CN105323061B - It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method - Google Patents

It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method Download PDF

Info

Publication number
CN105323061B
CN105323061B CN201510870146.6A CN201510870146A CN105323061B CN 105323061 B CN105323061 B CN 105323061B CN 201510870146 A CN201510870146 A CN 201510870146A CN 105323061 B CN105323061 B CN 105323061B
Authority
CN
China
Prior art keywords
user
key
decryption
server
ciphertext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201510870146.6A
Other languages
Chinese (zh)
Other versions
CN105323061A (en
Inventor
李继国
林啸楠
张亦辰
李非非
王瑶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hohai University HHU
Original Assignee
Hohai University HHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hohai University HHU filed Critical Hohai University HHU
Priority to CN201510870146.6A priority Critical patent/CN105323061B/en
Publication of CN105323061A publication Critical patent/CN105323061A/en
Application granted granted Critical
Publication of CN105323061B publication Critical patent/CN105323061B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The present invention provide it is a kind of can the outsourcing key of keyword search generate and the attribute based system of decryption.Present system includes: open parameter setting service device, private key for user generates server, outsourcing private key for user generates server, trapdoor generates server, encryption server, outsourcing decryption server, decryption server.Open parameter setting service device is responsible for generation system master key and open parameter;Private key for user generates server and generates key pair and local user's private key;Outsourcing private key for user generates server and generates outsourcing private key for user;Trapdoor generates server and user is assisted to generate inquiry private key and trapdoor;Encryption server generates corresponding ciphertext and key word index to message encryption;Outsourcing decrypts server and carries out the matched ciphertext of trapdoor search that outer packet portion is decrypted and user is used to submit to the ciphertext for meeting user right;The ciphertext of part decryption is decrypted to restore outbound message in decryption server.The present invention provides the methods of the matched ciphertext of search key.

Description

It is a kind of can keyword search outsourcing key generate and decryption attribute based system and solution Decryption method
Technical field
The invention belongs to information security fields, are related to the data encryption technology of network security, and particularly relating to one kind can be crucial The outsourcing key of word search generates and the attribute based system and decryption method of decryption.
Background technique
The fine granularity access and control to encryption data may be implemented in encryption method tool based on attribute.Attribute base encryption side Method mainly includes two types, is policy attribute base encryption method and ciphertext policy ABE base encryption method respectively.In key plan Slightly in attribute base encryption method, private key for user is associated with an access structure, and ciphertext is associated with an attribute set, when And if only if it is bright that user can decrypt acquisition when meeting the access structure of private key for user with the associated attribute set of ciphertext Text.The incidence relation of access structure and attribute set is on the contrary in ciphertext policy ABE base encryption method.
It is more prevalent using the function mode of computing capability as a kind of resource in cloud computing with the rapid development of cloud computing Get up.This function mode enable to the user on network can this computing resource of acquisition quickly and easily, while This resource can rapidly be discharged.This enable us to be accessed according to the demand of itself provided in server it is various each It is sample, resourceful, conveniently service.
Although these advantages of cloud service provider make it the strong tools for operating user data in a cloud computing, However its major defect must not get the brush-off: key generates and calculating cost the answering with access structure of decryption phase Polygamy linear increase, this is a fatal application bottleneck for resource-constrained mobile device (such as cell phone apparatus). It is generated by using the outsourcing key based on attribute, decryption system can largely reduce attribute authority and generate private key to user And user's access stores the computational efficiency of data beyond the clouds with ciphertext form.But with the data bulk grade being stored in the cloud Ground is incremented by, and how efficiently to find user's specified data from a large amount of storages data beyond the clouds and has become and has to face Problem.User not only needs to obtain data from cloud, it is also necessary to recording controller be arranged, only obtain designated key to reach The function of the data of word.
Based on the above analysis, the present inventor for the existing public key cryptography scheme that can search for and outsourcing KP-ABE scheme into Row Improvement combines, thus the present invention generates.
Summary of the invention
It is an object of the present invention to provide it is a kind of can the outsourcing key of keyword search generate and the attribute base of decryption System and decryption method, the present invention will can search for encipherment scheme and outsourcing encipherment scheme system combines, and providing one kind can close The outsourcing key of key word search generates and the attribute based system and decryption method of decryption.Benefit from the reduction that can search for encipherment scheme The decryption of user's download and unwanted ciphertext calculates, method proposed by the invention not only allow CP-ABE can resource by It is able in the equipment of limit using and it is effective beyond the clouds according to keyword search ciphertext method, outsourcing to be supplied to user one The application of attribute base encryption and decryption scheme is so that entire method is suitable for the equipment of Bandwidth-Constrained.
The purpose of the present invention is to provide it is a kind of can the outsourcing key of keyword search generate and the attribute based system of decryption And decryption method, the calculating cost of attribute authority and user terminal is reduced, expensive calculating is contracted out to Cloud Server and is provided Person (CSP) goes to handle, and in the ciphertext of CSP storage, searches for ciphertext pair according to the encrypted keyword that user submits The index answered, so that efficiently finding user specifies the ciphertext to be checked.
In order to achieve the above objectives, solution of the invention is:
It is a kind of can the outsourcing key of keyword search generate and the attribute based system of decryption, it is characterised in that: including open Parameter setting service device, private key for user generate server, outsourcing private key for user generates server, trapdoor generates server, encryption Server, outsourcing decryption server, decryption server;
Open parameter setting service device, is responsible for generation system master key and open parameter, open parameter be sent to system its His part;Private key for user generates server, generates a pair of secret keys pair and local user's private key, and outsourcing is generated private component It sends;
Server, which is generated, to outsourcing private key for user is finally integrated into a complete private key for user;
Outsourcing private key for user generates server, generates outsourcing private key for user, is sent to private key for user and generates server;
Trapdoor generates server, and user is assisted to generate inquiry private key and trapdoor;
Encryption server generates corresponding ciphertext and key word index to message encryption, and sends it to outsourcing decryption Server;Server is decrypted in outsourcing, is decrypted to the outer packet portion of ciphertext progress for meeting user right and is used falling into for user's submission Door search;
The ciphertext of part decryption and ciphertext are sent to decryption server if keyword match success by matched ciphertext;
Server is decrypted, the ciphertext of part decryption is decrypted to restore outbound message.
And based on it is above-mentioned can keyword search outsourcing key generate and decryption attribute based system decryption method, including Following steps:
A. system public parameter PK and system master key MSK is set;Wherein step A further comprises,
A1. the multiplicative cyclic group G that rank is p is chosen1, G2And bilinear map e:G1×G1→G2
A2. it randomly selects and generates member g ∈ G1With element g2,h,h1,h2,h3,h4,h5∈G1, wherein each of Attribute domain U Element i corresponds to hi, randomly select element, whereinIt indicates set { 1,2 ..., p-2, p-1 }, chooses two and anti-touch The hash function H hit1:{0,1}*→G1、H2:G2→{0,1}logp
A3. g is calculated1=gx
B. according to system public parameter PK, system master key MSK and access structureGenerate the key pair (OK of userKGCSP, OKTA), wherein OKTAFor generating local key SKTA, OKKGCSPFor generating outsourcing key;
C. according to system public parameter PK, access structureOutsourcing key OKKGCSPGenerate the outsourcing private key of user SKKGCSP
D. according to system public parameter PK, system master key MSK, commitment value qBFAnd access structureGenerate inquiry private key QK, and corresponding search private key and trapdoor T are generated according to keyword kw and private key for user SK and blinding factor BFkw;Wherein, it holds Promise value qBFIt is a part generation for the blinding factor combination private key that user generates;Access structureHere it is reduced in Attribute domain Subset;Blinding factor BF is that user generates at random;Access structureIt is all the attribute set in step with attribute set Subset in the U of domain;Kw is the character string that user specifies, and is indicated with 01 binary system byte;SKTAIt is close for generating the end TA of SK Key, SKTAAlso referred to as local key, and OKKGCSPIt is the end the KGCSP key SK for generating SKKGCSP, SK=(SKTA, SKKGCSP);Kw is the keyword used when decryption person inquires magnanimity ciphertext data;
E. message M is encrypted according to system public parameter PK, attribute set ω, obtains ciphertext CT, and use keyword KW generates the index IX (KW) of ciphertext;Wherein, attribute set ω is a subset in Attribute domain U;Message M is crowd G2In One element;The keyword that the KW representative information owner selects the message of oneself;
F. according to system public parameter PK, trapdoor TkwOutsourcing decryption oprerations, generating portion decryption are carried out to initial ciphertext CT Ciphertext QCT, and keyword KW matching operation is carried out to index IX (KW), the KW representative information owner selects the message of oneself Keyword, if it succeeds, the ciphertext of part decryption is sent to decryption server;Initial ciphertext CT is pair that step E is generated It should be in the ciphertext of message M;
G. according to system public parameter PK, local private key SKTACiphertext Q is decrypted to partCTComplete decryption oprerations are carried out, and Verify whether it is plaintext M corresponding to initial ciphertext CT, if then exporting M, if not then output error message.
Further, in the step A, selected hash function H1It is { 0,1 }*To G1Cryptographic Hash function, Hash Function H2It is G2To { 0,1 }logpCryptographic Hash function,Expression set 1,2 ..., p-1 };
System public parameter PK is PK=(G1,G2,g,g1,g2,h,h1,h2,h3,h4,h5,H1,H2), system master key MSK For MSK=x;
Wherein, Attribute domain U is { " baf ", " bar ", " fim1 ", " fim ", " foo " }, access structureFor " baf bar 2 of 3 " of fim1, ciphertext attribute ω collection are combined into { " baf ", " bar " }, and S is the set of the attribute of the condition that meets { ω ∩ A }.
Further, the step B includes:
B1. for possessing access structureUser, randomly select Its Middle x1It is a part of cipher key pair for generating OKKGCSP, rθIt is a random commitment value;
B2. x is calculated2=x-x1Mould p is calculatedIt calculatesWherein x2It is key A part of centering is for generating SKTA
User key is to (OKKGCSP,OKTA) it is (OKKGCSP,OKTA)=(x1, x2), user local private key SKTAFor SKTA= {dθ0,dθ1}。
Further, the step C includes:
C1. for possessing access structureUser, be access structureIn root node R randomly choose one d-1 times it is more Item formula q (x), wherein d indicates the secret sharing threshold value of root node R, and q (0)=x1, q (x)=x+q (0);
C2: for access structureIn except root node R each child node i select a di- 1 order polynomial qa, wherein di Indicate the secret sharing threshold value of node i, and qi(0)=qparent(i)(index (i)), function parent (i) return node i Order of father node R, function index (i) return node in its father node, finally for each category for belonging to access structure PropertyIt calculates q (1)=1+q (0), q (2)=2+q (0), q (3)=3+q (0);
C3: for each attribute for belonging to access structureRandomly select ri∈Zp *, calculate Wherein q (i) represents the corresponding lagrange polynomial of node i;
User's outsourcing private key SKKGCSPFor
Further, the step D includes:
D1. blinding factor is randomly selected
D2. it calculatesCalculating inquiry private key QK is
D3. search private key T is calculatedqIt (kw) is Tq(kw)=H1(kw)QKu, I=(I is seti0=di0,Ii1=di1);Wherein, I is used to construct d a part in trapdoor, is different from SK hereKGCSPAnd only it is used as setting;
The trapdoor of user is Tkw=(Tq(kw),I,D1)。
Further, the step E includes:
E1. secret value s ∈ Z is randomly selectedp *, cleartext information M ∈ G2
E2. C is calculated0=Me (g1,g2)s∈G2, C1=gs∈G1, Cθ=(g1h)s∈G1, in each attribute set ω Element i calculate Ci=(g1hi)s, obtain ciphertext CT=(ω ∪ { θ }, C0,C1,{Ci}i∈ω',Cθ);
E3. keyword kw is chosen0=" keyword " calculates k0=e (g1,g2)s·e(g,H1(kw0))s∈G2;K0=H2 (k0)∈{0,1}logp, K is set1=C1=gs∈G1, K2=Cθ=(g1h)s∈G1;Wherein, k0It is to keyword kw0In encryption Between be worth, K0K1K2Only as the member of formation of ciphertext index;
The corresponding index of ciphertext is IX (KW)=(K1,K2,K0), ciphertext index is uploaded to (CT, IX (kw0))。
Further, the step F includes:
F1. it calculatesObtain part decryption ciphertext;
F2. it calculates
F3. H is verified2(k)=H2(kkw) whether equal, user is sent to if matching.
Further, the step G includes:
G1. it calculatesIf successful decryption exports message M, otherwise output error message.
After adopting the above scheme, the present invention is guaranteeing that key generation cloud service provider cannot be with the situation under user's collusion Under, the method for giving the generation of attribute authority outsourcing key gives user's outsourcing decryption ciphertext and to ciphertext key search Method it is more efficient more accurately to obtain oneself while so that user and attribute authority greatly reduce communication cost Desired ciphertext, so that even if similarly can be used in the equipment of Bandwidth-Constrained.Therefore the present invention is a kind of new safety Efficient encryption method.
Detailed description of the invention
Fig. 1 be it is of the present invention can keyword search outsourcing key generate and decryption attribute based system signal Figure.
Fig. 2 be it is of the present invention can keyword search outsourcing key generate and decryption attribute based system process Figure.
Specific embodiment
Technical solution of the present invention is described in further detail with reference to the accompanying drawing:
It is of the present invention can keyword search outsourcing key generate and decryption attribute based system can be based on Bilinear map It realizes, is briefly described below the related notion of Bilinear map and the property of required satisfaction:
Enable G1、G2It is the multiplicative cyclic group that rank is p, wherein p is prime number, and g is G1Generation member.Assuming that G1And G2The two groups On discrete logarithm problem be all difficult problem.Define the bilinear map on group are as follows: e:G1×G1→G2, and meet following Property:
1. bilinearity .e (ua,vb)=e (u, v)ab, to all u, v ∈ G1, a, b ∈ Zp *With g ∈ G1Set up.
2. non-degeneracy .e (u, v) ≠ 1, wherein 1 is GTIdentical element, there are u, v ∈ G1
3. there are efficient algorithms by computability to calculate e (u, v), to all u, v ∈ G1
The entity of the method for the invention design includes: open parameter setting service device, data owner, user, user Private key generates server, outsourcing private key for user generates server, trapdoor generates server, encryption server, decrypts server, is outer Packet decryption server.
Referring to attached drawing 1, system of the present invention include: open parameter setting service device A, private key for user generate server B, Outsourcing private key for user generates server C, trapdoor generates server D, encryption server E, outsourcing decryption server F, decryption service Device G;
MSK is sent to by open parameter setting service device A for generating system master key MSK and system public parameter PK Private key for user generates server B, and system public parameter is sent to private key for user and generates server B, the generation of outsourcing private key for user Server C, trapdoor generate server D, encryption server E, outsourcing decryption server F, decryption server G;
Private key for user generates server B, generates a pair of secret keys to (OKKGCSP,OKTA) and local user's private key SKTA, and By outsourcing key part OKTAIt is sent to outsourcing private key for user and generates server C, be finally integrated into a complete private key for user SK =(SKKGCSP,SKTA);
Outsourcing private key for user generates server C, generates outsourcing private key for user SKTA, it is sent to private key for user and generates server B;
Trapdoor generates server D, and user is assisted to generate inquiry private key QK and trapdoor Tkw
Encryption server E generates corresponding ciphertext CT and key word index IX (KW) to message M encryption, and is sent to Server F is decrypted to outsourcing;
Server F is decrypted in outsourcing, is carried out outer packet portion to the ciphertext for meeting user right and is decrypted QCTAnd it is submitted using user Trapdoor TkwMatched ciphertext CT is searched for, if keyword match success, by the ciphertext Q of part decryptionCTIt is sent to ciphertext CT Decrypt server;
Server G is decrypted, the ciphertext of part decryption is decrypted to restore outbound message M.
Referring to attached drawing 2, the solution of the present invention is realized using JPBC and introduces specific steps of the invention:
The disclosure parameter setting service device A executes following steps:
A1. choosing rank isp=730750818665451621361119245571504901405976559617 multiplication Cyclic group G1, GTAnd bilinear map e:G1×G1→GT(calculating of bilinear map is described in detail in the text);
A2. G is randomly selected1A generation member
G=103115435933936452134304505891004073159520905969758408 42733029794 2995132581069901602117983347687451955187460472600772521150594662250395233355 7370545686961,83845705990382906555658456584446919804047046297597590634597034 2375104803893345459514735030937252912270760309148803241712242741177063460775 755489219242211,0 and G1Seven elements
g2=29,969,563,135,728,184,863,052,237,263,403,381,705,159,500,732,095,790,607 17955111 3792822160379872041281462425336580084905984973450652957356603257741229808542 72929310654612,5345747197836944684948985484995155810347782381089903177163911 6273232086801113008428915902712771016264396409594779377722439148567200651232 95911416266703665,0,
H=533102797664979259835067882298746017262825325205235651 49245438207 1766985101800934399715537973941615729335501829416913307756155981224306553882 1648927618698,76650655268305399588765501072575467802594619801093005041859001 3755865673013298972827320996977410668175417989126020417465983808570767778949 9457663645711569,0,
h1=14,493,042,655,681,709,042,456,979,405,752,533,605,973,905,059,112,475,571 24850089 6492416762427920368280977579202781872494800917183801544399582271640891433623 32511788828754,7778323310885608199500550091935388348779405458706021205192208 2490590408829390914709074157645693004891490141727575235510559894971970113021 2945850164923168,0,
h2=42,893,721,333,757,569,577,645,791,856,088,130,431,080,278,201,360,021,514 98691228 4149044559439388388282145982020446251841764797554578982852377843111151468527 95599980559190,3672790579318317189793202008882114583565040477404726869351974 7759438940352418754236876803847205170333017818474177839068976219299640197766 20059278695746339,0,
h3=33,157,495,025,566,071,566,322,512,537,338,147,235,770,035,952,747,898,524 39029977 2999021691770476763639498876481553644180317359373581586570702187284647773148 24404125312665,3810126980677050577665570787152367499993559284631188912132189 4118971048887617669361218238301239058873783207114299833089926489056392552949 87793678363005147,0,
h4=51,867,249,499,445,135,190,574,229,692,070,953,975,739,246,338,930,266,547 01566587 4125284103427430105130542140053240218374561163465244673580873411755544036457 47161591161202,6235711583461873475318650759529776817647420015276548955469436 4446659556251835235699816250721892842544415119028198054269334310101255206231 97848844562156042,0,
h5=61,769,857,542,743,911,309,822,801,174,388,790,452,836,225,363,498,159,072 64884738 2544125240386751657983740465030842059875852761623741895245246605842453512107 93522918275495,5384109696640937973965149992328416891057231174540982006885136 9481222092595668720555389690757461646586960921001044855693346681715397432973 45930982240443576,0 randomly select groupElement
X=669812803067698262930111597907784963319333126830 chooses two impact resistant Hash function H1:{0,1}*→G1、H2:G2→{0,1}logp
A3. it calculates
g1=gx=47,969,397,794,319,767,872,768,975,230,691,937,232,005,133,932,129,084,162 88786 8182478634751704780735148074284626283393100656051251805005550724794680353633 94418789700628822,2462580809524776969076579526786222324068760241961058309901 0563891370115886863495755079792236939640752388570438008839038360360218912622 07091994852650600253,0;
In above-mentioned steps A2, selected hash function H1It is { 0,1 }*To G1Cryptographic Hash function, hash function H2It is G2To { 0,1 }logpCryptographic Hash function,Expression set 1,2 ..., p-1 }.
System public parameter PK is PK=(G1,G2,g,g1,g2,h,h1,h2,h3,h4,h5,H1,H2), system master key MSK For MSK=x.
It indicates for convenience herein, our Attribute domain U is { " baf ", " bar ", " fim1 ", " fim ", " foo " }, access StructureFor " baf bar fim1 2of3 ", ciphertext attribute ω collection is combined into { " baf ", " bar " }, and S is the condition that meets { ω ∩ A } Attribute set.
Private key for user generates server B and executes following steps:
B1. for possessing access structureUser, randomly select
x1∈ZP *=428732144815122518988285519266275301542788327758,
rθ∈Zp *=628995706652160343400399383347701737840882048950;
B2. it calculates
x2=x-x1Mould p=241080658252575743941826078641509661776544799072,
It calculates
It calculates
User key is to (OKKGCSP,OKTA) it is (OKKGCSP,OKTA)=(x1, x2), user local private key SKTAFor SKTA= {dθ0,dθ1}。
Outsourcing private key for user generates server C and executes following steps:
C1. for possessing access structureUser, be access structureIn root node R randomly choose one d-1 times Multinomial q (x), wherein d indicates the secret sharing threshold value of root node R, and q (0)=x1, q (x)=x+q (0);
C2: for access structureIn except root node R each child node i select a di- 1 order polynomial qa,
Wherein, diIndicate the secret sharing threshold value of node i, and qi(0)=qparent(i)(index (i)), function Order of father node R, function index (i) return node of parent (i) return node i in its father node, finally for every A attribute for belonging to access structureIt calculates q (1)=1+q (0), q (2)=2+q (0), q (3)=3+q (0);
C3: r is randomly selected for each attribute for belonging to access structurei∈Zp *, calculate
Wherein
r1=328522665943500109354942429016051439658605574316,
r2=520713677076623573970852203894904602847218187281,
r3=458541357356566306056619868665681094034250512554,
User's outsourcing private key SKKGCSP is
Trapdoor generates server D and executes following steps:
D1. it randomly selects
D2. it calculates
Calculating inquiry private key QK is
D3. search private key T is calculatedq(kw) it is
Tq(kw)=H1(kw)QKu=56990463260716964235054496783342206359548760394855 7815482537584219349971576858204223459004987731097556488188086571409771543126 7379171646687297217534309333,17087027416817846639833409148173466443991738668 5708331240634677930920777947782884387378570371489789770848734494527492315391 6747784543373176377243648758679,0,
I=(I is seti0=di0,Ii1=di1);
The trapdoor of user is Tkw=(Tq(kw),I,D1)。
Encryption server E executes following steps:
E1. secret value is randomly selected
s∈Zp *=127646386969357970388879198350607449573579297363,
Cleartext information M ∈ G2=
{ x=571146304485721359448640629486994977269480783208762768 4848231815 6003790441855939444464589609235113757641545717980119392304540669855999647896 04020092113964, y=610448276339820892791234596961527456755724802443468049 1129 8438427895390601952471583262968553777186767691532524138737666885732561305970 16227487334355139519};
E2. it calculates
C0=Me (g1,g2)s={ x=4579937297282901003772824603212181217571112007589 6611024472033537735078435692527953539329238059899844511271582563645337920243 96016388985778569042038021107, y=5621414109330008717086133347651409884254009 3163449712058154922363585471161582826014423326740567977617978460952194703539 13706242212190527270387601457759946},
C1=gs=42,119,453,089,205,088,168,589,604,999,308,211,672,476,502,380,299,592,327 26501 3385367859333636375558440640007706969191603097358039426434229499855200549900 22375780304132231,6070398446482108713305607487559399517650432365117379077567 9509810492945603735866537644559743094313026421196552636028806854303977158575 64465187538849567535,0,
Cθ=(g1h)s=81,501,022,482,990,958,674,552,774,300,375,736,619,619,462,845,103,910,373 1 1232160539404136443688173022493769638905413080568414179528196642346582241805 646095883157893541607,213573795529836709319425700902151134074703500553519070 4265199605957036428674080698313978119195847487760274430304866734667390685658 476357395368820261041291,0,
Element i in each attribute set ω is calculated
Ci0=(g1hi0)s=6702769949655652491359617480443446857473401320489147395 3350595904867118258066993606481803401348591823982561350579043639615904676599 10113340181261743446883,3946291599871531519753923648755744952141536509026890 3727654995025630015796193763443158884158573518491025068182183436919018964590 44760904817691269925880207,0,
Ci1=(g1hi1)s=2855579605084327704569126521109520128240121260467259033 3994158387984539297704983533879890879716198211018848758697931900433250733174 2929947875743673826359,77641310179825497046507247501691390714218760698636577 2085146694508619777513060242499135617069061907028895787016256880604423348962 0202235367229188411666813,0
Obtain ciphertext CT=(ω ∪ { θ }, C0,C1,{Ci}i∈ω',Cθ);
E3. keyword kw is chosen0=" keyword " is calculated
H1(kw0)=45,329,154,377,060,642,504,816,861,511,255,438,475,424,932,319,157,816,743 2238 52173739247023664,0,1,
k0=e (g1, g2)sE (g, H1(kw0))s={ x=631817441594082422516025116187823069 2337208824001192000577071811730387677627232647558934438883039215665352952581 746067153600971665530775350900241570857840, y=575991700979912139656881391589 7045357303340313874717763367800403236076252000589318314568593414336863369159 030911478591370257736199939307720578763136811132},
K0=H2(k0)=c08cf969d1a7278c03a72cff5b17965b,
Setting
K1=C1=gs=42,119,453,089,205,088,168,589,604,999,308,211,672,476,502,380,299,592,327 2 6501338536785933363637555844064000770696919160309735803942643422949985520054 990022375780304132231,607039844648210871330560748755939951765043236511737907 7567950981049294560373586653764455974309431302642119655263602880685430397715 857564465187538849567535,0,
K2=Cθ=(g1h)s=81501022482990958674552774300375736619619462845103910 3731123216053940413644368817302249376963890541308056841417952819664234658224 1805646095883157893541607,21357379552983670931942570090215113407470350055351 9070426519960595703642867408069831397811919584748776027443030486673466739068 5658476357395368820261041291,0。
The corresponding index of ciphertext is IX (KW)=(K1,K2,K0), ciphertext index is uploaded to (CT, IX (kw0)).Outsourcing decryption Server F executes following steps:
F1. it calculates
Obtain part decryption ciphertext;
F2. it calculates
F3. H is verified2(k)=H2(kkw) whether equal,
H2(k)=c08cf969d1a7278c03a72cff5b17965b,
H2(kkw)=c08cf969d1a7278c03a72cff5b17965b, it is clear that it is equal, therefore ciphertext is decrypted into part Decryption server G is sent to ciphertext to be decrypted completely
It decrypts server G and executes following steps:
G1. it calculates
Successful decryption exports message M, otherwise output error message.
It is above that only the preferred embodiment of the present invention is described.Those skilled in the art are come It says, other advantage and deformation can be easily associated according to embodiment of above.Therefore, the invention is not limited to upper Embodiment is stated, detailed, exemplary explanation is carried out to a kind of form of the invention as just example.Without departing substantially from this hair In the range of bright objective, what those of ordinary skill in the art carried out in the aspects of the technology of the present invention usually changes and replaces It changes, should all be included within protection scope of the present invention.

Claims (3)

1. one kind can keyword search outsourcing key generate and decryption attribute based system decryption method, it is characterised in that: Use can the outsourcing key of keyword search generate and the attribute based system of decryption includes open parameter setting service device, user Private key generates server, outsourcing private key for user generates server, trapdoor generates server, encryption server, outsourcing decryption service Device, decryption server;
Open parameter setting service device is responsible for generation system master key and open parameter, by open parameter be sent to system other Part;
Outsourcing private key for user generates server, generates outsourcing private key for user, is sent to private key for user and generates server;
Trapdoor generates server, and user is assisted to generate inquiry private key and trapdoor;
Encryption server generates corresponding ciphertext and key word index to message encryption, and sends it to outsourcing decryption service Device;
Server is decrypted in outsourcing, is carried out outer packet portion decryption to the ciphertext for meeting user right and is searched using the trapdoor that user submits The ciphertext of part decryption is sent to decryption server if keyword match success by the matched ciphertext of rope;
Server is decrypted, the ciphertext of part decryption is decrypted to restore outbound message;
The decryption method includes the following steps:
A. system public parameter PK and system master key MSK is set;Wherein step A further comprises,
A1. the multiplicative cyclic group G that rank is p is chosen1, G2And bilinear map e:G1×G1→G2
A2. it randomly selects and generates member g ∈ G1With element g2,h,h1,h2,h3,h4,h5∈G1, wherein each element i in Attribute domain U Corresponding to hi, randomly select elementWhereinIt indicates set { 1,2 ..., p-2, p-1 }, chooses the Kazakhstan of two impact resistant Uncommon function H1:{0,1}*→G1、H2:G2→{0,1}logp;I value is 1 to 5;
A3. g is calculated1=gx
B. according to system public parameter PK, system master key MSK and access structureGenerate the key pair (OK of userKGCSP, OKTA), wherein OKTAFor generating local key SKTA, OKKGCSPFor generating outsourcing key;
C. according to system public parameter PK, access structureOKKGCSPGenerate the outsourcing private key SK of userKGCSP
D. according to system public parameter PK, system master key MSK, commitment value qBFAnd access structureGenerate inquiry private key QK, and root Corresponding search private key and trapdoor T are generated according to keyword kw and private key for user SK and blinding factor BFkw;Wherein, commitment value qBF It is a part generation for the blinding factor combination private key that user generates;Access structureHere the son being reduced in Attribute domain Collection;Blinding factor BF is that user generates at random;Access structureIt is the subset in Attribute domain U;Kw is the character that user specifies String, is indicated with 01 binary system byte;SKTAIt is the end the TA key for generating SK, the end TA is trusted authorization square end, SKTAAlso it is referred to as For local key, and OKKGCSPIt is the end the KGCSP key SK for generating SKKGCSP, SK=(SKTA, SKKGCSP);Kw is decryption The keyword that person uses when inquiring magnanimity ciphertext data;The end KGCSP is that key generates cloud service provider end;
E. message M is encrypted according to system public parameter PK, attribute set ω, obtains initial ciphertext CT, and use keyword KW generates the index IX (KW) of ciphertext;Wherein, attribute set ω is a subset in Attribute domain U;Message M is crowd G2In One element;The keyword that the KW representative information owner selects the message of oneself;
F. according to system public parameter PK, trapdoor TkwOutsourcing decryption oprerations are carried out to initial ciphertext CT, generating portion decrypts ciphertext QCT, and keyword KW matching operation is carried out to index IX (KW), if it succeeds, the ciphertext of part decryption is sent to decryption clothes Business device;Initial ciphertext CT is the ciphertext corresponding to message M that step E is generated;
G. according to system public parameter PK, local key SKTACiphertext Q is decrypted to partCTComplete decryption oprerations are carried out, and verifying is No is plaintext M corresponding to initial ciphertext CT, if then exporting M, if not then output error message.
2. decryption method as described in claim 1, which is characterized in that in the step A, selected hash function H1Be 0, 1}*To G1Cryptographic Hash function, hash function H2It is G2To { 0,1 }logpCryptographic Hash function,Expression set 1, 2,...,p-1};
System public parameter PK is PK=(G1,G2,g,g1,g2,h,h1,h2,h3,h4,h5,H1,H2), system master key MSK is MSK =x;
Wherein, Attribute domain U is { " baf ", " bar ", " fim1 ", " fim ", " foo " }, access structureFor " baf bar Fim12of3 ", ciphertext attribute set ω are { " baf ", " bar " }.
3. decryption method as claimed in claim 2, which is characterized in that the step B includes:
B1. for possessing access structureUser, randomly select Wherein x1 It is a part of cipher key pair for generating OKKGCSP, rθIt is a random commitment value;
B2. x is calculated2=x-x1Mould p is calculatedIt calculatesWherein x2It is cipher key pair A part is for generating OKTA
User key is to (OKKGCSP,OKTA) it is (OKKGCSP,OKTA)=(x1, x2), user local key SKTAFor SKTA={ dθ0, dθ1}。
CN201510870146.6A 2015-12-02 2015-12-02 It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method Active CN105323061B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510870146.6A CN105323061B (en) 2015-12-02 2015-12-02 It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510870146.6A CN105323061B (en) 2015-12-02 2015-12-02 It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method

Publications (2)

Publication Number Publication Date
CN105323061A CN105323061A (en) 2016-02-10
CN105323061B true CN105323061B (en) 2019-07-12

Family

ID=55249722

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510870146.6A Active CN105323061B (en) 2015-12-02 2015-12-02 It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method

Country Status (1)

Country Link
CN (1) CN105323061B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105915520B (en) * 2016-04-18 2019-02-12 深圳大学 It can search for file storage, searching method and the storage system of encryption based on public key
CN106612270A (en) * 2016-05-20 2017-05-03 四川用联信息技术有限公司 Keyword search algorithm based on attribute encryption in cloud computing
CN106209790B (en) * 2016-06-28 2020-02-07 电子科技大学 Efficient verifiable outsourcing attribute-based encryption method for hidden ciphertext strategy
CN106301776B (en) * 2016-08-01 2019-04-19 河海大学 A kind of more authorization center outsourcing attribute base encryption methods and system of keyword search
CN107104982B (en) * 2017-05-26 2019-10-15 福州大学 It can search for encryption system with traitor tracing function in mobile electron medical treatment
EP3675086B1 (en) * 2017-09-12 2021-10-27 Mitsubishi Electric Corporation Registration terminal, search terminal, search server, search system, registration program, and search program
CN108259517B (en) * 2018-04-24 2021-01-26 上海海事大学 Encryption method for realizing key isolation attribute of ciphertext strategy
CN109740362B (en) * 2019-01-03 2021-02-26 中国科学院软件研究所 Ciphertext index generation and retrieval method and system based on entropy coding
CN111431898B (en) * 2020-03-23 2022-06-07 齐鲁工业大学 Multi-attribute mechanism attribute-based encryption method with search function for cloud-assisted Internet of things
CN111556048B (en) * 2020-04-26 2022-04-01 山东师范大学 Attribute-based secure communication method and system supporting ciphertext mode matching
CN113794561B (en) * 2021-09-14 2023-06-06 山东大学 Public key searchable encryption method and system
CN115051802A (en) * 2022-07-06 2022-09-13 国网四川省电力公司绵阳供电公司 Five-prevention lock management system and method

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103731432A (en) * 2014-01-11 2014-04-16 西安电子科技大学昆山创新研究院 Multi-user supported searchable encryption system and method
CN103944711A (en) * 2014-02-17 2014-07-23 国家超级计算深圳中心 Cloud storage ciphertext retrieval method and system
CN105007161A (en) * 2015-06-12 2015-10-28 电子科技大学 Fuzzy keyword public key searchable encryption scheme achieving unrecognizable trap door

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103731432A (en) * 2014-01-11 2014-04-16 西安电子科技大学昆山创新研究院 Multi-user supported searchable encryption system and method
CN103944711A (en) * 2014-02-17 2014-07-23 国家超级计算深圳中心 Cloud storage ciphertext retrieval method and system
CN105007161A (en) * 2015-06-12 2015-10-28 电子科技大学 Fuzzy keyword public key searchable encryption scheme achieving unrecognizable trap door

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
Fine-Grained Access Control System Based on Outsourced Attribute-Based Encryption;Jin LI,et al.;《Proc.18th European Symposium on Research in Computer Security》;20140516;第592-609页

Also Published As

Publication number Publication date
CN105323061A (en) 2016-02-10

Similar Documents

Publication Publication Date Title
CN105323061B (en) It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method
CN109922077B (en) Identity authentication method and system based on block chain
CN109614818B (en) Authorized identity-based keyword search encryption method
US8873749B2 (en) Multi-user searchable encryption system and method with index validation and tracing
CN106130716B (en) Key exchange system and method based on authentication information
JP2019535153A (en) Method and system for quantum key distribution based on trusted computing
JP2019507510A (en) Common secret determination for secure exchange of information and hierarchical and deterministic encryption keys
CN111143471B (en) Ciphertext retrieval method based on blockchain
US20170155510A1 (en) Device for determining a shared key
CN112989375B (en) Hierarchical optimization encryption lossless privacy protection method
CN104993931B (en) The encryption searching method of multi-user in a kind of cloud storage
CN108924103B (en) Identity-based online/offline searchable encryption method for cloud storage
CN107547530A (en) On-line/off-line keyword search methodology and its cloud computing application system based on attribute under mobile cloud environment
CN105027492B (en) For determining equipment, the method and system of shared key
CN113905047A (en) Space crowdsourcing task allocation privacy protection method and system
CN110933033A (en) Cross-domain access control method for multiple Internet of things domains in smart city environment
CN104967693A (en) Document similarity calculation method facing cloud storage based on fully homomorphic password technology
CN103873236A (en) Searchable encryption method and equipment thereof
US20160099807A1 (en) Program collation system, node, collation method, and computer-readable medium
CN106301776B (en) A kind of more authorization center outsourcing attribute base encryption methods and system of keyword search
CN114826703A (en) Block chain-based data search fine-grained access control method and system
CN105721146A (en) Big data sharing method for cloud storage based on SMC
CN109274659B (en) Certificateless online/offline searchable ciphertext method
CN114021006A (en) Multi-dimensional data security query method and device
CN113836571A (en) Method and system for matching positions of medical data owning terminals based on cloud and block chains

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant