CN115473703A - Identity-based ciphertext equivalence testing method, device, system and medium for authentication - Google Patents

Identity-based ciphertext equivalence testing method, device, system and medium for authentication Download PDF

Info

Publication number
CN115473703A
CN115473703A CN202211016075.XA CN202211016075A CN115473703A CN 115473703 A CN115473703 A CN 115473703A CN 202211016075 A CN202211016075 A CN 202211016075A CN 115473703 A CN115473703 A CN 115473703A
Authority
CN
China
Prior art keywords
ciphertext
receiver
receivers
private key
segment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202211016075.XA
Other languages
Chinese (zh)
Other versions
CN115473703B (en
Inventor
马莎
杜皎皎
杨钿
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
South China Agricultural University
Original Assignee
South China Agricultural University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by South China Agricultural University filed Critical South China Agricultural University
Priority to CN202211016075.XA priority Critical patent/CN115473703B/en
Publication of CN115473703A publication Critical patent/CN115473703A/en
Application granted granted Critical
Publication of CN115473703B publication Critical patent/CN115473703B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/26Testing cryptographic entity, e.g. testing integrity of encryption key or encryption algorithm
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses an authentication identity-based ciphertext equivalence testing method, device, system and medium, wherein the method comprises the following steps: obtaining authorized trapdoors of two receivers, wherein the two receivers are a receiver A and a receiver B respectively; acquiring the pre-stored ciphertexts of the two receivers from a memory; extracting a second secret text segment and a fourth secret text segment in the secret texts of the two receivers; restoring a coordinate point hidden in the ciphertext according to a second ciphertext segment, a fourth ciphertext segment and an authorized trapdoor of the ciphertext of the two receivers; and judging whether the ciphertexts of the two receivers contain the same plaintext message or not according to the coordinate points of the two receivers, and returning a judgment result. Compared with the existing ciphertext equivalence testing technology, the method can effectively resist off-line message recovery attack and has better safety performance.

Description

Identity-based ciphertext equivalence testing method, device, system and medium for authentication
Technical Field
The invention relates to an authentication identity-based ciphertext equivalence test method, device, system and medium, and belongs to the technical field of ciphertext equivalence test.
Background
With the rapid development of technology in recent years, the internet environment has been changed profoundly. The volume of data, whether enterprise or personal, is on a rapidly growing trend, which presents a significant challenge to local data storage and management. Cloud computing is applied to various fields as an efficient and convenient data processing technology. More and more businesses and individuals tend to deposit data to cloud servers to simplify the management of local data. However, the cloud service provides a user with powerful computing and storage capabilities, and also brings a problem of data privacy disclosure. For example, in 2021, 2 months, millions of accounting detection reports are leaked from an Indian government website, and the reports contain sensitive personal information such as the name, age, marital status, detection time, residential address and the like of a detected person; in 4 months 2021, facebook, a well-known social media platform in the united states, revealed more than 5.33 hundred million users' personal information.
The application of cryptography in cloud computing provides guarantee for user data privacy security, privacy data of a user can be encrypted and then stored in a cloud server, and data management becomes a new problem due to the change of the structure of the encrypted data. In this case, if a user wants to search for needed data, the user can only download all encrypted files stored on the cloud server to the local, and search after decryption. This type of query is not only inefficient but also consumes significant computing resources and local storage space.
The public key searchable encryption technology effectively solves the problem of retrieval of encrypted data, can enable a user to directly perform keyword retrieval on encrypted data without decryption, but can only realize retrieval of encrypted data under the same public key. The ciphertext equivalence test encryption technology provided later well makes up the defects of the public key searchable encryption technology, and can judge the equality of data encrypted by different public keys without decryption. The ciphertext equivalence test encryption technology has a wide application prospect, for example, in the medical field, in order to better protect privacy of patients, hospitals generally store disease information of the patients on a cloud server after encrypting the disease information, when the patients A and B want to find people with the same disease to share treatment experience and encourage each other, the ciphertext equivalence test encryption technology is needed, the patients A and B can respectively use private keys of the patients A and B to calculate an authorization trapdoor and send the authorization trapdoor to the cloud server, and the cloud server taking the authorization trapdoor can test whether the two patients have the same disease or not without decryption. However, when the plaintext space is small, most of the existing various ciphertext equivalent test encryption technologies cannot resist offline message recovery attack, and the main reason is that under the existing public key cryptosystem, anyone can generate a legal ciphertext, so that under the condition that the plaintext space is small, the cloud service can generate the ciphertext of each message in the plaintext space in an exhaustion manner, and execute a test algorithm after obtaining the authorization authorized by the user, so as to correctly guess the plaintext information corresponding to the ciphertext of the user.
Disclosure of Invention
In view of this, the invention provides an authenticated identity-based ciphertext equivalence test method, device, system and storage medium, which can effectively resist offline message recovery attack and have better security performance compared with the existing ciphertext equivalence test technology.
The invention aims to provide an identity-based ciphertext equivalence testing method for authentication.
The second purpose of the invention is to provide an identity-based ciphertext equivalence testing device for authentication.
The third purpose of the invention is to provide an authenticated identity-based ciphertext equivalence test system.
It is a fourth object of the present invention to provide a computer-readable storage medium.
The first purpose of the invention is achieved by adopting the following technical scheme:
an authentication identity-based ciphertext equivalence testing method is applied to a cloud server, and comprises the following steps:
obtaining authorized trapdoors of two receivers, wherein the two receivers are a receiver A and a receiver B respectively;
acquiring the pre-stored ciphertexts of the two receivers from the memory;
extracting a second dense text segment and a fourth dense text segment in the dense texts of the two receivers;
restoring a coordinate point hidden in ciphertext according to a second ciphertext segment, a fourth ciphertext segment and an authorized trapdoor of the ciphertexts of the two receivers;
and judging whether the ciphertexts of the two receivers contain the same plaintext message or not according to the coordinate points of the two receivers, and returning a judgment result.
Further, the recovering of the coordinate point hidden in the ciphertext according to the second ciphertext segment, the fourth ciphertext segment and the authorized trapdoor of the ciphertext of the two receivers specifically includes:
using ciphertext C of recipient A A Second cipher text segment C in 2,A Fourth ciphertext segment C 4,A And an authorized trapdoor td A And a sixth hash function H in the common parameter 6 Calculating
Figure BDA0003812568880000021
Recovering the hidden ciphertext C A Coordinate information x of (1) 1 ||x 2 ||y 1 ||y 2 And converted into coordinate points (x) 1 ,y 1 ),(x 2 ,y 2 );
Using ciphertext C of recipient B B Second cipher text segment C in 2,B Fourth ciphertext segment C 4,B And an authorized trapdoor td B And a sixth hash function H in the common parameter 6 Calculating
Figure BDA0003812568880000022
Recovering to be hidden in ciphertext C B Coordinate information x in 1 ′||x 2 ′||y 1 ′||y 2 ', and converted into coordinate points (x) 1 ′,y 1 ′),(x 2 ′,y 2 ′)。
Further, the determining, according to the coordinate points of the two receivers, whether ciphertexts of the two receivers contain the same plaintext message specifically includes:
using two coordinate points (x) of receiver a 1 ,y 1 ),(x 2 ,y 2 ) And one coordinate point (x) of the receiver B 1 ′,y 1 ') construct a quadratic polynomial and use the two coordinate points (x) of receiver B 1 ′,y 1 ′),(x 2 ′,y 2 ') andone coordinate point (x) of the receiver a 1 ,y 1 ) Constructing another quadratic polynomial;
judging whether the constant terms of the two constructed quadratic polynomials are the same or not;
if the constant terms of the two quadratic polynomials are the same, the ciphertext of the two receivers contains the same plaintext information;
if the constant terms of the two quadratic polynomials are different, the ciphertexts of the two receivers contain different plaintext information.
Further, the authorized trapdoors of the two receivers are calculated as follows:
using the private key of receiver A
Figure BDA0003812568880000031
And identity information ID of the sender s Calculating authorized trapdoors for receiver A
Figure BDA0003812568880000032
Wherein
Figure BDA0003812568880000033
Using the private key of receiver B
Figure BDA0003812568880000034
And identity information ID of the sender s Computing authorized trapdoors for recipient B
Figure BDA0003812568880000035
Wherein
Figure BDA0003812568880000036
The second purpose of the invention is achieved by adopting the following technical scheme:
an authentication identity-based ciphertext equivalence testing device applied to a cloud server, the device comprising:
the first acquisition module is used for acquiring authorized trapdoors of two receivers, wherein the two receivers are a receiver A and a receiver B respectively;
the second acquisition module is used for acquiring the pre-stored ciphertext of the two receivers from the memory;
the extraction module is used for extracting a second secret text segment and a fourth secret text segment in the secret texts of the two receivers;
the recovery module is used for recovering the coordinate points hidden in the ciphertext according to the second ciphertext segment, the fourth ciphertext segment and the authorized trapdoor of the ciphertexts of the two receivers;
and the judging module is used for judging whether the ciphertexts of the two receivers contain the same plaintext message or not according to the coordinate points of the two receivers and returning a judgment result.
The third purpose of the invention is achieved by adopting the following technical scheme:
an authenticated identity-based ciphertext equivalence testing system comprises a user side, a key generation center and a cloud server, wherein the user side is respectively connected with the key generation center and the cloud server;
when the user side is used as a sender, the user side is used for generating three points according to the plaintext message and the public parameters; determining a quadratic polynomial by using the three points; randomly selecting two coordinate points on a quadratic polynomial; acquiring two random numbers, a private key of a sender and a public key of a receiver; encrypting the plaintext message by using the two random numbers, the two coordinate points, the private key of the sender and the public key of the receiver to obtain a ciphertext, and uploading the ciphertext to a cloud server;
when the user side is used as a receiver, the user side is used for acquiring a ciphertext to be decrypted, a private key of the receiver and a public key of a sender; recovering a plaintext message and a random number by using the first cipher text segment and the third cipher text segment of the ciphertext and a private key of a receiver; recovering two coordinate points by utilizing a fourth ciphertext fragment of the ciphertext, a private key of a receiver and a public key of a sender; calculating three points according to the recovered plaintext message and the public parameter, and reconstructing a quadratic polynomial by using the three points; the correctness of the ciphertext is verified by utilizing the random number, the two coordinate points and the quadratic polynomial, and if the ciphertext passes the verification, a plaintext message is output;
the key generation center is used for generating a master private key and a public parameter based on a security parameter; receiving a registration request sent by a user side, generating a public and private key pair of the user, and feeding back the public and private key pair of the user to the user side;
the cloud server is used for executing the ciphertext equivalence testing method.
Further, three points are generated according to the plaintext message and the common parameter, as follows:
Figure BDA0003812568880000041
Figure BDA0003812568880000042
Figure BDA0003812568880000043
where m is the plaintext message, η 1 、η 2 、η 3 、η 4 、η 5 And η 6 For six random numbers in a common parameter, H 3 Is a third hash function in the common parameters.
Further, three points P are utilized 1 、P 2 、P 3 Uniquely determining a quadratic polynomial f (x), and randomly selecting two coordinate points (x) on the quadratic polynomial 1 ,y 1 ) And (x) 2 ,y 2 ) Wherein y is 1 =f(x 1 ),y 2 =f(x 2 )。
Further, the plaintext message is encrypted by using the two random numbers, the two coordinate points, the private key of the sender and the public key of the receiver to obtain a ciphertext, as follows:
Figure BDA0003812568880000044
Figure BDA0003812568880000045
Figure BDA0003812568880000046
wherein, C 1 、C 2 、C 3 、C 4 And C 5 Five ciphertext fragments, r, of the ciphertext C 1 And r 2 Is two random numbers, (x) 1 ,y 1 ) And (x) 2 ,y 2 ) The two coordinate points are taken as the two coordinate points,
Figure BDA0003812568880000047
Figure BDA0003812568880000048
is the sender's private key
Figure BDA0003812568880000049
The first part of (a) is,
Figure BDA00038125688800000410
public key for receiver
Figure BDA00038125688800000411
Second part of (1), H 4 As a fourth hash function in the common parameter, H 5 As a fifth hash function in the common parameter, H 6 As a sixth hash function in the common parameter, H 7 M is a plaintext message as a seventh hash function in the common parameter.
Further, the plaintext message and the random number are recovered by using the first ciphertext segment, the third ciphertext segment of the ciphertext and the private key of the receiver, as follows:
Figure BDA00038125688800000412
wherein the content of the first and second substances,
Figure BDA0003812568880000051
private key for recipient
Figure BDA0003812568880000052
Third part of (1), C 1 The first ciphertext fragment, C, of the ciphertext 3 Third ciphertext fragment, H, of the ciphertext 4 A fourth hash function in the public parameter;
and recovering two coordinate points by using the fourth ciphertext segment of the ciphertext, the private key of the receiver and the public key of the sender, as follows:
Figure BDA0003812568880000053
wherein, the first and the second end of the pipe are connected with each other,
Figure BDA0003812568880000054
private key for recipient
Figure BDA0003812568880000055
Second part of (1), C 4 Fourth ciphertext fragment, H, being a ciphertext 5 As a fifth hash function in the common parameters,
Figure BDA0003812568880000056
the fourth purpose of the invention is achieved by adopting the following technical scheme:
a computer-readable storage medium storing a program which, when executed by a processor, implements the above-described ciphertext equivalence test method.
Compared with the prior art, the invention has the following beneficial effects:
1. after the authorization trapdoors authorized by two receivers are obtained through the cloud server, random points on a quadratic polynomial used in a ciphertext construction process are recovered respectively based on a second ciphertext segment and a fourth ciphertext segment in the ciphertext of the two receivers, the construction of the quadratic polynomial is carried out by utilizing the recovered random points, the value of a constant term corresponding to the polynomial is calculated, and whether plaintext messages contained in the ciphertext are the same or not can be known by judging whether the values of the two constant terms are the same or not.
2. The invention considers that most of the prior ciphertext equivalent test encryption technologies can not resist off-line message recovery attack under the condition of small plaintext space, and prevents any third party except a sender from generating legal ciphertext by adding the private key of the sender in the ciphertext generating process, thereby effectively resisting the attack and improving the safety.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the structures shown in the drawings without creative efforts.
Fig. 1 is a block diagram of a structure of an authenticated identity-based ciphertext equivalence testing system according to an embodiment of the present invention.
Fig. 2 is a flowchart of data encryption in the authenticated identity-based ciphertext equivalence test system according to the embodiment of the present invention.
Fig. 3 is a flowchart of data decryption in the authenticated identity-based ciphertext equivalence test system according to the embodiment of the present invention.
Fig. 4 is a flowchart of ciphertext equivalence testing in the authenticated identity-based ciphertext equivalence testing system of the embodiments of the present invention.
Fig. 5 is a block diagram of a data encryption apparatus in the authenticated identity-based ciphertext equivalence test system according to the embodiment of the present invention.
Fig. 6 is a block diagram of a data decryption apparatus in the authenticated identity-based ciphertext equivalence test system according to the embodiment of the present invention.
Fig. 7 is a block diagram of a structure of a ciphertext equivalence testing apparatus in the authenticated identity-based ciphertext equivalence testing system according to the embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer and more complete, the technical solutions in the embodiments of the present invention will be described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some embodiments of the present invention, but not all embodiments, and all other embodiments obtained by a person of ordinary skill in the art without creative efforts based on the embodiments of the present invention belong to the protection scope of the present invention.
Example 1:
as shown in fig. 1, the embodiment provides an authenticated identity-based ciphertext equivalence testing system, which includes a user side, a key generation center, and a cloud server, where the user side is connected to the key generation center and the cloud server, respectively.
The ciphertext equivalence test system of the embodiment is specifically implemented as follows:
(1) Initialization procedure
Based on the security parameter λ, a master private key msk and a public parameter pp are generated, which specifically include: setting two orders to p
Figure BDA0003812568880000061
And
Figure BDA0003812568880000062
group of
Figure BDA0003812568880000063
And a bilinear map
Figure BDA0003812568880000064
Then, seven anti-collision hash functions are selected:
Figure BDA0003812568880000065
Figure BDA0003812568880000066
wherein l represents
Figure BDA0003812568880000067
The bit length of the middle element; and then randomly from
Figure BDA0003812568880000068
Selects three numbers alpha, beta and gamma, sets the (alpha, beta and gamma) as a main private key msk, and sets the (g) as a master private key msk 1 =g α ,g 2 =g β ,g 3 =g γ ) Setting as a master public key mpk; and then randomly from {0,1} λ Selecting six random numbers gamma 1 ,γ 2 ,γ 3 ,γ 4 ,γ 5 And gamma 6 (ii) a Finally, outputting the common parameters
Figure BDA0003812568880000069
Figure BDA00038125688800000610
Master private key msk = (α, β, γ); wherein H 1 Is a first hash function, H 2 Is a second hash function, H 3 Is a third hash function, H 4 Is a fourth hash function, H 5 Is a fifth hash function, H 6 Is a sixth hash function, H 7 Is a seventh hash function.
(2) User key generation process
The user sends the ID of the user identity information to the key generation center for registration, and after the key generation center receives the user registration request, the key generation center performs registration according to the system parameters
Figure BDA00038125688800000611
Figure BDA00038125688800000612
Calculating private key of user by using master private key msk = (alpha, beta, gamma) and identity information ID of user
Figure BDA00038125688800000613
Public key
Figure BDA00038125688800000614
Figure BDA0003812568880000071
And SK is combined ID And PK ID And feeding back to the user, and finishing the registration process by the user.
(3) Data encryption process
The user side can implement the data encryption process when acting as the sender, as shown in fig. 2, including the following steps:
s201, three points are generated according to the plaintext message and the public parameters.
Obtaining six random numbers eta in common parameter 1 、η 2 、η 3 、η 4 、η 5 、η 6 And a third hash function H 3 Using the plaintext message m, the random number η 1 、η 2 、η 3 、η 4 、η 5 And η 6 And a third hash function H 3 Generating three points P 1 、P 2 And P 3 The following formula:
Figure BDA0003812568880000072
Figure BDA0003812568880000073
Figure BDA0003812568880000074
s202, utilizing the three points P 1 、P 2 And P 3 A quadratic polynomial f (x) is determined.
S203, randomly selecting two coordinate points (x) on the quadratic polynomial 1 ,y 1 ) And (x) 2 ,y 2 ) Wherein y is 1 =f(x 1 ),y 2 =f(x 2 )。
S203, acquiring two random numbers, a private key of a sender and a public key of a receiver.
From
Figure BDA0003812568880000075
Two random numbers r are selected 1 And r 2 Obtaining the public key of the receiver
Figure BDA0003812568880000076
Figure BDA0003812568880000077
And the sender's private key
Figure BDA0003812568880000078
Figure BDA0003812568880000079
S204, encrypting the plaintext message by using the two random numbers, the two coordinate points, the private key of the sender and the public key of the receiver to obtain a ciphertext, and uploading the ciphertext to a cloud server.
Using two random numbers r 1 ,r 2 Two coordinate points (x) 1 ,y 1 ) And (x) 2 ,y 2 ) Sender's private key
Figure BDA00038125688800000710
And public key of receiver
Figure BDA00038125688800000711
Encrypting the plaintext message m to obtain a ciphertext C = (C) 1 ,C 2 ,C 3 ,C 4 ,C 5 ) In which C is 1 、C 2 、C 3 、C 4 、C 5 Five cipher text segments of the cipher text C are calculated in the following way:
Figure BDA00038125688800000712
Figure BDA00038125688800000713
Figure BDA00038125688800000714
wherein the content of the first and second substances,
Figure BDA00038125688800000715
(3) Data decryption process
The user terminal can implement the data decryption process when the user terminal is used as a receiver, as shown in fig. 3, the method includes the following steps:
s301, obtaining a ciphertext to be decrypted, a private key of a receiver and a public key of a sender.
Wherein, the ciphertext C = (C) to be decrypted 1 ,C 2 ,C 3 ,C 4 ,C 4 ,C 5 ) Private key of the recipient
Figure BDA0003812568880000081
Figure BDA0003812568880000082
Sender's public key
Figure BDA0003812568880000083
Figure BDA0003812568880000084
S302, recovering the plaintext message and the random number by using the first ciphertext segment and the third ciphertext segment of the ciphertext and the private key of the receiver.
First ciphertext fragment C using ciphertext 1 And the third cipher text section C 3 And the recipient's private key
Figure BDA0003812568880000085
By calculation of
Figure BDA0003812568880000086
Recovering m | | | r 2
S303, recovering two coordinate points by using the fourth ciphertext fragment of the ciphertext, the private key of the receiver and the public key of the sender.
Fourth ciphertext fragment C using ciphertext 4 Private key of the recipient
Figure BDA0003812568880000087
And sender's public key
Figure BDA0003812568880000088
By calculation of
Figure BDA0003812568880000089
Recover x 1 ||x 2 ||y 1 ||y 2 Wherein
Figure BDA00038125688800000810
And S304, calculating three points according to the recovered plaintext message and the public parameter, and reconstructing a quadratic polynomial by using the three points.
The method used in step S304 is the same as that used in step S201, and six random numbers η in the common parameter are obtained 1 、η 2 、η 3 、η 4 、η 5 、η 6 And a third hash function H 3 Using the plaintext message m, the random number η 1 、η 2 、η 3 、η 4 、η 5 And η 6 And a third hash function H 3 Generating three points P 1 、P 2 And P 3 Using these three points P 1 、P 2 And P 3 A quadratic polynomial f (x) is constructed.
S305, the correctness of the ciphertext is verified by using the random number, the two coordinate points and the quadratic polynomial, and if the verification is passed, a plaintext message is output.
It is verified whether the following equations are all true:
Figure BDA00038125688800000811
f(x 1 )=y 1 ,f(x 2 )=y 2 ,
Figure BDA00038125688800000812
if the formulas are all true, outputting the plaintext message, otherwise, failing to decrypt.
(4) Authenticated identity-based ciphertext equivalence test process
The ciphertext equivalence testing process can be realized through the cloud server, and as shown in fig. 4, the method comprises the following steps:
s401, obtaining authorized trapdoors of two receivers.
The two receivers are respectively a receiver A and a receiver B, and the private key of the receiver A is utilized
Figure BDA0003812568880000091
And identity information ID of the sender s Calculating authorized trapdoors for receiver A
Figure BDA0003812568880000092
Wherein
Figure BDA0003812568880000093
Using the private key of receiver B
Figure BDA0003812568880000094
And identity information ID of the sender s Computing authorized trapdoors for recipient B
Figure BDA0003812568880000095
Wherein
Figure BDA0003812568880000096
Recipient A and recipient B will authorize trapdoor td A And td B And sending the information to the cloud server.
S402, obtaining the pre-stored ciphertext of the two receivers from the memory.
Specifically, after the cloud server obtains the trapdoors of the receiver a and the receiver B, the ciphertext C of the receiver a is obtained from the memory A =(C 1,A ,C 2,A ,C 3,A ,C 4,A ,C 5,A ) And ciphertext (C) of receiver B 1,B ,C 2,B ,C 3,B ,C 4,B ,C 5,B )。
S403, extracting a second secret text segment and a fourth secret text segment in the secret texts of the two receivers.
Specifically, the second ciphertext fragment C in the ciphertext of the receiver A is extracted 2,A And fourth ciphertext fragment C 4,A And extracting a second ciphertext fragment C of the ciphertext of the receiver B 2,B And fourth ciphertext fragment C 4,B
S404, according to the second ciphertext segment, the fourth ciphertext segment and the authorized trapdoor of the ciphertexts of the two receivers, the coordinate points hidden in the ciphertext are restored.
Using ciphertext C of recipient A A Second ciphertext fragment C in 2,A Fourth ciphertext segment C 4,A And authorization trapdoor td A And a sixth hash function H in the common parameter 6 Calculating
Figure BDA0003812568880000097
Recovering to be hidden in ciphertext C A Coordinate information x of (1) 1 ||x 2 ||y 1 ||y 2 And converted into coordinate points (x) 1 ,y 1 ),(x 2 ,y 2 )。
Using ciphertext C of recipient B B Second ciphertext fragment C in 2,B Fourth cipher text segment C 4,B And an authorized trapdoor td B And a sixth hash function H in the common parameter 6 Calculating
Figure BDA0003812568880000098
Recovering to be hidden in ciphertext C B Coordinate information x in 1 ′||x 2 ′||y 1 ′||y 2 ', and converted into coordinate points (x) 1 ′,y 1 ′),(x 2 ′,y 2 ′)。
S405, judging whether the ciphertexts of the two receivers contain the same plaintext message or not according to the coordinate points of the two receivers, and returning a judgment result.
Further, the step S405 specifically includes:
s4051, using two coordinate points (x) of receiver A 1 ,y 1 ),(x 2 ,y 2 ) And one coordinate point (x) of the receiver B 1 ′,y 1 ') construct a polynomial and use two coordinate points (x) of receiver B 1 ′,y 1 ′),(x 2 ′,y 2 ') and one coordinate point of receiver A (x) 1 ,y 1 ) Another polynomial is constructed.
S4052, judging whether the constant terms of the two structural polynomials are the same.
S4053, if the constant terms of the two polynomials are the same, the ciphertext of the receiver a and the ciphertext of the receiver B contain the same plaintext information, and returns 1 with 1 as the same determination result.
S4054, if the constant terms of the two polynomials are different, the ciphertext of receiver a and the ciphertext of receiver B contain different plaintext information, and return to 0 with 1 as a different determination result.
According to the content of the above process, the embodiment further provides a data encryption device, a data decryption device and an authenticated identity-based ciphertext equivalence testing device, and when the user side is used as a sender, the data encryption device is used; when the user terminal is used as a receiver, the data decryption device is used; the cloud server comprises an authenticated identity-based ciphertext equivalence testing device.
As shown in fig. 5, the data encryption apparatus in this embodiment includes a generating module 501, a determining module 502, a selecting module 503, an obtaining module 504, and an encrypting module 505, and the specific functions of each module are as follows:
a generating module 501, configured to generate three points according to the plaintext message and the common parameter.
A determining module 502 for determining a quadratic polynomial using the three points.
And the selecting module 503 is configured to randomly select two coordinate points on the quadratic polynomial.
An obtaining module 504 is configured to obtain the two random numbers, the private key of the sender, and the public key of the receiver.
The encryption module 505 is configured to encrypt the plaintext message by using the two random numbers, the two coordinate points, the private key of the sender, and the public key of the receiver to obtain a ciphertext, and upload the ciphertext to the cloud server.
As shown in fig. 6, the data decryption apparatus in this embodiment includes an obtaining module 601, a first recovering module 602, a second recovering module 603, a reconstructing module 604, and a verifying module 605, and the specific functions of each module are as follows:
the obtaining module 601 is configured to obtain a ciphertext to be decrypted, a private key of a receiver, and a public key of a sender.
The first recovering module 602 is configured to recover the plaintext message and the random number by using the first ciphertext segment of the ciphertext, the third ciphertext segment of the ciphertext, and the private key of the recipient.
The second recovering module 603 is configured to recover the two coordinate points by using the fourth ciphertext fragment of the ciphertext, the private key of the receiver, and the public key of the sender.
And a reconstructing module 604, configured to calculate three points according to the recovered plaintext message and the common parameter, and reconstruct a quadratic polynomial using the three points.
The verification module 605 is configured to perform verification on correctness of the ciphertext by using the random number, the two coordinate points, and the quadratic polynomial, and if the verification passes, output a plaintext message.
The ciphertext equivalence testing apparatus of this embodiment is shown in fig. 7, and the apparatus includes a first obtaining module 701, a second obtaining module 702, an extracting module 703, a recovering module 704, and a determining module 705, where specific functions of each module are as follows:
a first obtaining module 701, configured to obtain authorized trapdoors of two receivers.
A second obtaining module 702, configured to obtain the pre-stored ciphertexts of the two receivers from the memory.
The extracting module 703 is configured to extract a second secret document segment and a fourth secret document segment in the secret documents of the two receivers.
The recovering module 704 is configured to recover the hidden coordinate point in the ciphertext according to the second ciphertext segment, the fourth ciphertext segment, and the authorized trapdoor of the two recipient ciphertexts.
The determining module 705 is configured to determine whether ciphertexts of two receivers contain the same plaintext message according to the coordinate points of the two receivers, and return a determination result.
It should be noted that although the method operations of the above-described embodiments are depicted in the drawings in a particular order, this does not require or imply that these operations must be performed in this particular order, or that all of the illustrated operations must be performed, to achieve desirable results. Rather, the depicted steps may change the order of execution. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions.
It should be noted that the apparatus provided in the foregoing embodiment is only illustrated by dividing the functional modules, and in practical applications, the above functions may be distributed by different functional modules as needed, that is, the internal structure is divided into different functional modules to complete all or part of the functions described above.
The computer readable storage medium of the present embodiments may be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
In summary, in the ciphertext equivalence test method of the present invention, after the authorized trapdoors authorized by two receivers are obtained by the cloud server, the random points on the quadratic polynomial used in the ciphertext construction process are recovered based on the second ciphertext segment and the fourth ciphertext segment in the ciphertext of the two receivers, the recovered random points are used to construct the quadratic polynomial and calculate the value of the constant term corresponding to the polynomial, and whether the plaintext messages contained in the ciphertext are the same can be known by determining whether the values of the two constant terms are the same.
The above description is only for the preferred embodiments of the present invention, but the protection scope of the present invention is not limited thereto, and any person skilled in the art can substitute or change the technical solution and the inventive concept of the present invention within the scope of the present invention.

Claims (10)

1. An authentication identity-based ciphertext equivalence testing method is applied to a cloud server, and is characterized by comprising the following steps:
obtaining authorized trapdoors of two receivers, wherein the two receivers are a receiver A and a receiver B respectively;
acquiring the pre-stored ciphertexts of the two receivers from the memory;
extracting a second dense text segment and a fourth dense text segment in the dense texts of the two receivers;
restoring a coordinate point hidden in the ciphertext according to a second ciphertext segment, a fourth ciphertext segment and an authorized trapdoor of the ciphertext of the two receivers;
and judging whether the ciphertexts of the two receivers contain the same plaintext message or not according to the coordinate points of the two receivers, and returning a judgment result.
2. The ciphertext equivalence testing method of claim 1, wherein the recovering the coordinate points hidden in the ciphertext according to a second ciphertext segment, a fourth ciphertext segment, and an authorized trapdoor of the two recipient ciphertexts comprises:
using ciphertext C of recipient A A Second cipher text segment C in 2,A Fourth cipher text segment C 4,A And authorization trapdoor td A And a sixth hash function H in the common parameter 6 Calculating
Figure FDA0003812568870000011
RecoveryAppearing hidden in ciphertext C A Coordinate information x in 1 ||x 2 ||y 1 ||y 2 And converted into coordinate points (x) 1 ,y 1 ),(x 2 ,y 2 );
Using ciphertext C of recipient B B Second cipher text segment C in 2,B Fourth cipher text segment C 4,B And authorization trapdoor td B And a sixth hash function H in the common parameter 6 Calculating
Figure FDA0003812568870000012
Recovering the hidden ciphertext C B Coordinate information x in 1 ′||x 2 ′||y 1 ′||y 2 ', and converted into coordinate points (x) 1 ′,y 1 ′),(x 2 ′,y 2 ′)。
3. The ciphertext equivalence testing method according to claim 1, wherein the determining whether ciphertexts of two receivers contain identical plaintext messages according to coordinate points of the two receivers includes:
using two coordinate points (x) of receiver a 1 ,y 1 ),(x 2 ,y 2 ) And one coordinate point (x) of the receiver B 1 ′,y 1 ') construct a quadratic polynomial and use the two coordinate points (x) of receiver B 1 ′,y 1 ′),(x 2 ′,y 2 ') and one coordinate point (x) of receiver A 1 ,y 1 ) Constructing another quadratic polynomial;
judging whether the constant terms of the two constructed quadratic polynomials are the same or not;
if the constant terms of the two quadratic polynomials are the same, the ciphertext of the two receivers contains the same plaintext information;
if the constant terms of the two quadratic polynomials are different, the ciphertext of the two receivers contains different plaintext information.
4. The ciphertext equivalence test method of any of claims 1-3, wherein the authorized trapdoors for the two recipients are calculated as follows:
using the private key of receiver a
Figure FDA0003812568870000021
And identity information ID of the sender s Computing authorized trapdoors for receiver A
Figure FDA0003812568870000022
Wherein
Figure FDA0003812568870000023
Using the private key of receiver B
Figure FDA0003812568870000024
And identity information ID of the sender s Calculating authorized trapdoors for receiver B
Figure FDA0003812568870000025
Wherein
Figure FDA0003812568870000026
5. An authentication identity-based ciphertext equivalence testing device applied to a cloud server is characterized by comprising:
the first acquisition module is used for acquiring authorized trapdoors of two receivers, wherein the two receivers are a receiver A and a receiver B respectively;
the second acquisition module is used for acquiring the pre-stored ciphertexts of the two receivers from the memory;
the extraction module is used for extracting a second dense text segment and a fourth dense text segment in the dense texts of the two receivers;
the recovery module is used for recovering the coordinate points hidden in the ciphertext according to the second ciphertext segment, the fourth ciphertext segment and the authorized trapdoor of the ciphertexts of the two receivers;
and the judging module is used for judging whether the ciphertexts of the two receivers contain the same plaintext message or not according to the coordinate points of the two receivers and returning a judgment result.
6. An authenticated identity-based ciphertext equivalence testing system is characterized by comprising a user side, a key generation center and a cloud server, wherein the user side is respectively connected with the key generation center and the cloud server;
when the user side is used as a sender, the user side is used for generating three points according to the plaintext message and the public parameters; determining a quadratic polynomial by using the three points; randomly selecting two coordinate points on a quadratic polynomial; acquiring two random numbers, a private key of a sender and a public key of a receiver; encrypting the plaintext message by using the two random numbers, the two coordinate points, the private key of the sender and the public key of the receiver to obtain a ciphertext, and uploading the ciphertext to a cloud server;
when the user side is used as a receiver, the user side is used for acquiring a ciphertext to be decrypted, a private key of the receiver and a public key of a sender; recovering a plaintext message and a random number by using the first ciphertext segment and the third ciphertext segment of the ciphertext and a private key of a receiver; recovering two coordinate points by utilizing a fourth ciphertext fragment of the ciphertext, a private key of a receiver and a public key of a sender; calculating three points according to the recovered plaintext message and the public parameter, and reconstructing a quadratic polynomial by using the three points; the correctness of the ciphertext is verified by utilizing the random number, the two coordinate points and the quadratic polynomial, and if the ciphertext passes the verification, a plaintext message is output;
the key generation center is used for generating a master private key and a public parameter based on a security parameter; receiving a registration request sent by a user side, generating a public and private key pair of the user, and feeding back the public and private key pair of the user to the user side;
the cloud server is used for executing the ciphertext equivalence testing method of any one of claims 1-4.
7. The ciphertext equivalence test system of claim 6, wherein the three points are generated based on the plaintext message and the common parameters, as follows:
Figure FDA0003812568870000031
Figure FDA0003812568870000032
Figure FDA0003812568870000033
where m is the plaintext message, η 1 、η 2 、η 3 、η 4 、η 5 And η 6 For six random numbers in a common parameter, H 3 Is a third hash function in the common parameters.
8. The ciphertext equivalence test system of claim 6, wherein the ciphertext is obtained by encrypting a plaintext message using two random numbers, two coordinate points, a sender's private key, and a receiver's public key, as follows:
Figure FDA0003812568870000034
Figure FDA0003812568870000035
Figure FDA0003812568870000036
wherein, C 1 、C 2 、C 3 、C 4 And C 5 Five ciphertext fragments, r, of the ciphertext C 1 And r 2 Is two random numbers, (x) 1 ,y 1 ) And (x) 2 ,y 2 ) The two coordinate points are taken as the two coordinate points,
Figure FDA0003812568870000037
Figure FDA0003812568870000038
is the private key of the sender
Figure FDA0003812568870000039
The first part of (a) is,
Figure FDA00038125688700000310
public key for receiver
Figure FDA00038125688700000311
Second part of (1), H 4 As a fourth hash function in the common parameter, H 5 As a fifth hash function in the common parameter, H 6 As a sixth hash function in the common parameter, H 7 M is a plaintext message as a seventh hash function in the common parameter.
9. The ciphertext equivalence test system of claim 6, wherein the plaintext message and the random number are recovered using the first ciphertext fragment, the third ciphertext fragment, and a private key of the recipient, as follows:
Figure FDA00038125688700000312
wherein the content of the first and second substances,
Figure FDA00038125688700000313
private key for recipient
Figure FDA00038125688700000314
Third part of (1), C 1 The first ciphertext fragment, C, of the ciphertext 3 Is the third ciphertext fragment of the ciphertext,H 4 A fourth hash function in the public parameter;
and recovering two coordinate points by using the fourth ciphertext segment of the ciphertext, the private key of the receiver and the public key of the sender, as follows:
Figure FDA00038125688700000315
wherein the content of the first and second substances,
Figure FDA00038125688700000316
private key for recipient
Figure FDA00038125688700000317
Second part of (2), C 4 Fourth ciphertext fragment, H, being a ciphertext 5 As a fifth hash function in the common parameters,
Figure FDA00038125688700000318
10. a computer-readable storage medium storing a program, wherein the program, when executed by a processor, implements the ciphertext equivalence test method of any of claims 1-4.
CN202211016075.XA 2022-08-24 2022-08-24 Authentication ciphertext equivalent test method, device, system and medium based on identity Active CN115473703B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211016075.XA CN115473703B (en) 2022-08-24 2022-08-24 Authentication ciphertext equivalent test method, device, system and medium based on identity

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211016075.XA CN115473703B (en) 2022-08-24 2022-08-24 Authentication ciphertext equivalent test method, device, system and medium based on identity

Publications (2)

Publication Number Publication Date
CN115473703A true CN115473703A (en) 2022-12-13
CN115473703B CN115473703B (en) 2024-04-12

Family

ID=84365768

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211016075.XA Active CN115473703B (en) 2022-08-24 2022-08-24 Authentication ciphertext equivalent test method, device, system and medium based on identity

Country Status (1)

Country Link
CN (1) CN115473703B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116709325A (en) * 2023-08-07 2023-09-05 北京数盾信息科技有限公司 Mobile equipment security authentication method based on high-speed encryption algorithm
CN116707798A (en) * 2023-07-11 2023-09-05 西华大学 Ciphertext examination method, device and system based on equivalence test

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009223035A (en) * 2008-03-17 2009-10-01 Oki Semiconductor Co Ltd Key generation method of hyperbola code
CN105447361A (en) * 2014-08-27 2016-03-30 华为技术有限公司 Encryption and similarity measurement method, terminal and server
CN106549753A (en) * 2016-10-18 2017-03-29 电子科技大学 The encipherment scheme that a kind of support ciphertext of identity-based compares
US20200044832A1 (en) * 2018-07-31 2020-02-06 International Business Machines Corporation System and method for quantum resistant public key encryption
CN112152803A (en) * 2020-09-15 2020-12-29 河海大学 Identity-based encryption method and system with multiple receiver ciphertext searchable
CN112328955A (en) * 2020-10-16 2021-02-05 中国地质调查局沈阳地质调查中心 Method for processing gravity and magnetic data, storage medium and device
CN113067702A (en) * 2021-03-17 2021-07-02 西安电子科技大学 Identity-based encryption method supporting ciphertext equivalence test function

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2009223035A (en) * 2008-03-17 2009-10-01 Oki Semiconductor Co Ltd Key generation method of hyperbola code
CN105447361A (en) * 2014-08-27 2016-03-30 华为技术有限公司 Encryption and similarity measurement method, terminal and server
CN106549753A (en) * 2016-10-18 2017-03-29 电子科技大学 The encipherment scheme that a kind of support ciphertext of identity-based compares
US20200044832A1 (en) * 2018-07-31 2020-02-06 International Business Machines Corporation System and method for quantum resistant public key encryption
CN112152803A (en) * 2020-09-15 2020-12-29 河海大学 Identity-based encryption method and system with multiple receiver ciphertext searchable
CN112328955A (en) * 2020-10-16 2021-02-05 中国地质调查局沈阳地质调查中心 Method for processing gravity and magnetic data, storage medium and device
CN113067702A (en) * 2021-03-17 2021-07-02 西安电子科技大学 Identity-based encryption method supporting ciphertext equivalence test function

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
向宏;李思遥;蔡斌;: "密文明文长度比可变的多变量公钥加密方案", 重庆大学学报, no. 07, 15 July 2017 (2017-07-15) *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116707798A (en) * 2023-07-11 2023-09-05 西华大学 Ciphertext examination method, device and system based on equivalence test
CN116707798B (en) * 2023-07-11 2024-05-17 西华大学 Ciphertext examination method, device and system based on equivalence test
CN116709325A (en) * 2023-08-07 2023-09-05 北京数盾信息科技有限公司 Mobile equipment security authentication method based on high-speed encryption algorithm
CN116709325B (en) * 2023-08-07 2023-10-27 北京数盾信息科技有限公司 Mobile equipment security authentication method based on high-speed encryption algorithm

Also Published As

Publication number Publication date
CN115473703B (en) 2024-04-12

Similar Documents

Publication Publication Date Title
CN111639361B (en) Block chain key management method, multi-person common signature method and electronic device
US11381398B2 (en) Method for re-keying an encrypted data file
CN109614818B (en) Authorized identity-based keyword search encryption method
CN110213042A (en) A kind of cloud data duplicate removal method based on no certification agency re-encryption
US20110145576A1 (en) Secure method of data transmission and encryption and decryption system allowing such transmission
CN106803784A (en) The multi-user based on lattice is fuzzy in secure multimedia cloud storage can search for encryption method
US20190116180A1 (en) Authentication system, authentication method, and program
JP5506704B2 (en) Decryption system, key device, decryption method, and program
CN115473703A (en) Identity-based ciphertext equivalence testing method, device, system and medium for authentication
CN113067702B (en) Identity-based encryption method supporting ciphertext equivalence test function
CN101924739A (en) Method for encrypting, storing and retrieving software certificate and private key
CN114338038B (en) Storage system for secret inquiry of block chain data and careless transmission method
CN111475690B (en) Character string matching method and device, data detection method and server
Abo-Alian et al. Auditing-as-a-service for cloud storage
CN110266490B (en) Keyword ciphertext generation method and device of cloud storage data
CN112804052A (en) User identity encryption method based on composite order group
KR101217491B1 (en) A method for searching keyword based on public key
Yang et al. Provable Ownership of Encrypted Files in De-duplication Cloud Storage.
Itakura et al. Proposal on a multifactor biometric authentication method based on cryptosystem keys containing biometric signatures
CN109462581A (en) The ciphertext De-weight method that violence dictionary opponent persistently attacks can be resisted
CN112765570B (en) Identity-based provable data holding method supporting data transfer
CN115174600A (en) Ciphertext data encryption and safe retrieval method and device for cloud storage system
KR20100003093A (en) Method of producing searchable keyword encryption based on public key for minimizing data size of searchable keyword encryption and method of searching data based on public key through that
Yang et al. RLWE-Based ID-DIA protocols for cloud storage
Ma et al. Threshold reusable fuzzy extractor and an application to joint access control via biometric information

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant