Computer-implemented system and method for providing data privacy in a cloud using discrete homomorphic encryption

摘要

A homomorphic encryption algorithm is performed that encrypts at least a portion of a plurality of plaintext data items at a client computing device into homomorphic queries, each query including a cryptographically safe representation of one of the data items. The queries are transmitted to at least one discrete homomorphic encryption (DHE) server. An identifier is received from each query from the DHE server. The identifiers are transmitted to at least one computing server that maintains a database including data structures. The computing server is requested to requesting the computing server to insert the received identifiers into the database. At least one of the identifiers is processed: the computing server is requested to find the identifiers in the data structures that match the at least one identifiers and to perform at least one equality-based operation on the matching identifiers. A result of the at least one operation is received.

主权项

1. A computer-implemented method for providing data privacy in a cloud using discrete homomorphic encryption, comprising the steps of:
performing a homomorphic encryption algorithm that encrypts at least a portion of a plurality of plaintext data items at a client computing device into homomorphic queries, each query comprising a cryptographically safe representation of one of the data items; transmitting the queries to at least one discrete homomorphic encryption (DHE) server and receiving from the DHE server an identifier associated with each query; transmitting the received identifiers to at least one computing server in a cloud-computing environment that maintains a database comprising data structures; requesting the computing server to insert the received identifiers into the database comprising at least one of:
requesting the computing server to substitute existing data in the data structures with the identifiers; andrequesting the computing server to create one or more additional data structures in the database and inserting the identifiers into the additional data structures; processing at least one of the identifiers, comprising:
requesting the computing server to find the identifiers in the data structures in the database that match the at least one identifier;requesting the computing server to perform at least one equality-based operation on the matching identifiers; andreceiving from the computing server a result of the at least one operation; performing the homomorphic encryption algorithm to encrypt at least the portion of the plaintext data items into ciphertext data items; transmitting the ciphertext data items to at least one storage server in the cloud-computing environment and requesting the storage server to store the ciphertext data items in the storage in the cloud-computing environment; receiving a reference from the storage server to a location of each ciphertext data item in the storage; obtaining an association between the at least one identifier comprised in the result and one of the references for the location of the ciphertext data item generated from the same plaintext data item as the query identified by the at least one identifier; retrieving the ciphertext data item from the storage using the one reference; and decrypting the retrieved ciphertext data item into the corresponding plaintext data item.