CN112953946A - Attribute encryption method, device, equipment and storage medium in cloud environment - Google Patents

Attribute encryption method, device, equipment and storage medium in cloud environment Download PDF

Info

Publication number
CN112953946A
CN112953946A CN202110209025.2A CN202110209025A CN112953946A CN 112953946 A CN112953946 A CN 112953946A CN 202110209025 A CN202110209025 A CN 202110209025A CN 112953946 A CN112953946 A CN 112953946A
Authority
CN
China
Prior art keywords
authority
random number
preset
target
ciphertexts
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202110209025.2A
Other languages
Chinese (zh)
Other versions
CN112953946B (en
Inventor
黄丽媛
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ping An Technology Shenzhen Co Ltd
Original Assignee
Ping An Technology Shenzhen Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ping An Technology Shenzhen Co Ltd filed Critical Ping An Technology Shenzhen Co Ltd
Priority to CN202110209025.2A priority Critical patent/CN112953946B/en
Priority to PCT/CN2021/097128 priority patent/WO2022179000A1/en
Publication of CN112953946A publication Critical patent/CN112953946A/en
Application granted granted Critical
Publication of CN112953946B publication Critical patent/CN112953946B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)

Abstract

The invention relates to the field of information security, and discloses an attribute encryption method, device, equipment and storage medium in a cloud environment, which are used for encrypting data based on a multi-mechanism algorithm, reducing the computing overhead of encryption and improving the encryption efficiency and security. The attribute encryption method under the cloud environment comprises the following steps: acquiring user privacy data; outputting the global parameters, and sending the global parameters to a plurality of authorities so that each authority outputs a corresponding public key according to the global parameters; generating an initial result according to the password random number and preset password information, and sending the initial result to a plurality of authorities, so that each authority generates a plurality of random calculation results according to the initial result; and randomly selecting a plurality of basic random numbers to generate a plurality of intermediate ciphertexts, and generating a plurality of target ciphertexts according to the intermediate ciphertexts and a preset cipher text calculation formula. In addition, the invention also relates to a block chain technology, and the target ciphertext can be stored in the block chain.

Description

Attribute encryption method, device, equipment and storage medium in cloud environment
Technical Field
The invention relates to the field of multiple encryption, in particular to an attribute encryption method, device, equipment and storage medium in a cloud environment.
Background
Cloud computing is a product of development and fusion of traditional computer and network technologies such as distributed computing, parallel computing, utility computing, network storage, virtualization, load balancing content distribution network and the like, while cloud services are related service increase, use and interaction modes based on the internet, and generally relate to providing dynamic easily-expandable and often-virtualized resources through the internet, however, as an open distributed environment, mobile clouds cannot guarantee the security of data, cloud service providers can also snoop user data for commercial benefits and even reveal user data privacy, for the security problems of the mobile clouds, the problem can be solved by adopting a cryptographic technology, while traditional public key cryptography can realize secure sharing of data, it only supports a one-to-one encryption form, cannot realize flexible access control, at present, attribute-based encryption is considered as an effective technology for realizing secure sharing of data, the user can directly control the data through the access policy, and the secure sharing of the data can be realized without distributing keys to other users by the data owner.
In the existing scheme, attribute-based encryption mechanisms of a single authority are adopted, but for the single authority mechanism, on one hand, a user must go to a trusted central authority to verify identity so as to obtain a key, and on the other hand, the single authority needs to manage attributes of all users and complex key distribution work, so that the workload is huge, and the system efficiency and the security are easily affected under a large-scale cloud environment.
Disclosure of Invention
The invention provides an attribute encryption method, an attribute encryption device, attribute encryption equipment and an attribute encryption storage medium in a cloud environment, which are used for encrypting data based on a multi-mechanism algorithm, reducing the computing overhead of encryption and improving the encryption efficiency and security.
The invention provides an attribute encryption method in a cloud environment, which comprises the following steps: obtaining user privacy data, wherein the user privacy data are stored in a mobile cloud; initializing the user privacy data, outputting a global parameter, sending the global parameter to a plurality of authorities, so that each authority outputs a corresponding public key according to the global parameter, and receiving the corresponding public key returned by each authority; selecting a password random number, generating an initial result according to the password random number and preset password information, and sending the initial result to the plurality of authorities, so that each authority generates a plurality of random calculation results according to the initial result, wherein the random calculation results are used for data decryption; and randomly selecting a plurality of basic random numbers, generating a plurality of intermediate ciphertexts according to the plurality of basic random numbers, the global parameter and the public key corresponding to each authority, and generating a plurality of target ciphertexts according to the plurality of intermediate ciphertexts and a preset cipher text calculation formula.
Optionally, in a first implementation manner of the first aspect of the present invention, the initializing the user privacy data, outputting a global parameter, and sending the global parameter to multiple authorities, so that each authority outputs a corresponding public key according to the global parameter, and receiving the corresponding public key returned by each authority includes: selecting an initial random number according to an input safety parameter, and outputting a global parameter according to the safety parameter and the initial random number; sending the global parameters to a plurality of authorities so that each authority randomly selects an intermediate random number, randomly selects a target random number according to the intermediate random number, and outputs a corresponding public key according to the intermediate random number, the target random number and the global parameters; and receiving the corresponding public key sent by each authority to obtain a plurality of public keys.
Optionally, in a second implementation manner of the first aspect of the present invention, the selecting a password random number, generating an initial result according to the password random number and preset password information, and sending the initial result to a plurality of authorities, so that each authority generates a plurality of random calculation results according to the initial result, where the plurality of random calculation results are used to perform data decryption and include: acquiring preset user identity and password information, selecting a password random number, carrying out XOR calculation on the password random number and the password information, and generating an initial result through a preset hash function;
and sending the initial result to a plurality of authorities so that each authority selects a decryption random number, and generating a plurality of random calculation results according to a plurality of preset random result calculation formulas and the decryption random number, wherein the plurality of random calculation results are used for data decryption.
Optionally, in a third implementation manner of the first aspect of the present invention, the randomly selecting a plurality of basic random numbers, generating a plurality of intermediate ciphertexts according to the plurality of basic random numbers, the global parameter, and a public key corresponding to each authority, and generating a plurality of target ciphertexts according to the plurality of intermediate ciphertexts and a preset cipher text calculation formula includes: determining four basic random numbers through a preset random function, wherein the four basic random numbers comprise a first basic random number, a second basic random number, a third basic random number and a fourth basic random number; according to a plurality of preset intermediate ciphertext calculation formulas, calculating by combining the four basic random numbers, the global parameter and the public key corresponding to each authority, and outputting a plurality of intermediate ciphertexts; and obtaining a plurality of target ciphertexts through the global parameter, the plurality of intermediate ciphertexts, the public key corresponding to each authority, a preset access structure and a plurality of preset cipher text calculation formulas, wherein each intermediate cipher text corresponds to one target cipher text.
Optionally, in a fourth implementation manner of the first aspect of the present invention, the calculating, according to a preset plurality of intermediate ciphertext calculation formulas, by combining the four basic random numbers, the global parameter, and the public key corresponding to each authority, and outputting a plurality of intermediate ciphertexts includes: leading the global parameter, the first basic random number, the second basic random number, the third basic random number and a public key corresponding to each authority into a preset first intermediate ciphertext calculation formula to generate a first intermediate variable corresponding to each authority; importing the global parameters and the third basic random number into a preset second intermediate ciphertext calculation formula to generate a second intermediate variable corresponding to each authority; importing the global parameters and the fourth basic random number into a preset third intermediate ciphertext calculation formula to generate a third intermediate variable corresponding to each authority mechanism; and importing the first intermediate variable corresponding to each authority, the second intermediate variable corresponding to each authority, the third intermediate variable corresponding to each authority, the first basic random number, the second basic random number and the fourth basic random number into a preset intermediate ciphertext array, and outputting the intermediate ciphertext corresponding to each authority to obtain a plurality of intermediate ciphertexts.
Optionally, in a fifth implementation manner of the first aspect of the present invention, the obtaining a plurality of target ciphertexts through the global parameter, the plurality of intermediate ciphertexts, the public key corresponding to each authority, a preset access structure, and a plurality of preset cipher text calculation formulas, where each intermediate cipher text corresponds to one target cipher text includes: determining a fifth random number through a preset random function, importing the fifth random number and the public key corresponding to each authority into a preset first target ciphertext calculation formula, and generating a first target variable corresponding to each authority; determining a sixth random number through a preset random function, importing the sixth random number and the fourth random number into a preset second target ciphertext calculation formula, and generating a second target variable corresponding to each authority; outputting a column vector according to the public key corresponding to each authority and a preset vector calculation formula, generating a seventh random number based on the column vector, importing the seventh random number and the first random number into a preset third target ciphertext calculation formula, and generating a third target variable corresponding to each authority; determining an eighth random number through a preset random function, importing the eighth random number and a preset mapping function into a preset fourth target ciphertext calculation formula, and generating a fourth target variable corresponding to each authority; and importing the first target variable corresponding to each authority, the second target variable corresponding to each authority, the third target variable corresponding to each authority, the fourth target variable corresponding to each authority and the intermediate ciphertext corresponding to each authority into a preset target ciphertext array, and outputting the target ciphertext corresponding to each authority to obtain a plurality of target ciphertexts.
Optionally, in a sixth implementation manner of the first aspect of the present invention, after the randomly selecting a plurality of basic random numbers, generating a plurality of intermediate ciphertexts according to the plurality of basic random numbers, the global parameter, and a public key corresponding to each authority, and generating a plurality of target ciphertexts according to the plurality of intermediate ciphertexts and a preset cipher text calculation formula, the method further includes: uploading the plurality of target ciphertexts to the mobile cloud.
A second aspect of the present invention provides an attribute encryption apparatus in a cloud environment, including: the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring user privacy data, and the user privacy data are stored in a mobile cloud; the output module is used for initializing the user privacy data, outputting a global parameter, sending the global parameter to a plurality of authorities, enabling each authority to output a corresponding public key according to the global parameter, and receiving the corresponding public key returned by each authority; the generating module is used for selecting a password random number, generating an initial result according to the password random number and preset password information, and sending the initial result to the plurality of authorities, so that each authority generates a plurality of random calculation results according to the initial result, and the random calculation results are used for data decryption; and the encryption module is used for randomly selecting a plurality of basic random numbers, generating a plurality of intermediate ciphertexts according to the plurality of basic random numbers, the global parameter and the public key corresponding to each authority, and generating a plurality of target ciphertexts according to the plurality of intermediate ciphertexts and a preset cipher text calculation formula.
Optionally, in a first implementation manner of the second aspect of the present invention, the output module includes: the first output unit is used for selecting an initial random number according to an input safety parameter and outputting a global parameter according to the safety parameter and the initial random number; the second output unit is used for sending the global parameters to a plurality of authorities so that each authority randomly selects an intermediate random number, randomly selects a target random number according to the intermediate random number, and outputs a corresponding public key according to the intermediate random number, the target random number and the global parameters; and the receiving unit is used for receiving the corresponding public key sent by each authority to obtain a plurality of public keys.
Optionally, in a second implementation manner of the second aspect of the present invention, the generating module includes: the first calculation unit is used for acquiring preset user identity and password information, selecting a password random number, carrying out XOR calculation on the password random number and the password information and generating an initial result through a preset hash function; and the second calculation unit is used for sending the initial result to a plurality of authorities so that each authority selects a decryption random number, and generates a plurality of random calculation results according to a plurality of preset random result calculation formulas and the decryption random number, wherein the plurality of random calculation results are used for data decryption.
Optionally, in a third implementation manner of the second aspect of the present invention, the encryption module includes: a determining unit, configured to determine four basic random numbers through a preset random function, where the four basic random numbers include a first basic random number, a second basic random number, a third basic random number, and a fourth basic random number; the third calculation unit is used for calculating by combining the four basic random numbers, the global parameter and the public key corresponding to each authority according to a plurality of preset intermediate ciphertext calculation formulas and outputting a plurality of intermediate ciphertexts; and the fourth calculation unit is used for obtaining a plurality of target ciphertexts through the global parameter, the plurality of intermediate ciphertexts, the public key corresponding to each authority, a preset access structure and a plurality of preset cipher text calculation formulas, wherein each intermediate cipher text corresponds to one target cipher text.
Optionally, in a fourth implementation manner of the second aspect of the present invention, the third computing unit is specifically configured to: leading the global parameter, the first basic random number, the second basic random number, the third basic random number and a public key corresponding to each authority into a preset first intermediate ciphertext calculation formula to generate a first intermediate variable corresponding to each authority; importing the global parameters and the third basic random number into a preset second intermediate ciphertext calculation formula to generate a second intermediate variable corresponding to each authority; importing the global parameters and the fourth basic random number into a preset third intermediate ciphertext calculation formula to generate a third intermediate variable corresponding to each authority mechanism; and importing the first intermediate variable corresponding to each authority, the second intermediate variable corresponding to each authority, the third intermediate variable corresponding to each authority, the first basic random number, the second basic random number and the fourth basic random number into a preset intermediate ciphertext array, and outputting the intermediate ciphertext corresponding to each authority to obtain a plurality of intermediate ciphertexts.
Optionally, in a fifth implementation manner of the second aspect of the present invention, the fourth calculating unit is specifically configured to: determining a fifth random number through a preset random function, importing the fifth random number and the public key corresponding to each authority into a preset first target ciphertext calculation formula, and generating a first target variable corresponding to each authority; determining a sixth random number through a preset random function, importing the sixth random number and the fourth random number into a preset second target ciphertext calculation formula, and generating a second target variable corresponding to each authority; outputting a column vector according to the public key corresponding to each authority and a preset vector calculation formula, generating a seventh random number based on the column vector, importing the seventh random number and the first random number into a preset third target ciphertext calculation formula, and generating a third target variable corresponding to each authority; determining an eighth random number through a preset random function, importing the eighth random number and a preset mapping function into a preset fourth target ciphertext calculation formula, and generating a fourth target variable corresponding to each authority; and importing the first target variable corresponding to each authority, the second target variable corresponding to each authority, the third target variable corresponding to each authority, the fourth target variable corresponding to each authority and the intermediate ciphertext corresponding to each authority into a preset target ciphertext array, and outputting the target ciphertext corresponding to each authority to obtain a plurality of target ciphertexts.
Optionally, in a sixth implementation manner of the second aspect of the present invention, after the encryption module, the apparatus further includes: and the uploading module is used for uploading the target ciphertexts to the mobile cloud.
A third aspect of the present invention provides an attribute encryption device in a cloud environment, including: a memory and at least one processor, the memory having instructions stored therein; the at least one processor invokes the instructions in the memory to cause the property encryption device in the cloud environment to execute the property encryption method in the cloud environment described above.
A fourth aspect of the present invention provides a computer-readable storage medium having stored therein instructions, which when run on a computer, cause the computer to execute the above-described attribute encryption method in a cloud environment.
According to the technical scheme, user privacy data are obtained and stored in a mobile cloud; initializing the user privacy data, outputting a global parameter, sending the global parameter to a plurality of authorities, so that each authority outputs a corresponding public key according to the global parameter, and receiving the corresponding public key returned by each authority; selecting a password random number, generating an initial result according to the password random number and preset password information, and sending the initial result to the plurality of authorities, so that each authority generates a plurality of random calculation results according to the initial result, wherein the random calculation results are used for data decryption; and randomly selecting a plurality of basic random numbers, generating a plurality of intermediate ciphertexts according to the plurality of basic random numbers, the global parameter and the public key corresponding to each authority, and generating a plurality of target ciphertexts according to the plurality of intermediate ciphertexts and a preset cipher text calculation formula. In the embodiment of the invention, data encryption is carried out based on a multi-mechanism algorithm, so that the calculation overhead of encryption is reduced, and the encryption efficiency and security are improved.
Drawings
FIG. 1 is a diagram of an embodiment of an attribute encryption method in a cloud environment according to an embodiment of the present invention;
FIG. 2 is a diagram of another embodiment of an attribute encryption method in a cloud environment according to an embodiment of the present invention;
FIG. 3 is a diagram of an embodiment of an attribute encryption apparatus in a cloud environment according to an embodiment of the present invention;
fig. 4 is a schematic diagram of another embodiment of the attribute encryption device in a cloud environment according to the embodiment of the present invention;
fig. 5 is a schematic diagram of an embodiment of an attribute encryption device in a cloud environment in the embodiment of the present invention.
Detailed Description
The embodiment of the invention provides an attribute encryption method, device, equipment and storage medium in a cloud environment, which are used for encrypting data based on a multi-mechanism algorithm, reducing the computing overhead of encryption and improving the encryption efficiency and security.
The terms "first," "second," "third," "fourth," and the like in the description and in the claims, as well as in the drawings, if any, are used for distinguishing between similar elements and not necessarily for describing a particular sequential or chronological order. It will be appreciated that the data so used may be interchanged under appropriate circumstances such that the embodiments described herein may be practiced otherwise than as specifically illustrated or described herein. Furthermore, the terms "comprises," "comprising," or "having," and any variations thereof, are intended to cover non-exclusive inclusions, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed, but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
For convenience of understanding, a specific flow of the embodiment of the present invention is described below, and referring to fig. 1, an embodiment of an attribute encryption method in a cloud environment in the embodiment of the present invention includes:
s101, user privacy data are obtained and stored in the mobile cloud.
The data owner terminal acquires user privacy data, and the user privacy data are stored in the mobile cloud. As an open distributed environment, the mobile cloud cannot guarantee the security of data, and a cloud service provider may also snoop user data for curiosity or commercial interests, even reveal the privacy of the user data.
S102, initializing user privacy data, outputting global parameters, sending the global parameters to a plurality of authorities, enabling each authority to output a corresponding public key according to the global parameters, and receiving the corresponding public key returned by each authority.
The data owner terminal initializes the user privacy data, outputs global parameters, and sends the global parameters to a plurality of authorities, so that each authority outputs a corresponding public key according to the global parameters, and receives the corresponding public key returned by each authority, namely a plurality of public keys are received, and each public key corresponds to one authority. Specifically, the data owner terminal generates a random number b by using random function according to the input security parameter k, wherein b is an integer, and outputs a global parameter GP ═ p, gbE, H, H, SE }, i.e., GlogalSetup (1)k) → GP, where p and e are random numbers and p represents a prime number, g represents a generator in cryptography, gbThe value is calculated by a generator g and a random number b, H represents a value generated by the generator g and a prime number p, H is gp, H represents a hash function, SE represents a value obtained by the hash function, and SE is H (H); the data owner terminal sends the global parameter GP to a plurality of authorities so that each authority selects a random number aiAnd uiInputting global parameter GP and outputting multiple public keys
Figure BDA0002951726800000081
In this example AA is usediIndicating any authority, e.g. authority AA1Selecting a random number a1And u1Authority AA2Selecting a random number a2And u2Wherein a isiAnd uiIs an integer of 1kFor the fixed writing method in the initialization stage of the encryption algorithm, k represents a security parameter, g is a prime number and represents a generator of a cyclic group in the encryption algorithm, and y in a public key PKiBy the formula
Figure BDA0002951726800000082
Is calculated to obtain yiIs shown to pass throughGenerator g and random number aiThe obtained value is a new multi-mechanism algorithm constructed based on prime number order groups in the embodiment, the algorithm does not need a central mechanism, the problems of efficiency bottleneck and safety risk caused by the central mechanism are solved, a plurality of attribute authorities work together, each attribute authority does not need to communicate with each other, and the user attributes can be managed independently. It should be noted that the same letters appearing in this embodiment and the following embodiments have the same meaning.
S103, selecting a password random number, generating an initial result according to the password random number and preset password information, and sending the initial result to a plurality of authorities, so that each authority generates a plurality of random calculation results according to the initial result, and the random calculation results are used for data decryption.
The data owner selects the password random number, generates an initial result according to the password random number and preset password information, and sends the initial result to the plurality of authorities, so that each authority generates a plurality of random calculation results according to the initial result, and the plurality of random calculation results are used for data decryption. Specifically, the data owner terminal obtains preset user Identity (ID) and password information (PW), selects a random number r, performs exclusive-or calculation on the random number r and the password information (PW), generates an initial result through a preset hash function, and sends the initial result and the corresponding user Identity (ID) to a plurality of authorities, so that each authority AAiSelecting a decryption random number ti,uObtaining a first random calculation result V according to a plurality of preset random result calculation formulasi,uSecond random calculation result fi,uAnd a third random calculation result Wi,uFor example, an authority AA1Selecting a decryption random number t1,u、V1,uAnd f1,uAuthority AA2Selecting a decryption random number t2,u、V2,uAnd f2,u
The initial result is
Figure BDA0002951726800000083
It means that the random number r is XOR-calculated with the password information PWAnd the initial result and the corresponding user ID can be expressed as values generated by a preset hash function
Figure BDA0002951726800000084
And through a preset safety channel
Figure BDA0002951726800000085
Sent to each authority, and a preset plurality of random result calculation formulas comprise
Figure BDA0002951726800000091
fi,u=h(b||ti,uID) and
Figure BDA0002951726800000092
will { Wi,u,ti,uKeep in the mobile device, { ID, Vi,u,ti,uKeep in preset database.
S104, randomly selecting a plurality of basic random numbers, generating a plurality of intermediate ciphertexts according to the plurality of basic random numbers, the global parameters and the public key corresponding to each authority, and generating a plurality of target ciphertexts according to the plurality of intermediate ciphertexts and a preset cipher text calculation formula.
The data owner terminal selects four basic random numbers which are respectively lambdaj、uj、rjAnd s', the global parameter GP and the public key PK corresponding to each authority mechanism generate a plurality of intermediate ciphertext ICs, a plurality of target ciphertext CTs are generated according to the plurality of intermediate ciphertext ICs and a preset ciphertext calculation formula, and the data owner terminal calculates to obtain C according to the preset plurality of intermediate ciphertext calculation formulas1,j、C2,jAnd C1And outputs the intermediate ciphertext IC ═ C1,j,C2,j,C1,λj,ujS' }, wherein, C1,j、C2,jAnd C1Representing intermediate results, λ, obtained by a plurality of intermediate ciphertext calculation formulasj、ujAnd s' is a selected basic random number, and a plurality of target ciphertexts CT are obtained based on a plurality of intermediate ciphertexts IC, a preset access structure and a preset cipher text calculation formula{C,C1,C2,C1,j,C2,j,C3,j,C4,j(A, p) }, wherein C, C2,C3,jAnd C4,jAnd (B) representing intermediate results obtained by a plurality of target ciphertext calculation formulas, wherein (A and p) are preset access structures, A is a 1 x n matrix, a function p is mapping of each row and attribute of the matrix A, each public key correspondingly generates an intermediate ciphertext, and each intermediate ciphertext correspondingly outputs a target ciphertext.
In the embodiment of the invention, data encryption is carried out based on a multi-mechanism algorithm, so that the calculation overhead of encryption is reduced, and the encryption efficiency and security are improved.
Referring to fig. 2, another embodiment of the attribute encryption method in the cloud environment according to the embodiment of the present invention includes:
the steps from S201 to S203 are the same as the steps from S101 to S103, and are not described herein again.
S204, four basic random numbers are determined through a preset random function, wherein the four basic random numbers comprise a first basic random number, a second basic random number, a third basic random number and a fourth basic random number.
The data owner terminal determines a first basic random number lambda through a preset random functionjSecond basic random number ujThird basic random number rjAnd a fourth basic random number s'.
And S205, calculating by combining four basic random numbers, global parameters and the public key corresponding to each authority according to a plurality of preset intermediate ciphertext calculation formulas, and outputting a plurality of intermediate ciphertexts.
And the data owner terminal performs calculation by combining four basic random numbers, global parameters and the public key corresponding to each authority according to a plurality of preset intermediate ciphertext calculation formulas and outputs a plurality of intermediate ciphertexts. Specifically, the data owner terminal imports the global parameter, the first basic random number, the second basic random number, the third basic random number and the public key corresponding to each authority into a preset first intermediate ciphertext calculation formula to generate a first intermediate variable corresponding to each authority; the data owner terminal leads the global parameters and the third basic random number into a preset second intermediate ciphertext calculation formula to generate a second intermediate variable corresponding to each authority; the data owner terminal imports the global parameters and the fourth basic random number into a preset third intermediate ciphertext calculation formula to generate a third intermediate variable corresponding to each authority mechanism; and the data owner terminal leads the first intermediate variable corresponding to each authority, the second intermediate variable corresponding to each authority, the third intermediate variable corresponding to each authority, the first basic random number, the second basic random number and the fourth basic random number into a preset intermediate ciphertext array, outputs the intermediate ciphertext corresponding to each authority and obtains a plurality of intermediate ciphertexts.
Data owner terminal selects random number lambdaj、uj、rjAnd s', inputting the global parameter GP and the public key PK of the related authority, calculating according to a plurality of preset intermediate ciphertext calculation formulas, and outputting an intermediate ciphertext IC, namely PreEnc (GP, PK) → IC. The data owner terminal calculates the formula through a preset first intermediate cryptograph
Figure BDA0002951726800000101
Generating a first intermediate variable C corresponding to each authority1,jPreset second intermediate cryptogram calculation formula
Figure BDA0002951726800000102
Generating a second intermediate variable C corresponding to each authority2,jThe preset third intermediate ciphertext calculation formula C1=gs'Generating a third intermediate variable C corresponding to each authority1And outputting a plurality of intermediate ciphertexts IC ═ C1,j,C2,j,C1,λj,ujAnd s', off-line copying the IC to mobile equipment such as a mobile phone.
S206, obtaining a plurality of target ciphertexts through the global parameter, a plurality of intermediate ciphertexts, the public key corresponding to each authority, a preset access structure and a plurality of preset cipher text calculation formulas, wherein each intermediate cipher text corresponds to one target cipher text.
The data owner terminal obtains a plurality of target ciphertexts through a global parameter, a plurality of intermediate ciphertexts, a public key corresponding to each authority, a preset access structure and a plurality of preset cipher text calculation formulas, wherein each intermediate cipher text corresponds to one target cipher text, namely, ONLINEEnc (GP, IC, PK, (A, p), m) → CT. Specifically, the data owner terminal determines a fifth random number through a preset random function, introduces the fifth random number and a public key corresponding to each authority into a preset first target ciphertext calculation formula, and generates a first target variable corresponding to each authority; the data owner terminal determines a sixth random number through a preset random function, and introduces the sixth random number and the fourth random number into a preset second target ciphertext calculation formula to generate a second target variable corresponding to each authority mechanism; the data owner terminal outputs a column vector according to a public key corresponding to each authority and a preset vector calculation formula, generates a seventh random number based on the column vector, introduces the seventh random number and the first random number into a preset third target ciphertext calculation formula, and generates a third target variable corresponding to each authority; the data owner terminal determines an eighth random number through a preset random function, and introduces the eighth random number and a preset mapping function into a preset fourth target ciphertext calculation formula to generate a fourth target variable corresponding to each authority mechanism; the data owner terminal leads the first target variable corresponding to each authority, the second target variable corresponding to each authority, the third target variable corresponding to each authority, the fourth target variable corresponding to each authority and the intermediate ciphertext corresponding to each authority into a preset target ciphertext array, outputs the target ciphertext corresponding to each authority and obtains a plurality of target ciphertexts, wherein each intermediate ciphertext corresponds to one target ciphertext.
The preset access structure is (A, p), wherein A is a matrix of 1 × n, the function p is a mapping of each line and attribute of the matrix A, the data owner terminal determines a fifth random number m through a preset random function, and the formula C is m x (|, g) according to a preset first target ciphertext calculation formulaai)sGenerating a first target variable C corresponding to each authority, and data possessionThe terminal determines a sixth random number s through a preset random function, and calculates a formula C according to the fourth random number s' and a preset second target ciphertext2Generating a second target variable C corresponding to each authority as s-s2Randomly choosing the column vector v ═ (s, y)2,...,yn)TCalculating a seventh random number λj',λj'=AjX v by a first random number λjAnd a preset third target ciphertext calculation formula C3,j=λjj' Generation of third target variable C for each Authority3,jThe data owner terminal determines an eighth random number u through a preset random functionj' introducing the function p and the eighth random number into a preset fourth target ciphertext calculation formula C4,j=uj' -p (j) generating a fourth target variable C corresponding to each authority4,jA first target variable C and a second target variable C2A third target variable C3,jFourth target variable C4,jLeading in a preset target ciphertext array by the intermediate ciphertext IC corresponding to each authority, outputting the target ciphertext corresponding to each authority, and obtaining a plurality of target ciphertexts CT (C, C)1,C2,C1,j,C2,j,C3,j,C4,jAnd (a, p), and upload to the mobile cloud.
In the embodiment of the invention, data encryption is carried out based on a multi-mechanism algorithm, so that the calculation overhead of encryption is reduced, and the encryption efficiency and security are improved.
Another embodiment of the attribute encryption method in the cloud environment according to the embodiment of the present invention includes:
(1) initialization phase
The data owner terminal inputs a security parameter k, generates a random number b by using a random function, wherein b is an integer, and outputs a global parameter GP ═ p, g and gb,e,H,h,SE};
Multiple authorities choose random numbers a from multiple attribute setsiCalculating
Figure BDA0002951726800000111
And based on aiRandomly selecting uiInputting global parameter GP and outputting multiple public keys
Figure BDA0002951726800000121
Wherein, aiAnd uiIs an integer, g is a prime number representing the generator of the cyclic group in the encryption algorithm, 1kFor the fixed writing method of the initialization stage in the encryption algorithm, k represents the security parameter, y in the public key PKiBy the formula
Figure BDA0002951726800000122
And (4) calculating.
(2) Registration phase
The data owner terminal obtains preset user Identity (ID) and password information (PW), selects a random number r, performs exclusive-or calculation on the random number r and the password information (PW), generates an initial result through a preset hash function, and sends the initial result and the corresponding user Identity (ID) to a plurality of authorities, wherein the initial result is
Figure BDA0002951726800000123
The initial result and the corresponding user identity ID may be expressed as
Figure BDA0002951726800000124
And through a secure channel will
Figure BDA0002951726800000125
Sending to a plurality of authorities;
multiple authorities choose random number ti,uObtaining a first random calculation result V according to a preset random result calculation formulai,uSecond random calculation result fi,uAnd a third random calculation result Wi,uThe preset random result calculation formula is
Figure BDA0002951726800000126
fi,u=h(b||ti,uID) and
Figure BDA0002951726800000127
will { Wi,u,ti,uKeep in the mobile device, { ID, Vi,u,ti,uKeep in preset database.
(3) Data encryption phase
The data owner terminal selects a plurality of basic random numbers, inputs the global parameter GP and the public key PK corresponding to each authority mechanism, calculates according to a plurality of preset intermediate ciphertext calculation formulas, outputs a plurality of intermediate ciphertexts, and generates a plurality of target ciphertexts according to the plurality of intermediate ciphertexts and the plurality of preset cipher text calculation formulas. Basic random number is lambdaj、uj、rjAnd s', the preset calculation formula of a plurality of intermediate ciphertexts is C1,j=(gb)λj×guj(-rj)×(guj)rj,C2,j=grj,C1=gs'And outputting a plurality of intermediate ciphertexts IC ═ C1,j,C2,j,C1,λj,ujS', preset access structure is (a, p), where a is a 1 × n matrix, function p is a mapping of each row and attribute of matrix a, and randomly chosen column vector v ═ s, y }2,...,yn)TCalculating λj=Aj×v,AjRepresenting the jth row of the matrix, and the preset multiple cipher text calculation formula is C ═ mx (/ ("g, g")ai)s,C2=s-s',C3,j=λjj',C4,j=uj' -p (j) and outputs a plurality of target ciphertexts CT ═ { C, C ═ C1,C2,C1,j,C2,j,C3,j,C4,jAnd (A, p) and uploading to a cloud decryption server.
(4) Identity authentication and key agreement phase
Data user terminal reading random number ti,uAnd a third random calculation result Wi,uInputting user identity ID and password information PW to log in;
the data user terminal selects a random number z and obtains y according to a plurality of preset initial result calculation formulasb、yu、ci,u、fi,u、ei,uAnd DIDi,uWill { DIDi,u,ei,u,yu,ybSending the result to a plurality of authorities, wherein a plurality of preset initial result calculation formulas comprise yb=(gb)1/z=gb/z,yu=g1/z
Figure BDA0002951726800000131
Figure BDA0002951726800000132
ei,u=Enc(h(ci,u),fi,u),
Figure BDA0002951726800000133
A plurality of authoritative organizations obtain C according to a plurality of preset intermediate result calculation formulasi,uAnd IDuObtaining a random number ti,uAnd a first random calculation result Vi,uCalculating and verifying fi,uIf the verification is successful, selecting a random number ri,uAnd calculating to obtain Mi,uIf the verification is unsuccessful, the method is terminated, and a plurality of preset intermediate result calculation formulas comprise
Figure BDA0002951726800000134
Obtaining a random number ti,uAnd a first random calculation result Vi,uPost calculation of fi,u=Dec(h(ci,u),ei,u) And verifying fi,u=h(b||ti,uI ID), if not, terminating, if yes, selecting random number ri,uCalculate Mi,u=H2(ski,u||Vi,u);
The data user terminal obtains V according to a preset calculation formula of a plurality of target resultsi,uAnd ski,uComputing and validating multiple authority-generated Mi,uIf the verification is successful, M is calculateduAnd sending to multiple authorities, terminating if the verification is unsuccessful, wherein the preset multiple target result calculation formulas include
Figure BDA0002951726800000135
ski,u=h(ci,u||ri,u||Vi,u) Verification Mi,u=H2(ski,u||Vi,u) If true, terminating if false, and if true, calculating Mu=H2(ID||ski,u);
M generated by multiple authorities for data user terminaluAnd (5) carrying out verification, if not, terminating, otherwise, finishing authentication and key agreement.
(5) Production phase of user private key
After a plurality of authoritative organizations authenticate the user identity, y is obtainedu=g1/z,yb=gb/zObtaining the secret key SKi,uAnd a user attribute set S.
(6) Data decryption phase
The cloud decryption server inputs a plurality of target ciphertexts CT, a global parameter GP and a secret key SKiuCalculating
Figure BDA0002951726800000136
If the attribute set S meets the preset access structure (A, p), the set I ═ p (x), and the formula CT' ═ ii (e (C) is decrypted according to the preset data0,Ki)/∏(e(Cx,Li)×e(C2,x))WX) Obtaining a plurality of intermediate decryption results CT', wherein A is a 1 x n matrix, the function p is a mapping of each row and attribute of the matrix A, the server can mark the attributes of different users to obtain a user attribute set S, and if the user attribute set S is contained in a set structure formed by (A, p), the attribute set S is called to meet the preset access structure (A, p);
and the data user terminal decrypts based on the intermediate decryption results CT' to generate a target decryption result.
In the embodiment of the invention, data encryption is carried out based on a multi-mechanism algorithm, so that the calculation overhead of encryption is reduced, and the encryption efficiency and security are improved.
With reference to fig. 3, the method for encrypting the attribute in the cloud environment according to the embodiment of the present invention is described above, and an attribute encryption apparatus in the cloud environment according to the embodiment of the present invention is described below, where an embodiment of the attribute encryption apparatus in the cloud environment according to the embodiment of the present invention includes:
the obtaining module 301 is configured to obtain user privacy data, where the user privacy data is stored in a mobile cloud;
the input module 302 is configured to initialize user privacy data, output a global parameter, and send the global parameter to multiple authorities, so that each authority outputs a corresponding public key according to the global parameter and receives a corresponding public key returned by each authority;
the generating module 303 is configured to select a password random number, generate an initial result according to the password random number and preset password information, and send the initial result to a plurality of authorities, so that each authority generates a plurality of random calculation results according to the initial result, and the plurality of random calculation results are used for data decryption;
the encryption module 304 is configured to randomly select a plurality of basic random numbers, generate a plurality of intermediate ciphertexts according to the plurality of basic random numbers, the global parameter, and the public key corresponding to each authority, and generate a plurality of target ciphertexts according to the plurality of intermediate ciphertexts and a preset cipher text calculation formula.
In the embodiment of the invention, data encryption is carried out based on a multi-mechanism algorithm, so that the calculation overhead of encryption is reduced, and the encryption efficiency and security are improved.
Referring to fig. 4, another embodiment of the attribute encryption apparatus in a cloud environment according to the embodiment of the present invention includes:
the obtaining module 301 is configured to obtain user privacy data, where the user privacy data is stored in a mobile cloud;
the input module 302 is configured to initialize user privacy data, output a global parameter, and send the global parameter to multiple authorities, so that each authority outputs a corresponding public key according to the global parameter and receives a corresponding public key returned by each authority;
the generating module 303 is configured to select a password random number, generate an initial result according to the password random number and preset password information, and send the initial result to a plurality of authorities, so that each authority generates a plurality of random calculation results according to the initial result, and the plurality of random calculation results are used for data decryption;
the encryption module 304 is configured to randomly select a plurality of basic random numbers, generate a plurality of intermediate ciphertexts according to the plurality of basic random numbers, the global parameter, and the public key corresponding to each authority, and generate a plurality of target ciphertexts according to the plurality of intermediate ciphertexts and a preset cipher text calculation formula.
Optionally, the input module 302 includes:
a first output unit 3021, configured to select an initial random number according to an input security parameter, and output a global parameter according to the security parameter and the initial random number;
a second output unit 3022, configured to send the global parameter to multiple authorities, so that each authority randomly selects an intermediate random number, randomly selects a target random number according to the intermediate random number, and outputs a corresponding public key according to the intermediate random number, the target random number, and the global parameter;
the receiving unit 3023 is configured to receive the corresponding public key sent by each authority, and obtain a plurality of public keys.
Optionally, the generating module 303 includes:
a first calculation unit 3031, configured to obtain preset user identity and password information, select a password random number, perform xor calculation on the password random number and the password information, and generate an initial result through a preset hash function;
the second calculating unit 3032 is configured to send the initial result to the multiple authorities, so that each authority selects a decryption random number, and generates multiple random calculation results according to multiple preset random result calculation formulas and the decryption random number, where the multiple random calculation results are used for data decryption.
Optionally, the encryption module 304 includes:
a determining unit 3041, configured to determine four basic random numbers through a preset random function, where the four basic random numbers include a first basic random number, a second basic random number, a third basic random number, and a fourth basic random number;
a third calculating unit 3042, configured to perform calculation according to a plurality of preset intermediate ciphertext calculation formulas by combining four basic random numbers, a global parameter, and a public key corresponding to each authority, and output a plurality of intermediate ciphertexts;
the fourth calculating unit 3043 is configured to obtain a plurality of target ciphertexts through the global parameter, the plurality of intermediate ciphertexts, the public key corresponding to each authority, the preset access structure, and the preset cipher text calculation formulas, where each intermediate cipher text corresponds to one target cipher text.
Optionally, the third calculating unit 3042 is specifically configured to:
importing the global parameters, the first basic random number, the second basic random number, the third basic random number and the public key corresponding to each authority into a preset first intermediate ciphertext calculation formula to generate a first intermediate variable corresponding to each authority; importing the global parameters and the third basic random number into a preset second intermediate ciphertext calculation formula to generate a second intermediate variable corresponding to each authority; importing the global parameters and the fourth basic random number into a preset third intermediate ciphertext calculation formula to generate a third intermediate variable corresponding to each authority; and importing the first intermediate variable corresponding to each authority, the second intermediate variable corresponding to each authority, the third intermediate variable corresponding to each authority, the first basic random number, the second basic random number and the fourth basic random number into a preset intermediate ciphertext array, and outputting the intermediate ciphertext corresponding to each authority to obtain a plurality of intermediate ciphertexts.
Optionally, the fourth calculating unit 3043 is specifically configured to:
determining a fifth random number through a preset random function, importing the fifth random number and a public key corresponding to each authority into a preset first target ciphertext calculation formula, and generating a first target variable corresponding to each authority; determining a sixth random number through a preset random function, importing the sixth random number and the fourth random number into a preset second target ciphertext calculation formula, and generating a second target variable corresponding to each authority; outputting a column vector according to a public key corresponding to each authority and a preset vector calculation formula, generating a seventh random number based on the column vector, importing the seventh random number and the first random number into a preset third target ciphertext calculation formula, and generating a third target variable corresponding to each authority; determining an eighth random number through a preset random function, importing the eighth random number and a preset mapping function into a preset fourth target ciphertext calculation formula, and generating a fourth target variable corresponding to each authority; and importing the first target variable corresponding to each authority, the second target variable corresponding to each authority, the third target variable corresponding to each authority, the fourth target variable corresponding to each authority and the intermediate ciphertext corresponding to each authority into a preset target ciphertext array, and outputting the target ciphertext corresponding to each authority to obtain a plurality of target ciphertexts.
Optionally, after the encryption module 304, the attribute encryption apparatus in the cloud environment further includes:
an upload module 305, configured to upload the plurality of target ciphertexts to the mobile cloud.
In the embodiment of the invention, data encryption is carried out based on a multi-mechanism algorithm, so that the calculation overhead of encryption is reduced, and the encryption efficiency and security are improved.
Fig. 3 and 4 describe the attribute encryption device in the cloud environment in the embodiment of the present invention in detail from the perspective of the modular functional entity, and the attribute encryption device in the cloud environment in the embodiment of the present invention in detail from the perspective of hardware processing.
Fig. 5 is a schematic structural diagram of an attribute encryption device in a cloud environment according to an embodiment of the present invention, where the attribute encryption device 500 in the cloud environment may generate a relatively large difference due to different configurations or performances, and may include one or more processors (CPUs) 510 (e.g., one or more processors) and a memory 520, and one or more storage media 530 (e.g., one or more mass storage devices) for storing applications 533 or data 532. Memory 520 and storage media 530 may be, among other things, transient or persistent storage. The program stored on the storage medium 530 may include one or more modules (not shown), each of which may include a series of instructions operating on the property encryption device 500 in the cloud environment. Still further, the processor 510 may be configured to communicate with the storage medium 530, and execute a series of instruction operations in the storage medium 530 on the property encryption device 500 in the cloud environment.
The property encryption device 500 in a cloud environment may also include one or more power supplies 540, one or more wired or wireless network interfaces 550, one or more input-output interfaces 560, and/or one or more operating systems 531, such as Windows Server, Mac OS X, Unix, Linux, FreeBSD, and the like. Those skilled in the art will appreciate that the configuration of the property encryption device in a cloud environment shown in fig. 5 does not constitute a limitation of the property encryption device in a cloud environment, and may include more or fewer components than those shown, or some components may be combined, or a different arrangement of components.
The invention further provides an attribute encryption device in a cloud environment, where the computer device includes a memory and a processor, where the memory stores computer-readable instructions, and the computer-readable instructions, when executed by the processor, cause the processor to execute the steps of the attribute encryption method in the cloud environment in the foregoing embodiments.
The present invention also provides a computer-readable storage medium, which may be a non-volatile computer-readable storage medium, and may also be a volatile computer-readable storage medium, having stored therein instructions, which, when run on a computer, cause the computer to perform the steps of the attribute encryption method in the cloud environment.
The block chain is a novel application mode of computer technologies such as distributed data storage, point-to-point transmission, a consensus mechanism, an encryption algorithm and the like. A block chain (Blockchain), which is essentially a decentralized database, is a series of data blocks associated by using a cryptographic method, and each data block contains information of a batch of network transactions, so as to verify the validity (anti-counterfeiting) of the information and generate a next block. The blockchain may include a blockchain underlying platform, a platform product service layer, an application service layer, and the like.
It is clear to those skilled in the art that, for convenience and brevity of description, the specific working processes of the above-described systems, apparatuses and units may refer to the corresponding processes in the foregoing method embodiments, and are not described herein again.
The integrated unit, if implemented in the form of a software functional unit and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: various media capable of storing program codes, such as a usb disk, a removable hard disk, a read-only memory (ROM), a Random Access Memory (RAM), a magnetic disk, or an optical disk.
The above-mentioned embodiments are only used for illustrating the technical solutions of the present invention, and not for limiting the same; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. An attribute encryption method in a cloud environment, the attribute encryption method in the cloud environment comprising:
obtaining user privacy data, wherein the user privacy data are stored in a mobile cloud;
initializing the user privacy data, outputting a global parameter, sending the global parameter to a plurality of authorities, so that each authority outputs a corresponding public key according to the global parameter, and receiving the corresponding public key returned by each authority;
selecting a password random number, generating an initial result according to the password random number and preset password information, and sending the initial result to the plurality of authorities, so that each authority generates a plurality of random calculation results according to the initial result, wherein the random calculation results are used for data decryption;
and randomly selecting a plurality of basic random numbers, generating a plurality of intermediate ciphertexts according to the plurality of basic random numbers, the global parameter and the public key corresponding to each authority, and generating a plurality of target ciphertexts according to the plurality of intermediate ciphertexts and a preset cipher text calculation formula.
2. The method according to claim 1, wherein initializing the user privacy data, outputting a global parameter, sending the global parameter to a plurality of authorities, so that each authority outputs a corresponding public key according to the global parameter, and receiving the corresponding public key returned by each authority comprises:
selecting an initial random number according to an input safety parameter, and outputting a global parameter according to the safety parameter and the initial random number;
sending the global parameters to a plurality of authorities so that each authority randomly selects an intermediate random number, randomly selects a target random number according to the intermediate random number, and outputs a corresponding public key according to the intermediate random number, the target random number and the global parameters;
and receiving the corresponding public key sent by each authority to obtain a plurality of public keys.
3. The method according to claim 1, wherein the selecting a password nonce, generating an initial result according to the password nonce and preset password information, and sending the initial result to a plurality of authorities, so that each authority generates a plurality of random computation results according to the initial result, and the plurality of random computation results are used for data decryption, and the method comprises:
acquiring preset user identity and password information, selecting a password random number, carrying out XOR calculation on the password random number and the password information, and generating an initial result through a preset hash function;
and sending the initial result to a plurality of authorities so that each authority selects a decryption random number, and generating a plurality of random calculation results according to a plurality of preset random result calculation formulas and the decryption random number, wherein the plurality of random calculation results are used for data decryption.
4. The method for encrypting the attribute under the cloud environment according to claim 1, wherein the randomly selecting a plurality of basic random numbers, generating a plurality of intermediate ciphertexts according to the plurality of basic random numbers, the global parameter, and a public key corresponding to each authority, and generating a plurality of target ciphertexts according to the plurality of intermediate ciphertexts and a preset cipher text calculation formula comprises:
determining four basic random numbers through a preset random function, wherein the four basic random numbers comprise a first basic random number, a second basic random number, a third basic random number and a fourth basic random number;
according to a plurality of preset intermediate ciphertext calculation formulas, calculating by combining the four basic random numbers, the global parameter and the public key corresponding to each authority, and outputting a plurality of intermediate ciphertexts;
and obtaining a plurality of target ciphertexts through the global parameter, the plurality of intermediate ciphertexts, the public key corresponding to each authority, a preset access structure and a plurality of preset cipher text calculation formulas, wherein each intermediate cipher text corresponds to one target cipher text.
5. The attribute encryption method in the cloud environment according to claim 4, wherein the calculating, according to a plurality of preset intermediate ciphertext calculation formulas, in combination with the four basic random numbers, the global parameter, and the public key corresponding to each authority, and outputting a plurality of intermediate ciphertexts includes:
leading the global parameter, the first basic random number, the second basic random number, the third basic random number and a public key corresponding to each authority into a preset first intermediate ciphertext calculation formula to generate a first intermediate variable corresponding to each authority;
importing the global parameters and the third basic random number into a preset second intermediate ciphertext calculation formula to generate a second intermediate variable corresponding to each authority;
importing the global parameters and the fourth basic random number into a preset third intermediate ciphertext calculation formula to generate a third intermediate variable corresponding to each authority mechanism;
and importing the first intermediate variable corresponding to each authority, the second intermediate variable corresponding to each authority, the third intermediate variable corresponding to each authority, the first basic random number, the second basic random number and the fourth basic random number into a preset intermediate ciphertext array, and outputting the intermediate ciphertext corresponding to each authority to obtain a plurality of intermediate ciphertexts.
6. The method for encrypting the attribute under the cloud environment according to claim 4, wherein the obtaining a plurality of target ciphertexts through the global parameter, the plurality of intermediate ciphertexts, the public key corresponding to each authority, a preset access structure, and a plurality of preset cipher text calculation formulas, wherein each intermediate cipher text corresponds to one target cipher text comprises:
determining a fifth random number through a preset random function, importing the fifth random number and the public key corresponding to each authority into a preset first target ciphertext calculation formula, and generating a first target variable corresponding to each authority;
determining a sixth random number through a preset random function, importing the sixth random number and the fourth random number into a preset second target ciphertext calculation formula, and generating a second target variable corresponding to each authority;
outputting a column vector according to the public key corresponding to each authority and a preset vector calculation formula, generating a seventh random number based on the column vector, importing the seventh random number and the first random number into a preset third target ciphertext calculation formula, and generating a third target variable corresponding to each authority;
determining an eighth random number through a preset random function, importing the eighth random number and a preset mapping function into a preset fourth target ciphertext calculation formula, and generating a fourth target variable corresponding to each authority;
and importing the first target variable corresponding to each authority, the second target variable corresponding to each authority, the third target variable corresponding to each authority, the fourth target variable corresponding to each authority and the intermediate ciphertext corresponding to each authority into a preset target ciphertext array, and outputting the target ciphertext corresponding to each authority to obtain a plurality of target ciphertexts.
7. The method for attribute encryption under the cloud environment according to claim 1, wherein after the randomly selecting a plurality of basic random numbers, generating a plurality of intermediate ciphertexts according to the plurality of basic random numbers, the global parameter and a public key corresponding to each authority, and generating a plurality of target ciphertexts according to the plurality of intermediate ciphertexts and a preset cipher text calculation formula, the method further comprises:
uploading the plurality of target ciphertexts to the mobile cloud.
8. An attribute encryption device in a cloud environment, the attribute encryption device in the cloud environment comprising:
the system comprises an acquisition module, a storage module and a processing module, wherein the acquisition module is used for acquiring user privacy data, and the user privacy data are stored in a mobile cloud;
the output module is used for initializing the user privacy data, outputting a global parameter, sending the global parameter to a plurality of authorities, enabling each authority to output a corresponding public key according to the global parameter, and receiving the corresponding public key returned by each authority;
the generating module is used for selecting a password random number, generating an initial result according to the password random number and preset password information, and sending the initial result to the plurality of authorities, so that each authority generates a plurality of random calculation results according to the initial result, and the random calculation results are used for data decryption;
and the encryption module is used for randomly selecting a plurality of basic random numbers, generating a plurality of intermediate ciphertexts according to the plurality of basic random numbers, the global parameter and the public key corresponding to each authority, and generating a plurality of target ciphertexts according to the plurality of intermediate ciphertexts and a preset cipher text calculation formula.
9. An attribute encryption device in a cloud environment, the attribute encryption device in the cloud environment comprising: a memory and at least one processor, the memory having instructions stored therein;
the at least one processor invokes the instructions in the memory to cause the property encryption device in the cloud environment to perform the property encryption method in the cloud environment of any of claims 1-7.
10. A computer-readable storage medium having instructions stored thereon, wherein the instructions, when executed by a processor, implement the property encryption method in the cloud environment according to any one of claims 1 to 7.
CN202110209025.2A 2021-02-25 2021-02-25 Attribute encryption method, device, equipment and storage medium in cloud environment Active CN112953946B (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
CN202110209025.2A CN112953946B (en) 2021-02-25 2021-02-25 Attribute encryption method, device, equipment and storage medium in cloud environment
PCT/CN2021/097128 WO2022179000A1 (en) 2021-02-25 2021-05-31 Attribute encryption method, apparatus and device in cloud environment, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110209025.2A CN112953946B (en) 2021-02-25 2021-02-25 Attribute encryption method, device, equipment and storage medium in cloud environment

Publications (2)

Publication Number Publication Date
CN112953946A true CN112953946A (en) 2021-06-11
CN112953946B CN112953946B (en) 2022-05-31

Family

ID=76245989

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110209025.2A Active CN112953946B (en) 2021-02-25 2021-02-25 Attribute encryption method, device, equipment and storage medium in cloud environment

Country Status (2)

Country Link
CN (1) CN112953946B (en)
WO (1) WO2022179000A1 (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100299313A1 (en) * 2009-05-19 2010-11-25 Security First Corp. Systems and methods for securing data in the cloud
US20120314854A1 (en) * 2011-06-10 2012-12-13 Zeutro, Llc System, Apparatus and Method for Decentralizing Attribute-Based Encryption Information
CN103618728A (en) * 2013-12-04 2014-03-05 南京邮电大学 Attribute-based encryption method for multiple authority centers
US20140112470A1 (en) * 2011-07-21 2014-04-24 Peking University Method and system for key generation, backup, and migration based on trusted computing
CN106487506A (en) * 2016-10-08 2017-03-08 西安电子科技大学 A kind of many mechanisms KP ABE method supporting pre-encrypt and outsourcing deciphering
CN109246096A (en) * 2018-08-30 2019-01-18 西安电子科技大学 Multi-functional fine-grained access control method suitable for cloud storage
CN109768858A (en) * 2018-12-26 2019-05-17 西安电子科技大学 Based on the encryption attribute access control system more authorized and design method under cloud environment
CN112260829A (en) * 2020-10-19 2021-01-22 浙江工商大学 Multi-authorization-based CP-ABE method for supporting mobile equipment under hybrid cloud

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101070473B1 (en) * 2009-10-13 2011-10-06 아주대학교산학협력단 Method for generating dynamic group key
CN106230590B (en) * 2016-07-22 2019-04-16 安徽大学 A kind of ciphertext policy ABE base encryption method of more authorized organizations
CN107968780A (en) * 2017-11-20 2018-04-27 上海海事大学 A kind of method for secret protection of mobile cloud storage shared data
CN110492997B (en) * 2019-08-09 2020-12-01 华南理工大学 Encryption system, method, device and storage medium based on super account book
CN111953483B (en) * 2020-07-29 2022-07-15 哈尔滨工程大学 Multi-authority access control method based on criterion

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100299313A1 (en) * 2009-05-19 2010-11-25 Security First Corp. Systems and methods for securing data in the cloud
US20120314854A1 (en) * 2011-06-10 2012-12-13 Zeutro, Llc System, Apparatus and Method for Decentralizing Attribute-Based Encryption Information
US20140112470A1 (en) * 2011-07-21 2014-04-24 Peking University Method and system for key generation, backup, and migration based on trusted computing
CN103618728A (en) * 2013-12-04 2014-03-05 南京邮电大学 Attribute-based encryption method for multiple authority centers
CN106487506A (en) * 2016-10-08 2017-03-08 西安电子科技大学 A kind of many mechanisms KP ABE method supporting pre-encrypt and outsourcing deciphering
CN109246096A (en) * 2018-08-30 2019-01-18 西安电子科技大学 Multi-functional fine-grained access control method suitable for cloud storage
CN109768858A (en) * 2018-12-26 2019-05-17 西安电子科技大学 Based on the encryption attribute access control system more authorized and design method under cloud environment
CN112260829A (en) * 2020-10-19 2021-01-22 浙江工商大学 Multi-authorization-based CP-ABE method for supporting mobile equipment under hybrid cloud

Also Published As

Publication number Publication date
WO2022179000A1 (en) 2022-09-01
CN112953946B (en) 2022-05-31

Similar Documents

Publication Publication Date Title
CN106961336B (en) A kind of key components trustship method and system based on SM2 algorithm
Wang et al. Oruta: Privacy-preserving public auditing for shared data in the cloud
CN108418784B (en) Distributed cross-domain authorization and access control method based on attribute password
EP3850786B1 (en) System and method for secure multi-party computation based blockchain transactions
CN109831430B (en) Safe, controllable and efficient data sharing method and system under cloud computing environment
CN106487506B (en) Multi-mechanism KP-ABE method supporting pre-encryption and outsourcing decryption
WO2019098941A1 (en) System and method for private integration of datasets
CN113037484B (en) Data transmission method, device, terminal, server and storage medium
CN110933033B (en) Cross-domain access control method for multiple Internet of things domains in smart city environment
JP6040313B2 (en) Multi-party secure authentication system, authentication server, multi-party secure authentication method and program
CN111600711A (en) Encryption and decryption system and encryption and decryption method for fine-grained mobile access
CN109565440B (en) Key exchange method and key exchange system
Liu et al. A fair data access control towards rational users in cloud storage
CN113708917A (en) APP user data access control system and method based on attribute encryption
Ahmad et al. A secure network communication protocol based on text to barcode encryption algorithm
Xu et al. FPGA based blockchain system for industrial IoT
Hahn et al. Toward trustworthy delegation: Verifiable outsourced decryption with tamper-resistance in public cloud storage
CN114697042A (en) Block chain-based Internet of things security data sharing proxy re-encryption method
CN109962783A (en) SM9 digital signature collaboration generation method and system based on progressive calculating
Ahmad Abusukhon et al. A novel network security algorithm based on encrypting text into a white-page image
CN113360944A (en) Dynamic access control system and method for power internet of things
Zhou et al. Secure fine-grained friend-making scheme based on hierarchical management in mobile social networks
CN112953946B (en) Attribute encryption method, device, equipment and storage medium in cloud environment
Cui et al. Towards Multi-User, Secure, and Verifiable $ k $ NN Query in Cloud Database
CN104935582B (en) Big data storage method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant