CN111416710A - Certificateless searchable encryption method and system applied to multiple receiving ends - Google Patents

Certificateless searchable encryption method and system applied to multiple receiving ends Download PDF

Info

Publication number
CN111416710A
CN111416710A CN202010212511.5A CN202010212511A CN111416710A CN 111416710 A CN111416710 A CN 111416710A CN 202010212511 A CN202010212511 A CN 202010212511A CN 111416710 A CN111416710 A CN 111416710A
Authority
CN
China
Prior art keywords
key
public key
partial
receiving end
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010212511.5A
Other languages
Chinese (zh)
Other versions
CN111416710B (en
Inventor
王勇
李磊
马强
管荑
李慧聪
田大伟
耿玉杰
刘勇
林琳
马米米
何德彪
罗敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University WHU
State Grid Shandong Electric Power Co Ltd
Original Assignee
Wuhan University WHU
State Grid Shandong Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU, State Grid Shandong Electric Power Co Ltd filed Critical Wuhan University WHU
Priority to CN202010212511.5A priority Critical patent/CN111416710B/en
Publication of CN111416710A publication Critical patent/CN111416710A/en
Application granted granted Critical
Publication of CN111416710B publication Critical patent/CN111416710B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Abstract

The invention discloses a certificateless searchable encryption method and system applied to multiple receiving ends. The key generation center is mainly responsible for generating partial private keys of all receiving ends; the sending end is responsible for generating ciphertext data; each receiving end can use a private key of the receiving end to generate a corresponding trap door, and the trap door is submitted to the cloud server; the cloud server is responsible for storing and retrieving data, and effectively realizes a connection keyword retrieval function in a multi-user environment; the invention can realize that the data sending end can share own data with a plurality of data receiving ends at the same time, and the sending end only needs to encrypt the data once by using the public keys of the plurality of receiving ends without encrypting for many times, thereby reducing the calculation overhead of the sending end and reducing the working pressure of the sending end; meanwhile, the cloud server is ensured not to acquire any information of the plaintext from the ciphertext, and the safety requirement required by the system is ensured.

Description

Certificateless searchable encryption method and system applied to multiple receiving ends
Technical Field
The invention relates to the technical field of information security, in particular to a certificateless searchable encryption method and system applied to multiple receiving ends.
Background
Searchable Encryption (SE) is a cryptographic technique capable of retrieving ciphertext data according to a keyword, and can effectively implement retrieval operation on ciphertext data without revealing any information of plaintext data. The implementation steps of SE are as follows: the data sender firstly extracts keywords from own files, encrypts the files and the keywords, and uploads all ciphertext data to the cloud server; a receiver generates a trap door (encryption, decryption, a formula algorithm of a password key) of a keyword to be retrieved, and uploads the trap door to a cloud server; and the cloud server tests whether the received trapdoor is matched with the ciphertext data or not, and finally returns a successful matching result to the receiver.
SE can be classified into two types, namely, Symmetric Searchable Encryption (SSE) and public key searchable encryption (PEKS), according to the manner in which keys are used. The concept of SSE was first proposed by Song et al in 2000, and they also present an instantiated construct of SSE. SSE has the advantages of small calculation amount, high running speed and high efficiency. However, SSE faces significant challenges for key management. This is because the sending party and the receiving party need to secretly negotiate a key in advance before data encryption, and each pair of sending party and receiving party needs to use a different key for each encryption in order to ensure security, which makes the sending party and the receiving party have to store a large number of keys, and is difficult to manage keys and high in storage overhead. To address this problem, Boneh et al first proposed the concept of PEKS in 2004. In contrast to SSE, there is no need to negotiate keys in advance between users in PEKS. The public key of the user is composed of some publicly known information, and the private key is kept secret by the user. Public key searchable encryption has two basic security properties: the first is that the ciphertext is indistinguishable, i.e., one of the two keywords is randomly selected to be encrypted to generate a corresponding keyword ciphertext, and an adversary cannot distinguish which keyword the ciphertext corresponds to; the trap door is indistinguishable, that is, one of the two keywords is randomly selected to be encrypted to generate the corresponding trap door, and an adversary cannot distinguish which keyword the trap door corresponds to.
In recent years, researchers at home and abroad have proposed many searchable encryption schemes based on public key infrastructure (PKI-based PEKS) and identity-based searchable encryption schemes (ID-based PEKS), however, these schemes have inevitable problems in certificate management or key escrow.a certificateless searchable encryption scheme (C L PEKS) combines the advantages of PKI-based PEKS and ID-based PEKS, not only solving the certificate management problem in the PKI-based PEKS scheme, but also avoiding the key escrow problem in the ID-based PEKS scheme.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a certificateless searchable encryption method and system applied to multiple receiving ends, and aims to solve the technical problem that how to reduce the working pressure of a sending end on the basis of ensuring the safety of data transmitted by the sending end when a certificateless searchable encryption scheme in the prior art is applied to the environment of multiple receiving ends.
The technical scheme provided by the invention for the technical problem is as follows:
the invention provides a certificateless searchable encryption method applied to multiple receiving ends, which comprises the following steps:
step 10: m receiving terminals obtain partial public key t transmitted by key generation center through safety channeljAnd part of the private key djSaid partial public key tjAnd the partial private key djThe key generation center generates ID based on the identity information of the receiving endjGenerating;
step 20: the receiving end randomly creates a secret value xjFrom said secret value xjGenerating a partial public key yjAnd based on said partial public key yjThe partial public key tjThe secret value xjAnd the partial private key djCreating a public key PKjAnd a private key SKj
Step 301: the transmitting end respectively obtains the identity information of the m receiving ends and the public key PK corresponding to each identity informationjDetermining n keywords to be encrypted { w1,w2,…,wn};
Step 302: the sending end is according to mPublic key PKjAnd a system master public key gpubFor the n keywords to be encrypted { w1,w2,…,wnEncrypting, so that each key word to be encrypted in the n key words to be encrypted is encrypted only once, outputting a ciphertext C, and sending the ciphertext C to a cloud server; wherein the system master public key gpubIs disclosed by the key generation center;
step 40: the receiving end determines l keywords to be retrieved
Figure BDA0002423296400000031
Based on a public key PK corresponding to the identity informationjPrivate key SKjAnd the system master public key gpubCreating trapdoors T for the I keywords to be retrievedj(ii) a The trap door TjSending the data to the cloud server;
step 50: the cloud server enables the ciphertext C and the trapdoor T to be matched through a preset matching algorithmjMatching is carried out, and a matching result is output;
wherein, the step 302 specifically includes the following substeps:
sub-step B1 of the sender calculating an intermediate value βj=h3(IDj,gpub,yj,tj),1≤j≤m;
Substep B2: the sending end calculates the intermediate value hi=H1(wi) Middle value fi=H2(wi), 1≤i≤n:
Substep B3: the transmitting end randomly selects two integers r,
Figure BDA0002423296400000032
wherein the content of the first and second substances,
Figure BDA0002423296400000033
represents a set of integers consisting of 1, 2, …, p-1, p being a prime number;
substep B4: the sending end calculates the ciphertext data A as gr
Substep B5: the sending end calculates the ciphertext data
Figure BDA0002423296400000034
Wherein, αjFrom the anti-collision cryptographic hash function formula αj=h0(IDj,tj) Generating;
substep B6: the sending end calculates the ciphertext data Ci=hi rfi r′
Substep B7: the sending end outputs thenCipher text C ═ A, B of key word to be encrypted1,…,Bm,C1,…,Cn);
Wherein h is0(·)、H1(·)、H2(·)、h3(. represents a collision resistant cryptographic hash function, G1,G2A cyclic group of order p; g is a group G1A generator of (2); grRepresents group G1To the power of r of the middle element g.
Accordingly, before the step 10, the method further comprises:
the key generation center determines the identity information ID of each receiving endj
The key generation center randomly selects an integer
Figure BDA0002423296400000035
And calculates a partial public key
Figure BDA0002423296400000036
The key generation center calculates an intermediate value αj=h0(IDj,tj) By the following formula dj=sj+ sαjmod p computes partial private key djWherein h is0(. cndot.) represents a collision resistant cryptographic hash function, mod p represents a modulo p operation, and s represents a system master key for the key generation center;
the key generation center uses the partial public key tjAnd the said partPrivate key division djSending to the identity information ID through a secure channeljAnd a corresponding receiving end.
Correspondingly, the step 20 specifically includes:
the identity information IDjA corresponding receiving end randomly creates a secret value xjWherein, in the step (A),
Figure BDA0002423296400000041
and based on formulas
Figure BDA0002423296400000042
Generating a partial public key yj
The receiving end is based on the partial public key yjAnd said partial public key tjCreating a public key PKjAnd based on said secret value xjAnd the partial private key djCreating a private Key SKj
Correspondingly, the step 40 specifically includes:
the identity information IDjThe corresponding receiving end determines l keywords to be retrieved
Figure BDA0002423296400000043
The receiving end calculates an intermediate value βj=h3(IDj,gpub,yj,tj);
The receiving end calculates the intermediate value
Figure BDA0002423296400000044
Median value
Figure BDA0002423296400000045
The receiving end randomly selects an integer
Figure BDA0002423296400000046
The receiving terminal calculates the threshold value Tj,1=gt
The receiving end calculates the trap door value
Figure BDA0002423296400000047
The receiving end calculates the trap door value
Figure BDA0002423296400000048
The receiving end is the key words to be retrieved
Figure BDA0002423296400000049
Creating trapdoors Tj=(Tj,1,Tj,2,Tj,3,I1,…,Il)。
Correspondingly, the step 50 specifically includes:
the cloud server sets the ciphertext C as (A, B) through a preset matching algorithm1,…,Bm,C1,…,Cn) And trap door Tj=(Tj,1,Tj,2,Tj,3,I1,…,Il) The matching is carried out, and the matching is carried out,
wherein the preset matching algorithm comprises:
verification equation
Figure BDA00024232964000000410
If the equation is established, judging that the matching is successful and outputting a matching success result; if the equation is not satisfied, judging that the matching fails and outputting a matching failure result;
wherein e represents a number from G1×G1To G2Bilinear pair mapping.
In addition, in order to achieve the above object, the present invention further provides a certificate-free searchable encryption system applied to multiple receiving terminals, where the system includes a cloud server, a sending terminal, a key generation center, and m receiving terminals;
the receiving end is used for acquiring partial public key t transmitted by the key generation center through a secure channeljAnd part of the private key djSaid partial public key tjAnd the partial private key djThe key generation center generates ID based on the identity information of the receiving endjGenerating;
the receiving end is also used for randomly creating a secret value xjFrom said secret value xjGenerating partial public keysyjAnd based on said partial public keyyjThe partial public key tjThe secret value xjAnd the partial private key djCreating a public key PKjAnd a private key SKj
The sending end is used for respectively obtaining the identity information of the m receiving ends and the public key PK corresponding to each identity informationjDetermining n keywords to be encrypted { w1,w2,…,wnAnd the system master public key gpub
The transmitting end is used for transmitting the public keys PK according to the m public keys PKjAnd a system master public key gpubFor the n keywords to be encrypted { w1,w2,…,wnEncrypting, so that each key word to be encrypted in the n key words to be encrypted is encrypted only once, outputting a ciphertext C, and sending the ciphertext C to a cloud server; wherein the system master public key gpubIs disclosed by the key generation center;
the receiving end is used for determining l keywords to be retrieved
Figure BDA0002423296400000051
Based on a public key PK corresponding to the identity informationjPrivate key SKjAnd the system master public key gpubCreating trapdoors T for the I keywords to be retrievedj(ii) a The trap door TjSending the data to the cloud server;
the cloud server is used for enabling the ciphertext C and the trapdoor T to be matched through a preset matching algorithmjMatching is carried out, and a matching result is output;
wherein, the sending end further includes:
a first calculation unit for calculating an intermediate value βj=h3(IDj,gpub,yj,tj),1≤j≤m;
A second calculation unit for calculating an intermediate value hi=H1(wi) Middle value fi=H2(wi), 1≤i≤n:
A third calculation unit for randomly selecting two integers r,
Figure BDA0002423296400000052
wherein the content of the first and second substances,
Figure BDA0002423296400000053
represents a set of integers consisting of 1, 2, …, p-1, p being a prime number;
a fourth calculation unit for calculating the ciphertext data a ═ gr
A fifth calculation unit for calculating the ciphertext data
Figure BDA0002423296400000054
Wherein, αjFrom the anti-collision cryptographic hash function formula αj=h0(IDj,tj) Generating;
a sixth calculation unit for calculating the ciphertext data Ci=hi rfi r
A seventh calculation unit for outputting ciphertexts C ═ A, B of the n keywords to be encrypted1,…,Bm,C1,…,Cn);
Wherein h is0(·)、H1(·)、H2(·)、h3(. represents a collision resistant cryptographic hash function, G1,G2A cyclic group of order p; g is a group G1A generator of (2); grRepresents group G1To the power of r of the middle element g.
The technical scheme provided by the invention has the beneficial effects that:
the invention provides a certificateless searchable encryption method applied to multiple receiving ends, which is suitable for a certificateless searchable encryption scheme supporting connection keyword query in a multi-receiver scene. In the technical scheme of the invention, four participants are respectively a key generation center, a data sending end, a data receiving end and a cloud server. The key generation center is mainly responsible for generating partial private keys of all data receiving ends; the data sending end is mainly responsible for generating ciphertext data; each legal data receiving end uses the private key thereof to generate a corresponding trap door and submits the trap door to the cloud server; the cloud server provides data query service for a receiving end by using the trapdoor, and effectively realizes a connection keyword retrieval function in a multi-user environment;
the data sending end can share own data with a plurality of data receiving ends at the same time, and the sending end only needs to encrypt the data once by using the public keys of the plurality of receiving ends without encrypting for many times, so that the calculation overhead of the sending end can be reduced, and the working pressure of the sending end is reduced; meanwhile, the cloud server is ensured not to acquire any information of the plaintext from the ciphertext, the safety requirement required by the system is ensured, and the ciphertext indistinguishability and the trapdoor indistinguishability are met.
Drawings
Fig. 1 is a schematic diagram of an encryption process related to a sending end in a certificate-free searchable encryption method applied to multiple receiving ends according to the present invention;
fig. 2 is a block diagram of a certificateless searchable encryption system applied to multiple receiving ends according to the present invention.
The objects, features and advantages of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The symbols of the embodiments of the present invention are described as follows:
p: a large prime number.
Figure BDA0002423296400000061
Integer set consisting of 1, 2, …, p-1And (6) mixing.
G1,G2: cyclic groups of order p.
g: is a group G1The generator of (1).
gu: group G1To the power of u of the middle element g.
e: from G1×G1To G2Bilinear pair mapping.
h0(·),H1(·),H2(·),h3(. o): collision resistant cryptographic hash function
s: a system master key held in secret by a Key Generation Center (KGC).
gpub: the system main public key disclosed by KGC has a calculation formula of gpub=gs
IDj: a discernible identity of user j.
dj: partial private key of user j.
xj: the secret value of user j.
SKj: the private key of user j.
PKj: the public key of user j.
{w1,w2,…,wn}: a key to be encrypted.
Figure BDA0002423296400000071
The keyword to be retrieved.
mod p: modulo p arithmetic. E.g., 17mod3 ≡ 2.
The invention aims to further reduce the working pressure of the sending end and reduce the working overhead of the sending end on the basis of ensuring the data safety transmitted by the sending end when the certificateless searchable encryption scheme is applied to the scenes of a plurality of receiving ends.
Aiming at the purpose of the invention, the invention provides a certificateless searchable encryption method applied to multiple receiving ends, which relates to four ends, namely four roles are involved: one is a Key Generation Center (KGC), one is a data Sender (Sender), one is a data Receiver (Receiver), and one is a Cloud Server (Cloud Server). The KGC is mainly responsible for generating partial private keys of receivers of each data Receiver.
It should be noted that there are no m receivers j, j is 1, 2, 3, and 4 … m, and their identifiers are ID's respectively1,ID2,…,IDmThe corresponding public/private key pair is (PK)1,SK1),(PK2,SK2),…,(PKm,SKm)。
Setting a total of n keywords to be encrypted, i.e. setting (w)1,w2,…,wn) Is the key word to be encrypted.
(1) Firstly, for a key generation center KGC, the function is to generate partial private keys for each receiving end;
given receiver identity IDjGenerating a partial private key d for the receiving end user jjThe KGC should perform the following sub-steps:
substep A1: KGC randomly selects an integer
Figure BDA0002423296400000087
And calculate
Figure BDA0002423296400000081
Substep A2 KGC calculation αj=h0(IDj,tj),dj=sj+sαjmod p;
Substep A3: KGC secret transmission tj,djGive user j.
(2) Receiving end user j receives t sent by key generation centerj,djAfter that, user j randomly selects an integer
Figure BDA0002423296400000082
As its own secret value.
(3) Generating a public/private key pair of a receiving end user j:
receiver user j calculation
Figure BDA0002423296400000083
And sets its own public/private key Pair (PK)j,SKj) Respectively as follows: PKj=(yj,tj),SKj=(xj,dj)。
(4) An encryption algorithm;
the sending end executes the following operation steps to realize the multi-keyword { w1,w2,…,wnEncrypting (i.e. encrypting the data to be sent):
sub-step B1 of the sender calculating an intermediate value βj=h3(IDj,gpub,yj,tj),1≤j≤m;
Substep B2: the sending end calculates the intermediate value hi=H1(wi) Middle value fi=H2(wi), 1≤i≤n;
Substep B3: the transmitting end randomly selects two integers r,
Figure BDA0002423296400000084
wherein the content of the first and second substances,
Figure BDA0002423296400000085
represents a set of integers consisting of 1, 2, …, p-1, p being a prime number;
substep B4: the sending end calculates the ciphertext data A as gr
Substep B5: the sending end calculates the ciphertext data
Figure BDA0002423296400000086
Wherein, αjFrom the anti-collision cryptographic hash function formula αj=h0(IDj,tj) Generating;
substep B6: the sending end calculates the ciphertext data Ci=hi rfi r′
Substep B7: the sending end outputs thenCipher text C ═ A, B of key word to be encrypted1,…,Bm,C1,…,Cn);
Wherein h is0(·)、H1(·)、H2(·)、h3(. represents a collision resistant cryptographic hash function, G1,G2A cyclic group of order p; g is a group G1A generator of (2); grRepresents group G1To the power of r of the middle element g.
(5) Trapdoor generation
For generating l keywords to be retrieved
Figure BDA0002423296400000091
The receiving end j of the trapdoor can realize the following operation steps:
substep C1 receiving end j calculates βj=h3(IDj,gpub,yj,tj);
Substep C2: receiver j calculation
Figure BDA0002423296400000092
Figure BDA0002423296400000093
Substep C3: receiving end j randomly selects an integer
Figure BDA0002423296400000094
Substep C4: receiving end j calculates the value T of the thresholdj,1=gt
Substep C5: receiving end j calculates trap door value
Figure BDA0002423296400000095
Substep C6: receiving end j calculates trap door value
Figure BDA0002423296400000096
Substep C7: receiving end j output trap door Tj=(Tj,1,Tj,2,Tj,3,I1,…,Il)。
(6) Trapdoor generation
For testing ciphertext C ═ A, B1,…,Bm,C1,…,Cn) And trap door Tj=(Tj,1,Tj,2,Tj,3,I1,…,Il) And if the matching is not carried out, the cloud server executes the following preset matching algorithm:
substep D1: verification equation
Figure BDA0002423296400000097
Whether the result is true or not;
substep D2: if the equation is established, outputting 1; otherwise, 0 is output.
The embodiment is suitable for a certificateless searchable encryption scheme supporting connection keyword query in a multi-receiver scene, and the technical scheme of the invention comprises four participants which are a key generation center, a data sending end, a data receiving end and a cloud server respectively. The key generation center is mainly responsible for generating partial private keys of all data receiving ends; the data sending end is mainly responsible for generating ciphertext data; each legal data receiving end uses the private key thereof to generate a corresponding trap door and submits the trap door to the cloud server; the cloud server provides data query service for a receiving end by using the trapdoor, and effectively realizes a connection keyword retrieval function in a multi-user environment;
the data sending end of the embodiment can share own data with a plurality of data receiving ends at the same time, and the sending end only needs to encrypt the data once by using the public keys of the plurality of receiving ends, does not need to encrypt for multiple times, can reduce the calculation overhead of the sending end, and reduces the working pressure of the sending end; meanwhile, the cloud server is ensured not to acquire any information of the plaintext from the ciphertext, the safety requirement required by the system is ensured, and the ciphertext indistinguishability and the trapdoor indistinguishability are met.
In addition, the present invention further provides an embodiment of a certificateless searchable encryption system applied to multiple receiving ends, referring to fig. 2, the system of this embodiment has four participants, including a cloud server 01, a sending end 02, a key generation center 04, and multiple receiving ends 03;
the receiving end 03 is configured to obtain a part of the public key t sent by the key generation center 01 through the secure channeljAnd part of the private key djSaid partial public key tjAnd the partial private key djThe key generation center generates ID based on the identity information of the receiving endjGenerating;
the receiving end 03 is further configured to randomly create a secret value xjFrom said secret value xjGenerating a partial public key yjAnd based on said partial public key yjThe partial public key tjThe secret value xjAnd the partial private key djCreating a public key PKjAnd a private key SKj
The sending end 02 is configured to obtain the identity information of the m receiving ends and the public key PK corresponding to each identity information respectivelyjDetermining n keywords to be encrypted { w1,w2,…,wnAnd the system master public key gpub
The sender 02 is configured to send m public keys PKjAnd a system master public key gpubFor the n keywords to be encrypted { w1,w2,…,wnEncrypting, so that each key word to be encrypted in the n key words to be encrypted is encrypted only once, outputting a ciphertext C, and sending the ciphertext C to a cloud server; wherein the system master public key gpubIs disclosed by the key generation center;
the receiving end 03 is configured to determine l keywords to be retrieved
Figure BDA0002423296400000101
Based on a public key PK corresponding to the identity informationjPrivate key SKjAnd the system master public key gpubCreating trapdoors T for the I keywords to be retrievedj(ii) a Placing the trap inDoor TjSending the data to the cloud server;
the cloud server 01 is used for combining the ciphertext C and the trapdoor T through a preset matching algorithmjMatching is carried out, and a matching result is output;
wherein, the sending end 02 further includes:
a first calculation unit for calculating an intermediate value βj=h3(IDj,gpub,yj,tj),1≤j≤m;
A second calculation unit for calculating an intermediate value hi=H1(wi) Middle value fi=H2(wi), 1≤i≤n:
A third calculation unit for randomly selecting two integers r,
Figure BDA0002423296400000102
wherein the content of the first and second substances,
Figure BDA0002423296400000103
represents a set of integers consisting of 1, 2, …, p-1, p being a prime number;
a fourth calculation unit for calculating the ciphertext data a ═ gr
A fifth calculation unit for calculating the ciphertext data
Figure BDA0002423296400000104
Wherein, αjFrom the anti-collision cryptographic hash function formula αj=h0(IDj,tj) Generating;
a sixth calculation unit for calculating the ciphertext data Ci=hi rfi r′
A seventh calculation unit for outputting ciphertexts C ═ A, B of the n keywords to be encrypted1,…,Bm,C1,…,Cn);
Wherein h is0(·)、H1(·)、H2(·)、h3(. cndot.) represents a collision resistant cryptographic hash function,G1,G2a cyclic group of order p; g is a group G1A generator of (2); grRepresents group G1To the power of r of the middle element g.
The system comprises a cloud server 01, a sending end 02, a key generation center 04 and a plurality of receiving ends 03;
the embodiment is suitable for a certificateless searchable encryption scheme supporting connection keyword query in a multi-receiver scenario, and the key generation center 04 is mainly responsible for generating partial private keys of each data receiving terminal 03; the data sending terminal 02 is mainly responsible for generating ciphertext data; each legal data receiving terminal 02 generates a corresponding trap door by using a private key of the legal data receiving terminal, and submits the trap door to the cloud server 01; the cloud server 01 uses the trapdoor to provide data query service for a receiving end, and effectively realizes a connection keyword retrieval function in a multi-user environment;
the data sending end 02 of the embodiment can share own data with the multiple data receiving ends 03 at the same time, and the sending end 02 only needs to encrypt the data once by using the public keys of the multiple receiving ends 03, and does not need to encrypt for multiple times, so that the calculation overhead of the sending end 02 can be reduced, and the working pressure of the sending end 02 is reduced; meanwhile, the cloud server 01 is guaranteed not to acquire any information of the plaintext from the ciphertext, the safety requirement required by the system is guaranteed, and the ciphertext indistinguishability and the trapdoor indistinguishability are met.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (5)

1. A certificateless searchable encryption method applied to multiple receiving ends is characterized by comprising the following steps:
step 10: m receiving terminals obtain partial public key t transmitted by key generation center through safety channeljAnd part of the private key djSaid partial public key tjAnd the partial private key djThe key generation center generates ID based on the identity information of the receiving endjGenerating;
step 20: the receiving end randomly creates a secret value xjFrom said secret value xjGenerating a partial public key yjAnd based on said partial public key yjThe partial public key tjThe secret value xjAnd the partial private key djCreating a public key PKjAnd a private key SKj
Step 301: the transmitting end respectively obtains the identity information of the m receiving ends and the public key PK corresponding to each identity informationjDetermining n keywords to be encrypted{w1,w2,…,wn};
Step 302: the transmitting end is according to m public keys PKjAnd a system master public key gpubFor the n keywords to be encrypted { w1,w2,…,wnEncrypting, so that each key word to be encrypted in the n key words to be encrypted is encrypted only once, outputting a ciphertext C, and sending the ciphertext C to a cloud server; wherein the system master public key gpubIs disclosed by the key generation center;
step 40: the receiving end determines l keywords to be retrieved
Figure FDA0002423296390000011
Based on a public key PK corresponding to the identity informationjPrivate key SKjAnd the system master public key gpubCreating trapdoors T for the I keywords to be retrievedj(ii) a The trap door TjSending the data to the cloud server;
step 50: the cloud server enables the ciphertext C and the trapdoor T to be matched through a preset matching algorithmjMatching is carried out, and a matching result is output;
wherein, the step 302 specifically includes the following substeps:
sub-step B1 of the sender calculating an intermediate value βj=h3(IDj,gpub,yj,tj),1≤j≤m;
Substep B2: the sending end calculates the intermediate value hi=H1(wi) Middle value fi=H2(wi),1≤i≤n:
Substep B3: the sending end randomly selects two integers
Figure FDA0002423296390000012
Wherein the content of the first and second substances,
Figure FDA0002423296390000013
denotes a set of integers consisting of 1, 2, …, p-1, pIs a prime number;
substep B4: the sending end calculates the ciphertext data A as gr
Substep B5: the sending end calculates the ciphertext data
Figure FDA0002423296390000014
Wherein, αjFrom the anti-collision cryptographic hash function formula αj=h0(IDj,tj) Generating;
substep B6: the sending end calculates the ciphertext data Ci=hi rfi r
Substep B7: the sending end outputs ciphertext C ═ (A, B) of the n keywords to be encrypted1,…,Bm,C1,…,Cn);
Wherein h is0(·)、H1(·)、H2(·)、h3(. represents a collision resistant cryptographic hash function, G1,G2A cyclic group of order p; g is a group G1A generator of (2); grRepresents group G1To the power of r of the middle element g.
2. The method of claim 1, wherein prior to step 10, the method further comprises:
the key generation center determines the identity information ID of each receiving endj
The key generation center randomly selects an integer
Figure FDA0002423296390000022
And calculates a partial public key
Figure FDA0002423296390000023
The key generation center calculates an intermediate value αj=h0(IDj,tj) By the following formula dj=sj+sαjmod p computes partial private key djWherein h is0(. cndot.) represents a collision resistant cryptographic hash function, mod p represents a modulo p operation, and s represents a system master key for the key generation center;
the key generation center uses the partial public key tjAnd the partial private key djSending to the identity information ID through a secure channeljAnd a corresponding receiving end.
Correspondingly, the step 20 specifically includes:
the identity information IDjA corresponding receiving end randomly creates a secret value xjWherein, in the step (A),
Figure FDA0002423296390000024
and based on formulas
Figure FDA0002423296390000025
Generating a partial public key yj
The receiving end is based on the partial public key yjAnd said partial public key tjCreating a public key PKjAnd based on said secret value xjAnd the partial private key djCreating a private Key SKj
3. The method according to claim 2, wherein the step 40 specifically comprises:
the identity information IDjThe corresponding receiving end determines l keywords to be retrieved
Figure FDA0002423296390000026
The receiving end calculates an intermediate value βj=h3(IDj,gpub,yj,tj);
The receiving end calculates the intermediate value
Figure FDA0002423296390000027
Median value
Figure FDA0002423296390000028
The receiving end randomly selects an integer
Figure FDA0002423296390000029
The receiving terminal calculates the threshold value Tj,1=gt
The receiving end calculates the trap door value
Figure FDA00024232963900000210
The receiving end calculates the trap door value
Figure FDA0002423296390000021
The receiving end is the key words to be retrieved
Figure FDA0002423296390000031
Creating trapdoors Tj=(Tj,1,Tj,2,Tj,3,I1,…,Il)。
4. The method according to claim 3, wherein the step 50 specifically comprises:
the cloud server sets the ciphertext C as (A, B) through a preset matching algorithm1,…,Bm,C1,…,Cn) And trap door Tj=(Tj,1,Tj,2,Tj,3,I1,…,Il) The matching is carried out, and the matching is carried out,
wherein the preset matching algorithm comprises:
verification equation
Figure FDA0002423296390000032
If the equation is established, judging that the matching is successful and outputting a matching success result; if the equality is not satisfied, the matching failure is judged, and the matching failure is outputThe result is;
wherein e represents a number from G1×G1To G2Bilinear pair mapping.
5. A certificateless searchable encryption system applied to multiple receiving ends is characterized by comprising a cloud server, a sending end, a key generation center and m receiving ends;
the receiving end is used for acquiring partial public key t transmitted by the key generation center through a secure channeljAnd part of the private key djSaid partial public key tjAnd the partial private key djThe key generation center generates ID based on the identity information of the receiving endjGenerating;
the receiving end is also used for randomly creating a secret value xjFrom said secret value xjGenerating a partial public key yjAnd based on said partial public key yjThe partial public key tjThe secret value xjAnd the partial private key djCreating a public key PKjAnd a private key SKj
The sending end is used for respectively obtaining the identity information of the m receiving ends and the public key PK corresponding to each identity informationjDetermining n keywords to be encrypted { w1,w2,…,wn};
The transmitting end is used for transmitting the public keys PK according to the m public keys PKjAnd a system master public key gpubFor the n keywords to be encrypted { w1,w2,…,wnEncrypting, so that each key word to be encrypted in the n key words to be encrypted is encrypted only once, outputting a ciphertext C, and sending the ciphertext C to a cloud server; wherein the system master public key gpubIs disclosed by the key generation center;
the receiving end is used for determining l keywords to be retrieved
Figure FDA0002423296390000033
Based on a public key PK corresponding to the identity informationjPrivate key SKjAnd the system master public key gpubCreating trapdoors T for the I keywords to be retrievedj(ii) a The trap door TjSending the data to the cloud server;
the cloud server is used for enabling the ciphertext C and the trapdoor T to be matched through a preset matching algorithmjMatching is carried out, and a matching result is output;
wherein, the sending end further includes:
a first calculation unit for calculating an intermediate value βj=h3(IDj,gpub,yj,tj),1≤j≤m;
A second calculation unit for calculating an intermediate value hi=H1(wi) Middle value fi=H2(wi),1≤i≤n;
A third calculation unit for randomly selecting two integers
Figure FDA0002423296390000041
Wherein the content of the first and second substances,
Figure FDA0002423296390000042
represents a set of integers consisting of 1, 2, …, p-1, p being a prime number;
a fourth calculation unit for calculating the ciphertext data a ═ gr
A fifth calculation unit for calculating the ciphertext data
Figure FDA0002423296390000043
Wherein, αjFrom the anti-collision cryptographic hash function formula αj=h0(IDj,tj) Generating;
a sixth calculation unit for calculating the ciphertext data Ci=hi rfi r
A seventh calculation unit for outputting ciphertexts C ═ A, B of the n keywords to be encrypted1,…,Bm,C1,…,Cn);
Wherein h is0(·)、H1(·)、H2(·)、h3(. represents a collision resistant cryptographic hash function, G1,G2A cyclic group of order p; g is a group G1A generator of (2); grRepresents group G1To the power of r of the middle element g.
CN202010212511.5A 2020-03-24 2020-03-24 Certificateless searchable encryption method and system applied to multiple receiving ends Active CN111416710B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010212511.5A CN111416710B (en) 2020-03-24 2020-03-24 Certificateless searchable encryption method and system applied to multiple receiving ends

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010212511.5A CN111416710B (en) 2020-03-24 2020-03-24 Certificateless searchable encryption method and system applied to multiple receiving ends

Publications (2)

Publication Number Publication Date
CN111416710A true CN111416710A (en) 2020-07-14
CN111416710B CN111416710B (en) 2023-05-02

Family

ID=71494519

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010212511.5A Active CN111416710B (en) 2020-03-24 2020-03-24 Certificateless searchable encryption method and system applied to multiple receiving ends

Country Status (1)

Country Link
CN (1) CN111416710B (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112152803A (en) * 2020-09-15 2020-12-29 河海大学 Identity-based encryption method and system with multiple receiver ciphertext searchable
CN113518244A (en) * 2021-09-15 2021-10-19 深圳佳力拓科技有限公司 Digital television signal data transmission method and device based on substitute text combination
CN114884700A (en) * 2022-04-18 2022-08-09 华中科技大学 Searchable public key encryption batch processing method and system for resisting keyword guessing attack

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103873236A (en) * 2012-12-12 2014-06-18 华为技术有限公司 Searchable encryption method and equipment thereof
CN104023051A (en) * 2014-05-22 2014-09-03 西安理工大学 Multi-user multi-keyword searchable encryption method in cloud storage
CN110602064A (en) * 2019-08-29 2019-12-20 河海大学 Identity-based encryption method and system supporting multi-keyword search

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103873236A (en) * 2012-12-12 2014-06-18 华为技术有限公司 Searchable encryption method and equipment thereof
CN104023051A (en) * 2014-05-22 2014-09-03 西安理工大学 Multi-user multi-keyword searchable encryption method in cloud storage
CN110602064A (en) * 2019-08-29 2019-12-20 河海大学 Identity-based encryption method and system supporting multi-keyword search

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112152803A (en) * 2020-09-15 2020-12-29 河海大学 Identity-based encryption method and system with multiple receiver ciphertext searchable
CN112152803B (en) * 2020-09-15 2021-12-21 河海大学 Identity-based encryption method with searchable multi-receiver ciphertext
CN113518244A (en) * 2021-09-15 2021-10-19 深圳佳力拓科技有限公司 Digital television signal data transmission method and device based on substitute text combination
CN113518244B (en) * 2021-09-15 2021-11-12 深圳佳力拓科技有限公司 Digital television signal data transmission method and device based on substitute text combination
CN114884700A (en) * 2022-04-18 2022-08-09 华中科技大学 Searchable public key encryption batch processing method and system for resisting keyword guessing attack
CN114884700B (en) * 2022-04-18 2023-04-28 华中科技大学 Searchable public key encryption batch processing method and system for resisting key guessing attack

Also Published As

Publication number Publication date
CN111416710B (en) 2023-05-02

Similar Documents

Publication Publication Date Title
Lee et al. Public key encryption with equality test in the standard model
Ballard et al. Achieving efficient conjunctive keyword searches over encrypted data
Zhang et al. An efficient RSA-based certificateless signature scheme
Chen et al. Combined public-key schemes: The case of ABE and ABS
CN111416710B (en) Certificateless searchable encryption method and system applied to multiple receiving ends
Meshram et al. An identity-based cryptographic model for discrete logarithm and integer factoring based cryptosystem
CN108696362B (en) Certificateless multi-message multi-receiver signcryption method capable of updating secret key
Qin et al. Simultaneous authentication and secrecy in identity-based data upload to cloud
Yan et al. Efficient lattice-based signcryption in standard model
Zhang et al. Efficient multi-receiver identity-based signcryption from lattice assumption
Ren et al. Provably secure aggregate signcryption scheme
Shen et al. Identity-based authenticated encryption with identity confidentiality
Selvi et al. Identity based online/offline encryption and signcryption schemes revisited
Sepahi et al. Lattice-based certificateless public-key encryption in the standard model
Li et al. An efficient signcryption scheme with key privacy and its extension to ring signcryption
Tan An Improvement on a three-party authentication key exchange protocol using elliptic curve cryptography.
CN111669275A (en) Master-slave cooperative signature method capable of selecting slave nodes in wireless network environment
CN111586064A (en) Anonymous identity-based broadcast encryption method and system
Yan et al. Identity‐based signcryption from lattices
CN110708157A (en) Certificateless-based multi-receiver anonymous signcryption method
Balasubramanian Hash functions and their applications
CN111464292B (en) Method and system for searchable encryption of certificateless public key
Sun et al. A generic construction of identity-based online/offline signcryption
Liu et al. (Identity-based) dual receiver encryption from lattice-based programmable hash functions with high min-entropy
Qi et al. An ID-based ring signcryption scheme for wireless sensor networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant