[go: up one dir, main page]

CN114443718B - A data query method and system - Google Patents

A data query method and system Download PDF

Info

Publication number
CN114443718B
CN114443718B CN202210105663.4A CN202210105663A CN114443718B CN 114443718 B CN114443718 B CN 114443718B CN 202210105663 A CN202210105663 A CN 202210105663A CN 114443718 B CN114443718 B CN 114443718B
Authority
CN
China
Prior art keywords
data
query
information
queried
query information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210105663.4A
Other languages
Chinese (zh)
Other versions
CN114443718A (en
Inventor
顾凌云
郭志攀
王伟
李海全
袁嘉骏
刘奇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shanghai IceKredit Inc
Original Assignee
Shanghai IceKredit Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shanghai IceKredit Inc filed Critical Shanghai IceKredit Inc
Priority to CN202210105663.4A priority Critical patent/CN114443718B/en
Publication of CN114443718A publication Critical patent/CN114443718A/en
Application granted granted Critical
Publication of CN114443718B publication Critical patent/CN114443718B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • G06F16/24553Query execution of query operations
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • G06F16/2255Hash tables
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides a data query method and a data query system, and relates to the technical field of computers. Firstly, a data inquiry terminal calculates hash values of inquiry information and confusion information, calculates a specific encryption value, and sends the specific encryption value and the hash values of the inquiry information and the confusion information to a data providing terminal; then, the data providing terminal generates a matching array based on whether the hash value matched with the hash value of the query information and the hash value of the confusion information exists in the database, and calculates to obtain an encryption value of the data to be queried in the database; and finally, when the data to be queried corresponding to the query information exists, the data query end decrypts the data provided by the data providing end to obtain the data to be queried. According to the scheme, the information of the queried data can be obtained only through one interaction, compared with the prior art, the interaction times are reduced while the operation complexity is kept unchanged, the delay of the whole process is lower, and the efficiency is higher.

Description

Data query method and system
Technical Field
The application relates to the technical field of computers, in particular to a data query method and a data query system.
Background
In the process that the data query terminal queries the data providing terminal, the query information of the data query terminal finishes the query under the condition of not being leaked, and meanwhile, other data information of the data providing terminal is protected from leakage, namely, the data query terminal can only obtain the queried data information and can not know the other data information.
Taking a method for inquiring the trace of an careless transmission protocol as an example, the common practice is that firstly, N-1 false samples are generated as confusion data, inquiry information and confusion information are assembled into a list in sequence and sent to a data providing end for data inquiry; then, the data providing end generates N pairs of public key-private key pairs, encrypts the queried results by using different public keys respectively, and sends the results and the corresponding encrypted public keys to the data querying end; then, the data query terminal uses a random number to obtain a private key corresponding to the queried data; and finally, the data query terminal obtains the information of the query data by using the private key. In the above process, two interactions are needed, which results in long time spent on query and influences the query efficiency.
Disclosure of Invention
In order to overcome at least the above-mentioned shortcomings in the prior art, the present application is directed to a data query method and system for solving the above-mentioned technical problems.
In a first aspect, an embodiment of the present application provides a data query method, applied to a data query system, where the data query system includes a data query end and a data providing end that are communicatively connected, the data providing end includes a database, where data to be queried and a hash value corresponding to the data to be queried are stored in the database, and the method includes:
The data query terminal generates query information and confusion information, and calculates hash values of the query information and the confusion information;
The data query end calculates a specific encryption value and sends the specific encryption value, the query information and the hash value of the confusion information to the data providing end;
The data providing end generates a matching array based on whether hash values matched with the hash values of the query information and the confusion information exist in the database or not;
The data providing end calculates and obtains an encryption value of data to be queried in the database, obtains feedback data based on the encryption value of the data to be queried and the matching array, and sends the feedback data to the data querying end;
And the data query terminal encrypts the query information based on the feedback data to obtain an encryption result, determines whether the data to be queried corresponding to the query information exists in the database based on the encryption result, and decrypts the data provided by the data providing terminal to obtain the data to be queried if the data to be queried corresponding to the query information exists.
According to the scheme, the information of the queried data can be obtained only through one interaction, compared with the prior art, the interaction times are reduced while the operation complexity is kept unchanged, the delay of the whole process is lower, and the efficiency is higher.
In one possible implementation manner, the step of generating query information and confusion information by the data query end and calculating to obtain hash values of the query information and the confusion information includes:
Randomly generating a plurality of confusion information with the same data type as the query information;
And respectively carrying out hash calculation on the query information and the confusion information to obtain hash values of the query information and the confusion information.
In one possible implementation manner, the step of calculating, by the data querying end, a specific encryption value and sending the specific encryption value and hash values of the query information and the confusion information to the data providing end includes:
Calculating a specific encryption value based on the determined random number and the hash value of the query information;
Transmitting the determined random number, the specific encryption value and hash values of the query information and the confusion information to the data providing end;
Wherein the determined random number comprises a first random number g, a second random number h and a third random number r, the formula for calculating the specific encryption value y is:
y=grhα
Alpha is the hash value of the query information.
In one possible implementation manner, the step of generating, by the data providing end, a matching array based on whether there is a hash value in the database that matches the hash values of the query information and the confusion information includes:
Inquiring whether a hash value matched with the hash value of the inquiry information and the hash value of the confusion information exists in the database, and generating a matching array, wherein the ith element in the matching array is 1, which indicates that the ith data to be inquired in the database has the hash value matched with the hash value of the inquiry information or the hash value of the confusion information, and the ith element in the matching array is 0, which indicates that the ith data to be inquired in the database does not have the hash value matched with the hash value of the inquiry information or the hash value of the confusion information.
In one possible implementation manner, the step of calculating, by the data providing end, an encrypted value of data to be queried in the database, obtaining feedback data based on the encrypted value of the data to be queried and the matching array, and sending the feedback data to the data querying end includes:
sequentially calculating the encryption value of each piece of data to be queried in the database;
Calculating to obtain encryption parameters;
sequentially carrying out exclusive-or processing on the elements in the matching array and the encryption values of the corresponding data to be queried to obtain a first exclusive-or result;
And sending the first exclusive-or result and the encryption parameter to the data query end.
In one possible implementation manner, the step of encrypting the query information by the data query end based on the feedback data to obtain an encryption result, determining whether there is data to be queried corresponding to the query information in the database based on the encryption result, and decrypting the data provided by the data providing end to obtain the data to be queried if there is the data to be queried corresponding to the query information includes:
The data query terminal encrypts the query information based on the encryption parameter to obtain an encryption result of the query information;
Performing exclusive-or processing on the encryption result of the query information and the first exclusive-or result to obtain a second exclusive-or result;
Determining whether the data to be queried corresponding to the query information exists in the database or not based on the second exclusive or result;
if the data to be queried corresponding to the query information exists, decrypting the data provided by the data providing end to obtain the data to be queried.
In one possible implementation manner, the encryption function f 1 (x) that the data query end encrypts the query information based on the encryption parameter is:
f1(x)=H((y/hi)k,i)=H((grhα/hi)k,i)
Wherein H is a hash function, i is a sequence number, k is a fourth random number, the first random number g and the second random number H are generated in the first set, the third random number r and the fourth random number k are generated in the second set, and the first set and the second set are prime sets.
In a second aspect, an embodiment of the present application further provides a data query system, where the data query system includes a data query end and a data providing end that are connected in a communication manner, the data providing end includes a database, where data to be queried and a hash value corresponding to the data to be queried are stored in the database, the data query end includes a confusion and hash module and a first computing module, and the data providing end includes a storage and query module and a second computing module;
the confusion and hash module is used for generating inquiry information and confusion information and calculating hash values of the inquiry information and the confusion information;
the first calculation module is used for calculating a specific encryption value and sending the specific encryption value, the query information and the hash value of the confusion information to the data providing end;
the storage and query module is used for generating a matching array based on whether hash values matched with hash values of the query information and the confusion information exist in the database or not;
The second calculation module is used for calculating and obtaining an encryption value of the data to be queried in the database, obtaining feedback data based on the encryption value of the data to be queried and the matching array, and sending the feedback data to the data query end;
The first calculation module is further configured to encrypt the query information based on the feedback data to obtain an encryption result, determine whether data to be queried corresponding to the query information exists in the database based on the encryption result, and decrypt the data provided by the data providing end to obtain the data to be queried if the data to be queried corresponding to the query information exists.
In one possible implementation manner, the confusion and hash module is specifically configured to:
Randomly generating a plurality of confusion information with the same data type as the query information;
And respectively carrying out hash calculation on the query information and the confusion information to obtain hash values of the query information and the confusion information.
In one possible implementation manner, the first computing module is specifically configured to:
Calculating a specific encryption value based on the determined random number and the hash value of the query information;
Transmitting the determined random number, the specific encryption value and hash values of the query information and the confusion information to the data providing end;
Wherein the determined random number comprises a first random number g, a second random number h and a third random number r, the formula for calculating the specific encryption value y is:
y=grhα
Alpha is the hash value of the query information.
The first computing module is further specifically configured to:
Encrypting the query information based on the encryption parameters to obtain an encryption result of the query information;
performing exclusive-or processing on the encryption result of the query information and the first exclusive-or result to obtain an exclusive-or result;
determining whether the data to be queried corresponding to the query information exists in the database based on the exclusive or result;
if the data to be queried corresponding to the query information exists, decrypting the data provided by the data providing end to obtain the data to be queried.
Based on any one of the aspects, firstly, a data query terminal generates query information and confusion information, calculates hash values of the query information and the confusion information, calculates a specific encryption value, and sends the specific encryption value and the hash values of the query information and the confusion information to a data providing terminal; then, the data providing terminal generates a matching array based on whether the hash value matched with the hash value of the query information and the hash value of the confusion information exists in the database, calculates to obtain the encryption value of the data to be queried in the database, and obtains feedback data based on the encryption value of the data to be queried and the matching array; and finally, when the data to be queried corresponding to the query information exists, the data query end decrypts the data provided by the data providing end to obtain the data to be queried. According to the scheme, the information of the queried data can be obtained only through one interaction, compared with the prior art, the interaction times are reduced while the operation complexity is kept unchanged, the delay of the whole process is lower, and the efficiency is higher.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the following description will briefly explain the drawings required for the embodiments, it being understood that the following drawings illustrate only some embodiments of the present application and are therefore not to be considered limiting of the scope, and that other related drawings may be obtained according to these drawings without the inventive effort of a person skilled in the art.
Fig. 1 is a schematic diagram of an application scenario of a data query method according to an embodiment of the present application;
FIG. 2 is a schematic flow chart of a data query method according to an embodiment of the present application;
fig. 3 is a block diagram of a data query system according to an embodiment of the present application.
Detailed Description
The application will be described in detail below with reference to the drawings, and the specific operation method in the method embodiment may also be applied to the device embodiment or the system embodiment.
In order to overcome the shortcomings in the prior art, an embodiment of the present application provides a data query method capable of improving query efficiency, please refer to fig. 1, fig. 1 is a schematic view of an application scenario of the data query method provided in the embodiment of the present application, and in fig. 1, a data query system 10 includes a data query end 100 and a data providing end 200 which are in communication connection. The data provider 200 may provide a data information query service to the data query terminal 100.
In the embodiment of the present application, the data query terminal 100 may be, but is not limited to, a smart phone, a personal digital assistant, a tablet computer, a personal computer, a notebook computer, a virtual reality terminal device, and the like. In an implementation, there may be multiple data querying terminals 100 accessing the data providing terminal 200, only two of which are shown in fig. 1. The data querying end 100 and the data providing end 200 may be in communication connection through https protocol.
In the embodiment of the present application, the data provider 200 may be a single physical server, or may be a server group formed by a plurality of physical servers for performing different data processing functions. The server farm may be centralized or distributed (e.g., the data provider 200 may be a distributed system). In some possible implementations, such as where data provider 200 employs a single physical server, the physical server may be assigned different logical server components based on different traffic functions.
It will be appreciated that the data query system 10 shown in FIG. 1 is only one possible example, and that in other possible embodiments, the data query system 10 may include only one of the components shown in FIG. 1 or may include other components as well.
Referring to fig. 2, fig. 2 illustrates a flow chart of a data query method according to an embodiment of the present application, where the data query method according to the embodiment of the present application may be executed by the data query system 10, and for convenience in describing the technical solution of the present application, the following details of the flow steps of the data query method are described with reference to fig. 2.
In step S101, the data query terminal 100 generates query information and confusion information, and calculates hash values of the query information and the confusion information.
In the embodiment of the present application, step S101 may be implemented in the following manner.
Firstly, a plurality of confusion information is randomly generated, wherein the data type of the confusion information is the same as the data type of the query information. In one possible scenario, the query information may be a user ID of the user to be queried, and the confusion information may be a user ID that is randomly constructed, for example, if the user ID of the user to be queried is a string of characters, then a plurality of user IDs having the same data structure as the user ID of the user to be queried are randomly generated as the confusion information. After generating a plurality of confusion information, the inquiry information is mixed with the confusion information, and the inquiry information is put to the alpha-th bit.
And then, respectively carrying out hash calculation on the query information and the confusion information to obtain hash values of the query information and the confusion information.
And respectively carrying out hash calculation on the mixed query information and the mixed confusion information to obtain hash values of the query information and the mixed confusion information.
In the embodiment of the present application, the step S101 is preceded by storing the data to be queried and the hash value corresponding to the data to be queried in advance in the database of the data providing end 200.
In step S102, the data querying end 100 calculates a specific encryption value, and sends the specific encryption value and the hash values of the query information and the confusion information to the data providing end 200.
In the embodiment of the present application, step S102 may be implemented in the following manner.
First, a specific encryption value is calculated based on the determined random number and the hash value of the query information.
Specifically, the determined random number may include a first random number g, a second random number h, and a third random number r, and the formula for calculating the specific encryption value y is as follows:
y=grhα
alpha is the hash value of the query information.
The determined random number, the specific encryption value, and the hash value of the challenge information and the confusion information are then transmitted to the data providing terminal 200.
Specifically, the first random number g, the second random number h, the third random number r, and hash values of the query information and the confusion information are transmitted to the data providing terminal 200.
In step S103, the data provider 200 generates a matching array based on whether there is a hash value in the database that matches the hash values of the query information and the confusion information.
In the embodiment of the application, whether the hash value matched with the hash value of the query information and the hash value of the confusion information exists or not is queried in a database, and a matching array b [ i ] is generated, wherein the ith element in the matching array b [ i ] is 1 and represents that the ith data to be queried in the database has the hash value matched with the hash value of the query information or the hash value of the confusion information, and the ith element in the matching array b [ i ] is 0 and represents that the ith data to be queried in the database does not have the hash value matched with the hash value of the query information or the hash value of the confusion information.
In step S104, the data providing end 200 calculates an encryption value of the data to be queried in the database, obtains feedback data based on the encryption value of the data to be queried and the matching array, and sends the feedback data to the data querying end 100.
In the embodiment of the present application, step S104 may be implemented in the following manner.
Firstly, sequentially calculating the encryption value of each data to be queried in the database.
Specifically, the encryption value of each data to be queried in the database may be calculated by, for example, for the ith data to be queried in the database, the encryption function of the ith data to be queried
f1(i)=H((y/hi)k,i)=H((grhαhi)k,i)
H is a hash function, i is a sequence number, k is a fourth random number, a first random number g and a second random number H are generated in a first set, a third random number r and a fourth random number k are generated in a second set, wherein the first set and the second set are mutually prime sets, the first set can be a 64-bit random number generation element set, and the second set can be a 32-bit set. Wherein the elements in a group can be generated by the product of a minimum number of group elements, which are called generator elements of the group, the number of generator elements being the rank of the finite group.
Then, the encryption parameters are calculated.
Specifically, a suitable fourth random number k is selected, and an encryption parameter a, a=g k is calculated as follows.
And then, sequentially carrying out exclusive-or processing on the elements in the matching array and the encryption values of the corresponding data to be queried to obtain a first exclusive-or result.
B [ i ] of the ith data to be queried in the database and the encryption value H ((y/H i)k, i) are sequentially subjected to exclusive-or processing to obtain a first exclusive-or result
Finally, the first exclusive-or result and the encryption parameter are sent to the data querying terminal 100.
In step S105, the data querying end 100 encrypts the query information based on the feedback data to obtain an encrypted result, determines whether there is data to be queried corresponding to the query information in the database based on the encrypted result, and decrypts the data provided by the data providing end 200 to obtain the data to be queried if there is data to be queried corresponding to the query information.
In the embodiment of the present application, step S105 may be implemented in the following manner.
Firstly, encrypting the query information based on the encryption parameters to obtain an encryption result of the query information.
In the embodiment of the present application, the encryption result of the α -th query information (i.e., the true query information) is H (a r, α).
And then, carrying out exclusive-or processing on the encryption result of the query information and the first exclusive-or result to obtain a second exclusive-or result.
Exclusive-or processing H (a r, alpha) with the first exclusive-or result c i to obtain a second exclusive-or result.
And then, determining whether the data to be queried corresponding to the query information exists in the database based on the second exclusive OR result.
If the second exclusive or result is 1, indicating that the data to be queried corresponding to the query information exists in the database; and if the second exclusive or result is 0, indicating that the data to be queried corresponding to the query information does not exist in the database.
Finally, if there is data to be queried corresponding to the query information, decrypting the data provided by the data providing terminal 200 to obtain the data to be queried.
Compared with the prior art, the method provided by the embodiment of the application can obtain the information of the queried data only by one interaction, reduces the interaction times while keeping the operation complexity unchanged, and has lower delay and higher efficiency in the whole process.
Referring to fig. 3, the data query system 10 further includes a data query end 100 and a data providing end 200 that are communicatively connected, the data providing end 200 includes a database, the database stores data to be queried and hash values corresponding to the data to be queried, the data query end 100 includes a confusion and hash module 110 and a first computing module 120, and the data providing end 200 includes a storage and query module 210 and a second computing module 220.
The confusion and hash module 110 is configured to generate query information and confusion information, and calculate hash values of the query information and the confusion information.
The confusion and hash module 110 described in the present application is implemented in the following manner.
Firstly, a plurality of confusion information is randomly generated, wherein the data type of the confusion information is the same as the data type of the query information. In one possible scenario, the query information may be a user ID of the user to be queried, and the confusion information may be a user ID that is randomly constructed, for example, if the user ID of the user to be queried is a string of characters, then a plurality of user IDs having the same data structure as the user ID of the user to be queried are randomly generated as the confusion information. After generating a plurality of confusion information, the inquiry information is mixed with the confusion information, and the inquiry information is put to the alpha-th bit.
And then, respectively carrying out hash calculation on the query information and the confusion information to obtain hash values of the query information and the confusion information.
And respectively carrying out hash calculation on the mixed query information and the mixed confusion information to obtain hash values of the query information and the mixed confusion information.
The first calculation module 120 is configured to calculate a specific encryption value, and send the specific encryption value, the hash value of the query information and the confusion information to the data provider 200.
In an embodiment of the present application, the first computing module 120 is specifically implemented in the following manner.
First, a specific encryption value is calculated based on the determined random number and the hash value of the query information.
Specifically, the determined random number may include a first random number g, a second random number h, and a third random number r, and the formula for calculating the specific encryption value y is as follows:
y=grhα
alpha is the hash value of the query information.
The determined random number, the specific encryption value, and the hash value of the challenge information and the confusion information are then transmitted to the data providing terminal 200.
Specifically, the first random number g, the second random number h, the third random number r, and hash values of the query information and the confusion information are transmitted to the data providing terminal 200.
The storing and querying module 130 is configured to generate a matching array based on whether a hash value matching the hash values of the query information and the confusion information exists in the database.
In an embodiment of the present application, the storage and query module 210 is specifically implemented in the following manner.
In the embodiment of the application, whether the hash value matched with the hash value of the query information and the hash value of the confusion information exists or not is queried in the database, and a matching array is generated, wherein the ith element bi in the matching array is 1 and represents that the ith data to be queried in the database has the hash value matched with the hash value of the query information or the hash value of the confusion information, and the ith element bi in the matching array is 0 and represents that the ith data to be queried in the database does not have the hash value matched with the hash value of the query information or the hash value of the confusion information.
The second calculation module 220 is configured to calculate an encryption value of the data to be queried in the database, obtain feedback data based on the encryption value of the data to be queried and the matching array, and send the feedback data to the data querying end 100.
In an embodiment of the present application, the second computing module 220 is specifically implemented in the following manner.
Firstly, sequentially calculating the encryption value of each data to be queried in the database.
Specifically, the encryption value of each data to be queried in the database may be calculated by, for example, for the ith data to be queried in the database, the encryption function of the ith data to be queried
f1(i)=H((y/hi)k,i)=H((grhα/hi)k,i)
H is a hash function, i is a sequence number, k is a fourth random number, a first random number g and a second random number H are generated in a first set, a third random number r and a fourth random number k are generated in a second set, wherein the first set and the second set are mutually prime sets, the first set can be a 64-bit random number generation element set, and the second set can be a 32-bit set. Wherein the elements in a group can be generated by the product of a minimum number of group elements, which are called generator elements of the group, the number of generator elements being the rank of the finite group.
Then, the encryption parameters are calculated.
Specifically, a suitable fourth random number k is selected, and an encryption parameter a, a=g k is calculated as follows.
And then, sequentially carrying out exclusive-or processing on the elements in the matching array and the encryption values of the corresponding data to be queried to obtain a first exclusive-or result.
B [ i ] of the ith data to be queried in the database and the encryption value H ((y/H i)k, i) are sequentially subjected to exclusive-or processing to obtain a first exclusive-or result
Finally, the first exclusive-or result and the encryption parameter are sent to the data querying terminal 100.
The first calculation module 150 is further configured to encrypt the query information based on the feedback data to obtain an encryption result, determine whether there is data to be queried corresponding to the query information in the database based on the encryption result, and decrypt the data provided by the data providing end 200 to obtain the data to be queried if there is data to be queried corresponding to the query information.
In an embodiment of the present application, the first computing module 120 is specifically implemented in the following manner.
Firstly, encrypting the query information based on the encryption parameters to obtain an encryption result of the query information.
In the embodiment of the present application, the encryption result of the α -th query information (i.e., the true query information) is H (a r, α).
And then, carrying out exclusive-or processing on the encryption result of the query information and the first exclusive-or result to obtain a second exclusive-or result.
Exclusive-or processing H (a r, alpha) with the first exclusive-or result c i to obtain a second exclusive-or result.
And then, determining whether the data to be queried corresponding to the query information exists in the database based on the second exclusive OR result.
If the second exclusive or result is 1, indicating that the data to be queried corresponding to the query information exists in the database; and if the second exclusive or result is 0, indicating that the data to be queried corresponding to the query information does not exist in the database.
Finally, if there is data to be queried corresponding to the query information, decrypting the data provided by the data providing terminal 200 to obtain the data to be queried.
In summary, in the data query method and system provided by the embodiments of the present application, first, a data query terminal generates query information and confusion information, calculates hash values of the query information and the confusion information, calculates a specific encryption value, and sends the specific encryption value and the hash values of the query information and the confusion information to a data providing terminal; then, the data providing terminal generates a matching array based on whether the hash value matched with the hash value of the query information and the hash value of the confusion information exists in the database, calculates to obtain the encryption value of the data to be queried in the database, and obtains feedback data based on the encryption value of the data to be queried and the matching array; and finally, when the data to be queried corresponding to the query information exists, the data query end decrypts the data provided by the data providing end to obtain the data to be queried. According to the scheme, the information of the queried data can be obtained only through one interaction, compared with the prior art, the interaction times are reduced while the operation complexity is kept unchanged, the delay of the whole process is lower, and the efficiency is higher.
The embodiments described above are only some, but not all, embodiments of the application. The components of the embodiments of the present application generally described and illustrated in the figures can be arranged and designed in a wide variety of different configurations. Accordingly, the detailed description of the embodiments of the application provided in the drawings is not intended to limit the scope of the application, but is merely representative of selected embodiments of the application. Based on the above, the protection scope of the present application shall be subject to the protection scope of the claims.

Claims (10)

1.一种数据查询方法,其特征在于,应用于数据查询系统,所述数据查询系统包括通信连接的数据查询端与数据提供端,所述数据提供端包括数据库,所述数据库中存储有待查询数据以及与所述待查询数据对应的哈希值,所述方法包括:1. A data query method, characterized in that it is applied to a data query system, wherein the data query system includes a data query end and a data providing end in communication connection, wherein the data providing end includes a database, wherein the database stores data to be queried and a hash value corresponding to the data to be queried, and the method includes: 所述数据查询端生成查询信息以及混淆信息,并计算得到所述查询信息和所述混淆信息的哈希值;The data query end generates query information and obfuscation information, and calculates hash values of the query information and the obfuscation information; 所述数据查询端计算得到特定的加密值,并将所述特定的加密值以及所述查询信息和所述混淆信息的哈希值发送给所述数据提供端;The data query end calculates a specific encryption value, and sends the specific encryption value and a hash value of the query information and the obfuscated information to the data provider end; 所述数据提供端基于所述数据库中是否存在与所述查询信息和所述混淆信息的哈希值匹配的哈希值生成匹配数组;The data provider generates a matching array based on whether there is a hash value in the database that matches the hash value of the query information and the obfuscated information; 所述数据提供端计算得到所述数据库中待查询数据的加密值,基于所述待查询数据的加密值与所述匹配数组得到反馈数据,并将所述反馈数据发送给所述数据查询端;The data provider calculates and obtains the encrypted value of the data to be queried in the database, obtains feedback data based on the encrypted value of the data to be queried and the matching array, and sends the feedback data to the data query end; 所述数据查询端基于所述反馈数据对所述查询信息进行加密得到加密结果,基于所述加密结果确定所述数据库中是否存在与所述查询信息对应的待查询数据,若存在与所述查询信息对应的待查询数据则将所述数据提供端提供的数据进行解密得到所需查询的数据。The data query end encrypts the query information based on the feedback data to obtain an encryption result, and determines whether there is data to be queried corresponding to the query information in the database based on the encryption result. If there is data to be queried corresponding to the query information, the data provided by the data provider is decrypted to obtain the required query data. 2.如权利要求1所述的数据查询方法,其特征在于,所述数据查询端生成查询信息以及混淆信息,并计算得到所述查询信息和所述混淆信息的哈希值的步骤,包括:2. The data query method according to claim 1, wherein the step of generating query information and obfuscation information by the data query end and calculating hash values of the query information and the obfuscation information comprises: 随机生成若干个与所述查询信息具有相同数据类型的混淆信息;Randomly generate a number of obfuscated information having the same data type as the query information; 对所述查询信息和所述混淆信息分别进行哈希计算,得到所述查询信息和所述混淆信息的哈希值。Hash calculations are performed on the query information and the obfuscation information respectively to obtain hash values of the query information and the obfuscation information. 3.如权利要求2所述的数据查询方法,其特征在于,所述数据查询端计算得到特定的加密值,并将所述特定的加密值以及所述查询信息和所述混淆信息的哈希值发送给所述数据提供端的步骤,包括:3. The data query method according to claim 2, wherein the step of the data query end calculating a specific encryption value and sending the specific encryption value and a hash value of the query information and the obfuscated information to the data provider end comprises: 基于确定的随机数与所述查询信息的哈希值计算得到特定的加密值;Calculating a specific encryption value based on the determined random number and the hash value of the query information; 将所述确定的随机数、所述特定的加密值以及所述查询信息和所述混淆信息的哈希值发送给所述数据提供端;Sending the determined random number, the specific encryption value, and the query information and the hash value of the obfuscated information to the data provider; 其中,所述确定的随机数包括第一随机数g、第二随机数h及第三随机数r,计算得到特定的加密值y的公式为:The determined random numbers include a first random number g, a second random number h, and a third random number r. The formula for calculating the specific encrypted value y is: y=grhα y=g r h α α为所述查询信息的哈希值。α is the hash value of the query information. 4.如权利要求3所述的数据查询方法,其特征在于,所述数据提供端基于所述数据库中是否存在与所述查询信息和所述混淆信息的哈希值匹配的哈希值生成匹配数组的步骤,包括:4. The data query method according to claim 3, wherein the step of generating a matching array based on whether there is a hash value matching the query information and the hash value of the obfuscated information in the database comprises: 在所述数据库中查询是否存在与所述查询信息和所述混淆信息的哈希值匹配的哈希值,生成匹配数组,其中匹配数组中的第i个元素为1表示所述数据库中第i个待查询数据具有与所述查询信息或所述混淆信息的哈希值匹配的哈希值,匹配数组中的第i个元素为0表示所述数据库中第i个待查询数据不具有与所述查询信息或所述混淆信息的哈希值匹配的哈希值。A query is made in the database as to whether there is a hash value that matches the hash value of the query information and the obfuscation information, and a matching array is generated, wherein the i-th element in the matching array is 1, indicating that the i-th data to be queried in the database has a hash value that matches the hash value of the query information or the obfuscation information, and the i-th element in the matching array is 0, indicating that the i-th data to be queried in the database does not have a hash value that matches the hash value of the query information or the obfuscation information. 5.如权利要求4所述的数据查询方法,其特征在于,所述数据提供端计算得到所述数据库中待查询数据的加密值,基于所述待查询数据的加密值与所述匹配数组得到反馈数据,并将所述反馈数据发送给所述数据查询端的步骤,包括:5. The data query method according to claim 4, characterized in that the data provider calculates the encrypted value of the data to be queried in the database, obtains feedback data based on the encrypted value of the data to be queried and the matching array, and sends the feedback data to the data query end, comprising: 依次计算所述数据库中每个待查询数据的加密值;Calculate the encryption value of each data to be queried in the database in turn; 计算得到加密参数;Calculate and obtain encryption parameters; 依次对所述匹配数组中的元素与对应待查询数据的加密值进行异或处理,得到第一异或结果;Sequentially performing XOR processing on the elements in the matching array and the encrypted values of the corresponding data to be queried to obtain a first XOR result; 将所述第一异或结果与所述加密参数发送给所述数据查询端。The first XOR result and the encryption parameter are sent to the data query end. 6.如权利要求5所述的数据查询方法,其特征在于,所述数据查询端基于所述反馈数据对所述查询信息进行加密得到加密结果,基于所述加密结果确定所述数据库中是否存在与所述查询信息对应的待查询数据,若存在与所述查询信息对应的待查询数据则将所述数据提供端提供的数据进行解密得到所需查询的数据的步骤,包括:6. The data query method according to claim 5, characterized in that the data query end encrypts the query information based on the feedback data to obtain an encryption result, determines whether there is data to be queried corresponding to the query information in the database based on the encryption result, and if there is data to be queried corresponding to the query information, decrypts the data provided by the data provider to obtain the required query data, comprising: 所述数据查询端基于所述加密参数对所述查询信息进行加密得到所述查询信息的加密结果;The data query end encrypts the query information based on the encryption parameter to obtain an encryption result of the query information; 将所述查询信息的加密结果与所述第一异或结果进行异或处理,得到第二异或结果;Performing XOR processing on the encryption result of the query information and the first XOR result to obtain a second XOR result; 并基于所述第二异或结果确定所述数据库中是否存在所述查询信息对应的待查询数据;and determining whether there is data to be queried corresponding to the query information in the database based on the second XOR result; 若存在所述查询信息对应的待查询数据,则对所述数据提供端提供的数据进行解密得到所需查询的数据。If there is data to be queried corresponding to the query information, the data provided by the data provider is decrypted to obtain the data to be queried. 7.如权利要求6所述的数据查询方法,其特征在于,7. The data query method according to claim 6, characterized in that: 所述数据查询端基于所述加密参数对所述查询信息进行加密的加密函数f1(i)为:The encryption function f 1 (i) used by the data query end to encrypt the query information based on the encryption parameter is: f1(i)=H((y/hi)k,i)=H((grhα/hi)k,i)f 1 (i)=H((y/h i ) k ,i)=H((g r h α /h i ) k ,i) 其中H为哈希函数,i为序号,k是第四随机数,第一随机数g和第二随机数h产生于第一集合,第三随机数r与第四随机数k产生于第二集合,其中,第一集合与第二集合为互质的集合。Wherein H is a hash function, i is a sequence number, k is a fourth random number, the first random number g and the second random number h are generated from a first set, the third random number r and the fourth random number k are generated from a second set, and the first set and the second set are mutually prime sets. 8.一种数据查询系统,其特征在于,所述数据查询系统包括通信连接的数据查询端与数据提供端,所述数据提供端包括数据库,所述数据库中存储有待查询数据以及与所述待查询数据对应的哈希值,所述数据查询端包括混淆与哈希模块及第一计算模块,所述数据提供端包括存储与查询模块及第二计算模块;8. A data query system, characterized in that the data query system comprises a data query end and a data providing end in communication connection, the data providing end comprises a database, the database stores data to be queried and a hash value corresponding to the data to be queried, the data query end comprises an obfuscation and hash module and a first calculation module, and the data providing end comprises a storage and query module and a second calculation module; 所述混淆与哈希模块,用于生成查询信息以及混淆信息,并计算得到所述查询信息和所述混淆信息的哈希值;The obfuscation and hash module is used to generate query information and obfuscation information, and calculate hash values of the query information and the obfuscation information; 所述第一计算模块,用于计算得到特定的加密值,并将所述特定的加密值与所述查询信息和所述混淆信息的哈希值发送给所述数据提供端;The first calculation module is used to calculate a specific encryption value, and send the specific encryption value, the query information and the hash value of the obfuscated information to the data provider; 所述存储与查询模块,用于基于所述数据库中是否存在与所述查询信息和所述混淆信息的哈希值匹配的哈希值生成匹配数组;The storage and query module is used to generate a matching array based on whether there is a hash value matching the hash value of the query information and the obfuscated information in the database; 所述第二计算模块,用于计算得到所述数据库中待查询数据的加密值,基于所述待查询数据的加密值与所述匹配数组得到反馈数据,并将所述反馈数据发送给所述数据查询端;The second calculation module is used to calculate the encrypted value of the data to be queried in the database, obtain feedback data based on the encrypted value of the data to be queried and the matching array, and send the feedback data to the data query end; 所述第一计算模块,还用于基于所述反馈数据对所述查询信息进行加密得到加密结果,基于所述加密结果确定所述数据库中是否存在与所述查询信息对应的待查询数据,若存在与所述查询信息对应的待查询数据则将所述数据提供端提供的数据进行解密得到所需查询的数据。The first computing module is further used to encrypt the query information based on the feedback data to obtain an encryption result, and determine whether there is data to be queried corresponding to the query information in the database based on the encryption result; if there is data to be queried corresponding to the query information, decrypt the data provided by the data provider to obtain the required query data. 9.如权利要求8所述的数据查询系统,其特征在于,所述混淆与哈希模块具体用于:9. The data query system according to claim 8, wherein the obfuscation and hashing module is specifically used for: 随机生成若干个与所述查询信息具有相同数据类型的混淆信息;Randomly generate a number of obfuscated information having the same data type as the query information; 对所述查询信息和所述混淆信息分别进行哈希计算,得到所述查询信息和所述混淆信息的哈希值。Hash calculations are performed on the query information and the obfuscation information respectively to obtain hash values of the query information and the obfuscation information. 10.如权利要求9所述的数据查询系统,其特征在于,所述第一计算模块具体用于:10. The data query system according to claim 9, wherein the first calculation module is specifically used for: 基于确定的随机数与所述查询信息的哈希值计算得到特定的加密值;Calculating a specific encryption value based on the determined random number and the hash value of the query information; 将所述确定的随机数、所述特定的加密值以及所述查询信息和所述混淆信息的哈希值发送给所述数据提供端;Sending the determined random number, the specific encryption value, and the query information and the hash value of the obfuscated information to the data provider; 其中,所述确定的随机数包括第一随机数g、第二随机数h及第三随机数r,计算得到特定的加密值y的公式为:The determined random numbers include a first random number g, a second random number h, and a third random number r. The formula for calculating the specific encrypted value y is: y=grhα y=g r h α α为所述查询信息的哈希值;α is the hash value of the query information; 所述第一计算模块还具体用于:The first calculation module is further specifically used for: 基于所述加密参数对所述查询信息进行加密得到所述查询信息的加密结果;Encrypting the query information based on the encryption parameter to obtain an encryption result of the query information; 将所述查询信息的加密结果与所述第一异或结果进行异或处理,得到异或结果;Performing XOR processing on the encryption result of the query information and the first XOR result to obtain an XOR result; 并基于所述异或结果确定所述数据库中是否存在所述查询信息对应的待查询数据;and determining whether there is data to be queried corresponding to the query information in the database based on the XOR result; 若存在所述查询信息对应的待查询数据,则对所述数据提供端提供的数据进行解密得到所需查询的数据。If there is data to be queried corresponding to the query information, the data provided by the data provider is decrypted to obtain the data to be queried.
CN202210105663.4A 2022-01-28 2022-01-28 A data query method and system Active CN114443718B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210105663.4A CN114443718B (en) 2022-01-28 2022-01-28 A data query method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210105663.4A CN114443718B (en) 2022-01-28 2022-01-28 A data query method and system

Publications (2)

Publication Number Publication Date
CN114443718A CN114443718A (en) 2022-05-06
CN114443718B true CN114443718B (en) 2024-09-13

Family

ID=81369257

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210105663.4A Active CN114443718B (en) 2022-01-28 2022-01-28 A data query method and system

Country Status (1)

Country Link
CN (1) CN114443718B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114840739B (en) * 2022-05-25 2023-12-22 中国电信股份有限公司 Information retrieval method, device, electronic equipment and storage medium
CN115544579B (en) * 2022-11-24 2023-03-28 北京融数联智科技有限公司 Double-random data confusion query method, device and system
CN116150445B (en) * 2023-04-04 2023-07-21 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) Batch information query method, electronic equipment and storage medium

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110096899A (en) * 2019-04-29 2019-08-06 腾讯科技(深圳)有限公司 A kind of data query method and device
CN110210249A (en) * 2019-06-13 2019-09-06 上海富数科技有限公司 The system and method for track query function of hideing are realized based on data obfuscation

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20080107188A (en) * 2007-06-05 2008-12-10 주식회사 케이티 Efficient Authentication Method and Wireless Recognition System in Wireless Recognition System with Distributed Database
US10509918B1 (en) * 2015-09-18 2019-12-17 Hrl Laboratories, Llc One-time obfuscation for polynomial-size ordered binary decision diagrams (POBDDs)

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110096899A (en) * 2019-04-29 2019-08-06 腾讯科技(深圳)有限公司 A kind of data query method and device
CN110210249A (en) * 2019-06-13 2019-09-06 上海富数科技有限公司 The system and method for track query function of hideing are realized based on data obfuscation

Also Published As

Publication number Publication date
CN114443718A (en) 2022-05-06

Similar Documents

Publication Publication Date Title
CN114443718B (en) A data query method and system
US8694467B2 (en) Random number based data integrity verification method and system for distributed cloud storage
JP6180177B2 (en) Encrypted data inquiry method and system capable of protecting privacy
CN105468986B (en) A kind of confidential information search method and system
CN113711564B (en) Computer-implemented method and system for encrypting data
CN110324143A (en) Data transmission method, electronic equipment and storage medium
CN104995632B (en) Privacy Preserving Database System
CN106888081B (en) Wide coding of intermediate values within white-box implementations
CN112115461B (en) Equipment authentication method and device, computer equipment and storage medium
CN114491637B (en) Data query method, device, computer equipment and storage medium
CN115065457B (en) Data query method and device
GB2514428A (en) Enabling access to data
CN116866029B (en) Random number encryption data transmission method, device, computer equipment and storage medium
US9641328B1 (en) Generation of public-private key pairs
CN104967693A (en) Document similarity calculation method facing cloud storage based on fully homomorphic password technology
CN117220865A (en) Longitude and latitude encryption method, longitude and latitude verification device and readable storage medium
WO2020020127A1 (en) Private key storage and reading method and apparatus, and hardware device
CN112865957A (en) Data encryption transmission method and device, computer target equipment and storage medium
WO2018043573A1 (en) Key exchange method and key exchange system
CN114844688A (en) Data transmission method, device, equipment and computer storage medium
CN116232639A (en) Data transmission method, device, computer equipment and storage medium
Syam Kumar et al. RSA-based dynamic public audit service for integrity verification of data storage in cloud computing using Sobol sequence
JP6368047B2 (en) Key exchange method, key exchange system, key distribution device, representative communication device, general communication device, and program
CN113572599B (en) Electric power data transmission method, data source equipment and data access equipment
CN115277064B (en) Data encryption and data decryption methods and devices, electronic equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant