CN117993020B - Search method, device and equipment for home appliance network graph based on secure multi-party computing - Google Patents

Abstract

The present application relates to the field of information security technology, and discloses a method, device and equipment for searching a network diagram of a home appliance based on secure multi-party computing. The search method includes: receiving a query token sent by a client, and an encrypted network diagram of the home appliance; wherein the query token represents the index of the query device; determining the target encryption information in the encrypted network diagram according to the query token, and sending the target encryption information to the client, so that the client generates target decryption information according to the target encryption information and returns the target decryption information to the user end. The search method, device and equipment can ensure the security and privacy of the network diagram of the home appliance during transmission, so as to protect the privacy of the user while improving the efficiency and security of the search of the network diagram of the smart home appliance.

Description

Search method, device and equipment for home appliance network graph based on secure multi-party computing

Technical Field

The present application relates to the field of information security technology, and for example, to a method, device and apparatus for searching a home appliance network graph based on secure multi-party computing.

Background technique

In today's smart home environment, the security and privacy issues of smart home appliance networks are increasingly valued. With the popularity of smart home appliances, building network graphs between these home appliances has become the key to understanding and optimizing the interaction between devices in the home. However, such network graphs usually contain sensitive information, such as user's living habits and home layout, which will cause user information security and privacy issues when searching and analyzing network graphs.

In order to ensure user information security and user privacy, related technologies usually use private information search based on oblivious transfer protocol and homomorphic encryption. Specifically, the RSA n-choose-1 OT protocol is used in the privacy information retrieval scheme based on oblivious transfer to protect user privacy during the search process. However, the response time of related technology search is long, which makes it difficult for related technologies to ensure search efficiency and secure search while protecting user privacy.

It should be noted that the information disclosed in the above background technology section is only used to enhance the understanding of the background of the present application, and therefore may include information that does not constitute the prior art known to ordinary technicians in the field.

Summary of the invention

In order to provide a basic understanding of some aspects of the disclosed embodiments, a brief summary is given below. The summary is not an extensive review, nor is it intended to identify key/critical elements or delineate the scope of protection of these embodiments, but rather serves as a prelude to the detailed description that follows.

The embodiments of the present disclosure provide a method, apparatus and device for searching a network diagram of a home appliance based on secure multi-party computing, so as to improve the efficiency and security of searching a network diagram of a smart home appliance while protecting user privacy.

In some embodiments, a search method for a home appliance network graph based on secure multi-party computing is applied to the server side; the search method includes: receiving a query token sent by a client, and an encrypted network graph of the home appliance; wherein the query token represents the index of the query device; determining the target encryption information in the encrypted network graph according to the query token, and sending the target encryption information to the client, so that the client generates target decryption information according to the target encryption information and returns the target decryption information to the user side.

Optionally, the encrypted network map includes a first encryption array for storing the entire encrypted network map information and a second encryption array for verifying whether there are commonly connected devices in the case of a multi-device search; determining the target encrypted information in the encrypted network map based on the query token, including: determining the query token function corresponding to the query token; wherein the query token function includes a first query function representing querying the connected devices of a single device, a second query function representing querying the commonly connected devices of multiple devices, a third query function representing the sorting of connection results between a single device and a connected device, a fourth query function representing querying the correlation between two devices, and one or more of a fifth query function representing the maximum value of the correlation between multiple pairs of devices; determining the target encryption array in the encrypted network map based on the query token function; wherein the target encryption array includes the first encryption array and/or the second encryption array; based on the target encryption array, determining the target encryption information corresponding to the query token function.

Optionally, the home appliance includes multiple devices; wherein, when each device is connected to other devices, each device and all connected devices are provided with corresponding weight values; the server side includes multiple servers; wherein each server receives a part of the encrypted network diagram and a query token; the target encryption array in the encrypted network diagram is determined according to the query token function, including: when the query token function includes a first query function, determining the target encryption array as the first encryption array; and/or, when the query token function includes a second query function, determining the target encryption array as the first encryption array and the second encryption array; and/or, when the query token function includes a third query function, determining the target encryption array as the first encryption array; and/or, when the query token function includes a fourth query function, determining the target encryption array as the first encryption array and the second encryption array; and/or, when the query token function includes a fifth query function, determining the target encryption array as the first encryption array and the second encryption array.

Optionally, based on the target encryption array, the target encryption information corresponding to the query token function is determined, including: when the query token function includes a first query function, based on the first encryption array, searching for the encryption connection device of the query device corresponding to the first query function; determining the encryption connection device of the query device as the target encryption information; and/or, when the query token function includes a second query function, determining the target query device in the query device corresponding to the second query function; based on the first encryption array and the second encryption array, determining the target encryption information corresponding to the query token according to the target query device; and/or, when the query token function includes a third query function, based on the first encryption array, searching for the encryption serial number of the encryption connection device of the query device corresponding to the third query function; determining the encryption weight value corresponding to the encryption serial number; sorting the encryption weight values, and determining the encryption serial number corresponding to the sorted encryption weight value as the target encryption information ; and/or, in the case where the query token function includes a fourth query function, determine the first query device and the second query device corresponding to the fourth query function; respectively obtain the first encryption average weight value of the encryption connection device of the first query device, and the second encryption average weight value of the encryption connection device of the second query device; based on the first encryption array and the second encryption array, determine the encryption correlation between the first query device and the second query device according to the first encryption average weight value and the second encryption average weight value; determine the encryption correlation between the first query device and the second query device as the target encryption information; and/or, in the case where the query token includes a fifth query function, based on the first encryption array and the second encryption array, determine the encryption device pair with the greatest correlation among the multiple devices corresponding to the fifth query function; calculate the encryption correlation value of the encryption device pair with the greatest correlation; determine the encryption correlation value of the encryption device pair with the greatest correlation as the target encryption information.

In some embodiments, a search method for a home appliance network diagram based on secure multi-party computing is applied to a client; the search method includes: encrypting the network diagram of the home appliance, obtaining the encrypted network diagram of the home appliance, and sending the encrypted network diagram of the home appliance to a server; receiving a query request sent by a user; determining a query token corresponding to the query request, and sending the query token to a server; receiving target encryption information in the encrypted network diagram determined by the server according to the query token; generating target decryption information according to the target encryption information, and returning the target decryption information to the user.

Optionally, the home appliance includes multiple devices, wherein, when each device is connected to other devices, each device and all connected devices are set with corresponding weight values; the encrypted network diagram includes a first encryption array and a second encryption array; the network diagram of the home appliance is encrypted to obtain the encrypted network diagram of the home appliance, including: encrypting the network diagram of the home appliance to obtain first initial information, and storing the first initial information in the first initial array; encrypting the first initial array to obtain a first encrypted array corresponding to the first initial array; encrypting the serial number of each device and the connected device of each device in the home appliance diagram to obtain second initial information, and storing the second initial information and the average weight value of the connected device of each device to the second initial array to obtain a second encrypted array corresponding to the second initial array.

Optionally, determining the query token corresponding to the query request includes: determining the query device corresponding to the query request; generating an index of the query device in a network diagram of home appliances; and determining the index of the query device as the query token corresponding to the query request.

In some embodiments, a search method for a home appliance network graph based on secure multi-party computing is applied to a user end; the search method includes: sending a query request to the client so that the client determines the target decryption information corresponding to the query request; and receiving the target decryption information corresponding to the query request sent by the client.

In some embodiments, a search device for a home appliance network graph based on secure multi-party computing includes a processor and a memory storing program instructions, and the processor is configured to execute the search method for a home appliance network graph based on secure multi-party computing as described above when running the program instructions.

In some embodiments, a search device for a home appliance network graph based on secure multi-party computing includes: a device body, on which is installed a search device for a home appliance network graph based on secure multi-party computing as described above.

The home appliance network graph search method, device and apparatus provided by the embodiments of the present disclosure based on secure multi-party computing can achieve the following technical effects:

After the server receives the query token and the encrypted network diagram of the home appliance, it can search for the corresponding target encrypted information in the encrypted network diagram according to the query token. The target encrypted information contains part or all of the response data for the query request. In this embodiment, the target encrypted information represents the encrypted information of part or all of the response data for the query request. The server sends the target encrypted information back to the client. This allows the user to view the queried response information on the user side, thus ensuring the security and privacy of the home appliance network diagram during transmission to protect user privacy. At the same time, since the search method is based on an encrypted network diagram constructed using secure multi-party computing technology, the number of execution protocol interactions is reduced, and efficient and secure searches of smart home appliance network diagrams can be achieved.

The above general description and the following description are exemplary and explanatory only and are not intended to limit the present application.

BRIEF DESCRIPTION OF THE DRAWINGS

One or more embodiments are exemplarily described by corresponding drawings, which do not limit the embodiments. Elements with the same reference numerals in the drawings are shown as similar elements, and the drawings do not constitute a scale limitation, and wherein:

FIG1 is a schematic diagram of a system environment of a method for searching a home appliance network graph based on secure multi-party computing provided by an embodiment of the present disclosure;

FIG2 is a schematic diagram of a method for searching a home appliance network graph based on secure multi-party computing provided by an embodiment of the present disclosure;

FIG3 is a schematic diagram of another method for searching a home appliance network graph based on secure multi-party computing provided by an embodiment of the present disclosure;

FIG4 is a schematic diagram of another method for searching a home appliance network graph based on secure multi-party computing provided by an embodiment of the present disclosure;

FIG5 is a schematic diagram of another method for searching a home appliance network graph based on secure multi-party computing provided by an embodiment of the present disclosure;

FIG6 is a schematic diagram of a search device for a home appliance network graph based on secure multi-party computing provided by an embodiment of the present disclosure;

FIG. 7 is a structural block diagram of a device product provided by an embodiment of the present disclosure.

Detailed ways

In order to be able to understand the features and technical contents of the embodiments of the present disclosure in more detail, the implementation of the embodiments of the present disclosure is described in detail below in conjunction with the accompanying drawings. The attached drawings are for reference only and are not used to limit the embodiments of the present disclosure. In the following technical description, for the convenience of explanation, a full understanding of the disclosed embodiments is provided through multiple details. However, one or more embodiments can still be implemented without these details. In other cases, to simplify the drawings, well-known structures and devices can be simplified for display.

The terms "first", "second", etc. in the specification and claims of the embodiments of the present disclosure and the above-mentioned drawings are used to distinguish similar objects, and are not necessarily used to describe a specific order or sequence. It should be understood that the terms used in this way can be interchanged where appropriate, so that the embodiments of the embodiments of the present disclosure described herein. In addition, the terms "including" and "having" and any variations thereof are intended to cover non-exclusive inclusions.

Unless otherwise stated, the term "plurality" means two or more.

In the embodiment of the present disclosure, the character "/" indicates that the preceding and following objects are in an "or" relationship. For example, A/B indicates: A or B.

The term "and/or" is a description of the association relationship between objects, indicating that three relationships can exist. For example, A and/or B means: A or B, or, A and B.

The term "correspondence" may refer to an association relationship or a binding relationship. The correspondence between A and B means that there is an association relationship or a binding relationship between A and B.

It should be noted that, in the absence of conflict, the embodiments and features in the embodiments of the present disclosure may be combined with each other.

The following is an introduction to the technical terms involved in the embodiments of the present disclosure:

Network graph: It is a graphical structure consisting of nodes and edges. Usually, nodes in a network graph represent devices or entities, and edges show the relationship or connection between nodes. In formal definition, a network graph can be defined as an undirected graph consisting of a set of nodes and a set of edges, which can be expressed as ,in, Represents a network diagram, represents a node set, Represents an edge set.

Secure Multi-Party Computation (SMC or MPC) is an advanced cryptographic technology that performs collaborative computing between multiple participants who do not trust each other. Each participant has their own private input data, but they want to jointly calculate the result of a public function without exposing their own input data. In short, secure multi-party computing allows each party to perform joint computing without knowing the other party's original data, and only obtains the calculation result without knowing the other party's specific input.

The search method for a home appliance network graph based on secure multi-party computing provided in an embodiment of the present disclosure is mainly applied to devices (e.g., home appliances, especially smart home appliances), wherein the home appliances include multiple devices. There may be a connection relationship between multiple devices. The search method is a multi-terminal interactive search method, as shown in FIG1 , and the search method realizes the interaction between the server 104, the client 105, and the user 103.

The embodiment of the present disclosure provides a method for searching a home appliance network graph based on secure multi-party computing, which is applied to a server. As shown in FIG2 , the method includes:

S201, the server receives the query token sent by the client and the encrypted network diagram of the home appliance.

Among them, the query token represents the index of the queried device. Exemplarily, the query token is determined according to the query request. It can be understood that the query token is an encrypted index identifier, which is generated by the client according to the user's query request and corresponds to a specific device or network information. When the server receives this query token, it can decode the query token to find the location pointed to in the encrypted network map. Since the query request issued by the user end includes the device that the user wants to query, that is, the query device. Therefore, when the client receives the query request issued by the user end, it encrypts the query request and obtains the query token, which can be expressed as the index of the query device, and sends the query token to the server end. By setting the query token, the query request issued by the user end is encrypted and encapsulated, so that the security of the data can be guaranteed and it can also serve as the basis for the subsequent server end to find and transmit the encrypted information of the corresponding device.

The encrypted network graph of the home appliances is in a searchable and encrypted form. Encryption technology and secure multi-party computing technology are used to construct the encrypted network graph corresponding to the network graph of the home appliances.

S202, the server determines the target encryption information in the encrypted network diagram according to the query token, and sends the target encryption information to the client, so that the client generates the target decryption information according to the target encryption information and returns the target decryption information to the user.

In the above-mentioned public embodiment, after the server receives the query token and the encrypted network diagram of the home appliance, it can search for the corresponding target encrypted information in the encrypted network diagram according to the query token. The target encrypted information contains part or all of the response data for the query request. In this embodiment, the target encrypted information represents the encrypted information of part or all of the response data for the query request. The server sends the target encrypted information back to the client. This allows the user to view the queried response information on the user side, thus ensuring the security and privacy of the home appliance network diagram during the transmission process to protect user privacy. At the same time, since the scheme is based on an encrypted network diagram constructed by secure multi-party computing technology, the number of execution protocol interactions is reduced, and efficient and secure searches of smart home appliance network diagrams can be achieved.

Optionally, the encrypted network diagram includes a first encryption array for storing the entire encrypted network diagram information and a second encryption array for verifying whether there are commonly connected devices in the case of multi-device search. In this way, even if the data of the encrypted network diagram obtained by encryption is leaked, the attacker cannot directly obtain the actual layout of the network or the relationship between the devices, thereby greatly enhancing network security. At the same time, due to the setting of the second encryption array, when the user has the need to search multiple devices, the commonly connected devices of multiple devices can be verified, so that the response results returned to the user are more accurate.

Optionally, the server side determines the target encrypted information in the encrypted network graph according to the query token, including: determining the target encrypted array in the encrypted network graph according to the query token. Based on the target encrypted array, determining the target encrypted information corresponding to the query token.

The target encryption array includes a first encryption array and/or a second encryption array.

In this disclosed embodiment, since the query token can express the user's query requirements, the corresponding encrypted data area, that is, the target encrypted array, can be located in the encrypted network diagram according to the query token. According to the query token, it may be necessary to access only one of the encrypted arrays in the encrypted network diagram, or it may be necessary to access both arrays at the same time. In this way, by preferentially determining the target encrypted array, and then determining the target encrypted information corresponding to the query token according to the target encrypted array, the search efficiency can be improved.

Optionally, when each device is connected to other devices, each device and all connected devices are provided with corresponding weight values. Exemplarily, the weight value indicates the degree of connection between the device and the connected devices.

Optionally, the query request includes one or more of: querying the connected devices of a single device, querying the commonly connected devices of multiple devices, sorting the connection results of a single device and a connected device, querying the correlation between two devices, and querying the maximum value of the correlation between multiple pairs of devices. During the query stage, the user can generate different query functions according to the above query requests. It is understandable that a corresponding query token can be generated according to the query request, and a corresponding query token function is generated based on the query token. Among them, the query token includes a first query token for querying a single device and a second query token for querying multiple devices. For example, the function corresponding to the first query token is the first query function; the function corresponding to the second query token is the second query function; if a sorting function is added on the basis of the first query token, the corresponding function is the third query function; if a correlation query function is added on the basis of the first query token, the corresponding function is the fourth query function; if a correlation and sorting function are added on the basis of the second query token, the corresponding function is the fifth query function.

Optionally, the query token function includes a first query function representing querying the connected devices of a single device, a second query function representing querying the commonly connected devices of multiple devices, a third query function representing the sorting of connection results between a single device and a connected device, a fourth query function representing querying the correlation between two devices, and a fifth query function representing querying the maximum value of the correlation between multiple pairs of devices.

Optionally, the server side includes three servers, namely a first server, a second server and a third server, each server receiving a partial encrypted network graph, so that the three servers receive a complete encrypted network graph. At the same time, each server receives a query token. In the disclosed embodiment, the client is trustworthy. Specifically, the client is maintained by a smart home appliance network service provider, and all users submit their queries through an application. Three servers are set up, and each server receives a partial encrypted network graph and a query token, taking full account of the impact of the honest majority and non-collusion threat model. The honest majority and non-collusion threat model means that at most only one of the three cloud servers may be malicious, and the remaining servers are semi-honest and comply with the protocol for the query process, and will not share any information with other servers in the protocol.

Optionally, the server determines the target encryption array in the encrypted network diagram according to the query token function, including: when the query token function includes the first query function, determining the target encryption array to be the first encryption array. And/or, when the query token function includes the second query function, determining the target encryption array to be the first encryption array and the second encryption array. And/or, when the query token function includes the third query function, determining the target encryption array to be the first encryption array. And/or, when the query token function includes the fourth query function, determining the target encryption array to be the first encryption array and the second encryption array. And/or, when the query token function includes the fifth query function, determining the target encryption array to be the first encryption array and the second encryption array.

In the disclosed embodiment, different query token functions are set to correspond to different target encryption arrays. By checking the type of the query token function, the client can accurately locate the required encryption array in the encrypted network diagram and unlock the corresponding encrypted information accordingly.

Optionally, the server side determines the target encryption information corresponding to the query token function based on the target encryption array, including: when the query token function includes a first query function, based on the first encryption array, searching for the encryption connection device of the query device corresponding to the first query function; and determining the encryption connection device of the query device as the target encryption information.

Exemplarily, based on the first encryption array, searching for the encryption information of all devices connected to the query device corresponding to the first query function is expressed as: <t>←TSetRetrieve(<TSet>,stag(w)). Wherein, <t> represents the encrypted connection device list of the query device, including arrays representing id and Sortkey, id represents the serial number of the connected device of the device, Sortkey represents the weight value of the device and the connected device, TSetRetrieve represents the search function, <TSet> represents the first encryption array, stag(w) represents the first query function, and w is the query device.

Understandably, Indicates equal to.

In this disclosed embodiment, when the server receives stag(w), it can accurately find the connection device information of the query device by calculating TSetRetrieve(stag(w)) and restore it to <t>, so as to retrieve the encrypted connection device list <t> of the query device, and send <t> as the target encrypted information to the client.

It should be noted that, when the client receives the target encrypted information, the client reconstructs the original result based on the encrypted serial number and weight value share of the connected device. That is, the client uses the replicated secret sharing technology in secure multi-party computing to restore the secret value to a plaintext value by adding the serial number and weight value of the connected device to the received secret value.

In the above disclosed embodiment, the above method is used to achieve a secure search for connected devices of a single device, thereby protecting user privacy.

Optionally, the server side determines the target encryption information corresponding to the query token function based on the target encryption array, including: when the query token function includes a second query function, determining the target query device in the query device corresponding to the second query function; based on the first encryption array and the second encryption array, determining the target encryption information corresponding to the query token according to the target query device.

Exemplarily, based on the first encryption array and the second encryption array, determining the target encrypted information corresponding to the query token function according to the target query device includes: based on the first encryption array, searching for the encrypted target connection device of the target query device, and sending the encrypted target connection device to the client, so that the client generates an encrypted token that matches the encrypted target connection device with the remaining query devices in the query device; receiving the encrypted token that matches the target connection device sent by the client with the remaining query devices in the query device; based on the second encryption array, determining the matching status of the target connection device with the remaining query devices in the query device; when there is a device in the target connection device that successfully matches the remaining query devices in the query device, determining the encrypted device that successfully matches the remaining query devices in the query device as the target encryption information.

Exemplarily, determining the target query device among the query devices corresponding to the second query function includes: estimating the device with the least number of connected devices among the query devices, and using the device with the least number of connected devices as the target query device. Alternatively, randomly selecting a preset device among the query devices, and using the preset device as the target query device. Alternatively, selecting the target query device among the query devices based on an inadvertent cross-label protocol.

Specifically, the form of multiple device search is w ₁ ,…,w _n , where n represents the total number of multiple devices and w ₁ represents the target query device. The three servers perform the following steps in sequence:

Step 1: Calculation ;

Step 2: Sent to the client to generate an encrypted token that matches the target connection device with the rest of the querying devices ,in, , , Indicates the remaining query devices. Indicates the number of connected devices of the target query device;

Step 3: Receive the encrypted token from the target connection device and match it with the rest of the querying devices in the querying device ;

Step 4: From Medium recovery ;in, Represents a variable; Indicates the average encryption weight value of the connected devices of the device;

Step 5: Determine if : ;in, Represents the second encrypted array;

Step 6: If yes, send and to the client.

Optionally, the server determines the target encrypted information corresponding to the query token function based on the target encryption array, including: when the query token function includes the third query function, searching for the encryption sequence number of the encryption connection device of the query device corresponding to the third query function based on the first encryption array. Determine the encryption weight value corresponding to the encryption sequence number. Sort the encryption weight values, and determine the encryption sequence number corresponding to the sorted encryption weight value as the target encrypted information.

For example, the weight values are sorted using a forgetting radix sorting algorithm. This can improve the sorting performance. right Sorting is performed and the sorting results are sent to the client. After the client receives the secret share of the query result, the true value is restored locally using the replicated secret sharing technology and sorting is performed.

Exemplarily, using the forgetting radix sorting algorithm to sort the weight values includes: three servers negotiate a domain , and select an element in the domain ,in, The secret vector is converted into Decompose into secret bits. Use the bit domain conversion protocol to convert the secret bits into a shared value on the preset domain. The three servers set up a shared vector that stores the original position of each row (where Sort all It can be regarded as a vector of a times 1, with a total of a rows, and sorting it is to sort each row Sorting), the shared vector acts like a pointer. Three servers are constructed The corresponding matrix ,in, , to calculate the target position. Assume matrix is a vector The matrix representation of . ,in, , use the following conditions to transform the vector Convert to Matrix :

Among them, the bit decomposition protocol: converts the shared input value into shared bits. , the output consists of multiple bits ,satisfy:

The process of running this protocol is represented as:

Bit-domain conversion protocol: The input of the bit-domain conversion protocol is a shared bit on one domain, and the output is a shared bit on another domain. Assume that the input is domain Bit , the output is the domain Shared bits on The process of running this protocol is represented as:

Through the above method, we obtain After that, in the first encrypted array, the three servers apply the target calculation protocol to calculate the target position, and the input vector Convert to a sequentially arranged vector The three servers apply the exposed sorting protocol to sort the data according to the target location. , ,according to The value of determines the size of Sorted matrix.

Reveal Sorting Protocol: Sorts data according to target position, effectively constructing a presentation order. The input of this protocol is two secret values and During execution, the shuffle protocol is first used to shuffle , and then use the reveal protocol to reveal the scrambled To obtain , and according to Get the sorted The process of running this protocol is represented as:

Revealing the protocol: When evaluating two secret input values and When the relative sizes of , extract the most significant bit (MSB) of their difference. By evaluating the most significant bit, determine and By exposing the sorting protocol, the comparison process is simplified to only the difference Compare with 0. If the most significant bit of the difference between the two values is 0, it indicates more than the ; On the contrary, if the most significant bit is , then it means more than the .variable Indicates the most significant bit result obtained. The process of running this protocol is expressed as:

Specifically, the weight values are sorted using the forgetting radix sorting algorithm, and the three servers perform the following steps in sequence:

Step 1: Negotiate a domain ; and select an element in the domain ,in, ,and The bit length is ;

Step 2: According to

, ,make replace ;

Step 3: , ;

Step 4: Negotiate a secret vector value , ;

Step 5: Determine For j∈[1,l] do;

Step 6: Convert to ;

Step 7: OK ;

Step 8: OK

in, represents two column vectors connected horizontally;

Step 9: Output .

Optionally, the server determines the target encryption information corresponding to the query token function based on the target encryption array, including: when the query token function includes the fourth query function, determining the first query device and the second query device corresponding to the fourth query function. Obtaining the first encryption average weight value of the encryption connection device of the first query device and the second encryption average weight value of the encryption connection device of the second query device respectively. Based on the first encryption array and the second encryption array, determining the encryption correlation between the first query device and the second query device according to the first encryption average weight value and the second encryption average weight value. Determine the encryption correlation between the first query device and the second query device as the target encryption information.

Exemplarily, the correlation between the first query device and the second query device is calculated according to the following formula:

Wherein, a represents the first query device, b represents the second query device, and z(a, b) represents the correlation between the first query device and the second query device. Indicates the average weight value of the first query device, Indicates the average weight value of the second query device. It can be understood that:

in, Indicates the device of all connected devices.

Specifically, in the case where the query token function includes the fourth query function, based on the target encryption array, the target encryption information corresponding to the query token function is determined, and the three servers sequentially perform the following steps:

Step 1: Determine the first encrypted average weight value of the first query device , the second encrypted average weight value of the second query device , and the secret value in the device release list of the first query device and the second query device connected together , …, , …, , where n is the number of co-connected devices, Is the first query device and The encryption weight value of the commonly connected devices, Yes Equipment and The encryption weight value of each connected device;

Step 2: Use the secure addition and multiplication protocol with replicated secret sharing to compute the intermediate variables , and ;in,

; ; ;

Step 3: According to and Sure ; and output .

Optionally, the server determines the target encrypted information corresponding to the query token function based on the target encryption array, including: when the query token function includes the fifth query function, based on the first encryption array and the second encryption array, comparing the correlation values of all devices with the query device. Selecting the maximum value of the correlation values of all devices with the query device, and determining the encrypted information of the maximum value of the correlation values of all devices with the query device as the target encrypted information.

Optionally, the server determines the target encryption information corresponding to the query token function based on the target encryption array, including: determining the encryption device pair with the greatest correlation among the multiple devices corresponding to the fifth query function based on the first encryption array and the second encryption array. Calculating the encryption correlation value of the encryption device pair with the greatest correlation. Determining the encryption correlation value of the encryption device pair with the greatest correlation as the target encryption information.

In the above-mentioned disclosed embodiment, since the communication volume consumed in secure multi-party computing is very large, first determining the encryption device pair with the greatest correlation among the multiple devices corresponding to the fifth query function, and then determining the encryption correlation value of the device pair with the greatest correlation can improve the comparison efficiency.

Exemplarily, the encryption device pair with the greatest correlation is determined by traversal comparison, thereby obtaining the encryption correlation value of the device pair with the greatest correlation. Specifically, the three servers calculate ,in, Indicates a pair of devices that have a correlation and Initialize to maximum value For each device pair, the relevant value , calculate the numerator of the correlation value for each device pair, and use the most significant bit (MSB) technique to determine the sign of the numerator. For example, if , then the numerator is positive; otherwise it is negative. The three servers use the domain conversion protocol to convert the numerator Convert to arithmetic share and process its value to calculate , if the numerator is negative, set it to zero; if it is positive, keep the original value. Maximum correlation with the current Comparison avoids square root and division operations. and The numerator and denominator of are squared and cross-multiplied, and the larger result is recorded as After traversal, the three servers obtain the final maximum correlation value .

In the above disclosed embodiments, by converting operations from division and square root to multiplication, computational and communication overheads are significantly reduced, thereby improving efficiency.

Specifically, when the query token function includes the fifth query function, based on the target encryption array, the target encryption information corresponding to the query token function is determined, and the three servers perform the following steps in sequence:

Step 1: Preset = ;

Step 2: Get i∈[3,|w|];

Step 3: Get

;

Step 4: Get

;

Step 5: Get ;

Step 6: Get ;

Step 7: Get ;

Step 8: Get

;

Step 9: Get

;

Step 10: Get ;

Step 11: Get ;

Step 12: Get

;

Step 13: Output >.

Optionally, based on the target encryption array, determining the target encryption information corresponding to the query token function includes: when the query token function includes a first query function, based on the first encryption array, searching for the encryption connection device of the query device corresponding to the first query function; determining the encryption connection device of the query device as the target encryption information. When the query token function includes a second query function, determining the target query device in the query device corresponding to the second query function; based on the first encryption array and the second encryption array, determining the target encryption information corresponding to the query token function according to the target query device. When the query token function includes a third query function, based on the first encryption array, searching for the encryption serial number of the encryption connection device of the query device corresponding to the third query function; determining the encryption weight value corresponding to the encryption serial number; sorting the encryption weight values, and determining the encryption serial number corresponding to the sorted encryption weight value as the target encryption information. In the case where the query token function includes the fourth query function, determine the first query device and the second query device corresponding to the fourth query function; obtain the first encryption average weight value of the encryption connection device of the first query device and the second encryption average weight value of the encryption connection device of the second query device respectively; based on the first encryption array and the second encryption array, determine the encryption correlation between the first query device and the second query device according to the first encryption average weight value and the second encryption average weight value; determine the encryption correlation between the first query device and the second query device as the target encryption information. In the case where the query token function includes the fifth query function, determine the encryption device pair with the greatest correlation among the multiple devices corresponding to the fifth query function based on the first encryption array and the second encryption array; calculate the encryption correlation value of the encryption device pair with the greatest correlation; determine the encryption correlation value of the encryption device pair with the greatest correlation as the target encryption information.

The embodiment of the present disclosure provides a method for searching a home appliance network graph based on secure multi-party computing, which is applied to a client. As shown in FIG3 , the method includes:

S301, the client encrypts the network diagram of the home appliance to obtain the encrypted network diagram of the home appliance, and sends the encrypted network diagram of the home appliance to the server.

S302: The client receives a query request sent by the user.

S303, the client determines the query token corresponding to the query request, and sends the query token to the server.

S304, the client receives the target encryption information in the encrypted network graph determined by the server according to the query token.

S305, the client generates target decryption information according to the target encryption information, and returns the target decryption information to the user end.

In the above disclosed embodiment, the client first performs a secure encryption operation on the network diagram of the home appliance to protect data privacy and security. After the encryption is completed, the client transmits the encrypted network diagram to the server for storage, so that only entities with decryption authority can obtain the original information, effectively preventing unauthorized access and tampering.

Optionally, the client encrypts the network diagram of the home appliance to obtain the encrypted network diagram of the home appliance, including: encrypting the network diagram of the home appliance to obtain first initial information, and storing the first initial information in a first initial array; encrypting the first initial array to obtain a first encrypted array corresponding to the first initial array; encrypting the serial number of each device and each device's connected device in the home appliance diagram to obtain second initial information, and storing the second initial information and the average weight value of each device's connected device in the second initial array to obtain a second encrypted array corresponding to the second initial array.

The first initial information includes the encryption serial number of the encryption connection device of each device, the encryption weight value, the verification variable and the encryption average weight value of the connection device of each device.

Exemplarily, secure multi-party computing is used to implement encryption processing of the network diagram of home appliances by the client. Specifically, it includes: creating two empty arrays: a first initial array and a second initial array. For each device in all the devices in the home appliance network diagram, a pseudo-random function is used to generate the index of the device. The average weight value of the connected devices of each device is calculated. The connected devices and the average weight value of each device are converted into a secret value using a replicated secret sharing technique. The secret value and the verification variable are stored in a first initial array, and the first initial array is encrypted to obtain a first encrypted array corresponding to the first initial array. And/or, by using a pseudo-random function to encrypt the serial number of each device and the connected device of each device, a second initial information is generated, and the second initial information is stored in the first initial array. In addition, the average weight value of the connected devices of each device is added to the first initial array to obtain a second encrypted array corresponding to the second initial array.

Among them, the verification variable represents a blind value, expressed as ,in, , Z _c is the value obtained by encrypting w and counter c using a pseudo-random function, w represents each device in all the devices in the home appliance network diagram, and xind _c is the value obtained by encrypting id using a pseudo-random function.

It can be understood that after the index of the device is generated using a pseudo-random function, if the device is a query device, the index of the device is the query token.

In the above disclosed embodiment, by presetting the average weight value of the connected devices of each device, the response time of the device correlation search function can be optimized. By obtaining the first encrypted array, more information about the first initial array can be hidden. and its corresponding device information, while ensuring that the query token is available, such as , which can be used to retrieve By adding the average weight value of the connected devices of each device to the first initial array, the different weights of the devices commonly connected to two devices can be obtained when searching for multiple devices. ,thus facilitating the device correlation search function.,Finally, the client outputs the encrypted network graph to the three servers,respectively.

Specifically, when obtaining the encrypted network diagram of the home appliance, the client performs the following steps in sequence:

Step 1: Choose a random key ,for Choose a random key , , (Range is ),choose As a generator of cyclic groups of prime numbers; where b represents the first pseudo-random function, represents a second pseudo-random function;

Step 2: Initialization As an empty array, that is, the first initial array; initialize As an empty set, i.e. the second initial array;

Step 3: Determine ;

Step 4: Calculation ;in, Represents a network diagram;

Step 5: Setup ;

Step 6: Convert to secret value ;

Step 7: Convert to secret value ;

Step 8: Convert to secret value ;

Step 9: Setup , , ;

Step 10: Add to middle;

Step 11: Setup ;in, represents the first initial information; and Store into the first initial array;

Step 12: ; To encrypt the first initial array to obtain a first encrypted array corresponding to the first initial array ;

Step 13: Output ; For the second encrypted array.

Optionally, the client determines the query token corresponding to the query request, including: determining the query device corresponding to the query request; generating an index of the query device in a network diagram of the home appliance; and determining the index of the query device as the query token corresponding to the query request.

Exemplarily, the index of the query device in the network diagram of the generated home appliance is expressed as: stag(w)←TSetGetTag(K _T ,w), where w represents the query device, K _T represents the preset key, TSetGetTag represents the encryption function, and stag(w) represents the index of the query device, i.e., the query token.

The embodiment of the present disclosure provides a method for searching a home appliance network graph based on secure multi-party computing, which is applied to a user end. As shown in FIG4 , the search method includes:

S401, the user end sends a query request to the client end, so that the client end determines the target decryption information corresponding to the query request.

S402: The user end receives the target decryption information corresponding to the query request sent by the client end.

In the above disclosed embodiment, the user initiates a query request at the user end, the client processes the query and returns the decrypted target decryption information to the user end, ensuring effective response and processing of data security and user query requirements.

The embodiment of the present disclosure provides a method for searching a home appliance network graph based on secure multi-party computing, which is applied to the interaction between a server, a user, and a client. As shown in FIG5 , the search method includes:

S501, the client encrypts the network diagram of the home appliance to obtain the encrypted network diagram of the home appliance.

S502, the client sends the encrypted network diagram of the home appliance to the server.

S503, the server receives the encrypted network diagram of the home appliance.

S504, the user end sends a query request to the client end.

S505: The client receives the query request sent by the user.

S506: The client determines the query token corresponding to the query request.

S507: The client sends the query token to the server.

S508: The server receives the query token sent by the client.

S509, the server determines the target encrypted information in the encrypted network graph according to the query token.

S510, the server sends the target encrypted information to the client.

S511, the client receives the target encryption information in the encrypted network graph determined by the server according to the query token.

S512: The client generates target decryption information according to the target encryption information.

S513, the client returns the target decrypted information to the user end.

S514, the user terminal receives the target decryption information corresponding to the query request.

In the above public embodiment, the client encrypts the home appliance network diagram through the SMC technology, so that the original sensitive information cannot be directly interpreted by unauthorized parties even during network transmission and storage. The client uploads the encrypted network diagram to the server, ensuring the data security of cloud storage. When the user initiates a query request, only the necessary query instructions are transmitted, and no specific sensitive information is involved. In addition, the client generates a unique query token based on the user's query request. The token is designed to comply with the SMC principle. It can represent the query request but does not disclose the actual query content. The client sends the query token to the server. Based on the received query token, the server locates the corresponding target encrypted information in the encrypted network diagram without decrypting the entire network diagram, reducing the risk of information leakage. After receiving the target encrypted information returned by the server, the client decrypts the target encrypted information and generates target decrypted information, ensuring that only legal and authorized clients can obtain real data. Finally, what is received by the user is the target decrypted information decrypted through a secure computing process, which meets the user's demand for searching the home appliance network diagram, and effectively guarantees the privacy and security of the data during the flow process, as well as the search efficiency.

As shown in FIG6 , an embodiment of the present disclosure provides a search device 300 for a home appliance network graph based on secure multi-party computing, including a processor 600 and a memory 601. Optionally, the device may also include a communication interface 602 and a bus 603. The processor 600, the communication interface 602, and the memory 601 may communicate with each other through the bus 603. The communication interface 602 may be used for information transmission. The processor 600 may call the logic instructions in the memory 601 to execute the search method for a home appliance network graph based on secure multi-party computing of the above embodiment.

In addition, the logic instructions in the memory 601 described above can be implemented in the form of software functional units and can be stored in a computer-readable storage medium when sold or used as an independent product.

The memory 601 is a computer-readable storage medium that can be used to store software programs and computer executable programs, such as program instructions/modules corresponding to the method in the embodiment of the present disclosure. The processor 600 executes the function application and data processing by running the program instructions/modules stored in the memory 601, that is, the search method of the home appliance network graph based on secure multi-party computing in the above embodiment is implemented.

The memory 601 may include a program storage area and a data storage area, wherein the program storage area may store an operating system and an application required for at least one function; the data storage area may store data created according to the use of the terminal device, etc. In addition, the memory 601 may include a high-speed random access memory and may also include a non-volatile memory.

As shown in FIG7 , an embodiment of the present disclosure provides a search device 1 for a home appliance network graph based on secure multi-party computing, including: a device body. The device body is installed with the above-mentioned search device 300 for a home appliance network graph based on secure multi-party computing. The installation relationship described here is not limited to placement inside the device body, but also includes installation connections with other components of the device 1, including but not limited to physical connections, electrical connections, or signal transmission connections, etc. Those skilled in the art can understand that the search device 300 for a home appliance network graph based on secure multi-party computing can be adapted to a feasible device body, thereby realizing other feasible embodiments.

An embodiment of the present disclosure provides a computer-readable storage medium storing computer-executable instructions, wherein the computer-executable instructions are configured to execute the above-mentioned method for searching a home appliance network diagram based on secure multi-party computing.

The technical solution of the embodiment of the present disclosure can be embodied in the form of a software product, which is stored in a storage medium and includes one or more instructions for enabling a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the method described in the embodiment of the present disclosure. The aforementioned storage medium may be a non-transitory storage medium, such as: a USB flash drive, a mobile hard disk, a read-only memory (ROM, Read-Only Memory), a random access memory (RAM, Random Access Memory), a disk or an optical disk, and other media that can store program codes.

The above description and the accompanying drawings fully illustrate the embodiments of the present disclosure so that those skilled in the art can practice them. Other embodiments may include structural, logical, electrical, process and other changes. The embodiments represent possible changes only. Unless explicitly required, separate components and functions are optional, and the order of operations may vary. Parts and features of some embodiments may be included in or replace parts and features of other embodiments. Moreover, the words used in this application are only used to describe the embodiments and are not used to limit the claims. As used in the description of the embodiments and the claims, unless the context clearly indicates, the singular forms of "a", "an" and "the" are intended to include plural forms as well. Similarly, the term "and/or" as used in this application refers to any and all possible combinations of one or more associated listings. In addition, when used in this application, the term "comprise" and its variants "comprises" and/or comprising refer to the presence of stated features, wholes, steps, operations, elements, and/or components, but do not exclude the presence or addition of one or more other features, wholes, steps, operations, elements, components and/or groups thereof. In the absence of further restrictions, the elements defined by the sentence "including one..." do not exclude the presence of other identical elements in the process, method or device including the elements. In this article, each embodiment may focus on the differences from other embodiments, and the same and similar parts between the embodiments may refer to each other. For the methods, products, etc. disclosed in the embodiments, if they correspond to the method part disclosed in the embodiments, the relevant parts can refer to the description of the method part.

Those skilled in the art will appreciate that the units and algorithm steps of each example described in conjunction with the embodiments disclosed herein can be implemented in electronic hardware, or a combination of computer software and electronic hardware. Whether these functions are performed in hardware or software may depend on the specific application and design constraints of the technical solution. The technicians may use different methods for each specific application to implement the described functions, but such implementations should not be considered to exceed the scope of the embodiments of the present disclosure. The technicians may clearly understand that for the convenience and simplicity of description, the specific working processes of the systems, devices and units described above can refer to the corresponding processes in the aforementioned method embodiments, and will not be repeated here.

In the embodiments disclosed herein, the disclosed methods and products (including but not limited to devices, equipment, etc.) can be implemented in other ways. In addition, the coupling or direct coupling or communication connection between each other shown or discussed can be an indirect coupling or communication connection through some interfaces, devices or units, which can be electrical, mechanical or other forms. The units described as separate components may or may not be physically separated, and the components displayed as units may or may not be physical units, that is, they may be located in one place, or they may be distributed on multiple network units. Some or all of the units may be selected according to actual needs to implement this embodiment. In addition, the functional units in the embodiments disclosed herein may be integrated into a processing unit, or each unit may exist physically separately, or two or more units may be integrated into one unit.

The flowchart and block diagram in the accompanying drawings show the possible architecture, function and operation of the system, method and computer program product according to the embodiment of the present disclosure. In this regard, each box in the flowchart or block diagram can represent a module, a program segment or a part of the code, and the module, the program segment or a part of the code contains one or more executable instructions for realizing the specified logical function. In some alternative implementations, the functions marked in the box can also occur in a different order from the order marked in the accompanying drawings. For example, two consecutive boxes can actually be executed substantially in parallel, and they can sometimes be executed in the opposite order, which can depend on the functions involved. In the description corresponding to the flowchart and the block diagram in the accompanying drawings, the operations or steps corresponding to different boxes can also occur in a different order from the order disclosed in the description, and sometimes there is no specific order between different operations or steps. For example, two consecutive operations or steps can actually be executed substantially in parallel, and they can sometimes be executed in the opposite order, which can depend on the functions involved. Each block in the block diagrams and/or flowcharts, and combinations of blocks in the block diagrams and/or flowcharts, may be implemented by a dedicated hardware-based system that performs the specified functions or actions, or may be implemented by a combination of dedicated hardware and computer instructions.

Claims (8)

1. A method for searching a home appliance network graph based on secure multi-party computing, applied to a server; the method comprising: Receive a query token sent by a client, and an encrypted network map of the home appliance; wherein the query token is determined according to the query request; the query token represents an index of the query device; the encrypted network map includes a first encrypted array for storing the entire encrypted network map information and a second encrypted array for verifying whether there is a common connected device in the case of a multi-device search; Determine the target encrypted information in the encrypted network diagram according to the query token, and send the target encrypted information to the client, so that the client generates target decrypted information according to the target encrypted information and returns the target decrypted information to the user end; the target encrypted information includes part or all of the response data for the query request; Determine the target encrypted information in the encrypted network graph based on the query token, including: Determine the query token function corresponding to the query token; determine the target encryption array in the encrypted network diagram according to the query token function; wherein the target encryption array includes the first encryption array and/or the second encryption array; based on the target encryption array, determine the target encryption information corresponding to the query token function. 2. The search method according to claim 1 is characterized in that the query token function includes one or more of a first query function representing querying the connected devices of a single device, a second query function representing querying the commonly connected devices of multiple devices, a third query function representing the sorting of connection results between a single device and a connected device, a fourth query function representing querying the correlation between two devices, and a fifth query function representing the maximum value of the correlation between multiple pairs of devices. 3. The search method according to claim 2 is characterized in that the home appliance includes a plurality of devices; wherein, when each device is connected to other devices, each device and all connected devices are provided with corresponding weight values; the server side includes a plurality of servers; wherein each server receives a portion of the encrypted network graph and a query token; determining a target encrypted array in the encrypted network graph according to a query token function comprises: In the case where the query token function includes a first query function, determining the target encryption array to be a first encryption array; and/or, In the case where the query token function includes a second query function, determining the target encryption array to be the first encryption array and the second encryption array; and/or, In the case where the query token function includes a third query function, determining the target encryption array to be the first encryption array; and/or, In the case where the query token function includes a fourth query function, determining the target encryption array to be the first encryption array and the second encryption array; and/or, In the case where the query token function includes the fifth query function, the target encryption array is determined to be the first encryption array and the second encryption array. 4. The search method according to claim 2, characterized in that, based on the target encryption array, determining the target encryption information corresponding to the query token function comprises: In the case where the query token function includes a first query function, searching for an encrypted connection device of a query device corresponding to the first query function based on a first encryption array; determining the encrypted connection device of the query device as the target encrypted information; and / or, In the case where the query token includes the second query function, determining a target query device among the query devices corresponding to the second query function; Based on the first encryption array and the second encryption array, determining the target encryption information corresponding to the query token according to the target query device; and / or, In the case where the query token includes a third query function, searching for an encrypted serial number of an encrypted connection device of a query device corresponding to the third query function based on the first encryption array; Determine the encryption weight value corresponding to the encryption sequence number; Sorting the encryption weight values, and determining the encryption sequence numbers corresponding to the sorted encryption weight values as target encryption information; and / or, In the case where the query token includes a fourth query function, determining a first query device and a second query device corresponding to the fourth query function; respectively obtaining a first encrypted average weight value of the encrypted connection device of the first query device and a second encrypted average weight value of the encrypted connection device of the second query device; Based on the first encrypted array and the second encrypted array, determining the encryption correlation between the first query device and the second query device according to the first encrypted average weight value and the second encrypted average weight value; determining the encryption correlation between the first query device and the second query device as target encryption information; and / or, In the case where the query token includes a fifth query function, determining, based on the first encryption array and the second encryption array, an encryption device pair with the greatest correlation among the plurality of devices corresponding to the fifth query function; Calculating an encryption correlation value of the encryption device pair with the greatest correlation; The encryption correlation value of the encryption device pair with the greatest correlation is determined as the target encryption information. 5. A method for searching a home appliance network graph based on secure multi-party computing, applied to a client; the method comprising: Perform encryption technology and secure multi-party computing technology on the network diagram of the home appliance to obtain the encrypted network diagram of the home appliance, and send the encrypted network diagram of the home appliance to the server; Receive a query request sent by a user; Determine a query token corresponding to the query request, and send the query token to the server; the query token represents the index of the query device; Receiving target encrypted information in the encrypted network graph determined by the server according to the query token; the target encrypted information includes part or all of the response data for the query request; Generate target decryption information according to target encryption information, and return the target decryption information to the user end; The home appliance includes a plurality of devices, wherein, when each device is connected to other devices, each device and all connected devices are provided with corresponding weight values; the encrypted network diagram includes a first encrypted array and a second encrypted array; the network diagram of the home appliance is encrypted to obtain the encrypted network diagram of the home appliance, including: Encrypting the network diagram of the home appliance to obtain first initial information, and storing the first initial information in a first initial array; Encrypting the first initial array to obtain a first encrypted array corresponding to the first initial array; The serial number of each device and the connected device of each device in the home appliance diagram is encrypted to obtain the second initial information, and the second initial information and the average weight value of the connected device of each device are stored in the second initial array to obtain the second encrypted array corresponding to the second initial array. 6. The search method according to claim 5, wherein determining the query token corresponding to the query request comprises: Determine the query device corresponding to the query request; Generate an index of the query device in the network diagram of home appliances; The index of the query device is determined as the query token corresponding to the query request. 7. A search device for a home appliance network diagram based on secure multi-party computing, comprising a processor and a memory storing program instructions, characterized in that the processor is configured to execute a search method for a home appliance network diagram based on secure multi-party computing as described in any one of claims 1 to 6 when running the program instructions. 8. A search device for a home appliance network graph based on secure multi-party computing, comprising: The device body is equipped with a search device for a home appliance network diagram based on secure multi-party computing as described in claim 7.