CN104394155A - Multi-user cloud encryption keyboard searching method capable of verifying integrity and completeness - Google Patents

Abstract

The invention is mainly used for searching a searchable encryption technology under a public key password system, and discloses a multi-user cloud encryption keyboard searching method capable of verifying integrity and completeness. The method can be used for verifying the search result completeness and the outsourced data integrity under the cloud environment and setting the multi-user authority. The method can be used for realizing the verification of the search result completeness and the outsourced data integrity by using signatures to bind keyword indexes and associated encryption files thereof, realizing multi-user privacy query by using a re-encryption technology and dynamically updating the query authority of the user. Moreover, the index structure and the query mechanism of the encrypted file are further optimized, so that the query efficiency is improved by using hash query in the query process, and the rapid access to the cloud data is realized.

Description

Multi-user's cloud cryptography key word searching method of integrality and completeness can be verified

Technical field

The present invention relates to the searched for Encryption Technology Research field under public-key cryptosystem, in particular to a kind of multi-user's cloud cryptography key word searching method verifying integrality and completeness, the method can revene lookup result completeness and outsourcing data integrity under cloud environment, and sets multi-user authority.

Background technology

Along with the flourish of computer networking technology and the social expansion to information resources demand, increasing enterprises and individuals wishes to be stored by cloud to reduce local infrastructure cost, and obtains higher service quality.But cloud is stored in and brings convenience, while the service of easy-to-use and low cost, also brings many new safety problems.Nowadays data are stored on third party cloud platform, and data owner loses the control to oneself data, and cloud service provider is not completely believable, make high in the clouds data be faced with the risk of leakage.

Data encryption is the basic means of protection high in the clouds data; first data were encrypted by user before uploading sensitive data; even if the data that such assailant and cloud service provider obtain encryption also cannot obtain its content, thus ensure that the safety that data store beyond the clouds.But, does is problem in enciphered data, how to search out the content needed for user? 2000, Song proposes the concept can searching for encryption first in his paper " A.Practical techniques forsearches on encrypted data ", and propose first keyword search scheme based on symmetric cryptography, realize carrying out query search to the data of encryption, cause scientific research personnel to the research can searching for encryption technology.2004, Boneh proposes the scheme being achieved first public key encryption keyword search based on discrete logarithm by linear pairing in document " Public key encryption withkeyword search ", is applied among public-key cryptosystem general at present searching for encryption technology.Along with the development can searching for encryption technology, in order to more closing to reality application demand, scientific research scholar is had to propose the research directions such as encryption range searching scheme, encryption connection keyword search scheme and encryption fuzzy keyword searching scheme successively.In recent years, due to the rise that cloud computing and cloud store, new study hotspot is become to the access control of encrypting database, integrity verification and encryption retrieval.

The research being applied in the searched for encryption technology of cloud platform not only needs the search coupling realizing the request of data of encryption and the file index of encryption, also need the feature stored for the many authorized users of cloud platform and big data quantity, realize the function of quick-searching in multi-user's dynamic access control and enormous amount data.

Existing great majority can be searched for encipherment scheme and all focus on how in enciphered data, to inquire required content, and do not take into full account the integrality of outsourcing data and the completeness of Query Result.But, under cloud memory module, due to third party ISP and non-fully is credible.User worries whether high in the clouds data replace or damage by victim or cloud service provider.Therefore, user needs checking Query Result being carried out to integrality and completeness, thus to ensure that user obtains Query Result be all data meeting user's search request, and is not replaced or damages.

Existing great majority encryption at present search plan all can only realize single user inquiry.But under cloud storage environment, data owner wishes and multiple user's sharing data.Therefore, need the searching and managing mechanism designing facing multiple users, realize authorizing and cancelling of multi-user's search access right.In addition, existing major part can search for encipherment scheme in search procedure, is all the method adopting linear matched, the inquiry request of encryption is mated with the index entry of encryption one by one, and storing the cloud platform of enormous amount data, search efficiency is not enough to the demand meeting cloud application.

Therefore, seek one and in revene lookup result completeness under cloud environment and outsourcing data integrity, and important researching value can be had to the cryptography key word searching method that multi-user authority sets.

Summary of the invention

Main purpose of the present invention is that the shortcoming overcoming prior art is with not enough, a kind of multi-user's cloud cryptography key word searching method verifying integrality and completeness is provided, the method can in revene lookup result completeness under cloud environment and outsourcing data integrity, also support multi-user's inquiry, search efficiency is high simultaneously.

Object of the present invention is realized by following technical scheme: the multi-user's cloud cryptography key word searching method can verifying integrality and completeness, comprises step:

(1) data owner is encrypted data file, extracts multiple keyword simultaneously and be encrypted to form the key word index for inquiring about from the data file uploaded; Simultaneously to each keyword extracted, utilize homomorphism hash function to generate keyword summary, set up a keyword abstract in this locality; Data owner generates the public signature key and signature private key that are used for data signature, before outsourcing data, signs, finally the data file of encryption, key word index and signature are sent to cloud server with its signature private key to each keyword summary;

(2) cloud server is data file and the key word index memory allocated space of above-mentioned encryption, cloud server is using each key word index as query term simultaneously, set up search index table, preserve index information and signing messages, and set up the address that chained list preserves the All Files associated with each key word index, connect chained list and search index table by the pointer entry of search index table;

(3) data owner is by the private key of escape way needed for the data file of multiple authorized user distribution inquiry encryption, data owner also generates the re-encrypted private key of corresponding authorized user simultaneously, and the re-encrypted private key table all re-encrypted private key be combined to form sends to cloud server, in query script, the authorized user private key of oneself forms inquiry gating transmit to cloud server;

(4) cloud server is inquired about inquiry thresholding according to search index table, finds out the file group and signing messages that meet authorized user inquiry, and returns to authorized user;

(5) after the authorized user signing messages that receives keyword and file group, the summary in signature is solved with the public signature key of data owner and homomorphism hash function, then from encrypt file group, file is solved, then verify that this solves file whether consistent with summary with the keyword of inquiry, if consistent, then represent that file group file is complete and Query Result is complete, otherwise represent that file is imperfect, Query Result is incomplete; Described file group file complete representation data file is not modified or replaces, and described Query Result complete expression Query Result includes the data file of all indexes containing this keyword.

Concrete, in described step (1), to each data file M, data owner uses symmetric key k to be encrypted, and encrypt file is expressed as E _k(M), wherein E _k() is the symmetric encipherment algorithm for encrypt file;

For i-th keyword W _i, key word index is INDEX (W _i)=H ₂(t), wherein if G ₁, G ₂the multiplicative group of prime number p that to be all rank be, wherein g is multiplicative group G ₁generator, definition bilinear map e:G ₁× G ₁→ G ₂, e (g, g) is multiplicative group G ₂generator, if H ₁(): { 0,1} ^*→ G ₁, H ₂(): G ₂→ { 0,1} ^logp, for the private key that data owner adopts for cryptography key word indexing, for the PKI of cloud server, for the private key of cloud server.

Concrete, in described step (1), for i-th keyword W _i, the formula utilizing homomorphism hash function to generate keyword summary is:

HMAC(W _i)＝H _r(Z(M ₁)×f(W _i)+Z(M ₂)×f(W _i)+……+Z(M _i)×f(W _i))；

Wherein f (): { 0,1} ^*→ { 0,1} ⁿsafe one-way Hash function, H _r() is homomorphism hash function, and Z () is the hash function for compressing, M ₁, M ₂... M _ifor data file.

Concrete, described data owner generates the public signature key PK ' be used for data signature _dOwith signature private key SK ' _dO, before outsourcing data, data owner is with its signature private key SK ' _dOto each keyword summary HMAC (W _i) sign, namely obtain e ' _sk() is the public key encryption algorithm for signing.

Preferably, in described step (3), data owner selects as the private key of its cryptography key word indexing, and calculate PKI then Stochastic choice by SK _uidistribute to authorized user U _ias the private key of its generated encryption key word inquiry thresholding, U _ifor the ID of authorized user, generate the re-encrypted private key of this authorized user finally by each authorized user identities number and its re-encrypted private key one to one re-encrypted private key table be sent to cloud server.

Concrete, in described step (3), in query script, it is as follows to the step of cloud server that authorized user forms inquiry gating transmit with the private key of oneself: authorized user U _iuse its key SK _uiwith the keyword that will inquire about generated encryption key word inquiry thresholding wherein U _ifor the ID of this authorized user, authorized user is inquiry thresholding T _wsend to cloud server.

Concrete, in described step (4), cloud server is receiving the inquiry thresholding of authorized user after, by inquiry re-encrypted private key table, find this authorized user U _ire-encrypted private key carry out acting on behalf of re-encryption conversion as follows:

$T_W^{\′}=e{(H_1{\left(\tilde{W}\right)}^{{\mathrm{SK}}_{\mathrm{Ui}}},{{\mathrm{PK}}_S}^{\frac{{\mathrm{SK}}_{\mathrm{DO}}}{{\mathrm{SK}}_{\mathrm{Ui}}}})}^{{\mathrm{SK}}_S}=e{(H_1\left(\tilde{W}\right),{{\mathrm{PK}}_S}^{{\mathrm{SK}}_{\mathrm{DO}}})}^{{\mathrm{SK}}_S};$

Cloud server navigates to and thresholding T ' according to search index table _wcorresponding key word index INDEX (W _i), and by traveling through the file address chained list that this table pointer item points to, obtain the All Files address with this keyword association, take out the file group meeting search request, cloud server as Query Result, returns to the authorized user U of current queries using the signing messages of this file group and this keyword _i.

Preferably, in described step (5), after the signing messages that authorized user receives keyword and encrypt file group, first authorized user first uses data owner public signature key PK ' _dOsolve the summary in signature, then from encrypt file group, solve file M ₁, M ₂... M _i, with the homomorphism hash function H generating summary _r(), compression function Z () and safe one-way Hash function f (): { 0,1} ^*→ { 0,1} ⁿchecking summary, checking formula is:

HMAC(W ₁)＝H _r(Z(M ₁)×f(W ₁)+Z(M ₂)×f(W ₁)+……+Z(M _i)×f(W ₁))；

If expression formula is set up, then M ₁, M ₂... M _ifile is complete, is not namely modified or replaces, otherwise just represents that file is imperfect.Signature establishes associating of keyword and file, and certifying signature correctness, namely demonstrates the completeness of Query Result.

Preferably, describedly verify that multi-user's cloud cryptography key word searching method of integrality and completeness also comprises step: (6) upgrade cloud outsourcing data, and renewal rewards theory is divided into following two kinds of situations:

(6-1) as will data file E be added _k(M _l), the index of this file comprises multiple keyword W _iand W _j, then step of updating is as follows:

(6-1-1) first data owner generates keyword W _iand W _jindex with and then trasaction key W _iand W _jcorresponding summary HMAC (W _i) and HMAC (W _j), data owner first takes out keyword W in local keyword abstract _iand W _jcorresponding summary HMAC (W _i) and HMAC (W _j), utilize the homomorphism character of homomorphism hash function to complete renewal rewards theory:

HMAC(W _i)′＝HMAC(W _i)×H _r(Z(M _L)·f(W _i))；

HMAC(W _j)′＝HMAC(W _j)×H _r(Z(M _L)·f(W _j))；

Data owner is written back to local keyword abstract the summary after renewal again, upgrades;

(6-1-2), after upgrading local keyword abstract, data owner utilizes signature private key SK ' _dOkeyword summary is signed:

$\mathrm{\σ}\left(W_i\right)=E_{{\mathrm{SK}}_{\mathrm{DO}}^{\′}}\left(\mathrm{HMAC}\left(W_i\right)\right);$

$\mathrm{\σ}\left(W_j\right)=E_{{\mathrm{SK}}_{\mathrm{DO}}^{\′}}\left(\mathrm{HMAC}\left(W_j\right)\right);$

(6-1-3) in renewal cryptography key word indexing with after generating signature, data owner sends to cloud server to carry out Data Update the data file of encryption, key word index and signature;

(6-1-4), after cloud server receives data, upgrade search index table, navigate to key word index INDEX (W by hash query _i) and INDEX (W _j) list item at place, upgrade signature sigma (W _i), σ (W _j), and in the file address chained list of correspondence, insert preservation file E _k(M _l) node of address;

(6-2) as key word index W will be added in file index _l, and stored in comprising W _lmultiple data file E of keyword _k(M _i), E _k(M _j), then step of updating is as follows:

(6-2-1) data owner generates keyword W _lindex and to file M _i, M _jbe encrypted;

(6-2-2) summary is generated: HMAC (W _l)=H _r(Z (M _i) f (W _l)) × H _r(Z (M _j) f (W _l)), and summary to be kept in local keyword abstract, and with data owner's signature private key SK ' _dOsummary is signed: $\mathrm{\σ}\left(W_L\right)=E_{{\mathrm{SK}}_{\mathrm{DO}}^{\′}}\left(\mathrm{HMAC}\left(W_L\right)\right);$

(6-2-3) data owner is index INDEX (W _l), file E _k(M _i), E _k(M _j) and signature sigma (W _l) send to cloud server to carry out data outsourcing;

(6-2-4) after cloud server receives data, upgrade search index table, cloud server calculates the cryptographic Hash hash of key word index ₂(INDEX (W _l)) list item position, location, distribute this space to key word index INDEX (W _l), if there is hash-collision, employing is closed hash mode and is evaded conflict, then signature sigma (W _l) stored in concordance list, and set up file address chained list preservation file E _k(M _i), E _k(M _j) address information.

Preferably, describedly verify that multi-user's cloud cryptography key word searching method of integrality and completeness also comprises step:

(7) data owner if desired revocation user U _dsearch access right, then send the ID U of this user _dwith cancel an order to cloud server, cloud server navigates to user U by hash query _dat the list item of re-encrypted private key table, deleting this list item, making the user by cancelling authority cannot complete legal thresholding re-encryption, execution query manipulation that cannot be legal when inquiring about.

Compared with prior art, tool has the following advantages and beneficial effect in the present invention:

(1) the present invention supports hidden inquiry.Data owner, when setting up key word index, employs its private key and is encrypted key word index.Because cloud server and assailant cannot obtain the private key of data owner, so cloud server and assailant also cannot obtain the information of any associated keyword from cryptography key word indexing.When authorized user proposes inquiry request to cloud server, user uses the private key of oneself to be encrypted keyword thresholding, and Cloud Server and assailant cannot know any information of relevant keyword from the keyword thresholding of encryption.In addition, the hash function H of keyword thresholding is generated ₁() is integrated in the encipheror of client, and Cloud Server and assailant also cannot carry out keyword guessing attack.Therefore, cloud server can only provide search service, cannot learn any information about keyword.

(2) the invention provides the inquiry of specifying.Data owner, when generated encryption key word indexing, introduces the PKI of cloud server, provides the authentication function to querying server.In query script, only have the cloud server private key of oneself just can carry out query manipulation.Because assailant does not know the private key of cloud server, even if assailant obtains cryptography key word thresholding, also query manipulation cannot be completed.

(3) the invention provides controlled inquiry.In the present invention, authorized user is needed to use the private key of oneself could generate legal keyword query thresholding.Owing to not knowing the private key of authorized user, assailant and cloud server pseudo-cannot produce legal keyword query thresholding.Therefore, in not authorized user's license situation, assailant and cloud server cannot carry out any search.

(4) the invention provides multi-user's inquiry.The present invention uses and acts on behalf of re-encryption to realize the function of multi-user's inquiry.Each authorized user has a query key, and uses this query key generated encryption key word to inquire about thresholding.If the query key of certain user has been revealed, cloud server can abolish this query key, then regenerates new query key for the user of compromised keys, and this process does not affect other validated users and uses its key to inquire about.

(5) the invention provides the completeness of Query Result and the checking of outsourcing data integrity, signature of the present invention covers the All Files be associated with key word index, can verify whether this data file is replaced, revises in the process of outsourcing, gets final product verification of data integrity.Use signature that the All Files belonging to key word index and its is associated, can verify whether all satisfactory files all successfully return, get final product the completeness of revene lookup result.Data owner uses its private key SK ' _dOsign, authorized user needs usage data owner PKI PK ' _dOverifying, can verification msg source be data owner.

(6) optimum indexing of the present invention and inquiry mode promote search efficiency, and the present invention is optimized traditional searched for encrypted indexes structure, introduce hash query in keyword query link.In query script, by the inquiry of user, calculate inquiry cryptographic Hash, then locator key word indexing memory location.Under the condition not considering hash-collision, average length of search ASL=1, the time complexity of inquiry is similar to O (1), in query script, introduces hash query mechanism, significantly improves the search efficiency of system, realize the fast finding to high in the clouds data.

Accompanying drawing explanation

Fig. 1 is the schematic flow sheet of the inventive method.

Fig. 2 is the structure chart of re-encrypted private key table.

Fig. 3 is the schematic diagram of search index table.

Fig. 4 is the exemplary plot that cloud server is encrypted inquiry.

Fig. 5 is after adding data file, to the renewal process schematic diagram of cloud outsourcing data.

Fig. 6 is add key word index in file index after, to the renewal process schematic diagram of cloud outsourcing data.

Embodiment

Below in conjunction with embodiment and accompanying drawing, the present invention is described in further detail, but embodiments of the present invention are not limited thereto.

Embodiment 1

The present invention mainly studies the searched for encryption technology under public-key cryptosystem; propose a kind of multi-user's cloud cryptography key word searching method verifying integrality and completeness; the method achieve the query and search function to enciphered data, and protect the inquiry privacy of user.On the basis realizing basic encryption search, the present invention is directed to the feature that multi-user access and big data quantity store under cloud environment, propose multi-user and inquire about setting, and optimize index structure and the inquiry mechanism of encrypt file, realize the function of dynamic subscriber's control of authority and quick-searching enciphered data.The present invention have also been devised the authentication mechanism of Query Result completeness and outsourcing data integrity, uses homomorphism hash function to associate encrypt file with signature binding key word index with it and provides authentication function.

Verify that the detailed process of multi-user's cloud cryptography key word searching method of integrality and completeness is described in detail below in conjunction with Fig. 1 to above-mentioned.

(1) system model

Data owner is encrypted data file and index key corresponding to file.And enciphered data is stored into cloud server.Cloud server is the file group memory allocated space of data owner, and sets up key word index structure and realize query function.Multiple authorized user can generate the inquiry thresholding of band cryptography key word according to the private key of oneself, and sends to cloud server to inquire about.Cloud server is inquired about thresholding to user and is inquired about, and finds out the file and authorization information that meet user's inquiry, and returns to inquiring user.User can according to Query Result and authorization information, the completeness of revene lookup result and integrality.

(2) common parameter and secret generating

Common parameter generates: establish G ₁, G ₂the multiplicative group of prime number p that to be all rank be, wherein g is multiplicative group G ₁generator.Definition bilinear map e:G ₁× G ₁→ G ₂, e (g, g) is multiplicative group G ₂generator.If H ₁(): { 0,1} ^*→ G ₁, H ₂(): G ₂→ { 0,1} ^logp, f (): { 0,1} ^*→ { 0,1} ⁿsafe one-way Hash function, H _r() is homomorphism hash function, and Z () is the hash function for compressing.If E _k() is the symmetric encipherment algorithm for encrypt file, and INDEX () is the key word index of public key encryption, and HMAC () is the algorithm generating keyword summary, E ' _sk() is the public key encryption algorithm for signing.

Secret generating: data owner selects as the private key of its cryptography key word indexing, and calculate PKI data owner selects symmetric key k, for data file encryption.In addition, data owner also need generate for data signature public private key pair (SK ' _dO, PK ' _dO).Cloud server is selected as its private key, and calculate PKI data owner's Stochastic choice and distribute to user U _i, as the private key of its generated encryption key word inquiry thresholding.And generate the re-encrypted private key of this user send cloud server to.Cloud server stores re-encrypted private key table, and list structure as shown in Figure 2.

(3) data owner generates key word index, encrypt file and digital signature

Generate key word index and data file encryption: for each keyword W _i, data owner calculates and calculate key word index INDEX (W _i)=H ₂(t).Use symmetric key k to be encrypted to each data file M data owner, encrypt file is expressed as E _k(M).

Generate signature: suppose file M ₁, M ₂, M ₃index all comprise keyword W ₁, then indexing model is as shown in table 1:

Table 1 key word index structure

Data owner calculates keyword W ₁summary:

HMAC (W ₁)=H _r(Z (M ₁) × f (W ₁)+Z (M ₂) × f (W ₁)+Z (M ₃) × f (W ₁)), and being stored in the keyword abstract of local maintenance, keyword abstract structure is as shown in table 2.

Table 2 keyword abstract structure

Keyword	Summary
		W 1	HMAC(W 1)
W 2	HMAC(W 2)
		...	...
W i	HMAC(Wi)
		...	...

Before outsourcing data, data owner is with its signature private key SK ' _dOto each keyword summary HMAC (W _i) sign, namely data owner sends to cloud server to carry out data outsourcing storage file, key word index and signature.

(4) cloud server stores data and data query

Index structure: cloud server is the file group memory allocated space of data owner after receiving the key word index of data owner's outsourcing, file and signature, and set up the key word index structure for inquiring about.

The present embodiment introduces hash query mechanism in query script, thus improves search efficiency.Meanwhile, the present embodiment introduces signature, thus ensure that completeness and the integrality of Query Result.The structure of the search index table that the present embodiment is set up as shown in Figure 3.In figure, ad (Ek (Mj)) represents the address of encrypt file Ek (Mj) in cloud stores.

Cloud server as query term, sets up search index table with each key word index, preserves index information and signing messages.And set up the address that chained list preserves the All Files associated with key word index, connect chained list and concordance list by the pointer entry of search index table.In search procedure, hash query is used to improve keyword search mechanism.Cloud server by calculating the cryptographic Hash of key word index, the memory location of locator key word indexing, then travels through the file address chained list of its pointer entry sensing, can inquire the address of all encrypt files associated with this key word index.

Query script:

User's generated encryption key word inquiry thresholding: authorized user U _iuse its key SK _uiand key word of the inquiry generated encryption key word inquiry thresholding wherein U _ifor the ID of this authorized user.Authorized user is inquiry thresholding T _wsend to cloud server.

Cloud server is encrypted search: cloud server is receiving the inquiry thresholding of authorized user after, by calculating Hash ₁(U _i) find user U _iact on behalf of re-encrypted private key carry out acting on behalf of re-encryption conversion as follows:

$T_W^{\′}=e{(H_1{\left(\tilde{W}\right)}^{{\mathrm{SK}}_{\mathrm{Ui}}},{{\mathrm{PK}}_S}^{\frac{{\mathrm{SK}}_{\mathrm{DO}}}{{\mathrm{SK}}_{\mathrm{Ui}}}})}^{{\mathrm{SK}}_S}=e{(H_1\left(\tilde{W}\right),{{\mathrm{PK}}_S}^{{\mathrm{SK}}_{\mathrm{DO}}})}^{{\mathrm{SK}}_S}$

Cloud server calculates Hash ₂(T ' _w), navigate to and thresholding T ' _wcorresponding key word index INDEX (W _i), and by traveling through the file address chained list of this list item pointed, obtain the All Files address with this keyword association, take out the file group meeting search request.Cloud server as Query Result, returns to inquiring user using the signature of this file group and this keyword.

Example: in the diagram, if inquiry thresholding is cloud server passes through Hash ₂(T ' _w) navigate to INDEX (W ₁) corresponding to list item, take out signature sigma (W ₁), and the file address chained list that traversal is drawn can obtain W ₁corresponding file group (E _k(M ₁), E _k(M ₂), E _k(M ₃)).

Cloud server is signature sigma (W ₁) and index contain W ₁encrypt file group (E _k(M ₁), E _k(M ₂), E _k(M ₃)) return to inquiring user U as Query Result _i.

(5) user authentication data

User receives signature sigma (W ₁) and encrypt file group (E _k(M ₁), E _k(M ₂), E _k(M ₃)) after, first user first uses data owner public signature key PK ' _dOsolve σ (W ₁) in summary HMAC (W ₁).Then from encrypt file group (E _k(M ₁), E _k(M ₂), E _k(M ₃)) in solve file M ₁, M ₂, M ₃, with the homomorphism hash function H generating summary _r(), compression function Z () and safe one-way Hash function f () function validates summary:

HMAC(W ₁)＝H _r(Z(M ₁)×f(W ₁)+Z(M ₂)×f(W ₁)+Z(M ₃)×f(W ₁))；

If expression formula is set up, then M ₁, M ₂, M ₃file is complete, is not namely modified or replaces.Signature establishes associating of keyword and file, and certifying signature correctness, namely demonstrates the completeness of Query Result.

(6) outsourcing Data Update

Outsourcing Data Update: this programme considers data owner's upgrading demand to cloud outsourcing data, renewal rewards theory is divided into following two kinds of situations:

<1> adds data file E _k(M _l), the index of file comprises multiple keyword W _iand W _j.

First data owner generates keyword W according to the method for previous step (3) _iand W _jindex $\mathrm{INDEX}\left(W_i\right)=e(H_1\left(W_i\right),{{\mathrm{PK}}_S}^{{\mathrm{SK}}_{\mathrm{DO}}})$ With $\mathrm{INDEX}\left(W_j\right)=e(H_1\left(W_j\right),{{\mathrm{PK}}_S}^{{\mathrm{SK}}_{\mathrm{DO}}}).$

Trasaction key W again _iand W _jcorresponding summary HMAC (W _i) and HMAC (W _j).Data owner first takes out keyword W in local abstract _iand W _jcorresponding summary HMAC (W _i) and HMAC (W _j), utilize the homomorphism character of homomorphism hash function to complete renewal rewards theory:

HMAC(W _i)′＝HMAC(W _i)×H _r(Z(M _L)·f(W _i))；

HMAC(W _j)′＝HMAC(W _j)×H _r(Z(M _L)·f(W _j))；

Data owner also needs the summary after renewal to be written back to local abstract, upgrades.

After upgrading local abstract, data owner utilizes signature private key SK ' _dOsummary is signed:

$\mathrm{\&sigma;}\left(W_i\right)=E_{{\mathrm{SK}}_{\mathrm{DO}}^{\&prime;}}\left(\mathrm{HMAC}\left(W_i\right)\right)$

$\mathrm{\&sigma;}\left(W_j\right)=E_{{\mathrm{SK}}_{\mathrm{DO}}^{\&prime;}}\left(\mathrm{HMAC}\left(W_j\right)\right)$

In renewal cryptography key word indexing with after generating signature, data owner is file E _k(M _l), key word index INDEX (W _i), INDEX (W _j) and signature sigma (W _i) and σ (W _j) send to cloud server to carry out Data Update.

After cloud server receives data, need trasaction key index structure, key word index INDEX (W can be navigated to by hash query _i) and INDEX (W _j) list item at place, upgrade signature sigma (W _i), σ (W _j), and in the file address chained list of correspondence, insert preservation file E _k(M _l) node of address, complete operation is as shown in Figure 5.

<2> adds key word index W in file index _l, and stored in comprising W _lmultiple data file E of keyword _k(M _i), E _k(M _j).

First data owner generates keyword W according to the method for previous step (3) _lindex $\mathrm{INDEX}\left(W_L\right)=e(H_1\left(W_L\right),{{\mathrm{PK}}_S}^{{\mathrm{SK}}_{\mathrm{DO}}}),$ And to file M _i, M _jbe encrypted.

Regeneration is made a summary: HMAC (W _l)=H _r(Z (M _i) f (W _l)) × H _r(Z (M _j) f (W _l)) and summary is kept in local abstract.And with data owner's signature private key SK ' _dOsummary is signed:

Data owner is index INDEX (W _l), file E _k(M _i), E _k(M _j) and signature sigma (W _l) send to cloud server to carry out data outsourcing.

After cloud server receives data, need to upgrade index structure.Cloud server calculates the cryptographic Hash hash of key word index ₂(INDEX (W _l)) list item position, location, distribute this space to key word index INDEX (W _l), if there is hash-collision, employing is closed hash mode and is evaded conflict.Again signature sigma (W _l) stored in concordance list, and set up file address chained list preservation file E _k(M _i), E _k(M _j) address information.Renewal process as shown in Figure 6.

(7) subscriber authorisation with cancel authority

<1> subscriber authorisation:

Before user is encrypted search, first data owner needs to authorize user.For user U _l, data owner's Stochastic choice distribute to user U _las its query key, and generate the re-encrypted private key of this user user identification number U _lwith re-encrypted private key RK _{uL → DO}cloud server S is sent to hidden passageway.

Authorized user U _lby query key SK _uLgenerate legal inquiry thresholding, and use re-encrypted private key RK by Cloud Server _{uL → DO}re-encryption conversion is carried out, execution query manipulation that can be correct to inquiry thresholding.

<2> cancels user right power:

Data owner if desired cancels user U _dsearch access right, need the ID U sending this user _dwith cancel an order to cloud server, cloud server navigates to user U by hash query _dat the list item of re-encrypted private key table, deleting this list item, making the user by cancelling authority cannot complete legal thresholding re-encryption, execution query manipulation that cannot be legal when inquiring about.

For the completeness of solution cryptography key word search and the validation problem of data integrity, the present embodiment utilizes homomorphism hash function, for the renewable informative abstract of each key word of the inquiry Index Design, and with data owner's private key, summary is signed, to realize the function verified.Meanwhile, the multiple data files using index key and comprise this keyword build informative abstract, and inquiring user can be verified, and whether the All Files relevant to key word of the inquiry all returns (completeness of Query Result).And due to the information containing the All Files that key word of the inquiry is correlated with of making a summary, therefore, the process of checking summary itself also contains the checking of the integrality to each data file, namely can verify that the file whether inquired about is not modified replacement.After information generated summary, data owner uses its private key, signs to informative abstract, ensures that the signature for verifying derives from data owner.In order to realize dynamically updating of informative abstract, the present embodiment also uses homomorphism hash function information generated to make a summary, and when the index structure of Outsourced database changes, utilizes the homomorphism character of homomorphism hash function, can realize dynamically updating informative abstract.

Provide a concrete application scenarios below so that the use procedure of the present embodiment to be described.

Cloud service provider opens cloud storage platform to enterprise (data owner), and enterprise realizes sharing of intra-company's data at this platform of use, thus reduces the data management cost of company.Company executives uploads cloud storage center by after intra-company's data encryption, for ease of search, the file uploaded is extracted the encryption of multiple keyword and forms the index being convenient to retrieve.Not to be lost in cloud service center in order to the data of guarantee company and to distort, company executives by calculating the summary of the keyword extracted from file, at local maintenance keyword abstract, to check the integrality of data afterwards.

Intra-company's data of encryption and index upload in the memory space of cloud service provider distribution, and cloud service provider cloud server, using each key word index as query term, sets up search index table, preserve index information and signing messages.And set up the address that chained list preserves the All Files associated with key word index, connect chained list and concordance list by the pointer entry of search index table.

When company low layer employee wishes the inquiry carrying out intra-company's material, corporate executive is the key that bottom employee distributes inquiry intra-company data by escape way, and is encrypted one by one by the key of low layer employee and form re-encrypted private key table and send to cloud service provider.In search procedure, employee forms search gating transmit to cloud service provider with the private key of oneself, cloud service provider uses hash query to improve keyword search mechanism, because improve search efficiency, thus can faster for bottom employee returns result for retrieval.

After low layer employee obtains the data returned, certifying signature correctness, because signature establishes associating of keyword and file in this programme, thus once demonstrate the correctness of signature, namely demonstrates the completeness of Query Result.Signature verification is correct, and represent that data are not modified or replace, enciphered data can be decrypted.

When company personnel have new ideas into personnel and Personnel Who Left time, company executives can be authorized the intra-company's data check authority dispensed or reclaim.

Above-described embodiment is the present invention's preferably execution mode; but embodiments of the present invention are not restricted to the described embodiments; change, the modification done under other any does not deviate from Spirit Essence of the present invention and principle, substitute, combine, simplify; all should be the substitute mode of equivalence, be included within protection scope of the present invention.

Claims (10)

1. can verify multi-user's cloud cryptography key word searching method of integrality and completeness, it is characterized in that, comprise step:

(1) data owner is encrypted data file, extracts multiple keyword simultaneously and be encrypted to form the key word index for inquiring about from the data file uploaded; Simultaneously to each keyword extracted, utilize homomorphism hash function to generate keyword summary, set up a keyword abstract in this locality; Data owner generates the public signature key and signature private key that are used for data signature, before outsourcing data, signs, finally the data file of encryption, key word index and signature are sent to cloud server with its signature private key to each keyword summary;

(2) cloud server is data file and the key word index memory allocated space of above-mentioned encryption, cloud server is using each key word index as query term simultaneously, set up search index table, preserve index information and signing messages, and set up the address that chained list preserves the All Files associated with each key word index, connect chained list and search index table by the pointer entry of search index table;

(3) data owner is by the private key of safe lane needed for the data file of multiple authorized user distribution inquiry encryption, data owner also generates the re-encrypted private key of corresponding authorized user simultaneously, and the re-encrypted private key table use safety channel all re-encrypted private key be combined to form sends to cloud server, in query script, the authorized user private key of oneself forms inquiry gating transmit to cloud server;

(4) cloud server is inquired about inquiry thresholding according to search index table, finds out the file group and signing messages that meet authorized user inquiry, and returns to authorized user;

(5) after the authorized user signing messages that receives keyword and file group, the summary in signature is solved with the public signature key of data owner and homomorphism hash function, then from encrypt file group, file is solved, then verify that this solves file whether consistent with summary with the keyword of inquiry, if consistent, then represent that file group file is complete and Query Result is complete, otherwise represent that file is imperfect, Query Result is incomplete; Described file group file complete representation data file is not modified or replaces, and described Query Result complete expression Query Result includes the data file of all indexes containing this keyword.

2. the multi-user's cloud cryptography key word searching method verifying integrality and completeness according to claim 1, it is characterized in that, in described step (1), to each data file M, data owner uses symmetric key k to be encrypted, and encrypt file is expressed as E _k(M), wherein E _k() is the symmetric encipherment algorithm for encrypt file;

For i-th keyword W _i, key word index is INDEX (W _i)=H ₂(t), wherein if G ₁, G ₂the multiplicative group of prime number p that to be all rank be, wherein g is multiplicative group G ₁generator, definition bilinear map e:G ₁× G ₁→ G ₂, e (g, g) is multiplicative group G ₂generator, if H ₁(): { 0,1} ^*→ G ₁, H ₂(): G ₂→ { 0,1} ^logp, for the private key that data owner adopts for cryptography key word indexing, for the PKI of cloud server, for the private key of cloud server.

3. the multi-user's cloud cryptography key word searching method verifying integrality and completeness according to claim 1, is characterized in that, in described step (1), for i-th keyword W _i, the formula utilizing homomorphism hash function to generate keyword summary is:

HMAC(W _i)＝H _r(Z(M ₁)×f(W _i)+Z(M ₂)×f(W _i)+……+Z(M _i)×f(W _i))；

Wherein f (): { 0,1} ^*→ { 0,1} ⁿsafe one-way Hash function, H _r() is homomorphism hash function, and Z () is the hash function for compressing, M ₁, M ₂... M _idata file.

4. the multi-user's cloud cryptography key word searching method verifying integrality and completeness according to claim 1, is characterized in that, in described step (1), described data owner generates the public signature key PK ' be used for data signature _dOwith signature private key SK ' _dO, before outsourcing data, data owner is with its signature private key SK ' _dOto each keyword summary HMAC (W _i) sign, namely obtain e ' _sk() is the public key encryption algorithm for signing.

5. the multi-user's cloud cryptography key word searching method verifying integrality and completeness according to claim 1, is characterized in that, in described step (3), data owner selects as the private key of its cryptography key word indexing, and calculate PKI then Stochastic choice by SK _uidistribute to authorized user U _ias the private key of its generated encryption key word inquiry thresholding, U _ifor the ID of authorized user, generate the re-encrypted private key of this authorized user finally by each authorized user identities number and its re-encrypted private key one to one re-encrypted private key table be sent to cloud server.

6. the multi-user's cloud cryptography key word searching method verifying integrality and completeness according to claim 5, it is characterized in that, in described step (3), in query script, it is as follows to the step of cloud server that authorized user forms inquiry gating transmit with the private key of oneself: authorized user U _iuse its key SK _uiwith the keyword that will inquire about generated encryption key word inquiry thresholding wherein U _ifor the ID of this authorized user, authorized user is inquiry thresholding T _wsend to cloud server.

7. the multi-user's cloud cryptography key word searching method verifying integrality and completeness according to claim 6, it is characterized in that, in described step (4), cloud server is receiving the inquiry thresholding of authorized user after, by inquiry re-encrypted private key table, find this authorized user U _ire-encrypted private key carry out acting on behalf of re-encryption conversion as follows:

$T_W^{\&prime;}=e{(H_1{\left(\tilde{W}\right)}^{{\mathrm{SK}}_{\mathrm{Ui}}},{{\mathrm{PK}}_S}^{\frac{{\mathrm{SK}}_{\mathrm{DO}}}{{\mathrm{SK}}_{\mathrm{Ui}}}})}^{{\mathrm{SK}}_S}=e{(H_1\left(\tilde{W}\right),{{\mathrm{PK}}_S}^{{\mathrm{SK}}_{\mathrm{DO}}})}^{{\mathrm{SK}}_S};$

Cloud server navigates to and thresholding T ' according to search index table _wcorresponding key word index INDEX (W _i), and by traveling through the file address chained list that this table pointer item points to, obtain the All Files address with this keyword association, take out the file group meeting search request, cloud server as Query Result, returns to the authorized user U of current queries using the signing messages of this file group and this keyword _i.

8. the multi-user's cloud cryptography key word searching method verifying integrality and completeness according to claim 1, it is characterized in that, in described step (5), after the signing messages that authorized user receives keyword and encrypt file group, first authorized user first uses data owner public signature key PK ' _dOsolve the summary in signature, then from encrypt file group, solve file M ₁, M ₂... M _i, with the homomorphism hash function H generating summary _r(), compression function Z () and safe one-way Hash function f (): { 0,1} ^*→ { 0,1} ⁿchecking summary, checking formula is:

HMAC(W ₁)＝H _r(Z(M ₁)×f(W ₁)+Z(M ₂)×f(W ₁)+……+Z(M _i)×f(W ₁))；

If expression formula is set up, then M ₁, M ₂... M _ifile is complete, is not namely modified or replaces, otherwise just represents that file is imperfect.

9. the multi-user's cloud cryptography key word searching method verifying integrality and completeness according to claim 1, it is characterized in that, also comprise step: (6) upgrade cloud outsourcing data, renewal rewards theory is divided into following two kinds of situations:

(6-1) as will data file E be added _k(M _l), the index of this file comprises multiple keyword W _iand W _j, then step of updating is as follows:

(6-1-1) first data owner generates keyword W _iand W _jindex with and then trasaction key W _iand W _jcorresponding summary HMAC (W _i) and HMAC (W _j), data owner first takes out keyword W in local keyword abstract _iand W _jcorresponding summary HMAC (W _i) and HMAC (W _j), utilize the homomorphism character of homomorphism hash function to complete renewal rewards theory:

HMAC(W _i)′＝HMAC(W _i)×H _r(Z(M _L)·f(W _i))；

HMAC(W _j)′＝HMAC(W _j)×H _r(Z(M _L)·f(W _j))；

Data owner is written back to local keyword abstract the summary after renewal again, upgrades;

(6-1-2), after upgrading local keyword abstract, data owner utilizes signature private key SK ' _dOkeyword summary is signed:

$\mathrm{\&sigma;}\left(W_i\right)=E_{{\mathrm{SK}}_{\mathrm{DO}}^{\&prime;}}\left(\mathrm{HMAC}\left(W_i\right)\right);$

$\mathrm{\&sigma;}\left(W_j\right)=E_{{\mathrm{SK}}_{\mathrm{DO}}^{\&prime;}}\left(\mathrm{HMAC}\left(W_j\right)\right);$

(6-1-3) in renewal cryptography key word indexing with after generating signature, data owner sends to cloud server to carry out Data Update the data file of encryption, key word index and signature;

(6-1-4), after cloud server receives data, upgrade search index table, navigate to key word index INDEX (W by hash query _i) and INDEX (W _j) list item at place, upgrade signature sigma (W _i), σ (W _j), and in the file address chained list of correspondence, insert preservation file E _k(M _l) node of address;

(6-2) as key word index W will be added in file index _l, and stored in comprising W _lmultiple data file E of keyword _k(M _i), E _k(M _j), then step of updating is as follows:

(6-2-1) data owner generates keyword W _lindex and to file M _i, M _jbe encrypted;

(6-2-2) summary is generated: and summary is kept in local keyword abstract, and with data owner's signature private key SK ' _dOsummary is signed: $\mathrm{\&sigma;}\left(W_L\right)=E_{{\mathrm{SK}}_{\mathrm{DO}}^{\&prime;}}\left(\mathrm{HMAC}\left(W_L\right)\right);$

(6-2-3) data owner is index INDEX (W _l), file E _k(M _i), E _k(M _j) and signature sigma (W _l) send to cloud server to carry out data outsourcing;

(6-2-4) after cloud server receives data, upgrade search index table, cloud server calculates the cryptographic Hash hash of key word index ₂(INDEX (W _l)) list item position, location, distribute this space to key word index INDEX (W _l), if there is hash-collision, employing is closed hash mode and is evaded conflict, then signature sigma (W _l) stored in concordance list, and set up file address chained list preservation file E _k(M _i), E _k(M _j) address information.

10. the multi-user's cloud cryptography key word searching method verifying integrality and completeness according to claim 1, is characterized in that, also comprise step:

(7) data owner if desired revocation user U _dsearch access right, then send the ID U of this user _dwith cancel an order to cloud server, cloud server navigates to user U by hash query _dat the list item of re-encrypted private key table, deleting this list item, making the user by cancelling authority cannot complete legal thresholding re-encryption, execution query manipulation that cannot be legal when inquiring about.