A method and device for extracting multiple results of a ciphertext database query

By employing fully homomorphic encryption and the method of recursively deriving polynomial coefficients using Newton's identity, the efficiency and security issues of multiple result extraction in encrypted database queries are resolved. This achieves efficient and accurate multiple result extraction while reducing computational complexity and communication volume.

CN122365584APending Publication Date: 2026-07-10BEIJING ELECTRONICS SCI & TECH INST

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
BEIJING ELECTRONICS SCI & TECH INST
Filing Date
2026-06-09
Publication Date
2026-07-10

AI Technical Summary

Technical Problem

In existing technologies, encrypted database queries cannot efficiently extract multiple hit results without exposing plaintext, leading to data privacy and security risks.

Method used

A fully homomorphic encryption algorithm is used to generate a query index table. The total number of hits in the ciphertext is obtained through homomorphic matching calculation and accumulation. A polynomial is constructed by using Newton's identity to derive the polynomial coefficients and solve for the target row identifier set, thereby realizing the extraction of corresponding encrypted data from the ciphertext database.

Benefits of technology

It enables efficient and accurate extraction of multiple results while protecting data privacy, significantly improving the security and efficiency of encrypted queries and reducing computational complexity and communication volume.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122365584A_ABST
    Figure CN122365584A_ABST
Patent Text Reader

Abstract

This invention discloses a method and apparatus for extracting multiple results from a encrypted database query, belonging to the field of encrypted retrieval technology. It receives encrypted query keywords from the user client, performs homomorphic matching on the encrypted database using fully homomorphic encryption, and generates a query index table containing ciphertext markers. The ciphertext markers are homomorphically accumulated to obtain the total number of hits in ciphertext, which is then decrypted by the user client to obtain the plaintext total number of hits. When the total number of hits is greater than zero, a prime number greater than the number of records in the database is selected as the modulus. Homomorphic exponentiation is performed on the row identifiers and multiplied by the ciphertext markers, then accumulated to obtain an equipotential sum sequence ciphertext, which is sent to the user client. The system receives the set of hit row identifiers obtained by the user client based on Newton's identity decryption, and extracts the corresponding encrypted data from the encrypted database accordingly. This invention achieves efficient and accurate extraction of multiple results while protecting privacy.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of encrypted text retrieval technology, and in particular to a method and apparatus for extracting multiple results from encrypted database queries. Background Technology

[0002] With the rapid development of cloud computing, big data, and artificial intelligence technologies, data outsourcing services have gradually become the mainstream data management and processing model. To reduce local storage and computing costs, users typically upload massive amounts of data to cloud servers, which then perform data computation, analysis, and mining operations on their behalf. While this outsourcing model improves resource utilization efficiency, it also brings serious challenges to data privacy and security. If users directly upload raw data to cloud servers in plaintext, the cloud can fully access its content, easily leading to the leakage of sensitive information or its malicious misuse.

[0003] While traditional encryption technologies such as AES and RSA can effectively ensure data confidentiality during transmission and storage, preventing external attackers from stealing it, these encryption schemes lack computability in the encrypted state. When a cloud server needs to perform substantive computational operations such as retrieval, aggregation, or statistics on user data, it must first decrypt the data into plaintext before executing the relevant algorithms. During this process, the decrypted plaintext data is exposed in the cloud server's memory and computing environment, providing opportunities for internal attacks, side-channel attacks, and exploitation of system vulnerabilities. Therefore, how to achieve effective computation and analysis of encrypted data without decryption has become a critical technical problem that urgently needs to be solved in current data outsourcing applications.

[0004] It is evident that developing a method that can support cloud-based encrypted computation while protecting data privacy has significant theoretical and engineering application value. Summary of the Invention

[0005] The present invention aims to at least partially solve one of the technical problems in the related art.

[0006] To address this, this invention proposes a method for extracting multiple results from encrypted database queries. Applied to the server side, the method receives encrypted query keywords from the user and generates ciphertext markers in the query index table using fully homomorphic encryption. The ciphertext markers are then homomorphically summed to obtain the total hit count ciphertext, which is decrypted by the user to obtain the plaintext total hit count. When the total hit count is greater than zero, a prime number greater than the number of database records is selected as the modulus. Homomorphic exponentiation is then performed on the row identifiers and multiplied by the ciphertext markers, followed by summation to obtain an equipotential sum sequence ciphertext. The method receives the set of hit row identifiers obtained by the user using Newton's identity decryption and extracts the corresponding encrypted data from the encrypted database. This invention achieves accurate extraction of multiple results while protecting data privacy.

[0007] Another objective of this invention is to provide a multi-result extraction device for encrypted database queries.

[0008] To achieve the above objectives, this invention proposes a method for extracting multiple results from a encrypted database query, comprising:

[0009] The system receives encrypted query keywords sent by the user, performs homomorphic matching calculations on each record in the ciphertext database using a fully homomorphic encryption algorithm, obtains a ciphertext flag indicating whether each row matches, and generates a query index table. Homomorphically accumulate the ciphertext flags in the query index table to obtain the total number of hits ciphertext, send the total number of hits ciphertext to the user terminal, and receive the total number of hits plaintext returned by the user terminal after decryption. When the total number of plaintext hits is greater than zero, a prime number greater than the total number of records in the database is selected as the modulus. In the modulo operation environment, the row identifiers of each record in the query index table are subjected to homomorphic exponentiation and multiplied with the corresponding ciphertext flags and then accumulated to calculate an idempotent sequence ciphertext of the same order as the total number of hits. The idempotent sequence ciphertext is then sent to the user terminal. The system receives a set of target row identifiers from the user terminal, extracts the corresponding encrypted data from the ciphertext database based on the set of target row identifiers, and returns it to the user terminal. The set of target row identifiers is obtained by the user terminal decrypting the idempotent sum sequence ciphertext, using Newton's identity to recursively obtain the polynomial coefficients, constructing a polynomial with the hit row identifiers as roots, and solving it.

[0010] The method for extracting multiple results from a encrypted database query according to an embodiment of the present invention may also have the following additional technical features: In one embodiment of the present invention, a fully homomorphic encryption algorithm is used to perform homomorphic matching calculations on each record in the ciphertext database to generate a query index table, including: Receive encrypted query keywords sent by the user client Calculate the first ciphertext in the database Encrypted data of the record and The difference in the encrypted data is divided by a preset upper bound. We obtain the normalized difference ciphertext; Perform a homomorphic symbolic function operation on the normalized difference ciphertext to obtain the symbolic ciphertext, and then use digital... ciphertext Subtract the corresponding ciphertext to obtain the matching flag. This makes the first When records match the query keywords ,otherwise ; row identifiers for each record Matching flags Combine to form a query index table ;in This represents the total number of records in the database.

[0011] In one embodiment of the present invention, homomorphic accumulation is performed on the ciphertext flags in the query index table to obtain the total number of hits ciphertext, and the total number of hits plaintext is received, including: Query all matching flags in the index table Perform homomorphic addition to obtain the ciphertext of the total number of hits. ; Will The message is sent to the user's computer, allowing the user to use the saved private key to decrypt and obtain the plaintext total number of hits. ; Receive plaintext returned by the user client ,like The query will then terminate.

[0012] In one embodiment of the present invention, calculating the idempotent sum sequence ciphertext and sending it to the user terminal includes: when When, select one greater than prime numbers As a modulus; for For each record in the query index table, calculate the modulo power of the plaintext. and the corresponding ciphertext marker Perform homomorphic multiplication to obtain intermediate ciphertext. ; Homomorphically sum the intermediate ciphertext of all records to obtain the th record. Ciphertext of power sums ; Will as well as It is sent to the user terminal as an idempotent sequence ciphertext.

[0013] In one embodiment of the present invention, the target row identifier set is obtained by the user terminal in the following manner: The client decrypts the received idempotent sum sequence ciphertext to obtain the plaintext idempotent sum sequence. ,satisfy ,in For the first one that meets the query criteria Individual row identifier; Set initial value ,for The coefficients of elementary symmetric polynomials are calculated recursively using Newton's identities:

[0014] in for In the model Multiplicative inverse; according to Calculate the coefficients of the objective polynomial , Construct a polynomial:

[0015] Using Horner's rule, identify all possible rows in the database. Substitute them into the simplified equations one by one

[0016] Verification will be performed on all equations that satisfy the equation. Each root is used as the target row identifier set.

[0017] In one embodiment of the present invention, the coefficients of an elementary symmetric polynomial are calculated recursively using Newton's identities. Specifically: according to arrive In the order of calculation, obtain the calculated values ​​sequentially. and exponentiation Calculate the cumulative sum In the model Multiply by an integer Multiplicative inverse To obtain the current order coefficients until all are obtained. .

[0018] In one embodiment of the present invention, Horner's rule is used for verification, specifically as follows: Candidate row identifier Substitute into the nested polynomial expression, starting from the innermost layer Begin by performing multiplication layer by layer. Subtracting a coefficient ultimately calculates the modulus of the entire expression. The value below; if the calculation result is If the candidate row identifier is found to be the root, then all candidate row identifiers are traversed and all roots are aggregated to form the target row identifier set.

[0019] In one embodiment of the present invention, retrieving corresponding encrypted data from the ciphertext database based on the target line identifier set and returning it to the user terminal includes: Receive the target row identifier set, and sequentially retrieve the stored records from the encrypted database. Search for the row that matches the target row identifier. The system packages all the encrypted data found and sends it to the user's client so that the user can decrypt it using their local private key to obtain the plaintext query results.

[0020] In one embodiment of the present invention, a value greater than 1 is selected. prime numbers As a modulus, it includes: Get the total number of records in the encrypted database Select greater than The smallest prime number as the modulus This allows modular exponentiation, homomorphic accumulation, and user-side Newton's identity recursion and Horner's rule root finding to all be performed using modular exponentiation. The operation is performed within a finite field to ensure that there is no overflow and that the polynomial has a definite set of roots.

[0021] To achieve the above objectives, another aspect of the present invention provides a multi-result extraction device for encrypted database queries, comprising: The query index building module is used to receive encrypted query keywords sent by the user, use a fully homomorphic encryption algorithm to perform homomorphic matching calculations on each record in the ciphertext database, obtain a ciphertext flag indicating whether each row matches, and generate a query index table. The hit count module is used to perform homomorphic accumulation on the ciphertext flags in the query index table to obtain the hit count ciphertext, send the hit count ciphertext to the user terminal, and receive the hit count plaintext returned by the user terminal after decryption. The idempotent sum calculation module is used to select a prime number greater than the total number of records in the database as the modulus when the total number of plaintext hits is greater than zero. In the modulo operation environment, the module performs homomorphic exponentiation on the row identifier of each record in the query index table and multiplies it with the corresponding ciphertext flag, and then accumulates the results to calculate an idempotent sum sequence ciphertext of the same order as the total number of hits. The idempotent sum sequence ciphertext is then sent to the user terminal. The query result extraction module is used to receive the target row identifier set fed back by the user terminal, extract the corresponding encrypted data from the ciphertext database according to the target row identifier set, and return it to the user terminal; wherein the target row identifier set is obtained by the user terminal decrypting the idempotent sum sequence ciphertext, using Newton's identity to recursively obtain the polynomial coefficients, constructing a polynomial with the hit row identifier as the root, and solving it.

[0022] This invention discloses a method and apparatus for extracting multiple results from a encrypted database query. The method involves receiving encrypted query keywords from a user and generating ciphertext flags in a query index table using a fully homomorphic encryption algorithm. The ciphertext flags are homomorphically summed to obtain the total number of hits (ciphertext), which is then decrypted by the user to obtain the plaintext. When the total number of hits is greater than zero, a prime number greater than the number of records is selected as the modulus. Homomorphic exponentiation is performed on the row identifiers and multiplied by the ciphertext flags, then summed to obtain an equipotential sum sequence ciphertext. The method receives the set of hit row identifiers obtained by the user using Newton's identity decryption and extracts the corresponding encrypted data from the encrypted database. This method effectively solves the problem in existing technologies where encrypted queries cannot efficiently extract multiple hit results without exposing the plaintext. It achieves a fully integrated encrypted retrieval process from encrypted matching and hit statistics to row identifier polynomial solving, significantly improving the accuracy and efficiency of multiple result extraction and enhancing the security and engineering practical value of cloud outsourcing data privacy protection queries.

[0023] Additional aspects and advantages of the invention will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the invention. Attached Figure Description

[0024] The above and / or additional aspects and advantages of the present invention will become apparent and readily understood from the following description of the embodiments taken in conjunction with the accompanying drawings, wherein: Figure 1 This is a schematic diagram of a fully homomorphic encrypted database system according to an embodiment of the present invention; Figure 2 This is a flowchart of a method for extracting multiple results from a encrypted database query according to an embodiment of the present invention; Figure 3 This is a schematic diagram of the overall process of the method according to an embodiment of the present invention; Figure 4 This is a schematic diagram of a multi-result extraction device for encrypted database query according to an embodiment of the present invention. Detailed Implementation

[0025] It should be noted that, unless otherwise specified, the embodiments and features described in the present invention can be combined with each other. The present invention will now be described in detail with reference to the accompanying drawings and embodiments.

[0026] To enable those skilled in the art to better understand the present invention, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings of the embodiments of the present invention. Obviously, the described embodiments are only some embodiments of the present invention, and not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative effort should fall within the scope of protection of the present invention.

[0027] The following description, with reference to the accompanying drawings, describes a method and apparatus for extracting multiple results from a encrypted database query according to an embodiment of the present invention.

[0028] The core idea of ​​this invention is to address the problem that existing technologies in encrypted database queries cannot efficiently extract multiple hit results without exposing plaintext. This is achieved by constructing a multi-result extraction method covering the entire process of "encrypted matching—hit statistics—equal power sum calculation—polynomial root finding—result extraction," thus enabling accurate retrieval while protecting privacy. First, the system receives encrypted query keywords from the user and generates a query index table containing ciphertext markers using fully homomorphic encryption. The ciphertext markers are homomorphically summed to obtain the total hit count ciphertext, which is then decrypted by the user to obtain the plaintext. When the total hit count is greater than zero, a prime number greater than the number of database records is selected as the modulus. Homomorphic exponentiation is performed on the row identifiers and multiplied by the ciphertext markers, then summed to obtain the equal power sum sequence ciphertext, which is sent to the user. After decryption by the user, Newton's identity is used to recursively derive the polynomial coefficients, constructing a polynomial rooted at the hit row identifiers and solving it, returning the target row identifier set. The server then extracts the corresponding encrypted data and returns it. This invention transforms the traditional encrypted query that requires returning each result one by one or multiple interactions into a highly efficient integrated retrieval system based on homomorphic accumulation and polynomial root finding, which significantly improves the accuracy and security of multiple result extraction.

[0029] The following description, with reference to the accompanying drawings, illustrates a method and apparatus for extracting multiple results from a encrypted database query according to an embodiment of the present invention.

[0030] This solution requires a fully homomorphic encrypted ciphertext database system before it can be used, such as... Figure 1 As shown, the encrypted database system consists of a client and a server. The client is responsible for generating the key, while the server is responsible for building the database and performing homomorphic operations. The client encrypts the keyword to be queried into ciphertext and sends the ciphertext to the server. The server performs homomorphic matching calculations on all rows of data in the database based on the keyword, generating a query index table. Based on the query index table, the server obtains the ciphertext of the total number of matches K through homomorphic accumulation and sends the ciphertext of the number of matches K to the client. The client decrypts the ciphertext and sends the plaintext of the number of matches K to the server. Based on the number of matches K, the server homomorphically calculates the ciphertext of K idempotent sums and sends the ciphertext of the K idempotent sums to the client. After decrypting the idempotent sums, the client uses Newton's identity to calculate the polynomial coefficients. Knowing the polynomial coefficients, the client enumerates the polynomial. The roots of this polynomial are all query IDs. The client uses Horner's rule to solve for all matching query IDs and sends all IDs to the server. The server retrieves the data of all matching rows based on the IDs and sends them to the client. The user can obtain the query results by decrypting the data. The query operation is complete. The following describes the method steps of this invention: like Figure 2 As shown, the present invention provides a method for extracting multiple results from a encrypted database query, applied to the server side, and includes the following steps: S1: Receive the encrypted query keyword sent by the user terminal, use the fully homomorphic encryption algorithm to perform homomorphic matching calculation on each record in the ciphertext database, obtain the ciphertext flag indicating whether each row matches, and generate a query index table. S2, perform homomorphic accumulation on the ciphertext flags in the query index table to obtain the total number of hits ciphertext, send the total number of hits ciphertext to the user terminal, and receive the total number of hits plaintext returned by the user terminal after decryption; S3, when the total number of plaintext hits is greater than zero, select a prime number greater than the total number of records in the database as the modulus. In the modulo operation environment, perform homomorphic exponentiation on the row identifier of each record in the query index table and multiply it with the corresponding ciphertext flag, then accumulate the results to calculate an idempotent sequence ciphertext of the same order as the total number of hits. The idempotent sequence ciphertext is then sent to the user terminal. S4, receive the target row identifier set fed back by the user terminal, extract the corresponding encrypted data from the ciphertext database according to the target row identifier set and return it to the user terminal; wherein the target row identifier set is obtained by the user terminal decrypting the idempotent sum sequence ciphertext, using Newton's identity to recursively obtain the polynomial coefficients, constructing a polynomial with the hit row identifier as the root and solving it.

[0031] like Figure 3 As shown, the overall process of the specific steps is as follows: S101. Construct a fully homomorphic encryption system, generate keys, and establish a ciphertext database; S102. The user sends the encrypted query keywords, and the server builds a query index table. S103. Count the total number K of matches that match the query keywords in the encrypted database; S104. The server calculates K idempotent sums based on the number of hits K and sends them to the client. S105. The user terminal calculates the polynomial coefficients using Newton's identity based on the K sums of powers transmitted from the server. S106. The user terminal uses Horner's rule to solve the polynomial to obtain the ID, and then queries the corresponding row of data in the encrypted database.

[0032] Specifically, in step S101, the user client generates the keys required for the fully homomorphic encrypted database system, including a public key, a private key, and an evaluation key. The public key is used to encrypt plaintext, the private key is used to decrypt ciphertext, and the evaluation key is used for homomorphic operations. The user client keeps the private key locally and sends the public key and evaluation key to the server.

[0033] The server stores a encrypted database consisting of several records. Each record in the database includes at least two parts:

[0034] in, This only indicates the row number of the data and has nothing to do with the actual data content; it does not represent the actual meaning of the data. This indicates the encrypted data for the corresponding row.

[0035] S102. Now suppose the user wants to query data that meets certain conditions. The user determines the keyword q to query, and encrypting it yields:

[0036] The user sends the keyword to the server. Upon receiving the keyword, the server uses a ciphertext formula composed of symbolic functions to encrypt the data in the database. Perform homomorphic matching calculations. , where n represents the number of IDs. The ciphertext formula is as follows:

[0037] for The upper bound of the data, This represents the result of encrypting the number 1.

[0038] After performing the homomorphic matching calculations described above, the server will obtain multiple matching flags. ,in

[0039] If the first If any record matches the query keywords, then ;otherwise .

[0040] Correspondingly, the server generates a query index table:

[0041] S103, The server checks all matching flags in the index table. Perform homomorphic summation to obtain the total number of matches matching the query keywords in ciphertext form:

[0042] The server will Send to the client. The client decrypts the message using its private key to obtain the number of hit records:

[0043] when If the query fails, it means there is no data in the database that matches the query keywords, and the query ends. If the query is successful, it means that there is K data in the database that matches the query keywords, and the query proceeds to the next step.

[0044] S104. The user terminal will display the number of data items that meet the query criteria. Returning the result to the server. Assuming the total number of data entries in the database is n, the server selects a value greater than n. prime numbers and in the model The exponentiation operation is performed in the specified operational environment (the Q in all subsequent modulo operations is exactly the same as the modulo Q here). The specific operation is as follows: Let the sum of the power of m of all IDs that meet the query criteria be... .

[0045] Obviously For each Calculate the first The power and the corresponding ciphertext result:

[0046] The server will Send to the user's client.

[0047] The client decrypts the received ciphertext result to obtain the plaintext power sum sequence.

[0048] in,

[0049] And assume that the IDs that meet the query conditions are respectively ,for ,have

[0050] S105. Assume that the IDs in the database that meet the query conditions are as follows: , construct with Let be a symmetric polynomial with roots . The expansion of the symmetric polynomial is shown below:

[0051] Given an idempotent sequence:

[0052] In this case, determine the polynomial by following these steps. The coefficient.

[0053] First, initialize the parameters. Set initial values. Then, the elementary symmetric polynomial is calculated recursively.

[0054] for Calculate the coefficients of the corresponding symmetric polynomial using the following formula. :

[0055] in, Represents integers In the model The multiplicative inverse of the following satisfies:

[0056] Through the above recursive process, we obtain the following results in sequence:

[0057] The target polynomial to be obtained by this scheme is shown in the following formula:

[0058] Based on the coefficients of the symmetric polynomial With the coefficients of the objective polynomial The correspondence between them is further calculated. .

[0059] for ,calculate:

[0060] Therefore, all coefficients are determined:

[0061] Construct the objective polynomial based on the above coefficients:

[0062] Thus, the corresponding polynomial equation is obtained:

[0063] S106, Solving polynomial equations This allows us to obtain IDs from the database that match the query criteria. The polynomial equation is shown below:

[0064] This equation has a total of The root, this Each root corresponds to a data ID that meets the search criteria. Horner's rule can be used to simplify the polynomials listed above and provide a fast solution. The simplified formula is as follows:

[0065] The user will use the database row number. Substitute them into this equation one by one. If If a polynomial equation is satisfied, then it is a root of the equation. The user end will then select all equations that satisfy the conditions. The ID is sent to the server.

[0066] The server retrieves the data corresponding to these IDs and returns it to the client. The client decrypts the data using its private key to obtain all data that matches the search criteria. The query operation is complete.

[0067] The method of this invention effectively solves the problem in the prior art that encrypted queries cannot efficiently extract multiple hit results without exposing plaintext. It realizes an integrated encrypted retrieval process from encrypted matching and hit statistics to polynomial root finding, significantly improving the accuracy and efficiency of multiple result extraction, and enhancing the security and engineering practical value of cloud outsourced data privacy protection queries.

[0068] In addition, the present invention also provides a detailed description of the implementation details of a method for extracting multiple results from a encrypted database query: 1. The reason why this method can solve for the polynomial coefficients using Newton's identity when the idempotent sum sequence is known.

[0069] Assume the IDs in the database that meet the query criteria are as follows: , construct with Symmetric polynomials with roots:

[0070] Expanding it yields

[0071] Since the user has obtained the polynomial equation by decrypting the idempotent sum sequence sent by the server, The root idempotency , Therefore, the matching ID number can be calculated according to Newton's identity.

[0072] Then for Newton's identity can be written in the following form:

[0073] The above Newtonian identity is used for recursive calculation.

[0074] because It is a prime number and ,so In the model The following multiplicative inverse exists Therefore,

[0075] The formula is conventional By calculating recursively using the formula, we can obtain:

[0076] Because of polynomials It can be further written as:

[0077] Since we already know The coefficients of the above polynomial satisfy:

[0078] Through the above operations, you can obtain This polynomial equation. Then, through the modulus... Solving for the roots of this polynomial equation in this sense will yield all IDs in the database that meet the query criteria.

[0079] 2. How are the computational depth and complexity of this scheme calculated?

[0080] The computational depth and complexity of each stage of this scheme are analyzed as follows (the order of the polynomial approximation of the symbolic function is denoted as ). ).

[0081] a. Server-side: (1) Index building stage (computation) ).

[0082] The server performs a matching check once for each piece of data; the time complexity is linearly related to the number of data entries in the database. ;Calculation depth: .

[0083] (2) The stage of summing the number of hits.

[0084] This stage mainly focuses on Perform homomorphic summation; time complexity: linearly related to the number of data in the database. The complexity is O(n log n). ; Computation depth: Using tree-based addition, the computation depth is .

[0085] (3) Idempotent sum calculation stage (core calculation).

[0086] calculate:

[0087] For each Each needs to be Perform one ciphertext multiplication on each element ( (for plaintext) and a single accumulation.

[0088] Time complexity: ;Calculation depth: The computational depth for open-text and ciphertext multiplication is constant. The computational depth for cumulative addition is... (Note: different) (For parallel computing, without increasing depth) b. User side (1) Newton's identity calculation stage.

[0089] Recursive calculation:

[0090] Each It needs to go through a process with a complexity of The operation.

[0091] Total complexity: Computational depth: Recursively dependent on the previous term: .

[0092] (2) Polynomial root finding stage.

[0093] Iterate through all candidate IDs (range: Each point is calculated using the Horner method. The complexity of a single calculation is O(n). .

[0094] Total complexity: ;Calculation depth: .

[0095] c. Time complexity and computation depth table.

[0096] As shown in Table 1, the server side: Table 1

[0097] Total server-side complexity: Total server-side computation depth: .

[0098] As shown in Table 2, the user end: Table 2

[0099] Total complexity on the user side: Total computing depth on the user side: .

[0100] The implementation details of the method in this invention effectively solve the problem that existing encrypted query schemes require multiple interactions or exposure of plaintext when extracting multiple results. It achieves high-security, low-interaction, and scalable encrypted database multi-result retrieval, significantly improving the engineering practicality and computational efficiency of privacy-preserving queries in the cloud environment.

[0101] In addition, this invention has made some optimizations and innovations compared to some existing technical solutions.

[0102] Suppose the original scheme (constructing the system of equations and using Gaussian elimination) is scheme A, and the new scheme to be submitted (using Newton's identities to derive the coefficients) is scheme B.

[0103] Compare the optimization of Scheme B with Scheme A: only compare the additional calculations from "after obtaining the exponentiation to recovering the coefficient / ID".

[0104] I. Comparison premise.

[0105] Let sum be the number of data items matching the query criteria in scheme A, and let K be the number of data items matching the query criteria in scheme B. Let the number of hits be... The database size is .

[0106] The two schemes differ in the subsequent part after "obtaining the power sum sequence": Option A: Construct a system of equations using exponentiation and then use Gaussian elimination to find the coefficients; Option B: Use powers and Newton's identities to recursively derive the coefficients.

[0107] Both require polynomial root finding, so the "root finding" part can be compared separately, but the part that solves for the coefficients at the beginning is the most different.

[0108] II. Complexity and depth of Scheme A.

[0109] 1) Coefficient calculation part.

[0110] Option A is constructed first. The system of equations, and then in the model Perform Gaussian elimination.

[0111] Time complexity: The typical complexity of Gaussian elimination is:

[0112] The reason is: Round principal component processing; approximately [number] elements need to be eliminated in each round. ; Each line needs to be updated approximately Each element.

[0113] Therefore, the overall scale is triple, resulting in... .

[0114] Calculation depth: Standard sequential elimination has a deep dependency hierarchy, which can usually be represented as:

[0115] The reason is: Round Dependency The result of each round; each round also has a progressive elimination dependency; it is not possible to complete all eliminations directly in parallel.

[0116] 2) Finding the root part.

[0117] Solution A finally uses Horner's rule to iterate through all candidate IDs.

[0118] Time complexity: To calculate the polynomial value for each candidate value, it is necessary to... traversal There are 10 candidate values, so:

[0119] Calculation depth: A single Horner's rule is a chain recursion, therefore the depth is:

[0120] 3) The new total complexity of scheme A.

[0121] Looking only at the newly added part after the "power sum", solution A is:

[0122] The corresponding main computational depth is:

[0123] III. Complexity and depth of Option B.

[0124] 1) Coefficient calculation part.

[0125] Scheme B uses Newton's identity:

[0126] Time complexity: For each Need to be accumulated Therefore, the total complexity is:

[0127] Calculation depth: because:

[0128] It's a recursive calculation; the next term must be obtained before the previous term can be calculated, hence the depth:

[0129] 2) Finding the root part.

[0130] Solution B also requires iterating through the candidate IDs and using Horner's rule to determine the root.

[0131] Time complexity: Still:

[0132] Calculation depth: Still:

[0133] 3) The additional total complexity of Scheme B.

[0134] Therefore, the additional part of scheme B after "power sum" is:

[0135] The corresponding main calculation depth is:

[0136] IV. Comparison of time complexity and computational depth between Scheme A and Scheme B.

[0137] 1) Comparison of time complexity.

[0138] Coefficient calculation section: Scheme A: Option B: .

[0139] Therefore, option B is clearly superior in this part, reducing costs by an entire order of magnitude.

[0140] Root finding part: Solution A: Option B: .

[0141] This part is the same for both.

[0142] Overall increase in complexity: Option A: Option B: .

[0143] Therefore, option B is more time-efficient than option A, especially in... The difference is obvious when the difference is large.

[0144] 2) Calculate depth comparison.

[0145] Coefficient calculation section: Scheme A: Option B: .

[0146] Scheme B has a lower depth because Newton's identity is recursive by order, and does not require multiple rounds of matrix elimination like Gaussian elimination.

[0147] The root part: Both are approximately .

[0148] There is no essential difference in this part.

[0149] Overall Depth: Option A: Option B: .

[0150] Therefore, Scheme B is also significantly better in terms of computational depth.

[0151] V. Comparison of communication transmission volume between Scheme A and Scheme B.

[0152] (1) Division of communication process.

[0153] Communication mainly occurs in three stages: 1. User → Server: Send encrypted query ; 2. Server → User: Returns the number of matches ; 3. Server → User (Key Difference Section): Returns the "power sum related data" used to recover the ID.

[0154] The first two parts are exactly the same in both scheme A and scheme B; the difference lies only in the third part.

[0155] (2) Communication transmission volume of scheme A.

[0156] 1) Data returned by the server.

[0157] In Option A, the server needs to calculate and return: ;total: .

[0158] 2) Why is it necessary? .

[0159] Because scheme A requires constructing the following system of equations: Unknowns: Number of coefficients; Number of equations: indivual.

[0160] Each equation requires a different combination of powers, therefore the following must be provided: .

[0161] The fundamental reason is that Gaussian elimination requires "redundant information" to construct a linear system.

[0162] (3) Communication transmission volume of scheme B.

[0163] 1) Data returned by the server.

[0164] Solution B only needs to return: ;total: (Plus) (This is usually returned separately) 2) Why is it only necessary to... .

[0165] Because of Newton's identity:

[0166] It has the following characteristics. Step only depends on: ; already calculated .

[0167] therefore: .

[0168] (4) Comparison of communication transmission volume between scheme A and scheme B.

[0169] Option B reduces communication by half compared to Option A.

[0170] Option B uses Newton's identities to establish a recursive relationship between the power sum and the polynomial coefficients, requiring only... The sum of powers can recover all coefficients, while solution A is based on solving a system of linear equations, which requires... Using the sum of powers as input, Solution B reduces the amount of data transmitted from the server to the user by about half while ensuring correctness, effectively reducing communication overhead.

[0171] Compared to Solution A, Solution B significantly reduces data transmission volume during the communication phase. Specifically, Solution A requires the server to return data to the user. One encrypted parameter, while scheme B, based on Newton's identities, only needs to return... The polynomial coefficients can be recovered using only a few encrypted parameters, thus reducing communication load by approximately 50%. This optimization stems from the recursive relationship established by Newton's identity between the power sum and the polynomial coefficients, making the coefficient recovery process independent of redundant information. Therefore, Scheme B has significant advantages in terms of bandwidth usage, communication efficiency, and overall system performance.

[0172] VI. Apart from the above, where is Option B better than Option A?

[0173] 1) It is simpler to implement.

[0174] Scheme B only requires recursive calculations, without the need to construct a system of equations or perform Gaussian elimination in the modal domain, making the process shorter and more direct.

[0175] 2) Lower storage overhead.

[0176] Option A requires saving one The augmented matrix has a space complexity of approximately: Solution B only needs to store a small number of power sums, symmetric polynomials, and coefficients; its space complexity is typically: .

[0177] Therefore, option B saves more memory.

[0178] 3) Numerical processing is more stable.

[0179] Scheme A's Gaussian elimination in the modular domain requires frequent handling of pivoting, inverses, and elimination processes, making the process more cumbersome and prone to implementation detail issues; Scheme B only performs fixed recursion, resulting in a clearer structure and fewer error points.

[0180] 4) It is more in line with algebraic structure.

[0181] Option B directly utilizes the natural relationship of "power sum - symmetric polynomial - polynomial coefficients", which is mathematically more in line with the design goals of the query solution itself and is also more concise in expression.

[0182] Furthermore, the method of this embodiment of the invention has also been experimentally applied, including: Comparison of query time costs between Option A and Option B.

[0183] Experimental conditions: Database size: Number of hit data entries: Comparison objects: Scheme A (Gaussian elimination) and Scheme B (Newton's identity); Indicator: Query phase runtime. See Table 3 for details.

[0184] Table 3

[0185] Comparison Conclusions. Overall Performance Comparison: Under all test conditions, Solution B's runtime was significantly lower than Solution A, with a stable query efficiency improvement of approximately 43%–45%; Trend with K Growth: The runtime of both solutions increased with K growth. The growth rate is approximately linear; however, scheme A grows faster, while scheme B consistently maintains a significant advantage. Stability performance: different. Under the given values, the speedup of Solution B remains relatively stable (approximately 43%), indicating that Solution B maintains a stable optimization effect across different query sizes. The core reason for the difference is that Solution A uses Gaussian elimination, which has a computational complexity of O(n log n). Solution B uses a recursive calculation method, which has lower computational overhead and thus significantly reduces the overall running time.

[0186] Comparison of encrypted communication transmission volume between Scheme A and Scheme B.

[0187] Assume the database size is The number of hits is The ciphertext transmission volume during the query phase for the two schemes is as follows: (1) Scheme A (Gaussian elimination scheme).

[0188] The server sends the following to the client:

[0189] total:

[0190] (2) Scheme B (Newton's identity scheme).

[0191] The server sends the following to the client:

[0192] in As plaintext, it is not used in ciphertext transmission; therefore:

[0193] The comparison results are shown in Table 4.

[0194] Table 4

[0195] Comparative Conclusion: Compared with existing schemes based on solving linear equations, this invention demonstrates significant optimization in communication transmission. Existing schemes require the transmission of approximately 2K ciphertext parameters, while this invention only requires the transmission of K ciphertext idempotent sums (excluding plaintext counting information). Under the same query conditions, the ciphertext communication transmission volume is reduced by approximately 50%. Since the ciphertext data volume is much larger than the plaintext data, this optimization can significantly reduce network bandwidth usage and communication latency in practical systems, thereby improving the overall query efficiency of the system.

[0196] Compared with some existing solutions, the method of this invention effectively reduces computational complexity and depth by recursively calculating polynomial coefficients using Newton's identities under a known sequence of power sums, replacing the traditional method of constructing equation systems and performing Gaussian elimination. Specifically, this method reduces the time complexity of coefficient calculation from O(K³) to O(K²) and the computational depth from O(K²) to O(K), while reducing the number of encrypted parameters transmitted from the server to the user from 2K to K, resulting in a communication reduction of approximately 50%. Furthermore, this method significantly reduces storage overhead and avoids the pivoting and inverse operations required in Gaussian elimination in the modular domain, achieving a simpler and more stable algebraic solution. This invention achieves highly efficient collaboration across the entire process from power sum recursion and coefficient recovery to polynomial root finding, significantly improving the computational efficiency, communication performance, and engineering applicability of multi-result extraction from encrypted databases.

[0197] Compared with some existing solutions, the method of this invention establishes a recursive relationship between the idempotent sum sequence and polynomial coefficients by introducing Newton's identity. This optimizes the coefficient solving process from Gaussian elimination of traditional linear equations to linear recursive calculation, effectively solving the problem of multiple interactions or plaintext exposure required in existing solutions when extracting multiple results. This method only needs to transmit K ciphertext idempotent sum parameters to recover all polynomial coefficients, reducing communication volume by approximately 50% compared to existing solutions. The time complexity is reduced from O(K³+nK) to O(K²+nK), and the computational depth is reduced from O(K²) to O(K), significantly improving the computational efficiency and communication performance of ciphertext queries. Experimental results show that under the same query conditions, the running time of this method is stably reduced by 43%~45%, and it has advantages such as simple implementation, low storage overhead, and stable numerical processing, enhancing the engineering practicality and scalability of privacy-preserving queries in cloud environments.

[0198] To achieve the above invention, such as Figure 4 As shown, this embodiment also provides a multi-result extraction device 10 for encrypted database queries, applied on the server side. The device 10 includes: The query index building module 100 is used to receive encrypted query keywords sent by the user terminal, perform homomorphic matching calculations on each record in the ciphertext database using a fully homomorphic encryption algorithm, obtain a ciphertext flag indicating whether each row matches, and generate a query index table.

[0199] The hit count module 200 is used to perform homomorphic accumulation on the ciphertext flags in the query index table to obtain the hit count ciphertext, send the hit count ciphertext to the user terminal, and receive the hit count plaintext returned by the user terminal after decryption.

[0200] The idempotent sum calculation module 300 is used to select a prime number greater than the total number of records in the database as the modulus when the total number of hits in plaintext is greater than zero. In the modulo operation environment, it performs homomorphic exponentiation on the row identifier of each record in the query index table and multiplies it with the corresponding ciphertext flag, and then accumulates the results to calculate an idempotent sum sequence ciphertext of the same order as the total number of hits. The idempotent sum sequence ciphertext is then sent to the user terminal.

[0201] The query result extraction module 400 is used to receive the target row identifier set fed back by the user terminal, extract the corresponding encrypted data from the ciphertext database according to the target row identifier set and return it to the user terminal; wherein the target row identifier set is obtained by the user terminal decrypting the idempotent sum sequence ciphertext, using Newton's identity to recursively obtain the polynomial coefficients, constructing a polynomial with the hit row identifier as the root and solving it.

[0202] The apparatus of this invention realizes integrated encrypted retrieval of the entire process from index construction, hit statistics, idempotency sum calculation to result extraction, which significantly improves the security and efficiency of multi-result queries.

[0203] In the description of this specification, the references to terms such as "one embodiment," "some embodiments," "example," "specific example," or "some examples," etc., refer to specific features, structures, materials, or characteristics described in connection with that embodiment or example, which are included in at least one embodiment or example of the present invention. In this specification, the illustrative expressions of the above terms do not necessarily refer to the same embodiment or example. Furthermore, the specific features, structures, materials, or characteristics described may be combined in any suitable manner in one or more embodiments or examples. Moreover, without contradiction, those skilled in the art can combine and integrate the different embodiments or examples described in this specification, as well as the features of different embodiments or examples.

[0204] Furthermore, the terms "first" and "second" are used for descriptive purposes only and should not be construed as indicating or implying relative importance or implicitly specifying the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one of that feature. In the description of this invention, "a plurality of" means at least two, such as two, three, etc., unless otherwise explicitly specified.

Claims

1. A method for extracting multiple results from a encrypted database query, applied on the server side, characterized in that, include: The system receives encrypted query keywords sent by the user, performs homomorphic matching calculations on each record in the ciphertext database using a fully homomorphic encryption algorithm, obtains a ciphertext flag indicating whether each row matches, and generates a query index table. Homomorphically accumulate the ciphertext flags in the query index table to obtain the total number of hits ciphertext, send the total number of hits ciphertext to the user terminal, and receive the total number of hits plaintext returned by the user terminal after decryption. When the total number of plaintext hits is greater than zero, a prime number greater than the total number of records in the database is selected as the modulus. In the modulo operation environment, the row identifiers of each record in the query index table are subjected to homomorphic exponentiation and multiplied with the corresponding ciphertext flags and then accumulated to calculate an idempotent sequence ciphertext of the same order as the total number of hits. The idempotent sequence ciphertext is then sent to the user terminal. The system receives a set of target row identifiers from the user terminal, extracts the corresponding encrypted data from the ciphertext database based on the set of target row identifiers, and returns it to the user terminal. The set of target row identifiers is obtained by the user terminal decrypting the idempotent sum sequence ciphertext, using Newton's identity to recursively obtain the polynomial coefficients, constructing a polynomial with the hit row identifiers as roots, and solving it.

2. The method as described in claim 1, characterized in that, A fully homomorphic encryption algorithm is used to perform homomorphic matching calculations on each record in the ciphertext database, generating a query index table, including: Receive encrypted query keywords sent by the user client Calculate the first ciphertext in the database Encrypted data of the record and The difference in the encrypted data is divided by a preset upper bound. We obtain the normalized difference ciphertext; Perform a homomorphic symbolic function operation on the normalized difference ciphertext to obtain the symbolic ciphertext, and then use digital... ciphertext Subtract the corresponding ciphertext to obtain the matching flag. This makes the first When records match the query keywords ,otherwise ; row identifiers for each record Matching flags Combine to form a query index table ;in This represents the total number of records in the database.

3. The method as described in claim 1, characterized in that, Homomorphically sum the ciphertext flags in the query index table to obtain the total hit count ciphertext, and receive the total hit count plaintext, including: Query all matching flags in the index table Perform homomorphic addition to obtain the ciphertext of the total number of hits. ; Will The message is sent to the user's computer, allowing the user to use the saved private key to decrypt and obtain the plaintext total number of hits. ; Receive plaintext returned by the user client ,like The query will then terminate.

4. The method as described in claim 1, characterized in that, The idempotent sum sequence ciphertext is calculated and sent to the user terminal, including: when When, select one greater than prime numbers As a modulus; for For each record in the query index table, calculate the modulo power of the plaintext. and the corresponding ciphertext marker Perform homomorphic multiplication to obtain the intermediate ciphertext. ; Homomorphically sum the intermediate ciphertext of all records to obtain the th record. Ciphertext of power sums ; Will as well as It is sent to the user terminal as an idempotent sequence ciphertext.

5. The method as described in claim 1, characterized in that, The target row identifier set is obtained by the user terminal through the following methods: The client decrypts the received idempotent sum sequence ciphertext to obtain the plaintext idempotent sum sequence. ,satisfy ,in For the first one that meets the query criteria Individual row identifier; Set initial value ,for The coefficients of elementary symmetric polynomials are calculated recursively using Newton's identities: in for In the model Multiplicative inverse; according to Calculate the coefficients of the objective polynomial , Construct a polynomial: Using Horner's rule, identify all possible rows in the database. Substitute them into the simplified equations one by one Verification will be performed on all equations that satisfy the equation. Each root is used as the target row identifier set.

6. The method as described in claim 5, characterized in that, Calculating the coefficients of elementary symmetric polynomials recursively using Newton's identities Specifically: according to arrive In the order of calculation, obtain the calculated values ​​sequentially. and exponentiation Calculate the cumulative sum In the model Multiply by an integer Multiplicative inverse To obtain the current order coefficients until all are obtained. .

7. The method as described in claim 5, characterized in that, Verification is performed using Horner's rule, specifically as follows: Candidate row identifier Substitute into the nested polynomial expression, starting from the innermost layer Begin by performing multiplication layer by layer. Subtracting a coefficient results in the final calculation of the entire expression modulo 1. The value below; if the calculation result is If so, then the row identifier is determined to be the root; After traversing all candidate row identifiers, all roots are aggregated to form the target row identifier set.

8. The method as described in claim 1, characterized in that, Based on the target line identifier set, the corresponding encrypted data is extracted from the ciphertext database and returned to the user, including: Receive the target row identifier set, and sequentially retrieve the stored records from the encrypted database. Search for the row that matches the target row identifier. The system packages all the encrypted data found and sends it to the user's client so that the user can decrypt it using their local private key to obtain the plaintext query results.

9. The method as described in claim 4, characterized in that, Select one greater than prime numbers As a modulus, it includes: Get the total number of records in the encrypted database Select greater than The smallest prime number as the modulus This allows modular exponentiation, homomorphic accumulation, and user-side Newton's identity recursion and Horner's rule root finding to all be performed using modular exponentiation. The operation is performed within a finite field to ensure that there is no overflow and that the polynomial has a definite set of roots.

10. A multi-result extraction device for encrypted database queries, applied on a server side, characterized in that, include: The query index building module is used to receive encrypted query keywords sent by the user, use a fully homomorphic encryption algorithm to perform homomorphic matching calculations on each record in the ciphertext database, obtain a ciphertext flag indicating whether each row matches, and generate a query index table. The hit count module is used to perform homomorphic accumulation on the ciphertext flags in the query index table to obtain the hit count ciphertext, send the hit count ciphertext to the user terminal, and receive the hit count plaintext returned by the user terminal after decryption. The idempotent sum calculation module is used to select a prime number greater than the total number of records in the database as the modulus when the total number of plaintext hits is greater than zero. In the modulo operation environment, the module performs homomorphic exponentiation on the row identifier of each record in the query index table and multiplies it with the corresponding ciphertext flag, and then accumulates the results to calculate an idempotent sum sequence ciphertext of the same order as the total number of hits. The idempotent sum sequence ciphertext is then sent to the user terminal. The query result extraction module is used to receive the target row identifier set fed back by the user terminal, extract the corresponding encrypted data from the ciphertext database according to the target row identifier set, and return it to the user terminal; wherein the target row identifier set is obtained by the user terminal decrypting the idempotent sum sequence ciphertext, using Newton's identity to recursively obtain the polynomial coefficients, constructing a polynomial with the hit row identifier as the root, and solving it.