[go: up one dir, main page]

CN115186145B - Privacy keyword query method, device and system - Google Patents

Privacy keyword query method, device and system Download PDF

Info

Publication number
CN115186145B
CN115186145B CN202211099439.5A CN202211099439A CN115186145B CN 115186145 B CN115186145 B CN 115186145B CN 202211099439 A CN202211099439 A CN 202211099439A CN 115186145 B CN115186145 B CN 115186145B
Authority
CN
China
Prior art keywords
hash table
data
positions
oprf
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202211099439.5A
Other languages
Chinese (zh)
Other versions
CN115186145A (en
Inventor
黄熹之
李艺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huakong Tsingjiao Information Technology Beijing Co Ltd
Original Assignee
Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huakong Tsingjiao Information Technology Beijing Co Ltd filed Critical Huakong Tsingjiao Information Technology Beijing Co Ltd
Priority to CN202211099439.5A priority Critical patent/CN115186145B/en
Publication of CN115186145A publication Critical patent/CN115186145A/en
Application granted granted Critical
Publication of CN115186145B publication Critical patent/CN115186145B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • G06F16/90335Query processing
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures
    • G06F16/9014Indexing; Data structures therefor; Storage structures hash tables
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • G06F21/6254Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computational Linguistics (AREA)
  • Medical Informatics (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The application discloses a method, a device and a system for inquiring a privacy keyword, which relate to the technical field of multiparty security calculation and the technical field of privacy calculation, wherein a client maps k keywords to be inquired into a first hash table, a server maps n data pairs into a second hash table in a hash way, batch OPRF protocol is executed between the client and the server aiming at the keywords to be inquired in the first hash table and the keywords in the second hash table, the client obtains k OPRF values, the server obtains n and r OPRF values, the server encrypts the data in the data pairs at the same position in the second hash table by using the n and r OPRF values, the client initiates secret inquiry aiming at k positions to the server, encrypted data at k positions in a third hash table are obtained, and an inquiry result corresponding to the keywords to be inquired is obtained by decrypting the encrypted data. By adopting the scheme, the communication overhead and the calculation overhead of the privacy keyword query are reduced.

Description

Privacy keyword query method, device and system
Technical Field
The present application relates to the field of multi-party secure computing technologies and privacy computing technologies, and in particular, to a method, an apparatus, and a system for querying a privacy keyword.
Background
Privacy Key Search (PKS) is an important application scenario emerging in recent years in the field of multiparty secure computing technology related to cryptography. The method and the system can efficiently realize PKS, can be widely applied to the inquiry of sensitive privacy data in financial, industrial and other scenes, and can protect the data privacy security of the client and the server as far as possible, so that the data of the server only reveals the information of a single data inquiry result.
In the existing method for implementing the privacy keyword query, under the condition that only two parties participate, a Homomorphic Encryption (HE) based method and an Oblivious Transfer (OT) based method can be adopted. The OT-based method has a large communication volume, and requires the server to transmit ciphertext data, which is proportional to the data volume held by the server, to the client. In a general privacy keyword query scenario, a client only queries a small number of keywords, and if a server holds a large amount of data, the communication overhead is in direct proportion to the amount of data held by the server, which obviously causes the communication overhead to be large and unsatisfactory, and is difficult to apply in an actual scenario.
The query result is homomorphically calculated by constructing a polynomial based on the homomorphic encryption method, although the communication overhead can be linear with the data volume n held by the server, the communication overhead can only reach the O (n 0.5) level, and a batch processing technology cannot be used, so that the calculation overhead is large, the public key complexity overhead of O (n) is provided, and the requirement of efficient query can be met by using a great amount of machine computing power in an actual scene.
Based on the fully homomorphic encryption and batch processing technology, efficient hidden query (PIR) can be realized, namely, query is carried out according to the position, the communication overhead and the calculation overhead are small, and the requirement of real-time query in an actual scene can be met. However, in an actual scenario, there is often no demand for querying according to the location, because the client will not have the location information of the data to be queried in the server database when initiating the query, it is impossible to know in which location of the server database the data to be queried is.
Disclosure of Invention
The embodiment of the application provides a method, a device and a system for querying a privacy keyword, which are used for solving the problems of high communication overhead and high calculation overhead of querying the privacy keyword in the prior art.
The embodiment of the application provides a privacy keyword query method, which is applied to a client, wherein the client holds k keywords to be queried, the server holds n data pairs, and each data pair comprises a keyword and corresponding data, and the method comprises the following steps:
mapping k keywords to be inquired into a first hash table with the size of m by using a cuckoo hash algorithm with r hash functions, wherein the k keywords to be inquired are respectively positioned in k positions of the first hash table;
aiming at keywords to be inquired in the first hash table and keywords in a second hash table held by the server, a batch oblivious pseudorandom function OPRF protocol is executed according to the appointed sequence of the positions in the first hash table and the second hash table, k OPRF values corresponding to k positions of the first hash table and the keywords to be inquired stored in the first hash table are obtained, so that the server obtains n times r OPRF values, the second hash table is obtained by utilizing the r hash functions by the server to directly hash and map n data pairs into a hash table with the size of m, each data pair is located at r different positions in the second hash table, the number of the data pairs stored in each position in the second hash table is not more than a preset number B, and the n times r OPRF values respectively correspond to the n times r positions of the n data pairs in the second hash table;
initiating a hiding query for the k positions of a third hash table to the server to obtain B encrypted data returned for each of the k positions, wherein the n times r positions of the encrypted data in the third hash table are obtained by encrypting data in data pairs at the same position in the second hash table by using n times r OPRF values respectively by the server;
and for each position in the k positions, decrypting the B pieces of encrypted data corresponding to the position by using the position owned by the user and the OPRF value corresponding to the stored keyword to be queried, wherein the data which can be successfully decrypted is a query result corresponding to the keyword to be queried corresponding to the position.
Further, the method also comprises the following steps:
and when the decryption of the B encrypted data corresponding to the position is not successful by using the position and the OPRF value corresponding to the stored keyword to be queried, determining that the keyword to be queried corresponding to the position does not exist in the n data pairs.
The embodiment of the application further provides a privacy keyword query method, which is applied to a server, wherein the server holds n data pairs, each data pair comprises a keyword and corresponding data, and the client holds k keywords to be queried, and the method comprises the following steps:
utilizing r hash functions of a cuckoo hash algorithm to directly hash and map n data pairs into a second hash table with the size of m, wherein each data pair is positioned at r different positions in the second hash table, and the data pairs stored at each position in the second hash table are not more than a preset number B;
aiming at keywords in the second hash table and keywords to be inquired in a first hash table held by the client, executing a batch oblivious pseudo-random function OPRF protocol according to the appointed sequence of the positions in the first hash table and the second hash table to obtain n times r OPRF values corresponding to n times r positions of n data pairs in the second hash table respectively, so that the client obtains k OPRF values, wherein the first hash table is obtained by mapping k keywords to be inquired into a hash table with the size of m by the client by using a Cucko hash algorithm with the r hash functions, the k keywords to be inquired are respectively located in k positions of the first hash table, and the k OPRF values are respectively corresponding to the k positions of the k keywords to be inquired in the first hash table and the keywords to be inquired stored in the first hash table;
respectively encrypting data in the data pairs at the same positions in the second hash table by using n times r OPRF values to obtain a third hash table containing n times r encrypted data;
receiving the client-initiated suppressed query for the k locations of the third hash table;
and returning the B pieces of encrypted data of the position in the third hash table to the client aiming at each position in the k positions, so that the client uses the position held by the client and the OPRF value corresponding to the stored keyword to be inquired to decrypt the B pieces of encrypted data corresponding to the position aiming at each position in the k positions, wherein the data which can be successfully decrypted is the inquiry result corresponding to the keyword to be inquired corresponding to the position.
Further, after the encrypting the data in the data pair at the same position in the second hash table by using n times r OPRF values respectively to obtain a third hash table containing n times r encrypted data, the method further includes:
and when the positions of the stored encrypted data which do not reach the preset number B exist in the third hash table, supplementing the encrypted data at the positions to the preset number B by using random number data.
The embodiment of the present application further provides a privacy keyword query device, which is applied to a client, where the client holds k keywords to be queried, the server holds n data pairs, and each data pair includes a keyword and corresponding data, and the device includes:
the system comprises a first mapping module, a second mapping module and a third mapping module, wherein the first mapping module is used for mapping k keywords to be inquired into a first hash table with the size of m by using a cuckoo hash algorithm with r hash functions, and the k keywords to be inquired are respectively positioned in k positions of the first hash table;
a first protocol execution module, configured to execute a batch oblivious pseudo random function OPRF protocol according to a specified sequence of positions in a first hash table and a keyword in a second hash table held by a server, to obtain k OPRF values corresponding to k positions of the first hash table and the keyword to be queried stored in the first hash table, so that the server obtains n times r OPRF values, the second hash table is obtained by the server using the r hash functions to directly hash n data pairs onto a hash table with a size of m, each data pair is located at r different positions in the second hash table, and a data pair stored at each position in the second hash table does not exceed a preset number B, and the n times r OPRF values respectively correspond to n times r positions of the n data pairs in the second hash table;
a first query module, configured to initiate a secret query for the k positions of a third hash table to the server to obtain B pieces of encrypted data returned for each of the k positions, where the n times r positions in the third hash table are obtained by encrypting, by the server, data in a data pair at the same position in the second hash table by using n times r OPRF values, respectively;
and the data decryption module is used for decrypting the B encrypted data corresponding to the position by using the position held by the data decryption module and the OPRF value corresponding to the stored keyword to be queried aiming at each position in the k positions, wherein the data which can be successfully decrypted is a query result corresponding to the keyword to be queried corresponding to the position.
Further, the data decryption module is further configured to determine that the keyword to be queried corresponding to the location does not exist in the n data pairs when decryption of the B encrypted data corresponding to the location is unsuccessful using the location and the OPRF value corresponding to the keyword to be queried stored in the location.
The embodiment of the present application further provides a privacy keyword query device, which is applied to a server, the server holds n data pairs, each data pair includes a keyword and corresponding data, and a client holds k keywords to be queried, the device includes:
the second mapping module is used for directly mapping n data pairs into a second hash table with the size of m by utilizing r hash functions of a cuckoo hash algorithm in a hash manner, wherein each data pair is positioned at r different positions in the second hash table, and the data pair stored at each position in the second hash table is not more than a preset number B;
a second protocol execution module, configured to execute a batch oblivious pseudo random function OPRF protocol according to a specified order of positions in a first hash table of the client and keywords to be queried in the second hash table, where the keywords are in the second hash table, and the first hash table is obtained by mapping k keywords to be queried to a hash table with a size of m by using a cuckoo hash algorithm with r hash functions for the client, where the k keywords to be queried are located in k positions of the first hash table, and the k OPRF values correspond to k positions of the k keywords to be queried in the first hash table and stored keywords of the first hash table, respectively;
the data encryption module is used for encrypting the data in the data pairs at the same position in the second hash table by using n times r OPRF values respectively to obtain a third hash table containing n times r encrypted data;
a second query module configured to receive an insider query initiated by the client for the k locations of the third hash table;
and the data sending module is used for returning the B pieces of encrypted data of the position in the third hash table to the client aiming at each position in the k positions, so that the client uses the position owned by the client and the OPRF value corresponding to the keyword to be queried stored in the client aiming at each position in the k positions to decrypt the B pieces of encrypted data corresponding to the position, wherein the data which can be successfully decrypted is a query result corresponding to the keyword to be queried corresponding to the position.
Further, the data encryption module is further configured to, when the third hash table has a position where the stored encrypted data does not reach the preset number B, supplement the encrypted data at the position to the preset number B by using random number data.
An embodiment of the present application further provides a system for querying a privacy keyword, including: any one of the privacy keyword query devices applied to the client and any one of the privacy keyword query devices applied to the server.
Embodiments of the present application further provide an electronic device, including a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: the method for inquiring the privacy keywords applied to the client side is achieved, or the method for inquiring the privacy keywords applied to the server side is achieved.
An embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a processor, the method for querying the privacy keyword applied to the client is implemented, or the method for querying the privacy keyword applied to the server is implemented.
The embodiment of the present application further provides a computer program product containing instructions, which when run on a computer, causes the computer to execute any one of the above-mentioned privacy keyword query methods applied to the client, or execute any one of the above-mentioned privacy keyword query methods applied to the server.
The beneficial effect of this application includes:
in the method provided by the embodiment of the application, a client holds k keywords to be queried, a server holds n data pairs, each data pair contains a keyword and corresponding data, the client maps the k keywords to be queried into a first hash table with the size of m by using a cuckoo hash algorithm with r hash functions, the server performs hash mapping on the n data pairs into a second hash table with the size of m by using r hash functions of the cuckoo hash algorithm, a batch OPRF protocol is executed between the client and the server aiming at the keywords to be queried in the first hash table and the keywords in the second hash table according to the specified sequence of the positions in the first hash table and the second hash table, the client obtains k OPRF values corresponding to the k positions of the first hash table and the stored keywords to be queried, the server obtains n encrypted values corresponding to the n positions of the n data pairs in the second hash table respectively, the server obtains encrypted values corresponding to the n encrypted data pairs of the k positions of the client and the encrypted data corresponding to the k positions of the second hash table, and decrypts the encrypted data by using the encrypted data corresponding to the encrypted key values of the k positions of the client, and the encrypted data corresponding to the encrypted data, and the encrypted data of the client. Compared with the prior art, the method has the advantages that the secondary linear communication overhead and efficient calculation characteristic of the position-based secret query are reserved, the additional communication overhead of the introduced OPRF protocol is low, and the additional calculation overhead belongs to rapid symmetric key level operation, so that the communication overhead and calculation overhead of the privacy keyword query are reduced on the premise that the privacy of the keyword query of the client and the security of the data privacy of the server are guaranteed to a certain extent, and the query efficiency is improved.
Additional features and advantages of the application will be set forth in the description which follows, and in part will be obvious from the description, or may be learned by the practice of the application. The objectives and other advantages of the application may be realized and attained by the structure particularly pointed out in the written description and claims hereof as well as the appended drawings.
Drawings
The accompanying drawings are included to provide a further understanding of the application and are incorporated in and constitute a part of this specification, illustrate embodiments of the application and together with the description serve to explain the principles of the application and not to limit the application. In the drawings:
FIG. 1 is a flowchart of a privacy keyword query method applied to a client in an embodiment of the present application;
FIG. 2 is a flowchart of a privacy keyword query method applied to a server in an embodiment of the present application;
fig. 3 is a flowchart of a privacy keyword query method provided in an embodiment of the present application;
fig. 4 is a schematic diagram of a first hash table and a second hash table in example 1 of an embodiment of the present application;
fig. 5 is a schematic diagram of a third hash table in example 1 of the embodiment of the present application;
fig. 6 is a schematic structural diagram of a privacy keyword query apparatus applied to a client according to an embodiment of the present application;
fig. 7 is a schematic structural diagram of a privacy keyword query apparatus applied to a server according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
In order to provide an implementation scheme for reducing communication overhead and calculation overhead of the privacy keyword query, embodiments of the present application provide a method, an apparatus, and a system for querying the privacy keyword, and the following description is made in conjunction with the accompanying drawings of the specification to describe preferred embodiments of the present application, it should be understood that the preferred embodiments described herein are only for describing and explaining the present application, and are not used to limit the present application. And the embodiments and features of the embodiments in the present application may be combined with each other without conflict.
The embodiment of the application provides a privacy keyword query method, which is applied to a client, wherein the client holds k keywords to be queried, the server holds n data pairs, and each data pair comprises a keyword and corresponding data, as shown in fig. 1, the method comprises the following steps:
step 11, mapping k keywords to be queried to a first hash table with the size of m by using a cuckoo hash algorithm with r hash functions, wherein the k keywords to be queried are respectively located in k positions of the first hash table;
step 12, aiming at the keywords to be queried in the first hash table and the keywords in the second hash table held by the server, executing a batch oblivious pseudo-random function OPRF protocol according to the appointed sequence of the positions in the first hash table and the second hash table to obtain k OPRF values corresponding to k positions of the first hash table and the keywords to be queried stored in the first hash table, so that the server obtains n times r OPRF values, the second hash table is obtained by utilizing r hash functions for the server and directly mapping n data pairs to a hash table with the size of m in a hash table, each data pair is located at r different positions in the second hash table, the data pair stored at each position in the second hash table does not exceed a preset number B, and the n times r OPRF values respectively correspond to n times r positions of the n data pairs in the second hash table;
step 13, initiating a hiding query for k positions of a third hash table to the server to obtain B encrypted data returned for each of the k positions, wherein the n times r positions in the third hash table are obtained by encrypting data in data pairs at the same position in the second hash table by the server by using n times r OPRF values respectively;
and 14, for each position in the k positions, decrypting the B encrypted data corresponding to the position by using the position owned by the user and the OPRF value corresponding to the stored keyword to be queried, wherein the data which can be successfully decrypted is a query result corresponding to the keyword to be queried corresponding to the position.
Correspondingly, an embodiment of the present application further provides a privacy keyword query method, which is applied to a server, where the server holds n data pairs, each data pair includes a keyword and corresponding data, and the client holds k keywords to be queried, as shown in fig. 2, the method includes:
step 21, utilizing r hash functions of a cuckoo hash algorithm to directly hash and map n data pairs into a second hash table with the size of m, wherein each data pair is located at r different positions in the second hash table, and the number of the data pairs stored in each position in the second hash table is not more than a preset number B;
step 22, aiming at the keywords in the second hash table and the keywords to be queried in the first hash table held by the client, according to the appointed sequence of the positions in the first hash table and the second hash table, executing a batch oblivious pseudo-random function OPRF protocol to obtain n times r OPRF values respectively corresponding to n times r positions of n data pairs in the second hash table, so that the client obtains k OPRF values, wherein the first hash table is obtained by mapping k keywords to be queried into a hash table with the size of m by using a cuckoo hash algorithm with r hash functions for the client, the k keywords to be queried are respectively located in k positions of the first hash table, and the k OPRF values are respectively corresponding to k positions of the k keywords to be queried in the first hash table and the stored keywords to be queried;
step 23, encrypting the data in the data pairs at the same position in the second hash table by using n times r OPRF values respectively to obtain a third hash table containing n times r encrypted data;
step 24, receiving a hiding query aiming at k positions of a third hash table initiated by a client;
and 25, returning the B pieces of encrypted data of the position in the third hash table to the client for each of the k positions, so that the client decrypts the B pieces of encrypted data corresponding to the position by using the position held by the client and the stored OPRF value corresponding to the keyword to be queried for each of the k positions, wherein the data which can be successfully decrypted is a query result corresponding to the keyword to be queried corresponding to the position.
In the above method for querying a privacy keyword provided in this embodiment of the present application, a client holds k keywords to be queried, a server holds n data pairs, each data pair includes a keyword and corresponding data, the client maps the k keywords to be queried to a first hash table with a size of m by using a cuckoo hash algorithm with r hash functions, the server maps the n data pairs to a second hash table with a size of m by using r hash functions of the cuckoo hash algorithm, a batch OPRF protocol is executed between the client and the server for the keywords to be queried in the first hash table and the keywords in the second hash table according to an assigned sequence of positions in the first hash table and the second hash table, the client obtains k OPRF values corresponding to k positions of the first hash table and the stored keywords to be queried, the server obtains n times r OPRF values respectively corresponding to n times r positions of n data pairs in the second hash table, the server encrypts data in the data pairs at the same positions in the second hash table by using the n times r OPRF values respectively to obtain a third hash table containing the n times r encrypted data, then the client initiates a hiding query for k positions of the third hash table to the server to obtain B encrypted data of each position in the k positions in the third hash table, and for each position, the position and the OPRF value corresponding to the stored keyword to be queried are used for decrypting the B encrypted data corresponding to the position, wherein the data which can be successfully decrypted is a query result corresponding to the keyword to be queried corresponding to the position. Compared with the prior art, the method has the advantages that the secondary linear communication overhead and efficient calculation characteristic of the position-based secret query are reserved, the additional communication overhead of the introduced OPRF protocol is low, and the additional calculation overhead belongs to rapid symmetric key level operation, so that the communication overhead and calculation overhead of the privacy keyword query are reduced on the premise that the privacy of the keyword query of the client and the security of the data privacy of the server are guaranteed to a certain extent, and the query efficiency is improved.
The method and apparatus and corresponding system provided by the present application are described in detail below with reference to the accompanying drawings using specific embodiments.
The embodiment of the application provides a privacy keyword query method, which is applied to a client and a server, wherein the client holds k keywords to be queried, the server holds n data pairs, each data pair comprises a keyword and corresponding data, and the method can be used for the client to query the server for the data corresponding to the k keywords to be queried, as shown in fig. 3, and the method can include the following steps:
step 31, the client maps k keywords to be queried to a first Hash table with a size of m by using a Cuckoo Hash (Cuckoo Hash) algorithm with r Hash functions, where the k keywords to be queried are respectively located in k positions of the first Hash table, that is, at most one keyword to be queried is mapped at each position in the first Hash table.
In the embodiment of the application, a client needs to perform privacy keyword query, and the client holds k keywords to be queried, z1, z2, … …, zk, and k keywords to be queried, z1, z2, … …, and zk are respectively mapped to positions C (z 1), C (z 2), … …, and C (zk).
Taking example 1 as an example, the client holds 2 keywords x4 and x7 to be queried, maps the 2 keywords to be queried into a first hash table with a size of 8, and maps the keyword x7 to a position 2 and the keyword x4 to a position 6 as shown in fig. 4.
And step 32, the server directly maps n data pairs into a second hash table with the size of m by using r hash functions of the cuckoo hash algorithm, wherein each data pair is located at r different positions in the second hash table, and the data pairs stored at each position in the second hash table are not more than the preset number B.
In the embodiment of the application, a client needs to perform a privacy keyword query, and a server holds n queried data pairs (x 1, y 1), (x 2, y 2), … …, (xn, yn), n data pairs (x 1, y 1), (x 2, y 2), … …, (xn, yn) are mapped into a second hash table, r is multiplied by n positions, and it is assumed that xi is mapped to a position H (xi, 1), H (xi, 2), … …, H (xi, r), where H (xi, j) has a value between 1-m, and a data pair (xi, yi) is stored at a position H (xi, j) of the second hash table, where i is not less than 1 and not more than n, j is not less than 1 and not more than r. And setting an upper limit of the preset number B, namely that the data pairs stored in each position in the second hash table do not exceed the preset number B.
Taking the above example 1 as an example, the server holds 7 data pairs, namely, (x 1, y 1), (x 2, y 2), (x 3, y 3), (x 4, y 4), (x 5, y 5), (x 6, y 6), (x 7, y 7), where r takes the value of 3,B takes the value of 3, and maps the 7 data pairs to a second hash table with the size of 8, as shown in fig. 4, the data pair (x 1, y 1) is located at positions 4, 5 and 6, the data pair (x 2, y 2) is located at positions 1, 4 and 5, the data pair (x 3, y 3) is located at positions 2, 7 and 8, and the other data pairs are mapped to positions as shown in fig. 4.
When the client and the server execute hash mapping, the client uses a cuckoo hash algorithm with r hash functions, and the server uses the same r hash functions of the same cuckoo hash algorithm, so that in the first hash table and the second hash table, for each keyword to be queried in the k keywords to be queried, the data pair of the keyword to be queried is located in r positions in the second hash table, and one position is inevitably the same as the position where the keyword to be queried is located in the first hash table.
There is no strict sequence between step 31 and step 32.
Step 33, between the client and the server, executing a batch OPRF (Oblivious Pseudo-Random Function) protocol according to the specified sequence of the positions in the first hash table and the second hash table for the keyword to be queried in the first hash table and the keyword in the second hash table.
The client as a sender can obtain k OPRF values corresponding to k positions of the first hash table and the keyword to be queried stored therein, which are OPRF (z 1, C (z 1)), OPRF (z 2, C (z 2)), … …, and OPRF (zk, C (zk)).
The server side can obtain n-by-r OPRF values corresponding to n-by-r positions of n data pairs in the second hash table, which are OPRF (x 1, H (x 1, 1)), OPRF (x 1, H (x 1, 2)), … …, OPRF (x 1, H (x 1, r)), OPRF (x 2, H (x 2, 1)), OPRF (x 2, H (x 2, 2)), … …, OPRF (x 2, H (x 2, r)), … …, OPRF (xn, H (xn, 1)), OPRF (xn, H (xn, 2)), … …, OPRF (xn, H (xn, r)), as the receiver side.
After performing this step according to the above example 1, the client obtains 2 OPRF values, respectively OPRF (x 7, 2) and OPRF (x 4, 6), and the server obtains 21 OPRF values of 7 multiplied by 3, for example, OPRF (x 2, 1), OPRF (x 5, 1), OPRF (x 3, 2), etc., where two OPRF values are equal to OPRF (x 7, 2) and OPRF (x 4, 6) held by the client, i.e., 3 OPRF values obtained by the server for location 2, including OPRF (x 3, 2), OPRF (x 6, 2) and OPRF (x 7, 2), and 3 OPRF values obtained for purpose 6, including OPRF (x 1, 6), OPRF (x 4, 6) and OPRF (x 6, 6).
And step 34, the server encrypts the data in the data pairs at the same position in the second hash table by using n times r OPRF values respectively to obtain a third hash table containing n times r encrypted data.
That is, using the OPRF (xi, H (xi, j)) corresponding to the position H (xi, j), the data yi in the data pair (xi, yi) placed at the position H (xi, j) is encrypted to obtain encrypted data [ yi ], and the corresponding encrypted data pair is (xi, [ yi ]).
After this step is performed according to the above example 1, a third hash table as shown in fig. 5 is obtained.
The server encrypts y3, y6 and y7 respectively and correspondingly by using OPRF (x 3, 2), OPRF (x 6, 2) and OPRF (x 7, 2) for the position 2 to obtain encrypted data [ y3], [ y6], [ y7], and encrypts y1, y4 and y6 respectively by using OPRF (x 1, 6), OPRF (x 4, 6) and OPRF (x 6, 6) for the position 6 to obtain encrypted data [ y1], [ y4] and [ y6].
And step 35, when the positions with the stored encrypted data not reaching the preset number B exist in the third hash table, supplementing the encrypted data at the positions to the preset number B by using the random number data.
In the above example 1, B takes a value of 3, and as can be seen from fig. 5, the encrypted data stored in the positions 1, 5, and 8 does not reach 3 pieces, and therefore the encrypted data in the position can be supplemented to 3 pieces using random data.
And step 36, the client initiates a hiding query for k positions of the third hash table to the server to obtain B pieces of encrypted data returned for each position of the k positions.
In this step, the client initiates a hiding query for the positions C (z 1), C (z 2), … … and C (zk) of the third hash table to the server, the server returns B pieces of encrypted data located at the positions in the third hash table for the hiding query for each position, and the total of the returned k times the B pieces of encrypted data.
The present step is performed according to the above example 1, after requesting a hidden query for the position 2 where the keyword x7 to be queried is located in the first hash table, the server returns 3 pieces of encrypted data [ y3], [ y6], [ y7] located at the position 2 in the third hash table to the client, and after requesting a hidden query for the position 6 where the keyword x4 to be queried is located in the first hash table, the server returns 3 pieces of encrypted data [ y1], [ y4], [ y6] located at the position 6 in the third hash table to the client.
And step 37, the client decrypts the B encrypted data corresponding to the position by using the position held by the client and the stored OPRF value corresponding to the keyword to be queried for each position of the k positions, wherein the data which can be successfully decrypted is a query result corresponding to the keyword to be queried corresponding to the position.
If z1= xi is assumed among n data pairs held by the server for the keyword z1 to be queried, then there is necessarily an encrypted data pair (xi, [ yi ]) in the C (z 1) position of the third hash table of the server after (xi, yi) being encrypted by the OPRF (xi, C (z 1)), so that there is necessarily one of the B encrypted data [ yt (1) ], [ yt (2) ], … …, [ yt (B) ] requested by the client to be implicitly queried from the server as [ yi ], and the OPRF (z 1, C (z 1)) owned by the client is the same as the OPRF (xi, C (z 1)) owned by the server, so that the client can correctly decrypt the encrypted data [ yi ] into yi, and the other encrypted data cannot be correctly decrypted successfully, and can only obtain a scrambling code.
In the embodiment of the application, for how to judge whether the decryption is correct and successful or the messy codes are obtained by decryption, whether the first several bits (such as 40 bits) of the decrypted yi are 0 or not can be judged, if all 0 bits are 0 bits, the probability is high, the decryption is correct and successful, and if the messy codes are obtained by decryption, the first 40 bits can be all 0 bits with very small probability (2 ^ 40).
If the keyword z1 to be queried is in n data pairs held by the server, then [ yt (1) ], [ yt (2) ], … …, and [ yt (B) ] do not have encrypted data encrypted by the OPRF (z 1, C (z 1)), the client cannot decrypt any valid data information, that is, cannot successfully decrypt, and thus it is determined that the keyword to be queried corresponding to the location does not exist in the n data pairs.
This step is performed according to the above example 1, and the client decrypts the encrypted data [ y3], [ y6], [ y7] obtained by the confidential query with the use of the OPRF (x 7, 2) for the location 2, and since [ y7] is obtained by encrypting y7 with the use of the OPRF (x 7, 2) by the server, the client can successfully decrypt the encrypted data [ y7] to obtain y7 as the query result of the keyword x7 to be queried.
Aiming at the position 6, the client uses OPRF (x 4, 6) to decrypt encrypted data [ y1], [ y4], [ y6] obtained by hiding the query respectively, and since [ y4] is obtained by encrypting y4 by using OPRF (x 4, 6) by the server, the client can successfully decrypt the encrypted data [ y4] to obtain y4 which is used as a query result of the keyword x4 to be queried.
The privacy keyword query method provided by the embodiment of the application utilizes cuckoo hash, an OPRF protocol and secret query, wherein the size m of a hash table in a cuckoo hash algorithm, the number r of hash functions and the upper limit value B of a data pair stored in each position can be flexibly set based on the requirements in practical application, m should be properly selected and cannot be too small, otherwise, the upper limit value B of the data pair stored in each position is relatively large, so that the overhead of computing and transmitting k times the encrypted data in B secret queries is relatively large, m cannot be too large, and otherwise, the data volume transmitted when a batch OPRF protocol is executed between a client and a server is relatively large.
The privacy keyword query method provided by the embodiment of the application is particularly suitable for scenes of client batch query and scenes of repeated query. The number r of the hash functions in the cuckoo hash algorithm can be 2 or 3, and as the number of the keywords queried by the client at one time is not too large, even if only 2 or 3 hash functions are selected, the higher success rate of cuckoo hash can be ensured.
Based on the same inventive concept, according to the privacy keyword query method applied to the client in the foregoing embodiment of the present application, correspondingly, another embodiment of the present application further provides a privacy keyword query device applied to the client, where the client holds k keywords to be queried, the server holds n data pairs, each data pair includes a keyword and corresponding data, and a schematic structural diagram of the privacy keyword query device is shown in fig. 6, and specifically includes:
a first mapping module 61, configured to map k keywords to be queried to a first hash table with a size of m by using a cuckoo hash algorithm with r hash functions, where the k keywords to be queried are located in k positions of the first hash table respectively;
a first protocol execution module 62, configured to execute a batch oblivious pseudo random function OPRF protocol according to a specified sequence of positions in the first hash table and a keyword in a second hash table held by the server, to obtain k OPRF values corresponding to k positions of the first hash table and the keyword to be queried stored in the first hash table, so that the server obtains n times r OPRF values, the second hash table is obtained by the server using the r hash functions to directly hash n data pairs onto a hash table with a size of m, each data pair is located at r different positions in the second hash table, and a data pair stored in each position in the second hash table does not exceed a preset number B, and the n times r OPRF values respectively correspond to n times r positions of the n data pairs in the second hash table;
a first query module 63, configured to initiate a concealed query for the k positions of a third hash table to the server to obtain B pieces of encrypted data returned for each of the k positions, where the n times r positions in the third hash table are obtained by encrypting, by the server, data in a data pair at the same position in the second hash table by using n times r OPRF values, respectively;
and a data decryption module 64, configured to decrypt, for each of the k positions, B pieces of encrypted data corresponding to the position by using the position held by the data decryption module and the stored OPRF value corresponding to the keyword to be queried, where the data that can be successfully decrypted is a query result corresponding to the keyword to be queried corresponding to the position.
Further, the data decryption module 64 is further configured to determine that the keyword to be queried corresponding to the location does not exist in the n data pairs when decryption of the B encrypted data corresponding to the location is unsuccessful by using the location and the OPRF value corresponding to the keyword to be queried stored in the location.
Based on the same inventive concept, according to the method for querying a privacy keyword applied to a server in the foregoing embodiment of the present application, correspondingly, another embodiment of the present application further provides a device for querying a privacy keyword, which is applied to a server, where the server holds n data pairs, each data pair includes a keyword and corresponding data, and the client holds k keywords to be queried, and a schematic structural diagram of the device is shown in fig. 7, and specifically includes:
a second mapping module 71, configured to directly hash and map n data pairs into a second hash table with a size of m by using r hash functions of a cuckoo hash algorithm, where each data pair is located at r different positions in the second hash table, and the number of the data pairs stored at each position in the second hash table is not greater than a preset number B;
a second protocol execution module 72, configured to execute a batch oblivious pseudo random function OPRF protocol according to an assigned sequence of positions in the first hash table and a keyword to be queried in a first hash table held by the client, to obtain n times r OPRF values corresponding to n times r positions of n data pairs in the second hash table, so that the client obtains k OPRF values, where the first hash table is obtained by mapping k keywords to be queried to a hash table with a size of m by using a cuckoo hash algorithm with the r hash functions, where the k keywords to be queried are located in k positions of the first hash table, and the k OPRF values correspond to k positions of the k keywords to be queried in the first hash table and the keyword to be queried stored in the first hash table;
a data encryption module 73, configured to encrypt data in the data pairs at the same position in the second hash table by using n times r OPRF values, respectively, to obtain a third hash table containing n times r encrypted data;
a second query module 74 configured to receive the client-initiated suppressed query for the k locations of the third hash table;
the data sending module 75 is configured to return, to the client, for each of the k locations, B pieces of encrypted data in the location in the third hash table, so that the client decrypts, for each of the k locations, the B pieces of encrypted data corresponding to the location by using the location held by the client and the OPRF value corresponding to the stored keyword to be queried, where the data that can be successfully decrypted is a query result corresponding to the keyword to be queried corresponding to the location.
Further, the data encryption module 73 is further configured to, when the positions where the stored encrypted data does not reach the preset number B exist in the third hash table, supplement the encrypted data at the positions to the preset number B by using random number data.
The functions of the above modules may correspond to the corresponding processing steps in the flows shown in fig. 1 to fig. 3, and are not described herein again.
The privacy keyword query device applied to the client and the privacy keyword query device applied to the server provided by the embodiment of the application can be realized through computer programs. It should be understood by those skilled in the art that the above-mentioned module division manner is only one of many module division manners, and if the module division manner is divided into other modules or not, it is within the scope of the present application as long as the privacy keyword query device applied to the client and the privacy keyword query device applied to the server have the above-mentioned functions.
An embodiment of the present application further provides a system for querying a privacy keyword, including: any one of the privacy keyword query devices applied to the client and any one of the privacy keyword query devices applied to the server.
An electronic device is further provided in an embodiment of the present application, as shown in fig. 8, including a processor 81 and a machine-readable storage medium 82, where the machine-readable storage medium 82 stores machine-executable instructions that can be executed by the processor 81, and the processor 81 is caused by the machine-executable instructions to: the method for inquiring the privacy keywords applied to the client side is achieved, or the method for inquiring the privacy keywords applied to the server side is achieved.
An embodiment of the present application further provides a computer-readable storage medium, where a computer program is stored in the computer-readable storage medium, and when the computer program is executed by a processor, the computer program implements any one of the above methods for querying a privacy keyword applied to a client, or implements any one of the above methods for querying a privacy keyword applied to a server.
The embodiment of the present application further provides a computer program product containing instructions, which when run on a computer, causes the computer to execute any one of the above-mentioned privacy keyword query methods applied to the client, or execute any one of the above-mentioned privacy keyword query methods applied to the server.
The machine-readable storage medium in the electronic device may include a Random Access Memory (RAM) and a Non-Volatile Memory (NVM), such as at least one disk Memory. Optionally, the memory may also be at least one memory device located remotely from the processor.
The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), application Specific Integrated Circuits (ASICs), field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components.
All the embodiments in the present specification are described in a related manner, and the same and similar parts among the embodiments may be referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the apparatus, the electronic device, the computer-readable storage medium, and the computer program product embodiment, since they are substantially similar to the method embodiment, the description is relatively simple, and in the relevant places, reference may be made to the partial description of the method embodiment.
It is noted that, herein, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising a … …" does not exclude the presence of another identical element in a process, method, article, or apparatus that comprises the element.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flowchart illustrations and/or block diagrams, and combinations of flows and/or blocks in the flowchart illustrations and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
It will be apparent to those skilled in the art that various changes and modifications may be made in the present application without departing from the spirit and scope of the application. Thus, if such modifications and variations of the present application fall within the scope of the claims of the present application and their equivalents, the present application is intended to include such modifications and variations as well.

Claims (11)

1. A method for inquiring privacy keywords is applied to a client, the client holds k keywords to be inquired, a server holds n data pairs, and each data pair comprises a keyword and corresponding data, and the method comprises the following steps:
mapping k keywords to be inquired into a first hash table with the size of m by using a cuckoo hash algorithm with r hash functions, wherein the k keywords to be inquired are respectively positioned in k positions of the first hash table;
aiming at keywords to be inquired in the first hash table and keywords in a second hash table held by the server, executing a batch oblivious pseudorandom function OPRF protocol according to the appointed sequence of the positions in the first hash table and the second hash table to obtain k OPRF values corresponding to k positions of the first hash table and the keywords to be inquired stored in the first hash table respectively, so that the server obtains n times r OPRF values, the second hash table is obtained by the server utilizing the r hash functions to directly hash and map n data pairs into a hash table with the size of m, each data pair is located at r different positions in the second hash table, the number of data pairs stored in each position in the second hash table is not more than a preset number B, and the n times r OPRF values respectively correspond to n times r positions of the n data pairs in the second hash table;
initiating a hiding query for the k positions of a third hash table to the server to obtain B encrypted data returned for each of the k positions, wherein the n times r positions of the encrypted data in the third hash table are obtained by encrypting data in data pairs at the same position in the second hash table by using n times r OPRF values respectively by the server;
and for each position in the k positions, decrypting the B pieces of encrypted data corresponding to the position by using the position owned by the user and the OPRF value corresponding to the stored keyword to be queried, wherein the data which can be successfully decrypted is a query result corresponding to the keyword to be queried corresponding to the position.
2. The method of claim 1, further comprising:
and when the decryption of the B encrypted data corresponding to the position is unsuccessful by using the position and the OPRF value corresponding to the stored keyword to be queried, determining that the keyword to be queried corresponding to the position does not exist in the n data pairs.
3. A method for inquiring privacy key words is applied to a server, the server holds n data pairs, each data pair comprises a key word and corresponding data, and a client holds k key words to be inquired, and the method comprises the following steps:
utilizing r hash functions of a cuckoo hash algorithm to directly hash and map n data pairs into a second hash table with the size of m, wherein each data pair is positioned at r different positions in the second hash table, and the data pairs stored at each position in the second hash table are not more than a preset number B;
aiming at keywords in the second hash table and keywords to be inquired in a first hash table held by the client, executing a batch oblivious pseudo-random function OPRF protocol according to the appointed sequence of the positions in the first hash table and the second hash table to obtain n times r OPRF values respectively corresponding to n times r positions of n data pairs in the second hash table, so that the client obtains k OPRF values, the first hash table is obtained by mapping k keywords to be inquired to a hash table with the size of m by the client by using a cuckoo hash algorithm with the r hash functions, the k keywords to be inquired are respectively located in k positions of the first hash table, and the k OPRF values respectively correspond to the k positions of the k keywords to be inquired in the first hash table and the keywords to be inquired stored in the first hash table;
respectively encrypting data in the data pairs at the same positions in the second hash table by using n times r OPRF values to obtain a third hash table containing n times r encrypted data;
receiving the client-initiated suppressed query for the k locations of the third hash table;
and returning the B pieces of encrypted data of the position in the third hash table to the client aiming at each position in the k positions, so that the client uses the position held by the client and the OPRF value corresponding to the stored keyword to be inquired to decrypt the B pieces of encrypted data corresponding to the position aiming at each position in the k positions, wherein the data which can be successfully decrypted is the inquiry result corresponding to the keyword to be inquired corresponding to the position.
4. The method of claim 3, wherein after encrypting the data in the co-located data pair in the second hash table using n times r OPRF values, respectively, to obtain a third hash table containing n times r encrypted data, further comprising:
and when the positions of the stored encrypted data which do not reach the preset number B exist in the third hash table, supplementing the encrypted data at the positions to the preset number B by using random number data.
5. A privacy keyword query device is applied to a client, wherein the client holds k keywords to be queried, a server holds n data pairs, and each data pair contains a keyword and corresponding data, the device comprises:
the system comprises a first mapping module, a second mapping module and a third mapping module, wherein the first mapping module is used for mapping k keywords to be inquired into a first hash table with the size of m by using a cuckoo hash algorithm with r hash functions, and the k keywords to be inquired are respectively positioned in k positions of the first hash table;
a first protocol execution module, configured to execute a batch oblivious pseudo random function OPRF protocol according to a specified sequence of positions in a first hash table and a keyword in a second hash table held by a server, to obtain k OPRF values corresponding to k positions of the first hash table and the keyword to be queried stored in the first hash table, so that the server obtains n times r OPRF values, the second hash table is obtained by the server using the r hash functions to directly hash n data pairs onto a hash table with a size of m, each data pair is located at r different positions in the second hash table, and a data pair stored at each position in the second hash table does not exceed a preset number B, and the n times r OPRF values respectively correspond to n times r positions of the n data pairs in the second hash table;
a first query module, configured to initiate a secret query for the k positions of a third hash table to the server to obtain B pieces of encrypted data returned for each of the k positions, where the n times r positions in the third hash table are obtained by encrypting, by the server, data in a data pair at the same position in the second hash table by using n times r OPRF values, respectively;
and the data decryption module is used for decrypting the B encrypted data corresponding to the position by using the position held by the data decryption module and the OPRF value corresponding to the stored keyword to be queried aiming at each position in the k positions, wherein the data which can be successfully decrypted is a query result corresponding to the keyword to be queried corresponding to the position.
6. The apparatus of claim 5, wherein the data decryption module is further configured to determine that the keyword to be queried corresponding to the location does not exist in the n data pairs when decryption of the B encrypted data corresponding to the location is unsuccessful using the OPRF value corresponding to the location and the stored keyword to be queried corresponding to the location.
7. The utility model provides a privacy keyword inquiry unit which characterized in that is applied to the server side, the server side holds n data pairs, and every data pair contains a keyword and corresponding data, and the client side holds k keywords of waiting to inquire, the device includes:
the second mapping module is used for directly mapping n data pairs into a second hash table with the size of m in a hash manner by utilizing r hash functions of a cuckoo hash algorithm, wherein each data pair is positioned at r different positions in the second hash table, and the data pairs stored at each position in the second hash table are not more than a preset number B;
a second protocol execution module, configured to execute a batch oblivious pseudo random function OPRF protocol according to an assigned sequence of positions in a first hash table held by a client and keywords in the second hash table, to obtain n times r OPRF values corresponding to n times r positions of n data pairs in the second hash table, so that the client obtains k OPRF values, where the first hash table is obtained by mapping k keywords to be queried to a hash table having a size of m by using a cuckoo hash algorithm with the r hash functions, where the k keywords to be queried are located in k positions of the first hash table, and the k OPRF values correspond to k positions of the k keywords to be queried in the first hash table and stored keywords;
the data encryption module is used for encrypting the data in the data pairs at the same positions in the second hash table by using n times r OPRF values respectively to obtain a third hash table containing n times r encrypted data;
a second query module for receiving the client-initiated suppressed query for the k locations of the third hash table;
and the data sending module is used for returning the B pieces of encrypted data of the position in the third hash table to the client aiming at each position in the k positions, so that the client can decrypt the B pieces of encrypted data corresponding to the position by using the position owned by the client and the OPRF value corresponding to the stored keyword to be queried aiming at each position in the k positions, wherein the data which can be successfully decrypted is a query result corresponding to the keyword to be queried corresponding to the position.
8. The apparatus of claim 7, wherein the data encryption module is further configured to, when there is a position in the third hash table where the stored encrypted data does not reach the preset number B, supplement the encrypted data at the position to the preset number B using random number data.
9. A privacy keyword query system, comprising: the privacy keyword query device applied to the client according to any one of claims 5 to 6, and the privacy keyword query device applied to the server according to any one of claims 7 to 8.
10. An electronic device comprising a processor and a machine-readable storage medium storing machine-executable instructions executable by the processor, the processor being caused by the machine-executable instructions to: the method for querying the privacy keywords applied to the client side in any one of claims 1 to 2 is implemented, or the method for querying the privacy keywords applied to the server side in any one of claims 3 to 4 is implemented.
11. A computer-readable storage medium, wherein a computer program is stored in the computer-readable storage medium, and when executed by a processor, the computer program implements the method for querying the privacy keyword applied to the client according to any one of claims 1 to 2, or implements the method for querying the privacy keyword applied to the server according to any one of claims 3 to 4.
CN202211099439.5A 2022-09-09 2022-09-09 Privacy keyword query method, device and system Active CN115186145B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211099439.5A CN115186145B (en) 2022-09-09 2022-09-09 Privacy keyword query method, device and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211099439.5A CN115186145B (en) 2022-09-09 2022-09-09 Privacy keyword query method, device and system

Publications (2)

Publication Number Publication Date
CN115186145A CN115186145A (en) 2022-10-14
CN115186145B true CN115186145B (en) 2022-11-18

Family

ID=83524194

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211099439.5A Active CN115186145B (en) 2022-09-09 2022-09-09 Privacy keyword query method, device and system

Country Status (1)

Country Link
CN (1) CN115186145B (en)

Families Citing this family (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115906185B (en) * 2023-02-14 2023-07-28 蓝象智联(杭州)科技有限公司 Batch hidden query method, device and storage medium
CN116028506B (en) * 2023-02-23 2025-08-22 山东浪潮科学研究院有限公司 Hash connection method, device, equipment and medium
CN115967491B (en) * 2023-03-07 2023-05-23 华控清交信息科技(北京)有限公司 Privacy intersection method, system and readable storage medium
CN115982424B (en) * 2023-03-15 2023-05-12 华控清交信息科技(北京)有限公司 Privacy keyword query method and device and electronic equipment
CN116361344B (en) * 2023-04-03 2024-09-06 北京火山引擎科技有限公司 Data query method, device, equipment and medium
CN116150445B (en) * 2023-04-04 2023-07-21 哈尔滨工业大学(深圳)(哈尔滨工业大学深圳科技创新研究院) Batch information query method, electronic equipment and storage medium
CN116541868A (en) * 2023-06-08 2023-08-04 圣牒(北京)科技有限公司 Batch privacy information acquisition method based on careless pseudo-random function and hash function
CN116401693B (en) * 2023-06-09 2023-07-28 北京融数联智科技有限公司 One-to-many equivalent connection method and system for database with privacy protection
CN117171162B (en) * 2023-08-03 2024-08-06 湖南天河国云科技有限公司 Hidden query method, device and storage medium based on collision-free hash mapping
CN117992641B (en) * 2024-01-19 2024-11-15 北京邮电大学 Batch keyword hidden query method and system
CN118264391B (en) * 2024-05-27 2024-08-06 华控清交信息科技(北京)有限公司 Privacy intersection method and device and electronic equipment
CN119150313A (en) * 2024-08-20 2024-12-17 中国银联股份有限公司 Data processing method, device, equipment and storage medium
CN119293298B (en) * 2024-12-11 2025-03-28 云南省大数据有限公司 Privacy query method and system based on unbalanced privacy set intersection

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140201520A1 (en) * 2010-12-03 2014-07-17 Yacov Yacobi Attribute-based access-controlled data-storage system
CN113343305A (en) * 2021-06-29 2021-09-03 招商局金融科技有限公司 Intersection calculation method, device and equipment of private data and storage medium
CN115017107A (en) * 2022-06-02 2022-09-06 润联软件系统(深圳)有限公司 Data retrieval method, device, computer equipment and medium based on protection of privacy

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20140201520A1 (en) * 2010-12-03 2014-07-17 Yacov Yacobi Attribute-based access-controlled data-storage system
CN113343305A (en) * 2021-06-29 2021-09-03 招商局金融科技有限公司 Intersection calculation method, device and equipment of private data and storage medium
CN115017107A (en) * 2022-06-02 2022-09-06 润联软件系统(深圳)有限公司 Data retrieval method, device, computer equipment and medium based on protection of privacy

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
《医疗云中隐私信息可检索加密技术研究》;黄美东;《中国博士学位论文全文数据库》;20190715;全文 *

Also Published As

Publication number Publication date
CN115186145A (en) 2022-10-14

Similar Documents

Publication Publication Date Title
CN115186145B (en) Privacy keyword query method, device and system
CN112836229A (en) A trusted data access control scheme combining attribute-based encryption and blockchain
US8484480B2 (en) Transmitting information using virtual input layout
US20120170740A1 (en) Content protection apparatus and content encryption and decryption apparatus using white-box encryption table
CN109729041B (en) Method and device for issuing and acquiring encrypted content
JP2014075787A (en) Method and apparatus to provide authentication and confidentiality of low complexity devices
US11924178B2 (en) Method and system for secure information distribution based on group shared key
US20170262546A1 (en) Key search token for encrypted data
CN114491637B (en) Data query method, device, computer equipment and storage medium
CN113434555B (en) Data query method and device based on searchable encryption technology
CN116502254B (en) Method and device for inquiring trace capable of searching statistics
CN113569259B (en) Data sharing method, system, equipment and computer readable storage medium
CN106685644B (en) Communication encryption method and device, gateway, server, intelligent terminal and system
CN115982424B (en) Privacy keyword query method and device and electronic equipment
CN116702190A (en) Hidden query method supporting multiple parties
CN113364577B (en) Method and device for realizing OPRF protocol and electronic equipment
CN116305013A (en) Method, device, electronic equipment and medium for adding electronic files of traceability information
CN118264391B (en) Privacy intersection method and device and electronic equipment
CN118133327B (en) Searchable encryption method and system supporting privacy of search mode
CN119025577A (en) An encrypted search method for privacy protection of authorized information
WO2018054144A1 (en) Method, apparatus, device and system for dynamically generating symmetric key
CN117254907A (en) Communication method and device based on elliptic curve public key cryptographic algorithm and electronic equipment
CN117827884B (en) Batch data query method and device
CN115333820B (en) Block chain data processing method, device, equipment and storage medium
CN115604006B (en) Data transmission method, device, equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant