CN103023637A - Encryption and search method for revocable keyword search public keys in cloud storage - Google Patents

Abstract

The invention discloses an encryption and search method for revocable keyword search public keys in cloud storage and belongs to the technical field of network security. The method includes: setting system public parameters and dividing system time into z time segments, and creating a public-private key pair at a client; when data storage requests occurs, selecting a keyword collection of a data file, selecting optional symmetrical encryption algorithm to encrypt the data file, utilizing the public key and the current time segment to encrypt the keyword collection, and transmitting the encrypted keyword collection to the cloud server; when the next time segment arrives, generating keyword collection cipher again, and updating the cloud server on a server; when a keyword search request occurs, by the client, utilizing the private key and the current time segment to calculate trap door information of the keywords, transmitting the trap door information to the cloud server, and by the cloud server, obtaining the search results and sending back file cipher containing the search keywords to users. The encryption and search method is suitable for cloud storage with high safety requirements, safe, and efficient, and has the capability of revoking server search.

Description

Voidable keyword search public key encryption and searching method in a kind of cloud storage

Technical field

The invention belongs to the network security technology field, be specifically related to voidable keyword search key encrypt method and searching method in the secure cloud storage.

Background technology

The cloud storage is in the conceptive extension of cloud computing and development new ideas out.Cloud computing is the development of distributed treatment, parallel processing and grid computing, by network huge computing program is split into numerous less subprogram automatically, transfers to again bulky systems that the multi-section server forms and result is returned to the user after analyzing as calculated.By cloud computing technology, Internet Service Provider can be within the several seconds, processes number in necessarily even hundred million information, reaches and " supercomputer " same powerful network service.

The cloud storage refers to by functions such as cluster application, grid or distributed file systems, a large amount of various dissimilar memory devices in the network are gathered collaborative work by application software, a system of data storage and Operational Visit function externally is provided jointly.The data that the cloud stores service allows the user to store random scale are responsible for guaranteeing the fail safe of data, reliability, accessibility by cloud service provider.Under the help of cloud stores service, the user does not worry how preventing the relevant issues of losing, how guaranteeing the safe of data and need to purchase in advance the data storages such as how many spaces of data, thereby more energy is placed on the development of own service.

The advantage of cloud storage is apparent, but safety problem becomes the key factor of its development of restriction, because there is a lot of sensitive informations in the user data, if the user stores the data of oneself on the Cloud Server into, and leakage problem that will concern of data.Encryption technology is to prevent that message from revealing and the effective means of protection sensitive data; by the encryption to data; only allow the owner of data to be decrypted data, even leakage has occured in the data that are stored on the Cloud Server, any content of the data that also can not leak.Although the possibility of revealing by can stop data to the encryption of cloud data causes remote data access to become a great problem simultaneously, the search of data and inquiry become intimate unreachable target especially.The cloud data of speaking of in this manual refer to the user data stored in the Cloud Server.The server that Cloud Server refers to provide the cloud stores service, is used for the storage user data.

The keyword search public key encryption is one of base application of public-key cryptosystem, utilizes public-key cryptosystem, and the user can realize adding the search of Miyun data and returning and get function under the prerequisite of leak data content not.

At present, keyword search is encrypted and is mainly comprised single key pattern and PKI pattern.Single key pattern is applicable to the owner of cloud data and the situation that the user is same subscriber take DSE arithmetic as the basis, and is situations of different user for both, and single key pattern needs to share session key by safe lane in advance.So-called safe lane refers to information with the Internet communication of encrypted form process, although the network attack person can intercept and capture all data of transmission over networks, and the real information that he can't obtain comprising in the data.Session key is the encryption and decryption key that guarantees that the user produces at random with secure communication session between other computer or two computers.And the PKI pattern allows the owner of data to utilize data consumer's PKI to come enciphered data before data are sent to Cloud Server, has realized data sharing, and has avoided the process of consulting session key.Based on this advantage; the keyword search public key encryption is more applicable for the secure cloud storage; not only can satisfy cloud storage user to the search that adds the Miyun data and return and get demand, and realize the secret protection of cloud data, any content that search procedure can leak data.

At present, the research of keyword search public key encryption is mainly concentrated on the keyword search public key encryption of specifying the searchers, the public key encryption of multiple key search, the aspects such as keyword search public key encryption of anti-off-line keyword guessing attack, the keyword search public key encryption is directly applied to secure cloud be stored in and also have following problem on function and the performance:

(1) do not solve search capability and cancel problem;

(2) search capability of server does not obtain restriction;

(3) search speed is slow, and the searching request response time is long;

(4) search efficiency is low, and bilinearity is many to computing.

Wherein the first two problem causes great threat to the safe storage of user's cloud data, and latter two problems has consumed the computational resource of Cloud Server greatly, make it can't respond simultaneously the searching request of a large number of users, cause period of reservation of number long, therefore all need to do one's utmost to avoid.

Summary of the invention

Goal of the invention of the present invention is: for the problem of above-mentioned existence, provide in a kind of cloud storage, voidable keyword search key encrypt method, satisfying the cloud storage environment demand of high security requirement, the user where necessary, the search capability of revocable Cloud Server, reduce the system-computed expense, shorten the searching request response time, and under the condition of not leaking the cloud data content, guarantee to add the safety search of Miyun data in the cloud storage environment and return and get.

Voidable keyword search key encrypt method in the cloud storage of the present invention comprises the following steps:

Step a. system initialization:

Select security parameter k, openly parameter of system is set, and system time is divided into an integer z time slice: t ₁, t ₂..., t _z

Step b. generates user's public private key pair:

Private key s according to user side is selected generates corresponding PKI P _Pub

Step c spanned file ciphertext and set of keywords ciphertext:

(c1) when the user has data storage request, user side is chosen the set of keywords W={w of data file M _i| i=1 ..., n}, and data file M is encrypted, the file cipher text C of data file M obtained;

(c2) user side is based on described open parameter, PKI P _Pub, set of keywords W and current time slice t _i, generate set of keywords ciphertext corresponding to described set of keywords W

And described file cipher text C and set of keywords ciphertext

Send to server stores;

(c3) as new time slice t _I+1During arrival, user side is based on open parameter, PKI P _Pub, set of keywords W and current time slice t _I+1, generate new set of keywords ciphertext And described set of keywords ciphertext

Send to server, the set of keywords ciphertext that server update is preserved.

Further, among the described step a, the open parameter p of the system that arranges, q, GF (p), E, G ₁, G ₂, P, e, H ₁, H ₂, Q is specially:

Select large prime number p, q according to described security parameter k, get GF (p) and be p rank finite field, E is the elliptic curve on the GF (p), and E (GF (p)) is the q rank addition cyclic group that the point on the E consists of, and is designated as G ₁

P is addition cyclic group G ₁Generator;

Multiplication loop group G ₂Addition cyclic group G ₁On the q factorial method cyclic group that e mapping consisted of through bilinearity of point, bilinearity is from addition cyclic group G to e ₁To multiplication loop group G ₂Mapping, e:G ₁* G ₁→ G ₂

H ₁And H ₂The crash-resistant hash function, described H ₁To multiplication loop group Z from the 0 and 1 bit sequence compound mapping that forms _q ^*H ₂To addition cyclic group G from the 0 and 1 bit sequence compound mapping that forms ₁

Q is addition cyclic group G ₁On a random point.

Based on encryption method of the present invention, the present invention also provides voidable keyword search method in a kind of cloud storage, comprises the following steps:

By encryption method of the present invention the cloud data file M of user's pre-stored is encrypted processing, server stores file cipher text and set of keywords ciphertext when receiving user's searching request, start search procedure of the present invention:

User side is according to open parameter, private key s, PKI P _Pub, the keyword w of searching request and current time slice t _i, generate trapdoor corresponding to described keyword w

And described trapdoor

Send to server;

Server is received trapdoor

After, according to open parameter, PKI P _Pub, trapdoor

Set of keywords ciphertext with storage

Verify, if be proved to be successful, then return the ciphertext C of corresponding data file M; Otherwise do not return any data.

In sum, owing to adopted technique scheme, the invention has the beneficial effects as follows:

(1) the present invention is based on the public key cryptography pattern, therefore need not transmit session key or carry out session key agreement by safe lane, thereby reduce storage, communication and the computing cost of network, be more suitable for the cloud storage environment of data sharing and high security requirement;

(2) z the time slice of dividing based on the present invention, realized the timing renewal to the set of keywords ciphertext of server end storage, solved the revocable problem of search capability, limited the search capability of server, for the cloud data provide better safety assurance;

(3) among the present invention, each the keyword w among the set of keywords W _iIn the set time section, equal corresponding same set of keywords ciphertexts, thus so that in the search procedure, server of the present invention need not be one by one to each the keyword w among the set of keywords W _iCiphertext verify, the number of run of the checking formula in when search is reduced to 1 time from n time, significantly improved the keyword search efficient of keyword search public key encryption;

(4) among the present invention, each the keyword w among the set of keywords W _iIn the set time section, equal corresponding same set of keywords ciphertexts, thus so that the present invention's required bilinearity in the search validation process is few to computing, accelerated the search speed of server, greatly shortened the response time of user search request.

Description of drawings

Examples of the present invention will be described by way of reference to the accompanying drawings, wherein:

Fig. 1 is the public key encryption process schematic diagram of the specific embodiment of the invention;

Fig. 2 is file cipher text and the set of keywords ciphertext generative process schematic diagram of the specific embodiment of the invention;

Fig. 3 is the search procedure schematic diagram of the specific embodiment of the invention.

Embodiment

Disclosed all features in this specification, or the step in disclosed all methods or the process except mutually exclusive feature and/or step, all can make up by any way.

Disclosed arbitrary feature in this specification (comprising any accessory claim, summary and accompanying drawing) is unless special narration all can be replaced by other equivalences or the alternative features with similar purpose.That is, unless special narration, each feature is an example in a series of equivalences or the similar characteristics.

The present invention is as the basis take the elliptic curve cipher theory, voidable keyword search key encrypt method in a kind of secure cloud storage is proposed, be applied to the cloud storage environment of high security requirement, the search capability of the revocable Cloud Server of user in case of necessity, reduce computing cost, shorten the searching request response time, and under the condition of not leaking the cloud data content, realize adding the safety search of Miyun data in the cloud storage environment and returning and get.

At first the applied mathematical theory of the present invention is simply introduced:

(1) elliptic curve cryptosystem ECC

If p and q are large prime number, GF (p) is p rank finite fields, and E is the elliptic curve on the GF (p), and E (GF (p)) is the q rank cyclic group that the point on the E consists of, and P ∈ E (GF (p)) is generator.Definition and choosing of security parameter thereof about elliptic curve can be consulted document: Don Johnson, Alfred Menezes and Scott Vanstone, The Elliptic Curve Digital Signature Algorithm (ECDSA), IJLS, vol.1issue1 (2001), 36-63.

(2) Hash function

The Hash function is exactly a kind of function that long arbitrarily input message transformation is become the output message of fixed length, and this output is called the hash value of this message.The Hash function of a safety should satisfy following condition at least; 1. inputting length is arbitrarily; 2. export length and fix, it is long to get at least 128bits, so that the opposing birthday attack; 3. to each given input, can calculate at an easy rate its output, i.e. hash value; 4. the description of given Hash function, finding two different input message Hash is that calculating is upper infeasible to same value, or the description of given Hash function and a message of selecting at random, find another message different from this message so that their Hash to same value be calculate upper infeasible.The Hash function is mainly used in completeness check and improves the validity of digital signature.

Hash function H among the present invention ₁: { 0,1} ^*→ Z _q ^*, be to multiplication loop group Z from the 0 and 1 bit sequence compound mapping that forms _q ^*H ₂: { 0,1} ^*→ G ₁, be the addition cyclic group G on from the 0 and 1 bit sequence compound mapping that forms to elliptic curve ₁

(3) finite field

Finite field is a set that comprises limited element, satisfies character such as addition and multiplicative closeds, and the rank of finite field are the numbers of element in the territory, and rank are that the finite field of prime number p generally is designated as GF (p).In finite field, two groups are arranged, one is the group that GF (p) consists of addition, one is the group that GF (p)-0 pair of multiplication consists of.In the multiplication loop group, all powers of generator provide all elements among the group.Z among the present invention _q ^*Expression group Z _qIn remove the group that null element consists of, G ₁The addition cyclic group on the elliptic curve, G ₂The multiplication loop group on the elliptic curve.

(4) prime number and coprime

So-called prime number refers to any one greater than 1 integer p, if it can only by ± 1 and ± p divides exactly, and just is called prime number;

So-called coprime, refer to two integers, if their greatest common divisor is 1, claim that then they are coprime.

(5) some scalar multiplication computing

Make that E is an elliptic curve that is defined on the territory GF (p), according to " string and tangent line " rule, two some P on the E (GF (p)) and Q addition obtain the 3rd some R on the E (GF (p)).Point set E (GF (p)) and this add operation thereof consist of an addition abelian group, and O is its infinite point.

Make P=(x ₁, y ₁) and Q=(x ₂, y ₂) be two different points on the elliptic curve E, then P and Q sum R=(x ₃, y ₃) as giving a definition: at first draw a straight line that connects P and Q, this straight line and elliptic curve intersect at thirdly, and then this intersection point is exactly the R point about the symmetric points of x axle.

If P=is (x ₁, y ₁) and Q=(x ₂, y ₂) be two identical points on the elliptic curve E, then ask P and Q sum to be equivalent to ask that a P's doubly put R=(x ₃, y ₃): at first at the tangent line of P strokes and dots elliptic curve, this tangent line and elliptic curve intersect at second point, and this intersection point is exactly a times point about the symmetric points of x axle.

The computing of some scalar multiplication is substantially the most also to be most important link in the Elliptic Curve Public Key Cryptosystems.Some scalar multiplication computing Q=kP on the elliptic curve is defined as follows: a some P on a given elliptic curve E and the curve, and the dot product kP that the P on the curve E is ordered is defined as a P and k sum of self addition, kP=P+P+ ... altogether k P addition of+P.Point scalar multiplication computing is called again point multiplication operation, and it is the repeatedly point add operation of the basic identical point that carries out at elliptic curve, is determining the realization time of elliptic curve cryptosystem its running time, so determining the arithmetic speed of elliptic curve cryptosystem.Can consult document about a circular of scalar multiplication computing: Stinson A.R. work, Feng Dengguo etc. translate. Cryptography Principles and practice. and the third edition, Beijing: Electronic Industry Press, 2009.201-208.

(6) bilinearity pair

Suppose G ₁The addition cyclic group, G ₂Be the multiplication loop group, order of a group is all q, and P is group G ₁Generator.Mapping e:G ₁* G ₁→ G ₂Satisfy following three conditions, then be referred to as bilinearity pair.

(1) bilinearity is namely for arbitrarily

E (aP, bP)=e (P, P) ^AbSet up;

(2) non-degeneracy, namely

(3) e can effectively be calculated.

Such bilinearity to Tate that can be by the super unusual elliptic curve on the finite field and super unusual hyperelliptic curve to or Weil to constructing.About structure and the application of bilinearity to computing, can list of references: Boneh D., Franklin M., 2001.Identity-based encryption from the Weil pairings, in:Advances in Cryptology-Crypto, in:LNCS, vol.3494, Springer-Verlag, Berlin, 2001:213-229.

With reference to Fig. 1, of the present invention being implemented as follows:

Step S100. system initialization:

Step S101: select security parameter k, the system that arranges open parameter (p, q, GF (p), E, G ₁, G ₂, P, e, H ₁, H ₂, Q) as follows: select large prime number p and q according to security parameter k, GF (p) is p rank finite fields, and E is the elliptic curve on the GF (p), E (GF (p)) is the q rank addition cyclic group that the point on the E consists of, and is designated as crowd G ₁, P ∈ G ₁It is generator.Group G ₂Crowd G ₁On the q factorial method cyclic group that e mapping consisted of through bilinearity of point, bilinearity is from group G to e ₁To group G ₂Mapping e:G ₁* G ₁→ G ₂H ₁And H ₂Be crash-resistant Hash function, Q is crowd G ₁On a random point.

Step S102: system time is divided into z time slice t according to security parameter k ₁, t ₂..., t _z, i current time slice of system is designated as t _i

Step S200. generates user's public private key pair:

User side is selected secret integer at random

As private key, calculate corresponding PKI P _Pub=sP.

Step S300. spanned file ciphertext and set of keywords ciphertext:

When the user had the storage resource request of data file M, user side was at first selected the set of keywords W={w of data file M ₁..., w _n, choose any one symmetrical cryptographic algorithm (for example Advanced Encryption Standardalgorithm AES) data file encryption M, obtain file cipher text C.Among the present invention, both can adopt symmetric encipherment algorithm to the encryption of data file M, also can be rivest, shamir, adelman, when adopting rivest, shamir, adelman, then utilize user side PKI P _PubEnciphered data is utilized private key s during deciphering.

Then utilize the open parameter of system, PKI P _PubWith current time slice t _iCryptography key word set { w ₁..., w _n, generate t _iThe set of keywords ciphertext of period

And

Sending server with file cipher text C preserves.Instantly a time fragment t _I+1During arrival, user side calculates new set of keywords ciphertext And server stores Be updated to

With reference to Fig. 2, being implemented as follows of this process:

Step S301: when the user had data storage request, the user at first chose the W={w of data file M _i| i=1 ..., then n} chooses symmetric encipherment algorithm the data file is encrypted, and obtains the file cipher text C of data file M;

Step S302: user side is according to open parameter, PKI P _PubTo { w ₁..., w _nBe encrypted, generate current time fragment t _iThe set of keywords ciphertext

Step S302-a: select at random

Calculate C ₁=γ P and C ₂=e (P _Pub, Q) ^γ

Step S302-b: to each i=1 ..., n calculates x _i=H ₁(w _i), utilize { x ₁..., x _nThe Lagrangian difference multinomial of structure, every n polynomial f obtained _i(x),

$f_i\left(x\right)=\underset{1\≤j\≠i\≤n}{\mathrm{\Π}}\frac{x-x_j}{x_i-x_j}=a_{i,1}+a_{i,2}x+...+a_{i,n}{x}^{n-1},$

N is the number of element in the set of keywords of selecting, polynomial f _i(x) coefficient a _{I, 1}, a _{I, 2}...,

Step S302-c: to each i=1 ..., n,, user side is selected a random number According to polynomial f _i(x) coefficient a _{I, 1}, a _{I, 2}..., a _{I, n}Calculate y _i=α _i ^-1γ and

Step S302-d: to each i=1 ..., n calculates x _i'=H ₂(w _i|| t _i), t _iCurrent time slice, according to a _{I, 1}, a _{I, 2}..., a _{I, n}Calculate

Wherein operation is appended in symbol " || " expression, namely t _iAppend at w _iAfterwards;

Step S302-e: Transmit message ciphertext C and set of keywords ciphertext

Give server;

Step S303: as next time slice t _I+1Arrive the open parameter of user side recycling system, PKI P _PubWith next time slice t _I+1Recomputate (S302-c) and (S302-d) step, obtain new set of keywords ciphertext

And sending to server, server is received

After, storage key is gathered ciphertext

Be updated to

Step S303-a: to each i=1 ..., n,, select a random number

According to time slice t in (S302-b) _iMultinomial coefficient a _{I, 1}, a _{I, 2}..., a _{I, n}, calculate With

The wherein value of γ and time slice t _iValue identical;

Step S303-b: to each i=1 ..., n calculates

t _I+1Time slice t _iNext time slice, according to polynomial f _i(x) coefficient a _{I, 1}, a _{I, 2}..., a _{I, n}Calculate

With

Step S303-c: generate the set of keywords ciphertext

C wherein ₁, C ₂With time slice t _iThe value of middle calculating is identical.The user side handle Send to server, server is received

After, will

Be updated to

Step S400. user carries out the keyword search process:

When the user had the keyword search request, user side was according to private key s and current time slice t _iGenerate trapdoor corresponding to described keyword w

And sending to server, server judges according to trapdoor whether set of keywords ciphertext and trapdoor satisfy the checking formula, if then return the file cipher text C of corresponding data file M, otherwise do not return any information.With reference to Fig. 3, being implemented as follows of this process:

Step S401: when the user had the searching request of certain keyword w, user side was according to open parameter, private key s, the keyword w of searching request and current time slice t _i, generate trapdoor corresponding to described keyword w

Information:

Step S401-a: according to Hash function H ₁Calculate

Component T in the information ₁=H ₁(w), according to Hash function H ₂Calculate T=H ₂(w||t _i), described t _iIt is the current time slice of system;

Step S401-b: calculate trapdoor according to the random point Q in the open parameter and private key s

Component T in the information ₂S (Q+T);

Keyword w is at time slice t _iCorresponding trapdoor is The user is the keyword trapdoor

Send to server;

Step S402: server is received trapdoor

After, according to open parameter, PKI P _Pub, trapdoor

Set of keywords ciphertext with storage

Search

In whether comprise trapdoor Corresponding keyword, and return Search Results.

Step S402-a: server is according to trapdoor

In T ₁And ciphertext In (R ₁..., R _n, U ₁... U _n) calculate respectively λ=R ₁+ R ₂T ₁+ ... + R _nT ₁ ^N-1(modq), v=U ₁+ U ₂T ₁+ ... + U _nT ₁ ^N-1(modq);

Step S402-b: server is according to the value check formula C of the v that obtains and λ ₂=e (C ₁, T ₂Whether)/e (v, λ) sets up; If keyword w ∈ { w then is described ₁, w ₂..., w _n, server returns the user to the file cipher text C of the data file M that satisfies condition; Otherwise, namely

Then do not return any data.

The present invention is not limited to aforesaid embodiment.The present invention expands to any new feature or any new combination that discloses in this manual, and the arbitrary new method that discloses or step or any new combination of process.

Claims (10)

1. voidable keyword search key encrypt method during a cloud is stored is characterized in that, comprises the following steps:

Step a. system initialization:

Select security parameter k, openly parameter of system is set, and system time is divided into an integer z time slice: t ₁, t ₂..., t _z

Step b. generates user's public private key pair:

Private key s according to user side is selected generates corresponding PKI P _Pub

Step c spanned file ciphertext and set of keywords ciphertext:

(c1) when the user has data storage request, user side is chosen the set of keywords W={w of data file M _i| i=1 ..., n}, and data file M is encrypted, the file cipher text C of data file M obtained;

(c2) user side is based on described open parameter, PKI P _Pub, set of keywords W and current time slice t _i, generate set of keywords ciphertext corresponding to described set of keywords W

And described file cipher text C and set of keywords ciphertext

Send to server stores;

(c3) as new time slice t _I+1During arrival, user side is based on open parameter, PKI P _Pub, set of keywords W and current time slice t _I+1, generate new set of keywords ciphertext

And described set of keywords ciphertext Send to server, the set of keywords ciphertext that server update is preserved.

2. the method for claim 1 is characterized in that, among the described step a, and the open parameter p of the system that arranges, q, GF (p), E, G ₁, G ₂, P, e, H ₁, H ₂, Q is specially:

Select large prime number p, q according to described security parameter k, get GF (p) and be p rank finite field, E is the elliptic curve on the GF (p), and E (GF (p)) is the q rank addition cyclic group that the point on the E consists of, and is designated as G ₁

P is addition cyclic group G ₁Generator;

Multiplication loop group G ₂Addition cyclic group G ₁On the q factorial method cyclic group that e mapping consisted of through bilinearity of point, bilinearity is from addition cyclic group G to e ₁To multiplication loop group G ₂Mapping, e:G ₁* G ₁→ G ₂

H ₁And H ₂The crash-resistant hash function, described H ₁To multiplication loop group Z from the 0 and 1 bit sequence compound mapping that forms _q ^*H ₂To addition cyclic group G from the 0 and 1 bit sequence compound mapping that forms ₁

Q is addition cyclic group G ₁On a random point.

3. method as claimed in claim 2 is characterized in that, in the described step (c2), generates set of keywords ciphertext corresponding to set of keywords W Be specially:

(c2.1) select at random

Calculate C ₁=γ P, C ₂=e (P _Pub, Q) ^γ

(c2.2) to each i=1 ..., n calculates x _i=H ₁(w _i), according to { the x that obtains ₁..., x _nThe Lagrangian difference multinomial of structure, every n polynomial f obtained _i(x):

$f_i\left(x\right)=\underset{1\≤j\≠i\≤n}{\mathrm{\Π}}\frac{x-x_j}{x_i-x_j}=a_{i,1}+a_{i,2}x+...+a_{i,n}{x}^{n-1},$

N is the number of element in the set of keywords of selecting, polynomial f _i(x) coefficient a _{I, 1}, a _{I, 2}...,

(c2.3) to each i=1 ..., n selects a random number

Based on polynomial f _i(x) coefficient a _{I, 1}, a _{I, 2}..., a _{I, n}Calculate y _i=α _i ^-1γ,

(c2.4) to each i=1 ..., n calculates x _i'=H ₂(w _i|| t _i), described t _iBe current time slice, operation is appended in symbol " || " expression, namely t _iAppend at w _iAfterwards; Based on polynomial f _i(x) coefficient a _{I, 1}, a _{I, 2}..., a _{I, n}, calculate $R_i=\underset{j=1}{\overset{n}{\mathrm{\Σ}}}{a}_{j,i}{y}_j{x}_j^{\′};$

(c2.5) generate set of keywords ciphertext corresponding to set of keywords W

4. method as claimed in claim 3 is characterized in that, in the described step (c3), generates new set of keywords ciphertext

Be specially:

(c3.1) to each i=1 ..., n selects a random number

Based on the polynomial f in the step (c2.2) _i(x) coefficient a _{I, 1}, a _{I, 2}..., a _{I, n}Calculate ${y_i}^{*}={\left({{\mathrm{\α}}_i}^{*}\right)}^{-1}\mathrm{\γ},$ ${U_i}^{*}=\underset{j=1}{\overset{n}{\mathrm{\Σ}}}{a}_{j,i}{{\mathrm{\α}}_j}^{*}{P}_{\mathrm{pub}};$

(c3.2) to each i=1 ..., n calculates Based on described polynomial f _i(x) coefficient a _{I, 1}, a _{I, 2}..., a _{I, n}Calculate ${R_i}^{*}=\underset{j=1}{\overset{n}{\mathrm{\Σ}}}{a}_{j,i}{y_j}^{*}{x_j^{\′}}^{*},$ $U_i^{*}=\underset{j=1}{\overset{n}{\mathrm{\Σ}}}{a}_{j,i}{\mathrm{\α}}_j^{*}{P}_{\mathrm{pub}}.$

(c3.3) generate set of keywords ciphertext corresponding to set of keywords W

5. such as claim 1,2,3 or 4 described methods, it is characterized in that, in the step (c1), based on symmetric encipherment algorithm data file M is encrypted.

6. one kind based on voidable keyword search method in the cloud storage of claim 1,2 or 3 encryption method, it is characterized in that, comprises the following steps:

User side is according to described open parameter, and private key s generates corresponding PKI P _Pub, the keyword w of searching request and current time slice t _i, generate trapdoor corresponding to described keyword w

And described trapdoor

Send to server;

Server is received trapdoor

After, according to open parameter, PKI P _Pub, trapdoor

Set of keywords ciphertext with storage

Verify, if be proved to be successful, then return the ciphertext C of corresponding data file M; Otherwise do not return any data.

7. method as claimed in claim 6 is characterized in that, user side generates trapdoor corresponding to keyword w Comprise two part (T ₁, T ₂), described T ₁Based on crash-resistant hash function H ₁Calculate T ₁=H ₁(w) obtain T ₂Based on crash-resistant hash function H ₂Calculate T ₂=s (Q+H ₂(w||t _i)) obtain, wherein, Q is addition cyclic group G ₁On a random point, described G ₁For: select large prime number p, q according to described security parameter k, get GF (p) and be p rank finite field, E is the elliptic curve on the GF (p), and E (GF (p)) is the q rank addition cyclic group that the point on the E consists of.

8. voidable keyword search method during the cloud based on the encryption method of claim 4 is stored is characterized in that, comprises the following steps:

User side is according to described open parameter, private key s, PKI P _Pub, the keyword w of searching request and current time slice t _i, generate trapdoor corresponding to described keyword w And described trapdoor Send to server;

Server is received trapdoor After, according to open parameter, PKI P _Pub, trapdoor

Set of keywords ciphertext with storage Verify, if be proved to be successful, then return the ciphertext C of corresponding data file M; Otherwise do not return any data.

9. method as claimed in claim 8 is characterized in that, user side generates trapdoor corresponding to keyword w

Comprise two part (T ₁, T ₂), described T ₁Based on crash-resistant hash function H ₁Calculate T ₁=H ₁(w) obtain T ₂Based on crash-resistant hash function H ₂Calculate T ₂=s (Q+H ₂(w||t _i)) obtain.

10. method as claimed in claim 9 is characterized in that, server is received trapdoor

After, according to open parameter, PKI P _Pub, trapdoor Set of keywords ciphertext with storage

The process of verifying is:

According to trapdoor

In T ₁With the set of keywords ciphertext In (R ₁..., R _n, U ₁... U _n) calculate respectively $\mathrm{\λ}=R_1+R_2{T}_1+...+R_n{T}_1^{n-1}\left(\mathrm{mod}q\right),$ $v=U_1+U_2{T}_1+...+U_n{T}_1^{n-1}\left(\mathrm{mod}q\right);$

Judge check formula C based on the value of described v and λ ₂=e (C ₁, T ₂Whether)/e (v, λ) sets up, if set up, then checks successfully.

Images