CN104821876A - Dynamic searchable symmetrical encryption method supporting physical deletion - Google Patents

Abstract

The invention discloses a dynamic searchable symmetrical encryption method supporting physical deletion, and belongs to the technical field of cryptology and cloud storage. The method enables a user to realize retrieval of cryptograph data and a dynamic updating function of researchable cryptograph in a cloud storage environment, in a dynamic updating process, information of the researchable cryptograph is not leaked, an existing index structure is not damaged, according to the method, when file deletion is performed, first logic deletion is performed to protect the existing index structure from being leaked and damaged, and then physical deletion is completed in a retrieval process, thereby reducing the storage overhead of a system. The dynamic searchable symmetrical encryption method supporting physical deletion provides a balanced solution for the three problems of security, efficiency and practicability existing in a researchable symmetrical encryption scheme.

Description

A kind of support physics to delete dynamically can search for symmetric encryption method

Technical field

The invention belongs to cryptography and cloud technical field of memory, more specifically, relate to a kind of support physics to delete dynamically can search for symmetric encryption method.

Background technology

Along with the rise of cloud computing concept and universal, the application of cloud memory technology is also more and more extensive.Cloud storage is in the new concept of the conceptive derivative development of cloud computing out one, in simple terms, exactly storage resources is put into the emerging scheme of one for user's access on cloud: user can at any time and any place, by access data easily on any web-enabled equipment connection to cloud storage server.

Although cloud memory technology is user save a large amount of memory spaces, provide data access service easily, the problem of data safety brought thus also can't neglect.Especially when data relate to user's classified papers or private data, once these deposit data are in high in the clouds, and high in the clouds is likely because self reason or external factor cause data-privacy to leak, this situation all may cause heavy losses to user or to cloud storage service provider.

Existing a solution is the symmetric cryptosystem using field of cryptography, and the sensitive data of user is deposited in high in the clouds again after encryption.Data receiver will expressly (i.e. initial data) and encryption key together after special cryptographic algorithm process, make it become complicated encrypted cipher text and send.After data receiver receives ciphertext, understand expressly if want, then need to use the key of encryption and the algorithm for inversion of identical algorithms to be decrypted ciphertext, it just can be made to revert to readable plaintext.In a symmetric encryption algorithm, the key of use only has one, and transmission and reception both sides use same double secret key data to encrypt and decrypt.

Data are deposited in the risk that high in the clouds can effectively reduce privacy of user leaking data again after symmetric cryptosystem process, but, this also brings new problem: encrypt data access issues, mainly comprise in ciphertext database, how to carry out efficient searching ciphertext (encrypt data wanted by user returns accurately), and how carry out dynamically updating under the prerequisite ensureing encrypt data personal secrets (i.e. the increase of searchable cryptograph and deletion).

Summary of the invention

For above defect or the Improvement requirement of prior art, the invention provides a kind of support physics to delete dynamically can search for symmetric encryption method, solve security of private data problem, efficient searching ciphertext problem and the searchable cryptograph that existing cloud stores service exists and dynamically update problem.

The invention provides a kind of support physics to delete dynamically can search for symmetric encryption method, comprise the following steps:

Step 1 define system initiation parameter and algorithm structure, for keyword w ∈ W generates the searchable cryptograph (L about file id ∈ ID _w, D _w), wherein W is set of keywords, and ID is file set, for file id sets up the searchable cryptograph (L about keyword w _id, D _id), for document keyword sets up searchable cryptograph (L to (id, w) _{id, w}, D _{id, w}), the privately owned state of reserved keyword w and file id, encrypts file to be uploaded, and the cryptograph files after encryption and the index that generated by each searchable cryptograph are uploaded to high in the clouds;

Step 2 generates search limit door ST according to keyword w to be searched _wand being uploaded to high in the clouds, high in the clouds is according to described search limit door ST _wcomplete the search of searchable cryptograph index, and the ciphertext being 1 by logic deleted marker position carries out physics deletion, by logic deleted marker position be 0 ciphertext return to user;

Step 3 according to file to be uploaded and keyword to (id, w) corresponding privately owned state is obtained, for keyword w sets up the searchable cryptograph about file id, for file id sets up the searchable cryptograph about keyword w, for document keyword sets up searchable cryptograph to (id, w), the privately owned state of trasaction key w and file id, encrypt file to be uploaded, the cryptograph files after encryption and searchable cryptograph are uploaded to high in the clouds;

Step 4 generates according to file id to be deleted and deletes limit door DT _w, and being uploaded to high in the clouds, high in the clouds is according to described deletion limit door DT _wthe searchable cryptograph of the keyword w that logic deleted file id is corresponding, and the searchable cryptograph that physics deleted file id and keyword w is corresponding to (id, w).

In general, the above technical scheme conceived by the present invention compared with prior art, has following beneficial effect:

(1) raising of fail safe: invention introduces privately owned state, each insertion is without the need to changing existing chain structure, only need this locality to fetch after privately owned state has been encrypted and be uploaded to high in the clouds, first do logic during deletion to delete, be 1 by logic delete position under ciphertext state, also without the need to changing the structure of original searchable cryptograph, the more existing scheme of fail safe has had very big raising;

(2) raising of practicality: the present invention can to a certain degree accomplish that physics is deleted under the prerequisite ensureing fail safe, existing scheme can only accomplish that logic is deleted under the prerequisite ensureing fail safe, this is unacceptable in actual applications, do not delete if searchable cryptograph only increases, great waste of storage space can be caused, the present invention adopts first logic to delete protection searchable cryptograph structure, complete physics when search and delete the consumption reducing memory space, significantly increase the practicality can searching for encipherment scheme;

(3) extensibility: according to the needs of actual conditions, what existing scheme extension can be realized single keyword dynamically updates function (namely on-the-fly modifying the keyword that existing file is corresponding), and realizes parallel search.

Accompanying drawing explanation

Fig. 1 is the applied environment schematic diagram dynamically can searching for symmetric encryption method that the present invention supports physics to delete;

Fig. 2 is the flow chart dynamically can searching for symmetric encryption method that the present invention supports physics to delete;

Fig. 3 is the initialization flowchart dynamically can searching for symmetric encryption method that the present invention supports physics to delete;

Fig. 4 is the search routine figure that dynamically can search for symmetric encryption method that the present invention supports physics to delete;

Fig. 5 is that the file dynamically can searching for symmetric encryption method that the present invention supports physics to delete adds flow chart;

Fig. 6 is the file erase flow chart dynamically can searching for symmetric encryption method that the present invention supports physics to delete.

Embodiment

In order to make object of the present invention, technical scheme and advantage clearly understand, below in conjunction with drawings and Examples, the present invention is further elaborated.Should be appreciated that specific embodiment described herein only in order to explain the present invention, be not intended to limit the present invention.In addition, if below in described each execution mode of the present invention involved technical characteristic do not form conflict each other and just can mutually combine.

Figure 1 shows that the applied environment schematic diagram dynamically can searching for symmetric encryption method that the present invention supports physics to delete.The present invention is applied to cloud storage environment, and client only need generate corresponding operation limit door according to different operating and be uploaded to cloud storage server, and cloud storage server completes respective operations according to difference limit door in ciphertext database, specifically can comprise:

Searching request: user generates search limit door according to keyword to be searched and is uploaded to cloud storage server;

Result returns: cloud storage server completes the search of searchable cryptograph according to search limit door and the cryptograph files meeting search limit door is returned to user;

Add request: user generates searchable cryptograph according to file to be added and the keyword that comprises thereof and is uploaded to cloud storage server, and high in the clouds performs searchable cryptograph and dynamically updates, and stores cryptograph files;

Removal request: user deletes limit door according to file generated to be deleted and is uploaded to cloud storage server, and high in the clouds performs searchable cryptograph and dynamically updates, and deletes cryptograph files.

Figure 2 shows that and mainly comprise the following steps the flow chart dynamically can searching for symmetric encryption method that the present invention supports physics to delete:

Step 1 system initialization, Figure 3 shows that and the initialization flowchart dynamically can searching for symmetric encryption method that the present invention supports physics to delete specifically comprise following sub-step:

(1-1) initializes system parameters, comprises following sub-step:

(1-1-1) initialization system security parameter: k ∈ N, N is positive integer, represents and system safety parameter theory can get any value, and it is higher to be worth larger fail safe, but expense is also larger, the value size of k in practical application, comprehensively can be selected according to the needs of fail safe and the expense of system; And according to security parameter initialising subscriber private key (k ₁, k ₂): k ₁← { 0,1} ^k, k ₂← { 0,1} ^k;

(1-1-2) initialization system desired data structure sum functions:

Pseudo-random function F with key: by determining that algorithm generates the function of random number, be defined as follows:

F：{0，1} ^k×{0，1} ^*→{0，1} ^k；

Hash function H and G: the output input of random length being become regular length by hashing algorithm, hash function H and G is defined as follows:

H：{0，1} ^*→{0，1} ^2k+1；

G：{0，1} ^*→{0，1} ^3k+1；

Initialization chained list: T _w=Null, T _f=Null, T _p=Null, T _{f, W}=Null, wherein:

T _wfor preserving the searchable cryptograph of initialization procedure keyword w ∈ W;

T _ffor preserving the searchable cryptograph of initialization procedure file id ∈ ID;

T _pfor preserving the privately owned state of initialization procedure keyword w ∈ W and file id ∈ ID;

T _{f, W}for preserving the searchable cryptograph of initialization procedure document keyword to (w ∈ W, id ∈ ID);

W is the identifier of keyword, and W is set of keywords; Id is representation of file symbol, and ID is file set;

Initialization data dictionary: a kind of special data store organisation, with chained list T, data group (l, d) for input, 1 label being expressed as data d in chained list, can obtain data d according to label 1, the algorithm of data dictionary D can be defined as follows:

Create data dictionary: Creat (T);

Obtain the data value of data dictionary: Get (D, l);

Insert new value: Insert (D, (l, d));

Delete data: Remove (D, l);

More new data: Update (D, (l, d));

(1-1-3) for file id ∈ ID to be uploaded associates corresponding keyword w ∈ W, for keyword w generates the privately owned state P of initialization _w=Null; For each file id to be uploaded generates the privately owned state P of initialization _id=Null.In embodiments of the present invention, the introducing of privately owned state ensure that the fail safe adding searchable cryptograph when upgrading;

(1-2) for keyword w ∈ W generates searchable cryptograph (L _w, D _w), following operation is performed for each file id comprising keyword w:

(1-2-1) the privately owned state P of keyword w is judged _wwhether be Null, be, make privately owned state P _wwith random number R be:

P _w←{0，1} ^k，R←{0，1} ^k

Wherein, random number R represents the binary string of k length; For keyword w generates first searchable cryptograph (L _w, D _w):

$L_w=F_{k_1}\left(w\right)$

$D_w=(D_{w,1}=(H(F_{k_2}\left(w\right),R)\⊕\left(0\right|\left|\mathrm{id}\right|\left|P_w\right)),D_{w,2}=R)$

Wherein, represent that pseudo-random function F is with key k ₁with keyword w for inputting, the Part I of the key search limit door of generation; then represent with key k ₂with keyword w for inputting, the Part II of the key search limit door of generation; Cloud Server is according to the Part I of retrieval limit door find searchable cryptograph (L _w, D _w) head L _w, then according to head L _wthe afterbody D of searchable cryptograph is obtained from data dictionary D _w, then the Part II of door is limit by retrieval deciphering D _wthus obtain the plaintext value of file id; Otherwise perform step (1-2-2);

(1-2-2) random bit string S is made _w← { 0,1} ^k, random number R ← { 0,1} ^k, for keyword w generates new searchable cryptograph (L _w, D _w):

L _w＝P _w

$D_w=(D_{w,1}=(H(F_{k_2}\left(w\right),R)\⊕\left(0\right|\left|\mathrm{id}\right|\left|S_w\right)),D_{w,2}=R)$

Wherein, S _wrepresent temporary variable, the same with the generation method of random number R, be the binary string of k length.The privately owned state of trasaction key w: P _w=S _w;

(1-2-3) by searchable cryptograph (L _w, D _w) add T to _wchained list;

(1-3) for file id ∈ F sets up searchable cryptograph (L _id, D _id), each keyword w comprised for file id performs following operation:

(1-3-1) the privately owned state P of file id is judged _idwhether is Null, be make P _id← { 0,1} ^k, R ← { 0,1} ^k, for document keyword generates searchable cryptograph head to (id, w): for file id generates first searchable cryptograph (L _id, D _id):

$L_{\mathrm{id}}=F_{k_1}\left(\mathrm{id}\right);$

$D_{\mathrm{id}}=(D_{\mathrm{id},1}=(G(F_{k_2}\left(\mathrm{id}\right),R)\⊕\left(0\right|\left|L_w\right|\left|L_{\mathrm{id},w}\right|\left|P_{\mathrm{id}}\right)),D_{\mathrm{id},2}=R);$

Wherein, D _idthe Part II of the searchable cryptograph of file id, L _idrepresent Part I, the searchable cryptograph (L of its common configuration file id _id, D _id); represent that pseudo-random function F is with key k ₁with file id for inputting, the Part I of the document retrieval limit door of generation; then represent with key k ₂with file id for inputting, the Part II of the document retrieval limit door of generation;

Otherwise make random bit string S _id← { 0,1} ^k, R ← { 0,1} ^k, for document keyword generates searchable cryptograph head to (id, w): for file id generates new searchable cryptograph (L _id, D _id):

L _id＝P _id

$D_{\mathrm{id}}=(D_{\mathrm{id},1}=(G(F_{k_2}\left(\mathrm{id}\right),R)\⊕\left(0\right|\left|L_w\right|\left|L_{\mathrm{id},w}\right|\left|S_{\mathrm{id}}\right)),D_{\mathrm{id},2}=R);$

Wherein, S _idrepresent temporary variable.According to S _idthe privately owned state of transaction file id: P _id=S _id;

(1-3-2) by searchable cryptograph (L _id, D _id) add T to _fchained list;

(1-4) for document keyword generates searchable cryptograph (L to (id, w) _{id, w}, D _{id, w}), specifically comprise following sub-step:

(1-4-1) R ← { 0,1} is made ^k, generate according to (1-3-1) or (1-3-2) $D_{\mathrm{id},w}=(D_{\mathrm{id},w,1}=(H(F_{k_2}(\mathrm{id},w),R)\⊕\left(0\right|\left|L_w\right|\left|L_{\mathrm{id}}\right|\left|\right)),D_{\mathrm{id},w,2}=R)$

Wherein, represent that pseudo-random function F is with key k ₁, keyword w and file id is input, the document keyword of generation is to the Part I of retrieval limit door; represent that pseudo-random function F is with key k ₂, keyword w and file id is input, the document keyword of generation is to the Part II of retrieval limit door;

(1-4-2) by (L _{id, w}, D _{id, w}) add chained list T to _{f, w};

(1-5) DSE arithmetic algorithm for encryption file to be uploaded is used;

(1-6) privately owned state table T is upgraded _p: privately owned state (w, P are added for w ∈ W, id ∈ ID _w), (id, P _id) to chained list T _p;

(1-7) according to each chained list T _w, T _f, T _{f, W}, T _pgenerate the data dictionary D of convenient search:

D _w← Creat (T _w): represent with the chained list T of the searchable cryptograph of keyword w ∈ W composition _wfor the data dictionary D that input generates _w;

D _f← Creat (T _f): represent with the chained list T of the searchable cryptograph of keyword id ∈ ID composition _ffor the data dictionary D that input generates _f;

D _{f, W}← Creat (T _{f, W}): represent with the chained list T of the searchable cryptograph of file id ∈ ID, keyword w ∈ W composition _{f, W}for the data dictionary D that input generates _{f, W};

D _p← Creat (T _p): represent with the chained list T of the privately owned state composition of file id ∈ ID, keyword w ∈ W _pfor the data dictionary D that input generates _p;

(1-8) by the cryptograph files after encryption and the index structure (D that generated by searchable cryptograph _w, D _f, D _{f, W}) be uploaded to high in the clouds.

The present invention introduces privately owned state in above-mentioned steps 1, ensures that the new file of each interpolation need not destroy and reveal original index structure.

Step 2 is searched for, and Figure 4 shows that and specifically comprises following sub-step by the search routine figure that dynamically can search for symmetric encryption method that the present invention supports physics to delete:

(2-1) user is according to private key (k ₁, k ₂) and keyword w to be searched generation search limit door: and by search limit door ST _wbe uploaded to high in the clouds;

(2-2) high in the clouds receives search limit door ST _wafter, according to search limit door ST _wto the searchable cryptograph D that high in the clouds stores _wsearch for, concrete steps are as follows:

(2-2-1) initialization relevant parameter: make i=j=1, order i is made to be results set to be returned: I=Null;

(2-2-2) according to searchable cryptograph head corresponding searchable cryptograph afterbody is obtained from data dictionary $D_w^i\←\mathrm{Get}(D_w,L_w^i);$

(2-3) judge whether be Null, if then redirect performs step (2-6), otherwise performs decryption oprerations: according to the retrieval limit door that user uploads deciphering $\mathrm{tag}\left|\right|\mathrm{id}\left|\right|S_w^i=D_{w,1}^i\⊕H(F_{k_2}\left(w\right),D_{w,2}^i),$ Wherein, tag is the logic deleted marker position of this ciphertext, for judging the whether deleted mistake of this ciphertext, if tag value is 1, shows deleted mistake, is 0 and shows not have deleted mistake;

(2-4) judge whether tag is 0, if tag ≠ 0 and i >=2, then show that this searchable cryptograph is deleted by logic, then perform the physics deletion action of searchable cryptograph:

$D_w^j=(D_{w,1}^j=(D_{w,1}^j\⊕\left(0^{k+1}\right|\left|(S_w^j\⊕S_w^i)\right)),D_{w,2}^j)$

Upgrade searchable cryptograph data dictionary delete searchable cryptograph data dictionary related data then perform step (2-5), the physics completing searchable cryptograph in search procedure deletes the personal secrets not only protecting searchable cryptograph, decreases the storage overhead of searchable cryptograph, for the present invention is peculiar simultaneously.If tag=0, then add file id to results set to be returned: I, and make j=i;

(2-5) the remaining searchable cryptograph of retrieval is continued: make i=i+1, jump to step (2-2-2) to continue to perform until searched for;

(2-6) return search result set I, search step terminates.

The present invention completes physics in step 2 above and deletes the leakage that can not cause index structure, decreases the storage overhead of index simultaneously.

Step 3 adds request, Figure 5 shows that the symmetric cryptography of dynamically can searching for that the present invention supports physics to delete adds the flow chart of asking, comprises following sub-step:

(3-1) for file id to be uploaded associates corresponding set of keywords w ∈ W;

(3-2) the privately owned state of keyword w is obtained: P _w← Get (D _p, w), the algorithm performed described in step (1-3) is that keyword w generates searchable cryptograph (L _w, D _w);

(3-3) the privately owned state of file id is obtained: P _id← Get (D _p, id), the algorithm performed described in step (1-4) is that file id generates searchable cryptograph (L _id, D _id);

(3-4) algorithm performed described in step (1-5) is that document keyword generates searchable cryptograph (L to (id, w) _{id, w}, D _{id, w});

(3-5) DSE arithmetic algorithm for encryption file to be uploaded is used;

(3-6) privately owned state is upgraded:

D _P←Update(D _P，(w，P _w))；

D _P←Update(D _P，(id，P _id))；

(3-7) by searchable cryptograph (L _w, D _w, L _id, D _id, L _{id, w}, D _{id, w}) be sent to high in the clouds;

(3-8) high in the clouds upgrades searchable cryptograph:

D _W←Update(D _W，(L _w，D _w))；

D _F←Update(D _F，(L _id，D _id))；

D _F，W←Update(D _F，W，(L _id，w，D _id，w))。

The file interpolation work that the present invention completes in above-mentioned steps 3, only at local generating ciphertext, is then uploaded, and intervenes, at all can not affect and reveal the existing index structure in high in the clouds without the need to high in the clouds.

Step 4: removal request, Figure 6 shows that and comprise following sub-step by the flow chart dynamically can searching for symmetric cryptography removal request that the present invention supports physics to delete:

(4-1) user calculates according to file id to be deleted and deletes limit door and by deletion limit door DT _idbe uploaded to high in the clouds, make i=1,

(4-2) according to deletion limit door DT _idobtain corresponding searchable cryptograph afterbody: if $D_{\mathrm{id}}^i=\mathrm{Null},$ Then deletion action terminates, otherwise $D_{\mathrm{id}}^i=(D_{\mathrm{id},1}^i,D_{\mathrm{id},2}^i),$ Perform following calculating:

$\mathrm{tag}\left|\right|L_w^i\left|\right|L_{\mathrm{id},w}^i\left|\right|S_{\mathrm{id}}^i=D_{\mathrm{id},1}^i\⊕G(F_{k_2}\left(\mathrm{id}\right),D_{\mathrm{id},2}^i);$

Delete corresponding searchable cryptograph D _f:

(4-3) judge whether tag is 0, if tag=0, then by searchable cryptograph in logic deleted marker position be 1, algorithm is as follows:

Obtain to go forward side by side the dividing processing of line character string, according to length be divided into two regular lengths with $D_w^i\←\mathrm{Get}(D_w,L_w^i),D_w^i=(D_{w,1}^i,D_{w,2}^i),$ Will in logic deleted marker position be 1: $D_w^i=(D_{w,1}^i=(D_{w,1}^i\⊕\left(1\right|\left|0^{2k}\right)),D_{w,1}^i),$ Upgrade searchable cryptograph D _w: physics deletes D _{f, W}the searchable cryptograph of middle correspondence: then step (4-4) is performed; If tag ≠ 0, show that this ciphertext is deleted, directly perform step (4-4);

(4-4) make delete the cryptograph files that id is corresponding, then perform step (4-2), until all files to be deleted are all deleted.

The logic that the present invention completes in above-mentioned steps 4 is deleted can not affect and reveal existing index structure.

Those skilled in the art will readily understand; the foregoing is only preferred embodiment of the present invention; not in order to limit the present invention, all any amendments done within the spirit and principles in the present invention, equivalent replacement and improvement etc., all should be included within protection scope of the present invention.

Claims (6)

1. that supports physics to delete dynamically can search for a symmetric encryption method, it is characterized in that, comprising:

Step 1 define system initiation parameter and algorithm structure, for keyword w ∈ W generates the searchable cryptograph (L about file id ∈ ID _w, D _w), wherein W is set of keywords, and ID is file set, for file id sets up the searchable cryptograph (L about keyword w _id, D _id), for document keyword sets up searchable cryptograph (L to (id, w) _{id, w}, D _{id, w}), the privately owned state of reserved keyword w and file id, encrypts file to be uploaded, and the cryptograph files after encryption and the index that generated by each searchable cryptograph are uploaded to high in the clouds;

Step 2 generates search limit door ST according to keyword w to be searched _wand being uploaded to high in the clouds, high in the clouds is according to described search limit door ST _wcomplete the search of searchable cryptograph index, and the ciphertext being 1 by logic deleted marker position carries out physics deletion, the ciphertext being 0 by logic deleted marker position returns to user;

Step 3 according to file to be uploaded and keyword to (id, w) corresponding privately owned state is obtained, for keyword w sets up the searchable cryptograph about file id, for file id sets up the searchable cryptograph about keyword w, for document keyword sets up searchable cryptograph to (id, w), the privately owned state of trasaction key w and file id, encrypt file to be uploaded, the cryptograph files after encryption and searchable cryptograph are uploaded to high in the clouds;

Step 4 generates according to file id to be deleted and deletes limit door DT _w, and being uploaded to high in the clouds, high in the clouds is according to described deletion limit door DT _wthe searchable cryptograph of the keyword w that logic deleted file id is corresponding, and the searchable cryptograph that physics deleted file id and keyword w is corresponding to (id, w).

2. the method for claim 1, is characterized in that, in described step 1, the searchable cryptograph generated about file id for described keyword w comprises the privately owned state P judging described keyword w _wwhether be Null, be, make described privately owned state P _wwith random number R be:

P _w←{0，1} ^k，R←{0，1} ^k

Wherein, random number R represents the binary string of k length; K represents system safety coefficient; For described keyword w generates first searchable cryptograph (L _w, D _w):

$L_w=F_{k_1}\left(w\right)$

$D_w=(D_{w,1}=(H(F_{k_2}\left(w\right),R)\⊕\left(0\right|\left|\mathrm{id}\right|\left|P_w\right)),D_{w,2}=R)$

Wherein, represent that pseudo-random function F is with key k ₁with keyword w for inputting, the Part I of the key search limit door of generation; then represent with key k ₂with keyword w for inputting, the Part II of the key search limit door of generation, according to described system safety parameter k initialising subscriber private key (k ₁, k ₂): k ₁← { 0,1} ^k, k ₂← { 0,1} ^k; Described pseudo-random function F is defined as: { 0,1} ^k× { 0,1} ^*→ { 0,1} ^k;

Otherwise make random bit string S _w← { 0,1} ^k, random number R ← { 0,1} ^k, for keyword w generates new searchable cryptograph (L _w, D _w):

L _w＝P _w

$D_w=(D_{w,1}=(H(F_{k_2}\left(w\right),R)\⊕\left(0\right|\left|\mathrm{id}\right|\left|S_w\right)),D_{w,2}=R).$

3. method as claimed in claim 1 or 2, is characterized in that, in described step 1, the searchable cryptograph set up about keyword w for described file id comprises the privately owned state P judging described file id _idwhether be Null, be, make described privately owned state P _idwith random number R be: P _id← { 0,1} ^k, R ← { 0,1} ^k, wherein, random number R represents the binary string of k length; K represents system safety coefficient; For file id generates first searchable cryptograph (L _id, D _id):

$L_{\mathrm{id}}=F_{k_1}\left(\mathrm{id}\right)$

$D_{\mathrm{id}}=(D_{\mathrm{id},1}=(G(F_{k_2}\left(\mathrm{id}\right),R)\⊕\left(0\right|\left|L_w\right|\left|L_{\mathrm{id},w}\right|\left|P_{\mathrm{id}}\right)),D_{\mathrm{id},2}=R)$

Wherein, L _idrepresent the Part I of the searchable cryptograph of described file id; D _idrepresent the Part II of the searchable cryptograph of described file id, represent that pseudo-random function F is with key k ₁with file id for inputting, the Part I of the document retrieval limit door of generation; then represent with key k ₂with file id for inputting, the Part II of the document retrieval limit door of generation; According to described system safety parameter k initialising subscriber private key (k ₁, k ₂): k ₁← { 0,1} ^k, k ₂← { 0,1} ^k; Described pseudo-random function F is defined as: { 0,1} ^k× { 0,1} ^*→ { 0,1} ^k;

Otherwise make random bit string S _id← { 0,1} ^k, R ← { 0,1} ^k, for file id generates new searchable cryptograph (L _id, D _id):

L _id＝P _id

$D_{\mathrm{id}}=(D_{\mathrm{id},1}=(G(F_{k_2}\left(\mathrm{id}\right),R)\⊕\left(0\right|\left|L_w\right|\left|L_{\mathrm{id},w}\right|\left|S_{\mathrm{id}}\right)),D_{\mathrm{id},2}=R).$

4. method as claimed in claim 1 or 2, is characterized in that, in described step 1, sets up searchable cryptograph comprise and make R ← { 0,1} for described document keyword to (id, w) ^k, generate:

$L_{\mathrm{id},w}=F_{k_1}(w,\mathrm{id})$

$D_{\mathrm{id},w}=(D_{\mathrm{id},w,1}=(H(F_{k_2}(\mathrm{id},w),R)\⊕\left(0\right|\left|L_w\right|\left|L_{\mathrm{id}}\right)),D_{\mathrm{id},w,2}=R)$

Wherein, represent that pseudo-random function F is with key k ₁, keyword w and file id is input, the document keyword of generation is to the Part I of retrieval limit door; represent that pseudo-random function F is with key k ₂, keyword w and file id is input, the document keyword of generation is to the Part II of retrieval limit door; K represents system safety coefficient; According to described system safety parameter k initialising subscriber private key (k ₁, k ₂): k ₁← { 0,1} ^k, k ₂← { 0,1} ^k; Described pseudo-random function F is defined as: { 0,1} ^k× { 0,1} ^*→ { 0,1} ^k.

5. method as claimed in claim 1 or 2, it is characterized in that, described step 2 comprises following sub-step:

(2-1) according to private key (k ₁, k ₂) and keyword w to be searched generation search limit door: and by described search limit door ST _wbe uploaded to high in the clouds, wherein, according to system safety parameter k initialising subscriber private key (k ₁, k ₂): k ₁← { 0,1} ^k, k ₂← { 0,1} ^k; represent that pseudo-random function F is with key k ₁with keyword w for inputting, the Part I of the key search limit door of generation; then represent with key k ₂with keyword w for inputting, the Part II of the key search limit door of generation; Described pseudo-random function F is defined as: { 0,1} ^k× { 0,1} ^*→ { 0,1} ^k;

(2-2) initialization relevant parameter: make i=j=1, makes searchable cryptograph head i is made to be results set to be returned: I=Null; And according to searchable cryptograph head corresponding searchable cryptograph afterbody is obtained from described searchable cryptograph index

(2-3) described searchable cryptograph afterbody is judged whether is Null, be that then redirect performs step (2-6), otherwise according to the retrieval limit door that user uploads deciphering wherein, tag is the logic deleted marker position of this ciphertext;

(2-4) judge whether tag is 0, if tag ≠ 0 and i >=2, then perform the physics deletion action of searchable cryptograph:

$D_w^j=(D_{w,1}^j=(D_{w,1}^j\⊕\left(0^{k+1}\right|\left|(S_w^j\⊕S_w^i)\right)),D_{w,2}^j)$

Wherein, random bit string S _w← { 0,1} ^k, then perform step (2-5); If tag=0, then add file id to results set to be returned: I, and make j=i;

(2-5) the remaining searchable cryptograph of retrieval is continued: make i=i+1, jump to step (2-2-2) to continue to perform until searched for;

(2-6) return search result set I, search step terminates.

6. method as claimed in claim 1 or 2, it is characterized in that, described step 4 comprises following sub-step:

(4-1) user calculates according to file id to be deleted and deletes limit door and by described deletion limit door DT _idbe uploaded to high in the clouds, make i=1, wherein, represent that pseudo-random function F is with key k ₁with file id for inputting, the Part I of the document retrieval limit door of generation; then represent with key k ₂with file id for inputting, the Part II of the document retrieval limit door of generation; According to system safety parameter k initialising subscriber private key (k ₁, k ₂): k ₁← { 0,1} ^k, k ₂← { 0,1} ^k; Described pseudo-random function F is defined as: { 0,1} ^k× { 0,1} ^*→ { 0,1} ^k;

(4-2) according to described deletion limit door DT _idobtain corresponding searchable cryptograph afterbody if described searchable cryptograph afterbody then deletion action terminates, otherwise perform following calculating:

$\mathrm{tag}\left|\right|L_w^i\left|\right|L_{\mathrm{id},w}^i\left|\right|S_{\mathrm{id}}^i=D_{\mathrm{id},1}^i\⊕G(F_{k_2}\left(\mathrm{id}\right),D_{\mathrm{id},2}^i)$

Wherein, tag is the logic deleted marker position of this ciphertext; Delete corresponding searchable cryptograph D _f;

(4-3) judge whether tag is 0, if tag=0, then by described searchable cryptograph afterbody in logic deleted marker position be 1, obtain described searchable cryptograph afterbody and according to described searchable cryptograph afterbody length be divided into two regular lengths with will in logic deleted marker position be 1: $D_w^i=(D_{w,1}^i=(D_{w,1}^i\⊕\left(1\right|\left|0^{2k}\right)),D_{w,1}^i),$ Physics deletes corresponding searchable cryptograph, then performs step (4-4); If tag ≠ 0, show that this ciphertext is deleted, directly perform step (4-4);

(4-4) i=i+1 is made, wherein, random bit string S _id← { 0,1} ^k, k represents system safety coefficient, the cryptograph files that deleted file id is corresponding, then performs described step (4-2), until all files to be deleted are all deleted.