CN118364506A - Security query method and device for protecting query object - Google Patents
Security query method and device for protecting query object Download PDFInfo
- Publication number
- CN118364506A CN118364506A CN202410468404.7A CN202410468404A CN118364506A CN 118364506 A CN118364506 A CN 118364506A CN 202410468404 A CN202410468404 A CN 202410468404A CN 118364506 A CN118364506 A CN 118364506A
- Authority
- CN
- China
- Prior art keywords
- query
- data table
- client device
- server
- joint
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6254—Protecting personal data, e.g. for financial or medical purposes by anonymising data, e.g. decorrelating personal data from the owner's identification
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/22—Indexing; Data structures therefor; Storage structures
- G06F16/2282—Tablespace storage structures; Management thereof
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/242—Query formulation
- G06F16/2433—Query languages
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Health & Medical Sciences (AREA)
- Data Mining & Analysis (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- Computational Linguistics (AREA)
- Medical Informatics (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The embodiment of the specification provides a security query method and device for protecting a query object, wherein the method comprises the following steps: aiming at the query request, the client device calculates the MPC by utilizing the secret sharing secure multiparty, and performs first joint query on the confused data table in the server to obtain a first fragment of the target index identification of the query object; the confused data table is obtained by randomly mapping the real identifications of a plurality of objects into index identifications; receiving a second segment of the target index identification from the server; determining the target index mark according to the first and second fragments; and according to the target index identifier, performing second combined query on the confused data table with the server through a PI (proportion and record) retrieval mode by using privacy information to obtain a query result of the query object. The method and the device can protect the query object from leakage and have high efficiency.
Description
Technical Field
One or more embodiments of the present specification relate to the field of computers, and more particularly, to a security query method and apparatus for protecting a query object.
Background
Currently, in many business scenarios, a user queries a server for specified data content through a client device. In the query process, for a query request, the client device and the server are required to jointly determine the object identification of the query object, and then for the query result of the query object determined according to the object identification, wherein the object identification is secret to the client device and the server for the requirement of privacy protection, and no additional information is allowed to leak to the client device or the server except that the query result is returned to the client device.
In the prior art, in order to realize the safe query of the protected query object, the query cost is very huge and the efficiency is low. Therefore, it is desirable to provide a secure query that protects the query object, desirably reducing query costs, and which is capable of protecting the query object from leakage and has high efficiency.
Disclosure of Invention
One or more embodiments of the present specification describe a secure query method and apparatus for protecting a query object, which can protect the query object from leakage and have high efficiency.
In a first aspect, a security query method for protecting a query object is provided, the method being performed by a client device and comprising:
Aiming at the query request, performing first joint query on the confused data table in the server by utilizing secret mu lt i-party computat ion (MPC) to obtain a first fragment of a target index identifier of a query object; the confused data table is obtained by randomly mapping the real identifications of a plurality of objects into index identifications;
receiving a second segment of the target index identification from the server;
Determining the target index mark according to the first and second fragments;
And according to the target index identifier, performing second joint query on the confused data table with the server in a privacy information retrieval (pr ivate informat ion RETR IEVA L, PI R) mode to obtain a query result of the query object.
In one possible implementation, the number of the plurality of objects is N, and the index is identified as an integer between 0 and N-1.
In one possible implementation, the query request includes a first query condition and a second query condition; the first query condition determines a query object by limiting the value of the first feature, and the second query condition is used for specifying a second feature to be queried;
The first joint query is performed according to a first query condition, the second joint query is performed according to a second query condition, and the query result is a feature value of a second feature of the query object.
Further, the obfuscated data table includes a first data table and a second data table, where the first data table has a relationship between index identifiers of a plurality of objects and values of first features of the first data table, and the second data table has a relationship between index identifiers of the plurality of objects and values of second features of the second data table;
The first joint query includes joint query of the first data table according to the first query condition; the second joint query includes jointly querying the second data table according to the second query condition.
Further, the first query condition defines that the value of the first feature of the query object is the maximum value of the plurality of objects; or defining the value of the first feature of the query object as the minimum value of the plurality of objects; or the value of the first feature defining the query object is a preset constant.
Further, the performing, with the server, a second joint query on the obfuscated data table in a PI R manner includes:
encrypting the target index identifier to obtain a ciphertext identifier;
Sending the ciphertext identification to the server;
Receiving a ciphertext value corresponding to a feature value of a second feature of the query object from the server; the ciphertext value is obtained by the server executing encryption operation on the relation between the index identifiers of the objects and the value of the second characteristic of the object and the ciphertext identifier;
And decrypting the ciphertext value to obtain the characteristic value of the second characteristic of the query object.
In a second aspect, there is provided a security query method of protecting a query object, the method being performed by a server and comprising:
aiming at the query request, acquiring a confused data table; the confused data table is obtained by randomly mapping real identifications of a plurality of objects into index identifications;
Performing first joint query on the confused data table by combining the secure multiparty computing MPC shared by secrets with the client device to obtain a second segment of the target index identifier of the query object; the client device obtains a first fragment of the target index identifier;
Transmitting the second shard to the client device; the client device determines the target index identifier according to the first fragment and the second fragment;
And carrying out second combined query on the confused data table by the client device in a privacy information retrieval PI R mode, so that the client device obtains a query result of the query object.
In a possible implementation manner, the performing, with the client device, a second joint query on the obfuscated data table by using a PI R method includes:
Receiving a ciphertext identification from the client device; the ciphertext mark is obtained by encrypting the target index mark by the client device;
performing encryption operation on the relation between the index identifiers of the objects and the values of the second features of the objects and the ciphertext identifiers to obtain ciphertext values corresponding to the feature values of the second features of the query objects;
Sending the ciphertext value to the client device; and decrypting the ciphertext value by the client device to obtain a characteristic value of the second characteristic of the query object.
In a third aspect, a security query device for protecting a query object is provided, where the security query device is disposed on a client device, and includes:
The first joint query unit is used for performing first joint query on the confused data table in the server by utilizing secret sharing secure multiparty computing MPC aiming at the query request to obtain a first fragment of the target index identification of the query object; the confused data table is obtained by randomly mapping the real identifications of a plurality of objects into index identifications;
A receiving unit, configured to receive, from the server, a second slice identified by the target index;
the identification determining unit is used for determining the target index identification according to the first fragments obtained by the first joint query unit and the second fragments obtained by the receiving unit;
And the second joint query unit is used for performing second joint query on the confused data table by the server through a privacy information retrieval PI (proportion and record) mode according to the target index identifier obtained by the identifier determining unit, so as to obtain a query result of the query object.
In a fourth aspect, a security query device for protecting a query object is provided, where the security query device is disposed on a server, and includes:
The confusion unit is used for acquiring a confused data table according to the query request; the confused data table is obtained by randomly mapping real identifications of a plurality of objects into index identifications;
The first joint query unit is used for jointly utilizing secret sharing with the client device to perform secure multiparty computing (MPC), and performing first joint query on the confused data table obtained by the confusion unit to obtain a second fragment of the target index identifier of the query object; the client device obtains a first fragment of the target index identifier;
A sending unit, configured to send, to the client device, the second fragment obtained by the first joint query unit; the client device determines the target index identifier according to the first fragment and the second fragment;
and the second joint query unit is used for carrying out second joint query on the confused data table obtained by the confusion unit with the client device in a privacy information retrieval PI R mode, so that the client device obtains a query result of the query object.
In a fifth aspect, there is provided a computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of the first or second aspect.
In a sixth aspect, there is provided a computing device comprising a memory having executable code stored therein and a processor which, when executing the executable code, implements the method of the first or second aspect.
According to the method and the device provided by the embodiment of the specification, the client device calculates the MPC by utilizing the secret sharing secure multiparty for the query request, and performs first joint query on the confused data table in the server to obtain a first fragment of the target index identifier of the query object; the confused data table is obtained by randomly mapping the real identifications of a plurality of objects into index identifications; receiving a second segment of the target index identification from the server; determining the target index mark according to the first and second fragments; and according to the target index identifier, performing second combined query on the confused data table with the server through a PI (proportion and record) retrieval mode by using privacy information to obtain a query result of the query object. From the above, in the embodiment of the specification, the server additionally executes the local randomization of the object identifier to randomly map the real identifier of the object to the index identifier, so that the index identifier of the object can be directly provided to the client device in the clear, the client device is prevented from performing MPC query by using the object identifier shared by the secret, the query cost is huge, the secret query problem is greatly simplified, the query object can be protected from leakage, and the efficiency is high.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings required for the description of the embodiments will be briefly described below, it being obvious that the drawings in the following description are only some embodiments of the present invention, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a schematic illustration of an implementation scenario of an embodiment disclosed herein;
FIG. 2 illustrates a security query method interaction diagram that protects query objects, according to one embodiment;
FIG. 3 illustrates a schematic diagram of a obfuscated data table, according to one embodiment;
FIG. 4 illustrates a private information retrieval schematic diagram in accordance with one embodiment;
FIG. 5 illustrates a schematic block diagram of a security query device protecting a query object, according to one embodiment;
Fig. 6 shows a schematic block diagram of a security query device protecting a query object according to another embodiment.
Detailed Description
The following describes the scheme provided in the present specification with reference to the drawings.
Fig. 1 is a schematic diagram of an implementation scenario of an embodiment disclosed in the present specification. The implementation scenario involves secure querying of protected query objects, wherein the server is responsible for data management and the client device is responsible for completing interactions with users, in particular based on a client-server (C l ient-server, C/S) architecture. According to the embodiment of the specification, a user inquires the specified data content from the server through the client device, namely, the client device receives an inquiry request triggered by the user, and the client device and the server jointly execute the safety inquiry in response to the inquiry request, so that the client device obtains the inquiry result of the inquiry object and displays the inquiry result to the user. It can be understood that, in the query process, for the query request, the client device and the server are required to jointly determine the object identifier of the query object, and then determine the query result of the query object according to the object identifier, where, for the requirement of privacy protection, the object identifier is secret to the client device and the server, and no additional information is allowed to leak to the client device or the server except that the query result is returned to the client device.
In the embodiments of the present disclosure, the meaning of an object may be different in different scenarios, for example, the object may represent a person, a commodity, or an enterprise, etc.
Referring to FIG. 1, taking an example in which an object represents an employee, the server has a first data table, which may be referred to as an employee payroll table, in which employee identifications of respective employees and their corresponding payrolls are recorded, for example, employee A payroll is 1000, employee B payroll is 2000, employee C payroll is 1500, and employee D payroll is 1800; the second data table may be referred to as an employee division table in which employee identifications of individual employees and their corresponding divisions are recorded, e.g., employee A division for one, employee B division for one, employee C division for two, and employee D division for two.
When a user triggers a query request, it is desirable to query the department where the employee with the highest payroll is located, and the whole query process is desirably performed by using secure mu lt i-party computat ion (MPC) without revealing any information outside the department where the query result is located.
For the above-mentioned query request, a general security query includes the following processing procedures: firstly, the client device and the server use MPC to calculate the employee with the highest payroll for the employee payroll to obtain the employee identification of the employee, and then use MPC to query the employee department table by the two parties to obtain the department where the employee is located as a query result.
Since no additional information can be revealed except the query result, the intermediate result of the employee identification cannot be directly known by both parties, and the common processing mode is to make the employee identification in a secret sharing state. This presents a challenge: MPC queries on employee department tables are required using secret shared employee identification. The usual solution requires the use of distributed unintentional storage (Di str ibuted ORAM), which is very costly and inefficient.
The object of the embodiment of the specification is to reduce the cost of the query that the object identification of the query object is secret to both sides, and improve the query efficiency.
FIG. 2 illustrates a secure query method interaction diagram for protecting query objects, which may be interactively performed by a client device and a server based on the implementation scenario illustrated in FIG. 1, in accordance with one embodiment. As shown in fig. 2, the security query method for protecting the query object in this embodiment includes the following steps: step 21, the client device sends a query request to the server; step 22, the server obtains the confused data table according to the query request; the confused data table is obtained by randomly mapping real identifications of a plurality of objects into index identifications; step 23, the server and the client device jointly use secret shared MPC to perform first joint query on the confused data table to obtain a second segment of the target index identification of the query object; the client device obtains a first fragment of the target index identifier; step 24, the server sends the second fragment to the client device; step 25, the client device determines the target index identifier according to the first slice and the second slice; and step 26, the client device performs second joint query on the confused data table with the server in a privacy information retrieval (pr ivate informat ion RETR IEVA L, PI R) mode according to the target index identifier, and a query result of the query object is obtained. Specific implementations of the above steps are described below.
First, in step 21, the client device sends a query request to the server. It will be appreciated that the above-described query request may be user-triggered, and include a certain query condition, and a query result meeting the query condition needs to be returned to the client device.
In the embodiment of the present specification, the server has an initial data table in which the true identifications of a plurality of objects and their corresponding feature data are recorded. For example, the initial data table includes an initial data table one and an initial data table two in fig. 1, the object represents staff, the real identifier represents staff's job number, and the characteristic data includes payroll data and department data.
In one example, the query request includes a first query condition and a second query condition; the first query condition determines a query object by defining a value of a first feature, and the second query condition is used for specifying a second feature to be queried.
For example, referring to the initial data table one and the initial data table two in fig. 1, the query request is used for querying the "department where the employee with the highest payroll is located", which may be split into two query conditions, the first query condition is the "employee with the highest payroll", the second query condition is the "department where the employee is located", the first feature is the payroll, the second feature is the department, the employee with the highest payroll is obtained according to the first query condition, the department where the employee B is obtained according to the second query condition is one.
Further, the first query condition defines that the value of the first feature of the query object is the maximum value of the plurality of objects; or defining the value of the first feature of the query object as the minimum value of the plurality of objects; or the value of the first feature defining the query object is a preset constant.
In the embodiment of the present disclosure, the first query condition is used to determine the query object, or, in other words, the object identifier of the query object, which may be in various specific forms, and is not limited to including a query maximum value, a minimum value, or a preset constant. The first feature is not limited to payroll, and may be, for example, payouts, borrowings, and the like. The second feature is not limited to departments, and can be city, occupation, academic, etc
Then, in step 22, the server obtains the confused data table for the query request; the confusing data table is obtained by mapping the real identifications of a plurality of objects into index identifications randomly. It may be understood that the initial data table records therein real identifiers of a plurality of objects and corresponding feature data thereof, and the obfuscated data table records therein index identifiers of a plurality of objects and corresponding feature data thereof, and the index identifiers are not related to the actual data, for example, index 1 specifically represents which object can be determined only by the server, and the client device cannot determine the object represented by index 1.
In the embodiment of the present disclosure, the generation timing of the obfuscated data table may be flexibly selected, and one generation timing is that after the server receives the query request, the obfuscated data table is generated, for example, the server generates the obfuscated data table specific to the query request each time the server receives the query request, which has high security. The other generation time is that before the server receives the query request, the server generates the confused data table, for example, the server can update the confused data table at regular time, and after the server receives the query request, the server adopts the previously updated confused data table, so that multiple query requests can multiplex the same confused data table, thereby having high efficiency and being capable of setting shorter updating time for improving the safety.
In one example, the number of the plurality of objects is N and the index is identified as an integer between 0 and N-1.
In the embodiment of the present disclosure, the mapping relationship between the real identifier and the index identifier is random, and the numerical range of the index identifier is optional, for example, the index identifier may be an integer between 1 and N, or an integer between 2 and n+1, or the like. Wherein the real identity may be represented by an ID and the index identity may be represented by an ID.
FIG. 3 illustrates a schematic diagram of a obfuscated data table, according to one embodiment. Referring to fig. 3, the obfuscated data table includes a first data table and a second data table, where the first data table is obtained by performing random mapping on an initial data table one shown in fig. 1, the second data table is obtained by performing random mapping on an initial data table two shown in fig. 1, the employee identifier in fig. 1 may be regarded as a real identifier of an object, and the real identifiers of a plurality of objects are randomly mapped to an index identifier, so as to obtain the first data table and the second data table. For example, in FIG. 3, employee A is mapped to index identifier 3, employee B is mapped to index identifier 0, employee C is mapped to index identifier 1, and employee D is mapped to index identifier 2. In the embodiment of the present disclosure, the obfuscated data table is not fixed, and the obfuscated data table corresponding to the query request may be generated for each query request, or the obfuscated data table corresponding to the time may be generated at different times.
Then in step 23, the server and the client device jointly use the secret shared MPC to perform a first joint query on the confused data table to obtain a second segment of the target index identifier of the query object; the client device obtains a first slice of the target index identification. It will be appreciated that the server only gets one slice of the target index identity, which is not able to determine the target index identity, and thus the query object is secret to the server.
Wherein a secure multiparty computing (MPC) can be networked together by multiple principals to execute a pre-negotiated software protocol that enables multiple mutually untrusted parties to securely compute a given function without revealing input, intermediate computing results in addition to the results.
Secret sharing (also known as secret sharing) is a method of dispersing one secret to different parties, each party obtaining a portion of the secret, known as sharding. Only when enough fragments are held can the secret be restored; a single slice cannot recover the secret.
For example, the server obtains one piece of the ID, the client device obtains the other piece of the ID, and the IDs are distributed on both sides in a secret sharing manner.
In the embodiment of the specification, the first joint query is performed according to the query request, and the target index identifier is an intermediate result to be determined in the process of determining the query result.
In one example, the query request includes a first query condition; the first query condition determines a query object by defining a value of a first feature, and the first joint query is performed according to the first query condition.
In this example, the query request does not give the object identifier of the query object, but defines the value of the first feature of the query object by giving the first query condition, so that the client device and the server can determine the query object from a plurality of objects according to the first query condition.
Further, the obfuscated data table includes a first data table, where the first data table has a relationship between index identifiers of a plurality of objects and values of first features of the objects, and the first joint query includes joint query of the first data table according to the first query condition.
In the embodiment of the present disclosure, in response to a first query condition, the MPC using secret sharing may use a specific algorithm, for example, when the first query condition defines that the value of the first feature of the query object is the maximum value of the plurality of objects, the MPC using secret sharing may use a secure maximum value calculation algorithm; when the first query condition limits the value of the first feature of the query object to be the minimum value of the objects, the MPC sharing the secretly can adopt a safe minimum value algorithm; when the first query condition limits the value of the first feature of the query object to be a preset constant, the secret sharing MPC can adopt a safety comparison algorithm.
The server then sends the second shard to the client device at step 24. It will be appreciated that only the server sends the client device the shards of the target index identities it holds, while the client device does not send the server the shards of the target index identities it holds.
For example, the server sends one shard of the ID it holds to the client device, so that the client device holds two shards of the ID.
In step 25, the client device determines the target index identifier according to the first slice and the second slice. It may be understood that the first slice and the second slice may be two slices in the form of a target index identifier and a shared slice, and the client device sums the first slice and the second slice to obtain the target index identifier.
For example, the client device sums two slices of the ID it holds, resulting in a complete ID.
Finally, in step 26, the client device performs a second joint query on the confused data table with the server in the PI R manner according to the target index identifier, so as to obtain a query result of the query object. It can be appreciated that in the PI R approach, the server cannot obtain the target index identification.
Wherein, privacy information retrieval (PI R): is an information retrieval service that provides privacy preserving features. In the process that the client inquires a certain ID from the server, the server can also return the inquiry result of the corresponding ID to the client without knowing the ID.
Fig. 4 illustrates a private information retrieval schematic diagram in accordance with one embodiment. Referring to fig. 4, a querying party has query data k2, a data party has a key value pair (k 1: v 1), (k 2: v 2), (k 3: v 3) … … (k 100: v 100), and the querying party queries a query result v2 corresponding to k2 through private information retrieval, and the data party cannot acquire query information. In this embodiment of the present disclosure, the client device may be regarded as a querying party, the server may be regarded as a data party, the key value pair may be regarded as an index identifier and a corresponding feature value thereof, and k2 may be regarded as a target index identifier, where the data party cannot obtain the target index identifier during the querying process.
There are many specific implementations of private information retrieval (PI R), such as, but not limited to, implementations based on homomorphic encryption.
In one example, the query request includes a second query condition; the second query condition is used for specifying a second feature to be queried; the second combined query is performed according to a second query condition, and the query result is a feature value of a second feature of the query object.
Further, the obfuscated data table includes a second data table, where the second data table has a relationship between index identifiers of the plurality of objects and values of second features of the plurality of objects;
the second joint query includes jointly querying the second data table according to the second query condition.
Further, the performing, with the server, a second joint query on the obfuscated data table by using a PI R method includes:
The client device encrypts the target index identifier to obtain a ciphertext identifier;
the client device sends the ciphertext identification to the server;
The server executes encryption operation on the relation between the index identifiers of the objects and the values of the second features of the objects and the ciphertext identifiers to obtain ciphertext values corresponding to the feature values of the second features of the query objects;
the server sends the ciphertext value to the client device;
And the client device decrypts the ciphertext value to obtain the characteristic value of the second characteristic of the query object.
In this example, the server obtains the ciphertext identifier and the ciphertext value, which cannot infer the target index identifier and the feature value of the second feature of the query object, so that the query object is effectively protected from leakage.
According to the method provided by the embodiment of the specification, client equipment calculates MPC (multi-party computing) by utilizing secret sharing for a query request, and performs first joint query on the confused data table in the server to obtain a first fragment of a target index identifier of a query object; the confused data table is obtained by randomly mapping the real identifications of a plurality of objects into index identifications; receiving a second segment of the target index identification from the server; determining the target index mark according to the first and second fragments; and according to the target index identifier, performing second combined query on the confused data table with the server through a PI (proportion and record) retrieval mode by using privacy information to obtain a query result of the query object. From the above, in the embodiment of the specification, the server additionally executes the local randomization of the object identifier to randomly map the real identifier of the object to the index identifier, so that the index identifier of the object can be directly provided to the client device in the clear, the client device is prevented from performing MPC query by using the object identifier shared by the secret, the query cost is huge, the secret query problem is greatly simplified, the query object can be protected from leakage, and the efficiency is high.
According to another aspect of the present invention, there is further provided a security query device for protecting a query object, where the security query device is configured to be disposed on a client device, and is configured to perform an action performed by the client device in a method provided by an embodiment of the present specification. FIG. 5 illustrates a schematic block diagram of a security query device protecting a query object, according to one embodiment. As shown in fig. 5, the apparatus 500 includes:
The first joint query unit 51 is configured to perform a first joint query on the data table after confusion in the server by using the secure multi-party computing MPC with secret sharing for the query request, to obtain a first slice of the target index identifier of the query object; the confused data table is obtained by randomly mapping the real identifications of a plurality of objects into index identifications;
A receiving unit 52, configured to receive, from the server, a second slice identified by the target index;
an identifier determining unit 53, configured to determine the target index identifier according to the first slice obtained by the first joint query unit 51 and the second slice obtained by the receiving unit 52;
And a second joint query unit 54, configured to perform a second joint query on the obfuscated data table with the server by retrieving the PI R according to the target index identifier obtained by the identifier determining unit 53, so as to obtain a query result of the query object.
Optionally, as an embodiment, the number of the plurality of objects is N, and the index is identified as an integer between 0 and N-1.
Optionally, as an embodiment, the query request includes a first query condition and a second query condition; the first query condition determines a query object by limiting the value of the first feature, and the second query condition is used for specifying a second feature to be queried;
The first joint query is performed according to a first query condition, the second joint query is performed according to a second query condition, and the query result is a feature value of a second feature of the query object.
Further, the obfuscated data table includes a first data table and a second data table, where the first data table has a relationship between index identifiers of a plurality of objects and values of first features of the first data table, and the second data table has a relationship between index identifiers of the plurality of objects and values of second features of the second data table;
The first joint query includes joint query of the first data table according to the first query condition; the second joint query includes jointly querying the second data table according to the second query condition.
Further, the first query condition defines that the value of the first feature of the query object is the maximum value of the plurality of objects; or defining the value of the first feature of the query object as the minimum value of the plurality of objects; or the value of the first feature defining the query object is a preset constant.
Further, the second joint query unit 54 includes:
the encryption subunit is used for encrypting the target index identifier to obtain a ciphertext identifier;
A sending subunit, configured to send the ciphertext identifier obtained by the encryption subunit to the server;
a receiving subunit, configured to receive, from the server, a ciphertext value corresponding to a feature value of the second feature of the query object; the ciphertext value is obtained by the server executing encryption operation on the relation between the index identifiers of the objects and the value of the second characteristic of the object and the ciphertext identifier;
and the decryption subunit is used for decrypting the ciphertext value obtained by the receiving subunit to obtain the characteristic value of the second characteristic of the query object.
According to another embodiment of the present disclosure, a security query device for protecting a query object is provided, where the security query device is disposed on a server, and is configured to execute an action executed by the server in a method provided by an embodiment of the present disclosure. Fig. 6 shows a schematic block diagram of a security query device protecting a query object according to another embodiment. As shown in fig. 6, the apparatus 600 includes:
A confusion unit 61, configured to acquire a data table after confusion for the query request; the confused data table is obtained by randomly mapping real identifications of a plurality of objects into index identifications;
A first joint query unit 62, configured to jointly use secure multi-party computing MPC shared by secrets with a client device, perform a first joint query on the obfuscated data table obtained by the obfuscating unit 61, and obtain a second slice of the target index identifier of the query object; the client device obtains a first fragment of the target index identifier;
A sending unit 63, configured to send, to the client device, the second fragment obtained by the first joint query unit; the client device determines the target index identifier according to the first fragment and the second fragment;
And a second joint query unit 64, configured to perform a second joint query on the obfuscated data table obtained by the obfuscating unit 61 with the client device through a manner of retrieving the PI R by using private information, so that the client device obtains a query result of the query object.
Optionally, as an embodiment, the second joint query unit 64 includes:
A receiving subunit, configured to receive a ciphertext identifier from the client device; the ciphertext mark is obtained by encrypting the target index mark by the client device;
An encryption operation subunit, configured to perform encryption operation on a relationship between the index identifiers of each of the plurality of objects and the values of the second features of the plurality of objects and the ciphertext identifier obtained by the receiving subunit, to obtain ciphertext values corresponding to the feature values of the second features of the query object;
a sending subunit, configured to send the ciphertext value obtained by the encryption operation subunit to the client device; and decrypting the ciphertext value by the client device to obtain a characteristic value of the second characteristic of the query object.
According to the device provided by the embodiment of the specification, the first joint query unit 51 of the client device calculates the MPC by utilizing the secret sharing secure multiparty for the query request, and performs the first joint query on the confused data table in the server to obtain the first fragment of the target index identifier of the query object; the confused data table is obtained by randomly mapping the real identifications of a plurality of objects into index identifications; the receiving unit 52 receives the second segment identified by the target index from the server; the identification determining unit 53 determines the target index identification according to the first slice and the second slice; and the second joint query unit 54 performs a second joint query on the confused data table with the server through a privacy information retrieval PI R mode according to the target index identifier, so as to obtain a query result of the query object. From the above, in the embodiment of the specification, the server additionally executes the local randomization of the object identifier to randomly map the real identifier of the object to the index identifier, so that the index identifier of the object can be directly provided to the client device in the clear, the client device is prevented from performing MPC query by using the object identifier shared by the secret, the query cost is huge, the secret query problem is greatly simplified, the query object can be protected from leakage, and the efficiency is high.
According to an embodiment of another aspect, there is also provided a computer-readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method described in connection with fig. 2.
According to an embodiment of yet another aspect, there is also provided a computing device including a memory having executable code stored therein and a processor that, when executing the executable code, implements the method described in connection with fig. 2.
Those skilled in the art will appreciate that in one or more of the examples described above, the functions described in the present invention may be implemented in hardware, software, firmware, or any combination thereof. When implemented in software, these functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium.
The foregoing embodiments have been provided for the purpose of illustrating the general principles of the present invention in further detail, and are not to be construed as limiting the scope of the invention, but are merely intended to cover any modifications, equivalents, improvements, etc. based on the teachings of the invention.
Claims (12)
1. A secure query method of protecting a query object, the method performed by a client device, comprising:
Aiming at the query request, performing first joint query on the confused data table in the server by utilizing secret sharing secure multiparty computing MPC to obtain a first fragment of the target index identification of the query object; the confused data table is obtained by randomly mapping the real identifications of a plurality of objects into index identifications;
receiving a second segment of the target index identification from the server;
Determining the target index mark according to the first and second fragments;
And according to the target index identifier, performing second combined query on the confused data table with the server in a PIR (private information retrieval) mode to obtain a query result of the query object.
2. The method of claim 1, wherein the number of the plurality of objects is N and the index is identified as an integer between 0 and N-1.
3. The method of claim 1, wherein the query request includes a first query condition and a second query condition; the first query condition determines a query object by limiting the value of the first feature, and the second query condition is used for specifying a second feature to be queried;
The first joint query is performed according to a first query condition, the second joint query is performed according to a second query condition, and the query result is a feature value of a second feature of the query object.
4. The method of claim 3, wherein the obfuscated data table includes a first data table having a relationship between the respective index identifications of the plurality of objects and the values of the first features thereof, and a second data table having a relationship between the respective index identifications of the plurality of objects and the values of the second features thereof;
The first joint query includes joint query of the first data table according to the first query condition; the second joint query includes jointly querying the second data table according to the second query condition.
5. A method as claimed in claim 3, wherein the first query condition defines that the value of the first feature of the query object is a maximum value of the plurality of objects; or defining the value of the first feature of the query object as the minimum value of the plurality of objects; or the value of the first feature defining the query object is a preset constant.
6. The method of claim 3, wherein the performing, with the server, a second consolidated query on the obfuscated data table by PIR, includes:
encrypting the target index identifier to obtain a ciphertext identifier;
Sending the ciphertext identification to the server;
Receiving a ciphertext value corresponding to a feature value of a second feature of the query object from the server; the ciphertext value is obtained by the server executing encryption operation on the relation between the index identifiers of the objects and the value of the second characteristic of the object and the ciphertext identifier;
And decrypting the ciphertext value to obtain the characteristic value of the second characteristic of the query object.
7. A secure query method of protecting a query object, the method performed by a server, comprising:
aiming at the query request, acquiring a confused data table; the confused data table is obtained by randomly mapping real identifications of a plurality of objects into index identifications;
Performing first joint query on the confused data table by combining the secure multiparty computing MPC shared by secrets with the client device to obtain a second segment of the target index identifier of the query object; the client device obtains a first fragment of the target index identifier;
Transmitting the second shard to the client device; the client device determines the target index identifier according to the first fragment and the second fragment;
and carrying out second combined query on the confused data table by the client device in a PIR (privacy information retrieval) mode, so that the client device obtains a query result of the query object.
8. The method of claim 7, wherein the performing, with the client device, the second consolidated query on the obfuscated data table by PIR, comprises:
Receiving a ciphertext identification from the client device; the ciphertext mark is obtained by encrypting the target index mark by the client device;
performing encryption operation on the relation between the index identifiers of the objects and the values of the second features of the objects and the ciphertext identifiers to obtain ciphertext values corresponding to the feature values of the second features of the query objects;
Sending the ciphertext value to the client device; and decrypting the ciphertext value by the client device to obtain a characteristic value of the second characteristic of the query object.
9. A security query apparatus for protecting a query object, the apparatus being disposed at a client device, comprising:
The first joint query unit is used for performing first joint query on the confused data table in the server by utilizing secret sharing secure multiparty computing MPC aiming at the query request to obtain a first fragment of the target index identification of the query object; the confused data table is obtained by randomly mapping the real identifications of a plurality of objects into index identifications;
A receiving unit, configured to receive, from the server, a second slice identified by the target index;
the identification determining unit is used for determining the target index identification according to the first fragments obtained by the first joint query unit and the second fragments obtained by the receiving unit;
And the second joint query unit is used for performing second joint query on the confused data table with the server in a PIR (information retrieval) mode according to the target index identifier obtained by the identifier determining unit to obtain a query result of the query object.
10. A security query device for protecting a query object, the device being disposed on a server, comprising:
The confusion unit is used for acquiring a confused data table according to the query request; the confused data table is obtained by randomly mapping real identifications of a plurality of objects into index identifications;
The first joint query unit is used for jointly utilizing secret sharing with the client device to perform secure multiparty computing (MPC), and performing first joint query on the confused data table obtained by the confusion unit to obtain a second fragment of the target index identifier of the query object; the client device obtains a first fragment of the target index identifier;
A sending unit, configured to send, to the client device, the second fragment obtained by the first joint query unit; the client device determines the target index identifier according to the first fragment and the second fragment;
And the second joint query unit is used for carrying out second joint query on the confused data table obtained by the confusion unit with the client device in a privacy information retrieval PIR mode, so that the client device obtains a query result of the query object.
11. A computer readable storage medium having stored thereon a computer program which, when executed in a computer, causes the computer to perform the method of any of claims 1-8.
12. A computing device comprising a memory having executable code stored therein and a processor, which when executing the executable code, implements the method of any of claims 1-8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410468404.7A CN118364506A (en) | 2024-04-17 | 2024-04-17 | Security query method and device for protecting query object |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410468404.7A CN118364506A (en) | 2024-04-17 | 2024-04-17 | Security query method and device for protecting query object |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118364506A true CN118364506A (en) | 2024-07-19 |
Family
ID=91882635
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410468404.7A Pending CN118364506A (en) | 2024-04-17 | 2024-04-17 | Security query method and device for protecting query object |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118364506A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118520487A (en) * | 2024-07-24 | 2024-08-20 | 极术(杭州)科技有限公司 | Full-hidden-trace service processing method and service system based on safe multi-party calculation |
-
2024
- 2024-04-17 CN CN202410468404.7A patent/CN118364506A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118520487A (en) * | 2024-07-24 | 2024-08-20 | 极术(杭州)科技有限公司 | Full-hidden-trace service processing method and service system based on safe multi-party calculation |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10803194B2 (en) | System and a method for management of confidential data | |
| US20220343017A1 (en) | Provision of risk information associated with compromised accounts | |
| AU2018367363B2 (en) | Processing data queries in a logically sharded data store | |
| US10873450B2 (en) | Cryptographic key generation for logically sharded data stores | |
| Kamara et al. | Cryptographic cloud storage | |
| US10650164B2 (en) | System and method for obfuscating an identifier to protect the identifier from impermissible appropriation | |
| US9208491B2 (en) | Format-preserving cryptographic systems | |
| US7974406B2 (en) | Privacy enhanced comparison of data sets | |
| CN111291407A (en) | Data sharing method based on block chain privacy protection | |
| CN105471826A (en) | Ciphertext data query method, device and ciphertext query server | |
| Li et al. | Traceable and controllable encrypted cloud image search in multi-user settings | |
| CN114239018B (en) | Shared data number determining method and system for protecting privacy data | |
| Hacigümüş et al. | Ensuring the integrity of encrypted databases in the database-as-a-service model | |
| AU2017440029A1 (en) | Cryptographic key generation for logically sharded data stores | |
| CN118364506A (en) | Security query method and device for protecting query object | |
| CN114661992A (en) | A sort query system and method based on inadvertent transmission protocol | |
| CN115408435A (en) | Data query method and device | |
| CN114386068B (en) | A method and system for finding intersections of multi-party conditional privacy-preserving sets against collusion attacks | |
| Ashouri-Talouki et al. | Homomorphic encryption to preserve location privacy | |
| US20220374539A1 (en) | System and method utilizing function secret sharing with conditional disclosure of secrets | |
| CN111431839B (en) | Processing method and device for hiding user identification | |
| JP7119212B2 (en) | Multi-Factor Access Control Methods in Anonymization Systems | |
| Raja et al. | Dynamic Remote Data Auditing using Privacy-Preserving Auditing Protocol in Cloud Environment | |
| Kandah et al. | Ultimate control and security over data localization in the cloud | |
| KR102382314B1 (en) | Secure join method of distributed data set |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |