KR102123440B1 - Encryption method for supporting range query in multi-client environment and apparatus using the same - Google Patents

Abstract

Disclosed are an encryption method for supporting range query for ciphertexts in a multi-client environment and an apparatus using the same. According to an embodiment of the present invention, a method comprises the steps of: obtaining a user encryption key from a key generating device; generating a node set including a plurality of nodes on a path from a root node to a leaf node corresponding to data to be encrypted in a preset binary tree; and generating a ciphertext for the data to be encrypted based on the user encryption key, a label for the data to be encrypted, and the node set.

Description

An encryption method supporting range query in a multi-client environment and a device using the same {ENCRYPTION METHOD FOR SUPPORTING RANGE QUERY IN MULTI-CLIENT ENVIRONMENT AND APPARATUS USING THE SAME}

Embodiments of the invention relate to encryption technology.

Predicate Encryption (Predicate Encryption) is a secret key encryption technology that enables the equivalent operation between the attribute vector and the attribute of the encrypted message. Conventional predicate-based cryptography has been difficult to compare multiple ciphertexts generated by multiple clients at once. Some multiple predicate-based cryptography supports comparison of multiple ciphertexts generated by multiple clients, but the disadvantage of linear increase in the number of ciphertexts processed by the process of performing a query (or decryption) operation on multiple ciphertexts It was inefficient.

Range Query Encryption is an encryption technology that can check whether plain text is included in the queried range in an encrypted state. The existing range-queriable encryption technique was designed in 2007, but it is inefficient and difficult to apply to reality.

On the other hand, although the scope-query password and definition are different, an order-revealing encryption can be applied to the range query, and recently, a sequence-exposed password that efficiently supports a multi-client environment has been proposed. However, the order-exposed password has the disadvantage that it exposes more information than the range-query password in that the order of the ciphertext is exposed.

Republic of Korea Patent Registration No. 10-1695361 (January 2017. 11. Announcement)

Embodiments of the present invention are to provide an encryption method and a device using the same for supporting range queries in a multi-client environment.

A method according to an embodiment of the present invention is a method performed in a computing device having one or more processors, and a memory storing one or more programs executed by the one or more processors, the user password from the key generating device Obtaining a key; Generating a node set including a plurality of nodes in a path from a root node to a leaf node corresponding to data to be encrypted in a preset binary tree; And generating a cipher text for the data to be encrypted based on the user encryption key, a label for the data to be encrypted, and the node set.

A method according to an embodiment of the present invention is a method performed in a computing device having one or more processors, and a memory storing one or more programs executed by the one or more processors, for each of a plurality of users Generating a user encryption key and a master secret key; Providing the generated user encryption key to the client devices of each of the plurality of users; Receiving a query vector set including a plurality of range query vectors from the query device; Generating a token for the query vector set using a preset binary tree, the query vector set, and the master secret key; And providing the generated token to the query device.

A method according to an embodiment of the present invention is a method performed in a computing device having one or more processors, and a memory storing one or more programs executed by the one or more processors, the method comprising: Generating a vector set of queries including; Obtaining a token for the set of query vectors from a key generator; And a ciphertext for each of the plurality of data encrypted using different user encryption keys, a label for the plurality of data, and the token, between the data set containing the plurality of data and the query vector set. And determining whether to match.

An apparatus according to an embodiment of the present invention, one or more processors; Memory; And one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the program comprising: obtaining a user encryption key from a key generating device; Generating a node set including a plurality of nodes in a path from a root node to a leaf node corresponding to data to be encrypted in a preset binary tree; And instructions for executing the step of generating a ciphertext for the data to be encrypted based on the user encryption key, the label for the data to be encrypted, and the node set.

An apparatus according to an embodiment of the present invention, one or more processors; Memory; And one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, wherein the programs generate a user encryption key and a master secret key for each of the plurality of users. To do; Providing the generated user encryption key to the client devices of each of the plurality of users; Receiving a query vector set including a plurality of range query vectors from the query device; Generating a token for the query vector set using a preset binary tree, the query vector set, and the master secret key; And instructions for executing the step of providing the generated token to the query device.

An apparatus according to an embodiment of the present invention, one or more processors; Memory; And one or more programs, wherein the one or more programs are stored in the memory and configured to be executed by the one or more processors, the program generating a query vector set comprising a plurality of range query vectors. ; Obtaining a token for the set of query vectors from a key generator; And a ciphertext for each of the plurality of data encrypted using different user encryption keys, a label for the plurality of data, and the token, between the data set containing the plurality of data and the query vector set. It includes instructions for executing the step of determining whether or not the match.

According to embodiments of the present invention, an efficient range query operation for a plurality of ciphertexts generated by different clients in a multi-client environment is possible.

1 is a block diagram of an encryption system according to an embodiment of the present invention
2 is a diagram illustrating an example of a binary tree according to an embodiment
3 is a view for explaining a set of cover nodes according to an embodiment
4 is a flow chart for explaining the encryption process according to an embodiment of the present invention
5 is a flowchart for explaining a process of determining whether to match between a query vector set and a data set according to an embodiment of the present invention
6 is a block diagram illustrating and illustrating a computing environment including a computing device suitable for use in example embodiments.

Hereinafter, specific embodiments of the present invention will be described with reference to the drawings. The following detailed description is provided to aid in a comprehensive understanding of the methods, devices and/or systems described herein. However, this is only an example and the present invention is not limited thereto.

In describing the embodiments of the present invention, when it is determined that a detailed description of known technology related to the present invention may unnecessarily obscure the subject matter of the present invention, the detailed description will be omitted. In addition, terms to be described later are terms defined in consideration of functions in the present invention, which may vary according to a user's or operator's intention or practice. Therefore, the definition should be made based on the contents throughout this specification. The terminology used in the detailed description is only for describing embodiments of the present invention and should not be limiting. Unless expressly used otherwise, a singular form includes a plural form. In this description, expressions such as “including” or “equipment” are intended to indicate certain characteristics, numbers, steps, actions, elements, parts or combinations thereof, and one or more other than described. It should not be interpreted to exclude the presence or likelihood of other characteristics, numbers, steps, actions, elements, parts or combinations thereof.

1 is a block diagram of an encryption system according to an embodiment of the present invention.

Referring to FIG. 1, the encryption system 100 according to an embodiment of the present invention includes a key generating device 110, a plurality of client devices 120-1, 120-2, 120-n, a database 130, and Query device 140.

The key generating device 110 is a device for generating a master secret key, a user encryption key, and public parameters to be used in the encryption system 100, and is operated by a trusted entity, such as a trusted third party, for example. Can be.

Specifically, the key generating device 110 generates a user encryption key for each of a plurality of users participating in the encryption system 100, and a client used by each user to encrypt the user encryption key for each generated user Devices 120-1, 120-2, and 120-n.

In addition, the key generating device 110 generates a master secret key and a public parameter to safely store the master secret key, and the public parameter can be disclosed in the encryption system 100.

Meanwhile, the key generating device 110 may generate a token for a set of query vectors at the request of the query device 140 and provide it to the query device 140.

The client devices 120-1, 120-2, and 120-n are devices used by each user who has issued a user encryption key from the key generation device 110 for generating a ciphertext, and the client devices 120-1, 120 The number of -2, 120-n) may be changed according to embodiments.

Database 130 is for storing the ciphertext generated by each client device (120-1, 120-2, 120-n), each client device (120-1, 120-2, 120-n) and query It may be implemented in one or more servers or cloud environments accessible by the device 140.

The querying device 140 generates tokens for a set of query vectors provided from the key generating device 110 and a plurality of queries generated by the client devices 120-1, 120-2, and 120-n and stored in the database 130. By using the ciphertext, it is determined whether a match between a dataset including data encrypted by each of the plurality of ciphertexts and a query vector set.

Meanwhile, the encryption technique performed in the encryption system 100 illustrated in FIG. 1 may be composed of the following four algorithms.

Setup algorithm

,

및

를 생성할 수 있다.The setup algorithm receives security parameters 1 ^λ and the total number (n) of users to participate in the encryption system 100, and a cyclic group having a prime number p, respectively.

,

And

Can generate

를 만족하는 겹선형 함수(bilinear map)

,

를 만족하는

의 생성원(generator)

및

를 만족하는

의 생성원

를 생성할 수 있다. Also, the setup algorithm

Bilinear map that satisfies

,

Satisfying

Generator

And

Satisfying

Origin of

Can generate

인 정수)에 대해

를 만족하는

, 임의의 정수

및

를 선택하여 각 사용자에 대한 사용자 암호키

를 생성할 수 있다.After that, the setup algorithm is set to all i (where i is the user index

Phosphorus constants)

Satisfying

, Any integer

And

Select the user encryption key for each user

Can generate

를 만족하는

를 선택하고, 마스터 비밀키

를 생성할 수 있다.Also, the setup algorithm

Satisfying

Select and Master Secret Key

Can generate

로 맵핑시키는 해시 함수(hash function)

(즉,

) 및 깊이(depth)가

(이때,

은

인 정수)인 이진 트리(binary tree) BT를 생성할 수 있다.In addition, the setup algorithm can generate arbitrary strings.

Hash function to map to

(In other words,

) And depth

(At this time,

silver

Can generate a binary tree BT.

개의 상이한 값들 각각에 대응되며 이진 트리 내 깊이가

인 D개의 리프 노드(leaf node)를 포함하고, 리프 노드를 제외한 나머지 노드들이 각각 두 개의 자식 노드(child node)를 가지는 완전 이진 트리(perfect binary tree)로 구성될 수 있다. At this time, the binary tree is a root node with a depth of 1 in the binary tree, and

Corresponding to each of the different values and the depth in the binary tree

Including D leaf nodes, the remaining nodes except the leaf node may be composed of a perfect binary tree having two child nodes.

Meanwhile, node identification information for identifying each node in the binary tree may be assigned to each node included in the binary tree.

2 is a diagram illustrating an example of a binary tree according to an embodiment.

In the binary tree shown in FIG. 2, a circled portion indicates each node included in the binary tree, and an alphabet displayed on each node represents node identification information assigned to each node.

)인 이진 트리로서, 깊이가 1인 루트 노드(즉, 'A')와 각각 깊이가 4인 8개의 리프 노드(즉, 'H', 'I', 'J', 'K', 'L' 'M' 'N' 'O')를 포함하고 있으며, 리프 노드를 제외한 나머지 노드들은 각각 2개의 자식 노드를 가지고 있다.That is, the binary tree shown in FIG. 2 has a depth of 4 (ie,

) Is a binary tree, with a root node of depth 1 (ie'A') and 8 leaf nodes of depth 4 (ie'H','I','J','K','L) ''M''N''O'), and the rest of the nodes except the leaf node each have two child nodes.

Also, each of the eight leaf nodes may correspond to a different specific value. For example, leaf nodes'H','I','J','K','L''M''N' and'O' are respectively '10', '20', '30', ' It may correspond to 40', '50', '60', '70' and '80'.

On the other hand, in the example shown in FIG. 2, the node identification information assigned to each node is illustrated as an alphabet, but the node identification information is not necessarily limited to a specific form as long as a specific node can be identified in a binary tree.

In addition, the depth of the binary tree and the values corresponding to each leaf node in the binary tree may be variously modified according to embodiments.

Referring back to FIG. 1, in one embodiment of the present invention, the setup algorithm may be performed by the key generation device 110. In this case, the key generating device 110 may provide the user encryption key EK _i of each user generated by performing the setup algorithm to the client devices 120-1, 120-2, and 120-n of each user.

를 공개할 수 있다. 이때,

는 임의의 문자 열을

로 맵핑시키는 해시 함수(hash function)(즉,

)를 나타낸다. 또한, BT는 암호화 시스템(100) 내에서 이용할 이진 트리에 대한 정보(예를 들어, 이진 트리의 깊이, 각 리프 노드에 대응되는 값, 이진 트리 내 각 노드에 할당된 노드 식별 정보 등)를 나타낸다.In addition, the key generating device 110 securely stores the master secret key MK, and public parameters

Can be released. At this time,

Is a random string

Hash function to map to (i.e.

). In addition, BT represents information about a binary tree to be used in the encryption system 100 (eg, the depth of the binary tree, a value corresponding to each leaf node, node identification information assigned to each node in the binary tree, etc.). .

Encryption algorithm

The encryption algorithm is based on a set of nodes including a user encryption key, public parameters, a label for the data to be encrypted, and nodes in the path from the root node to the leaf node corresponding to the data to be encrypted in the binary tree. You can create a cipher text for the data to be encrypted.

At this time, the label for the data to be encrypted is information that is set in the encryption system 100 or is given to data to be encrypted according to a method previously agreed between users in the encryption system 100, for example, data to be encrypted. It may be classified information, information about the time point associated with the data to be encrypted, but is not necessarily limited to specific information.

As a specific example, when the data to be encrypted is a value for a specific attribute of biological data such as iris data, fingerprint data, genetic data, etc. of a specific person, the label for the data may be information indicating the specific attribute. As another example, when the data to be encrypted is the first semester grade data of the first semester grade data and the second semester grade data of a specific class, the label for the data may be information indicating that the first semester grade data.

Meanwhile, according to an embodiment, the encryption algorithm may be performed through the following procedure.

1. Create a node set

에 대응되는 리프 노드까지의 경로 상에 있는 노드들을 포함하는 노드 집합

을 생성한다.First, the encryption algorithm is the data to be encrypted from the root node in the binary tree.

Node set including nodes on the path to the leaf node corresponding to

Produces

에 대응되는 리프 노드가 'I'인 경우, 암호화 알고리즘은 이진 트리 내에서 루트 노드 'A'로부터 리프 노드 'I'까지의 경로 상에 있는 노드들, 즉, 'A', 'B', 'D' 및 'I'를 포함하는 노드 집합을 생성할 수 있다.For example, in the binary tree shown in FIG. 2,

If the leaf node corresponding to is'I', the encryption algorithm is the nodes on the path from the root node'A' to the leaf node'I' in the binary tree, that is,'A','B', ' A node set including D'and'I' may be generated.

2. Pseudo random number generation

의 식별 정보에 대한 의사 난수(pseudo-random number)를 생성할 있다. After creating the node set, the encryption algorithm is used for each node in the node set.

Pseudo-random number for identification information of.

의 식별 정보에 대한 의사 난수

를 생성할 수 있다.At this time, the encryption algorithm is a node using Equation 1 below.

Pseudo-random number for identification information

Can generate

[Equation 1]

는 노드 집합

에 포함된 노드들 중 j (이때, j는

인 정수)번째 노드를 나타내며,

는

에 할당된 노드 식별 정보를 나타낸다.In Equation 1, PRF() denotes a pseudo-random function. In addition,

Is a set of nodes

Among the nodes included in j (where j is

Integer) represents the node,

The

Node identification information assigned to.

3. Generating cipher text

의 라벨 T에 대한 해시 값 H(T), 노드 집합

에 포함된 각 노드의 이진 트리 내 깊이

, 의사 난수

및 사용자 i의 사용자 암호키 EK_i에 기초하여

에 대한 암호문을 생성할 수 있다.Then, the encryption algorithm

Hash value for label T of H(T), set of nodes

The depth in the binary tree of each node included in

, Pseudo-random number

And based on the user encryption key EK i of user _i

You can generate a cipher text for.

에 대한 암호문

를 생성할 수 있다.Specifically, the encryption algorithm is data using Equation 2 below.

Ciphertext for

Can generate

[Equation 2]

Meanwhile, in one embodiment of the present invention, the encryption algorithm may be performed by each of the client devices 120-1, 120-2, and 120-n, which are issued a user encryption key from the key generating device 110.

를 데이터베이스(130)에 저장할 수 있다. 이때, 각 클라이언트 장치(120-1, 120-2, 120-n)는 암호문

에 의해 암호화된 데이터

의 라벨 T 및 사용자의 인덱스 정보 i를 암호문

와 함께 데이터베이스(130)에 저장할 수 있다.In this case, each client device (120-1, 120-2, 120-n) is a ciphertext generated by performing an encryption algorithm

Can be stored in the database 130. At this time, each client device (120-1, 120-2, 120-n) is encrypted text

Data encrypted by

The label T and the index information of the user i ciphertext

With it can be stored in the database 130.

Token generation algorithm

에 대한 토큰을 생성할 수 있다. Token generation algorithm is a set of query vectors

Can generate tokens for

각각에 의해 암호화된 데이터

에 대한 범위 질의 벡터

를 포함할 수 있다. 이때,

및

는 각각

의 값이 포함되어야 할 범위의 하한 값과 상한 값을 나타낸다. At this time, the query vector set is a ciphertext generated by each client device (120-1, 120-2, 120-n) using an encryption algorithm

Data encrypted by each

Vector of range query for

It may include. At this time,

And

Each

Indicates the lower and upper limits of the range in which the values of

Meanwhile, according to an embodiment, the range query vector may include only one of the lower limit value and the upper limit value, or may have a wildcard value. At this time, that the range query vector for a specific data has a wild card value indicates that it does not matter what the value of the specific data has.

Meanwhile, according to an embodiment, the token generation algorithm may be performed through the following procedure.

1. Create a cover node set

에 대해, 이진 트리 내에 포함된 노드들 중 범위 질의 벡터

에 대한 하나 이상의 커버 노드를 포함하는 커버 노드 집합

(이때, m은 커버 노드 집합에 포함된 커버 노드의 개수)을 생성한다.All token generation algorithms

For, range query vector among nodes included in binary tree

A set of cover nodes comprising one or more cover nodes for

(At this time, m is the number of cover nodes included in the set of cover nodes).

에 의한 값의 범위에 포함되지 않는 각 리프 노드와 이진 트리의 루트 노드 사이의 경로 상에 존재하는 모든 노드를 제거하여 생성된 각 서브 트리의 루트 노드를 의미할 수 있다.At this time, the cover node is a range query vector in the binary tree.

It may mean the root node of each sub-tree created by removing all nodes existing on the path between each leaf node not included in the range of values by and the root node of the binary tree.

의 값의 범위에 포함되는 리프 노드가 'J', 'K', 'L' 및 'M'인 것으로 가정하면, 'J', 'K', 'L' 및 'M'를 제외한 나머지 리프 노드 (즉, 'H', 'I', 'N' 및 'O') 각각과 루트 노드 'A' 사이의 경로 상에 존재하는 모든 노드를 제거하여 생성되는 서브 트리는 도 3과 같다.For example, the range query vector in the binary tree shown in FIG. 2

Assuming that the leaf nodes included in the range of values are'J','K','L'and'M', the remaining leaf nodes except'J','K','L'and'M'(Ie,'H','I','N',and'O') The subtree generated by removing all nodes existing on the path between each and the root node'A' is shown in FIG. 3.

Accordingly, in this case, the set of cover nodes may include'E' and'F', which are root nodes of each of the two sub trees shown in FIG. 3.

2. Pseudo random number generation

의 식별 정보에 대한 의사 난수를 생성할 있다. The token generation algorithm includes each node included in the set of cover nodes.

Can generate pseudo-random numbers for identification information.

를 생성할 수 있다.At this time, the token generation algorithm uses the above-described Equation 1 to generate pseudo-random numbers for identification information of each node included in the set of cover nodes.

Can generate

3. Token Generation

에 포함된 각 노드의 이진 트리 내 깊이

, 커버 노드 집합

에 포함된 각 노드의 식별 정보에 대한 의사 난수

및 마스터 비밀키 MK를 이용하여 질의 벡터 집합에 포함된 각 범위 질의 벡터

에 대한 부분 토큰

을 생성할 수 있다.Token generation algorithm is a set of cover nodes

The depth in the binary tree of each node included in

, Cover node set

Pseudo-random number for each node's identification information

And each range query vector included in the query vector set using the master secret key MK

Partial token for

Can generate

를 생성할 수 있다.Specifically, the token generation algorithm is a partial token using Equation 3 below.

Can generate

[Equation 3]

는

및

을 만족하는 임의의 정수,

,

및

는 각각

를 만족하는 임의의 정수, m은 커버 노드 집합에 포함된 노드의 개수를 나타낸다.At this time,

The

And

Any integer that satisfies,

,

And

Each

Any integer that satisfies, m represents the number of nodes included in the set of cover nodes.

을 생성할 수 있다.Thereafter, the token generation algorithm is a token for a query vector set Y that includes a partial token for each range query vector included in the query vector set Y.

Can generate

Meanwhile, in one embodiment of the present invention, the token generation algorithm may be performed by the key generation device 110.

In this case, the key generation device 110 may generate a token TK _Y for the query vector set Y by performing a token generation algorithm when a request is generated for the query vector set Y from the query device 140. In addition, the key generation device 110 may provide the generated token TK _Y to the query device 140.

Query algorithm

에 포함된 각 데이터

에 대한 암호문

을 포함하는 암호문 집합

, 라벨 T 및 질의 벡터 집합

에 대한 토큰 TK_Y를 이용하여, 질의 벡터 집합 Y와 데이터 집합 X사이의 매칭 여부를 판단할 수 있다. 이때, 질의 벡터 집합 Y와 데이터 집합 X가 매칭된다는 것은 데이터 집합 X에 포함된 각 데이터

가 질의 벡터 집합 Y에 포함된 범위 질의 벡터 중 대응되는 범위 질의 벡터

에 따른 범위 내에 속함(즉, 모든 i에 대해

을 만족)을 의미할 수 있다. The query algorithm is a data set that contains data with the same label T

Data included in

Ciphertext for

Ciphertext set containing

Set of labels, labels T and quality

By using the token TK _Y for, it is possible to determine whether a match between the query vector set Y and the data set X is made. At this time, the query vector set Y and the data set X match each data included in the data set X.

Of the range query vectors included in the vector set Y of the false query, the corresponding range query vector

Within the range of (i.e. for all i

Can satisfy).

(이때,

,

)에 대해 아래의 수학식 4 및 5를 만족하는지 여부를 판단할 수 있다.On the other hand, the query algorithm can create each combination of arbitrary j using the ciphertext set CT _T and token TK _Y

(At this time,

,

), it may be determined whether the following equations 4 and 5 are satisfied.

[Equation 4]

[Equation 5]

At this time, when a combination satisfying Equations 4 and 5 exists, the query algorithm may determine that the query vector set Y and the data set X match. On the other hand, if there is no combination satisfying Equations 4 and 5, the query algorithm may determine that the query vector set Y and the data set X do not match.

Meanwhile, in one embodiment of the present invention, the query algorithm may be performed by the querying device 140.

In this case, the query device 110 may perform a query algorithm and output 1 when it is determined that the query vector set Y and the data set X match, and output 0 when it is determined that the query vector is not matched.

4 is a flowchart illustrating an encryption process according to an embodiment of the present invention.

In the flowchart shown in FIG. 4, it is assumed that there are three client devices 120-1, 120-2, and 120-3 used by different users in the encryption system 100 for convenience of explanation, but the user and The number of client devices is not necessarily limited to the illustrated example.

, 마스터 비밀키

및 공개 파라미터

를 생성한다(401). Referring to FIG. 4, first, the key generation device 110 performs a setup algorithm, so that each user's user encryption key

, Master secret key

And public parameters

Create (401).

Thereafter, the key generating device 110 provides the user encryption key EK ₁ of the user 1 to the client device 1 120-1 used by the user 1 (402).

In addition, the key generating device 110 provides the user encryption key EK ₂ of the user 2 to the client device 2 120-2 used by the user 2 (403).

In addition, the key generating device 110 provides the user encryption key EK ₃ of the user 3 to the client device 3 (120-3) used by the user 3 (404).

에 대한 암호문

을 생성한다(405).On the other hand, the client device 1 (120-1) that obtains the user encryption key EK ₁ from the key generation device 110 performs an encryption algorithm to label data of T

Ciphertext for

Produces (405).

을 데이터베이스(130)에 저장한다(406).Thereafter, the client device 1 (120-1) generates the encrypted text

Is stored in the database 130 (406).

에 대한 암호문

을 생성한다(407).In addition, the client device 2 (120-2) that obtains the user encryption key EK ₂ from the key generation device 110 performs an encryption algorithm to label data of T

Ciphertext for

Produces (407).

을 데이터베이스(130)에 저장한다(408).Thereafter, the client device 2 (120-2) generates the encrypted text

Is stored in the database 130 (408).

에 대한 암호문

을 생성한다(409).In addition, the client device 3 (120-3), which has obtained the user encryption key EK ₃ from the key generation device 110, performs an encryption algorithm to perform data with a label T.

Ciphertext for

Create (409).

을 데이터베이스(130)에 저장한다(410).Thereafter, the client device 3 (120-3) generates the encrypted text

Is stored in the database 130 (410).

5 is a flowchart for explaining a process of determining whether to match between a query vector set and a data set according to an embodiment of the present invention.

The process illustrated in FIG. 5 may be performed after the encryption process illustrated in FIG. 4.

에 대한 질의 벡터 집합

를 생성한다(501).Referring to Figure 5, first, the query device 140 is a data set

Vector set of queries for

Create (501).

Thereafter, the query device 140 requests the key generation device 110 to generate a token for the query vector set Y (502).

을 생성한다(503).Thereafter, the key generation device 110 performs a token generation algorithm to generate a token for the query vector set Y.

Create (503).

Thereafter, the key generating device 110 provides the generated token TK _Y to the query device 140 (504).

,

및

를 포함하는 암호문 집합

과 토큰 TK_Y를 이용하여 질의 벡터 집합 Y와 데이터 집합 X 사이의 매칭 여부를 판단한다(505).Thereafter, the query device 140 performs a query algorithm to encrypt the ciphertext stored in the database 130

,

And

Ciphertext set containing

It is determined whether the match between the query vector set Y and the data set X is made by using and TK _Y (505).

Meanwhile, in the flowcharts illustrated in FIGS. 4 and 5, the above process is divided into a plurality of steps, but at least some of the steps are performed by changing the order, combined with other steps, or omitted, or as detailed steps. It may be performed separately, or may be performed by adding one or more steps not shown.

6 is a block diagram illustrating and illustrating a computing environment including a computing device suitable for use in example embodiments. In the illustrated embodiment, each component may have different functions and capabilities in addition to those described below, and may include additional components in addition to those described below.

The illustrated computing environment 10 includes a computing device 12. In one embodiment, computing device 12 may be one or more components included in encryption system 100.

The computing device 12 includes at least one processor 14, a computer readable storage medium 16 and a communication bus 18. The processor 14 can cause the computing device 12 to operate in accordance with the exemplary embodiment mentioned above. For example, processor 14 may execute one or more programs stored on computer readable storage medium 16. The one or more programs may include one or more computer-executable instructions, which, when executed by the processor 14, configure the computing device 12 to perform operations according to an exemplary embodiment. Can be.

Computer readable storage medium 16 is configured to store computer executable instructions or program code, program data and/or other suitable types of information. The program 20 stored on the computer readable storage medium 16 includes a set of instructions executable by the processor 14. In one embodiment, the computer readable storage medium 16 is a memory (volatile memory such as random access memory, non-volatile memory, or a suitable combination thereof), one or more magnetic disk storage devices, optical disk storage devices, flash Memory devices, other types of storage media that can be accessed by the computing device 12 and store desired information, or suitable combinations thereof.

The communication bus 18 interconnects various other components of the computing device 12, including a processor 14 and a computer readable storage medium 16.

Computing device 12 may also include one or more I/O interfaces 22 and one or more network communication interfaces 26 that provide an interface for one or more I/O devices 24. The input/output interface 22 and the network communication interface 26 are connected to the communication bus 18. The input/output device 24 may be connected to other components of the computing device 12 through the input/output interface 22. Exemplary input/output devices 24 include pointing devices (such as a mouse or trackpad), keyboards, touch input devices (such as touch pads or touch screens), voice or sound input devices, various types of sensor devices, and/or imaging devices. Input devices and/or output devices such as display devices, printers, speakers, and/or network cards. The exemplary input/output device 24 is a component constituting the computing device 12 and may be included inside the computing device 12 or may be connected to the computing device 12 as a separate device distinct from the computing device 12. It might be.

Although the present invention has been described in detail through exemplary embodiments above, those skilled in the art to which the present invention pertains are capable of various modifications within the limits of the embodiments described above without departing from the scope of the present invention. Will understand. Therefore, the scope of the present invention should not be limited to the described embodiments, but should be determined not only by the claims to be described later, but also by the claims and equivalents.

10: computing environment
12: computing device
14: processor
16: computer readable storage media
18: Communication bus
20: Program
22: I/O interface
24: I/O device
26: network communication interface
100: encryption system
110: key generation device
120-1, 120-2, 120-3, 120-n: client device
130: database
140: query device

Claims (28)

One or more processors, and
A method performed in a computing device having a memory that stores one or more programs executed by the one or more processors,
Obtaining a user encryption key from the key generating device;
Generating a node set including a plurality of nodes in a path from a root node to a leaf node corresponding to data to be encrypted in a preset binary tree;
Generating a ciphertext for the data to be encrypted based on the user encryption key, a label for the data to be encrypted, and the node set,
The step of generating the ciphertext,
Generating a hash value for the label;
Generating a pseudo-random number for identification information of each of the plurality of nodes; And
Generating the ciphertext based on the hash value, the pseudo-random number, the depth in the binary tree of each of the plurality of nodes, and the user encryption key,
The ciphertext includes a plurality of ciphertext elements calculated by using a pseudo-random number for each of the plurality of nodes as an index of the hash value.
delete delete The method according to claim 1,
The user encryption key, the following equation 1
[Equation 1]

(At this time,

User index,

Is the user encryption key for user i,

The

Element of,

And

Is an arbitrary integer, p is a prime number
Satisfied,
The step of generating the pseudo-random number is Equation 2 below.
[Equation 2]

(At this time,

Is j among the plurality of nodes (where j is

Phosphorus Integer,

Is the depth of the binary tree) th node,

The

Node identification information assigned to,

The

Pseudo-random number for)
Method for generating a pseudo-random number for each of the plurality of nodes.
The method according to claim 4,
The step of generating the ciphertext is Equation 3 below.
[Equation 3]

(At this time,

Is the ciphertext,

Is the depth in the binary tree of the j-th node among the plurality of nodes, T is the label,

Is the hash value above)
Method for generating the ciphertext using.
One or more processors, and
A method performed in a computing device having a memory that stores one or more programs executed by the one or more processors,
Generating a user encryption key and a master secret key for each of the plurality of users;
Providing the generated user encryption key to the client devices of each of the plurality of users;
Receiving a query vector set including a plurality of range query vectors from the query device;
Generating a token for the query vector set using a preset binary tree, the query vector set, and the master secret key; And
And providing the generated token to the querying device.
The method according to claim 6,
The step of generating the token,
Generating a set of cover nodes for each of the plurality of range query vectors from the binary tree;
Generating a pseudo-random number for identification information of each of the one or more nodes included in each of the cover node sets; And
Generating a partial token for each of the plurality of range query vectors using the depth in the binary tree of each of the one or more nodes, the pseudo-random number, and the master secret key,
The token for the set of query vectors includes a partial token for each of the plurality of range query vectors.
The method according to claim 7,
The user encryption key is the following equation 1
[Equation 1]

(At this time,

User index,

Is the user encryption key for user i,

The

Element of,

And

Each satisfy an arbitrary integer, p is a prime number,
The step of generating the pseudo-random number is Equation 2 below.
[Equation 2]

(At this time,

Is j among the one or more nodes (where j is

Phosphorus Integer,

Is the number of nodes included in the set of cover nodes) th node,

The

Node identification information assigned to,

The

Pseudo-random number for)
Method for generating the pseudo-random number using the method.
The method according to claim 8,
The step of generating the master secret key is Equation 3 below.
[Equation 3]

(At this time, MK is the master secret key, n is the total number of the plurality of users,

Is a cyclic group with p

Element of)
Generate the master secret key using,
The step of generating the partial token, Equation 4 below
[Equation 4]

(At this time,

Is a range query vector

Partial tokens for,

Is the depth in the binary tree of the j-th node among the one or more nodes,

Is the circulating group

The origin of,

The

And

Any integer that satisfies,

,

And

Each

Any integer satisfying)
How to generate the partial token using the method.
One or more processors, and
A method performed in a computing device having a memory that stores one or more programs executed by the one or more processors,
Generating a query vector set including a plurality of range query vectors;
Obtaining a token for the set of query vectors from a key generator; And
A data set containing the plurality of data and the query vector using a ciphertext for each of the plurality of data encrypted using a user encryption key of different users, a label for the plurality of data, and the token. And determining whether to match between sets.
The method according to claim 10,
The ciphertext for each of the plurality of data includes a hash value for the label, a pseudo-random number for identification information of each of the plurality of nodes included in a node set generated from a binary tree set for each of the plurality of data, and the plurality of data. Is generated based on the depth in the binary tree of each of the nodes and the user encryption key,
The token is a pseudo-random number for each identification information of each of the one or more nodes included in the set of cover nodes generated from the binary tree for each of the plurality of range query vectors, the depth and the master in the binary tree of each of the one or more nodes. And a partial token for each of the plurality of range query vectors generated based on a secret key.
The method according to claim 11,
The user encryption key is the following equation 1
[Equation 1]

(

User index,

Is the user encryption key for user i,

The

Element of,

And

Is an arbitrary integer, p is a prime number
Satisfied,
The pseudo-random number is Equation 2 below.
[Equation 2]

(At this time,

Is j among the plurality of nodes (where j is

Phosphorus Integer,

Is the depth of the binary tree), or j of the one or more nodes (where j is

Phosphorus Integer,

Is the number of nodes included in the set of cover nodes) th node,

The

Node identification information assigned to,

The

Pseudo-random number for)
Generated using the method.
The method according to claim 12,
The master secret key is Equation 3 below.
[Equation 3]

(At this time, MK is the master secret key, n is the number of the plurality of users,

Is a cyclic group with p

Element of)
Satisfied,
The ciphertext is the following Equation 4
[Equation 4]

(At this time,

Is the ciphertext,

Is the depth in the binary tree of the j-th node among the plurality of nodes, T is the label,

Is the hash value above)
Satisfied,
The partial token, Equation 5 below
[Equation 5]

(At this time,

Is a range query vector

Partial tokens for,

Is the depth in the binary tree of the j-th node among the one or more nodes,

Is the circulating group

The origin of,

The

And

Any integer that satisfies,

,

And

Each

Any integer satisfying)
How to satisfy, how.
The method according to claim 13,
In the determining, each combination that can be made for any j using a set of ciphertexts including ciphertexts for each of the plurality of data and a token for the query vector set

(At this time,

,

), it is determined whether or not the following equations 6 and 7 are satisfied,
[Equation 6]

[Equation 7]

(At this time, e is

Bilinear map, which satisfies

,

And

Is a cyclic group with a prime p
When there is a combination that satisfies Equations 6 and 7, it is determined that the query vector set and the data set match.
One or more processors;
Memory; And
A device comprising one or more programs,
The one or more programs are stored in the memory and configured to be executed by the one or more processors,
The above program,
Obtaining a user encryption key from the key generating device;
Generating a node set including a plurality of nodes in a path from a root node to a leaf node corresponding to data to be encrypted in a preset binary tree; And
And instructions for executing the step of generating a ciphertext for the data to be encrypted based on the user encryption key, the label for the data to be encrypted, and the node set,
The step of generating the ciphertext,
Generating a hash value for the label;
Generating a pseudo-random number for identification information of each of the plurality of nodes; And
Generating the ciphertext based on the hash value, the pseudo-random number, the depth in the binary tree of each of the plurality of nodes, and the user encryption key,
The ciphertext includes a plurality of ciphertext elements calculated by using a pseudo-random number for each of the plurality of nodes as an index of the hash value.
delete delete The method according to claim 15,
The user encryption key, the following equation 1
[Equation 1]

(At this time,

User index,

Is the user encryption key for user i,

The

Element of,

And

Is an arbitrary integer, p is a prime number
Satisfied,
The step of generating the pseudo-random number is Equation 2 below.
[Equation 2]

(At this time,

Is j among the plurality of nodes (where j is

Phosphorus Integer,

Is the depth of the binary tree) th node,

The

Node identification information assigned to,

The

Pseudo-random number for)
Device for generating a pseudo-random number for each of the plurality of nodes using the.
The method according to claim 18,
The step of generating the ciphertext is Equation 3 below.
[Equation 3]

(At this time,

Is the ciphertext,

Is the depth in the binary tree of the j-th node among the plurality of nodes, T is the label,

Is the hash value above)
Device for generating the ciphertext using.
One or more processors;
Memory; And
A device comprising one or more programs,
The one or more programs are stored in the memory and configured to be executed by the one or more processors,
The above program,
Generating a user encryption key and a master secret key for each of the plurality of users;
Providing the generated user encryption key to the client devices of each of the plurality of users;
Receiving a query vector set including a plurality of range query vectors from the query device;
Generating a token for the query vector set using a preset binary tree, the query vector set, and the master secret key; And
And instructions for executing the step of providing the generated token to the querying device.
The method according to claim 20,
The step of generating the token,
Generating a set of cover nodes for each of the plurality of range query vectors from the binary tree;
Generating a pseudo-random number for identification information of each of the one or more nodes included in each of the cover node sets; And
Generating a partial token for each of the plurality of range query vectors using the depth in the binary tree of each of the one or more nodes, the pseudo-random number, and the master secret key,
And the token for the set of query vectors includes a partial token for each of the plurality of range query vectors.
The method of claim 21,
The user encryption key is the following equation 1
[Equation 1]

(At this time,

User index,

Is the user encryption key for user i,

The

Element of,

And

Each satisfy an arbitrary integer, p is a prime number,
The step of generating the pseudo-random number is Equation 2 below.
[Equation 2]

(At this time,

Is j among the one or more nodes (where j is

Phosphorus Integer,

Is the number of nodes included in the set of cover nodes) th node,

The

Node identification information assigned to,

The

Pseudo-random number for)
Using the device, to generate the pseudo-random number.
The method according to claim 22,
The step of generating the master secret key is Equation 3 below.
[Equation 3]

(At this time, MK is the master secret key, n is the total number of the plurality of users,

Is a cyclic group with p

Element of)
Generate the master secret key using,
The step of generating the partial token, Equation 4 below
[Equation 4]

(At this time,

Is a range query vector

Partial tokens for,

Is the depth in the binary tree of the j-th node among the one or more nodes,

Is the circulating group

The origin of,

The

And

Any integer that satisfies,

,

And

Each

Any integer satisfying)
Device for generating the partial token using.
One or more processors;
Memory; And
A device comprising one or more programs,
The one or more programs are stored in the memory and configured to be executed by the one or more processors,
The above program,
Generating a query vector set including a plurality of range query vectors;
Obtaining a token for the set of query vectors from a key generator; And
Matching between the data set containing the plurality of data and the set of query vectors using the ciphertext for each of the plurality of data encrypted using different user encryption keys, the label for the plurality of data, and the token. And instructions for executing a step of determining whether or not.
The method according to claim 24,
The ciphertext for each of the plurality of data includes a hash value for the label, a pseudo-random number for identification information of each of the plurality of nodes included in a node set generated from a binary tree set for each of the plurality of data, and the plurality of data. Is generated based on the depth in the binary tree of each of the nodes and the user encryption key,
The token is a pseudo-random number for each identification information of each of the one or more nodes included in the set of cover nodes generated from the binary tree for each of the plurality of range query vectors, the depth and the master in the binary tree of each of the one or more nodes. And a partial token for each of the plurality of range query vectors generated based on a secret key.
The method according to claim 25,
The user encryption key is the following equation 1
[Equation 1]

(

User index,

Is the user encryption key for user i,

The

Element of,

And

Is an arbitrary integer, p is a prime number
Satisfied,
The pseudo-random number is Equation 2 below.
[Equation 2]

(At this time,

Is j among the plurality of nodes (where j is

Phosphorus Integer,

Is the depth of the binary tree), or j of the one or more nodes (where j is

Phosphorus Integer,

Is the number of nodes included in the set of cover nodes) th node,

The

Node identification information assigned to,

The

Pseudo-random number for)
Generated using a device.
The method according to claim 26,
The master secret key is Equation 3 below.
[Equation 3]

(At this time, MK is the master secret key, n is the number of the plurality of users,

Is a cyclic group with p

Element of)
Satisfied,
The ciphertext is the following Equation 4
[Equation 4]

(At this time,

Is the ciphertext,

Is the depth in the binary tree of the j-th node among the plurality of nodes, T is the label,

Is the hash value above)
Satisfied,
The partial token, Equation 5 below
[Equation 5]

(At this time,

Is a range query vector

Partial tokens for,

Is the depth in the binary tree of the j-th node among the one or more nodes,

Is the circulating group

The origin of,

The

And

Any integer that satisfies,

,

And

Each

Any integer satisfying)
To satisfy, the device.
The method according to claim 27,
In the determining, each combination that can be made for any j using a set of ciphertexts including ciphertexts for each of the plurality of data and a token for the query vector set

(At this time,

,

), it is determined whether or not the following equations 6 and 7 are satisfied,
[Equation 6]

[Equation 7]

(At this time, e is

Bilinear map, which satisfies

,

And

Is a cyclic group with a prime p
When there is a combination that satisfies Equations 6 and 7, it is determined that the query vector set and the data set match.

Images