CN117131209B - Phrase searching and verifying method and system for encrypted data based on blockchain - Google Patents
Phrase searching and verifying method and system for encrypted data based on blockchain Download PDFInfo
- Publication number
- CN117131209B CN117131209B CN202311397883.XA CN202311397883A CN117131209B CN 117131209 B CN117131209 B CN 117131209B CN 202311397883 A CN202311397883 A CN 202311397883A CN 117131209 B CN117131209 B CN 117131209B
- Authority
- CN
- China
- Prior art keywords
- document
- encrypted
- blockchain
- search result
- omega
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 42
- 238000012795 verification Methods 0.000 claims abstract description 36
- 238000012360 testing method Methods 0.000 claims description 10
- 238000013475 authorization Methods 0.000 claims description 6
- 230000008569 process Effects 0.000 claims description 5
- 238000013524 data verification Methods 0.000 claims description 4
- 239000000284 extract Substances 0.000 claims 2
- 238000004364 calculation method Methods 0.000 abstract description 3
- 238000004891 communication Methods 0.000 abstract description 2
- 238000010586 diagram Methods 0.000 description 4
- 230000008901 benefit Effects 0.000 description 3
- 238000007689 inspection Methods 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 201000010099 disease Diseases 0.000 description 2
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 2
- 206010061216 Infarction Diseases 0.000 description 1
- 239000000654 additive Substances 0.000 description 1
- 230000000996 additive effect Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 230000036772 blood pressure Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000003814 drug Substances 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000003344 environmental pollutant Substances 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 239000003337 fertilizer Substances 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000007574 infarction Effects 0.000 description 1
- 238000007726 management method Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 208000010125 myocardial infarction Diseases 0.000 description 1
- 210000004165 myocardium Anatomy 0.000 description 1
- 231100000719 pollutant Toxicity 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000010200 validation analysis Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/38—Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
- G06F16/31—Indexing; Data structures therefor; Storage structures
- G06F16/316—Indexing structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F40/00—Handling natural language data
- G06F40/20—Natural language analysis
- G06F40/279—Recognition of textual entities
- G06F40/289—Phrasal analysis, e.g. finite state techniques or chunking
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- Computer Security & Cryptography (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Bioethics (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Library & Information Science (AREA)
- Artificial Intelligence (AREA)
- Audiology, Speech & Language Pathology (AREA)
- Computational Linguistics (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a phrase searching and verifying method and system for encrypted data based on a blockchain, wherein the method comprises the following steps: s1: the method comprises the steps that the Internet of things equipment generates a key set by using private parameters; s2: generating a security index from a given document, keyword, and key setIEncryption databaseTList of examinationsCLAnd location lookup tableLLTThe method comprises the steps of carrying out a first treatment on the surface of the S3: the data user acquires the sharing parameters from the key set and generates a retrieval trapdoor by combining the phrase to be queried; s4: cloud server utilizationI、T、LLTSearching with trapdoor to obtain search resultRThe method comprises the steps of carrying out a first treatment on the surface of the S5: block chainI、CL、LLTAnd trapdoor to obtain verification standard value, forRVerifying, and comparing the evidence withRSending the data to a data user; s6: the data user judges the search result according to the evidence, if yes, the encrypted document is decrypted to check the plaintext. The method of the invention can improve phrase searching efficiency, realize reliable and fair verification of the searching result and reduce communication and calculation cost.
Description
Technical Field
The invention relates to the field of blockchain and phrase searching, in particular to a phrase searching and verifying method and system for encrypted data based on a blockchain.
Background
In recent years, the Internet of things is rapidly developed, is widely applied to the fields of agriculture, industry, medicine and the like, improves crop yield and production efficiency, reduces fertilizer use and pollutant emission, assists green development, and protects the health of patients. Sensors of devices in the internet of things network generate large amounts of data that are stored in a local or cloud server. The cloud storage of the internet of things data can reduce the cost of local storage and management, realize efficient data processing and analysis, and also facilitate data sharing among different data users.
However, this brings new concerns about security and privacy. Since the cloud server is not trusted, unauthorized internal data users may attempt to access sensitive data (e.g., patient's disease name, blood pressure, etc.), and some hackers may also illegally access the data, which may lead to compromised data users' privacy. Therefore, in order to ensure confidentiality of data, the internet of things data is generally encrypted and then outsourced to the cloud.
In order to realize keyword search of encrypted data and keep balance between search efficiency and security, song proposes a concept of searchable encryption. Phrase searching is an important technology for searchable encryption, which can search for a series of consecutive keywords in a sentence or document. Existing single-keyword or multi-keyword encryption search schemes cannot be directly applied to phrase searches because they cannot determine the relative locations of keywords. For example, in electronic medical systems, certain diseases are represented by phrases such as "myocardial infarction. When searching for this phrase using the multi-keyword encryption search scheme, the cloud server may return search results that contain both "myocardium" and "infarct," but they may not be displayed as phrases. Obviously, the search results contain many invalid documents. Therefore, it is important to design phrase search schemes.
Another challenge to phrase searches is verification of search results. Because of system failure or cost savings, the cloud server may return partial or incorrect search results to the data user, thus, it is necessary to verify the results of the phrase search.
In existing verifiable phrase search schemes, both search results and verification evidence are generated by a cloud server and then sent to a data user for verification. Such verification schemes are unreliable because the search results and verification evidence may be forged by the cloud server (e.g., the server may store only a portion of the documents and search index to gain economic benefit, in which case the search results and verification evidence are incomplete). In addition, the data user may forge the verification result to save costs, and may cause the verification result to be unreliable. In recent studies, some researchers have adopted blockchain techniques. These schemes guarantee the reliability of the validation based on the inherent invariance properties of the blockchain and obtain ideal experimental results. However, these schemes mainly focus on encryption searching of a single keyword, and cannot be applied to phrase searching.
Disclosure of Invention
In order to solve the technical problems, the invention provides a phrase searching and verifying method and system for encrypted data based on a blockchain.
The technical scheme of the invention is as follows: a phrase search and verification method for blockchain-based encrypted data, comprising:
step S1: the method comprises the steps that the Internet of things equipment generates a key set by using private parameters;
step S2: according to a given set of documents PRF and id thereof, a set of keywords W and a Key set Key, the Internet of things device generates a security index I, an encryption database T, a check list CL and a location lookup table LLT, and uploads (I, T, LLT) to a cloud server and (I, CL, LLT) to a blockchain;
step S3: data user obtains shared parameters from the key setAccording to the phrase to be queriedAnd->Co-generation search trapdoor->;
Step S4: the cloud server utilizes the security index I, the encryption database T, the location lookup table LLT and the trapdoorSearching the encrypted data to obtain a search result R;
step S5: blockchain utilizes the secure index I, the checklist CL, the location lookup table LLT, and the trapdoorSearching the encrypted data to obtain a reference value Acc corresponding to the search result on the chain, and calculating the test value of the search result R>By comparing Acc with +.>Verification of the search result R is achieved, for example, verification is achieved by sending proof and the search result R to the data user;
step S6: the data user authenticates whether the search result is valid, if so, based on proof, and decrypts the encrypted document using the symmetric key to view plaintext.
Compared with the prior art, the invention has the following advantages:
1. the invention discloses a phrase searching and verifying method of encrypted data based on a blockchain. The method comprises the steps that the internet of things equipment encrypts all documents by means of symmetric encryption to obtain ciphertext, calculates a hash value of each ciphertext through sha256, adds the hash value into an inspection list, and finally sends the hash value to a blockchain; the internet of things device and the blockchain are completely trusted, i.e., the internet of things device can honest collect data and generate a secure index and check list.
2. The invention uses the block chain to fairly verify the search result, and the verification result is reliable and can not be forged. To enable reliable verification of search results, a copy of the secure index is stored on the blockchain. Using this copy and trapdoor, the blockchain can search for reliable results and calculate a reference Acc using the checklist. Block chain computing test values for search resultsIf->Then proof=1,otherwise proof=0. The blockchain returns search results and proof to the data user. In particular, in the invention, the blockchain only stores the identification of the document, does not store ciphertext, and the ciphertext is stored on the server.
3. The invention designs a phrase recognition distance discrimination algorithm to determine the positions of the keywords of the phrases, and can realize accurate search of the phrases.
Drawings
FIG. 1 is a flow chart of a phrase search and verification method for blockchain-based encrypted data in accordance with an embodiment of the present invention;
FIG. 2 is a schematic diagram of a physical structure of an embodiment of the present invention;
FIG. 3 is a timing diagram of a phrase search and verification method for blockchain-based encrypted data in accordance with an embodiment of the present invention;
FIG. 4 is a block diagram of a phrase search and verification system for blockchain-based encrypted data in accordance with an embodiment of the present invention.
Detailed Description
The invention provides a phrase searching and verifying method for encrypted data based on a blockchain, which utilizes the blockchain to reliably verify the result of phrase searching on cloud-internet of things data, and simultaneously utilizes a homomorphic encrypted novel lookup table and a phrase identification distance discrimination algorithm to identify phrases under ciphertext, thereby improving phrase searching efficiency and reducing communication and calculation cost.
The present invention will be further described in detail below with reference to the accompanying drawings by way of specific embodiments in order to make the objects, technical solutions and advantages of the present invention more apparent. Before describing the specific implementation method of the present invention, the present invention will be first described assuming that the basic concepts and algorithms used are:
(1) In the invention, the Internet of things equipment and the blockchain are assumed to be completely trusted, namely, the Internet of things equipment can collect data honest and generate a safe index and check list. The block chain performs fair verification on the search result, and the verification result is reliable and cannot be forged; it is assumed that the server and the data user are not trusted. The cloud server may store only a portion of the index and ciphertext to save storage resources. At the same time, it may dishonest perform the search to save computational costs. In addition, other software/hardware failures may exist in the system. Both of these causes may result in incomplete or incorrect documents and proof of verification returned by the server. The data user is also untrustworthy in that it may falsify the verification result and refuse payment.
(2) Bitmap: a group of information is represented by binary character strings, and the binary character strings are widely used for storing document identifiers in encryption searching, so that the storage space can be effectively reduced. In the present invention, each keywordA bitmap, which contains alpha bits, alpha is the number of documents in the system. If the jth document contains +>The value of alpha at the j position is 1, otherwise 0.
(3) Homomorphic encryption: an encryption primitive can convert a ciphertext into another ciphertext without altering a decryption key. The invention uses widely used Paillier additive homomorphic encryption to calculate the distance between keywords in the phrase.
(4) Location Lookup Table (LLT): an inverted index structure is adopted to ensure high searching efficiency, and each keyword not only corresponds to the IDs of a series of documents, but also stores all positions of the keywords in the documents.
(5) Phrase recognition distance discrimination algorithm: the order of keywords in a phrase may be represented by the labels and the distance between each of the remaining keywords and the labels.
Example 1
As shown in fig. 1, the phrase searching and verifying method for encrypted data based on blockchain provided by the embodiment of the invention includes the following steps:
step S1: the method comprises the steps that the Internet of things equipment generates a key set by using private parameters;
step S2: generating a security index I, an encryption database T, a check list CL and a position lookup table LLT by the Internet of things device according to a given document PRF and id thereof, a keyword W and a Key set Key, uploading (I, T, LLT) to a cloud server, and uploading (I, CL, LLT) to a blockchain;
step S3: data user obtains shared parameters from key setAccording to the phrase to be queried
And->Co-generation search trapdoor->;
Step S4: the cloud server utilizes the security index I, the encryption database T, the position lookup table LLT and the trapdoorSearching the encrypted data to obtain a search result R;
step S5: blockchain utilizes secure index I, checklist CL, location lookup table LLT and trapdoorSearching the encrypted data to obtain a reference value Acc corresponding to the search result on the chain, and calculating a test value +.>By comparing Acc with +.>Verification of the search result R is achieved, for example, verification is achieved by sending proof and the search result R to a data user;
step S6: the data user authenticates whether the search result is valid, based on proof, and if so, decrypts the encrypted document using the symmetric key to view plaintext.
The method of the present invention involves four entities: the system comprises Internet of things equipment, a data user, a cloud server and a blockchain, as shown in fig. 2. The internet of things equipment is responsible for encrypting data, sending a secure cable to a cloud server, sending an inspection list to a blockchain, and authorizing a data user; after the data user receives the authorization, a search trapdoor can be generated according to the search phrase and simultaneously sent to the cloud server and the blockchain; the cloud server performs data retrieval after receiving the search trapdoor and sends the search result to the blockchain; the block chain also performs data retrieval after receiving the search trapdoor, compares the retrieved data with a search result sent by the cloud server, and sends a comparison result proof and the search result to a data user; if proof=1, the data user receives the search result and decrypts and checks the plaintext, otherwise, the search result is wrong and the receiving is refused.
In one embodiment, S1 above: the secret parameter is used by the internet of things equipment to generate a key set, and the method specifically comprises the following steps:
step S11: internet of things device selection privacy parameters;
Step S12: by means ofGenerating a Key set->Wherein->Is an identifier of an encrypted document,/->Is a symmetric key->Is a pseudo-random function F, and (pk, sk) is a public key and a private key, respectively, encrypted using a Paillier.
Key set constructed by the embodiment of the invention,
Wherein,,/>,/>;/>。
the invention constructs the key set for encrypting the data in the subsequent steps, thereby protecting the security and privacy of the data. By converting the data into a format that is not readily understood, only authorized persons or systems can decrypt and access the content therein.
In one embodiment, step S2 above: based on a given set of documents PRF and its id, a set of keywords W and a Key set Key, the internet of things device generates a security index I, an encryption database T, a checklist CL and a location lookup table LLT, and uploads (I, T, LLT) to the cloud server and (I, CL, LLT) to the blockchain, including in particular:
step S21: internet of things device using symmetric encryptionEach document is processedEncryption as ciphertext->At the same time will->Stored in the encryption database T, will +.>Hash value +.>Stored in the checklist CL;
the specific implementation of the steps is shown in the following pseudo code lines 1-4 of the construction index algorithm;
step S22: the Internet of things equipment is used for each keywordGenerating bitmap->Will->Encryption-derived->Stored in the security index I;
step S23: internet of things device extraction documentKeyword->Position information of (a);
Step S24: usingEncrypting the position information to obtain encrypted position information +.>Wherein E represents paillier.enc;
step S25: keywords are processedDocument of the place->All of the encrypted location stores in (a)In a location look-up table LLT;
step S26: uploading (I, T, LLT) to the cloud server, while uploading (I, CL, LLT) to the blockchain.
The build index algorithm is shown as the following pseudocode:
,
the invention realizes the purpose of accelerating the efficiency of data retrieval and inquiry by constructing the index.
In one embodiment, step S22 described above: the Internet of things equipment is used for each keywordGenerating bitmapsWill->Encryption-derived->The security index I is stored in the security index I, and specifically comprises the following steps:
step S221: internet of things equipment useAnd keyword->Hash value +.>Generating a status value +.>;
Step S222: internet of things equipment randomly generates a group of binary character stringsAnd use +.>And->Generating keywords +.>Position coordinates in security index I +.>;
Step S223: internet of things equipment useAnd->For bitmaps->Encrypting to obtain an encrypted bitmap ++>Will beStored in the security index I.
The specific implementation of this step is shown in the 7 th to 8 th lines of the pseudo code of the above-described build indexing algorithm.
In one embodiment, step S25 is as follows: keywords are processedDocument of the place->The encrypted positions in (a) are stored in a position lookup table LLT, and specifically include:
calculating a storage position according to the following formulas (1) - (2):
(1)
(2)
wherein,representing encryption functions->Representing keywords +.>In document->The encrypted values for all of the locations where they occur,
representing keywords +.>The encrypted value of the location appears in all documents.
The specific implementation of this step is shown in the above-described pseudo code lines 10-11 of the build indexing algorithm.
In one embodiment, the step S3: data user obtains shared parameters from key setThen according to the phrase to be queried->Generating search trapdoor->The method specifically comprises the following steps:
step S31: obtaining shared parameters from an internet of things device by a data user;
Step S32: according toFor each keyword +.>Calculating trapdoor +.>;
Step S33: calculation ofAnd->The first keyword +.>The distance d between them, and encrypting d with Paillier. Enc (d) to obtain +.>;
Step S34: will beAnd->Added to trapdoor->And sent to the cloud server and blockchain.
The user authorization algorithm is shown in the following pseudo code:
,
the main purpose of the user authorization of the present invention is data access rights, ensuring that only authorized users can use specific resources, functions or information. User authorization is an important component of information security and data privacy, which involves determining who can access what content, and under what conditions.
In one embodiment, step S4 above: the cloud server utilizes the security index I, the encryption database T, the position lookup table LLT and the trapdoorSearching the encrypted data to obtain a search result R, which specifically comprises the following steps:
step S41: after receiving the search request, the cloud server analyzes the trapdoorAcquisition of;
Step S42: the slave according toObtain +.>According to->Acquisition->Bitmap of->;
Step S43: for all ofPerforming AND operation to obtain the inclusion +.>Document identifier set corresponding to all keywords in +.>;
Step S44: determining document identificationWhether the order of the keywords in each document corresponding to the character set is the same as the phraseThe order of the keywords in the document is consistent, if so, the corresponding document is +.>Added to the search results R.
The encryption retrieval algorithm is shown in the following pseudo code:
,
in one embodiment, step S44 described above: determining whether the order of keywords in each document corresponding to the identifier set is the same as a phraseThe order of the keywords in the search result R is consistent, if the order of the keywords in the search result R is consistent, the corresponding documents are added to the search result R, and the method specifically comprises the following steps:
step S441: for identifier setsIs +.>The cloud server selects a binary string flag of length (t-1) and sets all values to "0";
step S442: cloud server passing through、/>Obtaining the keyword +.>All positions of (3), />…,/>;
Step S443: the cloud server calculates the presence using formula (3)Keywords in the corresponding document->And the first keyword in the phrase ++>Distance between:
(3)
wherein,is a keyword->At->A location in the corresponding document;
step S444: if equation (3) holds, then the keywordAnd->The distance between the two is (d-1), which is the same as the distance in the phrase, and the cloud server sets the position (i-1) of the flag to be "1";
step S445: if all the positions of the flag are "1", thenCorresponding document->Containing the phrase->Find +.o from the encryption database T>And will->Added to the search results R.
The specific implementation of the step is shown in the 7 th to 19 th lines of pseudo codes of the encryption retrieval algorithm;
the 13 th to 16 th rows adopt phrase recognition distance discrimination algorithm, and the pseudo codes are as follows:
,
the encryption retrieval of the invention is that the cloud server carries out the phrase encryption retrieval of the Internet of things by utilizing the security index I, the encryption database T, the position lookup table LLT and the trapdoor, so as to obtain a search result.
In one embodiment, the step S5 is as follows: blockchain utilizes secure index I, checklist CL, location lookup table LLT and trapdoorSearching the encrypted data to obtain a reference value Acc corresponding to the search result on the chain, and calculating a test value +.>By comparing Acc with +.>Verification of the search result R is achieved, for example, by transmitting proof, the search result R to the data user, and specifically includes:
step S51:the blockchain executes the step S4 to search out the corresponding document identifier on the blockchain);
Step S52: blockchain utilizing document identificationHash values in search checklist CLAnd compresses it to a reference value Acc;
step S53: computing encrypted ciphertext for each document in RIs a hash value of (2): />And compresses it to the test value +.>;
Step S54: judging Acc andwhether equal, if so, let proof=1; otherwise, let proof=0;
step S55: the search results from R and proof are sent to the data user.
The data verification algorithm is shown as the following pseudo code:
,
the data verification of the invention is the process of searching the result R returned by the block chain verification cloud server, namely searching the security index I by using trapdoors by using the block chain, and obtaining a document identification set meeting the search phraseThen, the reference value Acc thereof is acquired. RecalculatingHash value of each ciphertext in search result R and aggregate into test value +.>If Acc and->Equal, proof proof=1, otherwise 0. And finally, transmitting R and proof to a data user.
In one embodiment, step S6 above: the data user decrypts the encrypted document through the symmetric key to view the plaintext, and specifically comprises the following steps:
step S61: the data user judges the received proof, if proof=1, the search result R is accepted, otherwise R is refused;
step S62: for the accepted search result R, the data user decrypts the document in the received search result R by using the symmetric key, acquires the plaintext of the document, and completes the phrase searching process.
The data decryption of the invention is that the data user decrypts the encrypted document by using the symmetric key for checking the plaintext for the document passing through the verification, and the phrase searching process is completed.
FIG. 3 is a timing diagram of a phrase search and verification method for blockchain-based encrypted data.
Example two
As shown in FIG. 4, an embodiment of the present invention provides a phrase search and verification system for blockchain-based encrypted data, comprising the following modules:
a key set generation module 71, configured to generate a key set by using the privacy parameter by using the internet of things device;
an index module 72 is configured to generate, according to a given set of documents PRF and ids thereof, a set of keywords W and a Key set Key, a security index I, an encryption database T, an inspection list CL and a location lookup table LLT, upload (I, T, LLT) to a cloud server, and upload (I, CL, LLT) to a blockchain;
a data user authorization module 73 for the data user to obtain the sharing parameters from the key setAccording to the phrase to be queried->And->Co-generation search trapdoor->;
An encryption retrieval module 74 for the cloud server to utilize the security index I, the encryption database T, the location lookup table LLT and trapdoorsSearching the encrypted data to obtain a search result R;
a data verification module 75 for blockchain utilization security index I, checklist CL, location lookup table LLT, and trapdoorSearching the encrypted data to obtain a reference value Acc corresponding to the search result on the chain, and calculating a test value +.>By comparing Acc with +.>Verification of the search result R is achieved, for example, verification is achieved by sending proof and the search result R to a data user;
a data decryption module 76 for the data user to identify if the search result is valid based on proof, and if so, to decrypt the encrypted document using the symmetric key to view plaintext.
The above examples are provided for the purpose of describing the present invention only and are not intended to limit the scope of the present invention. The scope of the invention is defined by the appended claims. Various equivalents and modifications that do not depart from the spirit and principles of the invention are intended to be included within the scope of the invention.
Claims (5)
1. A method for phrase searching and verifying of blockchain-based encrypted data, comprising:
step S1: the secret parameter is used by the internet of things equipment to generate a key set, and the method specifically comprises the following steps:
step S11: the internet of things device selects a privacy parameter lambda;
step S12: generating a Key set key= { K using λ 1 ,K 2 ,K 3 Pk, sk }, where K 1 Is an identifier of an encrypted document, K 2 Is a symmetric key, K 3 Is a key of a pseudo-random function F, (pk, sk) is a public key and a private key, respectively, encrypted using a Paillier;
step S2: according to a given set of documents PRF and id thereof, a set of keywords W and a Key set Key, the Internet of things device generates a security index I, an encryption database T, a check list CL and a location lookup table LLT, and uploads (I, T, LLT) to a cloud server and (I, CL, LLT) to a blockchain, and the method specifically comprises the following steps:
step S21: the internet of things device uses symmetric encryption Enc (K 2 ,PRF i ) PRF each document i E PRF encryption to ciphertext C i At the same time C i Stored in an encryption database T, C i Hash value hash of (a) i Stored in the checklist CL;
step S22: the Internet of things equipment is characterized in that each keyword omega j Generating bitmap B from E W ωj Will B ωj V obtained after encryption B Stored in the security index I;
step S23: the internet of things device extracts documents PRF i Medium keyword omega j Position information (pos) 1 ,pos 2 ,...,pos m );
Step S24: using Paillier. Enc (pos) m ) The position information is encrypted to obtain encrypted position information (E (pos 1 ),E(pos 1 ),..., E(pos m ) Wherein E represents paillier.enc;
step S25: keyword omega j Located document (id) 1 ,id 2 ,...,id i ) Storing all the encrypted positions in a position lookup table LLT;
step S26: uploading (I, T, LLT) to the cloud server while uploading (I, CL, LLT) to the blockchain;
step S3: the data user obtains the sharing parameter omega from the key set and inquires the phrase according to the phrase to be inquiredTogether with omega, generate search trapdoor TK k,Q The method specifically comprises the following steps:
step S31: the data user obtains a sharing parameter omega= { K from the Internet of things equipment 3 ,pk};
Step S32: according to K 3 For each keywordCalculating trapdoor t thereof ωk ;
Step S33: calculating omega k Andthe first keyword +.>The distance d between the two is encrypted by Paillier. Enc (d) to obtain E d ;
Step S34: let t ωk And E is d Added to trapdoor TK k,Q And send to cloud server and blockchain;
step S4: the cloud server utilizes the security index I, the encryption database T, the position lookup table LLT and the trapdoor TK k,Q Searching the encrypted data to obtain a search result R, which specifically comprises the following steps:
step S41: after receiving the search request, the cloud server analyzes the trapdoor TK k,Q Obtain { t } ω1 , t ω2 , ..., t ωK , E 1 , E 2 , ..E t-1 };
Step S42: from according to t ωk Obtaining v from security index I B According to v B Obtaining omega k Bitmap B of ωk ;
Step S43: for all B ω And operation is performed to obtain the inclusionSet of document identifiers ID corresponding to all keywords in a document B ;
Step S44: determining whether the order of keywords in each document corresponding to the document identifier set is identical to the phraseThe order of the keywords in the documents is consistent, if so, the corresponding documents PRF are obtained i Adding the search result R;
step S5: blockchain utilizes the secure index I, the checklist CL, the location lookup LLT, and the trapdoor TK k,Q Searching the encrypted data to obtain a reference value Acc corresponding to the search result on the chain, calculating a test value Acc 'of the search result R, and comparing Acc with Acc' to realize verification of the search result R, wherein the verification comprises the steps of sending proof and the search result R to the data user:
step S51: the blockchain executes the step S4 to search out the corresponding document identifier on the blockchain);
Step S52: blockchain using the document identification) Searching hash value hash in the check list CL i And compresses it to a reference value Acc;
step S53: computing an encrypted ciphertext C for each document in R j Is a hash value of (2): hash j = H(C j ) And compress it intoTest value Acc';
step S54: judging whether Acc is equal to Acc', if so, making proof=1; otherwise, let proof=0;
step S55: transmitting the search result and proof from R to a data user;
step S6: the data user identifies whether the search result is valid or not according to proof, if so, the data user decrypts the encrypted document by using the symmetric key to check plaintext, and the method specifically comprises the following steps:
step S61: the data user judges the received proof, if proof=1, the data user receives a search result R, otherwise, the data user refuses R;
step S62: for the accepted search result R, the data user decrypts the document in the data user by using the symmetric key, acquires the plaintext of the document, and completes the phrase searching process.
2. The phrase searching and verifying method of blockchain-based encrypted data of claim 1, wherein the step S22: the Internet of things equipment is characterized in that each keyword omega j Generating bitmap B from E W ωj Will B ωj V obtained after encryption B The security index I is stored in the security index I, and specifically comprises the following steps:
step S221: the Internet of things equipment uses K 3 And keyword omega j Hash value H (ω) j ) Generating a state value u ωj ;
Step S222: the internet of things equipment randomly generates a group of binary character strings st j And utilize st j And u ωj Generating keyword omega j Position coordinate t in security index I ωj ;
Step S223: the internet of things equipment uses st j And u ωj For bitmap B ωj Encrypting to obtain an encrypted bitmap v B Will v B Stored in the security index I.
3. The phrase searching and verifying method of blockchain-based encrypted data of claim 1, wherein the step S25: keyword omega j Located document (id) 1 ,id 2 ,...,id i ) The encrypted positions in (a) are stored in a position lookup table LLT, and specifically include:
calculating a storage position according to the following formulas (1) - (2):
(1)
(2)
wherein pi represents an encryption function,representing keyword omega j In document PRF i The encrypted values for all of the locations where they occur,
LLT(t ωj ) Representing keyword omega j The encrypted value of the location appears in all documents.
4. The phrase searching and verifying method of blockchain-based encrypted data of claim 1, wherein the step S44: determining whether the order of keywords in each document corresponding to the identifier set is identical to the phraseThe order of the keywords in the search result R is consistent, if the order of the keywords in the search result R is consistent, the corresponding documents are added to the search result R, and the method specifically comprises the following steps:
step S441: for the identifier set ID B Each document identifier of (a)The cloud server selects a binary string flag of length (t-1) and sets all values to "0";
step S442: the cloud server passes through t ωi 、Obtaining the keyword omega from the location lookup table LLT j Is +.>, />…, />;
Step S443: the cloud server calculates the presence using formula (3)Keyword omega in corresponding document j (j >1) And the first keyword in the phrase ++>Distance between:
(3)
wherein,is keyword omega j At->A location in the corresponding document;
step S444: if equation (3) holds, then keyword ω 1 And omega j The distance between the two is (d-1), which is the same as the distance in the phrase, and the cloud server sets the position (i-1) of the flag to be '1';
step S445: if all the positions of the flag are "1", thenCorresponding document PRF i Containing the phrase->Finding PRF from encryption database T i And PRF is carried out i Added to the search results R.
5. A blockchain-based phrase search and verification system for encrypted data, comprising the following modules:
the key set generating module is used for generating a key set by using private parameters by the Internet of things equipment, and specifically comprises the following steps:
step S11: the internet of things device selects a privacy parameter lambda;
step S12: generating a Key set key= { K using λ 1 ,K 2 ,K 3 Pk, sk }, where K 1 Is an identifier of an encrypted document, K 2 Is a symmetric key, K 3 Is a key of a pseudo-random function F, (pk, sk) is a public key and a private key, respectively, encrypted using a Paillier;
the method comprises the steps of constructing an index module, wherein the index module is used for generating a security index I, an encryption database T, a check list CL and a position lookup table LLT according to a given document PRF and id thereof, a keyword W and a Key set Key, uploading (I, T, LLT) to a cloud server and uploading (I, CL, LLT) to a blockchain, and specifically comprises the following steps:
step S21: the internet of things device uses symmetric encryption Enc (K 2 ,PRF i ) PRF each document i E PRF encryption to ciphertext C i At the same time C i Stored in an encryption database T, C i Hash value hash of (a) i Stored in the checklist CL;
step S22: the Internet of things equipment is characterized in that each keyword omega j Generating bitmap B from E W ωj Will B ωj V obtained after encryption B Stored in the security index I;
step S23: the internet of things device extracts documents PRF i Medium keyword omega j Position information (pos) 1 ,pos 2 ,...,pos m );
Step S24: using Paillier. Enc (pos) m ) The position information is encrypted to obtain encrypted position information (E (pos 1 ),E(pos 1 ),..., E(pos m ) Wherein E represents paillier.enc;
step S25: keyword omega j Located document (id) 1 ,id 2 ,...,id i ) Storing all the encrypted positions in a position lookup table LLT;
step S26: uploading (I, T, LLT) to the cloud server while uploading (I, CL, LLT) to the blockchain;
the data user authorization module is used for the data user to acquire the sharing parameter omega from the key set and to inquire the phrase according to the phrase to be inquiredTogether with omega, generate search trapdoor TK k,Q The method specifically comprises the following steps:
step S31: the data user obtains a sharing parameter omega= { K from the Internet of things equipment 3 ,pk};
Step S32: according to K 3 For each keywordCalculating trapdoor t thereof ωk ;
Step S33: calculating omega k Andthe first keyword +.>The distance d between the two is encrypted by Paillier. Enc (d) to obtain E d ;
Step S34: let t ωk And E is d Added to trapdoor TK k,Q And send to cloud server and blockchain;
an encryption retrieval module for the cloud server to utilize the security indexI. The encryption database T, the location lookup table LLT and the trapdoor TK k,Q Searching the encrypted data to obtain a search result R, which specifically comprises the following steps:
step S41: after receiving the search request, the cloud server analyzes the trapdoor TK k,Q Obtain { t } ω1 , t ω2 , ..., t ωK , E 1 , E 2 , ..E t-1 };
Step S42: from according to t ωk Obtaining v from security index I B According to v B Obtaining omega k Bitmap B of ωk ;
Step S43: for all B ω And operation is performed to obtain the inclusionSet of document identifiers ID corresponding to all keywords in a document B ;
Step S44: determining whether the order of keywords in each document corresponding to the document identifier set is identical to the phraseThe order of the keywords in the documents is consistent, if so, the corresponding documents PRF are obtained i Adding the search result R;
a data verification module for blockchain to utilize the security index I, the checklist CL, the location lookup table LLT and the trapdoor TK k,Q Searching the encrypted data to obtain a reference value Acc corresponding to the search result on the chain, calculating a test value Acc 'of the search result R, and comparing Acc with Acc' to realize verification of the search result R, wherein the verification comprises the steps of sending proof and the search result R to the data user:
step S51: the blockchain executes the step S4 to search out the corresponding document identifier on the blockchain);
Step S52: blockchain using the document identification) Searching hash value hash in the check list CL i And compresses it to a reference value Acc;
step S53: computing an encrypted ciphertext C for each document in R j Is a hash value of (2): hash j = H(C j ) And compresses it to a test value Acc';
step S54: judging whether Acc is equal to Acc', if so, making proof=1; otherwise, let proof=0;
step S55: transmitting the search result and proof from R to a data user;
the data decryption module is configured to identify whether the search result is valid according to proof, if so, decrypt the encrypted document by using the symmetric key to view plaintext, and specifically includes:
step S61: the data user judges the received proof, if proof=1, the data user receives a search result R, otherwise, the data user refuses R;
step S62: for the accepted search result R, the data user decrypts the document in the data user by using the symmetric key, acquires the plaintext of the document, and completes the phrase searching process.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311397883.XA CN117131209B (en) | 2023-10-26 | 2023-10-26 | Phrase searching and verifying method and system for encrypted data based on blockchain |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311397883.XA CN117131209B (en) | 2023-10-26 | 2023-10-26 | Phrase searching and verifying method and system for encrypted data based on blockchain |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117131209A CN117131209A (en) | 2023-11-28 |
| CN117131209B true CN117131209B (en) | 2024-02-13 |
Family
ID=88856781
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311397883.XA Active CN117131209B (en) | 2023-10-26 | 2023-10-26 | Phrase searching and verifying method and system for encrypted data based on blockchain |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117131209B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107766739A (en) * | 2017-09-18 | 2018-03-06 | 北京理工大学 | Towards the phrase retrieval method and its device of cipher text data |
| CN112632598A (en) * | 2020-12-09 | 2021-04-09 | 西安电子科技大学 | Encrypted data retrieval and sharing method, system, medium, equipment and application |
| CN113626853A (en) * | 2021-07-03 | 2021-11-09 | 西安电子科技大学 | Searchable encryption method based on block chain and information data processing terminal |
| CN114531220A (en) * | 2022-01-12 | 2022-05-24 | 重庆邮电大学 | Efficient fault-tolerant dynamic phrase searching method based on forward privacy and backward privacy |
| CN114884650A (en) * | 2022-03-21 | 2022-08-09 | 江苏大学 | Searchable encryption method based on safe inverted index |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2347345A2 (en) * | 2008-10-13 | 2011-07-27 | Faroo Assets Limited | System and method for distributed index searching of electronic content |
-
2023
- 2023-10-26 CN CN202311397883.XA patent/CN117131209B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN107766739A (en) * | 2017-09-18 | 2018-03-06 | 北京理工大学 | Towards the phrase retrieval method and its device of cipher text data |
| CN112632598A (en) * | 2020-12-09 | 2021-04-09 | 西安电子科技大学 | Encrypted data retrieval and sharing method, system, medium, equipment and application |
| CN113626853A (en) * | 2021-07-03 | 2021-11-09 | 西安电子科技大学 | Searchable encryption method based on block chain and information data processing terminal |
| CN114531220A (en) * | 2022-01-12 | 2022-05-24 | 重庆邮电大学 | Efficient fault-tolerant dynamic phrase searching method based on forward privacy and backward privacy |
| CN114884650A (en) * | 2022-03-21 | 2022-08-09 | 江苏大学 | Searchable encryption method based on safe inverted index |
Non-Patent Citations (1)
| Title |
|---|
| 基于区块链的动态可验证对称可搜索加密方案;徐万山 等;《软件学报》;第34卷(第11期);5392-5407 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117131209A (en) | 2023-11-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113626484B (en) | Encryption method, system and computer equipment capable of flexibly replacing ciphertext and searching | |
| US7571472B2 (en) | Methods and apparatus for credential validation | |
| JP6180177B2 (en) | Encrypted data inquiry method and system capable of protecting privacy | |
| US8595504B2 (en) | Light weight authentication and secret retrieval | |
| Li et al. | Secure and verifiable multikey image search in cloud-assisted edge computing | |
| CN111339539B (en) | Efficient encrypted image retrieval method under multi-user environment | |
| CN114021164B (en) | Credit system privacy protection method based on block chain | |
| CN116032464A (en) | Property data encryption system based on quantum communication | |
| Zhang et al. | Toward privacy-preserving aggregate reverse skyline query with strong security | |
| CN117037988B (en) | Electronic medical record storage method and device based on blockchain | |
| CN117131209B (en) | Phrase searching and verifying method and system for encrypted data based on blockchain | |
| CN111131153B (en) | Biological identity information authentication method based on 5G cloud and mist mixed unified authentication platform | |
| Nie et al. | Time-enabled and verifiable secure search for blockchain-empowered electronic health record sharing in IoT | |
| CN115412259B (en) | Block chain-based cloud health system searchable proxy signcryption method and product | |
| CN115278673A (en) | Lightweight biometric authentication method and system based on joint biometric identification | |
| JP7132506B2 (en) | Confidential Information Retrieval System, Confidential Information Retrieval Program, and Confidential Information Retrieval Method | |
| CN110059630B (en) | Verifiable outsourced monitoring video pedestrian re-identification method with privacy protection | |
| Fan et al. | Cloud-based lightweight RFID healthcare privacy protection protocol | |
| Hu et al. | Security and privacy protocols for perceptual image hashing | |
| CN113868450A (en) | Remote sensing image safety retrieval method based on block chain | |
| CN114900318B (en) | One-round communication searchable encryption method based on key negotiation protocol and verifiable | |
| Meraoumia et al. | Biometric cryptosystem to secure smart object communications in the internet of things | |
| CN114201773B (en) | SkNN query method and system supporting access time limitation and verifiable result | |
| CN114070553B (en) | Private data matching method, system and storage medium | |
| Shenghao et al. | Privacy-preserving range query for high-dimensional uncertain data in a two-party scenario |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |