CN105871543B - Multiple key cipher text retrieval method under more data owner's backgrounds based on attribute - Google Patents
Multiple key cipher text retrieval method under more data owner's backgrounds based on attribute Download PDFInfo
- Publication number
- CN105871543B CN105871543B CN201610188151.3A CN201610188151A CN105871543B CN 105871543 B CN105871543 B CN 105871543B CN 201610188151 A CN201610188151 A CN 201610188151A CN 105871543 B CN105871543 B CN 105871543B
- Authority
- CN
- China
- Prior art keywords
- indicate
- node
- intermediate variable
- indicates
- random number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/045—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply hybrid encryption, i.e. combination of symmetric and asymmetric encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
Abstract
The invention discloses a kind of multiple key cipher text retrieval method under more data owner's backgrounds based on attribute, mainly solve the problems, such as that the prior art only supports the searching ciphertext of single keyword.Its technical solution is: in conjunction with can search for encryption technology and the encryption policy based on ciphertext attribute, under more data owner's scenes, according to the set of keywords of the access structure of data owner and ciphertext, establishing set of keywords index;The trapdoor that data user generates according to key word of the inquiry collection and key word of the inquiry collection;Data user realizes the query on several keys to ciphertext using trapdoor.Present invention alleviates data owner's local datastore and administrative burdens, and data user can be supported to carry out multiple key to ciphertext and accurately inquire, can be used for realizing the safety and efficient retrieval of fine-granularity access control, ciphertext data under cloud storage background.
Description
Technical field
The invention belongs to technical field of cryptology, and in particular to data encryption, access control and searching ciphertext technology, it can
For realizing the safety and efficient retrieval of fine-granularity access control, ciphertext data under cloud storage background.
Background technique
With the prevalence of cloud computing technology, more and more enterprise customers and it is personal by their local datastores to " sincere
It is real but curious " cloud server so as to enjoyed from configurable computer resource sharing pond in real time, the application of high quality
And service.Therefore, data storage service becomes one of most basic service in cloud computing application, and cloud storage service reduces this
The burden of ground storage management avoids the expense in software and hardware facilities and personnel's maintenance, but Cloud Server is rented without normal direction cloud
Family confirms it with believable storage capacity.Cloud storage brings huge convenience to cloud tenant, improve data and service can
With property and reliability, but the risk for also inevitably bringing data-privacy to reveal simultaneously.
In cloud storage, to guarantee that the privacy of data is not leaked, encryption storage is the method for most original.Cloud tenant is to bright
After literary data encryption, cloud server CSP is uploaded to ciphertext form.Although data encryption system can ensure data safety,
But the data of ciphertext form hide Sensitive data content while, but also data file loses the ability being retrieved.
In this case, if cloud tenant requires to look up some document in ciphertext data set, need to download entire ciphertext data
Collect and decrypt, it is clear that this mode will cause great network overhead and computing cost.It is most popular at present for above-mentioned problem
What one of solution was namely based on keyword can search for encryption SE technology, and this retrieval technique allows user to have by keyword
Data file is selectively retrieved, recall precision is substantially increased.
And the safety that the development of cloud storage is searching ciphertext technology is put forward new requirements, and has evoked the hair of cipher theory
Exhibition.It is a kind of that being suggested based on encryption attribute ABE technology for fine-granularity access control may be implemented derived from this.Encryption attribute agreement
The encryption attribute agreement CP-ABE of Ciphertext policy and the encryption attribute agreement KP-ABE of key strategy can be divided into.It is defined from the two
From the point of view of, CP-ABE agreement is substantially better than KP-ABE agreement, this is because encipherer is without specifying some solution in CP-ABE agreement
Close person relies on one group of attribute and an access control policy as unique decryption person, as long as the attribute set of cloud tenant
It is able to satisfy specified access control policy, then the private key that cloud tenant can generate according to property set decrypts ciphertext;The agreement simultaneously
It, can be in the access privilege control of multi-user scene realization cloud tenant with enough flexibilities.Therefore, searching based on attribute
The secrecy that rope encryption technology realizes data is shared and fine-grained access control function.
Although the existing encryption technology that can search for realizes the searching ciphertext of single keyword, this mechanism can generate huge
Big computing cost and the incoherent ciphertext of return, to waste a large amount of bandwidth and computing resource.Based on this, design is supported more
The searching ciphertext technology of keyword is particularly important.On the one hand, multiple key search statement can be accurately positioned required
Document ciphertext;On the other hand good user's search experience is provided for user.And it existing can search for encrypting based on attribute
Technology can only support single key search, while not yet consider that there are multiple data owner's scenes.It is more complicated in order to be suitable for
Application scenarios and meet the more application demands of cloud tenant, how safely and efficiently to expand to attribute encryption technology can search for
It is the key point of cryptographic algorithm design in encipherment scheme.
Summary of the invention
It is an object of the invention to be directed to the defect of above-mentioned prior art, one kind base under more data owner's backgrounds is proposed
In the multiple key cipher text retrieval method of attribute, to reduce the calculating of retrieval under more complicated multiple-user retrieval application scenarios
Expense accurately carries out multiple key searching ciphertext.
To achieve the above object, the cryptography scheme that the present invention uses includes:
(1) system initialization: third party's trusted servers TTS generates public key pk, master key mk and conventional encryption algorithm
Symmetric key Φ;
(2) private key generates: property set S of third party's trusted servers TTS according to data user DU, master key mk, public key
The access structure P of pk and data owner DO generates private key sk;
(3) index is established: data owner DO symmetric key Ф encrypted document generates ciphertext C, is then tied according to access
Structure P and set of keywords W is that document establishes index I, and ciphertext C and index I are finally uploaded to Cloud Server CSP;
(4) trapdoor generates: data user DU generates trapdoor T according to key word of the inquiry collection W', and trapdoor T is submitted to cloud clothes
Be engaged in device CSP;
(5) cipher text searching: Cloud Server CSP matches trapdoor T and index I, and the document for meeting matching condition is close
Collected works RC is sent to data user DU.
The present invention has the advantage that
(1) present invention can support query on several keys under the application scenarios of more data owner's shared datas, can be quickly
Document ciphertext needed for positioning.
(2) ciphertext index and access structure constructed in the present invention, can mitigate the burden of local datastore management, real
Existing fine-granularity access control.
(3) present invention uses the encryption attribute strategy of ciphertext on the basis of can search for encryption technology, can resist keyword
Guessing attack and guarantee keyword privacy.
(4) method provided by the invention has feasibility in practical application scene.
To sum up, the present invention uses the encryption attribute strategy of ciphertext on the basis of can search for encryption technology, gathers around in most evidences
Under the person's of having scene, data user initiates query on several keys request, can be accurately positioned required ciphertext document, reduces local number
According to the expense of storage management, and method can resist keyword guessing attack.
Detailed description of the invention
Fig. 1 is actual scene figure of the invention;
Fig. 2 is realization general flow chart of the invention;
Fig. 3 is the system initialization sub-process figure in the present invention;
Fig. 4 is the sub-process figure that private key is generated in the present invention;
Fig. 5 is to establish index in the present invention and generate the schematic diagram of ciphertext;
Fig. 6 is the schematic diagram that trapdoor is generated in the present invention;
Fig. 7 is the sub-process figure that ciphertext is searched in the present invention.
Specific embodiment
Referring to Fig.1, for the present invention by taking individual health record PHR storage system as an example, which includes four entities: can
Believe third party TTS, Cloud Server CSP, multiple data owner DO and data user DU.Trusted third party TTS generates public key
Pk, private key sk and symmetric key Φ;Cloud Server CSP is used to storing data ciphertext;Multiple data owner DO, such as patient
It is responsible for encrypted document and creation index;Data user DU, such as doctor may search for ciphertext.
Referring to Fig. 2, multiple key searching ciphertext of the present invention under more data owner's backgrounds based on attribute realizes step
Suddenly include the following:
Step 1, system initialization
Referring to Fig. 3, this step is implemented as follows:
Public key pk=is calculated according to global common parameter Q and property set U in (1a) third party trusted servers TTS
(G1,G2,e,h1,h2, q, g, X, Y, Z), master key mk=(α, beta, gamma) and symmetric key Φ, symmetric key Φ is to pass through biography
System symmetric encipherment algorithm is calculated;Wherein G1It is q rank addition cyclic group, g is G1Generation member, G2It is q rank multiplicative cyclic group, e
It is bilinear map G1×G1→G2, h1It indicates that { 0,1 } will be gathered*It is mapped to G1Hash function, h2It indicates that { 0,1 } will be gathered*It reflects
It is mapped to ZqHash function, ZqIt is q rank integer item, X indicates the first intermediate variable: X=gα, Y the second intermediate variable of expression: Y=gβ, Z expression third intermediate variable: Z=gγ, α the first random number of expression: α ∈ Zq, the second random number β ∈ Z of β expressionq, γ indicates the
Three random numbers: γ ∈ Zq;
Public key and symmetric key are sent to data owner and data user by (1b) third party's trusted servers TTS;
(1c) third party's trusted servers TTS locally saves public key and master key.
Step 2, private key is generated
Referring to Fig. 4, this step is accomplished by
(2a) data user DU submits property set S to third party's trusted servers TTS;
(2b) data owner DO is that specify access structure P, access structure P be a kind of tree structure to document D, in tree
Each node includes multinomial and threshold value:
(2b1) is that root node r chooses multinomial qr(v) and threshold value kr(v), wherein v is independent variable, as independent variable v=0
When, qr(0)=r2, threshold value kr(v) 1≤k of ranger(v)≤numr, numrIndicate root node r child node number;
(2b2) is that non-leaf nodes x chooses multinomial qx(v) and threshold value kx(v), multinomial qx(v) meet following item
Part:
dx(v)=kx(v) -1,
qx(0)=qparent(x)(index(x));
Wherein dx(v) q is indicatedx(v) the degree of polynomial, and as independent variable v=0, qx(0)=qparent(x)(index
(x)), parent (x) indicates that the father node of node x, index (x) indicate the sequence of parent (x) child node, threshold value kx(v)
1≤k of rangex(v)≤numx, numxIndicate node x child node number;
(2b3) is that leaf node chooses multinomial qy(v) and threshold value ky(v), wherein multinomial qy(v)=S, threshold value
ky(v)=1;
Whether (2c) third party's trusted servers TTS verifying property set S, which meets data owner DO, refers to establishing at index
Fixed access structure P:
If not satisfied, then thinking that the data user is illegal, terminate;
If satisfied, then private key will be calculated in third party's trusted servers TTS: sk=(π, { λj,μj})j∈S;
Wherein π indicates the 4th intermediate variable: π=g(αγ-r)/β, λjIndicate the 5th intermediate variable:μjIt indicates
6th intermediate variable:R indicates the 4th random number: r ∈ Zq, rjIndicate the 5th random number: rj∈Zq, attribute j ∈ S;
The data user DU that the private key is sent to by (2d) third party's trusted servers TTS.
Step 3, index is established
Referring to Fig. 5, this step is accomplished by
(3a) data owner DO establishes set of keywords W to every record d in document D respectivelydWith key word index I:
Wd={ w1,...,wi,...,wm,
I={ I1,...,Ii,...,Im};
Wherein wiIndicate set of keywords WdI-th of keyword, i ∈ { 1 ..., m }, m indicate the quantity of set of keywords;IiTable
Show corresponding keyword wiIndex, if IiValue be not 0, indicate record d contain keyword wi;Otherwise, it indicates that the pass is not present
Key word wi;
(3b) data owner DO is with public key pk to set of keywords WdEncryption are as follows:Wherein δiIt indicates with public
Key pk encryption keyword wiCiphertext afterwards, Indicate the 7th intermediate variable: It indicates in the 8th
Between variable: Indicate the 9th intermediate variable:r1Indicate the 6th random number: r1∈Zq, r2Indicate the 7th with
Machine number: r2∈Zq;
(3c) data owner DO leaf node attribute in public key encryption access structure P: { δy,θy}y∈ln, wherein δyTable
Show the tenth intermediate variable:θyIndicate the 11st intermediate variable:Att (y) indicates leaf knot
The attribute value of point, ln indicate leaf node set, and y indicates the leaf node in ln, qy(0) indicate leaf node multinomial from change
Value when measuring 0;
Index I and document ciphertext C is uploaded to Cloud Server CSP by (3d) data owner DO, wherein indexingC=EncΦ(d), wherein EncΦ(d) expression adds record d with symmetric key Φ
It is close.
Step 4, trapdoor is generated
Referring to Fig. 6, this step is accomplished by
(4a) data user DU submits key word of the inquiry collection W'={ w1',...,wj',...,wt', wherein wj' indicate be
J-th of key word of the inquiry in key word of the inquiry collection W', j ∈ { 1 ..., t }, t indicate W' key word of the inquiry collection quantity;
(4b) data user DU is calculated according to key word of the inquiry collection W', private key sk and property set S generates trapdoor: T=(S,
T1,T2,T3,{λj',μj'}j∈S), wherein T1Indicate the 13rd intermediate variable:S indicates the 8th random number:
s∈Zq, T2Indicate the 14th intermediate variable: T2=gsγ, T3Indicate the 15th intermediate variable: T3=πs, λj' indicate among the 16th
Variable:μj' indicate the 17th intermediate variable:
(4c) data user DU submits trapdoor T to Cloud Server CSP.
Step 5, cipher text searching
Referring to Fig. 7, this step is accomplished by
(5a) data user submits attribute value S and trapdoor T to give Cloud Server CSP;
Whether the attribute value S of (5b) Cloud Server CSP verify data user meets specified access structure P:
It indicates that user is illegal if being unsatisfactory for, terminates;
If data user's attribute value S meets access structure P, (5c) is thened follow the steps;
(5c) calculates the intermediate quantity D of root node according to recursive algorithmr;
(5c1) calculates leaf node intermediate quantity:Wherein qy(0) table
Leaf node multinomial q when showing independent variable v=0y(v) value;
(5c2) calculates root node intermediate quantity:If access structure P only has two layers, at this time child node
Intermediate quantity DxEqual to leaf node intermediate quantity Dy, can solveTerminate recurrence;Otherwise to DxCalling is passed
Pushing-typeContinue to solve, when the father node of recurrence to leaf node, can solveTerminate recurrence;Wherein operatorI table index (x), ψxIndicate x node
Random child node set, | ψx|=kx(v), | ψx| indicate set ψxSize, j is set ψxIn element;OperatorX' is the child node of node x, ψx'Indicate the random child node set of x' node, | ψx'|=kx'
(v), | ψx'| indicate set ψx'Size;
(5d) is according to the intermediate quantity D of root noderObtain following two expression formulas:
First expression formula:
Second expression formula:
(5e) Cloud Server CSP judges whether trapdoor T and index I match, that is, judgesIt is whether true:
If equation is unequal, terminate;
If equation is equal, Cloud Server CSP sends inquiry ciphertext to the data user for meeting matching condition.
Above description is only example of the present invention, does not constitute any limitation of the invention.Obviously for this
It, all may be before without departing substantially from the principle of the invention, structure after understanding the content of present invention and principle for the professional in field
It puts, carries out the amendment and improvement of algorithm, but these amendments and improvement based on inventive algorithm are wanted in right of the invention
It asks within protection scope.
Claims (6)
- Multiple key cipher text retrieval method under the background of data owner more than 1. based on attribute, comprising:(1a) system initialization: third party's trusted servers TTS generates public key pk, pair of master key mk and conventional encryption algorithm Claim key Φ;(1b) private key generate: third party's trusted servers TTS the property set S according to data user DU, master key mk, public key pk with And the access structure P of data owner DO generates private key sk:(1b1) access structure P is a kind of tree structure, and each node in tree includes multinomial and threshold value;For root node r choosing Take multinomial qr(v) and threshold value kr(v), wherein v is independent variable, as independent variable v=0, qr(0)=r2, threshold value kr(v) 1≤k of ranger(v)≤numr, numrIndicate root node r child node number;(1b2) is that non-leaf nodes x chooses multinomial qx(v) and threshold value kx(v), multinomial qx(v) meet the following conditions:dx(v)=kx(v) -1,qx(0)=qparent(x)(index(x));Wherein dx(v) q is indicatedx(v) the degree of polynomial, and as independent variable v=0, qx(0)=qparent(x)(index (x)), Parent (x) indicates that the father node of node x, index (x) indicate the sequence of parent (x) child node, threshold value kx(v) model Enclose 1≤kx(v)≤numx, numxIndicate node x child node number;(1b3) is that leaf node chooses multinomial qy(v) and threshold value ky(v), wherein multinomial qy(v)=S, threshold value ky(v) =1;The expression formula of (1b4) private key is as follows:Sk=(π, { λj,μj})j∈S;Wherein π indicates the 4th intermediate variable: π=g(αγ-r)/β, λjIndicate the 5th intermediate variable:μjIndicate the 6th Intermediate variable:R indicates the 4th random number: r ∈ Zq, rjIndicate the 5th random number: rj∈Zq, attribute j ∈ S, α indicate the One random number: α ∈ Zq, the second random number β ∈ Z of β expressionq, γ expression third random number: γ ∈ Zq;(1c) index is established: data owner DO symmetric key Φ encrypted document generates ciphertext C, then according to access structure P It is that document establishes index I with set of keywords W, ciphertext C and index I is finally uploaded into Cloud Server CSP;(1d) trapdoor generates: data user DU generates trapdoor T according to key word of the inquiry collection W', and trapdoor T is submitted to cloud service Device CSP;(1e) cipher text searching: Cloud Server CSP matches trapdoor T and index I, the document ciphertext collection for meeting matching condition RC is sent to data user DU.
- 2. according to the method described in claim 1, wherein public key pk, master key mk are expressed as follows in step (1a):Pk=(G1,G2,e,h1,h2, q, g, X, Y, Z),Mk=(α, β, γ);Wherein G1It is q rank addition cyclic group, g is G1Generation member, G2It is q rank multiplicative cyclic group, e is bilinear map G1×G1→ G2, h1It indicates that { 0,1 } will be gathered*It is mapped to G1Hash function, h2It indicates that { 0,1 } will be gathered*It is mapped to ZqHash function, Zq It is q rank integer item, X indicates the first intermediate variable: X=gα, Y the second intermediate variable of expression: Y=gβ, Z expression third intermediate variable: Z=gγ, α the first random number of expression: α ∈ Zq, the second random number β ∈ Z of β expressionq, γ expression third random number: γ ∈ Zq。
- 3. according to the method described in claim 1, wherein establish index I in step (1c) and generate ciphertext C, as follows into Row:(1c1) data owner DO establishes set of keywords W to every record d in document D respectivelydWith key word index I:Wd={ w1,...,wi,...,wm,I={ I1,...,Ii,...,Im};Wherein wiIndicate set of keywords WdI-th of keyword, i ∈ { 1 ..., m }, m indicate the quantity of set of keywords;IiExpression pair The keyword w answerediIndex, if IiValue be not 0, indicate record d contain keyword wi;Otherwise, it indicates that the keyword is not present wi;(1c2) data owner DO is with public key pk to set of keywords WdEncryption are as follows:Wherein δiIt indicates to use public key pk encryption keyword wiCiphertext afterwards, Indicate the 7th intermediate variable: Indicate the 8th intermediate variable: Indicate the 9th intermediate variable:r1Indicate that the 6th is random Number: r1∈Zq, r2Indicate the 7th random number: r2∈Zq, h2It indicates that { 0,1 } will be gathered*It is mapped to ZqHash function, ZqIt is that q rank is whole Ring of numbers;(1c3) data owner DO leaf node attribute in public key encryption access structure P are as follows:{δy,θy}y∈ln;Wherein δyIndicate the tenth intermediate variable:θyIndicate the 11st intermediate variable:att (y) indicate that the attribute value of leaf node, ln indicate leaf node set, y indicates the leaf node in ln, qy(0) leaf is indicated Node multinomial independent variable takes value when 0, h1It indicates that { 0,1 } will be gathered*It is mapped to G1Hash function, G1It is q rank addition circulation Group;(1c4) data owner DO generates index I:The ciphertext C of (1c5) data owner DO encryption is: C=EncΦ(d), wherein EncΦ(d) expression is with symmetric key Φ to note Record d is encrypted.
- 4. according to the method described in claim 1, wherein in step (1d) trapdoor T generation, as follows carry out:(1d1) data user DU submits key word of the inquiry collection:W'={ w1',...,wj',...,wt'};Wherein wj' indicating it is j-th of key word of the inquiry in key word of the inquiry collection W', j ∈ { 1 ..., t }, t indicate that W' inquiry is crucial Word collection quantity;(1d2) data user DU is calculated according to key word of the inquiry collection W', private key sk and property set S and is generated trapdoor:T=(S, T1,T2,T3,{λj',μj'}j∈S);Wherein T1Indicate the 13rd intermediate variable:S indicates the 8th random number: s ∈ Zq, α indicate first with Machine number: α ∈ Zq, h2It indicates that { 0,1 } will be gathered*It is mapped to ZqHash function, g is G1Generation member, γ indicate third random number: γ∈Zq, π the 4th intermediate variable of expression, T2Indicate the 14th intermediate variable: T2=gsγ, T3Indicate the 15th intermediate variable: T3= πs, λj' indicate the 16th intermediate variable:μj' indicate the 17th intermediate variable:
- 5. according to the method described in claim 1, wherein being matched in step (1e) to trapdoor T and index I, as follows It carries out:After (1e1) Cloud Server CSP gets data user's inquiry request, whether the property set S of verify data user, which meets, refers to Fixed access structure P, terminates inquiry if being unsatisfactory for;(1e2) calculates the intermediate quantity D of root node according to recursive algorithm if data user's property set S meets access structure Pr:Wherein g is G1Generation member, e is bilinear map G1×G1→G2, G1It is q rank addition cyclic group, G2It is q rank multiplication loop Group, s indicate the 8th random number: s ∈ Zq, r2Indicate the 7th random number: r2∈Zq;(1e3) is according to the intermediate quantity D of root noderObtain following two expression formulas:First expression formula:Second expression formula:Wherein h2It indicates that { 0,1 } will be gathered*It is mapped to ZqHash function, ZqIt is q rank integer item, X indicates the first intermediate variable: X =gα, α the first random number of expression: α ∈ Zq, Y the second intermediate variable of expression: Y=gβ, Z expression third intermediate variable: Z=gγ, β table Show the second random number β ∈ Zq, γ expression third random number: γ ∈ Zq;wiIndicate set of keywords WdI-th of keyword, i ∈ { 1 ..., m }, m indicate the quantity of set of keywords;r1Indicate the 6th random number: r1∈Zq,Indicate the 7th intermediate variable: Indicate the 8th intermediate variable: Indicate the 9th intermediate variable:δiExpression public key pk adds Close keyword wiCiphertext afterwards,r1Indicate the 6th random number: r1∈Zq, r2Indicate the 7th random number: r2∈Zq, wj' indicating it is j-th of key word of the inquiry in key word of the inquiry collection W', j ∈ { 1 ..., t }, t indicate W' key word of the inquiry collection number Amount, T1Indicate the 13rd intermediate variable:S indicates the 8th random number: s ∈ Zq, T3It indicates among the 15th Variable: T3=πs,(1e4) Cloud Server CSP judges trapdoor T=(S, T1,T2,T3,{λj',μj'}j∈S) and indexWhether match, that is, judgesWhether at It is vertical, if equation is unequal, terminate;If equation is equal, Cloud Server CSP sends inquiry to the data user for meeting matching condition Ciphertext;Wherein T2Indicate the 14th intermediate variable: T2=gsγ, λj' indicate the 16th intermediate variable:μj' indicate the tenth Seven intermediate variables:
- 6. according to the method described in claim 5, the centre of root node is wherein calculated described in step (1e2) by recursive algorithm Measure Dr, it carries out as follows:(1e21) calculates leaf node intermediate quantity:Wherein qy(0) it indicates certainly Leaf node multinomial q when variable v=0y(v) value;λj' indicate the 16th intermediate variable:μj' indicate the 17th Intermediate variable:δyIndicate the tenth intermediate variable:θyIndicate the 11st intermediate variable:Att (y) indicates that the attribute value of leaf node, ln indicate leaf node set, and y indicates the leaf in ln Node, qy(0) value when leaf node multinomial independent variable takes 0 is indicated;(1e22) calculates root node intermediate quantity:If access structure P only has two layers, at this time in child node Area of a room DxEqual to leaf node intermediate quantity Dy, can solveTerminate recurrence;Otherwise to DxCall recursion FormulaContinue to solve, when the father node of recurrence to leaf node, can solveTerminate recurrence;Wherein operatorI table index (x), ψxIndicate x node Random child node set, | ψx|=kx(v), | ψx| indicate set ψxSize, j is set ψxIn element;OperatorX' is the child node of node x, ψx'Indicate the random child node set of x' node, | ψx'|=kx' (v), | ψx'| indicate set ψx'Size;Wherein qx(0) the multinomial q of non-leaf nodes x is indicatedx(v) value when independent variable v takes 0 in.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610188151.3A CN105871543B (en) | 2016-03-29 | 2016-03-29 | Multiple key cipher text retrieval method under more data owner's backgrounds based on attribute |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610188151.3A CN105871543B (en) | 2016-03-29 | 2016-03-29 | Multiple key cipher text retrieval method under more data owner's backgrounds based on attribute |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105871543A CN105871543A (en) | 2016-08-17 |
| CN105871543B true CN105871543B (en) | 2019-02-15 |
Family
ID=56626398
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610188151.3A Active CN105871543B (en) | 2016-03-29 | 2016-03-29 | Multiple key cipher text retrieval method under more data owner's backgrounds based on attribute |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105871543B (en) |
Families Citing this family (26)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106559422B (en) * | 2016-11-10 | 2019-04-23 | 西安电子科技大学 | Multidimensional ciphertext interval query method based on key agreement |
| CN106657059B (en) * | 2016-12-21 | 2020-04-21 | 哈尔滨工业大学深圳研究生院 | Database query method and system with access control function |
| CN107291851B (en) * | 2017-06-06 | 2020-11-06 | 南京搜文信息技术有限公司 | Ciphertext index construction method based on attribute encryption and query method thereof |
| CN107395568A (en) * | 2017-06-21 | 2017-11-24 | 西安电子科技大学 | A kind of cipher text retrieval method of more data owner's certifications |
| CN107948146B (en) * | 2017-11-20 | 2020-07-17 | 武汉科技大学 | Connection keyword retrieval method based on attribute encryption in hybrid cloud |
| CN107958163A (en) * | 2017-12-07 | 2018-04-24 | 江苏大学 | Real-time dynamic data secure storage management system based on cloud platform |
| CN108156140B (en) * | 2017-12-13 | 2020-10-30 | 西安电子科技大学 | Multi-keyword searchable encryption method supporting numerical value attribute comparison |
| CN108599937B (en) * | 2018-04-20 | 2020-10-09 | 西安电子科技大学 | Multi-keyword searchable public key encryption method |
| CN109086615A (en) * | 2018-08-03 | 2018-12-25 | 上海海事大学 | A kind of support multiple key search public key encryption method of anti-keyword guessing attack |
| CN109299804B (en) * | 2018-11-19 | 2022-03-15 | 安徽师范大学 | Medical appointment registration system with doctor searching function |
| CN109740362B (en) * | 2019-01-03 | 2021-02-26 | 中国科学院软件研究所 | Ciphertext index generation and retrieval method and system based on entropy coding |
| CN109981736B (en) * | 2019-02-22 | 2021-09-21 | 南京理工大学 | Dynamic public auditing method supporting mutual trust of user and cloud server |
| CN110224986B (en) * | 2019-05-07 | 2020-09-25 | 电子科技大学 | Efficient searchable access control method based on hidden policy CP-ABE |
| CN110222081B (en) * | 2019-06-08 | 2022-04-19 | 西安电子科技大学 | Data ciphertext query method based on fine-grained sequencing in multi-user environment |
| CN110427771B (en) * | 2019-06-25 | 2021-04-13 | 西安电子科技大学 | Searchable encryption method with hidden retrieval mode and cloud server |
| CN111027084A (en) * | 2019-12-09 | 2020-04-17 | 湖南大学 | Fine-grained authorized keyword security query method based on attribute-based encryption |
| CN111177787B (en) * | 2020-01-02 | 2022-12-06 | 西北工业大学 | Attribute-based connection keyword searching method in multi-data owner environment |
| CN111444140A (en) * | 2020-03-24 | 2020-07-24 | 东南大学 | CPBE-based file ciphertext fast searching method |
| CN111556048B (en) * | 2020-04-26 | 2022-04-01 | 山东师范大学 | Attribute-based secure communication method and system supporting ciphertext mode matching |
| CN111614470A (en) * | 2020-05-27 | 2020-09-01 | 贵州大学 | Verifiable multi-keyword search method based on improved Merkle-Tree authentication method |
| CN112100649B (en) * | 2020-08-06 | 2022-12-16 | 华南理工大学 | Multi-keyword searchable encryption method and system supporting Boolean access control strategy |
| CN111930688B (en) * | 2020-09-23 | 2021-01-08 | 西南石油大学 | Method and device for searching secret data of multi-keyword query in cloud server |
| CN112311781B (en) * | 2020-10-23 | 2021-11-12 | 西安电子科技大学 | Encryption method with safe forward and backward direction and recoverable keyword shielding |
| CN112380553B (en) * | 2020-11-25 | 2022-12-16 | 华南理工大学 | Multi-key searchable encryption method and system based on attribute access control structure |
| CN114244498A (en) * | 2021-12-06 | 2022-03-25 | 国网河南省电力公司电力科学研究院 | Dynamic searchable public key encryption method with forward security |
| CN115174568B (en) * | 2022-06-23 | 2023-05-16 | 南京信息工程大学 | Ciphertext retrieval method based on attributes |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103944711A (en) * | 2014-02-17 | 2014-07-23 | 国家超级计算深圳中心 | Cloud storage ciphertext retrieval method and system |
| CN104363215A (en) * | 2014-11-04 | 2015-02-18 | 河海大学 | Encryption method and system based on attributes |
| CN104780161A (en) * | 2015-03-23 | 2015-07-15 | 南京邮电大学 | Searchable encryption method supporting multiple users in cloud storage |
| CN104852801A (en) * | 2015-02-13 | 2015-08-19 | 陕西师范大学 | Searchable public key encryption method |
-
2016
- 2016-03-29 CN CN201610188151.3A patent/CN105871543B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103944711A (en) * | 2014-02-17 | 2014-07-23 | 国家超级计算深圳中心 | Cloud storage ciphertext retrieval method and system |
| CN104363215A (en) * | 2014-11-04 | 2015-02-18 | 河海大学 | Encryption method and system based on attributes |
| CN104852801A (en) * | 2015-02-13 | 2015-08-19 | 陕西师范大学 | Searchable public key encryption method |
| CN104780161A (en) * | 2015-03-23 | 2015-07-15 | 南京邮电大学 | Searchable encryption method supporting multiple users in cloud storage |
Non-Patent Citations (1)
| Title |
|---|
| Wenhai Sun∗†.Protecting Your Right: Attribute-based Keyword Search with Fine-grained Owner-enforced Search Authorization in the Cloud.《IEEE INFOCOM 2014-IEEE Conference on Computer Communications》.2014,第226-234页. |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105871543A (en) | 2016-08-17 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105871543B (en) | Multiple key cipher text retrieval method under more data owner's backgrounds based on attribute | |
| WO2022007889A1 (en) | Searchable encrypted data sharing method and system based on blockchain and homomorphic encryption | |
| CN106127075B (en) | Encryption method can search for based on secret protection under a kind of cloud storage environment | |
| CN106533650B (en) | Interactive method for secret protection and system towards cloud | |
| CN104038349B (en) | Effective and verifiable public key searching encryption method based on KP-ABE | |
| CN110224986A (en) | It is a kind of that access control method efficiently can search for based on hiding strategy CP-ABE | |
| CN107480163A (en) | The efficient ciphertext image search method of secret protection is supported under a kind of cloud environment | |
| CN105071937B (en) | Ciphertext policy ABE base encryption method with the revocation of efficient attribute | |
| Cui et al. | Harnessing encrypted data in cloud for secure and efficient mobile image sharing | |
| CN104883254B (en) | Towards the ciphertext access control system and its access control method of cloud computing platform | |
| CN106203146A (en) | A kind of big data safety management system | |
| CN110866135B (en) | Response length hiding-based k-NN image retrieval method and system | |
| Swathy et al. | Providing advanced security mechanism for scalable data sharing in cloud storage | |
| CN108171066A (en) | The cross-domain searching method of keyword and system in a kind of medical treatment cloud under secret protection | |
| CN108156138A (en) | A kind of fine granularity calculated for mist can search for encryption method | |
| CN105024812B (en) | The encryption method that can search for of the nominative testing person of identity-based in cloud storage | |
| CN107995299A (en) | The blind storage method of anti-access module leakage under a kind of cloud environment | |
| CN106559422A (en) | Multidimensional ciphertext interval query method based on key agreement | |
| CN104967693A (en) | Document similarity calculation method facing cloud storage based on fully homomorphic password technology | |
| CN108092766A (en) | A kind of cipher text searching method for verifying authority and its system | |
| CN113411323B (en) | Medical record data access control system and method based on attribute encryption | |
| CN109981643A (en) | A kind of inquiry authorization of fine granularity can search for encryption method and system | |
| CN108021677A (en) | The control method of cloud computing distributed search engine | |
| WO2018070932A1 (en) | System and method for querying an encrypted database for documents satisfying an expressive keyword access structure | |
| Yuan et al. | Towards privacy-preserving and practical image-centric social discovery |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |