaintext data from a data side, and acquiring encryption key information corresponding to an index result through an OT protocol according to the index result;
and decrypting the encrypted plaintext data corresponding to the data party according to the obtained encryption key information, generating plaintext data of the index result and feeding the plaintext data back to the inquiring party.
According to the embodiment of the application, the searching of the index result matched with the query id information in the data party through the PSI protocol specifically comprises the following steps:
acquiring all resource data from a data side, carrying out hash value encryption setting and sending the resource data to an inquiring side;
carrying out hash value encryption setting on the query id information, and screening the resource data meeting the requirements by comparing the query id information with the hash value of the resource data;
and analyzing the hash value of the resource data by adopting a preset algorithm to generate an index result and feeding the index result back to the inquiring party.
According to the embodiment of the application, the method further comprises the following steps:
sending the encrypted plaintext data from the data side to the inquiring side, and searching the received encrypted plaintext data for an index result matched with the inquiry id information;
and the inquiring party acquires the encryption key information corresponding to the index result through an OT protocol according to the index result.
According to the embodiment of the application, the searching of the index result matched with the query id information in the data party through the PSI protocol specifically comprises the following steps:
introducing a characteristic label according to the character combination and arrangement mode of the query id information;
the data id information corresponding to part of resource data in the data party is called by using the identification function of the feature tag on the data id information;
and respectively carrying out data normalization processing on the query id information and the data id information by adopting the same type of conversion rules, and searching the data id information meeting the requirements by utilizing a set threshold value.
According to the embodiment of the present application, the encrypted plaintext data specifically includes:
numbering each resource data of a data side, and generating an encryption key of each corresponding number by using a mode of generating a random number;
and encrypting the resource data of each corresponding number by using the encryption key information through a symmetric encryption algorithm to generate encrypted plaintext data.
According to the embodiment of the present application, obtaining the encryption key information corresponding to the index result through the OT protocol according to the index result specifically includes:
encoding the encryption key information and establishing a key encoding set to be sent to an inquiring party;
and acquiring the position of the index result in the key coding set, and acquiring corresponding encryption key information according to the position.
According to the embodiment of the application, the method further comprises the following steps:
partitioning the serial number of the resource data according to the data type and the data value, and setting different random schemes for the resource data in each partition to generate an encryption key;
and analyzing the data type and the data value of the index result, preselecting the encryption key according to a threshold set by the analysis result, and then establishing a key coding set for the selected encryption key information.
According to the embodiment of the present application, obtaining the encryption key information corresponding to the index result through the OT protocol according to the index result specifically includes:
arranging and uploading the encryption key information to a transfer station according to the coding sequence;
acquiring a core character string of an index result and filtering encryption key information in the transfer station according to the core character information;
and sending the filtered encryption key information to the inquiring party.
In another embodiment of the present application, the searching for the index result matching the query id information in the data party by the PSI protocol specifically includes:
acquiring all resource data from a data side, carrying out hash value encryption setting and sending the resource data to an inquiring side;
carrying out hash value encryption setting on the query id information, and screening the resource data meeting the requirements by comparing the query id information with the hash value of the resource data;
and analyzing the hash value of the resource data by adopting a preset algorithm to generate an index result and feeding the index result back to the inquiring party.
In another embodiment of the present application, the method further comprises:
setting time periods of encryption keys in the encrypted plaintext data, and generating corresponding encryption keys in a dynamic random number mode for each small-range time period;
and clearing the encrypted plaintext data exceeding a preset time period.
In another embodiment of the present application, the method further comprises:
acquiring generation time information of an encryption key;
the generation time of the encryption key is connected with the encryption key in an associated manner;
and judging whether the generation time of the encryption key is greater than a second preset threshold value, if so, obtaining the encryption key failure information.
It should be noted that the encryption key of the plaintext data has timeliness, when the encryption key is generated, the encryption key is printed with a generation timestamp, the inquiring party needs to input the encryption key in time, when the storage time of the encryption key exceeds a second preset threshold, the encryption key is invalid, for example, the generation time of the encryption key is adjusted at 9 o 'clock on the day, the second preset threshold is 30 minutes, and when the time reaches 9 o' clock on the day for 30 minutes, the encryption key is invalid.
In another embodiment of the present application, the method further comprises:
acquiring the use frequency information of an encryption key;
and judging whether the use times of the encryption key is greater than a third preset threshold value, if so, obtaining invalid information of the encryption key.
It should be noted that the encryption key of the plaintext data has a finite number of inputs, and after the inquiry page is closed by the inquiring party in a faulty operation, the encryption key can be re-input to continue to check the plaintext data without re-applying for obtaining the encryption key, so that time is saved, and meanwhile, after the number of times of use of the encryption key reaches a third preset threshold, the encryption key loses effect, for example, the third preset threshold is set to 3, the encryption key can be repeatedly used for three times within a specified time, and when the same encryption key is used for the 4 th time, the encryption key is displayed to be invalid.
In another embodiment of the present application, the method further comprises:
acquiring IP address information of an inquiring party;
and judging whether the IP addresses of the inquirer are consistent when the inquirer uses the same encryption key for multiple times, if so, granting access, and if not, invalidating the encryption key.
It should be noted that one encryption key is only valid for one user and the same IP address, and when the same inquiring party accesses the same id information through different IP addresses, the corresponding encryption key information needs to be acquired to prevent the occurrence of security accidents such as theft of the inquiring party.
In another embodiment of the present application, the method further comprises:
obtaining historical query id information;
and storing the historical query id according to the time sequence.
It should be noted that, when an inquiring party inputs inquiry id information each time, the background server stores the inquiry id, the historical inquiry id storage only stores a link of the inquiry id, plaintext data included in the inquiry id is not stored, when the inquiring party inputs a partial name of the inquiry id, the server displays the associated historical inquiry id, and the inquiring party can access according to the displayed historical inquiry id, so that the time of the inquiring party is saved.
A third aspect of the embodiments of the present application provides a computer-readable storage medium, where the computer-readable storage medium includes a hidden query program based on a secure multi-party computing technology, and when the hidden query program based on the secure multi-party computing technology is executed by a processor, the steps of the hidden query method based on the secure multi-party computing technology are implemented, which are specifically described in fig. 1 for the method steps, and are not described herein again.
In the several embodiments provided in the present application, it should be understood that the disclosed apparatus and method may be implemented in other ways. The above-described device embodiments are merely illustrative, for example, the division of the unit is only one logical function division, and there may be other division ways in actual implementation, such as: multiple units or components may be combined, or may be integrated into another system, or some features may be omitted, or not implemented. In addition, the coupling, direct coupling or communication connection between the components shown or discussed may be through some interfaces, and the indirect coupling or communication connection between the devices or units may be electrical, mechanical or in other forms.
The units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units; can be located in one place or distributed on a plurality of network units; some or all of the units can be selected according to actual needs to achieve the purpose of the solution of the embodiment.
In addition, all the functional units in the embodiments of the present invention may be integrated into one processing unit, or each unit may be separately regarded as one unit, or two or more units may be integrated into one unit; the integrated unit can be realized in a form of hardware, or in a form of hardware plus a software functional unit.
Those of ordinary skill in the art will understand that: all or part of the steps for realizing the method embodiments can be completed by hardware related to program instructions, the program can be stored in a computer readable storage medium, and the program executes the steps comprising the method embodiments when executed; and the aforementioned storage medium includes: a mobile storage device, a Read-Only Memory (ROM), a Random Access Memory (RAM), a magnetic disk or an optical disk, and other various media capable of storing program codes.
Alternatively, the integrated unit of the present invention may be stored in a computer-readable storage medium if it is implemented in the form of a software functional module and sold or used as a separate product. Based on such understanding, the technical solutions of the embodiments of the present invention may be essentially implemented or a part contributing to the prior art may be embodied in the form of a software product, which is stored in a storage medium and includes several instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the methods described in the embodiments of the present invention. And the aforementioned storage medium includes: a removable storage device, a ROM, a RAM, a magnetic or optical disk, or various other media that can store program code.
The above embodiments are only used for illustrating the technical solutions of the present application, and not for limiting the same; although the present application has been described in detail with reference to the foregoing embodiments, it should be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions in the embodiments of the present application.

Claims (10)

1. A secret query method based on a secure multi-party computing technology is characterized by comprising the following steps:
receiving query id information from a query party, and searching an index result matched with the query id information in a data party through a PSI (program specific information) protocol;
receiving encrypted plaintext data from a data side, and acquiring encryption key information corresponding to an index result through an OT protocol according to the index result;
and decrypting the encrypted plaintext data corresponding to the data party according to the obtained encryption key information, generating plaintext data of the index result and feeding the plaintext data back to the inquiring party.
2. The secure multi-party computing technology-based covert query method as recited in claim 1, further comprising:
sending the encrypted plaintext data from the data side to the inquiring side, and searching the received encrypted plaintext data for an index result matched with the inquiry id information;
and the inquiring party acquires the encryption key information corresponding to the index result through an OT protocol according to the index result.
3. The secure multiparty computing technology-based covert query method as claimed in claim 1, wherein the searching for the index result matching the query id information in the data party through the PSI protocol specifically comprises:
setting data identifications for all resource data of a data party, and generating data id information corresponding to each data;
respectively carrying out encryption setting on the query id information and the data id information by adopting the same encryption algorithm to generate analog id information;
and screening the analog data id information meeting the requirement by comparing the characteristic values of the analog query id information and the analog data id information, and feeding the analog data id information serving as an index result back to the querying party.
4. The secure multiparty computing technology-based covert query method as claimed in claim 1, wherein the searching for the index result matching the query id information in the data party through the PSI protocol specifically comprises:
introducing a characteristic label according to the character combination and arrangement mode of the query id information;
the data id information corresponding to part of resource data in the data party is called by using the identification function of the feature tag on the data id information;
and respectively carrying out data normalization processing on the query id information and the data id information by adopting the same type of conversion rules, and searching the data id information meeting the requirements by utilizing a set threshold value.
5. The secure multiparty computing technology-based covert query method as claimed in claim 1, wherein said encrypted plaintext data is specifically:
numbering each resource data of a data side, and generating an encryption key of each corresponding number by using a mode of generating a random number;
and encrypting the resource data of each corresponding number by using the encryption key information through a symmetric encryption algorithm to generate encrypted plaintext data.
6. The secret query method based on secure multiparty computing technology as claimed in claim 1, wherein the obtaining of the encryption key information corresponding to the index result by the OT protocol according to the index result is specifically:
encoding the encrypted key information and establishing a key encoding set to be sent to an inquiring party;
and acquiring the position of the index result in the key coding set, and acquiring corresponding encryption key information according to the position.
7. The secure multi-party computing technology-based covert query method as recited in claim 6, further comprising:
partitioning the serial number of the resource data according to the data type and the data value, and setting different random schemes for the resource data in each partition to generate an encryption key;
and analyzing the data type and the data value of the index result, preselecting the encryption key according to a threshold set by the analysis result, and then establishing a key coding set for the selected encryption key information.
8. The secret query method based on secure multiparty computing technology as claimed in claim 1, wherein the obtaining of the encryption key information corresponding to the index result by the OT protocol according to the index result is specifically:
arranging and uploading the encryption key information to a transfer station according to the coding sequence;
collecting a core character string of an index result and filtering encryption key information in the transfer station according to the core character information;
and sending the filtered encryption key information to the inquiring party.
9. A secure multiparty computing technology-based covert query system, comprising a memory and a processor, wherein the memory comprises a secure multiparty computing technology-based covert query program, and when the secure multiparty computing technology-based covert query program is executed by the processor, the steps of the secure multiparty computing technology-based covert query method according to any one of claims 1 to 8 are implemented.
10. A computer-readable storage medium, wherein the computer-readable storage medium comprises a secure multi-party computing technology-based concealed query program, and when the secure multi-party computing technology-based concealed query program is executed by a processor, the steps of the secure multi-party computing technology-based concealed query method are implemented according to any one of claims 1 to 8.
CN202210895387.6A 2022-07-28 2022-07-28 Secure multi-party computing technology-based secret query method, system and storage medium Active CN114969128B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210895387.6A CN114969128B (en) 2022-07-28 2022-07-28 Secure multi-party computing technology-based secret query method, system and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210895387.6A CN114969128B (en) 2022-07-28 2022-07-28 Secure multi-party computing technology-based secret query method, system and storage medium

Publications (2)

Publication Number Publication Date
CN114969128A true CN114969128A (en) 2022-08-30
CN114969128B CN114969128B (en) 2022-10-28

Family

ID=82969043

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210895387.6A Active CN114969128B (en) 2022-07-28 2022-07-28 Secure multi-party computing technology-based secret query method, system and storage medium

Country Status (1)

Country Link
CN (1) CN114969128B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115510071A (en) * 2022-10-27 2022-12-23 杭州煋辰数智科技有限公司 Dynamic indexing method for fast combined query of big data
CN115987512A (en) * 2023-03-09 2023-04-18 北京数牍科技有限公司 Data processing method, device, system and medium based on oblivious transmission protocol

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160335450A1 (en) * 2014-01-16 2016-11-17 Hitachi, Ltd. Searchable encryption processing system and searchable encryption processing method
US20190075088A1 (en) * 2016-03-18 2019-03-07 Entit Software Llc Data objects associated with private set intersection (psi)
CN113672949A (en) * 2021-07-27 2021-11-19 美库尔商务信息咨询(上海)有限公司 Data transmission method and system for protecting advertisement multiparty privacy
WO2022015948A1 (en) * 2020-07-15 2022-01-20 Georgia Tech Research Corporation Privacy-preserving fuzzy query system and method
CN113987583A (en) * 2021-11-11 2022-01-28 建信金融科技有限责任公司 Method and system for hiding query
CN114065252A (en) * 2021-11-19 2022-02-18 北京数牍科技有限公司 Privacy set intersection method and device with condition retrieval and computer equipment
CN114091054A (en) * 2021-11-03 2022-02-25 深圳前海微众银行股份有限公司 Bidirectional hidden data query method and device
CN114547668A (en) * 2021-12-30 2022-05-27 天翼电子商务有限公司 Secret trace query method and device based on country secret and index confusion
CN114637746A (en) * 2022-03-07 2022-06-17 杭州博盾习言科技有限公司 Conditional hiding trace query method, system and device based on privacy calculation
CN114722049A (en) * 2022-05-18 2022-07-08 华控清交信息科技(北京)有限公司 Multi-party data intersection calculation method and device and electronic equipment

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20160335450A1 (en) * 2014-01-16 2016-11-17 Hitachi, Ltd. Searchable encryption processing system and searchable encryption processing method
US20190075088A1 (en) * 2016-03-18 2019-03-07 Entit Software Llc Data objects associated with private set intersection (psi)
WO2022015948A1 (en) * 2020-07-15 2022-01-20 Georgia Tech Research Corporation Privacy-preserving fuzzy query system and method
CN113672949A (en) * 2021-07-27 2021-11-19 美库尔商务信息咨询(上海)有限公司 Data transmission method and system for protecting advertisement multiparty privacy
CN114091054A (en) * 2021-11-03 2022-02-25 深圳前海微众银行股份有限公司 Bidirectional hidden data query method and device
CN113987583A (en) * 2021-11-11 2022-01-28 建信金融科技有限责任公司 Method and system for hiding query
CN114065252A (en) * 2021-11-19 2022-02-18 北京数牍科技有限公司 Privacy set intersection method and device with condition retrieval and computer equipment
CN114547668A (en) * 2021-12-30 2022-05-27 天翼电子商务有限公司 Secret trace query method and device based on country secret and index confusion
CN114637746A (en) * 2022-03-07 2022-06-17 杭州博盾习言科技有限公司 Conditional hiding trace query method, system and device based on privacy calculation
CN114722049A (en) * 2022-05-18 2022-07-08 华控清交信息科技(北京)有限公司 Multi-party data intersection calculation method and device and electronic equipment

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115510071A (en) * 2022-10-27 2022-12-23 杭州煋辰数智科技有限公司 Dynamic indexing method for fast combined query of big data
CN115987512A (en) * 2023-03-09 2023-04-18 北京数牍科技有限公司 Data processing method, device, system and medium based on oblivious transmission protocol
CN115987512B (en) * 2023-03-09 2023-06-20 北京数牍科技有限公司 Data processing method, device, system and medium based on careless transmission protocol

Also Published As

Publication number Publication date
CN114969128B (en) 2022-10-28

Similar Documents

Publication Publication Date Title
US10635824B1 (en) Methods and apparatus for private set membership using aggregation for reduced communications
US11042664B2 (en) Efficient implementation for differential privacy using cryptographic functions
CN114969128B (en) Secure multi-party computing technology-based secret query method, system and storage medium
CN112800472B (en) Industrial internet identification data protection system based on micro-service architecture
CA3066678A1 (en) Processing data queries in a logically sharded data store
CN112380557B (en) Relational database encryption method and encrypted database query method
CN114036565A (en) Private information retrieval system and private information retrieval method
CA3065767C (en) Cryptographic key generation for logically sharded data stores
JP2012164031A (en) Data processor, data storage device, data processing method, data storage method and program
CN111510464B (en) Epidemic situation information sharing method and system for protecting user privacy
Yiu et al. Outsourcing search services on private spatial data
GB2495599A (en) Database management system
CN117150557A (en) Compression-supporting private information retrieval method and system based on secure multiparty computing
CN116502254A (en) Method and device for inquiring trace capable of searching statistics
CN116502276A (en) Method and device for inquiring trace
Yang et al. Mu-teir: Traceable encrypted image retrieval in the multi-user setting
Bhagat et al. Reverse encryption algorithm: a technique for encryption & decryption
WO2024098550A1 (en) Encryption method and decryption method for user identifier in data, system, and device
CN115694921B (en) Data storage method, device and medium
Mousa et al. Query Processing Performance on Encrypted Databases by Using the REA Algorithm.
CN111046408A (en) Judgment result processing method, query method, device, electronic equipment and system
Ahmadian Secure query processing in cloud NoSQL
CN112332989B (en) Method and device for encrypting and decrypting electronic bill based on related party
CN115277239A (en) Database data encryption method and device
CN113449320A (en) Desensitization method and system for sensitive data of database

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant