目的 针对中医药数据在云端明文存储容易泄漏患者隐私信息以及密文存储影响查询效率的问题，提出一种基于改进同态加密算法的中医药数据云端安全存储方法，兼顾患者的隐私保护和查询效率。方法 利用明文槽对数据进行分组加密，再将分组密文合并后存储到云端；数据查询时将关键字进行同态加密后发送到云端，直接对密文数据进行检索，将查询结果返回给用户；在本地对密文结果进行解密后得到结果明文。结果 基于此算法设计实现中医药数据存储系统，系统运行结果表明，可以在1 s内完成对4000字节文件的加密和解密，加密后的数据可在86 s完成密文检索，算法性能显著优于传统的开源同态加密库。结论 该算法在云端进行密文存储和查询，明文信息只在用户本地保存，兼顾用户查询效率和患者的隐私保护，尤其适用于中医药数据小文件的安全存储。

Objective To propose a secure cloud storage algorithm for TCM data based on homomorphic encryption, including encryption, decryption and retrieval methods, aiming at the problems that the patients' privacy information is easy to be leaked when traditional Chinese medicine (TCM) data is stored in plaintext in the cloud, and the query efficiency is low when the ciphertext is stored, in order to achieve privacy security and query efficiency simultaneously.Methods The plaintext slot was used to encrypt the data, and then the ciphertext was merged and stored in the cloud; when querying the data, the keywords were homomorphically encrypted and sent to the cloud to retrieve on ciphertext directly, and the query results were returned to the user. After the ciphertext results were grouped and decrypted locally, the plaintext results were merged.Results A practical storage system of TCM data was developed, and the experimental results showed that the 4000 bytes file can be encrypted and decrypted within 1 second; and the query on ciphertext can be completed within 86 seconds; and the performance of our algorithm was significantly better than the traditional open source homomorphic encryption libraries.Conclusion The ciphertext is stored and queried in the cloud, and plaintext is only stored locally in our algorithm, which guarantee the users' query efficiency and patients' privacy security. And it is especially suitable for the safe storage of small TCM files.

国家自然科学基金国家自然科学基金委员会青年项目（82004499）：基于区块链的中医临床大数据可信分析技术研究，负责人：丁有伟；国家科学技术部重点研发计划项目（2017YFC1703500）：中医药大数据中心与健康云平台构建，负责人：李国正。