Method and apparatus for managing a relational database
By using targeted encryption algorithms and different keys to encrypt data in relational databases, the privacy and security issues caused by plaintext data storage are resolved, enabling secure data storage and efficient data manipulation, especially in the handling of joins between data tables.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- ANT BLOCKCHAIN TECHNOLOGY (SHANGHAI) CO LTD
- Filing Date
- 2022-12-30
- Publication Date
- 2026-06-09
AI Technical Summary
The plaintext storage of data in existing relational databases makes it difficult to guarantee privacy and security, and encrypted data cannot be effectively manipulated, especially the handling of joins between data tables.
It uses a target encryption algorithm and different keys to encrypt data, and performs concatenation processing by determining the ciphertext characteristics of the same data, supporting data operations at the ciphertext level.
While ensuring data privacy and security, specific operations on data in relational databases are implemented, including join processing, to ensure secure data storage and efficient operation.
Smart Images

Figure CN116089976B_ABST
Abstract
Description
Technical Field
[0001] This specification relates to one or more embodiments in the field of distributed technology, and more particularly to a method and apparatus for managing relational databases. Background Technology
[0002] A relational database is a database that uses a relational model to organize data, typically storing data in rows and columns. In a relational database, a series of rows and columns of data is called a table, and a set of tables makes up the database. Generally, a row of data in a table is a record, and a column of data corresponds to a data field.
[0003] In relational databases, data often needs to be processed specifically based on actual usage requirements. For example, querying records where the value corresponding to a certain data field exceeds a certain threshold might involve incrementing the value of each record corresponding to that field by a specific value. Currently, most relational databases store data in plaintext to facilitate plaintext processing. In this case, both the service provider and the data user can easily access the plaintext data. However, the data owner may not want this plaintext access and desires to ensure the privacy and security of their data. Therefore, avoiding the direct storage of plaintext data in relational databases and ensuring their privacy and security has become a critical concern. Summary of the Invention
[0004] This specification provides one or more embodiments of the following technical solutions:
[0005] This specification provides a method for managing a relational database, applied to a server corresponding to the relational database; wherein, the relational database includes a first data table and a second data table; the first data table and the second data table are used to store encrypted data records; the first data table and the second data table include a target data field; the ciphertext corresponding to the target data field in the first data table is ciphertext obtained based on a target encryption algorithm and a first key; the ciphertext corresponding to the target data field in the second data table is ciphertext obtained based on the target encryption algorithm and the second key; the method includes:
[0006] Obtain the connection command submitted by the client that corresponds to the first data table and the second data table;
[0007] In response to the connection instruction, for the first data record in the first data table and the second data record in the second data table, determine whether the first ciphertext in the first data record corresponding to the target data field and the second ciphertext in the second data record corresponding to the target data field are ciphertexts obtained by encrypting the same data.
[0008] If the first ciphertext and the second ciphertext are ciphertexts obtained by encrypting the same data, then the first data record and the second data record are concatenated.
[0009] This specification also provides a management device for a relational database, applied to a server corresponding to the relational database; wherein, the relational database includes a first data table and a second data table; the first data table and the second data table are used to store the encrypted data records; the first data table and the second data table include a target data field; the ciphertext corresponding to the target data field in the first data table is ciphertext obtained based on a target encryption algorithm and a first key; the ciphertext corresponding to the target data field in the second data table is ciphertext obtained based on the target encryption algorithm and the second key; the device includes:
[0010] The acquisition module acquires the connection instructions submitted by the client that correspond to the first data table and the second data table;
[0011] The determination module, in response to the connection instruction, determines, for the first data record in the first data table and the second data record in the second data table, whether the first ciphertext in the first data record corresponding to the target data field and the second ciphertext in the second data record corresponding to the target data field are ciphertexts obtained by encrypting the same data.
[0012] The connection module performs a connection process on the first data record and the second data record if the first ciphertext and the second ciphertext are ciphertexts obtained by encrypting the same data.
[0013] This specification also provides an electronic device, including:
[0014] processor;
[0015] Memory used to store processor-executable instructions;
[0016] The processor executes the executable instructions to implement the steps of the method as described in any of the preceding descriptions.
[0017] This specification also provides a computer-readable storage medium having computer instructions stored thereon that, when executed by a processor, implement the steps of the method as described in any of the preceding claims.
[0018] In the above technical solution, when a connection instruction corresponding to the first data table and the second data table in the relational database is obtained, it can be determined whether the first ciphertext in the first data record corresponding to the target data field based on the target encryption algorithm and the first key, and the second ciphertext in the second data record corresponding to the target data field based on the target encryption algorithm and the second key, are ciphertexts obtained by encrypting the same data. If so, the first data record and the second data record can be connected.
[0019] By employing the above method, the data stored in the relational database is encrypted, thereby ensuring the privacy and security of the data stored in the relational database. Furthermore, since it supports direct join processing on the data tables in the relational database based on the encrypted data, specific operations on the data stored in the relational database can be executed normally. Attached Figure Description
[0020] Figure 1 This is a schematic diagram illustrating an exemplary embodiment of a relational database management system.
[0021] Figure 2 This is a flowchart illustrating an exemplary embodiment of a relational database management method.
[0022] Figure 3 This is a flowchart illustrating another method for managing a relational database, as shown in an exemplary embodiment of this specification.
[0023] Figure 4 This is a flowchart illustrating another method for managing a relational database, as shown in an exemplary embodiment of this specification.
[0024] Figure 5 This is a schematic diagram of the hardware structure of a device shown in an exemplary embodiment of this specification.
[0025] Figure 6 This is a block diagram illustrating an exemplary embodiment of a relational database management device. Detailed Implementation
[0026] Exemplary embodiments will now be described in detail, examples of which are illustrated in the accompanying drawings. When the following description relates to the drawings, unless otherwise indicated, the same numerals in different drawings denote the same or similar elements. The embodiments described in the following exemplary embodiments do not represent all embodiments consistent with one or more embodiments of this specification. Rather, they are merely examples of apparatuses and methods consistent with some aspects of one or more embodiments of this specification as detailed in the appended claims.
[0027] It should be noted that the steps of the corresponding methods are not necessarily performed in the order shown and described in this specification in other embodiments. In some other embodiments, the methods may include more or fewer steps than described in this specification. Furthermore, a single step described in this specification may be broken down into multiple steps in other embodiments; and multiple steps described in this specification may be combined into a single step in other embodiments.
[0028] Before providing a detailed description of one or more embodiments of this specification, a brief explanation of the application scenarios involved in one or more embodiments of this specification will be given first.
[0029] A database system typically includes a database (DB), hardware, and software. A database is a large, organized, shareable, and centrally managed collection of data that is permanently stored in a computer. The data in the database is organized, described, and stored according to a specific mathematical model. Hardware comprises the various physical devices that make up the computer system, including external devices required for storage. The hardware configuration should meet the needs of the entire database system. Software can further include the operating system, the Database Management System (DBMS), and application programs. The DBMS is the core software of the database system. It operates with the support of the operating system and addresses how to scientifically organize and store data, and how to efficiently acquire and maintain data. Its main functions include: data definition, data manipulation, database operation and management, and database creation and maintenance.
[0030] In database systems, database management systems typically use storage engines to perform specific operations on the database. For example, on relational databases, they perform DDL (Data Definition Language) and DML (Data Manipulation Language) operations to enable reading and writing. A storage engine is the implementation method for how data is stored, how indexes are created, and how data is queried and updated. A database system usually supports multiple storage engines to meet the needs of different database application scenarios.
[0031] Data modification operations in a database system are typically performed in units of transactions. A transaction can include multiple data modification operations (including insert, update, and delete operations). During a transaction, for each data modification operation, the modified data is stored in memory, and a redo log is generated for that operation. This redo log includes information such as the disk storage address of the original data before the modification and the modified content. Subsequently, the redo log is written to a redo log file using a specific strategy. This redo log file is stored on disk, so if the database system crashes, data recovery can be performed based on the redo log file, thus ensuring data consistency.
[0032] A relational database system is a database system that includes relational databases. An index is a data structure that helps a relational database system retrieve data efficiently. In a relational database system, an index provides a pointer to data stored in a table that corresponds to a specific data field. Therefore, the index can be used to find that data, and then the corresponding pointer can be used to find the data record containing that data.
[0033] In related technologies, to ensure the privacy and security of data stored in relational databases, data written to the relational database can be encrypted, and the database stores this encrypted data. However, if the data owner or other data user authorized by the data owner needs to perform operations such as adding (corresponding to insert operations), updating, deleting, querying, sorting, or grouping by (grouping according to certain rules) on this data stored in the relational database, these operations may not be possible because they can usually only be compared directly with the encrypted text, and cannot be calculated using addition, subtraction, multiplication, division, or size comparison.
[0034] Take the data table in the relational database shown in Table 1 below as an example:
[0035] name salary employee1 100 employee2 200
[0036] Table 1
[0037] Assume the table name is temp, as shown in Table 1 above. The temp table includes two fields: name and salary. Furthermore, the temp table contains two records: in the first record, the data corresponding to the name field is employee1, and the data corresponding to the salary field is 100; in the second record, the data corresponding to the name field is employee2, and the data corresponding to the salary field is 200.
[0038] After encrypting the values 100 and 200 using the same encryption algorithm, we obtain the ciphertext "abcdefg" corresponding to the value 100 and the ciphertext "defghy" corresponding to the value 200. At this point, we can determine that these two ciphertexts are not identical, but we cannot determine their relative order. Therefore, for the data table `temp` as shown in Table 1 above, we can perform a query operation corresponding to the SQL statement `select * from temp`, which retrieves all data records (i.e., the first and second records) in the `temp` table. However, we cannot perform a query operation corresponding to the SQL statement `select * from temp where salary>100`, which retrieves the data record in the `temp` table whose value corresponding to the `salary` field is greater than 100 (i.e., the second record).
[0039] Furthermore, different tables in a relational database may correspond to different data owners, who typically hold different encryption keys. Therefore, even with the same encryption algorithm, different keys will result in different ciphertexts for the same original data across these tables. In this situation, direct text comparison of the ciphertexts in these tables becomes impossible, rendering operations such as joins on these tables unfeasible.
[0040] This specification proposes a technical solution for managing relational databases, enabling specific operations on the data stored in the relational database to be executed normally while ensuring the privacy and security of the data stored in the relational database. In this technical solution, upon receiving a connection instruction corresponding to a first data table and a second data table in the relational database, it can be determined whether the first ciphertext in the first data record corresponding to the target data field, obtained based on a target encryption algorithm and a first key, and the second ciphertext in the second data record corresponding to the target data field, obtained based on the target encryption algorithm and a second key, are ciphertexts obtained by encrypting the same data. If so, the first data record and the second data record can be joined.
[0041] In practical implementation, the aforementioned relational database may include two data tables, referred to as the first data table and the second data table, respectively. As mentioned earlier, both the first data table and the second data table can be used to store encrypted data records.
[0042] The first data table and the second data table may include a common data field (referred to as the target data field). For any data record in the first data table, the ciphertext corresponding to the target data field can be obtained by encrypting the original data based on a preset encryption algorithm (referred to as the target encryption algorithm) and a key (referred to as the first key). For any data record in the second data table, the ciphertext corresponding to the target data field can be obtained by encrypting the original data based on the target encryption algorithm and a key (referred to as the second key).
[0043] In practical applications, the first key and the second key mentioned above can be different. In this case, the ciphertext obtained by encrypting the same original data using the target encryption algorithm and the first key will be different from the ciphertext obtained by encrypting the same original data using the target encryption algorithm and the second key.
[0044] The client can submit connection commands corresponding to the first data table and the second data table mentioned above.
[0045] Upon receiving the aforementioned connection instruction, in response to the connection instruction, for any data record in the first data table (referred to as the first data record) and any data record in the second data table (referred to as the second data record), it can be determined whether the ciphertext (referred to as the first ciphertext) corresponding to the target data field in the first data record and the ciphertext (referred to as the second ciphertext) corresponding to the target data field in the second data record are ciphertexts obtained by encrypting the same data.
[0046] If it is determined that the first ciphertext and the second ciphertext are ciphertexts obtained by encrypting the same data, then the first data record and the second data record are joined. Therefore, for the first data table and the second data table used to store the encrypted data records, the join process can be performed on the first data table and the second data table based on the ciphertext without obtaining the plaintext.
[0047] By employing the above method, the data stored in the relational database is encrypted, thereby ensuring the privacy and security of the data stored in the relational database. Furthermore, since it supports direct join processing on the data tables in the relational database based on the encrypted data, specific operations on the data stored in the relational database can be executed normally.
[0048] Please refer to Figure 1 , Figure 1 This is a schematic diagram illustrating an exemplary embodiment of a relational database management system.
[0049] In such Figure 1 The relational database management system shown may include a client and a relational database system. This relational database system may further include a relational database and a server corresponding to the database management system.
[0050] The client corresponding to the data owner can maintain the data stored in the relational database and perform data queries through the database management system. Similarly, the client corresponding to the data user authorized by the data owner can also maintain the data stored in the relational database and perform data queries through the database management system.
[0051] Please combine Figure 1 ,refer to Figure 2 , Figure 2 This is a flowchart illustrating an exemplary embodiment of a relational database management method.
[0052] The aforementioned management methods for relational databases can be applied to the server-side corresponding to that relational database. Specifically, the server-side can refer to the database management system within the relational database system.
[0053] The above-mentioned methods for managing relational databases may include the following steps:
[0054] Step 102: Obtain at least one encryption algorithm specified by the data owner for at least some data fields in the relational database; wherein, the at least one encryption algorithm supports the ciphertext processing method authorized by the data owner when performing ciphertext processing on data corresponding to the at least some data fields.
[0055] To ensure the security of the data stored in the relational database, typically only the data owner corresponding to this data is allowed to perform operations such as insert, update, and delete on the data stored in the relational database, because these operations will cause changes to the data itself stored in the relational database. However, the data owner and the data users authorized by the data owner are allowed to query the relational database.
[0056] In this embodiment, for the data owner corresponding to the data stored in the relational database, the data owner can specify at least one encryption algorithm for at least some data fields in the relational database through the client corresponding to the data owner, so as to encrypt the data written to the relational database and store the ciphertext of the data in the relational database.
[0057] It should be noted that the data owner can authorize the types of operations to be performed on the data corresponding to at least some of the aforementioned data fields, based on actual data usage needs; that is, authorize the processing method when processing the data corresponding to these at least some data fields. Since the relational database stores encrypted data, in this case, the at least one encryption algorithm can support the encrypted processing method authorized by the data owner when processing the encrypted data corresponding to these at least some data fields.
[0058] Specifically, the data owner may specify at least one encryption algorithm for each of the aforementioned at least some of the data fields. It should be noted that the at least one encryption algorithm specified by the data owner for different data fields may be the same or different in terms of type and number; this specification does not impose any restrictions on this. Correspondingly, the at least one encryption algorithm specified by the data owner for a certain field can support the ciphertext processing method authorized by the data owner when ciphertext processing is performed on the data corresponding to that field.
[0059] In practical applications, when the data owner creates a data table in the relational database that includes at least some of the data fields mentioned above using SQL statements, the data owner can specify at least one encryption algorithm for these data fields.
[0060] Taking the data table in the relational database shown in Table 1 above as an example, the data owner can create this data table in the relational database using SQL statements and authorize encryption processing method 1 for the data corresponding to the 'name' field, and both encryption methods 1 and 2 for the data corresponding to the 'salary' field. Assuming encryption algorithm 1 supports encryption processing method 1 and encryption algorithm 2 supports encryption processing method 2, the data owner can specify encryption algorithm 1 for the 'name' field and both encryption algorithms 1 and 2 for the 'salary' field.
[0061] In one embodiment shown, the above-described ciphertext processing method may include ciphertext query and ciphertext calculation.
[0062] In one embodiment shown, the at least one encryption algorithm described above includes one or more combinations of the following: SM4 encryption algorithm, semi-homomorphic encryption algorithm, fully homomorphic encryption algorithm, and order-preserving encryption algorithm.
[0063] Among them, semi-homomorphic encryption algorithms can support addition and subtraction operations on ciphertext; fully homomorphic encryption algorithms can support addition, subtraction, multiplication, and division operations on ciphertext; order-preserving encryption algorithms can support comparison of the size of ciphertext; and SM4 encryption algorithms can support content matching of ciphertext.
[0064] Step 204: Obtain the data records submitted by the data owner to be written into the relational database; wherein the data records include the at least some of the data fields.
[0065] In this embodiment, the data owner can submit data records to be written to the relational database. Specifically, the data owner can submit the data records to be written directly through a client corresponding to the data owner; or, the data owner can specify other devices for generating and sending the data records to be written, and these other devices will send the data records to the server for writing after generating them.
[0066] It should be noted that the data record mentioned above may include at least some of the data fields mentioned above.
[0067] Step 206: Based on the at least one encryption algorithm, encrypt the data in the data record corresponding to the at least some data fields respectively; wherein, the encrypted data record includes at least one ciphertext corresponding to each data field in the at least some data fields.
[0068] In this embodiment, upon obtaining the aforementioned data records, the data corresponding to at least some of the data fields in these data records can be encrypted using at least one of the aforementioned encryption algorithms, thereby obtaining at least one ciphertext corresponding to each data field in these at least some data fields. That is, the encrypted data record includes at least one ciphertext corresponding to each data field in these at least some data fields.
[0069] Specifically, for a data field in the aforementioned data record that has been assigned an encryption algorithm, the data corresponding to that data field in these data records can be encrypted based on at least one encryption algorithm assigned to that data field, and the encrypted data record will include at least one ciphertext corresponding to that data field.
[0070] Continuing with the example of the relational database table shown in Table 1 above, for a data record to be written to this table, the data corresponding to the field 'name' in the record can be encrypted using encryption algorithm 1 to obtain ciphertext n1. Then, the data corresponding to the field 'salary' in the record can be encrypted using encryption algorithms 1 and 2 to obtain ciphertext s1 and ciphertext s2. Therefore, in the encrypted data record, the data corresponding to the field 'name' is ciphertext n1, and the data corresponding to the field 'salary' is ciphertext s1 and ciphertext s2. That is, at this point, the data table is no longer the data table used to store plaintext as shown in Table 1 above, but rather the data table used to store ciphertext as shown in Table 2 below.
[0071] name salary Ciphertext n1 Ciphertext s1, Ciphertext s2
[0072] Table 2
[0073] Step 208: Write the encrypted data record into the relational database.
[0074] In this embodiment, after obtaining the encrypted data records, these encrypted data records can be written into the relational database. Thus, the relational database stores ciphertext data, and because it supports direct ciphertext processing, specific operations on the data stored in the relational database can be executed normally.
[0075] Please combine Figure 1 and Figure 2 ,refer to Figure 3 , Figure 3 This is a flowchart illustrating another method for managing a relational database, as shown in an exemplary embodiment of this specification.
[0076] The above-mentioned methods for managing relational databases may include the following steps:
[0077] Step 302: Obtain the encrypted processing instruction submitted by the client for the target data field in the target data record stored in the relational database; wherein, the encrypted processing instruction includes the target encrypted processing method when performing encrypted processing on the data corresponding to the target data field.
[0078] In this embodiment, the client can submit an encrypted processing instruction for a data field (referred to as the target data field) in a data record (referred to as the target data record) stored in the relational database. This encrypted processing instruction may include an encrypted processing method (referred to as the target encrypted processing method) for processing the data corresponding to the target data field.
[0079] In practical applications, the above-mentioned encrypted processing instructions can be SQL statements.
[0080] Taking the SQL statement `select * from temp where salary>100` as an example, this SQL statement means to query data records in the data table `temp` whose value corresponding to the field `salary` is greater than 100. Therefore, this SQL statement can be used as an encrypted processing instruction for the field `salary` in all data records stored in the relational database including the data table `temp`. That is, at this time, the target data records are all data records in the relational database, the target data field is the field `salary`, and the target encrypted processing method is the size comparison in encrypted calculation.
[0081] Taking the SQL statement `select * from temp where name = 'employee1'` as an example, this SQL statement means to query the data record in the data table `temp` whose string corresponding to the field `name` is 'employee1'. Therefore, this SQL statement can be used as an encrypted processing instruction for the field `name` in the data record stored in the relational database containing the data record whose string corresponding to the field `name` is 'employee1'. That is, at this time, the target data record is the data record in the relational database whose string corresponding to the field `name` is 'employee1', the target data field is the field `name`, and the target encrypted processing method is encrypted query.
[0082] In one embodiment shown, the client may include a client corresponding to the data owner and / or a client corresponding to a data user authorized by the data owner, which is not limited in this specification.
[0083] In practical applications, the at least one encryption algorithm specified by the data owner can provide an asymmetric encryption mode, using the data owner's private key for encryption and the data owner's public key for decryption. In this case, the data owner can authorize the data user with their public key and publish the authorization record to the blockchain for storage, facilitating subsequent traceability.
[0084] In one embodiment, the client can submit an encrypted processing instruction for the target data record stored in the relational database. In this case, the server can parse the encrypted processing instruction and, based on the parsing result, break it down into encrypted processing instructions corresponding to each target data field in the target data record.
[0085] Taking the SQL statement `select salary+100 from temp where salary>100` as an example, this SQL statement means to query data records in the data table `temp` whose corresponding value for the `salary` field is greater than 100, and then increment the corresponding value of the `salary` field in these data records by 100. Therefore, by parsing this encrypted processing instruction, it can be broken down into: first, performing a size comparison in encrypted calculation on the `salary` field in all data records stored in the relational database including the data table `temp` to determine the data records whose corresponding value for the `salary` field is greater than 100; then, performing an addition operation in encrypted calculation on the `salary` field in these data records to increment the corresponding value of the `salary` field by 100.
[0086] Step 304: In response to the ciphertext processing instruction, determine the target encryption algorithm that supports the target ciphertext processing method, and read the target ciphertext encrypted using the target encryption algorithm from at least one ciphertext corresponding to the target data field in the target data record.
[0087] In this embodiment, upon receiving the aforementioned ciphertext processing instruction, in response to the ciphertext processing instruction, an encryption algorithm that supports the aforementioned target ciphertext processing method (referred to as the target encryption algorithm) can be determined, and ciphertext encrypted using the target encryption algorithm (referred to as the target ciphertext) can be read from at least one ciphertext corresponding to the target data field in the aforementioned target data record.
[0088] Continuing with the example of the data table in the relational database shown in Table 2 above, assuming that the target data record is the first data record in the data table, the target data field is the field salary, and the target encryption algorithm is encryption algorithm 2, then the ciphertext s2 encrypted using encryption algorithm 2 can be read from this data record, that is, the target ciphertext is ciphertext s2 at this time.
[0089] In one embodiment shown, ciphertext encrypted using different encryption algorithms can have different data types. For example, ciphertext encrypted using semi-homomorphic and fully homomorphic encryption algorithms can have a string data type, while ciphertext encrypted using order-preserving encryption algorithms can have a bigint data type, and so on. In this case, based on the correspondence between encryption algorithms and ciphertext data types, ciphertext with a data type corresponding to the target encryption algorithm can be read from at least one ciphertext record corresponding to the target data field in the target data record and used as the target ciphertext.
[0090] Step 306: Execute the ciphertext processing instruction and process the target ciphertext according to the target ciphertext processing method.
[0091] In this embodiment, upon reading the target ciphertext, the aforementioned ciphertext processing instructions can be further executed to process the target ciphertext according to the aforementioned target ciphertext processing method.
[0092] In one embodiment shown, when the target ciphertext processing method is ciphertext query, the target encryption algorithm can be the SM4 encryption algorithm.
[0093] In the aforementioned relational database, for a data field specified with the SM4 encryption algorithm, the data corresponding to that data field in the data record to be written can be encrypted using the SM4 encryption algorithm. Subsequently, the encryption feature corresponding to that data can be determined, and this encryption feature can be concatenated with the encrypted data. Thus, the concatenated data can be used as a ciphertext corresponding to that data field in the data record to be written.
[0094] In practical applications, using the same encryption algorithm with different keys to encrypt the same data will result in different encrypted data, but the corresponding encryption features should be the same. Therefore, for a given data, the encryption features can be determined in the following two ways: 1. Use the parts of the plaintext of the data that are not related to user privacy as the encryption features, such as special symbols in the plaintext or the first N characters of the plaintext; 2. Use the commonalities in the encrypted data obtained by encrypting the same data with the same encryption algorithm but different keys as the encryption features, such as consecutive identical characters in the encrypted data.
[0095] Specifically, in order to easily distinguish between the encrypted feature and the encrypted data, the length and content of the encrypted feature can be concatenated with the length and content of the encrypted data.
[0096] For example, assuming the data corresponding to the aforementioned data field in a data record to be written is X, X can be encrypted using the SM4 encryption algorithm to obtain ciphertext X0. Subsequently, a portion of X or a portion of X0 can be used as the encryption feature M corresponding to that data. The length and content of M are then concatenated with the length and content of X0. The resulting concatenated data can then be used as a ciphertext corresponding to that data field in the data record, as shown in Table 3 below.
[0097] M (length) M (Content) X0 (length) X0 (content)
[0098] Table 3
[0099] Correspondingly, when performing a ciphertext query on the aforementioned target ciphertext encrypted using the SM4 encryption algorithm, the data to be queried in the ciphertext processing instruction can first be encrypted using the SM4 algorithm, and the encryption features corresponding to the data to be queried can be determined. Subsequently, a Bloom filter can be used to determine whether there is an encryption feature in the target ciphertext that corresponds to the data to be queried. If so, it can be further determined whether the encrypted data to be queried matches the encrypted data in the target ciphertext. In this way, a preliminary screening can be performed using a Bloom filter before precise matching of the ciphertext, thereby reducing the amount of ciphertext matching data and improving the efficiency of ciphertext matching.
[0100] Furthermore, in order to reduce the probability of the ciphertext being deciphered, when concatenating the above-mentioned encryption features with the encrypted data, a random variable can be generated according to a preset rule, and the encryption features, the encrypted data, and the random variable can be concatenated.
[0101] The above rule can be to generate a random variable of a preset length, and then, based on the parity of the second character in the English alphabet, append the random variable to the odd or even position in the encrypted data.
[0102] Accordingly, when determining whether the encrypted query data matches the encrypted data included in the target ciphertext, the random variables can be removed according to the above rules, and then it can be determined whether the encrypted query data matches the encrypted data included in the target ciphertext.
[0103] In the above technical solution, for the data records submitted by the data owner to be written into the relational database, based on at least one encryption algorithm specified by the data owner for at least some fields in the relational database, the data corresponding to the at least some data fields in these data records can be encrypted respectively, so that the encrypted data records include at least one ciphertext corresponding to each data field in the at least some data fields, and the encrypted data records are written into the relational database.
[0104] By employing the above method, the data stored in the relational database is encrypted, thereby ensuring the privacy and security of the data stored in the relational database; furthermore, since it supports direct ciphertext processing of the encrypted data in the relational database, specific operations on the data stored in the relational database can be executed normally.
[0105] Please refer to Figure 4 , Figure 4 This is a flowchart illustrating another method for managing a relational database, as shown in an exemplary embodiment of this specification.
[0106] The aforementioned management methods for relational databases can be applied to the server-side corresponding to that relational database. Specifically, the server-side can refer to the database management system within the relational database system.
[0107] In this embodiment, the relational database may include two data tables, referred to as the first data table and the second data table, respectively. As mentioned earlier, both the first data table and the second database can be used to store encrypted data records.
[0108] The first data table and the second data table may include a common data field (referred to as the target data field). For any data record in the first data table, the ciphertext corresponding to the target data field can be obtained by encrypting the original data based on a preset encryption algorithm (referred to as the target encryption algorithm) and a key (referred to as the first key). For any data record in the second data table, the ciphertext corresponding to the target data field can be obtained by encrypting the original data based on the target encryption algorithm and a key (referred to as the second key).
[0109] In practical applications, the first key and the second key mentioned above can be different. In this case, the ciphertext obtained by encrypting the same original data using the target encryption algorithm and the first key will be different from the ciphertext obtained by encrypting the same original data using the target encryption algorithm and the second key.
[0110] The above-mentioned methods for managing relational databases may include the following steps:
[0111] Step 402: Obtain the connection instructions submitted by the client corresponding to the first data table and the second data table.
[0112] In this embodiment, the client can submit connection commands corresponding to the first data table and the second data table mentioned above.
[0113] In practical applications, the above connection command can be a join statement in SQL.
[0114] It should be noted that, based on the above connection instructions, the first data table and the second data table can be merged according to a certain condition to form a new data table. Specifically, based on the target data field, data records in the first and second data tables that have the same original data corresponding to the target data field can be merged to form a new data table.
[0115] For example, suppose the first data table is shown in Table 4 below, and the second data table is shown in Table 5 below:
[0116] id valueA id1 ciphertext The ciphertext of valueA1 id2 ciphertext The ciphertext of valueA2
[0117] Table 4
[0118] id valueB id0 ciphertext The ciphertext of valueB0 id1 ciphertext The ciphertext of valueB1 id2 ciphertext The ciphertext of valueB2
[0119] Table 5
[0120] The first data table mentioned above includes two data fields: id and valueA, and the second data table includes two data fields: id and valueB. That is, both the first and second data tables include the same data field, id; in this case, the data field id is the target data field mentioned above.
[0121] In the first data record of the first data table and the second data record of the second data table, the original data corresponding to the data field 'id' is 'id1'. Therefore, these two data records can be joined. Similarly, in the second data record of the first data table and the third data record of the second data table, the original data corresponding to the data field 'id' is 'id2'. Therefore, these two data records can also be joined. In other words, by joining the first and second data tables based on the 'id' data field, we can obtain the data table shown in Table 6 below:
[0122] id valueA valueB id1 ciphertext The ciphertext of valueA1 The ciphertext of valueB1 id2 ciphertext The ciphertext of valueA2 The ciphertext of valueB2
[0123] Table 6
[0124] Step 404: In response to the connection instruction, for the first data record in the first data table and the second data record in the second data table, determine whether the first ciphertext in the first data record corresponding to the target data field and the second ciphertext in the second data record corresponding to the target data field are ciphertexts obtained by encrypting the same data.
[0125] In this embodiment, upon receiving the connection instruction, in response to the connection instruction, for any data record in the first data table (referred to as the first data record) and any data record in the second data table (referred to as the second data record), it can be determined whether the ciphertext (referred to as the first ciphertext) corresponding to the target data field in the first data record and the ciphertext (referred to as the second ciphertext) corresponding to the target data field in the second data record are ciphertexts obtained by encrypting the same data.
[0126] In one embodiment shown, as... Figure 3 Similarly, in the illustrated embodiment, the target encryption algorithm can be the SM4 encryption algorithm. In this case, the ciphertext corresponding to the target data field in the first data table may include data encrypted using the SM4 algorithm and the first key, as well as the encryption feature corresponding to that data; the ciphertext corresponding to the target data field in the second data table may include data encrypted using the SM4 algorithm and the second key, as well as the encryption feature corresponding to that data.
[0127] When determining whether the first ciphertext in the first data record corresponding to the target data field and the second ciphertext in the second data record corresponding to the target data field are ciphertexts obtained by encrypting the same data, the encryption features in the first ciphertext in the first data record corresponding to the target data field can be obtained, and the existence of the encryption features in the second ciphertext in the second data record corresponding to the target data field can be determined based on a Bloom filter. If so, it can be further determined whether the first ciphertext and the second ciphertext are ciphertexts obtained by encrypting the same data.
[0128] In one embodiment shown, as... Figure 3 Similarly, in the embodiments shown, the ciphertext corresponding to the target data field in the first data table may include data encrypted using the SM4 algorithm and the first key, as well as the encryption features corresponding to the data and random variables generated according to preset rules; the ciphertext corresponding to the target data field in the second data table may include data encrypted using the SM4 algorithm and the second key, as well as the encryption features corresponding to the data and random variables generated according to preset rules.
[0129] When determining whether the first ciphertext and the second ciphertext are ciphertexts obtained by encrypting the same data, the random variables can be removed from the first ciphertext and the second ciphertext according to the rules, and then it can be determined whether the first ciphertext and the second ciphertext after removing the random variables are ciphertexts obtained by encrypting the same data.
[0130] Step 406: If the first ciphertext and the second ciphertext are ciphertexts obtained by encrypting the same data, then the first data record and the second data record are concatenated.
[0131] In this embodiment, if it is determined that the first ciphertext and the second ciphertext are ciphertexts obtained by encrypting the same data, then the first data record and the second data record are joined. Therefore, for the first data table and the second data table used to store the encrypted data records, the join process for the first data table and the second data table can be implemented based on the ciphertext without obtaining the plaintext.
[0132] In one embodiment shown, the client may specifically be a client corresponding to the data owner of the first data table. In this case, the data owner of the second data table may authorize the second key to the data owner of the first data table, such that the connection instruction may include both the first key and the second key.
[0133] When determining whether the first ciphertext and the second ciphertext are ciphertexts obtained by encrypting the same data, the determination can be made based on the first key and the second key.
[0134] In practical applications, the concept of puncturable encryption can be used to determine whether the first and second ciphertexts are ciphertexts obtained by encrypting the same data. Punctuable encryption schemes allow users to update their private keys to achieve forward security. In a puncturable encryption scheme, the receiver can use a tag embedded in the ciphertext to update their private key, thereby revoking the private key's decryption ability for that specific message, receiver, or time period. The updated private key's decryption ability for other ciphertexts remains unaffected. Thus, even if the currently used private key is leaked, the security of previously sent messages will not be affected, thereby achieving forward security.
[0135] In one embodiment, when determining whether the first ciphertext and the second ciphertext are ciphertexts obtained by encrypting the same data based on the first key and the second key, specifically, a puncture key corresponding to the second key can be calculated first based on the second key and the puncture point corresponding to a preset puncturable pseudo-random function. Then, a first function value is calculated based on the first key and the puncturable pseudo-random function, and a second function value is calculated based on the puncture key and the puncturable pseudo-random function. Finally, it is determined whether the first function value and the second function value match. If the first function value matches the second function value, it can be determined that the first ciphertext and the second ciphertext are ciphertexts obtained by encrypting the same data.
[0136] Specifically, suppose there exists a pseudo-random generator G: {0, 1} n →{0,1} 2n (where {0, 1}) n (Represents a string consisting of n 0s or 1s). For any s∈{0,1} n Let G0(s) represent the first n bits of G(s), and G1 ( Let s) represent the last n bits of G(s), and define a pseudo-random function. Then, s can be used to calculate any point x∈{0,1} n (where x is a string (x1, x2, ..., x...) n ), x i The function value y = f (= 0 or 1) corresponds to s (x).
[0137] In this case, the above pseudo-random function can correspond to the following four algorithms: F.Gen represents the output of the pseudo-random generator G with the random seed s as the key K; F.Eval(K, x) represents the calculation of the function value corresponding to point x using the key K; F.Puncture(K, x) represents the calculation of the function value corresponding to point x using the key K; * ) represents based on key K and puncture point x * Calculate the puncture key K{x *};F.PEval(K{x *}, x) represents the result of the puncture key K{x * Calculate the function value corresponding to point x. Where x... * ∈{0,1} n , Specifically, in the case of the puncture key K{x * When calculating the function value corresponding to point x, if x * If the expression is equal to x, then output an error message; otherwise, find the expression that makes x equal to x. Find the smallest i, and start from the found i according to Perform iterations to calculate the function value.
[0138] In practical applications, assume the first key mentioned above is K. A The second key mentioned above is K. B The first ciphertext mentioned above is I. m = (I1, I2), the second ciphertext above is J m′ = (J1, J2). Where I1 can be I m The first n bits of I2 can be I m The last n bits; J1 can be J m′ The first n bits of J2 can be J m′ The last n bits.
[0139] You can randomly select a puncture point x * ∈{0,1} n Based on the aforementioned second key K B and the puncture point x * Calculate the second key K B Corresponding puncture key T B =F.Puncture(K) B x * Then, based on the first key K mentioned above... A Calculate the first function value using the aforementioned puncture-compatible pseudo-random function. Based on the puncture key and the puncturable pseudo-random function, the second function value is calculated. (in, (This represents an XOR operation). Finally, we can compare whether y and y′ are the same. If y = y′, then the first ciphertext I mentioned above can be determined.m And the second ciphertext J mentioned above m′ This is the ciphertext obtained by encrypting the same data.
[0140] In the above technical solution, when a connection instruction corresponding to the first data table and the second data table in the relational database is obtained, it can be determined whether the first ciphertext in the first data record corresponding to the target data field based on the target encryption algorithm and the first key, and the second ciphertext in the second data record corresponding to the target data field based on the target encryption algorithm and the second key, are ciphertexts obtained by encrypting the same data. If so, the first data record and the second data record can be connected.
[0141] By employing the above method, the data stored in the relational database is encrypted, thereby ensuring the privacy and security of the data stored in the relational database. Furthermore, since it supports direct join processing on the data tables in the relational database based on the encrypted data, specific operations on the data stored in the relational database can be executed normally.
[0142] Please refer to Figure 5 , Figure 5 This is a schematic diagram of the hardware structure of a device shown in an exemplary embodiment of this specification.
[0143] like Figure 5 As shown, at the hardware level, the aforementioned devices include a processor 502, an internal bus 504, a network interface 506, memory 508, and non-volatile memory 510, and may also include other hardware required for business operations. One or more embodiments of this specification can be implemented in software, for example, the processor 502 reads the corresponding computer program from the non-volatile memory 510 into memory 508 and then runs it. Of course, in addition to software implementation, one or more embodiments of this specification do not exclude other implementation methods, such as logic devices or a combination of hardware and software, etc. That is to say, the execution subject of the following processing flow is not limited to each logic module, but can also be hardware or logic devices.
[0144] Please refer to Figure 6 , Figure 6 This is a block diagram illustrating an exemplary embodiment of a relational database management device.
[0145] The aforementioned relational database management device can be applied to, for example... Figure 5The device shown is used to implement the technical solution of this specification. This device serves as a server corresponding to a relational database; wherein the relational database includes a first data table and a second data table; the first data table and the second data table are used to store the encrypted data records; the first data table and the second data table include a target data field; the ciphertext corresponding to the target data field in the first data table is ciphertext obtained based on a target encryption algorithm and a first key; the ciphertext corresponding to the target data field in the second data table is ciphertext obtained based on the target encryption algorithm and the second key.
[0146] The device includes:
[0147] The acquisition module 602 acquires the connection instructions submitted by the client that correspond to the first data table and the second data table;
[0148] The determination module 604, in response to the connection instruction, determines, for the first data record in the first data table and the second data record in the second data table, whether the first ciphertext in the first data record corresponding to the target data field and the second ciphertext in the second data record corresponding to the target data field are ciphertexts obtained by encrypting the same data.
[0149] The connection module 606 performs a connection process on the first data record and the second data record if the first ciphertext and the second ciphertext are ciphertexts obtained by encrypting the same data.
[0150] Optionally, the target encryption algorithm is the SM4 encryption algorithm; the ciphertext includes data encrypted based on the SM4 algorithm and a key, as well as encryption features corresponding to the data;
[0151] The determining module 604:
[0152] Obtain the encryption features from the first ciphertext in the first data record that corresponds to the target data field;
[0153] Based on a Bloom filter, determine whether the encryption feature exists in the second ciphertext corresponding to the target data field in the second data record;
[0154] If so, further determine whether the first ciphertext and the second ciphertext are ciphertexts obtained by encrypting the same data.
[0155] Optionally, the ciphertext may also include random variables generated according to preset rules;
[0156] The determining module 604:
[0157] According to the rules, the random variable is removed from the first ciphertext and the second ciphertext respectively, and it is determined whether the first ciphertext and the second ciphertext after removal are ciphertexts obtained by encrypting the same data.
[0158] Optionally, the client includes a client corresponding to the data owner of the first data table; the connection instruction includes the first key, and the second key authorized by the data owner of the second data table to the data owner of the first data table;
[0159] The determining module 604:
[0160] Based on the first key and the second key, determine whether the first ciphertext in the first data record corresponding to the target data field and the second ciphertext in the second data record corresponding to the target data field are ciphertexts obtained by encrypting the same data.
[0161] Optionally, the determining module 604:
[0162] Based on the second key and the puncture point corresponding to the preset puncturable pseudo-random function, calculate the puncture key corresponding to the second key;
[0163] Based on the first key and the puncturable pseudo-random function, calculate the first function value, and based on the puncture key and the puncturable pseudo-random function, calculate the second function value;
[0164] Determine whether the first function value matches the second function value.
[0165] The apparatus embodiments are basically the same as the method embodiments, so relevant details can be found in the description of the method embodiments.
[0166] The device embodiments described above are merely illustrative. The modules described as separate components may or may not be physically separate. The components shown as modules may or may not be physical modules; that is, they may be located in one place or distributed across multiple network modules. Some or all of the modules can be selected to achieve the purpose of the technical solution in this specification, depending on actual needs.
[0167] The systems, devices, modules, or units described in the above embodiments can be implemented by computer chips or entities, or by products with certain functions. A typical implementation device is a computer, which can take the form of a personal computer, laptop computer, cellular phone, camera phone, smartphone, personal digital assistant, media player, navigation device, email sending and receiving device, game console, tablet computer, wearable device, or any combination of these devices.
[0168] In a typical configuration, a computer includes one or more processors (CPU), input / output interfaces, network interfaces, and memory.
[0169] Memory may include non-persistent storage in computer-readable media, such as random access memory (RAM) and / or non-volatile memory, such as read-only memory (ROM) or flash RAM. Memory is an example of computer-readable media.
[0170] Computer-readable media, including both permanent and non-permanent, removable and non-removable media, can store information using any method or technology. Information can be computer-readable instructions, data structures, modules of programs, or other data. Examples of computer storage media include, but are not limited to, phase-change memory (PRAM), static random access memory (SRAM), dynamic random access memory (DRAM), other types of random access memory (RAM), read-only memory (ROM), electrically erasable programmable read-only memory (EEPROM), flash memory or other memory technologies, CD-ROM, digital versatile optical disc (DVD) or other optical storage, magnetic tape, disk storage, quantum memory, graphene-based storage media or other magnetic storage devices, or any other non-transferable medium that can be used to store information accessible by a computing device. As defined herein, computer-readable media does not include transient computer-readable media, such as modulated data signals and carrier waves.
[0171] It should also be noted that the terms "comprising," "including," or any other variations thereof are intended to cover non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements includes not only those elements but also other elements not expressly listed, or elements inherent to such a process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one..." does not exclude the presence of other identical elements in the process, method, article, or apparatus that includes said element.
[0172] The foregoing has described specific embodiments of this specification. Other embodiments are within the scope of the appended claims. In some cases, the actions or steps recited in the claims may be performed in a different order than that shown in the embodiments and may still achieve the desired result. Furthermore, the processes depicted in the drawings do not necessarily require the specific or sequential order shown to achieve the desired result. In some embodiments, multitasking and parallel processing are possible or may be advantageous.
[0173] The terminology used in one or more embodiments of this specification is for the purpose of describing particular embodiments only and is not intended to limit the scope of one or more embodiments of this specification. The singular forms “a,” “described,” and “the” used in one or more embodiments of this specification and in the appended claims are also intended to include the plural forms unless the context clearly indicates otherwise. It should also be understood that the term “and / or” as used herein refers to and includes any or all possible combinations of one or more associated listed items.
[0174] It should be understood that although the terms first, second, third, etc., may be used to describe various information in one or more embodiments of this specification, such information should not be limited to these terms. These terms are only used to distinguish information of the same type from one another. For example, first information may also be referred to as second information without departing from the scope of one or more embodiments of this specification, and similarly, second information may also be referred to as first information. Depending on the context, the word "if" as used herein may be interpreted as "when," "in response to a determination," or "when," or "in the event of a determination."
[0175] The above description is merely a preferred embodiment of one or more embodiments of this specification and is not intended to limit the scope of one or more embodiments of this specification. Any modifications, equivalent substitutions, improvements, etc., made within the spirit and principles of one or more embodiments of this specification should be included within the protection scope of one or more embodiments of this specification.
Claims
1. A method for managing a relational database, applied to a server corresponding to the relational database; wherein, The relational database includes a first data table and a second data table; the first data table and the second data table are used to store encrypted data records; the first data table and the second data table include a target data field; the ciphertext corresponding to the target data field in the first data table is ciphertext obtained based on the target encryption algorithm and the first key; The ciphertext corresponding to the target data field in the second data table is the ciphertext obtained based on the target encryption algorithm and the second key; the method includes: Obtain the connection command submitted by the client that corresponds to the first data table and the second data table; In response to the connection instruction, for the first data record in the first data table and the second data record in the second data table, determine whether the first ciphertext in the first data record corresponding to the target data field and the second ciphertext in the second data record corresponding to the target data field are ciphertexts obtained by encrypting the same data. If the first ciphertext and the second ciphertext are ciphertexts obtained by encrypting the same data, then the first data record and the second data record are concatenated.
2. The method according to claim 1, wherein the target encryption algorithm is the SM4 encryption algorithm; the ciphertext includes data encrypted based on the SM4 algorithm and a key, and encryption features corresponding to the data; Determining whether the first ciphertext in the first data record corresponding to the target data field and the second ciphertext in the second data record corresponding to the target data field are ciphertexts obtained by encrypting the same data includes: Obtain the encryption features from the first ciphertext in the first data record that corresponds to the target data field; Based on a Bloom filter, determine whether the encryption feature exists in the second ciphertext corresponding to the target data field in the second data record; If so, further determine whether the first ciphertext and the second ciphertext are ciphertexts obtained by encrypting the same data.
3. The method according to claim 2, wherein the ciphertext further includes a random variable generated according to a preset rule; Determining whether the first ciphertext and the second ciphertext are ciphertexts obtained by encrypting the same data includes: According to the rules, the random variable is removed from the first ciphertext and the second ciphertext respectively, and it is determined whether the first ciphertext and the second ciphertext after removal are ciphertexts obtained by encrypting the same data.
4. The method according to claim 1, wherein the client includes a client corresponding to the data owner of the first data table; the connection instruction includes the first key, and the second key authorized by the data owner of the second data table to the data owner of the first data table; Determining whether the first ciphertext in the first data record corresponding to the target data field and the second ciphertext in the second data record corresponding to the target data field are ciphertexts obtained by encrypting the same data includes: Based on the first key and the second key, determine whether the first ciphertext in the first data record corresponding to the target data field and the second ciphertext in the second data record corresponding to the target data field are ciphertexts obtained by encrypting the same data.
5. The method according to claim 4, wherein determining whether the first ciphertext in the first data record corresponding to the target data field and the second ciphertext in the second data record corresponding to the target data field, based on the first key and the second key, are ciphertexts obtained by encrypting the same data, comprises: Based on the second key and the puncture point corresponding to the preset puncturable pseudo-random function, calculate the puncture key corresponding to the second key; Based on the first key and the puncturable pseudo-random function, calculate the first function value, and based on the puncture key and the puncturable pseudo-random function, calculate the second function value; Determine whether the first function value matches the second function value.
6. A management device for a relational database, applied to a server corresponding to the relational database; wherein, The relational database includes a first data table and a second data table; the first data table and the second data table are used to store encrypted data records; the first data table and the second data table include a target data field; the ciphertext corresponding to the target data field in the first data table is ciphertext obtained based on the target encryption algorithm and the first key; The ciphertext corresponding to the target data field in the second data table is ciphertext obtained based on the target encryption algorithm and the second key; the device includes: The acquisition module acquires the connection instructions submitted by the client that correspond to the first data table and the second data table; The determination module, in response to the connection instruction, determines, for the first data record in the first data table and the second data record in the second data table, whether the first ciphertext in the first data record corresponding to the target data field and the second ciphertext in the second data record corresponding to the target data field are ciphertexts obtained by encrypting the same data. The connection module performs a connection process on the first data record and the second data record if the first ciphertext and the second ciphertext are ciphertexts obtained by encrypting the same data.
7. The apparatus according to claim 6, wherein the target encryption algorithm is the SM4 encryption algorithm; the ciphertext includes data encrypted based on the SM4 algorithm and a key, and encryption features corresponding to the data; The determining module: Obtain the encryption features from the first ciphertext in the first data record that corresponds to the target data field; Based on a Bloom filter, determine whether the encryption feature exists in the second ciphertext corresponding to the target data field in the second data record; If so, further determine whether the first ciphertext and the second ciphertext are ciphertexts obtained by encrypting the same data.
8. The apparatus according to claim 7, wherein the ciphertext further includes a random variable generated according to a preset rule; The determining module: According to the rules, the random variable is removed from the first ciphertext and the second ciphertext respectively, and it is determined whether the first ciphertext and the second ciphertext after removal are ciphertexts obtained by encrypting the same data.
9. The apparatus of claim 6, wherein the client includes a client corresponding to the data owner of the first data table; the connection instruction includes the first key and the second key authorized by the data owner of the second data table to the data owner of the first data table; The determining module: Based on the first key and the second key, determine whether the first ciphertext in the first data record corresponding to the target data field and the second ciphertext in the second data record corresponding to the target data field are ciphertexts obtained by encrypting the same data.
10. The apparatus according to claim 9, wherein the determining module: Based on the second key and the puncture point corresponding to the preset puncturable pseudo-random function, calculate the puncture key corresponding to the second key; Based on the first key and the puncturable pseudo-random function, calculate the first function value, and based on the puncture key and the puncturable pseudo-random function, calculate the second function value; Determine whether the first function value matches the second function value.
11. An electronic device, comprising: processor; Memory used to store processor-executable instructions; The processor implements the method as described in any one of claims 1-5 by executing the executable instructions.
12. A computer-readable storage medium having stored thereon computer instructions that, when executed by a processor, implement the method as described in any one of claims 1-5.