CN105323061A - Outsourced key generation and decryption property-based system capable of realizing keyword search and decryption method - Google Patents

Outsourced key generation and decryption property-based system capable of realizing keyword search and decryption method Download PDF

Info

Publication number
CN105323061A
CN105323061A CN201510870146.6A CN201510870146A CN105323061A CN 105323061 A CN105323061 A CN 105323061A CN 201510870146 A CN201510870146 A CN 201510870146A CN 105323061 A CN105323061 A CN 105323061A
Authority
CN
China
Prior art keywords
user
ciphertext
private key
server
decryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510870146.6A
Other languages
Chinese (zh)
Other versions
CN105323061B (en
Inventor
李继国
林啸楠
张亦辰
李非非
王瑶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hohai University HHU
Original Assignee
Hohai University HHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hohai University HHU filed Critical Hohai University HHU
Priority to CN201510870146.6A priority Critical patent/CN105323061B/en
Publication of CN105323061A publication Critical patent/CN105323061A/en
Application granted granted Critical
Publication of CN105323061B publication Critical patent/CN105323061B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Abstract

The invention provides an outsourced key generation and decryption property-based system capable of realizing keyword search. The outsourced key generation and decryption property-based system capable of realizing the keyword search comprises a public parameter setting server, a user private key generation server, an outsourced user private key generation server, a trap door generation server, an encryption server, an outsourced decryption server and a decryption server, wherein the public parameter setting server is in charge of generating a system master key and public parameters; the user private key generation server is in charge of generating a private key pair and a local user private key; the outsourced user private key generation server is in charge of generating an outsourced user private key; the trap door generation server is in charge of assisting a user to generate an inquiry password and a trap door; the encryption server is in charge of encrypting a message and generating corresponding ciphertext and keyword indexes; the outsourced decryption server is in charge of decrypting an outsourced part of the ciphertext according with user right and searching for matching ciphertext by adopting the trap door submitted by the user; and the decryption server decrypts partially decrypted ciphertext, so that the message is restored. The invention provides a method for searching ciphertext matched with keywords.

Description

A kind of can the outsourcing secret generating of keyword search and the attribute based system of deciphering and decryption method
Technical field
The invention belongs to information security field, relate to the data encryption technology of network security, refer to especially a kind of can the outsourcing secret generating of keyword search and the attribute based system of deciphering and decryption method.
Background technology
Encryption method tool based on attribute can realize accessing the fine granularity of enciphered data and controlling.Attribute base encryption method mainly comprises two types, is policy attribute base encryption method and ciphertext policy ABE base encryption method respectively.In key policy attribute base encryption method, private key for user is associated with an access structure, and ciphertext is associated with a community set, time the community set that and if only if associates with ciphertext meets the access structure of private key for user, user can decipher and obtain expressly.Otherwise the incidence relation of access structure and community set in ciphertext policy ABE base encryption method.
Along with the develop rapidly of cloud computing, more prevalent as a kind of function mode of resource using computing capability in cloud computing.This function mode can make the user on network can this computational resource of acquisition quickly and easily, also can discharge this resource rapidly simultaneously.This with regard to make we can according to the demand of self visit provide in server various, resourceful, conveniently serve.
Although these advantages of cloud service provider make it become the strong tools operating user data in a cloud computing, but it major defect has to be taken seriously: the calculation cost of secret generating and decryption phase is along with the complexity linear growth of access structure, and this is for resource-constrained mobile device (such as cell phone apparatus) being a fatal application bottleneck.Attribute authority center can be reduced in a large number based on the outsourcing secret generating of attribute, decryption system and generate private key and user's access to be stored in high in the clouds data computational efficiency with ciphertext form to user by using.But along with the data bulk level be stored in cloud increase progressively, the data how to find user to specify from the data being stored in high in the clouds in a large number efficiently have become the difficult problem faced by having to.User not only needs to obtain data from high in the clouds, also needs setting data controller, thus reaches the function of the data only obtaining nominal key.
Based on above analysis, the present inventor carries out Improvement combination for existing public key cryptography scheme of searching for and outsourcing KP-ABE scheme, and the present invention produces thus.
Summary of the invention
One object of the present invention be to provide a kind of can the outsourcing secret generating of keyword search and the attribute based system of deciphering and decryption method, the present invention can search for encipherment scheme and outsourcing encipherment scheme system combines, provide a kind of can the outsourcing secret generating of keyword search and the attribute based system of deciphering and decryption method.The deciphering benefiting from minimizing user download and the unwanted ciphertext can searching for encipherment scheme calculates, method proposed by the invention not only allows CP-ABE can be used in resource-constrained equipment, and it is effective beyond the clouds according to keyword search ciphertext method to be supplied to user one, the application of outsourcing attribute base encryption and decryption scheme makes whole method be applicable to the equipment of Bandwidth-Constrained.
The object of the present invention is to provide a kind of can the outsourcing secret generating of keyword search and the attribute based system of deciphering and decryption method, reduce the calculation cost of attribute authority center and user side, the calculating of costliness is contracted out to Cloud Server supplier (CSP) and goes process, and in the ciphertext that CSP stores, search for index corresponding to ciphertext according to the encrypted keyword that user submits to, thus find user efficiently and specify the ciphertext that will check.
In order to reach above-mentioned purpose, solution of the present invention is:
Can the outsourcing secret generating of keyword search and an attribute based system for deciphering, it is characterized in that: comprise open parameter setting service device, private key for user generation server, outsourcing private key for user generation server, trapdoor generation server, encryption server, outsourcing decryption server, decryption server;
Open parameter setting service device, is responsible for generation system master key and open parameter, and open parameter sends to other parts of system; Private key for user generation server, generate pair of secret keys to and local user's private key, and outsourcing is generated private component send;
A complete private key for user is finally integrated into outsourcing private key for user generation server;
Outsourcing private key for user generation server, generates outsourcing private key for user, sends to private key for user generation server;
Trapdoor generation server, assisting users generated query private key and trapdoor;
Encryption server, generates corresponding ciphertext and key word index to message encryption, and sends it to outsourcing decryption server; Outsourcing decryption server, carries out the deciphering of outsourcing part to the ciphertext meeting user right and the trapdoor using user to submit to search;
The ciphertext of coupling, if keyword match success, sends to decryption server by the ciphertext of part deciphering and ciphertext;
Decryption server, is decrypted to recover message to the ciphertext of part deciphering.
And based on above-mentioned can the decryption method of the outsourcing secret generating of keyword search and the attribute based system of deciphering, comprise the following steps:
A. the open parameter PK and system master key MSK of initialization system; Wherein steps A comprises further,
A1. the multiplication loop group G that rank are p is chosen 1, G 2and bilinear map e:G 1× G 1→ G 2;
A2. random selecting generator g ∈ G 1with element g 2, h, h 1, h 2, h 3, h 4, h 5∈ G 1, each element i wherein in Attribute domain U corresponds to h i, random selecting element , wherein expression set 1,2 ..., p-2, p-1}, choose two crash-resistant hash function H 1: { 0,1} *→ G 1, H 2: G 2→ { 0,1} logp;
A3. g is calculated 1=g x;
B. according to system open parameter PK, system master key MSK and access structure generate the double secret key (OK of user kGCSP, OK tA), wherein OK tAfor generating local key SK tA, OK kGCSPfor generating outsourcing key;
C. according to system open parameter PK, access structure outsourcing key OK kGCSPgenerate the outsourcing private key SK of user kGCSP;
D. according to the open parameter PK of system, system master key MSK, commitment value q bFand access structure generated query private key QK, and generate corresponding search private key and trapdoor T according to keyword kw and private key for user SK and blinding factor BF kw; Wherein, commitment value q bFbeing the blinding factor that generates of user generates in conjunction with the part of private key; Access structure here the subset in Attribute domain is reduced to; Blinding factor BF is user's stochastic generation; Access structure with the subset that community set is all in the Attribute domain U set in step; Kw is the character string that user specifies, with 01 binary system byte representation; SK tAthe TA end key for generating SK, SK tAalso local key is referred to as, and OK kGCSPit is the KGCSP end key SK for generating SK kGCSP, SK=(SK tA, SK kGCSP); Kw is the keyword that deciphering person uses when inquiring about magnanimity encrypt data;
E. according to system open parameter PK, community set ω, message M is encrypted, obtains ciphertext CT, and use keyword KW, the index IX (KW) of generating ciphertext; Wherein, community set ω is a subset in Attribute domain U; Message M is crowd G 2in an element; The keyword that the message of the KW representative information owner to oneself is selected;
F. according to system open parameter PK, trapdoor T kwoutsourcing decryption oprerations is carried out to initial ciphertext CT, generating portion decrypting ciphertext Q cT, and keyword KW matching operation is carried out to index IX (KW), the keyword that the message of the KW representative information owner to oneself is selected, if success, then the ciphertext of part deciphering is sent to decryption server; Initial ciphertext CT is the ciphertext corresponding to message M that step e generates;
G. according to system open parameter PK, local private key SK tAto part decrypting ciphertext Q cTcarry out complete decryption oprerations, and whether checking is the plaintext M corresponding to initial ciphertext CT, if then export M, if not then output error message.
Further, in described steps A, selected hash function H 1{ 0,1} *to G 1cryptographic Hash function, hash function H 2g 2to { 0,1} logpcryptographic Hash function, expression set 1,2 ..., p-1};
The open parameter PK of system is PK=(G 1, G 2, g, g 1, g 2, h, h 1, h 2, h 3, h 4, h 5, H 1, H 2), system master key MSK is MSK=x;
Wherein, Attribute domain U is { " baf ", " bar ", " fim1 ", " fim ", " foo " }, access structure for " bafbarfim12of3 ", ciphertext attribute ω gathers for { " baf ", " bar " }, and S is the { set of the attribute of ω ∩ A} that satisfies condition.
Further, described step B comprises:
B1. for having access structure user, random selecting wherein x 1that a part for cipher key pair is for generating OK kGCSP, r θit is a random commitment value;
B2. x is calculated 2=x-x 1mould p, calculates calculate wherein x 2that a part for cipher key pair is for generating SK tA;
User key is to (OK kGCSP, OK tA) be (OK kGCSP, OK tA)=(x 1, x 2), the local private key SK of user tAfor SK tA={ d θ 0, d θ 1.
Further, described step C comprises:
C1. for having access structure user, be access structure in root node R Stochastic choice d-1 order polynomial q (x), wherein, d represents the secret sharing threshold value of root node R, and q (0)=x 1, q (x)=x+q (0);
C2: be access structure in each child node i of node R of digging up the roots select a d i-1 order polynomial q a, wherein, d irepresent the secret sharing threshold value of node i, and q i(0)=q parent (i)(index (i)), the father node R of function parent (i) return node i, the order of function index (i) return node in its father node, finally for each attribute belonging to access structure calculate q (1)=1+q (0), q (2)=2+q (0), q (3)=3+q (0);
C3: for each attribute belonging to access structure random selecting r i∈ Z p *, calculate the lagrange polynomial that wherein q (i) representation node i is corresponding;
User's outsourcing private key SK kGCSPfor
Further, described step D comprises:
D1. random selecting blinding factor
D2. calculate calculating inquiry private key QK is
D3. search private key T is calculated q(kw) be T q(kw)=H 1(kw) QK u, I=(I is set i0=d i0, I i1=d i1); Wherein, I is used for constructing a d part in trapdoor, is different from SK here kGCSPand be only used as to arrange;
The trapdoor of user is T kw=(T q(kw), I, D 1).
Further, described step e comprises:
E1. random selecting secret value cleartext information M ∈ G 2;
E2. C is calculated 0=Me (g 1, g 2) s∈ G 2, C 1=g s∈ G 1, C θ=(g 1h) s∈ G 1, C is calculated for the element i in each community set ω i=(g 1h i) s, obtain ciphertext CT=(ω ∪ { θ }, C 0, C 1, { C i} i ∈ ω ', C θ);
E3. keyword kw is chosen 0=" keyword ", calculates k 0=e (g 1, g 2) se (g, H 1(kw 0)) s∈ G 2; K 0=H 2(k 0) ∈ { 0,1} logp, K is set 1=C 1=g s∈ G 1, K 2=C θ=(g 1h) s∈ G 1; Wherein, k 0to keyword kw 0the median of encryption, K 0k 1k 2only as the member of formation of ciphertext index;
Index corresponding to ciphertext is IX (KW)=(K 1, K 2, K 0), upload ciphertext index to (CT, IX (kw 0)).
Further, described step F comprises:
F1. calculate obtain part decrypting ciphertext;
F2. calculate
F3. H is verified 2(k)=H 2(k kw) whether equal, if coupling, send to user.
Further, described step G comprises:
G1. calculate if successful decryption output message M, otherwise output error message.
After adopting such scheme, the present invention ensure secret generating cloud service provider can not with user's collusion under when, give the method for attribute authority center outsourcing secret generating, give user's outsourcing decrypting ciphertext and method to ciphertext key search, while making user and attribute authority center greatly reduce communication cost, more efficiently obtain the ciphertext oneself wanted more accurately, even if make can use too in the equipment of Bandwidth-Constrained.Therefore the present invention is a kind of encryption method safely and efficiently newly.
Accompanying drawing explanation
Fig. 1 be of the present invention can the schematic diagram of the outsourcing secret generating of keyword search and the attribute based system of deciphering.
Fig. 2 be of the present invention can the flow chart of the outsourcing secret generating of keyword search and the attribute based system of deciphering.
Embodiment
Below in conjunction with accompanying drawing, technical scheme of the present invention is described in further detail:
Of the present inventionly the outsourcing secret generating of keyword search and the attribute based system of deciphering can to realize based on Bilinear map, to briefly introduce the related notion of Bilinear map and required satisfied character below:
Make G 1, G 2the multiplication loop group of to be rank be p, wherein p is prime number, and g is G 1generator.Suppose G 1and G 2discrete logarithm problem on these two groups is all difficult problem.Bilinear map on definition group is: e:G 1× G 1→ G 2, and meet character below:
1. bilinearity .e (u a, v b)=e (u, v) ab, to all u, v ∈ G 1, a, b ∈ Z p *with g ∈ G 1all set up.
2. non-degeneracy .e (u, v) ≠ 1, wherein 1 is G tidentical element, there is u, v ∈ G 1.
3. computability. there is efficient algorithm to calculate e (u, v), to all u, v ∈ G 1.
The entity of the method for the invention design comprises: open parameter setting service device, data owner, user, user's private
Key generation server, outsourcing private key for user generation server, trapdoor generation server, encryption server, decryption server, outsourcing decryption server.
With reference to accompanying drawing 1, system of the present invention comprises: open parameter setting service device A, private key for user generation server B, outsourcing private key for user generation server C, trapdoor generation server D, encryption server E, outsourcing decryption server F, decryption server G;
Open parameter setting service device A, for generation system master key MSK and the open parameter PK of system, MSK is sent to private key for user generation server B, open for system parameter is sent to private key for user generation server B, outsourcing private key for user generation server C, trapdoor generation server D, encryption server E, outsourcing decryption server F, decryption server G;
Private key for user generation server B, generates pair of secret keys to (OK kGCSP, OK tA) and local user's private key SK tA,
And by outsourcing key part OK tAsend to outsourcing private key for user generation server C, be finally integrated into a complete private key for user SK=(SK kGCSP, SK tA);
Outsourcing private key for user generation server C, generates outsourcing private key for user SK tA, send to private key for user generation server B;
Trapdoor generation server D, assisting users generated query private key QK and trapdoor T kw;
Encryption server E, generates corresponding ciphertext CT and key word index IX (KW) to message M encryption, and by it
Give outsourcing decryption server F;
Outsourcing decryption server F, carries out outsourcing part deciphering Q to the ciphertext meeting user right cTand use user to submit to fall into
Door T kwthe ciphertext CT of search coupling, if keyword match success, by the ciphertext Q of part deciphering cTdecryption server is sent to ciphertext CT;
Decryption server G, is decrypted to recover message M to the ciphertext of part deciphering.
With reference to accompanying drawing 2, utilize JPBC to realize the solution of the present invention and introduce concrete steps of the present invention:
The disclosure parameter setting service device A performs following steps:
A1. the multiplication loop group G that rank are p=730750818665451621361119245571504901405976559617 is chosen 1, G tand bilinear map e:G 1× G 1→ G t(calculating of bilinear map is described in detail in the text);
A2. random selecting G 1a generator
G=103115435933936452134304505891004073159520905969758408 42,733,029,794,299,513,258,106,990,160,211,798,334,768,745,195,518,746,047 26007725211505946622503952333557370545686961,83845705990382906555658456584446919804047046297597590634 59,703,423,751,048,038,933,454,595,147,350,309,372,529,122,707,603,091,488 03241712242741177063460775755489219242211,0 and G 1seven elements
g 2=2996956313572878486305223726340338170515950073209579060717955111379282216037987204128146242533658008490598497345065295735660325774122980854272929310654612,5345747197836944684948985484995155810347782381059903177163911627323208680111300842891590271277101626439640959477937772243914856720065123295911416266703665,0,
h=5331027976649792598350678822987460172628253252052356514924543820717669851018009343997155379739416157293355018294169133077561559812243065538821648927618698,7665065526830539958876550107257546780259461980109300504185900137558656730132989728273209969774106681754179891260204174659838085707677789499457663645711569,0,
h 1=1449304265568170904245697940575253360597390505911247557124850089649241676242792036828097757920278187249480091718380154439958227164089143362332511788828754,777832331088560819950055009193538834877940545870602120519220824905904088293909147090741576456930048914901417275752355105598949719701130212945850164923168,0,
h 2=4289372133375756957764579185608813043108027820136002151498691228414904455943938838828214598202044625184176479755457898285237784311115146852795599980559190,3672790579318317189793202008882114583565040477404726869351974775943894035241875423687680384720517033301781847417783906897621929964019776620059278695746339,0,
h 3=3315749502556607156632251253733814723577003595274789852439029977299902169177047676363949887648155364418031735937358158657070218728464777314824404125312665,3810126980677050577665570787152367499993559284631188912132189411897104888761766936121823830123905887378320711429983308992648905639255294987793678363005147,0,
h 4=5186724949944513519057422969207095397573924633893026654701566587412528410342743010513054214005324021837456116346524467358087341175554403645747161591161202,6235711583461873475318650759529776817647420015276548955469436444665955625183523569981625072189284254441511902819805426933431010125520623197848844562156042,0,
H 5=61,769,857,542,743,911,309,822,801,174,388,790,452,836,225,363,498,159,072 64,884,738,254,412,524,038,675,165,798,374,046,503,084,205,987,585,276,162 374189524524660584245351210793522918275495,53841096966409379739651499923284168910572311745409820068 85,136,948,122,209,259,566,872,055,538,969,075,746,164,658,696,092,100,104 485569334668171539743297345930982240443576,0 random selecting group element
X=669812803067698262930111597907784963319333126830, chooses two crash-resistant hash function H 1: { 0,1} *→ G 1, H 2: G 2→ { 0,1} logp;
A3. calculate
g 1=g x=4796939779431976787276897523069193723200513393212908416288786818247863475170478073514807428462628339310065605125180500555072479468035363394418789700628822,2462580809524776969076579526786222324068760241961058309901056389137011588686349575507979223693964075238857043800883903836036021891262207091994852650600253,0;
In above-mentioned steps A2, selected hash function H 1{ 0,1} *to G 1cryptographic Hash function, hash function H 2g 2to { 0,1} logpcryptographic Hash function, expression set 1,2 ..., p-1}.
The open parameter PK of system is PK=(G 1, G 2, g, g 1, g 2, h, h 1, h 2, h 3, h 4, h 5, H 1, H 2), system master key MSK is MSK=x.
In this case facilitate expression, our Attribute domain U is { " baf ", " bar ", " fim1 ", " fim ", " foo " }, access structure for " bafbarfim12of3 ", ciphertext attribute ω gathers for { " baf ", " bar " }, and S is the { set of the attribute of ω ∩ A} that satisfies condition.
Private key for user generation server B performs following steps:
B1. for having access structure user, random selecting
x 1∈Z p *=428732144815122518988285519266275301542788327758,
r θ∈Z p *=628995706652160343400399383347701737840882048950;
B2. calculate
X 2=x-x 1mould p=241080658252575743941826078641509661776544799072,
Calculate
calculate
User key is to (OK kGCSP, OK tA) be (OK kGCSP, OK tA)=(x 1, x 2), the local private key SK of user tAfor SK tA={ d θ 0, d θ 1.
Outsourcing private key for user generation server C performs following steps:
C1. for having access structure user, be access structure in root node R Stochastic choice d-1 order polynomial q (x), wherein, d represents the secret sharing threshold value of root node R, and q (0)=x 1, q (x)=x+q (0);
C2: be access structure in each child node i of node R of digging up the roots select a d i-1 order polynomial q a, wherein, d irepresent the secret sharing threshold value of node i, and q i(0)=q parent (i)(index (i)), the father node R of function parent (i) return node i, the order of function index (i) return node in its father node, finally for each attribute belonging to access structure calculate q (1)=1+q (0), q (2)=2+q (0), q (3)=3+q (0);
C3: for each attribute belonging to access structure random selecting r i∈ Z p *, calculate wherein
r 1=328522665943500109354942429016051439658605574316,
r 2=520713677076623573970852203894904602847218187281,
97292653601960459 , 0 ,
r 3=458541357356566306056619868665681094034250512554,
User's outsourcing private key SK kGCSPfor
Trapdoor generation server D performs following steps:
D1. random selecting
D2. calculate
Calculating inquiry private key QK is
D3. search private key T is calculated q(kw) be
T q(kw)=H 1(kw)QK u=5699046326071696423505449678334220635954876039485578154825375842193499715768582042234590049877310975564881880865714097715431267379171646687297217534309333,1708702741681784663983340914817346644399173866857083312406346779309207779477828843873785703714897897708487344945274923153916747784543373176377243648758679,0,
I=(I is set i0=d i0, I i1=d i1);
The trapdoor of user is T kw=(T q(kw), I, D 1).
Encryption server E performs following steps:
E1. random selecting secret value
s∈Z p *=127646386969357970388879198350607449573579297363,
Cleartext information M ∈ G 2={ x=571146304485721359448640629486994977269480783208762768 48,482,318,156,003,790,441,855,939,444,464,589,609,235,113,757,641,545,717 98011939230454066985599964789604020092113964, y=610448276339820892791234596961527456755724802443468049 11298438427895390601952471583262968553777186767691532524 13873766688573256130597016227487334355139519};
E2. calculate
C 0=Me(g 1,g 2) s={x=4579937297282901003772824603212181217571112007589661102447203353773507843569252795353932923805989984451127158256364533792024396016388985778569042038021107,y=5621414109330008717086133347651409884254009316344971205815492236358547116158282601442332674056797761797846095219470353913706242212190527270387601457759946},
C 1=g s=4211945308920508816858960499930821167247650238029959232726501338536785933363637555844064000770696919160309735803942643422949985520054990022375780304132231,6070398446482108713305607487559399517650432365117379077567950981049294560373586653764455974309431302642119655263602880685430397715857564465187538849567535,0,
C θ=(g 1h) s=8150102248299095867455277430037573661961946284510391037311232160539404136443688173022493769638905413080568414179528196642346582241805646095883157893541607,2135737955298367093194257009021511340747035005535190704265199605957036428674080698313978119195847487760274430304866734667390685658476357395368820261041291,0,
Element i in each community set ω is calculated
C i0=(g 1h i0) s=6702769949655652491359617480443446857473401320489147395335059590486711825806699360648180340134859182398256135057904363961590467659910113340181261743446883,3946291599871531519753923648755744952141536509026890372765499502563001579619376344315888415857351849102506818218343691901896459044760904817691269925880207,0,
C i1=(g 1h i1) s=285557960508432770456912652110952012824012126046725903339941583879845392977049835338798908797161982110188487586979319004332507331742929947875743673826359,7764131017982549704650724750169139071421876069863657720851466945086197775130602424991356170690619070288957870162568806044233489620202235367229188411666813,0
Obtain ciphertext CT=(ω ∪ { θ }, C 0, C 1, { C i} i ∈ ω ', C θ);
E3. keyword kw is chosen 0=" keyword ", calculates
H 1(kw 0)=45329154377060642504816861511255438475424932319157816743223852173739247023664,0,1,
k 0=e(g 1,g 2) s·e(g,H 1(kw 0)) s={x=6318174415940824225160251161878230692337208824001192000577071811730387677627232647558934438883039215665352952581746067153600971665530775350900241570857840,y=5759917009799121396568813915897045357303340313874717763367800403236076252000589318314568593414336863369159030911478591370257736199939307720578763136811132},
K 0=H 2(k 0)=c08cf969d1a7278c03a72cff5b17965b,
Arrange
K 1=C 1=g s=4211945308920508816858960499930821167247650238029959232726501338536785933363637555844064000770696919160309735803942643422949985520054990022375780304132231,6070398446482108713305607487559399517650432365117379077567950981049294560373586653764455974309431302642119655263602880685430397715857564465187538849567535,0,
K 2=C θ=(g 1h) s=8150102248299095867455277430037573661961946284510391037311232160539404136443688173022493769638905413080568414179528196642346582241805646095883157893541607,2135737955298367093194257009021511340747035005535190704265199605957036428674080698313978119195847487760274430304866734667390685658476357395368820261041291,0。
Index corresponding to ciphertext is IX (KW)=(K 1, K 2, K 0), upload ciphertext index to (CT, IX (kw 0)).Outsourcing decryption server F performs following steps:
F1. calculate
Obtain part decrypting ciphertext;
F2. calculate
F3. H is verified 2(k)=H 2(k kw) whether equal,
H 2(k)=c08cf969d1a7278c03a72cff5b17965b,
H 2(k kw)=c08cf969d1a7278c03a72cff5b17965b, obviously equal, therefore send to decryption server G to decipher completely part decrypting ciphertext and ciphertext
Decryption server G performs following steps:
G1. calculate
Successful decryption output message M, otherwise output error message.
More than just the preferred embodiment of the present invention is described.Concerning those skilled in the art, other advantage and distortion can be associated easily according to above execution mode.Therefore, the present invention is not limited to above-mentioned execution mode, and it carries out detailed, exemplary explanation as just example to a kind of form of the present invention.Not deviating from the scope of present inventive concept, the usual change that those of ordinary skill in the art carry out in the aspects of the technology of the present invention and replacement, all should be included within protection scope of the present invention.

Claims (9)

1. can the outsourcing secret generating of keyword search and an attribute based system for deciphering, it is characterized in that: comprise open parameter setting service device, private key for user generation server, outsourcing private key for user generation server, trapdoor generation server, encryption server, outsourcing decryption server, decryption server;
Open parameter setting service device, is responsible for generation system master key and open parameter, and open parameter sends to other parts of system; Private key for user generation server, generate pair of secret keys to and local user's private key, and outsourcing is generated private component send;
A complete private key for user is finally integrated into outsourcing private key for user generation server;
Outsourcing private key for user generation server, generates outsourcing private key for user, sends to private key for user generation server;
Trapdoor generation server, assisting users generated query private key and trapdoor;
Encryption server, generates corresponding ciphertext and key word index to message encryption, and sends it to outsourcing decryption server; Outsourcing decryption server, carries out the deciphering of outsourcing part to the ciphertext meeting user right and the trapdoor using user to submit to search;
The ciphertext of coupling, if keyword match success, sends to decryption server by the ciphertext of part deciphering and ciphertext;
Decryption server, is decrypted to recover message to the ciphertext of part deciphering.
2., based on can the decryption method of the outsourcing secret generating of keyword search and the attribute based system of deciphering in claim 1, it is characterized in that, comprise the steps:
A. the open parameter PK and system master key MSK of initialization system; Wherein steps A comprises further,
A1. the multiplication loop group G that rank are p is chosen 1, G 2and bilinear map e:G 1× G 1→ G 2;
A2. random selecting generator g ∈ G 1with element g 2, h, h 1, h 2, h 3, h 4, h 5∈ G 1, each element i wherein in Attribute domain U corresponds to h i, random selecting element , wherein expression set 1,2 ..., p-2, p-1}, choose two crash-resistant hash function H 1: { 0,1} *→ G 1, H 2: G 2→ { 0,1} logp;
A3. g is calculated 1=g x;
B. according to system open parameter PK, system master key MSK and access structure generate the double secret key (OK of user kGCSP, OK tA), wherein OK tAfor generating local key SK tA, OK kGCSPfor generating outsourcing key;
C. according to system open parameter PK, access structure outsourcing key OK kGCSPgenerate the outsourcing private key SK of user kGCSP;
D. according to the open parameter PK of system, system master key MSK, commitment value q bFand access structure generated query private key QK, and generate corresponding search private key and trapdoor T according to keyword kw and private key for user SK and blinding factor BF kw; Wherein, commitment value q bFbeing the blinding factor that generates of user generates in conjunction with the part of private key; Access structure here the subset in Attribute domain is reduced to; Blinding factor BF is user's stochastic generation; Access structure with the subset that community set is all in the Attribute domain U set in step; Kw is the character string that user specifies, with 01 binary system byte representation; SK tAthe TA end key for generating SK, SK tAalso local key is referred to as, and OK kGCSPit is the KGCSP end key SK for generating SK kGCSP, SK=(SK tA, SK kGCSP); Kw is the keyword that deciphering person uses when inquiring about magnanimity encrypt data;
E. according to system open parameter PK, community set ω, message M is encrypted, obtains ciphertext CT, and use keyword KW, the index IX (KW) of generating ciphertext; Wherein, community set ω is a subset in Attribute domain U; Message M is crowd G 2in an element; The keyword that the message of the KW representative information owner to oneself is selected;
F. according to system open parameter PK, trapdoor T kwoutsourcing decryption oprerations is carried out to initial ciphertext CT, generating portion decrypting ciphertext Q cT, and keyword KW matching operation is carried out to index IX (KW), the keyword that the message of the KW representative information owner to oneself is selected, if success, then the ciphertext of part deciphering is sent to decryption server; Initial ciphertext CT is the ciphertext corresponding to message M that step e generates;
G. according to system open parameter PK, local private key SK tAto part decrypting ciphertext Q cTcarry out complete decryption oprerations, and whether checking is the plaintext M corresponding to initial ciphertext CT, if then export M, if not then output error message.
3. decryption method as claimed in claim 2, is characterized in that, in described steps A, and selected hash function H 1{ 0,1} *to G 1cryptographic Hash function, hash function H 2g 2to { 0,1} logpcryptographic Hash function, expression set 1,2 ..., p-1};
The open parameter PK of system is PK=(G 1, G 2, g, g 1, g 2, h, h 1, h 2, h 3, h 4, h 5, H 1, H 2), system master key MSK is MSK=x;
Wherein, Attribute domain U is { " baf ", " bar ", " fim1 ", " fim ", " foo " }, access structure for " bafbarfim12of3 ", ciphertext attribute ω gathers for { " baf ", " bar " }, and S is the { set of the attribute of ω ∩ A} that satisfies condition.
4. decryption method as claimed in claim 3, it is characterized in that, described step B comprises:
B1. for having access structure user, random selecting wherein x 1that a part for cipher key pair is for generating OK kGCSP, r θit is a random commitment value;
B2. x is calculated 2=x-x 1mould p, calculates calculate wherein x 2that a part for cipher key pair is for generating SK tA;
User key is to (OK kGCSP, OK tA) be (OK kGCSP, OK tA)=(x 1, x 2), the local private key SK of user tAfor SK tA={ d θ 0, d θ 1.
5. decryption method as claimed in claim 4, is characterized in that described step C comprises:
C1. for having access structure user, be access structure in root node R Stochastic choice d-1 order polynomial q (x), wherein, d represents the secret sharing threshold value of root node R, and q (0)=x 1, q (x)=x+q (0);
C2: be access structure in each child node i of node R of digging up the roots select a d i-1 order polynomial q a, wherein, d irepresent the secret sharing threshold value of node i, and q i(0)=q parent (i)(index (i)), the father node R of function parent (i) return node i, the order of function index (i) return node in its father node, finally for each attribute belonging to access structure calculate q (1)=1+q (0), q (2)=2+q (0), q (3)=3+q (0);
C3: for each attribute belonging to access structure random selecting r i∈ Z p *, calculate the lagrange polynomial that wherein q (i) representation node i is corresponding;
User's outsourcing private key SK kGCSPfor
6. decryption method as claimed in claim 5, is characterized in that described step D comprises:
D1. random selecting blinding factor
D2. calculate calculating inquiry private key QK is
D3. search private key T is calculated q(kw) be T q(kw)=H 1(kw) QK u, I=(I is set i0=d i0, I i1=d i1); Wherein, I is used for constructing a d part in trapdoor, is different from SK here kGCSPand be only used as to arrange;
The trapdoor of user is T kw=(T q(kw), I, D 1).
7. decryption method as claimed in claim, is characterized in that described step e comprises:
E1. random selecting secret value s ∈ Z p *, cleartext information M ∈ G 2;
E2. C is calculated 0=Me (g 1, g 2) s∈ G 2, C 1=g s∈ G 1, C θ=(g 1h) s∈ G 1, C is calculated for the element i in each community set ω i=(g 1h i) s, obtain ciphertext CT=(ω ∪ { θ }, C 0, C 1, { C i} i ∈ ω ', C θ);
E3. keyword kw is chosen 0=" keyword ", calculates k 0=e (g 1, g 2) se (g, H 1(kw 0)) s∈ G 2; K 0=H 2(k 0) ∈ { 0,1} logp, K is set 1=C 1=g s∈ G 1, K 2=C θ=(g 1h) s∈ G 1; Wherein, k 0to keyword kw 0the median of encryption, K 0k 1k 2only as the member of formation of ciphertext index;
Index corresponding to ciphertext is IX (KW)=(K 1, K 2, K 0), upload ciphertext index to (CT, IX (kw 0)).
8. decryption method as claimed in claim 7, is characterized in that described step F comprises:
F1. calculate obtain part decrypting ciphertext;
F2. calculate
F3. H is verified 2(k)=H 2(k kw) whether equal, if coupling, send to user.
9. decryption method as claimed in claim 8, is characterized in that described step G comprises:
G1. calculate if successful decryption output message M, otherwise output error message.
CN201510870146.6A 2015-12-02 2015-12-02 It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method Active CN105323061B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510870146.6A CN105323061B (en) 2015-12-02 2015-12-02 It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510870146.6A CN105323061B (en) 2015-12-02 2015-12-02 It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method

Publications (2)

Publication Number Publication Date
CN105323061A true CN105323061A (en) 2016-02-10
CN105323061B CN105323061B (en) 2019-07-12

Family

ID=55249722

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510870146.6A Active CN105323061B (en) 2015-12-02 2015-12-02 It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method

Country Status (1)

Country Link
CN (1) CN105323061B (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106209790A (en) * 2016-06-28 2016-12-07 电子科技大学 A kind of hiding Ciphertext policy efficiently can verify that outsourcing attribute base encryption method
CN106301776A (en) * 2016-08-01 2017-01-04 河海大学 Many authorization center outsourcing attribute base encryption method of a kind of keyword search and system
CN106612270A (en) * 2016-05-20 2017-05-03 四川用联信息技术有限公司 Keyword search algorithm based on attribute encryption in cloud computing
CN107104982A (en) * 2017-05-26 2017-08-29 福州大学 Have traitor tracing function in mobile electron medical treatment can search for encryption system
WO2017181911A1 (en) * 2016-04-18 2017-10-26 深圳大学 Method of storing and searching for encrypted file on the basis of public key, and storage system
CN108259517A (en) * 2018-04-24 2018-07-06 上海海事大学 A kind of encryption method of Key-insulated attribute for realizing Ciphertext policy
CN109740362A (en) * 2019-01-03 2019-05-10 中国科学院软件研究所 A kind of ciphertext index generation and search method and system based on entropy coding
CN111066076A (en) * 2017-09-12 2020-04-24 三菱电机株式会社 Registration terminal, search server, search system, registration program, and search program
CN111556048A (en) * 2020-04-26 2020-08-18 山东师范大学 Attribute-based secure communication method and system supporting ciphertext mode matching
WO2021190453A1 (en) * 2020-03-23 2021-09-30 齐鲁工业大学 Lightweight attribute-based signcryption method for cloud and fog-assisted internet of things
CN113794561A (en) * 2021-09-14 2021-12-14 山东大学 Public key searchable encryption method and system

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103731432A (en) * 2014-01-11 2014-04-16 西安电子科技大学昆山创新研究院 Multi-user supported searchable encryption system and method
CN103944711A (en) * 2014-02-17 2014-07-23 国家超级计算深圳中心 Cloud storage ciphertext retrieval method and system
CN105007161A (en) * 2015-06-12 2015-10-28 电子科技大学 Fuzzy keyword public key searchable encryption scheme achieving unrecognizable trap door

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103731432A (en) * 2014-01-11 2014-04-16 西安电子科技大学昆山创新研究院 Multi-user supported searchable encryption system and method
CN103944711A (en) * 2014-02-17 2014-07-23 国家超级计算深圳中心 Cloud storage ciphertext retrieval method and system
CN105007161A (en) * 2015-06-12 2015-10-28 电子科技大学 Fuzzy keyword public key searchable encryption scheme achieving unrecognizable trap door

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
JIN LI,ET AL.: "Fine-Grained Access Control System Based on Outsourced Attribute-Based Encryption", 《PROC.18TH EUROPEAN SYMPOSIUM ON RESEARCH IN COMPUTER SECURITY》 *

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2017181911A1 (en) * 2016-04-18 2017-10-26 深圳大学 Method of storing and searching for encrypted file on the basis of public key, and storage system
CN106612270A (en) * 2016-05-20 2017-05-03 四川用联信息技术有限公司 Keyword search algorithm based on attribute encryption in cloud computing
CN106209790B (en) * 2016-06-28 2020-02-07 电子科技大学 Efficient verifiable outsourcing attribute-based encryption method for hidden ciphertext strategy
CN106209790A (en) * 2016-06-28 2016-12-07 电子科技大学 A kind of hiding Ciphertext policy efficiently can verify that outsourcing attribute base encryption method
CN106301776B (en) * 2016-08-01 2019-04-19 河海大学 A kind of more authorization center outsourcing attribute base encryption methods and system of keyword search
CN106301776A (en) * 2016-08-01 2017-01-04 河海大学 Many authorization center outsourcing attribute base encryption method of a kind of keyword search and system
CN107104982B (en) * 2017-05-26 2019-10-15 福州大学 It can search for encryption system with traitor tracing function in mobile electron medical treatment
CN107104982A (en) * 2017-05-26 2017-08-29 福州大学 Have traitor tracing function in mobile electron medical treatment can search for encryption system
CN111066076A (en) * 2017-09-12 2020-04-24 三菱电机株式会社 Registration terminal, search server, search system, registration program, and search program
CN108259517A (en) * 2018-04-24 2018-07-06 上海海事大学 A kind of encryption method of Key-insulated attribute for realizing Ciphertext policy
CN108259517B (en) * 2018-04-24 2021-01-26 上海海事大学 Encryption method for realizing key isolation attribute of ciphertext strategy
CN109740362A (en) * 2019-01-03 2019-05-10 中国科学院软件研究所 A kind of ciphertext index generation and search method and system based on entropy coding
WO2021190453A1 (en) * 2020-03-23 2021-09-30 齐鲁工业大学 Lightweight attribute-based signcryption method for cloud and fog-assisted internet of things
CN111556048A (en) * 2020-04-26 2020-08-18 山东师范大学 Attribute-based secure communication method and system supporting ciphertext mode matching
CN111556048B (en) * 2020-04-26 2022-04-01 山东师范大学 Attribute-based secure communication method and system supporting ciphertext mode matching
CN113794561A (en) * 2021-09-14 2021-12-14 山东大学 Public key searchable encryption method and system

Also Published As

Publication number Publication date
CN105323061B (en) 2019-07-12

Similar Documents

Publication Publication Date Title
CN105323061A (en) Outsourced key generation and decryption property-based system capable of realizing keyword search and decryption method
CN109246096B (en) Multifunctional fine-grained access control method suitable for cloud storage
CN106375346B (en) Data guard method based on condition broadcast agent re-encryption under a kind of cloud environment
CN108156138B (en) Fine-grained searchable encryption method for fog calculation
CN106797314B (en) Cryptographic system, network device, sharing method, and computer-readable storage medium
CN108347404B (en) Identity authentication method and device
CN104158880B (en) User-end cloud data sharing solution
CN103957109A (en) Cloud data privacy protection security re-encryption method
CN104320393A (en) Effective attribute base agent re-encryption method capable of controlling re-encryption
KR20130085491A (en) Multi-user searchable encryption system with index validation and tracing and method thereof
CN102769620A (en) Safely outsourced attribute-based encryption method
CN107291861B (en) Encryption graph-oriented approximate shortest distance query method with constraints
CN105049430A (en) Ciphertext-policy attribute-based encryption method having efficient user revocation capability
CN105580309A (en) Key agreement device and method
CN109902501B (en) Structured encryption method and system for carrying out equivalence test based on cloud service platform
CN108989049B (en) Agent re-encryption system and method without bilinear pairing
CN110851845B (en) Full homomorphic data encapsulation method for lightweight single-user multi-data
WO2018049601A1 (en) Outsourcing access control method for fog computing and system thereof
CN104301108A (en) Signcryption method based from identity environment to certificateless environment
Udendhran A hybrid approach to enhance data security in cloud storage
CN104993931A (en) Multi-user encrypted search method in cloud storage
CN103873236A (en) Searchable encryption method and equipment thereof
CN103607278A (en) Safe data cloud storage method
CN113905047A (en) Space crowdsourcing task allocation privacy protection method and system
CN104753947A (en) Attribute-based verifiable outsourcing decryption system and method with fixed ciphertext length

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant