CN113271309B - Hierarchical file encryption method and system - Google Patents

Hierarchical file encryption method and system Download PDF

Info

Publication number
CN113271309B
CN113271309B CN202110566884.7A CN202110566884A CN113271309B CN 113271309 B CN113271309 B CN 113271309B CN 202110566884 A CN202110566884 A CN 202110566884A CN 113271309 B CN113271309 B CN 113271309B
Authority
CN
China
Prior art keywords
node
data consumer
ciphertext
public key
attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110566884.7A
Other languages
Chinese (zh)
Other versions
CN113271309A (en
Inventor
冯朝胜
刘帅南
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan Normal University
Original Assignee
Sichuan Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan Normal University filed Critical Sichuan Normal University
Priority to CN202110566884.7A priority Critical patent/CN113271309B/en
Publication of CN113271309A publication Critical patent/CN113271309A/en
Application granted granted Critical
Publication of CN113271309B publication Critical patent/CN113271309B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption

Abstract

The invention discloses a method and a system for encrypting a layered file, which construct a one-way gate access tree by introducing a control attribute and combining the one-way gate, construct a key subitem and a ciphertext subitem of the control attribute on the basis, and reconstruct the ciphertext subitem of a transmission node, thereby solving the problems of unauthorized access and cooperative attack and realizing the safe encryption of the layered file.

Description

Hierarchical file encryption method and system
Technical Field
The invention relates to the technical field of shared data encryption, in particular to a hierarchical file encryption method and system.
Background
In recent years, with the rapid development of the internet, the size of data has become larger and larger. The cloud environment is one of the most promising application platforms for solving the data sharing problem, because it can provide both computing services and storage services. In a cloud environment, in order to ensure that data is not acquired and destroyed by other users or malicious servers, users need to encrypt the data before sharing the data. Attribute-based encryption (ABE) has received much attention due to its ability to protect data privacy, enabling fine-grained, one-to-many, and non-interactive access control. The attribute encryption (CP-ABE) scheme based on the ciphertext strategy has greater flexibility and applicability, and is a more feasible scheme.
However, in practical applications, a plurality of shared data files usually have a hierarchical relationship, which is especially obvious in the fields of government, colleges and medical treatment. The traditional CP-ABE scheme can only encrypt one file in one access policy, and to encrypt multiple files in a hierarchical relationship, multiple access policies need to be constructed one by one, which results in extremely low encryption and decryption efficiency and lack of flexibility. Aiming at the problem, an efficient file-hierarchy-based CP-ABE (FH-CP-ABE) scheme is provided, and the scheme uses an integrated access strategy to encrypt files of multiple hierarchies, so that the encryption and decryption efficiency is improved. However, this scheme cannot realize encrypting multiple files at the same level, and users corresponding to level nodes can decrypt each other during decryption, so that the encrypted files at the same level have a risk of disclosure. Aiming at the problem, an expanded CP-ABE (EFH-CP-ABE) scheme based on file hierarchy is provided, the scheme realizes that a plurality of files are encrypted at the same level, simultaneously solves the problem that users corresponding to hierarchy nodes can decrypt each other, and improves the safety of the scheme, but the two schemes respectively have the safety problems of unauthorized access of the users and cooperative attack of the users in the encryption process and influence the safety of file encryption.
Disclosure of Invention
The technical problem to be solved by the invention is that the existing file layered CP-ABE scheme has the security problem of user unauthorized access and cooperative attack. Therefore, the invention provides a hierarchical file encryption method and a hierarchical file encryption system, which eliminate the possibility of unauthorized access and cooperative attack of a user by constructing a new ciphertext sub-item related to a transmission node and improve the security of file encryption.
The invention is realized by the following technical scheme:
a hierarchical file encryption method, comprising:
constructing a one-way door access tree according to the hierarchical relationship between the layered files to be encrypted and the layered files to be encrypted; based on the one-way gate access tree, encrypting the layered file to be encrypted through a system public key to obtain an encrypted ciphertext and sending the encrypted ciphertext to a cloud service provider for storage;
and when all the attributes of the data consumer attribute set meet part or all of the one-way gate access trees, decrypting the encrypted ciphertext through the system public key and the data consumer private key to obtain a decrypted plaintext, otherwise, failing to decrypt.
Further, the hierarchical file encryption method further comprises a system initialization parameter lambda, and the hierarchical file encryption method comprises a group with the order of p
Figure BDA0003081065110000021
And
Figure BDA0003081065110000022
the generator g of (a), the bilinear map e, i.e. e:
Figure BDA0003081065110000023
Figure BDA0003081065110000024
the calculation process of the system public key PK specifically comprises the following steps: based on the system initialization parameter λ, from
Figure BDA0003081065110000025
In the random selection of a1,a2,α,
Figure BDA0003081065110000026
Is a p-order integer field; from
Figure BDA0003081065110000027
Randomly selecting b, and calculating the system public key sub-item as follows:
Figure BDA0003081065110000028
e(g,g)αand defining two hash functions
Figure BDA0003081065110000029
Said system public key
Figure BDA00030810651100000210
The calculation process of the system master key MSK specifically comprises the following steps: calculating a system master key sub-item g based on the system initialization parameter lambdaαObtaining a system master key, wherein the system master key MSK is { g ═ gα}。
Further, the hierarchical file encryption method further comprises data consumer identity information, wherein the data consumer identity information comprises a data consumer identifier; the data consumer attribute set S comprises a control attribute AcI.e. Ac∈S);
The calculating the data consumer private key SK based on the system public key PK, the system master key MSK and the data consumer attribute set S comprises:
from
Figure BDA00030810651100000211
Wherein, a random number r is selected for each data consumer as the data consumer identification, and the private key sub-item K of the private key SK of the consumer is calculated according to the system public key PK as gαh1 r,L=gr
Figure BDA00030810651100000212
Removing control attribute A from data consumer attribute set ScGenus of other thanCorresponding private key sub-items, i.e.
Figure BDA00030810651100000213
Figure BDA00030810651100000214
Control Attribute AcPrivate key subentry of
Figure BDA00030810651100000215
The data consumer private key
Figure BDA00030810651100000216
Figure BDA00030810651100000217
Further, the one-way gate access tree carries a control attribute and a one-way gate, wherein the data consumer attribute centrally contains the control attribute, and the one-way gate supports the decryption of the user from the high level to the low level and prevents the decryption of the user from the low level to the high level;
the specific construction process of the one-way door access tree is as follows:
the number of hierarchical nodes storing the file has the following two relations with the threshold value (the root node R) of the parent node thereof:
when the number of the hierarchical nodes storing the file is smaller than the threshold value of the parent node, the related access structure can not be met even if the user performs cooperation, and therefore the cooperation problem does not need to be considered. When the number of the hierarchical nodes storing the file is larger than or equal to the threshold value of the parent node, the user can satisfy the relevant access structure in a cooperation mode, so that the cooperation problem needs to be considered.
When constructing the one-way access tree, firstly, according to the layered file ck to be encryptediDefining a hierarchical access tree when a hierarchical file ck to be encryptediWhen the number of the hierarchical nodes is larger than or equal to the threshold value of the father node, an AND gate is used as a one-way gate to replace a transmission node in the hierarchical access tree, AND a sub-tree taking the transmission node as a root node is used as a sub-treeFor the subtree of the one-way gate, taking a node generated by the control attribute as another child node of the one-way gate to generate a one-way gate access tree; wherein, the transmission node is a node of which the child node at least comprises a threshold value; and if the transmission node stores the file, the file is stored in the one-way door.
Accessing a tree hierarchically
Figure BDA0003081065110000031
Expanding as a one-way door access tree
Figure BDA0003081065110000032
Using an "AND" gate A' as a one-way gate to replace a hierarchical access tree
Figure BDA0003081065110000033
Transmission node A, subtree in (1)
Figure BDA0003081065110000034
And the control attribute is used as a subtree of a one-way gate A' to form a one-way gate access subtree, file m2It is stored in the one-way gate a'. At this time, the tree is accessed at the one-way door
Figure BDA0003081065110000035
Even if it satisfies
Figure BDA0003081065110000036
And
Figure BDA0003081065110000037
the different users of (2) access the upper layer through cooperation, and the upper layer file m can not be decrypted2. Otherwise, satisfy the subtree
Figure BDA0003081065110000038
The user can decrypt the upper file m through the control node2. It should be noted that the access level of the expanded one-way gate access tree is not changed, that is, the access level of the expanded one-way gate access tree is not changed
Figure BDA0003081065110000039
In order to have 3 access levels, the system is provided with a plurality of access levels,
Figure BDA00030810651100000310
there are still 3 access levels.
Further, the encrypting the layered file to be encrypted by the system public key based on the one-way access tree includes:
accessing a tree at the one-way door
Figure BDA00030810651100000311
From top to bottom and from left to right, k hierarchical nodes ck1,…,ckkWherein ck isiRepresenting the ith to-be-encrypted layered file obtained by using a symmetric encryption algorithm; from
Figure BDA00030810651100000312
In the random selection of random number s1,s2,…,skCorresponding to each level node;
based on the hierarchical file to be encrypted and the one-way door access tree
Figure BDA00030810651100000313
And system public key, calculating cipher text subentry of hierarchical node
Figure BDA00030810651100000314
And C'i
Access tree based on said one-way door
Figure BDA0003081065110000041
The leaf node y with the uncontrolled attribute and the system public key calculate the ciphertext sub-item C of the leaf node with the uncontrolled attributeyAnd Dy(ii) a Wherein, the leaf node Y of the uncontrolled attribute belongs to Y, and Y represents a one-way gate access tree
Figure BDA0003081065110000042
A set of middle leaf nodes;
access tree based on said one-way door
Figure BDA0003081065110000043
Control Attribute leaf node AcAnd system public key, calculating and controlling cipher text sub item of attribute leaf node
Figure BDA0003081065110000044
And
Figure BDA0003081065110000045
access tree based on said one-way door
Figure BDA0003081065110000046
The transmission node x and the system public key calculate the ciphertext subentry C of the transmission nodex,kAnd Ex,k(ii) a Wherein, the transmission node X belongs to X, X is the set of transmission node X, TN-CT (X) { ch ═ chx,1,…,chx,kIs the threshold set of the child nodes of the transmission node x.
Further, calculating the ciphertext sub-item of the hierarchy node
Figure BDA0003081065110000047
Is specifically shown as
Figure BDA0003081065110000048
Wherein ckiIndicating the hierarchical file to be encrypted corresponding to the ith hierarchical node, e (g, g)αBeing a sub-entry of the system public key, siRepresenting a random number corresponding to the ith hierarchical node;
ciphertext subentry C of calculation level nodeiThe formula of
Figure BDA0003081065110000049
Where g is a sub-term of the system public key, siRepresenting a random number corresponding to the ith hierarchical node;
ciphertext subentry C for calculating leaf node with non-control attributeyIs specifically shown as
Figure BDA00030810651100000410
Wherein r isyRepresenting a random value chosen for a leaf node y of the uncontrolled attribute, g being a sub-entry of the system public key, qy(0) A secret value representing a non-controlling attribute leaf node y,
Figure BDA00030810651100000411
representing a random value r to a leaf node y of a non-controlling attributeyTaking a value obtained by carrying out Hash calculation after negation;
calculating ciphertext subentry D of leaf node with uncontrolled attributeyIs specifically shown as
Figure BDA00030810651100000412
Wherein r isyExpressing a random value selected for a leaf node y of the non-control attribute, and g is a sub item of a system public key;
computing ciphertext subentries for control attribute leaf nodes
Figure BDA00030810651100000413
Is specifically shown as
Figure BDA00030810651100000414
Wherein h is1Is a sub-entry of the system public key,
Figure BDA00030810651100000415
representing control Attribute leaf node AcSecret value of rAcRepresented as control Attribute leaf node AcThe random values of the selection, g, b, are system public key sub-terms,
Figure BDA00030810651100000416
random value r representing leaf node Ac to control attributeAcTaking a value obtained by carrying out Hash calculation after negation;
calculating ciphertext subentry D of control attribute leaf nodeAcIs specifically shown as
Figure BDA00030810651100000417
Wherein the content of the first and second substances,
Figure BDA00030810651100000418
represented as control Attribute leaf node AcG is a system public key subentry;
calculating ciphertext subentry C of transmission nodex,kIs specifically shown as
Figure BDA0003081065110000051
Figure BDA0003081065110000052
Where e (g, g) represents bilinear mapping, τx,kExpressed as random value, q, of node selection in TN-CT (x)x(0) For the transmission of the corresponding secret value of node x,
Figure BDA0003081065110000053
sub-node ch representing transmission node xx,kCorresponding secret value, e (g, g)αA sub-entry of the system public key,
Figure BDA0003081065110000054
presentation pair
Figure BDA0003081065110000055
Performing hash calculation to obtain a value;
calculating ciphertext subentry E of transmission nodex,kIs specifically shown as
Figure BDA0003081065110000056
Wherein g is a sub item of a system public key, taux,kRandom values expressed as node selection in TN-CT (x)
Further, the decrypting the encrypted ciphertext through the system public key and the data consumer private key to obtain a decrypted plaintext, including:
access tree to one-way door
Figure BDA0003081065110000057
Performing an access tree matching function with a set of data consumer attributes S
Figure BDA0003081065110000058
Wherein the content of the first and second substances,
Figure BDA0003081065110000059
the method comprises the following steps of representing a sub access tree with an x node as a root node, wherein the process executed by the access tree matching function specifically comprises the following steps:
I. access tree to one-way door
Figure BDA00030810651100000510
Each node x in the set performs a corresponding access tree matching function
Figure BDA00030810651100000511
Figure BDA00030810651100000512
Representing a set S of data consumer attributes satisfying a one-way door access tree
Figure BDA00030810651100000513
Subtree of
Figure BDA00030810651100000514
If the data consumer attribute set Sset satisfies the sub-tree
Figure BDA00030810651100000515
Based on the system public key, the hierarchical file to be encrypted and the private key of the data consumer, a node decryption function DecryptNode (CT, SK, x) is executed to obtain decrypted clear text cki
Further, the access tree to the one-way door
Figure BDA00030810651100000516
Each node x in the set performs a corresponding access tree matching function
Figure BDA00030810651100000517
The method comprises the following steps:
if x is a non-leaf node, compute all child nodes x 'of node x'Access tree matching function of
Figure BDA00030810651100000518
If and only if at least kxWhen the individual child node returns to 1,
Figure BDA00030810651100000519
if x is a leaf node, when x belongs to S,
Figure BDA00030810651100000520
further, the node decryption function DecryptNode (CT, SK, x) is executed based on the system public key, the hierarchical file to be encrypted, and the data consumer private key, specifically:
if x is a leaf node and the data consumer attribute set S does not satisfy the one-way gate access tree
Figure BDA00030810651100000522
Then DecryptNode (CT, SK, x) ═ t, i.e. decryption is terminated;
for leaf node x as a leaf node with an uncontrolled attribute in the attribute set S of the data consumer, that is, the leaf node x belongs to S \ AcIf i is attr (x), calculating
Figure BDA00030810651100000521
Figure BDA0003081065110000061
Wherein C isi,DiFor leaf node ciphertext subentries, L, K in ciphertext CTiA private key subentry in a private key SK of a data consumer;
for leaf node x, leaf node A is a control attribute in data consumer attribute set ScCalculating
Figure BDA0003081065110000062
Wherein the content of the first and second substances,
Figure BDA0003081065110000063
for encrypting ciphertext CThe ciphertext sub-items of the leaf nodes in T,
Figure BDA0003081065110000064
d and
Figure BDA0003081065110000065
a private key subentry in a private key SK of a data consumer;
if x is a non-leaf node, calculate
Figure BDA0003081065110000066
Figure BDA0003081065110000067
Wherein i ═ index (z) & s'x={index(z):z∈Sx},
Figure BDA0003081065110000068
Figure BDA0003081065110000069
Representing the Lagrange coefficient, SxArbitrary k being xxA set of individual child nodes z;
if the data consumer attribute set S satisfies all or part of the one-way door access tree
Figure BDA00030810651100000610
I.e. satisfying all or part of the hierarchical nodes, corresponding to the calculation of the hierarchical nodes
Figure BDA00030810651100000611
Figure BDA00030810651100000612
Wherein, C'iIs ciphertext sub-item of level node in ciphertext CT, K is private key sub-item in data consumer private key SK, DecryptNode (CT, SK, x)i) For decrypting hierarchical node xiA value of (d);
based on the hierarchical nodes, if the data consumer attribute set S contains authorization nodes with lower hierarchy, calculating
Figure BDA00030810651100000613
Obtaining values of all authorized hierarchical nodes, wherein Cx,k,Ex,kThe ciphertext subentry of the transmission node in the ciphertext CT;
content key { ck based on hierarchy node correspondencei,…,ckkCalculating
Figure BDA00030810651100000614
Wherein
Figure BDA00030810651100000615
And (4) the ciphertext sub-items of the level nodes in the ciphertext CT are decrypted by using a symmetric decryption algorithm to decrypt the corresponding encrypted ciphertext.
A hierarchical file encryption system comprises an authority, a data owner, a cloud service provider and a data consumer;
the authorization mechanism is used for obtaining a system public key PK and a system master key MSK through calculation according to a system initialization parameter lambda, and obtaining data consumer identity information and a corresponding data consumer attribute set S from a data consumer; calculating a data consumer private key SK based on the system public key PK, the system master key MSK and the data consumer attribute set S; sending the system public key PK to a data owner, and sending a corresponding data consumer private key SK to a corresponding data consumer according to the identity information of the data consumer;
the data owner is used for obtaining a system public key PK from the authorization mechanism and according to the layered file ck to be encryptediAnd constructing a one-way door access tree by the hierarchical relationship of each hierarchical file to be encrypted
Figure BDA0003081065110000071
Based on the layered file ck to be encryptediThe one-way door access tree
Figure BDA0003081065110000072
Encrypting the layered file to be encrypted by the system public key PK to obtain an encrypted ciphertext CT and sending the encrypted ciphertext CT to a cloud service provider for storage;
the cloud service provider is used for storing the encrypted ciphertext CT uploaded by the data owner and transmitting data;
the data consumer is used for downloading the encrypted ciphertext CT from the cloud service provider, and when all attributes of the data consumer attribute set S meet part or all of the one-way gate access trees, the downloaded encrypted ciphertext CT is decrypted through the acquired system public key PK and the data consumer private key MSK to obtain the decrypted plaintext ckiOtherwise, the decryption fails.
According to the layered file encryption method and system provided by the invention, the control attribute and the one-way gate are introduced to be combined to construct the one-way gate access tree, on the basis, the key subitem and the ciphertext subitem of the control attribute are constructed, and the ciphertext subitem of the transmission node is reconstructed, so that the problems of unauthorized access and cooperative attack are solved, and the safe encryption of the layered file is realized.
Drawings
The accompanying drawings, which are included to provide a further understanding of the embodiments of the invention and are incorporated in and constitute a part of this application, illustrate embodiment(s) of the invention and together with the description serve to explain the principles of the invention. In the drawings:
FIG. 1 is a schematic block diagram of a hierarchical file encryption system according to the present invention.
Fig. 2 is a flowchart of a system public key and a system master key according to an embodiment of the present invention.
FIG. 3 is a flow chart of a private key of a data consumer in an embodiment of the invention.
Fig. 4 is a flowchart of an encryption process performed on a layered file to be encrypted according to an embodiment of the present invention.
FIG. 5 is a flowchart illustrating decryption of encrypted ciphertext according to one embodiment of the invention.
FIG. 6 is a diagram of a one-way access tree in an embodiment of the invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail below with reference to examples and accompanying drawings, and the exemplary embodiments and descriptions thereof are only used for explaining the present invention and are not meant to limit the present invention.
Example 1
The invention provides a layered file encryption method which is applied to an encryption system shown in figure 1. The hierarchical file encryption method comprises the following steps:
constructing a one-way door access tree according to the hierarchical relationship between the layered files to be encrypted and the layered files to be encrypted; access tree based on said one-way door
Figure BDA0003081065110000081
Layered file ck to be encrypted through system public key PKiAnd encrypting to obtain an encrypted ciphertext and sending the encrypted ciphertext to a cloud service provider for storage.
And when all the attributes of the data consumer attribute set meet part or all of the one-way gate access trees, decrypting the encrypted ciphertext through the system public key and the data consumer private key to obtain a decrypted plaintext, otherwise, failing to decrypt.
The data consumer attribute set S includes, but is not limited to, the user' S profession, title, and affiliated entity.
Further, as shown in fig. 2, the hierarchical file encryption method further includes a system initialization parameter λ, where the system initialization parameter λ includes a group with an order p
Figure BDA0003081065110000082
And
Figure BDA0003081065110000083
the generator g of (a), the bilinear map e, i.e. e:
Figure BDA0003081065110000084
the calculation process of the system public key PK specifically includes: based on a system initialization parameter λ, from
Figure BDA0003081065110000085
In the random selection of a1,a2,α,
Figure BDA0003081065110000086
Is a p-order integer field; from
Figure BDA0003081065110000087
Randomly selecting b, and calculating the system public key sub-item as follows:
Figure BDA0003081065110000088
Figure BDA0003081065110000089
e(g,g)αand defining two hash functions
Figure BDA00030810651100000810
System public key
Figure BDA00030810651100000811
The calculation process of the system master key MSK specifically comprises the following steps: calculating a system master key sub-item g based on a system initialization parameter lambdaαObtaining system master key, system master key MSK ═ gα}。
Further, as shown in fig. 3, the hierarchical file encryption method further includes data consumer identity information, where the data consumer identity information includes a data consumer identifier; inclusion of control attributes A in a data consumer attribute set ScI.e. Ac∈S)。
Calculating a data consumer private key SK based on a system public key PK, a system master key MSK and a data consumer attribute set S, comprising:
from
Figure BDA00030810651100000812
In the method, a random number r is selected for each data consumer to be used as a data consumer identifier, and a private key sub-item K of a private key SK of the consumer is calculated according to a system public key PK to be gαh1 r,L=gr
Figure BDA00030810651100000813
Data consumer genusControl attribute A is removed in sexual set ScPrivate key sub-items corresponding to other attributes, i.e.
Figure BDA00030810651100000814
Figure BDA00030810651100000815
Control Attribute AcPrivate key subentry of
Figure BDA00030810651100000816
Data consumer private key
Figure BDA00030810651100000817
Figure BDA00030810651100000818
Further, the one-way gate access tree carries a control attribute and a one-way gate, wherein the data consumer attribute centrally contains the control attribute, and the one-way gate supports the decryption of the user from the high level to the low level and prevents the decryption of the user from the low level to the high level.
As shown in fig. 6, the specific construction process of the one-way access tree specifically includes:
the number of hierarchical nodes storing the file has the following two relations with the threshold value (the root node R) of the parent node thereof:
when the number of the hierarchical nodes storing the file is smaller than the threshold value of the parent node, the related access structure can not be met even if the user performs cooperation, and therefore the cooperation problem does not need to be considered. When the number of the hierarchical nodes storing the file is larger than or equal to the threshold value of the parent node, the user can satisfy the relevant access structure in a cooperation mode, so that the cooperation problem needs to be considered.
When constructing the one-way access tree, firstly, according to the layered file ck to be encryptediDefining a hierarchical access tree when a hierarchical file ck to be encryptediWhen the number of the hierarchical nodes is larger than or equal to the threshold value of the parent node, an AND gate is used as a one-way gate to replace a transmission node in the hierarchical access tree,a subtree taking the transmission node as a root node is taken as a subtree of the one-way gate, and a node generated by the control attribute is taken as another child node of the one-way gate to generate a one-way gate access tree; the transmission node is a node of which the child node at least comprises a threshold value; if the transmission node stores the file, the file is stored in the one-way door.
Accessing a tree hierarchically
Figure BDA0003081065110000091
Expanding as a one-way door access tree
Figure BDA0003081065110000092
Using an "AND" gate A' as a one-way gate to replace a hierarchical access tree
Figure BDA0003081065110000093
Transmission node A, subtree in (1)
Figure BDA0003081065110000094
And the control attribute is used as a subtree of a one-way gate A' to form a one-way gate access subtree, file m2It is stored in the one-way gate a'. At this time, the tree is accessed at the one-way door
Figure BDA0003081065110000095
Even if it satisfies
Figure BDA0003081065110000096
And
Figure BDA0003081065110000097
the different users of (2) access the upper layer through cooperation, and the upper layer file m can not be decrypted2. Otherwise, satisfy the subtree
Figure BDA0003081065110000098
The user can decrypt the upper file m through the control node2. It should be noted that the access level of the expanded one-way gate access tree is not changed, that is, the access level of the expanded one-way gate access tree is not changed
Figure BDA0003081065110000099
In order to have 3 access levels, the system is provided with a plurality of access levels,
Figure BDA00030810651100000910
there are still 3 access levels.
Further, as shown in FIG. 4, the tree is accessed based on the one-way door
Figure BDA00030810651100000911
Layered file ck to be encrypted through system public key PKiPerforming encryption, including:
accessing trees at a single-way gate
Figure BDA00030810651100000912
From top to bottom and from left to right, k hierarchical nodes ck1,…,ckkWherein ck isiRepresenting the ith to-be-encrypted layered file obtained by using a symmetric encryption algorithm; from
Figure BDA00030810651100000913
In the random selection of random number s1,s2,…,skCorresponding to each level node.
Access tree based on layered files to be encrypted and one-way door
Figure BDA00030810651100000914
And system public key, calculating cipher text subentry of hierarchical node
Figure BDA00030810651100000915
And C'i
Access tree based on one-way door
Figure BDA0003081065110000101
The leaf node y with the uncontrolled attribute and the system public key calculate the ciphertext sub-item C of the leaf node with the uncontrolled attributeyAnd Dy(ii) a Wherein, the leaf node Y of the uncontrolled attribute belongs to Y, and Y represents a one-way gate access tree
Figure BDA0003081065110000102
A set of middle leaf nodes.
Access tree based on one-way door
Figure BDA0003081065110000103
Control Attribute leaf node AcAnd system public key, calculating and controlling cipher text sub item of attribute leaf node
Figure BDA0003081065110000104
And
Figure BDA0003081065110000105
access tree based on one-way door
Figure BDA0003081065110000106
The transmission node x and the system public key calculate the ciphertext subentry C of the transmission nodex,kAnd Ex,k(ii) a Wherein, the transmission node X belongs to X, X is the set of transmission node X, TN-CT (X) { ch ═ chx,1,…,chx,kIs the threshold set of the child nodes of the transmission node x.
Further, calculating the ciphertext subentry of the hierarchy node
Figure BDA0003081065110000107
Is specifically shown as
Figure BDA0003081065110000108
Wherein ckiIndicating the hierarchical file to be encrypted corresponding to the ith hierarchical node, e (g, g)αBeing a sub-entry of the system public key, siAnd representing the random number corresponding to the ith hierarchical node.
Compute hierarchy node ciphertext subentry C'iIs specifically shown as
Figure BDA0003081065110000109
Where g is a sub-term of the system public key, siAnd representing the random number corresponding to the ith hierarchical node.
Ciphertext subentry C for calculating leaf node with non-control attributeyIs specifically shown as
Figure BDA00030810651100001010
Wherein r isyRepresenting a random value chosen for a leaf node y of the uncontrolled attribute, g being a sub-entry of the system public key, qy(0) A secret value representing a non-controlling attribute leaf node y,
Figure BDA00030810651100001018
representing a random value r to a leaf node y of a non-controlling attributeyAnd taking a value obtained by carrying out Hash calculation after negation.
Calculating ciphertext subentry D of leaf node with uncontrolled attributeyIs specifically shown as
Figure BDA00030810651100001011
Wherein r isyDenoted as the random value chosen for the non-control attribute leaf node y, and g is a child of the system public key.
Computing ciphertext subentries for control attribute leaf nodes
Figure BDA00030810651100001012
Is specifically shown as
Figure BDA00030810651100001013
Wherein h is1Is a sub-entry of the system public key,
Figure BDA00030810651100001014
representing control Attribute leaf node AcSecret value of rAcRepresented as control Attribute leaf node AcThe random values of the selection, g, b, are system public key sub-terms,
Figure BDA00030810651100001015
random value r representing leaf node Ac to control attributeAcAnd taking a value obtained by carrying out Hash calculation after negation.
Calculating ciphertext subentry D of control attribute leaf nodeAcIs specifically shown as
Figure BDA00030810651100001016
Wherein the content of the first and second substances,
Figure BDA00030810651100001017
represented as control Attribute leaf node AcThe random value of choice, g, is a system public key sub-term.
Calculating ciphertext subentry C of transmission nodex,kIs specifically shown as
Figure BDA0003081065110000111
Figure BDA0003081065110000112
Where e (g, g) represents bilinear mapping, τx,kExpressed as random value, q, of node selection in TN-CT (x)x(0) For the transmission of the corresponding secret value of node x,
Figure BDA0003081065110000113
sub-node ch representing transmission node xx,kCorresponding secret value, e (g, g)αA sub-entry of the system public key,
Figure BDA0003081065110000114
presentation pair
Figure BDA0003081065110000115
And carrying out hash calculation to obtain a value.
Calculating ciphertext subentry E of transmission nodex,kIs specifically shown as
Figure BDA0003081065110000116
Wherein g is a sub item of a system public key, taux,kRandom values expressed as node selection in TN-CT (x)
Further, as shown in fig. 5, the encrypted ciphertext is decrypted by the system public key and the data consumer private key to obtain a decrypted plaintext ckiThe method comprises the following steps:
access tree to one-way door
Figure BDA0003081065110000117
Performing an access tree matching function with a set of data consumer attributes S
Figure BDA0003081065110000118
Wherein the content of the first and second substances,
Figure BDA0003081065110000119
the method comprises the following steps of representing a sub access tree with an x node as a root node, wherein the process executed by an access tree matching function specifically comprises the following steps:
I. access tree to one-way door
Figure BDA00030810651100001110
Each node x in the set performs a corresponding access tree matching function
Figure BDA00030810651100001111
Figure BDA00030810651100001112
Representing a set S of data consumer attributes satisfying a one-way door access tree
Figure BDA00030810651100001113
Subtree of
Figure BDA00030810651100001114
If the data consumer attribute set S satisfies the sub-tree
Figure BDA00030810651100001115
Based on the system public key, the hierarchical file to be encrypted and the private key of the data consumer, a node decryption function DecryptNode (CT, SK, x) is executed to obtain decrypted clear text cki. It can be understood that the decrypted plaintext is the layered file to be encrypted.
Further, the tree is accessed to the one-way door
Figure BDA00030810651100001116
Each node x in the set performs a corresponding access tree matching function
Figure BDA00030810651100001117
The method comprises the following steps:
if x is a non-leaf node, calculating the access tree matching function of all child nodes x' of the node x
Figure BDA00030810651100001118
If and only if at least kxWhen the individual child node returns to 1,
Figure BDA00030810651100001119
if x is a leaf node, when x belongs to S,
Figure BDA00030810651100001120
further, based on the system public key, the hierarchical file to be encrypted and the private key of the data consumer, a node decryption function DecryptNode (CT, SK, x) is executed, specifically:
if x is a leaf node and the data consumer attribute set S does not satisfy the one-way gate access tree
Figure BDA00030810651100001121
DecryptNode (CT, SK, x) — ═ t, i.e. decryption is terminated.
For leaf node x as a leaf node with an uncontrolled attribute in the attribute set S of the data consumer, that is, the leaf node x belongs to S \ AcIf i is attr (x), calculating
Figure BDA0003081065110000121
Figure BDA0003081065110000122
Wherein C isi,DiFor leaf node ciphertext subentries, L, K in ciphertext CTiPrivate keys in the SK are private keys to the data consumer.
For leaf node x, leaf node A is a control attribute in data consumer attribute set ScCalculating
Figure BDA0003081065110000123
Wherein the content of the first and second substances,
Figure BDA0003081065110000124
to encrypt the ciphertext sub-items of the leaf node in the ciphertext CT,
Figure BDA0003081065110000125
d and
Figure BDA0003081065110000126
private keys in the SK are private keys to the data consumer.
If x is a non-leaf node, calculate
Figure BDA0003081065110000127
Figure BDA0003081065110000128
Wherein i ═ index (z) & s'x={index(z):z∈Sx},
Figure BDA0003081065110000129
Figure BDA00030810651100001210
Representing the Lagrange coefficient, SxArbitrary k being xxA set of individual child nodes z.
If the data consumer attribute set S satisfies all or part of the one-way door access tree
Figure BDA00030810651100001211
I.e. satisfying all or part of the hierarchical nodes, corresponding to the calculation of the hierarchical nodes
Figure BDA00030810651100001212
Figure BDA00030810651100001213
Wherein, C'iIs ciphertext sub-item of level node in ciphertext CT, K is private key sub-item in data consumer private key SK, DecryptNode (CT, SK, x)i) For decrypting hierarchical node xiThe value of (c).
Based on the hierarchical nodes, if the data consumer attribute set S contains authorization nodes with lower hierarchy, calculating
Figure BDA00030810651100001214
Obtaining values of all authorized hierarchical nodes, wherein Cx,k,Ex,kAnd the ciphertext sub-item of the transmission node in the ciphertext CT is obtained.
Content key { ck based on hierarchy node correspondencei,…,ckkCalculating
Figure BDA00030810651100001215
Wherein
Figure BDA00030810651100001216
The ciphertext sub-items of the level nodes in the ciphertext CT are decrypted by using a symmetric decryption algorithm to obtain a decrypted plaintext cki
Example 2
As shown in fig. 1, the present invention provides a hierarchical file encryption system including an authority, a data owner, a cloud service provider, and a data consumer.
The system comprises an authorization authority (CA) and a data consumer attribute set (S), wherein the authorization authority (CA) is used for calculating and obtaining a system public key PK and a system master key MSK through a system initialization parameter lambda and obtaining data consumer identity information and a corresponding data consumer attribute set S from a data consumer; calculating a private key SK of the data consumer based on a system public key PK, a system master key MSK and a data consumer attribute set S; and sending the system public key PK to the data owner, and sending the corresponding data consumer private key SK to the corresponding data consumer according to the identity information of the data consumer.
A data owner (CSP) for obtaining a system public key PK from an authority and for encrypting the hierarchical file ck according to the hierarchical file ck to be encryptediAnd constructing a one-way door access tree by the hierarchical relationship of each hierarchical file to be encrypted
Figure BDA0003081065110000131
Access tree based on said one-way door
Figure BDA0003081065110000132
Layered file ck to be encrypted through system public key PKiAnd encrypting to obtain an encrypted ciphertext CT and sending the encrypted ciphertext CT to a cloud service provider for storage.
And the cloud service provider (DO) is used for storing the encrypted ciphertext CT uploaded by the data owner and transmitting the data.
And the data consumer (DU) is used for downloading the encrypted ciphertext CT from the cloud service provider, and when all the attributes of the data consumer attribute set S meet part or all of the one-way gate access trees, the downloaded encrypted ciphertext CT is decrypted through the acquired system public key PK and the data consumer private key MSK to obtain a decrypted plaintext, otherwise, the decryption fails.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-mentioned division of the functional units and modules is illustrated, and in practical applications, the above-mentioned function distribution may be performed by different functional units and modules according to needs, that is, the internal structure of the apparatus is divided into different functional units or modules, so as to perform all or part of the functions described above.
The above-mentioned embodiments are intended to illustrate the objects, technical solutions and advantages of the present invention in further detail, and it should be understood that the above-mentioned embodiments are merely exemplary embodiments of the present invention, and are not intended to limit the scope of the present invention, and any modifications, equivalent substitutions, improvements and the like made within the spirit and principle of the present invention should be included in the scope of the present invention.

Claims (9)

1. A hierarchical file encryption method, comprising:
constructing a one-way door access tree according to the hierarchical relationship between the layered files to be encrypted and the layered files to be encrypted; based on the one-way gate access tree, encrypting the layered file to be encrypted through a system public key to obtain an encrypted ciphertext and sending the encrypted ciphertext to a cloud service provider for storage;
when all the attributes of the data consumer attribute set meet part or all of the one-way gate access trees, decrypting the encrypted ciphertext through the system public key and the data consumer private key to obtain a decrypted plaintext, otherwise, failing to decrypt;
wherein, based on the one-way access tree, the encryption of the layered file to be encrypted is performed through a system public key, and the method comprises the following steps:
accessing a tree at the one-way door
Figure FDA0003522985240000011
From top to bottom and from left to right, k hierarchical nodes ck1,…,ckkWherein ck isiRepresenting the ith layered file ck to be encrypted obtained by using a symmetric encryption algorithmi(ii) a From
Figure FDA0003522985240000012
In the random selection of random number s1,s2,…,skCorresponding to each level node;
based on the hierarchical file to be encrypted and the one-way door access tree
Figure FDA0003522985240000013
And system public key, calculating cipher text subentry of hierarchical node
Figure FDA0003522985240000014
And C'i
Access tree based on said one-way door
Figure FDA0003522985240000015
The leaf node y with the uncontrolled attribute and the system public key calculate the ciphertext sub-item C of the leaf node with the uncontrolled attributeyAnd Dy(ii) a Wherein, the leaf node Y of the uncontrolled attribute belongs to Y, and Y represents a one-way gate access tree
Figure FDA0003522985240000016
A set of middle leaf nodes;
based on the one directionDoor access tree
Figure FDA0003522985240000017
Control Attribute leaf node AcAnd system public key, calculating and controlling cipher text sub item of attribute leaf node
Figure FDA0003522985240000018
And
Figure FDA0003522985240000019
access tree based on said one-way door
Figure FDA00035229852400000110
The transmission node x and the system public key calculate the ciphertext subentry C of the transmission nodex,kAnd Ex,k(ii) a Wherein, the transmission node X belongs to X, X is the set of transmission node X, TN-CT (X) { ch ═ chx,1,…,chx,kIs the threshold set of the child nodes of the transmission node x.
2. The hierarchical file encryption method according to claim 1, further comprising a system initialization parameter λ, the hierarchical file encryption method comprising a group of order p
Figure FDA00035229852400000111
Figure FDA00035229852400000112
And
Figure FDA00035229852400000113
the generator g of (a), the bilinear map e, i.e. e:
Figure FDA00035229852400000114
the calculation process of the system public key PK specifically comprises the following steps: based on the system initialization parameter λ, from
Figure FDA00035229852400000115
In the random selection of a1,a2,α,
Figure FDA00035229852400000116
Is a p-order integer field; from
Figure FDA00035229852400000117
Randomly selecting b, and calculating the system public key sub-item as follows:
Figure FDA00035229852400000118
e(g,g)αand defines two hash functions H1:
Figure FDA00035229852400000119
H2:
Figure FDA00035229852400000120
Said system public key
Figure FDA0003522985240000021
The calculation process of the system master key MSK specifically comprises the following steps: calculating a system master key sub-item g based on the system initialization parameter lambdaαObtaining a system master key, wherein the system master key MSK is { g ═ gα}。
3. The hierarchical file encryption method according to claim 1, further comprising data consumer identity information, the data consumer identity information comprising a data consumer identification; the data consumer attribute set S comprises a control attribute AcI.e. Ac∈S;
The calculating the data consumer private key SK based on the system public key PK, the system master key MSK and the data consumer attribute set S comprises:
from
Figure FDA0003522985240000022
Selecting a random number r as a data consumer identifier for each data consumer, and calculating a private key sub-item K (g) of a private key SK of the consumer according to the system public key PKαh1 r,L=gr
Figure FDA0003522985240000023
Removing control attribute A from data consumer attribute set ScPrivate key sub-items corresponding to other attributes, i.e.
Figure FDA0003522985240000024
Figure FDA0003522985240000025
Control Attribute AcPrivate key subentry of
Figure FDA0003522985240000026
The data consumer private key
Figure FDA0003522985240000027
Figure FDA0003522985240000028
4. The method according to claim 1, wherein the unidirectional gate access tree carries control attributes and unidirectional gates, wherein the data consumer attributes collectively comprise the control attributes, and the unidirectional gates support users to decrypt from a high level to a low level and prevent users from decrypting from the low level to the high level;
the construction process of the one-way door access tree specifically comprises the following steps:
according to the layered file ck to be encryptediDefining a hierarchical access tree when a hierarchical file ck to be encryptediHierarchical node ofWhen the number is larger than or equal to the threshold value of the father node of the access tree, using an AND gate as a one-way gate to replace a transmission node in the hierarchical access tree, using a sub-tree of which the transmission node is a root node as a sub-tree of the one-way gate, AND using a node generated by the control attribute as the other sub-node of the one-way gate to generate the access tree of the one-way gate; wherein, the transmission node is a node of which the child node at least comprises a threshold value; and if the transmission node stores the file, the file is stored in the one-way door.
5. The hierarchical file encryption method according to claim 1, wherein:
computing ciphertext sub-items of the hierarchical node
Figure FDA0003522985240000029
Is specifically shown as
Figure FDA00035229852400000210
Wherein ckiRepresenting the to-be-encrypted layered file ck corresponding to the ith layered nodei,e(g,g)αBeing a sub-entry of the system public key, siRepresenting a random number corresponding to the ith hierarchical node;
compute hierarchy node ciphertext subentry C'iIs specifically shown as
Figure FDA0003522985240000031
Where g is a sub-term of the system public key, siRepresenting a random number corresponding to the ith hierarchical node;
ciphertext subentry C for calculating leaf node with non-control attributeyIs specifically shown as
Figure FDA0003522985240000032
Wherein r isyRepresenting a random value chosen for a leaf node y of the uncontrolled attribute, g being a sub-entry of the system public key, qy(0) A secret value representing a non-controlling attribute leaf node y,
Figure FDA0003522985240000033
representing a random value r to a leaf node y of a non-controlling attributeyTaking a value obtained by carrying out Hash calculation after negation;
calculating ciphertext subentry D of leaf node with uncontrolled attributeyIs specifically shown as
Figure FDA0003522985240000034
Wherein r isyExpressing a random value selected for a leaf node y of the non-control attribute, and g is a sub item of a system public key;
computing ciphertext subentries for control attribute leaf nodes
Figure FDA0003522985240000035
Is specifically shown as
Figure FDA0003522985240000036
Wherein h is1Is a sub-entry of the system public key,
Figure FDA0003522985240000037
representing control Attribute leaf node AcSecret value of rAcRepresented as control Attribute leaf node AcThe random values of the selection, g, b, are system public key sub-terms,
Figure FDA0003522985240000038
random value r representing leaf node Ac to control attributeAcTaking a value obtained by carrying out Hash calculation after negation;
calculating ciphertext subentry D of control attribute leaf nodeAcIs specifically shown as
Figure FDA0003522985240000039
Wherein the content of the first and second substances,
Figure FDA00035229852400000310
represented as control Attribute leaf node AcG is a system public key subentry;
calculating ciphertext subentry C of transmission nodex,kIs specifically shown as
Figure FDA00035229852400000311
Figure FDA00035229852400000312
Where e (g, g) represents bilinear mapping, τx,kExpressed as random value, q, of node selection in TN-CT (x)x(0) For the transmission of the corresponding secret value of node x,
Figure FDA00035229852400000313
sub-node ch representing transmission node xx,kCorresponding secret value, e (g, g)αA sub-entry of the system public key,
Figure FDA00035229852400000314
presentation pair
Figure FDA00035229852400000315
Performing hash calculation to obtain a value;
calculating ciphertext subentry E of transmission nodex,kIs specifically shown as
Figure FDA00035229852400000316
Wherein g is a sub item of a system public key, taux,kExpressed as random values for node selection in TN-CT (x).
6. The method for encrypting the layered file according to claim 1, wherein the decrypting the encrypted ciphertext through a system public key and a data consumer private key to obtain a decrypted plaintext comprises:
access tree to one-way door
Figure FDA0003522985240000041
Performing an access tree matching function with a set of data consumer attributes S
Figure FDA0003522985240000042
Wherein the content of the first and second substances,
Figure FDA0003522985240000043
the method comprises the following steps of representing a sub access tree with an x node as a root node, wherein the process executed by the access tree matching function specifically comprises the following steps:
I. access tree to one-way door
Figure FDA0003522985240000044
Each node x in the set performs a corresponding access tree matching function
Figure FDA0003522985240000045
Figure FDA0003522985240000046
Representing a set S of data consumer attributes satisfying a one-way door access tree
Figure FDA0003522985240000047
Subtree of
Figure FDA0003522985240000048
If the set of data consumer attributes S satisfies a sub-tree
Figure FDA0003522985240000049
Based on the system public key, the hierarchical file to be encrypted and the private key of the data consumer, a node decryption function DecryptNode (CT, SK, x) is executed to obtain decrypted clear text cki
7. The method of claim 6, wherein the tree is accessed to a unidirectional gate
Figure FDA00035229852400000410
Wherein each node x performs a corresponding access tree matchFitting function
Figure FDA00035229852400000411
The method comprises the following steps:
if x is a non-leaf node, calculating the access tree matching function of all child nodes x' of the node x
Figure FDA00035229852400000412
If and only if at least kxWhen the individual child node returns to 1,
Figure FDA00035229852400000413
if x is a leaf node, when x belongs to S,
Figure FDA00035229852400000414
8. the method according to claim 7, wherein the node decryption function DecryptNode (CT, SK, x) is executed based on the system public key, the hierarchical file to be encrypted, and a data consumer private key, and specifically:
if x is a leaf node and the data consumer attribute set S does not satisfy the one-way gate access tree
Figure FDA00035229852400000415
Then DecryptNode (CT, SK, x) ═ t, i.e. decryption is terminated;
for leaf node x as a leaf node with an uncontrolled attribute in the attribute set S of the data consumer, that is, the leaf node x belongs to S \ AcIf i is attr (x), calculating
Figure FDA00035229852400000416
Figure FDA00035229852400000417
Wherein C isi,DiFor leaf node ciphertext subentries, L, K in ciphertext CTiPrivacy for data consumersA private key subentry in the key SK;
for leaf node x, leaf node A is a control attribute in data consumer attribute set ScCalculating
Figure FDA00035229852400000418
Wherein the content of the first and second substances,
Figure FDA00035229852400000419
to encrypt the ciphertext sub-items of the leaf node in the ciphertext CT,
Figure FDA00035229852400000420
d and
Figure FDA00035229852400000421
a private key subentry in a private key SK of a data consumer;
if x is a non-leaf node, calculate
Figure FDA00035229852400000422
Figure FDA00035229852400000423
Wherein i ═ index (z) & s'x={index(z):z∈Sx},
Figure FDA00035229852400000424
Figure FDA00035229852400000425
Representing the Lagrange coefficient, SxArbitrary k being xxA set of individual child nodes z;
if the data consumer attribute set S satisfies all or part of the one-way door access tree
Figure FDA0003522985240000051
I.e. satisfying all or part of the hierarchical nodes, corresponding to the calculation of the hierarchical nodes
Figure FDA0003522985240000052
Figure FDA0003522985240000053
Wherein, C'iIs ciphertext sub-item of level node in ciphertext CT, K is private key sub-item in data consumer private key SK, DecryptNode (CT, SK, x)i) For decrypting hierarchical node xiA value of (d);
based on the hierarchical nodes, if the data consumer attribute set S contains authorization nodes with lower hierarchy, calculating
Figure FDA0003522985240000054
Obtaining values of all authorized hierarchical nodes, wherein Cx,k,Ex,kThe ciphertext subentry of the transmission node in the ciphertext CT;
content key { ck based on hierarchy node correspondencei,…,ckkCalculating
Figure FDA0003522985240000055
Wherein
Figure FDA0003522985240000056
And the ciphertext sub-items of the level nodes in the ciphertext CT are obtained, and the corresponding encrypted ciphertext is decrypted by using a symmetric decryption algorithm.
9. A hierarchical file encryption system is characterized by comprising an authority, a data owner, a cloud service provider and a data consumer;
the authorization mechanism is used for obtaining a system public key PK and a system master key MSK through calculation according to a system initialization parameter lambda, and obtaining data consumer identity information and a corresponding data consumer attribute set S from a data consumer; calculating a data consumer private key SK based on the system public key PK, the system master key MSK and the data consumer attribute set S; sending the system public key PK to a data owner, and sending a corresponding data consumer private key SK to a corresponding data consumer according to the identity information of the data consumer;
the data owner is used for obtaining a system public key PK from the authorization mechanism and according to the layered file ck to be encryptediAnd constructing a one-way door access tree by the hierarchical relationship of each hierarchical file to be encrypted
Figure FDA0003522985240000057
Access tree based on said one-way door
Figure FDA0003522985240000058
Layered file ck to be encrypted through system public key PKiEncrypting to obtain an encrypted ciphertext CT and sending the encrypted ciphertext CT to a cloud service provider for storage;
the cloud service provider is used for storing the encrypted ciphertext CT uploaded by the data owner and transmitting data;
the data consumer is used for downloading the encrypted ciphertext CT from the cloud service provider, and when all attributes of the data consumer attribute set S meet part or all of the one-way gate access trees, the downloaded encrypted ciphertext CT is decrypted through the acquired system public key PK and the data consumer private key MSK to obtain the decrypted plaintext ckiOtherwise, the decryption fails;
wherein the access tree based on the one-way door
Figure FDA0003522985240000059
Layered file ck to be encrypted through system public key PKiPerforming encryption, including:
accessing a tree at the one-way door
Figure FDA0003522985240000061
From top to bottom and from left to right, k hierarchical nodes ck1,…,ckkWherein ck isiRepresenting the ith layered file ck to be encrypted obtained by using a symmetric encryption algorithmi(ii) a From
Figure FDA0003522985240000062
In the random selection of random number s1,s2,…,skCorresponding to each level node;
based on the hierarchical file to be encrypted and the one-way door access tree
Figure FDA0003522985240000063
And system public key, calculating cipher text subentry of hierarchical node
Figure FDA0003522985240000064
And C'i
Access tree based on said one-way door
Figure FDA0003522985240000065
The leaf node y with the uncontrolled attribute and the system public key calculate the ciphertext sub-item C of the leaf node with the uncontrolled attributeyAnd Dy(ii) a Wherein, the leaf node Y of the uncontrolled attribute belongs to Y, and Y represents a one-way gate access tree
Figure FDA0003522985240000066
A set of middle leaf nodes;
access tree based on said one-way door
Figure FDA0003522985240000067
Control Attribute leaf node AcAnd system public key, calculating and controlling cipher text sub item of attribute leaf node
Figure FDA0003522985240000068
And
Figure FDA0003522985240000069
access tree based on said one-way door
Figure FDA00035229852400000610
The transmission node x and the system public key calculate the ciphertext subentry C of the transmission nodex,kAnd Ex,k(ii) a Wherein the transmission nodeX belongs to X, X is the set of transmission nodes X, TN-CT (X) { ch { (X) }x,1,…,chx,kIs the threshold set of the child nodes of the transmission node x.
CN202110566884.7A 2021-05-24 2021-05-24 Hierarchical file encryption method and system Active CN113271309B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110566884.7A CN113271309B (en) 2021-05-24 2021-05-24 Hierarchical file encryption method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110566884.7A CN113271309B (en) 2021-05-24 2021-05-24 Hierarchical file encryption method and system

Publications (2)

Publication Number Publication Date
CN113271309A CN113271309A (en) 2021-08-17
CN113271309B true CN113271309B (en) 2022-04-08

Family

ID=77232515

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110566884.7A Active CN113271309B (en) 2021-05-24 2021-05-24 Hierarchical file encryption method and system

Country Status (1)

Country Link
CN (1) CN113271309B (en)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109740363A (en) * 2019-01-04 2019-05-10 贵州大学 Rating documents desensitization encryption method
CN110611662A (en) * 2019-08-30 2019-12-24 徐州工业职业技术学院 Attribute-based encryption-based fog collaborative cloud data sharing method

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP5693206B2 (en) * 2010-12-22 2015-04-01 三菱電機株式会社 Cryptographic processing system, key generation device, encryption device, decryption device, cryptographic processing method, and cryptographic processing program
US10211984B2 (en) * 2011-09-28 2019-02-19 Koninklijke Philips N.V. Hierarchical attribute-based encryption and decryption
KR101593165B1 (en) * 2014-08-19 2016-02-15 한국전자통신연구원 Data access control method
CN105991278B (en) * 2016-07-11 2019-06-28 河北省科学院应用数学研究所 A kind of ciphertext access control method based on CP-ABE
WO2019148335A1 (en) * 2018-01-30 2019-08-08 Nokia Technologies Oy Secure data processing
CN108540280B (en) * 2018-02-09 2020-09-15 上海交通大学 Resource efficient security data sharing method and system
CN108881291B (en) * 2018-07-19 2020-12-22 上海海事大学 Weight attribute base encryption method based on hierarchical authorization mechanism
CN109617855B (en) * 2018-10-25 2020-10-09 深圳技术大学(筹) File sharing method, device, equipment and medium based on CP-ABE layered access control
CN111614680B (en) * 2020-05-25 2021-04-02 华中科技大学 CP-ABE-based traceable cloud storage access control method and system
CN111970296A (en) * 2020-08-25 2020-11-20 福建师范大学 Efficient file hierarchical attribute-based encryption method and system

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109740363A (en) * 2019-01-04 2019-05-10 贵州大学 Rating documents desensitization encryption method
CN110611662A (en) * 2019-08-30 2019-12-24 徐州工业职业技术学院 Attribute-based encryption-based fog collaborative cloud data sharing method

Also Published As

Publication number Publication date
CN113271309A (en) 2021-08-17

Similar Documents

Publication Publication Date Title
Deng et al. Flexible attribute-based proxy re-encryption for efficient data sharing
Maffei et al. Privacy and access control for outsourced personal records
Xhafa et al. An efficient PHR service system supporting fuzzy keyword search and fine-grained access control
CN104363215B (en) A kind of encryption method and system based on attribute
CN106059763B (en) The properties base multi-mechanism hierarchical Ciphertext policy weight encryption method of cloud environment
CN114065265A (en) Fine-grained cloud storage access control method, system and equipment based on block chain technology
CN108111540A (en) The hierarchical access control system and method for data sharing are supported in a kind of cloud storage
CN105100083A (en) Attribute-based encryption method and attribute-based encryption system capable of protecting privacy and supporting user Undo
CN106612271A (en) Encryption and access control method for cloud storage
Xu et al. Enabling authorized encrypted search for multi-authority medical databases
Ming et al. Efficient revocable multi-authority attribute-based encryption for cloud storage
CN109981643A (en) A kind of inquiry authorization of fine granularity can search for encryption method and system
CN109327448B (en) Cloud file sharing method, device, equipment and storage medium
CN109617855B (en) File sharing method, device, equipment and medium based on CP-ABE layered access control
Liu et al. Offline/online attribute‐based encryption with verifiable outsourced decryption
Liu et al. Dynamic attribute-based access control in cloud storage systems
CN106936820A (en) The elongated amending method of data and its application in big data encryption
Aruna et al. Medical healthcare system with hybrid block based predictive models for quality preserving in medical images using machine learning techniques
CN114679271A (en) Block chain private data access control method and system
CN106612175A (en) Proxy re-encryption algorithm for multi-element access control in mobile cloud
Zhang et al. Data owner based attribute based encryption
CN113271309B (en) Hierarchical file encryption method and system
Almarwani et al. Flexible Access Control and Confidentiality over Encrypted Data for Document-based Database.
CN114244567B (en) CP-ABE method for supporting circuit structure in cloud environment
CN115694974A (en) Ciphertext data sharing method and system based on collaborative searchable

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant