CN105024812B - The encryption method that can search for of the nominative testing person of identity-based in cloud storage - Google Patents
The encryption method that can search for of the nominative testing person of identity-based in cloud storage Download PDFInfo
- Publication number
- CN105024812B CN105024812B CN201510408086.6A CN201510408086A CN105024812B CN 105024812 B CN105024812 B CN 105024812B CN 201510408086 A CN201510408086 A CN 201510408086A CN 105024812 B CN105024812 B CN 105024812B
- Authority
- CN
- China
- Prior art keywords
- cloud storage
- identity
- search
- data
- keyword
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The invention discloses the encryption method that can search for of the nominative testing person of identity-based in cloud storage a kind of, step includes:Step 1, systematic parameter initialization;The generation of step 2, privacy key;The generation of step 3, Data receiver's private key;Keyword is encrypted in step 4, data owner;The generation of step 5, trapdoor;Step 6, test, the invention enables the cloud storage service devices only authorized could perform storage and retrieval work, the attack of malice cloud storage service device is resisted with this, data owner can will the data of oneself and extraction corresponding keyword encryption after, it is stored in the cloud storage service device specified, the cloud storage service device only specified can just retrieve the ciphertext data of needs, and Data receiver is passed along, the present invention solves the problems, such as the data that malice cloud storage service device in the prior art can reveal user's search in search process is performed.
Description
Technical field
The invention belongs to field of information security technology, and in particular to the nominative testing person of identity-based in a kind of cloud storage
The encryption method that can search for.
Background technology
Cloud computing is capable of providing various advanced calculate that cost is relatively low, expansible and takes as a kind of new computation model
Business, in order to save storage and manage the cost of data, data can be outsourced to cloud storage service device by enterprises and individuals.Cloud storage
The data that service provides have an advantages such as availability and reliability, but its also there are one it is apparent the shortcomings that, i.e., data do not exist
Under the management and control of user, then how to safeguard that the confidentiality and integrity of data becomes and asked for what user urgently paid close attention to
Topic.
What although cloud storage service provider (Cloud Storage Service Provider, CSSP) was believed by enterprise can
By property, availability, fault-tolerance etc., but people are uncertain about CSSP not by the data of trustship for other purposes;Similarly for
For personal user, they wish that the data of oneself can only be accessed by oneself or the people specified and cannot be accessed by CSSP.This will
Problem of both causing:On the one hand, from the point of view of user, they, which can not find, allows their believable CSSP completely to store
With their data of management;On the other hand it from the point of view of CSSP, will be lost in the case where not solving the above problems big
The client of amount.Therefore, the popularization and use that the confidentiality of data and integrality will hinder cloud storage.
In view of above practical problem, data must be encrypted before CSSP is transferred to by user oneself in cloud storage, and
And can only be also decrypted by user oneself, the danger of user data leakage will be mitigated in this way.But this will introduce one it is new
Problem, as user needs the document for including some keyword, then whether user can be quickly obtains data that they want simultaneously
Ensure confidentiality of the data to CSSP
Invention content
The object of the present invention is to provide the encryption method that can search for of the nominative testing person of identity-based in cloud storage a kind of,
Solve the data that malice cloud storage service device in the prior art can reveal user's search in search process is performed
The problem of.
The technical solution adopted in the present invention is the encryption side that can search for of the nominative testing person of identity-based in cloud storage
Method is specifically implemented according to the following steps:
Step 1, systematic parameter initialization;
The generation of step 2, privacy key;
The generation of step 3, Data receiver's private key;
Keyword is encrypted in step 4, data owner;
The generation of step 5, trapdoor;
Step 6, test.
The features of the present invention also characterized in that
Step 1 is specifically implemented according to the following steps:
Step (1.1), given security parameter k, public key generator PKG firstly generate bilinear map e:G1×G1→G2,
Middle G1Be rank be Big prime q>2kAddition cyclic group, G2Be rank be Big prime q>2kMultiplicative cyclic group, public key generator PKG
Randomly choose master keyHereAnd calculate Ppub=s-1P∈G1As system public key, wherein P
It is G1Generation member;
Step (1.2), PKG select 3 hash functions:
H1:{0,1}n→G1,
H2:G2→{0,1}n,
Wherein, n is the length of keyword, and note keyword space is W={ 0,1 }n, system common parameter PP is { q, G1,G2,
e,P,Ppub,n,H1,H2,H3, main private key msk=s-1。
Step 2 is specially:
The identity ID of given serverS∈{0,1}n, PKG utilize main private key msk=s-1, the private key sk of calculation serverS=
s-1H1(IDS)。
Step 3 is specially:
The identity ID of given recipientR∈{0,1}n, PKG utilize main private key msk=s-1, calculate the private key of Data receiver
skR=s-1H1(IDR)。
Step 4 is specifically implemented according to the following steps:
Step (4.1), given IDS、IDR, w ∈ W={ 0,1 }n, data owner's random selection r1∈Zp, and calculate ciphertext C
=(C1,C2,C3) be respectively:
C1=r1P,
C2=H2[e(H1(IDR), r1Ppub)]+H2[e(H1(IDS),r1Ppub)],
Step (4.2), data owner are by the encrypted ciphertext C=(C of keyword w1,C2,C3) and include corresponding keyword
Encrypted file be uploaded to cloud storage service device.
Step 5 is specifically implemented according to the following steps:
Step (5.1), given IDS、skRWith keyword w ∈ W={ 0,1 }n, recipient's random selection r2∈ZpAnd it calculates:
T1=r2P,
T2=H3{H2[e(r2H1(IDS),Ppub)],
Step (5.2), document receivers are by Tw=T1Server is sent to, and oneself retains T2、T3。
Step 6 is specifically implemented according to the following steps:
Step (6.1), server by utilizing the private key sk of its ownSCalculate H3(H2(e(sks,T1))), and this result is sent
To Data receiver;
Step (6.2), Data receiver test equation T2=H3(H2(e(sks,T1))) whether true, if so, data connect
Receipts person is by T3Cloud storage service device is sent to, subsequent cloud storage service device is directed to ciphertext C=(C1,C2,C3), judge following public affairs
Whether formula is true:
C3=H3{H2[e(skS,C1)]+H2[e(skS,T1)]+T3-C2,
If set up, illustrate that ciphertext is consistent with trapdoor matching, the encryption file corresponding to ciphertext C is sent to data receiver
Person;Otherwise, continue the test of next ciphertext, until terminating to the test of all ciphertexts.
The invention has the advantages that in cloud storage the nominative testing person of identity-based the encryption method that can search for, number
The keyword extracted from document can be encrypted, and and phase using the identity of server and Data receiver according to owner
Document is answered to be collectively stored on cloud storage service device, wherein document is using another encryption method, when Data receiver thinks
When searching for the document about some keyword, trapdoor is generated, and the partial information in this trapdoor is sent using the keyword
To cloud storage service device to confirm whether the server is to authorize, and then attacking for malice cloud storage service device can be resisted
It hits.
Specific embodiment
The present invention is described in detail With reference to embodiment.
The encryption method that can search for of the nominative testing person of identity-based in cloud storage of the present invention, specifically according to following steps
Implement:
Step 1, systematic parameter initialization:
It is specifically implemented according to the following steps:
Step (1.1), given security parameter k, public key generator PKG firstly generate bilinear map e:G1×G1→G2,
Middle G1Be rank be Big prime q>2kAddition cyclic group, G2Be rank be Big prime q>2kMultiplicative cyclic group, public key generator PKG
Randomly choose master keyHereAnd calculate Ppub=s-1P∈G1As system public key, wherein P
It is G1Generation member;
Step (1.2), PKG select 3 hash functions:
H1:{0,1}n→G1,
H2:G2→{0,1}n,
Wherein, n is the length of keyword, and note keyword space is W={ 0,1 }n, system common parameter PP is { q, G1,G2,
e,P,Ppub,n,H1,H2,H3, main private key msk=s-1。
The generation of step 2, privacy key:
The identity ID of given serverS∈{0,1}n, PKG utilize main private key msk=s-1, the private key sk of calculation serverS=
s-1H1(IDS)。
The generation of step 3, Data receiver's private key:
The identity ID of given recipientR∈{0,1}n, PKG utilize main private key msk=s-1, calculate the private key of Data receiver
skR=s-1H1(IDR)。
Keyword is encrypted in step 4, data owner:
Specifically implement according to the following steps:
Step (4.1), given IDS、IDR, w ∈ W={ 0,1 }n, data owner's random selection r1∈Zp, and calculate ciphertext C
=(C1,C2,C3) be respectively:
C1=r1P,
C2=H2[e(H1(IDR), r1Ppub)]+H2[e(H1(IDS),r1Ppub)],
Step (4.2), data owner are by the encrypted ciphertext C=(C of keyword w1,C2,C3) and include corresponding keyword
Encrypted file be uploaded to cloud storage service device.
The generation of step 5, trapdoor:
Specifically implement according to the following steps:
Step (5.1), given IDS、skRWith keyword w ∈ W={ 0,1 }n, recipient's random selection r2∈ZpAnd it calculates:
T1=r2P,
T2=H3{H2[e(r2H1(IDS),Ppub)],
Step (5.2), document receivers are by Tw=T1Server is sent to, and oneself retains T2、T3。
Step 6, test:
Specifically implement according to the following steps:
Step (6.1), server by utilizing the private key sk of its ownSCalculate H3(H2(e(sks,T1))), and this result is sent
To Data receiver;
Step (6.2), Data receiver test equation T2=H3(H2(e(sks,T1))) whether true.If so, data connect
Receipts person is by T3Cloud storage service device is sent to, subsequent cloud storage service device is directed to ciphertext C=(C1,C2,C3), judge following public affairs
Whether formula is true:
C3=H3{H2[e(skS,C1)]+H2[e(skS,T1)]+T3-C2,
If set up, illustrate that ciphertext is consistent with trapdoor matching, the encryption file corresponding to ciphertext C is sent to data receiver
Otherwise person, continues the test of next ciphertext, until terminating to the test of all ciphertexts.
The safety of the encryption method that can search for of the nominative testing person of identity-based in lower surface analysis cloud storage of the present invention:
It proves:The relevant nature mapped using Bilinear map:
So there is C3=H3(H2(e(skS,C1))+H2(e(skS,T1))+T3-C2) set up.Illustrate the ciphertext and trapdoor matching
Unanimously.
Summary to the content of present invention:
The encryption method that can search for of the nominative testing person of identity-based in cloud storage, can be on encrypted data acquisition system
Scan for inquiring, specific method is, is first file set generation index set, reuse can search for encryption to these index into
Row encryption will meet following property to hide index content, and encrypt:1) token of a keyword (indexing) is given, it can
To obtain the pointer of the All Files comprising the keyword;2) without token, the content of index is hiding;3) only there is phase
The user for closing key could generate token;4) retrieving is other than exposing which file-sharing some keyword, Bu Huibao
Reveal the specifying information of any relevant document and keyword.Can search for encrypted central role is provided for cloud storage service:When
User oneself controls its data;Second is that the security property of data can be verified by Cryptography Principles rather than by law, object
Equipment is managed to determine safety.
In cloud storage service, after user can use the encipherment scheme that can search for data encryption, it is outsourced to cloud storage
Server can search for encipherment scheme and allow users to selectively access its ciphertext data, while also ensure that user searches for
The confidentiality of data, the nominative testing person of identity-based can search for encipherment scheme because its during search have it is higher
Confidentiality, and have important application value in cloud storage service.The present invention is first using data owner and Data receiver
The mode that encrypted data are stored and retrieved on specified cloud storage service device afterwards so that only authorize cloud storage
Server can utilize the trapdoor search encrypted document of keyword, and cloud storage service device is not aware that the key of user search
Word, it is ensured that the data information privacy of user is communicating and calculating cost, that is, searches for trapdoor size, keyword encryption and search
The overall efficiency of speed etc. be improved.
Claims (5)
1. the encryption method that can search for of the nominative testing person of identity-based in cloud storage, which is characterized in that specifically according to following
Step is implemented:
Step 1, systematic parameter initialization, are specifically implemented according to the following steps:
Step (1.1), given security parameter k, public key generator PKG firstly generate bilinear map e:G1×G1→G2, wherein G1
And G2Be respectively rank be Big prime q > 2kAddition cyclic group and multiplicative cyclic group, public key generator PKG random selection master keyHereAnd calculate Ppub=s-1P∈G1As system public key, wherein P is G1Generation member;
Step (1.2), PKG select 3 hash functions:
H1:{0,1}n→G1,
H2:G2→{0,1}n,
H3:
Wherein, n is the length of keyword, and note keyword space is W={ 0,1 }n, system common parameter PP is { q, G1,G2,e,P,
Ppub,n,H1,H2,H3, main private key msk=s-1;
The generation of step 2, privacy key;
The generation of step 3, Data receiver's private key;
Keyword is encrypted in step 4, data owner, specifically implements according to the following steps:
Step (4.1), given IDS、IDR, w ∈ W={ 0,1 }n, data owner's random selection r1∈Zp, and calculate ciphertext C=
(C1,C2,C3) be respectively:
C1=r1P,
C2=H2[e(H1(IDR), r1Ppub)]+H2[e(H1(IDS),r1Ppub)],
Step (4.2), data owner are by the encrypted ciphertext C=(C of keyword w1,C2,C3) and adding comprising corresponding keyword
File after close is uploaded to cloud storage service device;
The generation of step 5, trapdoor;
Step 6, test.
2. the encryption method that can search for of the nominative testing person of identity-based in cloud storage according to claim 1, special
Sign is that the step 2 is specially:
The identity ID of given serverS∈{0,1}n, PKG utilize main private key msk=s-1, the private key sk of calculation serverS=s-1H1
(IDS)。
3. the encryption method that can search for of the nominative testing person of identity-based in cloud storage according to claim 1, special
Sign is that the step 3 is specially:
The identity ID of given recipientR∈{0,1}n, PKG utilize main private key msk=s-1, calculate the private key sk of Data receiverR=
s-1H1(IDR)。
4. the encryption method that can search for of the nominative testing person of identity-based in cloud storage according to claim 1, special
Sign is that the step 5 is specifically implemented according to the following steps:
Step (5.1), given IDS、skRWith keyword w ∈ W={ 0,1 }n, recipient's random selection r2∈ZpAnd it calculates:
T1=r2P,
T2=H3{H2[e(r2H1(IDS),Ppub)],
Step (5.2), document receivers are by Tw=T1Server is sent to, and oneself retains T2、T3。
5. the encryption method that can search for of the nominative testing person of identity-based in cloud storage according to claim 1, special
Sign is that the step 6 is specifically implemented according to the following steps:
Step (6.1), server by utilizing the private key sk of its ownSCalculate H3(H2(e(sks,T1))), and this result is sent to number
According to recipient;
Step (6.2), Data receiver test equation T2=H3(H2(e(sks,T1))) whether true, if so, then data receiver
Person is by T3Cloud storage service device is sent to, subsequent cloud storage service device is directed to ciphertext C=(C1,C2,C3), judge following formula
It is whether true:
C3=H3{H2[e(skS,C1)]+H2[e(skS,T1)]+T3-C2,
If set up, illustrate that ciphertext is consistent with trapdoor matching, the encryption file corresponding to ciphertext C be sent to Data receiver,
Otherwise, continue the test of next ciphertext, until terminating to the test of all ciphertexts.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510408086.6A CN105024812B (en) | 2015-07-13 | 2015-07-13 | The encryption method that can search for of the nominative testing person of identity-based in cloud storage |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510408086.6A CN105024812B (en) | 2015-07-13 | 2015-07-13 | The encryption method that can search for of the nominative testing person of identity-based in cloud storage |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105024812A CN105024812A (en) | 2015-11-04 |
| CN105024812B true CN105024812B (en) | 2018-07-06 |
Family
ID=54414549
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510408086.6A Active CN105024812B (en) | 2015-07-13 | 2015-07-13 | The encryption method that can search for of the nominative testing person of identity-based in cloud storage |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105024812B (en) |
Families Citing this family (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106407822B (en) * | 2016-09-14 | 2019-06-18 | 华南理工大学 | A kind of keyword, multi-key word can search for encryption method and system |
| CN107181596B (en) * | 2017-06-05 | 2020-08-04 | 福建师范大学 | Searchable encryption method based on bilinear pairings |
| CN107086917B (en) * | 2017-06-06 | 2019-11-12 | 华中科技大学 | The encryption method that a kind of parallelization and structuring public key can search for |
| CN108243000B (en) * | 2018-01-12 | 2021-07-09 | 哈尔滨工业大学深圳研究生院 | Ciphertext searching method in cloud storage system |
| CN109614818B (en) * | 2018-11-30 | 2020-06-05 | 西南石油大学 | Authorized identity-based keyword search encryption method |
| CN111930688B (en) * | 2020-09-23 | 2021-01-08 | 西南石油大学 | Method and device for searching secret data of multi-keyword query in cloud server |
| CN114338025A (en) * | 2021-06-23 | 2022-04-12 | 河南科技大学 | Ciphertext equivalence testing method in cloud environment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102938767A (en) * | 2012-11-13 | 2013-02-20 | 西安电子科技大学 | Efficient verified fuzzy key word searching method based on cloud data subcontract system |
| CN104021157A (en) * | 2014-05-22 | 2014-09-03 | 西安理工大学 | Method for keyword searchable encryption based on bilinear pairs in cloud storage |
| CN104468121A (en) * | 2014-11-27 | 2015-03-25 | 重庆邮电大学 | Public-key searchable encryption method supporting multi-secret-key encryption based on designated server |
-
2015
- 2015-07-13 CN CN201510408086.6A patent/CN105024812B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102938767A (en) * | 2012-11-13 | 2013-02-20 | 西安电子科技大学 | Efficient verified fuzzy key word searching method based on cloud data subcontract system |
| CN104021157A (en) * | 2014-05-22 | 2014-09-03 | 西安理工大学 | Method for keyword searchable encryption based on bilinear pairs in cloud storage |
| CN104468121A (en) * | 2014-11-27 | 2015-03-25 | 重庆邮电大学 | Public-key searchable encryption method supporting multi-secret-key encryption based on designated server |
Non-Patent Citations (2)
| Title |
|---|
| A Multi-User Searchable Symmetric Encryption Scheme for Cloud Storage System;ZHANG Yaling etc.;《IEEE》;20130911;第815-820页 * |
| 指定测试者的基于身份可搜索加密方案;王少辉等;《通信学报》;20140731;第35卷(第7期);第22-32页 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105024812A (en) | 2015-11-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105024812B (en) | The encryption method that can search for of the nominative testing person of identity-based in cloud storage | |
| CN104021157B (en) | Keyword in cloud storage based on Bilinear map can search for encryption method | |
| CN105049196B (en) | The encryption method that multiple keywords of designated position can search in cloud storage | |
| CN105024802B (en) | Multi-user's multi-key word based on Bilinear map can search for encryption method in cloud storage | |
| CN105871543B (en) | Multiple key cipher text retrieval method under more data owner's backgrounds based on attribute | |
| CN105262843B (en) | A kind of anti-data-leakage guard method for cloud storage environment | |
| CN106407822B (en) | A kind of keyword, multi-key word can search for encryption method and system | |
| CN104038349B (en) | Effective and verifiable public key searching encryption method based on KP-ABE | |
| CN109614818B (en) | Authorized identity-based keyword search encryption method | |
| CN105681273B (en) | Client-side deduplication method | |
| CN103095733B (en) | Keyword cipher text retrieval method for cloud storage | |
| CN105069358B (en) | Keyword based on the Bloom filters with storage organization can search for encryption method | |
| CN106161428B (en) | A kind of ciphertext can comparison of equalization encryption attribute method | |
| CN104022866A (en) | Searchable encryption method for multi-user cipher text keyword in cloud storage | |
| CN106599719A (en) | Ciphertext retrieval method supporting efficient key management | |
| CN108737374A (en) | The method for secret protection that data store in a kind of block chain | |
| CN106803784A (en) | The multi-user based on lattice is fuzzy in secure multimedia cloud storage can search for encryption method | |
| CN105320896A (en) | Cloud storage encryption and ciphertext retrieval methods and systems | |
| CN105933281B (en) | A kind of quantum homomorphism symmetrically can search for the method and system of encryption | |
| CN104023051A (en) | Multi-user multi-keyword searchable encryption method in cloud storage | |
| CN108092972B (en) | Multi-authorization-center attribute-based searchable encryption method | |
| CN105743888A (en) | Agent re-encryption scheme based on keyword research | |
| CN104468121B (en) | The encrypted public key of support multi-key cipher based on given server can search for encryption method | |
| CN105007161B (en) | A kind of fuzzy keyword public key search encryption method of trapdoor None- identified | |
| CN109493017A (en) | Credible outsourcing storage method based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| TR01 | Transfer of patent right |
Effective date of registration: 20190506 Address after: Room 1431, 14th floor, Shining Building, 35 College Road, Haidian District, Beijing, 100089 Patentee after: BEIJING KDS DATACENTER SOLUTION CO.,LTD. Address before: 234000 Suzhou City, Anhui Province, Suma Modern Industrial Park Building 2 Patentee before: ANHUI PHETOM INTELLIGENT TRAFFIC TECHNOLOGY Co.,Ltd. Effective date of registration: 20190506 Address after: 234000 Suzhou City, Anhui Province, Suma Modern Industrial Park Building 2 Patentee after: ANHUI PHETOM INTELLIGENT TRAFFIC TECHNOLOGY Co.,Ltd. Address before: 710048 No. 5 Jinhua South Road, Shaanxi, Xi'an Patentee before: Xi'an University of Technology |
|
| TR01 | Transfer of patent right |