CN105763324B - It is controllable to can verify that multi-user end can search for encryption searching method - Google Patents

It is controllable to can verify that multi-user end can search for encryption searching method Download PDF

Info

Publication number
CN105763324B
CN105763324B CN201610247963.0A CN201610247963A CN105763324B CN 105763324 B CN105763324 B CN 105763324B CN 201610247963 A CN201610247963 A CN 201610247963A CN 105763324 B CN105763324 B CN 105763324B
Authority
CN
China
Prior art keywords
cloud server
file
user
user side
registration module
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610247963.0A
Other languages
Chinese (zh)
Other versions
CN105763324A (en
Inventor
叶俊
周贤林
祝昌宇
王宏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sichuan University of Science and Engineering
Original Assignee
Sichuan University of Science and Engineering
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sichuan University of Science and Engineering filed Critical Sichuan University of Science and Engineering
Priority to CN201610247963.0A priority Critical patent/CN105763324B/en
Publication of CN105763324A publication Critical patent/CN105763324A/en
Application granted granted Critical
Publication of CN105763324B publication Critical patent/CN105763324B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • G06F16/2455Query execution
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0863Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Hardware Design (AREA)
  • Computational Linguistics (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

Controllable it can verify that multi-user end can search for encryption searching method the invention discloses a kind of.This method designs one with authoritative registration module and two Cloud Servers that do not collude with mutually.Registration module realizes that registration and the data input of each user terminal, described two Cloud Servers are communicated with registration module, and has the information at each legitimate user end simultaneously.The present invention, which establishes multi-user end, can search for Encryption Model, while proposing and the multi-user end that can verify that of fine granularity control is supported to can search for Encryption Algorithm, the leakage of the side information avoided.Meanwhile user terminal is able to verify that the integrality of search result, and deleted user terminal can not obtain corresponding file again.

Description

Controllable verifiable multi-user-side searchable encryption searching method
Technical Field
The invention relates to the technical field of cloud, in particular to a controllable searchable encryption searching method capable of verifying multiple user sides.
Background
In the era of mutual fusion of internet of things, cloud computing and big data, people face a considerable amount of information at any time. More and more sensitive information such as email, personal health records, corporate financial data, etc. is stored centrally on cloud servers, and therefore the data must be processed using encryption techniques. Cloud security alliance has indicated that: if a file is not encrypted on the cloud, then the file is considered to have been lost. The most basic data service of cloud computing includes safe and efficient data retrieval. However, data encryption makes it extremely difficult to search for a specific file among a huge number of ciphertext files. The searchable encryption technique may search for encrypted files by a specific keyword.
At present, the searchable encryption technology mainly aims at a single-user-side search mode under a symmetric key system, and relatively few researches on public key searchable encryption under a multi-user-side environment are carried out. In the environment of multiple user terminals, the user terminals are basically regarded as the same level, all people can upload data, and all people can retrieve the data. Although some schemes for ranking the user terminals appear, the schemes only rely on encryption technology to protect the privacy of data, and only enable the user terminals without access policy to be unable to decrypt and obtain the ciphertext data searched by the user terminals. But such schemes have some information leakage.
For example: the cloud server stores files of two countries (a and B). Someone in country a wants to look up a file about an "atomic bomb" and then presents a search request to the cloud server, which returns a series of files about the "atomic bomb". We assume that the cloud server returns 100 files, but the person in country a can only decrypt and read 20 files, and the other files cannot be decrypted for that person, so he cannot know the content in the other files. In this process, it appears to be secure because the file is encrypted and someone who does not comply with the access policy cannot decrypt the file. But this reveals some side information. The person in country a knows that there are 80 more files about the "atom bomb" by the returned files (even if he cannot decrypt and read the contents of the files), and that these files belong to country B. Thus, the country A knows the progress of the country B in the atomic bomb research to a certain extent, and knows that the country B also performs the atomic bomb research. If only 20 files are searched and the personnel in the country A can decrypt the files, the situation shows that the country B does not carry out atom bomb research and the development of the technology level is not enough. Therefore, due to the leakage of some side information, many relevant important information may be leaked.
Therefore, there is a need to develop a search pattern that will not allow people without reading rights to search for confidential documents even if they contain content that they want to focus on.
On the other hand, the truthfulness and credibility of the server are almost required in the current multi-user-side searchable encryption scheme, however, the cloud server is often untrustworthy in real life. The server may lazily search the ciphertext file in order to save resources of the server. For example, there are 100 ten thousand files in the database, and the server only searches 20 ten thousand files to return some related files to the user terminal. Or directly not searching, but returning a null value to the user terminal, which indicates that the database has no related files required by the user terminal. Because files are stored on different clients, the clients do not know how many files are related to the searched information. Therefore, it is necessary to design a searchable encryption algorithm that can quickly verify whether the server has performed a complete search on the ciphertext.
The two aspects are a key technical difficulty of data security in cloud computing, and have important significance for promoting the stability and the practicability of a cloud computing platform system.
In the current generation of high-speed development of information, a user side encrypts and stores a file on a cloud server, and then retrieves a ciphertext through a searchable encryption technology to obtain a file which the user wants to search. In the current searchable encryption model, in order to protect the privacy of files, most of the methods used utilize encryption means to enable a user side which does not satisfy an access policy to search related files, but cannot decrypt the files to obtain real files. However, this reveals side information. In order to better realize the safe sharing of the data, the patent provides a new searchable encryption technology, so that the user side which does not meet the access strategy can not search the data containing the user side search information, the leakage of the side information is avoided, and the safe storage of the data is ensured. Meanwhile, for the lazy cloud server, the user side can efficiently verify whether the cloud server retrieves the ciphertext data space completely.
In a cloud computing environment, data must be encrypted when being uploaded to a network, and if the data is not encrypted, the data is considered to be lost. Under the big data environment, the user side can only store a large amount of data on the cloud server to reduce the consumption of self resources and save the storage space. Searching for ciphertext without revealing privacy has become a current research hotspot. However, most of the current searchable encryption technologies are directed to a single user terminal, and relatively few researches are conducted on multiple user terminals. However, in the current scheme capable of implementing multi-user-side retrieval, the basic steps are as follows: the user can search the corresponding file, but the user can only decrypt the file within the authority range. In this search mode, some side information is leaked. Moreover, the existing scheme almost requires the integrity of the server, and the user side does not need to verify the search result.
Disclosure of Invention
In order to solve the above problems, the present invention provides a controllable verifiable multi-user-side searchable encryption search method, which is applied to the searchable encryption system, where the system includes a registration module, a first cloud server, a second cloud server, and a plurality of user sides, and the method includes the following steps:
step 1: a searchable encryption method with fine granularity is predefined, a registration module constructs a system and carries out system setting, and the setting comprises generation of a system public key, a private key of the registration module and public parameters.
Step 2: each user applies for joining to the registration module, the registration module generates the identity ID of each user, and generates the private key corresponding to each user, the first user information and the second user information by using the private key thereof.
And step 3: the registration module adds the identity ID of each registered user side and the identity name of the user side into a user side information list of the registration module, sends the private key of each user side to the user side, sends the first user side information to the first cloud server, and sends the second user side information to the server and the second cloud server.
And 4, step 4: the first cloud server and the second cloud server respectively add the first user side information and the second user side information to respective user side information lists.
And 5: and the file uploading user side establishes an index for the keywords of the file to be uploaded by using the system public key.
Step 6: the file uploading method comprises the steps that an access strategy for a file is established at a file uploading user side, a symmetric key and a keyword string which are encrypted by an attribute encryption algorithm are triggered to be sent to a first cloud server, and a ciphertext and the keyword string which are encrypted by the symmetric key are triggered to be sent to a second cloud server.
And 7: the method comprises the steps that a search file user side uses a system public key, a private key of the search file user side and keywords needing to be inquired to generate a keyword inquiry, then the inquiry and registration information in a first cloud server are sent to the first cloud server, and the inquiry and the registration information in a second cloud server are sent to the second cloud server.
And 8: the first cloud server and the second cloud server respectively verify whether the registration information of the search file user side is in the user side information list or not, if not, the search work is stopped, and if so, the whole ciphertext encryption file library is searched.
And step 9: the first cloud server and the second cloud server verify whether the user side meets an access strategy of the file and whether the file contains a keyword inquired by the user side, if not, the file is skipped, if so, the first cloud server adds a corresponding symmetric key encrypted by using the attribute into the first file set, and the second cloud server adds a ciphertext encrypted by using the symmetric key into the second file set; after the retrieval is completed, the first cloud server returns the first set to the user side, and the second cloud server returns the second file set to the user side.
Step 10: the file searching user side takes the first file set and the second file set as parameters of the matching function to calculate the matching function, and judges whether the searching result is correct or not according to the calculation result; if it is correct, step 11 is performed.
Step 11: the user side of the search file decrypts the symmetric key encrypted by the attribute encryption algorithm by using the private key of the user side, and then decrypts the encrypted file by using the symmetric key, thereby obtaining a search result file.
Further, when the registered user side is deleted by the system, the registration module updates the user side information list and notifies the first cloud server and the second cloud server to update the respective user side information lists.
Further, the public parameters are generated in the step oneThe method for private key is as follows: registration module randomly slave to finite fieldIn selecting t1,...,tnSaid t is1,...,tnAre all finite fieldsAnd selecting a hash function h (·), a hash function h (·) with a key and a threshold value d, then the public parameter generation formula is:
the private key of the registration module is: t is t1,...,tn,y。
When an attribute set { omega } of a user side meets | { omega } ∩ { omega '} | ≧ d and an inquired keyword is consistent with a keyword contained in a file, the user side can retrieve the corresponding file, wherein { omega } is a required attribute set, d is a threshold, | · | represents the number of elements, and { omega' } is the required attribute set in an access strategy;consists of all positive integers less than p, excluding 0; p is a prime number of 1024bit length or 2048bit length or other length.
Further, the generation method of each user end ID in the step 2 is concretely that the user end name is assumed to be UjThe user terminal randomly slave to the finite fieldSelect a number xjAnd x isjSending to the registration module, the registration module generates UjIdentity IDID ofjAnd adds it to the user side list U-Comk and then randomly selects oneD-1 degree polynomial qj(. o) and qj(. o) satisfies qj(0) Y, then the user end UjThe private key of
Wherein, ω isiIs the ith attribute in the attribute set of the user terminal, omega is all the attribute sets, DjiRepresents the user side UjA key of the ith attribute, andwherein q isj(i) Indicating registration module for user side UjA randomly selected d-1 order polynomial qj(x) The value of formula ω at x ═ ii∈Ω。
The registration module will { omega }i},And IDjSent to the user side UjWill (U)j,h(IDj||xj) To the first cloud server, the registration module willAnd sending the data to a second cloud server.
Further, in step 5, the user terminal U is assumed to bejFor the file uploading user, the selection is madeAnd k1,k2R GTAnd extracting the file d to be uploadediThen calculates a keyword indexWhere h (-) is a collision-free hash function, GTIs a cyclic group.
Further, step 6 specifically includes: suppose the name of the file uploading user isUjSelection ofAnd k is3R GTAnd calculate
Wherein, C1,C2,E,EA(k3),E(h(k3),di) Are all components of the ciphertext;
user side UjWill be provided with
And the upload time is sent to the first cloud server,
and will be
And sending the uploading time to the second cloud server.
CT1、CT2Is a set of ciphertexts, e (G, G) is a cyclic group GTOf (1).
Further, step 7 specifically comprises: suppose a user side searching for a document is UvIt selects rvRΖpAnd calculates a keyword query Qv(w):
Then (U) will bev,h(IDv||xv),Qv(w')) to a first cloud serverAnd sending the data to a second cloud server.
Wherein q isv(t) indicating authority registration module for user terminal UvA randomly selected d-1 order polynomial qv(x) The value of formula at x ═ t.
Further, in step 9, the first cloud server verifies whether { ω } ∩ { ω '} | ≧ D is true for the file, if not, the file is skipped, and the next file is operated, if true, the first cloud server arbitrarily selects D elements from { ω } ∩ { ω' } to form a set S, and finds out the corresponding DvPerform calculation
Wherein, Deltai,s(0) Representing Lagrange coefficientsi, j is omegai,ωjS is a set of d elements arbitrarily selected from { ω } ∩ { ω' }.
If it is notThe first cloud server adds the file to the set of files that need to be returned, i.e. the first cloud server adds the file to the set of files that need to be returnedWherein a is1(w') is a first set of filesAnd (6) mixing.
The second cloud server verifies whether l { omega } ∩ { omega ' } ≧ D is established or not for the file, if not, the file is skipped over, and the next file is operated, if so, the second cloud server randomly selects D elements from { omega } ∩ { omega ' } to form a set S ', and finds out the corresponding DvThe following calculations were performed:
wherein, Deltai,s′(0) Representing Lagrange coefficientsi, j is omegai,ωjThe foot mark.
If it is notThe second cloud server adds the file to the set of files that need to be returned, i.e.Wherein a is2(w') is a second set of files. Wherein NM(1)、NM(2)The first cloud server marks the files according to the uploading time sent by the user side according to the time sequence, so that the sequence of the files received by the two cloud servers is kept consistent after the files are sequenced.
Further, step 10 specifically includes: user side UvAuthenticationWhether or Not (NM)(1)And NM(2)Is two serversAnd respectively labeling the files according to the time sequence according to the uploading time sent by the user side so as to ensure that the sequence of the files received by the two cloud servers is consistent after the files are sequenced), and if the sequence is not consistent, at least one cloud server does not completely retrieve the encrypted file library.
Detailed Description
The design concept of the invention is as follows: designing an authoritative registration module, wherein the registration module realizes the registration and information entry of each user side. And designing two cloud servers which are not mutually hooked, wherein the two cloud servers are communicated with the registration module and simultaneously have the information of each legal user side.
The following explains the composition of a system for implementing the present invention: the system comprises a registration module, a user side, a first cloud server and a second cloud server which are not hooked.
The registration module is equivalent to an authority and is used for constructing a system, setting the system (the setting comprises generating a system public key, a private key of the registration module and public parameters), issuing the private key for the user side, controlling addition and deletion of the user side and sending latest user side information for the first cloud server and the second cloud server.
The user side is used for establishing a file index, encrypting and uploading files, and retrieving the files in the first cloud server and the second cloud server and decrypting the searched files.
The first cloud server is used for executing file retrieval work and returning the symmetric key encrypted by the attribute to the user side.
And the second cloud server executes file retrieval work and returns the ciphertext encrypted by the symmetric key to the user side.
The common symbols of the present invention are illustrated in table 1.
TABLE 1
The specific steps of the method are explained below.
Step 1: a searchable encryption method with fine granularity is predefined, a registration module constructs a system and carries out system setting, and the setting comprises generation of a system public key, a private key of the registration module and public parameters.
The specific algorithm is as follows: let G be the q-order cyclic group generated by G, e: GXG → GTIs a bilinear map (G is a cyclic group, e is a bilinear map, GT is a cyclic group, e: G → GTRepresentation e maps elements inside G to elements inside GT). Defining a Lagrange coefficient of
Wherein S 'is a set of d elements arbitrarily selected from { ω } ∩ { ω' }, i, j are elements in S, and x is a function argument.
The invention defines fine-grained searchable encryption as that when a user side meets an access strategy, namely an attribute set { omega } of the user side meets | { omega } ∩ { omega '} | ≧ d (wherein { omega } is a required attribute set, { omega' } is a required attribute set in the access strategy, d is a threshold, | · represents the number of elements), and an inquired keyword is consistent with a keyword contained in a file, the user side can retrieve a corresponding document.
The method for generating the public parameter and the private key comprises the following steps: registration module randomly slave to finite fieldIn selecting t1,...,tnSaid t is1,...,tnAre all finite fieldsAnd selecting a hash function h (·), a hash function h (·) with a key and a threshold value d, then the public parameter generation formula is:
the private key of the registration module is: t is t1,...,tn,y;
When an attribute set { omega } of a user side meets | { omega } ∩ { omega '} | ≧ d and an inquired keyword is consistent with a keyword contained in a file, the user side can retrieve the corresponding file, wherein { omega } is a required attribute set, d is a threshold, | · | represents the number of elements, and { omega' } is the required attribute set in an access strategy;consists of all positive integers less than p, excluding 0; p is a prime number with 1024bit length, 2048bit length or other lengths, and is selected according to actual conditions.
Step 2: each user applies for joining to the registration module, the registration module generates the identity ID of each user, and generates the private key corresponding to each user, the first user information and the second user information by using the private key thereof.
The method for generating ID of each user end is that the name of the user end is assumed to be UjThe user terminal randomly slave to the finite fieldSelect a number xjAnd x isjSending to the registration module, the registration module generates UjID ofjAnd adds it to the user-side list U-Comk, then randomly selects a d-1 degree polynomial q (-) and q (-) satisfies qj(0) Y, then the user end UjThe private key of
Wherein, ω isiIs the ith attribute in the attribute set of the user terminal, omega is all the attribute sets, DjiRepresents the user side UjA key of the ith attribute, andwherein q isj(i) Indicating registration module for user side UjA randomly selected d-1 order polynomial qj(x) The value of formula ω at x ═ ii∈Ω。
The registration module will { omega }i},And IDjSent to the user side UjWill (U)j,h(IDj||xj) To the first cloud server, the registration module willAnd sending the data to a second cloud server.
And step 3: the registration module adds the identity ID of each registered user side and the identity name of the user side into a user side information list of the registration module, sends the private key of each user side to the user side, sends the first user side information to the first cloud server, and sends the second user side information to the server and the second cloud server.
And 4, step 4: the first cloud server and the second cloud server respectively add the first user side information and the second user side information to respective user side information lists.
The first cloud server updates the user side list U-ComK(1)Is U-ComK(1)∪(Uj,h(IDj||xj) And the second cloud server updates its user side list U-ComK(2)Is composed of
And 5: and the file uploading user side establishes an index for the keywords of the file to be uploaded by using the system public key.
Suppose user terminal UjFor the file uploading user, the selection is madeAnd k1,k2R GTAnd extracting the file d to be uploadediThen calculates a keyword indexWhere h (-) is a collision-free hash function, GTIs a cyclic group.
Step 6: the file uploading method comprises the steps that an access strategy for a file is established at a file uploading user side, a symmetric key and a keyword string which are encrypted by an attribute encryption algorithm are triggered to be sent to a first cloud server, and a ciphertext and the keyword string which are encrypted by the symmetric key are triggered to be sent to a second cloud server.
Suppose the name of the file uploading user is UjSelection ofAnd k is3R GTAnd calculate
Wherein, C1,C2,E,EA(k3),E(h(k3),di) Are all part of ciphertext
User side UjWill be provided with
And the upload time is sent to the first cloud server,
and will be
And the upload time is sent to the second cloud server,
CT1、CT2is a set of ciphertexts, e (G, G) is a cyclic group GTOf (1).
The first cloud server and the second cloud server respectively mark the files as NM (network management) according to uploading time sent by the user side and time sequence(1)And NM(2)And the sequence of the files received by the two cloud servers is kept consistent after the files are sequenced. NM(1)And NM(2)The two servers respectively mark the files according to the uploading time sent by the user side according to the time sequence so as to ensure that the sequence of the files received by the two cloud servers is kept consistent after the files are sequenced.
And 7: the method comprises the steps that a search file user side uses a system public key, a private key of the search file user side and keywords needing to be inquired to generate a keyword inquiry, then the inquiry and registration information in a first cloud server are sent to the first cloud server, and the inquiry and the registration information in a second cloud server are sent to the second cloud server.
Suppose a user side searching for a document is UvIt selects rvRΖpAnd calculates a keyword query Qv(w):
Then (U) will bev,h(IDv||xv),Qv(w')) to a first cloud serverAnd sending the data to a second cloud server.
Wherein q isv(t) indicating authority registration module for user terminal UvA randomly selected d-1 order polynomial qv(x) The value of formula at x ═ t.
And 8: the first cloud server and the second cloud server respectively verify whether the registration information of the search file user side is in the user side information list or not, if not, the search work is stopped, and if so, the whole ciphertext encryption file library is searched.
The first cloud server and the second cloud server are verified respectively (U)v,h(IDv||xv))、If the user side information is not in the user side information list, the searching work is stopped. If the encrypted file is in the list, the whole encrypted file library is searched.
And step 9: the first cloud server and the second cloud server verify whether the user side meets an access strategy of the file and whether the file contains a keyword inquired by the user side, if not, the file is skipped, if so, the first cloud server adds a corresponding symmetric key encrypted by using the attribute into the first file set, and the second cloud server adds a ciphertext encrypted by using the symmetric key into the second file set; after the retrieval is completed, the first cloud server returns the first set to the user side, and the second cloud server returns the second file set to the user side.
The method includes the steps that a first cloud server verifies whether l { omega } ∩ { omega '} is equal to or larger than D or not for a file, if not, the file is skipped over, and the next file is operated, and if so, the first cloud server randomly selects D elements from { omega } ∩ { omega' } to form a set S, and finds out corresponding DvPerform calculation
Wherein, Deltai,s(0) Representing Lagrange coefficientsi, j is omegai,ωjThe foot mark.
If it is notThe first cloud server adds the file to the set of files that need to be returned, i.e. the first cloud server adds the file to the set of files that need to be returnedWherein a is1(w') is a first set of files.
The second cloud server verifies whether l { omega } ∩ { omega ' } ≧ D is established or not for the file, if not, the file is skipped over, and the next file is operated, if so, the second cloud server randomly selects D elements from { omega } ∩ { omega ' } to form a set S ', and finds out the corresponding DvThe following calculations were performed:
wherein, Deltai,s′(0) Representing Lagrange coefficientsi, j is omegai,ωjThe foot mark.
If it is notThe second cloud server adds the file to the set of files that need to be returned, i.e.Wherein a is2(w') is a second set of files.
Step 10: the file searching user side takes the first file set and the second file set as parameters of the matching function to calculate the matching function, and judges whether the searching result is correct or not according to the calculation result; if it is correct, step 11 is performed.
User side UvAuthenticationAnd if not, indicating that at least one cloud server does not carry out complete retrieval on the encrypted file library.
If the search result is incorrect, repeated searches can be performed, or the request arbitration mechanism penalizes the cloud server.
Step 11: the user side of the search file decrypts the symmetric key encrypted by the attribute encryption algorithm by using the private key of the user side, and then the search result file is obtained.
User side UvBy its own private keyFirst to EA(k3) Decryption is carried out to obtain k3Then use k3Decrypt E (h (k)3),di) Get document di
The method may further comprise a step of member deletion. As the user side UjDeleted by the system, and the registration module updates the member list U-Comk (U)j,IDj) Then, the registration module notifies the first cloud server and the second cloud server to update their user information lists. First cloud server slave U-ComK(1)Middle deletion (U)j,h(IDj||xj) Second cloud server slave U-ComK)(2)Deletion inThus, even if Uj colludes with one of the servers, UjNo search can be performed anymore.
The following explains the advantageous technical effects of the present invention.
1. The server can retrieve the file only if the client satisfies the access policy and the queried keyword is consistent with the file keyword. When the user terminal does not satisfy the access policy, the server cannot retrieve the file even if the file contains the keyword that the user terminal needs to query.
From the search process, if the attributes of the user side satisfy the access policy, pass c1And c2The server can obtain
Thus, if the keyword w' searched by the user side is the same as the keyword w contained in the file, k is1′=k1So that the server can deriveThereby finding the corresponding file.
When the attribute of the user side does not meet the access policy, the following two situations are divided:
1) i { ω } ∩ { ω' } i < d, the server will skip this file and proceed to retrieve the next file.
2) { ω } ∩ { ω '} | ≧ d, but w' ≠ w, whichTherefore, there will beThus, the server determines that the file is not the file corresponding to the keyword w' that the client needs to query.
Thus, the server can retrieve the file only if the client satisfies the access policy and the queried keyword is consistent with the file keyword.
2. The deleted user terminal can not obtain the related files which the user terminal wants to query even if the user terminal is hooked with one of the two servers which are not hooked.
Each time user end UvWhen a file needs to be queried, it needs to be (U)v,h(IDv||xv) To a first cloud server to sendAnd sending the data to a second cloud server. When U is turnedvAfter being deleted, the first cloud server willDelete, second cloud suitThe server willAnd (5) deleting. Suppose UvCollude with the first cloud server (at most one server), when UvWhen the query needs to be initiated again, UvCannot reuse its original identity because the second cloud server willAnd deleted. Due to UvIn collusion with the first cloud server, it can borrow the identity of other legitimate clients, such as (U)j,h(IDj||xj) Thus U) is providedvMust also be constructedThen the process is carried out. This indicates UvRequire a slave h (ID)j||xj) Is calculated to obtainBut is known from h (ID) due to the unidirectional and collision-proof properties of the hash functionj||xj) To obtainIs computationally infeasible (in turn, byTo obtain h (ID)j||xj) Is also computationally infeasible). Therefore, even UvIn collusion with one of the servers, the cloud server cannot construct a legal identity, so that the cloud server cannot help the cloud server to retrieve the related files to be inquired.
User side UvThe first cloud server can be directly used for assisting the search, and then the corresponding search result is obtainedHowever, only the file encryption pairArray Key { EA(k3) And no content of the file is encrypted. If U is presentvCollude with the second cloud server and can only obtainHere, there is an encrypted file E (h (k))3),di) But its encryption key is at the first cloud server, so UvCan not be paired with E (h (k)3),di) Decryption is performed and any content of the file is likewise not available.
3. The user side can quickly verify whether the server has lazy behavior.
After the user side inquires, the server returns the result of the user side asAndwhen the user side uploads the files to the server, the first cloud server and the second cloud server respectively mark the files according to uploading time sent by the user side and NM according to time sequence(1)And NM(2)The method and the system ensure that the sequence of the files received by the two servers is consistent after the files are sequenced. The user only needs simple authenticationWhether or not it is true. Because the two servers are not hooked, if lazy behavior occurs, i.e. complete retrieval of the ciphertext database is not performed, the number of returned files and the file number need to be consistent (i.e. the two servers do not hook up), i.e. the number of returned files and the file number need to be consistentTrue) is negligible.
In conclusion, the invention establishes the multi-user-side searchable encryption model, and provides the verifiable multi-user-side searchable encryption algorithm supporting fine-grained control, thereby avoiding the leakage of side information. Meanwhile, the user side can verify the integrity of the search result, and the deleted user side can not acquire the corresponding file any more.

Claims (9)

1. The controllable verifiable multi-user-side searchable encryption searching method is applied to a searchable encryption system, the system comprises a registration module, a first cloud server, a second cloud server and a plurality of user sides, and the method comprises the following steps:
step 1: predefining a fine-grained searchable encryption method, and establishing a system and setting the system by a registration module, wherein the setting comprises generating a system public key, a private key of the system public key and public parameters;
step 2: each user applies for joining to the registration module, the registration module generates an identity ID of each user, and generates a private key corresponding to each user, first user information and second user information by using a private key of the registration module;
and step 3: the registration module adds the identity ID of each registered user side and the identity name of the user side into a user side information list of the registration module, sends the private key of each user side to the user side, sends the first user side information to a first cloud server, and sends the second user side information to a second cloud server;
and 4, step 4: the first cloud server and the second cloud server respectively add the first user side information and the second user side information to respective user side information lists;
and 5: the file uploading user side establishes an index for the keywords of the file to be uploaded by using a system public key;
step 6: the method comprises the steps that an access strategy for a file is established at a file uploading user side, a symmetric key and a keyword string which are encrypted by an attribute encryption algorithm are triggered to be sent to a first cloud server, and a ciphertext and the keyword string which are encrypted by the symmetric key are triggered to be sent to a second cloud server;
and 7: the method comprises the steps that a search file user side uses a system public key, a private key of the search file user side and a keyword to be inquired to generate a query function of the keyword, then the query function and registration information in a first cloud server are sent to the first cloud server, and the query function and the registration information in a second cloud server are sent to the second cloud server;
and 8: the first cloud server and the second cloud server respectively verify whether the registration information of the search file user side is in the user side information list or not, if not, the search work is stopped, and if so, the whole ciphertext encryption file library is searched;
and step 9: the first cloud server and the second cloud server verify whether the user side meets an access strategy of the file and whether the file contains a keyword inquired by the user side, if not, the file is skipped, if so, the first cloud server adds a corresponding symmetric key encrypted by using the attribute into the first file set, and the second cloud server adds a ciphertext encrypted by using the symmetric key into the second file set; after the retrieval is completed, the first cloud server returns the first set to the user side, and the second cloud server returns the second file set to the user side;
step 10: the file searching user side takes the first file set and the second file set as parameters of the matching function to calculate the matching function, and judges whether the searching result is correct or not according to the calculation result; if the result is correct, performing step 11;
step 11: the user side of the search file decrypts the symmetric key encrypted by the attribute encryption algorithm by using the private key of the user side, and then the search result file is obtained.
2. The controllable authenticatable multi-ue searchable encryption search method of claim 1, wherein when the registered ue is deleted by the system, the registration module updates the ue information list and notifies the first cloud server and the second cloud server to update the respective ue information lists.
3. The controllable searchable encryption searching method for verifiable multiple clients according to claim 1, wherein the method for generating public parameters and private keys in the first step comprises: registration module randomly slave to finite fieldIn selecting t1,...,tnSaid t is1,...,tnAre all finite fieldsAnd selecting a hash function h (·), a hash function h (·) with a key and a threshold value d, then the public parameter generation formula is:
the private key of the registration module is: t is t1,…,tn,y;
When an attribute set { omega } of a user side meets | { omega } ∩ { omega '} | ≧ d and an inquired keyword is consistent with a keyword contained in a file, the user side can retrieve the corresponding file, wherein { omega } is a required attribute set, d is a threshold, | · | represents the number of elements, and { omega' } is the required attribute set in an access strategy;consists of all positive integers less than p, excluding 0; p is a prime number of 1024 bits in length.
4. The controllable verifiable multi-user searchable encryption searching method of claim 3, wherein each user ID generated in step 2 is specifically generated by assuming the user name is UjThe user terminal randomly slave to the finite fieldSelect a number xjAnd x isjSending to the registration module, the registration module generates UjID ofjAnd adds it to the user-side list U-Comk, then randomly selects a d-1 degree polynomial q (-) and q (-) satisfies qj(0) Y, then the user end UjThe private key of
Wherein, ω isiIs the ith attribute in the attribute set of the user terminal, omega is all the attribute sets, DjiRepresents the user side UjA key of the ith attribute, andwherein qj (i) denotes annotateVolume module for user side UjA randomly selected d-1 order polynomial qj(x) The value of formula ω at x ═ ii∈Ω;
The registration module will { omega }i},And IDjSent to the user side UjWill (U)j,h(IDj||xj) To the first cloud server, the registration module willAnd sending the data to a second cloud server.
5. The controllable verifiable multi-user searchable encryption searching method of claim 4, wherein in step 5, the user end U is assumedjFor file upload client, in Zp *Middle selection rj (1)And rj (2)、k1,k2R GTAnd extracting the file d to be uploadediThen calculates a keyword indexWhere h (-) is a collision-free hash function, GTIs a cyclic group.
6. The controllable verifiable multi-user searchable encryption searching method according to claim 5, wherein step 6 is specifically: suppose the name of the file uploading user is UjSelection ofAnd k is3R GTAnd calculate
Wherein,are all part of ciphertext
User side UjWill be provided with
Sending the uploading time to the first cloud server, and sending the uploading time to the first cloud server
And the upload time is sent to the second cloud server,
CT1、CT2is a set of ciphertexts, e (G, G) is a cyclic group GTOf (1).
7. The controllable verifiable multi-user searchable encryption searching method according to claim 6, wherein step 7 is specifically: suppose a user side searching for a document is UvIt selects rvRZpAnd calculates a keyword query function Qv(w):
Then (U) will bev,h(IDv||xv),Qv(w')) to a first cloud serverSending the data to a second cloud server;
wherein q isv(t) indicating authority registration module for user terminal UvA randomly selected d-1 order polynomial qv(x) The value of formula at x ═ t.
8.The controllable verifiable multi-user-side searchable encryption searching method as claimed in claim 7, wherein in step 9, the first cloud server first verifies whether l { ω } ∩ { ω '} | ≧ D for the file, if not, skips the file and operates the next file, and if so, the first cloud server arbitrarily selects D elements from { ω } ∩ { ω' } to form a set S, and finds out the corresponding D elements DvPerform calculation
Wherein, Deltai,s(0) Representing Lagrange coefficientsi, j is omegai,ωjThe foot mark of (2);
if it is notThe first cloud server adds the file to the set of files that need to be returned, i.e. the first cloud server adds the file to the set of files that need to be returnedWherein a is1(w') is a first set of files;
the second cloud server firstly verifies whether | omega } ∩ { omega' } | or more d is true or not for the file, and if not, the file is skipped overAnd if so, the second cloud server randomly selects D elements from { omega } ∩ { omega '} to form a set S', and finds out the corresponding DvThe following calculations were performed:
wherein, Deltai,s′(0) Representing Lagrange coefficientsi, j is omegai,ωjThe foot mark of (2);
if it is notThe second cloud server adds the file to the set of files that need to be returned, i.e.Wherein a is2(w') is a second set of files.
9. The controllable verifiable multi-user searchable encryption searching method according to claim 8, wherein step 10 is specifically: user side UvAuthenticationAnd if not, indicating that at least one cloud server does not carry out complete retrieval on the encrypted file library.
CN201610247963.0A 2016-04-19 2016-04-19 It is controllable to can verify that multi-user end can search for encryption searching method Active CN105763324B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610247963.0A CN105763324B (en) 2016-04-19 2016-04-19 It is controllable to can verify that multi-user end can search for encryption searching method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610247963.0A CN105763324B (en) 2016-04-19 2016-04-19 It is controllable to can verify that multi-user end can search for encryption searching method

Publications (2)

Publication Number Publication Date
CN105763324A CN105763324A (en) 2016-07-13
CN105763324B true CN105763324B (en) 2019-03-29

Family

ID=56325366

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610247963.0A Active CN105763324B (en) 2016-04-19 2016-04-19 It is controllable to can verify that multi-user end can search for encryption searching method

Country Status (1)

Country Link
CN (1) CN105763324B (en)

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108111587B (en) * 2017-12-15 2020-11-06 中山大学 Cloud storage searching method based on time release
CN108197499B (en) * 2018-01-11 2020-08-07 暨南大学 Verifiable ciphertext data range query method
CN109325369B (en) * 2018-11-02 2020-06-30 浙江大学 Method for encrypting, storing and retrieving time field of building structure test data
CN110166466B (en) * 2019-05-28 2020-02-21 湖南大学 Multi-user searchable encryption method and system capable of efficiently updating permissions

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102176709B (en) * 2010-12-13 2013-11-13 北京交通大学 Method and device with privacy protection function for data sharing and publishing
CN104023051A (en) * 2014-05-22 2014-09-03 西安理工大学 Multi-user multi-keyword searchable encryption method in cloud storage
CN104394155B (en) * 2014-11-27 2017-12-12 暨南大学 It can verify that multi-user's cloud encryption keyword searching method of integrality and completeness
CN105049196B (en) * 2015-07-13 2018-08-03 佛山市明茂网络科技有限公司 The encryption method that multiple keywords of designated position can search in cloud storage

Also Published As

Publication number Publication date
CN105763324A (en) 2016-07-13

Similar Documents

Publication Publication Date Title
JP4958246B2 (en) Method, apparatus and system for fast searchable encryption
CN110224986B (en) Efficient searchable access control method based on hidden policy CP-ABE
Li et al. Enabling fine-grained multi-keyword search supporting classified sub-dictionaries over encrypted cloud data
CN104021157B (en) Keyword in cloud storage based on Bilinear map can search for encryption method
CN113194078A (en) Cloud-supported privacy protection sequencing multi-keyword search encryption method
CN107948146B (en) Connection keyword retrieval method based on attribute encryption in hybrid cloud
CN111143471B (en) Ciphertext retrieval method based on blockchain
CN105763324B (en) It is controllable to can verify that multi-user end can search for encryption searching method
CN108062485A (en) A kind of fuzzy keyword searching method of multi-service oriented device multi-user
CN111930881B (en) Connection keyword authentication searchable encryption method based on state cryptographic algorithm
CN110166466B (en) Multi-user searchable encryption method and system capable of efficiently updating permissions
CN115603934B (en) Multi-user searchable encryption method and device based on block chain
Li et al. Privacy-preserving data utilization in hybrid clouds
CN114826703A (en) Block chain-based data search fine-grained access control method and system
CN114640458B (en) Fine granularity multi-user security searchable encryption method in cloud-edge cooperative environment
CN112332979B (en) Ciphertext search method, system and equipment in cloud computing environment
Li et al. A Lightweight Fine‐Grained Searchable Encryption Scheme in Fog‐Based Healthcare IoT Networks
Ma et al. CP‐ABE‐Based Secure and Verifiable Data Deletion in Cloud
CN112532650A (en) Block chain-based multi-backup safe deletion method and system
CN107294701B (en) Multidimensional ciphertext interval query device and method with efficient key management
CN117744120B (en) Multi-user searchable encryption method and system
CN105897419B (en) A kind of multi-user&#39;s dynamic keyword word can search for encryption method
CN113132345B (en) Agent privacy set intersection method with searchable function
ThandaiahPrabu et al. An efficient and secured multiple keyword cloud data searching scheme with dynamic encryption procedure
CN116663046A (en) Private data sharing and retrieving method, system and equipment based on blockchain

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant