CN108039943A - A kind of encryption searching method that can verify that - Google Patents
A kind of encryption searching method that can verify that Download PDFInfo
- Publication number
- CN108039943A CN108039943A CN201711277295.7A CN201711277295A CN108039943A CN 108039943 A CN108039943 A CN 108039943A CN 201711277295 A CN201711277295 A CN 201711277295A CN 108039943 A CN108039943 A CN 108039943A
- Authority
- CN
- China
- Prior art keywords
- key
- server
- value pair
- client
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0894—Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Abstract
The invention discloses a kind of encryption searching method that can verify that, comprise the following steps:U1, client calculate inverted index to file set, and one group of key-value pair is calculated to each keyword in inverted index;Each group key-value pair is inserted into MPT tree constructions;Calculate and store the root Hash of MPT tree constructions;U2, client upload the MPT trees of the initialization to server, and when file set has renewal, upload the key-value pair of renewal to server;U3, user end to server send challenge token, receive the search result of server return and the reference information for verification;U4, client are matched the challenge token of transmission and the reference information, and the root Hash of MPT tree constructions is reconstructed according to matching result;U5, the root Hash reconstructed is compared with the root Hash that client stores.The encryption searching method of the present invention, can fresh sexual assault and complete sexual assault caused by authentication server is non-honest at the same time, the scope of application is wide, and expense is small.
Description
【Technical field】
The present invention relates to encryption search field, more particularly to a kind of encryption searching method that can verify that.
【Background technology】
Cloud storage allows user to access data whenever and wherever possible, and the data greatly facilitated between user are total to
Enjoy.But at the same time, cloud storage brings many safety issues, two categories below can be divided on the whole:
(1) availability (availability).It is required that Cloud Server ensure data do not lose, user can using high in the clouds as
Data backbone carries out data backup and synchronization.At present, general cloud service provider all employs the modes of more copies and ensures number
According to availability, i.e., multiple copies of data are respectively written into other memory nodes, when a nodes break down, other
Data on node continue offer service, while by the data copy in other nodes, are lost on fast quick-recovery malfunctioning node
Data.At present, the related academic research for availability of data possesses proof (Proof of Data including data
Possession, PDP) and data restorability prove (Proof of Retrievability, PoR).
(2) privacy (privacy).It is required that Cloud Server ensures the privacy and non-leak data of data.At present, cloud takes
Business provider generally protects private data using data encryption mode, but data encryption frequently can lead to availability of data
Reduction, such as data lose the property of can search for, therefore encrypt search (Searchable Encryption) and come into being.
Encryption search technique is broadly divided into two classes, first, symmetric cryptography searches for (Searchable Symmetric
Encryption, SSE), second, asymmetric encryption search (Searchable Asymmetric Encryption, SAE).Due to
The efficiency of asymmetric encryption search, current encryption search field are more to symmetric cryptography search concern.
The model of symmetric cryptography search is as shown in Figure 1.User is voluntarily encrypted data and uploads to high in the clouds, same with this
When, user, which also needs additionally to upload an encrypted indexes (index), allows cloud to pass through the index to search for data.When user needs
When searching for data, a trapdoor (trapdoor) is generated, the trapdoor is related to keyword so that user can close not exposing
Content search is carried out in the case of key word content.
Encryption search is so that user while data-privacy is protected, meets its search need, but encrypts search not
It can guarantee that the correctness of search result.That is, the premise of encryption search is that Cloud Server is honest, i.e., server can abide by
Keep and correctly perform search operation with the agreement of user, but in practical application, Cloud Server is often incredible, example
Such as, Cloud Server is possible to return to a small amount of search result to user to save computing cost and communication overhead, or even have can
Search result can not be returned to user.The non-honest behavior of Cloud Server, academia have also been proposed pair that can verify that in order to prevent
Claim encryption search mechanisms (Verifiable Searchable Symmetric Encryption, VSSE).The encryption that can verify that
Search allows user to verify search result, carrys out the non-honest behavior of detection service device, has ensured the correct of encryption search
Property.
In Verifiable Encryptosystem search, the security attack caused by server is non-honest can be mainly divided into following two
Kind:
The fresh sexual assault of data (Data Freshness Attack):In encryption is searched for, the fresh sexual assault of data refers to
Server (attacker) attempts to return to old search result, rather than newest search result.For example, use Δn={ δ1,δ2,…,
δnRepresent the data set of legacy version, use δn+1To represent newest data set, then the search result that server returns is data
Collect δiSearch result, wherein 1≤i≤n.
Data integrity attacks (Data Integrity Attack):In encryption is searched for, data integrity attack refers to
Server (attacker) attempts not allow user to obtain complete search result.For example, represent that user searches in encryption search with τ
Rope trapdoor, the search result that user should obtain are F (τ), and the search result that server returns is G (τ), whereinAnd G (τ) may be
The fresh sexual assault of data is existed only in dynamic encryption search plan, is not deposited in the case of database static state
.But in reality, dynamic data base is relatively conventional, therefore it is that Verifiable Encryptosystem search has to solve to take precautions against the fresh sexual assault of data
Certainly the problem of.Data integrity attack not only includes the situation that server returns to search result less, further comprises server and does not return
Search result is returned to evade the situation of result verification.The problem is a very serious problem, but few researchs consider at present
To the problem.
The disclosure of background above technology contents is only used for inventive concept and the technical solution that auxiliary understands the present invention, it is not
The prior art of present patent application is necessarily belonged to, shows the applying date of the above in present patent application in no tangible proof
In the case of disclosed, above-mentioned background technology should not be taken to the novelty and creativeness of evaluation the application.
【The content of the invention】
The technical problems to be solved by the invention are:Make up above-mentioned the deficiencies in the prior art, propose it is a kind of can verify that plus
Close searching method, can fresh sexual assault and complete sexual assault caused by authentication server is non-honest at the same time, the scope of application is wide,
And expense is small.
The technical problem of the present invention is solved by following technical solution:
A kind of encryption searching method that can verify that of client executing, comprises the following steps:U1, client is to file set
Inverted index is calculated, one group of key-value pair is calculated to each keyword in inverted index, wherein, the key corresponds to for keyword
Token, described value for the file comprising the keyword increment Hash and;Each group key-value pair is inserted into MPT tree constructions, is obtained
To the MPT trees of initialization;Calculate and store the root Hash of the MPT tree constructions of each group key-value pair structure;U2, client upload described in
The MPT trees of initialization are to server, and when file set has renewal, upload the key-value pair of renewal to server;U3, client
Challenge token is sent to server, receives the search result of server return and the reference information for verification, it is described with reference to letter
Cease and saved in the MPT tree constructions that the leaf node presence or absence for server in the corresponding MPT tree constructions of challenge token is extracted
The key and key-value pair of point;U4, client is matched the challenge token of transmission and the reference information, according to matching result weight
Structure goes out the root Hash of MPT tree constructions;U5, the root Hash reconstructed is compared with the root Hash that client stores, if phase
Together, show that server is accurate without tampering, search result;If it is not the same, show that server has tampering, search result
It is inaccurate.
The encryption searching method that can verify that a kind of server performs, S1, server receive the initialization that client uploads
MPT trees, and receive the key-value pair of renewal, initial MPT tree constructions updated according to the key-value pair of the renewal, are obtained newest
MPT tree constructions;S2, the challenge token that server is sent according to client, scans for, obtains search result;S3, server root
The challenge token sent according to client, judges the leaf node presence or absence in the corresponding MPT tree constructions of the challenge token, root
It is judged that the key and key-value pair of the MPT tree construction interior joints of result extraction are as the reference information for verifying;S4, server will
Described search result and reference information are sent to client.
A kind of encryption searching method that can verify that, is related to client and server;A1, client calculate to file set
Row's index, one group of key-value pair is calculated to each keyword in inverted index, wherein, the key is the corresponding order of keyword
Board, described value for the file comprising the keyword increment Hash and;Each group key-value pair is inserted into MPT tree constructions, is obtained just
The MPT trees of beginningization;Calculate and store the root Hash of the MPT tree constructions of each group key-value pair structure;A2, client upload described initial
The MPT trees of change are to server, and when file set has renewal, upload the key-value pair of renewal to server;A3, server receive
The MPT trees for the initialization that client uploads, and the key-value pair of renewal is received, initial according to the renewal of the key-value pair of the renewal
MPT tree constructions, obtain newest MPT tree constructions;A3, user end to server send challenge token;Server is according to client
The challenge token of transmission, scans for, obtains search result;The challenge token that server is sent according to client, described in judgement
Challenge the leaf node presence or absence in the corresponding MPT tree constructions of token, the MPT tree construction interior joints extracted according to judging result
Key and key-value pair as verify reference information;Described search result and reference information are sent to client by server
End;Client receives the search result of server return and the reference information for verification;A4, client make the challenge of transmission
Key in board and the reference information is matched, and the root Hash of MPT tree constructions is reconstructed according to matching result;A5, will reconstruct
The root Hash gone out is compared with the root Hash that client stores, if identical, shows server without tampering, search result
Accurately;If it is not the same, showing that server has tampering, search result is inaccurate.
The beneficial effect that the present invention is compared with the prior art is:
The encryption searching method that can verify that of the present invention, using new MPT data tree structures and designs rational mechanism
To improve the defence to data freshness and data integrity attack, especially defensive server returns to empty result and evades result
The situation of verification.By building MPT, will be separated for the index of result verification with the index of encryption search so that verification
Process can be combined with the search result that any encryption search plan obtains, and result verification service can be provided in broad range.
Matched by challenging token with the key in reference information, the root Hash of MPT tree constructions is reconstructed by matching result, breathed out by root
Verification is compared in the uncommon root Hash with client storage, and it is complete that the present invention solves data that may be present in cloud storage perfectly
Whole sexual assault and the attack of data freshness, it is particularly possible to detect that server malice returns to empty result to evade the feelings of result verification
Condition.The method of the present invention, server carries out a wheel communication with client can complete to verify, communication round is few, and expense is small.To sum up
Described, the present invention is not only a kind of general Verifiable Encryptosystem search framework, and at lower cost perfect solves encryption
Result verification problem in search.
【Brief description of the drawings】
Fig. 1 is the schematic diagram of the symmetric cryptography search model of the prior art;
Fig. 2 a are the branch nodes that key-value pair is inserted into MPT tree constructions in the searching method of the specific embodiment of the invention
A kind of schematic diagram during situation;
Fig. 2 b are the branch nodes that key-value pair is inserted into MPT tree constructions in the searching method of the specific embodiment of the invention
Another schematic diagram during situation;
Fig. 2 c are the leaf nodes that key-value pair is inserted into MPT tree constructions in the searching method of the specific embodiment of the invention
A kind of schematic diagram during situation;
Fig. 2 d are the leaf nodes that key-value pair is inserted into MPT tree constructions in the searching method of the specific embodiment of the invention
Another schematic diagram during situation;
Fig. 3 is the schematic diagram of the inverted index and key-value pair in the searching method of the specific embodiment of the invention;
Fig. 4 is the schematic diagram of the MPT tree constructions built in the searching method of the specific embodiment of the invention;
Fig. 5 a be the specific embodiment of the invention searching method in user search for token in the presence of result prove
Schematic diagram;
Fig. 5 b be the specific embodiment of the invention searching method in result of the token searched for of user when being not present prove
Schematic diagram.
【Embodiment】
With reference to embodiment and compare attached drawing the present invention is described in further details.
The system framework of Verifiable Encryptosystem search plan includes two entities of client and server, and wherein client will be with
The corresponding verification index (index) of its data is uploaded to cloud;Cloud Server (server) provides storage for client, searches for and test
Card service;The search result returned after client search to Cloud Server is verified.It is as follows, in the workflow of description system
Before, the implication of mark that present embodiment will use and part concept is first provided.
The definition of work flow of system is as follows:
KGenC(1k)→{K1,K2}:It is to be operated by the Client probability calculations performed.Its input is joined for a safety
Number, exports as symmetric key set K1,K2。
InitC(K1,K2,D)→{λ}:It is the initialization operation performed by Client.Its input is symmetric key set
K1,K2And file combination D, its output include a verification and index λ.Client will verify that index λ is uploaded to server.
PreUpdateC(K1,K2,f)→{τu}:It is to be operated by the Client pre-updated performed.Its input is symmetrical close
Key set K and file f to be updated, export to update token set τu.Client is uploaded to cloud by token set is updated.
UpdateS(λ,τu)→{λ′,π}:It is to be operated by the Server renewals performed.Its input is for verification index λ and more
New token set τu, the verification index λ ' and more new route π after exporting as renewal.Server will more new route be sent to
Client。
UpdateC(rt,π)→{rt′}:It is to be operated by the Client renewals performed.Its input is breathed out for verification index root
Uncommon rt and more new route π, the root cryptographic Hash after exporting as renewal.
ChallengeC(K1,w)→{τw}:It is to be operated by the Client challenges initiated.Its input is symmetric key set
K1With keyword w, export as the corresponding challenge token τ of the keywordw.The token is submitted to cloud by Client.
Proves(λ,τw)→{ρ}:It is the justification function performed by Server.Its input is that verification index λ and one is chosen
Fight token τw, output is that result proves ρ.Result proof ρ is sent to the Client for initiating challenge by server.
VerifyC(K1,K2,Cw,ρ,τw,rt):It is the verification operation performed by Client.Its input is symmetrical secret key collection
Close K1,K2, the search result C of server returnw, reference information ρ, challenge token τwAnd the root Hash rt that Client retains, most
Whole Verify algorithms export accept or reject.
MPT represents Merkel Patricia tree (Merkle Patricia Tree, MPT).Most early in ether mill
(Ethereum) proposed in, it combines traditional Trie Tree and Merkle Tree so that the tree have at the same time lookup and
The function of verification.MPT has the node of four types, respectively empty node (Blank Node, BN), leaf node (Leaf
Node, LN), branch node (Branch Node, BN) and expanding node (Extension Node, EN).Its hollow node is
One node for not depositing any information, leaf node store key-value pair (key-valuepair), and expanding node also stores key
Value pair, but the key assignments of expanding node is respectively the common prefix of its child node and the cryptographic Hash of child node.Branch node has 17
Element, wherein preceding 16 elements represent possible branch on the node, i.e. 16 hexadecimal digits, the 17th element is
Codomain, when some keyword matches completion in the branch node, the corresponding value of the keyword is just stored in the element.MPT
In each node by RLP carried out encode and Hash has been carried out again to encoded radio, store in the database each
The key-value pair of node, wherein key are the Hash of node R LP codings, are worth the RLP codings for the node.So each node can be with
It is cited by his cryptographic Hash, just ensure that the property of can search for and verifiability of MPT at the same time.In this way, the root of MPT
It is hashed into order to which the finger print information of whole tree, the value of root Hash are determined by the cryptographic Hash of all lower level nodes, any node
Minor alteration all can cause the value of root Hash to change.
Increment hash function (Incremental Hash, IH) is earliest by Bellare et al. propositions, and by CS2 schemes
Used.IH functions are impact resistant, it is defined as IH:{0,1}*→{0,1}lThe phase of two random strings in IH functions
Collision will not be produced by adding or subtracting each other.
The flow of the encryption searching method of present embodiment will be specifically described as follows.First, how description is established
And verification index is updated, the process of generation result proof then will be provided, and explain in detail and how to be tested using result proof
Card, to ensure the correctness of search result.
1st, verification index is established
Client first calculates inverted index Δ according to file set D, and wherein inverted index Δ refers to keyword and bag
The index of file composition containing the keyword.To each keyword w in inverted indexi, calculate its key-value pair, wherein key
It is the token that each keyword is generated by encryption (such as pseudo-random function), and value is all comprising the keyword
The increment Hash of file and.Verification index is formed by the way that these key-value pairs are inserted into MPT.
When key-value pair is inserted into MPT trees, including key-value pair is inserted into a branch node or leaf node.
Key-value pair key entry branch node is included into two kinds of possible situations:The first situation, key are sky, at this time directly deposit value
Store up the 17th position of branch node.As shown in Figure 2 a, it is insertion【Key, value】=【" ", dog】To branch node
Schematic diagram.The second situation, key assignments are not sky, generate a new leaf node at this time, and not matched key is stored with value
The leaf node is directed toward in the leaf node, and by original branch node.As shown in Figure 2 b, it is insertion【Key,
value】=【" 345 ", dog】To the schematic diagram of branch node.
Key-value pair is inserted into a leaf node also includes two kinds of situations:The key and leaf section of the first situation band insertion
The key of point matches completely, at this moment, it is only necessary to which the value for changing original leafy node is new value.As shown in Figure 2 c, it is insertion
【Key, value】=【" 123 ", dog】To the schematic diagram of leaf node.The key of the second situation insertion and the key of leaf node are not
Matching, then need, using the matched common prefix generation expanding node of energy, then to utilize the multiple-limb characteristic of branch node, be directed toward
Multiple leaf nodes store new key-value pair【1200, dog】With the key-value pair in original leaf node【123, cat】.Such as figure
Shown in 2d, for insertion【Key, value】=【" 1200 ", dog】To the schematic diagram of leaf node.
It the following is the code for realizing above-mentioned foundation verification index:
Three kinds of modes are supported in renewal operation to verifying index, i.e. insertion, deletion and editing files, wherein editing files phase
When after a file is deleted again increase newly a file.For insertion new file operation, this document f is parsed first, obtains this article
The set of keywords W that part includesf, to each keyword wi∈Wf, its token is generated by pseudo-random functionAnd by text
The pseudorandom result of partIt is uploaded to cloud at the same time.Server receive after by updating tokenFind corresponding leaf section
Point, and will(file f comprising keyword K carries out the value that increment Hash operation obtains) and original leaf node
Value be added.Delete operation is same process, simply subtracts the value of original leaf node
It should be noted that the address of " key " corresponds to be placed on the address of MPT tree nodes;Token (or it is trapdoor
Trapdoor address) is corresponded in transmitting procedure.One encrypted keyword is a token, is stored in MPT
Afterwards, path of each from root node to leaf node constitutes a token.That is, path=orders of the MPT from root to leaf
Board=encrypted keyword.
Specifically, as shown in figure 3, by taking the file set D comprising 1~f4 of file f as an example, after calculating inverted index, comprising
Keyword w1, w2, w3 and w4.It is to be made of keyword and the file comprising the keyword that the first column in Fig. 3 is with the second column
Inverted index.Third column is key, i.e., the corresponding token (token) of each keyword.4th column is value, namely includes the keyword
File increment Hash and.By in the key-value pair insertion MPT tree constructions shown in Fig. 3, obtained MPT tree constructions are i.e. such as Fig. 4 institutes
Show.
Client is usually that the initial configuration of MPT tree constructions is uploaded to server, the server storage initial configuration
After MPT tree constructions, when there is renewal, the key-value pair of renewal is received, initial MPT tree constructions are updated according to the key-value pair of renewal,
Obtain newest MPT tree constructions.For example, when increasing file f 5 in file set D newly, the set of keywords that this document includes is obtained
For w2 and w5.To each keyword, its token is generated by pseudo-random functionAnd the increment Hash of calculation document f5
ValueFor each keyword, by key-value pair (the increment cryptographic Hash of token and file f 5) same
When be uploaded to cloud.After Server is received, for existing keyword w2, pass through tokenCorresponding leaf node is found,
And willIt is added with the value of original leaf node.For there is no keyword w5, then a new leaf is created
Child node, and willAs its nodal value.With light color in Fig. 3 and Fig. 4Illustrate the renewal
Process.Note that server after MPT has been updated, it is necessary to more new route is sent back to client, so that user verify and more
New root cryptographic Hash.
During search, user end to server sends challenge token.The challenge token that server is sent according to client, carries out
Search, obtains search result.In addition, the challenge token that server is sent according to client, finds token pair in MPT tree constructions
The searching route answered, extracts the key-value pair in searching route as referring to information.
2nd, generation result proves and (is used for the reference information verified)
The challenge token that Server is submitted according to userProved with verification index λ to generate result.Server roots first
Searching route is found according to challenge token.IfCorresponding leaf node exists, i.e. the keyword of user's inquiry exists, then
Since leaf node last layer node, " key " returned in searching route proves server as a result.For branch node,
Server also returns to the key-value pair not in searching route, consequently facilitating later reconstitution goes out the root Hash of MPT tree constructions.IfThe node of corresponding termination is not present, i.e. the keyword of user's inquiry is not present, then server needs the section from search termination
Point starts, and " key " returned up in searching route proves as a result, and has been returned for the terminating node of search, server
Whole key-value pair.
It the following is the code for realizing that above-mentioned generation result proves:
After client receives the above results proof value, you can perform verification operation.
3rd, result verification is carried out
When Client have received search result and its corresponding result proves, it is possible to start to verify the freshness of data
And integrality.
First, Client passes through the when token of keyword that uploads in searchKey progress in being proved with result
Match somebody with somebody.
If the key during result proves is the prefix for challenging token, remain_key is set to store remaining in challenge token
Key.Path from root node to leaf node is in fact a complete key, but aforementioned result prove in return be from
Root node is incomplete, therefore the remain_key defined is used to refer to order to the path of the last layer node of leafy node
Remaining key after the completion of board matches in being proved with result.For example, during matching the token a5432 in Fig. 3, what server returned
As a result prove to include BN2, EN1, BN1, this paths contains only a54, then after matching with a5432, remain_key is exactly 32.
If result prove in key be not challenge token prefix, then set remain_key be just
Secondly, the root cryptographic Hash of MPT tree constructions is rebuild.If search result and remain_key are empty set, pass through
As a result prove directly to calculate root cryptographic Hash.If the two is not sky, given birth to first by search result and remain_key
Into the cryptographic Hash of leaf node, complete result proof value is obtained, root cryptographic Hash is then reconstructed by result proof value.Except
Beyond both of these case, be considered as server deliberately return it is empty as a result, or server distorted the content of result proof.
Finally, user rebuilds obtained root Hash and whether root Hash that client storage retains is equal sentences by contrasting
Disconnected data freshness and integrality.If the two is equal, it is verified, if the two is unequal, illustrates that server returns less
Search result is returned or server has been distorted result and proved.
It the following is the code for realizing the above results verification:
Illustrate that above-mentioned generation result proves the detailed process with verification step below in conjunction with the concrete structure of Fig. 3 and Fig. 4.
A kind of situation:
When the keyword that client wants to be searched for is w2When, the correspondence according to Fig. 3, then the correspondence the submitted pass
The challenge token of key word is " a5432 ".Due in keyword token MPT trees shown in Fig. 4 (namely verification index)
In the presence of it is { BN1, EN1, BN2, LN3 } that server, which can find searching route corresponding with the token,.According to above-mentioned generation result
The process of proof, server then the node on return path in addition to LN3 (since the last layer node BN2 of leaf node to
Root node BN1) key and proved as a result in the lump for branch node, its key-value pair not on path.Obtained knot
Fruit is proved such as the C in Fig. 5 an2,Cn1,Cn0It is shown.Wherein, C is as a result provedn2Extraction content on respective branches node BN2, namely
Key " 4 ", its value are empty (because not extracting the content of LN3), key " c " and its value LN4, key " f " and its value LN5.As a result C is provedn1
Extraction content on corresponding expanding node EN1, namely key " 5 " and its value, its value is Cn2.As a result C is provedn0Respective branches section
Extraction content on point BN1, namely key " 4 " and its value LN1, key " a " and its value Cn1, key " f " and its value LN2.
, can be according to the proof and search result f after extraction obtains the above results proof value2,f5Rebuild MPT trees knot
The root Hash of structure.Key during user proves token " a5432 " with result first is matched, and finds " a54 " for before token
Sew, remain_key is " 32 ".User is according to " 32 " and search result f2,f5Node LN3 is regenerated, then can improve result
Prove.In this way, the content in being proved by perfect result, the bottom-up value for constructing root Hash.End user passes through ratio
The root Hash that the root Hash and user terminal obtained compared with reconstruct retains, to judge whether data are complete.If server only returns
File f2, then the root Hash reconstructed will be mismatched with correct root Hash.
Another situation:
When the corresponding token of keyword that user wants search is " a5433 ", according to Fig. 3 and Fig. 4, which exists
It is not present in MPT trees (namely verification index), but its searching route is identical with " a5432 ", unlike, the token is at LN3
Mismatched.At this time, the key-value pair of node of the server extraction since LN3 nodes on bottom-up path generates
The results show that such as the C in Fig. 5 bn3,Cn2,Cn1,Cn0It is shown.Relative to the situation shown in Fig. 5 a, it is extracted leaf node LN3 more
Key " 32 " and value " H2" it is used as Cn3.It should be noted that as before increasing file f 5, then the value of leaf node is H2.Such as
After more newly increasing file f 5, then the value of leaf node is H2+IH (CK(f5))。
User is after receiving the result and proving, because it is found that the key a5432 during token " a5433 " is proved with result can not
Matching, therefore remain_key is set to null.Then user directly will prove reconstruct root Hash according to result.Equally, by with it is correct
Root Hash contrasted, if it is not the same, then illustrating that server has been distorted the results show that generating malicious act.
To sum up, present embodiment by Merkle Patricia Tree (MPT) build index, and using the index as
A kind of basis, it is proposed that perfect result verification mechanism.During verification, verified by the root Hash of MPT trees.Due to root Hash
First time generation be performed by the user, therefore can ensure the correctness of root Hash.Subsequent root Hash renewal also by with
Family is verified and is updated, therefore can ensure the correctness and freshness of root Hash.During result verification, retained based on user
Root Hash carry out final contrast judgement, the change of any node, can all cause the root Hash reconstructed to retain with user
Root Hash can not match.Therefore can ensure verify link reference object accurately and reliably, so as to ensure that user takes after verifying
Search result be fresh and complete.
The searching method of present embodiment, can prevent data integrity attack and the attack of data freshness.Especially
Ground, this method can detect that server deliberately returns to the situation of empty result in the case of user not reserved keyword set.
This method is a kind of general result verification scheme, it, using conventional cryptography search plan as black box, can be that a variety of encryptions are searched
Rope scheme provides result verification function.In addition, verification search can be achieved by once communicating round, there is small excellent of expense
Gesture.To sum up, this method is with the characteristic that expense is small, realization is simply and independent of original encryption search plan.
Above content is that a further detailed description of the present invention in conjunction with specific preferred embodiments, it is impossible to is assert
The specific implementation of the present invention is confined to these explanations.For general technical staff of the technical field of the invention,
Some replacements or obvious modification are made on the premise of not departing from present inventive concept, and performance or purposes are identical, should all be considered as
Belong to protection scope of the present invention.
Claims (10)
- A kind of 1. encryption searching method that can verify that of client executing, it is characterised in that:Comprise the following steps:U1, client Inverted index is calculated to file set, one group of key-value pair is calculated to each keyword in inverted index, wherein, the key is The corresponding token of keyword, described value for the file comprising the keyword increment Hash and;Each group key-value pair is inserted into MPT trees In structure, the MPT trees that are initialized;Calculate and store the root Hash of the MPT tree constructions of each group key-value pair structure;U2, client End uploads the MPT trees of the initialization to server, and when file set has renewal, the key-value pair for uploading renewal extremely services Device;U3, user end to server send challenge token, receive the search result of server return and believe for the reference of verification Breath, leaf node presence or absence of the reference information for server in the corresponding MPT tree constructions of challenge token are extracted The key and key-value pair of MPT tree construction interior joints;U4, client are matched the challenge token of transmission and the reference information, The root Hash of MPT tree constructions is reconstructed according to matching result;U5, by the root Hash reconstructed and client storage root Hash into Row compares, if identical, shows that server is accurate without tampering, search result;If it is not the same, show that server is distorted Behavior, search result are inaccurate.
- 2. the encryption searching method that can verify that of client executing according to claim 1, it is characterised in that:Step U1 In, by the way that keyword is encrypted to obtain the corresponding token of keyword;Encryption is realized by pseudo-random function Journey, generates the corresponding token of the keyword.
- 3. the encryption searching method that can verify that of client executing according to claim 1, it is characterised in that:Step U2 In, when there is newly-increased or deletion file f in file set, to this document f, obtain the set of keywords W that this document includesf, W is belonged to eachfKeyword wi, generate its corresponding tokenBy tokenIncrement Hash corresponding with file f and Key-value pair as renewal is uploaded to server.
- 4. the encryption searching method that can verify that of client executing according to claim 1, it is characterised in that:Step U3 In, the reference information extracts to obtain as follows:Leaf node in the corresponding MPT tree constructions of the challenge token In the presence of, server is since the last layer node of leaf node, described in the key conduct of node of the extraction in searching route Reference information;For the branch node in searching route, its key-value pair not in searching route is also extracted together as described Reference information;When the leaf node in the corresponding MPT tree constructions of the challenge token is not present, server is from searching route The node of termination starts, and extracts the key of the key-value pair at the node of termination and the node in searching route as the reference letter Breath;For the branch node in searching route, its key-value pair not in searching route is also extracted together as described with reference to letter Breath.
- 5. the encryption searching method that can verify that of the client executing according to claim 1 or 4, it is characterised in that:Step In U4, if the key in reference information is the prefix of the challenge token, remain_key is set in the challenge token Remaining key, the key at the leaf node in MPT tree constructions is regenerated according to the remain_key and described search result Value pair, improve reference information, according to improve after reference information reconstruct MPT tree constructions root Hash;If in reference information Key can not be with the challenge token matched, then it is empty set to set remain_key, directly reconstructs MPT trees according to the reference information The root Hash of structure.
- A kind of 6. encryption searching method that can verify that server performs, it is characterised in that:S1, server receive client and upload Initialization MPT trees, and receive the key-value pair of renewal, initial MPT tree constructions updated according to the key-value pair of the renewal, are obtained To newest MPT tree constructions;S2, the challenge token that server is sent according to client, scans for, obtains search result;S3, The challenge token that server is sent according to client, judges that the leaf node in the corresponding MPT tree constructions of the challenge token is deposited Whether, according to judging result extract MPT tree construction interior joints key and key-value pair be used as be used for verification reference information; Described search result and reference information are sent to client by S4, server.
- 7. the encryption searching method that can verify that server according to claim 6 performs, it is characterised in that:Step S3 In, extracted to obtain the reference information according to following steps:Leaf node in the corresponding MPT tree constructions of the challenge token In the presence of, server is since the last layer node of leaf node, described in the key conduct of node of the extraction in searching route Reference information;For the branch node in searching route, its key-value pair not in searching route is also extracted together as reference Information;When the leaf node in the corresponding MPT tree constructions of the challenge token is not present, server terminates from searching route Node start, extract the key of the key-value pair at the node of termination and the node in searching route as the reference information; For the branch node in searching route, its key-value pair not in searching route is also extracted together as the reference information.
- 8. the encryption searching method that can verify that server according to claim 6 performs, it is characterised in that:Step S1 In, for there is the renewal of newly-increased file operation in file set, after server receives the key-value pair of renewal, when in the key-value pair The corresponding leaf node of token it is existing when, by the increment Hash in the key-value pair and with the value phase on the leaf node Add;When the corresponding leaf node of the token in the key-value pair is not present, a new leaf node is created, by the key assignments The increment Hash of centering is as its nodal value.
- 9. the encryption searching method that can verify that server according to claim 6 performs, it is characterised in that:Step S1 In, the renewal that file is deleted for having in file set operates, after server receives the key-value pair of renewal, according to the key-value pair In token find corresponding leaf node, subtract each other by the increment Hash in the key-value pair and with the value on the leaf node.
- 10. a kind of encryption searching method that can verify that, is related to client and server;It is characterized in that:A1, client is to file Set calculates inverted index, and one group of key-value pair is calculated to each keyword in inverted index, wherein, the key is keyword Corresponding token, described value for the file comprising the keyword increment Hash and;Each group key-value pair is inserted into MPT tree constructions In, the MPT trees that are initialized;Calculate and store the root Hash of the MPT tree constructions of each group key-value pair structure;A2, in client The MPT trees of the initialization are passed to server, and when file set has renewal, upload the key-value pair of renewal to server;A3, Server receives the MPT trees for the initialization that client uploads, and receives the key-value pair of renewal, according to the key-value pair of the renewal more New initial MPT tree constructions, obtain newest MPT tree constructions;A3, user end to server send challenge token;Server root The challenge token sent according to client, scans for, obtains search result;The challenge token that server is sent according to client, Judge the leaf node presence or absence in the corresponding MPT tree constructions of the challenge token, the MPT trees extracted according to judging result are tied The key and key-value pair of structure interior joint are as the reference information for verifying;Server sends described search result and reference information To client;Client receives the search result of server return and the reference information for verification;A4, client is by transmission Key in challenge token and the reference information is matched, and the root Hash of MPT tree constructions is reconstructed according to matching result;A5, The root Hash reconstructed is compared with the root Hash that client stores, if identical, shows that server without tampering, is searched Hitch fruit is accurate;If it is not the same, showing that server has tampering, search result is inaccurate.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711277295.7A CN108039943B (en) | 2017-12-06 | 2017-12-06 | Verifiable encryption searching method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711277295.7A CN108039943B (en) | 2017-12-06 | 2017-12-06 | Verifiable encryption searching method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108039943A true CN108039943A (en) | 2018-05-15 |
CN108039943B CN108039943B (en) | 2020-10-30 |
Family
ID=62095509
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711277295.7A Active CN108039943B (en) | 2017-12-06 | 2017-12-06 | Verifiable encryption searching method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108039943B (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109710620A (en) * | 2018-12-29 | 2019-05-03 | 杭州复杂美科技有限公司 | Date storage method, method for reading data, equipment and storage medium |
CN110263579A (en) * | 2018-11-16 | 2019-09-20 | 腾讯科技(深圳)有限公司 | A kind of data processing method, system and relevant device |
CN110334526A (en) * | 2019-05-30 | 2019-10-15 | 西安电子科技大学 | It is a kind of that the forward secrecy verified is supported to can search for encryption storage system and method |
CN110347744A (en) * | 2019-06-03 | 2019-10-18 | 阿里巴巴集团控股有限公司 | Date storage method, device and the equipment of multilayer block chain type account book |
CN110602148A (en) * | 2019-10-10 | 2019-12-20 | 深圳前海微众银行股份有限公司 | Method and device for generating state tree of block and verifying data on chain |
CN110597825A (en) * | 2019-09-24 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Data processing method and device based on block chain and node equipment |
CN110830539A (en) * | 2018-08-14 | 2020-02-21 | 贵州白山云科技股份有限公司 | Network storage system and method |
CN111221780A (en) * | 2019-12-31 | 2020-06-02 | 浙江工业大学 | Server file safe storage method based on block chain |
CN111523148A (en) * | 2020-04-16 | 2020-08-11 | 丝链(常州)控股有限公司 | Data storage method based on block chain |
CN111614470A (en) * | 2020-05-27 | 2020-09-01 | 贵州大学 | Verifiable multi-keyword search method based on improved Merkle-Tree authentication method |
US10949118B2 (en) | 2019-06-03 | 2021-03-16 | Advanced New Technologies Co., Ltd. | Data storage method, apparatus, and device for multi-layer blockchain-type ledger |
US20210319854A1 (en) * | 2018-08-28 | 2021-10-14 | Koninklijke Philips N.V. | Method and system for normalization of gene names in medical text |
WO2024066009A1 (en) * | 2022-09-30 | 2024-04-04 | 蚂蚁区块链科技(上海)有限公司 | State verification method and apparatus in blockchain system, and node and blockchain |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102938767A (en) * | 2012-11-13 | 2013-02-20 | 西安电子科技大学 | Efficient verified fuzzy key word searching method based on cloud data subcontract system |
CN103607405A (en) * | 2013-11-27 | 2014-02-26 | 东北大学 | Ciphertext search authentication method oriented towards cloud storage |
CN104038349A (en) * | 2014-07-03 | 2014-09-10 | 西安电子科技大学 | Effective and verifiable public key searching encryption method based on KP-ABE |
CN106815350A (en) * | 2017-01-19 | 2017-06-09 | 安徽大学 | Dynamic ciphertext multi-key word searches for method generally in a kind of cloud environment |
-
2017
- 2017-12-06 CN CN201711277295.7A patent/CN108039943B/en active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102938767A (en) * | 2012-11-13 | 2013-02-20 | 西安电子科技大学 | Efficient verified fuzzy key word searching method based on cloud data subcontract system |
CN103607405A (en) * | 2013-11-27 | 2014-02-26 | 东北大学 | Ciphertext search authentication method oriented towards cloud storage |
CN104038349A (en) * | 2014-07-03 | 2014-09-10 | 西安电子科技大学 | Effective and verifiable public key searching encryption method based on KP-ABE |
CN106815350A (en) * | 2017-01-19 | 2017-06-09 | 安徽大学 | Dynamic ciphertext multi-key word searches for method generally in a kind of cloud environment |
Non-Patent Citations (1)
Title |
---|
JIE ZHU ET AL.: "Enabling Generic, Verifiable, and Secure Data Search in Cloud Services", 《IEEE TRANSACTIONS ON PARALLEL AND DISTRIBUTED SYSTEMS》 * |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110830539B (en) * | 2018-08-14 | 2022-09-06 | 贵州白山云科技股份有限公司 | Network storage system and method |
CN110830539A (en) * | 2018-08-14 | 2020-02-21 | 贵州白山云科技股份有限公司 | Network storage system and method |
US11594303B2 (en) * | 2018-08-28 | 2023-02-28 | Koninklijke Philips N.V. | Method and system for normalization of gene names in medical text |
US20210319854A1 (en) * | 2018-08-28 | 2021-10-14 | Koninklijke Philips N.V. | Method and system for normalization of gene names in medical text |
CN110263579A (en) * | 2018-11-16 | 2019-09-20 | 腾讯科技(深圳)有限公司 | A kind of data processing method, system and relevant device |
CN109710620A (en) * | 2018-12-29 | 2019-05-03 | 杭州复杂美科技有限公司 | Date storage method, method for reading data, equipment and storage medium |
CN110334526A (en) * | 2019-05-30 | 2019-10-15 | 西安电子科技大学 | It is a kind of that the forward secrecy verified is supported to can search for encryption storage system and method |
CN110347744B (en) * | 2019-06-03 | 2020-07-24 | 阿里巴巴集团控股有限公司 | Data storage method, device and equipment for multilayer block chain type account book |
US10949118B2 (en) | 2019-06-03 | 2021-03-16 | Advanced New Technologies Co., Ltd. | Data storage method, apparatus, and device for multi-layer blockchain-type ledger |
CN110347744A (en) * | 2019-06-03 | 2019-10-18 | 阿里巴巴集团控股有限公司 | Date storage method, device and the equipment of multilayer block chain type account book |
CN110597825A (en) * | 2019-09-24 | 2019-12-20 | 腾讯科技(深圳)有限公司 | Data processing method and device based on block chain and node equipment |
CN110602148A (en) * | 2019-10-10 | 2019-12-20 | 深圳前海微众银行股份有限公司 | Method and device for generating state tree of block and verifying data on chain |
CN111221780A (en) * | 2019-12-31 | 2020-06-02 | 浙江工业大学 | Server file safe storage method based on block chain |
CN111221780B (en) * | 2019-12-31 | 2022-05-17 | 浙江工业大学 | Server file safe storage method based on block chain |
CN111523148A (en) * | 2020-04-16 | 2020-08-11 | 丝链(常州)控股有限公司 | Data storage method based on block chain |
CN111523148B (en) * | 2020-04-16 | 2023-10-27 | 丝链(常州)控股有限公司 | Data storage method based on block chain |
CN111614470A (en) * | 2020-05-27 | 2020-09-01 | 贵州大学 | Verifiable multi-keyword search method based on improved Merkle-Tree authentication method |
WO2024066009A1 (en) * | 2022-09-30 | 2024-04-04 | 蚂蚁区块链科技(上海)有限公司 | State verification method and apparatus in blockchain system, and node and blockchain |
Also Published As
Publication number | Publication date |
---|---|
CN108039943B (en) | 2020-10-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108039943A (en) | A kind of encryption searching method that can verify that | |
EP3451578B1 (en) | Turn-control rewritable blockchain | |
CN102938767B (en) | The fuzzy keyword search methodology that efficiently can verify that based on the outer packet system of cloud data | |
US11799660B2 (en) | Optimizations for verification of interactions system and method | |
CN110138561B (en) | Efficient ciphertext retrieval method based on CP-ABE automatic correction and cloud computing service system | |
CN110300112A (en) | Block chain key tiered management approach | |
CN103607405B (en) | A kind of cipher text searching authentication method of facing cloud storage | |
CN107171812A (en) | It is a kind of based on block chain without key signature infrastructure construction method | |
CN106612172A (en) | Data change recovery algorithm capable of restoring data authenticity in cloud storage | |
CN106776904A (en) | The fuzzy query encryption method of dynamic authentication is supported in a kind of insincere cloud computing environment | |
CN105227317B (en) | A kind of cloud data integrity detection method and system for supporting authenticator privacy | |
CN111209591B (en) | Storage structure sorted according to time and quick query method | |
CN111656386B (en) | Managing transaction requests in ledger system | |
CN109088719A (en) | Outsourced database multi-key word can verify that cipher text searching method, data processing system | |
Hu et al. | VERDICT: Privacy-preserving authentication of range queries in location-based services | |
CN112738035B (en) | Block chain technology-based vertical federal model stealing defense method | |
CN106611136A (en) | Data tampering verification method in cloud storage | |
CN111630545B (en) | Managing transaction requests in ledger system | |
CN107612969B (en) | B-Tree bloom filter-based cloud storage data integrity auditing method | |
CN112699123A (en) | Method and system for verifying existence and integrity of data in data storage system | |
CN105491069A (en) | Integrity verification method based on active attack resistance in cloud storage | |
CN114169888B (en) | Universal type cryptocurrency custody method supporting multiple signatures | |
Shi et al. | A new data integrity verification mechanism for SaaS | |
CN115766136A (en) | Multi-keyword searchable encryption method for energy source block chain supervision data | |
Zhang et al. | Verifiable fuzzy keyword search supporting sensitive information hiding for data sharing in cloud-assisted e-healthcare systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |