CN104023051A - Multi-user multi-keyword searchable encryption method in cloud storage - Google Patents

Abstract

The invention discloses a multi-user multi-keyword searchable encryption method in cloud storage, comprising the following steps: Step 1, system parameter initialization; Step 2, addition of users; Step 3, file encryption by a file owner and generation of security index; Step 4, generation of keyword search token by users; Step 5, search of ciphertext keyword by a cloud storage server; Step 6, decryption of ciphertext by users; and Step 7, cancellation of users. According to the method, an authorized user can search an encrypted file by the utilization of a trap door linked with a keyword; a data user encrypts his/her own data and stores the data into the cloud storage server; and the required encrypted data can be searched through a keyword search token when the data is needed, and download and decryption are carried out. Meanwhile, the cloud storage server doesn't know about the user's search keyword, thus guaranteeing data information privacy for the user. The method is suitable for a multi-user environment.

Description

The encryption method that in cloud storage, the multiple keywords of multi-user can be searched for

Technical field

The invention belongs to field of information security technology, be applied in cloud computing in data security stores service process, be specifically related to the encryption method that in a kind of cloud storage, the multiple keywords of multi-user can be searched for.

Background technology

Cloud computing is as a kind of new computation model, can provide that cost is lower, extendible various advanced persons' calculation services, and in order to save the cost of storage and management data, enterprises and individuals can be outsourced to data cloud storage server.The data that cloud stores service provides have the advantage such as availability and reliability, but it also has a shortcoming clearly, be data not under user's management and controlling, so how the confidentiality and integrity of service data just becomes the urgent problem of paying close attention to of user.

Although reliability, availability, fault-tolerance of cloud storage service provider (Cloud Storage Service Provider, CSSP) etc. are believed by enterprise, people be uncertain about CSSP not by the data of trustship for other objects; Equally for personal user, they wish that the data of oneself can only and can not be accessed by CSSP by people's access own or that specify.This will cause the problem of two aspects: on the one hand, from user's angle, they cannot find and allow they complete believable CSSP carry out their data of store and management; From the angle of CSSP, in the situation that not addressing the above problem, will lose a large amount of clients on the other hand.Therefore, the confidentiality of data and integrality will hinder popularization and the use of cloud storage.

In view of above practical problem, in cloud storage, data must, before being transferred to CSSP, being encrypted by user oneself, and also can only be decrypted by user oneself, will alleviate like this danger that user data leaks.Do as user need to comprise the document of certain keyword, their data of wanting of the acquisition that user can be very fast so also ensure the confidentiality of data to CSSP but this will introduce a new problem?

Can search for and encrypt as a kind of new cryptological technique, can be in the enterprising line search inquiry of the data acquisition system of encrypting, concrete grammar is, it is first the set of file set generating indexes, re-use can search for to encrypt these indexes are encrypted to hide index content, and encrypt and will meet following character: the 1) token of a given keyword (being index), can obtain the pointer of the All Files that comprises this keyword; 2) there is no token, the content of index is hidden; 3) user who only has an association key could generate token; 4) retrieving, except having exposed certain keyword of which file-sharing, can not expose the specifying information of any relevant document and keyword.The central role that can search for encryption is to provide for cloud stores service: the one, and user oneself controls its data; The 2nd, the security property of data can be verified by Cryptography Principles, instead of determine fail safe by law, physical equipment.

Summary of the invention

The object of this invention is to provide the encryption method that in a kind of cloud storage, the multiple keywords of multi-user can be searched for, solved the problem that can not realize keyword retrieval after cloud storage data encryption of the prior art.

The technical solution used in the present invention is, the encryption method that in a kind of cloud storage, the multiple keywords of multi-user can be searched for,

File encryption person is Ent, collection of document D=(D ₁..., D _n), storage server is Serv, establishes document D _ilists of keywords be W _i=(w _{i, 1}..., w _i,m), 1≤i≤n, n is the file number that is about to storage, m is document D _iin keyword number, w _i,jfor D _ithe keyword of j keyword field, 1≤j≤m, implement according to following steps:

Step 1, system parameters initialization

By the UM of user management mechanism input security parameter k, the cyclic group G that output rank are prime number q, the generator that g is G, and DDHP in G is difficult;

Random selection as the master key of UM, be designated as k _uM=x, calculates h=g ^x; UM selects two pseudo-random function $f^{\′}:{\left\{\mathrm{0,1}\right\}}^k\×{\left\{\mathrm{0,1}\right\}}^{*}\→Z_q^{*}$ With $f^{\′\′}:{\left\{\mathrm{0,1}\right\}}^k\×Z_q^{*}\→Z_q^{*}$ And random seed is respectively s ', s " ∈ _r{ 0,1} ^k, and be symmetric encipherment algorithm Enc () the selection encryption key ek of Semantic Security, issue params=(G, g, q, f ', f ", h, Enc) as system parameters, the private key of the secret user management UM of mechanism is msk _ent=x and file encryption key ek;

Step 2, interpolation user

By the master key k of the UM of user management mechanism input UM _uM=x and user identity u _iD∈ U, output u _iDkey and auxiliary key $({\mathrm{sk}}_{u_{\mathrm{ID}}},\mathrm{com}{k}_{u_{\mathrm{ID}}})=(x_{u_{\mathrm{ID}}}{\∈}_R{Z}_q^{*},g^{k_{\mathrm{UM}}/x_{u_{\mathrm{ID}}}})=(x_{u_{\mathrm{ID}}},g^{x/x_{u_{\mathrm{ID}}}});$ Will , safety) send to user u _iD; Will $(u_{\mathrm{ID}}.\mathrm{com}{k}_{u_{\mathrm{ID}}})=(u_{\mathrm{ID}},g^{k_{\mathrm{UM}}/x_{u_{\mathrm{ID}}}})$ Send to safely cloud storage server Serv, cloud storage server Serv adds user profile in its user list U-ComK

$(u_{\mathrm{ID}}.\mathrm{com}{k}_{u_{\mathrm{ID}}})=(u_{\mathrm{ID}},g^{k_{\mathrm{UM}}/x_{u_{\mathrm{ID}}}});$

Step 3, file owner generate file encryption and Security Index

User u _iDinput user key encryption key ek, random seed s ', document D _iand lists of keywords W _i=(w _{i, 1}..., w _i,m), 1≤i≤n, selects r at random _i∈ _rz _q, calculate and E _i=Enc _ek(D _i), right 1≤j≤m, calculates σ _i,j=f ' (s ', w _i,j), $I_{i,j}={\left(\mathrm{gh}\right)}^{r_i{\mathrm{\σ}}_{i,j}},$

Make file index be i _{i, 1}..., I _i,m), note C _i=(E _i, I _i), by (uI _d, C _i) send to cloud storage server S erv to store;

Step 4, user are about the generation of keyword search token

User u _iDinput s ', s " and the keyword position 1≤l that will retrieve ₁..., l _d≤ m and corresponding keyword w ₁' ..., w ' _d, d is the keyword number of user search,

The random random number of selecting calculate according to the following formula:

$T_1=(t_1+f^{\′\′}(s^{\′\′},t_2){\mathrm{\Σ}}_{j=1}^d{f}^{\′}(s^{\′},w_j^{\′}))s{k}_{u_{\mathrm{ID}}}=(t_1+f^{\′\′}(s^{\′\′},t_2){\mathrm{\Σ}}_{j=1}^d{f}^{\′}(s^{\′},w_j^{\′}))x_{u_{\mathrm{ID}}},$

T ₂＝t ₁，T ₃＝f″(s″,t ₂)，

To search for token T=(u _iD, T ₁, T ₂, T ₃, l ₁..., l _d) send to cloud to store server S erv;

Step 5, cloud storage server are about the search of ciphertext keyword

Cloud storage server S erv carries out and is used for searching for encrypted document, input trapdoor T=(u _iD, T ₁, T ₂, T ₃, l ₁..., l _d) and ciphertext C _i=(E _i, I _i), Serv initialization empty set Ω, to each ciphertext C _i=(E _i, I _i), 1≤i≤n, in I _i, judge whether following formula is set up:

$\begin{array}{c}{\left({\left(g^{1/x_{u_{\mathrm{ID}}}}\right)}^{r_i}{\left(h^{1/x_{u_{\mathrm{ID}}}}\right)}^{r_i}\right)}^{T_1}/{\left(g^{r_i}{h}^{r_i}\right)}^{T_2}\\ ={\left(\mathrm{gh}\right)}^{r_i\left({\mathrm{\Σ}}_{j=1}^d{f}^{\′}(s^{\′},w_j^{\′})\right)f^{\′\′}(s^{\′\′},t_2)?}={\left({\mathrm{\Π}}_{j=1}^d{\left(\mathrm{gh}\right)}^{r_i{\mathrm{\σ}}_{i,l_j}}\right)}^{T_3}\end{array},$

Wherein $I_i={(\left(g^{1/x_{u_{\mathrm{ID}}}}\right)}^{r_i},g^{r_i},{\left(h^{1/x_{u_{\mathrm{ID}}}}\right)}^{r_i},h^{r_i},I_{i.1},\·\·\·,I_{i,m}),I_{i,j}={\left(\mathrm{gh}\right)}^{r_i{\mathrm{\σ}}_{i,j}},$

Question mark on equal sign represents the meaning whether equating,

If set up Ω=Ω ∪ { E _i;

Otherwise this ciphertext and crucial word mismatch, continue the next keyword index I of search _i+1, finally Search Results Ω is sent to user u _iD;

Step 6, user are about the deciphering of ciphertext

User u _iDexecution is used for decrypting ciphertext, and input symmetric key ek and the Ω receiving are right calculate D _i=Dec _ek(E _i);

Step 7, cancel user

The UM of user management mechanism carries out and is used for cancelling user, input user identity u _iD, UM sends and cancels user u to cloud storage server S erv _iDorder, Serv executable operations be that cloud storage server CSS deletes user u _iDregistration project .

The invention has the beneficial effects as follows:

1) mode that the present invention adopts authorized user and storage server successively keyword to be encrypted has proposed a kind of encryption method of searching for multiple keywords, makes authorized user can utilize the trapdoor search encrypted document of connection keyword.By method of the present invention, data user can, by after the data encryption of oneself, be stored in cloud storage server, when needs, can retrieve the encrypt data needing, then download decryption by keyword retrieval token.Meanwhile, cloud storage server is not also known the keyword of user search, guarantees user's data message privacy.By comparing with existing scheme, the inventive method is at communication and calculation cost, searches for that trapdoor size, keyword are encrypted and the overall efficiency of the aspect such as the speed of search is improved.

2) the present invention program is applicable to multi-user environment, and the multi-user here refers to can increase and cancel user, and user increases can pass through algorithm Enroll (k _uM, u _iD) realize, cancelling of user can be passed through algorithm RevokeUser (u _iD) realize.

Embodiment

Below in conjunction with embodiment, the present invention is described in detail.

The encryption method that in cloud storage of the present invention, the multiple keywords of multi-user can be searched for, implement according to following steps:

The person Ent wish of supposing file encryption is by collection of document D=(D ₁..., D _n) store in storage server Serv after encryption, establish document D _ilists of keywords be W _i=(w _{i, 1}..., w _i,m), 1≤i≤n, n is the file number that is about to storage, m is document D _iin keyword number, w _i,jfor D _ithe keyword of j keyword field, 1≤j≤m, the scheme of structure wishes that can realize keyword after file encryption can search for, and realizes safe and secret target, algorithm comprises the algorithm of seven polynomial times, is described in detail as follows:

Step 1, system parameters initialization, i.e. step Init (1 ^k)

This algorithm is carried out and is used for initialization system by the UM of user management mechanism, input security parameter k, and the cyclic group G that output rank are prime number q, the generator that g is G, and DDHP (prejudgementing character Diffie-Hellmen hypothesis) in G is difficult;

Random selection as the master key of UM, be designated as k _uM=x, calculates h=g ^x; UM selects two pseudo-random function $f^{\′}:{\left\{\mathrm{0,1}\right\}}^k\×{\left\{\mathrm{0,1}\right\}}^{*}\→Z_q^{*}$ With $f^{\′\′}:{\left\{\mathrm{0,1}\right\}}^k\×Z_q^{*}\→Z_q^{*}$ And random seed is respectively s ', s " ∈ _r{ 0,1} ^k, and be symmetric encipherment algorithm Enc () the selection encryption key ek of Semantic Security, issue params=(G, g, q, f ', f ", h, Enc) as system parameters, the private key of the secret user management UM of mechanism is msk _ent=x and file encryption key ek.

Step 2, interpolation user, i.e. step e nroll (k _uM, u _iD)

This algorithm is carried out and is used for adding user by the UM of user management mechanism, the master key k of input UM _uM=x and user identity u _iD∈ U (user identity is unique, as user's e-mail address), output u _iDkey and auxiliary key $({\mathrm{sk}}_{u_{\mathrm{ID}}},\mathrm{com}{k}_{u_{\mathrm{ID}}})=(x_{u_{\mathrm{ID}}}{\∈}_R{Z}_q^{*},g^{k_{\mathrm{UM}}/x_{u_{\mathrm{ID}}}})=(x_{u_{\mathrm{ID}}},g^{x/x_{u_{\mathrm{ID}}}});$ Will send to safely user u _iD; Will send to safely cloud storage server Serv, cloud storage server Serv adds user profile in its user list U-ComK

$(u_{\mathrm{ID}}.\mathrm{com}{k}_{u_{\mathrm{ID}}})=(u_{\mathrm{ID}},g^{k_{\mathrm{UM}}/x_{u_{\mathrm{ID}}}}).$

Step 3, file owner generate file encryption and Security Index, i.e. step $\mathrm{Enc}({s{k}_u}_{\mathrm{ID}},\mathrm{ek},s^{\′},D_i,W_i).$

User u _iDthe cryptographic algorithm of carrying out, input user key encryption key ek, random seed s ', document D _iand lists of keywords W _i=(w _{i, 1}..., w _i,m), 1≤i≤n, selects r at random _i∈ _rz _q, calculate $g^{r_i/{\mathrm{sk}}_{u_{\mathrm{ID}}}}={\left(g^{1/x_{u_{\mathrm{ID}}}}\right)}^{r_i},h^{r_i},h^{r_i/{\mathrm{sk}}_{u_{\mathrm{ID}}}}={\left(g^{x/x_{u_{\mathrm{ID}}}}\right)}^{r_i}$ And E _i=Enc _ek(D _i), right 1≤j≤m, calculates σ _i,j=f ' (s ', w _i,j), $I_{i,j}={\left(\mathrm{gh}\right)}^{r_i{\mathrm{\σ}}_{i,j}},$

Make file index be i _{i, 1}... I _{i, m}), note C _i=(E _i, I _i), by (u _iD, C _i) send to cloud storage server S erv to store.

Step 4, user are about the generation of keyword search token, i.e. step

$\mathrm{Trapdoor}(s{k}_{u_{\mathrm{ID}}},s^{\′},s^{\′\′},l_1,\·\·\·,l_d,w_1^{\′},\·\·\·,w_d^{\′}).$

User u _iDexecution is used for generating the search token (search trapdoor) that connects keyword, input s ', s " and the keyword position 1≤l that will retrieve ₁..., l _d≤ m and corresponding keyword w ₁' ..., w ' _d, d is that user searches

The keyword number of rope, selects random number at random calculate according to the following formula:

$T_1=(t_1+f^{\′\′}(s^{\′\′},t_2){\mathrm{\Σ}}_{j=1}^d{f}^{\′}(s^{\′},w_j^{\′}))s{k}_{u_{\mathrm{ID}}}=(t_1+f^{\′\′}(s^{\′\′},t_2){\mathrm{\Σ}}_{j=1}^d{f}^{\′}(s^{\′},w_j^{\′}))x_{u_{\mathrm{ID}}}$

T ₂＝t ₁，T ₃＝f″(s″,t ₂)，

To search for token (search trapdoor) T=(u _iD, T ₁, T ₂, T ₃, l ₁..., l _d) send to cloud to store server S erv.

Step 5, cloud storage server are about the search of ciphertext keyword, i.e. step Search (T, C _i)

Cloud storage server S erv carries out and is used for searching for encrypted document, input trapdoor T=(u _iD, T ₁, T ₂, T ₃, l ₁..., l _d) and ciphertext C _i=(E _i, I _i), Serv initialization empty set Ω, to each ciphertext C _i=(E _i, I _i), 1≤i≤n, in I _i, judge whether following formula is set up:

$\begin{array}{c}{\left({\left(g^{1/x_{u_{\mathrm{ID}}}}\right)}^{r_i}{\left(h^{1/x_{u_{\mathrm{ID}}}}\right)}^{r_i}\right)}^{T_1}/{\left(g^{r_i}{h}^{r_i}\right)}^{T_2}\\ ={\left(\mathrm{gh}\right)}^{r_i\left({\mathrm{\Σ}}_{j=1}^d{f}^{\′}(s^{\′},w_j^{\′})\right)f^{\′\′}(s^{\′\′},t_2)?}={\left({\mathrm{\Π}}_{j=1}^d{\left(\mathrm{gh}\right)}^{r_i{\mathrm{\σ}}_{i,l_j}}\right)}^{T_3}\end{array},$

Wherein $I_i={(\left(g^{1/x_{u_{\mathrm{ID}}}}\right)}^{r_i},g^{r_i},{\left(h^{1/x_{u_{\mathrm{ID}}}}\right)}^{r_i},h^{r_i},I_{i.1},\·\·\·,I_{i,m}),I_{i,j}={\left(\mathrm{gh}\right)}^{r_i{\mathrm{\σ}}_{i,j}},$

Question mark on equal sign represents the meaning whether equating,

If set up Ω=Ω ∪ { E _i;

Otherwise this ciphertext and crucial word mismatch, continue the next keyword index I of search _i+1, finally Search Results Ω is sent to user u _iD.

Step 6, user are about the deciphering of ciphertext, i.e. step Dec (ek, Ω)

User u _iDexecution is used for decrypting ciphertext, and input symmetric key ek and the Ω receiving are right calculate D _i=Dec _ek(E _i).

Step 7, cancel user, i.e. step RevokeUser (u _iD)

The UM of user management mechanism carries out and is used for cancelling user, input user identity u _iD, UM sends out v to cloud storage server S er and send and cancel user u _iDorder, Serv executable operations $U-\mathrm{ComK}=U-\mathrm{ComK}\backslash \left\{(u_{\mathrm{ID}},\mathrm{com}{k}_{u_{\mathrm{ID}}})\right\}.$ Be that cloud storage server CSS deletes user u _iDregistration project $(u_{\mathrm{ID}}.\mathrm{com}{k}_{u_{\mathrm{ID}}})=(u_{\mathrm{ID}},g^{k_{\mathrm{UM}}/x_{u_{\mathrm{ID}}}}),$ .

The safety analysis of the inventive method

Conclusion 1: technical scheme of the present invention meets correctness.

Prove: if all data all generate according to description in scheme, and if wherein 1≤i≤m, 1≤j≤d, has:

$\begin{array}{c}{\left({\left(g^{1/x_{u_{\mathrm{ID}}}}\right)}^{r_i}{\left(h^{1/x_{u_{\mathrm{ID}}}}\right)}^{r_i}\right)}^{T_1}/{\left(g^{r_i}{h}^{r_i}\right)}^{T_2}\\ ={\left(\mathrm{gh}\right)}^{r_i\left({\mathrm{\Σ}}_{j=1}^d{f}^{\′}(s^{\′},w_j^{\′})\right)f^{\′\′}(s^{\′\′},t_2)?}={\left({\mathrm{\Π}}_{j=1}^d{\left(\mathrm{gh}\right)}^{r_i{\mathrm{\σ}}_{i,l_j}}\right)}^{T_3}\end{array}$

Embodiment 1

The person Ent wish of supposing file encryption is by collection of document D=(D ₁..., D _n) store in storage server Serv after encryption, establish document D _ilists of keywords be W _i=(w _{i, 1}..., w _i,m), 1≤i≤n, n is the file number that is about to storage, m is document D _iin keyword number, w _i,j, 1≤j≤m, is D _ithe keyword of j keyword field, the scheme of structure wishes that can realize keyword after file encryption can search for, and realizes safe and secret target, algorithm comprises the algorithm of seven polynomial times, is described in detail as follows:

Step 1, system parameters initialization, i.e. step Init (1 ^k)

This algorithm is carried out and is used for initialization system by the UM of user management mechanism, and input security parameter k, generally can get k=160 or larger, and k is larger, and fail safe is higher.The output rank cyclic group G that is prime number q, the generator that g is G, and DDHP (prejudgementing character Diffie-Hellmen hypothesis) in G is difficult;

Random selection as the master key of UM, be designated as k _uM=x, calculates h=g ^x; UM selects two pseudo-random function with and random seed is respectively s ', s " ∈ _r{ 0,1} ^k, and be symmetric encipherment algorithm Enc () the selection encryption key ek of Semantic Security, two pseudo-random function here generally can be realized by the suitable adjustment of Sha-1.Symmetric encipherment algorithm Enc () can adopt the secure cryptographic algorithm such as aes algorithm.Issue params=(G, g, q, f ', f ", h, Enc) as system parameters.

Step 2, interpolation user, i.e. step e nroll (k _uM, u _iD)

This algorithm carries out to add user by the UM of user management mechanism, the master key k of input UM _uMwith user identity u _iD∈ U (user identity is unique, as user's e-mail address), output u _iDkey and auxiliary key $({\mathrm{sk}}_{u_{\mathrm{ID}}},\mathrm{com}{k}_{u_{\mathrm{ID}}})=(x_{u_{\mathrm{ID}}}{\∈}_R{Z}_q^{*},g^{k_{\mathrm{UM}}/x_{u_{\mathrm{ID}}}})=(x_{u_{\mathrm{ID}}},g^{x/x_{u_{\mathrm{ID}}}}).$ Will send to safely user u _iD, send to safely Serv, Serv adds in its user list U-ComK

Step 2, interpolation user, i.e. step e nroll (k _uM, u _iD)

This algorithm is carried out and is used for adding user by the UM of user management mechanism, the master key k of input UM _uM=x and user identity u _iD∈ U (user identity is unique, as user's e-mail address), output u _iDkey and auxiliary key ; Will peace, Quan Difa, gives use) family u _iD; Will $(u_{\mathrm{ID}}.\mathrm{com}{k}_{u_{\mathrm{ID}}})=(u_{\mathrm{ID}},g^{k_{\mathrm{UM}}/x_{u_{\mathrm{ID}}}})$ Send to safely cloud storage server Serv, cloud storage server Serv adds user profile in its user list U-ComK

$(u_{\mathrm{ID}}.\mathrm{com}{k}_{u_{\mathrm{ID}}})=(u_{\mathrm{ID}},g^{k_{\mathrm{UM}}/x_{u_{\mathrm{ID}}}}).$

Step 3, file owner generate file encryption and Security Index, i.e. step

$\mathrm{Enc}({s{k}_u}_{\mathrm{ID}},\mathrm{ek},s^{\′},D_i,W_i).$

User u _iDthe cryptographic algorithm of carrying out, input user key encryption key ek, random seed s ', document D _iand lists of keywords W _i=(w _{i, 1}..., w _i,m), 1≤i≤n, selects r at random _i∈ _rz _q, calculate $g^{r_i/{\mathrm{sk}}_{u_{\mathrm{ID}}}}={\left(g^{1/x_{u_{\mathrm{ID}}}}\right)}^{r_i},h^{r_i},h^{r_i/{\mathrm{sk}}_{u_{\mathrm{ID}}}}={\left(g^{x/x_{u_{\mathrm{ID}}}}\right)}^{r_i}$ And E _i=Enc _ek(D _i), right 1≤j≤m, calculates σ _i,j=f ' (s ', w _i,j), $I_{i,j}={\left(\mathrm{gh}\right)}^{r_i{\mathrm{\σ}}_{i,j}}.$

File index is i _{i, 1}..., I _i,m), note C _i=(E _i, I _i), by (u _iD, C _i) send to cloud storage server S erv to store.

Step 4, user generate about keyword search token, i.e. step

$\mathrm{Trapdoor}(s{k}_{u_{\mathrm{ID}}},s^{\′},s^{\′\′},l_1,\·\·\·,l_d,w_1^{\′},\·\·\·,w_d^{\′}).$

User u _iDexecution is used for generating the search token (search trapdoor) that connects keyword, input s ', s " and the keyword position 1≤l that will retrieve ₁..., l _d≤ m and corresponding keyword w ₁' ..., w ' _d, d is that user searches

The keyword number of rope, selects random number t at random ₁, calculate according to the following formula:

$T_1=(t_1+f^{\′\′}(s^{\′\′},t_2){\mathrm{\Σ}}_{j=1}^d{f}^{\′}(s^{\′},w_j^{\′}))s{k}_{u_{\mathrm{ID}}}=(t_1+f^{\′\′}(s^{\′\′},t_2){\mathrm{\Σ}}_{j=1}^d{f}^{\′}(s^{\′},w_j^{\′}))x_{u_{\mathrm{ID}}},$

T ₂＝t ₁，T ₃＝f″(s″,t ₂)，

To search for token (search trapdoor) T=(u _iD, T ₁, T ₂, T ₃, l ₁..., l _d) send to cloud to store server S erv.

Step 5, cloud storage server are about the search of ciphertext keyword, i.e. step Search (T, C _i)

Cloud storage server S erv carries out and is used for searching for encrypted document, input trapdoor T=(u _iD, T ₁, T ₂, T ₃, l ₁..., l _d) and ciphertext C _i=(E _i, I _i), Serv initialization empty set Ω, to each ciphertext C _i=(E _i, I _i), 1≤i≤n, in I _i, judge whether following formula is set up:

$\begin{array}{c}{\left({\left(g^{1/x_{u_{\mathrm{ID}}}}\right)}^{r_i}{\left(h^{1/x_{u_{\mathrm{ID}}}}\right)}^{r_i}\right)}^{T_1}/{\left(g^{r_i}{h}^{r_i}\right)}^{T_2}\\ ={\left(\mathrm{gh}\right)}^{r_i\left({\mathrm{\Σ}}_{j=1}^d{f}^{\′}(s^{\′},w_j^{\′})\right)f^{\′\′}(s^{\′\′},t_2)?}={\left({\mathrm{\Π}}_{j=1}^d{\left(\mathrm{gh}\right)}^{r_i{\mathrm{\σ}}_{i,l_j}}\right)}^{T_3}\end{array},$

Wherein $I_i={(\left(g^{1/x_{u_{\mathrm{ID}}}}\right)}^{r_i},g^{r_i},{\left(h^{1/x_{u_{\mathrm{ID}}}}\right)}^{r_i},h^{r_i},I_{i.1},\·\·\·,I_{i,m}),I_{i,j}={\left(\mathrm{gh}\right)}^{r_i{\mathrm{\σ}}_{i,j}},$

Question mark on equal sign represents the meaning whether equating,

If set up Ω=Ω ∪ { E _i;

Otherwise this ciphertext and crucial word mismatch, continue the next keyword index I of search _i+1, finally Search Results Ω is sent to user u _iD.

Step 6, user are about the deciphering of ciphertext, i.e. step Dec (ek, Ω)

User u _iDexecution is used for decrypting ciphertext, and input symmetric key ek and the Ω receiving are right calculate D _i=Dec _ek(E _i).

Step 7, cancel user, i.e. step RevokeUser (u _iD)

The UM of user management mechanism carries out and is used for cancelling user, input user identity u _iD, UM sends out v to cloud storage server S er and send and cancel user u _iDorder, Serv executable operations be that cloud storage server CSS deletes user u _iDregistration project $(u_{\mathrm{ID}}.\mathrm{com}{k}_{u_{\mathrm{ID}}})=(u_{\mathrm{ID}},g^{k_{\mathrm{UM}}/x_{u_{\mathrm{ID}}}})$ .

In cloud stores service, user is outsourced to cloud storage server after can using the encipherment scheme that can search for to data encryption.Can search for encipherment scheme makes user can selectively access its encrypt data, can also guarantee the confidentiality of user search data, the encipherment scheme searched for based on connecting keyword (being the boolean combination of multiple keywords) has important using value because of its higher search precision in safe storage service simultaneously.The mode that the present invention adopts authorized user and storage server successively keyword to be encrypted has proposed a kind of encryption method of searching for multiple keywords, makes authorized user can utilize the trapdoor search encrypted document of connection keyword.By comparing with existing scheme, the scheme of proposition is at communication and calculation cost, searches for that trapdoor size, keyword are encrypted and the speed of search, etc. the overall efficiency of aspect be improved.In addition, the scheme of proposition is supported multi-user, can increase dynamically and cancel user, makes user can directly on storage server, carry out data sharing.

Claims (2)

1. the encryption method that in cloud storage, the multiple keywords of multi-user can be searched for, is characterized in that,

If file encryption person is Ent, collection of document D=(D ₁..., D _n), storage server is Serv, establishes document D _ilists of keywords be W _i=(w _{i, 1}..., w _i,m), 1≤i≤n, n is the file number that is about to storage, m is document D _iin keyword number, w _i,jfor D _ithe keyword of j keyword field, 1≤j≤m, implement according to following steps:

Step 1, system parameters initialization

By the UM of user management mechanism input security parameter k, the cyclic group G that output rank are prime number q, the generator that g is G, and DDHP in G is difficult;

Random selection as the master key of UM, be designated as k _uM=x, calculates h=g ^x; UM selects two pseudo-random function $f^{\′}:{\left\{\mathrm{0,1}\right\}}^k\×{\left\{\mathrm{0,1}\right\}}^{*}\→Z_q^{*}$ With $f^{\′\′}:{\left\{\mathrm{0,1}\right\}}^k\×Z_q^{*}\→Z_q^{*}$ And random seed is respectively s ', s " ∈ _r{ 0,1} ^k, and be symmetric encipherment algorithm Enc () the selection encryption key ek of Semantic Security, issue params=(G, g, q, f ', f ", h, Enc) as system parameters, the private key of the secret user management UM of mechanism is msk _ent=x and file encryption key ek;

Step 2, interpolation user

By the master key k of the UM of user management mechanism input UM _uM=x and user identity u _iD∈ U, output u _iDkey and auxiliary key $({\mathrm{sk}}_{u_{\mathrm{ID}}},\mathrm{com}{k}_{u_{\mathrm{ID}}})=(x_{u_{\mathrm{ID}}}{\∈}_R{Z}_q^{*},g^{k_{\mathrm{UM}}/x_{u_{\mathrm{ID}}}})=(x_{u_{\mathrm{ID}}},g^{x/x_{u_{\mathrm{ID}}}});$ Will , safety) send to user u _iD; Will $(u_{\mathrm{ID}}.\mathrm{com}{k}_{u_{\mathrm{ID}}})=(u_{\mathrm{ID}},g^{k_{\mathrm{UM}}/x_{u_{\mathrm{ID}}}})$ Send to safely cloud storage server Serv, cloud storage server Serv adds user profile in its user list U-ComK

$(u_{\mathrm{ID}}.\mathrm{com}{k}_{u_{\mathrm{ID}}})=(u_{\mathrm{ID}},g^{k_{\mathrm{UM}}/x_{u_{\mathrm{ID}}}});$

Step 3, file owner generate file encryption and Security Index

User u _iDinput user key encryption key ek, random seed s ', document D _iand lists of keywords W _i=(w _{i, 1}..., w _i,m), 1≤i≤n, selects r at random _i∈ _rz _q, calculate and E _i=Enc _ek(D _i), right 1≤j≤m, calculates σ _i,j=f ' (s ', w _i,j), $I_{i,j}={\left(\mathrm{gh}\right)}^{r_i{\mathrm{\σ}}_{i,j}},$

Make file index be i _{i, 1}... I _{i, m}), note C _i=(E _i, I _i), by (u _iD, C _i) send to cloud storage server S erv to store;

Step 4, user are about the generation of keyword search token

User u _iDinput s ', s " and the keyword position 1≤l that will retrieve ₁..., l _d≤ m and corresponding keyword w ₁' ..., w ' _d, d is the keyword number of user search,

The random random number of selecting calculate according to the following formula:

$T_1=(t_1+f^{\′\′}(s^{\′\′},t_2){\mathrm{\Σ}}_{j=1}^d{f}^{\′}(s^{\′},w_j^{\′}))s{k}_{u_{\mathrm{ID}}}=(t_1+f^{\′\′}(s^{\′\′},t_2){\mathrm{\Σ}}_{j=1}^d{f}^{\′}(s^{\′},w_j^{\′}))x_{u_{\mathrm{ID}}},$

T ₂＝t ₁，T ₃＝f″(s″,t ₂)，

To search for token T=(u _iD, T ₁, T ₂, T ₃, l ₁..., l _d) send to cloud to store server S erv;

Step 5, cloud storage server are about the search of ciphertext keyword

Cloud storage server S erv carries out and is used for searching for encrypted document, input trapdoor T=(u _iD, ₁t, ₂t, ₃t ..., ₁l, _dand l is close) civilian C _i=(E _i, I _i), Serv initialization empty set Ω, to each ciphertext C _i=(E _i, I _i), 1≤i≤n, in I _i, judge whether following formula is set up:

$\begin{array}{c}{\left({\left(g^{1/x_{u_{\mathrm{ID}}}}\right)}^{r_i}{\left(h^{1/x_{u_{\mathrm{ID}}}}\right)}^{r_i}\right)}^{T_1}/{\left(g^{r_i}{h}^{r_i}\right)}^{T_2}\\ ={\left(\mathrm{gh}\right)}^{r_i\left({\mathrm{\Σ}}_{j=1}^d{f}^{\′}(s^{\′},w_j^{\′})\right)f^{\′\′}(s^{\′\′},t_2)?}={\left({\mathrm{\Π}}_{j=1}^d{\left(\mathrm{gh}\right)}^{r_i{\mathrm{\σ}}_{i,l_j}}\right)}^{T_3}\end{array},$

Wherein $I_i={(\left(g^{1/x_{u_{\mathrm{ID}}}}\right)}^{r_i},g^{r_i},{\left(h^{1/x_{u_{\mathrm{ID}}}}\right)}^{r_i},h^{r_i},I_{i.1},\·\·\·,I_{i,m}),I_{i,j}={\left(\mathrm{gh}\right)}^{r_i{\mathrm{\σ}}_{i,j}},$

If set up Ω=Ω ∪ { E _i;

Otherwise this ciphertext and crucial word mismatch, continue the next keyword index I of search _i+1, finally Search Results Ω is sent to user u _iD;

Step 6, user are about the deciphering of ciphertext

User u _iDexecution is used for decrypting ciphertext, and input symmetric key ek and the Ω receiving are right calculate D _i=Dec _ek(E _i);

Step 7, cancel user

The UM of user management mechanism carries out and is used for cancelling user, input user identity u _iD, UM sends and cancels user u to cloud storage server S erv _iDorder, Serv executable operations be that cloud storage server CSS deletes user u _iDregistration project $(u_{\mathrm{ID}}.\mathrm{com}{k}_{u_{\mathrm{ID}}})=(u_{\mathrm{ID}},g^{k_{\mathrm{UM}}/x_{u_{\mathrm{ID}}}}),$ .

2. the encryption method that in cloud storage according to claim 1, the multiple keywords of multi-user can be searched for, its feature is: in described step 1, symmetric encipherment algorithm Enc () adopts aes algorithm.