CN113271309B - Hierarchical file encryption method and system - Google Patents
Hierarchical file encryption method and system Download PDFInfo
- Publication number
- CN113271309B CN113271309B CN202110566884.7A CN202110566884A CN113271309B CN 113271309 B CN113271309 B CN 113271309B CN 202110566884 A CN202110566884 A CN 202110566884A CN 113271309 B CN113271309 B CN 113271309B
- Authority
- CN
- China
- Prior art keywords
- node
- data consumer
- ciphertext
- public key
- attribute
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
Abstract
The invention discloses a method and a system for encrypting a layered file, which construct a one-way gate access tree by introducing a control attribute and combining the one-way gate, construct a key subitem and a ciphertext subitem of the control attribute on the basis, and reconstruct the ciphertext subitem of a transmission node, thereby solving the problems of unauthorized access and cooperative attack and realizing the safe encryption of the layered file.
Description
Technical Field
The invention relates to the technical field of shared data encryption, in particular to a hierarchical file encryption method and system.
Background
In recent years, with the rapid development of the internet, the size of data has become larger and larger. The cloud environment is one of the most promising application platforms for solving the data sharing problem, because it can provide both computing services and storage services. In a cloud environment, in order to ensure that data is not acquired and destroyed by other users or malicious servers, users need to encrypt the data before sharing the data. Attribute-based encryption (ABE) has received much attention due to its ability to protect data privacy, enabling fine-grained, one-to-many, and non-interactive access control. The attribute encryption (CP-ABE) scheme based on the ciphertext strategy has greater flexibility and applicability, and is a more feasible scheme.
However, in practical applications, a plurality of shared data files usually have a hierarchical relationship, which is especially obvious in the fields of government, colleges and medical treatment. The traditional CP-ABE scheme can only encrypt one file in one access policy, and to encrypt multiple files in a hierarchical relationship, multiple access policies need to be constructed one by one, which results in extremely low encryption and decryption efficiency and lack of flexibility. Aiming at the problem, an efficient file-hierarchy-based CP-ABE (FH-CP-ABE) scheme is provided, and the scheme uses an integrated access strategy to encrypt files of multiple hierarchies, so that the encryption and decryption efficiency is improved. However, this scheme cannot realize encrypting multiple files at the same level, and users corresponding to level nodes can decrypt each other during decryption, so that the encrypted files at the same level have a risk of disclosure. Aiming at the problem, an expanded CP-ABE (EFH-CP-ABE) scheme based on file hierarchy is provided, the scheme realizes that a plurality of files are encrypted at the same level, simultaneously solves the problem that users corresponding to hierarchy nodes can decrypt each other, and improves the safety of the scheme, but the two schemes respectively have the safety problems of unauthorized access of the users and cooperative attack of the users in the encryption process and influence the safety of file encryption.
Disclosure of Invention
The technical problem to be solved by the invention is that the existing file layered CP-ABE scheme has the security problem of user unauthorized access and cooperative attack. Therefore, the invention provides a hierarchical file encryption method and a hierarchical file encryption system, which eliminate the possibility of unauthorized access and cooperative attack of a user by constructing a new ciphertext sub-item related to a transmission node and improve the security of file encryption.
The invention is realized by the following technical scheme:
a hierarchical file encryption method, comprising:
constructing a one-way door access tree according to the hierarchical relationship between the layered files to be encrypted and the layered files to be encrypted; based on the one-way gate access tree, encrypting the layered file to be encrypted through a system public key to obtain an encrypted ciphertext and sending the encrypted ciphertext to a cloud service provider for storage;
and when all the attributes of the data consumer attribute set meet part or all of the one-way gate access trees, decrypting the encrypted ciphertext through the system public key and the data consumer private key to obtain a decrypted plaintext, otherwise, failing to decrypt.
Further, the hierarchical file encryption method further comprises a system initialization parameter lambda, and the hierarchical file encryption method comprises a group with the order of pAndthe generator g of (a), the bilinear map e, i.e. e:
the calculation process of the system public key PK specifically comprises the following steps: based on the system initialization parameter λ, fromIn the random selection of a1,a2,α,Is a p-order integer field; fromRandomly selecting b, and calculating the system public key sub-item as follows:e(g,g)αand defining two hash functionsSaid system public key
The calculation process of the system master key MSK specifically comprises the following steps: calculating a system master key sub-item g based on the system initialization parameter lambdaαObtaining a system master key, wherein the system master key MSK is { g ═ gα}。
Further, the hierarchical file encryption method further comprises data consumer identity information, wherein the data consumer identity information comprises a data consumer identifier; the data consumer attribute set S comprises a control attribute AcI.e. Ac∈S);
The calculating the data consumer private key SK based on the system public key PK, the system master key MSK and the data consumer attribute set S comprises:
fromWherein, a random number r is selected for each data consumer as the data consumer identification, and the private key sub-item K of the private key SK of the consumer is calculated according to the system public key PK as gαh1 r,L=gr,Removing control attribute A from data consumer attribute set ScGenus of other thanCorresponding private key sub-items, i.e. Control Attribute AcPrivate key subentry of
Further, the one-way gate access tree carries a control attribute and a one-way gate, wherein the data consumer attribute centrally contains the control attribute, and the one-way gate supports the decryption of the user from the high level to the low level and prevents the decryption of the user from the low level to the high level;
the specific construction process of the one-way door access tree is as follows:
the number of hierarchical nodes storing the file has the following two relations with the threshold value (the root node R) of the parent node thereof:
when the number of the hierarchical nodes storing the file is smaller than the threshold value of the parent node, the related access structure can not be met even if the user performs cooperation, and therefore the cooperation problem does not need to be considered. When the number of the hierarchical nodes storing the file is larger than or equal to the threshold value of the parent node, the user can satisfy the relevant access structure in a cooperation mode, so that the cooperation problem needs to be considered.
When constructing the one-way access tree, firstly, according to the layered file ck to be encryptediDefining a hierarchical access tree when a hierarchical file ck to be encryptediWhen the number of the hierarchical nodes is larger than or equal to the threshold value of the father node, an AND gate is used as a one-way gate to replace a transmission node in the hierarchical access tree, AND a sub-tree taking the transmission node as a root node is used as a sub-treeFor the subtree of the one-way gate, taking a node generated by the control attribute as another child node of the one-way gate to generate a one-way gate access tree; wherein, the transmission node is a node of which the child node at least comprises a threshold value; and if the transmission node stores the file, the file is stored in the one-way door.
Accessing a tree hierarchicallyExpanding as a one-way door access treeUsing an "AND" gate A' as a one-way gate to replace a hierarchical access treeTransmission node A, subtree in (1)And the control attribute is used as a subtree of a one-way gate A' to form a one-way gate access subtree, file m2It is stored in the one-way gate a'. At this time, the tree is accessed at the one-way doorEven if it satisfiesAndthe different users of (2) access the upper layer through cooperation, and the upper layer file m can not be decrypted2. Otherwise, satisfy the subtreeThe user can decrypt the upper file m through the control node2. It should be noted that the access level of the expanded one-way gate access tree is not changed, that is, the access level of the expanded one-way gate access tree is not changedIn order to have 3 access levels, the system is provided with a plurality of access levels,there are still 3 access levels.
Further, the encrypting the layered file to be encrypted by the system public key based on the one-way access tree includes:
accessing a tree at the one-way doorFrom top to bottom and from left to right, k hierarchical nodes ck1,…,ckkWherein ck isiRepresenting the ith to-be-encrypted layered file obtained by using a symmetric encryption algorithm; fromIn the random selection of random number s1,s2,…,skCorresponding to each level node;
based on the hierarchical file to be encrypted and the one-way door access treeAnd system public key, calculating cipher text subentry of hierarchical nodeAnd C'i;
Access tree based on said one-way doorThe leaf node y with the uncontrolled attribute and the system public key calculate the ciphertext sub-item C of the leaf node with the uncontrolled attributeyAnd Dy(ii) a Wherein, the leaf node Y of the uncontrolled attribute belongs to Y, and Y represents a one-way gate access treeA set of middle leaf nodes;
access tree based on said one-way doorControl Attribute leaf node AcAnd system public key, calculating and controlling cipher text sub item of attribute leaf nodeAnd
access tree based on said one-way doorThe transmission node x and the system public key calculate the ciphertext subentry C of the transmission nodex,kAnd Ex,k(ii) a Wherein, the transmission node X belongs to X, X is the set of transmission node X, TN-CT (X) { ch ═ chx,1,…,chx,kIs the threshold set of the child nodes of the transmission node x.
Further, calculating the ciphertext sub-item of the hierarchy nodeIs specifically shown asWherein ckiIndicating the hierarchical file to be encrypted corresponding to the ith hierarchical node, e (g, g)αBeing a sub-entry of the system public key, siRepresenting a random number corresponding to the ith hierarchical node;
ciphertext subentry C of calculation level nodeiThe formula ofWhere g is a sub-term of the system public key, siRepresenting a random number corresponding to the ith hierarchical node;
ciphertext subentry C for calculating leaf node with non-control attributeyIs specifically shown asWherein r isyRepresenting a random value chosen for a leaf node y of the uncontrolled attribute, g being a sub-entry of the system public key, qy(0) A secret value representing a non-controlling attribute leaf node y,representing a random value r to a leaf node y of a non-controlling attributeyTaking a value obtained by carrying out Hash calculation after negation;
calculating ciphertext subentry D of leaf node with uncontrolled attributeyIs specifically shown asWherein r isyExpressing a random value selected for a leaf node y of the non-control attribute, and g is a sub item of a system public key;
computing ciphertext subentries for control attribute leaf nodesIs specifically shown asWherein h is1Is a sub-entry of the system public key,representing control Attribute leaf node AcSecret value of rAcRepresented as control Attribute leaf node AcThe random values of the selection, g, b, are system public key sub-terms,random value r representing leaf node Ac to control attributeAcTaking a value obtained by carrying out Hash calculation after negation;
calculating ciphertext subentry D of control attribute leaf nodeAcIs specifically shown asWherein the content of the first and second substances,represented as control Attribute leaf node AcG is a system public key subentry;
calculating ciphertext subentry C of transmission nodex,kIs specifically shown as Where e (g, g) represents bilinear mapping, τx,kExpressed as random value, q, of node selection in TN-CT (x)x(0) For the transmission of the corresponding secret value of node x,sub-node ch representing transmission node xx,kCorresponding secret value, e (g, g)αA sub-entry of the system public key,presentation pairPerforming hash calculation to obtain a value;
calculating ciphertext subentry E of transmission nodex,kIs specifically shown asWherein g is a sub item of a system public key, taux,kRandom values expressed as node selection in TN-CT (x)
Further, the decrypting the encrypted ciphertext through the system public key and the data consumer private key to obtain a decrypted plaintext, including:
access tree to one-way doorPerforming an access tree matching function with a set of data consumer attributes SWherein the content of the first and second substances,the method comprises the following steps of representing a sub access tree with an x node as a root node, wherein the process executed by the access tree matching function specifically comprises the following steps:
I. access tree to one-way doorEach node x in the set performs a corresponding access tree matching function Representing a set S of data consumer attributes satisfying a one-way door access treeSubtree of
If the data consumer attribute set Sset satisfies the sub-treeBased on the system public key, the hierarchical file to be encrypted and the private key of the data consumer, a node decryption function DecryptNode (CT, SK, x) is executed to obtain decrypted clear text cki。
Further, the access tree to the one-way doorEach node x in the set performs a corresponding access tree matching functionThe method comprises the following steps:
if x is a non-leaf node, compute all child nodes x 'of node x'Access tree matching function ofIf and only if at least kxWhen the individual child node returns to 1,
further, the node decryption function DecryptNode (CT, SK, x) is executed based on the system public key, the hierarchical file to be encrypted, and the data consumer private key, specifically:
if x is a leaf node and the data consumer attribute set S does not satisfy the one-way gate access treeThen DecryptNode (CT, SK, x) ═ t, i.e. decryption is terminated;
for leaf node x as a leaf node with an uncontrolled attribute in the attribute set S of the data consumer, that is, the leaf node x belongs to S \ AcIf i is attr (x), calculating Wherein C isi,DiFor leaf node ciphertext subentries, L, K in ciphertext CTiA private key subentry in a private key SK of a data consumer;
for leaf node x, leaf node A is a control attribute in data consumer attribute set ScCalculatingWherein the content of the first and second substances,for encrypting ciphertext CThe ciphertext sub-items of the leaf nodes in T,d anda private key subentry in a private key SK of a data consumer;
if x is a non-leaf node, calculate Wherein i ═ index (z) & s'x={index(z):z∈Sx}, Representing the Lagrange coefficient, SxArbitrary k being xxA set of individual child nodes z;
if the data consumer attribute set S satisfies all or part of the one-way door access treeI.e. satisfying all or part of the hierarchical nodes, corresponding to the calculation of the hierarchical nodes Wherein, C'iIs ciphertext sub-item of level node in ciphertext CT, K is private key sub-item in data consumer private key SK, DecryptNode (CT, SK, x)i) For decrypting hierarchical node xiA value of (d);
based on the hierarchical nodes, if the data consumer attribute set S contains authorization nodes with lower hierarchy, calculatingObtaining values of all authorized hierarchical nodes, wherein Cx,k,Ex,kThe ciphertext subentry of the transmission node in the ciphertext CT;
content key { ck based on hierarchy node correspondencei,…,ckkCalculatingWhereinAnd (4) the ciphertext sub-items of the level nodes in the ciphertext CT are decrypted by using a symmetric decryption algorithm to decrypt the corresponding encrypted ciphertext.
A hierarchical file encryption system comprises an authority, a data owner, a cloud service provider and a data consumer;
the authorization mechanism is used for obtaining a system public key PK and a system master key MSK through calculation according to a system initialization parameter lambda, and obtaining data consumer identity information and a corresponding data consumer attribute set S from a data consumer; calculating a data consumer private key SK based on the system public key PK, the system master key MSK and the data consumer attribute set S; sending the system public key PK to a data owner, and sending a corresponding data consumer private key SK to a corresponding data consumer according to the identity information of the data consumer;
the data owner is used for obtaining a system public key PK from the authorization mechanism and according to the layered file ck to be encryptediAnd constructing a one-way door access tree by the hierarchical relationship of each hierarchical file to be encryptedBased on the layered file ck to be encryptediThe one-way door access treeEncrypting the layered file to be encrypted by the system public key PK to obtain an encrypted ciphertext CT and sending the encrypted ciphertext CT to a cloud service provider for storage;
the cloud service provider is used for storing the encrypted ciphertext CT uploaded by the data owner and transmitting data;
the data consumer is used for downloading the encrypted ciphertext CT from the cloud service provider, and when all attributes of the data consumer attribute set S meet part or all of the one-way gate access trees, the downloaded encrypted ciphertext CT is decrypted through the acquired system public key PK and the data consumer private key MSK to obtain the decrypted plaintext ckiOtherwise, the decryption fails.
According to the layered file encryption method and system provided by the invention, the control attribute and the one-way gate are introduced to be combined to construct the one-way gate access tree, on the basis, the key subitem and the ciphertext subitem of the control attribute are constructed, and the ciphertext subitem of the transmission node is reconstructed, so that the problems of unauthorized access and cooperative attack are solved, and the safe encryption of the layered file is realized.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the principles of the invention. In the drawings:
FIG. 1 is a schematic block diagram of a hierarchical file encryption system according to the present invention.
Fig. 2 is a flowchart of a system public key and a system master key according to an embodiment of the present invention.
FIG. 3 is a flow chart of a private key of a data consumer in an embodiment of the invention.
Fig. 4 is a flowchart of an encryption process performed on a layered file to be encrypted according to an embodiment of the present invention.
FIG. 5 is a flowchart illustrating decryption of encrypted ciphertext according to one embodiment of the invention.
FIG. 6 is a diagram of a one-way access tree in an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to examples and accompanying drawings, and the exemplary embodiments and descriptions thereof are only used for explaining the present invention and are not meant to limit the present invention.
Example 1
The invention provides a layered file encryption method which is applied to an encryption system shown in figure 1. The hierarchical file encryption method comprises the following steps:
constructing a one-way door access tree according to the hierarchical relationship between the layered files to be encrypted and the layered files to be encrypted; access tree based on said one-way doorLayered file ck to be encrypted through system public key PKiAnd encrypting to obtain an encrypted ciphertext and sending the encrypted ciphertext to a cloud service provider for storage.
And when all the attributes of the data consumer attribute set meet part or all of the one-way gate access trees, decrypting the encrypted ciphertext through the system public key and the data consumer private key to obtain a decrypted plaintext, otherwise, failing to decrypt.
The data consumer attribute set S includes, but is not limited to, the user' S profession, title, and affiliated entity.
Further, as shown in fig. 2, the hierarchical file encryption method further includes a system initialization parameter λ, where the system initialization parameter λ includes a group with an order pAndthe generator g of (a), the bilinear map e, i.e. e:
the calculation process of the system public key PK specifically includes: based on a system initialization parameter λ, fromIn the random selection of a1,a2,α,Is a p-order integer field; fromRandomly selecting b, and calculating the system public key sub-item as follows: e(g,g)αand defining two hash functionsSystem public key
The calculation process of the system master key MSK specifically comprises the following steps: calculating a system master key sub-item g based on a system initialization parameter lambdaαObtaining system master key, system master key MSK ═ gα}。
Further, as shown in fig. 3, the hierarchical file encryption method further includes data consumer identity information, where the data consumer identity information includes a data consumer identifier; inclusion of control attributes A in a data consumer attribute set ScI.e. Ac∈S)。
Calculating a data consumer private key SK based on a system public key PK, a system master key MSK and a data consumer attribute set S, comprising:
fromIn the method, a random number r is selected for each data consumer to be used as a data consumer identifier, and a private key sub-item K of a private key SK of the consumer is calculated according to a system public key PK to be gαh1 r,L=gr,Data consumer genusControl attribute A is removed in sexual set ScPrivate key sub-items corresponding to other attributes, i.e. Control Attribute AcPrivate key subentry of
Further, the one-way gate access tree carries a control attribute and a one-way gate, wherein the data consumer attribute centrally contains the control attribute, and the one-way gate supports the decryption of the user from the high level to the low level and prevents the decryption of the user from the low level to the high level.
As shown in fig. 6, the specific construction process of the one-way access tree specifically includes:
the number of hierarchical nodes storing the file has the following two relations with the threshold value (the root node R) of the parent node thereof:
when the number of the hierarchical nodes storing the file is smaller than the threshold value of the parent node, the related access structure can not be met even if the user performs cooperation, and therefore the cooperation problem does not need to be considered. When the number of the hierarchical nodes storing the file is larger than or equal to the threshold value of the parent node, the user can satisfy the relevant access structure in a cooperation mode, so that the cooperation problem needs to be considered.
When constructing the one-way access tree, firstly, according to the layered file ck to be encryptediDefining a hierarchical access tree when a hierarchical file ck to be encryptediWhen the number of the hierarchical nodes is larger than or equal to the threshold value of the parent node, an AND gate is used as a one-way gate to replace a transmission node in the hierarchical access tree,a subtree taking the transmission node as a root node is taken as a subtree of the one-way gate, and a node generated by the control attribute is taken as another child node of the one-way gate to generate a one-way gate access tree; the transmission node is a node of which the child node at least comprises a threshold value; if the transmission node stores the file, the file is stored in the one-way door.
Accessing a tree hierarchicallyExpanding as a one-way door access treeUsing an "AND" gate A' as a one-way gate to replace a hierarchical access treeTransmission node A, subtree in (1)And the control attribute is used as a subtree of a one-way gate A' to form a one-way gate access subtree, file m2It is stored in the one-way gate a'. At this time, the tree is accessed at the one-way doorEven if it satisfiesAndthe different users of (2) access the upper layer through cooperation, and the upper layer file m can not be decrypted2. Otherwise, satisfy the subtreeThe user can decrypt the upper file m through the control node2. It should be noted that the access level of the expanded one-way gate access tree is not changed, that is, the access level of the expanded one-way gate access tree is not changedIn order to have 3 access levels, the system is provided with a plurality of access levels,there are still 3 access levels.
Further, as shown in FIG. 4, the tree is accessed based on the one-way doorLayered file ck to be encrypted through system public key PKiPerforming encryption, including:
accessing trees at a single-way gateFrom top to bottom and from left to right, k hierarchical nodes ck1,…,ckkWherein ck isiRepresenting the ith to-be-encrypted layered file obtained by using a symmetric encryption algorithm; fromIn the random selection of random number s1,s2,…,skCorresponding to each level node.
Access tree based on layered files to be encrypted and one-way doorAnd system public key, calculating cipher text subentry of hierarchical nodeAnd C'i。
Access tree based on one-way doorThe leaf node y with the uncontrolled attribute and the system public key calculate the ciphertext sub-item C of the leaf node with the uncontrolled attributeyAnd Dy(ii) a Wherein, the leaf node Y of the uncontrolled attribute belongs to Y, and Y represents a one-way gate access treeA set of middle leaf nodes.
Access tree based on one-way doorControl Attribute leaf node AcAnd system public key, calculating and controlling cipher text sub item of attribute leaf nodeAnd
access tree based on one-way doorThe transmission node x and the system public key calculate the ciphertext subentry C of the transmission nodex,kAnd Ex,k(ii) a Wherein, the transmission node X belongs to X, X is the set of transmission node X, TN-CT (X) { ch ═ chx,1,…,chx,kIs the threshold set of the child nodes of the transmission node x.
Further, calculating the ciphertext subentry of the hierarchy nodeIs specifically shown asWherein ckiIndicating the hierarchical file to be encrypted corresponding to the ith hierarchical node, e (g, g)αBeing a sub-entry of the system public key, siAnd representing the random number corresponding to the ith hierarchical node.
Compute hierarchy node ciphertext subentry C'iIs specifically shown asWhere g is a sub-term of the system public key, siAnd representing the random number corresponding to the ith hierarchical node.
Ciphertext subentry C for calculating leaf node with non-control attributeyIs specifically shown asWherein r isyRepresenting a random value chosen for a leaf node y of the uncontrolled attribute, g being a sub-entry of the system public key, qy(0) A secret value representing a non-controlling attribute leaf node y,representing a random value r to a leaf node y of a non-controlling attributeyAnd taking a value obtained by carrying out Hash calculation after negation.
Calculating ciphertext subentry D of leaf node with uncontrolled attributeyIs specifically shown asWherein r isyDenoted as the random value chosen for the non-control attribute leaf node y, and g is a child of the system public key.
Computing ciphertext subentries for control attribute leaf nodesIs specifically shown asWherein h is1Is a sub-entry of the system public key,representing control Attribute leaf node AcSecret value of rAcRepresented as control Attribute leaf node AcThe random values of the selection, g, b, are system public key sub-terms,random value r representing leaf node Ac to control attributeAcAnd taking a value obtained by carrying out Hash calculation after negation.
Calculating ciphertext subentry D of control attribute leaf nodeAcIs specifically shown asWherein the content of the first and second substances,represented as control Attribute leaf node AcThe random value of choice, g, is a system public key sub-term.
Calculating ciphertext subentry C of transmission nodex,kIs specifically shown as Where e (g, g) represents bilinear mapping, τx,kExpressed as random value, q, of node selection in TN-CT (x)x(0) For the transmission of the corresponding secret value of node x,sub-node ch representing transmission node xx,kCorresponding secret value, e (g, g)αA sub-entry of the system public key,presentation pairAnd carrying out hash calculation to obtain a value.
Calculating ciphertext subentry E of transmission nodex,kIs specifically shown asWherein g is a sub item of a system public key, taux,kRandom values expressed as node selection in TN-CT (x)
Further, as shown in fig. 5, the encrypted ciphertext is decrypted by the system public key and the data consumer private key to obtain a decrypted plaintext ckiThe method comprises the following steps:
access tree to one-way doorPerforming an access tree matching function with a set of data consumer attributes SWherein the content of the first and second substances,the method comprises the following steps of representing a sub access tree with an x node as a root node, wherein the process executed by an access tree matching function specifically comprises the following steps:
I. access tree to one-way doorEach node x in the set performs a corresponding access tree matching function Representing a set S of data consumer attributes satisfying a one-way door access treeSubtree of
If the data consumer attribute set S satisfies the sub-treeBased on the system public key, the hierarchical file to be encrypted and the private key of the data consumer, a node decryption function DecryptNode (CT, SK, x) is executed to obtain decrypted clear text cki. It can be understood that the decrypted plaintext is the layered file to be encrypted.
Further, the tree is accessed to the one-way doorEach node x in the set performs a corresponding access tree matching functionThe method comprises the following steps:
if x is a non-leaf node, calculating the access tree matching function of all child nodes x' of the node xIf and only if at least kxWhen the individual child node returns to 1,
further, based on the system public key, the hierarchical file to be encrypted and the private key of the data consumer, a node decryption function DecryptNode (CT, SK, x) is executed, specifically:
if x is a leaf node and the data consumer attribute set S does not satisfy the one-way gate access treeDecryptNode (CT, SK, x) — ═ t, i.e. decryption is terminated.
For leaf node x as a leaf node with an uncontrolled attribute in the attribute set S of the data consumer, that is, the leaf node x belongs to S \ AcIf i is attr (x), calculating Wherein C isi,DiFor leaf node ciphertext subentries, L, K in ciphertext CTiPrivate keys in the SK are private keys to the data consumer.
For leaf node x, leaf node A is a control attribute in data consumer attribute set ScCalculatingWherein the content of the first and second substances,to encrypt the ciphertext sub-items of the leaf node in the ciphertext CT,d andprivate keys in the SK are private keys to the data consumer.
If x is a non-leaf node, calculate Wherein i ═ index (z) & s'x={index(z):z∈Sx}, Representing the Lagrange coefficient, SxArbitrary k being xxA set of individual child nodes z.
If the data consumer attribute set S satisfies all or part of the one-way door access treeI.e. satisfying all or part of the hierarchical nodes, corresponding to the calculation of the hierarchical nodes Wherein, C'iIs ciphertext sub-item of level node in ciphertext CT, K is private key sub-item in data consumer private key SK, DecryptNode (CT, SK, x)i) For decrypting hierarchical node xiThe value of (c).
Based on the hierarchical nodes, if the data consumer attribute set S contains authorization nodes with lower hierarchy, calculatingObtaining values of all authorized hierarchical nodes, wherein Cx,k,Ex,kAnd the ciphertext sub-item of the transmission node in the ciphertext CT is obtained.
Content key { ck based on hierarchy node correspondencei,…,ckkCalculatingWhereinThe ciphertext sub-items of the level nodes in the ciphertext CT are decrypted by using a symmetric decryption algorithm to obtain a decrypted plaintext cki。
Example 2
As shown in fig. 1, the present invention provides a hierarchical file encryption system including an authority, a data owner, a cloud service provider, and a data consumer.
The system comprises an authorization authority (CA) and a data consumer attribute set (S), wherein the authorization authority (CA) is used for calculating and obtaining a system public key PK and a system master key MSK through a system initialization parameter lambda and obtaining data consumer identity information and a corresponding data consumer attribute set S from a data consumer; calculating a private key SK of the data consumer based on a system public key PK, a system master key MSK and a data consumer attribute set S; and sending the system public key PK to the data owner, and sending the corresponding data consumer private key SK to the corresponding data consumer according to the identity information of the data consumer.
A data owner (CSP) for obtaining a system public key PK from an authority and for encrypting the hierarchical file ck according to the hierarchical file ck to be encryptediAnd constructing a one-way door access tree by the hierarchical relationship of each hierarchical file to be encryptedAccess tree based on said one-way doorLayered file ck to be encrypted through system public key PKiAnd encrypting to obtain an encrypted ciphertext CT and sending the encrypted ciphertext CT to a cloud service provider for storage.
And the cloud service provider (DO) is used for storing the encrypted ciphertext CT uploaded by the data owner and transmitting the data.
And the data consumer (DU) is used for downloading the encrypted ciphertext CT from the cloud service provider, and when all the attributes of the data consumer attribute set S meet part or all of the one-way gate access trees, the downloaded encrypted ciphertext CT is decrypted through the acquired system public key PK and the data consumer private key MSK to obtain a decrypted plaintext, otherwise, the decryption fails.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules, so as to perform all or part of the functions described above.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.
Claims (9)
1. A hierarchical file encryption method, comprising:
constructing a one-way door access tree according to the hierarchical relationship between the layered files to be encrypted and the layered files to be encrypted; based on the one-way gate access tree, encrypting the layered file to be encrypted through a system public key to obtain an encrypted ciphertext and sending the encrypted ciphertext to a cloud service provider for storage;
when all the attributes of the data consumer attribute set meet part or all of the one-way gate access trees, decrypting the encrypted ciphertext through the system public key and the data consumer private key to obtain a decrypted plaintext, otherwise, failing to decrypt;
wherein, based on the one-way access tree, the encryption of the layered file to be encrypted is performed through a system public key, and the method comprises the following steps:
accessing a tree at the one-way doorFrom top to bottom and from left to right, k hierarchical nodes ck1,…,ckkWherein ck isiRepresenting the ith layered file ck to be encrypted obtained by using a symmetric encryption algorithmi(ii) a FromIn the random selection of random number s1,s2,…,skCorresponding to each level node;
based on the hierarchical file to be encrypted and the one-way door access treeAnd system public key, calculating cipher text subentry of hierarchical nodeAnd C'i;
Access tree based on said one-way doorThe leaf node y with the uncontrolled attribute and the system public key calculate the ciphertext sub-item C of the leaf node with the uncontrolled attributeyAnd Dy(ii) a Wherein, the leaf node Y of the uncontrolled attribute belongs to Y, and Y represents a one-way gate access treeA set of middle leaf nodes;
based on the one directionDoor access treeControl Attribute leaf node AcAnd system public key, calculating and controlling cipher text sub item of attribute leaf nodeAnd
access tree based on said one-way doorThe transmission node x and the system public key calculate the ciphertext subentry C of the transmission nodex,kAnd Ex,k(ii) a Wherein, the transmission node X belongs to X, X is the set of transmission node X, TN-CT (X) { ch ═ chx,1,…,chx,kIs the threshold set of the child nodes of the transmission node x.
2. The hierarchical file encryption method according to claim 1, further comprising a system initialization parameter λ, the hierarchical file encryption method comprising a group of order p Andthe generator g of (a), the bilinear map e, i.e. e:
the calculation process of the system public key PK specifically comprises the following steps: based on the system initialization parameter λ, fromIn the random selection of a1,a2,α,Is a p-order integer field; fromRandomly selecting b, and calculating the system public key sub-item as follows:e(g,g)αand defines two hash functions H1:H2:Said system public key
The calculation process of the system master key MSK specifically comprises the following steps: calculating a system master key sub-item g based on the system initialization parameter lambdaαObtaining a system master key, wherein the system master key MSK is { g ═ gα}。
3. The hierarchical file encryption method according to claim 1, further comprising data consumer identity information, the data consumer identity information comprising a data consumer identification; the data consumer attribute set S comprises a control attribute AcI.e. Ac∈S;
The calculating the data consumer private key SK based on the system public key PK, the system master key MSK and the data consumer attribute set S comprises:
fromSelecting a random number r as a data consumer identifier for each data consumer, and calculating a private key sub-item K (g) of a private key SK of the consumer according to the system public key PKαh1 r,L=gr,Removing control attribute A from data consumer attribute set ScPrivate key sub-items corresponding to other attributes, i.e. Control Attribute AcPrivate key subentry of
4. The method according to claim 1, wherein the unidirectional gate access tree carries control attributes and unidirectional gates, wherein the data consumer attributes collectively comprise the control attributes, and the unidirectional gates support users to decrypt from a high level to a low level and prevent users from decrypting from the low level to the high level;
the construction process of the one-way door access tree specifically comprises the following steps:
according to the layered file ck to be encryptediDefining a hierarchical access tree when a hierarchical file ck to be encryptediHierarchical node ofWhen the number is larger than or equal to the threshold value of the father node of the access tree, using an AND gate as a one-way gate to replace a transmission node in the hierarchical access tree, using a sub-tree of which the transmission node is a root node as a sub-tree of the one-way gate, AND using a node generated by the control attribute as the other sub-node of the one-way gate to generate the access tree of the one-way gate; wherein, the transmission node is a node of which the child node at least comprises a threshold value; and if the transmission node stores the file, the file is stored in the one-way door.
5. The hierarchical file encryption method according to claim 1, wherein:
computing ciphertext sub-items of the hierarchical nodeIs specifically shown asWherein ckiRepresenting the to-be-encrypted layered file ck corresponding to the ith layered nodei,e(g,g)αBeing a sub-entry of the system public key, siRepresenting a random number corresponding to the ith hierarchical node;
compute hierarchy node ciphertext subentry C'iIs specifically shown asWhere g is a sub-term of the system public key, siRepresenting a random number corresponding to the ith hierarchical node;
ciphertext subentry C for calculating leaf node with non-control attributeyIs specifically shown asWherein r isyRepresenting a random value chosen for a leaf node y of the uncontrolled attribute, g being a sub-entry of the system public key, qy(0) A secret value representing a non-controlling attribute leaf node y,representing a random value r to a leaf node y of a non-controlling attributeyTaking a value obtained by carrying out Hash calculation after negation;
calculating ciphertext subentry D of leaf node with uncontrolled attributeyIs specifically shown asWherein r isyExpressing a random value selected for a leaf node y of the non-control attribute, and g is a sub item of a system public key;
computing ciphertext subentries for control attribute leaf nodesIs specifically shown asWherein h is1Is a sub-entry of the system public key,representing control Attribute leaf node AcSecret value of rAcRepresented as control Attribute leaf node AcThe random values of the selection, g, b, are system public key sub-terms,random value r representing leaf node Ac to control attributeAcTaking a value obtained by carrying out Hash calculation after negation;
calculating ciphertext subentry D of control attribute leaf nodeAcIs specifically shown asWherein the content of the first and second substances,represented as control Attribute leaf node AcG is a system public key subentry;
calculating ciphertext subentry C of transmission nodex,kIs specifically shown as Where e (g, g) represents bilinear mapping, τx,kExpressed as random value, q, of node selection in TN-CT (x)x(0) For the transmission of the corresponding secret value of node x,sub-node ch representing transmission node xx,kCorresponding secret value, e (g, g)αA sub-entry of the system public key,presentation pairPerforming hash calculation to obtain a value;
6. The method for encrypting the layered file according to claim 1, wherein the decrypting the encrypted ciphertext through a system public key and a data consumer private key to obtain a decrypted plaintext comprises:
access tree to one-way doorPerforming an access tree matching function with a set of data consumer attributes SWherein the content of the first and second substances,the method comprises the following steps of representing a sub access tree with an x node as a root node, wherein the process executed by the access tree matching function specifically comprises the following steps:
I. access tree to one-way doorEach node x in the set performs a corresponding access tree matching function Representing a set S of data consumer attributes satisfying a one-way door access treeSubtree of
7. The method of claim 6, wherein the tree is accessed to a unidirectional gateWherein each node x performs a corresponding access tree matchFitting functionThe method comprises the following steps:
if x is a non-leaf node, calculating the access tree matching function of all child nodes x' of the node xIf and only if at least kxWhen the individual child node returns to 1,
8. the method according to claim 7, wherein the node decryption function DecryptNode (CT, SK, x) is executed based on the system public key, the hierarchical file to be encrypted, and a data consumer private key, and specifically:
if x is a leaf node and the data consumer attribute set S does not satisfy the one-way gate access treeThen DecryptNode (CT, SK, x) ═ t, i.e. decryption is terminated;
for leaf node x as a leaf node with an uncontrolled attribute in the attribute set S of the data consumer, that is, the leaf node x belongs to S \ AcIf i is attr (x), calculating Wherein C isi,DiFor leaf node ciphertext subentries, L, K in ciphertext CTiPrivacy for data consumersA private key subentry in the key SK;
for leaf node x, leaf node A is a control attribute in data consumer attribute set ScCalculatingWherein the content of the first and second substances,to encrypt the ciphertext sub-items of the leaf node in the ciphertext CT,d anda private key subentry in a private key SK of a data consumer;
if x is a non-leaf node, calculate Wherein i ═ index (z) & s'x={index(z):z∈Sx}, Representing the Lagrange coefficient, SxArbitrary k being xxA set of individual child nodes z;
if the data consumer attribute set S satisfies all or part of the one-way door access treeI.e. satisfying all or part of the hierarchical nodes, corresponding to the calculation of the hierarchical nodes Wherein, C'iIs ciphertext sub-item of level node in ciphertext CT, K is private key sub-item in data consumer private key SK, DecryptNode (CT, SK, x)i) For decrypting hierarchical node xiA value of (d);
based on the hierarchical nodes, if the data consumer attribute set S contains authorization nodes with lower hierarchy, calculatingObtaining values of all authorized hierarchical nodes, wherein Cx,k,Ex,kThe ciphertext subentry of the transmission node in the ciphertext CT;
9. A hierarchical file encryption system is characterized by comprising an authority, a data owner, a cloud service provider and a data consumer;
the authorization mechanism is used for obtaining a system public key PK and a system master key MSK through calculation according to a system initialization parameter lambda, and obtaining data consumer identity information and a corresponding data consumer attribute set S from a data consumer; calculating a data consumer private key SK based on the system public key PK, the system master key MSK and the data consumer attribute set S; sending the system public key PK to a data owner, and sending a corresponding data consumer private key SK to a corresponding data consumer according to the identity information of the data consumer;
the data owner is used for obtaining a system public key PK from the authorization mechanism and according to the layered file ck to be encryptediAnd constructing a one-way door access tree by the hierarchical relationship of each hierarchical file to be encryptedAccess tree based on said one-way doorLayered file ck to be encrypted through system public key PKiEncrypting to obtain an encrypted ciphertext CT and sending the encrypted ciphertext CT to a cloud service provider for storage;
the cloud service provider is used for storing the encrypted ciphertext CT uploaded by the data owner and transmitting data;
the data consumer is used for downloading the encrypted ciphertext CT from the cloud service provider, and when all attributes of the data consumer attribute set S meet part or all of the one-way gate access trees, the downloaded encrypted ciphertext CT is decrypted through the acquired system public key PK and the data consumer private key MSK to obtain the decrypted plaintext ckiOtherwise, the decryption fails;
wherein the access tree based on the one-way doorLayered file ck to be encrypted through system public key PKiPerforming encryption, including:
accessing a tree at the one-way doorFrom top to bottom and from left to right, k hierarchical nodes ck1,…,ckkWherein ck isiRepresenting the ith layered file ck to be encrypted obtained by using a symmetric encryption algorithmi(ii) a FromIn the random selection of random number s1,s2,…,skCorresponding to each level node;
based on the hierarchical file to be encrypted and the one-way door access treeAnd system public key, calculating cipher text subentry of hierarchical nodeAnd C'i;
Access tree based on said one-way doorThe leaf node y with the uncontrolled attribute and the system public key calculate the ciphertext sub-item C of the leaf node with the uncontrolled attributeyAnd Dy(ii) a Wherein, the leaf node Y of the uncontrolled attribute belongs to Y, and Y represents a one-way gate access treeA set of middle leaf nodes;
access tree based on said one-way doorControl Attribute leaf node AcAnd system public key, calculating and controlling cipher text sub item of attribute leaf nodeAnd
access tree based on said one-way doorThe transmission node x and the system public key calculate the ciphertext subentry C of the transmission nodex,kAnd Ex,k(ii) a Wherein the transmission nodeX belongs to X, X is the set of transmission nodes X, TN-CT (X) { ch { (X) }x,1,…,chx,kIs the threshold set of the child nodes of the transmission node x.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110566884.7A CN113271309B (en) | 2021-05-24 | 2021-05-24 | Hierarchical file encryption method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110566884.7A CN113271309B (en) | 2021-05-24 | 2021-05-24 | Hierarchical file encryption method and system |
Publications (2)
Publication Number | Publication Date |
---|---|
CN113271309A CN113271309A (en) | 2021-08-17 |
CN113271309B true CN113271309B (en) | 2022-04-08 |
Family
ID=77232515
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110566884.7A Active CN113271309B (en) | 2021-05-24 | 2021-05-24 | Hierarchical file encryption method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113271309B (en) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109740363A (en) * | 2019-01-04 | 2019-05-10 | 贵州大学 | Rating documents desensitization encryption method |
CN110611662A (en) * | 2019-08-30 | 2019-12-24 | 徐州工业职业技术学院 | Attribute-based encryption-based fog collaborative cloud data sharing method |
Family Cites Families (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP5693206B2 (en) * | 2010-12-22 | 2015-04-01 | 三菱電機株式会社 | Cryptographic processing system, key generation device, encryption device, decryption device, cryptographic processing method, and cryptographic processing program |
US10211984B2 (en) * | 2011-09-28 | 2019-02-19 | Koninklijke Philips N.V. | Hierarchical attribute-based encryption and decryption |
KR101593165B1 (en) * | 2014-08-19 | 2016-02-15 | 한국전자통신연구원 | Data access control method |
CN105991278B (en) * | 2016-07-11 | 2019-06-28 | 河北省科学院应用数学研究所 | A kind of ciphertext access control method based on CP-ABE |
WO2019148335A1 (en) * | 2018-01-30 | 2019-08-08 | Nokia Technologies Oy | Secure data processing |
CN108540280B (en) * | 2018-02-09 | 2020-09-15 | 上海交通大学 | Resource efficient security data sharing method and system |
CN108881291B (en) * | 2018-07-19 | 2020-12-22 | 上海海事大学 | Weight attribute base encryption method based on hierarchical authorization mechanism |
CN109617855B (en) * | 2018-10-25 | 2020-10-09 | 深圳技术大学(筹) | File sharing method, device, equipment and medium based on CP-ABE layered access control |
CN111614680B (en) * | 2020-05-25 | 2021-04-02 | 华中科技大学 | CP-ABE-based traceable cloud storage access control method and system |
CN111970296A (en) * | 2020-08-25 | 2020-11-20 | 福建师范大学 | Efficient file hierarchical attribute-based encryption method and system |
-
2021
- 2021-05-24 CN CN202110566884.7A patent/CN113271309B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109740363A (en) * | 2019-01-04 | 2019-05-10 | 贵州大学 | Rating documents desensitization encryption method |
CN110611662A (en) * | 2019-08-30 | 2019-12-24 | 徐州工业职业技术学院 | Attribute-based encryption-based fog collaborative cloud data sharing method |
Also Published As
Publication number | Publication date |
---|---|
CN113271309A (en) | 2021-08-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Deng et al. | Flexible attribute-based proxy re-encryption for efficient data sharing | |
Maffei et al. | Privacy and access control for outsourced personal records | |
Xhafa et al. | An efficient PHR service system supporting fuzzy keyword search and fine-grained access control | |
CN104363215B (en) | A kind of encryption method and system based on attribute | |
CN106059763B (en) | The properties base multi-mechanism hierarchical Ciphertext policy weight encryption method of cloud environment | |
CN114065265A (en) | Fine-grained cloud storage access control method, system and equipment based on block chain technology | |
CN108111540A (en) | The hierarchical access control system and method for data sharing are supported in a kind of cloud storage | |
CN105100083A (en) | Attribute-based encryption method and attribute-based encryption system capable of protecting privacy and supporting user Undo | |
CN106612271A (en) | Encryption and access control method for cloud storage | |
Xu et al. | Enabling authorized encrypted search for multi-authority medical databases | |
Ming et al. | Efficient revocable multi-authority attribute-based encryption for cloud storage | |
CN109981643A (en) | A kind of inquiry authorization of fine granularity can search for encryption method and system | |
CN109327448B (en) | Cloud file sharing method, device, equipment and storage medium | |
CN109617855B (en) | File sharing method, device, equipment and medium based on CP-ABE layered access control | |
Liu et al. | Offline/online attribute‐based encryption with verifiable outsourced decryption | |
Liu et al. | Dynamic attribute-based access control in cloud storage systems | |
CN106936820A (en) | The elongated amending method of data and its application in big data encryption | |
Aruna et al. | Medical healthcare system with hybrid block based predictive models for quality preserving in medical images using machine learning techniques | |
CN114679271A (en) | Block chain private data access control method and system | |
CN106612175A (en) | Proxy re-encryption algorithm for multi-element access control in mobile cloud | |
Zhang et al. | Data owner based attribute based encryption | |
CN113271309B (en) | Hierarchical file encryption method and system | |
Almarwani et al. | Flexible Access Control and Confidentiality over Encrypted Data for Document-based Database. | |
CN114244567B (en) | CP-ABE method for supporting circuit structure in cloud environment | |
CN115694974A (en) | Ciphertext data sharing method and system based on collaborative searchable |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |