Data processing method of an unstructured search tree, searchable encryption method and system

By employing an inadvertent retrieval tree architecture and a trusted execution environment, the contradiction between robustness, security, and operational efficiency in existing technologies is resolved, resulting in a data processing method that offers strong security, robustness, and efficient operation, suitable for dynamically searchable encryption systems.

CN122160188APending Publication Date: 2026-06-05XI AN JIAOTONG UNIV

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
XI AN JIAOTONG UNIV
Filing Date
2026-05-07
Publication Date
2026-06-05

AI Technical Summary

Technical Problem

Existing technologies sacrifice efficiency and mode safety while ensuring robustness, or severely compromise operational performance while improving safety, making it difficult to coordinate the contradiction between robustness, strong safety, and efficient operation.

Method used

It adopts an unintentional retrieval tree architecture, which constructs a hierarchical binary tree for each keyword and stores it in an unintentional random access machine. It combines pseudo-random functions and local state tables to dynamically calculate access paths and introduces a trusted execution environment (enclave) to handle insertion, deletion and search operations, hides data access patterns and optimizes search efficiency.

Benefits of technology

It achieves strong forward and backward security, robustness, and efficient search and deletion performance. By hiding access modes and optimizing path calculation, it improves system operating efficiency and reduces client storage and communication overhead.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122160188A_ABST
    Figure CN122160188A_ABST
Patent Text Reader

Abstract

The application discloses a data processing method of an oblivious search tree, a searchable encryption method and system, and relates to the field of encryption technology. The method comprises the following steps: when inserting, a client instantiates a new leaf node according to an effective insertion number, calculates a current oblivious random walk path and a future refreshing oblivious random walk path, and writes the paths into a server; when deleting, the client calculates a root node oblivious random walk path according to an effective deletion number and a search number, traverses the oblivious search tree to locate a target leaf node, and reconnects a sibling node of the target leaf node to a grandparent node; and when searching, the client calculates a root node oblivious random walk path according to an effective deletion number and a search number, traverses the oblivious search tree to collect effective leaf node identifiers, and calculates a current path according to each identifier and the search number to obtain a file identifier. The application realizes strong forward and backward security and robustness, and guarantees efficient search and deletion performance which is proportional to the current effective data amount.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of encryption technology, specifically to a data processing method for inadvertently searching a tree, a searchable encryption method, and a system. Background Technology

[0002] In data outsourcing scenarios, Dynamic Searchable Symmetric Encryption (DSSE), while supporting insertion and deletion operations on encrypted files, introduces additional privacy leakage risks, namely forward and backward privacy leaks. More critically, incorrect update operations such as duplicate insertions and redundant deletions in real-world applications can directly compromise the security and operational correctness of the solution. Therefore, designing robust DSSE solutions that can resist such erroneous operations has become an urgent need.

[0003] To achieve robustness, existing technologies primarily employ two approaches. The first approach, represented by forward-secure verifiable symmetric searchable encryption and robust searchable encryption schemes, ensures verifiable updates by maintaining a complete, append-only operation record for each keyword. However, this results in search efficiency being proportional to the total number of historical operations, rather than the current amount of valid data, leading to severe performance degradation over long-term operation. The second approach, represented by robust searchable encryption quadratic schemes, utilizes inadvertent mapping to detect incorrect operations. It introduces inadvertent mapping to filter invalid operations during the update phase and optimizes search efficiency to be correlated with the amount of valid data through tree indexes. However, its tree structure exposes access and search patterns during the search process, making it vulnerable to statistical analysis attacks, and its deletion efficiency is low.

[0004] To address the schema leakage problem, researchers introduced an Oblivious Random Access Machine (ORAM) as the underlying storage, suppressing schema leakage by continuously obfuscating data access paths. However, this method introduces new performance bottlenecks to achieve the security goal. For example, the data refresh mechanism is deeply bound to a global counter, resulting in a loss of fine-grained data access capabilities. This leads to high search or deletion overhead regardless of whether lazy deletion or immediate deletion strategies are used, making it unsuitable for real-world scenarios with frequent updates.

[0005] In summary, existing technologies sacrifice efficiency and mode safety while ensuring robustness, or severely compromise operational performance while improving safety, and have consistently failed to resolve the contradiction between robustness, strong safety, and efficient operation in a coordinated manner. Summary of the Invention

[0006] To address the problems existing in the prior art, this invention provides a data processing method, a searchable encryption method, and a system for unintentional search trees. Based on the unintentional search tree architecture, it achieves strong forward and backward security, robustness, and efficient search and deletion performance.

[0007] This invention is achieved through the following technical solution: In one aspect, this application provides a data processing method for inadvertently retrieving a tree, including insertion, deletion and search operations; For each keyword, a hierarchical binary tree is constructed and stored in a random access machine. The hierarchical binary tree includes leaf nodes that store file identifiers and non-leaf nodes that store traversal information. The client maintains a local status table for each keyword, which stores the number of valid insertions, valid deletions, and searches for each keyword. The insertion operation is as follows: In response to a file identifier insertion request for a target keyword, the client instantiates a new leaf node based on the effective insertion count of the target keyword, calculates the current random access machine path and the future refresh random access machine path of the new leaf node through a pseudo-random function, and writes the new leaf node to the server through the random access machine protocol. The deletion operation is as follows: In response to a file identifier deletion request for a target keyword, the client calculates the random access machine path of the root node based on the number of valid deletions and searches of the target keyword, traverses the hierarchical binary tree to locate the target leaf node storing the file identifier, and reconnects the sibling nodes of the target leaf node to the grandparent node. The search operation is as follows: In response to a search request for a target keyword, the client calculates the random access machine path of the root node based on the number of valid deletions and searches for the target keyword, traverses the hierarchical binary tree to collect the identifiers of valid leaf nodes, calculates the current random access machine path of each valid leaf node based on the identifier of each valid leaf node and the number of searches for the target keyword, and accesses the current random access machine path through the random access machine protocol to obtain the file identifier.

[0008] Preferably, in the insertion operation, after the client writes the new leaf node to the server through the random access machine protocol, it also increments the effective insertion count of the target keyword.

[0009] Preferably, in the deletion operation, after the client reconnects the sibling node of the target leaf node to the grandparent node, it also writes the updated grandparent node back to the server through the random access machine protocol and increments the effective deletion count of the target keyword.

[0010] Preferably, in the search operation, after the client accesses the current random access machine path through the random access machine protocol to obtain the file identifier, it increments the search count of the target keyword, calculates the refresh random access machine path for each valid leaf node based on the updated search count, and refreshes each valid leaf node to the position corresponding to the refresh random access machine path through the random access machine protocol.

[0011] Preferably, when a client accesses the random access machine path via the random access machine protocol, it specifically includes: The path read method is called to read all encrypted data blocks on the specified random access machine path into the local path cache list, and then decrypts the read encrypted data blocks. After performing data operations on the decrypted data blocks in the local path cache list, the updated decrypted data blocks are obtained; Call the path eviction method and the path write-back method to re-encrypt the updated decrypted data block and write it back to the server.

[0012] Preferably, the traversal information stored in the non-leaf node includes the left child node identifier, the right child node identifier, the random access machine path where the left child node is located, and the random access machine path where the right child node is located. When the deletion and search operations traverse the hierarchical binary tree, the client determines the identifier of the next node to be visited and its random access path based on the traversal information stored in the currently visited non-leaf node.

[0013] Secondly, this application provides a data processing system for inadvertently retrieving trees, including a client and a server; The client includes: The tree construction module is used to construct a hierarchical binary tree stored in the random access machine on the server side for each keyword. The hierarchical binary tree includes leaf nodes that store file identifiers and non-leaf nodes that store traversal information. The status maintenance module is used to maintain a local status table for each keyword. The local status table stores the number of valid insertions, the number of valid deletions, and the number of searches for each keyword. The insertion processing module is used to respond to a file identifier insertion request for a target keyword, instantiate a new leaf node according to the effective insertion count of the target keyword, calculate the current random access machine path and the future refresh random access machine path of the new leaf node through a pseudo-random function, and write the new leaf node to the server through the random access machine protocol. The deletion processing module is used to respond to a file identifier deletion request for a target keyword, calculate the random access machine path of the root node based on the number of valid deletions and searches of the target keyword, traverse the hierarchical binary tree to locate the target leaf node storing the file identifier, and reconnect the sibling nodes of the target leaf node to the grandparent node. The search processing module is used to respond to a search request for a target keyword, calculate the random access machine path of the root node based on the number of valid deletions and searches of the target keyword, traverse the hierarchical binary tree to collect valid leaf node identifiers, calculate the current random access machine path of each valid leaf node based on the identifier of each valid leaf node and the number of searches of the target keyword, and access the current random access machine path through the random access machine protocol to obtain the file identifier.

[0014] Thirdly, this application provides a dynamic, robust, searchable encryption method based on an unintentional search tree, comprising the following steps: Step 1: The client generates an unintentional retrieval tree key and an unintentional mapping key and transmits them to the enclave on the server side; the enclave initializes a local state table, a local path cache list, and a queue. Step 2: Based on the initialization parameters, the cloud server constructs an unintentional retrieval tree and an unintentional mapping underlying random access machine tree structure to form an encrypted database; Step 3: The enclave receives the request sent by the client and determines whether the operation type is an update operation or a search operation; If an update operation is determined, the enclave checks the validity of the operation through unintentional mapping. For invalid operations, a virtual operation is performed to hide the invalidity of the operation. For valid operations, the insertion or deletion operation in the data processing method of the unintentional search tree is used to perform the actual update. If the operation is determined to be a search operation, the enclave uses the search operation in the data processing method of the inadvertent search tree to retrieve all file identifiers corresponding to the keyword and returns the search results to the client.

[0015] Preferably, step 3 includes post-search aggregation optimization: After the search operation is completed, the enclave aggregates the multiple valid leaf nodes found into an aggregate leaf node, stores it in the position of the nearest common ancestor node of the multiple valid leaf nodes, and sets identification information in the nearest common ancestor node to indicate the valid status of each file identifier in the aggregate leaf node.

[0016] Fourthly, this application provides a dynamic, robust, searchable encryption system based on an inadvertent search tree, including a client, an enclave, and a cloud server; The client is used to generate an unintentional search tree key and an unintentional mapping key, and transmit the generated key to the enclave on the server side; The enclave is used to initialize the local state table, local path cache list, and queue; it receives requests sent by clients and determines whether the operation type is an update operation or a search operation. If it is determined to be an update operation, the validity of the operation is checked by unintentional mapping. For invalid operations, a virtual operation is performed to hide their invalidity. For valid operations, the insertion or deletion operation method in the data processing method of the unintentional search tree is used to perform the actual update. If it is determined to be a search operation, the search operation method in the data processing method of the inadvertent search tree is used to retrieve all file identifiers corresponding to the keyword, and the search results are returned to the client; The cloud server is used to construct an unintentional retrieval tree and an unintentional mapping underlying random access machine tree structure based on the received initialization parameters, forming an encrypted database.

[0017] Compared with the prior art, the present invention has the following beneficial technical effects: This application provides a data processing method for an inadvertent retrieval tree. For each keyword, a hierarchical binary tree is constructed and stored in an inadvertent random access machine. The hierarchical binary tree includes leaf nodes storing file identifiers and non-leaf nodes storing traversal information. During data insertion, deletion, or search operations, the client dynamically calculates the path of the node to be accessed in the inadvertent random access machine using a pseudo-random function, based on a locally maintained local state table corresponding to each keyword (the local state table stores the effective insertion count, effective deletion count, and search count for each keyword). This data processing method achieves strong forward and backward security by encrypting and storing all nodes of the hierarchical binary tree in the inadvertent random access machine, hiding all data access patterns. By driving path calculation through the local state table, it avoids storing large amounts of location mapping information on the client, significantly reducing client storage overhead. Furthermore, by implementing a deletion strategy that directly connects the sibling nodes of the target leaf node to the grandparent node, it achieves efficient immediate deletion operations, ensuring that the efficiency of subsequent search operations is proportional to the current amount of valid data.

[0018] This application provides a dynamic, robust, searchable encryption method based on unintentional search trees. This method, building upon unintentional search tree data processing, introduces an enclave as a trusted execution environment and combines unintentional search trees with unintentional mappings to construct a complete encrypted database system. The client generates an unintentional search tree key and an unintentional mapping key and transmits them to the server-side enclave. The enclave initializes its local state table, local path cache list, and queue. The cloud server constructs the underlying random access machine tree structure of the unintentional search tree and unintentional mappings based on the received initialization parameters, forming the encrypted database. Upon receiving a client request, the enclave determines the operation type. For update operations, it checks the operation validity through unintentional mappings. Invalid operations are executed with the same number of virtual operations to hide their invalidity. For valid operations, the insertion or deletion operation method in the aforementioned method is called to perform the actual update. For search operations, the search operation method in the aforementioned method is called to retrieve all file identifiers corresponding to the keyword and return the results.

[0019] Furthermore, after the search operation is completed, aggregation optimization is introduced, aggregating multiple consecutive valid leaf nodes into an aggregated leaf node and storing it at the location of its nearest common ancestor node. Using enclaves as trusted proxies eliminates the overhead of multiple rounds of communication between the client and server, significantly improving system efficiency. Through inadvertent mapping pre-verification and a virtual execution mechanism for invalid operations, robustness is ensured without introducing additional information leakage, making it impossible for attackers to distinguish between valid and invalid operations. Post-search aggregation optimization batches multiple random access machine accesses into a single operation, further improving search throughput in high-frequency search scenarios and solving the technical challenge of simultaneously achieving robustness, strong security, and efficient operation in existing technologies.

[0020] This application also proposes a dynamic robust searchable encryption system based on an unintentional search tree, an electronic device, and a computer storage medium, which possess all the advantages of the aforementioned dynamic robust searchable encryption method based on an unintentional search tree. Attached Figure Description

[0021] To more clearly illustrate the technical solutions of the embodiments of this application, the accompanying drawings used in the embodiments will be briefly introduced below. It should be understood that the following drawings only show some embodiments of this application and should not be regarded as a limitation of the scope. For those skilled in the art, other related drawings can be obtained based on these drawings without creative effort.

[0022] Figure 1 This is a flowchart of the dynamic robust searchable encryption method based on an unintentional search tree according to the present invention; Figure 2 This is a structural diagram of the hierarchical binary tree of the present invention; Figure a shows the hierarchical binary tree structure before deletion, Figure b shows the hierarchical binary tree structure after deleting leaf nodes, and Figure c shows a schematic diagram of the search process. Figure 3 This is a schematic diagram of the unintentional deletion operation of the search tree in this invention; Figure 4 This is a schematic diagram of the node aggregation optimization of the present invention. Detailed Implementation

[0023] To make the objectives, technical solutions, and advantages of the embodiments of this application clearer, the technical solutions of the embodiments of this application will be clearly and completely described below with reference to the accompanying drawings. Obviously, the described embodiments are only some embodiments of this application, and not all embodiments. The components of the embodiments of this application described and shown in the accompanying drawings can generally be arranged and designed in various different configurations.

[0024] Therefore, the following detailed description of the embodiments of this application provided in the accompanying drawings is not intended to limit the scope of the claimed application, but merely to illustrate selected embodiments of the application. All other embodiments obtained by those skilled in the art based on the embodiments of this application without inventive effort are within the scope of protection of this application.

[0025] First, the core technical terms involved in this application will be explained, including the Oblivious Retrieval Tree (ORT) and the Oblivious Map (OMAP).

[0026] The unintentional search tree is used to search based on keywords. Retrieve all file identifiers associated with it ; The unintentional mapping is used in executing keyword-file identifier pairs During an update operation, it is determined whether the update operation is valid, thereby ensuring the robustness of the dynamic robustness searchable encryption method and the system.

[0027] During protocol execution, the client maintains the following three types of data structures for the unintentional search tree: The local path cache list Stash is used to temporarily cache data blocks read from the server. Local Status Table Used to store each keyword The corresponding status information, each entry in the local status table is named with a key. The key is a triple, and the value corresponding to each key is a triple. , respectively representing keywords Valid insertion count Valid deletion count and search volume ; Queue Q: Used to record the order in which all nodes are visited during an unintentional traversal of the tree, including leaf nodes and non-leaf nodes; Oblivious Random Access Machine (ORAM); Hierarchical Binary Tree (HBT).

[0028] Firstly, this application provides a data processing method for unintentional search trees, including insertion, deletion, and search operations for unintentional search trees, as detailed below: The unintentional retrieval tree constructs a hierarchical binary tree for each keyword, which is stored in the random access machine. The hierarchical binary tree includes leaf nodes that store file identifiers and non-leaf nodes that store traversal information. Among them, leaf nodes and non-leaf nodes that are not instantiated are virtual nodes, and leaf nodes and non-leaf nodes that are instantiated are non-virtual nodes; The client maintains a local status table for each keyword, which stores the number of valid insertions, valid deletions, and searches for each keyword.

[0029] I. Unintentional retrieval of tree data Insertion operation method; The ORT's insertion algorithm is used to insert new keyword-file identifier pairs. Insert into the ORT. The input to this insertion algorithm includes the key-file identifier pair to be inserted. and local status table The execution steps are as follows: Step 1: Instantiate the leaf node; First, the client determines the input keywords. From the local state table Search for the corresponding entry in This entry is a tuple. , respectively representing keywords Current number of valid insertions Valid deletion count and search count .

[0030] Then, the client creates a new leaf node. .

[0031] in, For file identifier, From the local state table Entries Obtained from [the source].

[0032] Step 2: Read the path and cache it; The client uses a secure pseudo-random function With the number of valid insertions Use this as a seed to randomly generate an ORAM path. ; Subsequently, the client calls the ORAM path read method to request the ORAM path from the server. All data blocks (encrypted data nodes) on the network are retrieved and read into the local path cache list Stash, and the read encrypted data blocks are decrypted. Step 3: Calculate future write paths to ORAM; The client uses the pseudo-random function again. Using pseudo-random function keys Keywords Current number of valid insertions And from keywords Corresponding entries The current number of searches obtained from As input, calculate the new ORAM path The expression is as follows:

[0033] in, L The height of the ORAM tree.

[0034] The new ORAM path Represents the new leaf node The position to be refreshed after this insertion operation is completed.

[0035] Step 4: Write the new node unintentionally.

[0036] The client now has the ORAM path in the local path cache list Stash. The client will create new leaf nodes from all the original data blocks on the data. Add it to the local path cache list Stash. At this point, the local path cache list Stash contains the original data and the new data block to be written.

[0037] The client calls the ORAM path eviction method to remove the new leaf node. Evicted to ORAM path Refreshing the ORAM path in the future The data block corresponding to the lowest intersecting node.

[0038] The lowest intersection node is the common parent node below the first branch point when two ORAM paths traverse downwards from the root node in the ORAM tree. This write strategy ensures the determinism and retrieval of data block placement.

[0039] Complete the new leaf node After being evicted, the client calls the path write-back method provided by ORAM to re-encrypt all data blocks in the updated local path cache list Stash (including modified old nodes and newly written nodes) and write them back to the ORAM path on the server. middle.

[0040] Step 5: Update the local state table on the client. .

[0041] Keywords Corresponding number of valid insertions Increment by 1 to update the effective insertion count. Point to the next available leaf node and update the key. Corresponding entries The status fields related to this keyword.

[0042] By updating the local status table This makes the next target keyword The insertion operation will use a completely new leaf node, thus ensuring that each file identifier is... In an ORT, each table has a logically unique location associated with the insertion order, and the updated local state table becomes... .

[0043] By following the steps above, the new keyword-file identifier pair Inserted into the ORT, throughout the process, the server can only observe the ORAM path. It can receive read and write requests without distinguishing whether the client is inserting, deleting, or simply performing virtual operations, thus perfectly ensuring forward security and hiding the operation mode itself.

[0044] II. Data from an unintentional retrieval tree Deletion operation method; This inadvertent retrieval tree's data pair deletion operation method is used to delete keyword-file identifier pairs located in the target leaf node. The target leaf node refers to the leaf node to be deleted in this deletion operation. Its purpose is to remove the target leaf node from the unintentional search without revealing the target leaf node being deleted, its location, or any changes to the unintentional search tree structure after deletion, and to update the corresponding non-leaf nodes, thus maintaining the integrity of the unintentional search tree structure. Specifically, this includes the following steps: Step 1: The client first retrieves the data from its local state table. Search for keywords Corresponding entries Then according to that entry Valid deletion count and search count The root node is calculated using a pseudo-random function. The ORAM path ; Client calculates root node ORAM path The calculation method is as follows:

[0045] Subsequently, the client will use keywords Corresponding number of valid deletions Increment by 1 (i.e.) = Once the deletion operation is complete, the visited nodes (including the root node) will be refreshed to reflect the new valid deletion count. The calculated new path achieves backward safety.

[0046] Step 2: Set the current target non-leaf node on the client side. = The ORAM path where the current node is located .

[0047] At the same time, the client initializes a queue Q to record the order of nodes visited during traversal, so as to refresh the ORAM path during backtracking.

[0048] Step 3: The client enters a loop, starting from the root node and following the keywords. The corresponding hierarchical binary tree HBT w Traverse downwards until the target leaf node is found. In each iteration, the following sub-steps are executed sequentially: S3.1 The client calls the ORAM path read method to retrieve the target non-leaf node. The ORAM path All data blocks are retrieved into the local path cache list Stash, and the read data blocks are decrypted. At this point, the local path cache list Stash contains the ORAM path. Plaintext data of all nodes.

[0049] S3.2 The client finds the current target non-leaf node in the local path cache list Stash. Target non-leaf nodes Remove from the local path cache list of Stash.

[0050] S3.3 If the current target is not a leaf node A Stash not cached in the local path indicates that the current target is not a leaf node. These are virtual nodes that have not yet been instantiated; The client instantiates this virtual node, and its data structure is as follows:

[0051] in, Representative keywords, For the target non-leaf node identifier, For the target non-leaf node The ORAM path is located at. Represents the target non-leaf node The left node identifier, Representative node The right node identifier, This represents the ORAM paths where the left and right nodes reside; it is initialized to empty here.

[0052] The instantiation of virtual nodes is to maintain the continuity of the traversal path, so that the client can correctly traverse downwards during the next search.

[0053] S3.4 The client processes nodes in queue Q that record the traversal order. Queue Q stores all nodes (root node, non-leaf nodes, and leaf nodes) on the ORAM path from the root node to the current node in traversal order. The client pops nodes from queue Q in sequence until only one node remains in the queue (i.e., the parent node of the current node).

[0054] For each popped node : If node If it is the root node, then the client will use the ORAM path of that root node. Updated to ; The client is the next node to be popped. Generate ORAM path Used to refresh the node .

[0055] If the node It is a node If the left (right) child node is a node, then that node... The ORAM path is updated to the ORAM path. .

[0056] S3.5 The client calls the path eviction and path write-back methods provided by ORAM to inadvertently write all data blocks on the updated ORAM path back to the server.

[0057] S3.6, The client will select the current target non-leaf node. Push it into queue Q and determine the identifier of the next node to be visited. and corresponding ORAM path ; According to the hierarchical binary tree structure, if Then the node identifier The corresponding node is a virtual node, and the client randomly generates the ORAM path. , as the ORAM path of this virtual node, and set Continue the loop until the target leaf node is reached.

[0058] By repeatedly executing the loop of "read path → process node → refresh path → write back path", the client traverses downwards along the hierarchical binary tree without exposing the access mode, gradually approaching the target leaf node. Step 4: Locate the target leaf node and its parent node and grandfather node ; Repeat step 3 to obtain the target leaf node. This refers to the leaf node that is being deleted. At this point, queue Q records all nodes on the complete path from the root node to the target leaf node.

[0059] The client pops the grandparent node from queue Q. and its parent node ; Grandfather node (i.e., the target leaf node) (parent node of the parent node). Parent node (i.e., the target leaf node) (direct parent node); At the same time, the client obtains the target leaf node. sibling node identifier and its ORAM path Sibling nodes are those related to the target leaf node. Another child node that shares the same parent node.

[0060] Step 5: The client, based on the parent node... It is the grandfather node If it is the left child node or the right child node, perform the corresponding update; If the parent node It is the grandfather node The client will select the grandparent node as the left or right child node. left child node or right child node Update to sibling node identifier And the corresponding left child node's ORAM path Or the ORAM path of the right child node Update to ORAM path .

[0061] Furthermore, the target leaf node and parent node Removed from ORT, sibling node identifier The corresponding sibling node is directly connected to the grandparent node. Below, the height of the ORT remains unchanged, but the structure has been updated.

[0062] The ORT structure is reconstructed by updating the grandparent node and promoting the sibling node to the position of the parent node.

[0063] Step 6: Write back the updated grandparent node; The client will update the grandparent node. Re-encrypt and call the ORAM path write-back method to retrieve the grandparent node. Write back to the corresponding ORT path on the server. At this point, the server-side ORT structure has been updated, and the target leaf node... and parent node The deleted leaf node no longer exists in the current ORT. The deletion operation automatically skips the deleted leaf node in subsequent searches, making the search efficiency proportional to the amount of currently available data, thus achieving optimal search time.

[0064] III. Methods for searching data pairs in a tree without prior knowledge; The inadvertent search tree search operation method is used to retrieve all ORTs containing the keyword. file identifier The goal of the search operation is to retrieve all valid file identifiers corresponding to the keywords from the ORT without revealing the search keywords, the number of results returned, or the access patterns. The input to the search algorithm includes: the keywords to be searched. and the local state table maintained by the client. This includes the following steps: Step 1: The client initializes an empty list R to store the identifiers of the last valid leaf nodes searched.

[0065] The client first checks the local state table. Search for keywords The corresponding entry. If the entry "Does not exist" means that there are no files or keywords. If the client returns an empty result set, the algorithm ends.

[0066] If the entry If it exists, retrieve the entry and initialize an empty list R to store the identifiers of the valid leaf nodes found later.

[0067] Step 2: Calculate the ORAM path where the root node is located. The root node is retrieved via ORAM and placed into the traversal queue Q.

[0068] The client determines the number of valid deletions based on the current number of deletions. and search count The ORAM path containing the root node is calculated using a pseudo-random function. :

[0069] The client calls the ORAM path read method to retrieve the ORAM path where the root node is located. All data blocks on the local path cache list (Stash) are retrieved. The root node is then parsed from the Stash local path cache list. The data is processed, and the root node is pushed into queue Q. Each node in the queue... ; in, For node identifiers, The ORAM path where the node is located. To refresh the ORAM path for the current node in the future; Step 3: The client enters a loop, retrieving nodes from queue Q for processing until the queue is empty. For each retrieved node... Based on the node type and status, three cases are handled: 1) In the first case, the node is a valid leaf node; like The node identifier The corresponding node is a valid leaf node, and the client directly assigns the node identifier. Add to the empty list R.

[0070] 2) In the second case, the node is a virtual non-leaf node; like and Then the node identifier The corresponding node is a virtual non-leaf node. Traverse the node to find the identifier of the leftmost descendant leaf node of the virtual non-leaf node. and the rightmost descendant leaf node identifier .

[0071] like Then the identifier of the rightmost descendant leaf node. Corrected to For identifier range All node identifiers within Place them into an empty list R; this method can process consecutive leaf nodes in batches, improving traversal efficiency.

[0072] 3) In the third case, the node is a non-virtual, non-leaf node (i.e., a real, existing internal node). The client calls the path reading method provided by ORAM to find the target non-leaf node. Then, target non-leaf nodes The local path cache list was retrieved from Stash. The client is a non-leaf node of the target. The left and right child nodes generate corresponding ORAM paths. , ; information of the left child node and right child node information Push it into queue Q; The client will target the non-leaf node. The ORAM path is updated to and the ORAM path of the left child node ORAM path of the right child node Updated to , .

[0073] The client calls the path eviction and path write-back methods provided by ORAM to update the ORAM path. All data blocks on the server are inadvertently written back to the server.

[0074] By branching through three scenarios, the client can traverse the entire ORT and collect all valid leaf node identifiers related to the keyword without exposing the access pattern.

[0075] It should be noted that an empty list R is represented as a list R after adding node identifiers; Step 4: After the traversal is complete, list R contains all items related to the keyword. Relevant valid leaf node identifiers. For each leaf node identifier in list R... The client calculates the current ORAM path of the leaf node. ; The client calls the path reading method provided by ORAM to retrieve the ORAM path where each leaf node is located into the local path cache list Stash, and parses the file identifier stored in the leaf node from the local path cache list Stash.

[0076] Visit all valid leaf nodes one by one, extract the file identifiers stored therein, and form a search results set.

[0077] Step 5: The client will send keywords Corresponding search count Increment by 1 (i.e.) = +1). The purpose of this update is to ensure backward safety by flushing all visited leaf nodes to the new ORAM path after the search operation is complete.

[0078] For each leaf node identifier in list R The client calculates the future ORAM refresh path: ,in, This is the updated search count.

[0079] Finally, the client updates its local state table. And return the search results set.

[0080] Figure 2 This is an example diagram of the hierarchical binary tree in this invention, illustrating the execution process of deletion and search operations.

[0081] Figure 2 Figure a shows the hierarchical binary tree structure before deletion, where nodes 1-8 are leaf nodes, nodes 9-15 are non-leaf nodes, and node 3 stores the file identifier.

[0082] Figure 2Figure b shows the hierarchical binary tree structure after deleting leaf node 3. As shown, the ORAM path from root node 15 to the grandparent node 13 of leaf node 3 is instantiated, and the right child of grandparent node 13 is reconnected to the sibling node 4 of leaf node 3, thus linking leaf node 3 and its corresponding keyword. Remove from the tree structure unintentionally while maintaining the integrity of the hierarchical binary tree.

[0083] Figure 2 Graph c in the diagram illustrates the search process. The search recursively traverses the tree starting from the root node 15: When virtual node 9 is accessed, it covers the set of its descendant leaf nodes. It is added to the result set, and the subtree is pruned without needing to continue traversing downwards; In this context, a subtree refers to a branch of a complete binary tree formed by all its subordinate nodes (including non-leaf nodes and leaf nodes) with the current virtual non-leaf node as the root node.

[0084] When virtual node 14 is accessed, it covers the set of its descendant leaf nodes. It is added to the result set, and the subtree is pruned; When leaf node 4 is accessed, it is added directly to the result set.

[0085] Ultimately, the search operation returned the result set [1,2,4,5,6,7], which contains all results related to the keyword. The associated valid file identifier. This process achieves efficient search traversal through a virtual node batch addition mechanism.

[0086] Figure 3 This is a flowchart illustrating the deletion operation in this invention, corresponding to... Figure 2 The deletion operation is shown in Figure b. This figure illustrates how to safely locate and delete the target leaf node while reconstructing the hierarchical binary tree structure, all while hiding the access pattern.

[0087] As shown in the figure, the random access machine path retrieved at each step is highlighted in yellow, and virtual nodes are marked with "#". The core of the deletion operation is to delete the grandparent node of the target leaf node. Reconnect to its sibling node The client uses a queue Q to record the order in which nodes are accessed during the traversal. The specific process is as follows: Step 1: The client calculates the ORAM path of root node 15. Then retrieve it into the local path cache list Stash. Based on the key in the local state table... Valid deletion count It can be seen that root node 15 is a virtual node, and the client instantiates it as ( Then push it into queue Q. Subsequently, the client refreshes the local path cache list Stash and writes the random access machine path 1 back to the server.

[0088] Step 2: Similar to Step 1, the client completes the processing of grandparent node 13, instantiating it and pushing it into queue Q.

[0089] Step 3: ORAM path of client compute node 10 This is then retrieved into the local path cache list, Stash. Node 10 is a virtual node, which the client instantiates as... And push it into queue Q. At this point, grandparent node 13 becomes a grandparent node candidate. The client sets a new ORAM path 4 for root node 15 and updates its child node pointers to ORAM path 3. Finally, the client writes ORAM path 2 back to the server.

[0090] Step 4: After reaching the target leaf node 3, the client reconnects the right child of grandparent node 13 to the sibling node 4 of leaf node 3. Then, the client retrieves ORAM path 2 and evicts grandparent node 13 to the lowest common ancestor of ORAM path 2 and ORAM path 3 (the future refresh ORAM path set for grandparent node 13 in Step 3), completing the write-back operation for grandparent node 13. Finally, the client writes path 2 back to the server.

[0091] Through the above steps, this invention achieves the safe removal of the target leaf node from the hierarchical binary tree and the reconstruction of the unintentional retrieval tree structure without exposing the deletion target, deletion location, or changes in the hierarchical binary tree structure. At the same time, the search operation automatically skips the deleted leaf node, which is proportional to the current amount of valid data, thereby achieving the optimal search time.

[0092] The data processing method of the random access tree constructs a hierarchical binary tree for each keyword and stores it in a random access machine. The hierarchical binary tree includes leaf nodes that store file identifiers and non-leaf nodes that store traversal information. The client maintains a local state table for each keyword, which stores the number of valid insertions, the number of valid deletions, and the number of searches for each keyword. In the insertion operation, the client instantiates a new leaf node based on the valid insertion count of the target keyword, calculates the current random access machine (RANK) path and the future refresh random access machine (RANK) path of the new leaf node using a pseudo-random function, and writes the new leaf node to the server using the random access machine (RANK) protocol. In the deletion operation, the client calculates the RANK path of the root node based on the valid deletion count and search count of the target keyword, traverses the hierarchical binary tree to locate the target leaf node storing the file identifier, and reconnects the sibling nodes of the target leaf node to the grandparent node. In the search operation, the client calculates the RANK path of the root node based on the valid deletion count and search count of the target keyword, traverses the hierarchical binary tree to collect valid leaf node identifiers, calculates the current random access machine (RANK) path of each valid leaf node based on the identifier of each valid leaf node and the search count of the target keyword, and accesses the current random access machine (RANK) path to obtain the file identifier using the random access machine (RANK) protocol.

[0093] This data processing method achieves strong forward and backward security by encrypting and storing all nodes of the hierarchical binary tree in a random access machine, thus hiding all data access patterns. Through a virtual node instantiation mechanism on demand and a deletion strategy that directly connects the sibling nodes of the target leaf node to the grandparent node, it achieves search efficiency proportional to the current amount of valid data and efficient immediate deletion operations. Maintaining the effective insertion count, effective deletion count, and search count for each key through a local state table ensures the randomness and unpredictability of each operation path.

[0094] Secondly, based on the aforementioned data processing method using unintentional search trees, this application provides a dynamic, robust, searchable encryption method based on unintentional search trees. This method combines unintentional search trees with unintentional mappings to construct an encrypted database on the server side. A trusted execution environment (such as an enclave) acts as a proxy for the client on the server side, enabling efficient search, insertion, and deletion operations while ensuring forward security, backward security, and robustness. (See also...) Figure 1 Specifically, it includes the following steps: Step 1: The client executes the initialization protocol of the dynamic robust searchable encryption method based on an unintentional search tree, initializes system parameters, and generates an Encrypted Database (EDB). Throughout the system, the enclave acts as a trusted "proxy client" on the server side, accessing data through unintentional search trees and unintentional mappings, thereby eliminating the overhead of multiple rounds of communication. The specific implementation is as follows: S1.1, The client uses security parameters As input, generate the ORT key for the ORT and the unintentional mapping. and unintentional mapping keys The client transmits the generated key to the enclave on the server side via a secure channel.

[0095] S1.2 After receiving the key, the enclave initializes the following local data structures, including: An empty local state table This is used to store the status information of each keyword; An empty local path cache list, Stash, is used to temporarily store blocks of data read from the server during ORAM access operations; An empty queue Q is used to record the traversal path of the ORAM and assist in node refreshing during the deletion operation.

[0096] Step 2: The cloud server executes the initialization protocol of the dynamic robust searchable encryption method based on the accidental search tree, and initializes an empty ORT and an empty OMAP on the server side. The ORT and the OMAP together constitute the basic architecture of the encrypted database.

[0097] S2.1, the cloud server receives the initialization parameters of the underlying storage structure used by ORT and OMAP, namely the ORAM tree structure, including: The heights of the underlying ORAM tree of ORT are respectively ; The height of the OMAP underlying ORAM tree ; The number of data blocks in each bucket of the underlying ORT ORAM tree ; The number of data blocks in each bucket of the OMAP underlying ORAM tree ; S2.2, Based on the input initialization parameters, the cloud server organizes the storage space into a hierarchical binary tree structure, completes the construction of the underlying ORAM tree structure of ORT and OMAP, and together they form an encrypted database EDB, which is used to store all encrypted data nodes in the future.

[0098] Step 3: The client sends a request to the enclave on the server side, and the enclave determines the type of access operation based on the specific request.

[0099] S3.1, the enclave parses the operation tuple in the request and determines the request type, and determines whether the current operation is an update operation. Update operations include deletion operations and insertion operations.

[0100] S3.2, If it is an update operation, the enclave receives the update operation tuple. As input, where Indicates the operation type (i.e., insert or delete operation). It is a keyword. This is the file identifier; the enclave will use an unintentional mapping to check the validity of the update operation.

[0101] S3.3, Repeatability check for insertion operations; 1) For insertion operations, the enclave will invoke the lookup algorithm provided in the unintentional mapping. (Check) Does it already exist in OMAP? if If the object already exists, the insertion operation is considered a duplicate insertion and is rejected as an invalid insertion operation. if If it does not exist, then the insertion operation is a valid insertion operation, and step 4 is executed; 2) For deletion operations, the enclave calls the search algorithm provided by the unintentional mapping to check... Does it exist in OMAP? if If the deletion does not exist, the deletion operation is considered redundant and is rejected as an invalid deletion operation. if If it exists, the deletion operation is valid, and proceed to step 4; S3.4, Hidden handling of invalid operations; If an update operation is deemed invalid (duplicate insertion or redundant deletion), the enclave cannot simply reject the update operation and return, because an attacker can distinguish between a correct update and an incorrect update by observing whether the expected write operation occurs. This would expose the validity of the update operation and leak information about the keywords of the previous query, thereby compromising forward security.

[0102] To achieve full robustness guarantees, this application performs the same number of virtual operations on rejected incorrect update operations. Specifically, it performs the same number of virtual unintentional mapping accesses and virtual ORT accesses as the real update operations in the enclave, making it impossible for attackers to distinguish between valid and invalid operations, thereby concealing the correctness of the update operations.

[0103] Step 4: Based on the operation type of the operation tuple in the request, i.e., a search operation or a correct update operation, further perform the data search operation and update operation while ensuring strong forward and backward privacy.

[0104] S4.1 For valid update operations verified in step 3 (i.e., non-duplicate insertions and non-redundant deletions), the enclave performs the following operations: 1) For non-repeating insertion operations, the enclave will call the insertion operation method provided by ORT. Insert into ORT; The detailed process of the insertion operation method has been described in the first aspect of this application. The insertion operation method creates a new leaf node in the random access tree and writes the node to the server through the random access machine protocol.

[0105] After the insertion operation is complete, the enclave will call the state update method provided by the unintentional mapping. Inserted into an unintentional mapping; 2) For non-redundant deletion operations, the enclave calls the search operation method provided by the unintentional mapping to obtain the identifier of the leaf node to be deleted. Remove from ORT ; The detailed process of the deletion operation method has been described in the first aspect of this application. Its core is to remove the target leaf node from the inadvertent retrieval tree by traversing from the root node to the target leaf node and reconstruct the inadvertent retrieval tree structure.

[0106] After the deletion operation is complete, the enclave calls the state update method provided by the unintentional mapping to update the state. Remove from OMAP.

[0107] Step 5: If the operation type is a search operation, the enclave executes the search protocol of the dynamic robust searchable encryption method based on the unintentional search tree, and the enclave receives the search keywords sent by the client. As input, perform the following steps: S5.1, the enclave first checks keywords. Corresponding local status table Entries Does it exist? If the entry "Not found" indicates that there are no files or keywords. If the enclave is associated with another enclave, it returns an empty result to the client, and the algorithm ends.

[0108] If the entry The enclave invokes the search operation methods provided by the ORT to search for keywords. The detailed process of the search operation method for all corresponding file identifiers has been described in the first aspect of this application. The search operation method involves collecting valid leaf node identifiers by traversing the hierarchical binary tree corresponding to the keyword, accessing the random access machine path where each valid leaf node is located to obtain the file identifier, and incrementing the search count of the keyword to refresh the node position after the search is completed.

[0109] Step 6: After the search operation is completed, to further improve the performance of subsequent searches, the enclave can selectively perform post-search aggregation optimization. The core of this optimization is to aggregate multiple consecutive valid leaf nodes and store them at the nearest common ancestor node, thereby batching multiple ORAM accesses into one, reducing the number of ORAM accesses required for subsequent searches, as detailed below: S6.1, Enclave Determination of Current Keyword Among the corresponding valid leaf nodes, does there exist k consecutive aggregateable leaf nodes, where k is a preset aggregation factor? Aggregable leaf nodes must simultaneously satisfy the following conditions: All are related to the keywords mentioned above. The associated valid leaf nodes; It has already been accessed in the current search operation; Not marked as deleted; If the aggregation conditions are not met, aggregation optimization will not be performed.

[0110] S6.2 For k consecutive leaf nodes that satisfy the aggregation condition, an aggregated leaf node is created in the enclave and stored at the position of the nearest common ancestor node of the k leaf nodes. The aggregated leaf node stores k file identifiers in array form, where deleted positions are marked with "⊥".

[0111] The path calculation method for the aggregated leaf nodes is as follows:

[0112] in, This is the identifier for the aggregated leaf nodes. For the keyword Current number of searches.

[0113] See Figure 4This example demonstrates an aggregation optimization with k=4, where there are 16 leaf nodes, 10 file identifiers inserted, and 1 file identifier deleted (i.e., the file identifier stored in leaf node 3). After performing the search operation, the client aggregates leaf nodes 1, 2, and 4 into node 25, leaf node 3 is deleted, and node 25 stores (1, 2, ⊥, 4). Additionally, leaf nodes 5, 6, 7, and 8 are aggregated into node 26. Since leaf nodes 9, 10, 11, and 12 only store 2 file identifiers, they are not aggregated or written back. The parent node of the aggregation node (node ​​29) does not need to store the paths of its child nodes. In this example, the parent node of the aggregation node uses a bitmap of length k to indicate the deletion status of file identifiers stored at each position within the aggregation node. For example, in node 29, bitmap "1101" indicates that the file identifier stored at the third position in node 25 has been deleted, while the file identifiers stored at each position in the right child node 26 have not been deleted, represented by ⊥.

[0114] S6.3, the enclave sets a bitmap of length k in the parent node of the aggregated leaf node to indicate whether the file identifier stored at each position within the aggregated leaf node is valid. Each bit in the bitmap corresponds to a storage location: A value of "1" indicates that the file identifier at the corresponding position is valid; A value of "0" indicates that the file identifier at the corresponding location has been deleted; For example, bitmap "1101" indicates that the file identifiers at positions 1, 2, and 4 within the aggregate node are valid, while the file identifier at position 3 has been deleted.

[0115] S6.4, Enclave update of the keyword Corresponding local status table In the original triplet Based on this, add an aggregation counter. and aggregate counter Set to the maximum identifier of the leaf nodes in this aggregation.

[0116] The aggregation counter Used to identify aggregated leaf nodes in subsequent search operations: when a node identifier is encountered during traversal. Aggregation Counter When the aggregation counter reaches a certain value, it indicates that the leaf node has been aggregated into the aggregation node and does not need to be accessed separately; when the aggregation counter reaches a certain value, it indicates that the leaf node has been aggregated into the aggregation node and does not need to be accessed separately. ≤ < When this occurs, it indicates that the leaf node is an unaggregated ordinary leaf node and needs to be accessed separately.

[0117] This dynamic robust searchable encryption method based on unintentional search trees combines the unintentional search tree described in the first aspect with unintentional mapping. The client generates an unintentional search tree key and an unintentional mapping key and transmits them to the enclave on the server side. The enclave initializes a local state table, path cache list, and queue. The cloud server constructs the underlying random access machine tree structure of the unintentional search tree and unintentional mapping based on the received initialization parameters, forming an encrypted database. After receiving a request from the client, the enclave determines whether the operation type is an update operation or a search operation. For update operations, the validity of the operation is checked through unintentional mapping. For invalid operations, the same number of virtual operations are performed to hide their invalidity. For valid operations, the insertion or deletion operation method in the data processing method of the unintentional search tree described in the first aspect is used to perform the actual update. For search operations, the search method in the data processing method of the unintentional search tree described in the first aspect is used to retrieve all file identifiers corresponding to the keyword and return the search results to the client.

[0118] This dynamic, robust, searchable encryption method eliminates multi-round communication overhead and improves system efficiency by using an enclave as a trusted proxy for the client on the server side. Through a mechanism of pre-verifying operation validity via inadvertent mapping and executing virtual operations on invalid operations, it ensures system robustness without introducing additional information leakage, making it impossible for attackers to distinguish between valid and invalid operations. By combining inadvertent search trees with inadvertent mapping, a complete encrypted database system is constructed, achieving a unity of forward security, backward security, and robustness, thus solving the technical challenge of simultaneously achieving robustness, strong security, and efficient operation in existing technologies.

[0119] Thirdly, based on the above-mentioned data processing method for unintentional search trees, this application also provides a data processing system for unintentional search trees, including a client and a server. The client includes: The tree construction module is used to construct a hierarchical binary tree stored in the random access machine on the server side for each keyword. The hierarchical binary tree includes leaf nodes that store file identifiers and non-leaf nodes that store traversal information. The status maintenance module is used by the client to maintain a local status table for each keyword. The local status table stores the number of valid insertions, valid deletions, and searches for each keyword. The insertion processing module is used to respond to a file identifier insertion request for a target keyword, instantiate a new leaf node according to the effective insertion count of the target keyword, calculate the current random access machine path and the future refresh random access machine path of the new leaf node through a pseudo-random function, and write the new leaf node to the server through the random access machine protocol. The deletion processing module is used to respond to a file identifier deletion request for a target keyword, calculate the random access machine path of the root node based on the number of valid deletions and searches of the target keyword, traverse the hierarchical binary tree to locate the target leaf node storing the file identifier, and reconnect the sibling nodes of the target leaf node to the grandparent node. The search processing module is used to respond to a search request for a target keyword, calculate the random access machine path of the root node based on the number of valid deletions and searches of the target keyword, traverse the hierarchical binary tree to collect valid leaf node identifiers, calculate the current random access machine path of each valid leaf node based on the identifier of each valid leaf node and the number of searches of the target keyword, and access the current random access machine path through the random access machine protocol to obtain the file identifier.

[0120] Fourthly, based on the above-mentioned dynamic robust searchable encryption method using an unintentional search tree, this application also provides a dynamic robust searchable encryption system based on an unintentional search tree, including a client, an enclave, and a cloud server. The client is used to generate an unintentional search tree key and an unintentional mapping key, and transmit the generated key to the enclave on the server side; The enclave is used to initialize the local state table, local path cache list, and queue; it receives requests sent by clients and determines whether the operation type is an update operation or a search operation. If it is determined to be an update operation, the validity of the operation is checked by unintentional mapping. For invalid operations, a virtual operation is performed to hide their invalidity. For valid operations, the insertion or deletion operation method in the data processing method of the unintentional retrieval tree is used to perform the actual update. If it is determined to be a search operation, the search operation method in the data processing method of the unintentional search tree described above is used to retrieve all file identifiers corresponding to the keyword, and the search results are returned to the client; The cloud server is used to construct an unintentional retrieval tree and an unintentional mapping underlying random access machine tree structure based on the received initialization parameters, forming an encrypted database.

[0121] It should be noted that, in the several embodiments provided in this application, it should be understood that the disclosed apparatus and methods can be implemented in other ways. For example, the apparatus embodiments described above are merely illustrative; for instance, the division of modules is only a logical functional division, and in actual implementation, there may be other division methods. For example, multiple modules may be combined or integrated into another device, or some features may be ignored or not executed. The modules described as separate components may or may not be physically separated. The components shown as modules may be one or more physical units, that is, they may be located in one place or distributed in multiple different places. Some or all of the modules can be selected to achieve the purpose of the solution in this embodiment according to actual needs.

[0122] Furthermore, in the various embodiments of the present invention, the modules can be integrated into one processing unit, or each module can exist physically separately, or two or more modules can be integrated into one unit. The integrated unit described above can be implemented in hardware or as a software functional unit.

[0123] An electronic device provided in this application includes a memory and a processor. The memory stores a computer program, and when the processor executes the computer program, it implements the steps of the data processing method for unintentional retrieval trees as described in any of the above embodiments.

[0124] Another electronic device provided in this application embodiment may further include: an input port connected to a processor for transmitting multimodal data collected by an external acquisition device to the processor; a display unit connected to the processor for displaying the processor's processing results to the outside world; and a communication module connected to the processor for enabling communication between the electronic device and the outside world. The display unit may be a display panel, a laser scanning display, etc.; the communication method adopted by the communication module includes, but is not limited to, mobile high-definition link technology, universal serial bus, high-definition multimedia interface, and wireless connection (including wireless fidelity technology, Bluetooth communication technology, and Bluetooth low power communication technology).

[0125] This application provides a computer-readable storage medium storing a computer program. When executed by a processor, the computer program implements the steps of the data processing method for the unintentional search tree as described in any of the above embodiments.

[0126] For descriptions of relevant parts of the data processing system, electronic device, and computer-readable storage medium for unintentional tree retrieval provided in this application's embodiments, please refer to the detailed descriptions of the corresponding parts in the data processing method for unintentional tree retrieval provided in this application's embodiments; they will not be repeated here. Furthermore, parts of the technical solutions provided in this application that are consistent with the implementation principles of corresponding technical solutions in the prior art have not been described in detail to avoid excessive elaboration.

[0127] The above content is only for illustrating the technical concept of the present invention and should not be construed as limiting the scope of protection of the present invention. Any modifications made to the technical solution based on the technical concept proposed in this invention shall fall within the scope of protection of the claims of this invention.

Claims

1. A data processing method for an unintentional search tree, characterized in that, This includes insert, delete, and search operations; For each keyword, a hierarchical binary tree is constructed and stored in a random access machine. The hierarchical binary tree includes leaf nodes that store file identifiers and non-leaf nodes that store traversal information. The client maintains a local status table for each keyword, which stores the number of valid insertions, valid deletions, and searches for each keyword. The insertion operation is as follows: In response to a file identifier insertion request for a target keyword, the client instantiates a new leaf node based on the effective insertion count of the target keyword, calculates the current random access machine path and the future refresh random access machine path of the new leaf node through a pseudo-random function, and writes the new leaf node to the server through the random access machine protocol. The deletion operation is as follows: In response to a file identifier deletion request for a target keyword, the client calculates the random access machine path of the root node based on the number of valid deletions and searches of the target keyword, traverses the hierarchical binary tree to locate the target leaf node storing the file identifier, and reconnects the sibling nodes of the target leaf node to the grandparent node. The search operation is as follows: In response to a search request for a target keyword, the client calculates the random access machine path of the root node based on the number of valid deletions and searches for the target keyword, traverses the hierarchical binary tree to collect the identifiers of valid leaf nodes, calculates the current random access machine path of each valid leaf node based on the identifier of each valid leaf node and the number of searches for the target keyword, and accesses the current random access machine path through the random access machine protocol to obtain the file identifier.

2. The data processing method for an unintentional search tree according to claim 1, characterized in that, In the insertion operation, after the client writes the new leaf node to the server using the random access machine protocol, it also increments the effective insertion count of the target keyword.

3. The data processing method for an unintentional search tree according to claim 1, characterized in that, In the deletion operation, after the client reconnects the sibling node of the target leaf node to the grandparent node, it also writes the updated grandparent node back to the server through the random access machine protocol and increments the effective deletion count of the target keyword.

4. The data processing method for an unintentional search tree according to claim 1, characterized in that, In the search operation, the client accesses the current random access machine path through the random access machine protocol to obtain the file identifier, increments the search count of the target keyword, calculates the refresh random access machine path for each valid leaf node based on the updated search count, and refreshes each valid leaf node to the position corresponding to the refresh random access machine path through the random access machine protocol.

5. The data processing method for an unintentional search tree according to claim 1, characterized in that, When a client accesses the random access machine path via the random access machine protocol, the specific steps include: The path read method is called to read all encrypted data blocks on the specified random access machine path into the local path cache list, and then decrypts the read encrypted data blocks. After performing data operations on the decrypted data blocks in the local path cache list, the updated decrypted data blocks are obtained; Call the path eviction method and the path write-back method to re-encrypt the updated decrypted data block and write it back to the server.

6. The data processing method for an unintentional search tree according to claim 1, characterized in that, The traversal information stored in the non-leaf node includes the identifier of the left child node, the identifier of the right child node, the random access machine path where the left child node is located, and the random access machine path where the right child node is located. When the deletion and search operations traverse the hierarchical binary tree, the client determines the identifier of the next node to be visited and its random access path based on the traversal information stored in the currently visited non-leaf node.

7. A data processing system for unintentional tree retrieval, characterized in that, Including both client-side and server-side components; The client includes: The tree construction module is used to construct a hierarchical binary tree stored in the random access machine on the server side for each keyword. The hierarchical binary tree includes leaf nodes that store file identifiers and non-leaf nodes that store traversal information. The status maintenance module is used to maintain a local status table for each keyword. The local status table stores the number of valid insertions, the number of valid deletions, and the number of searches for each keyword. The insertion processing module is used to respond to a file identifier insertion request for a target keyword, instantiate a new leaf node according to the effective insertion count of the target keyword, calculate the current random access machine path and the future refresh random access machine path of the new leaf node through a pseudo-random function, and write the new leaf node to the server through the random access machine protocol. The deletion processing module is used to respond to a file identifier deletion request for a target keyword, calculate the random access machine path of the root node based on the number of valid deletions and searches of the target keyword, traverse the hierarchical binary tree to locate the target leaf node storing the file identifier, and reconnect the sibling nodes of the target leaf node to the grandparent node. The search processing module is used to respond to a search request for a target keyword, calculate the random access machine path of the root node based on the number of valid deletions and searches of the target keyword, traverse the hierarchical binary tree to collect valid leaf node identifiers, calculate the current random access machine path of each valid leaf node based on the identifier of each valid leaf node and the number of searches of the target keyword, and access the current random access machine path through the random access machine protocol to obtain the file identifier.

8. A dynamic, robust, searchable encryption method based on an unintentional search tree, characterized in that, Includes the following steps: Step 1: The client generates an unintentional retrieval tree key and an unintentional mapping key and transmits them to the enclave on the server side; the enclave initializes a local state table, a local path cache list, and a queue. Step 2: Based on the initialization parameters, the cloud server constructs an unintentional retrieval tree and an unintentional mapping underlying random access machine tree structure to form an encrypted database; Step 3: The enclave receives the request sent by the client and determines whether the operation type is an update operation or a search operation; If it is determined to be an update operation, the enclave checks the validity of the operation through unintentional mapping. For invalid operations, a virtual operation is performed to hide the invalidity of the operation. For valid operations, the insertion or deletion operation in the data processing method of the unintentional retrieval tree as described in any one of claims 1 to 6 is used to perform the actual update. If the operation is determined to be a search operation, the enclave uses the search operation in the data processing method of the unintentional search tree as described in any one of claims 1 to 6 to retrieve all file identifiers corresponding to the keyword and returns the search results to the client.

9. A dynamic robust searchable encryption method based on an unintentional search tree according to claim 8, characterized in that, Step 3 is followed by post-search aggregation optimization: After the search operation is completed, the enclave aggregates the multiple valid leaf nodes found into an aggregate leaf node, stores it in the position of the nearest common ancestor node of the multiple valid leaf nodes, and sets identification information in the nearest common ancestor node to indicate the valid status of each file identifier in the aggregate leaf node.

10. A dynamically robust searchable encryption system based on an unintentional search tree, characterized in that, This includes client-side applications, enclaves, and cloud servers; The client is used to generate an unintentional search tree key and an unintentional mapping key, and transmit the generated key to the enclave on the server side; The enclave is used to initialize the local state table, local path cache list, and queue; it receives requests sent by clients and determines whether the operation type is an update operation or a search operation. If it is determined to be an update operation, the validity of the operation is checked by unintentional mapping. For invalid operations, a virtual operation is performed to hide their invalidity. For valid operations, the insertion or deletion operation method in the unintentional retrieval tree data processing method of any one of claims 1 to 6 is used to perform the actual update. If it is determined to be a search operation, the search operation method in the data processing method of the unintentional search tree according to any one of claims 1 to 6 is used to retrieve all file identifiers corresponding to the keyword, and the search results are returned to the client; The cloud server is used to construct an unintentional retrieval tree and an unintentional mapping underlying random access machine tree structure based on the received initialization parameters, forming an encrypted database.