CN115473703A - Identity-based ciphertext equivalence testing method, device, system and medium for authentication - Google Patents
Identity-based ciphertext equivalence testing method, device, system and medium for authentication Download PDFInfo
- Publication number
- CN115473703A CN115473703A CN202211016075.XA CN202211016075A CN115473703A CN 115473703 A CN115473703 A CN 115473703A CN 202211016075 A CN202211016075 A CN 202211016075A CN 115473703 A CN115473703 A CN 115473703A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- receiver
- receivers
- private key
- segment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000012360 testing method Methods 0.000 title claims abstract description 45
- 238000011084 recovery Methods 0.000 claims abstract description 6
- 230000006870 function Effects 0.000 claims description 37
- 239000012634 fragment Substances 0.000 claims description 22
- 238000013475 authorization Methods 0.000 claims description 8
- 238000010998 test method Methods 0.000 claims description 6
- 238000012795 verification Methods 0.000 claims description 6
- 239000000126 substance Substances 0.000 claims description 4
- 238000000605 extraction Methods 0.000 claims description 2
- 238000000034 method Methods 0.000 abstract description 19
- 238000005516 engineering process Methods 0.000 abstract description 11
- 238000010586 diagram Methods 0.000 description 4
- 201000010099 disease Diseases 0.000 description 4
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 4
- 238000010276 construction Methods 0.000 description 3
- 238000004364 calculation method Methods 0.000 description 2
- 238000013523 data management Methods 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 239000013307 optical fiber Substances 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/26—Testing cryptographic entity, e.g. testing integrity of encryption key or encryption algorithm
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses an authentication identity-based ciphertext equivalence testing method, device, system and medium, wherein the method comprises the following steps: obtaining authorized trapdoors of two receivers, wherein the two receivers are a receiver A and a receiver B respectively; acquiring the pre-stored ciphertexts of the two receivers from a memory; extracting a second secret text segment and a fourth secret text segment in the secret texts of the two receivers; restoring a coordinate point hidden in the ciphertext according to a second ciphertext segment, a fourth ciphertext segment and an authorized trapdoor of the ciphertext of the two receivers; and judging whether the ciphertexts of the two receivers contain the same plaintext message or not according to the coordinate points of the two receivers, and returning a judgment result. Compared with the existing ciphertext equivalence testing technology, the method can effectively resist off-line message recovery attack and has better safety performance.
Description
Technical Field
The invention relates to an authentication identity-based ciphertext equivalence test method, device, system and medium, and belongs to the technical field of ciphertext equivalence test.
Background
With the rapid development of technology in recent years, the internet environment has been changed profoundly. The volume of data, whether enterprise or personal, is on a rapidly growing trend, which presents a significant challenge to local data storage and management. Cloud computing is applied to various fields as an efficient and convenient data processing technology. More and more businesses and individuals tend to deposit data to cloud servers to simplify the management of local data. However, the cloud service provides a user with powerful computing and storage capabilities, and also brings a problem of data privacy disclosure. For example, in 2021, 2 months, millions of accounting detection reports are leaked from an Indian government website, and the reports contain sensitive personal information such as the name, age, marital status, detection time, residential address and the like of a detected person; in 4 months 2021, facebook, a well-known social media platform in the united states, revealed more than 5.33 hundred million users' personal information.
The application of cryptography in cloud computing provides guarantee for user data privacy security, privacy data of a user can be encrypted and then stored in a cloud server, and data management becomes a new problem due to the change of the structure of the encrypted data. In this case, if a user wants to search for needed data, the user can only download all encrypted files stored on the cloud server to the local, and search after decryption. This type of query is not only inefficient but also consumes significant computing resources and local storage space.
The public key searchable encryption technology effectively solves the problem of retrieval of encrypted data, can enable a user to directly perform keyword retrieval on encrypted data without decryption, but can only realize retrieval of encrypted data under the same public key. The ciphertext equivalence test encryption technology provided later well makes up the defects of the public key searchable encryption technology, and can judge the equality of data encrypted by different public keys without decryption. The ciphertext equivalence test encryption technology has a wide application prospect, for example, in the medical field, in order to better protect privacy of patients, hospitals generally store disease information of the patients on a cloud server after encrypting the disease information, when the patients A and B want to find people with the same disease to share treatment experience and encourage each other, the ciphertext equivalence test encryption technology is needed, the patients A and B can respectively use private keys of the patients A and B to calculate an authorization trapdoor and send the authorization trapdoor to the cloud server, and the cloud server taking the authorization trapdoor can test whether the two patients have the same disease or not without decryption. However, when the plaintext space is small, most of the existing various ciphertext equivalent test encryption technologies cannot resist offline message recovery attack, and the main reason is that under the existing public key cryptosystem, anyone can generate a legal ciphertext, so that under the condition that the plaintext space is small, the cloud service can generate the ciphertext of each message in the plaintext space in an exhaustion manner, and execute a test algorithm after obtaining the authorization authorized by the user, so as to correctly guess the plaintext information corresponding to the ciphertext of the user.
Disclosure of Invention
In view of this, the invention provides an authenticated identity-based ciphertext equivalence test method, device, system and storage medium, which can effectively resist offline message recovery attack and have better security performance compared with the existing ciphertext equivalence test technology.
The invention aims to provide an identity-based ciphertext equivalence testing method for authentication.
The second purpose of the invention is to provide an identity-based ciphertext equivalence testing device for authentication.
The third purpose of the invention is to provide an authenticated identity-based ciphertext equivalence test system.
It is a fourth object of the present invention to provide a computer-readable storage medium.
The first purpose of the invention is achieved by adopting the following technical scheme:
an authentication identity-based ciphertext equivalence testing method is applied to a cloud server, and comprises the following steps:
obtaining authorized trapdoors of two receivers, wherein the two receivers are a receiver A and a receiver B respectively;
acquiring the pre-stored ciphertexts of the two receivers from the memory;
extracting a second dense text segment and a fourth dense text segment in the dense texts of the two receivers;
restoring a coordinate point hidden in ciphertext according to a second ciphertext segment, a fourth ciphertext segment and an authorized trapdoor of the ciphertexts of the two receivers;
and judging whether the ciphertexts of the two receivers contain the same plaintext message or not according to the coordinate points of the two receivers, and returning a judgment result.
Further, the recovering of the coordinate point hidden in the ciphertext according to the second ciphertext segment, the fourth ciphertext segment and the authorized trapdoor of the ciphertext of the two receivers specifically includes:
using ciphertext C of recipient A A Second cipher text segment C in 2,A Fourth ciphertext segment C 4,A And an authorized trapdoor td A And a sixth hash function H in the common parameter 6 CalculatingRecovering the hidden ciphertext C A Coordinate information x of (1) 1 ||x 2 ||y 1 ||y 2 And converted into coordinate points (x) 1 ,y 1 ),(x 2 ,y 2 );
Using ciphertext C of recipient B B Second cipher text segment C in 2,B Fourth ciphertext segment C 4,B And an authorized trapdoor td B And a sixth hash function H in the common parameter 6 CalculatingRecovering to be hidden in ciphertext C B Coordinate information x in 1 ′||x 2 ′||y 1 ′||y 2 ', and converted into coordinate points (x) 1 ′,y 1 ′),(x 2 ′,y 2 ′)。
Further, the determining, according to the coordinate points of the two receivers, whether ciphertexts of the two receivers contain the same plaintext message specifically includes:
using two coordinate points (x) of receiver a 1 ,y 1 ),(x 2 ,y 2 ) And one coordinate point (x) of the receiver B 1 ′,y 1 ') construct a quadratic polynomial and use the two coordinate points (x) of receiver B 1 ′,y 1 ′),(x 2 ′,y 2 ') andone coordinate point (x) of the receiver a 1 ,y 1 ) Constructing another quadratic polynomial;
judging whether the constant terms of the two constructed quadratic polynomials are the same or not;
if the constant terms of the two quadratic polynomials are the same, the ciphertext of the two receivers contains the same plaintext information;
if the constant terms of the two quadratic polynomials are different, the ciphertexts of the two receivers contain different plaintext information.
Further, the authorized trapdoors of the two receivers are calculated as follows:
using the private key of receiver AAnd identity information ID of the sender s Calculating authorized trapdoors for receiver AWherein
Using the private key of receiver BAnd identity information ID of the sender s Computing authorized trapdoors for recipient BWherein
The second purpose of the invention is achieved by adopting the following technical scheme:
an authentication identity-based ciphertext equivalence testing device applied to a cloud server, the device comprising:
the first acquisition module is used for acquiring authorized trapdoors of two receivers, wherein the two receivers are a receiver A and a receiver B respectively;
the second acquisition module is used for acquiring the pre-stored ciphertext of the two receivers from the memory;
the extraction module is used for extracting a second secret text segment and a fourth secret text segment in the secret texts of the two receivers;
the recovery module is used for recovering the coordinate points hidden in the ciphertext according to the second ciphertext segment, the fourth ciphertext segment and the authorized trapdoor of the ciphertexts of the two receivers;
and the judging module is used for judging whether the ciphertexts of the two receivers contain the same plaintext message or not according to the coordinate points of the two receivers and returning a judgment result.
The third purpose of the invention is achieved by adopting the following technical scheme:
an authenticated identity-based ciphertext equivalence testing system comprises a user side, a key generation center and a cloud server, wherein the user side is respectively connected with the key generation center and the cloud server;
when the user side is used as a sender, the user side is used for generating three points according to the plaintext message and the public parameters; determining a quadratic polynomial by using the three points; randomly selecting two coordinate points on a quadratic polynomial; acquiring two random numbers, a private key of a sender and a public key of a receiver; encrypting the plaintext message by using the two random numbers, the two coordinate points, the private key of the sender and the public key of the receiver to obtain a ciphertext, and uploading the ciphertext to a cloud server;
when the user side is used as a receiver, the user side is used for acquiring a ciphertext to be decrypted, a private key of the receiver and a public key of a sender; recovering a plaintext message and a random number by using the first cipher text segment and the third cipher text segment of the ciphertext and a private key of a receiver; recovering two coordinate points by utilizing a fourth ciphertext fragment of the ciphertext, a private key of a receiver and a public key of a sender; calculating three points according to the recovered plaintext message and the public parameter, and reconstructing a quadratic polynomial by using the three points; the correctness of the ciphertext is verified by utilizing the random number, the two coordinate points and the quadratic polynomial, and if the ciphertext passes the verification, a plaintext message is output;
the key generation center is used for generating a master private key and a public parameter based on a security parameter; receiving a registration request sent by a user side, generating a public and private key pair of the user, and feeding back the public and private key pair of the user to the user side;
the cloud server is used for executing the ciphertext equivalence testing method.
Further, three points are generated according to the plaintext message and the common parameter, as follows:
where m is the plaintext message, η 1 、η 2 、η 3 、η 4 、η 5 And η 6 For six random numbers in a common parameter, H 3 Is a third hash function in the common parameters.
Further, three points P are utilized 1 、P 2 、P 3 Uniquely determining a quadratic polynomial f (x), and randomly selecting two coordinate points (x) on the quadratic polynomial 1 ,y 1 ) And (x) 2 ,y 2 ) Wherein y is 1 =f(x 1 ),y 2 =f(x 2 )。
Further, the plaintext message is encrypted by using the two random numbers, the two coordinate points, the private key of the sender and the public key of the receiver to obtain a ciphertext, as follows:
wherein, C 1 、C 2 、C 3 、C 4 And C 5 Five ciphertext fragments, r, of the ciphertext C 1 And r 2 Is two random numbers, (x) 1 ,y 1 ) And (x) 2 ,y 2 ) The two coordinate points are taken as the two coordinate points, is the sender's private keyThe first part of (a) is,public key for receiverSecond part of (1), H 4 As a fourth hash function in the common parameter, H 5 As a fifth hash function in the common parameter, H 6 As a sixth hash function in the common parameter, H 7 M is a plaintext message as a seventh hash function in the common parameter.
Further, the plaintext message and the random number are recovered by using the first ciphertext segment, the third ciphertext segment of the ciphertext and the private key of the receiver, as follows:
wherein the content of the first and second substances,private key for recipientThird part of (1), C 1 The first ciphertext fragment, C, of the ciphertext 3 Third ciphertext fragment, H, of the ciphertext 4 A fourth hash function in the public parameter;
and recovering two coordinate points by using the fourth ciphertext segment of the ciphertext, the private key of the receiver and the public key of the sender, as follows:
wherein, the first and the second end of the pipe are connected with each other,private key for recipientSecond part of (1), C 4 Fourth ciphertext fragment, H, being a ciphertext 5 As a fifth hash function in the common parameters,
the fourth purpose of the invention is achieved by adopting the following technical scheme:
a computer-readable storage medium storing a program which, when executed by a processor, implements the above-described ciphertext equivalence test method.
Compared with the prior art, the invention has the following beneficial effects:
1. after the authorization trapdoors authorized by two receivers are obtained through the cloud server, random points on a quadratic polynomial used in a ciphertext construction process are recovered respectively based on a second ciphertext segment and a fourth ciphertext segment in the ciphertext of the two receivers, the construction of the quadratic polynomial is carried out by utilizing the recovered random points, the value of a constant term corresponding to the polynomial is calculated, and whether plaintext messages contained in the ciphertext are the same or not can be known by judging whether the values of the two constant terms are the same or not.
2. The invention considers that most of the prior ciphertext equivalent test encryption technologies can not resist off-line message recovery attack under the condition of small plaintext space, and prevents any third party except a sender from generating legal ciphertext by adding the private key of the sender in the ciphertext generating process, thereby effectively resisting the attack and improving the safety.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the structures shown in the drawings without creative efforts.
Fig. 1 is a block diagram of a structure of an authenticated identity-based ciphertext equivalence testing system according to an embodiment of the present invention.
Fig. 2 is a flowchart of data encryption in the authenticated identity-based ciphertext equivalence test system according to the embodiment of the present invention.
Fig. 3 is a flowchart of data decryption in the authenticated identity-based ciphertext equivalence test system according to the embodiment of the present invention.
Fig. 4 is a flowchart of ciphertext equivalence testing in the authenticated identity-based ciphertext equivalence testing system of the embodiments of the present invention.
Fig. 5 is a block diagram of a data encryption apparatus in the authenticated identity-based ciphertext equivalence test system according to the embodiment of the present invention.
Fig. 6 is a block diagram of a data decryption apparatus in the authenticated identity-based ciphertext equivalence test system according to the embodiment of the present invention.
Fig. 7 is a block diagram of a structure of a ciphertext equivalence testing apparatus in the authenticated identity-based ciphertext equivalence testing system according to the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some embodiments of the present invention, but not all embodiments, and all other embodiments obtained by a person of ordinary skill in the art without creative efforts based on the embodiments of the present invention belong to the protection scope of the present invention.
Example 1:
as shown in fig. 1, the embodiment provides an authenticated identity-based ciphertext equivalence testing system, which includes a user side, a key generation center, and a cloud server, where the user side is connected to the key generation center and the cloud server, respectively.
The ciphertext equivalence test system of the embodiment is specifically implemented as follows:
(1) Initialization procedure
Based on the security parameter λ, a master private key msk and a public parameter pp are generated, which specifically include: setting two orders to pAndgroup ofAnd a bilinear mapThen, seven anti-collision hash functions are selected: wherein l representsThe bit length of the middle element; and then randomly fromSelects three numbers alpha, beta and gamma, sets the (alpha, beta and gamma) as a main private key msk, and sets the (g) as a master private key msk 1 =g α ,g 2 =g β ,g 3 =g γ ) Setting as a master public key mpk; and then randomly from {0,1} λ Selecting six random numbers gamma 1 ,γ 2 ,γ 3 ,γ 4 ,γ 5 And gamma 6 (ii) a Finally, outputting the common parameters Master private key msk = (α, β, γ); wherein H 1 Is a first hash function, H 2 Is a second hash function, H 3 Is a third hash function, H 4 Is a fourth hash function, H 5 Is a fifth hash function, H 6 Is a sixth hash function, H 7 Is a seventh hash function.
(2) User key generation process
The user sends the ID of the user identity information to the key generation center for registration, and after the key generation center receives the user registration request, the key generation center performs registration according to the system parameters Calculating private key of user by using master private key msk = (alpha, beta, gamma) and identity information ID of userPublic key And SK is combined ID And PK ID And feeding back to the user, and finishing the registration process by the user.
(3) Data encryption process
The user side can implement the data encryption process when acting as the sender, as shown in fig. 2, including the following steps:
s201, three points are generated according to the plaintext message and the public parameters.
Obtaining six random numbers eta in common parameter 1 、η 2 、η 3 、η 4 、η 5 、η 6 And a third hash function H 3 Using the plaintext message m, the random number η 1 、η 2 、η 3 、η 4 、η 5 And η 6 And a third hash function H 3 Generating three points P 1 、P 2 And P 3 The following formula:
s202, utilizing the three points P 1 、P 2 And P 3 A quadratic polynomial f (x) is determined.
S203, randomly selecting two coordinate points (x) on the quadratic polynomial 1 ,y 1 ) And (x) 2 ,y 2 ) Wherein y is 1 =f(x 1 ),y 2 =f(x 2 )。
S203, acquiring two random numbers, a private key of a sender and a public key of a receiver.
FromTwo random numbers r are selected 1 And r 2 Obtaining the public key of the receiver And the sender's private key
S204, encrypting the plaintext message by using the two random numbers, the two coordinate points, the private key of the sender and the public key of the receiver to obtain a ciphertext, and uploading the ciphertext to a cloud server.
Using two random numbers r 1 ,r 2 Two coordinate points (x) 1 ,y 1 ) And (x) 2 ,y 2 ) Sender's private keyAnd public key of receiverEncrypting the plaintext message m to obtain a ciphertext C = (C) 1 ,C 2 ,C 3 ,C 4 ,C 5 ) In which C is 1 、C 2 、C 3 、C 4 、C 5 Five cipher text segments of the cipher text C are calculated in the following way:
(3) Data decryption process
The user terminal can implement the data decryption process when the user terminal is used as a receiver, as shown in fig. 3, the method includes the following steps:
s301, obtaining a ciphertext to be decrypted, a private key of a receiver and a public key of a sender.
Wherein, the ciphertext C = (C) to be decrypted 1 ,C 2 ,C 3 ,C 4 ,C 4 ,C 5 ) Private key of the recipient Sender's public key
S302, recovering the plaintext message and the random number by using the first ciphertext segment and the third ciphertext segment of the ciphertext and the private key of the receiver.
First ciphertext fragment C using ciphertext 1 And the third cipher text section C 3 And the recipient's private keyBy calculation ofRecovering m | | | r 2 。
S303, recovering two coordinate points by using the fourth ciphertext fragment of the ciphertext, the private key of the receiver and the public key of the sender.
Fourth ciphertext fragment C using ciphertext 4 Private key of the recipientAnd sender's public keyBy calculation ofRecover x 1 ||x 2 ||y 1 ||y 2 Wherein
And S304, calculating three points according to the recovered plaintext message and the public parameter, and reconstructing a quadratic polynomial by using the three points.
The method used in step S304 is the same as that used in step S201, and six random numbers η in the common parameter are obtained 1 、η 2 、η 3 、η 4 、η 5 、η 6 And a third hash function H 3 Using the plaintext message m, the random number η 1 、η 2 、η 3 、η 4 、η 5 And η 6 And a third hash function H 3 Generating three points P 1 、P 2 And P 3 Using these three points P 1 、P 2 And P 3 A quadratic polynomial f (x) is constructed.
S305, the correctness of the ciphertext is verified by using the random number, the two coordinate points and the quadratic polynomial, and if the verification is passed, a plaintext message is output.
It is verified whether the following equations are all true:
if the formulas are all true, outputting the plaintext message, otherwise, failing to decrypt.
(4) Authenticated identity-based ciphertext equivalence test process
The ciphertext equivalence testing process can be realized through the cloud server, and as shown in fig. 4, the method comprises the following steps:
s401, obtaining authorized trapdoors of two receivers.
The two receivers are respectively a receiver A and a receiver B, and the private key of the receiver A is utilizedAnd identity information ID of the sender s Calculating authorized trapdoors for receiver AWhereinUsing the private key of receiver BAnd identity information ID of the sender s Computing authorized trapdoors for recipient BWhereinRecipient A and recipient B will authorize trapdoor td A And td B And sending the information to the cloud server.
S402, obtaining the pre-stored ciphertext of the two receivers from the memory.
Specifically, after the cloud server obtains the trapdoors of the receiver a and the receiver B, the ciphertext C of the receiver a is obtained from the memory A =(C 1,A ,C 2,A ,C 3,A ,C 4,A ,C 5,A ) And ciphertext (C) of receiver B 1,B ,C 2,B ,C 3,B ,C 4,B ,C 5,B )。
S403, extracting a second secret text segment and a fourth secret text segment in the secret texts of the two receivers.
Specifically, the second ciphertext fragment C in the ciphertext of the receiver A is extracted 2,A And fourth ciphertext fragment C 4,A And extracting a second ciphertext fragment C of the ciphertext of the receiver B 2,B And fourth ciphertext fragment C 4,B 。
S404, according to the second ciphertext segment, the fourth ciphertext segment and the authorized trapdoor of the ciphertexts of the two receivers, the coordinate points hidden in the ciphertext are restored.
Using ciphertext C of recipient A A Second ciphertext fragment C in 2,A Fourth ciphertext segment C 4,A And authorization trapdoor td A And a sixth hash function H in the common parameter 6 CalculatingRecovering to be hidden in ciphertext C A Coordinate information x of (1) 1 ||x 2 ||y 1 ||y 2 And converted into coordinate points (x) 1 ,y 1 ),(x 2 ,y 2 )。
Using ciphertext C of recipient B B Second ciphertext fragment C in 2,B Fourth cipher text segment C 4,B And an authorized trapdoor td B And a sixth hash function H in the common parameter 6 CalculatingRecovering to be hidden in ciphertext C B Coordinate information x in 1 ′||x 2 ′||y 1 ′||y 2 ', and converted into coordinate points (x) 1 ′,y 1 ′),(x 2 ′,y 2 ′)。
S405, judging whether the ciphertexts of the two receivers contain the same plaintext message or not according to the coordinate points of the two receivers, and returning a judgment result.
Further, the step S405 specifically includes:
s4051, using two coordinate points (x) of receiver A 1 ,y 1 ),(x 2 ,y 2 ) And one coordinate point (x) of the receiver B 1 ′,y 1 ') construct a polynomial and use two coordinate points (x) of receiver B 1 ′,y 1 ′),(x 2 ′,y 2 ') and one coordinate point of receiver A (x) 1 ,y 1 ) Another polynomial is constructed.
S4052, judging whether the constant terms of the two structural polynomials are the same.
S4053, if the constant terms of the two polynomials are the same, the ciphertext of the receiver a and the ciphertext of the receiver B contain the same plaintext information, and returns 1 with 1 as the same determination result.
S4054, if the constant terms of the two polynomials are different, the ciphertext of receiver a and the ciphertext of receiver B contain different plaintext information, and return to 0 with 1 as a different determination result.
According to the content of the above process, the embodiment further provides a data encryption device, a data decryption device and an authenticated identity-based ciphertext equivalence testing device, and when the user side is used as a sender, the data encryption device is used; when the user terminal is used as a receiver, the data decryption device is used; the cloud server comprises an authenticated identity-based ciphertext equivalence testing device.
As shown in fig. 5, the data encryption apparatus in this embodiment includes a generating module 501, a determining module 502, a selecting module 503, an obtaining module 504, and an encrypting module 505, and the specific functions of each module are as follows:
a generating module 501, configured to generate three points according to the plaintext message and the common parameter.
A determining module 502 for determining a quadratic polynomial using the three points.
And the selecting module 503 is configured to randomly select two coordinate points on the quadratic polynomial.
An obtaining module 504 is configured to obtain the two random numbers, the private key of the sender, and the public key of the receiver.
The encryption module 505 is configured to encrypt the plaintext message by using the two random numbers, the two coordinate points, the private key of the sender, and the public key of the receiver to obtain a ciphertext, and upload the ciphertext to the cloud server.
As shown in fig. 6, the data decryption apparatus in this embodiment includes an obtaining module 601, a first recovering module 602, a second recovering module 603, a reconstructing module 604, and a verifying module 605, and the specific functions of each module are as follows:
the obtaining module 601 is configured to obtain a ciphertext to be decrypted, a private key of a receiver, and a public key of a sender.
The first recovering module 602 is configured to recover the plaintext message and the random number by using the first ciphertext segment of the ciphertext, the third ciphertext segment of the ciphertext, and the private key of the recipient.
The second recovering module 603 is configured to recover the two coordinate points by using the fourth ciphertext fragment of the ciphertext, the private key of the receiver, and the public key of the sender.
And a reconstructing module 604, configured to calculate three points according to the recovered plaintext message and the common parameter, and reconstruct a quadratic polynomial using the three points.
The verification module 605 is configured to perform verification on correctness of the ciphertext by using the random number, the two coordinate points, and the quadratic polynomial, and if the verification passes, output a plaintext message.
The ciphertext equivalence testing apparatus of this embodiment is shown in fig. 7, and the apparatus includes a first obtaining module 701, a second obtaining module 702, an extracting module 703, a recovering module 704, and a determining module 705, where specific functions of each module are as follows:
a first obtaining module 701, configured to obtain authorized trapdoors of two receivers.
A second obtaining module 702, configured to obtain the pre-stored ciphertexts of the two receivers from the memory.
The extracting module 703 is configured to extract a second secret document segment and a fourth secret document segment in the secret documents of the two receivers.
The recovering module 704 is configured to recover the hidden coordinate point in the ciphertext according to the second ciphertext segment, the fourth ciphertext segment, and the authorized trapdoor of the two recipient ciphertexts.
The determining module 705 is configured to determine whether ciphertexts of two receivers contain the same plaintext message according to the coordinate points of the two receivers, and return a determination result.
It should be noted that although the method operations of the above-described embodiments are depicted in the drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Rather, the depicted steps may change the order of execution. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
It should be noted that the apparatus provided in the foregoing embodiment is only illustrated by dividing the functional modules, and in practical applications, the above functions may be distributed by different functional modules as needed, that is, the internal structure is divided into different functional modules to complete all or part of the functions described above.
The computer readable storage medium of the present embodiments may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
In summary, in the ciphertext equivalence test method of the present invention, after the authorized trapdoors authorized by two receivers are obtained by the cloud server, the random points on the quadratic polynomial used in the ciphertext construction process are recovered based on the second ciphertext segment and the fourth ciphertext segment in the ciphertext of the two receivers, the recovered random points are used to construct the quadratic polynomial and calculate the value of the constant term corresponding to the polynomial, and whether the plaintext messages contained in the ciphertext are the same can be known by determining whether the values of the two constant terms are the same.
The above description is only for the preferred embodiments of the present invention, but the protection scope of the present invention is not limited thereto, and any person skilled in the art can substitute or change the technical solution and the inventive concept of the present invention within the scope of the present invention.
Claims (10)
1. An authentication identity-based ciphertext equivalence testing method is applied to a cloud server, and is characterized by comprising the following steps:
obtaining authorized trapdoors of two receivers, wherein the two receivers are a receiver A and a receiver B respectively;
acquiring the pre-stored ciphertexts of the two receivers from the memory;
extracting a second dense text segment and a fourth dense text segment in the dense texts of the two receivers;
restoring a coordinate point hidden in the ciphertext according to a second ciphertext segment, a fourth ciphertext segment and an authorized trapdoor of the ciphertext of the two receivers;
and judging whether the ciphertexts of the two receivers contain the same plaintext message or not according to the coordinate points of the two receivers, and returning a judgment result.
2. The ciphertext equivalence testing method of claim 1, wherein the recovering the coordinate points hidden in the ciphertext according to a second ciphertext segment, a fourth ciphertext segment, and an authorized trapdoor of the two recipient ciphertexts comprises:
using ciphertext C of recipient A A Second cipher text segment C in 2,A Fourth cipher text segment C 4,A And authorization trapdoor td A And a sixth hash function H in the common parameter 6 CalculatingRecoveryAppearing hidden in ciphertext C A Coordinate information x in 1 ||x 2 ||y 1 ||y 2 And converted into coordinate points (x) 1 ,y 1 ),(x 2 ,y 2 );
Using ciphertext C of recipient B B Second cipher text segment C in 2,B Fourth cipher text segment C 4,B And authorization trapdoor td B And a sixth hash function H in the common parameter 6 CalculatingRecovering the hidden ciphertext C B Coordinate information x in 1 ′||x 2 ′||y 1 ′||y 2 ', and converted into coordinate points (x) 1 ′,y 1 ′),(x 2 ′,y 2 ′)。
3. The ciphertext equivalence testing method according to claim 1, wherein the determining whether ciphertexts of two receivers contain identical plaintext messages according to coordinate points of the two receivers includes:
using two coordinate points (x) of receiver a 1 ,y 1 ),(x 2 ,y 2 ) And one coordinate point (x) of the receiver B 1 ′,y 1 ') construct a quadratic polynomial and use the two coordinate points (x) of receiver B 1 ′,y 1 ′),(x 2 ′,y 2 ') and one coordinate point (x) of receiver A 1 ,y 1 ) Constructing another quadratic polynomial;
judging whether the constant terms of the two constructed quadratic polynomials are the same or not;
if the constant terms of the two quadratic polynomials are the same, the ciphertext of the two receivers contains the same plaintext information;
if the constant terms of the two quadratic polynomials are different, the ciphertext of the two receivers contains different plaintext information.
4. The ciphertext equivalence test method of any of claims 1-3, wherein the authorized trapdoors for the two recipients are calculated as follows:
using the private key of receiver aAnd identity information ID of the sender s Computing authorized trapdoors for receiver AWherein
5. An authentication identity-based ciphertext equivalence testing device applied to a cloud server is characterized by comprising:
the first acquisition module is used for acquiring authorized trapdoors of two receivers, wherein the two receivers are a receiver A and a receiver B respectively;
the second acquisition module is used for acquiring the pre-stored ciphertexts of the two receivers from the memory;
the extraction module is used for extracting a second dense text segment and a fourth dense text segment in the dense texts of the two receivers;
the recovery module is used for recovering the coordinate points hidden in the ciphertext according to the second ciphertext segment, the fourth ciphertext segment and the authorized trapdoor of the ciphertexts of the two receivers;
and the judging module is used for judging whether the ciphertexts of the two receivers contain the same plaintext message or not according to the coordinate points of the two receivers and returning a judgment result.
6. An authenticated identity-based ciphertext equivalence testing system is characterized by comprising a user side, a key generation center and a cloud server, wherein the user side is respectively connected with the key generation center and the cloud server;
when the user side is used as a sender, the user side is used for generating three points according to the plaintext message and the public parameters; determining a quadratic polynomial by using the three points; randomly selecting two coordinate points on a quadratic polynomial; acquiring two random numbers, a private key of a sender and a public key of a receiver; encrypting the plaintext message by using the two random numbers, the two coordinate points, the private key of the sender and the public key of the receiver to obtain a ciphertext, and uploading the ciphertext to a cloud server;
when the user side is used as a receiver, the user side is used for acquiring a ciphertext to be decrypted, a private key of the receiver and a public key of a sender; recovering a plaintext message and a random number by using the first ciphertext segment and the third ciphertext segment of the ciphertext and a private key of a receiver; recovering two coordinate points by utilizing a fourth ciphertext fragment of the ciphertext, a private key of a receiver and a public key of a sender; calculating three points according to the recovered plaintext message and the public parameter, and reconstructing a quadratic polynomial by using the three points; the correctness of the ciphertext is verified by utilizing the random number, the two coordinate points and the quadratic polynomial, and if the ciphertext passes the verification, a plaintext message is output;
the key generation center is used for generating a master private key and a public parameter based on a security parameter; receiving a registration request sent by a user side, generating a public and private key pair of the user, and feeding back the public and private key pair of the user to the user side;
the cloud server is used for executing the ciphertext equivalence testing method of any one of claims 1-4.
7. The ciphertext equivalence test system of claim 6, wherein the three points are generated based on the plaintext message and the common parameters, as follows:
where m is the plaintext message, η 1 、η 2 、η 3 、η 4 、η 5 And η 6 For six random numbers in a common parameter, H 3 Is a third hash function in the common parameters.
8. The ciphertext equivalence test system of claim 6, wherein the ciphertext is obtained by encrypting a plaintext message using two random numbers, two coordinate points, a sender's private key, and a receiver's public key, as follows:
wherein, C 1 、C 2 、C 3 、C 4 And C 5 Five ciphertext fragments, r, of the ciphertext C 1 And r 2 Is two random numbers, (x) 1 ,y 1 ) And (x) 2 ,y 2 ) The two coordinate points are taken as the two coordinate points, is the private key of the senderThe first part of (a) is,public key for receiverSecond part of (1), H 4 As a fourth hash function in the common parameter, H 5 As a fifth hash function in the common parameter, H 6 As a sixth hash function in the common parameter, H 7 M is a plaintext message as a seventh hash function in the common parameter.
9. The ciphertext equivalence test system of claim 6, wherein the plaintext message and the random number are recovered using the first ciphertext fragment, the third ciphertext fragment, and a private key of the recipient, as follows:
wherein the content of the first and second substances,private key for recipientThird part of (1), C 1 The first ciphertext fragment, C, of the ciphertext 3 Is the third ciphertext fragment of the ciphertext,H 4 A fourth hash function in the public parameter;
and recovering two coordinate points by using the fourth ciphertext segment of the ciphertext, the private key of the receiver and the public key of the sender, as follows:
10. a computer-readable storage medium storing a program, wherein the program, when executed by a processor, implements the ciphertext equivalence test method of any of claims 1-4.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211016075.XA CN115473703B (en) | 2022-08-24 | 2022-08-24 | Authentication ciphertext equivalent test method, device, system and medium based on identity |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202211016075.XA CN115473703B (en) | 2022-08-24 | 2022-08-24 | Authentication ciphertext equivalent test method, device, system and medium based on identity |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115473703A true CN115473703A (en) | 2022-12-13 |
CN115473703B CN115473703B (en) | 2024-04-12 |
Family
ID=84365768
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202211016075.XA Active CN115473703B (en) | 2022-08-24 | 2022-08-24 | Authentication ciphertext equivalent test method, device, system and medium based on identity |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115473703B (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116709325A (en) * | 2023-08-07 | 2023-09-05 | 北京数盾信息科技有限公司 | Mobile equipment security authentication method based on high-speed encryption algorithm |
CN116707798A (en) * | 2023-07-11 | 2023-09-05 | 西华大学 | Ciphertext examination method, device and system based on equivalence test |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009223035A (en) * | 2008-03-17 | 2009-10-01 | Oki Semiconductor Co Ltd | Key generation method of hyperbola code |
CN105447361A (en) * | 2014-08-27 | 2016-03-30 | 华为技术有限公司 | Encryption and similarity measurement method, terminal and server |
CN106549753A (en) * | 2016-10-18 | 2017-03-29 | 电子科技大学 | The encipherment scheme that a kind of support ciphertext of identity-based compares |
US20200044832A1 (en) * | 2018-07-31 | 2020-02-06 | International Business Machines Corporation | System and method for quantum resistant public key encryption |
CN112152803A (en) * | 2020-09-15 | 2020-12-29 | 河海大学 | Identity-based encryption method and system with multiple receiver ciphertext searchable |
CN112328955A (en) * | 2020-10-16 | 2021-02-05 | 中国地质调查局沈阳地质调查中心 | Method for processing gravity and magnetic data, storage medium and device |
CN113067702A (en) * | 2021-03-17 | 2021-07-02 | 西安电子科技大学 | Identity-based encryption method supporting ciphertext equivalence test function |
-
2022
- 2022-08-24 CN CN202211016075.XA patent/CN115473703B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2009223035A (en) * | 2008-03-17 | 2009-10-01 | Oki Semiconductor Co Ltd | Key generation method of hyperbola code |
CN105447361A (en) * | 2014-08-27 | 2016-03-30 | 华为技术有限公司 | Encryption and similarity measurement method, terminal and server |
CN106549753A (en) * | 2016-10-18 | 2017-03-29 | 电子科技大学 | The encipherment scheme that a kind of support ciphertext of identity-based compares |
US20200044832A1 (en) * | 2018-07-31 | 2020-02-06 | International Business Machines Corporation | System and method for quantum resistant public key encryption |
CN112152803A (en) * | 2020-09-15 | 2020-12-29 | 河海大学 | Identity-based encryption method and system with multiple receiver ciphertext searchable |
CN112328955A (en) * | 2020-10-16 | 2021-02-05 | 中国地质调查局沈阳地质调查中心 | Method for processing gravity and magnetic data, storage medium and device |
CN113067702A (en) * | 2021-03-17 | 2021-07-02 | 西安电子科技大学 | Identity-based encryption method supporting ciphertext equivalence test function |
Non-Patent Citations (1)
Title |
---|
向宏;李思遥;蔡斌;: "密文明文长度比可变的多变量公钥加密方案", 重庆大学学报, no. 07, 15 July 2017 (2017-07-15) * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116707798A (en) * | 2023-07-11 | 2023-09-05 | 西华大学 | Ciphertext examination method, device and system based on equivalence test |
CN116707798B (en) * | 2023-07-11 | 2024-05-17 | 西华大学 | Ciphertext examination method, device and system based on equivalence test |
CN116709325A (en) * | 2023-08-07 | 2023-09-05 | 北京数盾信息科技有限公司 | Mobile equipment security authentication method based on high-speed encryption algorithm |
CN116709325B (en) * | 2023-08-07 | 2023-10-27 | 北京数盾信息科技有限公司 | Mobile equipment security authentication method based on high-speed encryption algorithm |
Also Published As
Publication number | Publication date |
---|---|
CN115473703B (en) | 2024-04-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111639361B (en) | Block chain key management method, multi-person common signature method and electronic device | |
US11381398B2 (en) | Method for re-keying an encrypted data file | |
CN109614818B (en) | Authorized identity-based keyword search encryption method | |
CN110213042A (en) | A kind of cloud data duplicate removal method based on no certification agency re-encryption | |
US20110145576A1 (en) | Secure method of data transmission and encryption and decryption system allowing such transmission | |
CN106803784A (en) | The multi-user based on lattice is fuzzy in secure multimedia cloud storage can search for encryption method | |
US20190116180A1 (en) | Authentication system, authentication method, and program | |
JP5506704B2 (en) | Decryption system, key device, decryption method, and program | |
CN115473703A (en) | Identity-based ciphertext equivalence testing method, device, system and medium for authentication | |
CN113067702B (en) | Identity-based encryption method supporting ciphertext equivalence test function | |
CN101924739A (en) | Method for encrypting, storing and retrieving software certificate and private key | |
CN114338038B (en) | Storage system for secret inquiry of block chain data and careless transmission method | |
CN111475690B (en) | Character string matching method and device, data detection method and server | |
Abo-Alian et al. | Auditing-as-a-service for cloud storage | |
CN110266490B (en) | Keyword ciphertext generation method and device of cloud storage data | |
CN112804052A (en) | User identity encryption method based on composite order group | |
KR101217491B1 (en) | A method for searching keyword based on public key | |
Yang et al. | Provable Ownership of Encrypted Files in De-duplication Cloud Storage. | |
Itakura et al. | Proposal on a multifactor biometric authentication method based on cryptosystem keys containing biometric signatures | |
CN109462581A (en) | The ciphertext De-weight method that violence dictionary opponent persistently attacks can be resisted | |
CN112765570B (en) | Identity-based provable data holding method supporting data transfer | |
CN115174600A (en) | Ciphertext data encryption and safe retrieval method and device for cloud storage system | |
KR20100003093A (en) | Method of producing searchable keyword encryption based on public key for minimizing data size of searchable keyword encryption and method of searching data based on public key through that | |
Yang et al. | RLWE-Based ID-DIA protocols for cloud storage | |
Ma et al. | Threshold reusable fuzzy extractor and an application to joint access control via biometric information |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |