CN107294701A - The multidimensional ciphertext interval query device and querying method managed with efficient key - Google Patents

The multidimensional ciphertext interval query device and querying method managed with efficient key Download PDF

Info

Publication number
CN107294701A
CN107294701A CN201710543080.9A CN201710543080A CN107294701A CN 107294701 A CN107294701 A CN 107294701A CN 201710543080 A CN201710543080 A CN 201710543080A CN 107294701 A CN107294701 A CN 107294701A
Authority
CN
China
Prior art keywords
ciphertext
data
key
module
searching
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710543080.9A
Other languages
Chinese (zh)
Other versions
CN107294701B (en
Inventor
杨睿康
马建峰
伍祁应
苗银宾
王祥宇
张凯
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201710543080.9A priority Critical patent/CN107294701B/en
Publication of CN107294701A publication Critical patent/CN107294701A/en
Application granted granted Critical
Publication of CN107294701B publication Critical patent/CN107294701B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3242Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving keyed hash functions, e.g. message authentication codes [MACs], CBC-MAC or HMAC

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The multidimensional ciphertext interval query device and querying method managed with efficient key, belong to field of information security technology, described device includes data encryption module, key management module and searching ciphertext module, generation trapdoor and ciphertext scope is encrypted using global private key according to searching request in data encryption module, searching ciphertext module match obtaining relevance degree according to trapdoor and ciphertext index, judge the relevance degree of data whether in the range of cryptogram search again, ciphertext index is set up by data encryption module according to global private key, when the relevance degree of data is in the range of cryptogram search, corresponding ciphertext is sent to data user by searching ciphertext module, by corresponding ciphertext and data user identity to key management module, key management module calculates decruption key according to the identity of the data and data user retrieved, and decruption key is sent to data user, realize the multi-dimensional interval query to ciphertext, there is provided a kind of cryptogram search device that there is abundant inquiry to experience.

Description

The multidimensional ciphertext interval query device and querying method managed with efficient key
Technical field
The invention belongs to field of information security technology, it is related to multidimensional ciphertext interval query technology and key management technology, has Body is the multidimensional ciphertext interval query device and querying method managed with efficient key.
Background technology
With the development of information age, explosive growth is presented in data, and how to store and manage mass data becomes Problem of concern.Cloud computing is due to its easily storage access patterns, the advantages of flexible charge method so that increasingly The storage and calculating of local data are contracted out to third party cloud server by many enterprises and individuals, to reduce the storage of local data And maintenance load.However, the clear data being stored on Cloud Server may suffer to malicious attack causing sensitive information Leakage, therefore cloud computing has huge potential safety hazard.Although encryption can ensure the security of data before data outsourcing, It is also to bring two problems.On the one hand, traditional encryption method can cause the ciphertext being stored on Cloud Server to retrieve, Data user to obtain document interested, ciphertext is all downloaded to the local method decrypted again can waste substantial amounts of calculating with Bandwidth resources;On the other hand, it is the security of guarantee data, different data users use different to different types of data Key is encrypted, and thus brings the magnanimity key management problem of complexity, such as:How number is quickly positioned in magnanimity key According to the decruption key needed for user, how efficiently key revocation etc. is carried out to the data user that loses data access authority.
At present, traditional encryption technology that can search for key management allows data user to carry out key search, quick fixed Document interested is arrived in position;Data user and key are stored using Hash table, so that it is close to allow data user quickly to position Key.But existing technology can not provide the abundant inquiry experience of traditional plaintext search engine, such as multi-dimensional interval query etc..With This simultaneously, management of the Hash table structure to magnanimity key can bring larger storage and computation complexity, further, for reality Some data users need the situations that dynamic is left in the application of border, how the data user that loses access rights are efficiently carried out Key revocation also turns into problem new in key management.
The content of the invention
For problems of the prior art, the present invention provides a kind of multidimensional ciphertext interval managed with efficient key Inquiry unit and querying method, under cloud storage background, the device can support multidimensional ciphertext interval query, needed for quick positioning Decruption key and efficient key revocation is realized to the data user for losing access rights.
The present invention is to be achieved through the following technical solutions:
The multidimensional ciphertext interval query device managed with efficient key, including:Data encryption module, key management module With searching ciphertext module;
The data encryption module is used to generation trapdoor and ciphertext model is encrypted using global private key according to searching request Enclose, and trapdoor and ciphertext scope are sent to searching ciphertext module, the global private key is that data encryption module is used according to data The data that family is sent, which are initialized, to be generated;
The searching ciphertext module match obtaining relevance degree according to trapdoor and ciphertext index, then judges the phase of data Angle value is closed whether in the range of cryptogram search, the ciphertext index is set up by data encryption module according to global private key, works as number According to relevance degree in the range of cryptogram search, corresponding ciphertext is sent to data user by searching ciphertext module, will be corresponding Ciphertext and data user identity are to key management module;
The key management module calculates decruption key according to corresponding ciphertext and data user identity, and by decruption key It is sent to data user.
Optionally, the data encryption module is additionally operable to global according to upload data and the initialization generation of user's grant column list Private key, ciphertext index is set up by global private key to clear data, and generation is encrypted according to symmetric key set pair clear data Ciphertext, the set of symmetric keys is generated by key management module according to data and data user's grant column list;
Optionally, the key management module is additionally operable to set up symmetric key Kazakhstan according to data and data user's grant column list Uncommon tree and key state Hash tree, generate set of symmetric keys.
Optionally, the key management module is additionally operable to update authorization data according to the identity information for being revoked data user User list information and key state Hash tree, set of symmetric keys is recalculated according to symmetric key Hash tree.
Optionally, the data encryption module is additionally operable to the set of symmetric keys recalculated according to key management module, weight It is new that ciphertext is generated to data encryption.
Any multidimensional ciphertext interval query device managed with efficient key provided based on the claim present invention Querying method, including:
Generation trapdoor and ciphertext scope is encrypted using global private key according to searching request in data encryption module, and will fall into Door and ciphertext scope are sent to searching ciphertext module;
Searching ciphertext module match obtaining relevance degree according to trapdoor and ciphertext index, then judges the degree of correlation of data Whether value is in the range of cryptogram search, if relevance degree is in the range of cryptogram search, searching ciphertext module sends out corresponding ciphertext User is given, corresponding ciphertext and data user identity are sent to key management module;
Key management module calculates decruption key according to corresponding ciphertext and data user identity, and decruption key is sent To user.
Optionally, generation trapdoor is encrypted and close using global private key according to searching request in the data encryption module Literary scope, and trapdoor and ciphertext scope are sent to before searching ciphertext module, in addition to:
Data encryption module passes through global private key according to data and the global private key of user's grant column list initialization generation are uploaded Ciphertext index is set up to clear data, data encryption module calls searching ciphertext module, performs ciphertext upload operation;
Key management module sets up symmetric key Hash tree according to data and data user's grant column list and key state is breathed out Uncommon tree, generates set of symmetric keys;
Generation ciphertext is encrypted according to symmetric key set pair clear data in data encryption module, and data encryption module is called Searching ciphertext module, performs ciphertext and ciphertext index upload operation.
Optionally, methods described also includes, and key management module updates according to the identity information for being revoked data user awards Flexible strategy recalculate set of symmetric keys according to user list information and key state Hash tree according to symmetric key Hash tree.
Optionally, methods described also includes, the symmetric key that data management module is recalculated according to key management module Collection, generates ciphertext to data encryption again.
Compared with prior art, the present invention has following beneficial technique effect:
Generation trapdoor and ciphertext scope, ciphertext inspection is encrypted using global private key according to searching request in data encryption module Rope module match obtaining relevance degree according to trapdoor and ciphertext index, then judges whether the relevance degree of data is looked into ciphertext In the range of inquiry, ciphertext index is set up by data encryption module according to global private key, when the relevance degree of data is in cryptogram search In the range of, corresponding ciphertext is sent to data user by searching ciphertext module, by corresponding ciphertext and data user identity to close Key management module, key management module calculates decruption key according to the identity of the data and data user retrieved, and will decryption Key is sent to data user, realizes to the multi-dimensional interval query of ciphertext there is provided a kind of with the close of abundant inquiry experience Query text device;
Further, key management module sets up symmetric key Hash tree and close according to data and data user's grant column list Key state Hash tree, generates set of symmetric keys, by symmetrically setting up symmetric key Hash tree, can quickly position required decryption Key, improves searching ciphertext efficiency;
Further, when data user needs dynamic to leave, key management module is according to the body for being revoked data user Part information updating authorization data user list information and key state Hash tree, are recalculated symmetrically according to symmetric key Hash tree Key set, the set of symmetric keys that data encryption module is recalculated according to key management module is generated close to data encryption again Text, now, old decryption key decryption ciphertext can not be utilized by being revoked the data user of authority, it is ensured that data user dynamic from The security of ciphertext data when opening.
Brief description of the drawings
Fig. 1 is a kind of multidimensional ciphertext interval query device signal managed with efficient key provided in an embodiment of the present invention Figure;
Fig. 2 is a kind of data encryption module schematic diagram provided in an embodiment of the present invention;
Fig. 3 is a kind of key management module schematic diagram provided in an embodiment of the present invention;
Fig. 4 is a kind of searching ciphertext module diagram provided in an embodiment of the present invention;
Fig. 5 is a kind of multidimensional ciphertext interval query method flow managed with efficient key provided in an embodiment of the present invention Figure;
Fig. 6 is another multidimensional ciphertext interval query method stream managed with efficient key provided in an embodiment of the present invention Cheng Tu.
Embodiment
With reference to specific embodiment, the present invention is described in further detail, it is described be explanation of the invention and It is not to limit.
As shown in figure 1, the device includes:Data encryption module, key management module and searching ciphertext module;
Data user calls data encryption module, performs data and data user's grant column list upload operation;Data encryption The data that module is sent according to data user carry out the global private key of initialization generation, set up close to clear data using global private key Text index;Data encryption module calls key management module, performs data association message and data user's grant column list uploads behaviour Make;Generation ciphertext is encrypted in the symmetric key set pair clear data that data encryption module is returned using key management module;Number Searching ciphertext module is called according to encrypting module, ciphertext and ciphertext index upload operation is performed;Data user calls data encryption mould Block, performs inquiry request upload operation;The inquiry request that data encryption module is sent according to data user is entered using global private key Row encryption generation trapdoor and ciphertext scope;Data encryption module calls searching ciphertext module, performs trapdoor and ciphertext scope is uploaded Operation.
Data association message and data user's grant column list that key management module is sent according to data encryption module, set up Symmetric key Hash tree and key state Hash tree, realize the storage and management to set of symmetric keys;Key management module according to Return ciphertext and the identity of data user that searching ciphertext module is sent, decruption key is calculated using symmetric key Hash tree, and Decruption key is sent to data user;Data user calls key management module, performs the data user's identity letter being revoked Cease upload operation;The data user's identity information being revoked that key management module is sent according to data user, updates and authorizes number According to user list information and key state Hash tree, recalculate set of symmetric keys followed by symmetric key Hash tree and call Data encryption module generates ciphertext to clear data re-encrypted.
Trapdoor and ciphertext scope that searching ciphertext module is sent according to data encryption module, first with trapdoor and index into Row matching obtains relevance degree, then judges the relevance degrees of data whether in the range of cryptogram search, if in cryptogram search model In enclosing, then corresponding ciphertext is returned into data user, otherwise give up the data;Searching ciphertext module calls key management mould Block, performs and returns to ciphertext and user identity upload operation.
Wherein, data encryption module and key management module can be deployed in believable privately owned Cloud Server, searching ciphertext Module can be deployed in publicly-owned Cloud Server.
As shown in figure 5, being looked into based on any multidimensional ciphertext interval managed with efficient key provided in an embodiment of the present invention The querying method of device is ask, including:
Step 101, generation trapdoor and ciphertext model is encrypted using global private key according to searching request in data encryption module Enclose, and trapdoor and ciphertext scope are sent to searching ciphertext module;
Step 102, searching ciphertext module match obtaining relevance degree according to trapdoor and ciphertext index, then judges data Relevance degree whether in the range of cryptogram search, if relevance degree is in the range of cryptogram search, searching ciphertext module will correspondence Ciphertext be sent to user, corresponding ciphertext and data user identity are sent to key management module;
Step 103, key management module calculates decruption key according to corresponding ciphertext and data user identity, and will decryption Key is sent to user.
As shown in fig. 6, generation trapdoor is encrypted and close using global private key according to searching request in data encryption module Literary scope, and trapdoor and ciphertext scope are sent to before searching ciphertext module, in addition to:
Step 104, data encryption module passes through according to data and the global private key of user's grant column list initialization generation are uploaded Global private key sets up ciphertext index to clear data, and data encryption module calls searching ciphertext module, performs ciphertext upload operation;
Step 105, key management module sets up symmetric key Hash tree and close according to data and data user's grant column list Key state Hash tree, generates set of symmetric keys;
Step 106, generation ciphertext, data encryption is encrypted according to symmetric key set pair clear data in data encryption module Module calls searching ciphertext module, performs ciphertext upload operation.
When data user needs dynamic to leave, key management module updates according to the identity information for being revoked data user Authorization data user list information and key state Hash tree, set of symmetric keys is recalculated according to symmetric key Hash tree;Number The set of symmetric keys recalculated according to management module according to key management module, generates ciphertext to data encryption again.
It is preferred that, a kind of multidimensional ciphertext interval query device work managed with efficient key provided in an embodiment of the present invention Make flow, it is specific as follows:
Data user calls data encryption module, performs data and data user's grant column list upload operation.
The data that data encryption module is sent according to data user carry out the global private key of initialization generation, utilize global private key Ciphertext index is set up to clear data;Data encryption module calls searching ciphertext module, performs ciphertext index upload operation.
Data set relevant information and data user's grant column list that key management module is sent according to data encryption module, build Vertical symmetric key Hash tree and key state Hash tree, realize the storage and management to set of symmetric keys.
The different data of symmetric key set pair that data encryption module is returned according to key management module are entered using aes algorithm Row encryption generation ciphertext;Data encryption module calls searching ciphertext module, performs ciphertext upload operation.
Data user calls data encryption module, performs inquiry request upload operation;Data encryption module please according to inquiry Ask and generation trapdoor and ciphertext scope is encrypted using global private key;Data encryption module calls searching ciphertext module, performs and falls into Door and ciphertext scope upload operation.
Trapdoor and ciphertext scope that searching ciphertext module is sent according to data encryption module, first with trapdoor and index into Row matching obtains relevance degree, then judges the relevance degrees of data whether in the range of cryptogram search, if in cryptogram search model In enclosing, then corresponding ciphertext is returned into data user, otherwise give up the data;Searching ciphertext module calls key management mould Block, performs and returns to ciphertext upload operation.
Return ciphertext and the identity of data user that key management module is sent according to searching ciphertext module, using symmetrical close Key Hash tree calculates decruption key, and decruption key is sent into data user.
When data user needs dynamic to leave, its workflow is as follows:
The data user's identity information being revoked that key management module is sent according to data user, updates authorization data and uses Family list information and key state Hash tree, set of symmetric keys is recalculated followed by symmetric key Hash tree;
Ciphertext list to be updated and corresponding key that data encryption module is sent according to key management module, are performed close Text updates operation.
Fig. 2 is a kind of data encryption module schematic diagram provided in an embodiment of the present invention, and data encryption module is implemented It is as follows:
Data owner calls data encryption module, performs data and data user's grant column list upload operation;Data add Close module carries out the global private key of initialization generation, and wherein global secret is a triple (M1,M2, S), wherein M1It is first random Invertible matrix, M2It is the second random invertible matrix, S is the vector randomly selected;Set up and indexed in plain text according to data;Utilize the overall situation Data are divided into two parts, i.e. the first data vector d by the random vector S in private key1With the second data vector d2, recycle The first random invertible matrix M in global private key1With the second random invertible matrix M2Respectively to the first data vector d1With the second number According to vectorial d2It is encrypted and obtains ciphertext index.
Data encryption module calls key management module, and data encryption module sends the phase of data set to key management module Close information and data user's grant column list;The symmetric key set pair that data encryption module is returned using key management module is different Generation ciphertext is encrypted using aes algorithm in data;
Data encryption module calls searching ciphertext module, performs ciphertext and ciphertext index upload operation;
Data user calls data encryption module, performs inquiry request upload operation, wherein inquiry request include inquiry to Measure Q and query context vector R;Data encryption module will be inquired about according to query vector Q using the random vector S in global private key Vectorial Q is divided into two parts, i.e. the first query vector Q1With the second query vector Q2, recycle first in global private key random Invertible matrix M1Inverse matrix and the second random invertible matrix M2Inverse matrix respectively to the first query vector Q1With second inquire about to Measure Q2It is encrypted and obtains trapdoor;
Data encryption module calls searching ciphertext module, session key is negotiated with searching ciphertext module, using aes algorithm Query context vector R is encrypted and obtains ciphertext scope, trapdoor and ciphertext scope upload operation is performed.
Fig. 3 is a kind of key management module schematic diagram provided in an embodiment of the present invention, and key management module is implemented It is as follows:
The relevant information and data user's grant column list for the data set that key management module is sent according to data encryption module, Symmetric key Hash tree and key state Hash tree are set up, efficient storage and the management of symmetric key is realized;Wherein symmetric key Hash tree refers to:Each set of symmetric keys is managed by a Hash tree with key, and the root node of Hash tree is corresponding Key value is set to root key, and the symmetric key value of each child node is calculated using father node key value;Key state Hash tree Refer to:The state value of Hash tree record node manages to carry out the key revocation of node, and wherein the initial value of state is 0;
Return ciphertext and the identity of data user that key management module is sent according to searching ciphertext module, according to symmetrical close Key Hash tree calculates the symmetric key value of each child node using root key and father node key value, that is, calculates xth layer in Hash tree In the corresponding key value K of y-th of nodex,y:Kx,y=H (Kparent,x||y||*Sx,y), wherein KparentIt is Kx,yFather node pair The key answered, it is well-known key;H, which will be one, to gather { 0,1 }*Middle element is mapped to { 0,1 }256In hash function, wherein { 0,1 }*Represent the bit set of strings of random length, { 0,1 }256It is the bit set of strings that length is 256, | | series connection computing is represented, X | | y is the S in order to ensure that key is differentx,yRefer to the revocation state value of node, in Sx,yPreceding increase and decrease ' * ' is in order to avoid straight Connecing series connection may caused two key same problem;
Data owner calls key management module, performs the data subscriber information upload operation being revoked;
The data user's identity information being revoked that key management module is sent according to data user, updates authorization data and uses Family list information and key state Hash tree, are added up to the key revocation state value of respective nodes in key state Hash tree 1, represent that this node once cancel.And calculated according to symmetric key Hash tree using root key and father node key value The symmetric key value of each child node, then recalculates set of symmetric keys and calls data encryption module to be updated ciphertext, Old symmetric key decryption ciphertext can not be utilized by being revoked the data user of authority.
Fig. 4 is a kind of searching ciphertext module diagram provided in an embodiment of the present invention, and searching ciphertext module is implemented It is as follows:
Trapdoor and ciphertext scope that searching ciphertext module is sent according to data encryption module, first with data encryption mould The secret key decryption query context that block is consulted;Match using trapdoor and index progress afterwards and obtain relevance degree, then judge data Whether relevance degree is in query context, if in query context, corresponding ciphertext is returned into data user, by correspondence Otherwise ciphertext and data user identity give up the data to key management module;Searching ciphertext module calls key management module, Implementing result ciphertext and data user identity upload operation.
Above description is only example of the present invention, does not constitute any limitation of the invention.Obviously for this , all may be without departing substantially from the principle of the invention, the premise of structure after the content of the invention and principle is understood for the professional in field Under, the amendment and improvement of algorithm are carried out, but these amendments and improvement based on inventive algorithm are in the claim of the present invention Within protection domain.

Claims (9)

1. the multidimensional ciphertext interval query device managed with efficient key, it is characterised in that including:It is data encryption module, close Key management module and searching ciphertext module;
The data encryption module is used to generation trapdoor and ciphertext scope is encrypted using global private key according to searching request, and Trapdoor and ciphertext scope are sent to searching ciphertext module, the global private key is that data encryption module is sent according to data user Data initialized and generated;
The searching ciphertext module match obtaining relevance degree according to trapdoor and ciphertext index, then judges the degree of correlation of data Whether value is in the range of cryptogram search, and the ciphertext index is set up by data encryption module according to global private key, when data Relevance degree is in the range of cryptogram search, and corresponding ciphertext is sent to data user by searching ciphertext module, by corresponding ciphertext With data user identity to key management module;
The key management module calculates decruption key according to corresponding ciphertext and data user identity, and decruption key is sent To data user.
2. the multidimensional ciphertext interval query device managed as claimed in claim 1 with efficient key, it is characterised in that described Data encryption module is additionally operable to, according to data and the global private key of user's grant column list initialization generation are uploaded, pass through global private key pair Clear data sets up ciphertext index, and generation ciphertext, the set of symmetric keys is encrypted according to symmetric key set pair clear data Generated by key management module according to data and data user's grant column list.
3. the multidimensional ciphertext interval query device managed as claimed in claim 1 with efficient key, it is characterised in that described Key management module is additionally operable to set up symmetric key Hash tree and key state Hash according to data and data user's grant column list Tree, generates set of symmetric keys.
4. the multidimensional ciphertext interval query device managed as claimed in claim 1 with efficient key, it is characterised in that described Key management module is additionally operable to update authorization data user list information and key according to the identity information for being revoked data user State Hash tree, set of symmetric keys is recalculated according to symmetric key Hash tree.
5. the multidimensional ciphertext interval query device managed as claimed in claim 4 with efficient key, it is characterised in that described Data encryption module is additionally operable to the set of symmetric keys recalculated according to key management module, data encryption is generated again close Text.
6. the issuer based on any multidimensional ciphertext interval query device managed with efficient key described in claim 1-5 Method, it is characterised in that including:
Generation trapdoor and ciphertext scope is encrypted using global private key according to searching request in data encryption module, and by trapdoor and Ciphertext scope is sent to searching ciphertext module;
Searching ciphertext module according to trapdoor and ciphertext index match obtaining relevance degree, then judges that the relevance degrees of data is It is no in the range of cryptogram search, if relevance degree is in the range of cryptogram search, corresponding ciphertext is sent to by searching ciphertext module User, key management module is sent to by corresponding ciphertext and data user identity;
Key management module calculates decruption key according to corresponding ciphertext and data user identity, and decruption key is sent into use Family.
7. the multidimensional ciphertext interval query method managed as claimed in claim 6 with efficient key, it is characterised in that in institute State data encryption module and generation trapdoor and ciphertext scope is encrypted using global private key according to searching request, and by trapdoor and close Literary scope is sent to before searching ciphertext module, in addition to:
Data encryption module is according to data and the global private key of user's grant column list initialization generation are uploaded, by global private key to bright Literary data set up ciphertext index, and data encryption module calls searching ciphertext module, performs ciphertext upload operation;
Key management module sets up symmetric key Hash tree and key state Hash tree according to data and data user's grant column list, Generate set of symmetric keys;
Generation ciphertext is encrypted according to symmetric key set pair clear data in data encryption module, and data encryption module calls ciphertext Module is retrieved, ciphertext and ciphertext index upload operation is performed.
8. the multidimensional ciphertext interval query method managed as claimed in claim 6 with efficient key, it is characterised in that also wrap Include, key management module updates authorization data user list information and key state according to the identity information for being revoked data user Hash tree, set of symmetric keys is recalculated according to symmetric key Hash tree.
9. the multidimensional ciphertext interval query method managed as claimed in claim 9 with efficient key, it is characterised in that also wrap Include, the set of symmetric keys that data management module is recalculated according to key management module, ciphertext is generated to data encryption again.
CN201710543080.9A 2017-07-05 2017-07-05 Multidimensional ciphertext interval query device and method with efficient key management Active CN107294701B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710543080.9A CN107294701B (en) 2017-07-05 2017-07-05 Multidimensional ciphertext interval query device and method with efficient key management

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710543080.9A CN107294701B (en) 2017-07-05 2017-07-05 Multidimensional ciphertext interval query device and method with efficient key management

Publications (2)

Publication Number Publication Date
CN107294701A true CN107294701A (en) 2017-10-24
CN107294701B CN107294701B (en) 2021-05-18

Family

ID=60100193

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710543080.9A Active CN107294701B (en) 2017-07-05 2017-07-05 Multidimensional ciphertext interval query device and method with efficient key management

Country Status (1)

Country Link
CN (1) CN107294701B (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110096899A (en) * 2019-04-29 2019-08-06 腾讯科技(深圳)有限公司 A kind of data query method and device
CN113098691A (en) * 2021-03-25 2021-07-09 北京百度网讯科技有限公司 Digital signature method, signature information verification method, related device and electronic equipment
CN113158087A (en) * 2021-04-09 2021-07-23 深圳前海微众银行股份有限公司 Query method and device for space text
CN117494174A (en) * 2023-12-28 2024-02-02 北京遥感设备研究所 Multidimensional data encryption range query method and device, storage medium and electronic equipment

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130148803A1 (en) * 2011-12-09 2013-06-13 Electronics And Telecommunications Research Institute Multi-user searchable encryption system and method with index validation and tracing
CN105187425A (en) * 2015-09-02 2015-12-23 南京理工大学紫金学院 Certificate-free threshold decryption method for security of cloud calculation communication system
CN105592100A (en) * 2016-01-26 2016-05-18 西安电子科技大学 Government services cloud access control method based on attribute encryption
CN106209774A (en) * 2016-06-24 2016-12-07 西安电子科技大学 The cloud service outsourcing access right control method obscured based on undistinguishable
CN106302449A (en) * 2016-08-15 2017-01-04 中国科学院信息工程研究所 A kind of ciphertext storage cloud service method open with searching ciphertext and system
CN106559422A (en) * 2016-11-10 2017-04-05 西安电子科技大学 Multidimensional ciphertext interval query method based on key agreement
CN106599719A (en) * 2016-12-12 2017-04-26 西安电子科技大学 Ciphertext retrieval method supporting efficient key management
CN106850216A (en) * 2017-03-31 2017-06-13 西安电子科技大学 A kind of key revocation method of key management tree in cloud database

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130148803A1 (en) * 2011-12-09 2013-06-13 Electronics And Telecommunications Research Institute Multi-user searchable encryption system and method with index validation and tracing
CN105187425A (en) * 2015-09-02 2015-12-23 南京理工大学紫金学院 Certificate-free threshold decryption method for security of cloud calculation communication system
CN105592100A (en) * 2016-01-26 2016-05-18 西安电子科技大学 Government services cloud access control method based on attribute encryption
CN106209774A (en) * 2016-06-24 2016-12-07 西安电子科技大学 The cloud service outsourcing access right control method obscured based on undistinguishable
CN106302449A (en) * 2016-08-15 2017-01-04 中国科学院信息工程研究所 A kind of ciphertext storage cloud service method open with searching ciphertext and system
CN106559422A (en) * 2016-11-10 2017-04-05 西安电子科技大学 Multidimensional ciphertext interval query method based on key agreement
CN106599719A (en) * 2016-12-12 2017-04-26 西安电子科技大学 Ciphertext retrieval method supporting efficient key management
CN106850216A (en) * 2017-03-31 2017-06-13 西安电子科技大学 A kind of key revocation method of key management tree in cloud database

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110096899A (en) * 2019-04-29 2019-08-06 腾讯科技(深圳)有限公司 A kind of data query method and device
CN110096899B (en) * 2019-04-29 2023-06-23 腾讯科技(深圳)有限公司 Data query method and device
CN113098691A (en) * 2021-03-25 2021-07-09 北京百度网讯科技有限公司 Digital signature method, signature information verification method, related device and electronic equipment
CN113098691B (en) * 2021-03-25 2021-11-23 北京百度网讯科技有限公司 Digital signature method, signature information verification method, related device and electronic equipment
CN113158087A (en) * 2021-04-09 2021-07-23 深圳前海微众银行股份有限公司 Query method and device for space text
CN117494174A (en) * 2023-12-28 2024-02-02 北京遥感设备研究所 Multidimensional data encryption range query method and device, storage medium and electronic equipment
CN117494174B (en) * 2023-12-28 2024-03-29 北京遥感设备研究所 Multidimensional data encryption range query method and device, storage medium and electronic equipment

Also Published As

Publication number Publication date
CN107294701B (en) 2021-05-18

Similar Documents

Publication Publication Date Title
Li et al. Full verifiability for outsourced decryption in attribute based encryption
CN105871543B (en) Multiple key cipher text retrieval method under more data owner's backgrounds based on attribute
WO2019090988A1 (en) Cryptography attribute-based access control method and system based on dynamic rule
CN114065265B (en) Fine-grained cloud storage access control method, system and equipment based on blockchain technology
CN104486315B (en) A kind of revocable key outsourcing decryption method based on contents attribute
CN107948146B (en) Connection keyword retrieval method based on attribute encryption in hybrid cloud
CN108768951B (en) Data encryption and retrieval method for protecting file privacy in cloud environment
CN114826703B (en) Block chain-based data search fine granularity access control method and system
WO2016106752A1 (en) Shared data access control method, device and system
CN107634829A (en) Encrypted electronic medical records system and encryption method can search for based on attribute
CN112989375B (en) Hierarchical optimization encryption lossless privacy protection method
CN106599719A (en) Ciphertext retrieval method supporting efficient key management
CN107294701A (en) The multidimensional ciphertext interval query device and querying method managed with efficient key
CN108632385B (en) Time sequence-based cloud storage privacy protection method for multi-branch tree data index structure
CN112332979B (en) Ciphertext search method, system and equipment in cloud computing environment
Xiang et al. Achieving verifiable, dynamic and efficient auditing for outsourced database in cloud
CN106934301A (en) A kind of safely outsourced data processing method of relevant database for supporting ciphertext data manipulation
CN105721485A (en) Secure nearest neighbor query method for multiple data owners in outsourcing cloud environment
CN114640458B (en) Fine granularity multi-user security searchable encryption method in cloud-edge cooperative environment
CN106874516A (en) Efficient cipher text retrieval method based on KCB trees and Bloom filter in a kind of cloud storage
CN105897419B (en) A kind of multi-user's dynamic keyword word can search for encryption method
CN104935588B (en) A kind of hierarchical encryption management method of safe cloud storage system
Park et al. PKIS: practical keyword index search on cloud datacenter
Yan et al. Secure and efficient big data deduplication in fog computing
CN116663046A (en) Private data sharing and retrieving method, system and equipment based on blockchain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant