CN108039943A - A kind of encryption searching method that can verify that - Google Patents

A kind of encryption searching method that can verify that Download PDF

Info

Publication number
CN108039943A
CN108039943A CN201711277295.7A CN201711277295A CN108039943A CN 108039943 A CN108039943 A CN 108039943A CN 201711277295 A CN201711277295 A CN 201711277295A CN 108039943 A CN108039943 A CN 108039943A
Authority
CN
China
Prior art keywords
key
server
value pair
client
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711277295.7A
Other languages
Chinese (zh)
Other versions
CN108039943B (en
Inventor
李琦
朱洁
王骞
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Graduate School Tsinghua University
Original Assignee
Shenzhen Graduate School Tsinghua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Graduate School Tsinghua University filed Critical Shenzhen Graduate School Tsinghua University
Priority to CN201711277295.7A priority Critical patent/CN108039943B/en
Publication of CN108039943A publication Critical patent/CN108039943A/en
Application granted granted Critical
Publication of CN108039943B publication Critical patent/CN108039943B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Abstract

The invention discloses a kind of encryption searching method that can verify that, comprise the following steps:U1, client calculate inverted index to file set, and one group of key-value pair is calculated to each keyword in inverted index;Each group key-value pair is inserted into MPT tree constructions;Calculate and store the root Hash of MPT tree constructions;U2, client upload the MPT trees of the initialization to server, and when file set has renewal, upload the key-value pair of renewal to server;U3, user end to server send challenge token, receive the search result of server return and the reference information for verification;U4, client are matched the challenge token of transmission and the reference information, and the root Hash of MPT tree constructions is reconstructed according to matching result;U5, the root Hash reconstructed is compared with the root Hash that client stores.The encryption searching method of the present invention, can fresh sexual assault and complete sexual assault caused by authentication server is non-honest at the same time, the scope of application is wide, and expense is small.

Description

A kind of encryption searching method that can verify that
【Technical field】
The present invention relates to encryption search field, more particularly to a kind of encryption searching method that can verify that.
【Background technology】
Cloud storage allows user to access data whenever and wherever possible, and the data greatly facilitated between user are total to Enjoy.But at the same time, cloud storage brings many safety issues, two categories below can be divided on the whole:
(1) availability (availability).It is required that Cloud Server ensure data do not lose, user can using high in the clouds as Data backbone carries out data backup and synchronization.At present, general cloud service provider all employs the modes of more copies and ensures number According to availability, i.e., multiple copies of data are respectively written into other memory nodes, when a nodes break down, other Data on node continue offer service, while by the data copy in other nodes, are lost on fast quick-recovery malfunctioning node Data.At present, the related academic research for availability of data possesses proof (Proof of Data including data Possession, PDP) and data restorability prove (Proof of Retrievability, PoR).
(2) privacy (privacy).It is required that Cloud Server ensures the privacy and non-leak data of data.At present, cloud takes Business provider generally protects private data using data encryption mode, but data encryption frequently can lead to availability of data Reduction, such as data lose the property of can search for, therefore encrypt search (Searchable Encryption) and come into being.
Encryption search technique is broadly divided into two classes, first, symmetric cryptography searches for (Searchable Symmetric Encryption, SSE), second, asymmetric encryption search (Searchable Asymmetric Encryption, SAE).Due to The efficiency of asymmetric encryption search, current encryption search field are more to symmetric cryptography search concern.
The model of symmetric cryptography search is as shown in Figure 1.User is voluntarily encrypted data and uploads to high in the clouds, same with this When, user, which also needs additionally to upload an encrypted indexes (index), allows cloud to pass through the index to search for data.When user needs When searching for data, a trapdoor (trapdoor) is generated, the trapdoor is related to keyword so that user can close not exposing Content search is carried out in the case of key word content.
Encryption search is so that user while data-privacy is protected, meets its search need, but encrypts search not It can guarantee that the correctness of search result.That is, the premise of encryption search is that Cloud Server is honest, i.e., server can abide by Keep and correctly perform search operation with the agreement of user, but in practical application, Cloud Server is often incredible, example Such as, Cloud Server is possible to return to a small amount of search result to user to save computing cost and communication overhead, or even have can Search result can not be returned to user.The non-honest behavior of Cloud Server, academia have also been proposed pair that can verify that in order to prevent Claim encryption search mechanisms (Verifiable Searchable Symmetric Encryption, VSSE).The encryption that can verify that Search allows user to verify search result, carrys out the non-honest behavior of detection service device, has ensured the correct of encryption search Property.
In Verifiable Encryptosystem search, the security attack caused by server is non-honest can be mainly divided into following two Kind:
The fresh sexual assault of data (Data Freshness Attack):In encryption is searched for, the fresh sexual assault of data refers to Server (attacker) attempts to return to old search result, rather than newest search result.For example, use Δn={ δ12,…, δnRepresent the data set of legacy version, use δn+1To represent newest data set, then the search result that server returns is data Collect δiSearch result, wherein 1≤i≤n.
Data integrity attacks (Data Integrity Attack):In encryption is searched for, data integrity attack refers to Server (attacker) attempts not allow user to obtain complete search result.For example, represent that user searches in encryption search with τ Rope trapdoor, the search result that user should obtain are F (τ), and the search result that server returns is G (τ), whereinAnd G (τ) may be
The fresh sexual assault of data is existed only in dynamic encryption search plan, is not deposited in the case of database static state .But in reality, dynamic data base is relatively conventional, therefore it is that Verifiable Encryptosystem search has to solve to take precautions against the fresh sexual assault of data Certainly the problem of.Data integrity attack not only includes the situation that server returns to search result less, further comprises server and does not return Search result is returned to evade the situation of result verification.The problem is a very serious problem, but few researchs consider at present To the problem.
The disclosure of background above technology contents is only used for inventive concept and the technical solution that auxiliary understands the present invention, it is not The prior art of present patent application is necessarily belonged to, shows the applying date of the above in present patent application in no tangible proof In the case of disclosed, above-mentioned background technology should not be taken to the novelty and creativeness of evaluation the application.
【The content of the invention】
The technical problems to be solved by the invention are:Make up above-mentioned the deficiencies in the prior art, propose it is a kind of can verify that plus Close searching method, can fresh sexual assault and complete sexual assault caused by authentication server is non-honest at the same time, the scope of application is wide, And expense is small.
The technical problem of the present invention is solved by following technical solution:
A kind of encryption searching method that can verify that of client executing, comprises the following steps:U1, client is to file set Inverted index is calculated, one group of key-value pair is calculated to each keyword in inverted index, wherein, the key corresponds to for keyword Token, described value for the file comprising the keyword increment Hash and;Each group key-value pair is inserted into MPT tree constructions, is obtained To the MPT trees of initialization;Calculate and store the root Hash of the MPT tree constructions of each group key-value pair structure;U2, client upload described in The MPT trees of initialization are to server, and when file set has renewal, upload the key-value pair of renewal to server;U3, client Challenge token is sent to server, receives the search result of server return and the reference information for verification, it is described with reference to letter Cease and saved in the MPT tree constructions that the leaf node presence or absence for server in the corresponding MPT tree constructions of challenge token is extracted The key and key-value pair of point;U4, client is matched the challenge token of transmission and the reference information, according to matching result weight Structure goes out the root Hash of MPT tree constructions;U5, the root Hash reconstructed is compared with the root Hash that client stores, if phase Together, show that server is accurate without tampering, search result;If it is not the same, show that server has tampering, search result It is inaccurate.
The encryption searching method that can verify that a kind of server performs, S1, server receive the initialization that client uploads MPT trees, and receive the key-value pair of renewal, initial MPT tree constructions updated according to the key-value pair of the renewal, are obtained newest MPT tree constructions;S2, the challenge token that server is sent according to client, scans for, obtains search result;S3, server root The challenge token sent according to client, judges the leaf node presence or absence in the corresponding MPT tree constructions of the challenge token, root It is judged that the key and key-value pair of the MPT tree construction interior joints of result extraction are as the reference information for verifying;S4, server will Described search result and reference information are sent to client.
A kind of encryption searching method that can verify that, is related to client and server;A1, client calculate to file set Row's index, one group of key-value pair is calculated to each keyword in inverted index, wherein, the key is the corresponding order of keyword Board, described value for the file comprising the keyword increment Hash and;Each group key-value pair is inserted into MPT tree constructions, is obtained just The MPT trees of beginningization;Calculate and store the root Hash of the MPT tree constructions of each group key-value pair structure;A2, client upload described initial The MPT trees of change are to server, and when file set has renewal, upload the key-value pair of renewal to server;A3, server receive The MPT trees for the initialization that client uploads, and the key-value pair of renewal is received, initial according to the renewal of the key-value pair of the renewal MPT tree constructions, obtain newest MPT tree constructions;A3, user end to server send challenge token;Server is according to client The challenge token of transmission, scans for, obtains search result;The challenge token that server is sent according to client, described in judgement Challenge the leaf node presence or absence in the corresponding MPT tree constructions of token, the MPT tree construction interior joints extracted according to judging result Key and key-value pair as verify reference information;Described search result and reference information are sent to client by server End;Client receives the search result of server return and the reference information for verification;A4, client make the challenge of transmission Key in board and the reference information is matched, and the root Hash of MPT tree constructions is reconstructed according to matching result;A5, will reconstruct The root Hash gone out is compared with the root Hash that client stores, if identical, shows server without tampering, search result Accurately;If it is not the same, showing that server has tampering, search result is inaccurate.
The beneficial effect that the present invention is compared with the prior art is:
The encryption searching method that can verify that of the present invention, using new MPT data tree structures and designs rational mechanism To improve the defence to data freshness and data integrity attack, especially defensive server returns to empty result and evades result The situation of verification.By building MPT, will be separated for the index of result verification with the index of encryption search so that verification Process can be combined with the search result that any encryption search plan obtains, and result verification service can be provided in broad range. Matched by challenging token with the key in reference information, the root Hash of MPT tree constructions is reconstructed by matching result, breathed out by root Verification is compared in the uncommon root Hash with client storage, and it is complete that the present invention solves data that may be present in cloud storage perfectly Whole sexual assault and the attack of data freshness, it is particularly possible to detect that server malice returns to empty result to evade the feelings of result verification Condition.The method of the present invention, server carries out a wheel communication with client can complete to verify, communication round is few, and expense is small.To sum up Described, the present invention is not only a kind of general Verifiable Encryptosystem search framework, and at lower cost perfect solves encryption Result verification problem in search.
【Brief description of the drawings】
Fig. 1 is the schematic diagram of the symmetric cryptography search model of the prior art;
Fig. 2 a are the branch nodes that key-value pair is inserted into MPT tree constructions in the searching method of the specific embodiment of the invention A kind of schematic diagram during situation;
Fig. 2 b are the branch nodes that key-value pair is inserted into MPT tree constructions in the searching method of the specific embodiment of the invention Another schematic diagram during situation;
Fig. 2 c are the leaf nodes that key-value pair is inserted into MPT tree constructions in the searching method of the specific embodiment of the invention A kind of schematic diagram during situation;
Fig. 2 d are the leaf nodes that key-value pair is inserted into MPT tree constructions in the searching method of the specific embodiment of the invention Another schematic diagram during situation;
Fig. 3 is the schematic diagram of the inverted index and key-value pair in the searching method of the specific embodiment of the invention;
Fig. 4 is the schematic diagram of the MPT tree constructions built in the searching method of the specific embodiment of the invention;
Fig. 5 a be the specific embodiment of the invention searching method in user search for token in the presence of result prove Schematic diagram;
Fig. 5 b be the specific embodiment of the invention searching method in result of the token searched for of user when being not present prove Schematic diagram.
【Embodiment】
With reference to embodiment and compare attached drawing the present invention is described in further details.
The system framework of Verifiable Encryptosystem search plan includes two entities of client and server, and wherein client will be with The corresponding verification index (index) of its data is uploaded to cloud;Cloud Server (server) provides storage for client, searches for and test Card service;The search result returned after client search to Cloud Server is verified.It is as follows, in the workflow of description system Before, the implication of mark that present embodiment will use and part concept is first provided.
The definition of work flow of system is as follows:
KGenC(1k)→{K1,K2}:It is to be operated by the Client probability calculations performed.Its input is joined for a safety Number, exports as symmetric key set K1,K2
InitC(K1,K2,D)→{λ}:It is the initialization operation performed by Client.Its input is symmetric key set K1,K2And file combination D, its output include a verification and index λ.Client will verify that index λ is uploaded to server.
PreUpdateC(K1,K2,f)→{τu}:It is to be operated by the Client pre-updated performed.Its input is symmetrical close Key set K and file f to be updated, export to update token set τu.Client is uploaded to cloud by token set is updated.
UpdateS(λ,τu)→{λ′,π}:It is to be operated by the Server renewals performed.Its input is for verification index λ and more New token set τu, the verification index λ ' and more new route π after exporting as renewal.Server will more new route be sent to Client。
UpdateC(rt,π)→{rt′}:It is to be operated by the Client renewals performed.Its input is breathed out for verification index root Uncommon rt and more new route π, the root cryptographic Hash after exporting as renewal.
ChallengeC(K1,w)→{τw}:It is to be operated by the Client challenges initiated.Its input is symmetric key set K1With keyword w, export as the corresponding challenge token τ of the keywordw.The token is submitted to cloud by Client.
Proves(λ,τw)→{ρ}:It is the justification function performed by Server.Its input is that verification index λ and one is chosen Fight token τw, output is that result proves ρ.Result proof ρ is sent to the Client for initiating challenge by server.
VerifyC(K1,K2,Cw,ρ,τw,rt):It is the verification operation performed by Client.Its input is symmetrical secret key collection Close K1,K2, the search result C of server returnw, reference information ρ, challenge token τwAnd the root Hash rt that Client retains, most Whole Verify algorithms export accept or reject.
MPT represents Merkel Patricia tree (Merkle Patricia Tree, MPT).Most early in ether mill (Ethereum) proposed in, it combines traditional Trie Tree and Merkle Tree so that the tree have at the same time lookup and The function of verification.MPT has the node of four types, respectively empty node (Blank Node, BN), leaf node (Leaf Node, LN), branch node (Branch Node, BN) and expanding node (Extension Node, EN).Its hollow node is One node for not depositing any information, leaf node store key-value pair (key-valuepair), and expanding node also stores key Value pair, but the key assignments of expanding node is respectively the common prefix of its child node and the cryptographic Hash of child node.Branch node has 17 Element, wherein preceding 16 elements represent possible branch on the node, i.e. 16 hexadecimal digits, the 17th element is Codomain, when some keyword matches completion in the branch node, the corresponding value of the keyword is just stored in the element.MPT In each node by RLP carried out encode and Hash has been carried out again to encoded radio, store in the database each The key-value pair of node, wherein key are the Hash of node R LP codings, are worth the RLP codings for the node.So each node can be with It is cited by his cryptographic Hash, just ensure that the property of can search for and verifiability of MPT at the same time.In this way, the root of MPT It is hashed into order to which the finger print information of whole tree, the value of root Hash are determined by the cryptographic Hash of all lower level nodes, any node Minor alteration all can cause the value of root Hash to change.
Increment hash function (Incremental Hash, IH) is earliest by Bellare et al. propositions, and by CS2 schemes Used.IH functions are impact resistant, it is defined as IH:{0,1}*→{0,1}lThe phase of two random strings in IH functions Collision will not be produced by adding or subtracting each other.
The flow of the encryption searching method of present embodiment will be specifically described as follows.First, how description is established And verification index is updated, the process of generation result proof then will be provided, and explain in detail and how to be tested using result proof Card, to ensure the correctness of search result.
1st, verification index is established
Client first calculates inverted index Δ according to file set D, and wherein inverted index Δ refers to keyword and bag The index of file composition containing the keyword.To each keyword w in inverted indexi, calculate its key-value pair, wherein key It is the token that each keyword is generated by encryption (such as pseudo-random function), and value is all comprising the keyword The increment Hash of file and.Verification index is formed by the way that these key-value pairs are inserted into MPT.
When key-value pair is inserted into MPT trees, including key-value pair is inserted into a branch node or leaf node.
Key-value pair key entry branch node is included into two kinds of possible situations:The first situation, key are sky, at this time directly deposit value Store up the 17th position of branch node.As shown in Figure 2 a, it is insertion【Key, value】=【" ", dog】To branch node Schematic diagram.The second situation, key assignments are not sky, generate a new leaf node at this time, and not matched key is stored with value The leaf node is directed toward in the leaf node, and by original branch node.As shown in Figure 2 b, it is insertion【Key, value】=【" 345 ", dog】To the schematic diagram of branch node.
Key-value pair is inserted into a leaf node also includes two kinds of situations:The key and leaf section of the first situation band insertion The key of point matches completely, at this moment, it is only necessary to which the value for changing original leafy node is new value.As shown in Figure 2 c, it is insertion 【Key, value】=【" 123 ", dog】To the schematic diagram of leaf node.The key of the second situation insertion and the key of leaf node are not Matching, then need, using the matched common prefix generation expanding node of energy, then to utilize the multiple-limb characteristic of branch node, be directed toward Multiple leaf nodes store new key-value pair【1200, dog】With the key-value pair in original leaf node【123, cat】.Such as figure Shown in 2d, for insertion【Key, value】=【" 1200 ", dog】To the schematic diagram of leaf node.
It the following is the code for realizing above-mentioned foundation verification index:
Three kinds of modes are supported in renewal operation to verifying index, i.e. insertion, deletion and editing files, wherein editing files phase When after a file is deleted again increase newly a file.For insertion new file operation, this document f is parsed first, obtains this article The set of keywords W that part includesf, to each keyword wi∈Wf, its token is generated by pseudo-random functionAnd by text The pseudorandom result of partIt is uploaded to cloud at the same time.Server receive after by updating tokenFind corresponding leaf section Point, and will(file f comprising keyword K carries out the value that increment Hash operation obtains) and original leaf node Value be added.Delete operation is same process, simply subtracts the value of original leaf node
It should be noted that the address of " key " corresponds to be placed on the address of MPT tree nodes;Token (or it is trapdoor Trapdoor address) is corresponded in transmitting procedure.One encrypted keyword is a token, is stored in MPT Afterwards, path of each from root node to leaf node constitutes a token.That is, path=orders of the MPT from root to leaf Board=encrypted keyword.
Specifically, as shown in figure 3, by taking the file set D comprising 1~f4 of file f as an example, after calculating inverted index, comprising Keyword w1, w2, w3 and w4.It is to be made of keyword and the file comprising the keyword that the first column in Fig. 3 is with the second column Inverted index.Third column is key, i.e., the corresponding token (token) of each keyword.4th column is value, namely includes the keyword File increment Hash and.By in the key-value pair insertion MPT tree constructions shown in Fig. 3, obtained MPT tree constructions are i.e. such as Fig. 4 institutes Show.
Client is usually that the initial configuration of MPT tree constructions is uploaded to server, the server storage initial configuration After MPT tree constructions, when there is renewal, the key-value pair of renewal is received, initial MPT tree constructions are updated according to the key-value pair of renewal, Obtain newest MPT tree constructions.For example, when increasing file f 5 in file set D newly, the set of keywords that this document includes is obtained For w2 and w5.To each keyword, its token is generated by pseudo-random functionAnd the increment Hash of calculation document f5 ValueFor each keyword, by key-value pair (the increment cryptographic Hash of token and file f 5) same When be uploaded to cloud.After Server is received, for existing keyword w2, pass through tokenCorresponding leaf node is found, And willIt is added with the value of original leaf node.For there is no keyword w5, then a new leaf is created Child node, and willAs its nodal value.With light color in Fig. 3 and Fig. 4Illustrate the renewal Process.Note that server after MPT has been updated, it is necessary to more new route is sent back to client, so that user verify and more New root cryptographic Hash.
During search, user end to server sends challenge token.The challenge token that server is sent according to client, carries out Search, obtains search result.In addition, the challenge token that server is sent according to client, finds token pair in MPT tree constructions The searching route answered, extracts the key-value pair in searching route as referring to information.
2nd, generation result proves and (is used for the reference information verified)
The challenge token that Server is submitted according to userProved with verification index λ to generate result.Server roots first Searching route is found according to challenge token.IfCorresponding leaf node exists, i.e. the keyword of user's inquiry exists, then Since leaf node last layer node, " key " returned in searching route proves server as a result.For branch node, Server also returns to the key-value pair not in searching route, consequently facilitating later reconstitution goes out the root Hash of MPT tree constructions.IfThe node of corresponding termination is not present, i.e. the keyword of user's inquiry is not present, then server needs the section from search termination Point starts, and " key " returned up in searching route proves as a result, and has been returned for the terminating node of search, server Whole key-value pair.
It the following is the code for realizing that above-mentioned generation result proves:
After client receives the above results proof value, you can perform verification operation.
3rd, result verification is carried out
When Client have received search result and its corresponding result proves, it is possible to start to verify the freshness of data And integrality.
First, Client passes through the when token of keyword that uploads in searchKey progress in being proved with result Match somebody with somebody.
If the key during result proves is the prefix for challenging token, remain_key is set to store remaining in challenge token Key.Path from root node to leaf node is in fact a complete key, but aforementioned result prove in return be from Root node is incomplete, therefore the remain_key defined is used to refer to order to the path of the last layer node of leafy node Remaining key after the completion of board matches in being proved with result.For example, during matching the token a5432 in Fig. 3, what server returned As a result prove to include BN2, EN1, BN1, this paths contains only a54, then after matching with a5432, remain_key is exactly 32.
If result prove in key be not challenge token prefix, then set remain_key be just
Secondly, the root cryptographic Hash of MPT tree constructions is rebuild.If search result and remain_key are empty set, pass through As a result prove directly to calculate root cryptographic Hash.If the two is not sky, given birth to first by search result and remain_key Into the cryptographic Hash of leaf node, complete result proof value is obtained, root cryptographic Hash is then reconstructed by result proof value.Except Beyond both of these case, be considered as server deliberately return it is empty as a result, or server distorted the content of result proof.
Finally, user rebuilds obtained root Hash and whether root Hash that client storage retains is equal sentences by contrasting Disconnected data freshness and integrality.If the two is equal, it is verified, if the two is unequal, illustrates that server returns less Search result is returned or server has been distorted result and proved.
It the following is the code for realizing the above results verification:
Illustrate that above-mentioned generation result proves the detailed process with verification step below in conjunction with the concrete structure of Fig. 3 and Fig. 4.
A kind of situation:
When the keyword that client wants to be searched for is w2When, the correspondence according to Fig. 3, then the correspondence the submitted pass The challenge token of key word is " a5432 ".Due in keyword token MPT trees shown in Fig. 4 (namely verification index) In the presence of it is { BN1, EN1, BN2, LN3 } that server, which can find searching route corresponding with the token,.According to above-mentioned generation result The process of proof, server then the node on return path in addition to LN3 (since the last layer node BN2 of leaf node to Root node BN1) key and proved as a result in the lump for branch node, its key-value pair not on path.Obtained knot Fruit is proved such as the C in Fig. 5 an2,Cn1,Cn0It is shown.Wherein, C is as a result provedn2Extraction content on respective branches node BN2, namely Key " 4 ", its value are empty (because not extracting the content of LN3), key " c " and its value LN4, key " f " and its value LN5.As a result C is provedn1 Extraction content on corresponding expanding node EN1, namely key " 5 " and its value, its value is Cn2.As a result C is provedn0Respective branches section Extraction content on point BN1, namely key " 4 " and its value LN1, key " a " and its value Cn1, key " f " and its value LN2.
, can be according to the proof and search result f after extraction obtains the above results proof value2,f5Rebuild MPT trees knot The root Hash of structure.Key during user proves token " a5432 " with result first is matched, and finds " a54 " for before token Sew, remain_key is " 32 ".User is according to " 32 " and search result f2,f5Node LN3 is regenerated, then can improve result Prove.In this way, the content in being proved by perfect result, the bottom-up value for constructing root Hash.End user passes through ratio The root Hash that the root Hash and user terminal obtained compared with reconstruct retains, to judge whether data are complete.If server only returns File f2, then the root Hash reconstructed will be mismatched with correct root Hash.
Another situation:
When the corresponding token of keyword that user wants search is " a5433 ", according to Fig. 3 and Fig. 4, which exists It is not present in MPT trees (namely verification index), but its searching route is identical with " a5432 ", unlike, the token is at LN3 Mismatched.At this time, the key-value pair of node of the server extraction since LN3 nodes on bottom-up path generates The results show that such as the C in Fig. 5 bn3,Cn2,Cn1,Cn0It is shown.Relative to the situation shown in Fig. 5 a, it is extracted leaf node LN3 more Key " 32 " and value " H2" it is used as Cn3.It should be noted that as before increasing file f 5, then the value of leaf node is H2.Such as After more newly increasing file f 5, then the value of leaf node is H2+IH (CK(f5))。
User is after receiving the result and proving, because it is found that the key a5432 during token " a5433 " is proved with result can not Matching, therefore remain_key is set to null.Then user directly will prove reconstruct root Hash according to result.Equally, by with it is correct Root Hash contrasted, if it is not the same, then illustrating that server has been distorted the results show that generating malicious act.
To sum up, present embodiment by Merkle Patricia Tree (MPT) build index, and using the index as A kind of basis, it is proposed that perfect result verification mechanism.During verification, verified by the root Hash of MPT trees.Due to root Hash First time generation be performed by the user, therefore can ensure the correctness of root Hash.Subsequent root Hash renewal also by with Family is verified and is updated, therefore can ensure the correctness and freshness of root Hash.During result verification, retained based on user Root Hash carry out final contrast judgement, the change of any node, can all cause the root Hash reconstructed to retain with user Root Hash can not match.Therefore can ensure verify link reference object accurately and reliably, so as to ensure that user takes after verifying Search result be fresh and complete.
The searching method of present embodiment, can prevent data integrity attack and the attack of data freshness.Especially Ground, this method can detect that server deliberately returns to the situation of empty result in the case of user not reserved keyword set. This method is a kind of general result verification scheme, it, using conventional cryptography search plan as black box, can be that a variety of encryptions are searched Rope scheme provides result verification function.In addition, verification search can be achieved by once communicating round, there is small excellent of expense Gesture.To sum up, this method is with the characteristic that expense is small, realization is simply and independent of original encryption search plan.
Above content is that a further detailed description of the present invention in conjunction with specific preferred embodiments, it is impossible to is assert The specific implementation of the present invention is confined to these explanations.For general technical staff of the technical field of the invention, Some replacements or obvious modification are made on the premise of not departing from present inventive concept, and performance or purposes are identical, should all be considered as Belong to protection scope of the present invention.

Claims (10)

  1. A kind of 1. encryption searching method that can verify that of client executing, it is characterised in that:Comprise the following steps:U1, client Inverted index is calculated to file set, one group of key-value pair is calculated to each keyword in inverted index, wherein, the key is The corresponding token of keyword, described value for the file comprising the keyword increment Hash and;Each group key-value pair is inserted into MPT trees In structure, the MPT trees that are initialized;Calculate and store the root Hash of the MPT tree constructions of each group key-value pair structure;U2, client End uploads the MPT trees of the initialization to server, and when file set has renewal, the key-value pair for uploading renewal extremely services Device;U3, user end to server send challenge token, receive the search result of server return and believe for the reference of verification Breath, leaf node presence or absence of the reference information for server in the corresponding MPT tree constructions of challenge token are extracted The key and key-value pair of MPT tree construction interior joints;U4, client are matched the challenge token of transmission and the reference information, The root Hash of MPT tree constructions is reconstructed according to matching result;U5, by the root Hash reconstructed and client storage root Hash into Row compares, if identical, shows that server is accurate without tampering, search result;If it is not the same, show that server is distorted Behavior, search result are inaccurate.
  2. 2. the encryption searching method that can verify that of client executing according to claim 1, it is characterised in that:Step U1 In, by the way that keyword is encrypted to obtain the corresponding token of keyword;Encryption is realized by pseudo-random function Journey, generates the corresponding token of the keyword.
  3. 3. the encryption searching method that can verify that of client executing according to claim 1, it is characterised in that:Step U2 In, when there is newly-increased or deletion file f in file set, to this document f, obtain the set of keywords W that this document includesf, W is belonged to eachfKeyword wi, generate its corresponding tokenBy tokenIncrement Hash corresponding with file f and Key-value pair as renewal is uploaded to server.
  4. 4. the encryption searching method that can verify that of client executing according to claim 1, it is characterised in that:Step U3 In, the reference information extracts to obtain as follows:Leaf node in the corresponding MPT tree constructions of the challenge token In the presence of, server is since the last layer node of leaf node, described in the key conduct of node of the extraction in searching route Reference information;For the branch node in searching route, its key-value pair not in searching route is also extracted together as described Reference information;When the leaf node in the corresponding MPT tree constructions of the challenge token is not present, server is from searching route The node of termination starts, and extracts the key of the key-value pair at the node of termination and the node in searching route as the reference letter Breath;For the branch node in searching route, its key-value pair not in searching route is also extracted together as described with reference to letter Breath.
  5. 5. the encryption searching method that can verify that of the client executing according to claim 1 or 4, it is characterised in that:Step In U4, if the key in reference information is the prefix of the challenge token, remain_key is set in the challenge token Remaining key, the key at the leaf node in MPT tree constructions is regenerated according to the remain_key and described search result Value pair, improve reference information, according to improve after reference information reconstruct MPT tree constructions root Hash;If in reference information Key can not be with the challenge token matched, then it is empty set to set remain_key, directly reconstructs MPT trees according to the reference information The root Hash of structure.
  6. A kind of 6. encryption searching method that can verify that server performs, it is characterised in that:S1, server receive client and upload Initialization MPT trees, and receive the key-value pair of renewal, initial MPT tree constructions updated according to the key-value pair of the renewal, are obtained To newest MPT tree constructions;S2, the challenge token that server is sent according to client, scans for, obtains search result;S3, The challenge token that server is sent according to client, judges that the leaf node in the corresponding MPT tree constructions of the challenge token is deposited Whether, according to judging result extract MPT tree construction interior joints key and key-value pair be used as be used for verification reference information; Described search result and reference information are sent to client by S4, server.
  7. 7. the encryption searching method that can verify that server according to claim 6 performs, it is characterised in that:Step S3 In, extracted to obtain the reference information according to following steps:Leaf node in the corresponding MPT tree constructions of the challenge token In the presence of, server is since the last layer node of leaf node, described in the key conduct of node of the extraction in searching route Reference information;For the branch node in searching route, its key-value pair not in searching route is also extracted together as reference Information;When the leaf node in the corresponding MPT tree constructions of the challenge token is not present, server terminates from searching route Node start, extract the key of the key-value pair at the node of termination and the node in searching route as the reference information; For the branch node in searching route, its key-value pair not in searching route is also extracted together as the reference information.
  8. 8. the encryption searching method that can verify that server according to claim 6 performs, it is characterised in that:Step S1 In, for there is the renewal of newly-increased file operation in file set, after server receives the key-value pair of renewal, when in the key-value pair The corresponding leaf node of token it is existing when, by the increment Hash in the key-value pair and with the value phase on the leaf node Add;When the corresponding leaf node of the token in the key-value pair is not present, a new leaf node is created, by the key assignments The increment Hash of centering is as its nodal value.
  9. 9. the encryption searching method that can verify that server according to claim 6 performs, it is characterised in that:Step S1 In, the renewal that file is deleted for having in file set operates, after server receives the key-value pair of renewal, according to the key-value pair In token find corresponding leaf node, subtract each other by the increment Hash in the key-value pair and with the value on the leaf node.
  10. 10. a kind of encryption searching method that can verify that, is related to client and server;It is characterized in that:A1, client is to file Set calculates inverted index, and one group of key-value pair is calculated to each keyword in inverted index, wherein, the key is keyword Corresponding token, described value for the file comprising the keyword increment Hash and;Each group key-value pair is inserted into MPT tree constructions In, the MPT trees that are initialized;Calculate and store the root Hash of the MPT tree constructions of each group key-value pair structure;A2, in client The MPT trees of the initialization are passed to server, and when file set has renewal, upload the key-value pair of renewal to server;A3, Server receives the MPT trees for the initialization that client uploads, and receives the key-value pair of renewal, according to the key-value pair of the renewal more New initial MPT tree constructions, obtain newest MPT tree constructions;A3, user end to server send challenge token;Server root The challenge token sent according to client, scans for, obtains search result;The challenge token that server is sent according to client, Judge the leaf node presence or absence in the corresponding MPT tree constructions of the challenge token, the MPT trees extracted according to judging result are tied The key and key-value pair of structure interior joint are as the reference information for verifying;Server sends described search result and reference information To client;Client receives the search result of server return and the reference information for verification;A4, client is by transmission Key in challenge token and the reference information is matched, and the root Hash of MPT tree constructions is reconstructed according to matching result;A5, The root Hash reconstructed is compared with the root Hash that client stores, if identical, shows that server without tampering, is searched Hitch fruit is accurate;If it is not the same, showing that server has tampering, search result is inaccurate.
CN201711277295.7A 2017-12-06 2017-12-06 Verifiable encryption searching method Active CN108039943B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711277295.7A CN108039943B (en) 2017-12-06 2017-12-06 Verifiable encryption searching method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711277295.7A CN108039943B (en) 2017-12-06 2017-12-06 Verifiable encryption searching method

Publications (2)

Publication Number Publication Date
CN108039943A true CN108039943A (en) 2018-05-15
CN108039943B CN108039943B (en) 2020-10-30

Family

ID=62095509

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711277295.7A Active CN108039943B (en) 2017-12-06 2017-12-06 Verifiable encryption searching method

Country Status (1)

Country Link
CN (1) CN108039943B (en)

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109710620A (en) * 2018-12-29 2019-05-03 杭州复杂美科技有限公司 Date storage method, method for reading data, equipment and storage medium
CN110263579A (en) * 2018-11-16 2019-09-20 腾讯科技(深圳)有限公司 A kind of data processing method, system and relevant device
CN110334526A (en) * 2019-05-30 2019-10-15 西安电子科技大学 It is a kind of that the forward secrecy verified is supported to can search for encryption storage system and method
CN110347744A (en) * 2019-06-03 2019-10-18 阿里巴巴集团控股有限公司 Date storage method, device and the equipment of multilayer block chain type account book
CN110602148A (en) * 2019-10-10 2019-12-20 深圳前海微众银行股份有限公司 Method and device for generating state tree of block and verifying data on chain
CN110597825A (en) * 2019-09-24 2019-12-20 腾讯科技(深圳)有限公司 Data processing method and device based on block chain and node equipment
CN110830539A (en) * 2018-08-14 2020-02-21 贵州白山云科技股份有限公司 Network storage system and method
CN111221780A (en) * 2019-12-31 2020-06-02 浙江工业大学 Server file safe storage method based on block chain
CN111523148A (en) * 2020-04-16 2020-08-11 丝链(常州)控股有限公司 Data storage method based on block chain
CN111614470A (en) * 2020-05-27 2020-09-01 贵州大学 Verifiable multi-keyword search method based on improved Merkle-Tree authentication method
US10949118B2 (en) 2019-06-03 2021-03-16 Advanced New Technologies Co., Ltd. Data storage method, apparatus, and device for multi-layer blockchain-type ledger
US20210319854A1 (en) * 2018-08-28 2021-10-14 Koninklijke Philips N.V. Method and system for normalization of gene names in medical text
WO2024066009A1 (en) * 2022-09-30 2024-04-04 蚂蚁区块链科技(上海)有限公司 State verification method and apparatus in blockchain system, and node and blockchain

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102938767A (en) * 2012-11-13 2013-02-20 西安电子科技大学 Efficient verified fuzzy key word searching method based on cloud data subcontract system
CN103607405A (en) * 2013-11-27 2014-02-26 东北大学 Ciphertext search authentication method oriented towards cloud storage
CN104038349A (en) * 2014-07-03 2014-09-10 西安电子科技大学 Effective and verifiable public key searching encryption method based on KP-ABE
CN106815350A (en) * 2017-01-19 2017-06-09 安徽大学 Dynamic ciphertext multi-key word searches for method generally in a kind of cloud environment

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102938767A (en) * 2012-11-13 2013-02-20 西安电子科技大学 Efficient verified fuzzy key word searching method based on cloud data subcontract system
CN103607405A (en) * 2013-11-27 2014-02-26 东北大学 Ciphertext search authentication method oriented towards cloud storage
CN104038349A (en) * 2014-07-03 2014-09-10 西安电子科技大学 Effective and verifiable public key searching encryption method based on KP-ABE
CN106815350A (en) * 2017-01-19 2017-06-09 安徽大学 Dynamic ciphertext multi-key word searches for method generally in a kind of cloud environment

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
JIE ZHU ET AL.: "Enabling Generic, Verifiable, and Secure Data Search in Cloud Services", 《IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS》 *

Cited By (18)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110830539B (en) * 2018-08-14 2022-09-06 贵州白山云科技股份有限公司 Network storage system and method
CN110830539A (en) * 2018-08-14 2020-02-21 贵州白山云科技股份有限公司 Network storage system and method
US11594303B2 (en) * 2018-08-28 2023-02-28 Koninklijke Philips N.V. Method and system for normalization of gene names in medical text
US20210319854A1 (en) * 2018-08-28 2021-10-14 Koninklijke Philips N.V. Method and system for normalization of gene names in medical text
CN110263579A (en) * 2018-11-16 2019-09-20 腾讯科技(深圳)有限公司 A kind of data processing method, system and relevant device
CN109710620A (en) * 2018-12-29 2019-05-03 杭州复杂美科技有限公司 Date storage method, method for reading data, equipment and storage medium
CN110334526A (en) * 2019-05-30 2019-10-15 西安电子科技大学 It is a kind of that the forward secrecy verified is supported to can search for encryption storage system and method
CN110347744B (en) * 2019-06-03 2020-07-24 阿里巴巴集团控股有限公司 Data storage method, device and equipment for multilayer block chain type account book
US10949118B2 (en) 2019-06-03 2021-03-16 Advanced New Technologies Co., Ltd. Data storage method, apparatus, and device for multi-layer blockchain-type ledger
CN110347744A (en) * 2019-06-03 2019-10-18 阿里巴巴集团控股有限公司 Date storage method, device and the equipment of multilayer block chain type account book
CN110597825A (en) * 2019-09-24 2019-12-20 腾讯科技(深圳)有限公司 Data processing method and device based on block chain and node equipment
CN110602148A (en) * 2019-10-10 2019-12-20 深圳前海微众银行股份有限公司 Method and device for generating state tree of block and verifying data on chain
CN111221780A (en) * 2019-12-31 2020-06-02 浙江工业大学 Server file safe storage method based on block chain
CN111221780B (en) * 2019-12-31 2022-05-17 浙江工业大学 Server file safe storage method based on block chain
CN111523148A (en) * 2020-04-16 2020-08-11 丝链(常州)控股有限公司 Data storage method based on block chain
CN111523148B (en) * 2020-04-16 2023-10-27 丝链(常州)控股有限公司 Data storage method based on block chain
CN111614470A (en) * 2020-05-27 2020-09-01 贵州大学 Verifiable multi-keyword search method based on improved Merkle-Tree authentication method
WO2024066009A1 (en) * 2022-09-30 2024-04-04 蚂蚁区块链科技(上海)有限公司 State verification method and apparatus in blockchain system, and node and blockchain

Also Published As

Publication number Publication date
CN108039943B (en) 2020-10-30

Similar Documents

Publication Publication Date Title
CN108039943A (en) A kind of encryption searching method that can verify that
EP3451578B1 (en) Turn-control rewritable blockchain
CN102938767B (en) The fuzzy keyword search methodology that efficiently can verify that based on the outer packet system of cloud data
US11799660B2 (en) Optimizations for verification of interactions system and method
CN110138561B (en) Efficient ciphertext retrieval method based on CP-ABE automatic correction and cloud computing service system
CN110300112A (en) Block chain key tiered management approach
CN103607405B (en) A kind of cipher text searching authentication method of facing cloud storage
CN107171812A (en) It is a kind of based on block chain without key signature infrastructure construction method
CN106612172A (en) Data change recovery algorithm capable of restoring data authenticity in cloud storage
CN106776904A (en) The fuzzy query encryption method of dynamic authentication is supported in a kind of insincere cloud computing environment
CN105227317B (en) A kind of cloud data integrity detection method and system for supporting authenticator privacy
CN111209591B (en) Storage structure sorted according to time and quick query method
CN111656386B (en) Managing transaction requests in ledger system
CN109088719A (en) Outsourced database multi-key word can verify that cipher text searching method, data processing system
Hu et al. VERDICT: Privacy-preserving authentication of range queries in location-based services
CN112738035B (en) Block chain technology-based vertical federal model stealing defense method
CN106611136A (en) Data tampering verification method in cloud storage
CN111630545B (en) Managing transaction requests in ledger system
CN107612969B (en) B-Tree bloom filter-based cloud storage data integrity auditing method
CN112699123A (en) Method and system for verifying existence and integrity of data in data storage system
CN105491069A (en) Integrity verification method based on active attack resistance in cloud storage
CN114169888B (en) Universal type cryptocurrency custody method supporting multiple signatures
Shi et al. A new data integrity verification mechanism for SaaS
CN115766136A (en) Multi-keyword searchable encryption method for energy source block chain supervision data
Zhang et al. Verifiable fuzzy keyword search supporting sensitive information hiding for data sharing in cloud-assisted e-healthcare systems

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant