CN-122020697-A - Private data query method

Abstract

The application relates to the technical field of data query, and provides a privacy data query method. The method comprises the steps of controlling a server and a client to finish a main computing load in an offline preprocessing stage to obtain a first initial private state of the server and a second initial private state of the client, and controlling the client in the first initial private state in an online inquiring stage to inquire private data in the server in the second initial private state. According to the application, the main calculation load of the client and the server is completed by utilizing the preprocessing stage, so that the calculation and communication complexity of the privacy function in the online query stage are linearly increased in times, the sub-linear complexity in the online query stage is maintained, the delay of real-time query can be greatly reduced on the premise of ensuring the bidirectional privacy protection between the client and the server, the efficiency of real-time query is improved, and the actual application requirement can be met under the scene of larger scale of the privacy function or higher response delay requirement.

Inventors

• CHEN LONG
• QU YI

Assignees

• 中国科学院软件研究所

Dates

Publication Date

20260512

Application Date

20251204

Claims (10)

1. 1. A method for querying private data, comprising: in an offline preprocessing stage, controlling a server and a client to finish a main computing load to obtain a first initial private state of the server and a second initial private state of the client; And in the online inquiring stage, controlling the client in the first initial private state, and inquiring private data in the server in the second initial private state.
2. 2. The method of claim 1, wherein the first initial private-state of the server is based on: the server is controlled to initialize a homomorphic encryption scheme, and a secret key is obtained; Controlling the server to establish a query table of own data, and converting the query table into a query matrix; Controlling the server to conduct block encryption on the query matrix to obtain an encryption database; and taking the private function held by the server and the secret key as a first initial private state of the server.
3. 3. The private-data querying method of claim 2, wherein the second initial private-state of the client is based on: Controlling the client to sample the prompt key and generating a mask key; controlling the client to execute prompt initialization operation to obtain initialization parameters; Controlling the client to acquire the encrypted database of the server in a streaming downloading mode; for each data block in the encryption database, controlling the client to calculate a main prompt and a standby prompt of the data block based on the prompt key and the initialization parameter to obtain a main prompt set and a standby prompt set of the encryption database; and taking the hint key, the mask key, the main hint set and the standby hint set as a second initial private state of the client.
4. 4. The method of claim 3, wherein the initialization parameters include a hint index, a chunking threshold, an additional index, and a check value, and wherein the controlling the client to perform a hint initialization operation to obtain the initialization parameters comprises: initializing the prompt index, wherein the prompt index comprises a main prompt index and a standby prompt index; Generating a selection value of each data block in the encryption database based on a pseudo-random function corresponding to the hint key for each hint index; determining a median of the selected values as a blocking threshold; Generating a block number for each main prompt index based on a pseudo-random function corresponding to the prompt key; Returning to the step of generating a block number based on a pseudo-random function corresponding to the prompt key until the selection value corresponding to the block number is smaller than the block threshold value under the condition that the selection value corresponding to the block number is larger than or equal to the block threshold value; Generating an additional index corresponding to the main prompt index based on the block number at the moment; Initializing a plaintext value as a check value corresponding to the main prompt index; and for each standby prompt index, taking a null value as an additional index corresponding to the standby prompt index, and initializing two plaintext values as two check values corresponding to the standby prompt index.
5. 5. The method of claim 4, wherein the main hint for the data block is based on: Generating a selection value of a data block corresponding to the main prompt index in the encryption database based on a pseudo random function corresponding to the prompt key for each main prompt index; Shifting polynomial coefficients of the data block if the selected value is less than the blocking threshold; based on homomorphic addition, the shifted polynomial coefficient is added to the check value corresponding to the main prompt index, and a main prompt check value is obtained; And determining the main hint index, the partitioning threshold, an additional index corresponding to the main hint index and the main hint check value as a main hint of the data block.
6. 6. The method of claim 4, wherein the standby hint for the data block is based on: Generating a selection value of a data block corresponding to the standby prompt index in the encryption database based on a pseudo random function corresponding to the prompt key for each standby prompt index; shifting polynomial coefficients of the data block; when the selection value is smaller than the blocking threshold value, based on homomorphic addition, the shifted polynomial coefficient is added to one check value corresponding to the standby prompt index, so that a first standby prompt check value is obtained; When the selection value is larger than or equal to the blocking threshold value, based on homomorphic addition, the shifted polynomial coefficient is added to another check value corresponding to the standby prompt index, so that a second standby prompt check value is obtained; And determining the standby prompt index, the partitioning threshold, the first standby prompt check value and the second standby prompt check value as standby prompts of the data block.
7. 7. The private data query method according to claim 5, wherein said controlling the client in the first initial private state to perform the private data query in the server in the second initial private state comprises: controlling the client to generate a query request and sending the query request to the server; Controlling the server to calculate a result value based on the query request, and returning the result value to the client; controlling the client to determine a final query result based on the result value; and controlling the client to update the main prompt based on the standby prompt which is not used.
8. 8. The method of claim 7, wherein the controlling the client to generate the query request comprises: Generating a selection value of a corresponding data block in the encryption database based on a pseudo-random function corresponding to the prompt key according to the block number corresponding to the query index; Searching a target main prompt based on the selection value; under the condition that the searching is successful, determining a real index set and a false index set corresponding to the target main prompt; updating the real index set and the false index set; generating a random mask polynomial based on a pseudo-random function corresponding to the mask key; Based on homomorphic addition, the random mask polynomial is added to a main prompt check value in the target main prompt to obtain a main prompt check value ciphertext; Randomly exchanging the positions of the updated real index set and the updated false index set with a preset probability; And generating a query request based on the updated real index set and the updated false index set before and after the position exchange and the main prompt check value ciphertext.
9. 9. The private data query method according to claim 8, wherein said controlling said server to calculate a result value based on said query request comprises: decrypting the main prompt check value ciphertext in the query request based on the secret key to obtain a plaintext polynomial; Based on the constant term of the plaintext polynomial and the private function, a first plaintext result value corresponding to the updated real index set and a second plaintext result value corresponding to the updated pseudo index set are calculated, respectively.
10. 10. The method of claim 9, wherein the controlling the client to determine a final query result based on the result value comprises: Screening a first plaintext result value from the first plaintext result value and the second plaintext result value based on the updated actual index set; Calculating constant terms of the random mask polynomials based on a pseudo random function corresponding to the mask key; And removing the mask influence in the first plaintext result value based on the constant term to obtain a final query result.

Description

Private data query method Technical Field The application relates to the technical field of data query, in particular to a private data query method. Background In the prior art, a client can query data in a server database based on privacy function calculation (Private Function Evaluation, PFE), the calculation allows the server to obtain privacy function values based on the input of the client on the premise that the server does not disclose the details of the privacy function held by the client, so that the private data query is realized, and meanwhile, the client can be ensured not to learn information except the privacy function values, and the server also can not learn the input or the output of the client. The PFE application scenario includes privacy-preserving medical diagnostics, financial management, confidential model inference, and confidential policy evaluation, where the privacy function itself (model, rule, or algorithm) has business or privacy value, requiring confidential processing. However, the above method for querying private data has wide applicability, but needs to convert the privacy function into a general circuit for evaluation, which results in huge circuit scale and dramatic increase in communication and computation complexity. Under the scene that the privacy function scale is large or the response delay requirement is high, the method is low in efficiency, and the practical application requirement is difficult to meet. Disclosure of Invention The embodiment of the application provides a privacy data query method, which is used for solving the technical problems that the communication and calculation complexity of the existing privacy data query method is high, the efficiency is low and the actual application requirements are difficult to meet under the scene of large privacy function scale or high response delay requirements. The embodiment of the application provides a method for inquiring private data, which comprises the following steps: in an offline preprocessing stage, controlling a server and a client to finish a main computing load to obtain a first initial private state of the server and a second initial private state of the client; And in the online inquiring stage, controlling the client in the first initial private state, and inquiring private data in the server in the second initial private state. In one embodiment, the first initial private-state of the server is based on: the server is controlled to initialize a homomorphic encryption scheme, and a secret key is obtained; Controlling the server to establish a query table of own data, and converting the query table into a query matrix; Controlling the server to conduct block encryption on the query matrix to obtain an encryption database; and taking the private function held by the server and the secret key as a first initial private state of the server. In one embodiment, the second initial private-state of the client is derived based on: Controlling the client to sample the prompt key and generating a mask key; controlling the client to execute prompt initialization operation to obtain initialization parameters; Controlling the client to acquire the encrypted database of the server in a streaming downloading mode; for each data block in the encryption database, controlling the client to calculate a main prompt and a standby prompt of the data block based on the prompt key and the initialization parameter to obtain a main prompt set and a standby prompt set of the encryption database; and taking the hint key, the mask key, the main hint set and the standby hint set as a second initial private state of the client. In one embodiment, the initialization parameters include a hint index, a chunking threshold, an additional index, and a check value, and the controlling the client to perform a hint initialization operation to obtain the initialization parameters includes: initializing the prompt index, wherein the prompt index comprises a main prompt index and a standby prompt index; Generating a selection value of each data block in the encryption database based on a pseudo-random function corresponding to the hint key for each hint index; determining a median of the selected values as a blocking threshold; Generating a block number for each main prompt index based on a pseudo-random function corresponding to the prompt key; Returning to the step of generating a block number based on a pseudo-random function corresponding to the prompt key until the selection value corresponding to the block number is smaller than the block threshold value under the condition that the selection value corresponding to the block number is larger than or equal to the block threshold value; Generating an additional index corresponding to the main prompt index based on the block number at the moment; Initializing a plaintext value as a check value corresponding to the main prompt index; and for each standby prompt index, taking a null valu