CN107580003A

CN107580003A - Safe no certificate can search for public key cryptography scheme under industrial environment of internet of things

Info

Publication number: CN107580003A
Application number: CN201711042726.1A
Authority: CN
Inventors: 陈建铭; 吴祖扬; 孟超; 王景行
Original assignee: Shenzhen Graduate School Harbin Institute of Technology
Current assignee: Shenzhen Graduate School Harbin Institute of Technology
Priority date: 2017-10-31
Filing date: 2017-10-31
Publication date: 2018-01-12

Abstract

Public key cryptography scheme is can search for without certificate the invention discloses a kind of provable security under industrial environment of internet of things, it comprises the following steps：A, registration phase：Data consumer generates respective public key and private key with Cloud Server under the assistance of key generation centre；B, data encryption stage:Ciphertext is simultaneously uploaded to Cloud Server by data owner's encryption keyword.C, retrieval phase：Data consumer generates the trapdoor for retrieval and is sent to Cloud Server, and Cloud Server is received after the trapdoor of user, it will ciphertext is retrieved, and the result of retrieval is returned into user.The present invention is directed to the keyword guessing attack that malicious server and external attacker be present in industrial Internet of Things cloud storage and proposes new solution, and the provable offline keyword guessing attack that can keep out external attacker and malicious server, there is higher safe class in similar security protocol.

Description

Safe no certificate can search for public key cryptography scheme under industrial environment of internet of things

Technical field

What the present invention proposed a kind of provable security under industrial environment of internet of things can search for public key encryption side without certificate Case.

Background technology

With industrial Internet of Things（IIoT）Fast development, industrial Internet of Things（IIoT）Cloud storage technology is by more and more Enterprise and personal user favor.Typical industrial Internet of Things（IIoT）Cloud storage network environment is as shown in Figure 1:In the environment In, the data in industrial production and operation are collected by enterprise, while sensor collection external information, these data can be by networks Cloud server is reached, and is interacted with calculation server and storage server.However, high in the clouds data are not in enterprise and individual In the supervision of user, therefore in order to prevent leakage of private information, data need to be encrypted before high in the clouds is uploaded to.This is just produced Given birth to one it is new the problem of：Because Cloud Server does not have the key of ciphertext data, so when data consumer wants retrieval high in the clouds number According to when Cloud Server can not give a response.

For this problem, many scholars propose substantial amounts of solution.But in current many researchs, Hen Duofang Case is all proved to have the problem of security, and many without safety issue use traditional public key cryptography scheme, and this The problem of management and key that certificate can be brought are exchangeed problem, and are poorly suitable for industrial Internet of Things（IIoT）In environment.Have recently The multiple key without escape way that people proposes can search for encrypting（SCF-MCLPEKS）Scheme uses to encrypt without CertPubKey System, solves the problems, such as certificate management and key escrow, but can not keep out offline keyword guessing attack.Therefore when chance When having monitored the situation of overt channel to malicious server or external attacker, the private information in data consumer's inquiry request It will reveal, and then the encryption data for being stored in high in the clouds can also be revealed.

The content of the invention

The technical problem to be solved in the present invention is to overcome existing scheme can not keep out external attacker or malicious server The defects of carrying out offline keyword attack, there is provided a kind of that can search for without certificate for trapdoor safety is ensured under industrial environment of internet of things Public key cryptography scheme.

In order to solve the above-mentioned technical problem, the framework of the invention based on Fig. 2 carries out expansion research:First, data owner Keyword is encrypted using the public key of server and the public key of data consumer and is uploaded to high in the clouds.Then, data use Person carries out computing using the public key of server to keyword, generates the trapdoor for retrieval and is sent to cloud clothes by overt channel Business device, after Cloud Server receives trapdoor, can be retrieved to ciphertext and return result to user.In the present invention, due to In retrieval phase, when data consumer generates the trapdoor of retrieval, used the public key of server, therefore, because attacker without Method obtains the private key of given server, also can not just implement offline keyword guessing attack, so as to ensure that the hidden of user data It is private.

According to principles above, the invention provides following technical scheme：

What the present invention provided a kind of approved safe under industrial environment of internet of things can search for public key cryptography scheme without certificate, including with Lower step：

A, registration phase：Data consumerServer（Cloud server）In key generation centre （KGC）Assistance under generate respective public key and private key；

A1:System is set：The function is by key generation centre（KGC）Perform, for generating some systematic parameters.

1）Input：One security parameterk, select a bilinear mape: G₁×G₁→G₂。

2）Random selections∈Z _q ^*WithP∈G ₁, and calculateP _pub=sP。

3）Master key is setmsk=s, and export open parameterparam：

param ={k, G₁, G₂, e, q, P,P _pub, H ₁, H ₂, whereinH ₁, H ₂It is 2 different hash functions.H ₁: {0,1}^*→G₁, H ₂: {0,1}^*→G₁.

A2:Generating portion private key：The function is by key generation centre（KGC）Perform, for generating the part of server or user Private key.

1）Calculate：Q _S=H ₁(ID _S), Q _R=H ₁(ID _R)。

2）CalculateD _S=s∙Q _S, D _R=s∙Q _R。

3）Send respectivelyD _S, D _RTo server and user.

A3:Generate secret value：The function is performed by server or user, for generating another portion of server or user Divide private key.

1）Server randomly chooses a numberx _S。

2）User randomly chooses a numberx _R。

A4:Set private key：The function is performed by server or user, for generating the private key of server or user.

1）Server sets the private key of oneself to be：SK _S={SK _S,1,SK _S,2 }={x _S, D _S }。

2）User sets the private key of oneself to be：SK _R={SK _R,1,SK _R,2 }={x _R, D _R }。

A5:Set public key：The function is performed by server or user, for generating the public key of server or user.

1）Server sets the public key of oneself to be：PK _S=x _S∙P

2）User sets the public key of oneself to be：PK _R=x _R∙P。

B, data encryption stage：

Encryption keyword（SCF-MCLPEKS⁺）：The function is performed by data owner, for encryption keyword.If data are gathered around The person of having wants to send his data to data consumer, then he can be in the following method to set of keywordsWIt is encrypted：

1）To each keywordw _i∈W, select a random numberr _i,

2）CalculateQ _R=H ₁(ID _R)。

3）CalculateU _i,V _i, K _iIt is as follows：

U _i=e(r _i H ₂(w _i), PK _R)∙e(r _i Q _R, P _pub),

V _i=r _i PK _S,

K _i=r _i P.

4）Set ciphertext be：C={C _i, whereinC _i={U _i, V _i, K _i }。

C, retrieval phase：

C1：Generate trapdoor：The function is performed by data consumer, for generating the trapdoor of retrieval.If the user of data Want retrieval and carry keywordwSome ciphertext, then he can generate the trapdoor of retrieval according to the methods below：

1）Calculate one random number of selectionr。

2）Trapdoor is setT _wFor：T _w={T ₁,T ₂, wherein,T ₁,T ₂It is as follows：

T ₁= D _R+ x _R∙H ₂(w)+rP,

T ₂=rPK _S.

(8) test:The function is performed by server, for testing ciphertextCAnd trapdoorT _wWhether match.

1) to each ciphertextC _i∈C, calculateU=(U _i)^xS。

2) verify：e(T ₁,V _i)=U∙e(K _i, T ₂).If set up, 1 is returned, otherwise, returns to 0.

Ifw=w _i, then we can obtain：

e(T ₁,V _i)

= e(D _R+ x _R∙H ₂(w)+rP,r _i PK _S)

= e(x _R∙H ₂(w),r _i PK _S)∙ e(D _R,r _i PK _S)∙ e(rP,r _i PK _S)

= e(r _i∙H ₂(w),x _R PK _S)∙ e(sQ _R,r _i PK _S)∙ e(r _i P,rPK _S).

= [e(r _i∙H ₂(w),x _R P)∙ e(r _i Q _R,sP)]^xS∙ e(K _i, T ₂)

= (U _i)^xS∙e(K _i, T ₂).

The beneficial effect that is reached of the present invention is：

For industrial Internet of Things（IIoT）The protection problem of encryption data private information proposes one kind and can demonstrate,proved in cloud storage environment Safety can search for public key cryptography scheme without certificate.It can prove that this programme can keep out offline keyword guessing attack, can Protection encryption data well, has higher safe class in similar no CertPubKey can search for encipherment scheme.And This programme is also higher in efficiency, has very strong practicality, therefore be applicable to industrial Internet of Things（IIoT）Cloud storage ring In border.

Brief description of the drawings

Accompanying drawing is used for providing a further understanding of the present invention, and a part for constitution instruction, the reality with the present invention Apply example to be used to explain the present invention together, be not construed as limiting the invention.In the accompanying drawings：

Fig. 1 illustrates typical industrial Internet of Things（IIoT）Cloud storage network environment.

Fig. 2 illustrates basic procedure of the present invention.

Embodiment

The preferred embodiments of the present invention are illustrated below in conjunction with accompanying drawing 2, it will be appreciated that described herein preferred real Apply example to be merely to illustrate and explain the present invention, be not intended to limit the present invention.

A kind of approved safe under industrial environment of internet of things can search for public key cryptography scheme without certificate, and it includes following step Suddenly：

A, registration phase：Data consumerServer（Cloud server）Under KGC assistance Generate respective public key and private key；

2）Random selections∈Z _q ^*WithP∈G ₁, and calculateP _pub=sP。

3）Master key is setmsk=s, and export open parameterparam：

1）Calculate：Q _S=H ₁(ID _S), Q _R=H ₁(ID _R)。

2）CalculateD _S=s∙Q _S, D _R=s∙Q _R。

3）Send respectivelyD _S, D _RTo server and user.

1）Server randomly chooses a numberx _S。

2）User randomly chooses a numberx _R。

1）Server sets the public key of oneself to be：PK _S=x _S∙P

2）User sets the public key of oneself to be：PK _R=x _R∙P。

B, data encryption stage：

1）To each keywordw _i∈W, select a random numberr _i,

2）CalculateQ _R=H ₁(ID _R)。

3）CalculateU _i,V _i, K _iIt is as follows：

U _i=e(r _i H ₂(w _i), PK _R)∙e(r _i Q _R, P _pub),

V _i=r _i PK _S,

K _i=r _i P.

4）Set ciphertext be：C={C _i, whereinC _i={U _i, V _i, K _i }。

C, retrieval phase：

1）Calculate one random number of selectionr。

T ₁= D _R+ x _R∙H ₂(w)+rP,

T ₂=rPK _S.

1) to each ciphertextC _i∈C, calculateU=(U _i)^xS。

Ifw=w _i, then we can obtain：

e(T ₁,V _i)

= e(D _R+ x _R∙H ₂(w)+rP,r _i PK _S)

= e(x _R∙H ₂(w),r _i PK _S)∙ e(D _R,r _i PK _S)∙ e(rP,r _i PK _S)

= e(r _i∙H ₂(w),x _R PK _S)∙ e(sQ _R,r _i PK _S)∙ e(r _i P,rPK _S).

= [e(r _i∙H ₂(w),x _R P)∙ e(r _i Q _R,sP)]^xS∙ e(K _i, T ₂)

= (U _i)^xS∙e(K _i, T ₂)。

Finally it should be noted that：The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, Although the present invention is described in detail with reference to the foregoing embodiments, for those skilled in the art, it still may be used To be modified to the technical scheme described in foregoing embodiments, or equivalent substitution is carried out to which part technical characteristic. Within the spirit and principles of the invention, any modification, equivalent substitution and improvements made etc., it should be included in the present invention's Within protection domain.

Claims

1. a kind of no certificate safe under industrial environment of internet of things can search for public key cryptography scheme, it is characterised in that including with Lower step：

First, data owner is encrypted and is uploaded to keyword using the public key of server and the public key of data consumer High in the clouds；

Then, data consumer carries out computing using the public key of server to keyword, generates the trapdoor for retrieval and passes through Overt channel is sent to Cloud Server, after Cloud Server receives trapdoor, ciphertext can be retrieved and return result to use Family.

2. a kind of no certificate safe under industrial environment of internet of things according to claim 1 can search for public key encryption side Case, it is characterised in that the program specifically includes following steps：

A, registration phase：Data consumer is with Cloud Server in key generation centre）Assistance under generate respective public key with it is private Key；

A1:Set：The function is performed by key generation centre, for generating some systematic parameters；

1）Input：One security parameterk, select a bilinear mape: G₁×G₁→G₂；

2）Random selections∈Z _q ^*WithP∈G ₁, and calculateP _pub=sP；

3）Master key is setmsk=s, and export open parameterparam：

param ={k, G₁, G₂, e, q, P,P _pub, H ₁, H ₂, whereinH ₁, H ₂It is 2 different hash functions；H ₁: {0,1}^*→G₁, H ₂: {0,1}^*→G₁；

A2:Generating portion private key：The function is performed by key generation centre, for generating the part private key of server or user；

1）Calculate：Q _S=H ₁(ID _S), Q _R=H ₁(ID _R)；

2）CalculateD _S=s∙Q _S, D _R=s∙Q _R；

3）Send respectivelyD _S, D _RTo server and user；

A3:Generate secret value：The function is performed by server or user, for generating the private of another part of server or user Key；

1）Server randomly chooses a numberx _S；

2）User randomly chooses a numberx _R；

A4:Set private key：The function is performed by server or user, for generating the private key of server or user；

1）Server sets the private key of oneself to be：SK _S={SK _S,1,SK _S,2 }={x _S, D _S}；

2）User sets the private key of oneself to be：SK _R={SK _R,1,SK _R,2 }={x _R, D _R}；

A5:Set public key：The function is performed by server or user, for generating the public key of server or user；

1）Server sets the public key of oneself to be：PK _S=x _S∙P；

2）User sets the public key of oneself to be：PK _R=x _R∙P；

B, data encryption stage：

Encryption keyword（SCF-MCLPEKS⁺）：The function is performed by data owner, for encryption keyword；If data are gathered around The person of having wants to send his data to data consumer, then he can be in the following method to set of keywordsWIt is encrypted：

1）To each keywordw _i∈W, select a random numberr _i,

2）CalculateQ _R=H ₁(ID _R)；

3）CalculateU _i,V _i, K _iIt is as follows：

U _i=e(r _i H ₂(w _i), PK _R)∙e(r _i Q _R, P _pub),

V _i=r _i PK _S,

K _i=r _i P；

4）Set ciphertext be：C={C _i, whereinC _i={U _i, V _i, K _i}；

C, retrieval phase：

C1：Generate trapdoor：The function is performed by data consumer, for generating the trapdoor of retrieval；If the user of data Want retrieval and carry keywordwSome ciphertext, then he can generate the trapdoor of retrieval according to the methods below：

1）Calculate one random number of selectionr；

T ₁= D _R+ x _R∙H ₂(w)+rP,

T ₂=rPK _S；

(8) test:The function is performed by server, for testing ciphertextCAnd trapdoorT _wWhether match；

1) to each ciphertextC _i∈C, calculateU=(U _i)^xS；

2) verify：e(T ₁,V _i)=U∙e(K _i, T ₂)；If set up, 1 is returned, otherwise, returns to 0；

Ifw=w _i, then we can obtain：

e(T ₁,V _i)

= e(D _R+ x _R∙H ₂(w)+rP,r _i PK _S)

= e(x _R∙H ₂(w),r _i PK _S)∙ e(D _R,r _i PK _S)∙ e(rP,r _i PK _S)

= e(r _i∙H ₂(w),x _R PK _S)∙ e(sQ _R,r _i PK _S)∙ e(r _i P,rPK _S).

= [e(r _i∙H ₂(w),x _R P)∙ e(r _i Q _R,sP)]^xS∙ e(K _i, T ₂)

= (U _i)^xS∙e(K _i, T ₂)。