CN108156138B - Fine-grained searchable encryption method for fog calculation - Google Patents

Abstract

The invention discloses a fine-grained searchable encryption method for fog computing, which is characterized in that a cloud-fog-terminal user system structure is established by utilizing an attribute encryption technology and a searchable encryption technology of a ciphertext strategy, a fog node is used as an agent to share the computing burden of a terminal user by utilizing the attribute encryption technology and the searchable encryption technology of the ciphertext strategy, and the terminal user can quickly generate a trapdoor and decrypt a ciphertext, so that the light-weight searchable encryption is realized, fine-grained access control is supported, only legal data users can perform ciphertext retrieval, the fine-grained searchable encryption method has wide application prospect in an actual scene, fine-grained access control is realized, only legal data users can perform ciphertext retrieval, and the fine-grained encryption method has wide prospect in the actual scene.

Description

Fine-grained searchable encryption method for fog calculation

Technical Field

The invention belongs to the technical field of information security, and particularly relates to an attribute encryption technology and a searchable encryption technology of a ciphertext strategy, which can be used for realizing searchable encryption of fine granularity in the background of fog calculation.

Background

The internet of things is a technology capable of connecting objects to the internet to enable the objects to be more intelligent, and with the continuous increase of networking equipment, mass data generated can be stored and calculated through cloud computing, and terminal users are released from heavy equipment maintenance and data management. However, the traditional cloud computing has the problems of poor mobility, high time delay and the like of a network architecture, which brings great challenges to the development of the internet of things. Cloud computing is expanded to the edge of a network by the aid of fog computing, and the fog nodes serve as intermediaries of the Internet of things and the cloud computing, so that the problems of terminal node request delay, excessive cloud server storage and computing burden, excessive network transmission bandwidth pressure and the like caused by combination of the Internet of things and the cloud computing can be solved. Therefore, the fog calculation has wide application prospect.

However, the fog computing brings convenience and new challenges to data security, and when sensitive data is outsourced to the fog node and the cloud server in a clear text form, the data is out of direct physical control of a data owner, and may suffer from a malicious attack and a serious potential safety hazard. The general solution is to encrypt data before uploading the data, and further, in order to implement fine-grained access control, a data owner wants only an end user satisfying conditions to decrypt a ciphertext, and an identity-based encryption technique, an attribute encryption technique of a key policy, and an attribute encryption technique of a ciphertext policy are proposed in succession. Although the confidentiality of data is guaranteed to a certain extent by encryption, the traditional plaintext retrieval technology cannot be applied to ciphertext. The searchable encryption technology enables the terminal user to perform keyword query on the ciphertext, so that not only is the data security ensured, but also the document which the data user is interested in can be quickly located. Therefore, by combining the attribute encryption technology of the ciphertext strategy and the searchable encryption technology of the ciphertext strategy, not only is efficient ciphertext retrieval realized, but also fine-grained access control is supported.

The calculation and storage cost of the searchable encryption technology of the existing ciphertext strategy is in direct proportion to the complexity of the access strategy, which brings great limitation to the internet of things equipment with limited calculation resources. By establishing a cloud-fog-terminal user system structure, each fog node in fog computing is used as an agent to share a large amount of computing, and the equipment of the Internet of things with limited resources can quickly generate trapdoors and decryption texts. Therefore, how to design and realize a lightweight fine-grained searchable encryption method in the background of fog calculation becomes a critical problem to be solved urgently.

Disclosure of Invention

Aiming at the defects in the prior art, the invention provides a fine-grained searchable encryption method for fog calculation by utilizing the attribute encryption technology and the searchable encryption technology of a ciphertext strategy. The cloud-fog-terminal user system structure is established, the attribute encryption technology and the searchable encryption technology of the ciphertext strategy are utilized, the fog node is used as an agent to share the calculation burden of a terminal user, the terminal user can quickly generate a trapdoor and decrypt a ciphertext, the lightweight searchable encryption is realized, fine-grained access control is supported, only legal data users can perform ciphertext retrieval, and the cloud-fog-terminal user system structure has wide application prospects in practical scenes.

In order to achieve the above object, the present invention adopts a technical solution that a fine-grained searchable encryption method for fog calculation includes the steps of:

step one, system initialization: the key generation center KGC generates a public parameter pm and a master key msk according to the security parameter k;

step two, generating a key: secret key generation center KGC generates fog node public key PK for fog node_FNFog node database correlation public key

And an authorized terminal user list UL, when a new terminal user joins the terminal user list UL, the key generation center KGC generates a key according to the identity information ID of the terminal user_EUAnd end user attribute set

Generating an end-user public key PK_EUPublic key associated with end user database

And dividing the terminal user and the fog node into the generation of the terminal user private key SK_EUAnd mist node private key SK_FNAnd private key SK of terminal user_EUSending to the terminal user, and sending the private key SK of the fog node to the terminal user_FNSending the data to a fog node;

step three, an encryption stage: data owner utilizing symmetric key set s_τThe plaintext document set F is changed to F₁，…，F_τEncrypting into a ciphertext document set C ═ C₁，…，C_τAnd fourthly, the data owner establishes an access control structure P and sends the access control structure P to the fog node, and the fog node is communicated with the end userOver-interaction, set the symmetric key s_τCarry out encryption to generate a cipher key set

The data owner generates an index set { I } using an access control structure P and a key set W_τAnd cipher text key set

Index set { I_τC and ciphertext document set C ═ C₁，…，C_τSending the data to a cloud server through a fog node;

step four, generating a trap door: when the terminal user wants to inquire the keyword W', the fog node verifies whether the terminal user is in the authorized user list UL, if not, the operation is terminated, otherwise, the fog node and the terminal user generate the trapdoor T through interaction_W'And will sink into the door T_W'Sending the attribute set S of the terminal user to a cloud server;

step five, ciphertext search: the cloud server firstly verifies whether the terminal user attribute set S meets the access control structure P, and if not, the operation is terminated; otherwise, the cloud server will trap the door T_w'And index set { I_τMatching is carried out, and the ciphertext set C' successfully matched is set as { C }_π} and corresponding ciphertext key sets

Sending the data to a fog node;

step six, ciphertext decryption: ciphertext key set returned by mist node and terminal user through interactive decryption

Obtaining a symmetric key set s of plaintext_πAccording to a symmetric key set s_πThe returned cipher text set C ═ C is decrypted_πGet the plaintext F' ═ F_π}。

Further, in the step one, the common parameters

Master key msk ═ (x, y, { t)_i}_i∈[1,n])；

Wherein G is a p-order addition cycle group, G₀,g₁Are two different generators of G, G_TIs a cyclic group of p factorial method, e is a bilinear map G → G_T，H₁Indicates that the set {0,1} is to be aggregated^*Mapping to p-order integer Ring Z_pX represents a first random number: x is formed as Z_pAnd y represents a second random number: y is equal to Z_p，t_iRepresents a third random number: t is t_i∈Z_p，i∈[1,n]The value range of i is represented, and the system attribute set U is { att }₁，…，att_n}，att_nRepresenting the nth system attribute.

Further, the second step specifically includes the following steps:

firstly, a secret key generation center KGC generates a fog node public key PK for a fog node_FNMist node database correlation public key

And an authorized end user list UL, wherein the fog node public key PK_FN＝e(g₀,g₀)^yrMist node database correlation public key

r represents a fourth random number, r ∈ Z_pS represents a random number common to the system, s ∈ Z_p；

Secondly, when a new terminal user joins the terminal user list UL, the key generation center KGC generates a key according to the identity information ID of the terminal user_EUAnd end user attribute set

Generating an end-user public key PK_EUPublic key associated with end user database

Wherein the end-user public key PK_EU＝e(g₀,g₀)^yuEnd user database related public key

u represents a fifth random number: u is as large as Z_p，

J-th attribute representing data user, j ∈ [1, m ∈ >]Representing the value range of j;

thirdly, a secret key generation center KGC generates a terminal user private key SK for the terminal user_EUGenerating a private key SK for the fog node_FNWherein the end-user private key SK_EU＝(K₀,{K_j,1}_j∈[1,m]U), mist node private key SK_FN＝(K₁,K₂,K₃,{K_j,2,K_j,3}_j∈[1,m],r)，K₀Representing the first private key component:

K₁representing the second private key component:

K₂represents the third private key component:

K₃represents the fourth private key component:

a_jrepresents a sixth random number, a_j∈Z_p，K_j,1Represents the fifth private key component:

mapping rho₁Representing the mapping of attributes in the data user' S attribute set S to attributes of the corresponding system attribute set U, i.e.

K_j,2Represents the sixth private key component:

K_j,3represents the seventh private key component:

b_jdenotes a seventh random number, b_j∈Z_pV represents an eighth random number, v ∈ Z_p；

Fourthly, the secret key generation center KGC uses the secret key SK of the terminal user_EUSending to the terminal user, and sending the private key SK of the fog node to the terminal user_FNAnd sending the data to the fog node.

Further, the third step specifically includes the following steps:

first, the data owner utilizes a symmetric key set s_τThe plaintext document set F is changed to F₁，…，F_τEncrypting into a ciphertext document set C ═ C₁，…，C_τA data owner establishes an access control structure P and sends the access control structure P to a selected fog node;

in the second step, the access control structure P is a tree structure, each node in the tree includes a polynomial and a threshold, and the fog node selects a polynomial q for the root node r_r(v) And a threshold value k_r(v) Where v is an argument, q is the argument when v is 0_r(0) θ represents a ninth random number, θ ∈ Z_pThreshold value k_r(v) In the range of 1. ltoreq. k_r(v)≤num_r，num_rRepresenting the number of child nodes of the root node r;

thirdly, selecting a polynomial q for a non-leaf node x_x(v) And a threshold value k_x(v) Polynomial q_x(v) The following conditions are satisfied:

d_x(v)＝k_x(v)-1，

q_x(0)＝q_parent(x)(index(x))；

wherein d is_x(v) Denotes q_x(v) And q when the argument v is 0_x(0)＝q_parent(x)(index (x)), parent (x) indicates the parent node of node x, index (x) indicates the order of parent (x) child nodes, and a threshold value k_x(v) In the range of 1. ltoreq. k_x(v)≤num_x，num_xRepresenting the number of the child nodes of the node x;

the fourth step, selecting a polynomial q for the leaf node l_l(v) And a threshold value k_l(v) Wherein the polynomial q_l(v) Threshold value k ═ S_l(v)＝1；

Fifthly, the fog node encrypts a symmetric key s_τObtain a temporary ciphertext key CT_τAnd the temporary cipher text key CT is used_τSent to the data owner with the temporary cipher text key CT_τ＝(CT₁,CT₂,{CT_l}_l∈L)，CT₁Representing the first temporary ciphertext key:

CT₂representing the second temporary ciphertext key:

CT_lrepresenting the third temporary ciphertext key:

l represents a set of leaf child nodes;

sixthly, the data owner encrypts the temporary ciphertext key CT_τObtaining a ciphertext key

Wherein

CT'₁Representing the first ciphertext key:

CT'₂represents the second ciphertext key:

CT₃representing the third ciphertext key:

CC_τrepresenting the fourth ciphertext key: CC (challenge collapsar)_τ＝s_τ·e(g₀,g₀)^yhH represents a tenth random number, h ∈ Z_p；

Seventh step, plaintext document F_τThe data owner is a plaintext document F_τEstablishing a ciphertext index I_τ，I_τ＝(I₀,I₁,{I_l,1,I_l,2}_l∈L) In which I₀Denotes a first index component, I₀＝e(g₀,g₀)^ys，I₁A second index component is represented that is,

I_l,1a third index component is represented that is,

I_l,2denotes the fourth index component, I_l,2＝(s-d_l)/H₁(W)， d_lDenotes an eleventh random number, d_l∈Z_p；

Eighth step, the data owner combines the cipher key set

Index set { I_τC and ciphertext document set C ═ C₁，…，C_τAnd sending the data to the cloud server through the selected fog node.

Further, the fourth step specifically includes the following steps:

step one, when a terminal user wants to inquire a keyword W', a fog node verifies whether the terminal user is in an authorized user list UL, if not, the operation is terminated, otherwise, the operation is switched to the step two;

second, the fog node generates a first-stage trapdoor T_W',1And the first stage trapdoor T is connected_W',1To be sent to the end-user,wherein the first stage trap door T_W',1＝(T₁,{T_j,1}_j∈[1,m])，T₁Representing a first component of the first stage trapdoor,

T_j,1representing a second component of the first stage trapdoor,

eta represents a twelfth random number, eta belongs to Z_p；

Third, the end user receives the first stage trapdoor T_W',1Post-generation second stage trapdoor T_W',2And the second stage is trapped in the door T_W',2Sent to the fog node, wherein the second stage trapdoor T_W',2＝(T₀,T'₁,{T'_j,1,T_j,2}_j∈[1,m])，T₀Representing a first component, T, of the second-stage trapdoor₀＝u+λ，T'₁Representing a second component of the second stage trapdoor,

a third component representing a second stage trapdoor,

T_j,2a fourth component representing the second stage trapdoor,

λ represents a thirteenth random number, λ ∈ Z_p；

Fourthly, the fog node receives the trapdoor T of the second stage_W',2Post-forming trapdoor T_W'And will trap the door T_W'And sending the terminal user attribute set S to a cloud server, wherein

T'₀Representing a first component, T ', of the trapdoor'₀＝T₀η+r，

A second component of the trapdoor is represented,

a third component of the trapdoor is represented,

further, the step five specifically includes the following steps:

firstly, the cloud server verifies whether the terminal user attribute set S meets the access control structure P, if not, the operation is terminated, and the operation is finished; if yes, turning to the second step;

second, the cloud server is the end user's per attribute

Calculating a first intermediate variable

And a second intermediate variable

Wherein

In particular, when the equation

And H₁(W')＝H₁When the (W) is established, the (W),

wherein

Thirdly, the cloud server matches the trapdoor T according to the following equation_w'And index set { I_τThe successfully matched ciphertext set C' and the corresponding ciphertext key set

Sending the data to a fog node;

further, the sixth step specifically includes the following steps:

the first step is as follows: the fog node calculates the intermediate quantity D of the root node according to a recursion algorithm_r；

If att (l) ε S, the leaf node intermediate quantities are calculated: d_l＝e(K_att(l),3,C_l)＝e(g₀,g₀)^xvql(0)Wherein q is_l(0) A leaf node polynomial q when the argument v is 0_l(v) A value of (d);

calculating intermediate quantity of root nodes:

if the access structure P has only two layers, the intermediate quantity D of the child node is obtained_xEqual to the leaf node intermediate quantity D_lThen D can be solved_r＝e(g₀,g₀)^xvqr(0)Terminating the recursion; otherwise to D_xCall push-through

The solution is continued until recursion reaches the father node of the leaf node, and D can be solved_r＝e(g₀,g₀)^xvqr(0)＝e(g₀,g₀)^xvθTerminating the recursion; wherein the operator

i table index (x), psi_xSet of random children representing x nodes, | ψ_x|＝k_x(v)，|ψ_xThe | representation set ψ_xJ is the set ψ_xThe elements of (1); operator

x' is a sub-node of node x, psi_x'Set of random children nodes representing x' nodes, | ψ_x'|＝k_x'(v)，|ψ_x'The | representation set ψ_x'The size of (d);

the second step is that: the fog node calculates a key correlation quantity M and sets a secret text C ═ C_π} and corresponding ciphertext key sets

Sending the data to a terminal user;

the third step: the end user can obtain a symmetric key set s of a plaintext according to the following formula_πAnd thus, the dense text set C ═ C is decrypted_πGet the plaintext F' ═ F_π}；

Compared with the prior art, the invention has the following beneficial technical effects that the problems of poor mobility and high time delay of the network architecture of the existing cloud platform are solved by establishing a cloud-fog-terminal user system structure, the computing burden of the terminal user is shared by a fog node as an agent by combining the attribute encryption technology of a ciphertext strategy and the searchable encryption technology, the contradiction between the security and the retrievability of ciphertext data is solved, the efficiency of generating a trap and decrypting a ciphertext by the terminal user is greatly improved, the lightweight searchable encryption is realized, meanwhile, by correlating the ciphertext with an access control structure and the attribute of a key and a data user, only the data user with the attribute satisfying the access control structure can carry out ciphertext retrieval, the fine-grained access control is realized, and the authorization management of the data user is greatly facilitated, has wide application prospect in actual scenes.

Drawings

FIG. 1 is a schematic diagram of the system of the present invention.

Detailed Description

The invention is further described with reference to the following figures and detailed description.

As shown in fig. 1, the present invention provides a fine-grained searchable encryption method for fog computing, comprising the steps of:

step one, system initialization: and the key generation center KGC generates a public parameter pm and a master key msk according to the security parameter k, wherein:

common parameter

Master key msk ═ (x, y, { t)_i}_i∈[1,n])；

Wherein G is a p-order addition cycle group, G₀,g₁Are two different generators of G, G_TIs a cyclic group of p factorial method, e is a bilinear map G → G_T，H₁Indicates that the set {0,1} is to be aggregated^*Mapping to p-order integer Ring Z_pX represents a first random number: x is formed as Z_pAnd y represents a second random number: y is equal to Z_p，t_iRepresents a third random number: t is t_i∈Z_p，i∈[1,n]The value range of i is represented, and the system attribute set U is { att }₁，…，att_n}，att_nRepresenting the nth system attribute.

Step two, generating a key: as shown in FIG. 1, the key generation center KGC generates a fog node public key PK for the fog node_FNMist node database correlation public key

And an authorized terminal user list UL, when a new terminal user joins the terminal user list UL, the key generation center KGC generates a key according to the identity information ID of the terminal user_EUAnd end user attribute set

Generating an end-user public key PK_EUPublic key associated with end user database

And dividing the terminal user and the fog node into the generation of the terminal user private key SK_EUAnd mist node private key SK_FNAnd private key SK of terminal user_EUSending to the terminal user, and sending the private key SK of the fog node to the terminal user_FNSending the data to the fog node, and specifically comprising the following steps:

firstly, a secret key generation center KGC generates a fog node public key PK for a fog node_FNMist node database correlation public key

And an authorized end user list UL, wherein the fog node public key PK_FN＝e(g₀,g₀)^yrMist node database correlation public key

r represents a fourth random number, r ∈ Z_pS represents a random number common to the system, s ∈ Z_p；

Secondly, when a new terminal user joins the terminal user list UL, the key generation center KGC generates a key according to the identity information ID of the terminal user_EUAnd end user attribute set

Generating an end-user public key PK_EUPublic key associated with end user database

Wherein the end-user public key PK_EU＝e(g₀,g₀)^yuEnd user database related public key

u represents the numberFive random numbers: u is as large as Z_p，

J-th attribute representing data user, j ∈ [1, m ∈ >]Representing the value range of j;

thirdly, a secret key generation center KGC generates a terminal user private key SK for the terminal user_EUGenerating a mist node private key SK for the mist node_FNWherein the end-user private key SK_EU＝(K₀,{K_j,1}_j∈[1,m]U), mist node private key SK_FN＝(K₁,K₂,K₃,{K_j,2,K_j,3}_j∈[1,m],r)，K₀Representing the first private key component:

K₁representing the second private key component:

K₂represents the third private key component:

K₃represents the fourth private key component:

a_jrepresents a sixth random number, a_j∈Z_p，K_j,1Represents the fifth private key component:

mapping rho₁Representing the mapping of attributes in the data user' S attribute set S to attributes of the corresponding system attribute set U, i.e.

K_j,2Represents the sixth private key component:

K_j,3denotes the seventhPrivate key component:

b_jdenotes a seventh random number, b_j∈Z_pV represents an eighth random number, v ∈ Z_p；

Fourthly, the secret key generation center KGC uses the secret key SK of the terminal user_EUSending to the terminal user, and sending the private key SK of the fog node to the terminal user_FNAnd sending the data to the fog node.

Step three, an encryption stage: as shown in FIG. 1, the data owner utilizes a symmetric key set s_τThe plaintext document set F is changed to F₁，…，F_τEncrypting into a ciphertext document set C ═ C₁，…，C_τAnd fourthly, the data owner establishes an access control structure P and sends the access control structure P to the fog node, and the fog node interacts with the terminal user to obtain the symmetric key set { s }_τCarry out encryption to generate a cipher key set

The data owner generates an index set { I } using an access control structure P and a key set W_τAnd cipher text key set

Index set { I_τC and ciphertext document set C ═ C₁，…，C_τSending the data to a cloud server through a fog node, specifically comprising the following steps:

first, the data owner utilizes a symmetric key set s_τThe plaintext document set F is changed to F₁，…，F_τEncrypting into a ciphertext document set C ═ C₁，…，C_τA data owner establishes an access control structure P and sends the access control structure P to a selected fog node;

in the second step, the access control structure P is a tree structure, each node in the tree includes a polynomial and a threshold, and the fog node selects a polynomial q for the root node r_r(v) And a threshold value k_r(v) Where v is an argument, when the argument v is 0,q_r(0) θ represents a ninth random number, θ ∈ Z_pThreshold value k_r(v) In the range of 1. ltoreq. k_r(v)≤num_r，num_rRepresenting the number of child nodes of the root node r;

thirdly, selecting a polynomial q for a non-leaf node x_x(v) And a threshold value k_x(v) Polynomial q_x(v) The following conditions are satisfied:

d_x(v)＝k_x(v)-1，

q_x(0)＝q_parent(x)(index(x))；

wherein d is_x(v) Denotes q_x(v) And q when the argument v is 0_x(0)＝q_parent(x)(index (x)), parent (x) indicates the parent node of node x, index (x) indicates the order of parent (x) child nodes, and a threshold value k_x(v) In the range of 1. ltoreq. k_x(v)≤num_x，num_xRepresenting the number of the child nodes of the node x;

the fourth step, selecting a polynomial q for the leaf node l_l(v) And a threshold value k_l(v) Wherein the polynomial q_l(v) Threshold value k ═ S_l(v)＝1；

Fifthly, the fog node encrypts a symmetric key s_τObtain a temporary ciphertext key CT_τAnd the temporary cipher text key CT is used_τSent to the data owner with the temporary cipher text key CT_τ＝(CT₁,CT₂,{CT_l}_l∈L)，CT₁Representing the first temporary ciphertext key:

CT₂representing the second temporary ciphertext key:

CT_lrepresenting the third temporary ciphertext key:

l represents a set of leaf child nodes;

sixth, data possessionPerson encrypts temporary cipher text key CT_τObtaining a ciphertext key

Wherein

CT'₁Representing the first ciphertext key:

CT'₂represents the second ciphertext key:

CT₃representing the third ciphertext key:

CC_τrepresenting the fourth ciphertext key: CC (challenge collapsar)_τ＝s_τ·e(g₀,g₀)^yhH represents a tenth random number, h ∈ Z_p；

Seventh step, plaintext document F_τThe data owner is a plaintext document F_τEstablishing a ciphertext index I_τ，I_τ＝(I₀,I₁,{I_l,1,I_l,2}_l∈L) In which I₀Denotes a first index component, I₀＝e(g₀,g₀)^ys，I₁A second index component is represented that is,

I_l,1a third index component is represented that is,

I_l,2denotes the fourth index component, I_l,2＝(s-d_l)/H₁(W)， d_lDenotes an eleventh random number, d_l∈Z_p；

Eighth step, the data owner combines the cipher key set

Index set { I_τC and ciphertext document set C ═ C₁，…，C_τAnd sending the data to the cloud server through the selected fog node.

Step four, generating a trap door: as shown in fig. 1 c, when the end user wants to query the keyword W', the fog node verifies whether the end user is in the authorized user list UL, and if not, the operation is terminated, otherwise, the fog node and the end user generate the trapdoor T through interaction_W'And will trap the door T_W'And sending the terminal user attribute set S to a cloud server, and specifically comprising the following steps:

step one, when a terminal user wants to inquire a keyword W', a fog node verifies whether the terminal user is in an authorized user list UL, if not, the operation is terminated, otherwise, the operation is switched to the step two;

second, the fog node generates a first-stage trapdoor T_W',1And the first stage trapdoor T is connected_W',1Sent to the end user, wherein the first stage trapdoor T_W',1＝(T₁,{T_j,1}_j∈[1,m])，T₁Representing a first component of the first stage trapdoor,

T_j,1representing a second component of the first stage trapdoor,

eta represents a twelfth random number, eta belongs to Z_p；

Third, the end user receives the first stage trapdoor T_W',1Post-generation second stage trapdoor T_W',2And the second stage is trapped in the door T_W',2Sent to the fog node, wherein the second stage trapdoor T_W',2＝(T₀,T'₁,{T'_j,1,T_j,2}_j∈[1,m])，T₀Representing a first component, T, of the second-stage trapdoor₀＝u+λ，T'₁Representing a second component of the second stage trapdoor,

T'_j,1a third component representing a second stage trapdoor,

T_j,2a fourth component representing the second stage trapdoor,

λ represents a thirteenth random number, λ ∈ Z_p；

Fourthly, the fog node receives the trapdoor T of the second stage_W',2Post-forming trapdoor T_W'And will trap the door T_W'And sending the terminal user attribute set S to a cloud server, wherein

T'₀Representing a first component, T ', of the trapdoor'₀＝T₀η+r，

A second component of the trapdoor is represented,

a third component of the trapdoor is represented,

step five, ciphertext search: as shown in the ((r) of fig. 1), the cloud server first verifies whether the end user attribute set S satisfies the access control structure P, and if not, terminates the operation; otherwise, the cloud server will trap the door T_w'And index set { I_τMatching is carried out, and the ciphertext set C' successfully matched is set as { C }_π} and corresponding ciphertext key sets

Sending the data to the fog node, specifically comprising the following steps:

firstly, the cloud server verifies whether the terminal user attribute set S meets the access control structure P, if not, the operation is terminated, and the operation is finished; if yes, turning to the second step;

second, the cloud server is the end user's per attribute

Calculating a first intermediate variable

And a second intermediate variable

Wherein

In particular, when the equation

And H₁(W')＝H₁When the (W) is established, the (W),

wherein

Thirdly, the cloud server matches the trapdoor T according to the following equation_w'And index set { I_τThe successfully matched ciphertext set C' and the corresponding ciphertext key set

Sending the data to a fog node;

step six, ciphertext decryption: as indicated by the fifth in figure 1And the fog node and the terminal user decrypt the returned cipher key set through interaction

Obtaining a symmetric key set s of plaintext_πAccording to a symmetric key set s_πThe returned cipher text set C ═ C is decrypted_πGet the plaintext F ═ F } ═ F_πThe method specifically comprises the following steps:

the first step is as follows: the fog node calculates the intermediate quantity D of the root node according to a recursion algorithm_r；

If att (l) ε S, the leaf node intermediate quantities are calculated: d_l＝e(K_att(l),3,C_l)＝e(g₀,g₀)^xvql(0)Wherein q is_l(0) A leaf node polynomial q when the argument v is 0_l(v) A value of (d);

calculating intermediate quantity of root nodes:

if the access structure P has only two layers, the intermediate quantity D of the child node is obtained_xEqual to the leaf node intermediate quantity D_lThen D can be solved_r＝e(g₀,g₀)^xvqr(0)Terminating the recursion; otherwise to D_xCall push-through

The solution is continued until recursion reaches the father node of the leaf node, and D can be solved_r＝e(g₀,g₀)^xvqr(0)＝e(g₀,g₀)^xvθTerminating the recursion; wherein the operator

i table index (x), psi_xSet of random children representing x nodes, | ψ_x|＝k_x(v)，|ψ_xThe | representation set ψ_xJ is the set ψ_xThe elements of (1); operator

x' is a sub-node of node x, psi_x'Set of random children nodes representing x' nodes, | ψ_x'|＝k_x'(v)，|ψ_x'The | representation set ψ_x'The size of (d);

the second step is that: the fog node calculates a key correlation quantity M and sets a secret text C ═ C_π} and corresponding ciphertext key sets

Sending the data to a terminal user;

the third step: the end user can obtain a symmetric key set s of a plaintext according to the following formula_πAnd thus, the dense text set C ═ C is decrypted_πGet the plaintext F' ═ F_π}；

The above description is only one specific example of the present invention and should not be construed as limiting the invention in any way. It will be apparent to those skilled in the art that, after understanding the present disclosure and principles, algorithmic modifications and improvements may be made without departing from the principles and structures of the invention, and such modifications and improvements based on the inventive algorithms are intended to be within the scope of the claims.

Claims (7)

1. A fine-grained searchable encryption method for fog computing, comprising the steps of:

step one, system initialization: the key generation center KGC generates a public parameter pm and a master key msk according to the security parameter k;

step two, generating a key: secret key generation center KGC generates fog node public key PK for fog node_FNMist node database correlation public key

And an authorized terminal user list UL, when a new terminal user joins the terminal user list UL, the key generation center KGC generates a key according to the identity information ID of the terminal user_EUAnd end user attribute set

Generating an end-user public key PK_EUPublic key associated with end user database

And dividing the terminal user and the fog node into the generation of the terminal user private key SK_EUAnd mist node private key SK_FNAnd private key SK of terminal user_EUSending to the terminal user, and sending the private key SK of the fog node to the terminal user_FNSending the data to a fog node;

step three, an encryption stage: data owner utilizing symmetric key set s_τThe plaintext document set F is changed to F₁，…，F_τEncrypting into a ciphertext document set C ═ C₁，…，C_τAnd fourthly, the data owner establishes an access control structure P and sends the access control structure P to the fog node, and the fog node interacts with the terminal user to obtain the symmetric key set { s }_τCarry out encryption to generate a cipher key set

The data owner generates an index set { I } using an access control structure P and a key set W_τAnd cipher text key set

Index set { I_τC and ciphertext document set C ═ C₁，…，C_τSending the data to a cloud server through a fog node;

step four, generating a trap door: when the terminal user wants to inquire the keyword W', the fog node verifies whether the terminal user is in the authorized user list UL, if not, the operation is terminated, otherwise, the fog node and the terminal user interact with each otherGenerating trapdoors T_W′And will trap the door T_W′Sending the attribute set S of the terminal user to a cloud server;

step five, ciphertext search: the cloud server firstly verifies whether the terminal user attribute set S meets the access control structure P, and if not, the operation is terminated; otherwise, the cloud server will trap the door T_w′And index set { I_τMatching is carried out, and the ciphertext set C' successfully matched is set as { C }_π} and corresponding ciphertext key sets

Sending the data to a fog node;

step six, ciphertext decryption: ciphertext key set returned by mist node and terminal user through interactive decryption

Obtaining a symmetric key set s of plaintext_πAccording to a symmetric key set s_πThe returned cipher text set C ═ C is decrypted_πGet the plaintext F' ═ F_π}。

2. The fine-grained searchable encryption method for fog calculation as recited in claim 1, wherein in step one, common parameters

Master key msk ═ (x, y, { t)_i}_i∈[1，n])；

Wherein G is a p-order addition cycle group, G₀，g₁Are two different generators of G, G_TIs a cyclic group of p factorial method, e is a bilinear map GXG → G_T，H₁Indicates that the set {0,1} is to be aggregated^*Mapping to p-order integer Ring Z_pX represents a first random number: x is formed as Z_pAnd y represents a second random number: y is equal to Z_p，t_iRepresents a third random number: t is t_i∈Z_p，i∈[1，n]The value range of i is represented, and the system attribute set U is equal to{att₁，…，att_n}，att_nRepresenting the nth system attribute.

3. The fine-grained searchable encryption method for fog calculation according to claim 2, wherein said second step specifically comprises the steps of:

firstly, a secret key generation center KGC generates a fog node public key PK for a fog node_FNMist node database correlation public key

And an authorized end user list UL, wherein the fog node public key PK_FN＝e(g₀，g₀)^yrMist node database correlation public key

r represents a fourth random number, r ∈ Z_pS represents a random number common to the system, s ∈ Z_p；

Secondly, when a new terminal user joins the terminal user list UL, the key generation center KGC generates a key according to the identity information ID of the terminal user_EUAnd end user attribute set

Generating an end-user public key PK_EUPublic key associated with end user database

Wherein the end-user public key PK_EU＝e(g₀，g₀)^yuEnd user database related public key

u represents a fifth random number: u is as large as Z_p，

J-th attribute representing data user, j ∈ [1, m ∈ >]Representing the value range of j;

thirdly, a secret key generation center KGC generates a terminal user private key SK for the terminal user_EUGenerating a mist node private key SK for the mist node_FNWherein the end-user private key SK_EU＝(K₀，{K_j，1}_j∈[1，m]U), mist node private key SK_FN＝(K₁，K₂，K₃，{K_j，2，K_j，3}_j∈[1，m]，r)，K₀Representing the first private key component:

K₁representing the second private key component:

K₂represents the third private key component:

K₃represents the fourth private key component:

a_jrepresents a sixth random number, a_j∈Z_p，K_j，1Represents the fifth private key component:

mapping rho₁Indicating the mapping of attributes in the data user' S attribute set S to attributes of the corresponding system attribute set U, i.e.

K_j，2Represents the sixth private key component:

K_j，3represents the seventh private key component:

b_jdenotes a seventh random number, b_j∈Z_pV represents an eighth random number, v ∈ Z_p；

Fourthly, the secret key generation center KGC uses the secret key SK of the terminal user_EUSending to the terminal user, and sending the private key SK of the fog node to the terminal user_FNAnd sending the data to the fog node.

4. The fine-grained searchable encryption method for fog calculation according to claim 3, wherein said step three specifically comprises the steps of:

first, the data owner utilizes a symmetric key set s_τThe plaintext document set F is changed to F₁，…，F_τEncrypting into a ciphertext document set C ═ C₁，…，C_τA data owner establishes an access control structure P and sends the access control structure P to a selected fog node;

secondly, the access control structure P is a tree structure, each node in the tree comprises a polynomial and a threshold value, and the fog node selects a polynomial q for the root node r_r(v) And a threshold value k_r(v) Where v is an argument, q is the argument when v is 0_r(0) θ represents a ninth random number, θ ∈ Z_pThreshold value k_r(v) In the range of 1. ltoreq. k_r(v)≤num_r，num_rRepresenting the number of r child nodes of the root node;

thirdly, selecting a polynomial q for a non-leaf node x_x(v) And a threshold value k_x(v) Polynomial q_x(v) The following conditions are satisfied:

d_x(v)＝k_x(v)-1，

wherein d is_x(v) Denotes q_x(v) And when the argument v is 0,

parent (x) indicates the parent of node x, index (x) indicates the order of parent (x) children, and threshold k_x(v) In the range of 1. ltoreq. k_x(v)≤num_x，num_xRepresenting the number of the child nodes of the node x;

the fourth step, selecting a polynomial q for the leaf node l_l(v) And a threshold value k_l(v) Wherein the polynomial q_l(v) Threshold value k ═ S_l(v)＝1；

Fifthly, the fog node encrypts a symmetric key s_τObtain a temporary ciphertext key CT_τAnd the temporary cipher text key CT is used_τSent to the data owner, where the temporary cipher text key CT_τ＝(CT₁，CT₂，{CT_l}_l∈L)，CT₁Representing the first temporary ciphertext key:

CT₂representing the second temporary ciphertext key:

CT_lrepresenting the third temporary ciphertext key:

l represents a set of leaf nodes;

sixthly, the data owner encrypts the temporary ciphertext key CT_τObtaining a ciphertext key

Wherein

CT′₁Representing the first ciphertext key:

CT′₂representing the second ciphertext key:

CT₃representing the third ciphertext key:

CC_τrepresenting the fourth ciphertext key: CC (challenge collapsar)_τ＝s_τ·e(g₀，g₀)^yhH represents a tenth random number, h ∈ Z_p；

Seventh step, plaintext document F_τThe data owner is a plaintext document F_τEstablishing a ciphertext index I_τ，I_τ＝(I₀，I₁，{I_l，1，I_l，2}_l∈L) In which I₀Denotes a first index component, I₀＝e(g₀，g₀)^ys，I₁A second index component is represented that is,

I_l，1a third index component is represented that is,

I_l，2denotes the fourth index component, I_l，2＝(s-d_l)/H₁(W)，d_lDenotes an eleventh random number, d_l∈Z_p；

Eighth step, the data owner combines the cipher key set

Index set { I_τC and ciphertext document set C ═ C₁，…，C_τAnd sending the data to the cloud server through the selected fog node.

5. The fine-grained searchable encryption method for fog calculation according to claim 4, wherein said step four specifically comprises the steps of:

step one, when a terminal user wants to inquire a keyword W', a fog node verifies whether the terminal user is in an authorized user list UL, if not, the operation is terminated, otherwise, the operation is switched to the step two;

second, the fog node generates a first-stage trapdoor T_W′，1And the first stage trapdoor T is connected_W′，1Sent to the end user, wherein the first stage trapdoor T_W′，1＝(T₁，{T_j，1}_j∈[1，m])，T₁Representing a first component of the first stage trapdoor,

T_j，1representing a second component of the first stage trapdoor,

eta represents a twelfth random number, eta belongs to Z_p；

Third, the end user receives the first stage trapdoor T_W′，1Post-generation second stage trapdoor T_W′，2And the second stage is trapped in the door T_W′，2Sent to the fog node, wherein the second stage trapdoor T_W′，2＝(T₀，T′₁，{T′_j，1，T_j，2}_j∈[1，m])，T₀Representing a first component, T, of the second-stage trapdoor₀＝u+λ，T′₁Representing a second component of the second stage trapdoor,

T′_j，1a third component representing a second stage trapdoor,

T_j，2a fourth component representing the second stage trapdoor,

λ represents a thirteenth random number, λ ∈ Z_p；

Fourthly, the fog node receives the trapdoor T of the second stage_W′，2Post-forming trapdoor T_W′And will trap the door T_W′And sending the terminal user attribute set S to the cloud server, wherein

T′₀Representing a first component, T ', of the trapdoor'₀＝T₀η+r，

A second component of the trapdoor is represented,

T′_j，2a third component of the trapdoor is represented,

6. the fine-grained searchable encryption method for fog calculation according to claim 5, wherein said step five specifically comprises the steps of:

firstly, the cloud server verifies whether the terminal user attribute set S meets the access control structure P, if not, the operation is terminated, and the operation is finished; if yes, turning to the second step;

second, the cloud server is the end user's per attribute

Calculating a first intermediate variable

And a second intermediate variable

Wherein

In particular, when the equation

And H₁(W′)＝H₁When the (W) is established, the (W),

wherein

Thirdly, the cloud server matches the trapdoor T according to the following equation_w′And index set { I_τThe successfully matched ciphertext set C' and the corresponding ciphertext key set

Sending the data to a fog node;

7. the fine-grained searchable encryption method for fog calculation according to claim 4, wherein said step six specifically comprises the steps of:

the first step is as follows: the fog node calculates the intermediate quantity D of the root node according to a recursion algorithm_r；

If att (l) ε S, the leaf node intermediate quantities are calculated:

wherein q is_l(0) A leaf node polynomial q when the argument v is 0_l(v) A value of (d); calculating intermediate quantity of root nodes:

if the access structure P has only two layers, the intermediate quantity D of the child node is obtained_xEqual to the leaf node intermediate quantity D_lCan solve out

Terminating the recursion; otherwise to D_xCall push-through

The solution is continued until the parent node of the leaf node is recurred, and the solution can be obtained

Terminating the recursion; wherein the operator

i table index (x), psi_xSet of random children representing x nodes, | ψ_x|＝k_x(v)，|ψ_xThe | representation set ψ_xJ is the set ψ_xThe elements of (1); operator

x' is a sub-node of node x, psi_x′Set of random children nodes representing x' nodes, | ψ_x′|＝k_x′(v)，|ψ_x′The | representation set ψ_x′The size of (d);

the second step is that: the fog node calculates a key correlation quantity M and sets a secret text C ═ C_πAnd the phasesCorresponding cipher text key set

Sending the data to a terminal user;

the third step: the end user can obtain a symmetric key set s of a plaintext according to the following formula_πAnd thus, the dense text set C ═ C is decrypted_πGet the plaintext F' ═ F_π}；

Images