CN105323061A - Outsourced key generation and decryption property-based system capable of realizing keyword search and decryption method - Google Patents
Outsourced key generation and decryption property-based system capable of realizing keyword search and decryption method Download PDFInfo
- Publication number
- CN105323061A CN105323061A CN201510870146.6A CN201510870146A CN105323061A CN 105323061 A CN105323061 A CN 105323061A CN 201510870146 A CN201510870146 A CN 201510870146A CN 105323061 A CN105323061 A CN 105323061A
- Authority
- CN
- China
- Prior art keywords
- user
- ciphertext
- private key
- server
- decryption
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Abstract
The invention provides an outsourced key generation and decryption property-based system capable of realizing keyword search. The outsourced key generation and decryption property-based system capable of realizing the keyword search comprises a public parameter setting server, a user private key generation server, an outsourced user private key generation server, a trap door generation server, an encryption server, an outsourced decryption server and a decryption server, wherein the public parameter setting server is in charge of generating a system master key and public parameters; the user private key generation server is in charge of generating a private key pair and a local user private key; the outsourced user private key generation server is in charge of generating an outsourced user private key; the trap door generation server is in charge of assisting a user to generate an inquiry password and a trap door; the encryption server is in charge of encrypting a message and generating corresponding ciphertext and keyword indexes; the outsourced decryption server is in charge of decrypting an outsourced part of the ciphertext according with user right and searching for matching ciphertext by adopting the trap door submitted by the user; and the decryption server decrypts partially decrypted ciphertext, so that the message is restored. The invention provides a method for searching ciphertext matched with keywords.
Description
Technical field
The invention belongs to information security field, relate to the data encryption technology of network security, refer to especially a kind of can the outsourcing secret generating of keyword search and the attribute based system of deciphering and decryption method.
Background technology
Encryption method tool based on attribute can realize accessing the fine granularity of enciphered data and controlling.Attribute base encryption method mainly comprises two types, is policy attribute base encryption method and ciphertext policy ABE base encryption method respectively.In key policy attribute base encryption method, private key for user is associated with an access structure, and ciphertext is associated with a community set, time the community set that and if only if associates with ciphertext meets the access structure of private key for user, user can decipher and obtain expressly.Otherwise the incidence relation of access structure and community set in ciphertext policy ABE base encryption method.
Along with the develop rapidly of cloud computing, more prevalent as a kind of function mode of resource using computing capability in cloud computing.This function mode can make the user on network can this computational resource of acquisition quickly and easily, also can discharge this resource rapidly simultaneously.This with regard to make we can according to the demand of self visit provide in server various, resourceful, conveniently serve.
Although these advantages of cloud service provider make it become the strong tools operating user data in a cloud computing, but it major defect has to be taken seriously: the calculation cost of secret generating and decryption phase is along with the complexity linear growth of access structure, and this is for resource-constrained mobile device (such as cell phone apparatus) being a fatal application bottleneck.Attribute authority center can be reduced in a large number based on the outsourcing secret generating of attribute, decryption system and generate private key and user's access to be stored in high in the clouds data computational efficiency with ciphertext form to user by using.But along with the data bulk level be stored in cloud increase progressively, the data how to find user to specify from the data being stored in high in the clouds in a large number efficiently have become the difficult problem faced by having to.User not only needs to obtain data from high in the clouds, also needs setting data controller, thus reaches the function of the data only obtaining nominal key.
Based on above analysis, the present inventor carries out Improvement combination for existing public key cryptography scheme of searching for and outsourcing KP-ABE scheme, and the present invention produces thus.
Summary of the invention
One object of the present invention be to provide a kind of can the outsourcing secret generating of keyword search and the attribute based system of deciphering and decryption method, the present invention can search for encipherment scheme and outsourcing encipherment scheme system combines, provide a kind of can the outsourcing secret generating of keyword search and the attribute based system of deciphering and decryption method.The deciphering benefiting from minimizing user download and the unwanted ciphertext can searching for encipherment scheme calculates, method proposed by the invention not only allows CP-ABE can be used in resource-constrained equipment, and it is effective beyond the clouds according to keyword search ciphertext method to be supplied to user one, the application of outsourcing attribute base encryption and decryption scheme makes whole method be applicable to the equipment of Bandwidth-Constrained.
The object of the present invention is to provide a kind of can the outsourcing secret generating of keyword search and the attribute based system of deciphering and decryption method, reduce the calculation cost of attribute authority center and user side, the calculating of costliness is contracted out to Cloud Server supplier (CSP) and goes process, and in the ciphertext that CSP stores, search for index corresponding to ciphertext according to the encrypted keyword that user submits to, thus find user efficiently and specify the ciphertext that will check.
In order to reach above-mentioned purpose, solution of the present invention is:
Can the outsourcing secret generating of keyword search and an attribute based system for deciphering, it is characterized in that: comprise open parameter setting service device, private key for user generation server, outsourcing private key for user generation server, trapdoor generation server, encryption server, outsourcing decryption server, decryption server;
Open parameter setting service device, is responsible for generation system master key and open parameter, and open parameter sends to other parts of system; Private key for user generation server, generate pair of secret keys to and local user's private key, and outsourcing is generated private component send;
A complete private key for user is finally integrated into outsourcing private key for user generation server;
Outsourcing private key for user generation server, generates outsourcing private key for user, sends to private key for user generation server;
Trapdoor generation server, assisting users generated query private key and trapdoor;
Encryption server, generates corresponding ciphertext and key word index to message encryption, and sends it to outsourcing decryption server; Outsourcing decryption server, carries out the deciphering of outsourcing part to the ciphertext meeting user right and the trapdoor using user to submit to search;
The ciphertext of coupling, if keyword match success, sends to decryption server by the ciphertext of part deciphering and ciphertext;
Decryption server, is decrypted to recover message to the ciphertext of part deciphering.
And based on above-mentioned can the decryption method of the outsourcing secret generating of keyword search and the attribute based system of deciphering, comprise the following steps:
A. the open parameter PK and system master key MSK of initialization system; Wherein steps A comprises further,
A1. the multiplication loop group G that rank are p is chosen
1, G
2and bilinear map e:G
1× G
1→ G
2;
A2. random selecting generator g ∈ G
1with element g
2, h, h
1, h
2, h
3, h
4, h
5∈ G
1, each element i wherein in Attribute domain U corresponds to h
i, random selecting element
, wherein
expression set 1,2 ..., p-2, p-1}, choose two crash-resistant hash function H
1: { 0,1}
*→ G
1, H
2: G
2→ { 0,1}
logp;
A3. g is calculated
1=g
x;
B. according to system open parameter PK, system master key MSK and access structure
generate the double secret key (OK of user
kGCSP, OK
tA), wherein OK
tAfor generating local key SK
tA, OK
kGCSPfor generating outsourcing key;
C. according to system open parameter PK, access structure
outsourcing key OK
kGCSPgenerate the outsourcing private key SK of user
kGCSP;
D. according to the open parameter PK of system, system master key MSK, commitment value q
bFand access structure
generated query private key QK, and generate corresponding search private key and trapdoor T according to keyword kw and private key for user SK and blinding factor BF
kw; Wherein, commitment value q
bFbeing the blinding factor that generates of user generates in conjunction with the part of private key; Access structure
here the subset in Attribute domain is reduced to; Blinding factor BF is user's stochastic generation; Access structure
with the subset that community set is all in the Attribute domain U set in step; Kw is the character string that user specifies, with 01 binary system byte representation; SK
tAthe TA end key for generating SK, SK
tAalso local key is referred to as, and OK
kGCSPit is the KGCSP end key SK for generating SK
kGCSP, SK=(SK
tA, SK
kGCSP); Kw is the keyword that deciphering person uses when inquiring about magnanimity encrypt data;
E. according to system open parameter PK, community set ω, message M is encrypted, obtains ciphertext CT, and use keyword KW, the index IX (KW) of generating ciphertext; Wherein, community set ω is a subset in Attribute domain U; Message M is crowd G
2in an element; The keyword that the message of the KW representative information owner to oneself is selected;
F. according to system open parameter PK, trapdoor T
kwoutsourcing decryption oprerations is carried out to initial ciphertext CT, generating portion decrypting ciphertext Q
cT, and keyword KW matching operation is carried out to index IX (KW), the keyword that the message of the KW representative information owner to oneself is selected, if success, then the ciphertext of part deciphering is sent to decryption server; Initial ciphertext CT is the ciphertext corresponding to message M that step e generates;
G. according to system open parameter PK, local private key SK
tAto part decrypting ciphertext Q
cTcarry out complete decryption oprerations, and whether checking is the plaintext M corresponding to initial ciphertext CT, if then export M, if not then output error message.
Further, in described steps A, selected hash function H
1{ 0,1}
*to G
1cryptographic Hash function, hash function H
2g
2to { 0,1}
logpcryptographic Hash function,
expression set 1,2 ..., p-1};
The open parameter PK of system is PK=(G
1, G
2, g, g
1, g
2, h, h
1, h
2, h
3, h
4, h
5, H
1, H
2), system master key MSK is MSK=x;
Wherein, Attribute domain U is { " baf ", " bar ", " fim1 ", " fim ", " foo " }, access structure
for " bafbarfim12of3 ", ciphertext attribute ω gathers for { " baf ", " bar " }, and S is the { set of the attribute of ω ∩ A} that satisfies condition.
Further, described step B comprises:
B1. for having access structure
user, random selecting
wherein x
1that a part for cipher key pair is for generating OK
kGCSP, r
θit is a random commitment value;
B2. x is calculated
2=x-x
1mould p, calculates
calculate
wherein x
2that a part for cipher key pair is for generating SK
tA;
User key is to (OK
kGCSP, OK
tA) be (OK
kGCSP, OK
tA)=(x
1, x
2), the local private key SK of user
tAfor SK
tA={ d
θ 0, d
θ 1.
Further, described step C comprises:
C1. for having access structure
user, be access structure
in root node R Stochastic choice d-1 order polynomial q (x), wherein, d represents the secret sharing threshold value of root node R, and q (0)=x
1, q (x)=x+q (0);
C2: be access structure
in each child node i of node R of digging up the roots select a d
i-1 order polynomial q
a, wherein, d
irepresent the secret sharing threshold value of node i, and q
i(0)=q
parent (i)(index (i)), the father node R of function parent (i) return node i, the order of function index (i) return node in its father node, finally for each attribute belonging to access structure
calculate q (1)=1+q (0), q (2)=2+q (0), q (3)=3+q (0);
C3: for each attribute belonging to access structure
random selecting r
i∈ Z
p *, calculate
the lagrange polynomial that wherein q (i) representation node i is corresponding;
User's outsourcing private key SK
kGCSPfor
Further, described step D comprises:
D1. random selecting blinding factor
D2. calculate
calculating inquiry private key QK is
D3. search private key T is calculated
q(kw) be T
q(kw)=H
1(kw) QK
u, I=(I is set
i0=d
i0, I
i1=d
i1); Wherein, I is used for constructing a d part in trapdoor, is different from SK here
kGCSPand be only used as to arrange;
The trapdoor of user is T
kw=(T
q(kw), I, D
1).
Further, described step e comprises:
E1. random selecting secret value
cleartext information M ∈ G
2;
E2. C is calculated
0=Me (g
1, g
2)
s∈ G
2, C
1=g
s∈ G
1, C
θ=(g
1h)
s∈ G
1, C is calculated for the element i in each community set ω
i=(g
1h
i)
s, obtain ciphertext CT=(ω ∪ { θ }, C
0, C
1, { C
i}
i ∈ ω ', C
θ);
E3. keyword kw is chosen
0=" keyword ", calculates k
0=e (g
1, g
2)
se (g, H
1(kw
0))
s∈ G
2; K
0=H
2(k
0) ∈ { 0,1}
logp, K is set
1=C
1=g
s∈ G
1, K
2=C
θ=(g
1h)
s∈ G
1; Wherein, k
0to keyword kw
0the median of encryption, K
0k
1k
2only as the member of formation of ciphertext index;
Index corresponding to ciphertext is IX (KW)=(K
1, K
2, K
0), upload ciphertext index to (CT, IX (kw
0)).
Further, described step F comprises:
F1. calculate
obtain part decrypting ciphertext;
F2. calculate
F3. H is verified
2(k)=H
2(k
kw) whether equal, if coupling, send to user.
Further, described step G comprises:
G1. calculate
if successful decryption output message M, otherwise output error message.
After adopting such scheme, the present invention ensure secret generating cloud service provider can not with user's collusion under when, give the method for attribute authority center outsourcing secret generating, give user's outsourcing decrypting ciphertext and method to ciphertext key search, while making user and attribute authority center greatly reduce communication cost, more efficiently obtain the ciphertext oneself wanted more accurately, even if make can use too in the equipment of Bandwidth-Constrained.Therefore the present invention is a kind of encryption method safely and efficiently newly.
Accompanying drawing explanation
Fig. 1 be of the present invention can the schematic diagram of the outsourcing secret generating of keyword search and the attribute based system of deciphering.
Fig. 2 be of the present invention can the flow chart of the outsourcing secret generating of keyword search and the attribute based system of deciphering.
Embodiment
Below in conjunction with accompanying drawing, technical scheme of the present invention is described in further detail:
Of the present inventionly the outsourcing secret generating of keyword search and the attribute based system of deciphering can to realize based on Bilinear map, to briefly introduce the related notion of Bilinear map and required satisfied character below:
Make G
1, G
2the multiplication loop group of to be rank be p, wherein p is prime number, and g is G
1generator.Suppose G
1and G
2discrete logarithm problem on these two groups is all difficult problem.Bilinear map on definition group is: e:G
1× G
1→ G
2, and meet character below:
1. bilinearity .e (u
a, v
b)=e (u, v)
ab, to all u, v ∈ G
1, a, b ∈ Z
p *with g ∈ G
1all set up.
2. non-degeneracy .e (u, v) ≠ 1, wherein 1 is G
tidentical element, there is u, v ∈ G
1.
3. computability. there is efficient algorithm to calculate e (u, v), to all u, v ∈ G
1.
The entity of the method for the invention design comprises: open parameter setting service device, data owner, user, user's private
Key generation server, outsourcing private key for user generation server, trapdoor generation server, encryption server, decryption server, outsourcing decryption server.
With reference to accompanying drawing 1, system of the present invention comprises: open parameter setting service device A, private key for user generation server B, outsourcing private key for user generation server C, trapdoor generation server D, encryption server E, outsourcing decryption server F, decryption server G;
Open parameter setting service device A, for generation system master key MSK and the open parameter PK of system, MSK is sent to private key for user generation server B, open for system parameter is sent to private key for user generation server B, outsourcing private key for user generation server C, trapdoor generation server D, encryption server E, outsourcing decryption server F, decryption server G;
Private key for user generation server B, generates pair of secret keys to (OK
kGCSP, OK
tA) and local user's private key SK
tA,
And by outsourcing key part OK
tAsend to outsourcing private key for user generation server C, be finally integrated into a complete private key for user SK=(SK
kGCSP, SK
tA);
Outsourcing private key for user generation server C, generates outsourcing private key for user SK
tA, send to private key for user generation server B;
Trapdoor generation server D, assisting users generated query private key QK and trapdoor T
kw;
Encryption server E, generates corresponding ciphertext CT and key word index IX (KW) to message M encryption, and by it
Give outsourcing decryption server F;
Outsourcing decryption server F, carries out outsourcing part deciphering Q to the ciphertext meeting user right
cTand use user to submit to fall into
Door T
kwthe ciphertext CT of search coupling, if keyword match success, by the ciphertext Q of part deciphering
cTdecryption server is sent to ciphertext CT;
Decryption server G, is decrypted to recover message M to the ciphertext of part deciphering.
With reference to accompanying drawing 2, utilize JPBC to realize the solution of the present invention and introduce concrete steps of the present invention:
The disclosure parameter setting service device A performs following steps:
A1. the multiplication loop group G that rank are p=730750818665451621361119245571504901405976559617 is chosen
1, G
tand bilinear map e:G
1× G
1→ G
t(calculating of bilinear map is described in detail in the text);
A2. random selecting G
1a generator
G=103115435933936452134304505891004073159520905969758408 42,733,029,794,299,513,258,106,990,160,211,798,334,768,745,195,518,746,047 26007725211505946622503952333557370545686961,83845705990382906555658456584446919804047046297597590634 59,703,423,751,048,038,933,454,595,147,350,309,372,529,122,707,603,091,488 03241712242741177063460775755489219242211,0 and G
1seven elements
g
2=2996956313572878486305223726340338170515950073209579060717955111379282216037987204128146242533658008490598497345065295735660325774122980854272929310654612,5345747197836944684948985484995155810347782381059903177163911627323208680111300842891590271277101626439640959477937772243914856720065123295911416266703665,0,
h=5331027976649792598350678822987460172628253252052356514924543820717669851018009343997155379739416157293355018294169133077561559812243065538821648927618698,7665065526830539958876550107257546780259461980109300504185900137558656730132989728273209969774106681754179891260204174659838085707677789499457663645711569,0,
h
1=1449304265568170904245697940575253360597390505911247557124850089649241676242792036828097757920278187249480091718380154439958227164089143362332511788828754,777832331088560819950055009193538834877940545870602120519220824905904088293909147090741576456930048914901417275752355105598949719701130212945850164923168,0,
h
2=4289372133375756957764579185608813043108027820136002151498691228414904455943938838828214598202044625184176479755457898285237784311115146852795599980559190,3672790579318317189793202008882114583565040477404726869351974775943894035241875423687680384720517033301781847417783906897621929964019776620059278695746339,0,
h
3=3315749502556607156632251253733814723577003595274789852439029977299902169177047676363949887648155364418031735937358158657070218728464777314824404125312665,3810126980677050577665570787152367499993559284631188912132189411897104888761766936121823830123905887378320711429983308992648905639255294987793678363005147,0,
h
4=5186724949944513519057422969207095397573924633893026654701566587412528410342743010513054214005324021837456116346524467358087341175554403645747161591161202,6235711583461873475318650759529776817647420015276548955469436444665955625183523569981625072189284254441511902819805426933431010125520623197848844562156042,0,
H
5=61,769,857,542,743,911,309,822,801,174,388,790,452,836,225,363,498,159,072 64,884,738,254,412,524,038,675,165,798,374,046,503,084,205,987,585,276,162 374189524524660584245351210793522918275495,53841096966409379739651499923284168910572311745409820068 85,136,948,122,209,259,566,872,055,538,969,075,746,164,658,696,092,100,104 485569334668171539743297345930982240443576,0 random selecting group
element
X=669812803067698262930111597907784963319333126830, chooses two crash-resistant hash function H
1: { 0,1}
*→ G
1, H
2: G
2→ { 0,1}
logp;
A3. calculate
g
1=g
x=4796939779431976787276897523069193723200513393212908416288786818247863475170478073514807428462628339310065605125180500555072479468035363394418789700628822,2462580809524776969076579526786222324068760241961058309901056389137011588686349575507979223693964075238857043800883903836036021891262207091994852650600253,0;
In above-mentioned steps A2, selected hash function H
1{ 0,1}
*to G
1cryptographic Hash function, hash function H
2g
2to { 0,1}
logpcryptographic Hash function,
expression set 1,2 ..., p-1}.
The open parameter PK of system is PK=(G
1, G
2, g, g
1, g
2, h, h
1, h
2, h
3, h
4, h
5, H
1, H
2), system master key MSK is MSK=x.
In this case facilitate expression, our Attribute domain U is { " baf ", " bar ", " fim1 ", " fim ", " foo " }, access structure
for " bafbarfim12of3 ", ciphertext attribute ω gathers for { " baf ", " bar " }, and S is the { set of the attribute of ω ∩ A} that satisfies condition.
Private key for user generation server B performs following steps:
B1. for having access structure
user, random selecting
x
1∈Z
p *=428732144815122518988285519266275301542788327758,
r
θ∈Z
p *=628995706652160343400399383347701737840882048950;
B2. calculate
X
2=x-x
1mould p=241080658252575743941826078641509661776544799072,
Calculate
calculate
User key is to (OK
kGCSP, OK
tA) be (OK
kGCSP, OK
tA)=(x
1, x
2), the local private key SK of user
tAfor SK
tA={ d
θ 0, d
θ 1.
Outsourcing private key for user generation server C performs following steps:
C1. for having access structure
user, be access structure
in root node R Stochastic choice d-1 order polynomial q (x), wherein, d represents the secret sharing threshold value of root node R, and q (0)=x
1, q (x)=x+q (0);
C2: be access structure
in each child node i of node R of digging up the roots select a d
i-1 order polynomial q
a, wherein, d
irepresent the secret sharing threshold value of node i, and q
i(0)=q
parent (i)(index (i)), the father node R of function parent (i) return node i, the order of function index (i) return node in its father node, finally for each attribute belonging to access structure
calculate q (1)=1+q (0), q (2)=2+q (0), q (3)=3+q (0);
C3: for each attribute belonging to access structure
random selecting r
i∈ Z
p *, calculate
wherein
r
1=328522665943500109354942429016051439658605574316,
r
2=520713677076623573970852203894904602847218187281,
r
3=458541357356566306056619868665681094034250512554,
User's outsourcing private key SK
kGCSPfor
Trapdoor generation server D performs following steps:
D1. random selecting
D2. calculate
Calculating inquiry private key QK is
D3. search private key T is calculated
q(kw) be
T
q(kw)=H
1(kw)QK
u=5699046326071696423505449678334220635954876039485578154825375842193499715768582042234590049877310975564881880865714097715431267379171646687297217534309333,1708702741681784663983340914817346644399173866857083312406346779309207779477828843873785703714897897708487344945274923153916747784543373176377243648758679,0,
I=(I is set
i0=d
i0, I
i1=d
i1);
The trapdoor of user is T
kw=(T
q(kw), I, D
1).
Encryption server E performs following steps:
E1. random selecting secret value
s∈Z
p *=127646386969357970388879198350607449573579297363,
Cleartext information M ∈ G
2={ x=571146304485721359448640629486994977269480783208762768 48,482,318,156,003,790,441,855,939,444,464,589,609,235,113,757,641,545,717 98011939230454066985599964789604020092113964, y=610448276339820892791234596961527456755724802443468049 11298438427895390601952471583262968553777186767691532524 13873766688573256130597016227487334355139519};
E2. calculate
C
0=Me(g
1,g
2)
s={x=4579937297282901003772824603212181217571112007589661102447203353773507843569252795353932923805989984451127158256364533792024396016388985778569042038021107,y=5621414109330008717086133347651409884254009316344971205815492236358547116158282601442332674056797761797846095219470353913706242212190527270387601457759946},
C
1=g
s=4211945308920508816858960499930821167247650238029959232726501338536785933363637555844064000770696919160309735803942643422949985520054990022375780304132231,6070398446482108713305607487559399517650432365117379077567950981049294560373586653764455974309431302642119655263602880685430397715857564465187538849567535,0,
C
θ=(g
1h)
s=8150102248299095867455277430037573661961946284510391037311232160539404136443688173022493769638905413080568414179528196642346582241805646095883157893541607,2135737955298367093194257009021511340747035005535190704265199605957036428674080698313978119195847487760274430304866734667390685658476357395368820261041291,0,
Element i in each community set ω is calculated
C
i0=(g
1h
i0)
s=6702769949655652491359617480443446857473401320489147395335059590486711825806699360648180340134859182398256135057904363961590467659910113340181261743446883,3946291599871531519753923648755744952141536509026890372765499502563001579619376344315888415857351849102506818218343691901896459044760904817691269925880207,0,
C
i1=(g
1h
i1)
s=285557960508432770456912652110952012824012126046725903339941583879845392977049835338798908797161982110188487586979319004332507331742929947875743673826359,7764131017982549704650724750169139071421876069863657720851466945086197775130602424991356170690619070288957870162568806044233489620202235367229188411666813,0
Obtain ciphertext CT=(ω ∪ { θ }, C
0, C
1, { C
i}
i ∈ ω ', C
θ);
E3. keyword kw is chosen
0=" keyword ", calculates
H
1(kw
0)=45329154377060642504816861511255438475424932319157816743223852173739247023664,0,1,
k
0=e(g
1,g
2)
s·e(g,H
1(kw
0))
s={x=6318174415940824225160251161878230692337208824001192000577071811730387677627232647558934438883039215665352952581746067153600971665530775350900241570857840,y=5759917009799121396568813915897045357303340313874717763367800403236076252000589318314568593414336863369159030911478591370257736199939307720578763136811132},
K
0=H
2(k
0)=c08cf969d1a7278c03a72cff5b17965b,
Arrange
K
1=C
1=g
s=4211945308920508816858960499930821167247650238029959232726501338536785933363637555844064000770696919160309735803942643422949985520054990022375780304132231,6070398446482108713305607487559399517650432365117379077567950981049294560373586653764455974309431302642119655263602880685430397715857564465187538849567535,0,
K
2=C
θ=(g
1h)
s=8150102248299095867455277430037573661961946284510391037311232160539404136443688173022493769638905413080568414179528196642346582241805646095883157893541607,2135737955298367093194257009021511340747035005535190704265199605957036428674080698313978119195847487760274430304866734667390685658476357395368820261041291,0。
Index corresponding to ciphertext is IX (KW)=(K
1, K
2, K
0), upload ciphertext index to (CT, IX (kw
0)).Outsourcing decryption server F performs following steps:
F1. calculate
Obtain part decrypting ciphertext;
F2. calculate
F3. H is verified
2(k)=H
2(k
kw) whether equal,
H
2(k)=c08cf969d1a7278c03a72cff5b17965b,
H
2(k
kw)=c08cf969d1a7278c03a72cff5b17965b, obviously equal, therefore send to decryption server G to decipher completely part decrypting ciphertext and ciphertext
Decryption server G performs following steps:
G1. calculate
Successful decryption output message M, otherwise output error message.
More than just the preferred embodiment of the present invention is described.Concerning those skilled in the art, other advantage and distortion can be associated easily according to above execution mode.Therefore, the present invention is not limited to above-mentioned execution mode, and it carries out detailed, exemplary explanation as just example to a kind of form of the present invention.Not deviating from the scope of present inventive concept, the usual change that those of ordinary skill in the art carry out in the aspects of the technology of the present invention and replacement, all should be included within protection scope of the present invention.
Claims (9)
1. can the outsourcing secret generating of keyword search and an attribute based system for deciphering, it is characterized in that: comprise open parameter setting service device, private key for user generation server, outsourcing private key for user generation server, trapdoor generation server, encryption server, outsourcing decryption server, decryption server;
Open parameter setting service device, is responsible for generation system master key and open parameter, and open parameter sends to other parts of system; Private key for user generation server, generate pair of secret keys to and local user's private key, and outsourcing is generated private component send;
A complete private key for user is finally integrated into outsourcing private key for user generation server;
Outsourcing private key for user generation server, generates outsourcing private key for user, sends to private key for user generation server;
Trapdoor generation server, assisting users generated query private key and trapdoor;
Encryption server, generates corresponding ciphertext and key word index to message encryption, and sends it to outsourcing decryption server; Outsourcing decryption server, carries out the deciphering of outsourcing part to the ciphertext meeting user right and the trapdoor using user to submit to search;
The ciphertext of coupling, if keyword match success, sends to decryption server by the ciphertext of part deciphering and ciphertext;
Decryption server, is decrypted to recover message to the ciphertext of part deciphering.
2., based on can the decryption method of the outsourcing secret generating of keyword search and the attribute based system of deciphering in claim 1, it is characterized in that, comprise the steps:
A. the open parameter PK and system master key MSK of initialization system; Wherein steps A comprises further,
A1. the multiplication loop group G that rank are p is chosen
1, G
2and bilinear map e:G
1× G
1→ G
2;
A2. random selecting generator g ∈ G
1with element g
2, h, h
1, h
2, h
3, h
4, h
5∈ G
1, each element i wherein in Attribute domain U corresponds to h
i, random selecting element
, wherein
expression set 1,2 ..., p-2, p-1}, choose two crash-resistant hash function H
1: { 0,1}
*→ G
1, H
2: G
2→ { 0,1}
logp;
A3. g is calculated
1=g
x;
B. according to system open parameter PK, system master key MSK and access structure
generate the double secret key (OK of user
kGCSP, OK
tA), wherein OK
tAfor generating local key SK
tA, OK
kGCSPfor generating outsourcing key;
C. according to system open parameter PK, access structure
outsourcing key OK
kGCSPgenerate the outsourcing private key SK of user
kGCSP;
D. according to the open parameter PK of system, system master key MSK, commitment value q
bFand access structure
generated query private key QK, and generate corresponding search private key and trapdoor T according to keyword kw and private key for user SK and blinding factor BF
kw; Wherein, commitment value q
bFbeing the blinding factor that generates of user generates in conjunction with the part of private key; Access structure
here the subset in Attribute domain is reduced to; Blinding factor BF is user's stochastic generation; Access structure
with the subset that community set is all in the Attribute domain U set in step; Kw is the character string that user specifies, with 01 binary system byte representation; SK
tAthe TA end key for generating SK, SK
tAalso local key is referred to as, and OK
kGCSPit is the KGCSP end key SK for generating SK
kGCSP, SK=(SK
tA, SK
kGCSP); Kw is the keyword that deciphering person uses when inquiring about magnanimity encrypt data;
E. according to system open parameter PK, community set ω, message M is encrypted, obtains ciphertext CT, and use keyword KW, the index IX (KW) of generating ciphertext; Wherein, community set ω is a subset in Attribute domain U; Message M is crowd G
2in an element; The keyword that the message of the KW representative information owner to oneself is selected;
F. according to system open parameter PK, trapdoor T
kwoutsourcing decryption oprerations is carried out to initial ciphertext CT, generating portion decrypting ciphertext Q
cT, and keyword KW matching operation is carried out to index IX (KW), the keyword that the message of the KW representative information owner to oneself is selected, if success, then the ciphertext of part deciphering is sent to decryption server; Initial ciphertext CT is the ciphertext corresponding to message M that step e generates;
G. according to system open parameter PK, local private key SK
tAto part decrypting ciphertext Q
cTcarry out complete decryption oprerations, and whether checking is the plaintext M corresponding to initial ciphertext CT, if then export M, if not then output error message.
3. decryption method as claimed in claim 2, is characterized in that, in described steps A, and selected hash function H
1{ 0,1}
*to G
1cryptographic Hash function, hash function H
2g
2to { 0,1}
logpcryptographic Hash function,
expression set 1,2 ..., p-1};
The open parameter PK of system is PK=(G
1, G
2, g, g
1, g
2, h, h
1, h
2, h
3, h
4, h
5, H
1, H
2), system master key MSK is MSK=x;
Wherein, Attribute domain U is { " baf ", " bar ", " fim1 ", " fim ", " foo " }, access structure
for " bafbarfim12of3 ", ciphertext attribute ω gathers for { " baf ", " bar " }, and S is the { set of the attribute of ω ∩ A} that satisfies condition.
4. decryption method as claimed in claim 3, it is characterized in that, described step B comprises:
B1. for having access structure
user, random selecting
wherein x
1that a part for cipher key pair is for generating OK
kGCSP, r
θit is a random commitment value;
B2. x is calculated
2=x-x
1mould p, calculates
calculate
wherein x
2that a part for cipher key pair is for generating SK
tA;
User key is to (OK
kGCSP, OK
tA) be (OK
kGCSP, OK
tA)=(x
1, x
2), the local private key SK of user
tAfor SK
tA={ d
θ 0, d
θ 1.
5. decryption method as claimed in claim 4, is characterized in that described step C comprises:
C1. for having access structure
user, be access structure
in root node R Stochastic choice d-1 order polynomial q (x), wherein, d represents the secret sharing threshold value of root node R, and q (0)=x
1, q (x)=x+q (0);
C2: be access structure
in each child node i of node R of digging up the roots select a d
i-1 order polynomial q
a, wherein, d
irepresent the secret sharing threshold value of node i, and q
i(0)=q
parent (i)(index (i)), the father node R of function parent (i) return node i, the order of function index (i) return node in its father node, finally for each attribute belonging to access structure
calculate q (1)=1+q (0), q (2)=2+q (0), q (3)=3+q (0);
C3: for each attribute belonging to access structure
random selecting r
i∈ Z
p *, calculate
the lagrange polynomial that wherein q (i) representation node i is corresponding;
User's outsourcing private key SK
kGCSPfor
6. decryption method as claimed in claim 5, is characterized in that described step D comprises:
D1. random selecting blinding factor
D2. calculate
calculating inquiry private key QK is
D3. search private key T is calculated
q(kw) be T
q(kw)=H
1(kw) QK
u, I=(I is set
i0=d
i0, I
i1=d
i1); Wherein, I is used for constructing a d part in trapdoor, is different from SK here
kGCSPand be only used as to arrange;
The trapdoor of user is T
kw=(T
q(kw), I, D
1).
7. decryption method as claimed in claim, is characterized in that described step e comprises:
E1. random selecting secret value s ∈ Z
p *, cleartext information M ∈ G
2;
E2. C is calculated
0=Me (g
1, g
2)
s∈ G
2, C
1=g
s∈ G
1, C
θ=(g
1h)
s∈ G
1, C is calculated for the element i in each community set ω
i=(g
1h
i)
s, obtain ciphertext CT=(ω ∪ { θ }, C
0, C
1, { C
i}
i ∈ ω ', C
θ);
E3. keyword kw is chosen
0=" keyword ", calculates k
0=e (g
1, g
2)
se (g, H
1(kw
0))
s∈ G
2; K
0=H
2(k
0) ∈ { 0,1}
logp, K is set
1=C
1=g
s∈ G
1, K
2=C
θ=(g
1h)
s∈ G
1; Wherein, k
0to keyword kw
0the median of encryption, K
0k
1k
2only as the member of formation of ciphertext index;
Index corresponding to ciphertext is IX (KW)=(K
1, K
2, K
0), upload ciphertext index to (CT, IX (kw
0)).
8. decryption method as claimed in claim 7, is characterized in that described step F comprises:
F1. calculate
obtain part decrypting ciphertext;
F2. calculate
F3. H is verified
2(k)=H
2(k
kw) whether equal, if coupling, send to user.
9. decryption method as claimed in claim 8, is characterized in that described step G comprises:
G1. calculate
if successful decryption output message M, otherwise output error message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510870146.6A CN105323061B (en) | 2015-12-02 | 2015-12-02 | It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510870146.6A CN105323061B (en) | 2015-12-02 | 2015-12-02 | It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105323061A true CN105323061A (en) | 2016-02-10 |
CN105323061B CN105323061B (en) | 2019-07-12 |
Family
ID=55249722
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510870146.6A Active CN105323061B (en) | 2015-12-02 | 2015-12-02 | It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105323061B (en) |
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN106209790A (en) * | 2016-06-28 | 2016-12-07 | 电子科技大学 | A kind of hiding Ciphertext policy efficiently can verify that outsourcing attribute base encryption method |
CN106301776A (en) * | 2016-08-01 | 2017-01-04 | 河海大学 | Many authorization center outsourcing attribute base encryption method of a kind of keyword search and system |
CN106612270A (en) * | 2016-05-20 | 2017-05-03 | 四川用联信息技术有限公司 | Keyword search algorithm based on attribute encryption in cloud computing |
CN107104982A (en) * | 2017-05-26 | 2017-08-29 | 福州大学 | Have traitor tracing function in mobile electron medical treatment can search for encryption system |
WO2017181911A1 (en) * | 2016-04-18 | 2017-10-26 | 深圳大学 | Method of storing and searching for encrypted file on the basis of public key, and storage system |
CN108259517A (en) * | 2018-04-24 | 2018-07-06 | 上海海事大学 | A kind of encryption method of Key-insulated attribute for realizing Ciphertext policy |
CN109740362A (en) * | 2019-01-03 | 2019-05-10 | 中国科学院软件研究所 | A kind of ciphertext index generation and search method and system based on entropy coding |
CN111066076A (en) * | 2017-09-12 | 2020-04-24 | 三菱电机株式会社 | Registration terminal, search server, search system, registration program, and search program |
CN111556048A (en) * | 2020-04-26 | 2020-08-18 | 山东师范大学 | Attribute-based secure communication method and system supporting ciphertext mode matching |
WO2021190453A1 (en) * | 2020-03-23 | 2021-09-30 | 齐鲁工业大学 | Lightweight attribute-based signcryption method for cloud and fog-assisted internet of things |
CN113794561A (en) * | 2021-09-14 | 2021-12-14 | 山东大学 | Public key searchable encryption method and system |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103731432A (en) * | 2014-01-11 | 2014-04-16 | 西安电子科技大学昆山创新研究院 | Multi-user supported searchable encryption system and method |
CN103944711A (en) * | 2014-02-17 | 2014-07-23 | 国家超级计算深圳中心 | Cloud storage ciphertext retrieval method and system |
CN105007161A (en) * | 2015-06-12 | 2015-10-28 | 电子科技大学 | Fuzzy keyword public key searchable encryption scheme achieving unrecognizable trap door |
-
2015
- 2015-12-02 CN CN201510870146.6A patent/CN105323061B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103731432A (en) * | 2014-01-11 | 2014-04-16 | 西安电子科技大学昆山创新研究院 | Multi-user supported searchable encryption system and method |
CN103944711A (en) * | 2014-02-17 | 2014-07-23 | 国家超级计算深圳中心 | Cloud storage ciphertext retrieval method and system |
CN105007161A (en) * | 2015-06-12 | 2015-10-28 | 电子科技大学 | Fuzzy keyword public key searchable encryption scheme achieving unrecognizable trap door |
Non-Patent Citations (1)
Title |
---|
JIN LI,ET AL.: "Fine-Grained Access Control System Based on Outsourced Attribute-Based Encryption", 《PROC.18TH EUROPEAN SYMPOSIUM ON RESEARCH IN COMPUTER SECURITY》 * |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2017181911A1 (en) * | 2016-04-18 | 2017-10-26 | 深圳大学 | Method of storing and searching for encrypted file on the basis of public key, and storage system |
CN106612270A (en) * | 2016-05-20 | 2017-05-03 | 四川用联信息技术有限公司 | Keyword search algorithm based on attribute encryption in cloud computing |
CN106209790B (en) * | 2016-06-28 | 2020-02-07 | 电子科技大学 | Efficient verifiable outsourcing attribute-based encryption method for hidden ciphertext strategy |
CN106209790A (en) * | 2016-06-28 | 2016-12-07 | 电子科技大学 | A kind of hiding Ciphertext policy efficiently can verify that outsourcing attribute base encryption method |
CN106301776B (en) * | 2016-08-01 | 2019-04-19 | 河海大学 | A kind of more authorization center outsourcing attribute base encryption methods and system of keyword search |
CN106301776A (en) * | 2016-08-01 | 2017-01-04 | 河海大学 | Many authorization center outsourcing attribute base encryption method of a kind of keyword search and system |
CN107104982B (en) * | 2017-05-26 | 2019-10-15 | 福州大学 | It can search for encryption system with traitor tracing function in mobile electron medical treatment |
CN107104982A (en) * | 2017-05-26 | 2017-08-29 | 福州大学 | Have traitor tracing function in mobile electron medical treatment can search for encryption system |
CN111066076A (en) * | 2017-09-12 | 2020-04-24 | 三菱电机株式会社 | Registration terminal, search server, search system, registration program, and search program |
CN108259517A (en) * | 2018-04-24 | 2018-07-06 | 上海海事大学 | A kind of encryption method of Key-insulated attribute for realizing Ciphertext policy |
CN108259517B (en) * | 2018-04-24 | 2021-01-26 | 上海海事大学 | Encryption method for realizing key isolation attribute of ciphertext strategy |
CN109740362A (en) * | 2019-01-03 | 2019-05-10 | 中国科学院软件研究所 | A kind of ciphertext index generation and search method and system based on entropy coding |
WO2021190453A1 (en) * | 2020-03-23 | 2021-09-30 | 齐鲁工业大学 | Lightweight attribute-based signcryption method for cloud and fog-assisted internet of things |
CN111556048A (en) * | 2020-04-26 | 2020-08-18 | 山东师范大学 | Attribute-based secure communication method and system supporting ciphertext mode matching |
CN111556048B (en) * | 2020-04-26 | 2022-04-01 | 山东师范大学 | Attribute-based secure communication method and system supporting ciphertext mode matching |
CN113794561A (en) * | 2021-09-14 | 2021-12-14 | 山东大学 | Public key searchable encryption method and system |
Also Published As
Publication number | Publication date |
---|---|
CN105323061B (en) | 2019-07-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105323061A (en) | Outsourced key generation and decryption property-based system capable of realizing keyword search and decryption method | |
CN109246096B (en) | Multifunctional fine-grained access control method suitable for cloud storage | |
CN106375346B (en) | Data guard method based on condition broadcast agent re-encryption under a kind of cloud environment | |
CN108156138B (en) | Fine-grained searchable encryption method for fog calculation | |
CN106797314B (en) | Cryptographic system, network device, sharing method, and computer-readable storage medium | |
CN108347404B (en) | Identity authentication method and device | |
CN104158880B (en) | User-end cloud data sharing solution | |
CN103957109A (en) | Cloud data privacy protection security re-encryption method | |
CN104320393A (en) | Effective attribute base agent re-encryption method capable of controlling re-encryption | |
KR20130085491A (en) | Multi-user searchable encryption system with index validation and tracing and method thereof | |
CN102769620A (en) | Safely outsourced attribute-based encryption method | |
CN107291861B (en) | Encryption graph-oriented approximate shortest distance query method with constraints | |
CN105049430A (en) | Ciphertext-policy attribute-based encryption method having efficient user revocation capability | |
CN105580309A (en) | Key agreement device and method | |
CN109902501B (en) | Structured encryption method and system for carrying out equivalence test based on cloud service platform | |
CN108989049B (en) | Agent re-encryption system and method without bilinear pairing | |
CN110851845B (en) | Full homomorphic data encapsulation method for lightweight single-user multi-data | |
WO2018049601A1 (en) | Outsourcing access control method for fog computing and system thereof | |
CN104301108A (en) | Signcryption method based from identity environment to certificateless environment | |
Udendhran | A hybrid approach to enhance data security in cloud storage | |
CN104993931A (en) | Multi-user encrypted search method in cloud storage | |
CN103873236A (en) | Searchable encryption method and equipment thereof | |
CN103607278A (en) | Safe data cloud storage method | |
CN113905047A (en) | Space crowdsourcing task allocation privacy protection method and system | |
CN104753947A (en) | Attribute-based verifiable outsourcing decryption system and method with fixed ciphertext length |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |