CN104468535B - It is adapted to ciphertext storage and connection query system and the method for cloud environment - Google Patents
It is adapted to ciphertext storage and connection query system and the method for cloud environment Download PDFInfo
- Publication number
- CN104468535B CN104468535B CN201410681870.XA CN201410681870A CN104468535B CN 104468535 B CN104468535 B CN 104468535B CN 201410681870 A CN201410681870 A CN 201410681870A CN 104468535 B CN104468535 B CN 104468535B
- Authority
- CN
- China
- Prior art keywords
- msub
- ciphertext
- mrow
- msup
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
Abstract
The invention discloses a kind of storage of the ciphertext of suitable cloud environment and connection query system and method, the system includes being arranged on the first processor of client and is arranged on the second processor of database server side, the first processor includes encrypting module, deciphering module and inquiry proxy module, and the second processor includes query execution module;Methods described includes ciphering process, decrypting process and query execution process.The algorithm that present system and method are used is simple, easy to implement, ciphertext storage and the Connection inquiring that can be widely applied under cloud environment, and vital effect is played to the realization for promoting outsourcing database under cloud environment.
Description
Technical field
The present invention relates to a kind of storage of ciphertext and connection query system and method, especially a kind of ciphertext of suitable cloud environment
Storage and connection query system and method.Belong to information security field.
Background technology
With developing rapidly for cloud computing, conveniently characteristic and flexible charge method cause increasing use for it
Local Data Migration to cloud server end is saved local data management expense and system maintenance spending with this by family.By
The control range of user has been had disengaged from beyond the clouds in data storage, and Cloud Server manager and disabled user can be attempted by visiting
Ask data to try to the information that data are included, this is likely to result in the leakage of data message and privacy of user.In recent years by
The cloud security accident for causing the improper operation with Cloud Server keeper to cause in hacker attacks result in a large number of users
The leakage of data and private data, such as Sony companies are in 2011 because hacker attacks causes more than one hundred million subscriber datas to leak accident
Gmail large-scale consumer data leak events occurred with Google companies in 2011 etc., these cloud accidents frequently occurred
The consideration for making user more careful deposits whether the security of data and the individual privacy of oneself can obtain effectively beyond the clouds
Protection the problems such as.
Cryptographic technique is that a kind of important instrument of data-privacy protection is realized under cloud computing environment.In order to ensure data
Confidentiality, user can select that private data is encrypted.After traditional data base management system is disposed beyond the clouds, user
Can be by the data storage of ciphertext form beyond the clouds database.But realize that the relational operation in traditional database will in ciphertext
As the new problem for realizing cloud data base management system.A kind of simplest method is that all ciphertext data are downloaded into this
Ground is decrypted, and relational operation is then carried out on plaintext, but this operation not only needs to expend huge network overhead, and
And user is also required to because decryption and search operation pay huge computing cost.Another extreme way be by key and
Inquiry operation issues cloud database server, allows cloud database server to decrypt ciphertext data, and carry out the behaviour of the relation on plaintext
Make, but this way can allow Cloud Server to know the clear data of user again again, seriously threaten the safety and use of data
The individual privacy at family.
In order to support the search in ciphertext, thus some AESs propose, and have obtained the wide of researcher in recent years
General research and concern, wherein most cryptographic algorithm are directed to keyword search, and Connection inquiring is a kind of important pass in database
A kind of system's operation, method for supporting ciphertext Connection inquiring plays vital to the realization for promoting outsourcing database under cloud environment
Effect.
The content of the invention
The invention aims to the defect for solving above-mentioned prior art, there is provided a kind of storage of the ciphertext of suitable cloud environment
With connection query system, the system have safe, algorithm it is simple, it is easy to implement the characteristics of, can be widely applied to Yun Huan
The ciphertext storage in border and Connection inquiring.
Stored and Connection inquiring method another object of the present invention is to the ciphertext for providing a kind of suitable cloud environment.
The purpose of the present invention can be reached by adopting the following technical scheme that:
It is adapted to ciphertext storage and the connection query system of cloud environment, it is characterised in that:First including being arranged on client
Processor and the second processor for being arranged on database server side, the first processor include encrypting module, decryption mould
Block and inquiry proxy module, the second processor include query execution module, wherein:
The encrypting module, for user's plaintext attribute column to be encrypted to be encrypted, forms ciphertext, completes to add
It is close, and the ciphertext of generation is sent in ciphertext database stored;
The deciphering module, for processing, shape to be decrypted to the ciphertext that ciphertext database or query execution module are sent
Into plaintext, decryption is completed, and ciphertext is verified, if being verified, plaintext is exported to user;Otherwise, it is defeated to user
The warning message made mistake;
The inquiry proxy module, for aiding in being encrypted, decrypting and query execution;
The query execution module, the ciphertext Connection inquiring for being submitted to user is performed on ciphertext database,
Two attribute columns to be connected are obtained from ciphertext database, a ciphertext value is respectively taken in the two attribute columns, the company for the treatment of is formed
The ciphertext pair connect, the inquiry generated using inquiry proxy module limits door, and calling Bilinear map part and mould exponentiation part to judge should
Ciphertext is transferred to deciphering module by ciphertext to be connected to whether meeting condition of contact if meeting, by deciphering module to
Transmit plaintext Connection inquiring result in family;Otherwise, continue to obtain next ciphertext to be connected to judging, until all ciphertexts
To having handled one time.
It is preferred that, the encrypting module is specific as follows:
The plaintext attribute column to be encrypted for receiving user, calls generating random number part, mould exponentiation part and Hash portion
Part, the secret value in the attribute column and the public key of user passed over according to inquiry proxy module, in the plaintext attribute column
Each carry out calculating generation ciphertext in plain text, and the ciphertext of generation be sent in ciphertext database stored.
It is preferred that, the deciphering module is specific as follows:
For receiving the ciphertext that ciphertext database or query execution module are sent, mould exponentiation part and Hash part are called,
Calculated and obtained in plain text according to the private key of user, and it is secret in attribute column where the ciphertext passed over using inquiry proxy module
Close value, is verified to ciphertext, if being verified, and plaintext is exported to user;Otherwise, to the warning letter of user's output error
Breath.
It is preferred that, the query execution module is specific as follows:
Ciphertext Connection inquiring for receiving user's submission, obtains two attribute columns to be connected from ciphertext database,
A ciphertext value is respectively taken in the two attribute columns, ciphertext pair to be connected is formed, the inquiry generated using inquiry proxy module
Door is limited, calls Bilinear map part and mould exponentiation to be calculated, judges the ciphertext to be connected to whether meeting condition of contact, if
Ciphertext is then transferred to deciphering module by satisfaction, and plaintext Connection inquiring result is transmitted to user by deciphering module;Otherwise, continue to obtain
A ciphertext to be connected is removed to judging, until all ciphertexts are to having handled one time.
Another object of the present invention can be reached by adopting the following technical scheme that:
It is adapted to ciphertext storage and the Connection inquiring method of cloud environment, it is characterised in that methods described includes:
Ciphering process:The encrypting module plaintext attribute column to be encrypted to user is encrypted, and forms ciphertext, completes to add
It is close, and the ciphertext of generation is sent in ciphertext database stored;
Decrypting process:Processing, shape is decrypted in the ciphertext that deciphering module is sent to ciphertext database or query execution module
Into plaintext, decryption is completed, and ciphertext is verified, if being verified, plaintext is exported to user;Otherwise, it is defeated to user
The warning message made mistake;
Query execution process:Query execution module is held to the ciphertext Connection inquiring that user submits on ciphertext database
OK, two attribute columns to be connected are obtained from ciphertext database, a ciphertext value is respectively taken in the two attribute columns, formation is treated
The ciphertext pair of connection, the inquiry generated using inquiry proxy module limits door, and calling bilinearity part and mould exponentiation part to judge should
Ciphertext is transferred to deciphering module by ciphertext to be connected to whether meeting condition of contact if meeting, by deciphering module to
Transmit plaintext Connection inquiring result in family;Otherwise, continue to obtain next ciphertext to be connected to judging, until all ciphertexts
To having handled one time.
It is preferred that, the ciphering process is specific as follows:
Encrypting module receives user's plaintext attribute column to be encrypted, calls generating random number part, mould exponentiation part and Kazakhstan
Uncommon part, the secret value in the plaintext attribute column and the public key of user passed over according to inquiry proxy module, to this in plain text
Each in attribute column carries out calculating generation ciphertext in plain text, and the ciphertext of generation is sent in ciphertext database deposited
Storage.
It is preferred that, the decrypting process is specific as follows:
Deciphering module receives the ciphertext that ciphertext database or query execution module are sent, and calls mould exponentiation part and Hash portion
Part, is calculated according to the private key of user and obtained in plain text, and where the ciphertext passed over using inquiry proxy module in attribute column
Secret value, ciphertext is verified, if being verified, will in plain text export to user;Otherwise, to the police of user's output error
Accuse information.
It is preferred that, the query execution process is specific as follows:
Query execution module receives the ciphertext Connection inquiring that user submits, and to be connected two are obtained from ciphertext database
Attribute column, respectively takes a ciphertext value in the two attribute columns, forms ciphertext pair to be connected, is generated using inquiry proxy module
Inquiry limit door, call Bilinear map part and mould exponentiation part to be calculated, judge the ciphertext to be connected to whether meeting
Condition of contact, deciphering module is transferred to if meeting by ciphertext, and plaintext Connection inquiring result is transmitted to user by deciphering module;
Otherwise, continuation obtains next ciphertext to be connected to judging, until all ciphertexts are to having handled one time.
It is preferred that, methods described specifically includes following steps:
1) ciphering process
1.1) user relation R to be encrypted plaintext attribute column A is transferred to after encrypting module, and encrypting module calls inquiry proxy
Module obtains the secret value (α on plaintext attribute column AA, βA);
1.2) encrypting module obtains the public key X=g of userx, call generating random number part to obtain random number r1, r2, r3,
Then mould exponentiation part and Hash part are called, each on plaintext attribute column A is calculated in plain text as the following formula, is generated close
Text:
1.3) ciphertext of generation is sent in ciphertext database and stored;
2) decrypting process
2.1) deciphering module receives the ciphertext C that ciphertext database or query execution module are sentA=(C1, C2, C3, C4, C5,
C6), obtain the private key x of user;
2.2) deciphering module calls mould exponentiation part and Hash part, using the private key x of user, is calculated as follows and obtains bright
Literary m1:
2.3) deciphering module calls inquiry proxy module to obtain ciphertext CA=(C1, C2, C3, C4, C5, C6) where in attribute column
Secret value (αA, βA);
2.4) deciphering module utilizes m1, r1, r2, αA, βATo ciphertext CA=(C1, C2, C3, C4, C5, C6) verified:
If 2.5) above-mentioned equation is set up, it is verified, deciphering module is by plaintext m1Export to user;Otherwise, mould is decrypted
Warning message from block to user's output error;
3) query execution process
3.1) query execution module receives the relation R to be connected of user's submission ciphertext attribute column A and relation S ciphertext category
Ciphertext Connection inquiring on property row B;
3.2) query execution module calls inquiry proxy module, after being allowed needed for acquisition execution ciphertext Connection inquiring
Inquiry limit door trapdoor:
Trapdoor=(βB/αA, βA/αB)
3.3) query execution module obtains the relation R upper ciphertext value C of ciphertext attribute column AA=(C1, C2, C3, C4, C5,
C6), a ciphertext value C on relation S ciphertext attribute column BB=(C1', C2', C3', C4', C5', C6'), the company for the treatment of is formed as the following formula
The ciphertext pair connect:
e(C2, C4'), e (C4, C2'), e (C1, C3'), e (C1', C3)
3.4) then query execution module, using inquiry limit door trapdoor, calls Bilinear map part and mould exponentiation part
To ciphertext to be connected to carrying out following judgement:
If 3.5) above-mentioned equation is set up, illustrate to meet condition of contact, then query execution module by this ciphertext to being transferred to
Deciphering module, deciphering module is according to above-mentioned steps 2) decrypting process the ciphertext is returned to being decrypted, and by final result
Back to user;Otherwise, return to step 3.3) the next ciphertext pair to be connected of continuation acquirement, to the ciphertext to carrying out at identical
Reason, until all ciphertexts are to having handled one time.
The present invention has following beneficial effect relative to prior art:
1st, the characteristics of present system and method have safe, in no client authorization (i.e. inquiry proxy module
The inquiry limit door of generation) in the case of, cloud server end can not perform ciphertext connection, when the mandate for obtaining client, cloud service
Device end can carry out the connection in ciphertext attribute column in the case where not knowing plaintext.
2nd, present system and method are in the attribute column that client can be passed over using inquiry proxy module
The public key of secret value and user are encrypted, it is possible to use the private key of user is decrypted, and encrypt and decrypt without Bilinear map
Computing, required time is short, and response is fast, can be realized in the terminal of weak computing resource.
3rd, the company of present system and the method both Connection inquiring, also applicable multi-user's ciphertext of applicable single user ciphertext
Inquiry is connect, thus with more flexible application scenarios.
4th, the algorithm that present system and method are used is simple, easy to implement, can be widely applied to the ciphertext of cloud environment
Storage and Connection inquiring, vital work is played to the realization for promoting outsourcing database (i.e. ciphertext database) under cloud environment
With.
Brief description of the drawings
Ciphertext storages and connection query system theory diagram of the Fig. 1 for the suitable cloud environment of the embodiment of the present invention.
Ciphertext storages and the ciphering process of Connection inquiring method of the Fig. 2 for the suitable cloud environment of the embodiment of the present invention are illustrated
Figure.
Ciphertext storages and the decrypting process of Connection inquiring method of the Fig. 3 for the suitable cloud environment of the embodiment of the present invention are illustrated
Figure.
Ciphertext storages and the query execution process of Connection inquiring method of the Fig. 4 for the suitable cloud environment of the embodiment of the present invention are shown
It is intended to.
Embodiment
Embodiment 1:
As shown in figure 1, the ciphertext storage of the present embodiment and connection query system, including first processor and second processing
Device, the first processor is arranged on client, and it includes encrypting module, deciphering module and inquiry proxy module;Described
Two processors are arranged on database server side, and it includes query execution module, wherein:
The encrypting module, for user's plaintext attribute column to be encrypted to be encrypted, forms ciphertext, completes to add
It is close, be specially:User's plaintext attribute column to be encrypted is received, generating random number part, mould exponentiation part and Hash part is called,
The secret value in the plaintext attribute column and the public key of user passed over according to inquiry proxy module, in the plaintext attribute column
Each carry out calculating generation ciphertext in plain text, and the ciphertext of generation be sent in ciphertext database stored;
The deciphering module, for processing, shape to be decrypted to the ciphertext that ciphertext database or query execution module are sent
Into plaintext, decryption is completed, is specially:For receiving the ciphertext that ciphertext database or query execution module are sent, mould exponentiation is called
Part and Hash part, calculate according to the private key of user and obtain in plain text, and the ciphertext passed over using inquiry proxy module
Secret value in the attribute column of place, is verified to ciphertext, if being verified, and plaintext is exported to user;Otherwise, to user
The warning message of output error;
The inquiry proxy module, for aiding in being encrypted, decrypting and query execution, be specially:Storage is for each
The secret value of attribute column, is transferred to encrypting module by secret value as needed and is encrypted, be transferred to deciphering module and be decrypted
Checking, and submitted according to user query type generation inquiry limit door be transferred to query execution module;
The query execution module, the ciphertext Connection inquiring for being submitted to user is performed on ciphertext database,
Specially:Receive user submit ciphertext Connection inquiring, two attribute columns to be connected are obtained from ciphertext database, this two
A ciphertext value is respectively taken in individual attribute column, ciphertext pair to be connected is formed, the inquiry generated using inquiry proxy module limits door, adjusts
The ciphertext to be connected is judged to whether meeting condition of contact with Bilinear map part and mould exponentiation part, by ciphertext if meeting
Deciphering module is transferred to, plaintext Connection inquiring result is transmitted to user by deciphering module;Otherwise, continue to obtain next to be connected
Ciphertext to judging, until all ciphertexts are to having handled one time.
In the present embodiment, the ciphertext storage based on said system includes with Connection inquiring method:
Ciphering process:Encrypting module receives user's plaintext attribute column to be encrypted, calls generating random number part, mould exponentiation
Part and Hash part, the secret value in the attribute column and the public key of user passed over according to inquiry proxy module, to this
Each in plaintext attribute column is carried out calculating generation ciphertext in plain text, and the ciphertext of generation is sent into progress in ciphertext database
Storage;
Decrypting process:Deciphering module receives the ciphertext that ciphertext database or query execution module are sent, and calls mould exponentiation portion
Part and Hash part, calculate according to the private key of user and obtain in plain text, and the ciphertext institute passed over using inquiry proxy module
Secret value in attribute column, is verified to ciphertext, if being verified, and plaintext is exported to user;Otherwise, it is defeated to user
The warning message made mistake;
Query execution process:Query execution module receives the ciphertext Connection inquiring that user submits, and is obtained from ciphertext database
Two attribute columns to be connected are taken, a ciphertext value is respectively taken in the two attribute columns, ciphertext pair to be connected is formed, using looking into
Ask proxy module generation inquiry limit door, call Bilinear map part and mould exponentiation part judge the ciphertext to be connected to whether
Condition of contact is met, ciphertext is transferred to deciphering module if meeting, plaintext Connection inquiring is transmitted to user by deciphering module
As a result;Otherwise, continuation obtains next ciphertext to be connected to judging, until all ciphertexts are to having handled one time.
As shown in Figure 2, Figure 3 and Figure 4, the above method is comprised the following steps that:
1) ciphering process
1.1) user relation R to be encrypted plaintext attribute column A is transferred to after encrypting module, and encrypting module calls inquiry proxy
Module obtains the secret value (α on plaintext attribute column AA, βA);
1.2) encrypting module obtains the public key X=g of userx, call generating random number part to obtain random number r1, r2, r3,
Then mould exponentiation part and Hash part are called, each on plaintext attribute column A is calculated in plain text as the following formula, is generated close
Text:
1.3) ciphertext of generation is sent in ciphertext database and stored;
2) decrypting process
2.1) deciphering module receives the ciphertext C that ciphertext database or query execution module are sentA=(C1, C2, C3, C4, C5,
C6), obtain the private key x of user;
2.2) deciphering module calls mould exponentiation part and Hash part, using the private key x of user, is calculated as follows and obtains bright
Literary m1:
2.3) deciphering module calls inquiry proxy module to obtain ciphertext CA=(C1, C2, C3, C4, C5, C6) where in attribute column
Secret value (αA, βA);
2.4) deciphering module utilizes m1, r1, αA, βATo ciphertext CA=(C1, C2, C3, C4, C5, C6) verified:
If 2.5) above-mentioned equation is set up, it is verified, deciphering module is by plaintext m1Export to user;Otherwise, mould is decrypted
Warning message from block to user's output error;
3) query execution process
3.1) query execution module receives the relation R to be connected of user's submission ciphertext attribute column A and relation S ciphertext category
Ciphertext Connection inquiring on property row B;
3.2) query execution module calls inquiry proxy module, after being allowed needed for acquisition execution ciphertext Connection inquiring
Inquiry limit door trapdoor:
Trapdoor=(βB/αA, βA/αB)
3.3) query execution module obtains the relation R upper ciphertext value C of ciphertext attribute column AA=(C1, C2, C3, C4, C5,
C6), a ciphertext value C on relation S ciphertext attribute column BB=(C1', C2', C3', C4', C5', C6'), the company for the treatment of is formed as the following formula
The ciphertext pair connect:
e(C2, C4'), e (C4, C2'), e (C1, C3'), e (C1', C3)
3.4) then query execution module, using inquiry limit door trapdoor, calls Bilinear map part and mould exponentiation part
To ciphertext to be connected to carrying out following judgement:
If 3.5) above-mentioned equation is set up, illustrate to meet condition of contact, then query execution module by this ciphertext to being transferred to
Deciphering module, deciphering module is according to above-mentioned steps 2) decrypting process the ciphertext is returned to being decrypted, and by final result
Back to user;Otherwise, return to step 3.3) the next ciphertext pair to be connected of continuation acquirement, to the ciphertext to carrying out at identical
Reason, until all ciphertexts are to having handled one time.
Can be with one of ordinary skill in the art will appreciate that realizing that all or part of step in above-described embodiment method is
The hardware of correlation is instructed to complete by program, corresponding program can be stored in a computer read/write memory medium,
Described storage medium, such as ROM/RAM, disk or CD.
In summary, the algorithm that present system and method are used is simple, easy to implement, can be widely applied to cloud environment
Ciphertext storage and Connection inquiring, to promoting the realization of outsourcing database (i.e. ciphertext database) under cloud environment to play most important
Effect.
It is described above, it is only patent preferred embodiment of the present invention, but the protection domain of patent of the present invention is not limited to
This, any one skilled in the art is in the scope disclosed in patent of the present invention, according to the skill of patent of the present invention
Art scheme and its patent of invention design are subject to equivalent substitution or change, belong to the protection domain of patent of the present invention.
Claims (7)
1. it is adapted to ciphertext storage and the connection query system of cloud environment, it is characterised in that:Including being arranged at the first of client
Reason device and the second processor for being arranged on database server side, the first processor include encrypting module, deciphering module
And inquiry proxy module, the second processor include query execution module, wherein:
The encrypting module, for user's plaintext attribute column to be encrypted to be encrypted, forms ciphertext, completes encryption,
And the ciphertext of generation is sent in ciphertext database stored;
The deciphering module, for the ciphertext that ciphertext database or query execution module are sent being decrypted processing, is formed bright
Text, completion decryption, and ciphertext is verified, if being verified, plaintext is exported to user;Otherwise, export wrong to user
Warning message by mistake;
The inquiry proxy module, for aiding in being encrypted, decrypting and query execution;
The query execution module, the ciphertext Connection inquiring for receiving user's submission, obtains to be connected from ciphertext database
Two attribute columns, respectively take a ciphertext value in the two attribute columns, form ciphertext pair to be connected, utilize inquiry proxy mould
The inquiry limit door of block generation, calls Bilinear map part and mould exponentiation part to judge the ciphertext to be connected to whether meeting connection
Condition, deciphering module is transferred to if meeting by ciphertext, and plaintext Connection inquiring result is transmitted to user by deciphering module;It is no
Then, continue to obtain next ciphertext to be connected to judging, until all ciphertexts are to having handled one time, detailed process is such as
Under:
Query execution module is received on the relation R to be connected of user's submission ciphertext attribute column A and relation S ciphertext attribute column B
Ciphertext Connection inquiring, the secret value on attribute column A is (αA,βA), the secret value on attribute column B is (αB,βB);
Query execution module calls inquiry proxy module, and the inquiry limit door performed needed for ciphertext Connection inquiring is obtained after being allowed
trapdoor:
Trapdoor=(βB/αA,βA/αB)
Query execution module obtains the relation R upper ciphertext value C of ciphertext attribute column AA=(C1,C2,C3,C4,C5,C6), relation S
Ciphertext attribute column B on a ciphertext value CB=(C1′,C2′,C3′,C4′,C5′,C6'), ciphertext to be connected is formed as the following formula
It is right:
e(C2,C4′),e(C4,C2′),e(C1,C3′),e(C1′,C3)
Then query execution module calls Bilinear map part and mould exponentiation part to be connected using inquiry limit door trapdoor
Ciphertext to carrying out following judgement:
<mrow>
<mfrac>
<mrow>
<mi>e</mi>
<mrow>
<mo>(</mo>
<msub>
<mi>C</mi>
<mn>2</mn>
</msub>
<mo>,</mo>
<msup>
<msub>
<mi>C</mi>
<mn>4</mn>
</msub>
<mo>&prime;</mo>
</msup>
<mo>)</mo>
</mrow>
</mrow>
<mrow>
<mi>e</mi>
<mrow>
<mo>(</mo>
<msup>
<msub>
<mi>C</mi>
<mn>2</mn>
</msub>
<mo>&prime;</mo>
</msup>
<mo>,</mo>
<msub>
<mi>C</mi>
<mn>4</mn>
</msub>
<mo>)</mo>
</mrow>
</mrow>
</mfrac>
<mo>=</mo>
<mfrac>
<mrow>
<mi>e</mi>
<msup>
<mrow>
<mo>(</mo>
<msub>
<mi>C</mi>
<mn>1</mn>
</msub>
<mo>,</mo>
<msup>
<msub>
<mi>C</mi>
<mn>3</mn>
</msub>
<mo>&prime;</mo>
</msup>
<mo>)</mo>
</mrow>
<mrow>
<msub>
<mi>&beta;</mi>
<mi>B</mi>
</msub>
<mo>/</mo>
<msub>
<mi>&alpha;</mi>
<mi>A</mi>
</msub>
</mrow>
</msup>
</mrow>
<mrow>
<mi>e</mi>
<msup>
<mrow>
<mo>(</mo>
<msup>
<msub>
<mi>C</mi>
<mn>1</mn>
</msub>
<mo>&prime;</mo>
</msup>
<mo>,</mo>
<msub>
<mi>C</mi>
<mn>3</mn>
</msub>
<mo>)</mo>
</mrow>
<mrow>
<msub>
<mi>&beta;</mi>
<mi>A</mi>
</msub>
<mo>/</mo>
<msub>
<mi>&alpha;</mi>
<mi>B</mi>
</msub>
</mrow>
</msup>
</mrow>
</mfrac>
</mrow>
If the equation is set up, illustrate to meet condition of contact, then query execution module is solved by this ciphertext to being transferred to deciphering module
Close module to being decrypted, and by final result to the ciphertext according to returning to user;Otherwise, continuation obtains next to be connected
Ciphertext pair, to the ciphertext to carry out identical processing, until all ciphertexts are to having handled one time.
2. the ciphertext storage of suitable cloud environment according to claim 1 and connection query system, it is characterised in that:It is described to add
Close module is specific as follows:
The plaintext attribute column to be encrypted for receiving user, calls generating random number part, mould exponentiation part and Hash part, root
It is investigated that the secret value in the attribute column that proxy module is passed over and the public key of user are ask, to each in the plaintext attribute column
Individual plaintext carries out calculating generation ciphertext, and the ciphertext of generation is sent in ciphertext database stored.
3. the ciphertext storage of suitable cloud environment according to claim 1 and connection query system, it is characterised in that:The solution
Close module is specific as follows:
For receiving the ciphertext that ciphertext database or query execution module are sent, mould exponentiation part and Hash part are called, according to
The private key of user, which is calculated, to be obtained in plain text, and the secret where the ciphertext passed over using inquiry proxy module in attribute column
Value, is verified to ciphertext, if being verified, and plaintext is exported to user;Otherwise, to the warning letter of user's output error
Breath.
4. it is adapted to ciphertext storage and the Connection inquiring method of cloud environment, it is characterised in that methods described includes:
Ciphering process:The encrypting module plaintext attribute column to be encrypted to user is encrypted, and forms ciphertext, completes encryption,
And the ciphertext of generation is sent in ciphertext database stored;
Decrypting process:Processing is decrypted in the ciphertext that deciphering module is sent to ciphertext database or query execution module, is formed bright
Text, completion decryption, and ciphertext is verified, if being verified, plaintext is exported to user;Otherwise, export wrong to user
Warning message by mistake;
Query execution process:Query execution module receives the ciphertext Connection inquiring that user submits, and obtains and treats from ciphertext database
Two attribute columns of connection, respectively take a ciphertext value in the two attribute columns, form ciphertext pair to be connected, using inquiring about generation
The inquiry limit door of module generation is managed, calls Bilinear map part and mould exponentiation part to judge the ciphertext to be connected to whether meeting
Condition of contact, deciphering module is transferred to if meeting by ciphertext, and plaintext Connection inquiring result is transmitted to user by deciphering module;
Otherwise, continuation obtains next ciphertext to be connected to judging, until all ciphertexts are to having handled one time, detailed process is such as
Under:
Query execution module is received on the relation R to be connected of user's submission ciphertext attribute column A and relation S ciphertext attribute column B
Ciphertext Connection inquiring, the secret value on attribute column A is (αA,βA), the secret value on attribute column B is (αB,βB);
Query execution module calls inquiry proxy module, and the inquiry limit door performed needed for ciphertext Connection inquiring is obtained after being allowed
trapdoor:
Trapdoor=(βB/αA,βA/αB)
Query execution module obtains the relation R upper ciphertext value C of ciphertext attribute column AA=(C1,C2,C3,C4,C5,C6), relation S
Ciphertext attribute column B on a ciphertext value CB=(C1′,C2′,C3′,C4′,C5′,C6'), ciphertext to be connected is formed as the following formula
It is right:
e(C2,C4′),e(C4,C2′),e(C1,C3′),e(C1′,C3)
Then query execution module calls Bilinear map part and mould exponentiation part to be connected using inquiry limit door trapdoor
Ciphertext to carrying out following judgement:
<mrow>
<mfrac>
<mrow>
<mi>e</mi>
<mrow>
<mo>(</mo>
<msub>
<mi>C</mi>
<mn>2</mn>
</msub>
<mo>,</mo>
<msup>
<msub>
<mi>C</mi>
<mn>4</mn>
</msub>
<mo>&prime;</mo>
</msup>
<mo>)</mo>
</mrow>
</mrow>
<mrow>
<mi>e</mi>
<mrow>
<mo>(</mo>
<msup>
<msub>
<mi>C</mi>
<mn>2</mn>
</msub>
<mo>&prime;</mo>
</msup>
<mo>,</mo>
<msub>
<mi>C</mi>
<mn>4</mn>
</msub>
<mo>)</mo>
</mrow>
</mrow>
</mfrac>
<mo>=</mo>
<mfrac>
<mrow>
<mi>e</mi>
<msup>
<mrow>
<mo>(</mo>
<msub>
<mi>C</mi>
<mn>1</mn>
</msub>
<mo>,</mo>
<msup>
<msub>
<mi>C</mi>
<mn>3</mn>
</msub>
<mo>&prime;</mo>
</msup>
<mo>)</mo>
</mrow>
<mrow>
<msub>
<mi>&beta;</mi>
<mi>B</mi>
</msub>
<mo>/</mo>
<msub>
<mi>&alpha;</mi>
<mi>A</mi>
</msub>
</mrow>
</msup>
</mrow>
<mrow>
<mi>e</mi>
<msup>
<mrow>
<mo>(</mo>
<msup>
<msub>
<mi>C</mi>
<mn>1</mn>
</msub>
<mo>&prime;</mo>
</msup>
<mo>,</mo>
<msub>
<mi>C</mi>
<mn>3</mn>
</msub>
<mo>)</mo>
</mrow>
<mrow>
<msub>
<mi>&beta;</mi>
<mi>A</mi>
</msub>
<mo>/</mo>
<msub>
<mi>&alpha;</mi>
<mi>B</mi>
</msub>
</mrow>
</msup>
</mrow>
</mfrac>
</mrow>
If the equation is set up, illustrate to meet condition of contact, then query execution module is solved by this ciphertext to being transferred to deciphering module
Close module to being decrypted, and by final result to the ciphertext according to returning to user;Otherwise, continuation obtains next to be connected
Ciphertext pair, to the ciphertext to carry out identical processing, until all ciphertexts are to having handled one time.
5. ciphertext storage and the Connection inquiring method of suitable cloud environment according to claim 4, it is characterised in that:It is described to add
Close process is specific as follows:
Encrypting module receives user's plaintext attribute column to be encrypted, calls generating random number part, mould exponentiation part and Hash portion
Part, the secret value in the attribute column and the public key of user passed over according to inquiry proxy module, in the plaintext attribute column
Each carry out calculating generation ciphertext in plain text, and the ciphertext of generation be sent in ciphertext database stored.
6. ciphertext storage and the Connection inquiring method of suitable cloud environment according to claim 4, it is characterised in that:The solution
Close process is specific as follows:
Deciphering module receives the ciphertext that ciphertext database or query execution module are sent, and calls mould exponentiation part and Hash part,
Calculated and obtained in plain text according to the private key of user, and it is secret in attribute column where the ciphertext passed over using inquiry proxy module
Close value, is verified to ciphertext, if being verified, and plaintext is exported to user;Otherwise, to the warning letter of user's output error
Breath.
7. ciphertext storage and the Connection inquiring method of the suitable cloud environment according to claim any one of 4-6, its feature exist
In:Methods described specifically includes following steps:
1) ciphering process
1.1) user relation R to be encrypted plaintext attribute column A is transferred to after encrypting module, and encrypting module calls inquiry proxy module
Obtain the secret value (α on attribute column AA,βA);
1.2) encrypting module obtains the public key X=g of userx, call generating random number part to obtain random number r1,r2,r3, then adjust
With mould exponentiation part and Hash part, each on plaintext attribute column A is calculated in plain text as the following formula, ciphertext is generated:
<mrow>
<msub>
<mi>C</mi>
<mn>1</mn>
</msub>
<mo>=</mo>
<msup>
<mi>g</mi>
<msub>
<mi>r</mi>
<mn>1</mn>
</msub>
</msup>
<mo>,</mo>
<msub>
<mi>C</mi>
<mn>2</mn>
</msub>
<mo>=</mo>
<msup>
<mi>g</mi>
<mrow>
<msub>
<mi>r</mi>
<mn>1</mn>
</msub>
<mo>/</mo>
<msub>
<mi>&alpha;</mi>
<mi>A</mi>
</msub>
</mrow>
</msup>
<mo>,</mo>
<msub>
<mi>C</mi>
<mn>3</mn>
</msub>
<mo>=</mo>
<msup>
<mi>g</mi>
<msub>
<mi>r</mi>
<mn>2</mn>
</msub>
</msup>
<mo>,</mo>
<msub>
<mi>C</mi>
<mn>4</mn>
</msub>
<mo>=</mo>
<msubsup>
<mi>m</mi>
<mn>1</mn>
<mrow>
<msub>
<mi>r</mi>
<mn>1</mn>
</msub>
<mo>/</mo>
<msub>
<mi>&alpha;</mi>
<mi>A</mi>
</msub>
</mrow>
</msubsup>
<msup>
<mi>g</mi>
<mrow>
<msub>
<mi>r</mi>
<mn>2</mn>
</msub>
<msub>
<mi>&beta;</mi>
<mi>A</mi>
</msub>
</mrow>
</msup>
<mo>,</mo>
</mrow>
<mrow>
<msub>
<mi>C</mi>
<mn>5</mn>
</msub>
<mo>=</mo>
<msup>
<mi>g</mi>
<msub>
<mi>r</mi>
<mn>3</mn>
</msub>
</msup>
<mo>,</mo>
<msub>
<mi>C</mi>
<mn>6</mn>
</msub>
<mo>=</mo>
<mi>H</mi>
<mrow>
<mo>(</mo>
<msub>
<mi>C</mi>
<mn>1</mn>
</msub>
<mo>|</mo>
<mo>|</mo>
<msub>
<mi>C</mi>
<mn>2</mn>
</msub>
<mo>|</mo>
<mo>|</mo>
<msub>
<mi>C</mi>
<mn>3</mn>
</msub>
<mo>|</mo>
<mo>|</mo>
<msub>
<mi>C</mi>
<mn>4</mn>
</msub>
<mo>|</mo>
<mo>|</mo>
<msub>
<mi>C</mi>
<mn>5</mn>
</msub>
<mo>|</mo>
<mo>|</mo>
<msup>
<mi>X</mi>
<msub>
<mi>r</mi>
<mn>3</mn>
</msub>
</msup>
<mo>)</mo>
</mrow>
<mo>&CirclePlus;</mo>
<mrow>
<mo>(</mo>
<msub>
<mi>m</mi>
<mn>1</mn>
</msub>
<mo>|</mo>
<mo>|</mo>
<msub>
<mi>r</mi>
<mn>1</mn>
</msub>
<mo>|</mo>
<mo>|</mo>
<msub>
<mi>r</mi>
<mn>2</mn>
</msub>
<mo>)</mo>
</mrow>
</mrow>
1.3) ciphertext of generation is sent in ciphertext database and stored;
2) decrypting process
2.1) deciphering module receives the ciphertext C that ciphertext database or query execution module are sentA=(C1,C2,C3,C4,C5,C6), obtain
Obtain the private key x of user;
2.2) deciphering module calls mould exponentiation part and Hash part, using the private key x of user, is calculated as follows and obtains plaintext m1:
<mrow>
<msub>
<mi>m</mi>
<mn>1</mn>
</msub>
<mo>|</mo>
<mo>|</mo>
<msub>
<mi>r</mi>
<mn>1</mn>
</msub>
<mo>|</mo>
<mo>|</mo>
<msub>
<mi>r</mi>
<mn>2</mn>
</msub>
<mo>=</mo>
<mi>H</mi>
<mrow>
<mo>(</mo>
<msub>
<mi>C</mi>
<mn>1</mn>
</msub>
<mo>|</mo>
<mo>|</mo>
<msub>
<mi>C</mi>
<mn>2</mn>
</msub>
<mo>|</mo>
<mo>|</mo>
<msub>
<mi>C</mi>
<mn>3</mn>
</msub>
<mo>|</mo>
<mo>|</mo>
<msub>
<mi>C</mi>
<mn>4</mn>
</msub>
<mo>|</mo>
<mo>|</mo>
<msub>
<mi>C</mi>
<mn>5</mn>
</msub>
<mo>|</mo>
<mo>|</mo>
<msup>
<msub>
<mi>C</mi>
<mn>5</mn>
</msub>
<mi>x</mi>
</msup>
<mo>)</mo>
</mrow>
<mo>&CirclePlus;</mo>
<msub>
<mi>C</mi>
<mn>6</mn>
</msub>
</mrow>
2.3) deciphering module calls inquiry proxy module to obtain ciphertext CA=(C1,C2,C3,C4,C5,C6) where it is secret in attribute column
Close value (αA,βA);
2.4) deciphering module utilizes m1,r1,r2,αA,βATo ciphertext CA=(C1,C2,C3,C4,C5,C6) verified:
<mrow>
<msub>
<mi>C</mi>
<mn>1</mn>
</msub>
<mo>=</mo>
<msup>
<mi>g</mi>
<msub>
<mi>r</mi>
<mn>1</mn>
</msub>
</msup>
<mo>,</mo>
<msub>
<mi>C</mi>
<mn>2</mn>
</msub>
<mo>=</mo>
<msup>
<mi>g</mi>
<mrow>
<msub>
<mi>r</mi>
<mn>1</mn>
</msub>
<mo>/</mo>
<msub>
<mi>&alpha;</mi>
<mi>A</mi>
</msub>
</mrow>
</msup>
<mo>,</mo>
<msub>
<mi>C</mi>
<mn>3</mn>
</msub>
<mo>=</mo>
<msup>
<mi>g</mi>
<msub>
<mi>r</mi>
<mn>2</mn>
</msub>
</msup>
<mo>,</mo>
<msub>
<mi>C</mi>
<mn>4</mn>
</msub>
<mo>=</mo>
<msup>
<msub>
<mi>m</mi>
<mn>1</mn>
</msub>
<mrow>
<msub>
<mi>r</mi>
<mn>1</mn>
</msub>
<mo>/</mo>
<msub>
<mi>&alpha;</mi>
<mi>A</mi>
</msub>
</mrow>
</msup>
<msup>
<mi>g</mi>
<mrow>
<msub>
<mi>r</mi>
<mn>2</mn>
</msub>
<msub>
<mi>&beta;</mi>
<mi>A</mi>
</msub>
</mrow>
</msup>
</mrow>
If 2.5) step 2.4) in equation set up, be verified, deciphering module is by plaintext m1Export to user;Otherwise, decrypt
Warning message from module to user's output error;
3) query execution process
3.1) query execution module receives the relation R to be connected of user's submission ciphertext attribute column A and relation S ciphertext attribute column
Ciphertext Connection inquiring on B;
3.2) query execution module calls inquiry proxy module, and the inquiry performed needed for ciphertext Connection inquiring is obtained after being allowed
Limit door trapdoor:
Trapdoor=(βB/αA,βA/αB)
3.3) query execution module obtains the relation R upper ciphertext value C of ciphertext attribute column AA=(C1,C2,C3,C4,C5,C6), close
It is a ciphertext value C on S ciphertext attribute column BB=(C1′,C2′,C3′,C4′,C5′,C6'), formed as the following formula to be connected
Ciphertext pair:
e(C2,C4′),e(C4,C2′),e(C1,C3′),e(C1′,C3)
3.4) then query execution module, using inquiry limit door trapdoor, calls Bilinear map part and mould exponentiation part to treat
The ciphertext of connection is to carrying out following judgement:
<mrow>
<mfrac>
<mrow>
<mi>e</mi>
<mrow>
<mo>(</mo>
<msub>
<mi>C</mi>
<mn>2</mn>
</msub>
<mo>,</mo>
<msup>
<msub>
<mi>C</mi>
<mn>4</mn>
</msub>
<mo>&prime;</mo>
</msup>
<mo>)</mo>
</mrow>
</mrow>
<mrow>
<mi>e</mi>
<mrow>
<mo>(</mo>
<msup>
<msub>
<mi>C</mi>
<mn>2</mn>
</msub>
<mo>&prime;</mo>
</msup>
<mo>,</mo>
<msub>
<mi>C</mi>
<mn>4</mn>
</msub>
<mo>)</mo>
</mrow>
</mrow>
</mfrac>
<mo>=</mo>
<mfrac>
<mrow>
<mi>e</mi>
<msup>
<mrow>
<mo>(</mo>
<msub>
<mi>C</mi>
<mn>1</mn>
</msub>
<mo>,</mo>
<msup>
<msub>
<mi>C</mi>
<mn>3</mn>
</msub>
<mo>&prime;</mo>
</msup>
<mo>)</mo>
</mrow>
<mrow>
<msub>
<mi>&beta;</mi>
<mi>B</mi>
</msub>
<mo>/</mo>
<msub>
<mi>&alpha;</mi>
<mi>A</mi>
</msub>
</mrow>
</msup>
</mrow>
<mrow>
<mi>e</mi>
<msup>
<mrow>
<mo>(</mo>
<msup>
<msub>
<mi>C</mi>
<mn>1</mn>
</msub>
<mo>&prime;</mo>
</msup>
<mo>,</mo>
<msub>
<mi>C</mi>
<mn>3</mn>
</msub>
<mo>)</mo>
</mrow>
<mrow>
<msub>
<mi>&beta;</mi>
<mi>A</mi>
</msub>
<mo>/</mo>
<msub>
<mi>&alpha;</mi>
<mi>B</mi>
</msub>
</mrow>
</msup>
</mrow>
</mfrac>
</mrow>
If 3.5) step 3.4) in equation set up, illustrate to meet condition of contact, then query execution module by this ciphertext to biography
Be defeated by deciphering module, deciphering module is according to above-mentioned steps 2) decrypting process to the ciphertext to being decrypted, and by final knot
Fruit returns to user;Otherwise, return to step 3.3) the next ciphertext pair to be connected of continuation acquirement, to the ciphertext to carrying out identical
Processing, until all ciphertexts are to having handled one time.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410681870.XA CN104468535B (en) | 2014-11-24 | 2014-11-24 | It is adapted to ciphertext storage and connection query system and the method for cloud environment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201410681870.XA CN104468535B (en) | 2014-11-24 | 2014-11-24 | It is adapted to ciphertext storage and connection query system and the method for cloud environment |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104468535A CN104468535A (en) | 2015-03-25 |
CN104468535B true CN104468535B (en) | 2017-09-29 |
Family
ID=52913907
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201410681870.XA Active CN104468535B (en) | 2014-11-24 | 2014-11-24 | It is adapted to ciphertext storage and connection query system and the method for cloud environment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104468535B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109981614B (en) * | 2019-03-12 | 2020-04-17 | 华南农业大学 | Data encryption method, data decryption method, data query method and data query device based on user group |
CN115118474A (en) * | 2022-06-20 | 2022-09-27 | 广东省工业边缘智能创新中心有限公司 | Identification query and storage management method, identification agent module and authority management system |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102882687A (en) * | 2012-10-19 | 2013-01-16 | 杭州尚思科技有限公司 | Intelligent household safe access method and system based on searchable cipher text |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6996251B2 (en) * | 2002-09-30 | 2006-02-07 | Myport Technologies, Inc. | Forensic communication apparatus and method |
-
2014
- 2014-11-24 CN CN201410681870.XA patent/CN104468535B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102882687A (en) * | 2012-10-19 | 2013-01-16 | 杭州尚思科技有限公司 | Intelligent household safe access method and system based on searchable cipher text |
Non-Patent Citations (1)
Title |
---|
基于D 模A S型的一种密文数据库查询优化方法;马莎等;《计算机科学》;20081024;第35卷(第10期);第40-46页 * |
Also Published As
Publication number | Publication date |
---|---|
CN104468535A (en) | 2015-03-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11381398B2 (en) | Method for re-keying an encrypted data file | |
Wu et al. | A novel and provably secure authentication and key agreement scheme with user anonymity for global mobility networks | |
JP5562687B2 (en) | Securing communications sent by a first user to a second user | |
CN106529327B9 (en) | Data access system and method for encrypted database in hybrid cloud environment | |
CN105553951B (en) | Data transmission method and device | |
CN107359998B (en) | A kind of foundation and operating method of portable intelligent password management system | |
CN103957109B (en) | A kind of cloud data-privacy protects safe re-encryption method | |
CN104486315B (en) | A kind of revocable key outsourcing decryption method based on contents attribute | |
CN103618728B (en) | A kind of encryption attribute method at more mechanism centers | |
CN103763631B (en) | Authentication method, server and television set | |
CN110324143A (en) | Data transmission method, electronic equipment and storage medium | |
CN105307165B (en) | Communication means, server-side and client based on mobile application | |
CN104967693B (en) | Towards the Documents Similarity computational methods based on full homomorphism cryptographic technique of cloud storage | |
KR102224998B1 (en) | Computer-implemented system and method for protecting sensitive data via data re-encryption | |
CN105743888A (en) | Agent re-encryption scheme based on keyword research | |
CN105187389B (en) | A kind of Web access method and system for obscuring encryption based on number | |
CN105187425B (en) | Facing cloud calculus communication system safety without certificate thresholding decryption method | |
CN110474908A (en) | Transaction monitoring and managing method and device, storage medium and computer equipment | |
CN109040060B (en) | Terminal matching method and system and computer equipment | |
CN103701596A (en) | Document access method, system and equipment and document access request response method, system and equipment | |
CN106789032A (en) | The single password tripartite authentication method of privacy sharing between server and mobile device | |
CN109165526A (en) | A kind of big data security and privacy guard method, device and storage medium | |
CN104125239B (en) | A kind of method for network authorization transmitted based on data link encryption and system | |
CN105187382A (en) | Multi-factor identity authentication method for preventing library collision attacks | |
CN107690079A (en) | Privacy of user guard method in live platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |