CN103023637B - Encryption and search method for revocable keyword search public keys in cloud storage - Google Patents

Abstract

The invention discloses an encryption and search method for revocable keyword search public keys in cloud storage and belongs to the technical field of network security. The method includes: setting system public parameters and dividing system time into z time segments, and creating a public-private key pair at a client; when data storage requests occurs, selecting a keyword collection of a data file, selecting optional symmetrical encryption algorithm to encrypt the data file, utilizing the public key and the current time segment to encrypt the keyword collection, and transmitting the encrypted keyword collection to the cloud server; when the next time segment arrives, generating keyword collection cipher again, and updating the cloud server on a server; when a keyword search request occurs, by the client, utilizing the private key and the current time segment to calculate trap door information of the keywords, transmitting the trap door information to the cloud server, and by the cloud server, obtaining the search results and sending back file cipher containing the search keywords to users. The encryption and search method is suitable for cloud storage with high safety requirements, safe, and efficient, and has the capability of revoking server search.

Description

Voidable keyword search public key encryption and searching method during a kind of cloud stores

Technical field

The invention belongs to technical field of network security, be specifically related to voidable keyword search key encrypt method and searching method in secure cloud storage.

Background technology

Cloud storage is in the conceptive extension of cloud computing and development new ideas out.Cloud computing is the development of distributed treatment, parallel processing and grid computing, by network, huge computing program is split into numerous less subprogram automatically, then the bulky systems transferring to multi-section server to form analyze as calculated after result is returned to user.By cloud computing technology, Internet Service Provider can within the several seconds, process number in necessarily even hundred million information, reach and network service that " supercomputer " is powerful equally.

Cloud storage refers to by functions such as cluster application, grid or distributed file systems, various dissimilar memory device a large amount of in network is gathered collaborative work by application software, a system of data storage and Operational Visit function is externally provided jointly.Cloud stores service allows user to store the data of random scale, is responsible for the fail safe ensureing data, reliability, accessibility by cloud service provider.Under the help of cloud stores service, user does not worry how preventing the loss of data, how to ensure the safe of data and needs to purchase in advance the relevant issues of the data storages such as how many spaces, thus more energy is placed on the development of own service.

The advantage that cloud stores is apparent, but safety problem becomes key factor of its development of restriction, because there is a lot of sensitive informations in user data, if user is stored into the data of oneself on Cloud Server, and will the leakage problem of concern of data.Encryption technology is used to prevent message from revealing and protect the effective means of sensitive data; by the encryption to data; only allow the owner of data can to decrypt data, even if the data be stored on Cloud Server there occurs leakage, any content of the data that also can not leak.Although by the possibility can stopping leaking data to the encryption of cloud data, cause remote data access to become a great problem simultaneously, search and the inquiry of data become intimate unreachable target especially.The cloud data spoken of in this manual refer to the user data stored in Cloud Server.Cloud Server refers to provides cloud stores service, for storing the server of user data.

Keyword search public key encryption is one of base application of public-key cryptosystem, utilizes public-key cryptosystem, and user can realize adding the search of Miyun data and return and get function under the prerequisite of not leak data content.

At present, keyword search encryption mainly comprises single key pattern and PKI pattern.Single key pattern, based on DSE arithmetic, is applicable to the situation that the owner of cloud data and user are same subscriber, and is situations of different user for both, and single key pattern needs to share session key by safe lane in advance.So-called safe lane refers to information in an encrypted form through Internet communication, although network attack person can intercept and capture all data of transmission over networks, he cannot obtain the real information comprised in data.Session key is the encryption and decryption key ensureing that user produces at random with secure communication session between other computer or two computers.And PKI pattern allows the owner of data to utilize the PKI of data consumer to carry out enciphered data before data are sent to Cloud Server, achieve data sharing, and avoid the process of consulting session key.Based on this advantage; keyword search public key encryption is more applicable for secure cloud and stores; not only can meet cloud and store user to adding the search of Miyun data and returning and get demand, and achieve the secret protection of cloud data, search procedure can not any content of leak data.

At present, the research of keyword search public key encryption is mainly concentrated on to keyword search public key encryption, the public key encryption of multiple key search, the aspect such as keyword search public key encryption of anti-off-line keyword guessing attack of specifying searchers, keyword search public key encryption is directly applied to secure cloud and be stored in function and performance and also there is following problem:

(1) do not solve search capability and cancel problem;

(2) search capability of server is not limited;

(3) search speed is slow, and the searching request response time is long;

(4) search efficiency is low, and Bilinear map computing is many.

Wherein the safe storage of the first two problem to user's cloud data causes great threat, and latter two problems consumes the computational resource of Cloud Server greatly, make it cannot respond the searching request of a large number of users simultaneously, cause period of reservation of number long, therefore all need to do one's utmost to avoid.

Summary of the invention

Goal of the invention of the present invention is: for above-mentioned Problems existing, in providing a kind of cloud to store, voidable keyword search key encrypt method, to meet the cloud storage environment demand of high security requirement, user where necessary, the search capability of revocable Cloud Server, reduce system-computed expense, shorten the searching request response time, and under the condition of not leaking cloud data content, the safety search and returning ensureing to add in cloud storage environment Miyun data is got.

Voidable keyword search key encrypt method during cloud of the present invention stores, comprises the following steps:

Step a. system initialization:

Select security parameter k, the open parameter of the system that arranges, and system time is divided into an integer z time slice: t ₁, t ₂..., t _z;

Step b. generates user's public private key pair:

According to the private key s that user side is selected, generate corresponding PKI P _pub;

Step c spanned file ciphertext and set of keywords ciphertext:

(c1) when user has data storage request, user side chooses the set of keywords W={w of data file M _i| i=1 ..., n}, and data file M is encrypted, obtain the file cipher text C of data file M;

(c2) user side is based on described open parameter, PKI P _pub, set of keywords W and current time slice t _i, generate the set of keywords ciphertext that described set of keywords W is corresponding and described file cipher text C and set of keywords ciphertext send to server stores;

(c3) as new time slice t _i+1during arrival, user side is based on open parameter, PKI P _pub, set of keywords W and current time slice t _i+1, generate new set of keywords ciphertext and described set of keywords ciphertext send to server, the set of keywords ciphertext that server update is preserved.

Further, in described step a, the open parameter p of the system that arranges, q, GF (p), E, G ₁, G ₂, P, e, H ₁, H ₂, Q is specially:

Select Big prime p, q according to described security parameter k, get GF (p) for p rank finite field, E is the elliptic curve on GF (p), the q rank addition cyclic group that E (GF (p)) is formed for the point on E, is designated as G ₁;

P is addition cyclic group G ₁generator;

Multiplication loop group G ₂addition cyclic group G ₁on point through Bilinear map e map form q factorial method cyclic group, Bilinear map e is from addition cyclic group G ₁to multiplication loop group G ₂mapping, e:G ₁× G ₁→ G ₂;

H ₁and H ₂crash-resistant hash function, described H ₁from the 0 and 1 bit sequence compound mapping formed to multiplication loop group Z _q ^*; H ₂from the 0 and 1 bit sequence compound mapping formed to addition cyclic group G ₁;

Q is addition cyclic group G ₁on a random point.

Based on encryption method of the present invention, present invention also offers voidable keyword search methodology in the storage of a kind of cloud, comprise the following steps:

Being encrypted by the cloud data file M of encryption method of the present invention to user's pre-stored, server stores file cipher text and set of keywords ciphertext, when receiving the searching request of user, starting search procedure of the present invention:

User side is according to disclosing parameter, private key s, PKI P _pub, the keyword w of searching request and current time slice t _i, generate the trapdoor that described keyword w is corresponding and described trapdoor send to server;

Server receives trapdoor after, according to open parameter, PKI P _pub, trapdoor with the set of keywords ciphertext stored verify, if be proved to be successful, then return the ciphertext C of corresponding data file M; Otherwise do not return any data.

In sum, owing to have employed technique scheme, the invention has the beneficial effects as follows:

(1) the present invention is based on public key cryptography pattern, therefore need not transmit session key or the key agreement that conversates by safe lane, thus reduce the storage of network, communication and computing cost, be more suitable for the cloud storage environment of data sharing and high security requirement;

(2) based on z the time slice that the present invention divides, achieve and the timing of the set of keywords ciphertext that server end stores is upgraded, solve the revocable problem of search capability, limit the search capability of server, for cloud data provide better safety assurance;

(3) in the present invention, each keyword w in set of keywords W _iin set time section, equal corresponding same set of keywords ciphertext, thus make in search procedure, server of the present invention need not one by one to each keyword w in set of keywords W _iciphertext verify, the number of run of checking formula during search is reduced to 1 time from n time, significantly improves the keyword search efficiency of keyword search public key encryption;

(4) in the present invention, each keyword w in set of keywords W _iin set time section, equal corresponding same set of keywords ciphertext, thus the Bilinear map computing making the present invention required in search validation process is few, accelerates the search speed of server, substantially reduces the response time of user search request.

Accompanying drawing explanation

Examples of the present invention will be described by way of reference to the accompanying drawings, wherein:

Fig. 1 is the public key encryption process schematic of the specific embodiment of the invention;

Fig. 2 is file cipher text and the set of keywords ciphertext generative process schematic diagram of the specific embodiment of the invention;

Fig. 3 is the search procedure schematic diagram of the specific embodiment of the invention.

Embodiment

All features disclosed in this specification, or the step in disclosed all methods or process, except mutually exclusive feature and/or step, all can combine by any way.

Arbitrary feature disclosed in this specification (comprising any accessory claim, summary and accompanying drawing), unless specifically stated otherwise, all can be replaced by other equivalences or the alternative features with similar object.That is, unless specifically stated otherwise, each feature is an example in a series of equivalence or similar characteristics.

The present invention is based on elliptic curve cipher theory, voidable keyword search key encrypt method in the storage of a kind of secure cloud is proposed, be applied to the cloud storage environment of high security requirement, the search capability of the revocable Cloud Server of user if desired, reduce computing cost, shorten the searching request response time, and under the condition of not leaking cloud data content, the safety search and returning realizing adding in cloud storage environment Miyun data is got.

First the mathematical theory that the present invention applies simply is introduced:

(1) elliptic curve cryptosystem ECC

If p and q is Big prime, GF (p) is p rank finite field, E is the elliptic curve on GF (p), the q rank cyclic group that E (GF (p)) is formed for the point on E, and P ∈ E (GF (p)) is generator.Document can be consulted: Don Johnson about the definition of elliptic curve and choosing of security parameter thereof, Alfred Menezes and Scott Vanstone, The Elliptic Curve Digital SignatureAlgorithm (ECDSA), IJLS, vol.1issue1 (2001), 36-63.

(2) Hash function

Hash function is exactly a kind of function input message transformation long arbitrarily being become the output message of fixed length, and this exports the hash value being called this message.The Hash function of a safety should at least meet following condition; 1. it is arbitrary for inputting length; 2. it is fixing for exporting length, at least gets 128bits long, to resist birthday attack; 3. to each given input, can be calculated it easily and export, be i.e. hash value; 4. the description of given Hash function, find two different input message Hash to same value be calculate upper infeasible, or the description of given Hash function and the message of a Stochastic choice, find another message different from this message, make their Hash to same value be calculate upper infeasible.Hash function is mainly used in completeness check and improves the validity of digital signature.

Hash function H in the present invention ₁: { 0,1} ^*→ Z _q ^*, be from the 0 and 1 bit sequence compound mapping formed to multiplication loop group Z _q ^*.H ₂: { 0,1} ^*→ G ₁, be from the 0 and 1 bit sequence compound mapping formed to the addition cyclic group G elliptic curve ₁.

(3) finite field

Finite field is a set comprising limited element, and meet the character such as addition and multiplicative closed, the rank of finite field are the numbers of element in territory, and rank are that the finite field of prime number p is generally designated as GF (p).In finite field, there are two groups, a group being GF (p) and addition is formed, a group being GF (p)-0 pair of multiplication and forming.In multiplication loop group, all powers of generator provide all elements in group.Z in the present invention _q ^*represent group Z _qin remove null element form group, G ₁the addition cyclic group on elliptic curve, G ₂the multiplication loop group on elliptic curve.

(4) prime number and coprime

So-called prime number, refers to any one integer p being greater than 1, if it can only be divided exactly by ± 1 and ± p, is just called prime number;

So-called coprime, refer to two integers, if their greatest common divisor is 1, then claim them coprime.

(5) scalar multiplication computing is put

Make E be an elliptic curve being defined on territory GF (p), according to " string and tangent line " rule, two point P and Q on E (GF (p)) are added the 3rd the some R obtained on E (GF (p)).Point set E (GF (p)) and this add operation thereof form an addition abelian group, and O is its infinite point.

Make P=(x ₁, y ₁) and Q=(x ₂, y ₂) be the point that on elliptic curve E two are different, then P and Q sum R=(x ₃, y ₃) as given a definition: first draw the straight line that connects P and Q, this straight line and elliptic curve intersect at thirdly, then this intersection point is exactly R point about the symmetric points of x-axis.

If P=is (x ₁, y ₁) and Q=(x ₂, y ₂) be the point that on elliptic curve E two are identical, then asking P and Q sum to be equivalent to ask, a P's doubly put R=(x ₃, y ₃): the tangent line of elliptic curve of first pointing with the finger or gesticulate at P, this tangent line and elliptic curve intersect at second point, and this intersection point is exactly a times point about the symmetric points of x-axis.

The computing of some scalar multiplication is substantially the most also most important link in Elliptic Curve Public Key Cryptosystems.Point scalar multiplication computing Q=kP on elliptic curve is defined as follows: a some P on a given elliptic curve E and curve, and the dot product kP of the P point on curve E, is defined as a P and is added k sum with self, kP=P+P+ ... + P altogether k P is added.The computing of some scalar multiplication is also called point multiplication operation, and it is the repeatedly point add operation of the basic identical point carried out on elliptic curve, decides the time that realizes of elliptic curve cryptosystem its running time, therefore decides the arithmetic speed of elliptic curve cryptosystem.Can document be consulted: Stinson A.R. work, Feng Dengguo etc. translate about a circular for scalar multiplication computing. Cryptography Principles and practice. the third edition, Beijing: Electronic Industry Press, 2009.201-208.

(6) Bilinear map

Suppose G ₁addition cyclic group, G ₂be multiplication loop group, order of a group is all q, and P is group G ₁generator.Map e:G ₁× G ₁→ G ₂meet three conditions below, be then referred to as Bilinear map.

(1) bilinearity, namely for arbitrarily e (aP, bP)=e (P, P) ^abset up;

(2) non-degeneracy, namely

(3) e can effectively be calculated.

Such Bilinear map can by the Tate of the super unusual elliptic curve in finite field and super unusual hyperelliptic curve to or Weil to constructing.About structure and the application of Bilinear map computing, can list of references: Boneh D., Franklin M., 2001.Identity-based encryption from the Weil pairings, in:Advances in Cryptology-Crypto, in:LNCS, vol.3494, Springer-Verlag, Berlin, 2001:213-229.

With reference to Fig. 1, to be of the present inventionly implemented as follows:

Step S100. system initialization:

Step S101: select security parameter k, the system that arranges open parameter (p, q, GF (p), E, G ₁, G ₂, P, e, H ₁, H ₂, Q) as follows: according to security parameter k selection Big prime p and q, GF (p) for p rank finite field, E is the elliptic curve on GF (p), E (GF (p)) is the q rank addition cyclic group that the point on E is formed, and is designated as crowd G ₁, P ∈ G ₁it is generator.Group G ₂crowd G ₁on point through Bilinear map e map form q factorial method cyclic group, Bilinear map e is from group G ₁to group G ₂mapping e:G ₁× G ₁→ G ₂.H ₁and H ₂be crash-resistant Hash function, Q is crowd G ₁on a random point.

Step S102: system time is divided into z time slice t according to security parameter k ₁, t ₂..., t _z, current i-th time slice of system is designated as t _i.

Step S200. generates user's public private key pair:

User side Stochastic choice secret integer as private key, calculate corresponding PKI P _pub=sP.

Step S300. spanned file ciphertext and set of keywords ciphertext:

When user has the storage resource request of data file M, first user side selects the set of keywords W={w of data file M ₁..., w _n, choose any pair title cryptographic algorithm (such as Advanced Encryption Standardalgorithm AES) data file encryption M, obtain file cipher text C.In the present invention, both can adopt symmetric encipherment algorithm to the encryption of data file M, also can be rivest, shamir, adelman, when adopting rivest, shamir, adelman, then utilizes user side PKI P _pubenciphered data, utilizes private key s during deciphering.

Then the open parameter of system is utilized, PKI P _pubwith current time slice t _icryptography key word set { w ₁..., w _n, generate t _ithe set of keywords ciphertext of period and handle send server to preserve together with file cipher text C.As future time fragment t _i+1during arrival, user side calculates new set of keywords ciphertext and server stores be updated to with reference to Fig. 2, being implemented as follows of this process:

Step S301: when user has data storage request, first user chooses the W={w of data file M _i| i=1 ..., n}, then chooses symmetric encipherment algorithm and is encrypted data file, obtain the file cipher text C of data file M;

Step S302: user side is according to disclosing parameter, PKI P _pubto { w ₁..., w _nbe encrypted, generate current time fragment t _iset of keywords ciphertext

Step S302-a: Stochastic choice calculate C ₁=γ P and C ₂=e (P _pub, Q) ^γ;

Step S302-b: to each i=1 ..., n, calculates x _i=H ₁(w _i), utilize { x ₁..., x _nconstruct Lagrangian differential polynomial, obtain every n polynomial f _i(x),

$f_i\left(x\right)=\underset{1\≤j\≠i\≤n}{\mathrm{\Π}}\frac{x-x_j}{x_i-x_j}=a_{i,1}+a_{i,2}x+...+a_{i,n}{x}^{n-1},$

N is the number of element in selected set of keywords, polynomial f _ithe coefficient a of (x) _{i, 1}, a _{i, 2}...,

Step S302-c: to each i=1 ..., n, user side selects a random number according to polynomial f _ithe coefficient a of (x) _{i, 1}, a _{i, 2}..., a _i,ncalculate y _i=α _i ^-1γ and

Step S302-d: to each i=1 ..., n, calculates x _i'=H ₂(w _i|| t _i), t _icurrent time slice, according to a _{i, 1}, a _{i, 2}..., a _i,ncalculate wherein symbol " || " represents additional operation, namely t _iadd at w _iafterwards;

Step S302-e: send file cipher text C and set of keywords ciphertext to server;

Step S303: as next time slice t _i+1arrive, the open parameter of user side recycling system, PKI P _pubwith next time slice t _i+1recalculate (S302-c) and (S302-d) step, obtain new set of keywords ciphertext and sending to server, server receives after, by storage key set ciphertext be updated to

Step S303-a: to each i=1 ..., n, select a random number according to time slice t in (S302-b) _imultinomial coefficient a _{i, 1}, a _{i, 2}..., a _{i, n}, calculate with the wherein value of γ and time slice t _ivalue identical;

Step S303-b: to each i=1 ..., n, calculates t _i+1time slice t _inext time slice, according to polynomial f _ithe coefficient a of (x) _{i, 1}, a _{i, 2}..., a _i,ncalculate with

Step S303-c: generate set of keywords ciphertext wherein C ₁, C ₂with time slice t _ithe value of middle calculating is identical.User side handle send to server, server receives after, will be updated to

Step S400. user carries out keyword search process:

When user has keyword search request, user side is according to private key s and current time slice t _igenerate the trapdoor that described keyword w is corresponding and sending to server, according to trapdoor, server judges whether set of keywords ciphertext and trapdoor meet and verifies formula, if so, then return the file cipher text C of corresponding data file M, otherwise do not return any information.With reference to Fig. 3, being implemented as follows of this process:

Step S401: when user has the searching request of certain keyword w, user side is according to disclosing parameter, private key s, the keyword w of searching request and current time slice t _i, generate the trapdoor that described keyword w is corresponding information:

Step S401-a: according to Hash function H ₁calculate component T in information ₁=H ₁w (), according to Hash function H ₂calculate T=H ₂(w||t _i), described t _iit is the current time slice of system;

Step S401-b: calculate trapdoor according to the random point Q in open parameter and private key s component T in information ₂s (Q+T);

Keyword w is at time slice t _icorresponding trapdoor is user is keyword trapdoor send to server;

Step S402: server receives trapdoor after, according to open parameter, PKI P _pub, trapdoor with the set of keywords ciphertext stored search in whether comprise trapdoor corresponding keyword, and return Search Results.

Step S402-a: server is according to trapdoor in T ₁and ciphertext in (R ₁..., R _n, U ₁... U _n) calculate λ=R respectively ₁+ R ₂t ₁+ ... + R _nt ₁ ^n-1(modq), v=U ₁+ U ₂t ₁+ ... + U _nt ₁ ^n-1(modq);

Step S402-b: server is according to the value inspection formula C of v and λ obtained ₂=e (C ₁, T ₂whether)/e (v, λ) sets up; If so, keyword w ∈ { w is then described ₁, w ₂..., w _n, server returns the file cipher text C of the data file M satisfied condition to user; Otherwise, namely then do not return any data.

The present invention is not limited to aforesaid embodiment.The present invention expands to any new feature of disclosing in this manual or any combination newly, and the step of the arbitrary new method disclosed or process or any combination newly.

Claims (7)

1. a voidable keyword search key encrypt method in cloud storage, is characterized in that, comprise the following steps:

Step a. system initialization:

Select security parameter k, the open parameter of the system that arranges, and system time is divided into an integer z time slice: t ₁, t ₂..., t _z;

The described system that arranges discloses parameter p, q, GF (p), E, G ₁, G ₂, P, e, H ₁, H ₂, Q is specially:

Select Big prime p, q according to described security parameter k, get GF (p) for p rank finite field, E is the elliptic curve on GF (p), the q rank addition cyclic group that E (GF (p)) is formed for the point on E, is designated as G ₁;

P is addition cyclic group G ₁generator;

Multiplication loop group G ₂addition cyclic group G ₁on point through Bilinear map e map form q factorial method cyclic group, Bilinear map e is from addition cyclic group G ₁to multiplication loop group G ₂mapping, e:G ₁× G ₁→ G ₂;

H ₁and H ₂crash-resistant hash function, described H ₁from the 0 and 1 bit sequence compound mapping formed to multiplication loop group Z _q ^*; H ₂from the 0 and 1 bit sequence compound mapping formed to addition cyclic group G ₁;

Q is addition cyclic group G ₁on a random point; Step b. generates user's public private key pair:

According to the private key s that user side is selected, generate corresponding PKI P _pub;

Step c spanned file ciphertext and set of keywords ciphertext:

(c1) when user has data storage request, user side chooses the set of keywords W={w of data file M _i| i=1 ..., n}, and data file M is encrypted, obtain the file cipher text C of data file M;

(c2) user side is based on described open parameter, PKI P _pub, set of keywords W and current time slice t _i, generate the set of keywords ciphertext that described set of keywords W is corresponding and described file cipher text C and set of keywords ciphertext send to server stores;

(c3) as new time slice t _i+1during arrival, user side is based on open parameter, PKI P _pub, set of keywords W and current time slice t _i+1, generate new set of keywords ciphertext and described set of keywords ciphertext send to server, the set of keywords ciphertext that server update is preserved.

2. the method for claim 1, is characterized in that, in described step (c2), generates the set of keywords ciphertext that set of keywords W is corresponding be specially:

(c2.1) Stochastic choice calculate C ₁=γ P, C ₂=e (P _pub, Q) ^γ;

(c2.2) to each i=1 ..., n, calculates x _i=H ₁(w _i), according to { the x obtained ₁..., x _nconstruct Lagrangian differential polynomial, obtain every n polynomial f _i(x):

$f_i\left(x\right)=\underset{1\≤j\≠i\≤n}{\mathrm{\Π}}\frac{x-x_j}{x_i-x_j}=a_{i,1}+a_{i,2}x+...+a_{i,n}{x}^{n-1},$

N is the number of element in selected set of keywords, polynomial f _ithe coefficient of (x)

(c2.3) to each i=1 ..., n, selects a random number based on polynomial f _ithe coefficient a of (x) _{i, 1}, a _{i, 2}..., a _i,ncalculate y _i=α _i ^-1γ,

(c2.4) to each i=1 ..., n, calculates x ' _i=H ₂(w _i|| t _i), described t _ibe current time slice, symbol " || " represents additional operation, namely t _iadd at w _iafterwards; Based on polynomial f _ithe coefficient a of (x) _{i, 1}, a _{i, 2}..., a _i,n, calculate $R_i=\underset{j=1}{\overset{n}{\mathrm{\Σ}}}{a}_{j,i}{y}_j{x}_j^{\′};$

(c2.5) set of keywords ciphertext corresponding to set of keywords W is generated

3. method as claimed in claim 2, is characterized in that, in described step (c3), generate new set of keywords ciphertext be specially:

(c3.1) to each i=1 ..., n, selects a random number based on the polynomial f in step (c2.2) _ithe coefficient a of (x) _{i, 1}, a _{i, 2}..., a _i,ncalculate y _i ^*=(α _i ^*) ^-1γ,

(c3.2) to each i=1 ..., n, calculates based on described polynomial f _ithe coefficient a of (x) _{i, 1}, a _{i, 2}..., a _i,ncalculate $R_i^{*}=\underset{j=1}{\overset{n}{\mathrm{\Σ}}}{a}_{j,i}{y}_j^{*}{x}_j^{\′*},U_i^{*}=\underset{j=1}{\overset{n}{\mathrm{\Σ}}}{a}_{j,i}{\mathrm{\α}}_j^{*}{P}_{\mathrm{pub}};$

(c3.3) set of keywords ciphertext corresponding to set of keywords W is generated

4. the method as described in claim 1,2 or 3, is characterized in that, in step (c1), is encrypted data file M based on symmetric encipherment algorithm.

5., based on a voidable keyword search methodology in the cloud storage of the encryption method of claim 1,2 or 3, it is characterized in that, comprise the following steps:

User side is according to described open parameter, and private key s, generates corresponding PKI P _pub, the keyword w of searching request and current time slice t _i, generate the trapdoor that described keyword w is corresponding and described trapdoor send to server;

Server receives trapdoor after, according to open parameter, PKI P _pub, trapdoor with the set of keywords ciphertext stored verify, if be proved to be successful, then return the ciphertext C of corresponding data file M; Otherwise do not return any data.

6. method as claimed in claim 5, is characterized in that, user side generates trapdoor corresponding to keyword w comprise two part (T ₁, T ₂), described T ₁based on crash-resistant hash function H ₁calculate T ₁=H ₁w () obtains, T ₂based on crash-resistant hash function H ₂calculate T ₂=s (Q+H ₂(w||t _i)) obtain, wherein, Q is addition cyclic group G ₁on a random point, described G ₁for: select Big prime p, q according to described security parameter k, get GF (p) for p rank finite field, E is the elliptic curve on GF (p), the q rank addition cyclic group that E (GF (p)) is formed for the point on E.

7. method as claimed in claim 6, it is characterized in that, server receives trapdoor after, according to open parameter, PKI P _pub, trapdoor with the set of keywords ciphertext stored the process carrying out verifying is:

According to trapdoor in T ₁with set of keywords ciphertext in (R ₁..., R _n, U ₁... U _n) calculate λ=R respectively ₁+ R ₂t ₁+ ... + R _nt ₁ ^n-1(mod q), ν=U ₁+ U ₂t ₁+ ... + U _nt ₁ ^n-1(mod q);

Value based on described ν and λ judges inspection formula C ₂=e (C ₁, T ₂whether)/e (ν, λ) sets up, if set up, then checks successfully.