CN104468535B - It is adapted to ciphertext storage and connection query system and the method for cloud environment - Google Patents

It is adapted to ciphertext storage and connection query system and the method for cloud environment Download PDF

Info

Publication number
CN104468535B
CN104468535B CN201410681870.XA CN201410681870A CN104468535B CN 104468535 B CN104468535 B CN 104468535B CN 201410681870 A CN201410681870 A CN 201410681870A CN 104468535 B CN104468535 B CN 104468535B
Authority
CN
China
Prior art keywords
msub
ciphertext
mrow
msup
module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201410681870.XA
Other languages
Chinese (zh)
Other versions
CN104468535A (en
Inventor
马莎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
South China Agricultural University
Original Assignee
South China Agricultural University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by South China Agricultural University filed Critical South China Agricultural University
Priority to CN201410681870.XA priority Critical patent/CN104468535B/en
Publication of CN104468535A publication Critical patent/CN104468535A/en
Application granted granted Critical
Publication of CN104468535B publication Critical patent/CN104468535B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Abstract

The invention discloses a kind of storage of the ciphertext of suitable cloud environment and connection query system and method, the system includes being arranged on the first processor of client and is arranged on the second processor of database server side, the first processor includes encrypting module, deciphering module and inquiry proxy module, and the second processor includes query execution module;Methods described includes ciphering process, decrypting process and query execution process.The algorithm that present system and method are used is simple, easy to implement, ciphertext storage and the Connection inquiring that can be widely applied under cloud environment, and vital effect is played to the realization for promoting outsourcing database under cloud environment.

Description

It is adapted to ciphertext storage and connection query system and the method for cloud environment
Technical field
The present invention relates to a kind of storage of ciphertext and connection query system and method, especially a kind of ciphertext of suitable cloud environment Storage and connection query system and method.Belong to information security field.
Background technology
With developing rapidly for cloud computing, conveniently characteristic and flexible charge method cause increasing use for it Local Data Migration to cloud server end is saved local data management expense and system maintenance spending with this by family.By The control range of user has been had disengaged from beyond the clouds in data storage, and Cloud Server manager and disabled user can be attempted by visiting Ask data to try to the information that data are included, this is likely to result in the leakage of data message and privacy of user.In recent years by The cloud security accident for causing the improper operation with Cloud Server keeper to cause in hacker attacks result in a large number of users The leakage of data and private data, such as Sony companies are in 2011 because hacker attacks causes more than one hundred million subscriber datas to leak accident Gmail large-scale consumer data leak events occurred with Google companies in 2011 etc., these cloud accidents frequently occurred The consideration for making user more careful deposits whether the security of data and the individual privacy of oneself can obtain effectively beyond the clouds Protection the problems such as.
Cryptographic technique is that a kind of important instrument of data-privacy protection is realized under cloud computing environment.In order to ensure data Confidentiality, user can select that private data is encrypted.After traditional data base management system is disposed beyond the clouds, user Can be by the data storage of ciphertext form beyond the clouds database.But realize that the relational operation in traditional database will in ciphertext As the new problem for realizing cloud data base management system.A kind of simplest method is that all ciphertext data are downloaded into this Ground is decrypted, and relational operation is then carried out on plaintext, but this operation not only needs to expend huge network overhead, and And user is also required to because decryption and search operation pay huge computing cost.Another extreme way be by key and Inquiry operation issues cloud database server, allows cloud database server to decrypt ciphertext data, and carry out the behaviour of the relation on plaintext Make, but this way can allow Cloud Server to know the clear data of user again again, seriously threaten the safety and use of data The individual privacy at family.
In order to support the search in ciphertext, thus some AESs propose, and have obtained the wide of researcher in recent years General research and concern, wherein most cryptographic algorithm are directed to keyword search, and Connection inquiring is a kind of important pass in database A kind of system's operation, method for supporting ciphertext Connection inquiring plays vital to the realization for promoting outsourcing database under cloud environment Effect.
The content of the invention
The invention aims to the defect for solving above-mentioned prior art, there is provided a kind of storage of the ciphertext of suitable cloud environment With connection query system, the system have safe, algorithm it is simple, it is easy to implement the characteristics of, can be widely applied to Yun Huan The ciphertext storage in border and Connection inquiring.
Stored and Connection inquiring method another object of the present invention is to the ciphertext for providing a kind of suitable cloud environment.
The purpose of the present invention can be reached by adopting the following technical scheme that:
It is adapted to ciphertext storage and the connection query system of cloud environment, it is characterised in that:First including being arranged on client Processor and the second processor for being arranged on database server side, the first processor include encrypting module, decryption mould Block and inquiry proxy module, the second processor include query execution module, wherein:
The encrypting module, for user's plaintext attribute column to be encrypted to be encrypted, forms ciphertext, completes to add It is close, and the ciphertext of generation is sent in ciphertext database stored;
The deciphering module, for processing, shape to be decrypted to the ciphertext that ciphertext database or query execution module are sent Into plaintext, decryption is completed, and ciphertext is verified, if being verified, plaintext is exported to user;Otherwise, it is defeated to user The warning message made mistake;
The inquiry proxy module, for aiding in being encrypted, decrypting and query execution;
The query execution module, the ciphertext Connection inquiring for being submitted to user is performed on ciphertext database, Two attribute columns to be connected are obtained from ciphertext database, a ciphertext value is respectively taken in the two attribute columns, the company for the treatment of is formed The ciphertext pair connect, the inquiry generated using inquiry proxy module limits door, and calling Bilinear map part and mould exponentiation part to judge should Ciphertext is transferred to deciphering module by ciphertext to be connected to whether meeting condition of contact if meeting, by deciphering module to Transmit plaintext Connection inquiring result in family;Otherwise, continue to obtain next ciphertext to be connected to judging, until all ciphertexts To having handled one time.
It is preferred that, the encrypting module is specific as follows:
The plaintext attribute column to be encrypted for receiving user, calls generating random number part, mould exponentiation part and Hash portion Part, the secret value in the attribute column and the public key of user passed over according to inquiry proxy module, in the plaintext attribute column Each carry out calculating generation ciphertext in plain text, and the ciphertext of generation be sent in ciphertext database stored.
It is preferred that, the deciphering module is specific as follows:
For receiving the ciphertext that ciphertext database or query execution module are sent, mould exponentiation part and Hash part are called, Calculated and obtained in plain text according to the private key of user, and it is secret in attribute column where the ciphertext passed over using inquiry proxy module Close value, is verified to ciphertext, if being verified, and plaintext is exported to user;Otherwise, to the warning letter of user's output error Breath.
It is preferred that, the query execution module is specific as follows:
Ciphertext Connection inquiring for receiving user's submission, obtains two attribute columns to be connected from ciphertext database, A ciphertext value is respectively taken in the two attribute columns, ciphertext pair to be connected is formed, the inquiry generated using inquiry proxy module Door is limited, calls Bilinear map part and mould exponentiation to be calculated, judges the ciphertext to be connected to whether meeting condition of contact, if Ciphertext is then transferred to deciphering module by satisfaction, and plaintext Connection inquiring result is transmitted to user by deciphering module;Otherwise, continue to obtain A ciphertext to be connected is removed to judging, until all ciphertexts are to having handled one time.
Another object of the present invention can be reached by adopting the following technical scheme that:
It is adapted to ciphertext storage and the Connection inquiring method of cloud environment, it is characterised in that methods described includes:
Ciphering process:The encrypting module plaintext attribute column to be encrypted to user is encrypted, and forms ciphertext, completes to add It is close, and the ciphertext of generation is sent in ciphertext database stored;
Decrypting process:Processing, shape is decrypted in the ciphertext that deciphering module is sent to ciphertext database or query execution module Into plaintext, decryption is completed, and ciphertext is verified, if being verified, plaintext is exported to user;Otherwise, it is defeated to user The warning message made mistake;
Query execution process:Query execution module is held to the ciphertext Connection inquiring that user submits on ciphertext database OK, two attribute columns to be connected are obtained from ciphertext database, a ciphertext value is respectively taken in the two attribute columns, formation is treated The ciphertext pair of connection, the inquiry generated using inquiry proxy module limits door, and calling bilinearity part and mould exponentiation part to judge should Ciphertext is transferred to deciphering module by ciphertext to be connected to whether meeting condition of contact if meeting, by deciphering module to Transmit plaintext Connection inquiring result in family;Otherwise, continue to obtain next ciphertext to be connected to judging, until all ciphertexts To having handled one time.
It is preferred that, the ciphering process is specific as follows:
Encrypting module receives user's plaintext attribute column to be encrypted, calls generating random number part, mould exponentiation part and Kazakhstan Uncommon part, the secret value in the plaintext attribute column and the public key of user passed over according to inquiry proxy module, to this in plain text Each in attribute column carries out calculating generation ciphertext in plain text, and the ciphertext of generation is sent in ciphertext database deposited Storage.
It is preferred that, the decrypting process is specific as follows:
Deciphering module receives the ciphertext that ciphertext database or query execution module are sent, and calls mould exponentiation part and Hash portion Part, is calculated according to the private key of user and obtained in plain text, and where the ciphertext passed over using inquiry proxy module in attribute column Secret value, ciphertext is verified, if being verified, will in plain text export to user;Otherwise, to the police of user's output error Accuse information.
It is preferred that, the query execution process is specific as follows:
Query execution module receives the ciphertext Connection inquiring that user submits, and to be connected two are obtained from ciphertext database Attribute column, respectively takes a ciphertext value in the two attribute columns, forms ciphertext pair to be connected, is generated using inquiry proxy module Inquiry limit door, call Bilinear map part and mould exponentiation part to be calculated, judge the ciphertext to be connected to whether meeting Condition of contact, deciphering module is transferred to if meeting by ciphertext, and plaintext Connection inquiring result is transmitted to user by deciphering module; Otherwise, continuation obtains next ciphertext to be connected to judging, until all ciphertexts are to having handled one time.
It is preferred that, methods described specifically includes following steps:
1) ciphering process
1.1) user relation R to be encrypted plaintext attribute column A is transferred to after encrypting module, and encrypting module calls inquiry proxy Module obtains the secret value (α on plaintext attribute column AA, βA);
1.2) encrypting module obtains the public key X=g of userx, call generating random number part to obtain random number r1, r2, r3, Then mould exponentiation part and Hash part are called, each on plaintext attribute column A is calculated in plain text as the following formula, is generated close Text:
1.3) ciphertext of generation is sent in ciphertext database and stored;
2) decrypting process
2.1) deciphering module receives the ciphertext C that ciphertext database or query execution module are sentA=(C1, C2, C3, C4, C5, C6), obtain the private key x of user;
2.2) deciphering module calls mould exponentiation part and Hash part, using the private key x of user, is calculated as follows and obtains bright Literary m1
2.3) deciphering module calls inquiry proxy module to obtain ciphertext CA=(C1, C2, C3, C4, C5, C6) where in attribute column Secret value (αA, βA);
2.4) deciphering module utilizes m1, r1, r2, αA, βATo ciphertext CA=(C1, C2, C3, C4, C5, C6) verified:
If 2.5) above-mentioned equation is set up, it is verified, deciphering module is by plaintext m1Export to user;Otherwise, mould is decrypted Warning message from block to user's output error;
3) query execution process
3.1) query execution module receives the relation R to be connected of user's submission ciphertext attribute column A and relation S ciphertext category Ciphertext Connection inquiring on property row B;
3.2) query execution module calls inquiry proxy module, after being allowed needed for acquisition execution ciphertext Connection inquiring Inquiry limit door trapdoor:
Trapdoor=(βBA, βAB)
3.3) query execution module obtains the relation R upper ciphertext value C of ciphertext attribute column AA=(C1, C2, C3, C4, C5, C6), a ciphertext value C on relation S ciphertext attribute column BB=(C1', C2', C3', C4', C5', C6'), the company for the treatment of is formed as the following formula The ciphertext pair connect:
e(C2, C4'), e (C4, C2'), e (C1, C3'), e (C1', C3)
3.4) then query execution module, using inquiry limit door trapdoor, calls Bilinear map part and mould exponentiation part To ciphertext to be connected to carrying out following judgement:
If 3.5) above-mentioned equation is set up, illustrate to meet condition of contact, then query execution module by this ciphertext to being transferred to Deciphering module, deciphering module is according to above-mentioned steps 2) decrypting process the ciphertext is returned to being decrypted, and by final result Back to user;Otherwise, return to step 3.3) the next ciphertext pair to be connected of continuation acquirement, to the ciphertext to carrying out at identical Reason, until all ciphertexts are to having handled one time.
The present invention has following beneficial effect relative to prior art:
1st, the characteristics of present system and method have safe, in no client authorization (i.e. inquiry proxy module The inquiry limit door of generation) in the case of, cloud server end can not perform ciphertext connection, when the mandate for obtaining client, cloud service Device end can carry out the connection in ciphertext attribute column in the case where not knowing plaintext.
2nd, present system and method are in the attribute column that client can be passed over using inquiry proxy module The public key of secret value and user are encrypted, it is possible to use the private key of user is decrypted, and encrypt and decrypt without Bilinear map Computing, required time is short, and response is fast, can be realized in the terminal of weak computing resource.
3rd, the company of present system and the method both Connection inquiring, also applicable multi-user's ciphertext of applicable single user ciphertext Inquiry is connect, thus with more flexible application scenarios.
4th, the algorithm that present system and method are used is simple, easy to implement, can be widely applied to the ciphertext of cloud environment Storage and Connection inquiring, vital work is played to the realization for promoting outsourcing database (i.e. ciphertext database) under cloud environment With.
Brief description of the drawings
Ciphertext storages and connection query system theory diagram of the Fig. 1 for the suitable cloud environment of the embodiment of the present invention.
Ciphertext storages and the ciphering process of Connection inquiring method of the Fig. 2 for the suitable cloud environment of the embodiment of the present invention are illustrated Figure.
Ciphertext storages and the decrypting process of Connection inquiring method of the Fig. 3 for the suitable cloud environment of the embodiment of the present invention are illustrated Figure.
Ciphertext storages and the query execution process of Connection inquiring method of the Fig. 4 for the suitable cloud environment of the embodiment of the present invention are shown It is intended to.
Embodiment
Embodiment 1:
As shown in figure 1, the ciphertext storage of the present embodiment and connection query system, including first processor and second processing Device, the first processor is arranged on client, and it includes encrypting module, deciphering module and inquiry proxy module;Described Two processors are arranged on database server side, and it includes query execution module, wherein:
The encrypting module, for user's plaintext attribute column to be encrypted to be encrypted, forms ciphertext, completes to add It is close, be specially:User's plaintext attribute column to be encrypted is received, generating random number part, mould exponentiation part and Hash part is called, The secret value in the plaintext attribute column and the public key of user passed over according to inquiry proxy module, in the plaintext attribute column Each carry out calculating generation ciphertext in plain text, and the ciphertext of generation be sent in ciphertext database stored;
The deciphering module, for processing, shape to be decrypted to the ciphertext that ciphertext database or query execution module are sent Into plaintext, decryption is completed, is specially:For receiving the ciphertext that ciphertext database or query execution module are sent, mould exponentiation is called Part and Hash part, calculate according to the private key of user and obtain in plain text, and the ciphertext passed over using inquiry proxy module Secret value in the attribute column of place, is verified to ciphertext, if being verified, and plaintext is exported to user;Otherwise, to user The warning message of output error;
The inquiry proxy module, for aiding in being encrypted, decrypting and query execution, be specially:Storage is for each The secret value of attribute column, is transferred to encrypting module by secret value as needed and is encrypted, be transferred to deciphering module and be decrypted Checking, and submitted according to user query type generation inquiry limit door be transferred to query execution module;
The query execution module, the ciphertext Connection inquiring for being submitted to user is performed on ciphertext database, Specially:Receive user submit ciphertext Connection inquiring, two attribute columns to be connected are obtained from ciphertext database, this two A ciphertext value is respectively taken in individual attribute column, ciphertext pair to be connected is formed, the inquiry generated using inquiry proxy module limits door, adjusts The ciphertext to be connected is judged to whether meeting condition of contact with Bilinear map part and mould exponentiation part, by ciphertext if meeting Deciphering module is transferred to, plaintext Connection inquiring result is transmitted to user by deciphering module;Otherwise, continue to obtain next to be connected Ciphertext to judging, until all ciphertexts are to having handled one time.
In the present embodiment, the ciphertext storage based on said system includes with Connection inquiring method:
Ciphering process:Encrypting module receives user's plaintext attribute column to be encrypted, calls generating random number part, mould exponentiation Part and Hash part, the secret value in the attribute column and the public key of user passed over according to inquiry proxy module, to this Each in plaintext attribute column is carried out calculating generation ciphertext in plain text, and the ciphertext of generation is sent into progress in ciphertext database Storage;
Decrypting process:Deciphering module receives the ciphertext that ciphertext database or query execution module are sent, and calls mould exponentiation portion Part and Hash part, calculate according to the private key of user and obtain in plain text, and the ciphertext institute passed over using inquiry proxy module Secret value in attribute column, is verified to ciphertext, if being verified, and plaintext is exported to user;Otherwise, it is defeated to user The warning message made mistake;
Query execution process:Query execution module receives the ciphertext Connection inquiring that user submits, and is obtained from ciphertext database Two attribute columns to be connected are taken, a ciphertext value is respectively taken in the two attribute columns, ciphertext pair to be connected is formed, using looking into Ask proxy module generation inquiry limit door, call Bilinear map part and mould exponentiation part judge the ciphertext to be connected to whether Condition of contact is met, ciphertext is transferred to deciphering module if meeting, plaintext Connection inquiring is transmitted to user by deciphering module As a result;Otherwise, continuation obtains next ciphertext to be connected to judging, until all ciphertexts are to having handled one time.
As shown in Figure 2, Figure 3 and Figure 4, the above method is comprised the following steps that:
1) ciphering process
1.1) user relation R to be encrypted plaintext attribute column A is transferred to after encrypting module, and encrypting module calls inquiry proxy Module obtains the secret value (α on plaintext attribute column AA, βA);
1.2) encrypting module obtains the public key X=g of userx, call generating random number part to obtain random number r1, r2, r3, Then mould exponentiation part and Hash part are called, each on plaintext attribute column A is calculated in plain text as the following formula, is generated close Text:
1.3) ciphertext of generation is sent in ciphertext database and stored;
2) decrypting process
2.1) deciphering module receives the ciphertext C that ciphertext database or query execution module are sentA=(C1, C2, C3, C4, C5, C6), obtain the private key x of user;
2.2) deciphering module calls mould exponentiation part and Hash part, using the private key x of user, is calculated as follows and obtains bright Literary m1
2.3) deciphering module calls inquiry proxy module to obtain ciphertext CA=(C1, C2, C3, C4, C5, C6) where in attribute column Secret value (αA, βA);
2.4) deciphering module utilizes m1, r1, αA, βATo ciphertext CA=(C1, C2, C3, C4, C5, C6) verified:
If 2.5) above-mentioned equation is set up, it is verified, deciphering module is by plaintext m1Export to user;Otherwise, mould is decrypted Warning message from block to user's output error;
3) query execution process
3.1) query execution module receives the relation R to be connected of user's submission ciphertext attribute column A and relation S ciphertext category Ciphertext Connection inquiring on property row B;
3.2) query execution module calls inquiry proxy module, after being allowed needed for acquisition execution ciphertext Connection inquiring Inquiry limit door trapdoor:
Trapdoor=(βBA, βAB)
3.3) query execution module obtains the relation R upper ciphertext value C of ciphertext attribute column AA=(C1, C2, C3, C4, C5, C6), a ciphertext value C on relation S ciphertext attribute column BB=(C1', C2', C3', C4', C5', C6'), the company for the treatment of is formed as the following formula The ciphertext pair connect:
e(C2, C4'), e (C4, C2'), e (C1, C3'), e (C1', C3)
3.4) then query execution module, using inquiry limit door trapdoor, calls Bilinear map part and mould exponentiation part To ciphertext to be connected to carrying out following judgement:
If 3.5) above-mentioned equation is set up, illustrate to meet condition of contact, then query execution module by this ciphertext to being transferred to Deciphering module, deciphering module is according to above-mentioned steps 2) decrypting process the ciphertext is returned to being decrypted, and by final result Back to user;Otherwise, return to step 3.3) the next ciphertext pair to be connected of continuation acquirement, to the ciphertext to carrying out at identical Reason, until all ciphertexts are to having handled one time.
Can be with one of ordinary skill in the art will appreciate that realizing that all or part of step in above-described embodiment method is The hardware of correlation is instructed to complete by program, corresponding program can be stored in a computer read/write memory medium, Described storage medium, such as ROM/RAM, disk or CD.
In summary, the algorithm that present system and method are used is simple, easy to implement, can be widely applied to cloud environment Ciphertext storage and Connection inquiring, to promoting the realization of outsourcing database (i.e. ciphertext database) under cloud environment to play most important Effect.
It is described above, it is only patent preferred embodiment of the present invention, but the protection domain of patent of the present invention is not limited to This, any one skilled in the art is in the scope disclosed in patent of the present invention, according to the skill of patent of the present invention Art scheme and its patent of invention design are subject to equivalent substitution or change, belong to the protection domain of patent of the present invention.

Claims (7)

1. it is adapted to ciphertext storage and the connection query system of cloud environment, it is characterised in that:Including being arranged at the first of client Reason device and the second processor for being arranged on database server side, the first processor include encrypting module, deciphering module And inquiry proxy module, the second processor include query execution module, wherein:
The encrypting module, for user's plaintext attribute column to be encrypted to be encrypted, forms ciphertext, completes encryption, And the ciphertext of generation is sent in ciphertext database stored;
The deciphering module, for the ciphertext that ciphertext database or query execution module are sent being decrypted processing, is formed bright Text, completion decryption, and ciphertext is verified, if being verified, plaintext is exported to user;Otherwise, export wrong to user Warning message by mistake;
The inquiry proxy module, for aiding in being encrypted, decrypting and query execution;
The query execution module, the ciphertext Connection inquiring for receiving user's submission, obtains to be connected from ciphertext database Two attribute columns, respectively take a ciphertext value in the two attribute columns, form ciphertext pair to be connected, utilize inquiry proxy mould The inquiry limit door of block generation, calls Bilinear map part and mould exponentiation part to judge the ciphertext to be connected to whether meeting connection Condition, deciphering module is transferred to if meeting by ciphertext, and plaintext Connection inquiring result is transmitted to user by deciphering module;It is no Then, continue to obtain next ciphertext to be connected to judging, until all ciphertexts are to having handled one time, detailed process is such as Under:
Query execution module is received on the relation R to be connected of user's submission ciphertext attribute column A and relation S ciphertext attribute column B Ciphertext Connection inquiring, the secret value on attribute column A is (αAA), the secret value on attribute column B is (αBB);
Query execution module calls inquiry proxy module, and the inquiry limit door performed needed for ciphertext Connection inquiring is obtained after being allowed trapdoor:
Trapdoor=(βBAAB)
Query execution module obtains the relation R upper ciphertext value C of ciphertext attribute column AA=(C1,C2,C3,C4,C5,C6), relation S Ciphertext attribute column B on a ciphertext value CB=(C1′,C2′,C3′,C4′,C5′,C6'), ciphertext to be connected is formed as the following formula It is right:
e(C2,C4′),e(C4,C2′),e(C1,C3′),e(C1′,C3)
Then query execution module calls Bilinear map part and mould exponentiation part to be connected using inquiry limit door trapdoor Ciphertext to carrying out following judgement:
<mrow> <mfrac> <mrow> <mi>e</mi> <mrow> <mo>(</mo> <msub> <mi>C</mi> <mn>2</mn> </msub> <mo>,</mo> <msup> <msub> <mi>C</mi> <mn>4</mn> </msub> <mo>&amp;prime;</mo> </msup> <mo>)</mo> </mrow> </mrow> <mrow> <mi>e</mi> <mrow> <mo>(</mo> <msup> <msub> <mi>C</mi> <mn>2</mn> </msub> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <msub> <mi>C</mi> <mn>4</mn> </msub> <mo>)</mo> </mrow> </mrow> </mfrac> <mo>=</mo> <mfrac> <mrow> <mi>e</mi> <msup> <mrow> <mo>(</mo> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>,</mo> <msup> <msub> <mi>C</mi> <mn>3</mn> </msub> <mo>&amp;prime;</mo> </msup> <mo>)</mo> </mrow> <mrow> <msub> <mi>&amp;beta;</mi> <mi>B</mi> </msub> <mo>/</mo> <msub> <mi>&amp;alpha;</mi> <mi>A</mi> </msub> </mrow> </msup> </mrow> <mrow> <mi>e</mi> <msup> <mrow> <mo>(</mo> <msup> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <msub> <mi>C</mi> <mn>3</mn> </msub> <mo>)</mo> </mrow> <mrow> <msub> <mi>&amp;beta;</mi> <mi>A</mi> </msub> <mo>/</mo> <msub> <mi>&amp;alpha;</mi> <mi>B</mi> </msub> </mrow> </msup> </mrow> </mfrac> </mrow>
If the equation is set up, illustrate to meet condition of contact, then query execution module is solved by this ciphertext to being transferred to deciphering module Close module to being decrypted, and by final result to the ciphertext according to returning to user;Otherwise, continuation obtains next to be connected Ciphertext pair, to the ciphertext to carry out identical processing, until all ciphertexts are to having handled one time.
2. the ciphertext storage of suitable cloud environment according to claim 1 and connection query system, it is characterised in that:It is described to add Close module is specific as follows:
The plaintext attribute column to be encrypted for receiving user, calls generating random number part, mould exponentiation part and Hash part, root It is investigated that the secret value in the attribute column that proxy module is passed over and the public key of user are ask, to each in the plaintext attribute column Individual plaintext carries out calculating generation ciphertext, and the ciphertext of generation is sent in ciphertext database stored.
3. the ciphertext storage of suitable cloud environment according to claim 1 and connection query system, it is characterised in that:The solution Close module is specific as follows:
For receiving the ciphertext that ciphertext database or query execution module are sent, mould exponentiation part and Hash part are called, according to The private key of user, which is calculated, to be obtained in plain text, and the secret where the ciphertext passed over using inquiry proxy module in attribute column Value, is verified to ciphertext, if being verified, and plaintext is exported to user;Otherwise, to the warning letter of user's output error Breath.
4. it is adapted to ciphertext storage and the Connection inquiring method of cloud environment, it is characterised in that methods described includes:
Ciphering process:The encrypting module plaintext attribute column to be encrypted to user is encrypted, and forms ciphertext, completes encryption, And the ciphertext of generation is sent in ciphertext database stored;
Decrypting process:Processing is decrypted in the ciphertext that deciphering module is sent to ciphertext database or query execution module, is formed bright Text, completion decryption, and ciphertext is verified, if being verified, plaintext is exported to user;Otherwise, export wrong to user Warning message by mistake;
Query execution process:Query execution module receives the ciphertext Connection inquiring that user submits, and obtains and treats from ciphertext database Two attribute columns of connection, respectively take a ciphertext value in the two attribute columns, form ciphertext pair to be connected, using inquiring about generation The inquiry limit door of module generation is managed, calls Bilinear map part and mould exponentiation part to judge the ciphertext to be connected to whether meeting Condition of contact, deciphering module is transferred to if meeting by ciphertext, and plaintext Connection inquiring result is transmitted to user by deciphering module; Otherwise, continuation obtains next ciphertext to be connected to judging, until all ciphertexts are to having handled one time, detailed process is such as Under:
Query execution module is received on the relation R to be connected of user's submission ciphertext attribute column A and relation S ciphertext attribute column B Ciphertext Connection inquiring, the secret value on attribute column A is (αAA), the secret value on attribute column B is (αBB);
Query execution module calls inquiry proxy module, and the inquiry limit door performed needed for ciphertext Connection inquiring is obtained after being allowed trapdoor:
Trapdoor=(βBAAB)
Query execution module obtains the relation R upper ciphertext value C of ciphertext attribute column AA=(C1,C2,C3,C4,C5,C6), relation S Ciphertext attribute column B on a ciphertext value CB=(C1′,C2′,C3′,C4′,C5′,C6'), ciphertext to be connected is formed as the following formula It is right:
e(C2,C4′),e(C4,C2′),e(C1,C3′),e(C1′,C3)
Then query execution module calls Bilinear map part and mould exponentiation part to be connected using inquiry limit door trapdoor Ciphertext to carrying out following judgement:
<mrow> <mfrac> <mrow> <mi>e</mi> <mrow> <mo>(</mo> <msub> <mi>C</mi> <mn>2</mn> </msub> <mo>,</mo> <msup> <msub> <mi>C</mi> <mn>4</mn> </msub> <mo>&amp;prime;</mo> </msup> <mo>)</mo> </mrow> </mrow> <mrow> <mi>e</mi> <mrow> <mo>(</mo> <msup> <msub> <mi>C</mi> <mn>2</mn> </msub> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <msub> <mi>C</mi> <mn>4</mn> </msub> <mo>)</mo> </mrow> </mrow> </mfrac> <mo>=</mo> <mfrac> <mrow> <mi>e</mi> <msup> <mrow> <mo>(</mo> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>,</mo> <msup> <msub> <mi>C</mi> <mn>3</mn> </msub> <mo>&amp;prime;</mo> </msup> <mo>)</mo> </mrow> <mrow> <msub> <mi>&amp;beta;</mi> <mi>B</mi> </msub> <mo>/</mo> <msub> <mi>&amp;alpha;</mi> <mi>A</mi> </msub> </mrow> </msup> </mrow> <mrow> <mi>e</mi> <msup> <mrow> <mo>(</mo> <msup> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <msub> <mi>C</mi> <mn>3</mn> </msub> <mo>)</mo> </mrow> <mrow> <msub> <mi>&amp;beta;</mi> <mi>A</mi> </msub> <mo>/</mo> <msub> <mi>&amp;alpha;</mi> <mi>B</mi> </msub> </mrow> </msup> </mrow> </mfrac> </mrow>
If the equation is set up, illustrate to meet condition of contact, then query execution module is solved by this ciphertext to being transferred to deciphering module Close module to being decrypted, and by final result to the ciphertext according to returning to user;Otherwise, continuation obtains next to be connected Ciphertext pair, to the ciphertext to carry out identical processing, until all ciphertexts are to having handled one time.
5. ciphertext storage and the Connection inquiring method of suitable cloud environment according to claim 4, it is characterised in that:It is described to add Close process is specific as follows:
Encrypting module receives user's plaintext attribute column to be encrypted, calls generating random number part, mould exponentiation part and Hash portion Part, the secret value in the attribute column and the public key of user passed over according to inquiry proxy module, in the plaintext attribute column Each carry out calculating generation ciphertext in plain text, and the ciphertext of generation be sent in ciphertext database stored.
6. ciphertext storage and the Connection inquiring method of suitable cloud environment according to claim 4, it is characterised in that:The solution Close process is specific as follows:
Deciphering module receives the ciphertext that ciphertext database or query execution module are sent, and calls mould exponentiation part and Hash part, Calculated and obtained in plain text according to the private key of user, and it is secret in attribute column where the ciphertext passed over using inquiry proxy module Close value, is verified to ciphertext, if being verified, and plaintext is exported to user;Otherwise, to the warning letter of user's output error Breath.
7. ciphertext storage and the Connection inquiring method of the suitable cloud environment according to claim any one of 4-6, its feature exist In:Methods described specifically includes following steps:
1) ciphering process
1.1) user relation R to be encrypted plaintext attribute column A is transferred to after encrypting module, and encrypting module calls inquiry proxy module Obtain the secret value (α on attribute column AAA);
1.2) encrypting module obtains the public key X=g of userx, call generating random number part to obtain random number r1,r2,r3, then adjust With mould exponentiation part and Hash part, each on plaintext attribute column A is calculated in plain text as the following formula, ciphertext is generated:
<mrow> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>=</mo> <msup> <mi>g</mi> <msub> <mi>r</mi> <mn>1</mn> </msub> </msup> <mo>,</mo> <msub> <mi>C</mi> <mn>2</mn> </msub> <mo>=</mo> <msup> <mi>g</mi> <mrow> <msub> <mi>r</mi> <mn>1</mn> </msub> <mo>/</mo> <msub> <mi>&amp;alpha;</mi> <mi>A</mi> </msub> </mrow> </msup> <mo>,</mo> <msub> <mi>C</mi> <mn>3</mn> </msub> <mo>=</mo> <msup> <mi>g</mi> <msub> <mi>r</mi> <mn>2</mn> </msub> </msup> <mo>,</mo> <msub> <mi>C</mi> <mn>4</mn> </msub> <mo>=</mo> <msubsup> <mi>m</mi> <mn>1</mn> <mrow> <msub> <mi>r</mi> <mn>1</mn> </msub> <mo>/</mo> <msub> <mi>&amp;alpha;</mi> <mi>A</mi> </msub> </mrow> </msubsup> <msup> <mi>g</mi> <mrow> <msub> <mi>r</mi> <mn>2</mn> </msub> <msub> <mi>&amp;beta;</mi> <mi>A</mi> </msub> </mrow> </msup> <mo>,</mo> </mrow>
<mrow> <msub> <mi>C</mi> <mn>5</mn> </msub> <mo>=</mo> <msup> <mi>g</mi> <msub> <mi>r</mi> <mn>3</mn> </msub> </msup> <mo>,</mo> <msub> <mi>C</mi> <mn>6</mn> </msub> <mo>=</mo> <mi>H</mi> <mrow> <mo>(</mo> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>|</mo> <mo>|</mo> <msub> <mi>C</mi> <mn>2</mn> </msub> <mo>|</mo> <mo>|</mo> <msub> <mi>C</mi> <mn>3</mn> </msub> <mo>|</mo> <mo>|</mo> <msub> <mi>C</mi> <mn>4</mn> </msub> <mo>|</mo> <mo>|</mo> <msub> <mi>C</mi> <mn>5</mn> </msub> <mo>|</mo> <mo>|</mo> <msup> <mi>X</mi> <msub> <mi>r</mi> <mn>3</mn> </msub> </msup> <mo>)</mo> </mrow> <mo>&amp;CirclePlus;</mo> <mrow> <mo>(</mo> <msub> <mi>m</mi> <mn>1</mn> </msub> <mo>|</mo> <mo>|</mo> <msub> <mi>r</mi> <mn>1</mn> </msub> <mo>|</mo> <mo>|</mo> <msub> <mi>r</mi> <mn>2</mn> </msub> <mo>)</mo> </mrow> </mrow>
1.3) ciphertext of generation is sent in ciphertext database and stored;
2) decrypting process
2.1) deciphering module receives the ciphertext C that ciphertext database or query execution module are sentA=(C1,C2,C3,C4,C5,C6), obtain Obtain the private key x of user;
2.2) deciphering module calls mould exponentiation part and Hash part, using the private key x of user, is calculated as follows and obtains plaintext m1
<mrow> <msub> <mi>m</mi> <mn>1</mn> </msub> <mo>|</mo> <mo>|</mo> <msub> <mi>r</mi> <mn>1</mn> </msub> <mo>|</mo> <mo>|</mo> <msub> <mi>r</mi> <mn>2</mn> </msub> <mo>=</mo> <mi>H</mi> <mrow> <mo>(</mo> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>|</mo> <mo>|</mo> <msub> <mi>C</mi> <mn>2</mn> </msub> <mo>|</mo> <mo>|</mo> <msub> <mi>C</mi> <mn>3</mn> </msub> <mo>|</mo> <mo>|</mo> <msub> <mi>C</mi> <mn>4</mn> </msub> <mo>|</mo> <mo>|</mo> <msub> <mi>C</mi> <mn>5</mn> </msub> <mo>|</mo> <mo>|</mo> <msup> <msub> <mi>C</mi> <mn>5</mn> </msub> <mi>x</mi> </msup> <mo>)</mo> </mrow> <mo>&amp;CirclePlus;</mo> <msub> <mi>C</mi> <mn>6</mn> </msub> </mrow>
2.3) deciphering module calls inquiry proxy module to obtain ciphertext CA=(C1,C2,C3,C4,C5,C6) where it is secret in attribute column Close value (αAA);
2.4) deciphering module utilizes m1,r1,r2AATo ciphertext CA=(C1,C2,C3,C4,C5,C6) verified:
<mrow> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>=</mo> <msup> <mi>g</mi> <msub> <mi>r</mi> <mn>1</mn> </msub> </msup> <mo>,</mo> <msub> <mi>C</mi> <mn>2</mn> </msub> <mo>=</mo> <msup> <mi>g</mi> <mrow> <msub> <mi>r</mi> <mn>1</mn> </msub> <mo>/</mo> <msub> <mi>&amp;alpha;</mi> <mi>A</mi> </msub> </mrow> </msup> <mo>,</mo> <msub> <mi>C</mi> <mn>3</mn> </msub> <mo>=</mo> <msup> <mi>g</mi> <msub> <mi>r</mi> <mn>2</mn> </msub> </msup> <mo>,</mo> <msub> <mi>C</mi> <mn>4</mn> </msub> <mo>=</mo> <msup> <msub> <mi>m</mi> <mn>1</mn> </msub> <mrow> <msub> <mi>r</mi> <mn>1</mn> </msub> <mo>/</mo> <msub> <mi>&amp;alpha;</mi> <mi>A</mi> </msub> </mrow> </msup> <msup> <mi>g</mi> <mrow> <msub> <mi>r</mi> <mn>2</mn> </msub> <msub> <mi>&amp;beta;</mi> <mi>A</mi> </msub> </mrow> </msup> </mrow>
If 2.5) step 2.4) in equation set up, be verified, deciphering module is by plaintext m1Export to user;Otherwise, decrypt Warning message from module to user's output error;
3) query execution process
3.1) query execution module receives the relation R to be connected of user's submission ciphertext attribute column A and relation S ciphertext attribute column Ciphertext Connection inquiring on B;
3.2) query execution module calls inquiry proxy module, and the inquiry performed needed for ciphertext Connection inquiring is obtained after being allowed Limit door trapdoor:
Trapdoor=(βBAAB)
3.3) query execution module obtains the relation R upper ciphertext value C of ciphertext attribute column AA=(C1,C2,C3,C4,C5,C6), close It is a ciphertext value C on S ciphertext attribute column BB=(C1′,C2′,C3′,C4′,C5′,C6'), formed as the following formula to be connected Ciphertext pair:
e(C2,C4′),e(C4,C2′),e(C1,C3′),e(C1′,C3)
3.4) then query execution module, using inquiry limit door trapdoor, calls Bilinear map part and mould exponentiation part to treat The ciphertext of connection is to carrying out following judgement:
<mrow> <mfrac> <mrow> <mi>e</mi> <mrow> <mo>(</mo> <msub> <mi>C</mi> <mn>2</mn> </msub> <mo>,</mo> <msup> <msub> <mi>C</mi> <mn>4</mn> </msub> <mo>&amp;prime;</mo> </msup> <mo>)</mo> </mrow> </mrow> <mrow> <mi>e</mi> <mrow> <mo>(</mo> <msup> <msub> <mi>C</mi> <mn>2</mn> </msub> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <msub> <mi>C</mi> <mn>4</mn> </msub> <mo>)</mo> </mrow> </mrow> </mfrac> <mo>=</mo> <mfrac> <mrow> <mi>e</mi> <msup> <mrow> <mo>(</mo> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>,</mo> <msup> <msub> <mi>C</mi> <mn>3</mn> </msub> <mo>&amp;prime;</mo> </msup> <mo>)</mo> </mrow> <mrow> <msub> <mi>&amp;beta;</mi> <mi>B</mi> </msub> <mo>/</mo> <msub> <mi>&amp;alpha;</mi> <mi>A</mi> </msub> </mrow> </msup> </mrow> <mrow> <mi>e</mi> <msup> <mrow> <mo>(</mo> <msup> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>&amp;prime;</mo> </msup> <mo>,</mo> <msub> <mi>C</mi> <mn>3</mn> </msub> <mo>)</mo> </mrow> <mrow> <msub> <mi>&amp;beta;</mi> <mi>A</mi> </msub> <mo>/</mo> <msub> <mi>&amp;alpha;</mi> <mi>B</mi> </msub> </mrow> </msup> </mrow> </mfrac> </mrow>
If 3.5) step 3.4) in equation set up, illustrate to meet condition of contact, then query execution module by this ciphertext to biography Be defeated by deciphering module, deciphering module is according to above-mentioned steps 2) decrypting process to the ciphertext to being decrypted, and by final knot Fruit returns to user;Otherwise, return to step 3.3) the next ciphertext pair to be connected of continuation acquirement, to the ciphertext to carrying out identical Processing, until all ciphertexts are to having handled one time.
CN201410681870.XA 2014-11-24 2014-11-24 It is adapted to ciphertext storage and connection query system and the method for cloud environment Active CN104468535B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410681870.XA CN104468535B (en) 2014-11-24 2014-11-24 It is adapted to ciphertext storage and connection query system and the method for cloud environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410681870.XA CN104468535B (en) 2014-11-24 2014-11-24 It is adapted to ciphertext storage and connection query system and the method for cloud environment

Publications (2)

Publication Number Publication Date
CN104468535A CN104468535A (en) 2015-03-25
CN104468535B true CN104468535B (en) 2017-09-29

Family

ID=52913907

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410681870.XA Active CN104468535B (en) 2014-11-24 2014-11-24 It is adapted to ciphertext storage and connection query system and the method for cloud environment

Country Status (1)

Country Link
CN (1) CN104468535B (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109981614B (en) * 2019-03-12 2020-04-17 华南农业大学 Data encryption method, data decryption method, data query method and data query device based on user group
CN115118474A (en) * 2022-06-20 2022-09-27 广东省工业边缘智能创新中心有限公司 Identification query and storage management method, identification agent module and authority management system

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102882687A (en) * 2012-10-19 2013-01-16 杭州尚思科技有限公司 Intelligent household safe access method and system based on searchable cipher text

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6996251B2 (en) * 2002-09-30 2006-02-07 Myport Technologies, Inc. Forensic communication apparatus and method

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102882687A (en) * 2012-10-19 2013-01-16 杭州尚思科技有限公司 Intelligent household safe access method and system based on searchable cipher text

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于D 模A S型的一种密文数据库查询优化方法;马莎等;《计算机科学》;20081024;第35卷(第10期);第40-46页 *

Also Published As

Publication number Publication date
CN104468535A (en) 2015-03-25

Similar Documents

Publication Publication Date Title
US11381398B2 (en) Method for re-keying an encrypted data file
Wu et al. A novel and provably secure authentication and key agreement scheme with user anonymity for global mobility networks
JP5562687B2 (en) Securing communications sent by a first user to a second user
CN106529327B9 (en) Data access system and method for encrypted database in hybrid cloud environment
CN105553951B (en) Data transmission method and device
CN107359998B (en) A kind of foundation and operating method of portable intelligent password management system
CN103957109B (en) A kind of cloud data-privacy protects safe re-encryption method
CN104486315B (en) A kind of revocable key outsourcing decryption method based on contents attribute
CN103618728B (en) A kind of encryption attribute method at more mechanism centers
CN103763631B (en) Authentication method, server and television set
CN110324143A (en) Data transmission method, electronic equipment and storage medium
CN105307165B (en) Communication means, server-side and client based on mobile application
CN104967693B (en) Towards the Documents Similarity computational methods based on full homomorphism cryptographic technique of cloud storage
KR102224998B1 (en) Computer-implemented system and method for protecting sensitive data via data re-encryption
CN105743888A (en) Agent re-encryption scheme based on keyword research
CN105187389B (en) A kind of Web access method and system for obscuring encryption based on number
CN105187425B (en) Facing cloud calculus communication system safety without certificate thresholding decryption method
CN110474908A (en) Transaction monitoring and managing method and device, storage medium and computer equipment
CN109040060B (en) Terminal matching method and system and computer equipment
CN103701596A (en) Document access method, system and equipment and document access request response method, system and equipment
CN106789032A (en) The single password tripartite authentication method of privacy sharing between server and mobile device
CN109165526A (en) A kind of big data security and privacy guard method, device and storage medium
CN104125239B (en) A kind of method for network authorization transmitted based on data link encryption and system
CN105187382A (en) Multi-factor identity authentication method for preventing library collision attacks
CN107690079A (en) Privacy of user guard method in live platform

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant