CN108039944B - De-ordering encryption framework algorithm with forward security - Google Patents
De-ordering encryption framework algorithm with forward security Download PDFInfo
- Publication number
- CN108039944B CN108039944B CN201711345342.7A CN201711345342A CN108039944B CN 108039944 B CN108039944 B CN 108039944B CN 201711345342 A CN201711345342 A CN 201711345342A CN 108039944 B CN108039944 B CN 108039944B
- Authority
- CN
- China
- Prior art keywords
- encryption
- algorithm
- order
- data
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/14—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
Abstract
The invention belongs to the technical field of passwords, and particularly relates to an order-uncovering encryption framework algorithm with forward security. The invention compiles the original order-preserving encryption and the original order-uncovering encryption into a forward safe order-uncovering encryption framework algorithm. The original order-preserving encryption or order-revealing encryption is expressed as an algorithmWherein the three elements are respectivelyAn initialization algorithm,An encryption algorithm,A comparison algorithm; the compiled forward-secure de-sequenced encryption framework algorithm tuple is represented asI.e. byThe start-up/initialization algorithm is,the encryption algorithm is used for the encryption algorithm,
Description
Technical Field
The invention belongs to the technical field of passwords, and particularly relates to a forward security technology and an order-uncovering encryption method in private key encryption.
Background
Preparatory knowledge and symbol marking:
the hash function is used to convert a string into a numeric value or a fixed-length string, etc. Typically, the input to the hash function, i.e. any one string (or a concatenation of several strings), is first encoded as a {0,1}*And then a hash function is applied to the converted 0-1 string input to obtain a fixed-length 0-1 string output. Here {0,1}*The set of all 0-1 strings is represented. {0,1}1[ 0 ] denotes {0,1}1Of (2) a set consisting of elements other than zero (i.e., excluding 0)1The outer 0-1 string of length 1, here 01Representing strings of all 0's of length 1). One basic function of hash functions in cryptography is to provide a "one-way" conversion, where it is difficult to find its input or look ahead given a randomly generated output of a function, and "collision-resistant," where it is difficult to find a different input given an input so that the output of the hash function is the same on the two different inputs. The hash function can be very extensive: from a simple mixing (mixing) function to a function with pseudo-random output properties. Hash functions with pseudo-random output properties are often idealized as a "random oracle" in cryptographic analysis. A commonly used pseudo-random function is also used for this. There are several hash functions widely used in cryptography: for example, MD5 converts data of arbitrary length into a 128-bit 0-1 string, while the output of another common hash function SHA is a 160-bit 0-1 string. In short, a hash function F is goal one-way, if for an algorithm a of arbitrary probability polynomial time, a can solve for an element y randomly chosen from the domain of function values such that the probability (with respect to the length of y) that y ═ F (x) is negligible. More precisely, let d have a value field ofA hash function F is (as opposed to)And a function H) objective unidirectional, if algorithm A for arbitrary probability polynomial time, for a slaveThe randomly selected d, A (F, d) first outputs a message m ∈ {0,1}*Then for the slaveAnother randomly selected d ' in the sequence, and finally the output m ' ∈ {0,1} from A (F, d, m, d ')*The probability of satisfying dh (m) ═ d 'H (m') is negligible.
Trapdoor permutation is a special one-way permutation. Briefly defined as follows, let an algorithmic tuple of polynomial time (Gen, Π, Inv) defined in field D be a trapdoor permutation family (sometimes informal abbreviated as trapdoor permutation) that needs to satisfy the following condition:
Gen(1λ) → (I, td). A security parameter λ is input and a parameter generation algorithm generates a set of parameters (I, td). Such a set of parameters defines a pair of sets DI=DtdAnd satisfies that the length of I is equal to or greater than lambda. Sometimes we also do not formally refer to (I, td) as the trapdoor permuted public and private keys, respectively.
Gen1(1λ) → I. Let Gen1Is an algorithm that executes Gen and outputs only I as the only returned result (Gen)1Π) is a single row permutation group.
Invtd(y) → x. Inv is a deterministic conversion algorithm, satisfied for each pair of tokens Gen (1)λ) (I, td) of output and arbitrary x ∈ DI=DtdAnd y ═ ΠI(x) All ensure Invtd(y) x. For simplicity, we often refer to InvtdIs written asWhile we will denote performing k ≧ 1 forward and reverse trapdoor permutations, respectively, asAnd。
the forward security is firstly applied to dynamic symmetric searchable encryption in the fields of attribute preserving encryption and attribute revealing encryption, and is a strong attribute. Forward security means that past data operations do not cause any information leakage about newly inserted data, whereas backward security means that past data operations do not cause any information leakage about newly deleted data. We give its definition for de-sequenced encryption as follows:
one leakage function is L, the de-sequenced encryption which is safe against adversary adaptive attack is forward safe, and the leakage of the data insertion operation is LaddThe need can be expressed as:
Ladd(add,Wadd)=L(add,INDadd)。
wherein, WaddIs a data insertion data set that contains its specific storage structure, pointers, constraints, etc. INDaddThe data file is a set of data files that only represents a data table in which data is inserted in the relational database or a data file in which data is inserted in the relational database, and the number of inserted data.
The order-preserving encryption and the order-revealing encryption are important encryption methods in the attribute-preserving encryption and the attribute-revealing encryption, and the attribute-preserving encryption and the attribute-revealing encryption are also important members in the private key encryption. The order-preserving encryption is a special form of the de-ordering encryption, and can be traced back to the order-preserving encryption method for numerical data published by Agrawal et al in 2004 for the earliest time. In 2009, boldyeva et al formally started the wave of academic community on order-preserving encryption research, and developed many algorithms with trade-off in security and efficiency, resulting in a variety of changes to the algorithm structure. After this, Boneh et al first proposed an algorithm for de-scrambling encryption in 2015. Due to the adoption of multi-linear mapping, the efficiency is low, and a plurality of de-ordering encryption algorithms are developed in recent years. In addition to the promotion of the first practical encrypted database system CryptDB published by Popa et al in 2013, the use of the order-preserving encryption and the order-revealing encryption as its internal algorithm components has received great attention and development in recent years.
Satisfying a private key encryption algorithm is an open-ended encryption algorithm that can be expressed as a tuple of algorithms defined on a perfectly ordered plaintext space:
ORE=(ORE.Setup,ORE.Encrypt,ORE.Compare);
and has the following properties:
(1)ORE.Setup(1λ) → sk. Inputting a security parameter lambda, and outputting a private key by the algorithm for subsequent algorithm encryption;
(2) encryption (sk, m) → c. Using the previously generated private key, the encryption algorithm encrypts the input plaintext m into a ciphertext c that can reveal the correct order using a comparison algorithm.
(3)ORE.Compare(c1,c2) Input two ciphertexts → n, the compare function returns one bit b ∈ {0,1} revealing the correct order of the two.
Perfect ordering above refers to a situation where the correct order is known by normal comparison of sizes, like numbers, strings, etc. In addition, not all de-sequenced encryptions have the decryption algorithm ore.
The order preserving encryption is a special case of the order uncovering encryption, and only the ciphertext spaces of the order uncovering encryption need to be perfectly ordered, and meanwhile, the comparison algorithm is a normal size comparison method.
Currently, there is no explicit de-ordering or order-preserving encryption with forward security. The only way to achieve forward security is the POPE (partial order-preserving encryption) published by Roche et al in 2016. The algorithm framework adopts a tree structure, and because the interactive ordering stage of the server and the client is placed in the query stage for execution, the IND-FAPCPA (ordered encrypted Security encryption-associated secret-plain attack) with the strongest order-preserving encryption security so far is realized, namely, part of order-preserving selection plaintext attack is indistinguishable in frequency analysis. Whether the server and the client require the client authentication in the interactive sequencing of the POPE is not indicated in the text, if the server and the client require the client authentication, the POPE has forward security, but due to the consideration of most application scenes in reality, the efficiency and the usability of the authentication in a large number of interactive sequencing stages are greatly reduced, and the POPE does not meet the requirements of the scenes. Therefore, the algorithm does not perform authentication when the server and the client interact and sequencing, and therefore, the algorithm has no forward security. Therefore, the invention is the first framework algorithm capable of constructing forward secure de-sequencing encryption.
Disclosure of Invention
The invention aims to provide an out-of-order encryption framework algorithm with forward security.
The invention provides an order-breaking encryption frame algorithm with forward security, which compiles the original order-preserving encryption and order-breaking encryption into a frame algorithm of forward security order-breaking encryption. Wherein, the original order-preserving encryption or order-revealing encryption is represented as an arithmetic tuple as ═ ORE (ORE)Setup,OREEncrypt,ORECompare) Wherein three elements are respectively initialization algorithms (ORE)Setup) Encryption algorithm (ORE)Encrypt) And comparison algorithm (ORE)Compare) (ii) a The compiled forward-secure de-sequenced encryption framework algorithm tuple is represented as
Setting e as the intermediate cipher text (obtained by the original order-preserving encryption or order-revealing encryption algorithm); s is a sorting space, a data table can be referred to in a relational database, and a data file can be referred to in a non-relational database; λ is a safety parameter; the private key and the public key of the trapdoor replacement are (sk, pk); the algorithm master key is k0(ii) a The ordering token map OT contains the last ordering tokens OT for different ordering spaces siAnd current pointer/counter i (counting from 0); m ∈ {0,1}*Is data to be encrypted; c is a ciphertext; add is an operation identifier; sigma is the rest parameters of the original order-preserving encryption or order-uncovering encryption algorithm;andfor ciphertext that needs to be compared, p and q are position pointers (i.e., sequence numbers) in the database. II and II-1Respectively a forward and reverse trapdoor permutation function; the key generation function for trapdoor permutation is KeyGen (1)λ) (ii) a H is a key hash function; PRF is a pseudo-random function.
The compiled forward secure de-sequencing encryption framework algorithm provided by the invention has the following three elements in detail:
Setup(1λ) Start-up/initialization algorithm: according to the input safety parameter lambda, the following operations are carried out:
initializing a ranking token graph OT;
ⅱ,(sk,pk)←KeyGen(1λ) Generating a private key and a public key of the trapdoor replacement by a trapdoor replacement key generating function;
ⅲ,and randomly selecting a 0-1 string with the length of a security parameter as a master key of the whole algorithm.
Encrypt (add, σ, m, s) encryption algorithm: according to the input operation identifier, the original order-preserving encryption or order-uncovering encryption and other parameters, the plaintext and the sequencing space, the following operations are carried out:
ⅰ,the client calculates a pseudorandom function result of the sequencing space by using the master key to obtain a key corresponding to the sequencing space;
ⅱ,(OTi,i)←OT[s]acquiring a current last sorting token and a current pointer/counter by the sorting token map;
iii if (OT)iI) is null, let i-1, and randomly choose one from the sorted token space to become OTi+1(ii) a If not, calculatingPermutation of private keys and last rank token computation from trapdoorsA most recent ranking token;
ⅳ,OT[s]←(OTi+1i +1), putting the latest sorting token and the pointer/counter into a sorting token map;
ⅴ,and according to the key of the sorting space, the latest sorting token, the operation identifier, the rest parameters of the original order-preserving encryption or order-uncovering encryption and the plaintext, carrying out XOR calculation by the encryption algorithm and the key hash function of the original order-preserving encryption or order-uncovering encryption to obtain the ciphertext.
Vi, ciphertext ci+1And sending to the server for storage in the encrypted database.
And (3) comparison algorithm: according to the original order-preserving encryption or order-uncovering encryption, the rest parameters, two comparison ciphertexts with sequence numbers p and q in the ordering space s and the ordering space s, the following operations are carried out:
ⅰ,the client calculates a pseudorandom function result of the sequencing space by using the master key to obtain a key corresponding to the sequencing space;
ⅱ,(OTi,i)←OT[s]acquiring a current last sorting token and a current pointer/counter by the sorting token map;
iii if (OT)iIf i) is null, indicating that no data exists in the sequencing space s, and returning to a null set; if not, the last sequencing token, the token pointer/counter, the sequencing space key and other parameters of the original sequence preserving encryption or sequence uncovering encryption are sent to the server;
ⅳ,according to two ciphertexts, a sorting space key, a trapdoor replacement public key and a last sorting token, through forward trapdoor replacement, a key hash function and an XOR algorithmThe server calculates and obtains a corresponding intermediate ciphertext of the two ciphertexts, namely the ciphertext encrypted by the original order-preserving encryption algorithm or the order-uncovering encryption algorithm;
ⅴ,the server obtains a sequence result of the two intermediate ciphertexts by executing an original order-preserving encryption or order-uncovering encryption comparison algorithm, and finally returns a data set to the client according to the result.
In order to further ensure the safety and the practicability of the method, the invention also provides two data deletion algorithms, which are specifically described as follows:
the first deletion algorithm is to construct a "deletion database" having the same structure according to the compiling framework algorithm. When deleting data, extra check is needed to check whether the data is deleted, and when comparing the data sequence, extra check is needed to check whether the data is deleted, namely whether the data exists in a 'deletion database'. The method also ensures and realizes the backward security of the de-ordering encryption, and is a framework which can be compiled for the first time to generate the de-ordering encryption meeting the backward security.
The second deletion algorithm needs some changes to the compilation framework algorithm: each time data insertion is performed, a plaintext serial number is inserted together to indicate the number of data insertions. Therefore, after the data in the normal data table is deleted, the fact that several times of forward trapdoor replacement is needed can still be known through the sequence number difference so as to obtain a correct corresponding sorting token, so that the hash can obtain correct data noise, and a correct sequence comparison result is obtained after the hash is eliminated.
For the compiling framework algorithm, the storage complexity of the server side is not increased compared with the original order-preserving encryption or order-revealing encryption, and the storage complexity of the client side is increasedWhere | S | is the number of ordering spaces,is an order token spaceSize, | CsAnd | is the number of ciphertexts per ordering space. In order to reduce the storage complexity of the client in some special scenes, the invention also provides the following two schemes for improving the compiling framework algorithm:
i: for the third and fourth steps of the above encryption algorithm, if OT s]Empty, the OT is0The selection mode is changed from random selection from the sequencing token space toThe sorted token map also stores only pointers/counters at a time, i.e. OT s]Oid (i +1), which can reduce the client storage complexity to O (| S | log | C)s|). Under the method, if RSA is selected as a trapdoor replacement algorithm, OT is calculated every timeiThe time complexity is still low from time to time: if (n, r) and (u, v, w) are the private key and the public key of the trapdoor permutation,it can be calculated simply by the following algorithm:
where mod is the remainder operation.
Ii: based on the above method, we can perform OT each timeiBefore calculation, the statistical counting operation of the encrypted data is carried out, so that the data quantity of different sequencing spaces can be obtained, and the storage complexity increment of a client can be ensured to be zero, but the method is not suitable for a second deletion algorithm.
The inventor emphasizes that the compiling framework algorithm is applicable to order-preserving encryption or order-revealing encryption of all non-ordered tree-structured stores. Since the storage structure of the sorting tree directly shows the order between data, contrary to the xor noise operation in the present invention, the forward security property cannot be realized. However, the application range of the order-preserving encryption and the order-uncovering encryption stored in the tree structure is poor, so that the tree structure has little practical value at present and mostly has academic safety value, and therefore, the tree structure storage method has wide applicability and practicability.
The invention provides an order-preserving encryption and order-uncovering encryption framework algorithm for compiling the original order-preserving encryption and order-uncovering encryption into forward security. The compilation framework algorithm can be used for order-preserving encryption and order-revealing encryption of various non-tree-structured stores. The order-uncovering encryption generated by compiling is additionally provided with forward security property on the premise of ensuring the security of the original algorithm, can perfectly resist file injection attack, is suitable for most electronic data systems, and particularly ensures an electronic system with third-party data sharing and data exchange equipment. In particular, aiming at security guarantee and expansion, two data deletion algorithms are also included; and the system aiming at the limitation of the storage condition of the client also comprises two optimization measures so as to adjust the basic compiling framework algorithm to meet the requirement.
Detailed Description
The following describes an embodiment of the algorithm in detail, taking the example that the client encrypts, transmits and compares the integer data "123456" and "123457" to the server database.
In view of practical applications, there are many schemes that can be adopted for the key hash algorithm and the pseudo-random function as well as the trapdoor permutation function, and in the following description, an exemplary algorithm that adopts HMAC-SHA256 as the pseudo-random function and the key hash function, RSA as the trapdoor permutation algorithm, and the original order preserving/revealing encryption adopts the order preserving encryption algorithm of the 2009 bolpyreva (Alexandra bolyreva, nature chenet, Younho Lee, and AdamO' neill. The data is expressed in 16-system, the security parameter lambda takes 128, and the RSA algorithm takes 2048 bits as the key length. And both data are stored in the same ordering space, represented as ABCDEF in hexadecimal.
First, algorithm initialization phase
1. Ordering token map initialization, no correlation data
2. Invoking a trapdoor replacement key generation algorithm (in this example, using RSA algorithm), taking a modular length (i.e. key length) of 2048 bits, setting r to 10001, generating a public key pair (n, r) of (8C9A4D654BEE959FD862E311DF75AB5C58acdc 86ACC74BFEED8CD952853039D10F6AADFD0D6D7D8DF6F11E4A6E7827288ECA051D0392C07B63759CF 101F 19B3D877466B92BD80D5BE354413138FCBBA DA 8DA1C7E 085F0896CE783F3843 a3a 1438E776201854E C08F106B08D6C7A6B2DB97019B12769E7F329D9E 8726D 6B2DB97019B12769E 9D9E 26AD 0FAEF 038120F 038120 a B97019D 9a 7B 35D 7B 35D 7D 35D 7F 20D 35D 7D 35B 35D 7D 35D 7B 35D 7D 35D 7F 3D 7D 3D 35D 7B 35D 7D 3D7B 35D 7D 3D7B 3D 3B 35D 3D7B 35D 3D 7D 35D 3D7B 3D7B 3D 3:
(FAA6BFFAFC7D0C6EF46EF324CC513D28650005C1E195AACA34E4F350E73A826E2E567D672CA67A0484C5AA2F223347CF495542E5DFAF27E5F75F52589FDB58B2EAEEAE6F3EEF9D73E14268A2C012BEBD814E5C7ECBE406F5D43CA7242AF6C4D8C4E629C94A4ECDF3A35D0835BFE7F729A4642E45BD2D9E3261F3C76CA1822215,
8F9A61E431B18E2ED73390A6644F66F030B8E66C56DFA48C41712276731138DD9759C51BC90D959123A094428AEC33ACB82C18E88C3B0B0490121F9FCA7E1FC5C6203B0BE3A8F2EDDC54406598A60ACF3464C9FB50D374919836B1AC95833EB0B5679C6D967BFC7999C66EC9A67546903BD8D05BBA9F366BF254B054EC1AEFB5,
833F263000895DB230535E93387CA6D1351567B1BD3FCD5BBCA134869F759E51E79BDA35C2C44A086FC94672A23A495290EE11594D7D90D4420BB911C881B7B74E622A34DA05C84F93365292911C19869AC7463B938D566A020C0A7A0155423867FF5711273EE506D179CBB59EC31EF37F905B55E100D0DBAABA97E9A4DAD444EF42B9B49D64BD14790A9C874401FC4A6A1E7ECB3CEF06E107C587FFE117C47DC8C664DDC773C75D01386F8EBF8D597AA5091AFE1C07C8E40D18AF5D12244911BD3464D43F1F709809839836F634A333C92A43603FB9F6D4E69BC61A35FC77C7DE1496269A39C5531A9A8CFA4F0BE0F3A99B4057AF189547237D10494506DF81)。
3. let random generate master key k0The length of the 0-1 string is 1000001101111101101101111001010011111111100100101000000010011001010001010101001001000010000101010101010011010101111011, and the 16-scale is 826FB794FF925013295248442AA9F 57B.
Binary, decimal integer data "123456" encryption stage:
1. the master key is used to solve the sort space key of the sort space ABCDEF using HMAC-SHA256 as a pseudo-random function:
0FBA9F7E9D84C2E9E3EA266E87FD6195416CAB51A452BE06E92D1CC3481843D1。
2. the last sorting token and pointer/counter of the sorting space ABCDEF are obtained from the sorting token map, since there is no data stored yet, the last sorting token and pointer/counter of the sorting space ABCDEF are empty.
3. Randomly selecting a sorting token from a sorting token space:
f5DC4CA4F82691F885EFE921FF6A9E805D86a76a1533CA9830492009DA6F12F153176F39CBBC91D954E7637D801703E 689137a33B4ED67a66D0426C5a2592CBAF45B35D1C17FEB62F56F1C2F94D0170087a31a96DA13CC9030F5F884252DAAB8188FD57a88D7368AA6368E 08CBA513628E617589194D 229C 7B227C5574FC79A0EA3a04C7799 BD 78642B250DB 7F 262FEB81 DC4DE3F13B521905B 4838E67322B53B 3048281B 6303E 337753B 3E 3D 4D 7BD 11732B 1177B 1172B 6853B 35D 3a 35C 35F 35C 35F 2F 35D 35F 35D 3F 35D 3a 96F 31a96D 31a96 a31a96D 3C 35F 35B 35 a96 A3C 3 A3C 3B3 A3B 3.
4. Setting integer data '123456' encrypted by an original algorithm to correspond to a ciphertext of 0001E27BF057FF96, solving a sorting token hash value through HMAC-SHA256, wherein the key is a sorting space key, and the hash value result is as follows:
597971622E7F416EF17CBCC6AC6452CEB747EEF095BB9B598A5563B44B66D7AF, the final 16 bits are taken to be subjected to bitwise XOR calculation with the intermediate ciphertext to obtain a final ciphertext 8A5481CFBB312839, and the final ciphertext is stored in the server-side database. Wherein the determination of the number of bits is based on the length of the ciphertext consistent with the original order preserving encryption/de-ordering encryption. The final ciphertext after the exclusive or operation has the forward security property, and a correct sequence result cannot be obtained through the original comparison algorithm of order preserving encryption/order uncovering encryption.
Three, decimal integer data "123457" encryption stage:
1. the master key is used to solve the sort space key of the sort space ABCDEF using HMAC-SHA256 as a pseudo-random function:
0FBA9F7E9D84C2E9E3EA266E87FD6195416CAB51A452BE06E92D1CC3481843D1。
2. the last sorting token and pointer/counter of the sorting space ABCDEF are obtained from the sorting token map.
3. Calculating the next sequencing token by utilizing forward trapdoor replacement, and obtaining the sequence according to the last sequencing token and a private key:
5980B0529598C2B95EB49559ADAACE25FD634CA667AF5ECE99E81AAE4480F5A13F26FCBB2EE2CE256D724E78EA86ECE2874F5C9DB6D6F01B5BF91FC4E05B30F78A3B307C388487B777DB3F946A832C00131D239154158E4903C59DF3891E7DD 84E4D8A0B142FE8549CD48E2983F4DD7305EAC5752E53050B906BBF1445A03E814BDA2F65BF 6200A 59E67 AAB0B28E4E 3615626 DFCB 7243 CB7280 BA0A126736DA617606762E 3A 3EF70DC4B14FACB 14 FD 4C 5FD 5B 8B 278B 38F 24D 24F 24D 35F and the result AD 35B 35 AD 7F 31F 35 AD 7 AD 19F 31B 35F and the result BD 35 AD 7A 3B FD 3D 5F 735 FD 3D 3 AD 19F 735 FD 3 AD 19F 3D 3 AD 19 FD 3D.
4. Assuming that integer data '123457' encrypted by an original algorithm corresponds to ciphertext 0001E27BFBF5008C, solving a sorting token hash value through HMAC-SHA256, wherein the key is a sorting space key, and the hash value result is as follows:
FE9226338791AAC85BD3006CF90A3CDB6D17816612DE586DABFE5BD90C2AD4AD, the last 16 bits and the intermediate ciphertext are subjected to bitwise XOR calculation to obtain a final ciphertext ABFFB9A2F7DFD421, and the final ciphertext ABFFB9A2F7DFD421 is stored in the server-side database.
Fourthly, the ciphertext data "8A 5481CFBB 312839" and the ciphertext data "ABFFB 9A2F7DFD 421" comparison stage:
1. the client uses the master key to solve the sequencing space key of the sequencing space ABCDEF by adopting HMAC-SHA256 as a pseudorandom function:
0FBA9F7E9D84C2E9E3EA266E87FD6195416CAB51A452BE06E92D1CC3481843D1。
2. the client obtains the last sorting token and the pointer/counter of the sorting space ABCDEF from the sorting token map. Because the cipher text data stored in the server exists and the sorting token is not null, the last sorting token, the pointer/counter, the sorting space key of the sorting space ABCDEF and the parameters required by the comparison function of the original sorting algorithm/de-sorting algorithm are sent to the server.
3. The server uses the trapdoor to replace the public key, the last sorting token and the pointer/counter, and calculates reversely to obtain the corresponding sorting token (as described above), and obtains the hash value of the corresponding sorting token through HMAC-SHA256, where the key is a sorting space key, and the hash value results are respectively:
597971622E7F416EF17CBCC6AC6452CEB747EEF095BB9B598A5563B44B66D7AF,
FE9226338791AAC85BD3006CF90A3CDB6D17816612DE586DABFE5BD90C2AD4AD。
4. and carrying out XOR calculation on the 16 th bit after the hash value and the ciphertext in the corresponding server to obtain the ciphertext of the original order-preserving encryption/order-revealing encryption, namely 0001E27BF057FF96 and 0001E27BFBF 5008C. And obtaining a comparison result through the original order-preserving encryption/order-uncovering encryption comparison algorithm, and returning the data result set to the client according to the sequencing result and the query statement.
Claims (3)
1. An order-breaking encryption frame algorithm with forward security is characterized in that the original order-preserving encryption and order-breaking encryption are compiled into a frame algorithm of forward security order-breaking encryption; wherein, the original order-preserving encryption or order-revealing encryption is represented as an arithmetic tuple as ═ ORE (ORE)Setup,OREEncrypt,ORECompare) Wherein the three elements are ORESetupInitialization Algorithm, OREEncryptEncryption algorithm, ORECompareA comparison algorithm; the compiled forward-secure de-sequenced encryption framework algorithm tuple is represented asfp=(Setup,Encrypt,Compare);
Setting e as an intermediate cipher text, and encrypting the intermediate cipher text by using an original order-preserving encryption or order-uncovering encryption algorithm; s is a sorting space, a data table is designated in a relational database, and a data file is designated in a non-relational database; λ is a safety parameter; the private key and the public key of the trapdoor replacement are (sk, pk); the algorithm master key is k0(ii) a The ordering token map OT contains the last ordering tokens OT for different ordering spaces siAnd the current pointer/counter i, i counts from 0, m ∈ {0,1}*Is data to be encrypted; c is a ciphertext; add is an operation identifier; sigma is the rest parameters of the original order-preserving encryption or order-uncovering encryption algorithm;andthe ciphertext to be compared is obtained, wherein p and q are position pointers, namely sequence numbers, in the database respectively; pi and pi-1Respectively a forward and reverse trapdoor permutation function; the key generation function for trapdoor permutation is KeyGen (1)λ) (ii) a H is a key hash function; PRF is a pseudo-random function;
wherein, three elements are specifically described as follows:
Setup(1λ) The start/initialization algorithm: according to the input safety parameter lambda, the following operations are carried out:
i, initializing a sequencing token graph OT;
ii,(sk,pk)←KeyGen(1λ) Generating a private key and a public key of the trapdoor replacement by a trapdoor replacement key generating function;
iii,randomly selecting a 0-1 string with the length of a safety parameter as a main key of the whole algorithm;
encrypt (add, σ, m, s), encryption algorithm: according to the input operation identifier, the original order-preserving encryption or order-uncovering encryption and other parameters, the plaintext and the sequencing space, the following operations are carried out:
i,the client calculates a pseudorandom function result of the sequencing space by using the master key to obtain a key corresponding to the sequencing space;
ii,(OTi,i)←OT[s]acquiring a current last sorting token and a current pointer/counter by the sorting token map;
iii if (OT)iI) is null, let i-1, and randomly choose one from the sorted token space to become OTi+1(ii) a If not, calculatingCalculating the latest sorting token according to the trapdoor replacement private key and the latest sorting token;
iv,OT[s]←(OTi+1f +1), putting the latest sorting token and the pointer/counter into the sorting token map;
v,according to the key of the sorting space, the latest sorting token, the operation identifier, the rest parameters of the original order-preserving encryption or order-uncovering encryption and the plaintext, the ciphertext is obtained through the encryption algorithm and the key hash function of the original order-preserving encryption or order-uncovering encryption;
vi, ciphertext ci+1Sending the data to a server and storing the data in an encryption database;
and (3) comparison algorithm: according to the original order-preserving encryption or order-uncovering encryption, the rest parameters, two comparison ciphertexts with sequence numbers p and q in the ordering space s and the ordering space s, the following operations are carried out:
i,the client calculates a pseudorandom function result of the sequencing space by using the master key to obtain a key corresponding to the sequencing space;
ii,(OTi,i)←OT[s]acquiring a current last sorting token and a current pointer/counter by the sorting token map;
iii if (OT)iIf i) is null, indicating that no data exists in the sequencing space s, and returning to a null set; if not, the last sequencing token, token pointer/counter and sequencing space key are usedSending the other parameters of the original order-preserving encryption or the original order-uncovering encryption to a server;
iv,according to the two ciphertexts, the sorting space key, the trapdoor replacement public key and the last sorting token, the server calculates and obtains a middle cipher text corresponding to the two cipher texts through forward trapdoor replacement, a key hash function and an XOR algorithm, namely the cipher text encrypted by the original order-preserving encryption algorithm or the original order-uncovering encryption algorithm;
2. The de-sequenced encryption framework algorithm with forward security according to claim 1, further comprising two data deletion algorithms, which are specifically described as follows:
the first deleting algorithm is to construct a deleting database with the same structure according to a compiled forward safe de-ordering encryption framework; when deleting data, whether the data are deleted or not needs to be additionally checked, and when comparing the data sequence, whether the data are deleted or not needs to be additionally checked, namely whether the data exist in a 'deletion database' or not needs to be additionally checked;
the second deletion algorithm is to make some changes to the compiled forward secure de-ordering encryption framework: when data insertion is carried out each time, plaintext serial numbers are inserted together so as to indicate that the data insertion is carried out for the second time; therefore, after the data in the normal data table is deleted, the fact that several times of forward trapdoor replacement is needed can still be known through the sequence number difference so as to obtain a correct corresponding sorting token, so that the hash can obtain correct data noise, and a correct sequence comparison result is obtained after the hash is eliminated.
3. The de-sequenced encryption framework algorithm with forward security according to claim 1, characterized in that the algorithm further comprises the following two schemes, and the compiled forward security de-sequenced encryption framework is modified to reduce the storage complexity of the client in some special scenarios:
i: for the third and fourth steps of the above encryption algorithm, if OT s]Empty, the OT is0The selection mode is changed from random selection from the sequencing token space toThe sorted token map also stores only pointers/counters at a time, i.e. OT s]Oid (i +1), which reduces the client storage complexity to O (| S | log | C)s| C), where | S | is the number of ordering spaces, | CsI is the number of ciphertexts in each sequencing space; under the method, if RSA is selected as a trapdoor replacement algorithm, OT is calculated every timeiThe time complexity is still low from time to time: if (n, r) and (u, v, w) are the private key and the public key of the trapdoor permutation,calculated by the following algorithm:
wherein mod is a remainder operation;
ii: based on the above method, each OTiBefore calculation, the statistical counting operation of the encrypted data is carried out to obtain the data quantity of different sequencing spaces, and the storage complexity increment of the client is ensured to be zero.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711345342.7A CN108039944B (en) | 2017-12-15 | 2017-12-15 | De-ordering encryption framework algorithm with forward security |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711345342.7A CN108039944B (en) | 2017-12-15 | 2017-12-15 | De-ordering encryption framework algorithm with forward security |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108039944A CN108039944A (en) | 2018-05-15 |
CN108039944B true CN108039944B (en) | 2020-09-01 |
Family
ID=62103064
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711345342.7A Active CN108039944B (en) | 2017-12-15 | 2017-12-15 | De-ordering encryption framework algorithm with forward security |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108039944B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108768639B (en) * | 2018-06-06 | 2021-07-06 | 电子科技大学 | Public key order-preserving encryption method |
CN113254971B (en) * | 2021-06-09 | 2022-07-05 | 中国电子科技集团公司第三十研究所 | Multi-data type ciphertext comparison method based on de-scrambling encryption |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102843372A (en) * | 2012-08-28 | 2012-12-26 | 西安交通大学 | Order-preserving encryption method based on random interval partition |
CN105592100A (en) * | 2016-01-26 | 2016-05-18 | 西安电子科技大学 | Government services cloud access control method based on attribute encryption |
CN106850652A (en) * | 2017-02-21 | 2017-06-13 | 重庆邮电大学 | One kind arbitration can search for encryption method |
Family Cites Families (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20150108516A (en) * | 2014-03-18 | 2015-09-30 | 한국전자통신연구원 | Decryptable index generating method for range query, searching method, and decoding method |
US10402792B2 (en) * | 2015-08-13 | 2019-09-03 | The Toronto-Dominion Bank | Systems and method for tracking enterprise events using hybrid public-private blockchain ledgers |
-
2017
- 2017-12-15 CN CN201711345342.7A patent/CN108039944B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102843372A (en) * | 2012-08-28 | 2012-12-26 | 西安交通大学 | Order-preserving encryption method based on random interval partition |
CN105592100A (en) * | 2016-01-26 | 2016-05-18 | 西安电子科技大学 | Government services cloud access control method based on attribute encryption |
CN106850652A (en) * | 2017-02-21 | 2017-06-13 | 重庆邮电大学 | One kind arbitration can search for encryption method |
Non-Patent Citations (2)
Title |
---|
POPE:Partial Order Preserving Encoding;Daniel S.Roche;《ACM》;20161231;全文 * |
基于保序加密的网格化位置隐私保护方案;沈楠;《通信学报》;20170725(第7期);全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN108039944A (en) | 2018-05-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Chang et al. | Short redactable signatures using random trees | |
US20090262925A1 (en) | Method for designing a secure hash function and a system thereof | |
JPH11500241A (en) | Efficient cryptographic hash function and method for enhancing security of hash function and pseudo-random function | |
US11349668B2 (en) | Encryption device and decryption device | |
Banik et al. | A chosen IV related key attack on Grain-128a | |
Garg et al. | New techniques for efficient trapdoor functions and applications | |
Krendelev et al. | Order-preserving encryption schemes based on arithmetic coding and matrices | |
Lafitte et al. | SAT-based cryptanalysis of ACORN | |
CN108039944B (en) | De-ordering encryption framework algorithm with forward security | |
Berbain et al. | On the security of IV dependent stream ciphers | |
Palmieri | Hash-based signatures for the internet of things: position paper | |
Goldfeder et al. | Efficient post-quantum zero-knowledge and signatures | |
Moataz et al. | Chf-oram: a constant communication oram without homomorphic encryption | |
CN106301764B (en) | Message summarization method and system based on path hashing | |
Rastaghi | An efficient CCA2-secure variant of the McEliece cryptosystem in the standard model | |
Li et al. | Unidirectional FHPRE Scheme from Lattice for Cloud Computing. | |
Mohamad et al. | Verifiable structured encryption | |
Meng et al. | An enhanced long-term blockchain scheme against compromise of cryptography | |
Ali | Feedback with carry shift registers and (in-depth) security of ciphers based on this primitive | |
Belal et al. | 2D-encryption mode | |
Banik et al. | Some results on related key-IV pairs of grain | |
Peng et al. | A fast additively symmetric homomorphic encryption scheme for vector data | |
Weber et al. | Parallel hash collision search by rho method with distinguished points | |
Iavich et al. | Digital Signature Design Using Verkle Tree | |
Hu | Improved Blind Seer System With Constant Communication Rounds |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |