CN107679408A

CN107679408A - Regular language searching system in safe cloud storage

Info

Publication number: CN107679408A
Application number: CN201710888030.4A
Authority: CN
Inventors: 杨旸; 张煜超; 郑相涵; 叶少珍; 张�浩; 刘耿耿; 邹剑; 倪涛; 倪一涛
Original assignee: Fuzhou University
Current assignee: Fuzhou University
Priority date: 2017-09-27
Filing date: 2017-09-27
Publication date: 2018-02-09
Anticipated expiration: 2037-09-27
Also published as: CN107679408B

Abstract

The present invention relates to the regular language searching system in a kind of safe cloud storage.Regular language of the input of the AES of the system for a public key and using random length character string descriptor, the ciphertext of generation are sent to Cloud Server；In the data retrieval stage, user defines a deterministic finite automatonAnd generated using its private keyTrapdoor,Define one group of state transfer set, original state and receive state.And if only if is embedded in regular language quilt in ciphertextTrapdoor when receiving, the document is considered as matching document.The present invention can accommodate any more symbol, and can increase new symbol at any time, substantially increase the practicality of scheme；Moreover it is possible to reduce the storage overhead of wireless subscriber terminal, it is easy to the flexible expansion of system.

Description

Regular language searching system in safe cloud storage

Technical field

The present invention relates to the regular language searching system in a kind of safe cloud storage

Background technology

Cloud storage is a kind of emerging memory module, can provide the user expansible, flexible and pay-for-use service. For personal use, user can access their data using any equipment whenever and wherever possible.When one group of user uses cloud During storage, it allows group member synchronization and manages all shared documents.In addition, it is also saved for buying storage for user The fund input of equipment.Cloud storage also causes many securities while providing convenient for client.All data are deposited Storage is on multiple servers of cloud service provider, therefore client can not grasp its data completely.Because server may be hacked Visitor's invasion, or internal staff may leak data obtain commercial interest, therefore users worry the privacy concern of document.With Family wishes to use encryption technology, to protect the confidentiality of data, to have triggered another problem again：How to be carried out in a large amount of ciphertexts Data retrieval.User can not possibly download all storage informations and it be decrypted and then again to retrieving in plain text, and can not bear Huge transport overhead and very long data retrieval times.

Can search for encryption technology data can not only be encrypted protection, and can be before data-privacy is not destroyed Put and support efficient function of search.User generates search trapdoor using its private key and sends it to Cloud Server.Receive After trapdoor, Cloud Server scans on the premise of ciphertext not being decrypted to encryption data.In data retrieval process, Cloud Server will not obtain any cleartext information about encryption data and user searches for the information of content.However, most of can Search encipherment scheme only supports basic search pattern, such as single keyword search, links keyword search and boolean search. Cloud computing is industry with keen competition, there is provided good Consumer's Experience is most important.

Although cloud computing is the service mode of next generation network, safety and privacy concern are to hinder it in practical application In be widely accepted major obstacle.Chang et al. have studied the security of cloud computing, including fire wall, access control, identity Management, intrusion prevention and polymerization encryption.Zheng et al. proposes a kind of mobile framework to realize remotely resident multimedia service safety Access.Someone have studied the security architecture of business cloud, it realize safe and reliable cloud service and can safe handling it is a large amount of Data.

Evincible data hold (PDP) and provide a kind of probabilistic verification method for cloud computing to prove that the data of user are complete Whole property.Barsoum et al. have studied the design principle of PDP constructions, and indicate the limitation of existing PDP models.Wang et al. Propose a kind of PDP models of the identity-based for the storage of multiple Cloud Servers.It eliminates the certificate management of complexity, and energy Enough carry out polytype checking.Li et al. have studied in resource-constrained devices it is provable hold scheme, reduce big gauge Expense is calculated, realizes dynamic data operation.Omojte et al. proposes a kind of lightweight encoding scheme to support multiple users.

Can search for encryption technology can protect data-privacy, while support user to inquire about encrypted document.Since Since Song et al. proposes this concept, it causes increasing concern.Wang et al. utilizes one-to-many order preserving map side Method realizes keyword sorted search scheme in file is encrypted.Liu et al. reduces query cost, and inquiry is categorized as more Individual grade.Xu et al. combines public key encryption and fuzzy keyword search devises the public key encryption framework of fuzzy keyword search. Li et al. introduces relevance score and preference heterogeneity can carry out accurate keyword search, and utilizes the sub- word of classification Allusion quotation improves efficiency.

Cui et al. introduces the concept that key polymerization can search for encryption so that data owner only sends single to user Key just can share large volume document.Yang et al. devise one it is time-based can search for encipherment scheme, search permission is referring to User is awarded in the fixed time.Someone introduces the encryption mechanism based on attribute and is used to can search for encryption so as to searching Rope authority carries out fine-granularity access control.Chen et al. proposes a kind of two server model to resist keyword guessing attack. Someone have studied based on the encryption technology of lattice so as to after constructing the quantum epoch can search for encipherment scheme.

Someone have studied can search for encrypting in mobile environment.When mobile group changes, Xia et al. is non-right using dynamic Group cipher key negotiation protocol and allograph is claimed to update ciphertext.Somebody have studied the scheme of no safe lane to resist keyword Guessing attack.Later, Liang et al. propose support regular language search can search for encipherment scheme.However, it have it is several tight The problem of weight.First, user must interact with key generation centre can just scan for inquiring about.Secondly, when system is set When, it is necessary to pre-defined assemble of symbol.The size of Your Majesty's key increases with the growth of the set, when predefined glossary of symbols becomes When big, Your Majesty's key needs to consume bigger memory space.If adding new symbol, whole system must be rebuild.The Three, encrypting with trapdoor generating algorithm, user needs to perform a large amount of powers calculating.Therefore, Liang scheme should for cloud storage It is impracticable for.

The content of the invention

It is an object of the invention to for regular language search, storage and computing cost in existing scheme, can not be supported big The problems such as, there is provided the regular language searching system in a kind of safe cloud storage, much more any symbol can be accommodated, and can be with Symbol new Shi Zengtian, substantially increase the practicality of scheme；Moreover it is possible to the storage overhead of wireless subscriber terminal is reduced, just In the flexible expansion of system.

To achieve the above object, the technical scheme is that：A kind of regular language searching system in safe cloud storage, Including key generation centre, Cloud Server；

The key generation centre, for generating public/private keys pair for user；

The Cloud Server, for providing the user cloud storage service；

When system is established, key generation centre generation common parameter, and generate public/private keys pair for each user；Then, The document data of data owner is encrypted generation ciphertext and is sent to Cloud Server storage by key generation centre, meanwhile, The keyword character string of document data is encrypted, to describe this article file data；

When user carries out data retrieval inquiry, by key generation centre using private key generation search trapdoor, then should Trapdoor is sent to Cloud Server, and Cloud Server searches for matching document data according to trapdoor, and returns to user.

In an embodiment of the present invention, the specific implementation of key generation centre generation common parameter is as follows,

Setup(1^κ)→PP：Key generation centre performs Setup algorithms, with security parameter 1^κFor input, algorithm selects at random Select h₀,h₁,h₂,h₃,h₄,φ₁,φ₂,η∈_RG andCalculate g₁=g^a,g₂=g^b, obtain common parameter PP= (g,g₁,g₂,h₀,h₁,h₂,h₃,h₄,φ₁,φ₂,η)；Wherein, H:G_T→ G is hash function, and G is Prime Orders p bilinearity group, g ∈ G are G generation members.

In an embodiment of the present invention, key generation centre is the specific implementation side that each user generates public/private keys pair Formula is as follows,

KeyGen(PP,u)→(PK_u,SK_u)：For user u, key generation centre random selectionCalculate Y=e (g₁,g₂)^α,Y₀=g^s',Then Public/private keys are exported to (PK_u,SK_u), wherein, PK_u=(Y, Y₀,Y₁,Y₂,Y₃,Y₄,Y₅), SK_u=(α, s', s ", s " ').

In an embodiment of the present invention, the specific reality that the document data of data owner is encrypted key generation centre Existing mode is as follows,

Enc(PK_u, W={ w₁,...,w_l})→CT：Key generation centre is with character string W and public key PK_uTo input, at random SelectionCalculate C₀=H (Y^s), C₁=g^s, C₂=η^s,C_5,i=s_i/ s', C_6,i=wxs_i-1/ s ", C_7,i=w_is_i/ s " ', output ciphertext CT=(C₀,C₁,C₂,C₃,C₄,{C_5,i}_i∈[0,l]{C_6,i, C_7,i}_i∈[1,l]), and it is sent to Cloud Server.

In an embodiment of the present invention, the specific implementation by key generation centre using private key generation search trapdoor It is as follows,

TokenGen(SK_u, M=(Q, Σ, T, q₀,q_n-1))→TK：Trapdoor generating algorithm is performed, and inputs the private key of user SK_uM=(Q, Σ, T, q are represented with DFA₀,q_n-1)；

In DFA expressions, Q is state set { q₀,...,q_n-1, wherein, q₀It is original state, q_n-1It is to receive state, T It is state transfer set, the transfer of each of which state is all a tuple| T |=m；

Random selectionAnd { r_i}_i∈[0,l],User calculatesT₂=g^u, T₃=g^r, T_6,t=r_t/ s', T_7,t=u_t/ s', T_s,t=r_tσ_t/ s ", Export TK=(T₁,T₂,T₃,T₄,T₅,{T_6,t,T_7,t,T_8,t}_t∈[1,m]), and send it to Cloud Server and inquired about.

In an embodiment of the present invention, Cloud Server matches the specific implementation of document data according to search trapdoor search It is as follows,

Test(CT,TK)→1/0：Using ciphertext CT and trapdoor TK as input, Cloud Server calculates：

If equation H (Γ)=C₀Set up, algorithm output 1, represent that trapdoor matches with encrypted indexes, and user is returned The document F corresponding with ciphertext CT；Otherwise 0 is exported.

Compared to prior art, the invention has the advantages that：

(1) regular language is searched for：Present invention employs regular language search, and compared with other schemes, the present invention can carry For more flexible search pattern；In the system, the input of AES for a public key and utilizes random length character string descriptor Regular language；The ciphertext of generation is sent to Cloud Server；In the data retrieval stage, it is limited certainly that user defines a certainty Motivation (DFA) simultaneously utilizes its private key generation DFA trapdoor；DFA defines one group of state transfer set, original state and receives shape State.When the regular language that and if only if is embedded in ciphertext is received by DFA trapdoor, the document is considered as matching document；

(2) dynamic attribute：Any more symbol can be accommodated in the system, and new symbol can be increased at any time, greatly The big practicality for improving scheme；Moreover it is possible to reduce the storage overhead of wireless subscriber terminal；It is easy to the flexible expansion of system；

(3) odds for effectiveness：The present invention is established on the basis of symmetrical Prime Orders Bilinear Groups, than closing number rank and asymmetric element Number rank Bilinear Groups are more efficient.；In addition, encryption and trapdoor generating algorithm are also efficient.

Brief description of the drawings

Fig. 1 is present system framework.

Fig. 2 is the DFA of the present invention course of work.

Fig. 3 is the example of the industrial cloud storage of the present invention.

Embodiment

Below in conjunction with the accompanying drawings, technical scheme is specifically described.

Regular language searching system in a kind of safe cloud storage of the present invention, including key generation centre, Cloud Server；

The key generation centre, for generating public/private keys pair for user；

The Cloud Server, for providing the user cloud storage service；

In the present invention, the specific implementation of key generation centre generation common parameter is as follows,

Setup(1^κ)→PP：Key generation centre performs Setup algorithms, with security parameter 1^κFor input, algorithm selects at random Select h₀,h₁,h₂,h₃,h₄,φ₁,φ₂,η∈_RG andCalculate g₁=g^a,g₂=g^b, obtain common parameter PP= (g,g₁,g₂,h₀,h₁,h₂,h₃,h₄,φ₁,φ₂,η)；Wherein, H:GT → G is hash function, and G is Prime Orders p bilinearity group, g ∈ G are G generation members.

In the present invention, key generation centre is that the specific implementation of each user generation public/private keys pair is as follows,

In the present invention, the specific implementation that the document data of data owner is encrypted key generation centre is such as Under,

Enc(PK_u, W={ w₁,...,w_l})→CT：Key generation centre is using character string W and public key PKu as input, at random SelectionCalculate C₀=H (Y^s), C₁=g^s, C₂=η^s,C_5,i=s_i/ s', C_6,i=w_is_i-1/ s ", C_7,i=w_is_i/ s " ', output ciphertext CT=(C₀,C₁,C₂,C₃,C₄,{C_5,i}_i∈[0,l]{C_6,i,C_7,i }_i∈[1,l]), and it is sent to Cloud Server.

It is in the present invention, as follows using the specific implementation of private key generation search trapdoor by key generation centre,

Random selectionAnd { r_i}_i∈[0,l],User calculatesT₂=g^u, T₃=g^r, T_6,t=r_t/ s', T_7,t=u_t/ s', T_s,t=r_tσ_t/ s ", it is defeated Go out TK=(T₁,T₂,T₃,T₄,T₅,{T_6,t,T_7,t,T_8,t}_t∈[1,m]), and send it to Cloud Server and inquired about.

In the present invention, Cloud Server is as follows according to the specific implementation of search trapdoor search matching document data,

It is below the specific implementation process of the present invention.

Fig. 1 is the system framework of the present invention.System includes following various types of entities.The characteristics of each entity and function It is described below：

Key generation centre (KGC)：KGC in by system all entities trusted, be responsible for the common parameter of generation system, together When be system in each validated user generate public/private keys pair.Private key is sent to user, public key by KGC by back channel Then all users are disclosed, KGC takes care of public key (such as PKI using security management mechanism：PKIX).

Data owner：Data owner utilizes regular language using the personal sensitive data of cloud storage service storage Document is described, regular language and document are encrypted, and send it to Cloud Server.

Cloud Server：Cloud Server provides the user cloud storage service.Data are generally stored inside logic pond and multiple physics In server.Cloud Server ensures that authorized user can access data whenever and wherever possible.Cloud Server possesses at surprising data Reason and computing capability.Cloud Server responds to the search inquiry of user, starts search matching document.

User：User asks Cloud Server to perform measuring and calculation to encryption data.User searches for trapdoor using private key generation, And send it to Cloud Server and inquired about.

Partial symbols in the present invention are defined as follows.

Because arbitrary (M, W) can be converted into (M', W') (wherein M' only has one kind to receive state), therefore the present invention is only Consider | F |=1 DFA is represented.In addition, the system supports dynamic set of letters renewal, such as | Σ | it is unlimited size, therefore DFA expression is defined as M=(Q, Σ, T, q₀,q_n-1), wherein n=| Q |, m=| T |,

1st, the basic implementation process of the system

1.1 systems are established

1.2 user's registration

When user u is to system registry, KGC verifies its identity and advises public/private keys (PK for its generation_u,SK_u)。

1.3 encryption

Enc(PK_u, W={ w₁,...,w_l})→CT：Key generation centre is with character string W and public key PK_uTo input, at random SelectionCalculate C₀=H (Y^s), C₁=g^s, C₂=η^s,C_5,i=s_i/ s', C_6,i=w_is_i-1/ s ", C_7,i=w_is_i/ s " ', output ciphertext CT=(C₀,C₁,C₂,C₃,C₄,{C_5,i}_i∈[0,l]{C_6,i,C_7,i }_i∈[1,l]), and it is sent to Cloud Server.

1.4 trapdoors generate

1.5 test

If equation H (Γ)=C₀Set up, algorithm output 1, represent that trapdoor matches with encrypted indexes, i.e. the DFA of trapdoor Receive character string W, and the document F corresponding with ciphertext CT is returned to user；Otherwise 0 is exported.

2nd, Bilinear map

AlgorithmUsing security parameter λ as input, parameter (p, g, G, the G of Prime Orders bilinear map are exported_T,e).Wherein G and G_TIt is Prime Orders p multiplicative cyclic group, g is G generation member.Map e:G×G→G_TIt is bilinear map.Bilinear map e has Three attributes：(1) bilinearity：And a, b ∈ Z_p, there is e (u^a,v^b)=e (uv)^ab.(2) non-degeneracy：e(g,g)≠ 1.(3) computability：Mapping e can be calculated effectively.

3rd, difficulty is assumed

Assuming that 1 (DBDH：Prejudgementing character bilinear Diffie-Hellman is assumed).G is Prime Orders p bilinearity group, and g is G Generation member.Random selectionIt is givenAttacker is difficult by e (g, g)^abs∈G_TWith element Z (from G_TMiddle random selection) both makes a distinction.

4th, deterministic finite automaton is summarized

Deterministic finite automaton (DFA) belongs to computational theoretical category, and it receives or refusal character string, and is each Input character string and perform unique operation.One deterministic finite automaton M is five-tuple (Q, Σ, δ, a q₀,F)。

(1) Q is state set

(2) Σ is one group of assemble of symbol for being referred to as alphabet

(3) δ is transfer function

(4)q₀∈ Q are original states

(5)It is the set for receiving state

Symbol T represents one group of associated transfer set of and function δ.IfThen shift T_t∈ T expression Form isWherein | T |=m.

Assuming that M=(Q, Σ, δ, q₀,F).M receives character string W=(w₁,w₂,...,w_l) and if only if by ∈ Σ in the presence of one Status switch r₀,r₁,...,r_n∈ Q, wherein

1)r₀=q₀

2) for i ∈ (0, n-1), there are transfer function δ (r_i,w_i+1)=r_i+1

3)r_n∈F

Symbol ACCEPT (M, W) represents that deterministic finite automaton M receives character string W, and symbol REJECT (M, W) represents true Qualitative finite automata M does not receive character string W.If M receives all W ∈ L and refused allIllustrate automatic machine M L language can be identified, this language is referred to as regular language.

Fig. 2 describes the DFA course of work.There are 4 states, q in example₀It is original state, q₄It is to receive state.Assuming that Automatic machine is currently at state q₀.Incoming symbol w₁Afterwards, state will be from q₀It is transferred to q₁.Shifted and gathered according to predefined state T, with symbol w_iContinually enter, state can continue to change.If it is (w to input character string₁,w₂,w₆) or (w₁,w₅,w₃,w₄, w₆), the DFA in Fig. 2 will receive the character string.If it is (w to input character string₁,w₃,w₆), the DFA in Fig. 2 will refuse the character String.

5th, industrial cloud storage example

Shown in Fig. 3 is the example of an industrial cloud storage：A kind of process of new product is researched and developed in enterprise plan.Pass through the reality Example illustrates the operation principle of this programme

The process of research and invention new product comprises the following steps：

1) production schedule：The function of deisgn product, structure and material, and design information is sent to auditing department first.

2) audit：Auditing department is responsible for examining the feasibility and manufacturing cost of the program.If improper, auditing department will It negate the program.Otherwise, auditing department can be intended to be sent to manufacturing sector.

3) manufacture：After receiving new product designs scheme, manufacturing sector's production sample according to schedule.Then, sample is sent out Give test organization.If manufacture failure, sample will be sent back to design department.

4) experiment test：Physical property, function and the practicality of test organization's test sample.If sample has passed through all Experiment test, it is possible to produced on a large scale.Otherwise, the production schedule is sent back to design department.

5) product：By a series of research and development, new product can be launched into market.

According to the studies above and exploitation program, keyword string is defined as：w₁=" Design ", w₂=" Agree ", w₃=" Procedure ", w₄=" Pass ", w₅=" Disagree ", w₆=" Fail "

In system establishment stage, KGC is system generation common parameter and is that each user distributes public/private keys pair, then The data of enterpriser's generation are encrypted and send it to Cloud Server.Keyword character string is encrypted to retouch simultaneously State document, such as (CT₁,CT₂,CT₃):

CT₁=Enc (pk_u,(w₁,w₂,w₃,w₄))

CT₂=Enc (pk_u,(w₁,w₅))

CT₃=Enc (pk_u,(w₁,w₂,w₆))

If user wants to carry out data retrieval inquiry, DFA is defined first.Make q₀=" ProductionPlan " is initial State, q₄=" Product " is uniquely receives state.Make q₁=" Audit ", q₂=" Manufacture ", q₃=" Experimental Test”。

State transfer set T：

T₁=(Production Plan, Audit, Design),

T₂=(Audit, Manufacture, Agree),

T₃=(Manufacture, Experimental Test, Produce),

T₄=(Experimental Test, Pass, Product),

T₅=(Audit, Production Plan, Disagree),

T₆=(Manufacture, Production Plan, Fail),

T₇=(Experimental Test, Production Plan, Fail)

Then user-defined finite automata M is encrypted to search trapdoor TK and sends it to Cloud Server.

Cloud Server performs Test algorithms and finds matching document, then to user's return and CT₁Corresponding document F₁And text F in shelves₁Include the acceptable crucial word strings of DFA.

The advantage of the invention is that：

(1) regular language is searched for：Present invention employs regular language search, and compared with other schemes, the present invention can carry For more flexible search pattern.In the system, the input of AES for a public key and utilizes random length character string descriptor Regular language.The ciphertext of generation is sent to Cloud Server.In the data retrieval stage, it is limited certainly that user defines a certainty Motivation (DFA) simultaneously utilizes its private key generation DFA trapdoor.DFA defines one group of state transfer set, original state and receives shape State.When the regular language that and if only if is embedded in ciphertext is received by DFA trapdoor, the document is considered as matching document.

(2) dynamic attribute：Any more symbol can be accommodated in the system, and new symbol can be increased at any time, greatly The big practicality for improving scheme.Moreover it is possible to reduce the storage overhead of wireless subscriber terminal.It is easy to the flexible expansion of system.

(3) odds for effectiveness：The present invention is established on the basis of symmetrical Prime Orders Bilinear Groups, than closing number rank and asymmetric element Number rank Bilinear Groups are more efficient.In addition, encryption and trapdoor generating algorithm are also efficient.

Purposes：Cloud computing can provide the user flexible data management and access and service.However, what Cloud Server provided Storage service is not fully by users to trust.Can search for encryption is to realize the important tool that safety is stored and searched for, and it can The function of Confidentiality protection and private data retrieval is provided.The present invention proposes a kind of efficient dynamic regular language and can search for Encipherment scheme.Compared with other existing schemes, the advantage of the invention is that it is supported regular language encryption and had based on certainty Limit the data retrieval of automatic machine.Dynamic construction ensure that system has higher scalability and without predefined glossary of symbols Close, reduce computing cost and memory space.The system support multi-user, each user can not with key generation centre The private key generation DFA trapdoors of oneself are utilized in the case of interaction.

Above is presently preferred embodiments of the present invention, all changes made according to technical solution of the present invention, caused function are made During with scope without departing from technical solution of the present invention, protection scope of the present invention is belonged to.

Claims

A kind of 1. regular language searching system in safe cloud storage, it is characterised in that：Including key generation centre, cloud service Device；

The key generation centre, for generating public/private keys pair for user；

The Cloud Server, for providing the user cloud storage service；

When system is established, key generation centre generation common parameter, and generate public/private keys pair for each user；Then, key The document data of data owner is encrypted generation ciphertext and is sent to Cloud Server storage by generation center, meanwhile, to text The keyword character string of file data is encrypted, to describe this article file data；

When user carries out data retrieval inquiry, by key generation centre using private key generation search trapdoor, then by the trapdoor Send to Cloud Server, Cloud Server searches for matching document data according to trapdoor, and returns to user.
2. the regular language searching system in safe cloud storage according to claim 1, it is characterised in that：In key generation The specific implementation of heart generation common parameter is as follows,

Setup(1^κ)→PP：Key generation centre performs Setup algorithms, with security parameter 1^κFor input, algorithm random selection h₀, h₁,h₂,h₃,h₄,φ₁,φ₂,η∈_RG andCalculate g₁=g^a,g₂=g^b, obtain common parameter PP=(g, g₁, g₂,h₀,h₁,h₂,h₃,h₄,φ₁,φ₂,η)；Wherein, H:GT → G is hash function, and G is Prime Orders p bilinearity group, and g ∈ G are G Generation member.
3. the regular language searching system in safe cloud storage according to claim 1, it is characterised in that：In key generation The heart is that the specific implementation of each user generation public/private keys pair is as follows,

KeyGen(PP,u)→(PK_u,SK_u)：For user u, key generation centre random selectionMeter Calculate Y=e (g₁,g₂)^α,Y₀=g^s',Then public/private keys are exported to (PK_u, SK_u), wherein, PK_u=(Y, Y₀,Y₁,Y₂,Y₃,Y₄,Y₅), SK_u=(α, s', s ", s " ').
4. the regular language searching system in safe cloud storage according to claim 3, it is characterised in that：In key generation The specific implementation that the document data of data owner is encrypted the heart is as follows,

Enc(PK_u, W={ w₁,...,w_l})→CT：Key generation centre is with character string W and public key PK_uFor input, random selectionCalculate C₀=H (Y^s), C₁=g^s, C₂=η^s,C_5,i=s_i/ s', C_6,i= w_is_i-1/ s ", C_7,i=w_is_i/ s " ', output ciphertext CT=(C₀,C₁,C₂,C₃,C₄,{C_5,i}_i∈[0,l]{C_6,i,C_7,i}_i∈[1,l]), and It is sent to Cloud Server.
5. the regular language searching system in safe cloud storage according to claim 4, it is characterised in that：Given birth to by key It is as follows using the specific implementation of private key generation search trapdoor into center,

Trapdoor generating algorithm is performed, and inputs the private key SK of user_uWith DFA is represented

In DFA expressions, Q is state set { q₀,...,q_n-1, wherein, q₀It is original state, q_n-1It is to receive state,It is shape State transfer set, the transfer of each of which state is all a tuple

Random selectionAnd { r_i}_i∈[0,l],User calculates T₂=g^u, T₃=g^r,T_6,t=r_t/ s', T_7,t=u_t/ s', T_s,t=r_tσ_t/ s ", output TK=(T₁, T₂,T₃,T₄,T₅,{T_6,t,T_7,t,T_8,t}_t∈[_1,m]), and send it to Cloud Server and inquired about.
6. the regular language searching system in safe cloud storage according to claim 5, it is characterised in that：Cloud Server root Specific implementation according to search trapdoor search matching document data is as follows,

Test(CT,TK)→1/0：Using ciphertext CT and trapdoor TK as input, Cloud Server calculates：

<mfenced open = "" close = ""> <mtable> <mtr> <mtd> <mrow> <mi>&Gamma;</mi> <mo>=</mo> <mi>e</mi> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mn>1</mn> </msub> <mo>,</mo> <msub> <mi>C</mi> <mn>1</mn> </msub> <mo>)</mo> </mrow> <mo>&CenterDot;</mo> <mi>e</mi> <msup> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mn>2</mn> </msub> <mo>,</mo> <msub> <mi>C</mi> <mn>2</mn> </msub> <mo>)</mo> </mrow> <mrow> <mo>-</mo> <mn>1</mn> </mrow> </msup> <mo>&CenterDot;</mo> <mi>e</mi> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mn>3</mn> </msub> <mo>,</mo> <msub> <mi>C</mi> <mn>3</mn> </msub> <mo>)</mo> </mrow> <mo>&CenterDot;</mo> <mi>e</mi> <msup> <mrow> <mo>(</mo> <msub> <mi>T</mi> <mn>4</mn> </msub> <mo>,</mo> <msub> <mi>C</mi> <mn>4</mn> </msub> <mo>)</mo> </mrow> <mrow> <mo>-</mo> <mn>1</mn> </mrow> </msup> <mo>&CenterDot;</mo> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <munder> <mo>&Pi;</mo> <mrow> <mi>i</mi> <mo>&Element;</mo> <mo>&lsqb;</mo> <mn>1</mn> <mo>,</mo> <mi>l</mi> <mo>&rsqb;</mo> </mrow> </munder> <mo>&lsqb;</mo> <mi>e</mi> <mrow> <mo>(</mo> <msubsup> <mi>Y</mi> <mn>0</mn> <msub> <mi>T</mi> <mrow> <mn>6</mn> <mo>,</mo> <msub> <mi>t</mi> <mi>i</mi> </msub> </mrow> </msub> </msubsup> <mo>,</mo> <msubsup> <mi>Y</mi> <mn>1</mn> <msub> <mi>C</mi> <mrow> <mn>5</mn> <mo>,</mo> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </msubsup> <msubsup> <mi>Y</mi> <mn>2</mn> <msub> <mi>C</mi> <mrow> <mn>6</mn> <mo>,</mo> <mi>i</mi> </mrow> </msub> </msubsup> <msubsup> <mi>Y</mi> <mn>3</mn> <msub> <mi>C</mi> <mrow> <mn>5</mn> <mo>,</mo> <mi>i</mi> </mrow> </msub> </msubsup> <msubsup> <mi>Y</mi> <mn>5</mn> <msub> <mi>C</mi> <mrow> <mn>7</mn> <mo>,</mo> <mi>i</mi> </mrow> </msub> </msubsup> <mo>)</mo> </mrow> <mo>&CenterDot;</mo> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <mi>e</mi> <mrow> <mo>(</mo> <msubsup> <mi>Y</mi> <mn>0</mn> <msub> <mi>T</mi> <mrow> <mn>7</mn> <mo>,</mo> <msub> <mi>x</mi> <msub> <mi>t</mi> <mi>i</mi> </msub> </msub> </mrow> </msub> </msubsup> <msubsup> <mi>Y</mi> <mn>1</mn> <msub> <mi>T</mi> <mrow> <mn>6</mn> <mo>,</mo> <msub> <mi>t</mi> <mi>i</mi> </msub> </mrow> </msub> </msubsup> <msubsup> <mi>Y</mi> <mn>2</mn> <msub> <mi>T</mi> <mrow> <mn>8</mn> <mo>,</mo> <msub> <mi>t</mi> <mi>i</mi> </msub> </mrow> </msub> </msubsup> <mo>,</mo> <msubsup> <mi>Y</mi> <mn>0</mn> <msub> <mi>C</mi> <mrow> <mn>5</mn> <mo>,</mo> <mi>i</mi> <mo>-</mo> <mn>1</mn> </mrow> </msub> </msubsup> <mo>)</mo> </mrow> <mo>&CenterDot;</mo> </mrow> </mtd> </mtr> <mtr> <mtd> <mrow> <mi>e</mi> <mrow> <mo>(</mo> <msubsup> <mi>Y</mi> <mn>0</mn> <mrow> <mo>-</mo> <msub> <mi>T</mi> <mrow> <mn>7</mn> <mo>,</mo> <msub> <mi>y</mi> <msub> <mi>t</mi> <mi>i</mi> </msub> </msub> </mrow> </msub> </mrow> </msubsup> <msubsup> <mi>Y</mi> <mn>3</mn> <msub> <mi>T</mi> <mrow> <mn>6</mn> <mo>,</mo> <msub> <mi>t</mi> <mi>i</mi> </msub> </mrow> </msub> </msubsup> <msubsup> <mi>Y</mi> <mn>2</mn> <msub> <mi>T</mi> <mrow> <mn>8</mn> <mo>,</mo> <msub> <mi>t</mi> <mi>i</mi> </msub> </mrow> </msub> </msubsup> <mo>,</mo> <msubsup> <mi>Y</mi> <mn>0</mn> <msub> <mi>C</mi> <mrow> <mn>5</mn> <mo>,</mo> <mi>i</mi> </mrow> </msub> </msubsup> <mo>)</mo> </mrow> <mo>&rsqb;</mo> </mrow> </mtd> </mtr> </mtable> </mfenced>

If equation H (Γ)=C₀Set up, algorithm output 1, represent trapdoor match with encrypted indexes, and to user return with it is close Document F corresponding literary CT；Otherwise 0 is exported.