CN106534092B - The privacy data encryption method of key is depended on based on message - Google Patents

The privacy data encryption method of key is depended on based on message Download PDF

Info

Publication number
CN106534092B
CN106534092B CN201610948549.2A CN201610948549A CN106534092B CN 106534092 B CN106534092 B CN 106534092B CN 201610948549 A CN201610948549 A CN 201610948549A CN 106534092 B CN106534092 B CN 106534092B
Authority
CN
China
Prior art keywords
user
key
pseudo
cloud server
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610948549.2A
Other languages
Chinese (zh)
Other versions
CN106534092A (en
Inventor
高军涛
王笠燕
李雪莲
王丹妮
王誉晓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian Univ
Original Assignee
Xidian Univ
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian Univ filed Critical Xidian Univ
Priority to CN201610948549.2A priority Critical patent/CN106534092B/en
Publication of CN106534092A publication Critical patent/CN106534092A/en
Application granted granted Critical
Publication of CN106534092B publication Critical patent/CN106534092B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for supporting authentication of entities communicating through a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network-specific arrangements or communication protocols supporting networked applications
    • H04L67/06Network-specific arrangements or communication protocols supporting networked applications adapted for file transfer, e.g. file transfer protocol [FTP]

Abstract

The invention discloses a kind of privacy data encryption method for depending on key based on message, mainly solve the problems, such as not consider in the prior art in plain text and the correlation of key and with email distribution group public key bring related-key attacked and Key Exposure.Implementation step are as follows: 1. authorization centers initialize system parameter;2. user carries out authentication to authorization center;3. authorization center is to distribute key by the user of authentication;4. user obtains ciphertext according to the key handling clear text file of acquisition;5. ciphertext is uploaded to Cloud Server by user;6. user is in use, acquisition ciphertext is decrypted after requesting downloading ciphertext, request to pass through to Cloud Server again.The present invention is used to be realized based on message dependent on the encryption method of key under single user mode and be encrypted to the safety of block chain wallet file, be can be avoided key leakage, is mitigated related-key attacked, improves the safety of wallet file.

Description

The privacy data encryption method of key is depended on based on message
Technical field
The invention belongs to technical field of data processing, in particular to a kind of privacy data encryption method can be used for block To the encryption of wallet file, backup and the process for being uploaded to Cloud Server in chain.
Background technique
Block chain is the Distributed sharing account book or database of a decentralization on network, passes through highly redundant Mode constructs high safety.Someone is referred to as " machine of trust ", namely in the case where no central authority, right Mutual cooperation, which is created, trusts.Block chain technology is suitable for all and lacks the field trusted, thus its application range can be increasingly Extensively.In following block chain, with the increase of customer transaction amount, a large amount of public private key pair needs user to generate and store.And These keys are usually to be formed and stored in a file or simple database by user, can be referred to as wallet.Wallet It is the simple set of multiple addresses and decruption key.Possessing private key is using the unique conditional of bit coin, therefore private key must be protected It is close and must be backed up, backup is uploaded to Cloud Server, to prevent unexpected loss.Therefore, to the encryption safe problem of wallet Just seem increasingly important.After user succeeds in registration to authorization center, authorization center distributes symmetric key when encrypting to user. Since key management loophole or safe sex consciousness be not strong, user is possible to directly make the symmetric key for being used to encrypt wallet Make a living into the initial private key for public private key pair used of trading.If encrypting wallet at this time, plaintext and key in wallet have dependence effect, Traditional security definitions are not enough to safeguard the safety of the program.Then, after ciphertext backup is uploaded to Cloud Server, if with The problems such as family is lost because of local file, when needing to be downloaded certain file from Cloud Server, in order not to leak individual privacy Information and cleartext information, user may need to download all ciphertexts from Cloud Server, could obtain after locally decryption The file wanted to oneself.In this case user needs to carry out a large amount of decryption oprerations, reduces user job efficiency, and damage Consume a large amount of computing resources and storage resource.
Wuhan University Of Technology is in a kind of patent " shared side of cloud storage data safety for having permission time control of its application One is disclosed in method " (publication number: 105072180A, application number: 201510475566.4, applying date: on 08 06th, 2015) Kind has permission the cloud storage data safety sharing method of time control.In the method, after data owner creates group, automatically A pair of secret keys is generated with public key encryption algorithm, when data owner's shared file, using Symmetric Cryptography to file encryption, then With the private key to sharing group to symmetric key encryption, and cloud is sent by file cipher text and key ciphertext, the group Public key issues all users to sharing group with E-mail address, if user has access authority, can obtain public key, Xie Miwen Part.Shortcoming existing for this method is: the patent does not account for when with the private key encryption symmetric key of sharing group first The safety problem of " in plain text may be related to key ", may generate related-key attacked;Secondly, data owner in the patent When group's public key is issued group user with Email, the safety problem of Email is not accounted for, once Email quilt Malice intercepts, and will leak key.
Summary of the invention
It is an object of the invention to be directed to above-mentioned existing deficiency, a kind of privacy number that key is depended on based on message is proposed The safety of wallet file is improved according to encryption method to avoid key leakage.
The technical scheme is that completing the authentication procedures to user by authorization center first, then user is obtained The key for obtaining symmetric cryptography generates ciphertext to encryption is carried out in plain text dependent on key KDM symmetric encryption scheme using message, to support Anti- related-key attacked generates index to plaintext using can search for encryption at the same time, can search for ciphertext, Realize that step includes the following:
(1) it initializes:
(1a) authorization center determines the first security parameter λ, the second security parameter k, third security parameter γ, keyword number Parameter τ and Bernoulli Jacob distribution parameter θ=2, the message-length l, dimension N, block length m of plaintext matrix are defined, respectively L=l (λ), N=N (λ), m=m (λ);
The generator matrix that (1b) authorization center defines error correcting code is G=Gm×l, setting solution error correcting code number be d=(θ+ σ) m conciliates error correcting code number d according to generator matrix G and chooses one group of binary linear error correcting code D, wherein Gm×lIt indicates to generate Matrix is m × l rank, and σ is the fixed value chosen on (0,1) section;
(1c) is for any Bit String K ∈ { 0,1 }γ, authorization center defines PKIt (x) is { 0,1 }τPseudorandom on section is set Family of functions is changed, F is definedK(x) be domain be { 0,1 }τ, codomain be { 0,1 }γThe first pseudo-random function race, define GK(x) it is The second pseudo-random function race that domain is [1, n], codomain is { 0,1 };
(1d) authorization center discloses error correcting code D, generator matrix G, pseudo-random permutation family of functions PK(x), the first pseudorandom letter Number race FK(x), the second pseudo-random function race GK(x) and common parameter { l, m, N, θ };
(2) identity registration:
Personally identifiable information is submitted to authorization center by (2a) user;
Whether the identity information that (2b) authorization center audits user submission is true, no if really, thening follow the steps (3) Then, refusal registration;
(3) key is distributed:
(3a) authorization center defines finite fieldChoose matrixAs user encryption plaintext Symmetric key, whereinIt is integer item, 2 be prime number;
Key k needed for message authentication code HMAC operation is generated for user in (3b) authorization centermac
(3c) authorization center by safe lane by message S | | kmac| | γ | | τ } it is sent to user;
Wherein, S is the symmetric key of user encryption plaintext, and γ is third security parameter, and τ is the parameter of keyword number, | | indicate cascade symbol;
(3d) user is by symmetric key S, message authentication code HMAC key kmac, third security parameter γ and keyword number Parameter τ secret save;
(4) clear text file is handled:
(4a) user encryption clear text file εjWhen, piecemeal is carried out to its plaintext matrix, defining each plaintext matrix block isWherein, 1≤j≤n, n are clear text file sum;
(4b) user encrypts each plaintext matrix block M according to symmetric key S, obtains corresponding ciphertext matrix block W:
W=(A, C),
Wherein, A be fromIn the coefficient matrix that randomly selects, C=AS+E+GM, S are symmetric keys, and G is to entangle The generator matrix of error code D, E are from Berθ m×NIn the noise matrix that randomly selects, BerθIndicate that the Bernoulli Jacob on { 0,1 } is distributed, 1 Probability be θ, 0 probability is 1- θ;
(4c) is by clear text file εjAll ciphertext matrix block W cascade up, and obtain clear text file εjCorresponding ciphertext File ψj
(4d) user is according to message authentication code HMAC key kmacWith cryptograph files ψjCalculate cryptograph files ψjMessage authentication Label Tj:
Tj=HMAC (kmacj),
Wherein, HMAC () indicates message authentication tag generating algorithm;
(4e) user uniformly chooses the first secret value s ∈ { 0,1 } at randomγ, the second secret value r ∈ { 0,1 }γ, generate one Recordable 2τA keyword (i, wi) index dictionary, index dictionary and two secret value s, r secrets are saved;
Wherein, i is label, i ∈ [1,2τ], wiFor keyword, wi∈{0,1}*, * expression random length;
(4f) user generates clear text file εjIndex bit string Ij
(5) data upload:
(5a) user is by safe channel, by authentication code key kmacIt is sent to Cloud Server, and by message { Ij| |ψj||TjIt is uploaded to Cloud Server, wherein 1≤j≤n, n are clear text file sum, | | indicate cascade symbol;
(5b) Cloud Server carries out integrity verification, verification result v to each cryptograph files according to the following formulajIt indicates:
vj=Verify (kmacj,Tj),
Wherein, 1≤j≤n, n are clear text file sum, and Verify () indicates the verification algorithm of message authentication code HMAC;
If vj=1, show ψjIt is not tampered in upload procedure, then Cloud Server receives the message, and by index character string IjIt is saved in index character set of strings I, while returning to " ψ to userjUpload successfully " notice;
If vj=0, show ψjIt is tampered in upload procedure, then Cloud Server rejects the message, and returns to user “ψjThe notice of upload mistake ";
(5c) user determines whether to upload successfully according to the content of announcement received:
If user receives " ψjUpload successfully " notice, show ψjIt has been successfully uploaded to Cloud Server;
If user receives " ψjUpload mistake " notice, then return step (5a);
(6) it downloads ciphertext and decrypts:
(6a) user generates the keyword w that need to be downloaded in fileμTrapdoorAnd it is uploaded to Cloud Server;
(6b) Cloud Server is according to trapdoorMatching retrieval is carried out to stored file index bit set of strings I, if Successful match, Cloud Server return to corresponding ciphertext ψ to user, continue step (6c);If it fails to match, Cloud Server is to use Family returns to the notice of " retrieval failure ";
(6c) user decrypts ciphertext ψ and obtains corresponding clear text file ε.
Compared with prior art, the present invention having the advantage that
First, the present invention depends on key KDM symmetrical due to consideration that the situation related to key in plain text using message Encipherment scheme, when there is key management loophole, can resist related-key attacked to encrypting in plain text, improve wallet text The safety of part.
Second, the present invention using single user due to encrypting file, upload and being downloaded, so avoiding and other use Existing Key Exposure problem when the shared key of family.
Detailed description of the invention
Fig. 1 is implementation flow chart of the invention;
Fig. 2 is the schematic diagram that clear text file is handled in the present invention;
Fig. 3 is the schematic diagram for downloading and decrypting ciphertext in the present invention.
Specific embodiment
The present invention will be further described with reference to the accompanying drawing.
Referring to Fig.1, the specific steps of the present invention are as follows.
Step 1, it initializes.
Authorization center determine the first security parameter λ, the second security parameter k, third security parameter γ, keyword number ginseng Measure parameter θ=2 of τ and Bernoulli Jacob's distribution;Define message-length l, dimension N, the block length m, respectively l=l of plaintext matrix (λ), N=N (λ), m=m (λ);The generator matrix that authorization center defines error correcting code is G=Gm×l, setting solution error correcting code number be D=(θ+σ) m conciliates error correcting code number d according to generator matrix G and chooses one group of binary linear error correcting code D, wherein Gm×lTable Show that generator matrix is m × l rank, σ is the fixed value chosen on (0,1) section;
For any Bit String K ∈ { 0,1 }γ, authorization center defines PKIt (x) is { 0,1 }τPseudo-random permutation letter on section Number race, defines FK(x) be domain be { 0,1 }τ, codomain be { 0,1 }γThe first pseudo-random function race, define GKIt (x) is definition The second pseudo-random function race that domain is [1, n], codomain is { 0,1 };
Authorization center discloses error correcting code D, generator matrix G, pseudo-random permutation family of functions PK(x), the first pseudo-random function race FK (x), the second pseudo-random function race GK(x) and common parameter { l, m, N, θ }.
Step 2, identity registration.
Personally identifiable information is submitted to authorization center by user, authorization center audit user submission identity information whether Really, if really, thening follow the steps (3), otherwise, refusal registration.
Step 3, key is distributed.
(3a) authorization center defines finite fieldChoose matrixAs user encryption plaintext Symmetric key, whereinIt is integer item, 2 be prime number;
(3b) authorization center utilizes the key schedule HMAC-KeyGen (1 of message authentication codek) message is generated for user Key k needed for authentication code HMAC operationmac:
kmac=HMAC-KeyGen (1k),
Wherein, k is the second security parameter that authorization center is chosen;
(3c) authorization center by safe lane by message S | | kmac| | γ | | τ } it is sent to user;
(3d) user is by the key k of symmetric key S, message authentication code HMACmac, third security parameter γ and keyword Several parameter τ secrets saves.
Step 4, clear text file is handled.
Setting user needs the clear text file sum encrypted as n, each clear text file εjIt indicates, 1≤j≤n,
Referring to Fig. 2, user handles clear text file εjThe step of it is as follows:
(4a) user is to clear text file εjIn plaintext matrix carry out piecemeal, defining each plaintext matrix block isEach plaintext matrix block M is encrypted according to symmetric key S, obtains corresponding ciphertext matrix block W=(A, C), it will in plain text File εjAll ciphertext matrix block W cascade up, and obtain clear text file εjCorresponding cryptograph files ψj
Wherein, A be fromIn the coefficient matrix that randomly selects, C=AS+E+GM, S are symmetric keys, and G is to entangle The generator matrix of error code D, E are from Berθ m×NIn the noise matrix that randomly selects, BerθIndicate that the Bernoulli Jacob on { 0,1 } is distributed, 1 Probability be θ, 0 probability is 1- θ;
(4b) user is according to message authentication code HMAC key kmacWith cryptograph files ψj, cryptograph files ψ is calculated using following formulaj's Message authentication tag Tj:
Tj=HMAC (kmacj);
(4c) user is clear text file ε as followsjGenerate index bit string Ij:
(4c1) user uniformly chooses the first secret value s ∈ { 0,1 } at randomγ, the second secret value r ∈ { 0,1 }γ, generate one Recordable 2τA keyword (i, wi) index dictionary, wherein i is label, i ∈ [1,2τ], wiFor keyword, wi∈{0,1}*, * It indicates random length, index dictionary and two secret value s, r secrets is saved;
(4c2) user chooses pseudo-random permutation family of functions P according to the first secret value sK(x) the pseudo-random permutation function P ins (x), the first pseudo-random function race F is chosen according to the second secret value rK(x) the function F inr(x);
(4c3) user calculates subscript value ri=Fr(i), i ∈ [1,2τ], according to riValue choose the second pseudo-random function race GK (x) the function G inri(x);
(4c4) user is according to εjIn whether include keyword wi, it is clear text file εjGenerate one 2τLong bits of original string Ij':
If clear text file εjInclude keyword wi, then bits of original string I is setj' Ps(i) position is 1, i.e. Ij′[Ps(i)]= 1;
If clear text file εjNot comprising keyword wi, then bits of original string I is setj' Ps(i) position is 0, i.e. Ij′[Ps(i)] =0;
The all values for traversing i, obtain bits of original string Ij′;
(4c5) user is by bits of original string IjThe value and function value G of ' i-th bitri(j) xor operation is carried out, i.e.,Obtain index bit string IjI-th bit value, traverse all values of i, obtain index bit string Ij
Step 5, data upload.
(5a) user is by safe channel, by authentication code key kmacIt is sent to Cloud Server, and by message { Ij| |ψj||TjIt is uploaded to Cloud Server, wherein 1≤j≤n, n are clear text file sum, | | indicate cascade symbol;
(5b) Cloud Server utilizes the verification algorithm Verify () of message authentication code HMAC, has carried out to each cryptograph files Integrity verification, verification result vjIt indicates, i.e. vj=Verify (kmacj,Tj), wherein 1≤j≤n, n are that clear text file is total Number;
If vj=1, show ψjIt is not tampered in upload procedure, then Cloud Server receives the message, and by index character string IjIt is saved in index character set of strings I, while returning to " ψ to userjUpload successfully " notice;
If vj=0, show ψjIt is tampered in upload procedure, then Cloud Server rejects the message, and returns to user “ψjThe notice of upload mistake ";
(5c) user determines whether to upload successfully according to the content of announcement received:
If user receives " ψjUpload successfully " notice, show ψjIt has been successfully uploaded to Cloud Server;
If user receives " ψjUpload mistake " notice, then return step (5a).
Step 6, it downloads ciphertext and decrypts.
Referring to Fig. 3, this step is implemented as follows:
(6a) user generates the keyword w that need to be downloaded in fileμTrapdoorAnd it is uploaded to Cloud Server:
(6a1) user finds and keyword w from index dictionaryμCorresponding label μ;
(6a2) user chooses pseudo-random permutation family of functions P according to the first secret value sK(x) the pseudo-random permutation function P ins (x), the first pseudo-random function race F is chosen according to the second secret value rK(x) the function F inr(x);
(6a3) user calculates displacement label p=P according to label μs(μ);
(6a4) user calculates index functions value f=F according to displacement label pr(p);
(6a5) constitutes trapdoor with label p and index functions value f is replaced
(6b) Cloud Server is according to trapdoorMatching retrieval is carried out to stored file index bit set of strings I:
(6b1) Cloud Server is by index bit string IjThe corresponding place value and function value G of middle displacement label pf(j) exclusive or is carried out Operation, i.e.,Obtain bits of original string IjThe corresponding place value of ' middle displacement label p, wherein p is trapdoorIn displacement label, f is trapdoorIn index functions value, GfIt (x) is according to the value of f from the second pseudo-random function race GK (x) pseudo-random function chosen in, Ij' [p] indicates bits of original string IjThe corresponding place value of ' middle displacement label p, Ij[p] indicates rope Draw Bit String IjThe corresponding place value of middle displacement label p,Indicate xor operation;
(6b2) Cloud Server traverses all values of j, if it exists [1, n] j ∈, so that bits of original string Ij' middle displacement label The corresponding place value of p is 1, i.e. Ij' [p]=1, then successful match, Cloud Server return to corresponding ciphertext ψ to user, continue step (6c);If it does not exist, then it fails to match, and Cloud Server returns to the notice of " retrieval fails " to user;
(6c) user decrypts ciphertext ψ and obtains corresponding clear text file ε:
(6c1) user is according to each of symmetric key S and cryptograph files ψ ciphertext matrix block W=(A, C), in calculating Between matrix Q:
Q=C-AS;
(6c2) user calls error correcting code D to be decoded each column of intermediary matrix Q, obtains corresponding plaintext matrix block M;
(6c3) user cascades up all plaintext matrix block M, obtains corresponding clear text file ε.
Above description is only example of the present invention, does not constitute any limitation of the invention, it is clear that for this It, all may be without departing substantially from the principle of the invention, structure after having understood the content of present invention and principle for the professional in field In the case of, various modifications and variations in form and details are carried out, but these modifications and variations based on inventive concept are still Within the scope of the claims of the present invention.

Claims (6)

1. depending on the privacy data encryption method of key based on message, which comprises the steps of:
(1) it initializes:
(1a) authorization center determine the first security parameter λ, the second security parameter k, third security parameter γ, keyword number ginseng Measure parameter θ=2 of τ and Bernoulli Jacob's distribution, define the message-length l, dimension N, block length m, respectively l=l of plaintext matrix (λ), N=N (λ), m=m (λ);
The generator matrix that (1b) authorization center defines error correcting code is G=Gm×l, the number of setting solution error correcting code is d=(θ+σ) m, Error correcting code number d is conciliate according to generator matrix G and chooses one group of binary linear error correcting code D, wherein Gm×lExpression generator matrix is m × l rank, σ are the fixed values chosen on (0,1) section;
(1c) is for any Bit String K ∈ { 0,1 }γ, authorization center defines PKIt (x) is { 0,1 }τPseudo-random permutation letter on section Number race, defines FK(x) be domain be { 0,1 }τ, codomain be { 0,1 }γThe first pseudo-random function race, define GKIt (x) is definition The second pseudo-random function race that domain is [1, n], codomain is { 0,1 };
(1d) authorization center discloses binary linear error correcting code D, the generator matrix G of error correcting code, pseudo-random permutation family of functions PK(x)、 First pseudo-random function race FK(x), the second pseudo-random function race GK(x) and common parameter { l, m, N, θ };
(2) identity registration:
Personally identifiable information is submitted to authorization center by (2a) user;
Whether the identity information that (2b) authorization center audits user submission is true, if really, thening follow the steps (3), otherwise, refuses Registration absolutely;
(3) key is distributed:
(3a) authorization center defines finite fieldChoose matrixAs the symmetrical of user encryption plaintext Key, whereinIt is integer item, 2 be prime number;
Key k needed for message authentication code HMAC operation is generated for user in (3b) authorization centermac
(3c) authorization center passes through safe lane for message { SPkmacP γ P τ } it is sent to user;
Wherein, S is the symmetric key of user encryption plaintext, and γ is third security parameter, and τ is the parameter of keyword number, and P is indicated Cascade symbol;
(3d) user is by symmetric key S, message authentication code HMAC key kmac, third security parameter γ and keyword number ginseng τ secret is measured to save;
(4) clear text file is handled:
(4a) user encryption clear text file εjWhen, piecemeal is carried out to its plaintext matrix, defining each plaintext matrix block isWherein, 1≤j≤n, n are clear text file sum;
(4b) user encrypts each plaintext matrix block M according to symmetric key S, obtains corresponding ciphertext matrix block W:
W=(A, C),
Wherein, A be fromIn the coefficient matrix that randomly selects, C=AS+E+GM, S are symmetric keys, and G is error correcting code D Generator matrix, E is from Berθ m×NIn the noise matrix that randomly selects, BerθIndicate { 0,1 } on Bernoulli Jacob distribution, 1 it is general Rate is θ, and 0 probability is 1- θ;
(4c) is by clear text file εjAll ciphertext matrix block W cascade up, and obtain clear text file εjCorresponding cryptograph files ψj
(4d) user is according to message authentication code HMAC key kmacWith cryptograph files ψjCalculate cryptograph files ψjMessage authentication tag Tj:
Tj=HMAC (kmacj),
Wherein, HMAC () indicates message authentication tag generating algorithm;
(4e) user uniformly chooses the first secret value s ∈ { 0,1 } at randomγ, the second secret value r ∈ { 0,1 }γ, generating one can remember Record 2τA keyword (i, wi) index dictionary, index dictionary and two secret value s, r secrets are saved;
Wherein, i is label, i ∈ [1,2τ], wiFor keyword, wi∈{0,1}*, * expression random length;
(4f) user generates clear text file εjIndex bit string Ij
(5) data upload:
(5a) user is by safe channel, by authentication code key kmacIt is sent to Cloud Server, and by message { Ijj PTjIt is uploaded to Cloud Server, wherein 1≤j≤n, n are clear text file sum, and P indicates cascade symbol;
(5b) Cloud Server carries out integrity verification, verification result v to each cryptograph files according to the following formulajIt indicates:
vj=Verify (kmacj,Tj),
Wherein, 1≤j≤n, n are clear text file sum, and Verify () indicates the verification algorithm of message authentication code HMAC;
If vj=1, show ψjIt is not tampered in upload procedure, then Cloud Server receives the message, and by index character string IjIt protects It is stored in index character set of strings I, while returning to " ψ to userjUpload successfully " notice;
If vj=0, show ψjIt is tampered in upload procedure, then Cloud Server rejects the message, and returns to " ψ to userj The notice of upload mistake ";
(5c) user determines whether to upload successfully according to the content of announcement received:
If user receives " ψjUpload successfully " notice, show ψjIt has been successfully uploaded to Cloud Server;
If user receives " ψjUpload mistake " notice, then return step (5a);
(6) it downloads ciphertext and decrypts:
(6a) user generates the keyword w that need to be downloaded in fileμTrapdoorAnd it is uploaded to Cloud Server;
(6b) Cloud Server is according to trapdoorMatching retrieval is carried out to stored file index bit set of strings I, if matching at Function, Cloud Server return to corresponding ciphertext ψ to user, continue step (6c);If it fails to match, Cloud Server is returned to user The notice of " retrieval failure ";
(6c) user decrypts ciphertext ψ and obtains corresponding clear text file ε.
2. the method according to claim 1, wherein message authentication is generated for user in authorization center in step (3b) Key k needed for code HMAC operationmac, it calculates according to the following formula:
kmac=HMAC-KeyGen (1k),
Wherein, k is the second security parameter that authorization center is chosen, HMAC-KeyGen (1k) indicate that the key of message authentication code generates Algorithm, kmacIt is the authentication code key generated.
3. the method according to claim 1, wherein user generates clear text file ε in step (4f)jIndex word Symbol string Ij, it carries out as follows:
(4f1) user chooses pseudo-random permutation family of functions P according to the first secret value sK(x) the pseudo-random permutation function P ins(x), The first pseudo-random function race F is chosen according to the second secret value rK(x) the function F inr(x);
(4f2) calculates subscript value ri=Fr(i), i ∈ [1,2τ], according to riValue choose the second pseudo-random function race GK(x) in Function
(4f3) user is according to εjIn whether include keyword wi, it is clear text file εjGenerate one 2τLong bits of original string I 'j:
If clear text file εjInclude keyword wi, then bits of original string I ' is setjPs(i) position is 1, i.e. I 'j[Ps(i)]=1;
If clear text file εjNot comprising keyword wi, then bits of original string I ' is setjPs(i) position is 0, i.e. I 'j[Ps(i)]=0;
The all values for traversing i, obtain bits of original string I 'j
(4f4) user is by bits of original string I 'jThe value and function value of i-th bitXor operation is carried out, i.e.,Obtain index bit string IjI-th bit value, i ∈ [1,2τ],Indicate xor operation;
The all values for traversing i, obtain index bit string Ij
4. the method according to claim 1, wherein user generates the key that need to be downloaded in file in step (6a) Word wμTrapdoorIt carries out as follows:
(6a1) user finds and keyword w from index dictionaryμCorresponding label μ;
(6a2) user chooses pseudo-random permutation family of functions P according to the first secret value sK(x) the pseudo-random permutation function P ins(x), The first pseudo-random function race F is chosen according to the second secret value rK(x) the function F inr(x);
(6a3) user calculates displacement label p=P according to label μs(μ);
(6a4) user calculates index functions value f=F according to displacement label pr(p);
(6a5) constitutes trapdoor with label p and index functions value f is replaced
5. the method according to claim 1, wherein Cloud Server is according to trapdoor in step (6b)To having deposited The file index bit set of strings I of storage carries out matching retrieval, carries out as follows:
(6b1) Cloud Server is by index bit string IjThe corresponding place value and function value G of middle displacement label pf(j) xor operation is carried out, I.e.Obtain bits of original string I 'jThe corresponding place value of middle displacement label p, wherein p is trapdoorIn Displacement label, f is trapdoorIn index functions value, GfIt (x) is according to the value of f from the second pseudo-random function race GK(x) in The pseudo-random function of selection, I 'j[p] indicates bits of original string I 'jThe corresponding place value of middle displacement label p, Ij[p] indicates index ratio Spy's string IjThe corresponding place value of middle displacement label p,Indicate xor operation;
(6b2) Cloud Server traverses all values of j, if it exists [1, n] j ∈, so that bits of original string I 'jMiddle displacement label p is corresponding Place value be 1, i.e. I 'j[p]=1, then successful match;If it does not exist, then it fails to match.
6. the method according to claim 1, wherein user described in step (6c) decrypts ciphertext ψ acquisition pair The clear text file ε answered is carried out as follows:
(6c1) user calculates intermediate square according to each of symmetric key S and cryptograph files ψ ciphertext matrix block W=(A, C) Battle array Q:
Q=C-AS;
(6c2) user calls binary linear error correcting code D to be decoded each column of intermediary matrix Q, obtains corresponding plaintext Matrix-block M;
(6c3) user cascades up all plaintext matrix block M, obtains corresponding clear text file ε.
CN201610948549.2A 2016-11-02 2016-11-02 The privacy data encryption method of key is depended on based on message Active CN106534092B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610948549.2A CN106534092B (en) 2016-11-02 2016-11-02 The privacy data encryption method of key is depended on based on message

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610948549.2A CN106534092B (en) 2016-11-02 2016-11-02 The privacy data encryption method of key is depended on based on message

Publications (2)

Publication Number Publication Date
CN106534092A CN106534092A (en) 2017-03-22
CN106534092B true CN106534092B (en) 2019-07-02

Family

ID=58292868

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610948549.2A Active CN106534092B (en) 2016-11-02 2016-11-02 The privacy data encryption method of key is depended on based on message

Country Status (1)

Country Link
CN (1) CN106534092B (en)

Families Citing this family (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI622949B (en) * 2017-05-26 2018-05-01 富邦金融控股股份有限公司 Know your customer (kyc) data marking dispute relief system with multiple secret key and method thereof
CN109104392A (en) * 2017-06-21 2018-12-28 杨树桃 A kind of safe Wallet System of block chain
CN107395349A (en) * 2017-08-16 2017-11-24 深圳国微技术有限公司 A kind of block chain network cryptographic key distribution method based on self-certified public key system
CN107634989A (en) * 2017-08-25 2018-01-26 中积有限公司 A kind of cloud wallet construction method and server
CN108011885B (en) * 2017-12-07 2020-12-15 北京科技大学 E-mail encryption method and system based on group cryptosystem
CN108322451B (en) * 2018-01-12 2020-09-22 深圳壹账通智能科技有限公司 Data processing method, data processing device, computer equipment and storage medium
CN108846297B (en) * 2018-07-16 2019-11-01 广州追溯信息科技有限公司 A method of distributing and retrieve data in the block chain network with peer node
CN109104270A (en) * 2018-09-21 2018-12-28 华南理工大学 A kind of insincere cloud center resources sharing method based on Hill operation and chaos
CN109361663A (en) * 2018-10-10 2019-02-19 中航信托股份有限公司 A kind of correlation technique, system and relevant apparatus accessing encryption data
CN109586894A (en) * 2018-11-16 2019-04-05 重庆邮电大学 The encryption method of data in OPC UA edge calculations is realized based on pseudo-random permutation
CN109951453A (en) * 2019-02-26 2019-06-28 符安文 A kind of safe encryption method based on block chain
CN110012007B (en) * 2019-04-02 2021-02-26 国网新疆电力有限公司营销服务中心(资金集约中心、计量中心) Annular shuttle vehicle scheduling method and system based on position data encryption
WO2020233624A1 (en) * 2019-05-20 2020-11-26 创新先进技术有限公司 Receipt storage method and node employing transaction type in combination with event function type
CN110232080A (en) * 2019-05-23 2019-09-13 智慧谷(厦门)物联科技有限公司 A kind of method for quickly retrieving based on block chain
CN110610105B (en) * 2019-09-25 2020-07-24 郑州轻工业学院 Secret sharing-based authentication method for three-dimensional model file in cloud environment

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104320262A (en) * 2014-11-05 2015-01-28 中国科学院合肥物质科学研究院 User public key address binding, searching and verifying method and system based on crypto currency open account book technology
CN104618366A (en) * 2015-01-27 2015-05-13 西安电子科技大学 System and method for security management of Internet archives based on attributes
CN104836790A (en) * 2015-03-30 2015-08-12 西安电子科技大学 Linked storage fine-grained access control model based on attribute encryption and timestamp

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104320262A (en) * 2014-11-05 2015-01-28 中国科学院合肥物质科学研究院 User public key address binding, searching and verifying method and system based on crypto currency open account book technology
CN104618366A (en) * 2015-01-27 2015-05-13 西安电子科技大学 System and method for security management of Internet archives based on attributes
CN104836790A (en) * 2015-03-30 2015-08-12 西安电子科技大学 Linked storage fine-grained access control model based on attribute encryption and timestamp

Also Published As

Publication number Publication date
CN106534092A (en) 2017-03-22

Similar Documents

Publication Publication Date Title
JP2019507510A (en) Common secret determination for secure exchange of information and hierarchical and deterministic encryption keys
AU2017204853B2 (en) Data security service
JP2018077893A (en) Policy enforcement with associated data
RU2718689C2 (en) Confidential communication control
US8644516B1 (en) Universal secure messaging for cryptographic modules
Kumar et al. Secure storage and access of data in cloud computing
US8908866B2 (en) Method and apparatus to provide authentication and privacy with low complexity devices
US9419797B2 (en) System, processing device, computer program and method, to transparently encrypt and store data objects such that owners of the data object and permitted viewers are able to view decrypted data objects after entering user selected passwords
JP4463979B2 (en) Apparatus and method for storing, verifying and using cryptographically camouflaged cryptographic keys
US6385728B1 (en) System, method, and program for providing will-call certificates for guaranteeing authorization for a printer to retrieve a file directly from a file server upon request from a client in a network computer system environment
US7822200B2 (en) Method and system for asymmetric key security
US7392535B2 (en) Access privilege transferring method
US5491752A (en) System for increasing the difficulty of password guessing attacks in a distributed authentication scheme employing authentication tokens
US7711120B2 (en) Cryptographic key management
US8208627B2 (en) Format-preserving cryptographic systems
US8625802B2 (en) Methods, devices, and media for secure key management in a non-secured, distributed, virtualized environment with applications to cloud-computing security and management
US10142107B2 (en) Token binding using trust module protected keys
KR100734162B1 (en) Method and apparatus for secure distribution of public/private key pairs
US7707427B1 (en) Multi-level file digests
US6160891A (en) Methods and apparatus for recovering keys
CN101939946B (en) Systems and methods for securing data using multi-factor or keyed dispersal
US7475250B2 (en) Assignment of user certificates/private keys in token enabled public key infrastructure system
US8958562B2 (en) Format-preserving cryptographic systems
US20170142082A1 (en) System and method for secure deposit and recovery of secret data
US6834112B1 (en) Secure distribution of private keys to multiple clients

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant