CN105024812A

CN105024812A - Searchable encryption method for identity-based designated testers in cloud storage

Info

Publication number: CN105024812A
Application number: CN201510408086.6A
Authority: CN
Inventors: 王尚平; 赵宝华; 张亚玲
Original assignee: Xian University of Technology
Current assignee: Beijing Kds Datacenter Solution Co ltd; Anhui Phetom Intelligent Traffic Technology Co Ltd
Priority date: 2015-07-13
Filing date: 2015-07-13
Publication date: 2015-11-04
Anticipated expiration: 2035-07-13
Also published as: CN105024812B

Abstract

本发明公开了一种云存储中基于身份的指定测试者的可搜索的加密方法，步骤包括：步骤1、系统参数初始化；步骤2、服务器私钥的生成；步骤3、数据接收者私钥的生成；步骤4、数据拥有者对关键字进行加密；步骤5、陷门的生成；步骤6、测试，本发明使得只有授权的云存储服务器才能执行存储和检索工作，以此来抵抗恶意云存储服务器的攻击，数据拥有者可以将自己的数据和提取的相应关键字加密后，存放到指定的云存储服务器，只有指定的云存储服务器才能检索到需要的密文数据，并将其传给数据接收者，本发明解决了现有技术中存在的恶意云存储服务器在执行搜索过程中会泄露用户搜索的数据的问题。The invention discloses a searchable encryption method for specifying testers based on identity in cloud storage. The steps include: step 1, system parameter initialization; step 2, server private key generation; step 3, data receiver private key Generate; step 4, the data owner encrypts the keyword; step 5, trapdoor generation; step 6, test, the present invention enables only authorized cloud storage servers to perform storage and retrieval work, so as to resist malicious cloud storage Server attack, the data owner can encrypt their own data and the extracted corresponding keywords, and store them in the designated cloud storage server. Only the designated cloud storage server can retrieve the required ciphertext data and pass it to the data Recipients, the present invention solves the problem in the prior art that malicious cloud storage servers may leak data searched by users during the search process.

Description

Searchable encryption method for identity-based designated testers in cloud storage

技术领域technical field

本发明属于信息安全技术领域，具体涉及一种云存储中基于身份的指定测试者的可搜索的加密方法。The invention belongs to the technical field of information security, and in particular relates to a searchable encryption method for an identity-based designated tester in cloud storage.

背景技术Background technique

云计算作为一种新的计算模型，能够提供成本较低、可扩展的各种先进的计算服务，为了节省存储及管理数据的代价，企业和个人可以将数据外包到云存储服务器。云存储服务提供的数据具有可用性和可靠性等优势，但是其也有一个很明显的缺点，即数据不在用户的管理及控制之下，那么如何维护数据的机密性和完整性便成为用户迫切关注的问题。As a new computing model, cloud computing can provide various advanced computing services with low cost and scalability. In order to save the cost of storing and managing data, enterprises and individuals can outsource data to cloud storage servers. The data provided by the cloud storage service has the advantages of availability and reliability, but it also has an obvious disadvantage, that is, the data is not under the management and control of the user, so how to maintain the confidentiality and integrity of the data becomes an urgent concern of the user. question.

虽然企业相信云存储服务提供商(Cloud Storage Service Provider,CSSP)的可靠性、可用性、容错性等，但是人们无法确信CSSP不将托管的数据用于其他目的；同样对于个人用户而言，他们希望自己的数据只能由自己或指定的人访问而不能被CSSP访问。这将导致两方面的问题：一方面，从用户的角度看，他们无法找到让他们完全可信的CSSP来存储和管理他们的数据；另一方面从CSSP的角度看，在没有解决上述问题的情况下将会丢失大量的客户。因此，数据的机密性及完整性将阻碍云存储的推广及使用。Although enterprises believe in the reliability, availability, fault tolerance, etc. of Cloud Storage Service Providers (Cloud Storage Service Providers, CSSPs), people cannot be sure that CSSPs will not use hosted data for other purposes; Your own data can only be accessed by yourself or designated people and cannot be accessed by CSSP. This will lead to two problems: on the one hand, from the user's point of view, they cannot find a fully trusted CSSP to store and manage their data; on the other hand, from the point of view of CSSP, without solving the above problems In this case, a large number of customers will be lost. Therefore, the confidentiality and integrity of data will hinder the promotion and use of cloud storage.

鉴于以上的实际问题，云存储中数据必须在传输到CSSP之前，由用户自己加密，并且也只能由用户自己进行解密，这样将会减轻用户数据泄漏的危险。但这将引入一个新的问题，如用户需要包含某个关键字的文档，那么用户是否能很快的获得他们想要的数据并保证数据对CSSP的机密性？In view of the above practical problems, the data in cloud storage must be encrypted by the user before being transmitted to CSSP, and can only be decrypted by the user himself, which will reduce the risk of user data leakage. But this will introduce a new problem, if the user needs a document containing a certain keyword, can the user quickly obtain the data they want and ensure the confidentiality of the data to CSSP?

发明内容Contents of the invention

本发明的目的是提供一种云存储中基于身份的指定测试者的可搜索的加密方法，解决了现有技术中存在的的恶意云存储服务器在执行搜索过程中会泄露用户搜索的数据的问题。The purpose of the present invention is to provide a searchable encryption method for designated testers based on identity in cloud storage, which solves the problem in the prior art that malicious cloud storage servers will leak the data searched by users during the search process .

本发明所采用的技术方案是，云存储中基于身份的指定测试者的可搜索的加密方法，具体按照以下步骤实施：The technical scheme adopted in the present invention is a searchable encryption method based on the identity of the designated tester in cloud storage, specifically implemented according to the following steps:

步骤1、系统参数初始化；Step 1, system parameter initialization;

步骤2、服务器私钥的生成；Step 2, generation of server private key;

步骤3、数据接收者私钥的生成；Step 3, the generation of the private key of the data recipient;

步骤4、数据拥有者对关键字进行加密；Step 4. The data owner encrypts the keywords;

步骤5、陷门的生成；Step 5, generation of trapdoor;

步骤6、测试。Step 6. Test.

本发明的特点还在于，The present invention is also characterized in that,

步骤1具体按照以下步骤实施：Step 1 is specifically implemented according to the following steps:

步骤(1.1)、给定安全参数k，公钥生成器PKG首先生成双线性映射e:G₁×G₁→G₂，其中G₁是阶为大素数q>2^k的加法循环群，G₂是阶为大素数q>2^k的乘法循环群，公钥生成器PKG随机选择主密钥这里并计算P_pub＝s^-1P∈G₁作为系统公钥，其中P是G₁的生成元；Step (1.1), given the security parameter k, the public key generator PKG first generates a bilinear map e:G ₁ ×G ₁ →G ₂ , where G ₁ is an additive cyclic group whose order is a large prime number q>2 ^k , G ₂ is a multiplicative cyclic group whose order is a large prime number q>2 ^k , and the public key generator PKG randomly selects the master key here And calculate P _pub =s ^-1 P∈G ₁ as the system public key, where P is the generator of G ₁ ;

步骤(1.2)、PKG选择3个散列函数：Step (1.2), PKG selects 3 hash functions:

H₁:{0,1}ⁿ→G₁，H ₁ : {0,1} ⁿ →G ₁ ,

H₂:G₂→{0,1}ⁿ，H ₂ :G ₂ →{0,1} ⁿ ,

${H h}_{33} : : {{0,1 0,1}}^{n no} &RightArrow; &Right Arrow; {Z Z}_{q q}^{* *},,$

其中，n是关键字的长度，记关键字空间为W＝{0,1}ⁿ，系统公共参数PP为{q,G₁,G₂,e,P,P_pub,n,H₁,H₂,H₃}，主私钥msk＝s^-1。Among them, n is the length of the keyword, remember that the keyword space is W={0,1} ⁿ , and the system public parameter PP is {q,G ₁ ,G ₂ ,e,P,P _pub ,n,H ₁ ,H ₂ ,H ₃ }, master private key msk=s ^-1 .

步骤2具体为：Step 2 is specifically:

给定服务器的身份ID_S∈{0,1}ⁿ，PKG利用主私钥msk＝s^-1，计算服务器的私钥sk_S＝s^-1H₁(ID_S)。Given the server's identity ID _S ∈{0,1} ⁿ , PKG uses the master private key msk=s ⁻¹ to calculate the server's private key sk _S =s ⁻¹ H ₁ (ID _S ).

步骤3具体为：Step 3 is specifically:

给定接收者的身份ID_R∈{0,1}ⁿ，PKG利用主私钥msk＝s^-1，计算数据接收者的私钥sk_R＝s^-1H₁(ID_R)。Given the receiver's identity ID _R ∈{0,1} ⁿ , PKG uses the master private key msk=s ^-1 to calculate the data receiver's private key sk _R =s ^-1 H ₁ (ID _R ).

步骤4具体按以下步骤实施：Step 4 is specifically implemented in the following steps:

步骤(4.1)、给定ID_S、ID_R、w∈W＝{0,1}ⁿ，数据拥有者随机选择r₁∈Z_p，并计算密文C＝(C₁,C₂,C₃)分别为：Step (4.1), given ID _S , ID _R , w∈W={0,1} ⁿ , the data owner randomly selects r ₁ ∈ Z _p , and calculates the ciphertext C=(C ₁ ,C ₂ ,C ₃ ) are:

C₁＝r₁P，C ₁ =r ₁ P,

C₂＝H₂[e(H₁(ID_R)，r₁P_pub)]+H₂[e(H₁(ID_S),r₁P_pub)]，C ₂ =H ₂ [e(H ₁ (ID _R ),r ₁ P _pub )]+H ₂ [e(H ₁ (ID _S ),r ₁ P _pub )],

${C C}_{33} = = {H h}_{33} {{w w &CirclePlus; &CirclePlus; {H h}_{22} [[e e (({H h}_{11} (({ID ID}_{R R})),, {P P}_{p p u u b b}))]] - - {H h}_{22} [[e e (({H h}_{11} (({ID ID}_{R R})),, {r r}_{11} {p p}_{p p u u b b}))]]}},,$

步骤(4.2)、数据拥有者将关键字w加密后的密文C＝(C₁,C₂,C₃)和包含相应关键字的加密后的文件上传给云存储服务器。Step (4.2), the data owner uploads the ciphertext C=(C ₁ , C ₂ , C ₃ ) encrypted with the keyword w and the encrypted file containing the corresponding keyword to the cloud storage server.

步骤5具体按以下步骤实施：Step 5 is specifically implemented in the following steps:

步骤(5.1)、给定ID_S、sk_R和关键字w∈W＝{0,1}ⁿ，接收者随机选择r₂∈Z_p并计算：Step (5.1), given ID _S , sk _R and keyword w∈W={0,1} ⁿ , the receiver randomly selects r ₂ ∈ Z _p and calculates:

T₁＝r₂P，T ₁ =r ₂ P,

T₂＝H₃{H₂[e(r₂H₁(ID_S),P_pub)]}，T ₂ =H ₃ {H ₂ [e(r ₂ H ₁ (ID _S ),P _pub )]},

${T T}_{33} = = w w &CirclePlus; &CirclePlus; {H h}_{22} [[e e (({sk sk}_{R R},, P P))]] - - {H h}_{22} [[e e (({H h}_{11} (({ID ID}_{S S})),, {r r}_{22} {P P}_{p p u u b b}))]];;$

步骤(5.2)、文件接收者将T_w＝T₁发送给服务器，并自己保留T₂、T₃。Step (5.2), the file receiver sends T _w =T ₁ to the server, and keeps T ₂ and T ₃ for himself.

步骤6具体按以下步骤实施：Step 6 is specifically implemented in the following steps:

步骤(6.1)、服务器利用其自身的私钥sk_S计算H₃(H₂(e(sk_s,T₁)))，并将此结果发送给数据接收者；Step (6.1), the server uses its own private key sk _S to calculate H ₃ (H ₂ (e(sk _s ,T ₁ ))), and sends the result to the data receiver;

步骤(6.2)、数据接收者测试等式T₂＝H₃(H₂(e(sk_s,T₁)))是否成立，若成立，数据接收者将T₃发送给云存储服务器，随后云存储服务器针对密文C＝(C₁,C₂,C₃)，判断下面的公式是否成立：Step (6.2), the data receiver tests whether the equation T ₂ =H ₃ (H ₂ (e(sk _s ,T ₁ ))) is true, if true, the data receiver sends T ₃ to the cloud storage server, and then the cloud For the ciphertext C=(C ₁ , C ₂ , C ₃ ), the storage server judges whether the following formula holds true:

C₃＝H₃{H₂[e(sk_S,C₁)]+H₂[e(sk_S,T₁)]+T₃-C₂}，C ₃ =H ₃ {H ₂ [e(sk _S ,C ₁ )]+H ₂ [e(sk _S ,T ₁ )]+T ₃ -C ₂ },

如果成立，说明密文和陷门匹配一致，将密文C所对应的加密文件发送给数据接收者；否则，继续下一条密文的测试，直至对所有密文测试结束。If it is true, it means that the ciphertext matches the trapdoor, and the encrypted file corresponding to ciphertext C is sent to the data receiver; otherwise, continue to test the next ciphertext until all ciphertext tests are completed.

本发明的有益效果是，云存储中基于身份的指定测试者的可搜索的加密方法，数据拥有者可以将从文档中提取的关键字利用服务器和数据接收者的身份进行加密，并和相应文档一起存储在云存储服务器上，其中文档采用的是另一种加密方法，当数据接收者想要搜索关于某个关键字的文档时，利用该关键字生成陷门，并将此陷门中的部分信息发送给云存储服务器以确认该服务器是否是授权的，进而就可以抵抗恶意云存储服务器的攻击。The beneficial effect of the present invention is that in the cloud storage based on the searchable encryption method of the designated tester based on the identity, the data owner can encrypt the keywords extracted from the document using the identity of the server and the data receiver, and Stored together on the cloud storage server, where the document is encrypted using another method, when the data receiver wants to search for a document about a certain keyword, the keyword is used to generate a trapdoor, and the trapdoor Part of the information is sent to the cloud storage server to confirm whether the server is authorized, and then it can resist attacks from malicious cloud storage servers.

具体实施方式Detailed ways

下面结合具体实施方式对本发明进行详细说明。The present invention will be described in detail below in combination with specific embodiments.

本发明云存储中基于身份的指定测试者的可搜索的加密方法，具体按照以下步骤实施：The searchable encryption method of the designated tester based on the identity in the cloud storage of the present invention is specifically implemented according to the following steps:

步骤1、系统参数初始化：Step 1. System parameter initialization:

具体按照以下步骤实施：Specifically follow the steps below:

H₁:{0,1}ⁿ→G₁，H ₁ : {0,1} ⁿ →G ₁ ,

H₂:G₂→{0,1}ⁿ，H ₂ :G ₂ →{0,1} ⁿ ,

步骤2、服务器私钥的生成：Step 2. Generation of server private key:

步骤3、数据接收者私钥的生成：Step 3. Generation of the private key of the data receiver:

步骤4、数据拥有者对关键字进行加密：Step 4. The data owner encrypts the keywords:

具体按以下步骤实施：Specifically follow the steps below:

C₁＝r₁P，C ₁ =r ₁ P,

步骤5、陷门的生成：Step 5, trapdoor generation:

具体按以下步骤实施：Specifically follow the steps below:

T₁＝r₂P，T ₁ =r ₂ P,

${T T}_{33} = = w w &CirclePlus; &CirclePlus; {H h}_{22} [[e e (({sk sk}_{R R},, P P))]] - - {H h}_{22} [[e e (({H h}_{11} (({ID ID}_{S S})),, {r r}_{22} {P P}_{pub pub}))]];;$

步骤6、测试：Step 6. Test:

具体按以下步骤实施：Specifically follow the steps below:

步骤(6.2)、数据接收者测试等式T₂＝H₃(H₂(e(sk_s,T₁)))是否成立。若成立，数据接收者将T₃发送给云存储服务器，随后云存储服务器针对密文C＝(C₁,C₂,C₃)，判断下面的公式是否成立：Step (6.2), the data receiver tests whether the equation T ₂ =H ₃ (H ₂ (e(sk _s ,T ₁ ))) holds true. If it is true, the data receiver will send T ₃ to the cloud storage server, and then the cloud storage server will judge whether the following formula is true for the ciphertext C=(C ₁ ,C ₂ ,C ₃ ):

如果成立，说明密文和陷门匹配一致，将密文C所对应的加密文件发送给数据接收者，否则，继续下一条密文的测试，直至对所有密文测试结束。If it is established, it means that the ciphertext matches the trapdoor, and the encrypted file corresponding to ciphertext C is sent to the data receiver; otherwise, continue to test the next ciphertext until all ciphertext tests are completed.

下面分析本发明云存储中基于身份的指定测试者的可搜索的加密方法的安全性：Analyze the security of the searchable encryption method based on the specified tester of identity in the cloud storage of the present invention below:

证明：利用双线性对映射的相关性质：Proof: Using the relevant properties of bilinear pairs of maps:

$\begin{matrix} {H h}_{22} ((e e (({sk sk}_{S S},, {C C}_{11})))) + + {H h}_{22} ((e e (({sk sk}_{S S},, {T T}_{11})))) + + {T T}_{33} - - {C C}_{22} \\ = = {H h}_{22} ((e e (({s the s}^{- - 11} {H h}_{11} (({ID ID}_{S S})),, {r r}_{11} P P)))) + + {H h}_{22} ((e e (({s the s}^{- - 11} {H h}_{11} (({ID ID}_{S S})),, {r r}_{22} P P)))) + + w w &CirclePlus; &CirclePlus; {H h}_{22} ((e e (({sk sk}_{R R},, P P)))) - - \\ {H h}_{22} ((e e (({H h}_{11} (({ID ID}_{S S})),, {r r}_{22} {P P}_{p p u u b b})))) - - {H h}_{22} ((e e (({H h}_{11} (({ID ID}_{R R})),, {r r}_{11} {P P}_{p p u u b b})))) - - {H h}_{22} ((e e (({H h}_{11} (({ID ID}_{S S})),, {r r}_{11} {P P}_{p p u u b b})))) \\ = = w w &CirclePlus; &CirclePlus; {H h}_{22} ((e e (({sk sk}_{R R},, P P)))) - - {H h}_{22} ((e e (({H h}_{11} (({ID ID}_{R R})),, {r r}_{11} {P P}_{p p u u b b})))) \\ = = w w &CirclePlus; &CirclePlus; {H h}_{22} ((e e (({H h}_{11} (({ID ID}_{R R})),, {P P}_{p p u u b b})))) - - {H h}_{22} ((e e (({H h}_{11} (({ID ID}_{R R})),, {r r}_{11} {P P}_{p p u u b b}))));; \end{matrix}$

所以有C₃＝H₃(H₂(e(sk_S,C₁))+H₂(e(sk_S,T₁))+T₃-C₂)成立。说明该密文和陷门匹配一致。So C ₃ =H ₃ (H ₂ (e(sk _S ,C ₁ ))+H ₂ (e(sk _S ,T ₁ ))+T ₃ −C ₂ ) holds. It shows that the ciphertext matches the trapdoor.

对本发明内容的总结：Summary to content of the present invention:

云存储中基于身份的指定测试者的可搜索的加密方法，能够在加密的数据集合上进行搜索查询，具体方法是，先为文件集合生成索引集合，再使用可搜索加密对这些索引进行加密以隐藏索引内容，并且加密要满足如下性质：1)给定一个关键字(即索引)的令牌，可以获得包含该关键字的所有文件的指针；2)没有令牌，索引的内容是隐藏的；3)只有具有相关密钥的用户才能生成令牌；4)检索过程除了暴露了哪些文件共享某个关键字外，不会暴露任何有关文件和关键字的具体信息。可搜索加密的核心作用是为云存储服务提供：一是用户自己控制其数据；二是数据的安全性质可以通过密码学原理验证，而不是通过法律、物理设备来确定安全性。The searchable encryption method based on the identity of the designated tester in cloud storage can search and query on the encrypted data collection. The specific method is to first generate an index collection for the file collection, and then use searchable encryption to encrypt these indexes. The content of the index is hidden, and the encryption must meet the following properties: 1) Given a token of a keyword (ie index), pointers to all files containing the keyword can be obtained; 2) Without tokens, the content of the index is hidden ; 3) Only users with relevant keys can generate tokens; 4) The retrieval process does not reveal any specific information about files and keywords except which files share a certain keyword. The core role of searchable encryption is to provide cloud storage services: first, users themselves control their data; second, the security nature of data can be verified through cryptography principles, rather than legal and physical devices to determine security.

在云存储服务中，用户可以使用可搜索的加密方案对数据加密后，外包到云存储服务器，可搜索加密方案使得用户能够有选择的访问其密文数据，同时还能确保用户搜索数据的机密性，基于身份的指定测试者的可搜索加密方案因其在搜索的过程中具有更高的机密性，而在云存储服务中有着重要的应用价值。本发明采用数据拥有者和数据接收者先后将加密后的数据在指定的云存储服务器上进行存储和检索的方式，使得只有授权云存储服务器才能够利用关键词的陷门搜索加密文档，云存储服务器并不知道用户检索的关键词，确保用户的数据信息隐私性，在通信和计算代价，即搜索陷门大小、关键词加密和搜索的速度等方面的综合效率得到提高。In cloud storage services, users can use searchable encryption schemes to encrypt data and then outsource it to cloud storage servers. Searchable encryption schemes enable users to selectively access their ciphertext data, while ensuring the confidentiality of user search data The identity-based searchable encryption scheme of designated testers has important application value in cloud storage services because of its higher confidentiality in the search process. The present invention adopts the method that the data owner and the data receiver successively store and retrieve the encrypted data on the designated cloud storage server, so that only the authorized cloud storage server can use the key word trapdoor to search for encrypted documents, cloud storage The server does not know the keyword retrieved by the user, ensuring the privacy of the user's data information, and improving the overall efficiency in terms of communication and computing costs, that is, the size of the search trapdoor, keyword encryption, and search speed.

Claims

1. cloud store in the encryption method of searching for of nominative testing person of identity-based, it is characterized in that, specifically implement according to following steps:

Step 1, system parameters initialization;

The generation of step 2, privacy key;

The generation of step 3, Data receiver's private key;

Step 4, data owner are encrypted keyword;

The generation of step 5, trapdoor;

Step 6, test.

2. cloud according to claim 1 store in the encryption method of searching for of nominative testing person of identity-based, it is characterized in that, described step 1 is specifically implemented according to following steps:

Step (1.1), given security parameter k, first PKI maker PKG generates bilinear map e:G ₁× G ₁→ G ₂, wherein G ₁and G ₂be rank be respectively Big prime q>2 ^kaddition cyclic group and multiplication loop group, PKI maker PKG Stochastic choice master key here and calculate P _pub=s ^-1p ∈ G ₁as system PKI, wherein P is G ₁generator;

Step (1.2), PKG select 3 hash functions:

H ₁:{0,1} ⁿ→G ₁，

H ₂:G ₂→{0,1} ⁿ，

H_{3} : {0, 1}^{n} &RightArrow; Z_{q}^{*},

Wherein, n is the length of keyword, and note keyword space is W={0,1} ⁿ, system common parameter PP is { q, G ₁, G ₂, e, P, P _pub, n, H ₁, H ₂, H ₃, main private key msk=s ^-1.

3. cloud according to claim 1 store in the encryption method of searching for of nominative testing person of identity-based, it is characterized in that, described step 2 is specially:

The identity ID of given server _s∈ { 0,1} ⁿ, PKG utilizes main private key msk=s ^-1, the private key sk of calculation server _s=s ^-1h ₁(ID _s).

4. cloud according to claim 1 store in the encryption method of searching for of nominative testing person of identity-based, it is characterized in that, described step 3 is specially:

The identity ID of given recipient _r∈ { 0,1} ⁿ, PKG utilizes main private key msk=s ^-1, the private key sk of calculated data recipient _r=s ^-1h ₁(ID _r).

5. cloud according to claim 1 store in the encryption method of searching for of nominative testing person of identity-based, it is characterized in that, described step 4 is concrete to be implemented according to the following steps:

Step (4.1), given ID _s, ID _r, w ∈ W={0,1} ⁿ, data owner's Stochastic choice r ₁∈ Z _p, and calculate ciphertext C=(C ₁, C ₂, C ₃) be respectively:

C ₁＝r ₁P，

C ₂＝H ₂[e(H ₁(ID _R)，r ₁P _pub)]+H ₂[e(H ₁(ID _S),r ₁P _pub)]，

C_{3} = H_{3} {w &CirclePlus; H_{2} [e (H_{1} ({ID}_{R}), P_{p u b})] - H_{2} [e (H_{1} ({ID}_{R}), r_{1} P_{p u b})]},

Ciphertext C=(C after keyword w encrypts by step (4.2), data owner ₁, C ₂, C ₃) and comprise corresponding keyword encryption after files passe to cloud storage server.

6. cloud according to claim 1 store in the encryption method of searching for of nominative testing person of identity-based, it is characterized in that, described step 5 is concrete to be implemented according to the following steps:

Step (5.1), given ID _s, sk _rwith keyword w ∈ W={0,1} ⁿ, recipient's Stochastic choice r ₂∈ Z _pand calculate:

T ₁＝r ₂P，

T ₂＝H ₃{H ₂[e(r ₂H ₁(ID _S),P _pub)]}，

T_{3} = w &CirclePlus; H_{2} [e ({sk}_{R}, P)] - H_{2} [e (H_{1} ({ID}_{S}), r_{2} P_{p u b})];

Step (5.2), document receivers are by T _w=T ₁send to server, and oneself retains T ₂, T ₃.

7. cloud according to claim 1 store in the encryption method of searching for of nominative testing person of identity-based, it is characterized in that, described step 6 is concrete to be implemented according to the following steps:

Himself private key sk of step (6.1), server by utilizing _scalculate H ₃(H ₂(e (sk _s, T ₁))), and this result is sent to Data receiver;

Step (6.2), Data receiver test equation T ₂=H ₃(H ₂(e (sk _s, T ₁))) whether set up.If set up, then Data receiver is by T ₃send to cloud storage server, cloud storage server is for ciphertext C=(C subsequently ₁, C ₂, C ₃), judge whether formula is below set up:

C ₃＝H ₃{H ₂[e(sk _S,C ₁)]+H ₂[e(sk _S,T ₁)]+T ₃-C ₂}，

If set up, illustrate that ciphertext is consistent with trapdoor coupling, the encrypt file corresponding to ciphertext C is sent to Data receiver, otherwise, continue the test of next ciphertext, until terminate all ciphertext tests.