CN107491497B - Multi-user multi-keyword sequencing searchable encryption system supporting query in any language - Google Patents

Multi-user multi-keyword sequencing searchable encryption system supporting query in any language Download PDF

Info

Publication number
CN107491497B
CN107491497B CN201710614034.3A CN201710614034A CN107491497B CN 107491497 B CN107491497 B CN 107491497B CN 201710614034 A CN201710614034 A CN 201710614034A CN 107491497 B CN107491497 B CN 107491497B
Authority
CN
China
Prior art keywords
user
key
keyword
cloud platform
document
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710614034.3A
Other languages
Chinese (zh)
Other versions
CN107491497A (en
Inventor
杨旸
张煜超
刘西蒙
程红举
张�浩
刘耿耿
邹剑
董晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fuzhou University
Original Assignee
Fuzhou University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fuzhou University filed Critical Fuzhou University
Priority to CN201710614034.3A priority Critical patent/CN107491497B/en
Publication of CN107491497A publication Critical patent/CN107491497A/en
Application granted granted Critical
Publication of CN107491497B publication Critical patent/CN107491497B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • G06F16/9535Search customisation based on user profiles and personalisation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms

Abstract

The invention relates to a multi-user multi-keyword sequencing searchable encryption system supporting any language query, and a key generation center
Figure DEST_PATH_IMAGE001
Generating a key for each entity in the system; cloud platform
Figure 229794DEST_PATH_IMAGE002
Storing the user's document in an encrypted form, responding to the user's data retrieval request; computing service provider
Figure DEST_PATH_IMAGE003
An online computing server providing online computing; a data owner encrypting the keywords and the document and sending the same to the cloud platform
Figure 569770DEST_PATH_IMAGE004
Storing; a user generating a keyword trapdoor to the cloud platform
Figure DEST_PATH_IMAGE005
A data retrieval request is initiated. The multi-user multi-keyword sequencing searchable encryption system supporting any language query, provided by the invention, has the advantages of low storage cost, support of any language, flexible authorization mechanism and time-based user revocation mechanism, simultaneous search of data of multiple data owners, flexible keyword weight and preference score setting, and protection of user privacy.

Description

Multi-user multi-keyword sequencing searchable encryption system supporting query in any language
Technical Field
The invention relates to a multi-user multi-keyword sequencing searchable encryption system supporting any language query.
Background
Cloud computing provides rich computing and storage resources, attracting more and more individuals and enterprises to outsource storage of data to cloud servers. Data encryption algorithms can convert data into unreadable ciphertext, but how to search and share encrypted data is a challenging problem. Searchable Encryption (SE) is an effective method for keyword search of encrypted data, and has wide applications in the fields of medical treatment, smart power grids, internet of things and the like. To implement a search for encrypted documents by SE, the data owner needs to first extract a set of keywords from the document and encrypt them into an encrypted index. Then, the data owner uploads the encrypted index and the encrypted document to the cloud server for storage. In the data query phase, a user generates a keyword trapdoor and submits the trapdoor to a cloud server. The cloud server uses a matching algorithm to test the incidence relation between the trapdoors and the encryption index, and then returns the encryption document containing the key words to the user.
Many existing SE systems only support single keyword searches or join keyword queries and are not able to rank the searched documents according to relevance scores. To improve the search experience, a multi-keyword ranking searchable encryption Mechanism (MRSE) has been proposed such that the cloud server returns the top k documents with the highest relevance scores, rather than all documents, to the user. However, most existing MRSE systems are designed based on a special k-nearest neighbor (KNN) algorithm, and the system architecture is abbreviated as KNN-SE. The existing MRSE system based on the KNN-SE framework has a plurality of defects and has larger limitations. On the premise of ensuring the efficiency and safety of the scheme, a new MRSE system needs to be designed to overcome the defects.
In 2000, Song et al first proposed a concept of secure searchable encryption, Boneh et al proposed a public key encryption and keyword search scheme, Curtmola and Cash et al utilized a searchable symmetric encryption scheme to achieve a high scalability system, in 2011, Cao et al proposed an MRSE scheme supporting a single user, which is based on a KNN-SE architecture1、M2And vector S ∈ {0,1}kComposition (k is the number of keywords predefined at system set-up.) for each document, the extracted keywords are mapped to the vector I ∈ {0,1}kEach digit in the vector indicates whether a predefined keyword is present in the document. The vector I is then split into two vectors I' and I "according to the indicated vector S. I 'and I' are respectively connected with
Figure BDA0001360174970000021
Figure BDA0001360174970000022
The multiplication generates an encryption index. The process of generating trapdoors is similar to that of generating encryption indexes, except that the split query vectors I 'and I' are respectively the same as
Figure BDA0001360174970000023
Multiplication. In the query phase, the relevance scores are computed using the inner product.
Most MRSE systems are designed based on the KNN-SE architecture. Yu et al propose a two-round searchable encryption system to implement a ranked multi-keyword search. They use the KNN-SE architecture and order preserving encryption techniques to ensure the security of the system. Fu et al propose a multi-keyword ranking search system that supports synonym queries, which is also based on the KNN-SE architecture. We use TF-IDF (term frequency-inverse document frequency) as keyword weight in extracting keywords. The data owner must construct an index tree to speed up the search algorithm, which consumes a lot of memory space. Later, they proposed verifiable keyword-based semantic search systems that support verifiability of search results; a symbol-based index tree is designed to store "path" information that can be used to validate search results.
Sun et al also propose a verifiable searchable encryption system to support multi-keyword searching and similarity ranking. They utilize tree-based index structures, multidimensional algorithms and KNN-SE architectures to improve search efficiency. Li et al combine the KNN-SE architecture with a blind storage approach to design MRSE systems. They then utilized super-increment sequences to design new types of MRSE systems that support Boolean queries, such as "AND", "OR", AND "NO" operations. They also utilize the method of classifying sub-dictionaries to improve efficiency. Xia et al have devised tree-based index structures and greedy depth-first search algorithms to improve search efficiency. They also encrypt the index and query using the KNN-SE algorithm. Chen et al designed hierarchical clustering methods to implement more search modes. The hierarchical approach is designed based on a minimum relevance threshold, which can aggregate encrypted documents and divide the resulting packets intoIs a subset, thereby achieving a faster search speed. Fu et al use locality sensitive hash functions, bloom filters, and KNN-SE architecture to implement a multi-keyword fuzzy searchable encryption system. Although a number of MRSE systems are designed based on the KNN-SE architecture, in fact this architecture has several significant drawbacks. Firstly, in the system establishing stage, KNN-SE needs to predefine a group of key word sets, and if new key words need to be defined in the system operation process, the whole system needs to be reconstructed. Second, the KNN-SE architecture is a symmetric key encryption system, and therefore, the data owner must reveal its private key to the user in order to grant the query authority. Third, to support keyword retrieval in any language, a predefined number of keywords and matrix M are required1、M2Will be astronomical numbers, so MRSE systems based on the KNN-SE architecture cannot support keyword searches in any language. Fourth, the computed document relevance score is in plaintext, and the cloud server may obtain statistical information of the user data, such as highly relevant documents and high frequency return documents. This information may reveal the privacy of the user.
Disclosure of Invention
The invention aims to provide a multi-user multi-keyword sequencing searchable encryption system supporting any language query, so as to overcome the defects in the prior art.
In order to achieve the purpose, the technical scheme of the invention is as follows: a multi-user, multi-keyword ranking searchable encryption system that supports queries in any language, comprising:
a key generation center KGC which generates a key for each entity in the system;
the cloud platform CP stores the document of the user in an encrypted form and responds to the data retrieval request of the user;
a CSP, which is an online computing server providing online computing;
the data owner encrypts the keywords and the documents and sends the keywords and the documents to the cloud platform CP for storage;
and the user generates a keyword trapdoor and initiates a data retrieval request to the cloud platform CP.
In an embodiment of the present invention, the key generation center KGC generates a system public parameter PP ═ g, N, a master private key MSK ═ λ, and a user a through a KeyGen algorithm of a Paillier cryptosystem having a threshold decryption functioniPublic/private key pair of
Figure BDA0001360174970000031
And
Figure BDA0001360174970000032
KGC key generation center
Figure BDA0001360174970000033
Sent to user A in the user owneriAnd publishes a public key
Figure BDA0001360174970000034
The key generation center KGC calculates the master public key MPK as gλ(ii) a The key generation center KGC stores a master private key MSK and discloses a system public parameter PP; the key generation center KGC executes a main key splitting algorithm of the Paillier cryptosystem with the threshold decryption function to generate a partial key SK1=λ1And SK2=λ2And secretly sends to the cloud platform CP and the computing service provider CSP, respectively.
In one embodiment of the invention, a user B sends information (B, AT)1) To the data owner A1AT application AT grant time1In the meantime, for the data owner A1Authorization to search for the data; if authorization is allowed, the data owner A1Generating an authorization certificate for user B:
Figure BDA0001360174970000035
wherein the content of the first and second substances,
Figure BDA0001360174970000041
private key skΣIs sent to the user B secretly;
Figure BDA0001360174970000042
the key is sent to the key generation center KGC, the cloud platform CP, the computing service provider CSP and the user B; AT when authorizing time1When expired, authorization will automatically fail; Sig/Verify is a cryptographically secure signature/verification algorithm, hash function H1:{0,1}*→ZNAnd H2:ZNK → K, K being the symmetric key space;
if data owner A1AT AT authorized time1And if the privilege of the user B is revoked, generating a revocation certificate:
Figure BDA0001360174970000043
wherein RT is the revocation time; revocation of certificates
Figure BDA0001360174970000044
And sending the key to the key generation center KGC, the cloud platform CP, the computing service provider CSP and the user B.
In one embodiment of the present invention, a user B is simultaneously directed to multiple data owners (A)1,...,Am) Is queried from the plurality of data owners (A)1,...,Am) Get the authorization certificate
Figure BDA0001360174970000045
The user B applies for the inquiry authority to the key generation center KGC, and after confirming the validity of the certificate, the key generation center KGC calculates the authorization time limit ATΣ=AT1∩...ATmGenerating an authorization certificate CERΣ,B
<cer=(A1,...,Am,B,ATΣ,pkΣ),Sig(cer,MSK)>,
Wherein the content of the first and second substances,
Figure BDA0001360174970000046
skΣ=H1(A1,...,Am,B,ATΣ,MSK);skΣis sent to user B, pkΣThe cloud platform CP, the computing service provider CSP and the user B are disclosed; Sig/Verify is a cryptographically secure signature/verification algorithm, hash function H1:{0,1}*→ZNAnd H2:ZNK → K, K being the symmetric key space;
if AT is to be authorized for the validity periodΣInward revocation
Figure BDA00013601749700000412
The key generation center KGC generates a revocation certificate:
RVKΣ,B:<rvk=(CERΣ,B,revoke,RT),Sig(rvk,MSK)>;
wherein RT is the revocation time; the key generation center KGC RVKΣ,BAnd sending the data to the cloud platform CP, the computing service provider CSP and the user B.
In one embodiment of the present invention, data owner AiThe following steps are carried out on the document
Figure BDA0001360174970000047
Encrypting data, uploading to the cloud platform CP:
step S11: data owner AiExtracting a set of keyword sets describing a document
Figure BDA0001360174970000048
And set different weights for keywords
Figure BDA0001360174970000049
Hash function H1:{0,1}*→ZNAnd
Figure BDA00013601749700000410
Figure BDA00013601749700000411
is a symmetric key space;
step S12: data owner AiBy passingThe keyword conversion ciphertext algorithm K2C encrypts the keywords to obtain
Figure BDA0001360174970000051
The key word weight is obtained by encrypting the key word weight through a Paillier cryptosystem with a threshold decryption function
Figure BDA0001360174970000052
The keyword/keyword weight pairs are represented as
Figure BDA0001360174970000053
Figure BDA0001360174970000054
Step S13: encrypting document identity through Paillier cryptosystem algorithm with threshold decryption function
Figure BDA0001360174970000055
And document encryption key
Figure BDA0001360174970000056
To obtain
Figure BDA0001360174970000057
And
Figure BDA0001360174970000058
step S14: using hash functions
Figure BDA0001360174970000059
To pair
Figure BDA00013601749700000510
Performing calculation to obtain
Figure BDA00013601749700000511
Data owner AiEncrypting a document using the symmetric encryption algorithm SEnc
Figure BDA00013601749700000512
And (3) obtaining a ciphertext:
Figure BDA00013601749700000513
SEnc/SDec is a cryptographically secure symmetric encryption/decryption algorithm;
step S15: data owner AiIndexing encryption
Figure BDA00013601749700000514
And ciphertext
Figure BDA00013601749700000515
Outsourcing is stored to the cloud platform CP.
In an embodiment of the present invention, in the query stage, the user B generates the trapdoor to query:
step S21: user B determines query keywords
Figure BDA00013601749700000516
And preference scores for query keywords
Figure BDA00013601749700000517
The preference score represents the importance of the keyword in the query;
step S22: the user B encrypts the query key words through a key word conversion ciphertext algorithm K2C to obtain the key words
Figure BDA00013601749700000518
The preference score is obtained by encrypting the preference score through a Paillier cryptosystem with a threshold decryption function
Figure BDA00013601749700000519
Order to
Figure BDA00013601749700000520
Step S23: user B uses the private key skBFor query
Figure BDA00013601749700000522
Signing and generating a signature
Figure BDA00013601749700000523
Step S24: user B sends encrypted query
Figure BDA00013601749700000524
Signature
Figure BDA00013601749700000525
And identity UserBAnd sending the data to the cloud platform CP.
In an embodiment of the invention, after receiving a keyword search request, the cloud platform CP first verifies whether the user B has the right to access data; if the user B has the authority, the cloud platform CP uses the public key pk of the user BBValidating queries
Figure BDA00013601749700000526
Is signed
Figure BDA00013601749700000527
If it is signed
Figure BDA00013601749700000528
If the request is invalid, the cloud platform CP refuses the query request of the user B; otherwise, the cloud platform CP responds to the search request, and the cloud platform CP calculates an encrypted query for each document first
Figure BDA00013601749700000529
And a relevancy score of the encryption index; and then the cloud platform CP returns the first k documents with the highest relevance scores.
In one embodiment of the invention, a cryptographic query is computed for each document by employing a cross-domain secure multi-keyword search protocol MKS
Figure BDA0001360174970000061
And a relevancy score of the encryption index.
In an embodiment of the present invention, the cloud platform CP returns the top k documents with the highest relevance scores through the following steps:
step S31: selecting a document with the highest correlation score from the two encrypted documents by adopting a cross-domain security maximum selection protocol MAX;
step S32: selecting a protocol MAX by employing a cross-domain security MAX nnSelecting the document with the highest relevance score from the n documents by using the calculation result of the Hu step S31;
step S33: and selecting the Top K documents with the highest relevance score by adopting a cross-domain security Top-K data retrieval protocol Top-K and utilizing the calculation result of the step S32.
In an embodiment of the present invention, after receiving k encrypted documents, user B passes through public key pkΣRestoration correlation score IiDocument number IDiAnd a document encryption key KiI is more than or equal to 1 and less than or equal to k; through the method of private information retrieval PIR or accidental memory access ORAM, the user B obtains the encrypted file from the cloud platform CP without leaking the access mode; user B recovers the document encryption key K first and then calculates
Figure BDA0001360174970000062
And recovering the document M and the hash function H by using K1:{0,1}*→ZNAnd
Figure BDA0001360174970000063
Figure BDA0001360174970000064
is a symmetric key space.
Compared with the prior art, the invention has the following beneficial effects:
1. the storage overhead is small. The keyword set does not need to be predefined in the system generation stage, and new keywords can be added at will in the operation process.
2. Any language is supported. The invention uses Unicode to encode the keywords in any language and converts them into ciphertext in an efficient manner.
3. Flexible authorization mechanisms and time-based user revocation mechanisms. The system allows the data owner to grant search and decryption rights to the user within a specific time period. When the authorization period expires, the system will automatically revoke the search rights of these users. In addition, the system also provides an effective method for the data owner to revoke the authority within the authorization period.
4. Data of a plurality of data owners is searched simultaneously. In the invention, a user can search the encrypted documents of a plurality of data owners at the same time by using one trapdoor.
5. Flexible keyword weight and preference score settings. In the encryption phase, the data owner can set different keyword weights according to the importance of the keywords. In the query phase, the user may set different preference scores for multiple keywords of the query. In the searching stage, the cloud server can calculate the relevancy score of the encrypted form according to the weight of the keyword and the preference score, and returns the first k documents to the data user
6. Protecting user privacy. In existing MRSE systems, the cloud server can obtain the relevance score for each search document and know which documents are the most relevant. In the invention, since the relevancy score returned to the user is encrypted, the cloud server cannot acquire any plaintext and statistical information from the search result.
Drawings
FIG. 1 is a system block diagram according to an embodiment of the present invention.
Fig. 2 is a diagram illustrating an example of the K2C algorithm according to an embodiment of the present invention.
Fig. 3 is a schematic diagram of an encryption process according to an embodiment of the invention.
FIG. 4 is a diagram illustrating a query process according to an embodiment of the present invention.
FIG. 5 is a schematic diagram illustrating a calculation of the relevancy scores according to an embodiment of the present invention.
FIG. 6 shows MAX in an embodiment of the inventionnSchematic diagram of the protocol.
Detailed Description
The technical scheme of the invention is specifically explained below with reference to the accompanying drawings.
The invention relates to a multi-user multi-keyword sequencing searchable encryption system supporting any language query, and as shown in figure 1, the system comprises the following entities:
a key generation center. The Key Generation Center (KGC) is fully trusted and is responsible for generating keys for each entity in the system.
And (4) cloud platform. Cloud Platforms (CPs) have powerful storage and computing capabilities and store users' documents in encrypted form. The CP also responds to the user's data retrieval request.
A computing service provider. Computing Service Providers (CSPs) are online computing servers with significant computing power.
The owner of the data. The data owner encrypts the keywords and documents and sends them to the CP for storage.
A user. The user generates a keyword trapdoor and initiates a data retrieval request to the CP.
Furthermore, the system does not need to predefine a keyword set in the establishing stage, and new keywords can be added randomly in the running process of the system, so that the storage cost is greatly reduced. The Unicode is used to encode the keywords in any language and convert them into ciphertext in an efficient manner. Allowing a user to search for documents of multiple data owners simultaneously using one trapdoor. Flexible authorization mechanisms and time-based user revocation mechanisms are provided. The system allows the data owner to grant search and decryption rights to the user within a specific time period. When the authorization period expires, the system will automatically revoke the search rights of these users. In addition, the system also provides an effective method for the data owner to revoke the authority within the authorization period.
Further, flexible keyword weight and preference score settings are provided. In the encryption phase, the data owner can set different keyword weights according to the importance of the keywords. In the query phase, the user may set different preference scores for multiple keywords of the query. In the searching stage, the cloud server can calculate the relevancy score of the encrypted form according to the keyword weight and the preference score, and returns the top k documents with the highest relevancy to the data user.
In existing MRSE systems, the cloud server can obtain a relevance score for each search document. Because the calculated relevancy score is encrypted, the cloud server cannot acquire any plaintext and statistical information from the search result, and the user privacy is effectively protected.
In order to further the understanding of the proposed system by those skilled in the art, the following description is given with reference to specific embodiments.
Further, in this embodiment, a Paillier Cryptosystem (PCTD) with a Threshold Decryption function is adopted, so that homomorphic encryption is realized, and privacy of the outsourced data can be protected in the cloud platform. By utilizing homomorphism property, various calculations can be directly carried out without decrypting a ciphertext, thereby realizing safe outsourcing calculation. Furthermore, its computational overhead is lower than that required by a fully homomorphic encryption system. Order to
Figure BDA0001360174970000081
Indicating the bit length of X.
And (3) key generation: κ is a security parameter, p and q are two large primes,
Figure BDA0001360174970000082
n ═ pq, λ ═ lcm (p-1, q-1)/2(lcm denotes the least common multiple of the two numbers) were calculated. Defining functions
Figure BDA0001360174970000083
The generator g is selected and the order of g is ord (g) ═ p-1 (q-1)/2. The system public parameter PP is (g, N), and the master private key SK is λ. The system distributes a private key sk to each user ii∈ZNAnd public key
Figure BDA00013601749700000810
Encryption for input plaintext m ∈ ZNThe user randomly selects r ∈ [1, N/4 ]]Using its public key pkiEncrypt plaintext m into ciphertext
Figure BDA0001360174970000084
Wherein
Figure BDA0001360174970000085
C2=grmod N2
Using the user private key skiAnd (3) decryption: for input ciphertext
Figure BDA0001360174970000086
And the private key skiWe can get the plaintext by calculation
Figure BDA0001360174970000087
Decryption using the master private key SK: using the system's master secret key SK λ, by
Figure BDA0001360174970000088
Computing all ciphertext generated using public key encryption
Figure BDA0001360174970000089
Decryption is performed. If gcd (λ, N) ═ 1(gcd represents the greatest common divisor of two numbers), then there is
Figure BDA0001360174970000091
Splitting a main private key: the main private key SK lambda can be randomly split into two parts SK1=λ1And SK2=λ2So that λ12=0modλ,λ12=1modN2
Using SK1Partial decryption (PD 1): for input ciphertext
Figure BDA0001360174970000092
SK can be utilized1=λ1To calculate
Figure BDA0001360174970000093
Using SK2Partial decryption (PD 2): for input ciphertext
Figure BDA0001360174970000094
And
Figure BDA0001360174970000095
SK can be utilized2=λ2To calculate
Figure BDA0001360174970000096
The plaintext can be recovered by calculation
Figure BDA0001360174970000097
Ciphertext update (CR): CR algorithm for updating ciphertext and encrypting the ciphertext
Figure BDA0001360174970000098
Converted into new cipher text
Figure BDA0001360174970000099
And m ═ m '. randomly selected r' ∈ ZNCalculating
Figure BDA00013601749700000910
C2'=C2·gr'modN2
PCTD has homomorphism that for random r ∈ ZN
Figure BDA00013601749700000911
Figure BDA00013601749700000912
The system uses protocols that all require CP and CSP interactive operations to be performed. pkAAnd pkBIs the public key of users a and B. pkΣIs a federated public key defined for users a and B.
Cross-domain secure addition protocol (SAD): for a given
Figure BDA00013601749700000913
And
Figure BDA00013601749700000914
is calculated to obtain
Figure BDA00013601749700000915
Cross-domain secure multiplication protocol (SMD): for a given
Figure BDA00013601749700000916
And
Figure BDA00013601749700000917
is calculated to obtain
Figure BDA00013601749700000918
Further, in the present embodiment, to encode a keyword into the set ZNFirst converts each letter in the key word into its ASCII code form, and then converts the hexadecimal ASCII code into a decimal number. And multiplying each element by a certain weight according to the position of each letter in the keyword, adding the weighted elements, and encrypting the added large integer by using a PCTD algorithm. The algorithm is called keyword translation ciphertext algorithm (K2C: keyword topalert algorithm), as shown in FIG. 3.
In order to convert any keyword in any language into ciphertext without predefining a set of keywords, the embodiment provides a security keyword conversion ciphertext algorithm (K2C), which mainly comprises the following steps:
1. each character in the key word, including special characters, is converted to its Unicode form (UTF-16: 16 bit Unicode conversion format). 2. Each hexadecimal unicode is converted to a decimal integer. 3. Each element is multiplied by a certain weight according to the position of each letter in the keyword. 4. All weighted integers are added to a large integer. 5. The large integer of the key word is encrypted into a ciphertext using the PCTD algorithm and the data owner's public key.
Further, an example is given in fig. 2 to explain how to convert the character string "keyword" of english, chinese, korean, and japanese into a ciphertext using the K2C algorithm. It is noted that the K2C algorithm can successfully convert key words into unique large integers, successfully solving the error probability problem caused by the use of bloom filters in other searchable encryption algorithms.
Further, in this embodiment, an encryption keyword equivalence test protocol is further provided, where the protocol is used to detect whether two keyword ciphertexts contain the same keyword. With two keys encrypted by different public keys
Figure BDA0001360174970000101
And
Figure BDA0001360174970000102
as input, the encryption keyword equivalence test protocol KET outputs an encryption result
Figure BDA0001360174970000103
To indicate whether the two keywords are the same. If u is*1, indicates that two keywords are the same; otherwise u *0. Order to
Figure BDA0001360174970000104
The CP and the CSP interactively execute a cryptographic key word equivalence test protocol KET. The method is realized according to the following steps:
the method comprises the following steps: CP calculation
Figure BDA0001360174970000105
Figure BDA0001360174970000106
Figure BDA0001360174970000107
Figure BDA0001360174970000108
CP random selection of r1、r2、r3、r4To make it satisfy
Figure BDA0001360174970000109
Figure BDA00013601749700001010
Next, CP throws coins s at random1,s2∈{0,1}。
CP and CSP perform the following operations
If s is1=1,
Figure BDA00013601749700001011
If s is1=0,
Figure BDA00013601749700001012
If s is2=1,
Figure BDA00013601749700001013
If s is2=0,
Figure BDA00013601749700001014
CP calculation
Figure BDA00013601749700001015
Handle (l)1,l1',l2,l2') to the CSP.
Step two: CSP decryption
Figure BDA00013601749700001016
If it is not
Figure BDA00013601749700001017
CSP setting u1' -0, otherwise u1' -1. If it is not
Figure BDA00013601749700001018
CSP setting u2' -0, otherwise u2' -1. CSP then utilizes the public key pkΣHandle u1',u2' encryption into
Figure BDA0001360174970000111
And transmits it to the CP.
Step three: receive to
Figure BDA0001360174970000112
After that, the CP is calculated as follows:
if s is1CP calculation at 1
Figure BDA0001360174970000113
Otherwise CP calculation
Figure BDA0001360174970000114
If s is2CP calculation at 1
Figure BDA0001360174970000115
Otherwise CP calculation
Figure BDA0001360174970000116
If u is11, X ≧ Y; otherwise u 10. If u is21, represents Y ≧ X; otherwise u2=0。
Followed by CP and CSP calculations
Figure BDA0001360174970000117
Further, in the present embodiment, the key generation algorithm adopts a KeyGen algorithm by running PCTD, and the KGC generates the system common parameter PP ═ (g, N), the master private key MSK ═ λ, and the user aiPublic/private key pair of
Figure BDA0001360174970000118
KGC handle
Figure BDA0001360174970000119
Secret sending to user AiWhileOpening device
Figure BDA00013601749700001110
KGC calculates master public key MPK ═ gλ. KGC secretly stores MSK, public PP. The KGC then performs a master key splitting algorithm for PCTD to generate the partial key SK1=λ1And SK2=λ2And sends their secrets to the CP and CSP, respectively.
SEnc/SDec is a cryptographically secure symmetric encryption/decryption algorithm (symmetric key space is
Figure BDA00013601749700001111
) Sig/Verify is a cryptographically secure signature/verification algorithm (this algorithm is not specifically specified by the present invention). Defining a hash function H1:{0,1}*→ZNAnd
Figure BDA00013601749700001112
further, for simplicity of representation, Z is utilizedNAs the private key of the Sig algorithm. In actual use, a hash function may be used from ZNThe signing key is calculated.
Further, in the present embodiment, a user authorization and revocation algorithm is also provided.
When in the single data owner scenario:
assuming that user B wishes to be authorized, it can be between 1 month 1 day 2016 and 1 month 1 day 2017 (authorization time AT)120160101-1Is searched, he has to search for information (B, AT)1) Sent to the data owner A1To apply for authorization. If authorization is allowed, A1An authorization certificate is generated for B.
Figure BDA00013601749700001113
Wherein
Figure BDA00013601749700001114
Private key skΣIs sent secretly to user B.
Figure BDA00013601749700001115
Is sent to KGC, CP, CSP and B. When AT1Upon expiration, the authorization will automatically expire.
If A is1Want to be AT AT1Revoking B's privileges during a period of time that it must generate a revocation certificate
Figure BDA00013601749700001116
Figure BDA0001360174970000121
Where RT is the revocation time. Then, the process of the present invention is carried out,
Figure BDA0001360174970000122
is sent to KGC, CP, CSP and B.
When in multiple data owner scenarios:
suppose user B wants to have multiple data owners (A) simultaneously1,...,Am) The document (A) is queried, he first needs to query from (A)1,...,Am) Get the authorization certificate
Figure BDA0001360174970000123
He then applies for query rights from the KGC. After confirming the validity of the certificate, the KGC calculates an authorization duration ATΣ=AT1∩...ATm. Then KGC generates authorization certificate CERΣ,B
<cer=(A1,...,Am,B,ATΣ,pkΣ),Sig(cer,MSK)>,
Wherein
Figure BDA0001360174970000124
skΣ=H1(A1,...,Am,B,ATΣ,MSK)。skΣIs sent secretly to user B, pkΣDisclosed for CP, CSP and B.
If AT is to be authorized for the validity periodΣInward revocation
Figure BDA0001360174970000125
KGC generates revocation certificate RVKΣ,B:<rvk=(CERΣ,B,revoke,RT),Sig(rvk,MSK)>Where RT is the revocation time. Then KGC handle RVKΣ,BTo CP, CSP and B.
Further, in the present embodiment, in the encryption phase, it is assumed that the data owner aiWant to document
Figure BDA0001360174970000126
Uploading to a cloud server, and encrypting data according to the following steps. Fig. 3 is a schematic diagram of an encryption algorithm.
1. The data owner first extracts a set of keyword sets
Figure BDA0001360174970000127
To describe the document. To distinguish the importance of keywords, AiSetting different weights for keywords
Figure BDA0001360174970000128
There are many ways to calculate keyword weights, such as TF-IDF (term frequency-inverse document frequency). The data owner selects a method of defining the keyword weights (the present invention does not specify a specific method).
2.AiEncrypting the key words by using K2C algorithm
Figure BDA0001360174970000129
The key word weight is encrypted by using PCTD algorithm to obtain
Figure BDA00013601749700001210
The keyword/keyword weight pairs are represented as
Figure BDA00013601749700001211
3. Encrypting document identity using PCTD algorithm
Figure BDA00013601749700001212
And a document encryption key Kγj∈ZNTo obtain
Figure BDA00013601749700001213
And
Figure BDA00013601749700001214
4. using hash functions
Figure BDA00013601749700001215
To pair
Figure BDA00013601749700001216
Is calculated to obtain
Figure BDA00013601749700001217
Then AiEncrypting a document using the symmetric encryption algorithm SEnc
Figure BDA00013601749700001218
Obtaining a ciphertext
Figure BDA00013601749700001219
5.AiIndexing encryption
Figure BDA00013601749700001220
And encrypting the document
Figure BDA00013601749700001221
Outsourcing is stored to the cloud platform.
Further, if the keyword weight is a decimal number (e.g., TF-IDF value), the data owner may multiply the weight of each keyword by an integer (10 or 100), respectively, so that the decimal numbers may be mapped to ZNIn (1).
Further, in this embodiment, in the query phase, the user B generates a trapdoor for querying, as shown in fig. 4.
B specifying query keywords
Figure BDA0001360174970000131
And preference scores for query keywords
Figure BDA0001360174970000132
The preference score represents the importance of the keyword in the query.
B utilizes K2C algorithm to encrypt the inquiry key words
Figure BDA0001360174970000133
Encrypting the preference score by using PCTD algorithm to obtain
Figure BDA0001360174970000134
Order to
Figure BDA0001360174970000135
B Using the private Key skBFor query
Figure BDA0001360174970000136
Signing and generating a signature
Figure BDA0001360174970000137
B encrypted query
Figure BDA0001360174970000138
Signature
Figure BDA0001360174970000139
And identity UserBAnd is sent to the CP.
Further, in this embodiment, in the search stage, after receiving the keyword search request, the CP first verifies whether the user B has the right to access the data. If B has authority, CP uses B's public key pkBValidating queries
Figure BDA00013601749700001310
Is signed
Figure BDA00013601749700001311
If it is not
Figure BDA00013601749700001312
Invalid, the CP will reject the query request. Otherwise, the CP responds to the search request.
CP first computes encrypted queries for each document
Figure BDA00013601749700001313
And a relevancy score of the encryption index.
2. The CP then returns the top k documents with higher relevance scores.
The specific process comprises the following steps:
A. and calculating a relevance score.
In order to calculate the relevance score between the query and the document index, the invention designs a cross-domain secure multi-keyword search protocol (MKS).
Figure BDA00013601749700001314
Figure BDA0001360174970000141
Input of MKS protocol is encryption index
Figure BDA0001360174970000142
And encrypting the query
Figure BDA0001360174970000143
Wherein
Figure BDA0001360174970000144
The output is an encrypted relevance score
Figure BDA0001360174970000145
For each query keyword Yj(1≤j≤n2) The MKS protocol computes its correlation score with the encryption index. Protocol first calculates YjAnd Xi(1≤i≤n1) Correlation score (third row).
1. Fourth, check X using the KET AlgorithmiWhether or not it is equal to Yj. If X isi=YjOutput of
Figure BDA0001360174970000146
Otherwise
Figure BDA0001360174970000147
2. Fifth element, keyword weight αiAnd preference score βjMultiplication:
Figure BDA0001360174970000148
3. line six, if Xi=YjDue to the fact that
Figure BDA0001360174970000149
XiAnd YjIs scored by the degree of correlation
Figure BDA00013601749700001410
If X isi≠YjDue to the fact that
Figure BDA00013601749700001411
Then
Figure BDA00013601749700001412
4. Seventh line, score the degree of correlation siAdding I to the sum:
Figure BDA00013601749700001413
after calculating the relevance score, the computer program product
Figure BDA00013601749700001414
Is converted into
Figure BDA00013601749700001415
As shown in fig. 5.
Top-k ordering.
And after the relevancy score is calculated, returning the first k encrypted documents according to the relevancy score. The requirements for Top-k ordering are as follows: during the ranking process, the encrypted relevance score information cannot be revealed to the CP and CSP, i.e., the CP and CSP do not know which documents are returned to the user. In order to realize top-k sequencing, the invention designs three protocols for protecting privacy.
1. And selecting the document with the highest relevance score from the two encrypted documents by a cross-domain security maximum selection protocol (MAX).
2. Cross-domain secure maximum n selection protocol (MAX)n) And (4) selecting the document with the highest relevance score from the n documents by using a MAX protocol.
3. Cross-domain secure Top-K data retrieval protocol (Top-K) utilizing MAXnThe protocol picks the top k documents with the highest relevance scores.
B.1 Cross-domain secure maximum selection protocol (MAX)
Given a
Figure BDA0001360174970000151
And
Figure BDA0001360174970000152
(encrypted by different keys), MAX protocol output
Figure BDA0001360174970000153
So that
Figure BDA0001360174970000154
IDU,KURespectively corresponding to the document number and the document encryption key. In the protocol, CP and CSP cannot distinguish TUFrom which T cannot be distinguishedUFrom
Figure BDA0001360174970000155
Or is
Figure BDA0001360174970000156
The MAX protocol has three steps and requires CP and CSP interactionAnd (6) executing.
The method comprises the following steps: CP calculation
Figure BDA0001360174970000157
Figure BDA0001360174970000158
If it is not
Figure BDA0001360174970000159
And is
Figure BDA00013601749700001510
Then there is
Figure BDA00013601749700001511
CP random selection of r1,r2,r3,r4∈ZNWherein
Figure BDA00013601749700001512
Then CP throw coins s at random1,s2∈{0,1}。
If s is 1, CP and CSP calculation
Figure BDA00013601749700001513
Figure BDA00013601749700001514
Figure BDA00013601749700001515
Figure BDA00013601749700001516
If s is 0, CP and CSP calculation
Figure BDA00013601749700001517
Figure BDA00013601749700001518
Figure BDA0001360174970000161
Figure BDA0001360174970000162
CP utilizes secret key SK1Computing
Figure BDA0001360174970000163
And handle C1'、C1、C2、C3、C4Sent to the CSP.
Step two: CSP receives C1'、C1、C2、C3、C4Then, using the key SK2Computing
Figure BDA0001360174970000164
If it is not
Figure BDA0001360174970000165
CSP setting α is 0, calculated
Figure BDA0001360174970000166
If it is not
Figure BDA0001360174970000167
CSP set α ═ 1, calculate C5=CR(C2),C6=CR(C3),C7=CR(C4)。
Followed by CSP encryption
Figure BDA0001360174970000168
And handle
Figure BDA0001360174970000169
And is sent to the CP.
Step three: CP reception
Figure BDA00013601749700001610
Then, the following calculations are performed:
if s is 1, CP and CSP calculation
Figure BDA00013601749700001611
Figure BDA00013601749700001612
Figure BDA00013601749700001613
If s is 0, CP and CSP calculation
Figure BDA00013601749700001614
Figure BDA00013601749700001615
Figure BDA00013601749700001616
Wherein, IUIs that
Figure BDA00013601749700001617
And
Figure BDA00013601749700001618
the larger of the two numbers.
B.2: cross-domain secure maximum n selection protocol (MAX)n)。
Inputting n encrypted documents T1,...,Tn,MAXnProtocol output
Figure BDA00013601749700001619
So that IMAX=max(I1,...,In),IDMAX,KMAXRespectively corresponding to the document number and the document encryption key. In the protocol, CP and CSP cannot recognize TMAXFrom which T cannot be distinguishedMAXFrom T1,...,TnThe tuple in (1).
As shown in fig. 6, MAXnProtocol requirements
Figure BDA00013601749700001620
Round the operation to find the largest tuple. At each round, the MAX protocol is used to compute the largest tuple of two adjacent encrypted documents. In that
Figure BDA00013601749700001621
After the turn, the maximum tuple T can be obtainedMAX
B.3: cross-domain secure Top-K data retrieval protocol (Top-K).
Inputting n encrypted documents T1,...,TnThe Top-K protocol outputs the K documents with the highest relevance scores.
First, an empty set S is initializedaTo store k results and a set Sb={T1,...,Tn}. The Top-K protocol requires K rounds of operation to obtain results. Each round, the protocol finds the largest tuple. The operation of each round is as follows.
Figure BDA0001360174970000171
Figure BDA0001360174970000181
1. Lines 3-4, MAX is performednProtocol gets the maximum tuple of the ith round
Figure BDA0001360174970000182
Handle
Figure BDA0001360174970000183
Adding to the set SaIn (1).
2. Lines 5-7 for SbIn each encrypted tuple, CP and CSP calculation
Figure BDA0001360174970000184
If it is not
Figure BDA0001360174970000185
Then there is
Figure BDA0001360174970000186
Otherwise
Figure BDA0001360174970000187
The CP then utilizes the key SK1To VjPartial decryption results in
Figure BDA0001360174970000188
3. Line 8, CP utilizes π for the purpose of hiding plaintext informationiTo (V)j,Vj') is substituted to obtain
Figure BDA0001360174970000189
And sends it to the CSP.
4. Lines 9-14, CSP pair
Figure BDA00013601749700001810
Carries out decryption to obtain βj(1. ltoreq. j. ltoreq.n.) if β j0, CSP setting
Figure BDA00013601749700001811
Otherwise
Figure BDA00013601749700001812
5. Line 15, CP receives
Figure BDA00013601749700001813
Then, first, the inverse operation pi is replacedi -1Restore the original sequence (A)1,...An). For the
Figure BDA00013601749700001814
Source tuple T ofζThe protocol calculates
Figure BDA00013601749700001815
For other tuples, the protocol calculates
Figure BDA00013601749700001816
6. Lines 16-18, update
Figure BDA00013601749700001817
By calculation of
Figure BDA00013601749700001818
Figure BDA00013601749700001819
Source tuple T ofζIn (1)
Figure BDA00013601749700001820
Will be set to
Figure BDA00013601749700001821
For other tuples (1 ≦ j ≦ n and j ≠ ζ), the calculation is performed
Figure BDA00013601749700001822
Figure BDA00013601749700001823
Will not change. After k rounds of operation, SaWill contain k tuples with higher correlation scores.
Further, in this embodiment, in the decryption stage, the decryption stage is performed byAnd after the user B receives the k encrypted documents. Using the public key pkΣTo restore the correlation score IiDocument number IDiAnd a secret key Ki(i is more than or equal to 1 and less than or equal to k). The user then securely obtains the encrypted file from the CP using Private Information Retrieval (PIR) or oblivious memory access (ORAM) methods without compromising the access pattern. User B recovers the document encryption key K first and then calculates
Figure BDA00013601749700001824
And recovers the document M using K'.
Further, in this embodiment, in a multi-keyword ranking searchable encryption scheme (MRSE), after receiving a request of a user for performing multi-keyword search on encrypted data, the cloud server may return the top k documents with the highest relevance. On the premise of protecting the availability of data, an effective way for protecting the data privacy in the cloud storage system is provided. Many existing MRSE systems are designed based on the KNN-SE (searchable encrypted k-nearest neighbor algorithm) architecture. However, the KNN-SE architecture has many drawbacks. The invention provides a novel MRSE system, which overcomes all defects in the MRSE system based on a KNN-SE framework. The new system does not require a predefined set of keywords, it supports keyword searches in any language, and provides flexible search permission granting and user revocation mechanisms based on time control. In the invention, the cloud server cannot identify which documents are the top k documents with the highest relevance returned to the user, so that the cloud server realizes better data privacy protection.
The above are preferred embodiments of the present invention, and all changes made according to the technical scheme of the present invention that produce functional effects do not exceed the scope of the technical scheme of the present invention belong to the protection scope of the present invention.

Claims (9)

1. A multi-user, multi-keyword ranking searchable encryption system that supports queries in any language, comprising:
a key generation center KGC which generates a key for each entity in the system;
the cloud platform CP stores the document of the user in an encrypted form and responds to the data retrieval request of the user;
a CSP, which is an online computing server providing online computing;
the data owner encrypts the keywords and the documents and sends the keywords and the documents to the cloud platform CP for storage;
the user generates a keyword trapdoor and initiates a data retrieval request to the cloud platform CP; the key generation center KGC generates a system public parameter PP ═ g, N, a main private key MSK ═ lambda and a user A through a KeyGen algorithm of a Paillier cryptosystem with a threshold decryption functioniPublic/private key pair of
Figure FDA0002451895530000011
And
Figure FDA0002451895530000012
KGC key generation center
Figure FDA0002451895530000013
Sent to user A in the user owneriAnd publishes a public key
Figure FDA0002451895530000014
The key generation center KGC calculates the master public key MPK as gλ(ii) a The key generation center KGC stores a master private key MSK and discloses a system public parameter PP; the key generation center KGC executes a main key splitting algorithm of the Paillier cryptosystem with the threshold decryption function to generate a partial key SK1=λ1And SK2=λ2And secretly sends to the cloud platform CP and the computing service provider CSP, respectively.
2. The multi-user multi-keyword ranking searchable encryption system that supports queries in any language according to claim 1, wherein a user B is to be informed (B, AT)1) To the data owner A1AT application AT grant time1Within the period, logarithmAccording to owner A1Authorization to search for the data; if authorization is allowed, the data owner A1Generating an authorization certificate for user B:
Figure FDA0002451895530000015
wherein the content of the first and second substances,
Figure FDA0002451895530000016
private key skΣIs sent to the user B secretly;
Figure FDA0002451895530000017
the key is sent to the key generation center KGC, the cloud platform CP, the computing service provider CSP and the user B; AT when authorizing time1When expired, authorization will automatically fail; Sig/Verify is a cryptographically secure signature/verification algorithm, hash function H1:{0,1}*→ZNAnd H2:ZNK → K, K being the symmetric key space;
if data owner A1AT AT authorized time1And if the privilege of the user B is revoked, generating a revocation certificate:
Figure FDA0002451895530000021
wherein RT is the revocation time; revocation of certificates
Figure FDA0002451895530000022
And sending the key to the key generation center KGC, the cloud platform CP, the computing service provider CSP and the user B.
3. The multi-user multi-keyword ranking searchable encryption system that supports queries in any language according to claim 1, wherein a user B is simultaneously targeting multiple data owners (a)1,...,Am) Is queried from the plurality of data owners (A)1,...,Am) Get the authorization certificate
Figure FDA0002451895530000023
The user B applies for the inquiry authority to the key generation center KGC, and after confirming the validity of the certificate, the key generation center KGC calculates the authorization time limit ATΣ=AT1∩...ATmGenerating an authorization certificate CERΣ,B
<cer=(A1,...,Am,B,ATΣ,pkΣ),Sig(cer,MSK)>,
Wherein the content of the first and second substances,
Figure FDA0002451895530000024
skΣ=H1(A1,...,Am,B,ATΣ,MSK);skΣis sent to user B, pkΣThe cloud platform CP, the computing service provider CSP and the user B are disclosed; Sig/Verify is a cryptographically secure signature/verification algorithm, hash function H1:{0,1}*→ZNAnd H2:ZNK → K, K being the symmetric key space;
if AT is to be authorized for the validity periodΣInward revocation
Figure FDA0002451895530000025
The key generation center KGC generates a revocation certificate:
RVKΣ,B:〈rvk=(CERΣ,B,revoke,RT),Sig(rvk,MSK)>;
wherein RT is the revocation time; the key generation center KGC RVKΣ,BAnd sending the data to the cloud platform CP, the computing service provider CSP and the user B.
4. The multi-user multi-keyword ranking searchable encryption system that supports queries in any language according to claim 1, wherein data owner aiThe following steps are carried out on the document
Figure FDA0002451895530000026
Encrypting data, uploading to the cloud platform CP:
step S11: data owner AiExtracting a set of keyword sets describing a document
Figure FDA0002451895530000027
And set different weights for keywords
Figure FDA0002451895530000028
Hash function H1:{0,1}*→ZNAnd H2:ZNK → K, K being the symmetric key space;
step S12: data owner AiThe key words are encrypted by a key word conversion ciphertext algorithm K2C to obtain
Figure FDA0002451895530000029
The key word weight is obtained by encrypting the key word weight through a Paillier cryptosystem with a threshold decryption function
Figure FDA0002451895530000031
The keyword/keyword weight pairs are represented as
Figure FDA0002451895530000032
Figure FDA0002451895530000033
Step S13: encrypting document identity through Paillier cryptosystem algorithm with threshold decryption function
Figure FDA0002451895530000034
And document encryption key
Figure FDA0002451895530000035
To obtain
Figure FDA0002451895530000036
And
Figure FDA0002451895530000037
step S14: using a hash function H2:ZN→ K pairs
Figure FDA0002451895530000038
Performing calculation to obtain
Figure FDA0002451895530000039
Data owner AiEncrypting a document using the symmetric encryption algorithm SEnc
Figure FDA00024518955300000310
And (3) obtaining a ciphertext:
Figure FDA00024518955300000311
SEnc/SDec is a cryptographically secure symmetric encryption/decryption algorithm;
step S15: data owner AiIndexing encryption
Figure FDA00024518955300000312
And ciphertext
Figure FDA00024518955300000313
Outsourcing is stored to the cloud platform CP.
5. The multi-user multi-keyword ranking searchable encryption system according to claim 1, wherein in the query phase, user B generates trapdoors to query:
step S21: user B determines query keywords
Figure FDA00024518955300000314
And preference scores for query keywords
Figure FDA00024518955300000315
The preference score represents the importance of the keyword in the query;
step S22: the user B encrypts the query key words through a key word conversion ciphertext algorithm K2C to obtain the key words
Figure FDA00024518955300000316
The preference score is obtained by encrypting the preference score through a Paillier cryptosystem with a threshold decryption function
Figure FDA00024518955300000317
Order to
Figure FDA00024518955300000318
Step S23: user B uses the private key skBSigning the query Q and generating a signature SQ=Sig(Q,skB);
Step S24: user B signs the encrypted query Q, SQAnd identity UserBAnd sending the data to the cloud platform CP.
6. The multi-user multi-keyword ranking searchable encryption system that supports queries in any language according to claim 1, wherein upon receiving a keyword search request, the cloud platform CP first verifies whether user B has access to the data; if the user B has the authority, the cloud platform CP uses the public key pk of the user BBVerifying signature S of query QQ(ii) a If signature SQIf the request is invalid, the cloud platform CP refuses the query request of the user B; otherwise, the cloud platform CP responds to the search request, and the cloud platform CP calculates the relevance scores of the encryption query Q and the encryption index for each document; and then the cloud platform CP returns the first k documents with the highest relevance scores.
7. The multi-user multi-keyword ranking searchable encryption system supporting queries in any language according to claim 6, wherein the relevance scores of the encrypted query Q and the encrypted index are calculated for each document by employing a cross-domain secure multi-keyword search protocol MKS.
8. The multi-user multi-keyword ranking searchable encryption system according to claim 7 that supports queries in any language, wherein said cloud platform CP returns the top k documents with the highest relevance scores by:
step S31: selecting a document with the highest correlation score from the two encrypted documents by adopting a cross-domain security maximum selection protocol MAX;
step S32: selecting a protocol MAX by employing a cross-domain security MAX nnSelecting the document with the highest relevance score from the n documents by using the calculation result of the step S31;
step S33: and selecting the Top K documents with the highest relevance score by adopting a cross-domain security Top-K data retrieval protocol Top-K and utilizing the calculation result of the step S32.
9. The multi-user multi-keyword ranking searchable encryption system according to claim 1, wherein user B receives k encrypted documents and passes through public key pkΣRestoration correlation score IiDocument number IDiAnd a document encryption key KiI is more than or equal to 1 and less than or equal to k; through the method of private information retrieval PIR or accidental memory access ORAM, the user B obtains the encrypted file from the cloud platform CP without leaking the access mode; user B recovers the document encryption key K and then calculates K' ═ H2(Ki) ∈ K, and recovering the document M by using K', and a hash function H1:{0,1}*→ZNAnd H2:ZNK → K, K being the symmetric key space.
CN201710614034.3A 2017-07-25 2017-07-25 Multi-user multi-keyword sequencing searchable encryption system supporting query in any language Active CN107491497B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710614034.3A CN107491497B (en) 2017-07-25 2017-07-25 Multi-user multi-keyword sequencing searchable encryption system supporting query in any language

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710614034.3A CN107491497B (en) 2017-07-25 2017-07-25 Multi-user multi-keyword sequencing searchable encryption system supporting query in any language

Publications (2)

Publication Number Publication Date
CN107491497A CN107491497A (en) 2017-12-19
CN107491497B true CN107491497B (en) 2020-08-11

Family

ID=60644947

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710614034.3A Active CN107491497B (en) 2017-07-25 2017-07-25 Multi-user multi-keyword sequencing searchable encryption system supporting query in any language

Country Status (1)

Country Link
CN (1) CN107491497B (en)

Families Citing this family (21)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108156140B (en) * 2017-12-13 2020-10-30 西安电子科技大学 Multi-keyword searchable encryption method supporting numerical value attribute comparison
CN108632032B (en) * 2018-02-22 2021-11-02 福州大学 Safe multi-keyword sequencing retrieval system without key escrow
CN108599937B (en) * 2018-04-20 2020-10-09 西安电子科技大学 Multi-keyword searchable public key encryption method
CN108768608B (en) * 2018-05-25 2020-05-12 电子科技大学 Privacy protection identity authentication method supporting thin client under block chain PKI
CN109492410B (en) * 2018-10-09 2020-09-01 华南农业大学 Data searchable encryption and keyword search method, system, terminal and equipment
CN109728910A (en) * 2018-12-27 2019-05-07 北京永恒纪元科技有限公司 A kind of efficient thresholding distribution elliptic curve key generates and endorsement method and system
CN110245170B (en) * 2019-04-19 2021-11-16 联通数字科技有限公司 Data processing method and system
CN110069592A (en) * 2019-04-24 2019-07-30 上海交通大学 The searching method that spatial key applied to electronic map is inquired
CN110059148A (en) * 2019-04-24 2019-07-26 上海交通大学 The accurate searching method that spatial key applied to electronic map is inquired
CN110224978A (en) * 2019-04-30 2019-09-10 济南汇通远德科技有限公司 A method of video retrospect is realized based on cloud service
CN110162999B (en) * 2019-05-08 2022-06-07 湖北工业大学 Income distribution difference kini coefficient measurement method based on privacy protection
CN110222081B (en) * 2019-06-08 2022-04-19 西安电子科技大学 Data ciphertext query method based on fine-grained sequencing in multi-user environment
CN111404679B (en) * 2020-03-10 2023-08-08 上海市大数据中心 Ciphertext retrieval method for security authentication of big data
CN111913981B (en) * 2020-06-09 2022-04-22 华南理工大学 Online and offline attribute-based boolean keyword searchable encryption method and system
CN112733193B (en) * 2021-01-22 2023-04-07 福州大学 Auditable anonymity predicate retrieval system and method based on time control
CN112765669B (en) * 2021-02-01 2023-04-18 福州大学 Regular language searchable encryption system based on time authorization
CN113779597B (en) * 2021-08-19 2023-08-18 深圳技术大学 Method, device, equipment and medium for storing and similar searching of encrypted document
CN114357477B (en) * 2021-12-15 2023-07-18 华南理工大学 Boolean keyword searchable encryption method supporting large-scale user group
CN114884660B (en) * 2022-07-12 2022-09-20 西南石油大学 Searchable encryption method based on wildcard identity
CN115563634B (en) * 2022-09-29 2023-08-15 北京海泰方圆科技股份有限公司 Retrieval method, device, equipment and medium
CN116150795B (en) * 2023-04-17 2023-07-14 粤港澳大湾区数字经济研究院(福田) Homomorphic encryption-based data processing method, system and related equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103955537A (en) * 2014-05-16 2014-07-30 福州大学 Method and system for designing searchable encrypted cloud disc with fuzzy semantics
CN105024802A (en) * 2015-07-13 2015-11-04 西安理工大学 Bilinear pairing-based multi-user multi-keyword searchable encryption method in cloud storage
CN105681280A (en) * 2015-12-29 2016-06-15 西安电子科技大学 Searchable encryption method based on Chinese in cloud environment
CN105915520A (en) * 2016-04-18 2016-08-31 深圳大学 File storage and searching method based on public key searchable encryption, and storage system
CN106407447A (en) * 2016-09-30 2017-02-15 福州大学 Simhash-based fuzzy sequencing searching method for encrypted cloud data

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20130085491A (en) * 2011-12-09 2013-07-30 한국전자통신연구원 Multi-user searchable encryption system with index validation and tracing and method thereof
IN2014CH00681A (en) * 2014-02-13 2015-08-14 Infosys Ltd

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103955537A (en) * 2014-05-16 2014-07-30 福州大学 Method and system for designing searchable encrypted cloud disc with fuzzy semantics
CN105024802A (en) * 2015-07-13 2015-11-04 西安理工大学 Bilinear pairing-based multi-user multi-keyword searchable encryption method in cloud storage
CN105681280A (en) * 2015-12-29 2016-06-15 西安电子科技大学 Searchable encryption method based on Chinese in cloud environment
CN105915520A (en) * 2016-04-18 2016-08-31 深圳大学 File storage and searching method based on public key searchable encryption, and storage system
CN106407447A (en) * 2016-09-30 2017-02-15 福州大学 Simhash-based fuzzy sequencing searching method for encrypted cloud data

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
An Efficient Privacy-Preserving Outsourced Calculation Toolkit With Multiple Keys;ximeng Liu等;《IEEE Transactions on Information Forensics and Security》;20160527;2401-2414页 *
Toward Efficient Multi-Keyword Fuzzy Search Over Encrypted Outsourced Data With Accuracy Improvement;zhangjie FU等;《IEEE Transactions on Information Forensics and Security 》;20160728;2706-2716页 *
具有细粒度访问控制的隐藏关键词可搜索加密方;杨旸等;《工程学报》;20130825;92-100页 *
加密云数据下的关键词模糊搜索方案;吴阳等;《计算机工程与应用》;20140403;90-96页 *
基于云环境下排序的模糊关键字搜索;闫文婷;《中国优秀硕士学位论文全文数据库 信息科技辑》;20170315;I136-815页 *

Also Published As

Publication number Publication date
CN107491497A (en) 2017-12-19

Similar Documents

Publication Publication Date Title
CN107491497B (en) Multi-user multi-keyword sequencing searchable encryption system supporting query in any language
CN108632032B (en) Safe multi-keyword sequencing retrieval system without key escrow
CN111835500B (en) Searchable encryption data secure sharing method based on homomorphic encryption and block chain
Yang et al. Multi-user multi-keyword rank search over encrypted data in arbitrary language
CN106803784B (en) Lattice-based multi-user fuzzy searchable encryption method in secure multimedia cloud storage
Wang et al. Secure ranked keyword search over encrypted cloud data
CN107256248B (en) Wildcard-based searchable encryption method in cloud storage security
Li et al. Enabling fine-grained multi-keyword search supporting classified sub-dictionaries over encrypted cloud data
CN109450935B (en) Verifiable semantic security multi-keyword search method in cloud storage
Wang et al. Search in my way: Practical outsourced image retrieval framework supporting unshared key
CN110392038B (en) Multi-key searchable encryption method capable of being verified in multi-user scene
Van Rompay et al. Multi-user searchable encryption in the cloud
Wang et al. Generalized pattern matching string search on encrypted data in cloud systems
Yi et al. Privacy-preserving user profile matching in social networks
Yang et al. Expressive query over outsourced encrypted data
Fan et al. Verifiable attribute-based multi-keyword search over encrypted cloud data in multi-owner setting
Liu et al. EMK-ABSE: Efficient multikeyword attribute-based searchable encryption scheme through cloud-edge coordination
Shu et al. SybSub: Privacy-preserving expressive task subscription with sybil detection in crowdsourcing
Rajan et al. Dynamic multi-keyword based search algorithm using modified based fully homomorphic encryption and Prim’s algorithm
Li et al. Multi-user searchable encryption with a designated server
Verma Secure client-side deduplication scheme for cloud with dual trusted execution environment
Park et al. PKIS: practical keyword index search on cloud datacenter
Cui et al. Towards encrypted in-network storage services with secure near-duplicate detection
Wang et al. Towards practical private processing of database queries over public data
Ibrahim et al. Approximate keyword-based search over encrypted cloud data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant