WO2022099495A1 - Ciphertext search method, system, and device in cloud computing environment - Google Patents

Ciphertext search method, system, and device in cloud computing environment Download PDF

Info

Publication number
WO2022099495A1
WO2022099495A1 PCT/CN2020/128029 CN2020128029W WO2022099495A1 WO 2022099495 A1 WO2022099495 A1 WO 2022099495A1 CN 2020128029 W CN2020128029 W CN 2020128029W WO 2022099495 A1 WO2022099495 A1 WO 2022099495A1
Authority
WO
WIPO (PCT)
Prior art keywords
ciphertext
user
search
attribute
cloud server
Prior art date
Application number
PCT/CN2020/128029
Other languages
French (fr)
Chinese (zh)
Inventor
王树兰
王凯文
李采果
Original Assignee
深圳技术大学
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳技术大学 filed Critical 深圳技术大学
Priority to PCT/CN2020/128029 priority Critical patent/WO2022099495A1/en
Publication of WO2022099495A1 publication Critical patent/WO2022099495A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords

Definitions

  • the invention belongs to the technical field of data processing, and in particular relates to a ciphertext search method, system, device and storage medium in a cloud computing environment.
  • cloud computing has almost unlimited computing power and storage space.
  • cloud data is beyond the control of users, data privacy and effective access control must be guaranteed during the use of these data.
  • This feature is in line with the needs of cloud computing models such as cloud computing security and ciphertext retrieval. Therefore, the study of homomorphic encryption has important theoretical significance and application value.
  • the implementation of the access control policy for cloud data requires the trusted entity approach in traditional access control, but the cloud service provider is no longer trusted, so the encryption party needs to encrypt the data before uploading it.
  • the CP-ABE encryption algorithm can be used. Although the classic CP-ABE scheme can achieve fine-grained access, it does not support ciphertext retrieval services. The fully homomorphic encryption scheme can realize ciphertext retrieval. However, it is vulnerable to chosen-plaintext attacks.
  • Fully homomorphic encryption can perform arbitrary calculations on ciphertext without knowing the key. This special property makes fully homomorphic encryption have a wide range of application requirements, such as cloud computing data privacy security, multi-party computing, ciphertext retrieval Wait.
  • the first fully homomorphic encryption scheme was proposed by Gentry in 2009. Since then, some fully homomorphic encryption schemes based on different difficult problems and some methods to improve the efficiency of fully homomorphic encryption have been proposed.
  • Shamir first proposed the concept of identity-based encryption in 1979, and then many extended concepts of identity-based encryption were proposed, such as hierarchical identity-based encryption, identity-based broadcast encryption, and spatial encryption. Attribute-based encryption is also an extension of identity-based encryption.
  • attribute-based encryption There are two types of attribute-based encryption: key-policy-based attribute-based encryption (CP-ABE) and ciphertext-policy-based attribute-based encryption (KP-ABE).
  • CP-ABE key-policy-based attribute-based encryption
  • KP-ABE ciphertext-policy-based attribute-based encryption
  • ciphertext policy-based attribute-based encryption the plaintext message is encrypted under a predicate that can be expressed as a logical expression connected by AND, OR, and NOT gates. Each user obtains a key corresponding to a certain attribute set from the attribute authority.
  • Decryption can succeed if and only if the set of attributes satisfies the above predicate.
  • the opposite is true for key-policy-based attribute-based encryption: in this encryption system, the ciphertext corresponds to a set of attributes, and the user key corresponds to a predicate.
  • Attribute encryption has a wide range of application scenarios in practice, such as access control of distributed file systems, secure online social networks, and efficient broadcast encryption.
  • most extensions of identity-based encryption can be regarded as a special case of attribute-based encryption.
  • broadcast encryption can be regarded as a special ciphertext policy-based attribute-based encryption.
  • the access structure is Predicates connected by OR gates.
  • Attribute-based encryption is also an important tool to solve some theoretical problems in identity-based encryption systems. So far, attribute-based encryption has been used to solve the identity revocation problem in identity-based encryption and to construct accountable identity-based encryption schemes. . Due to the importance of attribute-based encryption in theory and practical applications, this encryption system has attracted extensive attention of researchers once it was proposed.
  • VSMs Semantic vector space models
  • the technical problem to be solved by the present invention is: aiming at the problems of the prior art, the present invention provides a ciphertext search method in a cloud computing environment.
  • an embodiment of the present application provides a method for searching ciphertext in a cloud computing environment, the method comprising:
  • the client-based encryption party encrypts the plaintext set to obtain the ciphertext structure, obtains the ciphertext index table according to the ciphertext structure, randomly generates the user permission table, and uploads the ciphertext structure, the user permission table and the ciphertext index table to the Cloud server, the user permission table includes at least each user attribute class and a user weight policy tree corresponding to the attribute class, and the plaintext set includes at least one plaintext;
  • the user Based on the client receiving the request from the user to apply for the private key of the ciphertext structure, the user generates a corresponding search trapdoor after receiving the private key of the ciphertext structure and sends it to the cloud server, where the search trapdoor at least includes User attributes, search keywords, user private keys;
  • the cloud server matches the user attribute with the user weight policy tree, and if the user attribute is successfully matched with the user weight policy tree, the search keyword and the ciphertext index table are used for screening. , get the searched index ciphertext;
  • the cloud server returns the intermediate value of the index ciphertext to the client, and decrypts to obtain a search result.
  • an embodiment of the present application provides a ciphertext search system in a cloud computing environment, the system comprising:
  • Encryption module used to encrypt the plaintext set based on the client-side encryption party to obtain the ciphertext structure, obtain the ciphertext index table according to the ciphertext structure, randomly generate the user permission table, and combine the ciphertext structure, the user permission table and the ciphertext structure.
  • the text index table is uploaded to the cloud server, the user permission table at least includes each user attribute class and the user weight policy tree corresponding to the attribute class, and the plaintext set includes at least one plaintext;
  • the search trapdoor includes at least user attributes, search keywords, and user private keys
  • Search module used by the cloud server to match the user attribute with the user weight policy tree, and if the user attribute is successfully matched with the user weight policy tree, the search keyword is used to match the password with the password.
  • the text index table is filtered to obtain the searched index ciphertext;
  • Decryption module used by the cloud server to return the intermediate value of the index ciphertext to the client, and decrypt to obtain a search result.
  • embodiments of the present application further provide a ciphertext search device in a cloud computing environment, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where When the processor executes the computer program, each step in the ciphertext search method in the cloud computing environment according to the first aspect is implemented.
  • an embodiment of the present application further provides a storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements the method for searching ciphertext in a cloud computing environment as described in the first aspect of the various steps.
  • the invention provides a ciphertext search method in a cloud computing environment.
  • the method includes: encrypting a plaintext set based on a client-side encryption party to obtain a ciphertext structure, obtaining a ciphertext index table according to the ciphertext structure, and randomly generating user rights table, and upload the ciphertext structure, user permission table and ciphertext index table to the cloud server, the user permission table at least includes each user attribute class and the user weight policy tree corresponding to the attribute class, and the plaintext set at least Including a plaintext; based on the client receiving the request from the user to apply for the private key of the ciphertext structure, after the user receives the private key of the ciphertext structure, the user generates a corresponding search trapdoor and sends it to the cloud server, and the search
  • the trapdoor at least includes user attributes, search keywords, and user private keys;
  • the cloud server matches the user attributes with the user weight policy tree, and if the user attributes are successfully matched with the user
  • the method realizes the efficient retrieval function of ciphertext data, adopts the weight strategy tree to optimize the access strategy and the latent semantics to optimize the space model, improves the retrieval accuracy through the access control strategy table and the document index table, and reduces the calculation amount of the ciphertext search;
  • the cloud server control data is completely fuzzed, efficient hiding strategies are realized, and the cloud server computing power is fully utilized to perform homomorphic addition/multiplication operations for access control and ciphertext retrieval, which can achieve efficient data dynamics
  • the update greatly improves the confidentiality and efficiency of cloud data processing; and the access policy has a many-to-many relationship with users. Even if one user betrays, it will not affect other users, and it is based on the characteristics and attribute values of the weighted policy tree.
  • the homomorphic encryption fuzzing is resistant to keyword guessing attacks.
  • FIG. 1 is a schematic flowchart of a method for searching ciphertext in a cloud computing environment according to the present invention
  • FIG. 2 is a schematic diagram of a sub-flow of a method for searching ciphertext in a cloud computing environment according to the present invention
  • Fig. 3 is another sub-flow schematic diagram of a ciphertext search method in a cloud computing environment of the present invention.
  • Fig. 4 is another sub-flow schematic diagram of the ciphertext search method in a kind of cloud computing environment of the present invention.
  • Fig. 5 is another sub-flow schematic diagram of a ciphertext search method in a cloud computing environment of the present invention.
  • Fig. 6 is another sub-flow schematic diagram of a ciphertext search method in a cloud computing environment of the present invention.
  • Fig. 7 is another sub-flow schematic diagram of a ciphertext search method in a cloud computing environment of the present invention.
  • FIG. 8 is a schematic diagram of program modules of a method for searching ciphertext in a cloud computing environment according to the present invention.
  • the ciphertext search method in the above cloud computing environment includes:
  • Step 101 Encrypt the plaintext set based on the client to obtain a ciphertext structure, obtain a ciphertext index table according to the ciphertext structure, randomly generate a user authority table, and combine the ciphertext structure, user authority table and ciphertext index.
  • the table is uploaded to the cloud server, the user permission table at least includes each user attribute class and a user weight policy tree corresponding to the attribute class, and the plaintext set includes at least one plaintext.
  • the encryption party first encrypts the plaintext set to obtain the ciphertext structure, wherein the plaintext set consists of multiple plaintext documents, and integrates the weight vector information of the keywords generated in the ciphertext structure to obtain a ciphertext index table.
  • the selected attribute feature number randomly generates a user permission table, and the user permission table also includes the attribute class of each user and the user weight policy tree corresponding to the attribute class.
  • the number of attribute features selected by the encryption party is to select the user with these attributes to view the encrypted file, wherein the attribute class of the user includes at least the user ID, or other feature values.
  • Step 102 Based on the client receiving the request from the user to apply for the private key of the ciphertext structure, the user receives the private key of the ciphertext structure and generates a corresponding search trapdoor and sends it to the cloud server, and the search trapdoor is sent to the cloud server.
  • the gate includes at least user attributes, search keywords, and user private keys.
  • the search party is the user inputting their own attributes and the information of the keyword they want to search to apply for the private key of the ciphertext
  • the client sends the private key of the ciphertext structure to the user
  • the user's local server will generate a search trap
  • the search trapdoor integrates the information entered by the user and the obtained private key.
  • input the attribute private key SK of the searcher, the searchable strategy tree R of the keyword, and the public key PK parameters and then output the search trapdoor and upload it to the cloud server.
  • the specific calculation is:
  • the searcher traverses the strategy tree R, selects the root node of the tree R, and sets it to be t ⁇ G zp , the local server is set to generate a random value d and store it, and calculate D pai :
  • a corresponding vector is generated according to the attributes of the searcher user.
  • the vector is used for matching the user policy tree of the user permission table on the cloud server side.
  • Each attribute value of the vector is fuzzy encrypted by the homomorphic algorithm:
  • V (ID, S) ⁇ *,*,,,* ⁇ (* is the value of the corresponding attribute)
  • the output format of the search trapdoor STK is:
  • Step 103 The cloud server matches the user attribute with the user weight policy tree, and if the user attribute is successfully matched with the user weight policy tree, the search keyword and the ciphertext index are used for matching.
  • the table is filtered to obtain the searched index ciphertext.
  • the cloud server CSP matches the user permission table and the ciphertext index table, determines the search range of the user ciphertext set, and calculates the similarity vector of the ciphertext document.
  • the similarity V between the ciphertext document and the search trapdoor is obtained, and the corresponding ciphertext is selected by screening the similarity measure of cosine calculation to generate a set of ciphertexts to be decrypted.
  • the calculation is as follows:
  • S Z is a set of nodes z of any size k Z , and then calculate the intermediate value E y as follows.
  • E y and E y' perform the corresponding formula operation and return the intermediate result Select the next ciphertext that meets the similarity filter and start the calculation from step 2.
  • the formula is as follows:
  • Step 104 The cloud server returns the intermediate value of the index ciphertext to the client, and decrypts to obtain a search result.
  • step 103 the intermediate result is returned After that, perform the decryption calculation:
  • An embodiment of the present application provides a ciphertext search method in a cloud computing environment.
  • the method includes: encrypting a plaintext set based on a client-side encryption party to obtain a ciphertext structure, obtaining a ciphertext index table according to the ciphertext structure, and randomly generating a ciphertext index table.
  • User permission table upload the ciphertext structure, user permission table and ciphertext index table to the cloud server, the user permission table at least includes each user attribute class and the user weight policy tree corresponding to the attribute class, the description
  • the corpus includes at least one plaintext; based on the client receiving the request from the user to apply for the private key of the ciphertext, the user receives the private key of the ciphertext structure and generates a corresponding search trapdoor and sends it to the cloud server.
  • the search trapdoor at least includes user attributes, search keywords, and user private keys; the cloud server matches the user attributes with the user weight policy tree, and if the user attributes are successfully matched with the user weight policy tree , then filter the search keyword and the ciphertext index table to obtain the searched index ciphertext; the cloud server returns the intermediate value of the index ciphertext to the client, and decrypts to obtain the search result .
  • the method realizes the efficient retrieval function of ciphertext data, adopts the weight strategy tree to optimize the access strategy and the latent semantics to optimize the space model, improves the retrieval accuracy through the access control strategy table and the document index table, and reduces the calculation amount of the ciphertext search;
  • the cloud server control data is completely fuzzed, efficient hiding strategies are realized, and the cloud server computing power is fully utilized to perform homomorphic addition/multiplication operations for access control and ciphertext retrieval, which can achieve efficient data dynamics
  • the update greatly improves the confidentiality and efficiency of cloud data processing; and the access policy has a many-to-many relationship with users. Even if one user betrays, it will not affect other users, and it is based on the characteristics and attribute values of the weighted policy tree.
  • the homomorphic encryption fuzzing is resistant to keyword guessing attacks.
  • FIG. 2 is a schematic diagram of a sub-flow of the ciphertext search method in the cloud computing environment of the present application.
  • the client-based encryption party encrypts the plaintext set to obtain the ciphertext structure. Specific steps include:
  • qi d-1.
  • Y the set of all leaf nodes in the access structure tree T, with y ⁇ Y and perform the following encryption calculations: Cy and Cy'
  • the corresponding TF vector is constructed by the encryption party for its plaintext set, and the index matching vector of the corresponding document is taken as:
  • the encryption party performs the latent semantic SVD dimension reduction calculation on the optimized weight access policy tree and determines the encrypted plaintext set (where the keyword weight is the TF-IDF weight) on the local server.
  • the vector space model LSA and I idf are homomorphic After encrypting to generate the corresponding ciphertext structure, upload it to the cloud server.
  • LSA latent semantic analysis
  • LSI latent semantic index
  • This method like the traditional vector space model (VSM), uses vectors to represent words (terms) and documents (documents), and judges the relationship between words and documents through the relationship between vectors (such as included angles); the difference is that LSA Mapping words and documents into the latent semantic space removes some "noise" in the original vector space and improves the accuracy of information retrieval.
  • a vocabulary base By generating a vocabulary base, a vocabulary-text matrix is formed (using TF-IDF to weight the word frequency). Each row in the initial matrix corresponds to a word, and each column corresponds to an article.
  • M words and N articles can be expressed as the following M*N matrix, and then perform singular value decomposition in the figure, and reduce the matrix after SVD decomposition. dimension to construct the latent semantic space.
  • LSA low-dimensional spatial representation can describe synonyms, and synonyms will correspond to the same or similar topics; dimensionality reduction can remove some noise and make features more obvious; make full use of redundant data; unsupervised/complete automation; language-independent , strong practicability.
  • FIG. 3 is a schematic diagram of another sub-flow of the ciphertext search method in the cloud computing environment of the application.
  • the specific steps of randomly generating a user permission table include:
  • the optimized user weight policy tree after the optimized user weight policy tree is optimized, it not only reduces the storage cost of ciphertext, but also reduces the computational cost of encryption. After the optimized user weight policy tree is homomorphically encrypted, the three parts are Perform a homomorphic matching operation.
  • FIG. 4 is a schematic diagram of another sub-flow of the ciphertext search method in the cloud computing environment of the present application.
  • the cloud server compares the user attributes with the The specific steps for matching the user weight policy tree include:
  • the user attribute is then matched with the ciphertext of the topic policy tree to determine the authority of the user and the scope of the searchable ciphertext;
  • the ciphertexts of the ciphertext sets corresponding to the policy weights are then matched to lock the search range of the ciphertexts.
  • the searcher user uploads the attribute trapdoor vector of the search application.
  • the cloud server first performs the matching calculation of the attribute class corresponding weight ciphertext on the attribute ciphertext of the user.
  • the approximate calculation principle is as follows:
  • CT attribute is the attribute trapdoor vector of the search party
  • hm.CT DU is the encryption party's attribute trapdoor vector
  • the attribute class of corresponds to the weight ciphertext
  • FIG. 5 is a schematic diagram of another sub-flow of the ciphertext search method in the cloud computing environment of the present application.
  • the specific steps of obtaining the searched index ciphertext by filtering the keyword and the ciphertext index table include:
  • the ciphertext correlation screening is performed between the search keywords and related parameters in the trapdoor and the ciphertext index table to obtain the searched index ciphertext, and the ciphertext index table at least includes the keyword vector in the ciphertext. .
  • the keywords searched by the users in the trapdoor will be filtered in the keywords in the ciphertext index table to obtain the most similar index ciphertext.
  • FIG. 6 is a schematic diagram of another sub-flow of the ciphertext search method in the cloud computing environment of the application.
  • the specific steps of requesting the private key of the ciphertext structure include:
  • the user's private key is obtained based on the public key, the master private key, the user ID, and the user attribute.
  • G 0 is a bilinear group of order prime p
  • is a random value.
  • g be its generator
  • the bilinear map e:G 0 ⁇ G 0 ⁇ G r defines two hash functions: H 0 : ⁇ 0,1 ⁇ * ⁇ G 0 and H 1 : ⁇ 0,1 ⁇ * ⁇ G zp .
  • Three random numbers a, b, c ⁇ G zp are selected in the group G zp .
  • MK ⁇ a, b, c ⁇ .
  • FIG. 7 is a schematic diagram of another sub-flow of the ciphertext search method in the cloud computing environment of the present application.
  • the ciphertext search method in the cloud computing environment further includes:
  • the cloud server After determining that the encrypted data is deleted, the cloud server returns the deleted file to the client.
  • Latent Semantic Space Model LSA does not support data update and is vulnerable to keyword guessing attacks, so the computing power of cloud servers and homomorphic encryption are used to solve this problem.
  • the vector space model adopted in the scheme relies on tf-idf weights, where the inverse document frequency (idf) factor depends on the number of documents containing keywords. The idf factor of a keyword may change when files are added or removed.
  • the document vectors should be independent of each other. Since the searchable index is built for each file, a possible solution would be to just store the tf value in the file vector and add another auxiliary vector to store the idf value for each key. This way the update is limited to the auxiliary vector, not all searchable indices.
  • the cost is that during user search requests, tf-idf weights need to be computed to obtain relevance scores. Since the computation is on the server side, and the computing power on the server side is high, the overall efficiency is hardly affected by the update. Moreover, after using the homomorphic algorithm for encryption, guessing keyword attacks are avoided, and the whole process of the homomorphic operation is black-boxed, and there is no possibility of revealing the private key.
  • HOMO.Encrypt(PK,M',LSA) ⁇ CT' Homomorphic encryption algorithm, input the public parameter PK, the data owner DO generates the determined weight policy tree vector, semantic model parameters and document tf vector, [ ⁇ is the number of documents]. Among them, q and r are random prime values, p is the private key, and the encrypted content is represented by binary bits, M' ⁇ 0,1 ⁇ . get encrypted ciphertext CT'
  • CT' ⁇ pq+ 2k rq+M' ⁇
  • the encryption algorithm here is an optimization of the initial algorithm.
  • a multi-bit binary is used to reduce the ciphertext size.
  • the k power of 2 in the encryption formula represents the degree of bit reduction, so that The amount of calculation is greatly reduced, and in order to make the ciphertext noise too large after multiple homomorphic operations, the modulo exchange technology is used, that is, after each calculation of the ciphertext, it is multiplied by a decimal to reduce noise and control An increase in noise in the ciphertext.
  • the corresponding function operations here are: weight attribute strategy tree matching; weight calculation for tf-idf; latent semantic (lsa) calculation; dynamic modification of the value or weight of attribute strategy tree, user ID, and related document vectors.
  • FIG. 8 is a schematic diagram of a ciphertext search device module in a cloud computing environment in an embodiment of the present application.
  • the ciphertext search device 200 in the above cloud computing environment includes:
  • Encryption module 801 used to encrypt the plaintext set based on the client's encryption party to obtain a ciphertext structure, obtain a ciphertext index table according to the ciphertext structure, randomly generate a user authority table, and combine the ciphertext structure, user authority table and The ciphertext index table is uploaded to the cloud server, the user permission table at least includes each user attribute class and the user weight policy tree corresponding to the attribute class, and the plaintext set includes at least one plaintext;
  • Generation module 802 for receiving a request from a user to apply for the private key of the ciphertext based on the client, after the user receives the private key of the ciphertext structure, generates a corresponding search trapdoor and sends it to the cloud server.
  • the search trapdoor at least includes user attributes, search keywords, and user private keys;
  • Search module 803 used by the cloud server to match the user attribute with the user weight policy tree, and if the user attribute is successfully matched with the user weight policy tree, then match the user attribute with the user weight policy tree through the search keyword.
  • the ciphertext index table is filtered to obtain the searched index ciphertext;
  • Decryption module 804 used by the cloud server to return the intermediate value of the index ciphertext to the client, and decrypt to obtain a search result.
  • a ciphertext search device 200 in a cloud computing environment can implement: a client-based encryption party encrypts a plaintext set to obtain a ciphertext structure, obtains a ciphertext index table according to the ciphertext structure, and randomly generates User permission table, upload the ciphertext structure, user permission table and ciphertext index table to the cloud server, the user permission table at least includes each user attribute class and the user weight policy tree corresponding to the attribute class, the description
  • the corpus includes at least one plaintext; based on the client receiving the request from the user to apply for the private key of the ciphertext, the user receives the private key of the ciphertext structure and generates a corresponding search trapdoor and sends it to the cloud server.
  • the search trapdoor at least includes user attributes, search keywords, and user private keys; the cloud server matches the user attributes with the user weight policy tree, and if the user attributes are successfully matched with the user weight policy tree , then filter the search keyword and the ciphertext index table to obtain the searched index ciphertext; the cloud server returns the intermediate value of the index ciphertext to the client, and decrypts to obtain the search result .
  • the method realizes the efficient retrieval function of ciphertext data, adopts the weight strategy tree to optimize the access strategy, and optimizes the space model of latent semantics, improves the retrieval accuracy through the access control strategy table and the document index table, and reduces the calculation amount of the ciphertext search;
  • the cloud server control data is completely fuzzed, efficient hiding strategies are realized, and the computing power of the cloud server is fully utilized to perform homomorphic addition/multiplication operations for access control and ciphertext retrieval, which can achieve efficient data dynamics
  • the update greatly improves the confidentiality and efficiency of cloud data processing; and the access policy has a many-to-many relationship with users. Even if one user betrays, it will not affect other users, and it is based on the characteristics and attribute values of the weighted policy tree.
  • the homomorphic encryption fuzzing is resistant to keyword guessing attacks.
  • an embodiment of the present application also provides a ciphertext search device in a cloud computing environment, including a memory, a processor, and a computer program stored in the memory and running on the processor, the processing When the computer executes the computer program, each step in the above-mentioned ciphertext search method in a cloud computing environment is implemented.
  • the present application also provides a storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements each step in the above-mentioned ciphertext search method in a cloud computing environment.
  • Each functional module in each embodiment of the present invention may be integrated into one processing module, or each module may exist physically alone, or two or more modules may be integrated into one module.
  • the above-mentioned integrated modules can be implemented in the form of hardware, and can also be implemented in the form of software function modules.
  • the integrated modules, if implemented in the form of software functional modules and sold or used as independent products, can be stored in a computer-readable storage medium.
  • the technical solution of the present invention is essentially or the part that contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present invention.
  • the aforementioned storage medium includes: U disk, mobile hard disk, Read-Only Memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes .

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present invention provides a ciphertext search method, system, and device in a cloud computing environment, and a storage medium. The method comprises: encrypting a plaintext set by means of a client to obtain ciphertext, obtaining a ciphertext index table according to the ciphertext, randomly generating a user permission table, and uploading the ciphertext structure, user permission table, and ciphertext index table to a cloud server; receiving, by means of the client, a request for applying for a private key of the ciphertext, generating a search trapdoor, and sending same to the cloud server; matching a user attribute with a weight strategy tree, and if the matching succeeds, performing filtering by means of a search keyword and the ciphertext index table to obtain index ciphertext; the cloud server returning the intermediate value of the index ciphertext to the client, and decryption being performed to obtain a search result. The method allows for implementation of an efficient retrieval function for ciphertext data; by means of the characteristics of fully homomorphic encryption, control data of the cloud server is completely blurred, and the confidentiality and efficiency of cloud data processing are greatly improved; moreover, access strategies and users are in many-to-many relationships, and thus, keyword guessing attacks can be resisted.

Description

云计算环境中的密文搜索方法及系统、设备Ciphertext search method, system and device in cloud computing environment 技术领域technical field
本发明属于数据处理技术领域,尤其涉及一种云计算环境中的密文搜索方法及系统、设备及存储介质。The invention belongs to the technical field of data processing, and in particular relates to a ciphertext search method, system, device and storage medium in a cloud computing environment.
背景技术Background technique
云计算作为分布式计算技术,具有几乎无限的计算能力和存储空间。但是,由于云数据超出了用户的控制范围,这些数据在使用过程中必须保证数据的隐私性和有效的访问控制。为了解决数据隐私问题,实现有效的操作,可以对数据进行全同态加密,全同态加密满足F(Enc(u))=Enc(F(u))。这一特性符合云计算安全、密文检索等云计算模型的需要,因此研究同态加密具有重要的理论意义和应用价值。此外,云数据的访问控制策略的实现需要传统访问控制中的可信实体方法,但云服务提供商不再受信任,因此加密方需要在上传数据之前对数据进行加密。为了有效地实现对加密数据的访问控制,可以使用CP-ABE加密算法。经典的CP-ABE方案虽然可以实现细粒度的访问,但不支持密文检索服务,全同态加密方案可以实现密文检索。然而,它很容易受到选择明文攻击。As a distributed computing technology, cloud computing has almost unlimited computing power and storage space. However, since cloud data is beyond the control of users, data privacy and effective access control must be guaranteed during the use of these data. In order to solve the data privacy problem and realize effective operation, fully homomorphic encryption can be performed on the data, and the fully homomorphic encryption satisfies F(Enc(u))=Enc(F(u)). This feature is in line with the needs of cloud computing models such as cloud computing security and ciphertext retrieval. Therefore, the study of homomorphic encryption has important theoretical significance and application value. In addition, the implementation of the access control policy for cloud data requires the trusted entity approach in traditional access control, but the cloud service provider is no longer trusted, so the encryption party needs to encrypt the data before uploading it. In order to effectively implement access control to encrypted data, the CP-ABE encryption algorithm can be used. Although the classic CP-ABE scheme can achieve fine-grained access, it does not support ciphertext retrieval services. The fully homomorphic encryption scheme can realize ciphertext retrieval. However, it is vulnerable to chosen-plaintext attacks.
(1)全同态加密(1) Fully homomorphic encryption
全同态加密能够在不知道密钥的情况下对密文进行任意计算,这种特殊的性质使得全同态加密有广泛的应用需求,例如在云计算数据隐私安全、多方计算、密文检索等。首个全同态加密方案是由Gentry在2009年提出的,此后人们提出了一些基于不同困难问题的全同态加密方案以及对全同态加密效率改进的一些方法。Fully homomorphic encryption can perform arbitrary calculations on ciphertext without knowing the key. This special property makes fully homomorphic encryption have a wide range of application requirements, such as cloud computing data privacy security, multi-party computing, ciphertext retrieval Wait. The first fully homomorphic encryption scheme was proposed by Gentry in 2009. Since then, some fully homomorphic encryption schemes based on different difficult problems and some methods to improve the efficiency of fully homomorphic encryption have been proposed.
目前全同态加密的效率是阻碍其发展的主要问题,而低效率的主要原因是其密文尺寸过大。因为每次同态计算将引起密文噪音的增长,尤其是密文乘法计算使得密文噪音增长非常快。当噪音超过正确解密所允许的界后,将无法执行同态操作。因此,为了能够执行更多的密 文同态操作,必须设置大的参数使得密文有足够的空间容纳噪音,这直接导致了密文尺寸的剧增。At present, the efficiency of fully homomorphic encryption is the main problem hindering its development, and the main reason for the low efficiency is that its ciphertext size is too large. Because each homomorphic calculation will cause the increase of ciphertext noise, especially the ciphertext multiplication calculation makes the ciphertext noise grow very fast. Homomorphic operations cannot be performed when the noise exceeds the bounds allowed by correct decryption. Therefore, in order to be able to perform more ciphertext homomorphic operations, large parameters must be set so that the ciphertext has enough space to accommodate noise, which directly leads to a sharp increase in the size of the ciphertext.
(2)属性基加密(2) Attribute-based encryption
Shamir于1979年首次提出身份基加密的概念,随后众多身份基加密的扩展概念被提出,比如层次化身份基加密,身份基广播加密,空间加密等。属性基加密也是身份基加密的一种扩展。现有两种属性基加密:密钥政策基加密的属性基加密(CP-ABE)和密文政策基的属性基加密(KP-ABE)。在密文政策基属性基加密中,明文消息在一个可表示成以“与”“或”“非”门连接的逻辑表达式的谓词下加密。每个用户从属性机构处获得对应某个属性集合的密钥。当且仅当该属性集合满足上述谓词时,解密才能成功。密钥政策基属性基加密的情况则恰恰相反:在这种加密体制中,密文和属性集合相对应,而用户密钥则对应某个谓词。Shamir first proposed the concept of identity-based encryption in 1979, and then many extended concepts of identity-based encryption were proposed, such as hierarchical identity-based encryption, identity-based broadcast encryption, and spatial encryption. Attribute-based encryption is also an extension of identity-based encryption. There are two types of attribute-based encryption: key-policy-based attribute-based encryption (CP-ABE) and ciphertext-policy-based attribute-based encryption (KP-ABE). In ciphertext policy-based attribute-based encryption, the plaintext message is encrypted under a predicate that can be expressed as a logical expression connected by AND, OR, and NOT gates. Each user obtains a key corresponding to a certain attribute set from the attribute authority. Decryption can succeed if and only if the set of attributes satisfies the above predicate. The opposite is true for key-policy-based attribute-based encryption: in this encryption system, the ciphertext corresponds to a set of attributes, and the user key corresponds to a predicate.
属性加密在实际中有广泛的应用场景,比如分布式文件系统的访问控制,安全在线社交网络,高效广播加密等。此外,目前大部分身份基加密的扩展均可看作属性基加密的特例,比如,广播加密就可被看作一种特殊的密文政策基属性基加密,在这种加密系统中访问结构是以“或”门连接的谓词。属性基加密也是解决身份基加密系统中的若干理论问题的重要工具,迄今为止,属性基加密已被用来解决身份基加密中的身份撤销问题以及用来构造负责(accountable)身份基加密方案等。由于属性基加密在理论和实际应用中的重要性,这种加密体制一经提出便引起了研究者广泛的关注。Attribute encryption has a wide range of application scenarios in practice, such as access control of distributed file systems, secure online social networks, and efficient broadcast encryption. In addition, most extensions of identity-based encryption can be regarded as a special case of attribute-based encryption. For example, broadcast encryption can be regarded as a special ciphertext policy-based attribute-based encryption. In this encryption system, the access structure is Predicates connected by OR gates. Attribute-based encryption is also an important tool to solve some theoretical problems in identity-based encryption systems. So far, attribute-based encryption has been used to solve the identity revocation problem in identity-based encryption and to construct accountable identity-based encryption schemes. . Due to the importance of attribute-based encryption in theory and practical applications, this encryption system has attracted extensive attention of researchers once it was proposed.
(3)语义空间模型(3) Semantic space model
计算机很难理解人类语言的意思。这严重限制了我们给计算机传达指令,限制了计算机向我们解释它们的行动,也限制了计算机分析和处理文本的能力。语义的向量空间模型(VSMs)是处理这些局限性的开端。VSM的思想是把集合里的每个文档表示(represent)为空间里 的一个点(向量空间里的一个向量)。空间里的点越接近,语义相似性就越想相似;空间里的点越远,语义上就越遥远。用户的一个查询被表示为同一空间里的一个点作为一篇文档(这个查询被称为伪文档(pseudo-document))。文档按照和该查询的距离递增排序,然后展现给用户。然而VSM语义空间的还有很多的不足,比如文档的主题分类、关键字、同义词等等,会造成搜索效率低下,精度误差高的问题。Computers have a hard time understanding what human language means. This severely limits our ability to communicate instructions to computers, limit their actions to interpret them to us, and limit their ability to analyze and process text. Semantic vector space models (VSMs) are the beginning of dealing with these limitations. The idea of VSM is to represent each document in the collection as a point in the space (a vector in the vector space). The closer the points in the space are, the more similar the semantic similarity is; the farther the points in the space are, the more distant they are semantically. A query of the user is represented as a point in the same space as a document (this query is called a pseudo-document). Documents are sorted by increasing distance from the query and presented to the user. However, there are still many deficiencies in the VSM semantic space, such as document subject classification, keywords, synonyms, etc., which will result in low search efficiency and high precision errors.
技术问题technical problem
本发明所要解决的技术问题是:针对现有技术的问题,本发明提供了一种云计算环境中的密文搜索方法。The technical problem to be solved by the present invention is: aiming at the problems of the prior art, the present invention provides a ciphertext search method in a cloud computing environment.
技术解决方案technical solutions
第一方面,本申请实施例提供了一种云计算环境中的密文搜索方法,所述方法包括:In a first aspect, an embodiment of the present application provides a method for searching ciphertext in a cloud computing environment, the method comprising:
基于客户端的加密方对明文集加密得到密文结构,根据所述密文结构得到密文索引表,随机生成用户权限表,并将所述密文结构、用户权限表和密文索引表上传至云服务器,所述用户权限表至少包括每个用户属性类和属性类对应的用户权重策略树,所述明文集至少包括一个明文;The client-based encryption party encrypts the plaintext set to obtain the ciphertext structure, obtains the ciphertext index table according to the ciphertext structure, randomly generates the user permission table, and uploads the ciphertext structure, the user permission table and the ciphertext index table to the Cloud server, the user permission table includes at least each user attribute class and a user weight policy tree corresponding to the attribute class, and the plaintext set includes at least one plaintext;
基于所述客户端接收用户申请所述密文结构私钥的请求,所述用户接收所述密文结构私钥后并生成相对应的搜索陷门发送至云服务器,所述搜索陷门至少包括用户属性、搜索关键字、用户私钥;Based on the client receiving the request from the user to apply for the private key of the ciphertext structure, the user generates a corresponding search trapdoor after receiving the private key of the ciphertext structure and sends it to the cloud server, where the search trapdoor at least includes User attributes, search keywords, user private keys;
所述云服务器对所述用户属性与所述用户权重策略树进行匹配,若所述用户属性与所述用户权重策略树匹配成功,则通过所述搜索关键字与所述密文索引表进行筛选,得到搜索的索引密文;The cloud server matches the user attribute with the user weight policy tree, and if the user attribute is successfully matched with the user weight policy tree, the search keyword and the ciphertext index table are used for screening. , get the searched index ciphertext;
所述云服务器返回所述索引密文的中间值至所述客户端,并进行解密得到搜索结果。The cloud server returns the intermediate value of the index ciphertext to the client, and decrypts to obtain a search result.
第二方面,本申请实施例提供了一种云计算环境中的密文搜索系 统,所述系统包括:In the second aspect, an embodiment of the present application provides a ciphertext search system in a cloud computing environment, the system comprising:
加密模块:用于基于客户端的加密方对明文集加密得到密文结构,根据所述密文结构得到密文索引表,随机生成用户权限表,并将所述密文结构、用户权限表和密文索引表上传至云服务器,所述用户权限表至少包括每个用户属性类和属性类对应的用户权重策略树,所述明文集至少包括一个明文;Encryption module: used to encrypt the plaintext set based on the client-side encryption party to obtain the ciphertext structure, obtain the ciphertext index table according to the ciphertext structure, randomly generate the user permission table, and combine the ciphertext structure, the user permission table and the ciphertext structure. The text index table is uploaded to the cloud server, the user permission table at least includes each user attribute class and the user weight policy tree corresponding to the attribute class, and the plaintext set includes at least one plaintext;
生成模块:用于基于所述客户端接收用户申请所述密文结构私钥的请求,所述用户接收所述密文结构私钥后并生成相对应的搜索陷门发送至云服务器,所述搜索陷门至少包括用户属性、搜索关键字、用户私钥;Generation module: used to receive a request from a user to apply for the private key of the ciphertext structure based on the client, after the user receives the private key of the ciphertext structure, generate a corresponding search trapdoor and send it to the cloud server, the The search trapdoor includes at least user attributes, search keywords, and user private keys;
搜索模块:用于所述云服务器对所述用户属性与所述用户权重策略树进行匹配,若所述用户属性与所述用户权重策略树匹配成功,则通过所述搜索关键字与所述密文索引表进行筛选,得到搜索的索引密文;Search module: used by the cloud server to match the user attribute with the user weight policy tree, and if the user attribute is successfully matched with the user weight policy tree, the search keyword is used to match the password with the password. The text index table is filtered to obtain the searched index ciphertext;
解密模块:用于所述云服务器返回所述索引密文的中间值至所述客户端,并进行解密得到搜索结果。Decryption module: used by the cloud server to return the intermediate value of the index ciphertext to the client, and decrypt to obtain a search result.
第三方面,本申请实施例还提供了一种云计算环境中的密文搜索设备,包括存储器、处理器、以及存储在所述存储器中并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时,实现如第一方面所述的云计算环境中的密文搜索方法中的各个步骤。In a third aspect, embodiments of the present application further provide a ciphertext search device in a cloud computing environment, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where When the processor executes the computer program, each step in the ciphertext search method in the cloud computing environment according to the first aspect is implemented.
第四方面,本申请实施例还提供了一种存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时,实现如第一方面所述的云计算环境中密文搜索方法中的各个步骤。In a fourth aspect, an embodiment of the present application further provides a storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements the method for searching ciphertext in a cloud computing environment as described in the first aspect of the various steps.
有益效果beneficial effect
本发明提供了一种云计算环境中的密文搜索方法,该方法包括:基于客户端的加密方对明文集加密得到密文结构,根据所述密文结构得到密文索引表,随机生成用户权限表,并将所述密文结构、用户权 限表和密文索引表上传至云服务器,所述用户权限表至少包括每个用户属性类和属性类对应的用户权重策略树,所述明文集至少包括一个明文;基于所述客户端接收用户申请所述密文结构私钥的请求,所述用户接收所述密文结构私钥后并生成相对应的搜索陷门发送至云服务器,所述搜索陷门至少包括用户属性、搜索关键字、用户私钥;所述云服务器对所述用户属性与所述用户权重策略树进行匹配,若所述用户属性与所述用户权重策略树匹配成功,则通过所述搜索关键字与所述密文索引表进行筛选,得到搜索的索引密文;所述云服务器返回所述索引密文的中间值至所述客户端,并进行解密得到搜索结果。该方法实现了密文数据的高效检索功能,采用权重策略树优化访问策略,潜在语义优化空间模型,通过访问控制策略表和文档索引表提高检索的精准度,降低了密文搜索的计算量;利用全同态加密的特点,完全模糊化云服务器控制数据,实现高效的隐藏策略,充分利用云服务器算力进行同态加/乘操作来进行访问控制和密文检索,可实现高效的数据动态更新,极大的提高云数据处理的保密性和效率;且访问策略与用户是多对多的关系,即使一个用户背叛,它也不会影响其他用户,而且基于权重策略树的特性和属性值的同态加密模糊化,可以抵抗关键字猜测攻击。The invention provides a ciphertext search method in a cloud computing environment. The method includes: encrypting a plaintext set based on a client-side encryption party to obtain a ciphertext structure, obtaining a ciphertext index table according to the ciphertext structure, and randomly generating user rights table, and upload the ciphertext structure, user permission table and ciphertext index table to the cloud server, the user permission table at least includes each user attribute class and the user weight policy tree corresponding to the attribute class, and the plaintext set at least Including a plaintext; based on the client receiving the request from the user to apply for the private key of the ciphertext structure, after the user receives the private key of the ciphertext structure, the user generates a corresponding search trapdoor and sends it to the cloud server, and the search The trapdoor at least includes user attributes, search keywords, and user private keys; the cloud server matches the user attributes with the user weight policy tree, and if the user attributes are successfully matched with the user weight policy tree, then The searched index ciphertext is obtained by filtering the search keyword and the ciphertext index table; the cloud server returns the intermediate value of the index ciphertext to the client, and decrypts to obtain a search result. The method realizes the efficient retrieval function of ciphertext data, adopts the weight strategy tree to optimize the access strategy and the latent semantics to optimize the space model, improves the retrieval accuracy through the access control strategy table and the document index table, and reduces the calculation amount of the ciphertext search; Using the characteristics of fully homomorphic encryption, the cloud server control data is completely fuzzed, efficient hiding strategies are realized, and the cloud server computing power is fully utilized to perform homomorphic addition/multiplication operations for access control and ciphertext retrieval, which can achieve efficient data dynamics The update greatly improves the confidentiality and efficiency of cloud data processing; and the access policy has a many-to-many relationship with users. Even if one user betrays, it will not affect other users, and it is based on the characteristics and attribute values of the weighted policy tree. The homomorphic encryption fuzzing is resistant to keyword guessing attacks.
附图说明Description of drawings
下面结合附图详述本发明的具体结构The specific structure of the present invention will be described in detail below in conjunction with the accompanying drawings
图1为本发明的一种云计算环境中的密文搜索方法的流程示意图;1 is a schematic flowchart of a method for searching ciphertext in a cloud computing environment according to the present invention;
图2为本发明的一种云计算环境中的密文搜索方法的子流程示意图;2 is a schematic diagram of a sub-flow of a method for searching ciphertext in a cloud computing environment according to the present invention;
图3为本发明的一种云计算环境中的密文搜索方法的另一子流程示意图;Fig. 3 is another sub-flow schematic diagram of a ciphertext search method in a cloud computing environment of the present invention;
图4为本发明的一种云计算环境中的密文搜索方法的另一子流 程示意图;Fig. 4 is another sub-flow schematic diagram of the ciphertext search method in a kind of cloud computing environment of the present invention;
图5为本发明的一种云计算环境中的密文搜索方法的另一子流程示意图;Fig. 5 is another sub-flow schematic diagram of a ciphertext search method in a cloud computing environment of the present invention;
图6为本发明的一种云计算环境中的密文搜索方法的另一子流程示意图;Fig. 6 is another sub-flow schematic diagram of a ciphertext search method in a cloud computing environment of the present invention;
图7为本发明的一种云计算环境中的密文搜索方法的另一子流程示意图;Fig. 7 is another sub-flow schematic diagram of a ciphertext search method in a cloud computing environment of the present invention;
图8为本发明的一种云计算环境中的密文搜索方法的程序模块示意图。FIG. 8 is a schematic diagram of program modules of a method for searching ciphertext in a cloud computing environment according to the present invention.
本发明的实施方式Embodiments of the present invention
为使得本发明的发明目的、特征、优点能够更加的明显和易懂,下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而非全部实施例。基于本发明中的实施例,本领域技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, features and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application. The embodiments described above are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative efforts shall fall within the protection scope of the present invention.
图1为本申请实施例中云计算环境中的密文搜索方法的流程示意图,本实施例中,上述云计算环境中的密文搜索方法包括:1 is a schematic flowchart of a ciphertext search method in a cloud computing environment according to an embodiment of the present application. In this embodiment, the ciphertext search method in the above cloud computing environment includes:
步骤101、基于客户端的加密方对明文集加密得到密文结构,根据所述密文结构得到密文索引表,随机生成用户权限表,并将所述密文结构、用户权限表和密文索引表上传至云服务器,所述用户权限表至少包括每个用户属性类和属性类对应的用户权重策略树,所述明文集至少包括一个明文。Step 101: Encrypt the plaintext set based on the client to obtain a ciphertext structure, obtain a ciphertext index table according to the ciphertext structure, randomly generate a user authority table, and combine the ciphertext structure, user authority table and ciphertext index. The table is uploaded to the cloud server, the user permission table at least includes each user attribute class and a user weight policy tree corresponding to the attribute class, and the plaintext set includes at least one plaintext.
其中,加密方先对明文集进行加密得到密文结构,其中明文集由多个明文文档构成,将密文结构中生成的关键字的权重向量信息整合,得到一个密文索引表,根据加密方所选择的属性特征数随机生成一个用户权限表,用户权限表中还包括每个用户的属性类和属性类对应的 用户权重策略树,用户权重策略树就是对加密方所选择的属性特征数进行加密,加密方所选择的属性特征数也就是选择具有这些属性的用户可以查看该加密文件,其中用户的属性类至少包括用户ID,或其它的特征值,在本实施例中只提出用户ID,随后将密文结构、密文索引表以及用户权限表上传至云服务器中,其中密文索引表和用户权限表中的信息均是进行过同态模糊加密过的从而形成表格。Among them, the encryption party first encrypts the plaintext set to obtain the ciphertext structure, wherein the plaintext set consists of multiple plaintext documents, and integrates the weight vector information of the keywords generated in the ciphertext structure to obtain a ciphertext index table. The selected attribute feature number randomly generates a user permission table, and the user permission table also includes the attribute class of each user and the user weight policy tree corresponding to the attribute class. Encryption, the number of attribute features selected by the encryption party is to select the user with these attributes to view the encrypted file, wherein the attribute class of the user includes at least the user ID, or other feature values. In this embodiment, only the user ID is proposed, Then upload the ciphertext structure, the ciphertext index table and the user permission table to the cloud server, wherein the information in the ciphertext index table and the user permission table has been subjected to homomorphic fuzzy encryption to form a table.
步骤102、基于所述客户端接收用户申请所述密文结构私钥的请求,所述用户接收所述密文结构私钥后并生成相对应的搜索陷门发送至云服务器,所述搜索陷门至少包括用户属性、搜索关键字、用户私钥。Step 102: Based on the client receiving the request from the user to apply for the private key of the ciphertext structure, the user receives the private key of the ciphertext structure and generates a corresponding search trapdoor and sends it to the cloud server, and the search trapdoor is sent to the cloud server. The gate includes at least user attributes, search keywords, and user private keys.
其中,搜索方也就是用户输入自己的属性以及想要搜索的关键字的信息去申请密文的私钥,客户端给用户发送密文结构的私钥,用户的本地服务器则会生成一个搜索陷门,该搜索陷门整合了用户输入的信息以及得到的私钥。其中,输入搜索方的属性私钥SK、关键字的可搜索策略树R、公钥PK参数,然后输出搜索陷门后上传至云服务器的具体计算为:Among them, the search party is the user inputting their own attributes and the information of the keyword they want to search to apply for the private key of the ciphertext, the client sends the private key of the ciphertext structure to the user, and the user's local server will generate a search trap The search trapdoor integrates the information entered by the user and the obtained private key. Among them, input the attribute private key SK of the searcher, the searchable strategy tree R of the keyword, and the public key PK parameters, and then output the search trapdoor and upload it to the cloud server. The specific calculation is:
搜索方通过遍历策略树R,选取树R的根节点,令其为t∈G zp,本地服务器设置生成随机值d并存储,计算D paiThe searcher traverses the strategy tree R, selects the root node of the tree R, and sets it to be t∈G zp , the local server is set to generate a random value d and store it, and calculate D pai :
D pai=D t*h 1 d=g t(ac-r)/b+ad D pai =D t *h 1 d =g t(ac-r)/b+ad
通过访问树R,从树的根节点开始,自树从上而下访问树的任一节点i,选取一个多项式q i,并符合q i=d-1。选取树R的根节点R 0,令其为t∈G zp,令
Figure PCTCN2020128029-appb-000001
Figure PCTCN2020128029-appb-000002
为访问结构树中所有叶子节点组成的集合,有
Figure PCTCN2020128029-appb-000003
并进行以下加密计算:Dk和Dk': By visiting the tree R, starting from the root node of the tree, visiting any node i of the tree from top to bottom from the tree, select a polynomial qi, and satisfy qi = d-1. Select the root node R 0 of the tree R, let it be t∈G zp , let
Figure PCTCN2020128029-appb-000001
Assume
Figure PCTCN2020128029-appb-000002
To access the set of all leaf nodes in the structure tree, we have
Figure PCTCN2020128029-appb-000003
and do the following encryption calculations: Dk and Dk':
Figure PCTCN2020128029-appb-000004
Figure PCTCN2020128029-appb-000004
先取随机值t j∈G zp,对属性集合
Figure PCTCN2020128029-appb-000005
进行计算,有任意关键字
Figure PCTCN2020128029-appb-000006
都有以下计算,生成Dj和Dj': First take a random value t j ∈ G zp , for the attribute set
Figure PCTCN2020128029-appb-000005
Do calculations, with arbitrary keywords
Figure PCTCN2020128029-appb-000006
Both have the following calculations, generating Dj and Dj':
Figure PCTCN2020128029-appb-000007
Figure PCTCN2020128029-appb-000007
此处根据搜索方用户的属性生成对应的向量,该向量用于云服务器端用户权限表的用户策略树的匹配,该向量的每个属性值为同态算法模糊加密:Here, a corresponding vector is generated according to the attributes of the searcher user. The vector is used for matching the user policy tree of the user permission table on the cloud server side. Each attribute value of the vector is fuzzy encrypted by the homomorphic algorithm:
V (ID,S)={*,*,、,*}(*为相对应属性的数值) V (ID, S) = {*,*,,,*} (* is the value of the corresponding attribute)
然后,生成用户搜索关键字索引向量,为Then, generate the user search keyword index vector, which is
I tf={*,*,、、,*}(*为相对应关键字的TF值) Itf ={*,*,,,,,*} (* is the TF value of the corresponding keyword)
搜索陷门STK的输出格式为:The output format of the search trapdoor STK is:
Figure PCTCN2020128029-appb-000008
Figure PCTCN2020128029-appb-000008
步骤103、所述云服务器对所述用户属性与所述用户权重策略树进行匹配,若所述用户属性与所述用户权重策略树匹配成功,则通过所述搜索关键字与所述密文索引表进行筛选,得到搜索的索引密文。Step 103: The cloud server matches the user attribute with the user weight policy tree, and if the user attribute is successfully matched with the user weight policy tree, the search keyword and the ciphertext index are used for matching. The table is filtered to obtain the searched index ciphertext.
其中,1、上传搜索方的搜索陷门,云服务器CSP进行对用户权限表和密文索引表的匹配,确定用户密文集搜索范围,进行密文文档相似度向量计算,云服务器通过计算云端中的I idf向量和密文CT、SKT中的I tf向量,得出对应的I tf-idf文档向量,再通过对应的LSA潜在语义空间模型参数(X),求得对应文档匹配向量V, Among them, 1. Upload the search trapdoor of the searcher, the cloud server CSP matches the user permission table and the ciphertext index table, determines the search range of the user ciphertext set, and calculates the similarity vector of the ciphertext document. The I idf vector and the I tf vector in the ciphertext CT and SKT, the corresponding Itf-idf document vector is obtained, and then the corresponding document matching vector V is obtained through the corresponding LSA latent semantic space model parameter (X),
文档匹配向量=V=I tf-idf T*X Document matching vector = V = I tf-idf T *X
得出该密文文档和搜索陷门的相似度V,通过对余弦计算相似度度量的筛选,选取对应的密文,生成待解密密文集合。计算如下:The similarity V between the ciphertext document and the search trapdoor is obtained, and the corresponding ciphertext is selected by screening the similarity measure of cosine calculation to generate a set of ciphertexts to be decrypted. The calculation is as follows:
Figure PCTCN2020128029-appb-000009
Figure PCTCN2020128029-appb-000009
2、对筛选后的密文集合进行匹配操作:2. Perform a matching operation on the filtered ciphertext set:
若y是密文CT中的访问策略A中的叶子节点,则定义j=att(y)。对每一个属性j∈A,计算其中间值E yIf y is a leaf node in the access policy A in the ciphertext CT, define j=att(y). For each attribute j∈A, calculate its intermediate value E y .
Figure PCTCN2020128029-appb-000010
Figure PCTCN2020128029-appb-000010
若y是A的非叶子节点,那么定义S Z是一个任意k Z大小的节点z集合,然后按照如下计算中间值E yIf y is a non-leaf node of A, then define S Z to be a set of nodes z of any size k Z , and then calculate the intermediate value E y as follows.
Figure PCTCN2020128029-appb-000011
Figure PCTCN2020128029-appb-000011
若y是根节点,那么中间值E,按照如下的结果返回。If y is the root node, then the intermediate value E is returned as follows.
Figure PCTCN2020128029-appb-000012
Figure PCTCN2020128029-appb-000012
3、若x是可搜索策略树R的叶子结点,令w=key(x)是哈希函数关联的关键字,对每一个属性x∈R,计算其中间值E y'3. If x is the leaf node of the searchable policy tree R, let w=key(x) be the key associated with the hash function, and for each attribute x∈R, calculate its intermediate value E y' .
Figure PCTCN2020128029-appb-000013
Figure PCTCN2020128029-appb-000013
若x是R的非叶子节点,那么定义S Z'是一个任意k Z'大小的孩子节点z'集合,然后按照如下计算中间值E y'If x is a non-leaf node of R, then define S Z' as a set of child nodes z' of any size of k Z' , and then calculate the intermediate value E y' as follows.
Figure PCTCN2020128029-appb-000014
Figure PCTCN2020128029-appb-000014
若x是根节点,那么中间值E,按照如下的结果返回。If x is the root node, then the intermediate value E is returned as follows.
Figure PCTCN2020128029-appb-000015
Figure PCTCN2020128029-appb-000015
4、根据两个值,E y和E y'进行相对应公式运算,返回中间结果
Figure PCTCN2020128029-appb-000016
选取下一篇符合相似度筛选的密文从第2步开始计算。公式如下: 4. According to the two values, E y and E y' , perform the corresponding formula operation and return the intermediate result
Figure PCTCN2020128029-appb-000016
Select the next ciphertext that meets the similarity filter and start the calculation from step 2. The formula is as follows:
Figure PCTCN2020128029-appb-000017
Figure PCTCN2020128029-appb-000017
步骤104、所述云服务器返回所述索引密文的中间值至所述客户端,并进行解密得到搜索结果。Step 104: The cloud server returns the intermediate value of the index ciphertext to the client, and decrypts to obtain a search result.
其中,在步骤103中,返回中间结果
Figure PCTCN2020128029-appb-000018
后,进行解密计算:
Figure PCTCN2020128029-appb-000019
Among them, in step 103, the intermediate result is returned
Figure PCTCN2020128029-appb-000018
After that, perform the decryption calculation:
Figure PCTCN2020128029-appb-000019
本申请实施例提供了一种云计算环境中的密文搜索方法,该方法包括:基于客户端的加密方对明文集加密得到密文结构,根据所述密文结构得到密文索引表,随机生成用户权限表,并将所述密文结构、用户权限表和密文索引表上传至云服务器,所述用户权限表至少包括每个用户属性类和属性类对应的用户权重策略树,所述明文集至少包括一个明文;基于所述客户端接收用户申请所述密文的私钥的请求,所述用户接收所述密文结构私钥后并生成相对应的搜索陷门发送至云服务器,所述搜索陷门至少包括用户属性、搜索关键字、用户私钥;所述云服务器对所述用户属性与所述用户权重策略树进行匹配,若所述用户属性与所述用户权重策略树匹配成功,则通过所述搜索关键字与所述密文索引表进行筛选,得到搜索的索引密文;所述云服务器返回所述索引密文的中间值至所述客户端,并进行解密得到搜索结果。该方法实现了密文数据的高效检索功能,采用权重策略树优化访问策略,潜在语义优化空间模型,通过访问控制策略表和文档索引表提高检索的精准度,降低了密文搜索的计算量;利用全同态加密的特点,完全模糊化云服务器控制数据,实现高效的隐藏策略,充分利用云服务器算力进行同态加/乘操作来进行访问控制和密文检索,可实现高效的数据动态更新,极大的提高云数据处理的保密性和效率;且访问策略与用户是多对多的关系,即使一个用户背叛,它也不会影响其他用户,而且基于权重策略树的特性和属性值的同态加密模糊化,可以抵抗关键字猜测攻击。An embodiment of the present application provides a ciphertext search method in a cloud computing environment. The method includes: encrypting a plaintext set based on a client-side encryption party to obtain a ciphertext structure, obtaining a ciphertext index table according to the ciphertext structure, and randomly generating a ciphertext index table. User permission table, upload the ciphertext structure, user permission table and ciphertext index table to the cloud server, the user permission table at least includes each user attribute class and the user weight policy tree corresponding to the attribute class, the description The corpus includes at least one plaintext; based on the client receiving the request from the user to apply for the private key of the ciphertext, the user receives the private key of the ciphertext structure and generates a corresponding search trapdoor and sends it to the cloud server. The search trapdoor at least includes user attributes, search keywords, and user private keys; the cloud server matches the user attributes with the user weight policy tree, and if the user attributes are successfully matched with the user weight policy tree , then filter the search keyword and the ciphertext index table to obtain the searched index ciphertext; the cloud server returns the intermediate value of the index ciphertext to the client, and decrypts to obtain the search result . The method realizes the efficient retrieval function of ciphertext data, adopts the weight strategy tree to optimize the access strategy and the latent semantics to optimize the space model, improves the retrieval accuracy through the access control strategy table and the document index table, and reduces the calculation amount of the ciphertext search; Using the characteristics of fully homomorphic encryption, the cloud server control data is completely fuzzed, efficient hiding strategies are realized, and the cloud server computing power is fully utilized to perform homomorphic addition/multiplication operations for access control and ciphertext retrieval, which can achieve efficient data dynamics The update greatly improves the confidentiality and efficiency of cloud data processing; and the access policy has a many-to-many relationship with users. Even if one user betrays, it will not affect other users, and it is based on the characteristics and attribute values of the weighted policy tree. The homomorphic encryption fuzzing is resistant to keyword guessing attacks.
具体的,基于上述实施例,参照图2,图2为本申请云计算环境中的密文搜索方法的子流程示意图,本实施例中,基于客户端的加密方对明文集加密得到密文结构的具体步骤包括:Specifically, based on the foregoing embodiment, referring to FIG. 2 , FIG. 2 is a schematic diagram of a sub-flow of the ciphertext search method in the cloud computing environment of the present application. In this embodiment, the client-based encryption party encrypts the plaintext set to obtain the ciphertext structure. Specific steps include:
先对所述明文进行属性基加密;First perform attribute-based encryption on the plaintext;
构建所述明文中关键字的TF向量以及所述明文集中关键字的IDF向量;Construct the TF vector of the keyword in the plaintext and the IDF vector of the keyword in the plaintext;
计算所述明文集中的关键字的TF-IDF向量;calculating the TF-IDF vector of the keywords in the plaintext set;
对所述明文集进行潜在语义SVD降维计算,得到向量空间模型和I idfPerform latent semantic SVD dimension reduction calculation on the plaintext set to obtain a vector space model and I idf ;
同态加密所述向量空间模型和I idf生成对应密文结构。 Homomorphic encryption The vector space model and I idf generate the corresponding ciphertext structure.
其中,构建所述明文中关键字的TF向量以及所述明文集中关键Among them, construct the TF vector of the keywords in the plaintext and the keys in the plaintext
Figure PCTCN2020128029-appb-000020
(其中m j为文档d j中的词数,n ij为关键词t i出现的词数。)
Figure PCTCN2020128029-appb-000020
(where m j is the number of words in document d j , and n ij is the number of words in which keyword t i appears.)
Figure PCTCN2020128029-appb-000021
(其中|D|为总文档数,
Figure PCTCN2020128029-appb-000022
为关键词t i出现的文档数)字的IDF:
Figure PCTCN2020128029-appb-000021
(where |D| is the total number of documents,
Figure PCTCN2020128029-appb-000022
The IDF for the number of documents in which the keyword t i appears):
计算所述明文集中的关键字的TF-IDF向量A tf-idfCalculate the TF-IDF vector Atf-idf of the keywords in the plaintext set;
LSA潜在语义空间模型:A tf-idf=USV T, LSA latent semantic space model: A tf-idf = USV T ,
LSA向量空间模型参数:X=US T LSA vector space model parameters: X=US T
先通过加密方对其明文的加密,选择r 0∈G zp然后分别计算C和
Figure PCTCN2020128029-appb-000023
First, encrypt the plaintext by the encryption party, select r 0 ∈ G zp and then calculate C and
Figure PCTCN2020128029-appb-000023
Figure PCTCN2020128029-appb-000024
Figure PCTCN2020128029-appb-000024
通过访问结构A构建访问树T,从树的根节点开始,自树从上而下访问树的任一节点i,选取一个多项式q i,并符合q i=d-1。对于树的根节点T 0,有r 0∈G zp,令
Figure PCTCN2020128029-appb-000025
设Y为访问结构树T中所有叶子节点组成的集合,有y∈Y并进行以下加密计算:Cy和Cy' The access tree T is constructed by visiting the structure A, starting from the root node of the tree, visiting any node i of the tree from top to bottom, selecting a polynomial qi, and satisfying qi = d-1. For the root node T 0 of the tree, there is r 0 ∈ G zp , let
Figure PCTCN2020128029-appb-000025
Let Y be the set of all leaf nodes in the access structure tree T, with y∈Y and perform the following encryption calculations: Cy and Cy'
Figure PCTCN2020128029-appb-000026
Figure PCTCN2020128029-appb-000026
对语义模型中的生成关键字集合W进行计算,取随机值r i∈G zp对任意关键字w∈W,都有以下计算,生成Cw和Cw' Calculate the generated keyword set W in the semantic model, take a random value r i ∈ G zp for any keyword w ∈ W, have the following calculations to generate Cw and Cw'
Figure PCTCN2020128029-appb-000027
Figure PCTCN2020128029-appb-000027
通过加密方对其明文集进行构建对应TF向量,取对应文档的索引匹配向量为:The corresponding TF vector is constructed by the encryption party for its plaintext set, and the index matching vector of the corresponding document is taken as:
I tf={*,*,、,*}(*为对应key的数值) Itf ={*,*,,,*} (* is the value of the corresponding key)
同时所有文档对应的索引向量整合到云服务器端的表二的文档索引表中,最后,密文CT的输出格式为:At the same time, the index vectors corresponding to all documents are integrated into the document index table in Table 2 on the cloud server side. Finally, the output format of the ciphertext CT is:
Figure PCTCN2020128029-appb-000028
Figure PCTCN2020128029-appb-000028
此处加密方在本地服务器对优化后的权重访问策略树、确定加密明文集进行潜在语义SVD降维计算(其中关键字权重为TF-IDF权重)生成的向量空间模型LSA和I idf,同态加密生成对应密文结构后上传云服务器。LSA(latent semantic analysis)潜在语义分析,也被称为LSI(latent semantic index),是Scott Deerwester,Susan T.Dumais等人在1990年提出来的一种新的索引和检索方法。该方法和传统向量空间模型(VSM)一样使用向量来表示词(terms)和文档(documents),并通过向量间的关系(如夹角)来判断词及文档间的关系;不同的是,LSA将词和文档映射到潜在语义空间,从而去除了原始向量空间中的一些“噪音”,提高了信息检索的精确度。通过生成词汇库,构成词汇-文本矩阵(使用TF-IDF加权词频)。初始矩阵中每一行对应一个词,每列对应一篇文章,M个词和N篇文章可以表示为如下M*N的矩阵,然后进行图中的奇异值分解,对SVD分解后的矩阵进行降维,构建潜在语义空间。LSA的优点在于:低维空间表示可以刻画同义词,同义词会对应着相同或相似的主题;降维可去除部分噪声,使特征更明显;充分利用冗余数据;无监督/完全自动化;与语言无关,实用性强。 Here, the encryption party performs the latent semantic SVD dimension reduction calculation on the optimized weight access policy tree and determines the encrypted plaintext set (where the keyword weight is the TF-IDF weight) on the local server. The vector space model LSA and I idf are homomorphic After encrypting to generate the corresponding ciphertext structure, upload it to the cloud server. LSA (latent semantic analysis), also known as LSI (latent semantic index), is a new indexing and retrieval method proposed by Scott Deerwester, Susan T. Dumais and others in 1990. This method, like the traditional vector space model (VSM), uses vectors to represent words (terms) and documents (documents), and judges the relationship between words and documents through the relationship between vectors (such as included angles); the difference is that LSA Mapping words and documents into the latent semantic space removes some "noise" in the original vector space and improves the accuracy of information retrieval. By generating a vocabulary base, a vocabulary-text matrix is formed (using TF-IDF to weight the word frequency). Each row in the initial matrix corresponds to a word, and each column corresponds to an article. M words and N articles can be expressed as the following M*N matrix, and then perform singular value decomposition in the figure, and reduce the matrix after SVD decomposition. dimension to construct the latent semantic space. The advantages of LSA are: low-dimensional spatial representation can describe synonyms, and synonyms will correspond to the same or similar topics; dimensionality reduction can remove some noise and make features more obvious; make full use of redundant data; unsupervised/complete automation; language-independent , strong practicability.
具体的,基于上述实施例,参照图3,图3为本申请云计算环境中的密文搜索方法的另一子流程示意图,本实施例中,随机生成用户权限表具体步骤包括:Specifically, based on the above embodiment, referring to FIG. 3 , FIG. 3 is a schematic diagram of another sub-flow of the ciphertext search method in the cloud computing environment of the application. In this embodiment, the specific steps of randomly generating a user permission table include:
对优化后的用户权重策略树同态加密,所述用户权重策略树至少包括加密方选择的属性特征数;Homomorphically encrypt the optimized user weight policy tree, where the user weight policy tree at least includes the number of attribute features selected by the encryption party;
生成优化后的主题策略树密文、属性类对应权重密文、策略权重对应密文集合密文。Generate the optimized topic policy tree ciphertext, attribute class corresponding weight ciphertext, policy weight corresponding ciphertext set ciphertext.
其中,优化后的用户权重策略树进行优化后,不仅减少了密文的存储开销,而且还减少了加密方面的计算开销,对优化后的用户权重 策略树通过同态加密后,对这三部分进行同态匹配操作。Among them, after the optimized user weight policy tree is optimized, it not only reduces the storage cost of ciphertext, but also reduces the computational cost of encryption. After the optimized user weight policy tree is homomorphically encrypted, the three parts are Perform a homomorphic matching operation.
具体的,基于上述实施例,参照图4,图4为本申请云计算环境中的密文搜索方法的另一子流程示意图,本实施例中,所述云服务器对所述用户属性与所述用户权重策略树进行匹配的具体步骤包括:Specifically, based on the above embodiment, referring to FIG. 4 , FIG. 4 is a schematic diagram of another sub-flow of the ciphertext search method in the cloud computing environment of the present application. In this embodiment, the cloud server compares the user attributes with the The specific steps for matching the user weight policy tree include:
对所述用户属性进行同态算法模糊加密后,与所述属性类对应权重密文进行匹配;After performing the homomorphic algorithm fuzzy encryption on the user attribute, match it with the corresponding weight ciphertext of the attribute class;
若匹配成功,则将所述用户属性再与所述主题策略树密文进行匹配,确定所述用户的权限和可搜索密文的范围;If the matching is successful, the user attribute is then matched with the ciphertext of the topic policy tree to determine the authority of the user and the scope of the searchable ciphertext;
再与所述策略权重对应密文集合密文进行匹配,锁定所述密文的搜索范围。The ciphertexts of the ciphertext sets corresponding to the policy weights are then matched to lock the search range of the ciphertexts.
其中,搜索方用户上传搜索申请属性陷门向量,该向量也是通过同态算法模糊加密后,云服务器首先对用户的属性密文先进行属性类对应权重密文的匹配计算,大致计算原理如下:Among them, the searcher user uploads the attribute trapdoor vector of the search application. After the vector is also fuzzy encrypted by the homomorphic algorithm, the cloud server first performs the matching calculation of the attribute class corresponding weight ciphertext on the attribute ciphertext of the user. The approximate calculation principle is as follows:
其中同态加密中加密方随机生成大素数的r',p,q,取得公共参数r'p,N=pq,hm.CT attribute是搜索方的属性陷门向量,hm.CT DU是加密方的属性类对应权重密文, Among them, in homomorphic encryption, the encryption party randomly generates large prime numbers r', p, q, and obtains the public parameter r'p, N=pq, hm.CT attribute is the attribute trapdoor vector of the search party, hm.CT DU is the encryption party's attribute trapdoor vector The attribute class of corresponds to the weight ciphertext,
Value=((hm.CT attribute-hm.CT DU)r'p)mod N Value=((hm.CT attribute -hm.CT DU )r'p)mod N
=((M attribute-M token)r'p+2 kr'pq(r attribute-r token))mod N =((M attribute -M token )r'p+2 k r'pq(r attribute -r token ))mod N
=(M attribute-M token)r'p =(M attribute -M token )r'p
可见,由于r'p不为0,因此,如果Value=0,则表示匹配成功,即用户的属性对应的类存在于云服务器的表内,然后通过相类似的计算可以得出该属性在属性类内的权重值Value=ω attributeIt can be seen that since r'p is not 0, if Value=0, it means that the matching is successful, that is, the class corresponding to the attribute of the user exists in the table of the cloud server, and then through similar calculation, it can be concluded that the attribute is in the attribute The weight value within the class Value=ω attribute .
云服务器进行与策略属性树密文匹配,将经过匹配后的确定的用户属性类进行树的与/或计算,具体操作为使用同态加密的密文性值为{0,1}的特质,通过同态的加减操作实现与/或计算。将操作后的策略属性树密文与多属性权重值集合Value all={ω 1、、、ω n}进行乘同态操作,然后与策略权重对应密文集合密文进行匹配,返回Value=W search,该Value值为设定好的密文集合索引,将值传给文档索引表进行下一 步密文检索。 The cloud server matches the ciphertext of the policy attribute tree, and performs tree sum/or calculation on the determined user attribute class after matching. And/or computations are implemented by homomorphic addition and subtraction operations. Multiply the ciphertext of the policy attribute tree after the operation with the multi-attribute weight value set Value all = {ω 1 , , ω n }, and then match the ciphertext of the ciphertext set corresponding to the policy weight, and return Value=W search , the Value value is the set ciphertext collection index, and the value is passed to the document index table for the next ciphertext retrieval.
在这个过程中,用户数据的传输、存储、检索以及处理等过程,除用户本地外,其他实体均未接触到用户明文数据及其中间处理结果。另外,用户也不需要获取同态算法解密私钥p,而只需要上传加密这个数据时所用到的随机数r和p的积以及N=pq,用这两个公参来进行同态模糊加密,由于r与p都是大素数,其积同样在计算上也是难分解的,这样就确保了私有密钥p没有被泄露的风险。In this process, in the process of transmission, storage, retrieval and processing of user data, except for the user's locality, no other entities have access to the user's plaintext data and its intermediate processing results. In addition, users do not need to obtain the private key p for homomorphic algorithm decryption, but only need to upload the product of random numbers r and p and N=pq used to encrypt the data, and use these two public parameters to perform homomorphic fuzzy encryption , since both r and p are large prime numbers, their product is also computationally intractable, thus ensuring that the private key p is not at risk of being leaked.
具体的,基于上述实施例,参照图5,图5为本申请云计算环境中的密文搜索方法的另一子流程示意图,本实施例中,若所述用户属性与所述用户权重策略树匹配成功,则通过所述关键字与所述密文索引表进行筛选,得到搜索的索引密文的具体步骤包括:Specifically, based on the above embodiment, referring to FIG. 5 , FIG. 5 is a schematic diagram of another sub-flow of the ciphertext search method in the cloud computing environment of the present application. In this embodiment, if the user attribute and the user weight policy tree If the match is successful, the specific steps of obtaining the searched index ciphertext by filtering the keyword and the ciphertext index table include:
当所述用户属性与所述用户权重策略树匹配成功后;After the user attribute is successfully matched with the user weight policy tree;
通过所述陷门中的搜索关键字和相关参数与所述密文索引表进行密文相关性筛选,得到搜索的索引密文,所述密文索引表至少包括所述密文中的关键字向量。The ciphertext correlation screening is performed between the search keywords and related parameters in the trapdoor and the ciphertext index table to obtain the searched index ciphertext, and the ciphertext index table at least includes the keyword vector in the ciphertext. .
其中,当用户属性跟用户权重策略树匹配成功后,陷门中的用户搜索的关键字则会在密文索引表中的关键字进行筛选,得到最相近的索引密文。Among them, after the user attributes are successfully matched with the user weight policy tree, the keywords searched by the users in the trapdoor will be filtered in the keywords in the ciphertext index table to obtain the most similar index ciphertext.
具体的,基于上述实施例,参照图6,图6为本申请云计算环境中的密文搜索方法的另一子流程示意图,本实施例中,基于所述客户端接收搜索方用户申请所述密文结构的私钥的请求的具体步骤包括:Specifically, based on the above-mentioned embodiment, referring to FIG. 6 , FIG. 6 is a schematic diagram of another sub-flow of the ciphertext search method in the cloud computing environment of the application. The specific steps of requesting the private key of the ciphertext structure include:
基于客户端生成公钥和用于生成私钥的主私钥;Generate the public key and the master private key used to generate the private key based on the client;
基于公钥、主私钥、所述用户ID以及所述用户属性得到所述用户的私钥。The user's private key is obtained based on the public key, the master private key, the user ID, and the user attribute.
其中,构建G 0是一个以素数p为阶的双线性群,并且
Figure PCTCN2020128029-appb-000029
η为随机值。设g为其生成元,双线性映射e:G 0×G 0→G r,定义了两个哈希函数:H 0:{0,1} *→G 0和H 1:{0,1} *→G zp。 在群G zp中选择三个随机数a,b,c∈G zp。同态加密算法生成p,q,r为随机素数值,p为私钥,生成搜索公钥参数:{N=pq,RQ=rq}。输出公钥PK和主密钥MK,其中公钥PK内包含了同态加密算法所需的随机值函数集合。 where construct G 0 is a bilinear group of order prime p, and
Figure PCTCN2020128029-appb-000029
η is a random value. Let g be its generator, and the bilinear map e:G 0 ×G 0 →G r defines two hash functions: H 0 :{0,1} * →G 0 and H 1 :{0,1 } * →G zp . Three random numbers a, b, c ∈ G zp are selected in the group G zp . The homomorphic encryption algorithm generates p, q, r is a random prime value, p is a private key, and generates a search public key parameter: {N=pq, RQ=rq}. Output the public key PK and the master key MK, where the public key PK contains the set of random value functions required by the homomorphic encryption algorithm.
Figure PCTCN2020128029-appb-000030
Figure PCTCN2020128029-appb-000030
MK={a,b,c}。MK={a, b, c}.
输入公钥PK、主私钥MSK、申请搜索的用户ID和搜索方DU的属性集合S,然后输出搜索方的属性私钥SK。取随机数r∈G zp,并对属性集S中的每个属性
Figure PCTCN2020128029-appb-000031
选取随机数tj∈G zp,并赋予对应时间戳加密的ID t。计算可得: Enter the public key PK, the master private key MSK, the ID of the user applying for search, and the attribute set S of the searcher DU, and then output the attribute private key SK of the searcher. Take a random number r∈G zp , and for each attribute in the attribute set S
Figure PCTCN2020128029-appb-000031
A random number tj∈G zp is selected, and the encrypted ID t corresponding to the timestamp is assigned. Calculated to get:
SK (S,ID)={S,D=h 4 (ac-r),ID t SK (S, ID) = {S, D = h 4 (ac-r) , ID t
Figure PCTCN2020128029-appb-000032
Figure PCTCN2020128029-appb-000032
具体的,基于上述实施例,参照图7,图7为本申请云计算环境中的密文搜索方法的另一子流程示意图,本实施例中,云计算环境中的密文搜索方法还包括:Specifically, based on the foregoing embodiment, referring to FIG. 7 , FIG. 7 is a schematic diagram of another sub-flow of the ciphertext search method in the cloud computing environment of the present application. In this embodiment, the ciphertext search method in the cloud computing environment further includes:
基于客户端删除加密数据时,通过更改数据的访问结构;When the encrypted data is deleted based on the client, by changing the access structure of the data;
云服务器确定所述加密数据被删除后,返回删除文件至所述客户端。After determining that the encrypted data is deleted, the cloud server returns the deleted file to the client.
其中,当加密方想要删除某类加密数据时,通过同态操作撤消访问权限属性来更改文件的访问结构,delete操作之后执行后,云服务器将确定是否当前文件已被删除,并将返回一个删除文件给加密方。潜在语义空间模型LSA不支持数据更新,而且容易被猜测关键字攻击,所以利用云服务器算力和使用同态加密来解决这个问题。方案中采用的向量空间模型依赖于tf-idf权重,其中逆文档频率(idf)因子取决于包含关键字的文件数。添加或删除文件时,关键字的idf因子可能会更改。为了避免在更新发生时更新所有可搜索索引,文件向量应该相互独立。由于可搜索索引是为每个文件构建的,一个可行的解 决方案是只在文件向量中存储tf值,并添加另一个辅助向量来存储每个关键字的idf值。这样更新仅限于辅助向量,而不是所有可搜索的索引。其代价是在用户搜索请求期间,需要计算tf-idf权重以获得相关性得分。由于计算在服务器端,并且服务器端的计算能力很高,所以整体效率几乎不受更新的影响。而且使用了同态算法加密后,避免了猜测关键字攻击,而且同态操作过程中全程黑盒化,没有泄露私钥的可能性。Among them, when the encryptor wants to delete a certain type of encrypted data, the access structure of the file is changed by revoking the access permission attribute through the homomorphic operation. After the delete operation is executed, the cloud server will determine whether the current file has been deleted, and will return a Delete the file to the encryption party. Latent Semantic Space Model LSA does not support data update and is vulnerable to keyword guessing attacks, so the computing power of cloud servers and homomorphic encryption are used to solve this problem. The vector space model adopted in the scheme relies on tf-idf weights, where the inverse document frequency (idf) factor depends on the number of documents containing keywords. The idf factor of a keyword may change when files are added or removed. To avoid updating all searchable indexes when an update occurs, the document vectors should be independent of each other. Since the searchable index is built for each file, a possible solution would be to just store the tf value in the file vector and add another auxiliary vector to store the idf value for each key. This way the update is limited to the auxiliary vector, not all searchable indices. The cost is that during user search requests, tf-idf weights need to be computed to obtain relevance scores. Since the computation is on the server side, and the computing power on the server side is high, the overall efficiency is hardly affected by the update. Moreover, after using the homomorphic algorithm for encryption, guessing keyword attacks are avoided, and the whole process of the homomorphic operation is black-boxed, and there is no possibility of revealing the private key.
其中,同态算法的实现:Among them, the realization of the homomorphic algorithm:
1、HOMO.Encrypt(PK,M',LSA)→CT':同态加密算法,输入公共参数PK,数据所有方DO生成确定好的权重策略树向量、语义模型参数和文档tf向量,
Figure PCTCN2020128029-appb-000033
[ω为文档数]。其中q,r为随机素数值,p为私钥,加密内容用二进制比特来表示,M'∈{0,1}。得加密密文CT' 1. HOMO.Encrypt(PK,M',LSA)→CT': Homomorphic encryption algorithm, input the public parameter PK, the data owner DO generates the determined weight policy tree vector, semantic model parameters and document tf vector,
Figure PCTCN2020128029-appb-000033
[ω is the number of documents]. Among them, q and r are random prime values, p is the private key, and the encrypted content is represented by binary bits, M'∈{0,1}. get encrypted ciphertext CT'
CT'={pq+2 krq+M'} CT'={pq+ 2k rq+M'}
此处加密算法是对初始算法的优化,针对原算法加密生成密文过大的改进,使用多bit的二进制缩减密文大小,加密公式中的2的k次方,表示bit的缩减程度,这样极大的缩小计算量,而且为了多次同态操作后会使密文噪声过大,使用了模交换技术,即是在每次计算密文后再与一个小数相乘,来降低噪声,控制密文中噪声的增加。The encryption algorithm here is an optimization of the initial algorithm. In view of the large improvement of the ciphertext generated by the original algorithm, a multi-bit binary is used to reduce the ciphertext size. The k power of 2 in the encryption formula represents the degree of bit reduction, so that The amount of calculation is greatly reduced, and in order to make the ciphertext noise too large after multiple homomorphic operations, the modulo exchange technology is used, that is, after each calculation of the ciphertext, it is multiplied by a decimal to reduce noise and control An increase in noise in the ciphertext.
假设模q为V j,两个密文噪声都为V,那么在同态乘运算后噪声大于V 2,在logj层乘法运算后的噪声达到阈值,不能进行下一步计算。所以为了解决这个情况,把每次乘法运算后再乘以1/v。在第一次的运算中噪声为X 2然后乘以1/v,这样噪声被降低。 Assuming that the modulo q is V j and the noise of both ciphertexts is V, then the noise is greater than V 2 after the homomorphic multiplication operation, and the noise after the multiplication operation at the logj layer reaches the threshold, and the next step cannot be calculated. So to solve this situation, multiply each multiplication by 1/v. In the first operation the noise is X 2 and then multiplied by 1/v, so the noise is reduced.
2、Calculate(CT',f (update))→CT *:云服务器CSP输入指定的CT',通过数据所有方发送的对应同态操作的函数f (update),可以实现对密文的加同态和乘同态计算,对加密的密文CT'进行属性上的更新操作和对密文中的LSA模型内的参数进行动态修改。 2. Calculate(CT', f (update) )→CT * : The cloud server CSP inputs the specified CT', and the function f (update) corresponding to the homomorphic operation sent by the data owner can realize the addition and synchronization of the ciphertext State and multiplication homomorphism calculation, perform attribute update operation on encrypted ciphertext CT' and dynamically modify parameters in LSA model in ciphertext.
这里对应的函数操作:权重属性策略树进行匹配;对tf-idf进行 权重计算;进行潜在语义(lsa)的计算;属性策略树的值或权重、用户ID、相关文档向量的动态修改。The corresponding function operations here are: weight attribute strategy tree matching; weight calculation for tf-idf; latent semantic (lsa) calculation; dynamic modification of the value or weight of attribute strategy tree, user ID, and related document vectors.
同态操作原理如下:The principle of homomorphic operation is as follows:
同态性包含加法和乘法同态,有两个密文c 1=m 1+2 kr 1q+pq和c 2=m 2+2 kr 2q+pq Homomorphism includes additive and multiplicative homomorphism, there are two ciphertexts c 1 =m 1 +2 k r 1 q+pq and c 2 =m 2 +2 k r 2 q+pq
同态加法正确性证明:Homomorphic addition correctness proof:
((c 1+c 2)mod p)mod 2 k((c 1 +c 2 )mod p)mod 2 k =
[((m 1+m 2)+2 kq(r 1+r 2)+pq)mod p]mod 2 k[((m 1 +m 2 )+2 k q(r 1 +r 2 )+pq)mod p]mod 2 k =
((m 1+m 2)+2 kq(r 1+r 2))mod 2 k=m 1+m 2 ((m 1 +m 2 )+2 k q(r 1 +r 2 ))mod 2 k =m 1 +m 2
同态乘法正确性证明:Homomorphic multiplication correctness proof:
((c 1*c 2)mod p)mod 2 k=[((m 1+2 kr 1q)(m 2+2 kr 2q)+ ((c 1 *c 2 )mod p)mod 2 k =[((m 1 +2 k r 1 q)(m 2 +2 k r 2 q)+
p((m 1+2 kr 1q)+(m 2+2 kr 2q))q+(pq) 2)mod p]mod 2 kp((m 1 +2 k r 1 q)+(m 2 +2 k r 2 q))q+(pq) 2 )mod p]mod 2 k =
((m 1+2 kr 1q)(m 2+2 kr 2q))mod 2 k((m 1 +2 k r 1 q)(m 2 +2 k r 2 q))mod 2 k =
(m 1m 2+2 k(m 1r 2+m 2r 1+2 kr 1r 2)q)mod 2 k=m 1m 2 (m 1 m 2 +2 k (m 1 r 2 +m 2 r 1 +2 k r 1 r 2 )q)mod 2 k =m 1 m 2
但是在上述方案中,如果将pq当做公钥,私钥p很容易就被发现了,所以在上述加密算法中引入最大公约数问题,即加入一些明文为0加密得到的密文However, in the above scheme, if pq is used as the public key, the private key p can be easily discovered, so the greatest common divisor problem is introduced into the above encryption algorithm, that is, some ciphertexts obtained by encrypting the plaintext with 0 are added.
{x i:x i=2 nr i+pq i} {x i :x i =2 n r i +pq i }
将这个集合看做是公钥,并且在加密时随机从这个集合中选取一些子集的和加入加密算法中,方案就是安全的。因为加进去的是0的密文,所以对解密并没有影响。Considering this set as a public key, and randomly selecting some subsets from this set and adding them to the encryption algorithm during encryption, the scheme is secure. Because the ciphertext of 0 is added, it has no effect on decryption.
进一步的,本申请实施例还提供一种云计算环境中的密文搜索设备200,参照图8,图8为本申请实施例中云计算环境中的密文搜索设备模块示意图,本申请实施例中,上述云计算环境中的密文搜索设备200包括:Further, an embodiment of the present application also provides a ciphertext search device 200 in a cloud computing environment. Referring to FIG. 8 , FIG. 8 is a schematic diagram of a ciphertext search device module in a cloud computing environment in an embodiment of the present application. , the ciphertext search device 200 in the above cloud computing environment includes:
加密模块801:用于基于客户端的加密方对明文集加密得到密文结构,根据所述密文结构得到密文索引表,随机生成用户权限表,并将所述密文结构、用户权限表和密文索引表上传至云服务器,所述用 户权限表至少包括每个用户属性类和属性类对应的用户权重策略树,所述明文集至少包括一个明文;Encryption module 801: used to encrypt the plaintext set based on the client's encryption party to obtain a ciphertext structure, obtain a ciphertext index table according to the ciphertext structure, randomly generate a user authority table, and combine the ciphertext structure, user authority table and The ciphertext index table is uploaded to the cloud server, the user permission table at least includes each user attribute class and the user weight policy tree corresponding to the attribute class, and the plaintext set includes at least one plaintext;
生成模块802:用于基于所述客户端接收用户申请所述密文的私钥的请求,所述用户接收所述密文结构私钥后并生成相对应的搜索陷门发送至云服务器,所述搜索陷门至少包括用户属性、搜索关键字、用户私钥;Generation module 802: for receiving a request from a user to apply for the private key of the ciphertext based on the client, after the user receives the private key of the ciphertext structure, generates a corresponding search trapdoor and sends it to the cloud server. The search trapdoor at least includes user attributes, search keywords, and user private keys;
搜索模块803:用于所述云服务器对所述用户属性与所述用户权重策略树进行匹配,若所述用户属性与所述用户权重策略树匹配成功,则通过所述搜索关键字与所述密文索引表进行筛选,得到搜索的索引密文;Search module 803: used by the cloud server to match the user attribute with the user weight policy tree, and if the user attribute is successfully matched with the user weight policy tree, then match the user attribute with the user weight policy tree through the search keyword. The ciphertext index table is filtered to obtain the searched index ciphertext;
解密模块804:用于所述云服务器返回所述索引密文的中间值至所述客户端,并进行解密得到搜索结果。Decryption module 804: used by the cloud server to return the intermediate value of the index ciphertext to the client, and decrypt to obtain a search result.
本申请实施例提供的一种云计算环境中的密文搜索设备200,可以实现:基于客户端的加密方对明文集加密得到密文结构,根据所述密文结构得到密文索引表,随机生成用户权限表,并将所述密文结构、用户权限表和密文索引表上传至云服务器,所述用户权限表至少包括每个用户属性类和属性类对应的用户权重策略树,所述明文集至少包括一个明文;基于所述客户端接收用户申请所述密文的私钥的请求,所述用户接收所述密文结构私钥后并生成相对应的搜索陷门发送至云服务器,所述搜索陷门至少包括用户属性、搜索关键字、用户私钥;所述云服务器对所述用户属性与所述用户权重策略树进行匹配,若所述用户属性与所述用户权重策略树匹配成功,则通过所述搜索关键字与所述密文索引表进行筛选,得到搜索的索引密文;所述云服务器返回所述索引密文的中间值至所述客户端,并进行解密得到搜索结果。该方法实现了密文数据的高效检索功能,采用权重策略树优化访问策略,潜在语义优化空间模型,通过访问控制策略表和文档索引表提高检索的精准度,降低了密文搜索的计算量;利用全同态加密的特点, 完全模糊化云服务器控制数据,实现高效的隐藏策略,充分利用云服务器算力进行同态加/乘操作来进行访问控制和密文检索,可实现高效的数据动态更新,极大的提高云数据处理的保密性和效率;且访问策略与用户是多对多的关系,即使一个用户背叛,它也不会影响其他用户,而且基于权重策略树的特性和属性值的同态加密模糊化,可以抵抗关键字猜测攻击。A ciphertext search device 200 in a cloud computing environment provided by an embodiment of the present application can implement: a client-based encryption party encrypts a plaintext set to obtain a ciphertext structure, obtains a ciphertext index table according to the ciphertext structure, and randomly generates User permission table, upload the ciphertext structure, user permission table and ciphertext index table to the cloud server, the user permission table at least includes each user attribute class and the user weight policy tree corresponding to the attribute class, the description The corpus includes at least one plaintext; based on the client receiving the request from the user to apply for the private key of the ciphertext, the user receives the private key of the ciphertext structure and generates a corresponding search trapdoor and sends it to the cloud server. The search trapdoor at least includes user attributes, search keywords, and user private keys; the cloud server matches the user attributes with the user weight policy tree, and if the user attributes are successfully matched with the user weight policy tree , then filter the search keyword and the ciphertext index table to obtain the searched index ciphertext; the cloud server returns the intermediate value of the index ciphertext to the client, and decrypts to obtain the search result . The method realizes the efficient retrieval function of ciphertext data, adopts the weight strategy tree to optimize the access strategy, and optimizes the space model of latent semantics, improves the retrieval accuracy through the access control strategy table and the document index table, and reduces the calculation amount of the ciphertext search; Using the characteristics of fully homomorphic encryption, the cloud server control data is completely fuzzed, efficient hiding strategies are realized, and the computing power of the cloud server is fully utilized to perform homomorphic addition/multiplication operations for access control and ciphertext retrieval, which can achieve efficient data dynamics The update greatly improves the confidentiality and efficiency of cloud data processing; and the access policy has a many-to-many relationship with users. Even if one user betrays, it will not affect other users, and it is based on the characteristics and attribute values of the weighted policy tree. The homomorphic encryption fuzzing is resistant to keyword guessing attacks.
进一步的,本申请实施例还提供一种云计算环境中的密文搜索设备,包括存储器、处理器、以及存储在所述存储器中并可在所述处理器上运行的计算机程序,所述处理器执行所述计算机程序时,实现上述的云计算环境中的密文搜索方法中的各个步骤。Further, an embodiment of the present application also provides a ciphertext search device in a cloud computing environment, including a memory, a processor, and a computer program stored in the memory and running on the processor, the processing When the computer executes the computer program, each step in the above-mentioned ciphertext search method in a cloud computing environment is implemented.
进一步的,本申请还提供一种存储介质,其上存储有计算机程序,所述计算机程序被处理器执行时,实现如上述的云计算环境中的密文搜索方法中的各个步骤。Further, the present application also provides a storage medium on which a computer program is stored, and when the computer program is executed by a processor, implements each step in the above-mentioned ciphertext search method in a cloud computing environment.
在本发明各个实施例中的各功能模块可以集成在一个处理模块中,也可以是各个模块单独物理存在,也可以两个或两个以上模块集成在一个模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。集成的模块如果以软件功能模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质。Each functional module in each embodiment of the present invention may be integrated into one processing module, or each module may exist physically alone, or two or more modules may be integrated into one module. The above-mentioned integrated modules can be implemented in the form of hardware, and can also be implemented in the form of software function modules. The integrated modules, if implemented in the form of software functional modules and sold or used as independent products, can be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention is essentially or the part that contributes to the prior art, or all or part of the technical solution can be embodied in the form of a software product, and the computer software product is stored in a storage medium , including several instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute all or part of the steps of the methods described in the various embodiments of the present invention. The aforementioned storage medium includes: U disk, mobile hard disk, Read-Only Memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program codes .
需要说明的是,对于前述的各方法实施例,为了简便描述,故将 其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本发明并不受所描述的动作顺序的限制,因为依据本发明,某些步骤可以采用其它顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作和模块并不一定都是本发明所必须的。It should be noted that, for the convenience of description, the foregoing method embodiments are all expressed as a series of action combinations, but those skilled in the art should know that the present invention is not limited by the described action sequence. As in accordance with the present invention, certain steps may be performed in other orders or simultaneously. Secondly, those skilled in the art should also know that the embodiments described in the specification are all preferred embodiments, and the actions and modules involved are not necessarily all necessary to the present invention.
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其它实施例的相关描述。In the above-mentioned embodiments, the description of each embodiment has its own emphasis. For parts that are not described in detail in a certain embodiment, reference may be made to the relevant descriptions of other embodiments.
以上为对本发明所提供的一种云计算环境中的密文搜索方法及系统、设备及存储介质的描述,对于本领域的技术人员,依据本申请实施例的思想,在具体实施方式及应用范围上均会有改变之处,综上,本说明书内容不应理解为对本发明的限制。The above is a description of the ciphertext search method, system, device and storage medium in a cloud computing environment provided by the present invention. There will be changes in the above, and in conclusion, the content of this specification should not be construed as a limitation to the present invention.

Claims (10)

  1. 一种云计算环境中的密文搜索方法,其特征在于,所述密文搜索系统包括客户端和云服务器,所述方法包括:A ciphertext search method in a cloud computing environment, wherein the ciphertext search system includes a client and a cloud server, and the method includes:
    基于客户端的加密方对明文集加密得到密文结构,根据所述密文结构得到密文索引表,随机生成用户权限表,并将所述密文结构、用户权限表和密文索引表上传至云服务器,所述用户权限表至少包括每个用户属性类和属性类对应的用户权重策略树,所述明文集至少包括一个明文;The client-based encryption party encrypts the plaintext set to obtain the ciphertext structure, obtains the ciphertext index table according to the ciphertext structure, randomly generates the user permission table, and uploads the ciphertext structure, the user permission table and the ciphertext index table to the Cloud server, the user permission table includes at least each user attribute class and a user weight policy tree corresponding to the attribute class, and the plaintext set includes at least one plaintext;
    基于所述客户端接收用户申请所述密文结构私钥的请求,所述用户接收所述密文结构私钥后并生成相对应的搜索陷门发送至云服务器,所述搜索陷门至少包括用户属性、搜索关键字、用户私钥;Based on the client receiving the request from the user to apply for the private key of the ciphertext structure, the user generates a corresponding search trapdoor after receiving the private key of the ciphertext structure and sends it to the cloud server, where the search trapdoor at least includes User attributes, search keywords, user private keys;
    所述云服务器对所述用户属性与所述用户权重策略树进行匹配,若所述用户属性与所述用户权重策略树匹配成功,则通过所述搜索关键字与所述密文索引表进行筛选,得到搜索的索引密文;The cloud server matches the user attribute with the user weight policy tree, and if the user attribute is successfully matched with the user weight policy tree, the search keyword and the ciphertext index table are used for screening. , get the searched index ciphertext;
    所述云服务器返回所述索引密文的中间值至所述客户端,并进行解密得到搜索结果。The cloud server returns the intermediate value of the index ciphertext to the client, and decrypts to obtain a search result.
  2. 如权利要求1所述的方法,其特征在于,所述基于客户端的加密方对明文集加密得到密文结构具体包括:The method according to claim 1, wherein the encryption of the plaintext set by the client-based encryption party to obtain the ciphertext structure specifically includes:
    先对所述明文进行属性基加密;First perform attribute-based encryption on the plaintext;
    构建所述明文中关键字的TF向量以及所述明文集中关键字的IDF向量;Construct the TF vector of the keyword in the plaintext and the IDF vector of the keyword in the plaintext;
    计算所述明文集中的关键字的TF-IDF向量;calculating the TF-IDF vector of the keywords in the plaintext set;
    对所述明文集进行潜在语义SVD降维计算,得到向量空间模型和I idfPerform latent semantic SVD dimension reduction calculation on the plaintext set to obtain a vector space model and I idf ;
    同态加密所述向量空间模型和I idf生成对应密文结构。 Homomorphic encryption The vector space model and I idf generate the corresponding ciphertext structure.
  3. 如权利要求2所述的方法,所述随机生成用户权限表具体包括:The method according to claim 2, wherein the randomly generated user permission table specifically comprises:
    对优化后的用户权重策略树同态加密,所述用户权重策略树至少包括加密方选择的属性特征数;Homomorphically encrypt the optimized user weight policy tree, where the user weight policy tree at least includes the number of attribute features selected by the encryption party;
    生成优化后的主题策略树密文、属性类对应权重密文、策略权重对应密文集合密文。Generate the optimized topic policy tree ciphertext, attribute class corresponding weight ciphertext, policy weight corresponding ciphertext set ciphertext.
  4. 如权利要求3所述的方法,其特征在于,所述所述云服务器对所述用户属性与所述用户权重策略树进行匹配具体包括:The method according to claim 3, wherein, the cloud server matching the user attribute with the user weight policy tree specifically includes:
    对所述用户属性进行同态算法模糊加密后,与所述属性类对应权重密文进行匹配;After performing the homomorphic algorithm fuzzy encryption on the user attribute, match it with the corresponding weight ciphertext of the attribute class;
    若匹配成功,则将所述用户属性再与所述主题策略树密文进行匹配,确定所述用户的权限和可搜索密文的范围;If the matching is successful, the user attribute is then matched with the ciphertext of the topic policy tree to determine the authority of the user and the scope of the searchable ciphertext;
    再与所述策略权重对应密文集合密文进行匹配,锁定所述密文的搜索范围。The ciphertexts of the ciphertext sets corresponding to the policy weights are then matched to lock the search range of the ciphertexts.
  5. 如权利要求4所述的方法,其特征在于,所述若所述用户属性与所述用户权重策略树匹配成功,则通过所述关键字与所述密文索引表进行筛选,得到搜索的索引密文具体包括:The method according to claim 4, wherein, if the user attribute is successfully matched with the user weight policy tree, the keyword and the ciphertext index table are filtered to obtain the search index The ciphertext specifically includes:
    当所述用户属性与所述用户权重策略树匹配成功后;After the user attribute is successfully matched with the user weight policy tree;
    通过所述陷门中的搜索关键字和相关参数与所述密文索引表进行密文相关性筛选,得到搜索的索引密文,所述密文索引表至少包括所述密文中的关键字向量。The ciphertext correlation screening is performed between the search keywords and related parameters in the trapdoor and the ciphertext index table to obtain the searched index ciphertext, and the ciphertext index table at least includes the keyword vector in the ciphertext. .
  6. 如权利要求5所述的方法,其特征在于,所述基于所述客户端接收搜索方用户申请所述密文结构的私钥的请求具体包括:The method according to claim 5, wherein the receiving, by the client, a request from a searcher user to apply for the private key of the ciphertext structure specifically includes:
    基于客户端生成公钥和用于生成私钥的主私钥;Generate the public key and the master private key used to generate the private key based on the client;
    基于公钥、主私钥、所述用户ID以及所述用户属性得到所述用户的私钥。The user's private key is obtained based on the public key, the master private key, the user ID, and the user attribute.
  7. 如权利要求1所述的方法,其特征在于,还包括:The method of claim 1, further comprising:
    基于客户端删除加密数据时,通过更改数据的访问结构;When the encrypted data is deleted based on the client, by changing the access structure of the data;
    云服务器确定所述加密数据被删除后,返回删除文件至所述客户 端。After the cloud server determines that the encrypted data is deleted, it returns to the client to delete the file.
  8. 一种云计算环境中的密文搜索系统,其特征在于,所述系统包括:A ciphertext search system in a cloud computing environment, characterized in that the system includes:
    加密模块:用于基于客户端的加密方对明文集加密得到密文结构,根据所述密文结构得到密文索引表,随机生成用户权限表,并将所述密文结构、用户权限表和密文索引表上传至云服务器,所述用户权限表至少包括每个用户属性类和属性类对应的用户权重策略树,所述明文集至少包括一个明文;Encryption module: used to encrypt the plaintext set based on the client-side encryption party to obtain the ciphertext structure, obtain the ciphertext index table according to the ciphertext structure, randomly generate the user permission table, and combine the ciphertext structure, the user permission table and the ciphertext structure. The text index table is uploaded to the cloud server, the user permission table at least includes each user attribute class and the user weight policy tree corresponding to the attribute class, and the plaintext set includes at least one plaintext;
    生成模块:用于基于所述客户端接收用户申请所述密文结构私钥的请求,所述用户接收所述密文结构私钥后并生成相对应的搜索陷门发送至云服务器,所述搜索陷门至少包括用户属性、搜索关键字、用户私钥;Generation module: used to receive a request from a user to apply for the private key of the ciphertext structure based on the client, after the user receives the private key of the ciphertext structure, generate a corresponding search trapdoor and send it to the cloud server, the The search trapdoor includes at least user attributes, search keywords, and user private keys;
    搜索模块:用于所述云服务器对所述用户属性与所述用户权重策略树进行匹配,若所述用户属性与所述用户权重策略树匹配成功,则通过所述搜索关键字与所述密文索引表进行筛选,得到搜索的索引密文;Search module: used by the cloud server to match the user attribute with the user weight policy tree, and if the user attribute is successfully matched with the user weight policy tree, the search keyword is used to match the password with the password. The text index table is filtered to obtain the searched index ciphertext;
    解密模块:用于所述云服务器返回所述索引密文的中间值至所述客户端,并进行解密得到搜索结果。Decryption module: used by the cloud server to return the intermediate value of the index ciphertext to the client, and decrypt to obtain a search result.
  9. 一种云计算环境中的密文搜索设备,包括存储器、处理器、以及存储在所述存储器中并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时,实现如权利要求1至7任一项所述的云计算环境中的密文搜索方法中的各个步骤。A ciphertext search device in a cloud computing environment, comprising a memory, a processor, and a computer program stored in the memory and running on the processor, characterized in that the processor executes the computer When the program is executed, each step in the ciphertext search method in the cloud computing environment according to any one of claims 1 to 7 is implemented.
  10. 一种存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时,实现如权利要求1至7任一项所述的云计算环境中的密文搜索方法中的各个步骤。A storage medium on which a computer program is stored, characterized in that, when the computer program is executed by a processor, the method in the ciphertext search method in the cloud computing environment according to any one of claims 1 to 7 is realized. each step.
PCT/CN2020/128029 2020-11-11 2020-11-11 Ciphertext search method, system, and device in cloud computing environment WO2022099495A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/128029 WO2022099495A1 (en) 2020-11-11 2020-11-11 Ciphertext search method, system, and device in cloud computing environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2020/128029 WO2022099495A1 (en) 2020-11-11 2020-11-11 Ciphertext search method, system, and device in cloud computing environment

Publications (1)

Publication Number Publication Date
WO2022099495A1 true WO2022099495A1 (en) 2022-05-19

Family

ID=81601858

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2020/128029 WO2022099495A1 (en) 2020-11-11 2020-11-11 Ciphertext search method, system, and device in cloud computing environment

Country Status (1)

Country Link
WO (1) WO2022099495A1 (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114793156A (en) * 2022-06-27 2022-07-26 北京瑞莱智慧科技有限公司 Data processing method, device, equipment and storage medium
CN114944963A (en) * 2022-07-12 2022-08-26 数字江西科技有限公司 Government affair data opening method and system
CN115174568A (en) * 2022-06-23 2022-10-11 南京信息工程大学 Attribute-based ciphertext retrieval method
CN115758468A (en) * 2022-12-05 2023-03-07 北京理工大学 Non-interactive multi-user searchable encryption method and system with forward and backward privacy support
CN115952530A (en) * 2023-03-15 2023-04-11 江西科技学院 Financial data processing method and system for improving confidentiality and computer
CN116127498A (en) * 2022-11-28 2023-05-16 中国民用航空总局第二研究所 Multi-keyword searchable encryption method capable of verifying ciphertext search result
CN117834109A (en) * 2024-03-05 2024-04-05 北京隐算科技有限公司 Ciphertext database system based on confusion modular components and application method thereof
CN117834109B (en) * 2024-03-05 2024-05-28 北京隐算科技有限公司 Ciphertext database system based on confusion modular components and application method thereof

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060129545A1 (en) * 2004-12-09 2006-06-15 Philippe Golle System and method for performing a conjunctive keyword search over encrypted data
WO2012075446A2 (en) * 2010-12-03 2012-06-07 Yacov Yacobi Attribute-based access-controlled data-storage system
CN106961427A (en) * 2017-03-10 2017-07-18 北京科技大学 A kind of ciphertext data search method based on 5g communication standards
CN107256248A (en) * 2017-06-07 2017-10-17 福州大学 Encryption method can search for based on asterisk wildcard in cloud storage safety
CN108632257A (en) * 2018-04-12 2018-10-09 深圳大学 Support the acquisition methods and system of the encryption health records of hierarchical search
CN109214201A (en) * 2018-08-31 2019-01-15 平安科技(深圳)有限公司 A kind of data sharing method, terminal device and computer readable storage medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060129545A1 (en) * 2004-12-09 2006-06-15 Philippe Golle System and method for performing a conjunctive keyword search over encrypted data
WO2012075446A2 (en) * 2010-12-03 2012-06-07 Yacov Yacobi Attribute-based access-controlled data-storage system
CN106961427A (en) * 2017-03-10 2017-07-18 北京科技大学 A kind of ciphertext data search method based on 5g communication standards
CN107256248A (en) * 2017-06-07 2017-10-17 福州大学 Encryption method can search for based on asterisk wildcard in cloud storage safety
CN108632257A (en) * 2018-04-12 2018-10-09 深圳大学 Support the acquisition methods and system of the encryption health records of hierarchical search
CN109214201A (en) * 2018-08-31 2019-01-15 平安科技(深圳)有限公司 A kind of data sharing method, terminal device and computer readable storage medium

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
WAGN, SHULAN ET AL.: "A Fast CP-ABE System for Cyber-Physical and Privacy in Mobile Healthcare Network", IEEE TRANSACTIONS ON INDUSTRY APPLICATIONS, vol. 56, no. 4, 28 January 2020 (2020-01-28), XP011799104, DOI: 10.1109/TIA.2020.2969868 *

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115174568A (en) * 2022-06-23 2022-10-11 南京信息工程大学 Attribute-based ciphertext retrieval method
CN114793156A (en) * 2022-06-27 2022-07-26 北京瑞莱智慧科技有限公司 Data processing method, device, equipment and storage medium
CN114793156B (en) * 2022-06-27 2022-08-26 北京瑞莱智慧科技有限公司 Data processing method, device, equipment and storage medium
CN114944963A (en) * 2022-07-12 2022-08-26 数字江西科技有限公司 Government affair data opening method and system
CN114944963B (en) * 2022-07-12 2022-10-21 数字江西科技有限公司 Government affair data opening method and system
CN116127498A (en) * 2022-11-28 2023-05-16 中国民用航空总局第二研究所 Multi-keyword searchable encryption method capable of verifying ciphertext search result
CN115758468A (en) * 2022-12-05 2023-03-07 北京理工大学 Non-interactive multi-user searchable encryption method and system with forward and backward privacy support
CN115952530A (en) * 2023-03-15 2023-04-11 江西科技学院 Financial data processing method and system for improving confidentiality and computer
CN117834109A (en) * 2024-03-05 2024-04-05 北京隐算科技有限公司 Ciphertext database system based on confusion modular components and application method thereof
CN117834109B (en) * 2024-03-05 2024-05-28 北京隐算科技有限公司 Ciphertext database system based on confusion modular components and application method thereof

Similar Documents

Publication Publication Date Title
WO2022099495A1 (en) Ciphertext search method, system, and device in cloud computing environment
Shen et al. Secure phrase search for intelligent processing of encrypted data in cloud-based IoT
CN110224986B (en) Efficient searchable access control method based on hidden policy CP-ABE
Xia et al. A secure and dynamic multi-keyword ranked search scheme over encrypted cloud data
Zheng et al. Achieving efficient and privacy-preserving k-NN query for outsourced ehealthcare data
CN112332979B (en) Ciphertext search method, system and equipment in cloud computing environment
CN111026788B (en) Homomorphic encryption-based multi-keyword ciphertext ordering and retrieving method in hybrid cloud
Zhang et al. Privacy-preserving and dynamic multi-attribute conjunctive keyword search over encrypted cloud data
Zarezadeh et al. Multi-keyword ranked searchable encryption scheme with access control for cloud storage
Huang et al. FSSR: Fine-grained EHRs sharing via similarity-based recommendation in cloud-assisted eHealthcare system
Guo et al. Dynamic multi-keyword ranked search based on bloom filter over encrypted cloud data
Yin et al. A fine-grained authorized keyword secure search scheme with efficient search permission update in cloud computing
Jiang et al. An Efficient Symmetric Searchable Encryption Scheme for Cloud Storage.
Wang et al. An efficient and privacy-preserving range query over encrypted cloud data
Ali et al. Provable secure lightweight attribute‐based keyword search for cloud‐based Internet of Things networks
Huang et al. Fast and privacy-preserving attribute-based keyword search in cloud document services
Park et al. PKIS: practical keyword index search on cloud datacenter
Smithamol et al. PECS: Privacy enhanced conjunctive search over encrypted data in the cloud supporting parallel search
Zhang et al. Efficient searchable symmetric encryption supporting dynamic multikeyword ranked search
Wang et al. Secure string pattern query for open data initiative
Guo et al. Privacy preserving weighted similarity search scheme for encrypted data
Ocansey et al. Searchable Encryption for Integrating Cloud and Sensor Networks with Secure Updates.
Mei et al. Practical Multi-Source Multi-Client Searchable Encryption With Forward Privacy: Refined Security Notion and New Constructions
Shan et al. Fuzzy Keyword Search over Encrypted Cloud Data with Dynamic Fine-grained Access Control
Fu et al. A Searchable Symmetric Encryption-Based Privacy Protection Scheme for Cloud-Assisted Mobile Crowdsourcing

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 20961054

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 20961054

Country of ref document: EP

Kind code of ref document: A1