CN107491497A - Multi-user's multi-key word sequence of any language inquiry is supported to can search for encryption system - Google Patents

Multi-user's multi-key word sequence of any language inquiry is supported to can search for encryption system Download PDF

Info

Publication number
CN107491497A
CN107491497A CN201710614034.3A CN201710614034A CN107491497A CN 107491497 A CN107491497 A CN 107491497A CN 201710614034 A CN201710614034 A CN 201710614034A CN 107491497 A CN107491497 A CN 107491497A
Authority
CN
China
Prior art keywords
user
key
msub
keyword
cloud platform
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710614034.3A
Other languages
Chinese (zh)
Other versions
CN107491497B (en
Inventor
杨旸
张煜超
刘西蒙
程红举
张�浩
刘耿耿
邹剑
董晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fuzhou University
Original Assignee
Fuzhou University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fuzhou University filed Critical Fuzhou University
Priority to CN201710614034.3A priority Critical patent/CN107491497B/en
Publication of CN107491497A publication Critical patent/CN107491497A/en
Application granted granted Critical
Publication of CN107491497B publication Critical patent/CN107491497B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • G06F16/9535Search customisation based on user profiles and personalisation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms

Abstract

The present invention relates to a kind of multi-user's multi-key word for supporting any language to inquire about sequence can search for encryption system, key generation centre, it is that each entity in system generates key;Cloud platform, the document of user is stored in an encrypted form, responds the data retrieval request of user;Calculate service provider, there is provided in the online calculation server of line computation;Data owner, to keyword and file encryption, and send it to the cloud platformStored;User, keyword trapdoor is generated to the cloud platformInitiate data retrieval request.A kind of multi-user's multi-key word for supporting any language to inquire about sequence proposed by the invention can search for encryption system; storage overhead is small; support any language; flexible licensing scheme and time-based user's revocation mechanism; simultaneously scan for the data of multiple data owners; flexible keyword weight and preference fraction are set, and protect privacy of user.

Description

Multi-user's multi-key word sequence of any language inquiry is supported to can search for encryption system
Technical field
The present invention relates to a kind of multi-user's multi-key word for supporting any language to inquire about sequence can search for encryption system.
Background technology
Cloud computing provides abundant calculating and storage resource, attracts increasing personal and enterprise to deposit data outsourcing Store up in Cloud Server.DEA can convert the data into unreadable ciphertext, but how to search for and share and add The problem of ciphertext data is one challenging.Can search for encrypting (SE) is that the one kind for carrying out keyword search to encryption data has Efficacious prescriptions method, have been widely used in fields such as medical treatment, intelligent grid, Internet of Things.In order to be realized by SE to encrypted document Search, data owner needs to extract one group of keyword from document first, and is encrypted as encrypted indexes.Then, number Encrypted indexes and encrypted document are uploaded into Cloud Server according to owner to be stored.In the data query stage, user, which generates, closes Keyword trapdoor, and trapdoor is submitted into Cloud Server.Cloud Server is tested between trapdoor and encrypted indexes using matching algorithm Incidence relation, the encrypted document containing keyword is returned to user afterwards.
Many existing SE systems only support single keyword search or are coupled keyword query, it is impossible to according to the degree of correlation point Several documents to searching are ranked up.In order to improve search experience, it is thus proposed that multi-key word sequence can search for encryption equipment Make (MRSE) so that a k pieces have the document of highest relevance score before Cloud Server returns, rather than all documents are to user. But most of existing MRSE systems are all based on special k- arest neighbors (KNN) algorithm design, this kind of system architecture letter Referred to as KNN-SE.The existing MRSE systems based on KNN-SE frameworks have many shortcomings, have compared with big limitation.Ensureing scheme , it is necessary to design new MRSE systems to overcome these defects on the premise of efficiency and security.
2000, Song et al. proposed that safety can search for the concept of encryption first.Boneh et al. propose public key encryption and Keyword search scheme.Curtmola and Cash et al. are realize enhanced scalability using can search for symmetric encryption scheme System.2011, Cao et al. proposed the MRSE schemes for supporting single user, and it is based on KNN-SE frameworks.KNN-SE is a kind of symmetrical Encryption system, it is quantified similarity and result is ranked up using " inner product similarity ".KNN-SE safe key is by two Individual k × k matrix M1、M2With vectorial S ∈ { 0,1 }kForm (k is predefined keyword quantity when system is established).For every Document, the keyword of extraction are mapped to vectorial I ∈ { 0,1 }k, vector in each whether all represent predefined keyword It is present in document.Two vectorial I' and I " are split into then according to the vectorial S of instruction, vectorial I.I', I " respectively with Phase Multiply to generate encrypted indexes.Generation trapdoor is similar with the process for generating encrypted indexes, and difference is the inquiry divided Vectorial I' and I " respectively withIt is multiplied.In inquiry phase, relevance score is calculated using inner product.
Most MRSE systems are all based on KNN-SE architecture designs.Yu et al. proposes two-wheeled and can search for encryption system Unite to realize sequence multi-key word search.They ensure the security of system using KNN-SE frameworks and order-preserving encryption technology. Fu et al. proposes the multi-key word sorted search system for supporting synonym inquiry, and it is supported also based on KNN-SE framework systems Synonym is inquired about and allows synonym to replace in data retrieval process.We make use of TF-IDF when extracting keyword (term frequency-inverse document frequency) is used as keyword weight.Data owner must construct index tree and carry out acceleration search algorithm, this consumption Many memory spaces.Later, they proposed the semantic search system based on keyword that can verify that, supported search result Verifiability;One is devised based on the index tree of symbol to store " path " information, can be searched using the index tree to verify Hitch fruit.
Sun et al. also proposed it is a kind of can verify that can search for encryption system support multi-key word search and similarity row Sequence.They utilize the index structure based on tree, multidimensional algorithm and KNN-SE frameworks to improve search efficiency.Li et al. is by KNN-SE Framework and blind storage method are combined to design MRSE systems.Then, they support boolean to look into using super increasing sequence to design The new MRSE systems ask, such as " AND ", " OR " and " NO " operation.They also improve efficiency using sub- dictionary method is classified. Xia et al. devises the index structure based on tree and improves search efficiency with " greedy depth-first search " algorithm.They also make Indexed and inquired about with KNN-SE algorithm for encryption.Chen et al. devises hierarchy clustering method to realize more ways of search.Point Layer method is based on Minimum relevance weight threshold design, and it can polymerize the document of encryption, and the packet of generation is divided into son Collection, so as to realize faster search speed.Fu et al. is come using local sensitivity hash function, Bloom filter and KNN-SE frameworks Realize that multi-key word is fuzzy and can search for encryption system.Although substantial amounts of MRSE systems are based on KNN-SE architecture designs, In fact the framework has the shortcomings that several obvious.First, in system establishment stage, KNN-SE needs to predefine one group of keyword set Close, if needing to define new keyword in system operation, whole system is required for rebuilding.Secondly, KNN-SE Framework is a kind of symmetric key encryption systems, and therefore, data owner must reveal its private key so as to authorize inquiry power to user Limit.3rd, in order to support the keyword retrieval of any language, it is necessary to predefined keyword quantity and matrix M1、M2Dimension all To be astronomical figure, so the MRSE systems based on KNN-SE frameworks can not support the keyword search of any language.4th, meter The file correlation fraction calculated is that in plain text, Cloud Server can obtain the statistical information of user data, such as height correlation Document and high-frequency return to document.These information can reveal the privacy of user.
The content of the invention
It is an object of the invention to provide a kind of multi-user's multi-key word for supporting any language to inquire about sequence can search for adding Close system, to overcome defect present in prior art.
To achieve the above object, the technical scheme is that:It is a kind of support any language inquire about multi-user it is how crucial Word sequence can search for encryption system, including:
Key generation centre KGC, it is that each entity in system generates key;
Cloud platform CP, the document of user is stored in an encrypted form, respond the data retrieval request of user;
Calculate service provider CSP, there is provided in the online calculation server of line computation;
Data owner, to keyword and file encryption, and send it to the cloud platform CP and stored;
User, generation keyword trapdoor initiate data retrieval request to the cloud platform CP.
In an embodiment of the present invention, the key generation centre KGC passes through the Paillier with thresholding decryption function The KeyGen algorithms of cryptographic system, key generation centre KGC generation system common parameter PP=(g, N), main private key MSK=λ and User AiPublic/private keys pairWithKey generation centre KGC is private keyIt is sent in user owner User Ai, and open public keyKey generation centre KGC calculates Your Majesty's key MPK=gλ;Key generation centre KGC storage masters Private key MSK, and open system common parameter PP;It is close that key generation centre KGC performs the Paillier with thresholding decryption function The master key splitting algorithm of code system, generating portion key SK11And SK22, and secret is sent to the cloud platform respectively The CP and calculating service provider CSP.
In an embodiment of the present invention, a user B is by information (B, AT1) it is sent to the data owner A1, apply awarding AT between temporary1In period, to data owner A1The mandate that scans for of data;If allowing to authorize, the data owner A1The certificate of authority is generated for user B:
Wherein,Private key skΣUser B is sent to by secret;Sent To the key generation centre KGC, the cloud platform CP, the calculating service provider CSP and user B;AT between when authorized1 When expired, mandate will cease to be in force automatically;Sig/Verify is signature/verification algorithm safe on password, note hash function H1:{0, 1}*→ZNAnd H2:ZN→ K, K are symmetric key space;
If data owner A1Authorizing time AT1Interior revocation user B privilege, then generate cancellation of doucment:
Wherein, RT is the revocation time;Cancellation of doucmentIt is sent to the key generation centre KGC, the cloud platform CP, the calculating service provider CSP and user B.
In an embodiment of the present invention, a user B is simultaneously to multiple data owner (A1,...,Am) document looked into Ask, then from the plurality of data owner (A1,...,Am) the authorized certificate in placeUser B gives birth to the key Apply for search access right into center KGC, after the validity of certificate is confirmed, the key generation centre KGC calculates licensing term ATΣ =AT1∩...ATm, generation certificate of authority CERΣ,B
<Cer=(A1,...,Am,B,ATΣ,pkΣ),Sig(cer,MSK)>,
Wherein,skΣ=H1(A1,...,Am,B,ATΣ,MSK);skΣIt is sent to user B, pkΣTo the cloud Platform CP, the calculating service provider CSP and user B are disclosed;Sig/Verify is that signature/verification safe on password is calculated Method, note hash function H1:{0,1}*→ZNAnd H2:ZN→ K, K are symmetric key space;
If to authorize term of validity ATΣInterior revocationThe key generation centre KGC generates cancellation of doucment:
RVKΣ,B:<Rvk=(CERΣ,B,revoke,RT),Sig(rvk,MSK)>;
Wherein, RT is the revocation time;The key generation centre KGC is RVKΣ,BIt is sent to the cloud platform CP, the meter Calculate service provider CSP and user B.
In an embodiment of the present invention, data owner AiAccording to following steps to documentData are encrypted, upload To the cloud platform CP:
Step S11:Data owner AiExtract one group of keyword set for describing documentAnd it is keyword Different weights is setRemember hash function H1:{0,1}*→ZNWith For symmetric key space;
Step S12:Data owner AiCiphertext algorithm K2C cryptography key words are converted by keyword to obtainObtained by the Paillier cryptosystem encryption keyword weights that function is decrypted with thresholdingKeyword/keyword weight is to being expressed as
Step S13:By the Paillier cryptosystem algorithm encrypted document identity that function is decrypted with thresholding And document encryption keyObtainWith
Step S14:Utilize hash functionIt is rightCalculated, obtainedData possess Person AiUtilize symmetric encipherment algorithm SEnc encrypted documentsObtain ciphertext:Wherein, SEnc/SDec is Safe symmetric cryptography/decipherment algorithm on password;
Step S15:Data owner AiEncrypted indexesAnd ciphertextOutsourcing stores To cloud platform CP.
In an embodiment of the present invention, inquired about in inquiry phase, user B generation trapdoors:
Step S21:User B determines searching keywordWith the preference fraction of searching keywordPartially Good grades represent the importance of keyword in inquiry;
Step S22:User B converts ciphertext algorithm K2C encrypted query keywords by keyword and obtained Obtained using the Paillier cryptosystem encryption preference fractions by decrypting function with thresholdingOrder
Step S23:User B uses private key skBTo inquirySigned and generate signature
Step S24:Inquiries of the user B encryptionSignatureWith identity UserBIt is sent to cloud platform CP.
In an embodiment of the present invention, after receiving keyword search request, cloud platform CP first examines whether user B has the right Access data;If user B has permission, cloud platform CP uses user B public key pkBRevene lookupSignatureIf signatureIt is invalid, cloud platform CP refusal user's B inquiry requests;Otherwise, cloud platform CP can respond to searching request, and cloud platform CP It is first every document calculations encrypted queryWith the relevance score of encrypted indexes;Then cloud platform CP returns to relevance score most High preceding k pieces document.
In an embodiment of the present invention, it is every document calculations by using cross-domain safe multi-key word search protocol MKS Encrypted queryWith the relevance score of encrypted indexes.
In an embodiment of the present invention, the cloud platform CP returns to a k pieces before relevance score highest as follows Document:
Step S31:Agreement MAX is chosen by using cross-domain safety is maximum, the degree of correlation is selected in two encrypted documents Fraction highest document;
Step S32:Agreement MAX is chosen by using the maximum n of cross-domain safetyn, using Hu step S31 result of calculation, in n Relevance score highest document is selected in piece document;
Step S33:By using cross-domain safe top-k data retrievals agreement Top-K, using step S32 result of calculation, Select k piece documents before relevance score highest.
In an embodiment of the present invention, after user B receives k piece encrypted documents, public key pk is passed throughΣ, recover the degree of correlation point Number Ii, number of documents IDiWith document encryption key Ki, 1≤i≤k;Pass through Private information retrieval PIR or careless internal storage access ORAM method, user B obtains encryption file at cloud platform CP, without leaking access module;User B first recovers document Encryption key K, is then calculatedAnd recover document M, hash function H using K'1:{0,1}*→ZNWith For symmetric key space.
Compared to prior art, the invention has the advantages that:
1. storage overhead is small.Keyword set need not be predefined in system generation phase, can be appointed in the process of running Meaning adds new keyword.
2. support any language.The present invention is encoded using Unicode to the keyword of any language, and using effectively Mode be converted into ciphertext.
3. flexible licensing scheme and time-based user's revocation mechanism.System allows data owner specific at one Search and decrypted rights are granted to user in period.When licensing term expires, system can cancel these users automatically Search permission.In addition, system also provides the effective ways that authority revocation is carried out in licensing term for data owner.
4. simultaneously scan for the data of multiple data owners.In the present invention, as long as user just can be using a trapdoor simultaneously The encrypted document of multiple data owners is scanned for.
5. flexible keyword weight and preference fraction are set.In encrypting stage, data owner can be according to keyword Importance different keyword weights is set.In inquiry phase, user can be that multiple keywords of inquiry set difference Preference fraction.In the search phase, encrypted form can be calculated according to keyword weight and preference fraction in Cloud Server Relevance score, and preceding k pieces document is returned into data user
6. protect privacy of user.In existing MRSE systems, Cloud Server can obtain the correlation of each search document Fraction is spent, and knows which document is maximally related.In the present invention, because the relevance score for returning to user is encryption , Cloud Server is obtained less than any plaintext and statistical information from search result.
Brief description of the drawings
Fig. 1 is system framework figure in one embodiment of the invention.
Fig. 2 is the example schematic of K2C algorithms in one embodiment of the invention.
Fig. 3 is that ciphering process schematic diagram is intended in one embodiment of the invention.
Fig. 4 is query process schematic diagram in one embodiment of the invention.
Fig. 5 is that relevance score schematic diagram is calculated in one embodiment of the invention.
Fig. 6 is MAX in one embodiment of the inventionnThe schematic diagram of agreement.
Embodiment
Below in conjunction with the accompanying drawings, technical scheme is specifically described.
A kind of multi-user's multi-key word for supporting any language to inquire about sequence of the present invention can search for encryption system, as Fig. 1 is The system architecture of the present invention, system include following several entities:
Key generation centre.Key generation centre (KGC) is completely believable, each entity generation being responsible in system Key.
Cloud platform.Cloud platform (CP) has powerful storage and computing capability, and stores the document of user in an encrypted form. CP is also responsive to the data retrieval request of user.
Calculate service provider.It is online calculation server to calculate service provider (CSP), has powerful calculating energy Power.
Data owner.Data owner's cryptography key word and document, and send it to CP and stored.
User.User generates keyword trapdoor and initiates data retrieval request to CP.
Further, system need not predefine keyword set in establishment stage, can appoint in system operation Meaning adds new keyword, significantly reduces storage overhead.The keyword of any language is encoded using Unicode, And ciphertext is converted into by effective manner.User is allowed to simultaneously scan for multiple data owners' using a trapdoor Document.Flexible licensing scheme and time-based user's revocation mechanism are provided.System allows data owner specific at one Search and decrypted rights are granted to user in period.When licensing term expires, system can cancel these users automatically Search permission.In addition, system also provides the effective ways that authority revocation is carried out in licensing term for data owner.
Further, there is provided flexible keyword weight and preference fraction are set.In encrypting stage, data owner can be with Different keyword weights is set according to the importance of keyword.In inquiry phase, user can be multiple keys of inquiry Word sets different preference fractions.In the search phase, Cloud Server can be calculated according to keyword weight and preference fraction The relevance score of encrypted form, and k piece documents before degree of correlation highest are returned into data user.
In existing MRSE systems, Cloud Server can obtain the relevance score of each search document.Due to calculating Relevance score be encryption, Cloud Server obtains less than any plaintext and statistical information from search result, effectively protects Privacy of user is protected.
In order to allow those skilled in the art to further appreciate that system proposed by the invention, enter with reference to specific embodiment Row explanation.
Further, in the present embodiment, using the Paillier cryptographic systems (PCTD that function is decrypted with thresholding: Paillier Cryptosystem with Threshold Decryption), homomorphic cryptography is realized, can be in cloud platform The privacy of the outer bag data of middle protection.Using homomorphism property, without ciphertext is decrypted, it is possible to directly carry out various meters Calculate, calculated so as to can be achieved with safe outsourcing.In addition, its computing cost is opened less than the calculating needed for full homomorphic cryptography system Pin.OrderRepresent X bit length.
Key generates:κ is security parameter, and p and q are two Big primes,Calculate N=pq, λ=lcm (p-1, q-1)/2 (lcm represents the least common multiple of two numbers).Defined functionSelection generates first g and g Rank be ord (g)=(p-1) (q-1)/2.System common parameter PP=(g, N), main private key SK=λ.System is every user i Distribute private key ski∈ZNAnd public key
Encryption:For the plaintext m ∈ Z of inputN, user random selection r ∈ [1, N/4], use its public key pkiPlaintext m is added It is close into ciphertextWhereinC2=gr mod N2
Use private key for user skiDecryption:For the ciphertext of inputWith private key ski, we can be obtained bright by calculating Text
It is decrypted using main private key SK:Using the main private key SK=λ of system, pass through Calculating just can be to all ciphertext generated using public key encryptionIt is decrypted.(if gcd represents two numbers to gcd (λ, N)=1 Greatest common divisor) set up, then have
Main private key division:Main private key SK=λ can be with random splitting into two part SK11And SK22So that λ12 =0mod λ, λ12=1modN2
Use SK1Carry out part decryption (PD1):For the ciphertext of inputSK can be utilized11To count Calculate
Use SK2Carry out part decryption (PD2):For the ciphertext of inputWithSK can be utilized22To calculateIt can be recovered in plain text by calculating
Ciphertext updates (CR):CR algorithms are used to update ciphertext, by ciphertextChange into new ciphertextAnd m=m'.Randomly choose r' ∈ ZN, calculateC2'=C2·gr'modN2
PCTD has isomorphism:For random r ∈ ZN,
The system has used following agreements, and these agreements are required for CP and CSP interacting operations to perform.pkAAnd pkBIt is user A With B public key.pkΣIt is the joint public key defined for user A and B.
Cross-domain secure addition agreement (SAD):For what is givenWithIt is calculated
Cross-domain secure multiplication agreement (SMD):For what is givenWithIt is calculated
Further, in the present embodiment, in order to a keyword is encoded into set ZNIn an element, first Each letter in keyword is converted into its ASCII character form, and hexadecimal ASCII character is then changed into the decimal system.Root According to position of each letter in keyword, each element is multiplied by certain weight, the element weighted is added, then used Big integer after addition is encrypted PCTD algorithms.The algorithm is referred to as keyword conversion ciphertext algorithm (K2C:keyword to Ciphertext algorithm), as shown in Figure 3.
In order to which any keyword in any language is converted into ciphertext, without predefining keyword set, the present embodiment Safety-critical word conversion ciphertext algorithm (K2C) is provided, is mainly included the following steps that:
1. each character (including spcial character) in a keyword changes into its unicode form (UTF-16:16 Unicode format transformations).2. each hexadecimal unicode is converted to decimal integer.3. according to each letter in key Position in word, each element are multiplied by certain weight.4. all integers weighted are summed into big integer.5. use PCTD The big integer of keyword is encrypted to ciphertext by algorithm and the public key of data owner.
Further, an example is given in Fig. 2 to illustrate how using K2C algorithms English, Chinese, Korean and day The character string " keyword " of text is converted to ciphertext.It is worth noting that, K2C algorithms can successfully be converted to keyword uniquely Big integer, successfully solve the problems, such as that other can search in AES using the error probability caused by Bloom filter.
Further, in the present embodiment, a kind of cryptography key word equivalence test protocol is also provided, the agreement is used to detect Whether two keyword ciphertexts include identical keyword.With two keywords by different public key encryptionsWithAs Input, cryptography key word equivalence test protocol KET output encrypted resultsTo represent whether two keywords are identical.If u* =1, represent that two keywords are identicals;Otherwise u*=0.OrderCP and CSP interactions perform encryption and closed Keyword equivalence test protocol KET.Realize in accordance with the following steps:
Step 1:1.CP is calculated
2.CP randomly selects r1、r2、r3、r4, make its satisfaction Connect , CP toss a coin s at random1,s2∈{0,1}。
3.CP and CSP performs following operate
If s1=1,
If s1=0,
If s2=1,
If s2=0,
4.CP is calculated(l1, l1',l2,l2') it is sent to CSP.
Step 2:CSP is decryptedIfCSP is set u1'=0, otherwise u1'=1.IfCSP sets u2'=0, otherwise u2'=1.Then CSP utilizes public key pkΣ U1', u2' be encrypted toAnd send it to CP.
Step 3:ReceiveAfterwards, CP is calculated as follows:
If s1=1, CP are calculatedOtherwise CP is calculated
If s2=1, CP are calculatedOtherwise CP is calculatedSuch as Fruit u1=1, represent X >=Y;Otherwise u1=0.If u2=1, represent Y >=X;Otherwise u2=0.
Then CP and CSP is calculated
Further, in the present embodiment, key schedule uses the KeyGen algorithms by running PCTD, KGC lifes Into system common parameter PP=(g, N), main private key MSK=λ and user AiPublic/private keys pairKGC Secret is sent to user AiAnd discloseKGC calculates Your Majesty's key MPK=gλ.KGC secure store MSK, open PP.Then The master key splitting algorithm that KGC performs PCTD generates part of key SK11And SK22, and respectively their secret transmissions To CP and CSP.
SEnc/SDec is that (symmetric key space is symmetric cryptography/decipherment algorithm safe on password), Sig/Verify It is signature/verification algorithm safe on password (algorithm is not specifically designated by the present invention).Define hash function H1:{0,1}*→ZN With
Further, represented to simplify, using by ZNPrivate key of the element as Sig algorithms.In actual use, may be used To use hash function from ZNElement in calculate signature key.
Further, in the present embodiment, also provide user and authorize and cancel algorithm.
When in individual data owner's scene:
Assuming that user B intentionally gets mandate, (time AT can be authorized on January 1,1 day to 2017 January in 20161= " 20160101-20170101 ") during in data owner A1Data scan for, he must be information (B, AT1) send Give data owner A1To apply authorizing.If allow to authorize, A1Can be that B generates the certificate of authority.
WhereinPrivate key skΣUser B is sent to by secret.It is sent to KGC, CP, CSP and B.Work as AT1When expired, mandate will cease to be in force automatically.
If A1Want in AT1Revocation B privilege in period, it must generate cancellation of doucment Wherein RT is the revocation time.Then,It is sent to KGC, CP, CSP And B.
When in multiple data owner's scenes:
Assuming that user B is wanted simultaneously to multiple data owner (A1,...,Am) document inquired about, he firstly the need of From (A1,...,Am) the authorized certificate in placeThen he applies for search access right to KGC.Confirming certificate After validity, KGC calculates licensing term ATΣ=AT1∩...ATm.Then KGC generates certificate of authority CERΣ,B
<Cer=(A1,...,Am,B,ATΣ,pkΣ),Sig(cer,MSK)>,
WhereinskΣ=H1(A1,...,Am,B,ATΣ,MSK)。skΣUser B, pk are sent to by secretΣTo CP, CSP and B are disclosed.
If to authorize term of validity ATΣInterior revocationKGC generation cancellation of doucment RVKΣ,B:<Rvk=(CERΣ,B, Revoke, RT), Sig (rvk, MSK)>, wherein RT is the revocation time.Then KGC is RVKΣ,BIt is sent to CP, CSP and B.
Further, in the present embodiment, in encrypting stage, it is assumed that data owner AiWant documentUpload to Cloud Server, according to following steps encryption data.Fig. 3 is the schematic diagram of AES.
1. data owner extracts one group of keyword set firstTo describe document.In order to distinguish keyword Importance, AiDifferent weights is set for keywordThere are many methods to calculate keyword weight, such as TF-IDF (term frequency-inverse document frequency).(present invention does not specify tool to a kind of method for defining keyword weight of data owner's selection Body method).
2.AiObtained using K2C algorithm for encryption keywordsObtained using PCTD algorithm for encryption keyword weights ArriveKeyword/keyword weight is to being expressed as
3. utilize PCTD algorithm for encryption document identitiesWith document encryption key Kγj∈ZNObtainWith
4. utilize hash functionIt is rightIt is calculatedThen AiUsing symmetrical AES SEnc encrypted documentsObtain ciphertext
5.AiEncrypted indexesAnd encrypted documentCloud platform is arrived in outsourcing storage.
Further, if keyword weight is decimal (such as TF-IDF value), data owner can use an integer (10 or 100) are multiplied by the weight of each keyword respectively so that these decimals may map to ZNIn.
Further, in the present embodiment, inquired about in inquiry phase, user B generation trapdoors, as shown in Figure 4.
1.B given query keywordsWith the preference fraction of searching keywordPreference fraction representation The importance of keyword in inquiry.
2.B is obtained using K2C algorithm for encryption searching keywordsUtilize PCTD algorithm for encryption preferences Fraction obtainsOrder
3.B uses private key skBTo inquirySigned and generate signature
Inquiries of the 4.B encryptionSignatureWith identity UserBIt is sent to CP.
Further, in the present embodiment, in the search phase, after receiving keyword search request, CP first examines use Family B whether Internet access data.If B has permission, CP uses B public key pkBRevene lookupSignatureIfNothing Effect, CP can refuse inquiry request.Otherwise, CP can respond to searching request.
1.CP is first every document calculations encrypted queryWith the relevance score of encrypted indexes.
2. then CP can return to the higher preceding k pieces document of relevance score.
Idiographic flow includes:
A. relevance score calculates.
In order to calculate the relevance score between inquiry and document index, the present invention devises cross-domain safe multi-key word and searched Suo Xieyi (MKS:secure multiple keyword search protocol across domains).
The input of MKS agreements is encrypted indexesAnd encrypted queryWhereinExport the relevance score for encryption
For each searching keyword Yj(1≤j≤n2), MKS agreements calculate the relevance score of it and encrypted indexes.Association View first calculates YjAnd Xi(1≤i≤n1) relevance score (the third line).
1. fourth line, utilize KET algorithm checks XiWhether Y is equal toj.If Xi=Yj, outputOtherwise
2. fifth line, by keyword weight αiWith preference fraction βjIt is multiplied:
3. the 6th row, if Xi=Yj, due toXiAnd YjThe degree of correlation FractionIf Xi≠Yj, due toThen
4. the 7th row, relevance score siIt is added with I:
After calculating relevance score,It is converted into As shown in Figure 5.
B.Top-k sorts.
After calculating relevance score, k pieces encrypted document before being returned according to relevance score.The requirement of Top-k sequences is as follows It is shown:In sequencer procedure, the relevance score information of encryption can not be leaked to CP and CSP, i.e. CP and CSP, which do not know, to be returned to Which document user's is.In order to realize that top-k sorts, the present invention devises the agreement of three protection privacies.
1. the maximum agreement (MAX) of choosing of cross-domain safety selects relevance score highest text in two encrypted documents Shelves.
2. the cross-domain maximum n of safety chooses agreement (MAXn) using MAX agreements select relevance score most in n piece documents High document.
3. cross-domain safe top-k data retrievals agreement (Top-K) utilizes MAXnAgreement selects relevance score highest Preceding k pieces document.
B.1 cross-domain safety is maximum chooses agreement (MAX)
It is givenWith(by different keys It is encrypted), the output of MAX agreementsSo thatIDU, KUIts text is corresponded to respectively Shelves number and document encryption key.In the protocol, CP and CSP can not distinguish TUSource, that is, cannot distinguish between TUCome fromOr It isMAX agreements have three steps, and need CP and CSP to interact and perform.
Step 1:CP is calculated
IfAndThen have
CP randomly selects r1,r2,r3,r4∈ZN, whereinThen CP toss a coin s at random1,s2∈{0,1}。
If s=1, CP and CSP are calculated
If s=0, CP and CSP are calculated
CP utilizes key SK1CalculateAnd C1'、C1、C2、C3、C4It is sent to CSP.
Step 2:CSP receives C1'、C1、C2、C3、C4Afterwards, key SK is utilized2Calculate
IfCSP sets α=0, calculates
IfCSP sets α=1, calculates C5=CR (C2), C6=CR (C3), C7=CR (C4)。
Then CSP is encryptedAnd handleIt is sent to CP.
Step 3:CP is receivedAfterwards, following calculating can be performed:
If s=1, CP and CSP are calculated
If s=0, CP and CSP are calculated
Wherein, IUIt isWithLarger number in two numbers.
B.2:The cross-domain maximum n of safety chooses agreement (MAXn)。
The document T of n encryption of input1,...,Tn, MAXnAgreement exports
So that IMAX=max (I1,...,In), IDMAX, KMAXIts number of documents and document encryption key are corresponded to respectively.In agreement In, CP and CSP can not identify TMAXSource, that is, cannot distinguish between TMAXCome from T1,...,TnIn that tuple.
As shown in fig. 6, MAXnAgreement needsWheel is operated to find out maximum tuple.In each round, MAX agreements are utilized The encrypted document adjacent to two carries out calculating the maximum tuple selected in them.After wheel, it becomes possible to obtain most Big tuple TMAX
B.3:Cross-domain safe top-k data retrievals agreement (Top-K).
The document T of n encryption of input1,...,Tn, Top-K agreements output relevance score highest k piece documents.
First, null set S is initializedaTo store k result and set Sb={ T1,...,Tn}.Top-K agreements need k to take turns Operation can just obtain result.Each round, consultation find out maximum tuple.The operation of each round is as follows.
1. 3-4 rows, perform MAXnAgreement obtains the maximum tuple of the i-th wheel It is added to set SaIn.
2. 5-7 rows, for SbIn each tuple for encrypting, CP and CSP are calculated
IfThen haveOtherwiseThen CP utilizes key SK1To VjDecrypt part Arrive
3. eighth row, in order to hide cleartext information, CP utilizes πiTo (Vj,Vj') enter line replacement and obtain And send it to CSP.
4. 9-14 rows, CSP pairsIt is decrypted to obtain βj(1≤j≤n).If βj=0, CSP are setOtherwise
5. the 15th row, CP are receivedAfterwards, first with displacement inverse operation πi -1Recover original series (A1,...An).ForSource tuple Tζ, the agreement calculatesFor other tuples, the agreement calculates
6. 16-18 rows, renewalPass through calculating
Source tuple TζInIt can be configured toFor other tuples (1≤j≤n and j ≠ ζ), lead to Cross calculating It will not change.After k wheel operations, Sa The higher tuple of k relevance score can be included.
Further, in the present embodiment, in decryption phase, after user B receives k piece encrypted documents.Utilize public key pkΣ To recover relevance score Ii, number of documents IDiWith key Ki(1≤i≤k).Followed by Private information retrieval (PIR) or not The method of careful internal storage access (ORAM), user safely obtains encryption file at CP, without leaking access module.User B first recovers document encryption key K, then calculatesAnd recover document M using K'.
Further, in the present embodiment, in multi-key word sequence can search for encipherment scheme (MRSE), Cloud Server is received After the request for carrying out multi-key word search to encryption data to user, k piece documents before degree of correlation highest can be returned.Protecting On the premise of availability of data, there is provided a kind of effective means that data-privacy is protected in cloud storage system.It is many existing MRSE systems are based on KNN-SE (the k nearest neighbor algorithms that can search for encryption) architecture design.But KNN-SE frameworks are present very More defects.The present invention proposes a kind of new MRSE systems, overcomes institute present in the MRSE systems based on KNN-SE frameworks It is defective.New system need not predefine keyword set, and it supports the keyword search of any language, there is provided flexibly searches Rope authority is authorized and user's revocation mechanism based on time control.In the present invention, which document of Cloud Server None- identified is K piece documents before the correlation highest of user are returned to, therefore it realizes more preferable data-privacy protection.
Above is presently preferred embodiments of the present invention, all changes made according to technical solution of the present invention, caused function are made During with scope without departing from technical solution of the present invention, protection scope of the present invention is belonged to.

Claims (10)

1. a kind of multi-user's multi-key word for supporting any language to inquire about sequence can search for encryption system, it is characterised in that including:
Key generation centre KGC, it is that each entity in system generates key;
Cloud platform CP, the document of user is stored in an encrypted form, respond the data retrieval request of user;
Calculate service provider CSP, there is provided in the online calculation server of line computation;
Data owner, to keyword and file encryption, and send it to the cloud platform CP and stored;
User, generation keyword trapdoor initiate data retrieval request to the cloud platform CP.
2. the multi-user's multi-key word sequence according to claim 1 for supporting any language inquiry can search for encryption system, Characterized in that, KeyGens of the key generation centre KGC by the Paillier cryptographic systems with thresholding decryption function Algorithm, key generation centre KGC generation system common parameter PP=(g, N), main private key MSK=λ and user AiPublic/private keys It is rightWithKey generation centre KGC is private keyThe user A being sent in user owneri, and it is open public KeyKey generation centre KGC calculates Your Majesty's key MPK=gλ;Key generation centre KGC stores main private key MSK, and open system Unite common parameter PP;Key generation centre KGC performs the master key point of the Paillier cryptographic systems with thresholding decryption function Split algorithm, generating portion key SK11And SK22, and secret is sent to the cloud platform CP respectively and described calculate services Provider CSP.
3. the multi-user's multi-key word sequence according to claim 1 for supporting any language inquiry can search for encryption system, Characterized in that, a user B is by information (B, AT1) it is sent to the data owner A1, apply authorizing time AT1In period, To data owner A1The mandate that scans for of data;If allowing to authorize, the data owner A1Awarded for user B generations Warrant book:
<mrow> <msub> <mi>CER</mi> <mrow> <msub> <mi>A</mi> <mn>1</mn> </msub> <mo>,</mo> <mi>B</mi> </mrow> </msub> <mo>=</mo> <mo>&lt;</mo> <mi>c</mi> <mi>e</mi> <mi>r</mi> <mo>=</mo> <mrow> <mo>(</mo> <msub> <mi>A</mi> <mn>1</mn> </msub> <mo>,</mo> <mi>B</mi> <mo>,</mo> <msub> <mi>AT</mi> <mn>1</mn> </msub> <mo>,</mo> <msub> <mi>pk</mi> <mi>&amp;Sigma;</mi> </msub> <mo>)</mo> </mrow> <mo>,</mo> <mi>S</mi> <mi>i</mi> <mi>g</mi> <mrow> <mo>(</mo> <mi>c</mi> <mi>e</mi> <mi>r</mi> <mo>,</mo> <msub> <mi>sk</mi> <msub> <mi>A</mi> <mn>1</mn> </msub> </msub> <mo>)</mo> </mrow> <mo>&gt;</mo> <mo>;</mo> </mrow>
Wherein,Private key skΣUser B is sent to by secret;It is sent to institute State key generation centre KGC, the cloud platform CP, the calculating service provider CSP and user B;AT between when authorized1It is expired When, mandate will cease to be in force automatically;Sig/Verify is signature/verification algorithm safe on password, note hash function H1:{0,1}*→ ZNWith For symmetric key space;
If data owner A1Authorizing time AT1Interior revocation user B privilege, then generate cancellation of doucment:
<mrow> <msub> <mi>RVK</mi> <mrow> <msub> <mi>A</mi> <mn>1</mn> </msub> <mo>,</mo> <mi>B</mi> </mrow> </msub> <mo>:</mo> <mo>&lt;</mo> <mi>r</mi> <mi>v</mi> <mi>k</mi> <mo>=</mo> <mrow> <mo>(</mo> <msub> <mi>CER</mi> <mrow> <msub> <mi>A</mi> <mn>1</mn> </msub> <mo>,</mo> <mi>B</mi> </mrow> </msub> <mo>,</mo> <mi>r</mi> <mi>e</mi> <mi>v</mi> <mi>o</mi> <mi>k</mi> <mi>e</mi> <mo>,</mo> <mi>R</mi> <mi>T</mi> <mo>)</mo> </mrow> <mo>,</mo> <mi>S</mi> <mi>i</mi> <mi>g</mi> <mrow> <mo>(</mo> <mi>r</mi> <mi>v</mi> <mi>k</mi> <mo>,</mo> <msub> <mi>sk</mi> <msub> <mi>A</mi> <mn>1</mn> </msub> </msub> <mo>)</mo> </mrow> <mo>&gt;</mo> <mo>;</mo> </mrow>
Wherein, RT is the revocation time;Cancellation of doucmentBe sent to the key generation centre KGC, the cloud platform CP, The calculating service provider CSP and user B.
4. the multi-user's multi-key word sequence according to claim 1 for supporting any language inquiry can search for encryption system, Characterized in that, a user B is simultaneously to multiple data owner (A1,...,Am) document inquired about, then from the plurality of data Owner (A1,...,Am) the authorized certificate in placeUser B applies inquiring about to the key generation centre KGC Authority, after the validity of certificate is confirmed, the key generation centre KGC calculates licensing term ATΣ=AT1∩...ATm, generation Certificate of authority CERΣ,B
<Cer=(A1,...,Am,B,ATΣ,pkΣ),Sig(cer,MSK)>,
Wherein,skΣ=H1(A1,...,Am,B,ATΣ,MSK);skΣIt is sent to user B, pkΣTo the cloud platform CP, the calculating service provider CSP and user B are disclosed;Sig/Verify is signature/verification algorithm safe on password, note Hash function H1:{0,1}*→ZNWith For symmetric key space;
If to authorize term of validity ATΣInterior revocationThe key generation centre KGC generates cancellation of doucment:
RVKΣ,B:<Rvk=(CERΣ,B,revoke,RT),Sig(rvk,MSK)>;
Wherein, RT is the revocation time;The key generation centre KGC is RVKΣ,BIt is sent to the cloud platform CP, described calculate takes Be engaged in provider CSP and user B.
5. the multi-user's multi-key word sequence according to claim 1 for supporting any language inquiry can search for encryption system, Characterized in that, data owner AiAccording to following steps to documentData are encrypted, upload to the cloud platform CP:
Step S11:Data owner AiExtract one group of keyword set for describing documentAnd set not for keyword Same weightRemember hash function H1:{0,1}*→ZNWith For symmetric key space;
Step S12:Data owner AiCiphertext algorithm K2C cryptography key words are converted by keyword to obtainObtained by the Paillier cryptosystem encryption keyword weights that function is decrypted with thresholdingKeyword/keyword weight is to being expressed as
Step S13:By the Paillier cryptosystem algorithm encrypted document identity that function is decrypted with thresholdingAnd text Shelves encryption keyObtainWith
Step S14:Utilize hash functionIt is rightCalculated, obtainedData owner Ai Utilize symmetric encipherment algorithm SEnc encrypted documentsObtain ciphertext:Wherein, SEnc/SDec is password Upper safe symmetric cryptography/decipherment algorithm;
Step S15:Data owner AiEncrypted indexesAnd ciphertextCloud is arrived in outsourcing storage Platform CP.
6. the multi-user's multi-key word sequence according to claim 1 for supporting any language inquiry can search for encryption system, Characterized in that, in inquiry phase, user B generation trapdoors are inquired about:
Step S21:User B determines searching keywordWith the preference fraction of searching keywordPreference point Number represents the importance of keyword in inquiry;
Step S22:User B converts ciphertext algorithm K2C encrypted query keywords by keyword and obtainedProfit Obtained with the Paillier cryptosystem encryption preference fractions by decrypting function with thresholdingOrder
Step S23:User B uses private key skBTo inquirySigned and generate signature
Step S24:Inquiries of the user B encryptionSignatureWith identity UserBIt is sent to cloud platform CP.
7. the multi-user's multi-key word sequence according to claim 1 for supporting any language inquiry can search for encryption system, Characterized in that, receive keyword search request after, cloud platform CP first examine user B whether Internet access data;If with Family B has permission, and cloud platform CP uses user B public key pkBRevene lookupSignatureIf signatureIt is invalid, cloud platform CP Refuse user's B inquiry requests;Otherwise, cloud platform CP can respond to searching request, and cloud platform CP is first every document meter Calculate encrypted queryWith the relevance score of encrypted indexes;Then cloud platform CP returns to k piece documents before relevance score highest.
8. the multi-user's multi-key word sequence according to claim 7 for supporting any language inquiry can search for encryption system, It is every document calculations encrypted query characterized in that, by using cross-domain safe multi-key word search protocol MKSAnd encryption The relevance score of index.
9. the multi-user's multi-key word sequence according to claim 7 for supporting any language inquiry can search for encryption system, Characterized in that, the cloud platform CP returns to k piece documents before relevance score highest as follows:
Step S31:Agreement MAX is chosen by using cross-domain safety is maximum, relevance score is selected in two encrypted documents Highest document;
Step S32:Agreement MAX is chosen by using the maximum n of cross-domain safetyn, using Hu step S31 result of calculation, in n pieces text Relevance score highest document is selected in shelves;
Step S33:By using cross-domain safe top-k data retrievals agreement Top-K, using step S32 result of calculation, choose Go out k piece documents before relevance score highest.
10. the multi-user's multi-key word sequence according to claim 1 for supporting any language inquiry can search for encryption system, Characterized in that, after user B receives k piece encrypted documents, pass through public key pkΣ, recover relevance score Ii, number of documents IDiAnd text Shelves encryption key Ki, 1≤i≤k;By Private information retrieval PIR or careless internal storage access ORAM method, user B from Encryption file is obtained at cloud platform CP, without leaking access module;User B first recovers document encryption key K, then calculatesAnd recover document M, hash function H using K'1:{0,1}*→ZNWith For symmetric key Space.
CN201710614034.3A 2017-07-25 2017-07-25 Multi-user multi-keyword sequencing searchable encryption system supporting query in any language Active CN107491497B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710614034.3A CN107491497B (en) 2017-07-25 2017-07-25 Multi-user multi-keyword sequencing searchable encryption system supporting query in any language

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710614034.3A CN107491497B (en) 2017-07-25 2017-07-25 Multi-user multi-keyword sequencing searchable encryption system supporting query in any language

Publications (2)

Publication Number Publication Date
CN107491497A true CN107491497A (en) 2017-12-19
CN107491497B CN107491497B (en) 2020-08-11

Family

ID=60644947

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710614034.3A Active CN107491497B (en) 2017-07-25 2017-07-25 Multi-user multi-keyword sequencing searchable encryption system supporting query in any language

Country Status (1)

Country Link
CN (1) CN107491497B (en)

Cited By (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108156140A (en) * 2017-12-13 2018-06-12 西安电子科技大学 A kind of multiple key that numerical attribute is supported to compare can search for encryption method
CN108599937A (en) * 2018-04-20 2018-09-28 西安电子科技大学 A kind of public key encryption method that multiple key can search for
CN108632032A (en) * 2018-02-22 2018-10-09 福州大学 The safe multi-key word sequence searching system of no key escrow
CN108768608A (en) * 2018-05-25 2018-11-06 电子科技大学 The secret protection identity identifying method of thin-client is supported at block chain PKI
CN109492410A (en) * 2018-10-09 2019-03-19 华南农业大学 Data can search for encryption and keyword search methodology, system and terminal, equipment
CN109728910A (en) * 2018-12-27 2019-05-07 北京永恒纪元科技有限公司 A kind of efficient thresholding distribution elliptic curve key generates and endorsement method and system
CN110059148A (en) * 2019-04-24 2019-07-26 上海交通大学 The accurate searching method that spatial key applied to electronic map is inquired
CN110069592A (en) * 2019-04-24 2019-07-30 上海交通大学 The searching method that spatial key applied to electronic map is inquired
CN110162999A (en) * 2019-05-08 2019-08-23 湖北工业大学 A kind of income distribution difference Gini coefficient measure based on secret protection
CN110224978A (en) * 2019-04-30 2019-09-10 济南汇通远德科技有限公司 A method of video retrospect is realized based on cloud service
CN110222081A (en) * 2019-06-08 2019-09-10 西安电子科技大学 Data cryptogram search method based on fine granularity sequence under multi-user environment
CN110245170A (en) * 2019-04-19 2019-09-17 联通系统集成有限公司 Data processing method and system
CN111404679A (en) * 2020-03-10 2020-07-10 上海市大数据中心 Big data oriented security authentication ciphertext retrieval method
CN111913981A (en) * 2020-06-09 2020-11-10 华南理工大学 Online and offline attribute-based boolean keyword searchable encryption method and system
CN112733193A (en) * 2021-01-22 2021-04-30 福州大学 Auditable anonymity predicate retrieval system and method based on time control
CN112765669A (en) * 2021-02-01 2021-05-07 福州大学 Regular language searchable encryption system based on time authorization
CN114357477A (en) * 2021-12-15 2022-04-15 华南理工大学 Boolean keyword searchable encryption method supporting large-scale user group
CN114884660A (en) * 2022-07-12 2022-08-09 西南石油大学 Searchable encryption method based on wildcard identity
CN115563634A (en) * 2022-09-29 2023-01-03 北京海泰方圆科技股份有限公司 Retrieval method, device, equipment and medium
WO2023019762A1 (en) * 2021-08-19 2023-02-23 深圳技术大学 Storage and similarity retrieval methods and apparatuses for encrypted document, device, and medium
CN116150795A (en) * 2023-04-17 2023-05-23 粤港澳大湾区数字经济研究院(福田) Homomorphic encryption-based data processing method, system and related equipment

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130148803A1 (en) * 2011-12-09 2013-06-13 Electronics And Telecommunications Research Institute Multi-user searchable encryption system and method with index validation and tracing
CN103955537A (en) * 2014-05-16 2014-07-30 福州大学 Method and system for designing searchable encrypted cloud disc with fuzzy semantics
US20150229611A1 (en) * 2014-02-13 2015-08-13 Infosys Limited Keyword ordered storage, search and retrieval on encrypted data for multiuser scenario
CN105024802A (en) * 2015-07-13 2015-11-04 西安理工大学 Bilinear pairing-based multi-user multi-keyword searchable encryption method in cloud storage
CN105681280A (en) * 2015-12-29 2016-06-15 西安电子科技大学 Searchable encryption method based on Chinese in cloud environment
CN105915520A (en) * 2016-04-18 2016-08-31 深圳大学 File storage and searching method based on public key searchable encryption, and storage system
CN106407447A (en) * 2016-09-30 2017-02-15 福州大学 Simhash-based fuzzy sequencing searching method for encrypted cloud data

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130148803A1 (en) * 2011-12-09 2013-06-13 Electronics And Telecommunications Research Institute Multi-user searchable encryption system and method with index validation and tracing
US20150229611A1 (en) * 2014-02-13 2015-08-13 Infosys Limited Keyword ordered storage, search and retrieval on encrypted data for multiuser scenario
CN103955537A (en) * 2014-05-16 2014-07-30 福州大学 Method and system for designing searchable encrypted cloud disc with fuzzy semantics
CN105024802A (en) * 2015-07-13 2015-11-04 西安理工大学 Bilinear pairing-based multi-user multi-keyword searchable encryption method in cloud storage
CN105681280A (en) * 2015-12-29 2016-06-15 西安电子科技大学 Searchable encryption method based on Chinese in cloud environment
CN105915520A (en) * 2016-04-18 2016-08-31 深圳大学 File storage and searching method based on public key searchable encryption, and storage system
CN106407447A (en) * 2016-09-30 2017-02-15 福州大学 Simhash-based fuzzy sequencing searching method for encrypted cloud data

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
XIMENG LIU等: "An Efficient Privacy-Preserving Outsourced Calculation Toolkit With Multiple Keys", 《IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY》 *
ZHANGJIE FU等: "Toward Efficient Multi-Keyword Fuzzy Search Over Encrypted Outsourced Data With Accuracy Improvement", 《IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY 》 *
吴阳等: "加密云数据下的关键词模糊搜索方案", 《计算机工程与应用》 *
杨旸等: "具有细粒度访问控制的隐藏关键词可搜索加密方", 《工程学报》 *
闫文婷: "基于云环境下排序的模糊关键字搜索", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Cited By (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108156140A (en) * 2017-12-13 2018-06-12 西安电子科技大学 A kind of multiple key that numerical attribute is supported to compare can search for encryption method
CN108156140B (en) * 2017-12-13 2020-10-30 西安电子科技大学 Multi-keyword searchable encryption method supporting numerical value attribute comparison
CN108632032A (en) * 2018-02-22 2018-10-09 福州大学 The safe multi-key word sequence searching system of no key escrow
CN108599937A (en) * 2018-04-20 2018-09-28 西安电子科技大学 A kind of public key encryption method that multiple key can search for
CN108599937B (en) * 2018-04-20 2020-10-09 西安电子科技大学 Multi-keyword searchable public key encryption method
CN108768608A (en) * 2018-05-25 2018-11-06 电子科技大学 The secret protection identity identifying method of thin-client is supported at block chain PKI
CN108768608B (en) * 2018-05-25 2020-05-12 电子科技大学 Privacy protection identity authentication method supporting thin client under block chain PKI
CN109492410A (en) * 2018-10-09 2019-03-19 华南农业大学 Data can search for encryption and keyword search methodology, system and terminal, equipment
CN109492410B (en) * 2018-10-09 2020-09-01 华南农业大学 Data searchable encryption and keyword search method, system, terminal and equipment
CN109728910A (en) * 2018-12-27 2019-05-07 北京永恒纪元科技有限公司 A kind of efficient thresholding distribution elliptic curve key generates and endorsement method and system
CN110245170A (en) * 2019-04-19 2019-09-17 联通系统集成有限公司 Data processing method and system
CN110059148A (en) * 2019-04-24 2019-07-26 上海交通大学 The accurate searching method that spatial key applied to electronic map is inquired
CN110069592A (en) * 2019-04-24 2019-07-30 上海交通大学 The searching method that spatial key applied to electronic map is inquired
CN110224978A (en) * 2019-04-30 2019-09-10 济南汇通远德科技有限公司 A method of video retrospect is realized based on cloud service
CN110162999A (en) * 2019-05-08 2019-08-23 湖北工业大学 A kind of income distribution difference Gini coefficient measure based on secret protection
CN110162999B (en) * 2019-05-08 2022-06-07 湖北工业大学 Income distribution difference kini coefficient measurement method based on privacy protection
CN110222081A (en) * 2019-06-08 2019-09-10 西安电子科技大学 Data cryptogram search method based on fine granularity sequence under multi-user environment
CN110222081B (en) * 2019-06-08 2022-04-19 西安电子科技大学 Data ciphertext query method based on fine-grained sequencing in multi-user environment
CN111404679A (en) * 2020-03-10 2020-07-10 上海市大数据中心 Big data oriented security authentication ciphertext retrieval method
CN111913981A (en) * 2020-06-09 2020-11-10 华南理工大学 Online and offline attribute-based boolean keyword searchable encryption method and system
CN111913981B (en) * 2020-06-09 2022-04-22 华南理工大学 Online and offline attribute-based boolean keyword searchable encryption method and system
CN112733193A (en) * 2021-01-22 2021-04-30 福州大学 Auditable anonymity predicate retrieval system and method based on time control
CN112733193B (en) * 2021-01-22 2023-04-07 福州大学 Auditable anonymity predicate retrieval system and method based on time control
CN112765669A (en) * 2021-02-01 2021-05-07 福州大学 Regular language searchable encryption system based on time authorization
CN112765669B (en) * 2021-02-01 2023-04-18 福州大学 Regular language searchable encryption system based on time authorization
WO2023019762A1 (en) * 2021-08-19 2023-02-23 深圳技术大学 Storage and similarity retrieval methods and apparatuses for encrypted document, device, and medium
CN114357477A (en) * 2021-12-15 2022-04-15 华南理工大学 Boolean keyword searchable encryption method supporting large-scale user group
CN114357477B (en) * 2021-12-15 2023-07-18 华南理工大学 Boolean keyword searchable encryption method supporting large-scale user group
CN114884660A (en) * 2022-07-12 2022-08-09 西南石油大学 Searchable encryption method based on wildcard identity
CN114884660B (en) * 2022-07-12 2022-09-20 西南石油大学 Searchable encryption method based on wildcard identity
CN115563634A (en) * 2022-09-29 2023-01-03 北京海泰方圆科技股份有限公司 Retrieval method, device, equipment and medium
CN115563634B (en) * 2022-09-29 2023-08-15 北京海泰方圆科技股份有限公司 Retrieval method, device, equipment and medium
CN116150795A (en) * 2023-04-17 2023-05-23 粤港澳大湾区数字经济研究院(福田) Homomorphic encryption-based data processing method, system and related equipment

Also Published As

Publication number Publication date
CN107491497B (en) 2020-08-11

Similar Documents

Publication Publication Date Title
CN107491497A (en) Multi-user&#39;s multi-key word sequence of any language inquiry is supported to can search for encryption system
CN108632032B (en) Safe multi-keyword sequencing retrieval system without key escrow
CN107256248B (en) Wildcard-based searchable encryption method in cloud storage security
CN106803784B (en) Lattice-based multi-user fuzzy searchable encryption method in secure multimedia cloud storage
Wang et al. Secure ranked keyword search over encrypted cloud data
Wang et al. Enabling secure and efficient ranked keyword search over outsourced cloud data
CN106571905B (en) A kind of numeric type data homomorphism Order Preserving Encryption Method
CN103944711B (en) Cloud storage ciphertext retrieval method and system
CN107734054A (en) Encryption data searching system in safe cloud storage
Tian et al. Policy-based chameleon hash for blockchain rewriting with black-box accountability
CN106961427B (en) A kind of ciphertext data search method based on 5g communication standard
CN107547530A (en) On-line/off-line keyword search methodology and its cloud computing application system based on attribute under mobile cloud environment
CN115314295B (en) Block chain-based searchable encryption technical method
Gafsi et al. High securing cryptography system for digital image transmission
CN112989375A (en) Hierarchical optimization encryption lossless privacy protection method
Rajan et al. Dynamic multi-keyword based search algorithm using modified based fully homomorphic encryption and Prim’s algorithm
Jiang et al. Encryption switching service: Securely switch your encrypted data to another format
Moe et al. Enhanced honey encryption algorithm for increasing message space against brute force attack
CN105721146A (en) Big data sharing method for cloud storage based on SMC
Jones et al. Information Security: A Coordinated Strategy to Guarantee Data Security in Cloud Computing
Park et al. PKIS: practical keyword index search on cloud datacenter
CN112733192A (en) Judicial electronic evidence system and method based on alliance chain and homomorphic encryption
Liu et al. On enabling attribute-based encryption to be traceable against traitors
Woodruff et al. Private inference control
Zhao et al. Efficient construction for full black-box accountable authority identity-based encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant