CN107491497A - Multi-user's multi-key word sequence of any language inquiry is supported to can search for encryption system - Google Patents
Multi-user's multi-key word sequence of any language inquiry is supported to can search for encryption system Download PDFInfo
- Publication number
- CN107491497A CN107491497A CN201710614034.3A CN201710614034A CN107491497A CN 107491497 A CN107491497 A CN 107491497A CN 201710614034 A CN201710614034 A CN 201710614034A CN 107491497 A CN107491497 A CN 107491497A
- Authority
- CN
- China
- Prior art keywords
- user
- key
- msub
- keyword
- cloud platform
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/30—Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/953—Querying, e.g. by the use of web search engines
- G06F16/9535—Search customisation based on user profiles and personalisation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
Abstract
The present invention relates to a kind of multi-user's multi-key word for supporting any language to inquire about sequence can search for encryption system, key generation centre, it is that each entity in system generates key;Cloud platform, the document of user is stored in an encrypted form, responds the data retrieval request of user;Calculate service provider, there is provided in the online calculation server of line computation;Data owner, to keyword and file encryption, and send it to the cloud platformStored;User, keyword trapdoor is generated to the cloud platformInitiate data retrieval request.A kind of multi-user's multi-key word for supporting any language to inquire about sequence proposed by the invention can search for encryption system; storage overhead is small; support any language; flexible licensing scheme and time-based user's revocation mechanism; simultaneously scan for the data of multiple data owners; flexible keyword weight and preference fraction are set, and protect privacy of user.
Description
Technical field
The present invention relates to a kind of multi-user's multi-key word for supporting any language to inquire about sequence can search for encryption system.
Background technology
Cloud computing provides abundant calculating and storage resource, attracts increasing personal and enterprise to deposit data outsourcing
Store up in Cloud Server.DEA can convert the data into unreadable ciphertext, but how to search for and share and add
The problem of ciphertext data is one challenging.Can search for encrypting (SE) is that the one kind for carrying out keyword search to encryption data has
Efficacious prescriptions method, have been widely used in fields such as medical treatment, intelligent grid, Internet of Things.In order to be realized by SE to encrypted document
Search, data owner needs to extract one group of keyword from document first, and is encrypted as encrypted indexes.Then, number
Encrypted indexes and encrypted document are uploaded into Cloud Server according to owner to be stored.In the data query stage, user, which generates, closes
Keyword trapdoor, and trapdoor is submitted into Cloud Server.Cloud Server is tested between trapdoor and encrypted indexes using matching algorithm
Incidence relation, the encrypted document containing keyword is returned to user afterwards.
Many existing SE systems only support single keyword search or are coupled keyword query, it is impossible to according to the degree of correlation point
Several documents to searching are ranked up.In order to improve search experience, it is thus proposed that multi-key word sequence can search for encryption equipment
Make (MRSE) so that a k pieces have the document of highest relevance score before Cloud Server returns, rather than all documents are to user.
But most of existing MRSE systems are all based on special k- arest neighbors (KNN) algorithm design, this kind of system architecture letter
Referred to as KNN-SE.The existing MRSE systems based on KNN-SE frameworks have many shortcomings, have compared with big limitation.Ensureing scheme
, it is necessary to design new MRSE systems to overcome these defects on the premise of efficiency and security.
2000, Song et al. proposed that safety can search for the concept of encryption first.Boneh et al. propose public key encryption and
Keyword search scheme.Curtmola and Cash et al. are realize enhanced scalability using can search for symmetric encryption scheme
System.2011, Cao et al. proposed the MRSE schemes for supporting single user, and it is based on KNN-SE frameworks.KNN-SE is a kind of symmetrical
Encryption system, it is quantified similarity and result is ranked up using " inner product similarity ".KNN-SE safe key is by two
Individual k × k matrix M1、M2With vectorial S ∈ { 0,1 }kForm (k is predefined keyword quantity when system is established).For every
Document, the keyword of extraction are mapped to vectorial I ∈ { 0,1 }k, vector in each whether all represent predefined keyword
It is present in document.Two vectorial I' and I " are split into then according to the vectorial S of instruction, vectorial I.I', I " respectively with Phase
Multiply to generate encrypted indexes.Generation trapdoor is similar with the process for generating encrypted indexes, and difference is the inquiry divided
Vectorial I' and I " respectively withIt is multiplied.In inquiry phase, relevance score is calculated using inner product.
Most MRSE systems are all based on KNN-SE architecture designs.Yu et al. proposes two-wheeled and can search for encryption system
Unite to realize sequence multi-key word search.They ensure the security of system using KNN-SE frameworks and order-preserving encryption technology.
Fu et al. proposes the multi-key word sorted search system for supporting synonym inquiry, and it is supported also based on KNN-SE framework systems
Synonym is inquired about and allows synonym to replace in data retrieval process.We make use of TF-IDF when extracting keyword
(term frequency-inverse document frequency) is used as keyword weight.Data owner must construct index tree and carry out acceleration search algorithm, this consumption
Many memory spaces.Later, they proposed the semantic search system based on keyword that can verify that, supported search result
Verifiability;One is devised based on the index tree of symbol to store " path " information, can be searched using the index tree to verify
Hitch fruit.
Sun et al. also proposed it is a kind of can verify that can search for encryption system support multi-key word search and similarity row
Sequence.They utilize the index structure based on tree, multidimensional algorithm and KNN-SE frameworks to improve search efficiency.Li et al. is by KNN-SE
Framework and blind storage method are combined to design MRSE systems.Then, they support boolean to look into using super increasing sequence to design
The new MRSE systems ask, such as " AND ", " OR " and " NO " operation.They also improve efficiency using sub- dictionary method is classified.
Xia et al. devises the index structure based on tree and improves search efficiency with " greedy depth-first search " algorithm.They also make
Indexed and inquired about with KNN-SE algorithm for encryption.Chen et al. devises hierarchy clustering method to realize more ways of search.Point
Layer method is based on Minimum relevance weight threshold design, and it can polymerize the document of encryption, and the packet of generation is divided into son
Collection, so as to realize faster search speed.Fu et al. is come using local sensitivity hash function, Bloom filter and KNN-SE frameworks
Realize that multi-key word is fuzzy and can search for encryption system.Although substantial amounts of MRSE systems are based on KNN-SE architecture designs,
In fact the framework has the shortcomings that several obvious.First, in system establishment stage, KNN-SE needs to predefine one group of keyword set
Close, if needing to define new keyword in system operation, whole system is required for rebuilding.Secondly, KNN-SE
Framework is a kind of symmetric key encryption systems, and therefore, data owner must reveal its private key so as to authorize inquiry power to user
Limit.3rd, in order to support the keyword retrieval of any language, it is necessary to predefined keyword quantity and matrix M1、M2Dimension all
To be astronomical figure, so the MRSE systems based on KNN-SE frameworks can not support the keyword search of any language.4th, meter
The file correlation fraction calculated is that in plain text, Cloud Server can obtain the statistical information of user data, such as height correlation
Document and high-frequency return to document.These information can reveal the privacy of user.
The content of the invention
It is an object of the invention to provide a kind of multi-user's multi-key word for supporting any language to inquire about sequence can search for adding
Close system, to overcome defect present in prior art.
To achieve the above object, the technical scheme is that:It is a kind of support any language inquire about multi-user it is how crucial
Word sequence can search for encryption system, including:
Key generation centre KGC, it is that each entity in system generates key;
Cloud platform CP, the document of user is stored in an encrypted form, respond the data retrieval request of user;
Calculate service provider CSP, there is provided in the online calculation server of line computation;
Data owner, to keyword and file encryption, and send it to the cloud platform CP and stored;
User, generation keyword trapdoor initiate data retrieval request to the cloud platform CP.
In an embodiment of the present invention, the key generation centre KGC passes through the Paillier with thresholding decryption function
The KeyGen algorithms of cryptographic system, key generation centre KGC generation system common parameter PP=(g, N), main private key MSK=λ and
User AiPublic/private keys pairWithKey generation centre KGC is private keyIt is sent in user owner
User Ai, and open public keyKey generation centre KGC calculates Your Majesty's key MPK=gλ;Key generation centre KGC storage masters
Private key MSK, and open system common parameter PP;It is close that key generation centre KGC performs the Paillier with thresholding decryption function
The master key splitting algorithm of code system, generating portion key SK1=λ1And SK2=λ2, and secret is sent to the cloud platform respectively
The CP and calculating service provider CSP.
In an embodiment of the present invention, a user B is by information (B, AT1) it is sent to the data owner A1, apply awarding
AT between temporary1In period, to data owner A1The mandate that scans for of data;If allowing to authorize, the data owner
A1The certificate of authority is generated for user B:
Wherein,Private key skΣUser B is sent to by secret;Sent
To the key generation centre KGC, the cloud platform CP, the calculating service provider CSP and user B;AT between when authorized1
When expired, mandate will cease to be in force automatically;Sig/Verify is signature/verification algorithm safe on password, note hash function H1:{0,
1}*→ZNAnd H2:ZN→ K, K are symmetric key space;
If data owner A1Authorizing time AT1Interior revocation user B privilege, then generate cancellation of doucment:
Wherein, RT is the revocation time;Cancellation of doucmentIt is sent to the key generation centre KGC, the cloud platform
CP, the calculating service provider CSP and user B.
In an embodiment of the present invention, a user B is simultaneously to multiple data owner (A1,...,Am) document looked into
Ask, then from the plurality of data owner (A1,...,Am) the authorized certificate in placeUser B gives birth to the key
Apply for search access right into center KGC, after the validity of certificate is confirmed, the key generation centre KGC calculates licensing term ATΣ
=AT1∩...ATm, generation certificate of authority CERΣ,B:
<Cer=(A1,...,Am,B,ATΣ,pkΣ),Sig(cer,MSK)>,
Wherein,skΣ=H1(A1,...,Am,B,ATΣ,MSK);skΣIt is sent to user B, pkΣTo the cloud
Platform CP, the calculating service provider CSP and user B are disclosed;Sig/Verify is that signature/verification safe on password is calculated
Method, note hash function H1:{0,1}*→ZNAnd H2:ZN→ K, K are symmetric key space;
If to authorize term of validity ATΣInterior revocationThe key generation centre KGC generates cancellation of doucment:
RVKΣ,B:<Rvk=(CERΣ,B,revoke,RT),Sig(rvk,MSK)>;
Wherein, RT is the revocation time;The key generation centre KGC is RVKΣ,BIt is sent to the cloud platform CP, the meter
Calculate service provider CSP and user B.
In an embodiment of the present invention, data owner AiAccording to following steps to documentData are encrypted, upload
To the cloud platform CP:
Step S11:Data owner AiExtract one group of keyword set for describing documentAnd it is keyword
Different weights is setRemember hash function H1:{0,1}*→ZNWith For symmetric key space;
Step S12:Data owner AiCiphertext algorithm K2C cryptography key words are converted by keyword to obtainObtained by the Paillier cryptosystem encryption keyword weights that function is decrypted with thresholdingKeyword/keyword weight is to being expressed as
Step S13:By the Paillier cryptosystem algorithm encrypted document identity that function is decrypted with thresholding
And document encryption keyObtainWith
Step S14:Utilize hash functionIt is rightCalculated, obtainedData possess
Person AiUtilize symmetric encipherment algorithm SEnc encrypted documentsObtain ciphertext:Wherein, SEnc/SDec is
Safe symmetric cryptography/decipherment algorithm on password;
Step S15:Data owner AiEncrypted indexesAnd ciphertextOutsourcing stores
To cloud platform CP.
In an embodiment of the present invention, inquired about in inquiry phase, user B generation trapdoors:
Step S21:User B determines searching keywordWith the preference fraction of searching keywordPartially
Good grades represent the importance of keyword in inquiry;
Step S22:User B converts ciphertext algorithm K2C encrypted query keywords by keyword and obtained
Obtained using the Paillier cryptosystem encryption preference fractions by decrypting function with thresholdingOrder
Step S23:User B uses private key skBTo inquirySigned and generate signature
Step S24:Inquiries of the user B encryptionSignatureWith identity UserBIt is sent to cloud platform CP.
In an embodiment of the present invention, after receiving keyword search request, cloud platform CP first examines whether user B has the right
Access data;If user B has permission, cloud platform CP uses user B public key pkBRevene lookupSignatureIf signatureIt is invalid, cloud platform CP refusal user's B inquiry requests;Otherwise, cloud platform CP can respond to searching request, and cloud platform CP
It is first every document calculations encrypted queryWith the relevance score of encrypted indexes;Then cloud platform CP returns to relevance score most
High preceding k pieces document.
In an embodiment of the present invention, it is every document calculations by using cross-domain safe multi-key word search protocol MKS
Encrypted queryWith the relevance score of encrypted indexes.
In an embodiment of the present invention, the cloud platform CP returns to a k pieces before relevance score highest as follows
Document:
Step S31:Agreement MAX is chosen by using cross-domain safety is maximum, the degree of correlation is selected in two encrypted documents
Fraction highest document;
Step S32:Agreement MAX is chosen by using the maximum n of cross-domain safetyn, using Hu step S31 result of calculation, in n
Relevance score highest document is selected in piece document;
Step S33:By using cross-domain safe top-k data retrievals agreement Top-K, using step S32 result of calculation,
Select k piece documents before relevance score highest.
In an embodiment of the present invention, after user B receives k piece encrypted documents, public key pk is passed throughΣ, recover the degree of correlation point
Number Ii, number of documents IDiWith document encryption key Ki, 1≤i≤k;Pass through Private information retrieval PIR or careless internal storage access
ORAM method, user B obtains encryption file at cloud platform CP, without leaking access module;User B first recovers document
Encryption key K, is then calculatedAnd recover document M, hash function H using K'1:{0,1}*→ZNWith For symmetric key space.
Compared to prior art, the invention has the advantages that:
1. storage overhead is small.Keyword set need not be predefined in system generation phase, can be appointed in the process of running
Meaning adds new keyword.
2. support any language.The present invention is encoded using Unicode to the keyword of any language, and using effectively
Mode be converted into ciphertext.
3. flexible licensing scheme and time-based user's revocation mechanism.System allows data owner specific at one
Search and decrypted rights are granted to user in period.When licensing term expires, system can cancel these users automatically
Search permission.In addition, system also provides the effective ways that authority revocation is carried out in licensing term for data owner.
4. simultaneously scan for the data of multiple data owners.In the present invention, as long as user just can be using a trapdoor simultaneously
The encrypted document of multiple data owners is scanned for.
5. flexible keyword weight and preference fraction are set.In encrypting stage, data owner can be according to keyword
Importance different keyword weights is set.In inquiry phase, user can be that multiple keywords of inquiry set difference
Preference fraction.In the search phase, encrypted form can be calculated according to keyword weight and preference fraction in Cloud Server
Relevance score, and preceding k pieces document is returned into data user
6. protect privacy of user.In existing MRSE systems, Cloud Server can obtain the correlation of each search document
Fraction is spent, and knows which document is maximally related.In the present invention, because the relevance score for returning to user is encryption
, Cloud Server is obtained less than any plaintext and statistical information from search result.
Brief description of the drawings
Fig. 1 is system framework figure in one embodiment of the invention.
Fig. 2 is the example schematic of K2C algorithms in one embodiment of the invention.
Fig. 3 is that ciphering process schematic diagram is intended in one embodiment of the invention.
Fig. 4 is query process schematic diagram in one embodiment of the invention.
Fig. 5 is that relevance score schematic diagram is calculated in one embodiment of the invention.
Fig. 6 is MAX in one embodiment of the inventionnThe schematic diagram of agreement.
Embodiment
Below in conjunction with the accompanying drawings, technical scheme is specifically described.
A kind of multi-user's multi-key word for supporting any language to inquire about sequence of the present invention can search for encryption system, as Fig. 1 is
The system architecture of the present invention, system include following several entities:
Key generation centre.Key generation centre (KGC) is completely believable, each entity generation being responsible in system
Key.
Cloud platform.Cloud platform (CP) has powerful storage and computing capability, and stores the document of user in an encrypted form.
CP is also responsive to the data retrieval request of user.
Calculate service provider.It is online calculation server to calculate service provider (CSP), has powerful calculating energy
Power.
Data owner.Data owner's cryptography key word and document, and send it to CP and stored.
User.User generates keyword trapdoor and initiates data retrieval request to CP.
Further, system need not predefine keyword set in establishment stage, can appoint in system operation
Meaning adds new keyword, significantly reduces storage overhead.The keyword of any language is encoded using Unicode,
And ciphertext is converted into by effective manner.User is allowed to simultaneously scan for multiple data owners' using a trapdoor
Document.Flexible licensing scheme and time-based user's revocation mechanism are provided.System allows data owner specific at one
Search and decrypted rights are granted to user in period.When licensing term expires, system can cancel these users automatically
Search permission.In addition, system also provides the effective ways that authority revocation is carried out in licensing term for data owner.
Further, there is provided flexible keyword weight and preference fraction are set.In encrypting stage, data owner can be with
Different keyword weights is set according to the importance of keyword.In inquiry phase, user can be multiple keys of inquiry
Word sets different preference fractions.In the search phase, Cloud Server can be calculated according to keyword weight and preference fraction
The relevance score of encrypted form, and k piece documents before degree of correlation highest are returned into data user.
In existing MRSE systems, Cloud Server can obtain the relevance score of each search document.Due to calculating
Relevance score be encryption, Cloud Server obtains less than any plaintext and statistical information from search result, effectively protects
Privacy of user is protected.
In order to allow those skilled in the art to further appreciate that system proposed by the invention, enter with reference to specific embodiment
Row explanation.
Further, in the present embodiment, using the Paillier cryptographic systems (PCTD that function is decrypted with thresholding:
Paillier Cryptosystem with Threshold Decryption), homomorphic cryptography is realized, can be in cloud platform
The privacy of the outer bag data of middle protection.Using homomorphism property, without ciphertext is decrypted, it is possible to directly carry out various meters
Calculate, calculated so as to can be achieved with safe outsourcing.In addition, its computing cost is opened less than the calculating needed for full homomorphic cryptography system
Pin.OrderRepresent X bit length.
Key generates:κ is security parameter, and p and q are two Big primes,Calculate N=pq, λ=lcm
(p-1, q-1)/2 (lcm represents the least common multiple of two numbers).Defined functionSelection generates first g and g
Rank be ord (g)=(p-1) (q-1)/2.System common parameter PP=(g, N), main private key SK=λ.System is every user i
Distribute private key ski∈ZNAnd public key
Encryption:For the plaintext m ∈ Z of inputN, user random selection r ∈ [1, N/4], use its public key pkiPlaintext m is added
It is close into ciphertextWhereinC2=gr mod N2。
Use private key for user skiDecryption:For the ciphertext of inputWith private key ski, we can be obtained bright by calculating
Text
It is decrypted using main private key SK:Using the main private key SK=λ of system, pass through
Calculating just can be to all ciphertext generated using public key encryptionIt is decrypted.(if gcd represents two numbers to gcd (λ, N)=1
Greatest common divisor) set up, then have
Main private key division:Main private key SK=λ can be with random splitting into two part SK1=λ1And SK2=λ2So that λ1+λ2
=0mod λ, λ1+λ2=1modN2。
Use SK1Carry out part decryption (PD1):For the ciphertext of inputSK can be utilized1=λ1To count
Calculate
Use SK2Carry out part decryption (PD2):For the ciphertext of inputWithSK can be utilized2=λ2To calculateIt can be recovered in plain text by calculating
Ciphertext updates (CR):CR algorithms are used to update ciphertext, by ciphertextChange into new ciphertextAnd m=m'.Randomly choose r' ∈ ZN, calculateC2'=C2·gr'modN2。
PCTD has isomorphism:For random r ∈ ZN,
The system has used following agreements, and these agreements are required for CP and CSP interacting operations to perform.pkAAnd pkBIt is user A
With B public key.pkΣIt is the joint public key defined for user A and B.
Cross-domain secure addition agreement (SAD):For what is givenWithIt is calculated
Cross-domain secure multiplication agreement (SMD):For what is givenWithIt is calculated
Further, in the present embodiment, in order to a keyword is encoded into set ZNIn an element, first
Each letter in keyword is converted into its ASCII character form, and hexadecimal ASCII character is then changed into the decimal system.Root
According to position of each letter in keyword, each element is multiplied by certain weight, the element weighted is added, then used
Big integer after addition is encrypted PCTD algorithms.The algorithm is referred to as keyword conversion ciphertext algorithm (K2C:keyword to
Ciphertext algorithm), as shown in Figure 3.
In order to which any keyword in any language is converted into ciphertext, without predefining keyword set, the present embodiment
Safety-critical word conversion ciphertext algorithm (K2C) is provided, is mainly included the following steps that:
1. each character (including spcial character) in a keyword changes into its unicode form (UTF-16:16
Unicode format transformations).2. each hexadecimal unicode is converted to decimal integer.3. according to each letter in key
Position in word, each element are multiplied by certain weight.4. all integers weighted are summed into big integer.5. use PCTD
The big integer of keyword is encrypted to ciphertext by algorithm and the public key of data owner.
Further, an example is given in Fig. 2 to illustrate how using K2C algorithms English, Chinese, Korean and day
The character string " keyword " of text is converted to ciphertext.It is worth noting that, K2C algorithms can successfully be converted to keyword uniquely
Big integer, successfully solve the problems, such as that other can search in AES using the error probability caused by Bloom filter.
Further, in the present embodiment, a kind of cryptography key word equivalence test protocol is also provided, the agreement is used to detect
Whether two keyword ciphertexts include identical keyword.With two keywords by different public key encryptionsWithAs
Input, cryptography key word equivalence test protocol KET output encrypted resultsTo represent whether two keywords are identical.If u*
=1, represent that two keywords are identicals;Otherwise u*=0.OrderCP and CSP interactions perform encryption and closed
Keyword equivalence test protocol KET.Realize in accordance with the following steps:
Step 1:1.CP is calculated
2.CP randomly selects r1、r2、r3、r4, make its satisfaction Connect
, CP toss a coin s at random1,s2∈{0,1}。
3.CP and CSP performs following operate
If s1=1,
If s1=0,
If s2=1,
If s2=0,
4.CP is calculated(l1,
l1',l2,l2') it is sent to CSP.
Step 2:CSP is decryptedIfCSP is set
u1'=0, otherwise u1'=1.IfCSP sets u2'=0, otherwise u2'=1.Then CSP utilizes public key pkΣ
U1', u2' be encrypted toAnd send it to CP.
Step 3:ReceiveAfterwards, CP is calculated as follows:
If s1=1, CP are calculatedOtherwise CP is calculated
If s2=1, CP are calculatedOtherwise CP is calculatedSuch as
Fruit u1=1, represent X >=Y;Otherwise u1=0.If u2=1, represent Y >=X;Otherwise u2=0.
Then CP and CSP is calculated
Further, in the present embodiment, key schedule uses the KeyGen algorithms by running PCTD, KGC lifes
Into system common parameter PP=(g, N), main private key MSK=λ and user AiPublic/private keys pairKGC
Secret is sent to user AiAnd discloseKGC calculates Your Majesty's key MPK=gλ.KGC secure store MSK, open PP.Then
The master key splitting algorithm that KGC performs PCTD generates part of key SK1=λ1And SK2=λ2, and respectively their secret transmissions
To CP and CSP.
SEnc/SDec is that (symmetric key space is symmetric cryptography/decipherment algorithm safe on password), Sig/Verify
It is signature/verification algorithm safe on password (algorithm is not specifically designated by the present invention).Define hash function H1:{0,1}*→ZN
With
Further, represented to simplify, using by ZNPrivate key of the element as Sig algorithms.In actual use, may be used
To use hash function from ZNElement in calculate signature key.
Further, in the present embodiment, also provide user and authorize and cancel algorithm.
When in individual data owner's scene:
Assuming that user B intentionally gets mandate, (time AT can be authorized on January 1,1 day to 2017 January in 20161=
" 20160101-20170101 ") during in data owner A1Data scan for, he must be information (B, AT1) send
Give data owner A1To apply authorizing.If allow to authorize, A1Can be that B generates the certificate of authority.
WhereinPrivate key skΣUser B is sent to by secret.It is sent to
KGC, CP, CSP and B.Work as AT1When expired, mandate will cease to be in force automatically.
If A1Want in AT1Revocation B privilege in period, it must generate cancellation of doucment Wherein RT is the revocation time.Then,It is sent to KGC, CP, CSP
And B.
When in multiple data owner's scenes:
Assuming that user B is wanted simultaneously to multiple data owner (A1,...,Am) document inquired about, he firstly the need of
From (A1,...,Am) the authorized certificate in placeThen he applies for search access right to KGC.Confirming certificate
After validity, KGC calculates licensing term ATΣ=AT1∩...ATm.Then KGC generates certificate of authority CERΣ,B:
<Cer=(A1,...,Am,B,ATΣ,pkΣ),Sig(cer,MSK)>,
WhereinskΣ=H1(A1,...,Am,B,ATΣ,MSK)。skΣUser B, pk are sent to by secretΣTo CP,
CSP and B are disclosed.
If to authorize term of validity ATΣInterior revocationKGC generation cancellation of doucment RVKΣ,B:<Rvk=(CERΣ,B,
Revoke, RT), Sig (rvk, MSK)>, wherein RT is the revocation time.Then KGC is RVKΣ,BIt is sent to CP, CSP and B.
Further, in the present embodiment, in encrypting stage, it is assumed that data owner AiWant documentUpload to
Cloud Server, according to following steps encryption data.Fig. 3 is the schematic diagram of AES.
1. data owner extracts one group of keyword set firstTo describe document.In order to distinguish keyword
Importance, AiDifferent weights is set for keywordThere are many methods to calculate keyword weight, such as
TF-IDF (term frequency-inverse document frequency).(present invention does not specify tool to a kind of method for defining keyword weight of data owner's selection
Body method).
2.AiObtained using K2C algorithm for encryption keywordsObtained using PCTD algorithm for encryption keyword weights
ArriveKeyword/keyword weight is to being expressed as
3. utilize PCTD algorithm for encryption document identitiesWith document encryption key Kγj∈ZNObtainWith
4. utilize hash functionIt is rightIt is calculatedThen AiUsing symmetrical
AES SEnc encrypted documentsObtain ciphertext
5.AiEncrypted indexesAnd encrypted documentCloud platform is arrived in outsourcing storage.
Further, if keyword weight is decimal (such as TF-IDF value), data owner can use an integer
(10 or 100) are multiplied by the weight of each keyword respectively so that these decimals may map to ZNIn.
Further, in the present embodiment, inquired about in inquiry phase, user B generation trapdoors, as shown in Figure 4.
1.B given query keywordsWith the preference fraction of searching keywordPreference fraction representation
The importance of keyword in inquiry.
2.B is obtained using K2C algorithm for encryption searching keywordsUtilize PCTD algorithm for encryption preferences
Fraction obtainsOrder
3.B uses private key skBTo inquirySigned and generate signature
Inquiries of the 4.B encryptionSignatureWith identity UserBIt is sent to CP.
Further, in the present embodiment, in the search phase, after receiving keyword search request, CP first examines use
Family B whether Internet access data.If B has permission, CP uses B public key pkBRevene lookupSignatureIfNothing
Effect, CP can refuse inquiry request.Otherwise, CP can respond to searching request.
1.CP is first every document calculations encrypted queryWith the relevance score of encrypted indexes.
2. then CP can return to the higher preceding k pieces document of relevance score.
Idiographic flow includes:
A. relevance score calculates.
In order to calculate the relevance score between inquiry and document index, the present invention devises cross-domain safe multi-key word and searched
Suo Xieyi (MKS:secure multiple keyword search protocol across domains).
The input of MKS agreements is encrypted indexesAnd encrypted queryWhereinExport the relevance score for encryption
For each searching keyword Yj(1≤j≤n2), MKS agreements calculate the relevance score of it and encrypted indexes.Association
View first calculates YjAnd Xi(1≤i≤n1) relevance score (the third line).
1. fourth line, utilize KET algorithm checks XiWhether Y is equal toj.If Xi=Yj, outputOtherwise
2. fifth line, by keyword weight αiWith preference fraction βjIt is multiplied:
3. the 6th row, if Xi=Yj, due toXiAnd YjThe degree of correlation
FractionIf Xi≠Yj, due toThen
4. the 7th row, relevance score siIt is added with I:
After calculating relevance score,It is converted into
As shown in Figure 5.
B.Top-k sorts.
After calculating relevance score, k pieces encrypted document before being returned according to relevance score.The requirement of Top-k sequences is as follows
It is shown:In sequencer procedure, the relevance score information of encryption can not be leaked to CP and CSP, i.e. CP and CSP, which do not know, to be returned to
Which document user's is.In order to realize that top-k sorts, the present invention devises the agreement of three protection privacies.
1. the maximum agreement (MAX) of choosing of cross-domain safety selects relevance score highest text in two encrypted documents
Shelves.
2. the cross-domain maximum n of safety chooses agreement (MAXn) using MAX agreements select relevance score most in n piece documents
High document.
3. cross-domain safe top-k data retrievals agreement (Top-K) utilizes MAXnAgreement selects relevance score highest
Preceding k pieces document.
B.1 cross-domain safety is maximum chooses agreement (MAX)
It is givenWith(by different keys
It is encrypted), the output of MAX agreementsSo thatIDU, KUIts text is corresponded to respectively
Shelves number and document encryption key.In the protocol, CP and CSP can not distinguish TUSource, that is, cannot distinguish between TUCome fromOr
It isMAX agreements have three steps, and need CP and CSP to interact and perform.
Step 1:CP is calculated
IfAndThen have
CP randomly selects r1,r2,r3,r4∈ZN, whereinThen CP toss a coin s at random1,s2∈{0,1}。
If s=1, CP and CSP are calculated
If s=0, CP and CSP are calculated
CP utilizes key SK1CalculateAnd C1'、C1、C2、C3、C4It is sent to CSP.
Step 2:CSP receives C1'、C1、C2、C3、C4Afterwards, key SK is utilized2Calculate
IfCSP sets α=0, calculates
IfCSP sets α=1, calculates C5=CR (C2), C6=CR (C3), C7=CR (C4)。
Then CSP is encryptedAnd handleIt is sent to CP.
Step 3:CP is receivedAfterwards, following calculating can be performed:
If s=1, CP and CSP are calculated
If s=0, CP and CSP are calculated
Wherein, IUIt isWithLarger number in two numbers.
B.2:The cross-domain maximum n of safety chooses agreement (MAXn)。
The document T of n encryption of input1,...,Tn, MAXnAgreement exports
So that IMAX=max (I1,...,In), IDMAX, KMAXIts number of documents and document encryption key are corresponded to respectively.In agreement
In, CP and CSP can not identify TMAXSource, that is, cannot distinguish between TMAXCome from T1,...,TnIn that tuple.
As shown in fig. 6, MAXnAgreement needsWheel is operated to find out maximum tuple.In each round, MAX agreements are utilized
The encrypted document adjacent to two carries out calculating the maximum tuple selected in them.After wheel, it becomes possible to obtain most
Big tuple TMAX。
B.3:Cross-domain safe top-k data retrievals agreement (Top-K).
The document T of n encryption of input1,...,Tn, Top-K agreements output relevance score highest k piece documents.
First, null set S is initializedaTo store k result and set Sb={ T1,...,Tn}.Top-K agreements need k to take turns
Operation can just obtain result.Each round, consultation find out maximum tuple.The operation of each round is as follows.
1. 3-4 rows, perform MAXnAgreement obtains the maximum tuple of the i-th wheel It is added to set SaIn.
2. 5-7 rows, for SbIn each tuple for encrypting, CP and CSP are calculated
IfThen haveOtherwiseThen CP utilizes key SK1To VjDecrypt part
Arrive
3. eighth row, in order to hide cleartext information, CP utilizes πiTo (Vj,Vj') enter line replacement and obtain
And send it to CSP.
4. 9-14 rows, CSP pairsIt is decrypted to obtain βj(1≤j≤n).If βj=0, CSP are setOtherwise
5. the 15th row, CP are receivedAfterwards, first with displacement inverse operation πi -1Recover original series
(A1,...An).ForSource tuple Tζ, the agreement calculatesFor other tuples, the agreement calculates
6. 16-18 rows, renewalPass through calculating
Source tuple TζInIt can be configured toFor other tuples (1≤j≤n and j ≠ ζ), lead to
Cross calculating It will not change.After k wheel operations, Sa
The higher tuple of k relevance score can be included.
Further, in the present embodiment, in decryption phase, after user B receives k piece encrypted documents.Utilize public key pkΣ
To recover relevance score Ii, number of documents IDiWith key Ki(1≤i≤k).Followed by Private information retrieval (PIR) or not
The method of careful internal storage access (ORAM), user safely obtains encryption file at CP, without leaking access module.User
B first recovers document encryption key K, then calculatesAnd recover document M using K'.
Further, in the present embodiment, in multi-key word sequence can search for encipherment scheme (MRSE), Cloud Server is received
After the request for carrying out multi-key word search to encryption data to user, k piece documents before degree of correlation highest can be returned.Protecting
On the premise of availability of data, there is provided a kind of effective means that data-privacy is protected in cloud storage system.It is many existing
MRSE systems are based on KNN-SE (the k nearest neighbor algorithms that can search for encryption) architecture design.But KNN-SE frameworks are present very
More defects.The present invention proposes a kind of new MRSE systems, overcomes institute present in the MRSE systems based on KNN-SE frameworks
It is defective.New system need not predefine keyword set, and it supports the keyword search of any language, there is provided flexibly searches
Rope authority is authorized and user's revocation mechanism based on time control.In the present invention, which document of Cloud Server None- identified is
K piece documents before the correlation highest of user are returned to, therefore it realizes more preferable data-privacy protection.
Above is presently preferred embodiments of the present invention, all changes made according to technical solution of the present invention, caused function are made
During with scope without departing from technical solution of the present invention, protection scope of the present invention is belonged to.
Claims (10)
1. a kind of multi-user's multi-key word for supporting any language to inquire about sequence can search for encryption system, it is characterised in that including:
Key generation centre KGC, it is that each entity in system generates key;
Cloud platform CP, the document of user is stored in an encrypted form, respond the data retrieval request of user;
Calculate service provider CSP, there is provided in the online calculation server of line computation;
Data owner, to keyword and file encryption, and send it to the cloud platform CP and stored;
User, generation keyword trapdoor initiate data retrieval request to the cloud platform CP.
2. the multi-user's multi-key word sequence according to claim 1 for supporting any language inquiry can search for encryption system,
Characterized in that, KeyGens of the key generation centre KGC by the Paillier cryptographic systems with thresholding decryption function
Algorithm, key generation centre KGC generation system common parameter PP=(g, N), main private key MSK=λ and user AiPublic/private keys
It is rightWithKey generation centre KGC is private keyThe user A being sent in user owneri, and it is open public
KeyKey generation centre KGC calculates Your Majesty's key MPK=gλ;Key generation centre KGC stores main private key MSK, and open system
Unite common parameter PP;Key generation centre KGC performs the master key point of the Paillier cryptographic systems with thresholding decryption function
Split algorithm, generating portion key SK1=λ1And SK2=λ2, and secret is sent to the cloud platform CP respectively and described calculate services
Provider CSP.
3. the multi-user's multi-key word sequence according to claim 1 for supporting any language inquiry can search for encryption system,
Characterized in that, a user B is by information (B, AT1) it is sent to the data owner A1, apply authorizing time AT1In period,
To data owner A1The mandate that scans for of data;If allowing to authorize, the data owner A1Awarded for user B generations
Warrant book:
<mrow>
<msub>
<mi>CER</mi>
<mrow>
<msub>
<mi>A</mi>
<mn>1</mn>
</msub>
<mo>,</mo>
<mi>B</mi>
</mrow>
</msub>
<mo>=</mo>
<mo><</mo>
<mi>c</mi>
<mi>e</mi>
<mi>r</mi>
<mo>=</mo>
<mrow>
<mo>(</mo>
<msub>
<mi>A</mi>
<mn>1</mn>
</msub>
<mo>,</mo>
<mi>B</mi>
<mo>,</mo>
<msub>
<mi>AT</mi>
<mn>1</mn>
</msub>
<mo>,</mo>
<msub>
<mi>pk</mi>
<mi>&Sigma;</mi>
</msub>
<mo>)</mo>
</mrow>
<mo>,</mo>
<mi>S</mi>
<mi>i</mi>
<mi>g</mi>
<mrow>
<mo>(</mo>
<mi>c</mi>
<mi>e</mi>
<mi>r</mi>
<mo>,</mo>
<msub>
<mi>sk</mi>
<msub>
<mi>A</mi>
<mn>1</mn>
</msub>
</msub>
<mo>)</mo>
</mrow>
<mo>></mo>
<mo>;</mo>
</mrow>
Wherein,Private key skΣUser B is sent to by secret;It is sent to institute
State key generation centre KGC, the cloud platform CP, the calculating service provider CSP and user B;AT between when authorized1It is expired
When, mandate will cease to be in force automatically;Sig/Verify is signature/verification algorithm safe on password, note hash function H1:{0,1}*→
ZNWith For symmetric key space;
If data owner A1Authorizing time AT1Interior revocation user B privilege, then generate cancellation of doucment:
<mrow>
<msub>
<mi>RVK</mi>
<mrow>
<msub>
<mi>A</mi>
<mn>1</mn>
</msub>
<mo>,</mo>
<mi>B</mi>
</mrow>
</msub>
<mo>:</mo>
<mo><</mo>
<mi>r</mi>
<mi>v</mi>
<mi>k</mi>
<mo>=</mo>
<mrow>
<mo>(</mo>
<msub>
<mi>CER</mi>
<mrow>
<msub>
<mi>A</mi>
<mn>1</mn>
</msub>
<mo>,</mo>
<mi>B</mi>
</mrow>
</msub>
<mo>,</mo>
<mi>r</mi>
<mi>e</mi>
<mi>v</mi>
<mi>o</mi>
<mi>k</mi>
<mi>e</mi>
<mo>,</mo>
<mi>R</mi>
<mi>T</mi>
<mo>)</mo>
</mrow>
<mo>,</mo>
<mi>S</mi>
<mi>i</mi>
<mi>g</mi>
<mrow>
<mo>(</mo>
<mi>r</mi>
<mi>v</mi>
<mi>k</mi>
<mo>,</mo>
<msub>
<mi>sk</mi>
<msub>
<mi>A</mi>
<mn>1</mn>
</msub>
</msub>
<mo>)</mo>
</mrow>
<mo>></mo>
<mo>;</mo>
</mrow>
Wherein, RT is the revocation time;Cancellation of doucmentBe sent to the key generation centre KGC, the cloud platform CP,
The calculating service provider CSP and user B.
4. the multi-user's multi-key word sequence according to claim 1 for supporting any language inquiry can search for encryption system,
Characterized in that, a user B is simultaneously to multiple data owner (A1,...,Am) document inquired about, then from the plurality of data
Owner (A1,...,Am) the authorized certificate in placeUser B applies inquiring about to the key generation centre KGC
Authority, after the validity of certificate is confirmed, the key generation centre KGC calculates licensing term ATΣ=AT1∩...ATm, generation
Certificate of authority CERΣ,B:
<Cer=(A1,...,Am,B,ATΣ,pkΣ),Sig(cer,MSK)>,
Wherein,skΣ=H1(A1,...,Am,B,ATΣ,MSK);skΣIt is sent to user B, pkΣTo the cloud platform
CP, the calculating service provider CSP and user B are disclosed;Sig/Verify is signature/verification algorithm safe on password, note
Hash function H1:{0,1}*→ZNWith For symmetric key space;
If to authorize term of validity ATΣInterior revocationThe key generation centre KGC generates cancellation of doucment:
RVKΣ,B:<Rvk=(CERΣ,B,revoke,RT),Sig(rvk,MSK)>;
Wherein, RT is the revocation time;The key generation centre KGC is RVKΣ,BIt is sent to the cloud platform CP, described calculate takes
Be engaged in provider CSP and user B.
5. the multi-user's multi-key word sequence according to claim 1 for supporting any language inquiry can search for encryption system,
Characterized in that, data owner AiAccording to following steps to documentData are encrypted, upload to the cloud platform CP:
Step S11:Data owner AiExtract one group of keyword set for describing documentAnd set not for keyword
Same weightRemember hash function H1:{0,1}*→ZNWith For symmetric key space;
Step S12:Data owner AiCiphertext algorithm K2C cryptography key words are converted by keyword to obtainObtained by the Paillier cryptosystem encryption keyword weights that function is decrypted with thresholdingKeyword/keyword weight is to being expressed as
Step S13:By the Paillier cryptosystem algorithm encrypted document identity that function is decrypted with thresholdingAnd text
Shelves encryption keyObtainWith
Step S14:Utilize hash functionIt is rightCalculated, obtainedData owner Ai
Utilize symmetric encipherment algorithm SEnc encrypted documentsObtain ciphertext:Wherein, SEnc/SDec is password
Upper safe symmetric cryptography/decipherment algorithm;
Step S15:Data owner AiEncrypted indexesAnd ciphertextCloud is arrived in outsourcing storage
Platform CP.
6. the multi-user's multi-key word sequence according to claim 1 for supporting any language inquiry can search for encryption system,
Characterized in that, in inquiry phase, user B generation trapdoors are inquired about:
Step S21:User B determines searching keywordWith the preference fraction of searching keywordPreference point
Number represents the importance of keyword in inquiry;
Step S22:User B converts ciphertext algorithm K2C encrypted query keywords by keyword and obtainedProfit
Obtained with the Paillier cryptosystem encryption preference fractions by decrypting function with thresholdingOrder
Step S23:User B uses private key skBTo inquirySigned and generate signature
Step S24:Inquiries of the user B encryptionSignatureWith identity UserBIt is sent to cloud platform CP.
7. the multi-user's multi-key word sequence according to claim 1 for supporting any language inquiry can search for encryption system,
Characterized in that, receive keyword search request after, cloud platform CP first examine user B whether Internet access data;If with
Family B has permission, and cloud platform CP uses user B public key pkBRevene lookupSignatureIf signatureIt is invalid, cloud platform CP
Refuse user's B inquiry requests;Otherwise, cloud platform CP can respond to searching request, and cloud platform CP is first every document meter
Calculate encrypted queryWith the relevance score of encrypted indexes;Then cloud platform CP returns to k piece documents before relevance score highest.
8. the multi-user's multi-key word sequence according to claim 7 for supporting any language inquiry can search for encryption system,
It is every document calculations encrypted query characterized in that, by using cross-domain safe multi-key word search protocol MKSAnd encryption
The relevance score of index.
9. the multi-user's multi-key word sequence according to claim 7 for supporting any language inquiry can search for encryption system,
Characterized in that, the cloud platform CP returns to k piece documents before relevance score highest as follows:
Step S31:Agreement MAX is chosen by using cross-domain safety is maximum, relevance score is selected in two encrypted documents
Highest document;
Step S32:Agreement MAX is chosen by using the maximum n of cross-domain safetyn, using Hu step S31 result of calculation, in n pieces text
Relevance score highest document is selected in shelves;
Step S33:By using cross-domain safe top-k data retrievals agreement Top-K, using step S32 result of calculation, choose
Go out k piece documents before relevance score highest.
10. the multi-user's multi-key word sequence according to claim 1 for supporting any language inquiry can search for encryption system,
Characterized in that, after user B receives k piece encrypted documents, pass through public key pkΣ, recover relevance score Ii, number of documents IDiAnd text
Shelves encryption key Ki, 1≤i≤k;By Private information retrieval PIR or careless internal storage access ORAM method, user B from
Encryption file is obtained at cloud platform CP, without leaking access module;User B first recovers document encryption key K, then calculatesAnd recover document M, hash function H using K'1:{0,1}*→ZNWith For symmetric key
Space.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710614034.3A CN107491497B (en) | 2017-07-25 | 2017-07-25 | Multi-user multi-keyword sequencing searchable encryption system supporting query in any language |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710614034.3A CN107491497B (en) | 2017-07-25 | 2017-07-25 | Multi-user multi-keyword sequencing searchable encryption system supporting query in any language |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107491497A true CN107491497A (en) | 2017-12-19 |
CN107491497B CN107491497B (en) | 2020-08-11 |
Family
ID=60644947
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710614034.3A Active CN107491497B (en) | 2017-07-25 | 2017-07-25 | Multi-user multi-keyword sequencing searchable encryption system supporting query in any language |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107491497B (en) |
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108156140A (en) * | 2017-12-13 | 2018-06-12 | 西安电子科技大学 | A kind of multiple key that numerical attribute is supported to compare can search for encryption method |
CN108599937A (en) * | 2018-04-20 | 2018-09-28 | 西安电子科技大学 | A kind of public key encryption method that multiple key can search for |
CN108632032A (en) * | 2018-02-22 | 2018-10-09 | 福州大学 | The safe multi-key word sequence searching system of no key escrow |
CN108768608A (en) * | 2018-05-25 | 2018-11-06 | 电子科技大学 | The secret protection identity identifying method of thin-client is supported at block chain PKI |
CN109492410A (en) * | 2018-10-09 | 2019-03-19 | 华南农业大学 | Data can search for encryption and keyword search methodology, system and terminal, equipment |
CN109728910A (en) * | 2018-12-27 | 2019-05-07 | 北京永恒纪元科技有限公司 | A kind of efficient thresholding distribution elliptic curve key generates and endorsement method and system |
CN110059148A (en) * | 2019-04-24 | 2019-07-26 | 上海交通大学 | The accurate searching method that spatial key applied to electronic map is inquired |
CN110069592A (en) * | 2019-04-24 | 2019-07-30 | 上海交通大学 | The searching method that spatial key applied to electronic map is inquired |
CN110162999A (en) * | 2019-05-08 | 2019-08-23 | 湖北工业大学 | A kind of income distribution difference Gini coefficient measure based on secret protection |
CN110224978A (en) * | 2019-04-30 | 2019-09-10 | 济南汇通远德科技有限公司 | A method of video retrospect is realized based on cloud service |
CN110222081A (en) * | 2019-06-08 | 2019-09-10 | 西安电子科技大学 | Data cryptogram search method based on fine granularity sequence under multi-user environment |
CN110245170A (en) * | 2019-04-19 | 2019-09-17 | 联通系统集成有限公司 | Data processing method and system |
CN111404679A (en) * | 2020-03-10 | 2020-07-10 | 上海市大数据中心 | Big data oriented security authentication ciphertext retrieval method |
CN111913981A (en) * | 2020-06-09 | 2020-11-10 | 华南理工大学 | Online and offline attribute-based boolean keyword searchable encryption method and system |
CN112733193A (en) * | 2021-01-22 | 2021-04-30 | 福州大学 | Auditable anonymity predicate retrieval system and method based on time control |
CN112765669A (en) * | 2021-02-01 | 2021-05-07 | 福州大学 | Regular language searchable encryption system based on time authorization |
CN114357477A (en) * | 2021-12-15 | 2022-04-15 | 华南理工大学 | Boolean keyword searchable encryption method supporting large-scale user group |
CN114884660A (en) * | 2022-07-12 | 2022-08-09 | 西南石油大学 | Searchable encryption method based on wildcard identity |
CN115563634A (en) * | 2022-09-29 | 2023-01-03 | 北京海泰方圆科技股份有限公司 | Retrieval method, device, equipment and medium |
WO2023019762A1 (en) * | 2021-08-19 | 2023-02-23 | 深圳技术大学 | Storage and similarity retrieval methods and apparatuses for encrypted document, device, and medium |
CN116150795A (en) * | 2023-04-17 | 2023-05-23 | 粤港澳大湾区数字经济研究院(福田) | Homomorphic encryption-based data processing method, system and related equipment |
Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130148803A1 (en) * | 2011-12-09 | 2013-06-13 | Electronics And Telecommunications Research Institute | Multi-user searchable encryption system and method with index validation and tracing |
CN103955537A (en) * | 2014-05-16 | 2014-07-30 | 福州大学 | Method and system for designing searchable encrypted cloud disc with fuzzy semantics |
US20150229611A1 (en) * | 2014-02-13 | 2015-08-13 | Infosys Limited | Keyword ordered storage, search and retrieval on encrypted data for multiuser scenario |
CN105024802A (en) * | 2015-07-13 | 2015-11-04 | 西安理工大学 | Bilinear pairing-based multi-user multi-keyword searchable encryption method in cloud storage |
CN105681280A (en) * | 2015-12-29 | 2016-06-15 | 西安电子科技大学 | Searchable encryption method based on Chinese in cloud environment |
CN105915520A (en) * | 2016-04-18 | 2016-08-31 | 深圳大学 | File storage and searching method based on public key searchable encryption, and storage system |
CN106407447A (en) * | 2016-09-30 | 2017-02-15 | 福州大学 | Simhash-based fuzzy sequencing searching method for encrypted cloud data |
-
2017
- 2017-07-25 CN CN201710614034.3A patent/CN107491497B/en active Active
Patent Citations (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20130148803A1 (en) * | 2011-12-09 | 2013-06-13 | Electronics And Telecommunications Research Institute | Multi-user searchable encryption system and method with index validation and tracing |
US20150229611A1 (en) * | 2014-02-13 | 2015-08-13 | Infosys Limited | Keyword ordered storage, search and retrieval on encrypted data for multiuser scenario |
CN103955537A (en) * | 2014-05-16 | 2014-07-30 | 福州大学 | Method and system for designing searchable encrypted cloud disc with fuzzy semantics |
CN105024802A (en) * | 2015-07-13 | 2015-11-04 | 西安理工大学 | Bilinear pairing-based multi-user multi-keyword searchable encryption method in cloud storage |
CN105681280A (en) * | 2015-12-29 | 2016-06-15 | 西安电子科技大学 | Searchable encryption method based on Chinese in cloud environment |
CN105915520A (en) * | 2016-04-18 | 2016-08-31 | 深圳大学 | File storage and searching method based on public key searchable encryption, and storage system |
CN106407447A (en) * | 2016-09-30 | 2017-02-15 | 福州大学 | Simhash-based fuzzy sequencing searching method for encrypted cloud data |
Non-Patent Citations (5)
Title |
---|
XIMENG LIU等: "An Efficient Privacy-Preserving Outsourced Calculation Toolkit With Multiple Keys", 《IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY》 * |
ZHANGJIE FU等: "Toward Efficient Multi-Keyword Fuzzy Search Over Encrypted Outsourced Data With Accuracy Improvement", 《IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY 》 * |
吴阳等: "加密云数据下的关键词模糊搜索方案", 《计算机工程与应用》 * |
杨旸等: "具有细粒度访问控制的隐藏关键词可搜索加密方", 《工程学报》 * |
闫文婷: "基于云环境下排序的模糊关键字搜索", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (33)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108156140A (en) * | 2017-12-13 | 2018-06-12 | 西安电子科技大学 | A kind of multiple key that numerical attribute is supported to compare can search for encryption method |
CN108156140B (en) * | 2017-12-13 | 2020-10-30 | 西安电子科技大学 | Multi-keyword searchable encryption method supporting numerical value attribute comparison |
CN108632032A (en) * | 2018-02-22 | 2018-10-09 | 福州大学 | The safe multi-key word sequence searching system of no key escrow |
CN108599937A (en) * | 2018-04-20 | 2018-09-28 | 西安电子科技大学 | A kind of public key encryption method that multiple key can search for |
CN108599937B (en) * | 2018-04-20 | 2020-10-09 | 西安电子科技大学 | Multi-keyword searchable public key encryption method |
CN108768608A (en) * | 2018-05-25 | 2018-11-06 | 电子科技大学 | The secret protection identity identifying method of thin-client is supported at block chain PKI |
CN108768608B (en) * | 2018-05-25 | 2020-05-12 | 电子科技大学 | Privacy protection identity authentication method supporting thin client under block chain PKI |
CN109492410A (en) * | 2018-10-09 | 2019-03-19 | 华南农业大学 | Data can search for encryption and keyword search methodology, system and terminal, equipment |
CN109492410B (en) * | 2018-10-09 | 2020-09-01 | 华南农业大学 | Data searchable encryption and keyword search method, system, terminal and equipment |
CN109728910A (en) * | 2018-12-27 | 2019-05-07 | 北京永恒纪元科技有限公司 | A kind of efficient thresholding distribution elliptic curve key generates and endorsement method and system |
CN110245170A (en) * | 2019-04-19 | 2019-09-17 | 联通系统集成有限公司 | Data processing method and system |
CN110059148A (en) * | 2019-04-24 | 2019-07-26 | 上海交通大学 | The accurate searching method that spatial key applied to electronic map is inquired |
CN110069592A (en) * | 2019-04-24 | 2019-07-30 | 上海交通大学 | The searching method that spatial key applied to electronic map is inquired |
CN110224978A (en) * | 2019-04-30 | 2019-09-10 | 济南汇通远德科技有限公司 | A method of video retrospect is realized based on cloud service |
CN110162999A (en) * | 2019-05-08 | 2019-08-23 | 湖北工业大学 | A kind of income distribution difference Gini coefficient measure based on secret protection |
CN110162999B (en) * | 2019-05-08 | 2022-06-07 | 湖北工业大学 | Income distribution difference kini coefficient measurement method based on privacy protection |
CN110222081A (en) * | 2019-06-08 | 2019-09-10 | 西安电子科技大学 | Data cryptogram search method based on fine granularity sequence under multi-user environment |
CN110222081B (en) * | 2019-06-08 | 2022-04-19 | 西安电子科技大学 | Data ciphertext query method based on fine-grained sequencing in multi-user environment |
CN111404679A (en) * | 2020-03-10 | 2020-07-10 | 上海市大数据中心 | Big data oriented security authentication ciphertext retrieval method |
CN111913981A (en) * | 2020-06-09 | 2020-11-10 | 华南理工大学 | Online and offline attribute-based boolean keyword searchable encryption method and system |
CN111913981B (en) * | 2020-06-09 | 2022-04-22 | 华南理工大学 | Online and offline attribute-based boolean keyword searchable encryption method and system |
CN112733193A (en) * | 2021-01-22 | 2021-04-30 | 福州大学 | Auditable anonymity predicate retrieval system and method based on time control |
CN112733193B (en) * | 2021-01-22 | 2023-04-07 | 福州大学 | Auditable anonymity predicate retrieval system and method based on time control |
CN112765669A (en) * | 2021-02-01 | 2021-05-07 | 福州大学 | Regular language searchable encryption system based on time authorization |
CN112765669B (en) * | 2021-02-01 | 2023-04-18 | 福州大学 | Regular language searchable encryption system based on time authorization |
WO2023019762A1 (en) * | 2021-08-19 | 2023-02-23 | 深圳技术大学 | Storage and similarity retrieval methods and apparatuses for encrypted document, device, and medium |
CN114357477A (en) * | 2021-12-15 | 2022-04-15 | 华南理工大学 | Boolean keyword searchable encryption method supporting large-scale user group |
CN114357477B (en) * | 2021-12-15 | 2023-07-18 | 华南理工大学 | Boolean keyword searchable encryption method supporting large-scale user group |
CN114884660A (en) * | 2022-07-12 | 2022-08-09 | 西南石油大学 | Searchable encryption method based on wildcard identity |
CN114884660B (en) * | 2022-07-12 | 2022-09-20 | 西南石油大学 | Searchable encryption method based on wildcard identity |
CN115563634A (en) * | 2022-09-29 | 2023-01-03 | 北京海泰方圆科技股份有限公司 | Retrieval method, device, equipment and medium |
CN115563634B (en) * | 2022-09-29 | 2023-08-15 | 北京海泰方圆科技股份有限公司 | Retrieval method, device, equipment and medium |
CN116150795A (en) * | 2023-04-17 | 2023-05-23 | 粤港澳大湾区数字经济研究院(福田) | Homomorphic encryption-based data processing method, system and related equipment |
Also Published As
Publication number | Publication date |
---|---|
CN107491497B (en) | 2020-08-11 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107491497A (en) | Multi-user's multi-key word sequence of any language inquiry is supported to can search for encryption system | |
CN108632032B (en) | Safe multi-keyword sequencing retrieval system without key escrow | |
CN107256248B (en) | Wildcard-based searchable encryption method in cloud storage security | |
CN106803784B (en) | Lattice-based multi-user fuzzy searchable encryption method in secure multimedia cloud storage | |
Wang et al. | Secure ranked keyword search over encrypted cloud data | |
Wang et al. | Enabling secure and efficient ranked keyword search over outsourced cloud data | |
CN106571905B (en) | A kind of numeric type data homomorphism Order Preserving Encryption Method | |
CN103944711B (en) | Cloud storage ciphertext retrieval method and system | |
CN107734054A (en) | Encryption data searching system in safe cloud storage | |
Tian et al. | Policy-based chameleon hash for blockchain rewriting with black-box accountability | |
CN106961427B (en) | A kind of ciphertext data search method based on 5g communication standard | |
CN107547530A (en) | On-line/off-line keyword search methodology and its cloud computing application system based on attribute under mobile cloud environment | |
CN115314295B (en) | Block chain-based searchable encryption technical method | |
Gafsi et al. | High securing cryptography system for digital image transmission | |
CN112989375A (en) | Hierarchical optimization encryption lossless privacy protection method | |
Rajan et al. | Dynamic multi-keyword based search algorithm using modified based fully homomorphic encryption and Prim’s algorithm | |
Jiang et al. | Encryption switching service: Securely switch your encrypted data to another format | |
Moe et al. | Enhanced honey encryption algorithm for increasing message space against brute force attack | |
CN105721146A (en) | Big data sharing method for cloud storage based on SMC | |
Jones et al. | Information Security: A Coordinated Strategy to Guarantee Data Security in Cloud Computing | |
Park et al. | PKIS: practical keyword index search on cloud datacenter | |
CN112733192A (en) | Judicial electronic evidence system and method based on alliance chain and homomorphic encryption | |
Liu et al. | On enabling attribute-based encryption to be traceable against traitors | |
Woodruff et al. | Private inference control | |
Zhao et al. | Efficient construction for full black-box accountable authority identity-based encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |