CN105024812A - Identity-based designated tester searchable encryption method in cloud storage - Google Patents

Abstract

The invention discloses an identity-based designated tester searchable encryption method in cloud storage. The steps includes: 1. initialization of system parameters; 2. generation of a private key of a server; 3. generation of a private key of a data receiver; 4. encryption of a keyword by a data owner; 5. generation of a trap door; and 6. testing. According to the identity-based designated tester searchable encryption method provided by the invention, only an authorized cloud storage server can execute storage and retrieval, thereby resisting an attacks of a malicious cloud storage server, the data owner can store data in a designated cloud storage server after encryption of the data and the extracted corresponding keyword, and only the designated cloud storage server can retrieve required ciphertext data and transmit to the data receiver, thereby solving the problem existing in the prior art that the malicious cloud storage server reveals data that a user searches in the process of executing a search.

Description

The encryption method of searching for of the nominative testing person of identity-based during cloud stores

Technical field

The invention belongs to field of information security technology, be specifically related to the encryption method of searching for of the nominative testing person of identity-based in the storage of a kind of cloud.

Background technology

Cloud computing, as a kind of new computation model, can provide the calculation services of lower, the extendible various advanced person of cost, and in order to save the cost of storage and management data, data can be outsourced to cloud storage server by enterprises and individuals.The data that cloud stores service provides have the advantage such as availability and reliability, but it also has a shortcoming clearly, namely data are not under the management of user and controlling, and so how the confidentiality and integrity of service data just becomes the problem that user urgently pays close attention to.

Although the reliability, availability, fault-tolerance etc. of cloud storage service provider (Cloud Storage Service Provider, CSSP) are believed by enterprise, the data of trustship are not used for other objects by the people CSSP that is uncertain about; Same for personal user, they wish that the data of oneself can only be accessed by oneself or the people specified and can not be accessed by CSSP.This will cause the problem of two aspects: on the one hand, from the angle of user, and they cannot find and allow they complete believable CSSP carry out their data of store and management; On the other hand from the angle of CSSP, a large amount of clients will be lost when not solving the problem.Therefore, the popularization that cloud will be hindered to store of the confidentiality of data and integrality and use.

In view of above practical problem, during cloud stores, data before being transferred to CSSP, must being encrypted by user oneself, and also can only be decrypted by user oneself, will alleviate the danger that user data leaks like this.Do their data of wanting of the acquisition that so user can be very fast also ensure the confidentiality of data to CSSP but this is by problem new for introducing one, as user needs the document comprising certain keyword?

Summary of the invention

The object of this invention is to provide a kind of cloud store in the encryption method of searching for of nominative testing person of identity-based, solve exist in prior art malice cloud storage server performing the problem revealing the data of user search in search procedure.

The technical solution adopted in the present invention is, the encryption method of searching for of the nominative testing person of identity-based during cloud stores, and specifically implements according to following steps:

Step 1, system parameters initialization;

The generation of step 2, privacy key;

The generation of step 3, Data receiver's private key;

Step 4, data owner are encrypted keyword;

The generation of step 5, trapdoor;

Step 6, test.

Feature of the present invention is also,

Step 1 is specifically implemented according to following steps:

Step (1.1), given security parameter k, first PKI maker PKG generates bilinear map e:G ₁× G ₁→ G ₂, wherein G ₁be rank be Big prime q>2 ^kaddition cyclic group, G ₂be rank be Big prime q>2 ^kmultiplication loop group, PKI maker PKG Stochastic choice master key here and calculate P _pub=s ^-1p ∈ G ₁as system PKI, wherein P is G ₁generator;

Step (1.2), PKG select 3 hash functions:

H ₁:{0,1} ⁿ→G ₁，

H ₂:G ₂→{0,1} ⁿ，

$H_3:{\left\{\mathrm{0,1}\right\}}^n\→Z_q^{*},$

Wherein, n is the length of keyword, and note keyword space is W={0,1} ⁿ, system common parameter PP is { q, G ₁, G ₂, e, P, P _pub, n, H ₁, H ₂, H ₃, main private key msk=s ^-1.

Step 2 is specially:

The identity ID of given server _s∈ { 0,1} ⁿ, PKG utilizes main private key msk=s ^-1, the private key sk of calculation server _s=s ^-1h ₁(ID _s).

Step 3 is specially:

The identity ID of given recipient _r∈ { 0,1} ⁿ, PKG utilizes main private key msk=s ^-1, the private key sk of calculated data recipient _r=s ^-1h ₁(ID _r).

Step 4 is concrete to be implemented according to the following steps:

Step (4.1), given ID _s, ID _r, w ∈ W={0,1} ⁿ, data owner's Stochastic choice r ₁∈ Z _p, and calculate ciphertext C=(C ₁, C ₂, C ₃) be respectively:

C ₁＝r ₁P，

C ₂＝H ₂[e(H ₁(ID _R)，r ₁P _pub)]+H ₂[e(H ₁(ID _S),r ₁P _pub)]，

$C_3=H_3\{w\⊕H_2\[e\left(H_1\right({\mathrm{ID}}_R),P_{pub})\]-H_2\[e\left(H_1\right({\mathrm{ID}}_R),r_1{p}_{pub})\]\},$

Ciphertext C=(C after keyword w encrypts by step (4.2), data owner ₁, C ₂, C ₃) and comprise corresponding keyword encryption after files passe to cloud storage server.

Step 5 is concrete to be implemented according to the following steps:

Step (5.1), given ID _s, sk _rwith keyword w ∈ W={0,1} ⁿ, recipient's Stochastic choice r ₂∈ Z _pand calculate:

T ₁＝r ₂P，

T ₂＝H ₃{H ₂[e(r ₂H ₁(ID _S),P _pub)]}，

$T_3=w\⊕H_2\[e({\mathrm{sk}}_R,P)\]-H_2\[e\left(H_1\right({\mathrm{ID}}_S),r_2{P}_{pub})\];$

Step (5.2), document receivers are by T _w=T ₁send to server, and oneself retains T ₂, T ₃.

Step 6 is concrete to be implemented according to the following steps:

Himself private key sk of step (6.1), server by utilizing _scalculate H ₃(H ₂(e (sk _s, T ₁))), and this result is sent to Data receiver;

Step (6.2), Data receiver test equation T ₂=H ₃(H ₂(e (sk _s, T ₁))) whether set up, if set up, Data receiver is by T ₃send to cloud storage server, cloud storage server is for ciphertext C=(C subsequently ₁, C ₂, C ₃), judge whether formula is below set up:

C ₃＝H ₃{H ₂[e(sk _S,C ₁)]+H ₂[e(sk _S,T ₁)]+T ₃-C ₂}，

If set up, illustrate that ciphertext is consistent with trapdoor coupling, the encrypt file corresponding to ciphertext C is sent to Data receiver; Otherwise, continue the test of next ciphertext, until terminate all ciphertext tests.

The invention has the beneficial effects as follows, the encryption method of searching for of the nominative testing person of identity-based during cloud stores, the keyword extracted from document can utilize the identity of server and Data receiver to be encrypted by data owner, and be stored on cloud storage server together with respective document, what wherein document adopted is another kind of encryption method, when Data receiver wants to search for the document about certain keyword, this keyword is utilized to generate trapdoor, and the partial information in this trapdoor sent to cloud storage server to confirm whether this server is authorize, and then just can resist the attack of malice cloud storage server.

Embodiment

Below in conjunction with embodiment, the present invention is described in detail.

The encryption method of searching for of the nominative testing person of identity-based during cloud of the present invention stores, specifically implement according to following steps:

Step 1, system parameters initialization:

Specifically implement according to following steps:

Step (1.1), given security parameter k, first PKI maker PKG generates bilinear map e:G ₁× G ₁→ G ₂, wherein G ₁be rank be Big prime q>2 ^kaddition cyclic group, G ₂be rank be Big prime q>2 ^kmultiplication loop group, PKI maker PKG Stochastic choice master key here and calculate P _pub=s ^-1p ∈ G ₁as system PKI, wherein P is G ₁generator;

Step (1.2), PKG select 3 hash functions:

H ₁:{0,1} ⁿ→G ₁，

H ₂:G ₂→{0,1} ⁿ，

$H_3:{\left\{\mathrm{0,1}\right\}}^n\→Z_q^{*},$

Wherein, n is the length of keyword, and note keyword space is W={0,1} ⁿ, system common parameter PP is { q, G ₁, G ₂, e, P, P _pub, n, H ₁, H ₂, H ₃, main private key msk=s ^-1.

The generation of step 2, privacy key:

The identity ID of given server _s∈ { 0,1} ⁿ, PKG utilizes main private key msk=s ^-1, the private key sk of calculation server _s=s ^-1h ₁(ID _s).

The generation of step 3, Data receiver's private key:

The identity ID of given recipient _r∈ { 0,1} ⁿ, PKG utilizes main private key msk=s ^-1, the private key sk of calculated data recipient _r=s ^-1h ₁(ID _r).

Step 4, data owner are encrypted keyword:

Concrete enforcement according to the following steps:

Step (4.1), given ID _s, ID _r, w ∈ W={0,1} ⁿ, data owner's Stochastic choice r ₁∈ Z _p, and calculate ciphertext C=(C ₁, C ₂, C ₃) be respectively:

C ₁＝r ₁P，

C ₂＝H ₂[e(H ₁(ID _R)，r ₁P _pub)]+H ₂[e(H ₁(ID _S),r ₁P _pub)]，

$C_3=H_3\{w\⊕H_2\[e\left(H_1\right({\mathrm{ID}}_R),P_{pub})\]-H_2\[e\left(H_1\right({\mathrm{ID}}_R),r_1{p}_{pub})\]\},$

Ciphertext C=(C after keyword w encrypts by step (4.2), data owner ₁, C ₂, C ₃) and comprise corresponding keyword encryption after files passe to cloud storage server.

The generation of step 5, trapdoor:

Concrete enforcement according to the following steps:

Step (5.1), given ID _s, sk _rwith keyword w ∈ W={0,1} ⁿ, recipient's Stochastic choice r ₂∈ Z _pand calculate:

T ₁＝r ₂P，

T ₂＝H ₃{H ₂[e(r ₂H ₁(ID _S),P _pub)]}，

$T_3=w\⊕H_2\left[e({\mathrm{sk}}_R,P)\right]-H_2\left[e(H_1\left({\mathrm{ID}}_S\right),r_2{P}_{\mathrm{pub}})\right];$

Step (5.2), document receivers are by T _w=T ₁send to server, and oneself retains T ₂, T ₃.

Step 6, test:

Concrete enforcement according to the following steps:

Himself private key sk of step (6.1), server by utilizing _scalculate H ₃(H ₂(e (sk _s, T ₁))), and this result is sent to Data receiver;

Step (6.2), Data receiver test equation T ₂=H ₃(H ₂(e (sk _s, T ₁))) whether set up.If set up, Data receiver is by T ₃send to cloud storage server, cloud storage server is for ciphertext C=(C subsequently ₁, C ₂, C ₃), judge whether formula is below set up:

C ₃＝H ₃{H ₂[e(sk _S,C ₁)]+H ₂[e(sk _S,T ₁)]+T ₃-C ₂}，

If set up, illustrate that ciphertext is consistent with trapdoor coupling, the encrypt file corresponding to ciphertext C is sent to Data receiver, otherwise, continue the test of next ciphertext, until terminate all ciphertext tests.

The fail safe of the encryption method of searching for of the nominative testing person of identity-based during lower surface analysis cloud of the present invention stores:

Prove: utilize the relevant nature that Bilinear map maps:

$\begin{array}{c}{H}_2\left(e\right({\mathrm{sk}}_S,C_1\left)\right)+H_2\left(e\right({\mathrm{sk}}_S,T_1\left)\right)+T_3-C_2\\ =H_2\left(e\right(s^{-1}{H}_1\left({\mathrm{ID}}_S\right),r_{1}P\left)\right)+H_2\left(e\right(s^{-1}{H}_1\left({\mathrm{ID}}_S\right),r_{2}P\left)\right)+w\⊕H_2\left(e\right({\mathrm{sk}}_R,P))-\\ H_2\left(e\right(H_1\left({\mathrm{ID}}_S\right),r_2{P}_{pub}\left)\right)-H_2\left(e\right(H_1\left({\mathrm{ID}}_R\right),r_1{P}_{pub}\left)\right)-H_2\left(e\right(H_1\left({\mathrm{ID}}_S\right),r_1{P}_{pub}\left)\right)\\ =w\⊕H_2\left(e\right({\mathrm{sk}}_R,P))-H_2\left(e\right(H_1\left({\mathrm{ID}}_R\right),r_1{P}_{pub}))\\ =w\⊕H_2\left(e\right(H_1\left({\mathrm{ID}}_R\right),P_{pub}\left)\right)-H_2\left(e\right(H_1\left({\mathrm{ID}}_R\right),r_1{P}_{pub}\left)\right);\end{array}$

So there is C ₃=H ₃(H ₂(e (sk _s, C ₁))+H ₂(e (sk _s, T ₁))+T ₃-C ₂) set up.Illustrate that this ciphertext is consistent with trapdoor coupling.

Summary to content of the present invention:

The encryption method of searching for of the nominative testing person of identity-based during cloud stores, can in the enterprising line search inquiry of the data acquisition system of encryption, concrete grammar is, it is first the set of file set generating indexes, re-using can search for encrypt is encrypted with hiding index content to these indexes, and encryption will meet following character: the 1) token of a given keyword (i.e. index), can obtain the pointer of the All Files comprising this keyword; 2) do not have token, the content of index is hiding; 3) user only with association key could generate token; 4) retrieving is except exposing certain keyword of which file-sharing, can not expose the specifying information of any relevant document and keyword.The central role can searching for encryption is for cloud stores service provides: one is that user oneself controls its data; Two is that the security property of data can be verified by Cryptography Principles, instead of determines fail safe by law, physical equipment.

In cloud stores service, user can use the encipherment scheme that can search for after data encryption, be outsourced to cloud storage server, can search for encipherment scheme makes user can selectively access its encrypt data, the confidentiality of user search data can also be guaranteed simultaneously, the encipherment scheme searched for of the nominative testing person of identity-based has higher confidentiality because of it in the process of search, and has important using value in cloud stores service.The present invention adopts data owner and Data receiver successively the data after encryption to be carried out on the cloud storage server of specifying the mode storing and retrieve, make to only have the trapdoor search encrypted document of authorizing cloud storage server can utilize keyword, cloud storage server does not also know the keyword of user search, guarantee the data message privacy of user, at communication and calculation cost, namely search for trapdoor size, the overall efficiency of the aspect such as speed of keyword encryption and search is improved.

Claims (7)

1. cloud store in the encryption method of searching for of nominative testing person of identity-based, it is characterized in that, specifically implement according to following steps:

Step 1, system parameters initialization;

The generation of step 2, privacy key;

The generation of step 3, Data receiver's private key;

Step 4, data owner are encrypted keyword;

The generation of step 5, trapdoor;

Step 6, test.

2. cloud according to claim 1 store in the encryption method of searching for of nominative testing person of identity-based, it is characterized in that, described step 1 is specifically implemented according to following steps:

Step (1.1), given security parameter k, first PKI maker PKG generates bilinear map e:G ₁× G ₁→ G ₂, wherein G ₁and G ₂be rank be respectively Big prime q>2 ^kaddition cyclic group and multiplication loop group, PKI maker PKG Stochastic choice master key here and calculate P _pub=s ^-1p ∈ G ₁as system PKI, wherein P is G ₁generator;

Step (1.2), PKG select 3 hash functions:

H ₁:{0,1} ⁿ→G ₁，

H ₂:G ₂→{0,1} ⁿ，

$H_3:{\{0,1\}}^n\→Z_q^{*},$

Wherein, n is the length of keyword, and note keyword space is W={0,1} ⁿ, system common parameter PP is { q, G ₁, G ₂, e, P, P _pub, n, H ₁, H ₂, H ₃, main private key msk=s ^-1.

3. cloud according to claim 1 store in the encryption method of searching for of nominative testing person of identity-based, it is characterized in that, described step 2 is specially:

The identity ID of given server _s∈ { 0,1} ⁿ, PKG utilizes main private key msk=s ^-1, the private key sk of calculation server _s=s ^-1h ₁(ID _s).

4. cloud according to claim 1 store in the encryption method of searching for of nominative testing person of identity-based, it is characterized in that, described step 3 is specially:

The identity ID of given recipient _r∈ { 0,1} ⁿ, PKG utilizes main private key msk=s ^-1, the private key sk of calculated data recipient _r=s ^-1h ₁(ID _r).

5. cloud according to claim 1 store in the encryption method of searching for of nominative testing person of identity-based, it is characterized in that, described step 4 is concrete to be implemented according to the following steps:

Step (4.1), given ID _s, ID _r, w ∈ W={0,1} ⁿ, data owner's Stochastic choice r ₁∈ Z _p, and calculate ciphertext C=(C ₁, C ₂, C ₃) be respectively:

C ₁＝r ₁P，

C ₂＝H ₂[e(H ₁(ID _R)，r ₁P _pub)]+H ₂[e(H ₁(ID _S),r ₁P _pub)]，

$C_3=H_3\left\{w\⊕H_2\[e\left(H_1\left({\mathrm{ID}}_R\right),P_{pub}\right)\]-H_2\[e\left(H_1\left({\mathrm{ID}}_R\right),r_1{P}_{pub}\right)\]\right\},$

Ciphertext C=(C after keyword w encrypts by step (4.2), data owner ₁, C ₂, C ₃) and comprise corresponding keyword encryption after files passe to cloud storage server.

6. cloud according to claim 1 store in the encryption method of searching for of nominative testing person of identity-based, it is characterized in that, described step 5 is concrete to be implemented according to the following steps:

Step (5.1), given ID _s, sk _rwith keyword w ∈ W={0,1} ⁿ, recipient's Stochastic choice r ₂∈ Z _pand calculate:

T ₁＝r ₂P，

T ₂＝H ₃{H ₂[e(r ₂H ₁(ID _S),P _pub)]}，

$T_3=w\⊕H_2\[e({\mathrm{sk}}_R,P)\]-H_2\[e\left(H_1\right({\mathrm{ID}}_S),r_2{P}_{pub})\];$

Step (5.2), document receivers are by T _w=T ₁send to server, and oneself retains T ₂, T ₃.

7. cloud according to claim 1 store in the encryption method of searching for of nominative testing person of identity-based, it is characterized in that, described step 6 is concrete to be implemented according to the following steps:

Himself private key sk of step (6.1), server by utilizing _scalculate H ₃(H ₂(e (sk _s, T ₁))), and this result is sent to Data receiver;

Step (6.2), Data receiver test equation T ₂=H ₃(H ₂(e (sk _s, T ₁))) whether set up.If set up, then Data receiver is by T ₃send to cloud storage server, cloud storage server is for ciphertext C=(C subsequently ₁, C ₂, C ₃), judge whether formula is below set up:

C ₃＝H ₃{H ₂[e(sk _S,C ₁)]+H ₂[e(sk _S,T ₁)]+T ₃-C ₂}，

If set up, illustrate that ciphertext is consistent with trapdoor coupling, the encrypt file corresponding to ciphertext C is sent to Data receiver, otherwise, continue the test of next ciphertext, until terminate all ciphertext tests.