CN105323061B - It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method - Google Patents
It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method Download PDFInfo
- Publication number
- CN105323061B CN105323061B CN201510870146.6A CN201510870146A CN105323061B CN 105323061 B CN105323061 B CN 105323061B CN 201510870146 A CN201510870146 A CN 201510870146A CN 105323061 B CN105323061 B CN 105323061B
- Authority
- CN
- China
- Prior art keywords
- user
- key
- decryption
- server
- ciphertext
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
Abstract
The present invention provide it is a kind of can the outsourcing key of keyword search generate and the attribute based system of decryption.Present system includes: open parameter setting service device, private key for user generates server, outsourcing private key for user generates server, trapdoor generates server, encryption server, outsourcing decryption server, decryption server.Open parameter setting service device is responsible for generation system master key and open parameter;Private key for user generates server and generates key pair and local user's private key;Outsourcing private key for user generates server and generates outsourcing private key for user;Trapdoor generates server and user is assisted to generate inquiry private key and trapdoor;Encryption server generates corresponding ciphertext and key word index to message encryption;Outsourcing decrypts server and carries out the matched ciphertext of trapdoor search that outer packet portion is decrypted and user is used to submit to the ciphertext for meeting user right;The ciphertext of part decryption is decrypted to restore outbound message in decryption server.The present invention provides the methods of the matched ciphertext of search key.
Description
Technical field
The invention belongs to information security fields, are related to the data encryption technology of network security, and particularly relating to one kind can be crucial
The outsourcing key of word search generates and the attribute based system and decryption method of decryption.
Background technique
The fine granularity access and control to encryption data may be implemented in encryption method tool based on attribute.Attribute base encryption side
Method mainly includes two types, is policy attribute base encryption method and ciphertext policy ABE base encryption method respectively.In key plan
Slightly in attribute base encryption method, private key for user is associated with an access structure, and ciphertext is associated with an attribute set, when
And if only if it is bright that user can decrypt acquisition when meeting the access structure of private key for user with the associated attribute set of ciphertext
Text.The incidence relation of access structure and attribute set is on the contrary in ciphertext policy ABE base encryption method.
It is more prevalent using the function mode of computing capability as a kind of resource in cloud computing with the rapid development of cloud computing
Get up.This function mode enable to the user on network can this computing resource of acquisition quickly and easily, while
This resource can rapidly be discharged.This enable us to be accessed according to the demand of itself provided in server it is various each
It is sample, resourceful, conveniently service.
Although these advantages of cloud service provider make it the strong tools for operating user data in a cloud computing,
However its major defect must not get the brush-off: key generates and calculating cost the answering with access structure of decryption phase
Polygamy linear increase, this is a fatal application bottleneck for resource-constrained mobile device (such as cell phone apparatus).
It is generated by using the outsourcing key based on attribute, decryption system can largely reduce attribute authority and generate private key to user
And user's access stores the computational efficiency of data beyond the clouds with ciphertext form.But with the data bulk grade being stored in the cloud
Ground is incremented by, and how efficiently to find user's specified data from a large amount of storages data beyond the clouds and has become and has to face
Problem.User not only needs to obtain data from cloud, it is also necessary to recording controller be arranged, only obtain designated key to reach
The function of the data of word.
Based on the above analysis, the present inventor for the existing public key cryptography scheme that can search for and outsourcing KP-ABE scheme into
Row Improvement combines, thus the present invention generates.
Summary of the invention
It is an object of the present invention to provide it is a kind of can the outsourcing key of keyword search generate and the attribute base of decryption
System and decryption method, the present invention will can search for encipherment scheme and outsourcing encipherment scheme system combines, and providing one kind can close
The outsourcing key of key word search generates and the attribute based system and decryption method of decryption.Benefit from the reduction that can search for encipherment scheme
The decryption of user's download and unwanted ciphertext calculates, method proposed by the invention not only allow CP-ABE can resource by
It is able in the equipment of limit using and it is effective beyond the clouds according to keyword search ciphertext method, outsourcing to be supplied to user one
The application of attribute base encryption and decryption scheme is so that entire method is suitable for the equipment of Bandwidth-Constrained.
The purpose of the present invention is to provide it is a kind of can the outsourcing key of keyword search generate and the attribute based system of decryption
And decryption method, the calculating cost of attribute authority and user terminal is reduced, expensive calculating is contracted out to Cloud Server and is provided
Person (CSP) goes to handle, and in the ciphertext of CSP storage, searches for ciphertext pair according to the encrypted keyword that user submits
The index answered, so that efficiently finding user specifies the ciphertext to be checked.
In order to achieve the above objectives, solution of the invention is:
It is a kind of can the outsourcing key of keyword search generate and the attribute based system of decryption, it is characterised in that: including open
Parameter setting service device, private key for user generate server, outsourcing private key for user generates server, trapdoor generates server, encryption
Server, outsourcing decryption server, decryption server;
Open parameter setting service device, is responsible for generation system master key and open parameter, open parameter be sent to system its
His part;Private key for user generates server, generates a pair of secret keys pair and local user's private key, and outsourcing is generated private component
It sends;
Server, which is generated, to outsourcing private key for user is finally integrated into a complete private key for user;
Outsourcing private key for user generates server, generates outsourcing private key for user, is sent to private key for user and generates server;
Trapdoor generates server, and user is assisted to generate inquiry private key and trapdoor;
Encryption server generates corresponding ciphertext and key word index to message encryption, and sends it to outsourcing decryption
Server;Server is decrypted in outsourcing, is decrypted to the outer packet portion of ciphertext progress for meeting user right and is used falling into for user's submission
Door search;
The ciphertext of part decryption and ciphertext are sent to decryption server if keyword match success by matched ciphertext;
Server is decrypted, the ciphertext of part decryption is decrypted to restore outbound message.
And based on it is above-mentioned can keyword search outsourcing key generate and decryption attribute based system decryption method, including
Following steps:
A. system public parameter PK and system master key MSK is set;Wherein step A further comprises,
A1. the multiplicative cyclic group G that rank is p is chosen1, G2And bilinear map e:G1×G1→G2;
A2. it randomly selects and generates member g ∈ G1With element g2,h,h1,h2,h3,h4,h5∈G1, wherein each of Attribute domain U
Element i corresponds to hi, randomly select element, whereinIt indicates set { 1,2 ..., p-2, p-1 }, chooses two and anti-touch
The hash function H hit1:{0,1}*→G1、H2:G2→{0,1}logp;
A3. g is calculated1=gx;
B. according to system public parameter PK, system master key MSK and access structureGenerate the key pair (OK of userKGCSP,
OKTA), wherein OKTAFor generating local key SKTA, OKKGCSPFor generating outsourcing key;
C. according to system public parameter PK, access structureOutsourcing key OKKGCSPGenerate the outsourcing private key of user
SKKGCSP;
D. according to system public parameter PK, system master key MSK, commitment value qBFAnd access structureGenerate inquiry private key
QK, and corresponding search private key and trapdoor T are generated according to keyword kw and private key for user SK and blinding factor BFkw;Wherein, it holds
Promise value qBFIt is a part generation for the blinding factor combination private key that user generates;Access structureHere it is reduced in Attribute domain
Subset;Blinding factor BF is that user generates at random;Access structureIt is all the attribute set in step with attribute set
Subset in the U of domain;Kw is the character string that user specifies, and is indicated with 01 binary system byte;SKTAIt is close for generating the end TA of SK
Key, SKTAAlso referred to as local key, and OKKGCSPIt is the end the KGCSP key SK for generating SKKGCSP, SK=(SKTA,
SKKGCSP);Kw is the keyword used when decryption person inquires magnanimity ciphertext data;
E. message M is encrypted according to system public parameter PK, attribute set ω, obtains ciphertext CT, and use keyword
KW generates the index IX (KW) of ciphertext;Wherein, attribute set ω is a subset in Attribute domain U;Message M is crowd G2In
One element;The keyword that the KW representative information owner selects the message of oneself;
F. according to system public parameter PK, trapdoor TkwOutsourcing decryption oprerations, generating portion decryption are carried out to initial ciphertext CT
Ciphertext QCT, and keyword KW matching operation is carried out to index IX (KW), the KW representative information owner selects the message of oneself
Keyword, if it succeeds, the ciphertext of part decryption is sent to decryption server;Initial ciphertext CT is pair that step E is generated
It should be in the ciphertext of message M;
G. according to system public parameter PK, local private key SKTACiphertext Q is decrypted to partCTComplete decryption oprerations are carried out, and
Verify whether it is plaintext M corresponding to initial ciphertext CT, if then exporting M, if not then output error message.
Further, in the step A, selected hash function H1It is { 0,1 }*To G1Cryptographic Hash function, Hash
Function H2It is G2To { 0,1 }logpCryptographic Hash function,Expression set 1,2 ..., p-1 };
System public parameter PK is PK=(G1,G2,g,g1,g2,h,h1,h2,h3,h4,h5,H1,H2), system master key MSK
For MSK=x;
Wherein, Attribute domain U is { " baf ", " bar ", " fim1 ", " fim ", " foo " }, access structureFor " baf bar
2 of 3 " of fim1, ciphertext attribute ω collection are combined into { " baf ", " bar " }, and S is the set of the attribute of the condition that meets { ω ∩ A }.
Further, the step B includes:
B1. for possessing access structureUser, randomly select Its
Middle x1It is a part of cipher key pair for generating OKKGCSP, rθIt is a random commitment value;
B2. x is calculated2=x-x1Mould p is calculatedIt calculatesWherein x2It is key
A part of centering is for generating SKTA;
User key is to (OKKGCSP,OKTA) it is (OKKGCSP,OKTA)=(x1, x2), user local private key SKTAFor SKTA=
{dθ0,dθ1}。
Further, the step C includes:
C1. for possessing access structureUser, be access structureIn root node R randomly choose one d-1 times it is more
Item formula q (x), wherein d indicates the secret sharing threshold value of root node R, and q (0)=x1, q (x)=x+q (0);
C2: for access structureIn except root node R each child node i select a di- 1 order polynomial qa, wherein di
Indicate the secret sharing threshold value of node i, and qi(0)=qparent(i)(index (i)), function parent (i) return node i
Order of father node R, function index (i) return node in its father node, finally for each category for belonging to access structure
PropertyIt calculates q (1)=1+q (0), q (2)=2+q (0), q (3)=3+q (0);
C3: for each attribute for belonging to access structureRandomly select ri∈Zp *, calculate
Wherein q (i) represents the corresponding lagrange polynomial of node i;
User's outsourcing private key SKKGCSPFor
Further, the step D includes:
D1. blinding factor is randomly selected
D2. it calculatesCalculating inquiry private key QK is
D3. search private key T is calculatedqIt (kw) is Tq(kw)=H1(kw)QKu, I=(I is seti0=di0,Ii1=di1);Wherein,
I is used to construct d a part in trapdoor, is different from SK hereKGCSPAnd only it is used as setting;
The trapdoor of user is Tkw=(Tq(kw),I,D1)。
Further, the step E includes:
E1. secret value s ∈ Z is randomly selectedp *, cleartext information M ∈ G2;
E2. C is calculated0=Me (g1,g2)s∈G2, C1=gs∈G1, Cθ=(g1h)s∈G1, in each attribute set ω
Element i calculate Ci=(g1hi)s, obtain ciphertext CT=(ω ∪ { θ }, C0,C1,{Ci}i∈ω',Cθ);
E3. keyword kw is chosen0=" keyword " calculates k0=e (g1,g2)s·e(g,H1(kw0))s∈G2;K0=H2
(k0)∈{0,1}logp, K is set1=C1=gs∈G1, K2=Cθ=(g1h)s∈G1;Wherein, k0It is to keyword kw0In encryption
Between be worth, K0K1K2Only as the member of formation of ciphertext index;
The corresponding index of ciphertext is IX (KW)=(K1,K2,K0), ciphertext index is uploaded to (CT, IX (kw0))。
Further, the step F includes:
F1. it calculatesObtain part decryption ciphertext;
F2. it calculates
F3. H is verified2(k)=H2(kkw) whether equal, user is sent to if matching.
Further, the step G includes:
G1. it calculatesIf successful decryption exports message M, otherwise output error message.
After adopting the above scheme, the present invention is guaranteeing that key generation cloud service provider cannot be with the situation under user's collusion
Under, the method for giving the generation of attribute authority outsourcing key gives user's outsourcing decryption ciphertext and to ciphertext key search
Method it is more efficient more accurately to obtain oneself while so that user and attribute authority greatly reduce communication cost
Desired ciphertext, so that even if similarly can be used in the equipment of Bandwidth-Constrained.Therefore the present invention is a kind of new safety
Efficient encryption method.
Detailed description of the invention
Fig. 1 be it is of the present invention can keyword search outsourcing key generate and decryption attribute based system signal
Figure.
Fig. 2 be it is of the present invention can keyword search outsourcing key generate and decryption attribute based system process
Figure.
Specific embodiment
Technical solution of the present invention is described in further detail with reference to the accompanying drawing:
It is of the present invention can keyword search outsourcing key generate and decryption attribute based system can be based on Bilinear map
It realizes, is briefly described below the related notion of Bilinear map and the property of required satisfaction:
Enable G1、G2It is the multiplicative cyclic group that rank is p, wherein p is prime number, and g is G1Generation member.Assuming that G1And G2The two groups
On discrete logarithm problem be all difficult problem.Define the bilinear map on group are as follows: e:G1×G1→G2, and meet following
Property:
1. bilinearity .e (ua,vb)=e (u, v)ab, to all u, v ∈ G1, a, b ∈ Zp *With g ∈ G1Set up.
2. non-degeneracy .e (u, v) ≠ 1, wherein 1 is GTIdentical element, there are u, v ∈ G1。
3. there are efficient algorithms by computability to calculate e (u, v), to all u, v ∈ G1。
The entity of the method for the invention design includes: open parameter setting service device, data owner, user, user
Private key generates server, outsourcing private key for user generates server, trapdoor generates server, encryption server, decrypts server, is outer
Packet decryption server.
Referring to attached drawing 1, system of the present invention include: open parameter setting service device A, private key for user generate server B,
Outsourcing private key for user generates server C, trapdoor generates server D, encryption server E, outsourcing decryption server F, decryption service
Device G;
MSK is sent to by open parameter setting service device A for generating system master key MSK and system public parameter PK
Private key for user generates server B, and system public parameter is sent to private key for user and generates server B, the generation of outsourcing private key for user
Server C, trapdoor generate server D, encryption server E, outsourcing decryption server F, decryption server G;
Private key for user generates server B, generates a pair of secret keys to (OKKGCSP,OKTA) and local user's private key SKTA, and
By outsourcing key part OKTAIt is sent to outsourcing private key for user and generates server C, be finally integrated into a complete private key for user SK
=(SKKGCSP,SKTA);
Outsourcing private key for user generates server C, generates outsourcing private key for user SKTA, it is sent to private key for user and generates server
B;
Trapdoor generates server D, and user is assisted to generate inquiry private key QK and trapdoor Tkw;
Encryption server E generates corresponding ciphertext CT and key word index IX (KW) to message M encryption, and is sent to
Server F is decrypted to outsourcing;
Server F is decrypted in outsourcing, is carried out outer packet portion to the ciphertext for meeting user right and is decrypted QCTAnd it is submitted using user
Trapdoor TkwMatched ciphertext CT is searched for, if keyword match success, by the ciphertext Q of part decryptionCTIt is sent to ciphertext CT
Decrypt server;
Server G is decrypted, the ciphertext of part decryption is decrypted to restore outbound message M.
Referring to attached drawing 2, the solution of the present invention is realized using JPBC and introduces specific steps of the invention:
The disclosure parameter setting service device A executes following steps:
A1. choosing rank isp=730750818665451621361119245571504901405976559617 multiplication
Cyclic group G1, GTAnd bilinear map e:G1×G1→GT(calculating of bilinear map is described in detail in the text);
A2. G is randomly selected1A generation member
G=103115435933936452134304505891004073159520905969758408 42733029794
2995132581069901602117983347687451955187460472600772521150594662250395233355
7370545686961,83845705990382906555658456584446919804047046297597590634597034
2375104803893345459514735030937252912270760309148803241712242741177063460775
755489219242211,0 and G1Seven elements
g2=29,969,563,135,728,184,863,052,237,263,403,381,705,159,500,732,095,790,607 17955111
3792822160379872041281462425336580084905984973450652957356603257741229808542
72929310654612,5345747197836944684948985484995155810347782381089903177163911
6273232086801113008428915902712771016264396409594779377722439148567200651232
95911416266703665,0,
H=533102797664979259835067882298746017262825325205235651 49245438207
1766985101800934399715537973941615729335501829416913307756155981224306553882
1648927618698,76650655268305399588765501072575467802594619801093005041859001
3755865673013298972827320996977410668175417989126020417465983808570767778949
9457663645711569,0,
h1=14,493,042,655,681,709,042,456,979,405,752,533,605,973,905,059,112,475,571 24850089
6492416762427920368280977579202781872494800917183801544399582271640891433623
32511788828754,7778323310885608199500550091935388348779405458706021205192208
2490590408829390914709074157645693004891490141727575235510559894971970113021
2945850164923168,0,
h2=42,893,721,333,757,569,577,645,791,856,088,130,431,080,278,201,360,021,514 98691228
4149044559439388388282145982020446251841764797554578982852377843111151468527
95599980559190,3672790579318317189793202008882114583565040477404726869351974
7759438940352418754236876803847205170333017818474177839068976219299640197766
20059278695746339,0,
h3=33,157,495,025,566,071,566,322,512,537,338,147,235,770,035,952,747,898,524 39029977
2999021691770476763639498876481553644180317359373581586570702187284647773148
24404125312665,3810126980677050577665570787152367499993559284631188912132189
4118971048887617669361218238301239058873783207114299833089926489056392552949
87793678363005147,0,
h4=51,867,249,499,445,135,190,574,229,692,070,953,975,739,246,338,930,266,547 01566587
4125284103427430105130542140053240218374561163465244673580873411755544036457
47161591161202,6235711583461873475318650759529776817647420015276548955469436
4446659556251835235699816250721892842544415119028198054269334310101255206231
97848844562156042,0,
h5=61,769,857,542,743,911,309,822,801,174,388,790,452,836,225,363,498,159,072 64884738
2544125240386751657983740465030842059875852761623741895245246605842453512107
93522918275495,5384109696640937973965149992328416891057231174540982006885136
9481222092595668720555389690757461646586960921001044855693346681715397432973
45930982240443576,0 randomly select groupElement
X=669812803067698262930111597907784963319333126830 chooses two impact resistant
Hash function H1:{0,1}*→G1、H2:G2→{0,1}logp;
A3. it calculates
g1=gx=47,969,397,794,319,767,872,768,975,230,691,937,232,005,133,932,129,084,162 88786
8182478634751704780735148074284626283393100656051251805005550724794680353633
94418789700628822,2462580809524776969076579526786222324068760241961058309901
0563891370115886863495755079792236939640752388570438008839038360360218912622
07091994852650600253,0;
In above-mentioned steps A2, selected hash function H1It is { 0,1 }*To G1Cryptographic Hash function, hash function H2It is
G2To { 0,1 }logpCryptographic Hash function,Expression set 1,2 ..., p-1 }.
System public parameter PK is PK=(G1,G2,g,g1,g2,h,h1,h2,h3,h4,h5,H1,H2), system master key MSK
For MSK=x.
It indicates for convenience herein, our Attribute domain U is { " baf ", " bar ", " fim1 ", " fim ", " foo " }, access
StructureFor " baf bar fim1 2of3 ", ciphertext attribute ω collection is combined into { " baf ", " bar " }, and S is the condition that meets { ω ∩ A }
Attribute set.
Private key for user generates server B and executes following steps:
B1. for possessing access structureUser, randomly select
x1∈ZP *=428732144815122518988285519266275301542788327758,
rθ∈Zp *=628995706652160343400399383347701737840882048950;
B2. it calculates
x2=x-x1Mould p=241080658252575743941826078641509661776544799072,
It calculates
It calculates
User key is to (OKKGCSP,OKTA) it is (OKKGCSP,OKTA)=(x1, x2), user local private key SKTAFor SKTA=
{dθ0,dθ1}。
Outsourcing private key for user generates server C and executes following steps:
C1. for possessing access structureUser, be access structureIn root node R randomly choose one d-1 times
Multinomial q (x), wherein d indicates the secret sharing threshold value of root node R, and q (0)=x1, q (x)=x+q (0);
C2: for access structureIn except root node R each child node i select a di- 1 order polynomial qa,
Wherein, diIndicate the secret sharing threshold value of node i, and qi(0)=qparent(i)(index (i)), function
Order of father node R, function index (i) return node of parent (i) return node i in its father node, finally for every
A attribute for belonging to access structureIt calculates q (1)=1+q (0), q (2)=2+q (0), q (3)=3+q (0);
C3: r is randomly selected for each attribute for belonging to access structurei∈Zp *, calculate
Wherein
r1=328522665943500109354942429016051439658605574316,
r2=520713677076623573970852203894904602847218187281,
r3=458541357356566306056619868665681094034250512554,
User's outsourcing private key SKKGCSP is
Trapdoor generates server D and executes following steps:
D1. it randomly selects
D2. it calculates
Calculating inquiry private key QK is
D3. search private key T is calculatedq(kw) it is
Tq(kw)=H1(kw)QKu=56990463260716964235054496783342206359548760394855
7815482537584219349971576858204223459004987731097556488188086571409771543126
7379171646687297217534309333,17087027416817846639833409148173466443991738668
5708331240634677930920777947782884387378570371489789770848734494527492315391
6747784543373176377243648758679,0,
I=(I is seti0=di0,Ii1=di1);
The trapdoor of user is Tkw=(Tq(kw),I,D1)。
Encryption server E executes following steps:
E1. secret value is randomly selected
s∈Zp *=127646386969357970388879198350607449573579297363,
Cleartext information M ∈ G2=
{ x=571146304485721359448640629486994977269480783208762768 4848231815
6003790441855939444464589609235113757641545717980119392304540669855999647896
04020092113964, y=610448276339820892791234596961527456755724802443468049 1129
8438427895390601952471583262968553777186767691532524138737666885732561305970
16227487334355139519};
E2. it calculates
C0=Me (g1,g2)s={ x=4579937297282901003772824603212181217571112007589
6611024472033537735078435692527953539329238059899844511271582563645337920243
96016388985778569042038021107, y=5621414109330008717086133347651409884254009
3163449712058154922363585471161582826014423326740567977617978460952194703539
13706242212190527270387601457759946},
C1=gs=42,119,453,089,205,088,168,589,604,999,308,211,672,476,502,380,299,592,327 26501
3385367859333636375558440640007706969191603097358039426434229499855200549900
22375780304132231,6070398446482108713305607487559399517650432365117379077567
9509810492945603735866537644559743094313026421196552636028806854303977158575
64465187538849567535,0,
Cθ=(g1h)s=81,501,022,482,990,958,674,552,774,300,375,736,619,619,462,845,103,910,373 1
1232160539404136443688173022493769638905413080568414179528196642346582241805
646095883157893541607,213573795529836709319425700902151134074703500553519070
4265199605957036428674080698313978119195847487760274430304866734667390685658
476357395368820261041291,0,
Element i in each attribute set ω is calculated
Ci0=(g1hi0)s=6702769949655652491359617480443446857473401320489147395
3350595904867118258066993606481803401348591823982561350579043639615904676599
10113340181261743446883,3946291599871531519753923648755744952141536509026890
3727654995025630015796193763443158884158573518491025068182183436919018964590
44760904817691269925880207,0,
Ci1=(g1hi1)s=2855579605084327704569126521109520128240121260467259033
3994158387984539297704983533879890879716198211018848758697931900433250733174
2929947875743673826359,77641310179825497046507247501691390714218760698636577
2085146694508619777513060242499135617069061907028895787016256880604423348962
0202235367229188411666813,0
Obtain ciphertext CT=(ω ∪ { θ }, C0,C1,{Ci}i∈ω',Cθ);
E3. keyword kw is chosen0=" keyword " is calculated
H1(kw0)=45,329,154,377,060,642,504,816,861,511,255,438,475,424,932,319,157,816,743 2238
52173739247023664,0,1,
k0=e (g1, g2)sE (g, H1(kw0))s={ x=631817441594082422516025116187823069
2337208824001192000577071811730387677627232647558934438883039215665352952581
746067153600971665530775350900241570857840, y=575991700979912139656881391589
7045357303340313874717763367800403236076252000589318314568593414336863369159
030911478591370257736199939307720578763136811132},
K0=H2(k0)=c08cf969d1a7278c03a72cff5b17965b,
Setting
K1=C1=gs=42,119,453,089,205,088,168,589,604,999,308,211,672,476,502,380,299,592,327 2
6501338536785933363637555844064000770696919160309735803942643422949985520054
990022375780304132231,607039844648210871330560748755939951765043236511737907
7567950981049294560373586653764455974309431302642119655263602880685430397715
857564465187538849567535,0,
K2=Cθ=(g1h)s=81501022482990958674552774300375736619619462845103910
3731123216053940413644368817302249376963890541308056841417952819664234658224
1805646095883157893541607,21357379552983670931942570090215113407470350055351
9070426519960595703642867408069831397811919584748776027443030486673466739068
5658476357395368820261041291,0。
The corresponding index of ciphertext is IX (KW)=(K1,K2,K0), ciphertext index is uploaded to (CT, IX (kw0)).Outsourcing decryption
Server F executes following steps:
F1. it calculates
Obtain part decryption ciphertext;
F2. it calculates
F3. H is verified2(k)=H2(kkw) whether equal,
H2(k)=c08cf969d1a7278c03a72cff5b17965b,
H2(kkw)=c08cf969d1a7278c03a72cff5b17965b, it is clear that it is equal, therefore ciphertext is decrypted into part
Decryption server G is sent to ciphertext to be decrypted completely
It decrypts server G and executes following steps:
G1. it calculates
Successful decryption exports message M, otherwise output error message.
It is above that only the preferred embodiment of the present invention is described.Those skilled in the art are come
It says, other advantage and deformation can be easily associated according to embodiment of above.Therefore, the invention is not limited to upper
Embodiment is stated, detailed, exemplary explanation is carried out to a kind of form of the invention as just example.Without departing substantially from this hair
In the range of bright objective, what those of ordinary skill in the art carried out in the aspects of the technology of the present invention usually changes and replaces
It changes, should all be included within protection scope of the present invention.
Claims (3)
1. one kind can keyword search outsourcing key generate and decryption attribute based system decryption method, it is characterised in that:
Use can the outsourcing key of keyword search generate and the attribute based system of decryption includes open parameter setting service device, user
Private key generates server, outsourcing private key for user generates server, trapdoor generates server, encryption server, outsourcing decryption service
Device, decryption server;
Open parameter setting service device is responsible for generation system master key and open parameter, by open parameter be sent to system other
Part;
Outsourcing private key for user generates server, generates outsourcing private key for user, is sent to private key for user and generates server;
Trapdoor generates server, and user is assisted to generate inquiry private key and trapdoor;
Encryption server generates corresponding ciphertext and key word index to message encryption, and sends it to outsourcing decryption service
Device;
Server is decrypted in outsourcing, is carried out outer packet portion decryption to the ciphertext for meeting user right and is searched using the trapdoor that user submits
The ciphertext of part decryption is sent to decryption server if keyword match success by the matched ciphertext of rope;
Server is decrypted, the ciphertext of part decryption is decrypted to restore outbound message;
The decryption method includes the following steps:
A. system public parameter PK and system master key MSK is set;Wherein step A further comprises,
A1. the multiplicative cyclic group G that rank is p is chosen1, G2And bilinear map e:G1×G1→G2;
A2. it randomly selects and generates member g ∈ G1With element g2,h,h1,h2,h3,h4,h5∈G1, wherein each element i in Attribute domain U
Corresponding to hi, randomly select elementWhereinIt indicates set { 1,2 ..., p-2, p-1 }, chooses the Kazakhstan of two impact resistant
Uncommon function H1:{0,1}*→G1、H2:G2→{0,1}logp;I value is 1 to 5;
A3. g is calculated1=gx;
B. according to system public parameter PK, system master key MSK and access structureGenerate the key pair (OK of userKGCSP,
OKTA), wherein OKTAFor generating local key SKTA, OKKGCSPFor generating outsourcing key;
C. according to system public parameter PK, access structureOKKGCSPGenerate the outsourcing private key SK of userKGCSP;
D. according to system public parameter PK, system master key MSK, commitment value qBFAnd access structureGenerate inquiry private key QK, and root
Corresponding search private key and trapdoor T are generated according to keyword kw and private key for user SK and blinding factor BFkw;Wherein, commitment value qBF
It is a part generation for the blinding factor combination private key that user generates;Access structureHere the son being reduced in Attribute domain
Collection;Blinding factor BF is that user generates at random;Access structureIt is the subset in Attribute domain U;Kw is the character that user specifies
String, is indicated with 01 binary system byte;SKTAIt is the end the TA key for generating SK, the end TA is trusted authorization square end, SKTAAlso it is referred to as
For local key, and OKKGCSPIt is the end the KGCSP key SK for generating SKKGCSP, SK=(SKTA, SKKGCSP);Kw is decryption
The keyword that person uses when inquiring magnanimity ciphertext data;The end KGCSP is that key generates cloud service provider end;
E. message M is encrypted according to system public parameter PK, attribute set ω, obtains initial ciphertext CT, and use keyword
KW generates the index IX (KW) of ciphertext;Wherein, attribute set ω is a subset in Attribute domain U;Message M is crowd G2In
One element;The keyword that the KW representative information owner selects the message of oneself;
F. according to system public parameter PK, trapdoor TkwOutsourcing decryption oprerations are carried out to initial ciphertext CT, generating portion decrypts ciphertext
QCT, and keyword KW matching operation is carried out to index IX (KW), if it succeeds, the ciphertext of part decryption is sent to decryption clothes
Business device;Initial ciphertext CT is the ciphertext corresponding to message M that step E is generated;
G. according to system public parameter PK, local key SKTACiphertext Q is decrypted to partCTComplete decryption oprerations are carried out, and verifying is
No is plaintext M corresponding to initial ciphertext CT, if then exporting M, if not then output error message.
2. decryption method as described in claim 1, which is characterized in that in the step A, selected hash function H1Be 0,
1}*To G1Cryptographic Hash function, hash function H2It is G2To { 0,1 }logpCryptographic Hash function,Expression set 1,
2,...,p-1};
System public parameter PK is PK=(G1,G2,g,g1,g2,h,h1,h2,h3,h4,h5,H1,H2), system master key MSK is MSK
=x;
Wherein, Attribute domain U is { " baf ", " bar ", " fim1 ", " fim ", " foo " }, access structureFor " baf bar
Fim12of3 ", ciphertext attribute set ω are { " baf ", " bar " }.
3. decryption method as claimed in claim 2, which is characterized in that the step B includes:
B1. for possessing access structureUser, randomly select Wherein x1
It is a part of cipher key pair for generating OKKGCSP, rθIt is a random commitment value;
B2. x is calculated2=x-x1Mould p is calculatedIt calculatesWherein x2It is cipher key pair
A part is for generating OKTA;
User key is to (OKKGCSP,OKTA) it is (OKKGCSP,OKTA)=(x1, x2), user local key SKTAFor SKTA={ dθ0,
dθ1}。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510870146.6A CN105323061B (en) | 2015-12-02 | 2015-12-02 | It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510870146.6A CN105323061B (en) | 2015-12-02 | 2015-12-02 | It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN105323061A CN105323061A (en) | 2016-02-10 |
CN105323061B true CN105323061B (en) | 2019-07-12 |
Family
ID=55249722
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510870146.6A Active CN105323061B (en) | 2015-12-02 | 2015-12-02 | It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN105323061B (en) |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105915520B (en) * | 2016-04-18 | 2019-02-12 | 深圳大学 | It can search for file storage, searching method and the storage system of encryption based on public key |
CN106612270A (en) * | 2016-05-20 | 2017-05-03 | 四川用联信息技术有限公司 | Keyword search algorithm based on attribute encryption in cloud computing |
CN106209790B (en) * | 2016-06-28 | 2020-02-07 | 电子科技大学 | Efficient verifiable outsourcing attribute-based encryption method for hidden ciphertext strategy |
CN106301776B (en) * | 2016-08-01 | 2019-04-19 | 河海大学 | A kind of more authorization center outsourcing attribute base encryption methods and system of keyword search |
CN107104982B (en) * | 2017-05-26 | 2019-10-15 | 福州大学 | It can search for encryption system with traitor tracing function in mobile electron medical treatment |
EP3675086B1 (en) * | 2017-09-12 | 2021-10-27 | Mitsubishi Electric Corporation | Registration terminal, search terminal, search server, search system, registration program, and search program |
CN108259517B (en) * | 2018-04-24 | 2021-01-26 | 上海海事大学 | Encryption method for realizing key isolation attribute of ciphertext strategy |
CN109740362B (en) * | 2019-01-03 | 2021-02-26 | 中国科学院软件研究所 | Ciphertext index generation and retrieval method and system based on entropy coding |
CN111431898B (en) * | 2020-03-23 | 2022-06-07 | 齐鲁工业大学 | Multi-attribute mechanism attribute-based encryption method with search function for cloud-assisted Internet of things |
CN111556048B (en) * | 2020-04-26 | 2022-04-01 | 山东师范大学 | Attribute-based secure communication method and system supporting ciphertext mode matching |
CN113794561B (en) * | 2021-09-14 | 2023-06-06 | 山东大学 | Public key searchable encryption method and system |
CN115051802A (en) * | 2022-07-06 | 2022-09-13 | 国网四川省电力公司绵阳供电公司 | Five-prevention lock management system and method |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103731432A (en) * | 2014-01-11 | 2014-04-16 | 西安电子科技大学昆山创新研究院 | Multi-user supported searchable encryption system and method |
CN103944711A (en) * | 2014-02-17 | 2014-07-23 | 国家超级计算深圳中心 | Cloud storage ciphertext retrieval method and system |
CN105007161A (en) * | 2015-06-12 | 2015-10-28 | 电子科技大学 | Fuzzy keyword public key searchable encryption scheme achieving unrecognizable trap door |
-
2015
- 2015-12-02 CN CN201510870146.6A patent/CN105323061B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103731432A (en) * | 2014-01-11 | 2014-04-16 | 西安电子科技大学昆山创新研究院 | Multi-user supported searchable encryption system and method |
CN103944711A (en) * | 2014-02-17 | 2014-07-23 | 国家超级计算深圳中心 | Cloud storage ciphertext retrieval method and system |
CN105007161A (en) * | 2015-06-12 | 2015-10-28 | 电子科技大学 | Fuzzy keyword public key searchable encryption scheme achieving unrecognizable trap door |
Non-Patent Citations (1)
Title |
---|
Fine-Grained Access Control System Based on Outsourced Attribute-Based Encryption;Jin LI,et al.;《Proc.18th European Symposium on Research in Computer Security》;20140516;第592-609页 |
Also Published As
Publication number | Publication date |
---|---|
CN105323061A (en) | 2016-02-10 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN105323061B (en) | It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method | |
CN109922077B (en) | Identity authentication method and system based on block chain | |
CN109614818B (en) | Authorized identity-based keyword search encryption method | |
US8873749B2 (en) | Multi-user searchable encryption system and method with index validation and tracing | |
CN106130716B (en) | Key exchange system and method based on authentication information | |
JP2019535153A (en) | Method and system for quantum key distribution based on trusted computing | |
JP2019507510A (en) | Common secret determination for secure exchange of information and hierarchical and deterministic encryption keys | |
CN111143471B (en) | Ciphertext retrieval method based on blockchain | |
US20170155510A1 (en) | Device for determining a shared key | |
CN112989375B (en) | Hierarchical optimization encryption lossless privacy protection method | |
CN104993931B (en) | The encryption searching method of multi-user in a kind of cloud storage | |
CN108924103B (en) | Identity-based online/offline searchable encryption method for cloud storage | |
CN107547530A (en) | On-line/off-line keyword search methodology and its cloud computing application system based on attribute under mobile cloud environment | |
CN105027492B (en) | For determining equipment, the method and system of shared key | |
CN113905047A (en) | Space crowdsourcing task allocation privacy protection method and system | |
CN110933033A (en) | Cross-domain access control method for multiple Internet of things domains in smart city environment | |
CN104967693A (en) | Document similarity calculation method facing cloud storage based on fully homomorphic password technology | |
CN103873236A (en) | Searchable encryption method and equipment thereof | |
US20160099807A1 (en) | Program collation system, node, collation method, and computer-readable medium | |
CN106301776B (en) | A kind of more authorization center outsourcing attribute base encryption methods and system of keyword search | |
CN114826703A (en) | Block chain-based data search fine-grained access control method and system | |
CN105721146A (en) | Big data sharing method for cloud storage based on SMC | |
CN109274659B (en) | Certificateless online/offline searchable ciphertext method | |
CN114021006A (en) | Multi-dimensional data security query method and device | |
CN113836571A (en) | Method and system for matching positions of medical data owning terminals based on cloud and block chains |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |