Data query method, device, apparatus, and storage medium

By using query identifier blinding values ​​and fingerprint hash values ​​for fragmented encryption during the data query process, the problems of high data query complexity and low performance are solved, achieving the confidentiality and security of data queries and improving the efficiency of query services.

CN115934707BActive Publication Date: 2026-07-03LINGSHU TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Patents(China)
Current Assignee / Owner
LINGSHU TECH CO LTD
Filing Date
2022-11-03
Publication Date
2026-07-03

Smart Images

  • Figure CN115934707B_ABST
    Figure CN115934707B_ABST
Patent Text Reader

Abstract

This invention discloses a data query method, apparatus, device, and storage medium. The method includes: responding to a data query request for data to be queried, determining the data identifier of the data to be queried; performing blinding processing on the data identifier of the data to be queried to obtain a blinded query identifier value for the data to be queried; determining the query identifier fingerprint hash value for the data to be queried; sending the blinded query identifier value and the query identifier fingerprint hash value to a query service node, so that the query service node can determine and return, based on the blinded query identifier value and the query identifier fingerprint hash value, the target identifier signature set, the blinded query identifier signature value, and the target encrypted data fragment group corresponding to the target data fragment group to which the data to be queried belongs; and determining the data to be queried based on the target identifier signature set, the blinded query identifier signature value, and the target encrypted data fragment group. This invention reduces the complexity of the data query process and improves the performance of the data query service.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of data encryption technology, and in particular to a data query method, apparatus, device, and storage medium. Background Technology

[0002] Hidden queries, also known as private information retrieval (PIR), are a very important and practical technology in secure multi-party computation, which can be used to protect the privacy of data query conditions.

[0003] Currently, data querying typically employs Proximity Injection (PIR) technology within Secure Multi-Party Computation (SMCC). Common PIR implementations include: PIR based on unintended transmission, PIR based on homomorphic encryption, and PIR based on keywords. However, all of these PIR schemes suffer from high data query complexity, low query performance, and certain limitations in practical application. Summary of the Invention

[0004] This invention provides a data query method, apparatus, device, and storage medium to reduce the complexity of the data query process and improve the performance of data query services.

[0005] According to one aspect of the present invention, a data query method is provided, applied to a data query node, comprising:

[0006] In response to a data query request for the data to be queried, the data identifier of the data to be queried is determined;

[0007] The data identifier of the data to be queried is blinded to obtain the blinded value of the query identifier of the data to be queried.

[0008] Determine the query identifier fingerprint hash value of the data to be queried;

[0009] The query identifier blinding value and the query identifier fingerprint hash value are sent to the query service node so that the query service node can determine and return the target identifier signature set, query identifier signature blinding value and target encrypted data fragment group corresponding to the target data fragment group to which the data to be queried belongs based on the query identifier blinding value and the query identifier fingerprint hash value;

[0010] The data to be queried is determined based on the target identifier signature set, the query identifier signature blinding value, and the target ciphertext data fragment group.

[0011] According to another aspect of the present invention, a data query method is provided, applied to a query service node, comprising:

[0012] Obtain the query identifier blinding value and query identifier fingerprint hash value of the data to be queried sent by the data query node; wherein, the query identifier blinding value is determined by the data query node in response to the data query request for the data to be queried;

[0013] Based on the query identifier blinding value and the query identifier fingerprint hash value, determine the target identifier signature set, query identifier signature blinding value, and target ciphertext data shard group corresponding to the target data shard group to which the data to be queried belongs;

[0014] The data query node is fed back the target identifier signature set corresponding to the target data shard group of the data to be queried, the query identifier signature blinding value, and the target encrypted data shard group, so that the data query node can determine the data to be queried based on the target identifier signature set, the query identifier signature blinding value, and the target encrypted data shard group.

[0015] According to another aspect of the present invention, a data query apparatus is provided, applied to a data query node, comprising:

[0016] The data identifier determination module is used to send a data query request for the data to be queried to the query service node and determine the data identifier of the data to be queried.

[0017] The blinding processing module is used to perform blinding processing on the data identifier of the data to be queried, and obtain the blinded value of the query identifier of the data to be queried;

[0018] The fingerprint hash value determination module is used to determine the query identifier fingerprint hash value of the data to be queried;

[0019] The data sending module is used to send the query identifier blinding value and the query identifier fingerprint hash value to the query service node, so that the query service node can determine and return the target identifier signature set, query identifier signature blinding value and target encrypted data fragment group corresponding to the target data fragment group to which the data to be queried belongs based on the query identifier blinding value and the query identifier fingerprint hash value;

[0020] The data to be queried module is used to determine the data to be queried based on the target identifier signature set, the query identifier signature blinding value, and the target ciphertext data fragment group.

[0021] According to another aspect of the present invention, a data query apparatus is provided, applied to a query service node, comprising:

[0022] The data acquisition module is used to acquire the query identifier blinding value and query identifier fingerprint hash value of the data to be queried sent by the data query node; wherein, the query identifier blinding value is determined by the data query node in response to the data query request for the data to be queried;

[0023] The encrypted data determination module is used to determine the target identifier signature set, the query identifier signature blinding value, and the target encrypted data fragment group corresponding to the target data fragment group to which the data to be queried belongs, based on the query identifier blinding value and the query identifier fingerprint hash value;

[0024] The data feedback module is used to feed back to the data query node the target identifier signature set corresponding to the target data shard group of the data to be queried, the query identifier signature blinding value, and the target encrypted data shard group, so that the data query node can determine the data to be queried based on the target identifier signature set, the query identifier signature blinding value, and the target encrypted data shard group.

[0025] According to another aspect of the present invention, an electronic device is provided, the electronic device comprising:

[0026] At least one processor; and

[0027] A memory communicatively connected to the at least one processor; wherein,

[0028] The memory stores a computer program that can be executed by the at least one processor, the computer program being executed by the at least one processor to enable the at least one processor to perform the data query method according to any embodiment of the present invention.

[0029] According to another aspect of the present invention, a computer-readable storage medium is provided, the computer-readable storage medium storing computer instructions for causing a processor to execute and implement the data query method described in any embodiment of the present invention.

[0030] This invention's embodiment determines the query identifier blinding value and query identifier fingerprint hash value of the data to be queried, and feeds them back to the query service node. The query service node, based on the query identifier blinding value and the query identifier fingerprint hash value, determines and feeds back the target identifier signature set, query identifier signature blinding value, and target encrypted data fragment group corresponding to the target data fragment group to which the data to be queried belongs. Based on the feedback results, the data to be queried is determined. This solution achieves data privacy and security during the data query process, ensuring that the data querying party is unaware of other data besides the data to be queried, and that the data provider is unaware of the data identifier and specific data to be queried by the data querying party. This achieves the confidentiality of the data query process and improves the performance of the data query service. Simultaneously, the use of fingerprint hash fragment combination reduces the complexity of the data query process, making the solution more practically applicable.

[0031] It should be understood that the description in this section is not intended to identify key or essential features of the embodiments of the present invention, nor is it intended to limit the scope of the invention. Other features of the invention will become readily apparent from the following description. Attached Figure Description

[0032] To more clearly illustrate the technical solutions in the embodiments of the present invention, the accompanying drawings used in the description of the embodiments will be briefly introduced below. Obviously, the accompanying drawings described below are only some embodiments of the present invention. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.

[0033] Figure 1 This is a flowchart of a data query method provided according to Embodiment 1 of the present invention;

[0034] Figure 2 This is a flowchart of a data query method provided according to Embodiment 2 of the present invention;

[0035] Figure 3 This is a flowchart of a data query method provided in Embodiment 3 of the present invention;

[0036] Figure 4 This is a flowchart of a data query method provided in Embodiment 4 of the present invention;

[0037] Figure 5A This is a flowchart illustrating an offline preprocessing stage according to Embodiment 5 of the present invention;

[0038] Figure 5B This is an interactive schematic diagram of a data query method provided in Embodiment 5 of the present invention;

[0039] Figure 6 This is a schematic diagram of the structure of a data query device according to Embodiment Six of the present invention;

[0040] Figure 7 This is a schematic diagram of the structure of a data query device provided in Embodiment 7 of the present invention;

[0041] Figure 8 This is a schematic diagram of the structure of an electronic device that implements the data query method of this invention. Detailed Implementation

[0042] To enable those skilled in the art to better understand the present invention, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings of the embodiments of the present invention. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort should fall within the scope of protection of the present invention.

[0043] It should be noted that the terms "first," "second," etc., in the specification, claims, and accompanying drawings of this invention are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence. It should be understood that such data can be interchanged where appropriate so that the embodiments of the invention described herein can be implemented in orders other than those illustrated or described herein. Furthermore, the terms "comprising" and "having," and any variations thereof, are intended to cover a non-exclusive inclusion; for example, a process, method, system, product, or apparatus that comprises a series of steps or units is not necessarily limited to those steps or units explicitly listed, but may include other steps or units not explicitly listed or inherent to such processes, methods, products, or apparatus.

[0044] Example 1

[0045] Figure 1 This is a flowchart of a data query method provided in Embodiment 1 of the present invention. This embodiment is applicable to situations involving secure and privacy-preserving data queries. The method can be executed by a data query device, which can be implemented in hardware and / or software. The data query device can be configured in an electronic device, and the data query method can be applied to data query nodes, such as... Figure 1 As shown, the method includes:

[0046] S110. In response to a data query request for the data to be queried, determine the data identifier of the data to be queried.

[0047] Data query requests can be initiated by relevant data query parties with data query needs. The data to be queried can be data that relevant operators on the data query node need to query from the query service node. The number of data to be queried can be at least one.

[0048] It should be noted that at the data query node, the data querying party with a data query requirement can only determine the data identifier of the data to be queried. For example, after the data query node responds to the data query request for the data to be queried, it can determine the data identifier of the data to be queried by parsing the data query request.

[0049] S120. Perform blinding processing on the data identifier of the data to be queried to obtain the blinded value of the query identifier of the data to be queried.

[0050] For example, a data query node can perform blinding processing on the data identifier of the data to be queried according to a preset blind signature algorithm to obtain the blinded query identifier value of the data to be queried.

[0051] It should be noted that, unlike traditional signature algorithms, blind signature algorithms are characterized by the fact that the data signature generator can complete the signature of the data based on its private key without seeing the data to be signed. This results in high security, stronger confidentiality, and greater operational flexibility.

[0052] It is understandable that, since the data query process involves interaction between the data query node and the query service node, the following methods can be used to determine the blinding value of the query identifier in order to further improve the confidentiality and security of the data during the data query process.

[0053] In an optional embodiment, the data identifier of the data to be queried is blinded to obtain the blinded value of the query identifier of the data to be queried, including: determining the blinded value of the query identifier of the data to be queried based on the data identifier of the data to be queried, a preset blinding factor and a preset public key of the blind signature algorithm, and based on the blind signature algorithm.

[0054] The blind signature algorithm can be pre-configured by relevant technical personnel. For example, the blind signature algorithm can be RSA (Ron Rivest, Adi Shamir, Leonard Adleman) blind signature algorithm, elliptic curve blind signature algorithm, or SM2 (elliptic curve public key cryptography) blind signature algorithm, etc.

[0055] It should be noted that, to ensure encryption consistency during the data query process, the blind signature algorithm used in the data query node must be consistent with the blind signature algorithm used in the query service node. Specifically, the blind signature algorithm used by the query service node, along with its public key, can be pre-configured and stored within the data query node.

[0056] The method for determining the blinding value of the query identifier for the data to be queried can be as follows:

[0057] B ID =blind(ID,pk) A ,r);

[0058] Where ID represents the data identifier of the data to be queried, pk A is the public key for the blind signature algorithm (query service node), and r is a randomly generated and privately stored blind factor. blind(·) is the blind signature algorithm.

[0059] S130. Determine the query identifier fingerprint hash value of the data to be queried.

[0060] Among them, the query identifier fingerprint hash value of the data to be queried is used to determine the data shard group to which the data to be queried belongs.

[0061] It should be noted that, due to the large amount of query data stored under the query service node, to improve the privacy, security, and efficiency of data queries, the data to be queried can be sharded to obtain at least one target data shard group. In the query service node, the query identifier fingerprint hash value is used to determine the shard group to which each piece of query data belongs. Correspondingly, the method by which the data query node determines the query identifier fingerprint hash value of the data to be queried needs to be the same as the method used by the query service node to determine the query identifier fingerprint hash value of the data to be queried, thus facilitating the subsequent location of the data shard group to which the data to be queried belongs.

[0062] In one optional embodiment, determining the query identifier fingerprint hash value of the data to be queried includes: determining the query identifier hash value of the data to be queried according to a preset hash encoding method; and determining the query identifier fingerprint hash value of the data to be queried based on the query identifier hash value, a preset indistinguishable factor, and a numerical encoding method.

[0063] The hash encoding method, indistinguishable factor, and numerical encoding method can be predetermined by relevant technical personnel, and these methods are identical in the query data node and the query service node. Optionally, the hash encoding method, indistinguishable factor, and numerical encoding method can be pre-set in the query service node, and these methods can be pre-configured and stored in the local database of the data query node.

[0064] The numerical encoding method can be binary, octal, or hexadecimal, etc. The indistinguishability factor can be preset by relevant technical personnel. The larger the indistinguishability factor value, the more data shards there are. The more data shards there are, the more detailed the grouping of the query data is, and the higher the efficiency of subsequent queries.

[0065] For example, the hash encoding method can be a preset hash algorithm. Using this preset hash algorithm, the data identifier of the data to be queried is hashed (H). id = hash(ID). Where H id The hash value is the query identifier hash value of the data to be queried, ID is the data identifier of the data to be queried, and hash(·) is the preset hash algorithm.

[0066] For example, if the data encoding method is binary encoding and the preset indistinguishability factor is 2, the corresponding query identifier fingerprint hash value can be 00, 01, 10, and 11; if the data encoding method is binary encoding and the preset indistinguishability factor is 3, the corresponding query identifier fingerprint hash value can be 000, 001, 010, 011, 100, 101, 110, and 111. If the data encoding method is octal encoding and the preset indistinguishability factor is 1, the corresponding query identifier fingerprint hash value can be 0, 1, 2, 3, 4, 5, 6, and 7.

[0067] For example, based on the query identifier hash value of the data to be queried, and based on the data encoding method, the query identifier encoding value of the query identifier hash value is determined; based on the query identifier encoding value, and based on a preset indistinguishable factor, the query identifier fingerprint hash value of the data to be queried is determined. For example, if the query identifier hash value of the data to be queried is 25 and the data encoding method is binary encoding, then the query identifier encoding value of the query identifier hash value is 11001; if the preset indistinguishable factor is 2, then the query identifier fingerprint hash value of the data to be queried is 11.

[0068] S140. Send the query identifier blinding value and the query identifier fingerprint hash value to the query service node so that the query service node can determine and return the target identifier signature set, query identifier signature blinding value and target encrypted data shard group corresponding to the target data shard group to which the data to be queried belongs based on the query identifier blinding value and the query identifier fingerprint hash value.

[0069] For example, the data query node sends the query identifier blinded value and the query identifier fingerprint hash value to the query service node. Upon receiving the query identifier blinded value and the query identifier fingerprint hash value, the query service node determines the target identifier signature set, the query identifier signature blinded value, and the target encrypted data shard group corresponding to the target data shard group to which the queried data belongs, based on these values. The query service node then feeds back the target identifier signature set, the query identifier signature blinded value, and the target encrypted data shard group to the data query node.

[0070] Specifically, the query service node can sign the blinded value of the query identifier based on the private key of the blind signature algorithm, obtaining the blinded signature value of the query identifier. The query service node can determine the target data shard group to which the queried data belongs based on the fingerprint hash value of the query identifier; each data shard group stores the query data and the identifier signature of the query data's data identifier. The identifier signatures of the data identifiers of the query data in the target data shard group are combined to obtain the target identifier signature set. The query service node encrypts the query data in the target data shard group based on a preset encryption algorithm, obtaining the target ciphertext data shard group.

[0071] S150. Determine the data to be queried based on the target identifier signature set, the query identifier signature blinding value, and the target ciphertext data fragment group.

[0072] For example, a data query node can unblind the query identifier signature blinding value to obtain the query identifier signature of the data to be queried; determine the index position of the query identifier signature in the target identifier signature set; determine the ciphertext data corresponding to the data to be queried in the target ciphertext data shard group based on the index position; and decrypt the ciphertext data at the index position based on the decryption algorithm corresponding to the query service node to obtain the data to be queried.

[0073] This invention's embodiment determines the query identifier blinding value and query identifier fingerprint hash value of the data to be queried, and feeds them back to the query service node. The query service node, based on the query identifier blinding value and the query identifier fingerprint hash value, determines and feeds back the target identifier signature set, query identifier signature blinding value, and target encrypted data fragment group corresponding to the target data fragment group to which the data to be queried belongs. Based on the feedback results, the data to be queried is determined. This scheme achieves data privacy and security during the data query process, ensuring that the data querying party is unaware of other data besides the data to be queried, and that the data provider is unaware of the data identifier and specific data to be queried by the data querying party. This achieves the confidentiality of the data query process and improves the performance of the data query service. Simultaneously, the use of hash fingerprint fragment combination reduces the complexity of the data query process, making the scheme more practically applicable.

[0074] Example 2

[0075] Figure 2 This is a flowchart of a data query method provided in Embodiment 2 of the present invention. This embodiment is based on the above-mentioned technical solutions and has been optimized, improved and refined at a deeper level.

[0076] Furthermore, the step "determine the data to be queried based on the target identifier signature set, the blinded value of the query identifier signature, and the target ciphertext data fragments" is refined to "remove the blinded value of the query identifier signature based on the blind signature algorithm to obtain the query identifier signature value of the data to be queried; determine the target index position corresponding to the query identifier signature value based on the index position of the identifier signature value of each query data in the target identifier signature set; determine the data to be queried based on the target index position and the target ciphertext data fragments" to improve the method of determining the data to be queried.

[0077] like Figure 2 As shown, the method includes the following specific steps:

[0078] S210. In response to a data query request for the data to be queried, determine the data identifier of the data to be queried.

[0079] S220. Perform blinding processing on the data identifier of the data to be queried to obtain the blinded value of the query identifier of the data to be queried.

[0080] S230. Determine the query identifier fingerprint hash value of the data to be queried.

[0081] S240. Send the query identifier blinding value and the query identifier fingerprint hash value to the query service node, so that the query service node can determine and return the target identifier signature set, query identifier signature blinding value and target encrypted data shard group corresponding to the target data shard group to which the data to be queried belongs based on the query identifier blinding value and the query identifier fingerprint hash value.

[0082] S250. According to the blind signature algorithm, the blind value of the query identifier signature is unblinded to obtain the query identifier signature value of the data to be queried.

[0083] For example, the query identifier signature blinding value can be unblinded using the same blind signature algorithm as the one used to determine the blinded value of the query identifier, as well as a privately stored blinding factor, to obtain the query identifier signature value of the data to be queried.

[0084] S260. Determine the target index position corresponding to the query identifier signature value based on the index position of the identifier signature value of each query data in the target identifier signature set.

[0085] It should be noted that the target data shard group to which the queried data belongs can be determined by the query identifier fingerprint hash value of the data to be queried. The target data shard group stores at least two queried data items and their corresponding identifier signature values. To ensure the privacy of other queried data in the target data shard group besides the data to be queried, and to ensure that other queried data is unknown to the data query node, the query service node forms a target identifier signature set by retrieving the signature values ​​of each queried data item in the target data shard group according to their original index position order. This allows the data query node to determine the target index position of the data to be queried based on the identifier signature values ​​in the target identifier signature set.

[0086] For example, the data query node determines the identifier signature value that is the same as the query identifier signature value from the target identifier signature set, and determines the index position of the identifier signature value in the target identifier signature set as the target index position of the data to be queried.

[0087] S270. Determine the data to be queried based on the target index location and the target encrypted data fragment group.

[0088] For example, a data query node can determine the index position of the data to be queried within the target encrypted data shard group based on the target index position, and identify the encrypted data at that index position as the encrypted data to be queried. Then, based on the decryption algorithm corresponding to the query service node, the encrypted data is decrypted to obtain the data to be queried.

[0089] It should be noted that, in order to ensure the security of the data query process, to ensure that the querying data node is unaware of other query data in the target encrypted data shard group besides the data to be queried, and to ensure that the query service node is unaware of the data to be queried that the data querying node wants to query, both parties can also obtain query data based on an unintentional transmission protocol.

[0090] In one optional embodiment, determining the data to be queried based on the target index position and the target ciphertext data shard group includes: obtaining random elliptic curve points sent by the query service node and generating a first auxiliary random code; determining the oracle point corresponding to the random elliptic curve point; determining the hidden index position corresponding to the target index position based on a preset elliptic curve according to the target index position, the first auxiliary random code, and the oracle point, and sending the hidden index position to the query service node; determining the decryption key corresponding to the data to be queried based on a preset hash algorithm according to the random elliptic curve point, the hidden index position, and the first auxiliary random code; and decrypting the ciphertext data under the target index position in the target ciphertext data shard group according to the decryption key to obtain the data to be queried.

[0091] For example, the data query node obtains random elliptic curve points sent by the query service node. These random elliptic curve points are generated by the query service node based on a preset second auxiliary random code and a preset random elliptic curve calculation rule.

[0092] The data query node determines the oracle point corresponding to the random elliptic curve point based on a preset random oracle model. Based on the target index position, the first auxiliary random code, and the oracle point, it generates a hidden index position corresponding to the target index position based on the preset elliptic curve and sends this hidden index position to the query service node. The purpose of the hidden index position is to ensure that the query service node is unaware of the target index position after it is sent, thereby achieving data security.

[0093] After obtaining the hidden index location, the query service node determines the corresponding encryption key sequence in the target ciphertext data shard group based on the random elliptic curve point, the hidden index location, the second auxiliary random code, and the oracle point, using a preset hash algorithm. Each encryption key in the encryption key sequence corresponds to a query data item in the target data shard group. Based on the target data shard group and the encryption key sequence, and using a preset encryption algorithm, the target ciphertext data shard group is determined.

[0094] The data query node determines the first product of the first auxiliary random code and the random elliptic curve point. Based on the random elliptic curve point, the hidden index position, and the first product, it determines the decryption key corresponding to the data to be queried based on a preset hash algorithm. According to the decryption key, the ciphertext data under the target index position in the obtained target ciphertext data fragment group is decrypted to obtain the data to be queried.

[0095] This embodiment of the scheme obtains the query identifier signature value of the data to be queried by unblinding the query identifier signature value; it determines the target index position corresponding to the query identifier signature value based on the index position of the identifier signature value of each query data in the target identifier signature set; and it determines the data to be queried based on the target index position and the target encrypted data fragment group. The above scheme achieves security and anonymity in the process of determining the data to be queried, ensuring that the data querying party is unaware of other data besides the data to be queried, and that the data provider is unaware of the data identifier and specific data to be queried by the data querying party. This achieves the confidentiality of the data query process, improves the performance of the data query service, and makes the scheme more practically applicable.

[0096] Example 3

[0097] Figure 3 This is a flowchart of a data query method provided in Embodiment 3 of the present invention. This embodiment is applicable to situations involving secure and privacy-preserving data queries. The method can be executed by a data query device, which can be implemented in hardware and / or software. This data query device can be configured in an electronic device, and the data query method can be applied to query service nodes, such as... Figure 3 As shown, the method includes:

[0098] S310. Obtain the query identifier blinding value and query identifier fingerprint hash value of the data to be queried sent by the data query node; wherein, the query identifier blinding value is determined by the data query node in response to the data query request for the data to be queried.

[0099] Data query requests can be initiated by relevant data query parties with data query needs. The data to be queried can be data that relevant operators on the data query node need to query from the query service node. The number of data to be queried can be at least one.

[0100] The query identifier blinding value can be obtained by the data query node after blinding the data identifier of the data to be queried. For example, the data query node can perform blinding processing on the data identifier of the data to be queried according to a preset blind signature algorithm to obtain the query identifier blinding value of the data to be queried.

[0101] It is understandable that, since the data query process involves interaction between the data query node and the query service node, the following methods can be used to determine the blinding value of the query identifier in order to further improve the confidentiality and security of the data during the data query process.

[0102] In one optional embodiment, the query identifier blinding value of the data to be queried is determined based on the data identifier of the data to be queried, the preset blinding factor, and the public key of the preset blind signature algorithm, using the blind signature algorithm.

[0103] The blind signature algorithm can be pre-defined by relevant technical personnel. For example, the blind signature algorithm can be RSA blind signature algorithm, elliptic curve blind signature algorithm, or SM2 blind signature algorithm, etc.

[0104] It should be noted that, to ensure encryption consistency during the data query process, the blind signature algorithm used in the data query node must be consistent with the blind signature algorithm used in the query service node. Specifically, the blind signature algorithm used by the query service node, along with its public key, can be pre-configured and stored within the data query node.

[0105] It should be noted that, due to the large amount of query data stored under the query service node, to improve the privacy, security, and efficiency of data queries, the queried dataset can be sharded to obtain at least one target data shard group. In the query service node, the query identifier fingerprint hash value is used to determine the shard group to which each piece of queried data belongs, and to determine the number of data shard groups. Correspondingly, the method by which the data query node determines the query identifier fingerprint hash value of the data to be queried needs to be the same as the method used by the query service node to determine the query identifier fingerprint hash value of the queried data, thus facilitating the subsequent location of the data shard group to which the data to be queried belongs.

[0106] In one optional embodiment, the query identifier fingerprint hash value of the data to be queried is determined according to a preset hash encoding method; based on the query identifier fingerprint hash value, the query identifier fingerprint hash value of the data to be queried is determined according to a preset indistinguishable factor and numerical encoding method.

[0107] The hash encoding method, indistinguishable factor, and numerical encoding method can be predetermined by relevant technical personnel, and these methods are identical in the query data node and the query service node. Optionally, the hash encoding method, indistinguishable factor, and numerical encoding method can be pre-set in the query service node, and these methods can be pre-configured and stored in the local database of the data query node.

[0108] The numerical encoding method can be binary, octal, or hexadecimal, etc. The indistinguishability factor can be preset by relevant technical personnel. The larger the indistinguishability factor value, the more data shards there are. The more data shards there are, the more detailed the grouping of the query data is, and the higher the efficiency of subsequent queries.

[0109] For example, the hash encoding method can be a preset hash algorithm. Using this preset hash algorithm, the data identifier of the data to be queried is hashed (H). id = hash(ID). Where H id The hash value is the query identifier hash value of the data to be queried, ID is the data identifier of the data to be queried, and hash(·) is the preset hash algorithm.

[0110] For example, if the data encoding method is binary encoding and the preset indistinguishability factor is 2, the corresponding query identifier fingerprint hash value can be 00, 01, 10, and 11; if the data encoding method is binary encoding and the preset indistinguishability factor is 3, the corresponding query identifier fingerprint hash value can be 000, 001, 010, 011, 100, 101, 110, and 111. If the data encoding method is octal encoding and the preset indistinguishability factor is 1, the corresponding query identifier fingerprint hash value can be 0, 1, 2, 3, 4, 5, 6, and 7.

[0111] For example, based on the query identifier hash value of the data to be queried, and based on the data encoding method, the query identifier encoding value of the query identifier hash value is determined; based on the query identifier encoding value, and based on a preset indistinguishable factor, the query identifier fingerprint hash value of the data to be queried is determined. For example, if the query identifier hash value of the data to be queried is 25 and the data encoding method is binary encoding, then the query identifier encoding value of the query identifier hash value is 11001; if the preset indistinguishable factor is 2, then the query identifier fingerprint hash value of the data to be queried is 11.

[0112] S320. Based on the query identifier blinding value and the query identifier fingerprint hash value, determine the target identifier signature set, query identifier signature blinding value, and target ciphertext data fragment group corresponding to the target data fragment group to which the data to be queried belongs.

[0113] For example, the data query node sends the query identifier blinded value and the query identifier fingerprint hash value to the query service node. Upon receiving the query identifier blinded value and the query identifier fingerprint hash value, the query service node determines the target identifier signature set, the query identifier signature blinded value, and the target encrypted data shard group corresponding to the target data shard group to which the queried data belongs, based on these values. The query service node then feeds back the target identifier signature set, the query identifier signature blinded value, and the target encrypted data shard group to the data query node.

[0114] Specifically, the query service node can sign the blinded value of the query identifier based on the private key of the blind signature algorithm, obtaining the blinded signature value of the query identifier. The query service node can determine the target data shard group to which the queried data belongs based on the fingerprint hash value of the query identifier; each data shard group stores the query data and the identifier signature of the query data's data identifier. The identifier signatures of the data identifiers of the query data in the target data shard group are combined to obtain the target identifier signature set. The query service node encrypts the query data in the target data shard group based on a preset encryption algorithm, obtaining the target ciphertext data shard group.

[0115] S330. Feed back to the data query node the target identifier signature set, query identifier signature blinding value, and target ciphertext data shard group corresponding to the target data shard group to which the data to be queried belongs, so that the data query node can determine the data to be queried based on the target identifier signature set, query identifier signature blinding value, and target ciphertext data shard group.

[0116] For example, the query service node feeds back the target identifier signature set, the query identifier signature blinding value, and the target ciphertext data shard group corresponding to the target data shard group to which the data to be queried belongs to the data query node. The data query node can perform unblinding processing on the query identifier signature blinding value to obtain the query identifier signature of the data to be queried; determine the index position of the query identifier signature in the target identifier signature set; determine the ciphertext data corresponding to the data to be queried in the target ciphertext data shard group based on the index position; and decrypt the ciphertext data at the index position based on the decryption algorithm corresponding to the query service node to obtain the data to be queried.

[0117] This invention's embodiment determines and feeds back the target identifier signature set, query identifier signature blinding value, and target encrypted data shard group corresponding to the target data shard group to which the queried data belongs, based on the query identifier blinding value and query identifier fingerprint hash value. This allows the data query node to determine the data to be queried based on the target identifier signature set, query identifier signature blinding value, and target encrypted data shard group. This solution achieves data privacy and security during the data query process, ensuring that the data querying party is unaware of other data besides the data to be queried, and that the data provider is unaware of the data to be queried, thus achieving confidentiality and improving the security of the data query results. Simultaneously, the use of hash fingerprint shard combination reduces the complexity of the data query process.

[0118] Example 4

[0119] Figure 4 This is a flowchart of a data query method provided in Embodiment 4 of the present invention. This embodiment has been optimized, improved and refined at a deeper level based on the above technical solutions.

[0120] Furthermore, the step "determine the target identifier signature set, query identifier signature blinding value, and target ciphertext data shard group corresponding to the target data shard group to which the data to be queried belongs based on the query identifier blinding value and query identifier fingerprint hash value" is refined to "sign the query identifier blinding value based on the private key of the preset blind signature algorithm to obtain the query identifier signature blinding value; determine the target data shard group corresponding to the data to be queried based on the query identifier fingerprint hash value; wherein, the target data shard group includes at least one query data and the identifier signature value of each query data; the target data shard group includes the data to be queried and the identifier signature value of the data to be queried; the signature set composed of the identifier signature values ​​of each query data in the target data shard group is used as the target identifier signature set; the target data shard group is encrypted to obtain the target ciphertext data shard group" to improve the method of determining the target ciphertext data shard group.

[0121] like Figure 4 As shown, the method includes the following specific steps:

[0122] S410. Obtain the query identifier blinding value and query identifier fingerprint hash value of the data to be queried sent by the data query node; wherein, the query identifier blinding value is determined by the data query node in response to the data query request for the data to be queried.

[0123] S420. Sign the query identifier blind value according to the private key of the preset blind signature algorithm to obtain the query identifier signature blind value.

[0124] For example, the query service node signs the blinded value of the query identifier according to the private key of the pre-set blind signature algorithm to obtain the blinded value of the query identifier signature.

[0125] S430. Based on the query identifier fingerprint hash value, determine the target data shard group corresponding to the data to be queried; wherein, the target data shard group includes at least one query data and the identifier signature value of each query data; the target data shard group includes the data to be queried and the identifier signature value of the data to be queried.

[0126] In this context, each query data in the target data shard group may contain the data to be queried, and the identifier signature of each query data may contain the identifier signature value of the data to be queried.

[0127] It should be noted that at least one candidate data shard group can be pre-stored in the query service node. Each candidate data shard group stores different query data and the corresponding identifier signature value for each query data.

[0128] In one optional embodiment, determining the target data shard group corresponding to the data to be queried based on the query identifier fingerprint hash value includes: obtaining at least one candidate data shard group; and selecting the target data shard group corresponding to the data to be queried from each candidate data shard group based on the query identifier fingerprint hash value.

[0129] The candidate data shards can be pre-determined by the query service nodes and stored in the database. Each candidate data shard includes at least one query data and a corresponding identifier signature value. The identifier fingerprint hash values ​​of all query data within a candidate data shard are identical.

[0130] For example, the query service node can obtain at least one candidate data shard group from the database; based on the query identifier fingerprint hash value, it selects the target data shard group to which the data to be queried belongs from each candidate data shard group. Specifically, it can select the candidate data shard group that has the same query identifier fingerprint hash value as the target data shard group from each candidate data shard group.

[0131] It should be noted that the candidate data shard groups are pre-determined by the query service node and pre-stored in the database. Candidate data shard groups can be determined in the following ways.

[0132] In one optional embodiment, the candidate data shard group is generated as follows: obtain the data identifier of each query data in the query dataset stored in the database; perform hash processing and signature processing on each data identifier to obtain the fingerprint hash value and identifier signature value corresponding to each data identifier; divide the query data with the same fingerprint hash value into the same data shard group to obtain at least one candidate data shard group; wherein, each candidate data shard group stores each queried data and the identifier signature value corresponding to each query data.

[0133] For example, the data identifiers of each query data can be hashed based on a preset hash algorithm to obtain the fingerprint hash value of each data identifier; and the data identifiers can be signed based on the private key of a preset blind signature algorithm to obtain the identifier signature value of each data identifier. Query data with the same fingerprint hash value are divided into the same data shard group, thereby obtaining at least one candidate data shard group. Each candidate data shard group includes query data with the same fingerprint hash value.

[0134] In one optional embodiment, each data identifier is hashed and signed to obtain a fingerprint hash value and an identifier signature value corresponding to each data identifier. This includes: determining the identifier hash value of each query data based on each data identifier and a preset hash encoding method; determining the fingerprint hash value of each query data based on the identifier hash value of each query data and a preset indistinguishable factor and numerical encoding method; and signing the data identifier of each query data according to the private key of the blind signature algorithm to obtain the identifier signature value of each query data.

[0135] For example, a preset hash encoding method can be used to hash the data identifiers of each queried data. The hash encoding method used for hashing is the same as the hash encoding method used to hash the queried data at the data query node. Specifically, the query service node can pre-configure and store the preset hash encoding method at the data query node.

[0136] The method for signing the data identifiers of each queried data can be achieved by using a pre-defined private key of a blind signature algorithm to sign the data identifiers of each queried data, thereby obtaining the identifier signature value of each queried data. The private key of the blind signature algorithm used for signing corresponds to the public key of the blind signature algorithm used by the data query node to sign the data identifiers of the data to be queried. Specifically, the public key of the blind signature algorithm can be pre-configured and stored by the query service node under the data query node.

[0137] For example, a preset data encoding method is used to numerically encode the identifier hash value of each query data, resulting in an identifier encoding hash value for each query data. The numerical encoding method can be preset by relevant technical personnel according to actual needs. For example, the numerical encoding method can be binary, octal, or hexadecimal. Based on the identifier encoding value and a preset indistinguishability factor, the identifier fingerprint hash value of the query data is determined. The numerical encoding method can also be preset by relevant technical personnel according to actual needs. For example, if the indistinguishability factor is 2, then the first two digits of the identifier encoding value are taken as the identifier fingerprint hash value of the query data.

[0138] For example, if the identifier hash value of the query data is 25 and the data encoding method is binary encoding, then the identifier encoding value of the identifier hash value of the query data is 11001. If the preset indistinguishability factor is 2, then the identifier fingerprint hash value of the query data is 11; if the preset indistinguishability factor is 3, then the identifier fingerprint hash value of the query data is 110.

[0139] S440. The signature set composed of the identifier signature values ​​of each query data in the target data shard group is used as the target identifier signature set.

[0140] The target data shard group contains at least one query data and an identifier signature value corresponding to each query data. For example, the identifier signature values ​​of each query data are combined based on their index positions in the target data shard group to obtain a target identifier signature set including the identifier signature values ​​corresponding to each query data.

[0141] S450. Encrypt the target data fragment group to obtain the target ciphertext data fragment group.

[0142] For example, the query service node can encrypt the target data shard group based on a preset encryption algorithm to obtain the target ciphertext data shard group.

[0143] It should be noted that, in order to ensure the security of the data query process, to ensure that the querying data node is unaware of all other query data in the target encrypted data fragment group except for the data to be queried, and to ensure that the query service node is unaware of the identifier of the data to be queried that the data querying node wants to query, both parties can also obtain the query data based on the unintentional transmission protocol.

[0144] In one optional embodiment, encrypting the target data shard group to obtain a target ciphertext data shard group includes: obtaining the hidden index position sent by the data query node and generating a second auxiliary random code; generating random elliptic curve points according to the second auxiliary random code and sending the random elliptic curve points to the data query node; determining the oracle point corresponding to the random elliptic curve point; determining the corresponding encryption key sequence in the target data shard group based on the random elliptic curve point, the hidden index position, the first auxiliary random code, and the oracle point, using a preset hash algorithm; wherein each encryption key in the encryption key sequence corresponds to each query data in the target data shard group; and determining the target ciphertext data shard group based on the target data shard group and the encryption key sequence, using a preset encryption algorithm.

[0145] For example, the data query node obtains random elliptic curve points sent by the query service node. These random elliptic curve points are generated by the query service node based on a preset first auxiliary random code and a preset random elliptic curve calculation rule.

[0146] The data query node determines the oracle point corresponding to the random elliptic curve point based on a preset random oracle model. Based on the target index position, a randomly generated first auxiliary random code, and the oracle point, it generates a hidden index position corresponding to the target index position based on the preset elliptic curve and sends this hidden index position to the query service node. The purpose of the hidden index position is to ensure that the query service node is unaware of the target index position after it is sent, thereby achieving data security.

[0147] After obtaining the hidden index location, the query service node determines the corresponding encryption key sequence in the target data shard group based on the random elliptic curve point, the hidden index location, the second auxiliary random code, and the oracle point, using a preset hash algorithm. Each encryption key in the encryption key sequence corresponds to a query data item in the target data shard group. Based on the target data shard group and the encryption key sequence, and using a preset encryption algorithm, the target ciphertext data shard group is determined.

[0148] The data query node determines the first product of the first auxiliary random code and the random elliptic curve point. Based on the random elliptic curve point, the hidden index position, and the first product, it determines the decryption key corresponding to the data to be queried based on a preset hash algorithm. Based on the decryption key, it decrypts the ciphertext data under the target index position in the acquired target ciphertext data fragment group to obtain the data to be queried.

[0149] S460. Feed back to the data query node the target identifier signature set, query identifier signature blinding value, and target ciphertext data shard group corresponding to the target data shard group to which the data to be queried belongs, so that the data query node can determine the data to be queried based on the target identifier signature set, query identifier signature blinding value, and target ciphertext data shard group.

[0150] This embodiment's solution obtains a query identifier signature blinded value by signing the query identifier blinded value; based on the query identifier fingerprint hash value, it determines the target data shard group corresponding to the data to be queried; the signature set composed of the identifier signature values ​​of each query data in the target data shard group is used as the target identifier signature set; and the target data shard group is subjected to symmetric encryption processing to obtain the target ciphertext data shard group. The above solution achieves security and anonymity in the process of determining the data to be queried, ensuring that the data querying party is unaware of other data besides the data to be queried, and that the data provider is unaware of the data identifier and specific data to be queried by the data querying party. This achieves the confidentiality of the data query process, improves the performance of the data query service, and makes the solution more practically applicable.

[0151] Example 5

[0152] This embodiment provides a preferred example based on the above embodiments. This preferred embodiment includes two stages: an offline preprocessing stage and an online data query stage. The offline preprocessing stage is performed by a query service node; the online data query stage is performed interactively by a data query node and a query service node.

[0153] Figure 5A This is a flowchart illustrating an offline preprocessing stage provided in an embodiment of the present invention. The stage is executed by a query service node and specifically includes the following steps:

[0154] S10. Read the data identifier of the query data stored in the database.

[0155] For example, read the IDs of all original records of the queried dataset stored in the database by the query service node. i ,data i Data identifier ID in ) i , where i represents the index position of the queried data, i = 1, 2, ..., N. i Indicates the i-th queried data; ID i This represents the data identifier for the i-th queried data. Here, N is the number of data sets being queried.

[0156] S20. Determine the fingerprint hash value and identifier signature value of the data identifier for each queried data.

[0157] For example, each queried data is identified by a data identifier ID.i∈N Perform hash calculation H i =hash(ID) i ) and signature calculation S i =sig(ID) i ,sk A This yields the identifier hash value H corresponding to each queried data. i and the identifier signature value S i Here, hash(·) is the hash algorithm used to determine the hash value of the identifier, which can be preset by relevant technical personnel. Here, sk A This is a pre-defined private key for a blind signature algorithm, used to sign each query data. The identifier hash value of each query data is encoded according to a pre-defined numerical encoding method, resulting in a unique encoded hash value for each query data. Based on a pre-defined indistinguishability factor t, the first t characters of the encoded hash value of each query data are taken to obtain the fingerprint hash value H for each query data. i_t .

[0158] S30. Based on the fingerprint hash value, each query data is divided into fragments for storage to obtain at least one candidate data fragment group; wherein, the candidate data fragment group includes at least one query data and the identifier signature value corresponding to each query data.

[0159] For example, the fingerprint hash value H i_t (i = 1, 2, ..., N) identical query data are stored in shards, where H i_t The corresponding query data is (data) i ,sig i ), to obtain the candidate data fragment set G = {g1, ..., g k}. Where k is the number of candidate data shards; g i This represents the i-th candidate data partition group.

[0160] Optionally, if the indistinguishable factor t = 2 and the numerical encoding method is binary encoding, then the number of corresponding candidate data shard groups k = 4. The fingerprint hash value H of all query data under the condition of uniform data distribution in the database query. i-2 In binary encoding, there are four cases: H1=00, H2=01, H3=10, and H4=11. Therefore, all data is clearly divided into four pieces: H1, H2, H3, and H4, which are:

[0161] Shard H1: Candidate data shard group

[0162]

[0163] H2: Candidate data shards

[0164]

[0165] H3: Candidate data shard group

[0166]

[0167] H4 Sharding: Candidate Data Sharding Groups

[0168]

[0169] in, Where n1, n2, n3, and n4 represent the number of the queried datasets in the candidate shard groups g1, g2, g3, and g4, respectively.

[0170] It should be noted that the hash algorithms, indistinguishable factors, public keys for blind signature algorithms, and numerical encoding methods involved in the offline preprocessing stage of the query service node can be pre-configured on the data query node so that they can be used by the data query node in the subsequent data query process.

[0171] Figure 5B This is a flowchart illustrating an online data query stage provided in an embodiment of the present invention. The process is executed interactively by a data query node and a query service node, and specifically includes the following steps:

[0172] S501, The data query node responds to the data query request for the data to be queried by determining the data identifier of the data to be queried.

[0173] S502. The data query node performs blinding processing on the data identifier of the data to be queried, and obtains the blinded value of the query identifier of the data to be queried.

[0174] For example, the data query node calculates the blinded value B of the data identifier ID of the data to be queried based on a blind signature algorithm. ID =blind(ID,pk) A ,r), where r is a blind factor randomly generated and privately stored by the data query node, pk A This is the public key for the blind signature algorithm, which can be pre-configured under the data query node. blind(·) represents the blind signature algorithm.

[0175] S503, The data query node determines the query identifier fingerprint hash value of the data to be queried.

[0176] For example, based on the same hash algorithm as the query service node, the query identifier hash value of the query identifier of the data to be queried is calculated. The query identifier code value corresponding to the query identifier hash value is determined according to the same numerical encoding method as the query service node. The query identifier fingerprint hash value of the data to be queried is determined based on the same indistinguishable factor t as the query service node.

[0177] S504. The data query node sends the query identifier blind value and the query identifier fingerprint hash value to the query service node.

[0178] S505. The query service node signs the obtained query identifier blinding value to obtain the query identifier signature blinding value.

[0179] For example, the query identifier value B is blinded based on a blind signature algorithm. ID Perform signature BS ID =blindsig(B ID ,sk A ), to obtain the query identifier signature blinding value. Where, sk A It is the private key for the blind signature algorithm of the query service node.

[0180] S506. The query service node obtains at least one candidate data shard group and determines the target data shard group to which the data to be queried belongs based on the query identifier fingerprint hash value.

[0181] For example, traversing candidate data shard groups g j Identify and query the fingerprint hash value H ID_t The same data fragment group g w This indicates that the data to be queried is in the target data shard group g. w middle.

[0182] S507. The query service node sends the target identifier signature set and the query identifier signature blinding value corresponding to the target shard group to the data query node.

[0183] For example, if the target data shard group is matched based on the query identifier fingerprint hash value... Then the query service node sends the corresponding signature set S = (sig j The query identifier blinded signature value BS of the data identifier ID. ID Provide data query nodes.

[0184] Assume H ID_t =H2, indicating that the target data shard group g2 includes the query data corresponding to the data identifier ID, i.e., the data to be queried. Further, the target identifier signature set corresponding to the target data shard group g2 is... Sending data to the data query node greatly reduces the computational complexity of data querying and improves the service performance of the query service node.

[0185] S508. The data query node performs unblinding processing on the query identifier signature blinding value to obtain the query identifier signature value of the data to be queried.

[0186] For example, the data query node uses a blind signature algorithm to sign the query identifier value BS. ID Perform unblinding computation to obtain the query identifier signature value S of the data identifier ID of the data to be queried. ID =offblindsig(BS ID ,r).

[0187] S509. The data query node determines the target index position idx corresponding to the query identifier signature value based on the index position of the identifier signature value of each queried data in the target identifier signature set.

[0188] Query identifier signature value S ID The signature is compared with the received target identifier signature set S. If a match is found, it means that the matched signature is sig. j The corresponding index idx is the position of the data to be queried in the corresponding target data shard group, and the query indicates that the data to be queried has been successfully located.

[0189] For example, if S ID =sig 2,63 This indicates that the 63rd data item in the target data shard group is the data to be queried. It should be noted that this target data shard group is only stored on the query service node; while the location index 63 of the data to be queried is only known to the data query node.

[0190] S510. The query service node generates an auxiliary random code r1, and generates a random elliptic curve point P1 based on the auxiliary random code r1, and generates an oracle point T based on the random elliptic curve point P1.

[0191] For example, the query service node randomly generates an auxiliary random code r1; based on the auxiliary random code r1, a random elliptic curve point P1 is generated according to a preset random elliptic curve algorithm.

[0192] S511, The query service node sends the random elliptic curve point P1 to the data query node.

[0193] S512, The data query node generates an auxiliary random code r2 and generates a oracle point T based on the random elliptic curve point P1.

[0194] S513. The data query node determines the hidden index position R corresponding to the target index position idx based on the target index position idx, the auxiliary random code r2, and the oracle point T, using a preset elliptic curve.

[0195] For example, a data query node can determine the hidden index position R = G(idx,r2,T) based on a preset elliptic curve. Here, G(·) can be a preset elliptic curve.

[0196] S514, The data query node sends the hidden index location R to the query service node.

[0197] S515. The query service node determines the corresponding encryption key sequence in the target data shard group based on the random elliptic curve point P1, the hidden index position R, the auxiliary random code r1, and the oracle point T, using a preset hash algorithm.

[0198] For example, the index positions of each queried dataset in the target data shard group are traversed, and the corresponding encryption key sequence key in the target data shard group is determined based on a preset hash algorithm. i =H(P1,R,r1*R+(-ir1)*T).

[0199] In this sequence, each encryption key in the encryption key sequence corresponds to a query dataset in the target data shard group. 'i' represents the index position of each query dataset in the target data shard group, which is also the index position of each encryption key in the encryption key sequence.

[0200] S516. The query service node determines the target ciphertext data fragment group based on the target data fragment group and the encryption key sequence, using a preset encryption algorithm.

[0201] For example, if the queried dataset in the target data shard group is (data1, data2, ..., data...) n If the encrypted data c in the target ciphertext data fragment group is... i c i ←encAES(data i ,key i ); where AES(·) is the preset AES (Advanced Encryption Standard) symmetric encryption algorithm.

[0202] S517. The query service node sends the target encrypted data fragments to the data query node.

[0203] S518. The data query node determines the decryption key corresponding to the data to be queried based on the random elliptic curve point P1, the hidden index position R, and the auxiliary random code r2, using a preset hash algorithm.

[0204] For example, the data query node determines the decryption key key = H(P1,R,r2*P1) corresponding to the data to be queried based on a preset hash algorithm.

[0205] S519. The data query node decrypts the ciphertext data at the target index position in the target ciphertext data fragment group according to the decryption key to obtain the data to be queried.

[0206] For example, the data query node determines the target encrypted data shard group (c1, c2, ..., c) based on the target index position idx. n The encrypted data c under ) idx The data query node uses the decryption key to process the encrypted data c. idx Decryption yields the plaintext data, which is the data to be queried. idx .

[0207] Example 6

[0208] Figure 6 This is a schematic diagram of a data query device provided in Embodiment Six of the present invention. The data query device provided in this embodiment of the present invention is suitable for situations involving secure and privacy-preserving data queries. This data query device can be implemented in hardware and / or software, and can be applied to data query nodes, such as… Figure 6 As shown, the device specifically includes: a data identifier determination module 601, a blinding processing module 602, a fingerprint hash value determination module 603, a data sending module 604, and a query data determination module 605. Among them,

[0209] The data identifier determination module 601 is used to determine the data identifier of the data to be queried in response to a data query request for the data to be queried;

[0210] The blinding processing module 602 is used to perform blinding processing on the data identifier of the data to be queried to obtain the blinded value of the query identifier of the data to be queried.

[0211] Fingerprint hash value determination module 603 is used to determine the query identifier fingerprint hash value of the data to be queried;

[0212] The data sending module 604 is used to send the query identifier blinding value and the query identifier fingerprint hash value to the query service node, so that the query service node can determine and feed back the target identifier signature set, query identifier signature blinding value and target encrypted data fragment group corresponding to the target data fragment group to which the data to be queried belongs based on the query identifier blinding value and the query identifier fingerprint hash value;

[0213] The data to be queried module 605 is used to determine the data to be queried based on the target identifier signature set, the query identifier signature blinding value, and the target ciphertext data fragment group.

[0214] This invention's embodiment determines the query identifier blinding value and query identifier fingerprint hash value of the data to be queried, and feeds them back to the query service node. The query service node, based on the query identifier blinding value and the query identifier fingerprint hash value, determines and feeds back the target identifier signature set, query identifier signature blinding value, and target encrypted data fragment group corresponding to the target data fragment group to which the data to be queried belongs. Based on the feedback results, the data to be queried is determined. This scheme achieves data privacy and security during the data query process, ensuring that the data querying party is unaware of other data besides the data to be queried, and that the data provider is unaware of the data identifier and specific data to be queried by the data querying party. This achieves the confidentiality of the data query process and improves the performance of the data query service. Simultaneously, the use of hash fingerprint fragment combination reduces the complexity of the data query process, making the scheme more practically applicable.

[0215] Optionally, the blinding processing module 602 includes:

[0216] The blinding processing unit is used to determine the blinding value of the query identifier of the data to be queried based on the data identifier of the data to be queried, a preset blinding factor, and a preset public key of the blind signature algorithm, and on the basis of the blind signature algorithm.

[0217] Optionally, the fingerprint hash value determination module 603 includes:

[0218] The query hash value determination unit is used to determine the query identifier hash value of the data to be queried according to a preset hash encoding method;

[0219] The fingerprint hash value determination unit is used to determine the query identifier fingerprint hash value of the data to be queried based on the query identifier hash value and a preset indistinguishable factor and numerical encoding method.

[0220] Optionally, the data to be queried determination module 605 includes:

[0221] The identifier signature value determination unit is used to perform unblinding processing on the query identifier signature blinding value according to the blind signature algorithm to obtain the query identifier signature value of the data to be queried;

[0222] The target index position determination unit is used to determine the target index position corresponding to the query identifier signature value based on the index position of the identifier signature value of each query data in the target identifier signature set.

[0223] The data to be queried unit is used to determine the data to be queried based on the target index position and the target encrypted data fragment group.

[0224] Optionally, the data to be queried determination unit includes:

[0225] The random code generation subunit is used to obtain the random elliptic curve points sent by the query service node and generate a first auxiliary random code.

[0226] The oracle point determination subunit is used to determine the oracle point corresponding to the random elliptic curve point;

[0227] The hidden index location determination subunit is used to determine the hidden index location corresponding to the target index location based on a preset elliptic curve according to the target index location, the first auxiliary random code and the oracle point, and send the hidden index location to the query service node;

[0228] The decryption key determination subunit is used to determine the decryption key corresponding to the data to be queried based on the random elliptic curve points, the hidden index positions, and the first auxiliary random code, using a preset hash algorithm.

[0229] The data to be queried subunit is used to decrypt the ciphertext data at the target index position in the target ciphertext data fragment group according to the decryption key, so as to obtain the data to be queried.

[0230] The data query device provided in this embodiment of the invention can execute the data query method provided in any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the method execution.

[0231] Example 7

[0232] Figure 7 This is a schematic diagram of a data query device provided in Embodiment 7 of the present invention. The data query device provided in this embodiment of the present invention is suitable for situations involving secure and privacy-preserving data queries. This data query device can be implemented in hardware and / or software, and can be applied to query service nodes, such as... Figure 7 As shown, the device specifically includes: a data acquisition module 701, a encrypted data determination module 702, and a data feedback module 703. Among them,

[0233] The data acquisition module 701 is used to acquire the query identifier blinding value and query identifier fingerprint hash value of the data to be queried sent by the data query node; wherein, the query identifier blinding value is determined by the data query node in response to the data query request for the data to be queried;

[0234] The encrypted data determination module 702 is used to determine the target identifier signature set, the query identifier signature blinding value, and the target encrypted data fragment group corresponding to the target data fragment group to which the data to be queried belongs, based on the query identifier blinding value and the query identifier fingerprint hash value;

[0235] The data feedback module 703 is used to feed back to the data query node the target identifier signature set corresponding to the target data shard group of the data to be queried, the query identifier signature blinding value, and the target encrypted data shard group, so that the data query node can determine the data to be queried based on the target identifier signature set, the query identifier signature blinding value, and the target encrypted data shard group.

[0236] This invention's embodiment determines and feeds back the target identifier signature set, query identifier signature blinding value, and target encrypted data shard group corresponding to the target data shard group to which the queried data belongs, based on the query identifier blinding value and query identifier fingerprint hash value. This allows the data query node to determine the data to be queried based on the target identifier signature set, query identifier signature blinding value, and target encrypted data shard group. This solution achieves data privacy and security during the data query process, ensuring that the data querying party is unaware of other data besides the data to be queried, and that the data provider is unaware of the data identifier and specific data to be queried by the data querying party. This achieves the anonymity of the data query process and improves the performance of the data query service. Simultaneously, the use of hash fingerprint shard combination reduces the complexity of the data query process, making the solution more practically applicable.

[0237] Optionally, the encrypted data determination module 702 includes:

[0238] The signature blinding value determination unit is used to sign the query identifier blinding value according to the private key of the preset blind signature algorithm to obtain the query identifier signature blinding value;

[0239] The target data shard group determination unit is used to determine the target data shard group corresponding to the data to be queried based on the query identifier fingerprint hash value; wherein, the target data shard group includes at least one query data and the identifier signature value of each query data; the target data shard group includes the data to be queried and the identifier signature value of the data to be queried;

[0240] The target identifier signature set determination unit is used to take the signature set composed of the identifier signature values ​​of each query data in the target data fragment group as the target identifier signature set;

[0241] The target ciphertext data fragment group determination unit is used to encrypt the target data fragment group to obtain the target ciphertext data fragment group.

[0242] Optionally, the target data fragment group determination unit includes:

[0243] The candidate data fragment group acquisition subunit is used to acquire at least one candidate data fragment group;

[0244] The target data shard group determination subunit is used to select the target data shard group corresponding to the data to be queried from each of the candidate data shard groups based on the query identifier fingerprint hash value.

[0245] Optionally, the candidate data shard groups are generated in the following way:

[0246] Retrieve the data identifiers of each query data in the query dataset stored in the database;

[0247] Each of the data identifiers is hashed and signed to obtain the fingerprint hash value and identifier signature value corresponding to each of the data identifiers.

[0248] Each query data with the same fingerprint hash value is divided into the same data shard group to obtain at least one candidate data shard group; wherein, each candidate data shard group stores each query data and the identifier signature value corresponding to each query data.

[0249] Optionally, the step of hashing and signing each of the data identifiers to obtain the fingerprint hash value and identifier signature value corresponding to each of the data identifiers includes:

[0250] Based on each of the data identifiers, and using a preset hash encoding method, determine the identifier hash value of each of the queried data.

[0251] Based on the identifier hash value of each query data, and using a preset indistinguishable factor and numerical encoding method, the fingerprint hash value of each query data is determined.

[0252] Based on the private key of the blind signature algorithm, the data identifier of each of the data to be queried is signed to obtain the identifier signature value of each of the data to be queried.

[0253] Optionally, the target encrypted data fragment group determination unit includes:

[0254] An auxiliary random code generation subunit is used to obtain the hidden index position sent by the data query node and generate a second auxiliary random code;

[0255] The random curve point generation subunit is used to generate random elliptic curve points according to the second auxiliary random code, and send the random elliptic curve points to the data query node;

[0256] The oracle point determination subunit is used to determine the oracle point corresponding to the random elliptic curve point;

[0257] The encryption key sequence determination subunit is used to determine the corresponding encryption key sequence in the target data shard group based on the random elliptic curve points, the hidden index positions, the second auxiliary random code, and the oracle points, using a preset hash algorithm; wherein, each encryption key in the encryption key sequence corresponds to each query data in the target data shard group;

[0258] The target ciphertext fragment group determination subunit is used to determine the target ciphertext data fragment group based on the target data fragment group and the encryption key sequence, and on a preset encryption algorithm.

[0259] The data query device provided in this embodiment of the invention can execute the data query method provided in any embodiment of the invention, and has the corresponding functional modules and beneficial effects of the method execution.

[0260] Example 8

[0261] Figure 8 A schematic diagram of an electronic device 80 that can be used to implement embodiments of the present invention is shown. The electronic device is intended to represent various forms of digital computers, such as laptop computers, desktop computers, workstations, personal digital assistants, servers, blade servers, mainframe computers, and other suitable computers. The electronic device can also represent various forms of mobile devices, such as personal digital processors, cellular phones, smartphones, wearable devices (e.g., helmets, glasses, watches, etc.), and other similar computing devices. The components shown herein, their connections and relationships, and their functions are merely illustrative and are not intended to limit the implementation of the invention described and / or claimed herein.

[0262] like Figure 8 As shown, the electronic device 80 includes at least one processor 81 and a memory, such as a read-only memory (ROM) 82 and a random access memory (RAM) 83, communicatively connected to the at least one processor 81. The memory stores computer programs executable by the at least one processor. The processor 81 can perform various appropriate actions and processes based on the computer program stored in the ROM 82 or loaded from storage unit 88 into the RAM 83. The RAM 83 can also store various programs and data required for the operation of the electronic device 80. The processor 81, ROM 82, and RAM 83 are interconnected via a bus 84. An input / output (I / O) interface 85 is also connected to the bus 84.

[0263] Multiple components in electronic device 80 are connected to I / O interface 85, including: input unit 86, such as keyboard, mouse, etc.; output unit 87, such as various types of monitors, speakers, etc.; storage unit 88, such as disk, optical disk, etc.; and communication unit 89, such as network card, modem, wireless transceiver, etc. Communication unit 89 allows electronic device 80 to exchange information / data with other devices through computer networks such as the Internet and / or various telecommunications networks.

[0264] Processor 81 can be a variety of general-purpose and / or special-purpose processing components with processing and computing capabilities. Some examples of processor 81 include, but are not limited to, a central processing unit (CPU), a graphics processing unit (GPU), various special-purpose artificial intelligence (AI) computing chips, various processors running machine learning model algorithms, a digital signal processor (DSP), and any suitable processor, controller, microcontroller, etc. Processor 81 performs the various methods and processes described above, such as data querying methods.

[0265] In some embodiments, the data query method may be implemented as a computer program tangibly contained in a computer-readable storage medium, such as storage unit 88. In some embodiments, part or all of the computer program may be loaded and / or installed on electronic device 80 via ROM 82 and / or communication unit 89. When the computer program is loaded into RAM 83 and executed by processor 81, one or more steps of the data query method described above may be performed. Alternatively, in other embodiments, processor 81 may be configured to execute the data query method by any other suitable means (e.g., by means of firmware).

[0266] Various embodiments of the systems and techniques described above herein can be implemented in digital electronic circuit systems, integrated circuit systems, field-programmable gate arrays (FPGAs), application-specific integrated circuits (ASICs), application-specific standard products (ASSPs), systems-on-a-chip (SoCs), payload-programmable logic devices (CPLDs), computer hardware, firmware, software, and / or combinations thereof. These various embodiments may include implementations in one or more computer programs that can be executed and / or interpreted on a programmable system including at least one programmable processor, which may be a dedicated or general-purpose programmable processor, capable of receiving data and instructions from a storage system, at least one input device, and at least one output device, and transmitting data and instructions to the storage system, the at least one input device, and the at least one output device.

[0267] Computer programs used to implement the methods of the present invention may be written in any combination of one or more programming languages. These computer programs may be provided to a processor of a general-purpose computer, a special-purpose computer, or other programmable data processing device, such that when executed by the processor, the computer programs cause the functions / operations specified in the flowcharts and / or block diagrams to be performed. The computer programs may be executed entirely on a machine, partially on a machine, or as a standalone software package, partially on a machine and partially on a remote machine, or entirely on a remote machine or server.

[0268] In the context of this invention, a computer-readable storage medium can be a tangible medium that may contain or store a computer program for use by or in conjunction with an instruction execution system, apparatus, or device. A computer-readable storage medium may include, but is not limited to, electronic, magnetic, optical, electromagnetic, infrared, or semiconductor systems, apparatus, or devices, or any suitable combination thereof. Alternatively, a computer-readable storage medium may be a machine-readable signal medium. More specific examples of machine-readable storage media include electrical connections based on one or more wires, portable computer disks, hard disks, random access memory (RAM), read-only memory (ROM), erasable programmable read-only memory (EPROM or flash memory), optical fibers, portable compact disk read-only memory (CD-ROM), optical storage devices, magnetic storage devices, or any suitable combination thereof.

[0269] To provide interaction with a user, the systems and techniques described herein can be implemented on an electronic device having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to the user; and a keyboard and pointing device (e.g., a mouse or trackball) through which the user provides input to the electronic device. Other types of devices can also be used to provide interaction with the user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user can be received in any form (including sound input, voice input, or tactile input).

[0270] The systems and technologies described herein can be implemented in computing systems that include backend components (e.g., as data servers), or computing systems that include middleware components (e.g., application servers), or computing systems that include frontend components (e.g., user computers with graphical user interfaces or web browsers through which users can interact with implementations of the systems and technologies described herein), or any combination of such backend, middleware, or frontend components. The components of the system can be interconnected via digital data communication of any form or medium (e.g., communication networks). Examples of communication networks include local area networks (LANs), wide area networks (WANs), blockchain networks, and the Internet.

[0271] A computing system can include clients and servers. Clients and servers are generally located far apart and typically interact through communication networks. The client-server relationship is created by computer programs running on the respective computers and having a client-server relationship with each other. The server can be a cloud server, also known as a cloud computing server or cloud host, which is a hosting product within the cloud computing service system to address the shortcomings of traditional physical hosts and VPS services, such as high management difficulty and weak business scalability.

[0272] It should be understood that the various forms of processes shown above can be used, with steps reordered, added, or deleted. For example, the steps described in this invention can be executed in parallel, sequentially, or in different orders, as long as the desired result of the technical solution of this invention can be achieved, and this is not limited herein.

[0273] The specific embodiments described above do not constitute a limitation on the scope of protection of this invention. Those skilled in the art should understand that various modifications, combinations, sub-combinations, and substitutions can be made according to design requirements and other factors. Any modifications, equivalent substitutions, and improvements made within the spirit and principles of this invention should be included within the scope of protection of this invention.

Claims

1. A data query method, characterized in that, Applied to data query nodes, including: In response to a data query request for the data to be queried, the data identifier of the data to be queried is determined; The data identifier of the data to be queried is blinded to obtain the blinded value of the query identifier of the data to be queried. Determine the query identifier fingerprint hash value of the data to be queried; The query identifier blinding value and the query identifier fingerprint hash value are sent to the query service node so that the query service node can determine and return the target identifier signature set, query identifier signature blinding value and target encrypted data fragment group corresponding to the target data fragment group to which the data to be queried belongs based on the query identifier blinding value and the query identifier fingerprint hash value; The data to be queried is determined based on the target identifier signature set, the query identifier signature blinding value, and the target ciphertext data fragment group; The query service node determines the target identifier signature set, query identifier signature blinding value, and target encrypted data shard group corresponding to the target data shard group to which the data to be queried belongs, based on the query identifier blinding value and the query identifier fingerprint hash value, including: The query service node signs the query identifier blind value according to the private key of the preset blind signature algorithm to obtain the query identifier signature blind value. Based on the query identifier fingerprint hash value, the target data shard group corresponding to the data to be queried is determined; wherein, the target data shard group includes at least two data items to be queried, and the identifier signature value of each data item to be queried; the target data shard group includes the data to be queried and the identifier signature value of the data to be queried; The signature set composed of the identifier signature values ​​of each query data in the target data shard group is used as the target identifier signature set; Symmetric encryption is performed on the target data fragment group to obtain the target ciphertext data fragment group; The step of determining the target data shard group corresponding to the data to be queried based on the query identifier fingerprint hash value includes: The query service node obtains at least one candidate data shard group; Based on the query identifier fingerprint hash value, select the target data shard group corresponding to the data to be queried from each of the candidate data shard groups; The candidate data shard groups are generated in the following way: The query service node obtains the data identifier of each query data in the query dataset stored in the database; Each of the data identifiers is hashed and signed to obtain a fingerprint hash value and an identifier signature value corresponding to each data identifier; wherein, the fingerprint hash value is obtained by hashing the data identifier of each queried data based on a preset hash algorithm; Each query data with the same fingerprint hash value is divided into the same data shard group to obtain at least one candidate data shard group; wherein, each candidate data shard group stores each query data and the identifier signature value corresponding to each query data.

2. The method according to claim 1, characterized in that, The process of blinding the data identifier of the data to be queried to obtain the blinded value of the query identifier of the data to be queried includes: Based on the data identifier of the data to be queried, the preset blind factor, and the public key of the preset blind signature algorithm, the blind value of the query identifier of the data to be queried is determined according to the blind signature algorithm.

3. The method according to claim 1, characterized in that, Determining the query identifier fingerprint hash value of the data to be queried includes: The query identifier hash value of the data to be queried is determined according to a preset hash encoding method; Based on the query identifier hash value, and using a preset indistinguishable factor and numerical encoding method, the query identifier fingerprint hash value of the data to be queried is determined.

4. The method according to claim 2, characterized in that, The step of determining the data to be queried based on the target identifier signature set, the query identifier signature blinding value, and the target ciphertext data fragment group includes: According to the blind signature algorithm, the blinded value of the query identifier signature is unblinded to obtain the query identifier signature value of the data to be queried; Based on the index position of the identifier signature value of each query data in the target identifier signature set, determine the target index position corresponding to the query identifier signature value; The data to be queried is determined based on the target index location and the target encrypted data fragment group.

5. The method according to claim 4, characterized in that, The step of determining the data to be queried based on the target index position and the target ciphertext data fragment group includes: Obtain the random elliptic curve points sent by the query service node, and generate a first auxiliary random code; Determine the oracle point corresponding to the point on the random elliptic curve; Based on the target index position, the first auxiliary random code, and the oracle point, and using a preset elliptic curve, the hidden index position corresponding to the target index position is determined, and the hidden index position is sent to the query service node. Based on the random elliptic curve points, the hidden index positions, and the first auxiliary random code, a decryption key corresponding to the data to be queried is determined using a preset hash algorithm. Based on the decryption key, the ciphertext data at the target index position in the target ciphertext data fragment group is decrypted to obtain the data to be queried.

6. A data query method, characterized in that, Applied to query service nodes, including: Obtain the query identifier blinding value and query identifier fingerprint hash value of the data to be queried sent by the data query node; wherein, the query identifier blinding value is determined by the data query node in response to the data query request for the data to be queried; Based on the query identifier blinding value and the query identifier fingerprint hash value, determine the target identifier signature set, query identifier signature blinding value, and target ciphertext data shard group corresponding to the target data shard group to which the data to be queried belongs; The data query node is fed back the target identifier signature set corresponding to the target data shard group to which the data to be queried belongs, the query identifier signature blinding value, and the target encrypted data shard group, so that the data query node can determine the data to be queried based on the target identifier signature set, the query identifier signature blinding value, and the target encrypted data shard group; The step of determining the target identifier signature set, the query identifier signature blinding value, and the target ciphertext data fragment group corresponding to the data to be queried based on the query identifier blinding value and the query identifier fingerprint hash value includes: The query identifier blind value is signed based on the private key of the preset blind signature algorithm to obtain the query identifier signature blind value. Based on the query identifier fingerprint hash value, the target data shard group corresponding to the data to be queried is determined; wherein, the target data shard group includes at least two data items to be queried, and the identifier signature value of each data item to be queried; the target data shard group includes the data to be queried and the identifier signature value of the data to be queried; The signature set composed of the identifier signature values ​​of each query data in the target data shard group is used as the target identifier signature set; Symmetric encryption is performed on the target data fragment group to obtain the target ciphertext data fragment group; The step of determining the target data shard group corresponding to the data to be queried based on the query identifier fingerprint hash value includes: Obtain at least one candidate data shard group; Based on the query identifier fingerprint hash value, select the target data shard group corresponding to the data to be queried from each of the candidate data shard groups; The candidate data shard groups are generated in the following way: Retrieve the data identifiers of each query data in the query dataset stored in the database; Each of the data identifiers is hashed and signed to obtain a fingerprint hash value and an identifier signature value corresponding to each data identifier; wherein, the fingerprint hash value is obtained by hashing the data identifier of each queried data based on a preset hash algorithm; Each query data with the same fingerprint hash value is divided into the same data shard group to obtain at least one candidate data shard group; wherein, each candidate data shard group stores each query data and the identifier signature value corresponding to each query data.

7. The method according to claim 6, characterized in that, The step of hashing and signing each of the data identifiers to obtain the fingerprint hash value and identifier signature value corresponding to each data identifier includes: Based on each of the data identifiers, and using a preset hash encoding method, determine the identifier hash value of each of the queried data. Based on the identifier hash value of each query data, and using a preset indistinguishable factor and numerical encoding method, the fingerprint hash value of each query data is determined. Based on the private key of the blind signature algorithm, the data identifier of each query data is signed to obtain the signature value of each query data identifier.

8. The method according to claim 6, characterized in that, The step of encrypting the target data fragment group to obtain the target ciphertext data fragment group includes: Obtain the hidden index location sent by the data query node and generate a second auxiliary random code; Based on the second auxiliary random code, random elliptic curve points are generated and sent to the data query node; Determine the oracle point corresponding to the point on the random elliptic curve; Based on the random elliptic curve points, the hidden index positions, the second auxiliary random code, and the oracle points, a preset hash algorithm is used to determine the corresponding encryption key sequence in the target data shard group; wherein each encryption key in the encryption key sequence corresponds to each query data in the target data shard group. Based on the target data fragment group and the encryption key sequence, and using a preset encryption algorithm, the target ciphertext data fragment group is determined.

9. A data query device, characterized in that, Applied to data query nodes, including: The data identifier determination module is used to determine the data identifier of the data to be queried in a data query request for the data to be queried. The blinding processing module is used to perform blinding processing on the data identifier of the data to be queried, and obtain the blinded value of the query identifier of the data to be queried; The fingerprint hash determination module is used to determine the query identifier fingerprint hash value of the data to be queried; The data sending module is used to send the query identifier blinding value and the query identifier fingerprint hash value to the query service node, so that the query service node can determine and return the target identifier signature set, query identifier signature blinding value and target encrypted data fragment group corresponding to the target data fragment group to which the data to be queried belongs based on the query identifier blinding value and the query identifier fingerprint hash value; The data to be queried module is used to determine the data to be queried based on the target identifier signature set, the query identifier signature blinding value, and the target ciphertext data fragment group; The query service node determines the target identifier signature set, query identifier signature blinding value, and target encrypted data shard group corresponding to the target data shard group to which the data to be queried belongs, based on the query identifier blinding value and the query identifier fingerprint hash value, including: The query service node signs the query identifier blind value according to the private key of the preset blind signature algorithm to obtain the query identifier signature blind value. Based on the query identifier fingerprint hash value, the target data shard group corresponding to the data to be queried is determined; wherein, the target data shard group includes at least two data items to be queried, and the identifier signature value of each data item to be queried; the target data shard group includes the data to be queried and the identifier signature value of the data to be queried; The signature set composed of the identifier signature values ​​of each query data in the target data shard group is used as the target identifier signature set; Symmetric encryption is performed on the target data fragment group to obtain the target ciphertext data fragment group; The step of determining the target data shard group corresponding to the data to be queried based on the query identifier fingerprint hash value includes: The query service node obtains at least one candidate data shard group; Based on the query identifier fingerprint hash value, select the target data shard group corresponding to the data to be queried from each of the candidate data shard groups; The candidate data shard groups are generated in the following way: The query service node obtains the data identifier of each query data in the query dataset stored in the database; Each of the data identifiers is hashed and signed to obtain a fingerprint hash value and an identifier signature value corresponding to each data identifier; wherein, the fingerprint hash value is obtained by hashing the data identifier of each queried data based on a preset hash algorithm; Each query data with the same fingerprint hash value is divided into the same data shard group to obtain at least one candidate data shard group; wherein, each candidate data shard group stores each query data and the identifier signature value corresponding to each query data.

10. A data query device, characterized in that, Applied to query service nodes, including: The data acquisition module is used to acquire the query identifier blinding value and query identifier fingerprint hash value of the data to be queried sent by the data query node; wherein, the query identifier blinding value is determined by the data query node's query identifier fingerprint hash value for the data query request of the data to be queried; The encrypted data determination module is used to determine the target identifier signature set, the query identifier signature blinding value, and the target encrypted data fragment group corresponding to the target data fragment group to which the data to be queried belongs, based on the query identifier blinding value and the query identifier fingerprint hash value; The data feedback module is used to feed back to the data query node the target identifier signature set corresponding to the target data shard group of the data to be queried, the query identifier signature blinding value, and the target encrypted data shard group, so that the data query node can determine the data to be queried based on the target identifier signature set, the query identifier signature blinding value, and the target encrypted data shard group; The encrypted data determination module includes: The signature blinding value determination unit is used to sign the query identifier blinding value according to the private key of the preset blind signature algorithm to obtain the query identifier signature blinding value; The target data shard group determination unit is used to determine the target data shard group corresponding to the data to be queried based on the query identifier fingerprint hash value; wherein, the target data shard group includes at least two data items to be queried, and the identifier signature value of each data item to be queried; the target data shard group includes the data to be queried and the identifier signature value of the data to be queried; The target identifier signature set determination unit is used to take the signature set composed of the identifier signature values ​​of each query data in the target data fragment group as the target identifier signature set; The target ciphertext data fragment group determination unit is used to perform symmetric encryption processing on the target data fragment group to obtain the target ciphertext data fragment group; The target data fragment group determination unit includes: The candidate data fragment group acquisition subunit is used to acquire at least one candidate data fragment group; The target data shard group determination subunit is used to select the target data shard group corresponding to the data to be queried from each of the candidate data shard groups according to the query identifier fingerprint hash value; The candidate data shard groups are generated in the following way: Retrieve the data identifiers of each query data in the query dataset stored in the database; Each of the data identifiers is hashed and signed to obtain a fingerprint hash value and an identifier signature value corresponding to each data identifier; wherein, the fingerprint hash value is obtained by hashing the data identifier of each queried data based on a preset hash algorithm; Each query data with the same fingerprint hash value is divided into the same data shard group to obtain at least one candidate data shard group; wherein, each candidate data shard group stores each query data and the identifier signature value corresponding to each query data.

11. An electronic device, characterized in that, The electronic device includes: At least one processor; and A memory communicatively connected to the at least one processor; wherein, The memory stores a computer program that can be executed by the at least one processor, the computer program being executed by the at least one processor to enable the at least one processor to perform the data query method of any one of claims 1-5 and / or claims 6-8.

12. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores computer instructions that cause a processor to execute the data query method of any one of claims 1-5 and / or claims 6-8.