CN105610793A - Outsourced data encrypted storage and cryptograph query system and application method therefor - Google Patents

Outsourced data encrypted storage and cryptograph query system and application method therefor Download PDF

Info

Publication number
CN105610793A
CN105610793A CN201510957019.XA CN201510957019A CN105610793A CN 105610793 A CN105610793 A CN 105610793A CN 201510957019 A CN201510957019 A CN 201510957019A CN 105610793 A CN105610793 A CN 105610793A
Authority
CN
China
Prior art keywords
index
encryption
onion
user
data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201510957019.XA
Other languages
Chinese (zh)
Other versions
CN105610793B (en
Inventor
王良民
平淑容
王润宇
袁寿其
韩志耕
邬海琴
汤金娥
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Bozhi Safety Technology Co.,Ltd.
Original Assignee
Jiangsu University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu University filed Critical Jiangsu University
Priority to CN201510957019.XA priority Critical patent/CN105610793B/en
Publication of CN105610793A publication Critical patent/CN105610793A/en
Application granted granted Critical
Publication of CN105610793B publication Critical patent/CN105610793B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2228Indexing structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Software Systems (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses an outsourced data encrypted storage and cryptograph query system and an application method therefor. The system comprises an application server system, an index agent system, and a cloud storage server system. The application server system carries out the encryption and decryption of a local database. The index agent system comprises an index encryption module, a query rewrite encryption module, and an onion secret key management module. The index encryption module carries out the onion encryption of an index, and the query rewrite encryption module carries out the encryption of a query sentence. The onion secret key management module stores the secret key of each onion encryption layer. The system can enable a user to carry out high-efficiency and quick search of a cryptograph index, also can a server or an attacker to be unable to obtain the query result of index information, and guarantees the safety of a database and an index file.

Description

A kind of outsourcing data encryption storage and cryptogram search system and application process thereof
Technical field
The invention belongs to safe ciphertext technical field, be specifically related to a kind of outsourcing data encryption storage and cryptogram search systemAnd application process.
Background technology
Along with " cloud computing concept and application day by day universal, data outsourcing also becomes a kind of advanced person's data clothes graduallyBusiness, increasing user selects local data base trustship to arrive cloud server, and the clothes that provide of cloud service are providedBusiness is carried out storage administration and query processing etc. to the database that is stored in high in the clouds. But deposit data is served in third party high in the cloudsIn device, user has just lost the control to data, easily causes sensitive information leakage. In order to solve Privacy Protection, Yong HuxianAfter being encrypted database, the credible front end in this locality uploads to again Cloud Server, due to cloud service and external attackerCannot steal user's private data so cannot obtain AES and key.
But after being encrypted, data can lose some characteristics that initial data itself possesses, as: order, alsoCan not directly inquire about or other operations the data of encrypting, user need to download whole data and decipher afterwards brightLiterary composition data are inquired about the needed information of just obtaining, but the download of mass data and deciphering need to spend when hugeBetween and space expense, also easily cause the imperfect of data. Consider in addition when the data of storing on cloud server more and moreMany, within the specific time, from the enciphered data of magnanimity, retrieve fast and effectively needed information and ensure the machine of dataClose property, has become a problem in the urgent need to address.
Researcher has had large quantity research for enciphered data query aspects both at home and abroad at present, and commonly full homomorphism addsSecret skill art or set up Security Index technology. Full homomorphic cryptography technology makes the server can be directly to close by relating to AESLiterary composition carries out inquiry and arithmetic operation and does not need deciphering, but the computing time that need to expend due to full homomorphic encryption scheme is oversizeTherefore it is very difficult in reality, constructing a complete homorphic function.
By setting up Security Index method, to realize the inquiry of ciphertext be also common method, concrete steps: be sensitivityData are set up corresponding index file, after former data and index file are encrypted respectively, are saved in Cloud Server again; User sends outSend about the encrypted query statement of index obtain satisfy condition the enciphered data of initial data, then be decrypted and obtain instituteThe data of inquiring about. But this also exists some problems, the index file of setting up has retained too many source language message, Er QiegongThe person of hitting can utilize the correlation between index ciphertext to steal the privacy information of index file.
Summary of the invention
Goal of the invention: the object of the invention is to solve the deficiencies in the prior art, provide a kind of outsourcing data to addClose storage and cryptogram search system and application process thereof.
Technical scheme: a kind of outsourcing data encryption storage of the present invention and cryptogram search system, comprise application serviceDevice system, index agency plant and cloud storage server system; Described application server system is that local data base is encryptedDecryption oprerations; Described index agency plant comprises: index encrypting module, query rewrite encrypting module, onion key management module,Wherein, index encrypting module is that index carries out onion encryption, and query rewrite encrypting module is that query statement is encrypted, onion key pipeThe key of the each onion encryption layer of reason module stores.
The invention also discloses the application process of a kind of outsourcing data encryption storage and cryptogram search system, comprise three ginsengsWith side: user User, proxy server Proxy and Cloud Server Cloud tripartite, brief note is U, P, C respectively, participant is performedOperation comprise successively user U uploading data, proxy server P provides cryptographic services, user U data query and Cloud Server CProvide Query Result four steps;
In the described user U uploading data stage, adopt the data preprocessing method based on block encryption, comprise successively: numberAccording to piecemeal, block encryption, set up index file, encrypted data chunk and index file sent to tetra-of proxy server P simultaneouslyStep;
Described proxy server P provides the cryptographic services stage, and proxy server P receives the ciphertext data piece that user U sendsAfter index file, adopt novel AES layer by layer: proxy server P determines the onion that will generate according to the type of fileNumber and type, the different onion number and the titles that generate of encrypting of the type of file are all different.
Further, the concrete steps of described deblocking are: plaintext P is resolved into some groupings by user U, is designated as M=[M1,M2... ..], each clear packets is made up of 7 bytes, for the index messages of 1 byte of each grouping interpolation, makes eachBlock length is 8 bytes, 64.
Further, the concrete steps of described block encryption are: the each byte in grouping respectively with index byte XOR,After generating new message, add that random bytes generates new grouping, newer grouping is encrypted to operation generation grouping ciphertext;
Ciphering process is: input: IV, M1,…,Mj; Output: IV, C1,…,Cj
R i &LeftArrow; < ( L 1 ( M i ) &CirclePlus; I V ) , ... , ( L 7 ( M i ) &CirclePlus; I V ) , I V > ;
Ci←εk(Ri),i=1,2,…,j;
Decrypting process is: input: IV, C1,…,Cj; Output: M1,…,Mj
Ri←Dk(Ci);
M i &LeftArrow; < ( L 1 ( R i ) &CirclePlus; I V ) , ... , ( L 7 ( R i ) &CirclePlus; I V ) > , i = 1 , 2 , ... , j ;
Wherein, IV is initial random byte, and Li (P) represents i byte in P, εk() is basic grouped AES,Dk() is basic grouped decipherment algorithm, use<x, y>represent the connection of x and y.
User U is that each data block is set up index file, and the data block of encryption and index file are sent to agency in the lumpServer, the type of this index file has multiple, as text type, integer type type etc.
Further, the concrete steps that described proxy server P puies forward cryptographic services are as follows:
Encrypt: input (C1,C2,…,Cj) be to encrypt grouping, (I1,I2,…,Ij) be index cleartext information;
Εk(I): onion AES, thus generate different onion number and type according to the type difference of message;
Output E (I1)C1,E(I2)C2,…,E(Ij)Cj
The title of each onion represents the query manipulation of supporting, such as: OnionEq supports equivalent query manipulation,OnionOrd supports sequence inquiry etc.
Further, when index file is text type, after encrypting, only have an onion, this onion is called OnionSearch, for the search of keyword; After encrypting, OnionSearch (I) allows to carry out the inquiry to keyword, Yong HutongCross 8 bit sequences that pseudo-random generator produces, calculate a numerical value by the pseudo-random function of safety, by index byteThe index file that carries out XOR and obtain new encryption with this numerical value;
Input: IV, I1,I2,…,Ij,(C1,C2,…,Cj);
Output: < E (I1)C1>,<E(I2)C2>,…,<E(Ij)Cj>
R0←n;
R 1 &LeftArrow; I ( i , 1 ) &CirclePlus; R 0 ;
R 8 &LeftArrow; &epsiv; k ( I ( i , 7 ) &CirclePlus; R 8 ) ; l = 1 , 2 , ... , 8 ;
E(Ii)Ci←(<R1,R2,…,R8,Ci>);i=1,2,…,j;
Wherein, IV is 8 bit sequences that produced by pseudo-random generator, use<x, y>represent the connection of x and y, function F() is the pseudo-random function of a safety.
Further, when described index file is integer type, encrypt after have three onions, be respectively OnionEq,OnionOrd and OnionAdd, be respectively used to equivalent inquiry, sequence comparison and add operation;
Index file after described OnionEq (I) encrypts is supported user's equivalence inquiry, and user produces one at randomPrime number n as first, then by index byte each all with prime number n XOR after encrypt again, form new addingClose index file.
Input: IV, I1,I2,…,Ij,(C1,C2,…,Cj; Output: < E (I1)C1>,<E(I2)C2>,…,<E(Ij)Cj>;
R0←n;
R 1 &LeftArrow; I ( i , 1 ) &CirclePlus; R 0 ;
R 8 &LeftArrow; &epsiv; k ( I ( i , 7 ) &CirclePlus; R 8 ) ; l = 1 , 2 , ... , 8 ;
E(Ii)Ci←(<R1,R2,…,R8,Ci>);i=1,2,…,j;
I(i,j)Represent the j position of i index byte;
After described OnionOrd () algorithm for encryption, index file is supported sorting operation, and the present invention has adopted basicOPES Order Preserving Encryption Method;
After described OnionAdd () algorithm for encryption, index file supports additive homomorphism to encrypt, by two numerical value are addedThe value of encrypting after two numerical value of product representation after close are added, the present invention adopts Paillier encryption method,
Key K,The random g ∈ G that selects, makes gcd (L (gmodk2), k)=1, selects randomNumberCiphertext c=gmrkmodk2; Expressly m = m = L ( c modk 2 ) L ( g modk 2 ) mod k .
Wherein, each onion has multiple encryption layers, different encryption layers have specific AES and key andHold specific query manipulation, but the minimal manipulation of the highest support of outermost layer security, but the lower support of internal layer securityQuery manipulation is more, as: the security of outermost RND layer is the highest, has reached IND-CPA safety, but can only support common looking intoAsk the weak equivalence inquiry that still can support ciphertext of the security that DET layer provides.
The data block after finally encrypting is uploaded to cloud server together with index file by proxy server P.
Further, in the described user U data query stage, proxy server P looks into according to the index file of user U inputAsk statement, according to querying condition, the content of query statement is encrypted, ciphering process is identical with above-mentioned onion encryption method, soThe query statement after encrypting and the decruption key K of onion encryption layer are sent to Cloud Server C by rear agency.
Further, described decruption key K produces by the cipher key center MK being stored in proxy server, according to belowFormula generate:
Kt,c,o,l=FMK(table t, row c, onion o, encryption layer is l)
Wherein F () is the pseudo-random function of a safety, and MK is the master key being stored in proxy server; .
Described proxy server P, by sending a UPDATE operational order, sends to cloud by the decruption key K of encryption layerServer, instruction is as follows:
UPDATETableSETOnionname=DECRYPT_RND(K,Onionname,IV)
Wherein Table represents the database table after encryption, and Onionname represents the title of corresponding onion, functionDECRYPT_RND () is self-defining decryption function, can be DECRYPT_DET (), DECRYPT_HOM (), DECRYPT_OPE() etc.; The encryption layer of onion dynamically can be adjusted to the encryption layer that meets search request by above-mentioned UPDATE operation.
Further, described Cloud Server C provides the detailed process of Query Result to be: the encryption that Cloud Server C is specifyingLayer returns to the encrypted data chunk satisfying condition to user after carrying out the query manipulation of encrypting, and user calls decryption function and obtains needingThe information of wanting.
Beneficial effect: the invention solves and existingly set up index information in Security Index method and can reveal initial dataProblem and to not ensureing the problem of the confidentiality of index content in search index process: by index file is carried out to onion formulaThe method of encrypting is come, and user only need to inquire about instead of whole database index part, not only can make user to closeLiterary composition index is efficiently retrieved fast, can make server or assailant cannot obtain the Query Result of index information simultaneously,Ensure the safety of database and index file. Specifically comprise following advantage:
1, the encrypting and decrypting part of the database in the present invention is all to carry out on trusted client, Cloud Server C orExternal attacker cannot be obtained the decruption key of database, therefore also cannot user steal privacy information.
2,, by index file being carried out to the encryption of onion formula, met the demand of the safety encipher inquiry to index, simultaneouslyMeet the demand that ensures index information confidentiality.
3,, in ensureing the confidentiality of index information query script and result, greatly improved the efficiency of cryptogram searchWith reduced communication overhead, server C has stored the enciphered data of magnanimity especially beyond the clouds, efficiency of the present invention is higher.
Brief description of the drawings
Fig. 1 is system construction drawing of the present invention;
Fig. 2 is user's uploading data storehouse process schematic diagram of one embodiment of the invention;
Fig. 3 is user's query script schematic diagram of one embodiment of the invention;
Fig. 4 is the generation figure after the onion of one embodiment of the invention is encrypted;
Fig. 5 is the figure that affects of time of equivalence inquiry of one embodiment of the invention and encrypted data chunk;
Fig. 6 is the figure that affects of time of sequence inquiry of one embodiment of the invention and encrypted data chunk;
Fig. 7 is the figure that affects of time of keyword query of one embodiment of the invention and encrypted data chunk;
Fig. 8 is the figure that affects containing the query time of addition and encrypted data chunk of one embodiment of the invention;
Fig. 9 is the figure that affects of the communication overhead of equivalence inquiry of one embodiment of the invention and time;
Figure 10 is the figure that affects of the communication overhead of equivalence inquiry of one embodiment of the invention and time;
Figure 11 is the figure that affects of the communication overhead of sequence inquiry of one embodiment of the invention and time;
Figure 12 is the figure that affects of the communication overhead of keyword query of one embodiment of the invention and time;
Figure 13 is the figure that affects of the communication overhead containing addition inquiry of one embodiment of the invention and time.
Detailed description of the invention
Below technical solution of the present invention is elaborated, but protection scope of the present invention is not limited to described enforcementExample.
Embodiment 1:
As shown in Figure 1, a kind of outsourcing data encryption storage and the cryptogram search system of the present embodiment, comprise application serverSystem, index agency plant and cloud storage server system; Described application server system is that local data base is encrypted solutionClose operation; Described index agency plant comprises: index encrypting module, query rewrite encrypting module, onion key management module, itsIn, index encrypting module is that index carries out onion encryption, query rewrite encrypting module is that query statement is encrypted, onion key managementThe key of the each onion encryption layer of module stores.
Concrete encryption method and the retrieval flow of the system in embodiment are:
Step 1, user carries out block encryption according to AES to database at local trusted client, forms multipleEncrypted data chunk, and each data block is set up to index file, user sends data block and index file after encrypting in the lumpGive proxy server, proxy server carries out the encryption of onion formula according to the type of file to index, and by the data block after encryptingUpload to Cloud Server with index.
As shown in Figure 5, wherein ID row are index column, and Name row are local datas, and user is listed as Name at trusted clientAfter block encryption, index column and data are sent to proxy server;
Agency carries out onion encryption according to the type of index file, and as shown in Figure 4, index file is integer numerical value, agencyServer need be encrypted index to generate three onions, carries out respectively inquiry, sequence, increases operation; OnionEq has three layers, whereinDET layer is supported equivalent query manipulation, the operation of JOIN layer Supporting connectivity; OnionOrd has two-layer, and what wherein OPE layer used is to protectOrder AES, supports sorting operation; OnionOrd has one deck, and what HOM layer used is Paillier encryption system, supports to addThe computing of method homomorphism.
Act on behalf of the current residing encryption layer of each onion in server record Cloud Server, proxy server will be encrypted simultaneouslyAfter data block and index upload to Cloud Server.
This step is the process of user's uploading data, and as shown in Figure 2, its Central Plains packet is drawn together data, document, picture;
Index file is can have at least one, rope by the index file of the same encrypted data chunk of user oneself settingQuoted passage part is including, but not limited to keyword.
Step 2: the search index statement of client user input, and be sent to proxy server; Proxy serverObtain the query statement of user's input and rewrite and re-encrypted, the solution of the onion of proxy server generation simultaneously layer is denseKey, then proxy server sends to Cloud Server by the query statement after encrypting together with decruption key K; Cloud Server returnsMeet the encrypted data chunk of index condition to proxy server; Proxy server returns to use by the encrypted data chunk receiving againFamily, user is decrypted and obtains initial data.
As shown in Figure 5, proxy server is encrypted the content in query statement according to querying condition, please refer to figure,User sends the query statement SELECTNameFROMEmployeesWHEREID=' 23 ' about index;
Proxy server is encrypted the content in query statement according to querying condition, please refer to figure, and querying condition isEquivalent inquiry, proxy server is by index content, and ' 23 ' are encrypted, and encrypt DET layer;
Act on behalf of simultaneously the decruption key K of the RND layer of OnionEq is sent to Cloud Server, Cloud Server receives decipheringAfter key, carry out decryption oprerations, will
Specific experiment result is as follows:
In the data query stage, the time of implementation of inquiry is mainly subject to the impact of the number of encrypted data chunk. As Fig. 6~9Shown in, be respectively the impact on dissimilar query manipulation of the number of encrypted data chunk. As can be seen from the figure, query timeEffectively reduce along with increasing of data block number, this is because cryptogram search method of the present invention is mainly for index fileInquiry instead of whole encrypting database, when the enciphered data of storing in Cloud Server is more, efficiency is higher on the contrary.
In the encrypted query stage, the expense of communications cost is that user inquires about the expense of cost. As shown in Figure 10~13, pointIt not the comparison of the communications cost that same query manipulation consumed in when inquiry. As can be seen from the figure during, along with inquiryBetween passing, the communication overhead between user and Cloud Server has significant reduction, this because of onion be encrypted layerAfter deciphering, just can rest on current encryption layer, just need not decryption oprerations when user inquires about again.

Claims (10)

1. outsourcing data encryption storage and a cryptogram search system, is characterized in that, comprises application server system, index generationReason system and cloud storage server system;
Described application server system is that local data base is encrypted decryption oprerations;
Described index agency plant comprises: index encrypting module, query rewrite encrypting module, onion key management module, wherein,Index encrypting module is that index carries out onion encryption, and query rewrite encrypting module is that query statement is encrypted, onion key management mouldPiece is stored the key of each onion encryption layer.
2. the application process based on outsourcing data encryption storage claimed in claim 1 and cryptogram search system, its featureBe: comprise three participants: user User, proxy server Proxy and Cloud Server Cloud tripartite, respectively brief note for U,P, C, the performed operation of participant comprises user U uploading data successively, proxy server P provides cryptographic services, user U inquiryData and Cloud Server C provide Query Result four steps;
In the described user U uploading data stage, adopt the data preprocessing method based on block encryption, comprise successively: data are dividedPiece, block encryption, set up index file, encrypted data chunk and index file are sent to tetra-steps of proxy server P simultaneously;
Described proxy server P provides the cryptographic services stage, and proxy server P receives ciphertext data piece and the rope that user U sendsAfter quoted passage part, adopt novel AES layer by layer: proxy server P is individual according to the definite onion that will generate of the type of fileNumber and type, the different onion number and the titles that generate of encrypting of type of file are all different.
3. the application process of outsourcing data encryption storage according to claim 2 and cryptogram search system, is characterized in that:The concrete steps of described deblocking are: plaintext M is resolved into some groupings by user U, is designated as M=[M1,M2... ..], eachClear packets is made up of 7 bytes, is the index messages of 1 byte of each grouping interpolation, and making each block length is 8 wordsJoint, 64.
4. outsourcing data encryption storage according to claim 2 and cryptogram search application process, is characterized in that: described pointThe concrete steps of block encryption are: the each byte in grouping respectively with index byte XOR, generate add after new message randomByte generates new grouping, newer grouping is encrypted to operation generation grouping ciphertext;
Ciphering process is: input: IV, M1,…,Mj; Output: IV, C1,…,Cj
Ri←<(L1(Mi)⊕IV),…,(L7(Mi)⊕IV),IV>;
Ci←εk(Ri),i=1,2,…,j;
Decrypting process is: input: IV, C1,…,Cj; Output: M1,…,Mj
Ri←Dk(Ci);
Mi←<(L1(Ri)⊕IV),…,(L7(Ri)⊕IV)>,i=1,2,…,j;
Wherein, IV is initial random byte, Li(M) represent i byte in M, εk() is basic grouped AES, Dk()Be basic grouped decipherment algorithm, use<x, y>represent the connection of x and y.
5. the application process of outsourcing data encryption storage according to claim 2 and cryptogram search system, is characterized in that:The concrete steps that described proxy server P puies forward cryptographic services are as follows:
Encrypt: input (C1,C2,…,Cj) be to encrypt grouping, (I1,I2,…,Ij) be index cleartext information;
Εk(I): onion AES, thus generate different onion number and type according to the type difference of message;
Output E (I1)C1,E(I2)C2,…,E(Ij)Cj
The title of each onion represents the query manipulation of supporting.
6. the application process of outsourcing data encryption storage according to claim 5 and cryptogram search system, is characterized in that:When index file is text type, after encrypting, only have an onion, this onion is called OnionSearch, for keywordSearch; After OnionSearch (I) encrypts, allow to carry out the inquiry to keyword, user produces by pseudo-random generator8 bit sequences, calculate a numerical value by the pseudo-random function of safety, index byte and this numerical value are carried out to XOR and obtainThe index file of new encryption;
Input: IV, I1,I2,…,Ij,(C1,C2,…,Cj); Output: < E (I1)C1>,<E(I2)C2>,…,<E(Ij)Cj>
T←<IV,F(IV)>;
E(Ii)←Ii⊕T,i=1,2,…,m;
E(Ii)Ci←<E(Ii),Ci>,i=1,2,…,m;
Wherein, IV is 8 bit sequences that produced by pseudo-random generator, use<x, y>represent the connection of x and y, function F () isThe pseudo-random function of a safety.
7. the application process of outsourcing data encryption storage according to claim 5 and cryptogram search system, is characterized in that:When described index file is integer type, after encrypting, there are three onions, be respectively OnionEq, OnionOrd and OnionAdd, is respectively used to equivalent inquiry, sequence comparison and add operation;
Index file after described OnionEq (I) encrypts is supported user's equivalence inquiry, and user produces a random elementNumber n as first, then by index byte each all with prime number n XOR after encrypt again, form new encryption ropeQuoted passage part.
Input: IV, I1,I2,…,Ij,(C1,C2,…,Cj);
Output: < E (I1)C1>,<E(I2)C2>,…,<E(Ij)Cj>;
R0←n;
R1←I(i,1)⊕R0
R8←εk(I(i,7)⊕R8);l=1,2,…,8;
E(Ii)Ci←(<R1,R2,…,R8,Ci>);i=1,2,…,j;
I(i,j)Represent the j position of i index byte;
After described OnionOrd () algorithm for encryption, index file is supported sorting operation;
After described OnionAdd () algorithm for encryption, index file supports additive homomorphism to encrypt, after two numerical value are encryptedTwo numerical value of product representation value of encrypting after being added,
Key K,The random g ∈ G that selects, makes gcd (L (gmodk2), k)=1, selects random numberCiphertext c=gmrkmodk2; Expressly
m = m = L ( c mod k 2 ) L ( g mod k 2 ) mod k .
8. the application process of outsourcing data encryption storage according to claim 2 and cryptogram search system, is characterized in that:In the described user U data query stage, proxy server P is according to the query statement of the index file of user U input, according to inquiry barPart is encrypted the content of query statement, and ciphering process is identical with above-mentioned onion encryption method, then act on behalf of by encrypt afterThe decruption key K of query statement and onion encryption layer sends to Cloud Server C.
9. the application process of outsourcing data encryption storage according to claim 8 and cryptogram search system, is characterized in that:Described decruption key K produces by the cipher key center MK being stored in proxy server, generates according to formula below:
Kt,c,o,l=FMK(table t, row c, onion o, encryption layer is l)
F () is the pseudo-random function of a safety, and MK is the master key being stored in proxy server;
Described proxy server P, by sending a UPDATE operational order, sends to cloud service by the decruption key K of encryption layerDevice.
10. the application process of outsourcing data encryption storage according to claim 2 and cryptogram search system, its feature existsIn: described Cloud Server C provides the detailed process of Query Result to be: Cloud Server C carries out at the encryption layer of specifying looking into of encryptingAfter asking operation, return to the encrypted data chunk satisfying condition to user, user calls decryption function and obtains the information needing.
CN201510957019.XA 2015-12-18 2015-12-18 A kind of outsourcing data encryption storage and cryptogram search system and its application process Active CN105610793B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510957019.XA CN105610793B (en) 2015-12-18 2015-12-18 A kind of outsourcing data encryption storage and cryptogram search system and its application process

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510957019.XA CN105610793B (en) 2015-12-18 2015-12-18 A kind of outsourcing data encryption storage and cryptogram search system and its application process

Publications (2)

Publication Number Publication Date
CN105610793A true CN105610793A (en) 2016-05-25
CN105610793B CN105610793B (en) 2018-10-26

Family

ID=55990331

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510957019.XA Active CN105610793B (en) 2015-12-18 2015-12-18 A kind of outsourcing data encryption storage and cryptogram search system and its application process

Country Status (1)

Country Link
CN (1) CN105610793B (en)

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106254425A (en) * 2016-07-22 2016-12-21 北京京东尚科信息技术有限公司 For mobile device to high in the clouds the transmission method and system of data, mobile terminal
CN106599719A (en) * 2016-12-12 2017-04-26 西安电子科技大学 Ciphertext retrieval method supporting efficient key management
CN106934301A (en) * 2017-02-24 2017-07-07 中国科学院大学 A kind of safely outsourced data processing method of relevant database for supporting ciphertext data manipulation
CN107592195A (en) * 2017-09-12 2018-01-16 北京电子科技学院 A kind of accurate full homomorphism ciphertext data manipulation method and system
CN108170753A (en) * 2017-12-22 2018-06-15 北京工业大学 A kind of method of Key-Value data base encryptions and Safety query in shared cloud
CN109246098A (en) * 2018-08-31 2019-01-18 桂林电子科技大学 A method of support the synchronous ciphertext of backup server to compare
CN109815719A (en) * 2019-01-21 2019-05-28 广东电网有限责任公司信息中心 A kind of database security encryption system that can search for
CN110709846A (en) * 2017-12-12 2020-01-17 谷歌有限责任公司 Inadvertent access using differential privacy
CN110751451A (en) * 2019-09-11 2020-02-04 北京戴纳实验科技有限公司 Laboratory big data management system
CN110914826A (en) * 2017-04-27 2020-03-24 金融与风险组织有限公司 System and method for distributed data mapping
CN111541723A (en) * 2020-07-07 2020-08-14 飞天诚信科技股份有限公司 Method and terminal for processing key data
CN111639349A (en) * 2020-05-14 2020-09-08 瀚高基础软件股份有限公司 Data encryption processing method and device and storage medium
CN112560065A (en) * 2020-12-24 2021-03-26 航天科工网络信息发展有限公司 Method for directly indexing database ciphertext
CN112800475A (en) * 2021-03-24 2021-05-14 国网上海市电力公司 Data encryption method and device, electronic equipment and medium
CN112800088A (en) * 2021-01-19 2021-05-14 东北大学 Database ciphertext retrieval system and method based on bidirectional security index
CN114073037A (en) * 2019-05-09 2022-02-18 谷歌有限责任公司 Compression and imperceptible extension of RLWE plaintext

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001063528A1 (en) * 2000-02-23 2001-08-30 Ipdn Corporation Methods and devices for storing, distributing, and accessing intellectual property in digital form
CN102594927A (en) * 2012-04-05 2012-07-18 高汉中 Neural-network-based cloud server structure
CN104657673A (en) * 2013-11-22 2015-05-27 Sap欧洲公司 Average-complexity ideal-security order-preserving encryption

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001063528A1 (en) * 2000-02-23 2001-08-30 Ipdn Corporation Methods and devices for storing, distributing, and accessing intellectual property in digital form
CN102594927A (en) * 2012-04-05 2012-07-18 高汉中 Neural-network-based cloud server structure
CN104657673A (en) * 2013-11-22 2015-05-27 Sap欧洲公司 Average-complexity ideal-security order-preserving encryption

Cited By (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106254425A (en) * 2016-07-22 2016-12-21 北京京东尚科信息技术有限公司 For mobile device to high in the clouds the transmission method and system of data, mobile terminal
CN106599719A (en) * 2016-12-12 2017-04-26 西安电子科技大学 Ciphertext retrieval method supporting efficient key management
CN106934301A (en) * 2017-02-24 2017-07-07 中国科学院大学 A kind of safely outsourced data processing method of relevant database for supporting ciphertext data manipulation
CN106934301B (en) * 2017-02-24 2019-12-13 中国科学院大学 Relational database secure outsourcing data processing method supporting ciphertext data operation
CN110914826B (en) * 2017-04-27 2024-03-12 金融与风险组织有限公司 System and method for distributed data mapping
CN110914826A (en) * 2017-04-27 2020-03-24 金融与风险组织有限公司 System and method for distributed data mapping
CN107592195A (en) * 2017-09-12 2018-01-16 北京电子科技学院 A kind of accurate full homomorphism ciphertext data manipulation method and system
CN110709846A (en) * 2017-12-12 2020-01-17 谷歌有限责任公司 Inadvertent access using differential privacy
US11727124B2 (en) 2017-12-12 2023-08-15 Google Llc Oblivious access with differential privacy
CN110709846B (en) * 2017-12-12 2023-06-20 谷歌有限责任公司 Inadvertent access using differential privacy
CN108170753A (en) * 2017-12-22 2018-06-15 北京工业大学 A kind of method of Key-Value data base encryptions and Safety query in shared cloud
CN108170753B (en) * 2017-12-22 2021-08-17 北京工业大学 Key-Value database encryption and security query method in common cloud
CN109246098A (en) * 2018-08-31 2019-01-18 桂林电子科技大学 A method of support the synchronous ciphertext of backup server to compare
CN109246098B (en) * 2018-08-31 2021-02-19 桂林电子科技大学 Method for supporting comparison of synchronous ciphertext of backup server
CN109815719A (en) * 2019-01-21 2019-05-28 广东电网有限责任公司信息中心 A kind of database security encryption system that can search for
CN114073037A (en) * 2019-05-09 2022-02-18 谷歌有限责任公司 Compression and imperceptible extension of RLWE plaintext
CN114073037B (en) * 2019-05-09 2024-05-17 谷歌有限责任公司 RLWE compression and imperceptible expansion of plaintext
CN110751451A (en) * 2019-09-11 2020-02-04 北京戴纳实验科技有限公司 Laboratory big data management system
CN111639349B (en) * 2020-05-14 2022-09-06 瀚高基础软件股份有限公司 Data encryption processing method and device and storage medium
CN111639349A (en) * 2020-05-14 2020-09-08 瀚高基础软件股份有限公司 Data encryption processing method and device and storage medium
CN111541723B (en) * 2020-07-07 2020-10-13 飞天诚信科技股份有限公司 Method and terminal for processing key data
CN111541723A (en) * 2020-07-07 2020-08-14 飞天诚信科技股份有限公司 Method and terminal for processing key data
CN112560065A (en) * 2020-12-24 2021-03-26 航天科工网络信息发展有限公司 Method for directly indexing database ciphertext
CN112800088A (en) * 2021-01-19 2021-05-14 东北大学 Database ciphertext retrieval system and method based on bidirectional security index
CN112800088B (en) * 2021-01-19 2023-09-19 东北大学 Database ciphertext retrieval system and method based on bidirectional security index
CN112800475A (en) * 2021-03-24 2021-05-14 国网上海市电力公司 Data encryption method and device, electronic equipment and medium

Also Published As

Publication number Publication date
CN105610793B (en) 2018-10-26

Similar Documents

Publication Publication Date Title
CN105610793A (en) Outsourced data encrypted storage and cryptograph query system and application method therefor
CN107749865B (en) Location privacy query method based on homomorphic encryption
CN103795533B (en) Encryption based on identifier, the method and its performs device of decryption
CN105743646B (en) A kind of Identity based encryption method and system
US8229112B2 (en) Decipherable searchable encryption method, system for such an encryption
CN104022872B (en) Data encryption method
CN104158880B (en) User-end cloud data sharing solution
Hoang et al. A secure searchable encryption framework for privacy-critical cloud storage services
CN102624522A (en) Key encryption method based on file attribution
CN104780161A (en) Searchable encryption method supporting multiple users in cloud storage
CN104365127B (en) Method for following the trail of mobile device in remote display unit
CN105282167A (en) Searchable certificateless public key encryption method
CN104918243A (en) Mobile terminal secrecy system and method based on quantum true random number
CN104809407A (en) Method and system for encrypting, decrypting and verifying cloud storage front end data
JP2016158189A (en) Change direction with key control system and change direction with key control method
CN103873236A (en) Searchable encryption method and equipment thereof
CN103457932A (en) Data safety storage method and system under cloud computing environment
CN115828310B (en) Data query method and device based on privacy calculation and storage medium
CN103236934A (en) Method for cloud storage security control
JP6058514B2 (en) Cryptographic processing method, cryptographic system, and server
CN107181584A (en) Asymmetric complete homomorphic cryptography and its replacement of keys and ciphertext complete a business transaction method
CN102088352A (en) Data encryption transmission method and system for message-oriented middleware
CN113193958B (en) Quantum key service method and system
CN102006570A (en) Device and method for encrypting short messages
CN109672525B (en) Searchable public key encryption method and system with forward index

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
TR01 Transfer of patent right
TR01 Transfer of patent right

Effective date of registration: 20220328

Address after: No. 168, software Avenue, Yuhuatai District, Nanjing, Jiangsu 210042

Patentee after: Bozhi Safety Technology Co.,Ltd.

Address before: 212000 building C26, R & D center, No. 99, Jingshi 5th Road, science and technology new town, Zhenjiang City, Jiangsu Province

Patentee before: JIANGSU University