CN108111587A - A kind of cloud storage searching method based on time release - Google Patents

A kind of cloud storage searching method based on time release Download PDF

Info

Publication number
CN108111587A
CN108111587A CN201711344491.1A CN201711344491A CN108111587A CN 108111587 A CN108111587 A CN 108111587A CN 201711344491 A CN201711344491 A CN 201711344491A CN 108111587 A CN108111587 A CN 108111587A
Authority
CN
China
Prior art keywords
user
key
document
time
server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711344491.1A
Other languages
Chinese (zh)
Other versions
CN108111587B (en
Inventor
李会格
张方国
田海博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sun Yat Sen University
National Sun Yat Sen University
Original Assignee
National Sun Yat Sen University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by National Sun Yat Sen University filed Critical National Sun Yat Sen University
Priority to CN201711344491.1A priority Critical patent/CN108111587B/en
Publication of CN108111587A publication Critical patent/CN108111587A/en
Application granted granted Critical
Publication of CN108111587B publication Critical patent/CN108111587B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/951Indexing; Web crawling techniques
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/068Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Abstract

The invention belongs to cloud storage fields, and in particular to a kind of cloud storage searching method based on time release.The present invention defines clear data time permission, and is stored after being encrypted to high in the clouds.When user wants to search for document, the search instruction that server by utilizing user generates is inquired about, and in query process, server, user, time server tripartite, which interacts, finally obtains the cryptograph files of needs.Then user and time server continue communication and obtain the corresponding decruption key of ciphertext, and lower decryption file online.The present invention has taken into full account the requirement in terms of the time access permission of electronic document, and the privacy and time that ensure that data consult permission, have very strong practicability.

Description

A kind of cloud storage searching method based on time release
Technical field
The invention belongs to cloud storage fields, and more particularly to one kind can be within some following period on encrypted electronic document The method for realizing search.
Background technology
With the rapid proliferation of Internet, the storage of information has also been redirect to from traditional papery archive utilizes this atural object Manage the form of disk electronic archive.However today's society is the epoch of an information explosion, the amount of storage of information is exponentially Increase, this also means that the expenses such as the maintenance management of information and purchase disk are constantly increasing.On August 9th, 2006, Google CEO Eric Schmidt (Eric Schmidt) in search engine conference (SES San Jose 2006) for the first time It is proposed " the concept of cloud computing (Cloud Computing).Then, the companies such as Amazon, Microsoft, IBM announce respective cloud Concept product-cloud storage.
Cloud storage refers to through functions such as cluster application, network technology or distributed file systems, will be a large amount of each in network The different types of storage device of kind gathers collaborative work by application software, and common data storage and the business of externally providing is visited Ask a system of function.The system can reduce the expense of the physics of individual subscriber local, cost etc., make user real The enjoyment of querying individual data whenever and wherever possible is realized, therefore personal local data is uploaded to high in the clouds by more and more users. However, once these data are stored in high in the clouds, user also just loses directly control power to data in itself.In these data Sensitive information be often object that other people steal, the leaking data event broken out again and again in recent years allows user to have become increasingly aware of Ensure the importance of data-privacy safety.
Using cryptographic technique by data encryption, high in the clouds is then uploaded to again, and undoubtedly the privacy to data and safety rise Certain guaranteeing role has been arrived, however which type of encryption technology will influence the search efficiency of data using.If using normal The encryption technology of rule, user need all to download high in the clouds data, be then decrypted on home server, finishing screen Select the document sets of oneself needs.Assuming that the fiber bandwidth that user uses is 100M, then theoretically per second to download The file of 12.8Mb, for the data of 100G, under whole it is complete take around 2 it is small when.Therefore, come for the data of lightweight It says, user can utilize this traditional way of search, but when data are larger, this kind of method is simultaneously impracticable.
Song etc. proposed the encrypted concept of search in 2000, and gave a kind of feasible scheme.This scheme master Pseudo-random function and pseudo-random generator are used, in search process is performed, server is needed search instruction and ciphertext Matching test is carried out by bit, if be successfully tested, returns to the ciphertext, therefore the search complexity of the agreement is O (n), Middle n is the length of single document.Boneh etc. will search for encrypted thought in 2003 and be introduced into public-key cryptosystem, propose Public key encryption search plan (PEKS), so far, search encryption mainly encrypt (SSE) comprising public key search encryption and asymmetric search Both direction.In general, the encrypted function of public key search is more powerful, but generally can all be used in most PEKS schemes Bilinear map, therefore search efficiency is not high.In SSE schemes, the encryption and decryption key of user is the same, therefore SSE is to realization Multiple users upload document, it is necessary to by the cipher key broadcasting to user simultaneously, and the function that this also results in SSE indirectly is not powerful enough, However the efficiency of SSE is more much higher than PEKS.
In SSE, main there are three participants:Data owner U, server S and retrieval user U1.Retrieve user U1With Data owner U can be same person, can not also be same, if U1It is different with U, then U1It needs key K being broadcast to U.SSE Main thought be:Data owner U utilizes key K by local data D=(D1,D2,…,Dn) it is encrypted to C=(C1, C2,…,Cn).Meanwhile data owner U creates concordance list an I, last U for data D and stores C and I to above server S. Retrieve user U1If inquiring about the document for including keyword w, he generates a search for keyword w and refers to first with key K T (w) is made, t (w) is then sent to server S.S finds out the set of pointers of the document comprising w, Ran Hougen by t (w) in I According to these pointers, corresponding ciphertext data are returned into user U1.Finally, U1On the local device using key K to these ciphertexts It is decrypted.
The SSE schemes of early stage only support the precise search of single keyword, and later researcher carries out the function of SSE Certain extension, such as search for generally, range searching, subset search, News Search, sorted search, sentence data search and boolean Search etc..However these functions have certain limitation, can not solve the problems, such as the search in special occasions.For example, current SSE schemes in, do not consider the time rights concerns of user's accessed document, so according to current way of search, once with Family performs and once searches for, he will obtain the All Files of oneself needs immediately.It is to need however, in many actual search problems Consider time factor.
For example, to avoid children that dispute occurs due to properties division, current many businessman can make a will in advance, and by lawyer Security management this document.The testament can only can just be opened in the specific time according to the rules.Due to existing encryption search skill Art not can effectively solve the problem that problems, and which also limits the use scopes of cloud storage technology.For another example, in electronic voting system, The voting results of oneself are uploaded to high in the clouds by each voter's anonymity.Candidate cannot know the poll of oneself in advance, only arrive In the open stage, he just knows the aggregate votes of oneself.In fact, this search encryption technology based on time release is except restraining Lawyer's offices, electronic voting system use outer, also some other application scenario, such as national total marks of the examination inquiry system Deng.
A kind of method for solving problem above at present is administrator's transmitting file on the previous second of defined time, however this Kind method is considerable for light weight level data, but is easily made in the case that file size is bigger, and quantity is more Into network blockage, and then user cannot be made to obtain corresponding query result at the first time.On the other hand, existing this technology Do not consider the privacy of data, therefore have the potentially possible of information leakage at any time.
In view of the above problems, we it is necessary to provide one kind at the appointed time in section, to be realized on encrypted electronic document The method of search.
The content of the invention
In order to which after some following time point, search is realized on encrypted electronic document, the present invention proposes one kind and is based on The cloud storage searching method of time release.Time release is an Encryption Algorithm based on some following time point, the purpose is to It cannot be decrypted before ensureing encrypted information at the appointed time.
A kind of cloud storage searching method based on time release proposed by the present invention, including data owner, Cloud Server, User;
Data owner is used to that local data to be encrypted and upload to Cloud Server.
Cloud Server is used to store data and user is helped to scan for data.
It is characterized in that:Time server is further included, the time server is a believable center;
Mainly comprise the steps of:
(S1), data owner inputs a system security parameter λ, and generation one is for encrypted document and constructs index Key array is expressed as n+3 dimension keysN is greater than the integer equal to 1, represents document sets D Included in document number.The time server inputs security parameter λ, generates and broadcasts a series of with time phase at random The public key of pass;It is expressed asWithThe integer equal to 1 is greater than, m is in database Keyword number, the value of s depends on the maximum of the number of the document associated by keyword in database.
(S2), data owner is by local document sets D=(D1,D2,…,Dn) it is encrypted to ciphertext document sets C=(C1, C2,…,Cn).Meanwhile data owner creates an encrypted indexes Table I for document sets D, data owner is by ciphertext document sets C Above concordance list I storages to Cloud Server.Wherein each document representation is Di(1≤i≤n), each ciphertext document representation are: Ci(1≤i≤n)。
(S3), validated user inquiry includes keyword wαThe document of (1≤α≤m) is keyword w first with keyαIt is raw Into a search instruction Tr (wα), then by search instruction Tr (wα) it is sent to Cloud Server.
(S4), Cloud Server passes through search instruction Tr (wα) found out in concordance list I comprising keyword wαDocument pointer SetSince Cloud Server is without these file pointer collectionCorresponding decruption keyServer is needed these file pointersReturn to user.User receives file and refers to Pin setIt communicates afterwards with time server.Time server first verifies that whether the identity information of user is legal, If legal, section is interior by corresponding decruption key at the appointed time for itSafety is sent to the user.With Family receives decruption keyAfterwards, from file pointer setIn decrypt clear text file identity IdentifierUser communicates again with Cloud Server, and it is allowed to return corresponding ciphertext document
(S5), decryption phase:User receives ciphertext collectionAfterwards, communicate again with time server, and from when Between server obtain corresponding decruption keyEnd user utilizes these keysRespectively To ciphertextIt is decrypted, obtains corresponding cleartext information
In the step (S2) data owner's encrypted document and while establishing concordance list employ symmetric key cryptography system and The method that public encryption system is combined ultimately generates corresponding ciphertext and concordance list.
Specifically, the process of data owner's encrypted document is as follows:
(S2a) data owners utilize keyEncrypted document D respectively1,…,Dn1 ≤ i≤n, whereinRepresent document DiCorresponding encrypted result,Represent a kind of symmetric encipherment algorithm, And the encryption key used in algorithm is1≤i≤n.Then, data owner chooses the n public keys with time correlationOne by one to used private key during encrypted documentIt is encrypted, we are represented with ckiEncryption As a result:HereRepresent a kind of public key encryption algorithm, it is used in algorithm plus Migong key isDocument DiCorresponding ciphertext is denoted asUser is by ciphertext Ci(i =1 ..., n) it is uploaded on Cloud Server;
Specifically, the process of data owner's construction concordance list is as follows:
(S2b1) data owners extract set of keywords W={ w from document sets D1,…,wm}.Assuming that each document Di(1≤i≤n) all there are one unique identification identifier idi(i=1 ..., n), the identifier can use the two of a k bit System string representation.To each keyword wl∈ W (l=1 ..., m) choose the null set D (w that size is sl), and by as follows Mode is to set D (wl) in element assignment:If document Di(1≤i≤n) includes keyword wl, then by document DiIt is corresponding Identification identifier idiIt is stored in D (wl) in.OrderIf D (wl) in element number be less than s when, at random Choose s- | D (wl) | the string of binary characters of a k bits is filled, and with symbol id 'j(id′j≠idj) represent corresponding body Part identifier, wherein j=1 ..., s- | D (wl)|.Data owner utilizes key K1With pseudo-random function F1To each keyword wl(l=1 ..., m) encryption becomes t (wl)=F1(K1,wl) (l=1 ..., m).Assuming that A be one be initialized as empty m × S dimension groups, the array are used to store D (wl) each element in (l=1 ..., m) relevant information.Specifically, data possess Person is to each D (wl) element id in (l=1 ..., m)j(1≤j≤s) encryption one by one, then these encrypted results with The associated form of chained list is respectively stored in A (addr (Nl,1)),A(addr(Nl,2)),,…,A(addr(Nl,s)) in, here addr(Nl,1),addr(Nl,2),…,addr(Nl,s) s different positions in representing matrix A.Data owner chooses one {0,1}k×{0,1}kForm T, and each keyword w in array AlThe head node of chained list corresponding to (1≤l≤m) Location information addr (Nl,1) and t (wl) (1≤l≤m) encryption be (t (wl),And it is stored in form In T.
(S2b2) concordance list I=(A, T) is uploaded to cloud server by.
The construction of matrix A in the step (S2b1) is as follows:
(S2b11) is to D (wl) each element id in (1≤l≤m)j(1≤j≤s) utilizes symmetric cryptography and public key encryption The thought being combined is encrypted.Specifically, to each element idj, utilize key K3With keyword wlIt calculates:(1≤l≤m,1≤j≤s).Then using symmetric encryption scheme δ .Enc () andBy idj It is encrypted as (1≤l≤m,1≤j≤s).It is selected in all public key set announced from Cloud Server Take the s public key PK with time correlationl,1,…,PKl,s, and utilize public key cryptography scheme ε2.Enc () encrypts here one by one The key used(1≤j≤s), corresponding ciphertext is denoted as Finally OrderThe value represents element idjEncrypted result.To each keyword wl(1≤l≤m) is selected at random in A Take s different empty position addr (Nl,1),…,addr(Nl,s) (1≤l≤m), and by information(1≤l≤m, 1≤j≤s) is sequentially stored on corresponding position, here addr (Nl,s+1)=⊥ represents the terminating symbol for reading data, writing data program.
The construction of form T in the step (S2b1) is as follows:
(S2b12) data owners utilize pseudo-random function F1, key K1,K2To each keyword wl(1≤l≤m) is counted It calculates:t(wl)=F1(K1,wl), l (wl)=F1(K2,wl).Then by array (t (wl),It is arranged according to dictionary The mode of sequence method is stored in form T.
Specifically, the detailed process of the step (S3) is as follows:
(S3a) user utilizes key (K1,K2) to the keyword w of desired inquiryα∈ W generation search instruction Tr (wα)=(t (wα),l(wα),h(wα))=(F1(K1,wα),F1(K2,wα), F3(K1,wα)), and server is sent it to, wherein t (wα) be Search instruction Tr (wα) in first score value, l (wα) it is search instruction Tr (wα) in second score value, h (wα) refer to for search Make Tr (wα) in the 3rd score value.
Specifically, step (S4) detailed process is as follows:
(S4a) Cloud Servers are according to search instruction Tr (wα) in first score value t (wα), it is found in form T pair The value answeredThen Tr (w are utilizedα) in second score value l (wα) and γ exclusive or, obtain address addr (Nα,1).Server extracts array A (addr (Nα,1)) in the data that are storedIt preserves The pointer information value of first portionAnd utilize Tr (wα) in the 3rd score value h (wα) and data Exclusive or obtains addr (Nα,2).Read array A (addr (Nα,2)) in the data that are stored Preserve pointer information valueThen Tr (w are utilizedα) in the 3rd score value h (wα) and data Exclusive or obtains addr (Nα,3).Above step is repeated until server runs into addr (Nα,(s+1)Until)=⊥, such cloud service Device can obtain pointer information successively
(S4b) Cloud Servers are by the pointer information set in previous stepReturn to user.
(S4c) user receives pointer information setAfterwards, communicate with time server, it is corresponding to obtain Decruption key SKα,1,…,SKα,s
(S4d) the decruption key SK of user's time of receipt (T of R) server releaseα,,jAfter (t=1 ..., s), the key SK is utilizedα,jSolution Close arrayIn second component Then it is sharp WithDecryptionIn one-component Subsequent user continues to communicate with Cloud Server.
(S4e) Cloud Servers receive the request of userAfterwards, corresponding ciphertext document is found out in C And returned to user.
The detailed process of the step (S4c) is as follows:
(S4c1) whether time servers first verify that the identity information of user, if identity is legal, checks and currently may be used To discharge public key PKα,1,…,PKα,sCorresponding private key SKα,1,…,SKα,s.If private key SK can be discharged at presentα,j(1≤j≤ S), then the value is sent to user;If being not reaching to the defined period, private key SK is not returnedα,j(1≤j≤s)。
Specifically, step (S5) detailed process is as follows:
(S5a) treats that user receivesAfterwards, user continues to communicate with time server, obtains relevant decryption KeyTime server first verifies that the identity information of user, if identity is legal, check it is current whether Public key can be dischargedCorresponding decruption keyIf it is then the value is sent to User.HereIt is encryptionUsed public key.
(S5b) user receives decruption keyAfterwards, it is right firstSecond component ck αjIt is decrypted:Then utilizeDecryptionThe first point Amount
Compared with the prior art, the invention has the advantages that.
1. it ensure that the privacy of high in the clouds document.It is stored after clear data is encrypted beyond the clouds, on the one hand protects data On the other hand privacy brings conveniently to user, user can be allowed to inquire about the number of oneself in arbitrary equipment anywhere or anytime According to.
2. data can be uploaded in advance, the workload of data owner is simplified.In the way of before, data owner needs It to wait until that the previous second of specific time could upload document, and network blockage is subject to during document is uploaded.It utilizes The cipher mode of time releasing mechanism handles data, data can be caused to be uploaded to high in the clouds in advance.
3. time of specification user inquiry.Some data can only be in the period that some will be specified in future in real life It is inquired about, such as testament, national unified examination score inquiry etc..The present invention constructs database one and time correlation Index, so may be such that user can only inquire and the relevant data set of keyword within the specific period.
Description of the drawings
Fig. 1 is the system frame structure of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawings, by taking embodiment 1 as an example, technical scheme is specifically described.We are right first Used mathematic sign is briefly described.
εa=(εa.Enc (), εa.Dec ()) safety cipher system algorithm, wherein εa.Enc it is corresponding Encryption Algorithm, εa.Dec it is corresponding decipherment algorithm.As a=1, which is symmetric encipherment algorithm, as a=2, the algorithm For public key encryption algorithm.
δ=(δ .Enc (), δ .Dec ()) determines symmetric encipherment algorithm, and wherein δ .Enc are to encrypt accordingly Algorithm, δ .Dec are corresponding decipherment algorithms.The output length of the algorithm is k bits.
(PK, SK) public private key pair, wherein PK is public key, and SK is corresponding private key.
Fb:{0,1}k×{0,1}*→{0,1}kPseudo-random function, b=1,2,3.
π:{0,1}k×{0,1}k→{0,1}kπ is the pseudo-random permutation of k-bit to k-bit.
D=(D1,D2,…,Dn) collection of document.
D (w) includes the document identifier set of keyword w.
The set that W is made of the keyword in D.
idiI-th of document DiCorresponding file identifier is made of k-bit strings of binary characters.
The array of A ms.
addr(Ni,j) represent the addr (N of array Ai,j) a position, it is represented by k-bit strings of binary characters.
T{0,1}k×{0,1}kArray.
| W | the number of element in set W.
Embodiment 1
In the present embodiment, it is related to four participants altogether:Data owner, Cloud Server, time server, user.Tool There are five links altogether during body is realized:
1st, key generation phase:In this stage, user inputs security parameter λ, generates key arrayAnd time server input security parameter λ, and broadcast public key to members WithThe corresponding private key of these public keys is published to legal use by time server within the time then specified Family.Security parameter λ takes the binary number of at least 256 bits.
2nd, encrypting stage:Assuming that data owner has n document D=(D1,D2,…,Dn) need to upload to high in the clouds, therefore He will complete following two steps:
A) encrypted document datas.Data owner is to each document DiUtilize keyIt is encrypted, i.e.,Data owner chooses public keyAccording to the thought of public encryption system to keyIt is encryptedFinal document DiCorresponding ciphertext is
B) constructs concordance list I.Data owner extracts set of keywords W, it is assumed that | W |=m.Then to each keyword wl∈ W, respectively to set D (wl) carry out assignment:If document Dj(j=1 ..., n) include keyword wl(l=1 ..., m), then By DjDocument identifier idj(j=1 ..., n) it is deposited into set D (wl) in.Remember sl=| D (wl) | (l=1 ..., m), and makeIf D (wl) in element number be less than s, then randomly select s-slA k dimension character strings { 0,1 }kBy D (wl) (l=1 ..., m) it fills until s element.Global variable ctr=1 is made, from keyword w1Start, one by one to keyword wl(l =1 .., m) do following computing:
I) calculates t (wl)←F1(K1,wl), l (wl)←F1(K2,wl),By number Group (t (wl),It is stored in the way of dictionary ranking method in form T, hereTable Show that integer x passes through pseudo-random permutation functionIt is mapped on the position of the addr (y) of array A.
II) is to D (wl) in each elementChoose the public key PK with time correlationl,j(j=1 ..., s), And do following computing:With And it makes
III) makes ctr=ctr+1, calculatesIt will It is stored in array A (addr (Nl,j)) in (j=1 ..., s), wherein addr (Nl,(s+1))=⊥ represents null character, meaning operation Terminate.
Concordance list I=(A, T) is made, ciphertext C and I are uploaded to high in the clouds by data owner.
3rd, search instruction generation phase:Keyword w is included when user wants inquiryαFile when, the user utilize key K1,K2To keyword wαCalculate t (wα)←F1(K1,wα), l (wα)←F1(K2,wα) and h (wα)←F3(K1,wα).Make Tr (wα)= (t(wα),l(wα),h(wα)) it is search instruction, and the value is sent to Cloud Server.
4th, the execution stage is searched for:When Cloud Server receives the search instruction Tr (w that user sendsα) after, it is first with t (wα) found in form TThen by l (wα) obtainRead array A(addr(Nα,1)) in informationStore informationDue to h (wα)=F3(K1,wα), Therefore Cloud Server can calculateCloud Server continues to read A(addr(Nα,2)) in valueThe above method is repeated until addr (Nl,(s+1))=⊥, Cloud Server can obtain successivelyAnd returned to user.
User receivesAfterwards, the identity information of oneself is sent to time server, once it is verified, the time Whether server access currently can discharge public key PKα,j(j=1 ..., s) corresponding private key SKα,1,…,SKα,s.It is if current Can be release, then time server is by corresponding private key SKα,j(1≤j≤s) returns to user, if currently not allowing to release Let smuggled articles pass key SKα,j(1≤j≤s) does not return the value then to user.
User receives SKα,jAfter (1≤j≤s), the value pair is utilizedSecond component It is decrypted:Then utilizeTo corresponding One-componentDo following computing:User is to Cloud Server It asks forCorresponding ciphertext documentAfter Cloud Server receives instruction, corresponding ciphertext is returned DocumentTo user.
5th, decryption phase:User receivesAfterwards, public key is asked for time server again Corresponding decruption keyTime server is combined according to the response of userIn it is embedded The temporal information entered, according to the specified time by corresponding decruption keyIt is sent to user.End user receives It arrives Afterwards, these are utilizedIt is rightSecond component ck αj(1≤j≤ S) calculateThen utilizeTo corresponding's One-componentIt calculates:Finally, user has been obtained comprising key Word wαDocument
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art For member, without departing from the principle of the present invention, several improvements and modifications can also be made, these improvements and modifications also should It is considered as protection scope of the present invention.

Claims (9)

1. a kind of cloud storage searching method based on time release, mainly including data owner, Cloud Server, user, spy Sign is:
Time server is further included, the time server is a believable center;
The method comprises the steps of:
(S1), data owner inputs security parameter λ, and generation one is for encrypted document and the key array of construction index, table It is shown as n+3 dimension keysN is greater than the integer equal to 1, represents the text that document sets D is included The number of shelves;The time server inputs security parameter λ, generates at random and broadcasts a series of and time correlation public key; It is expressed asAnd PK1,1,…,PKm,s, m, s be greater than the integer equal to 1, and m is the keyword in database Number, the value of s are determined by the maximum of the number of the document associated by keyword in database;
(S2), data owner is by local document sets D=(D1,D2,…,Dn) it is encrypted to ciphertext document sets C=(C1,C2,…, Cn);Meanwhile data owner creates an encrypted indexes Table I for document sets D, data owner is by ciphertext document sets C and index Table I is stored to above Cloud Server;Wherein each document representation is Di(1≤i≤n), corresponding ciphertext document representation are:Ci(1 ≤i≤n);
(S3), validated user inquiry includes keyword wαThe document of (1≤α≤m), the user are keyword first with key wαGenerate a search instruction Tr (wα), then by search instruction Tr (wα) it is sent to Cloud Server;
(S4), Cloud Server passes through search instruction Tr (wα) found out in concordance list I comprising keyword wαDocument set of pointersServer is needed these file pointersReturn to user;User receives file pointer setIt communicates afterwards with time server;After the identity information of time server verification user is legal, then not Come in period for specifying by corresponding decruption key SKα,1,…,SKα,sThe user is sent to, it is close that the user receives decryption Key SKα,1,…,SKα,sAfterwards, from file pointer setIn decrypt plain text document identification identifierThe validated user communicates again with Cloud Server, and it is allowed to return corresponding ciphertext document
(S5), decryption phase:User receives ciphertext documentAfterwards, communicate with time server, and from time server There obtains corresponding decruption keyThe user is using these keys to ciphertext collectionIt is solved It is close, obtain corresponding cleartext information
2. a kind of cloud storage searching method based on time release according to claim 1, it is characterised in that:The step (S2) it is combined in when data owner's encrypted document and generation concordance list using symmetric key cryptography system and public encryption system Method, it is final to generate ciphertext and encrypted concordance list.
3. a kind of cloud storage searching method based on time release according to claim 2, it is characterised in that:
The detailed process of data owner's encrypted document is as follows:
(S2a) data owners utilize keyEncrypted document Di(1≤i≤n):Wherein≤ n) represent corresponding encrypted result;Then the n public key with time correlation is utilized(i=1 .., n) difference Encryption key (i=1 .., n);Document DiCorresponding ciphertext document is(i= 1 .., n), the data owner is by ciphertext document sets C=(C1,…,Cn) it is uploaded to Cloud Server;
The detailed process that the data owner constructs concordance list is as follows:
(S2b1) data owners extract set of keywords W from document sets D, and to each keyword wl∈ W (l=1 .., M), D (w are calculatedl), the D (wl) it is by comprising keyword wlDocument DjIdentifier idjThe set of composition, the document mark Know symbol idjIt is the string of binary characters of a k bit;Data owner utilizes key K1With pseudo-random function F1Each crucial Word wlIt is encrypted to t (wl) (l=1 .., m);The data owner chooses | W | × s dimensions are initialized as empty array A, described Array A is used to store D (wl) each element in (l=1 .., m) relevant information;Data owner is first to D (wl) (l= 1 .., m) in each element idljThen (j=1 .., s) encryption is stored in these values in the form of chained list is associated Addr (the N of matrix Al,1),…,addr(Nl,s) on position;If D (wl) element number in (l=1 .., m) less than s when, Data owner randomly selects s- | D (wl) | the string of binary characters of a k dimensions bitBy D (wl) fill to s Element;The data owner chooses one { 0,1 }k×{0,1}kForm T, and each keyword w in array Al(l= 1 .., m) corresponding chained list head node location information addr (Nl,1) and keyword wlSecret value t (wl) (l=1 .., M) encryption is (t (wl), l (wl)⊕addr(Nl,1)), then the result is stored according to dictionary ranking method in form T;
(S2b2) concordance list I=(A, T) is uploaded to Cloud Server by.
4. a kind of cloud storage searching method based on time release according to claim 3, it is characterised in that:
The construction of matrix A in the step (S2b1) is as follows:
(S2b11) first, to each D (wl) each element id in (l=1 .., m)j(j=1 .., s) does following processing:Profit With key K3With keyword wlIt calculates:Using symmetric encryption scheme δ .Enc () andBy idj (1≤j≤s) is encrypted asChoose the s public key PK with time correlationl,1,…,PKl,s, And utilize public key cryptography scheme ε2.Enc () encrypts key used herein one by one(1≤j≤s), corresponding ciphertext It is denoted as Final orderThe value is expressed as element idjEncryption pointers value;S different empty position addr (N are chosen in A at randoml,1),…,addr(Nl,s), respectively by information⊕F3(K1,wl) (1≤j≤s) be stored in A (addr (Nl,j)) in (1≤j≤s);The addr (Nl,s+1)=⊥, as the terminating symbol for reading data, writing data.
5. a kind of cloud storage searching method based on time release according to claim 3, it is characterised in that:
The construction of form T in the step (S2b1) is as follows:
(S2b12) data owners utilize pseudo-random function F1, key K1,K2To each keyword wl(1≤l≤m) is calculated:t (wl)=F1(K1,wl), l (wl)=F1(K2,wl);Then by array (t (wl), l (wl)⊕addr(Nl,1)) sort according to dictionary The mode of method is stored in form T.
6. a kind of cloud storage searching method based on time release according to claim 3 or 4 or 5, it is characterised in that:Institute It is as follows to state step (S3) detailed process:
(S3a) user utilizes key (K1,K2) the keyword w that is inquired for oneselfαGenerate search instruction Tr (wα)=(t (wα),l (wα),h(wα)), and send it to server;Wherein t (wα) it is search instruction Tr (wα) in first score value, l (wα) be Search instruction Tr (wα) in second score value, h (wα) it is search instruction Tr (wα) in the 3rd score value.
7. a kind of cloud storage searching method based on time release according to claim 6, it is characterised in that:The step (S4) detailed process is as follows:
(S4a) Cloud Servers are according to search instruction Tr (wα) in first score value t (wα), it is found in form T corresponding Value γ=l (wα)⊕addr(Nα,1);Utilize Tr (wα) in second score value l (wα), conversion γ ⊕ l (w are to γα), it obtains Address addr (Nα,1) information;Cloud Server extracts array A (addr (Nα,1)) in the data that are storedaddr(Nα,2) ⊕F3(K1,wα), preserve the pointer value in the dataUtilize Tr (wα) in the 3rd score value h (wα), to above-mentioned data addr(Nα,2)⊕F3(K1,wα) convert:addr(Nα,2)⊕F3(K1,wα)⊕h(wα) obtain addr (Nα,2);Repeat above step Suddenly until Cloud Server runs into addr (Nα,(s+1)Until)=⊥, Cloud Server can obtain set of pointers successively
(S4b) Cloud Servers are by the set of pointers in step (S4a)Value return to user;
(S4c) user receivesAfterwards, communicate with time server, to obtain corresponding decruption key SKα,1,…,SKα,s
(S4d) the decruption key SK of user's time of receipt (T of R) server releaseα, after j (1≤j≤s), utilize the key SKα,j(1≤j ≤ s) decryption arraySecond component value in (1≤j≤s)Profit With(1≤j≤s) decrypts arrayFirst component value of (1≤j≤s) User will(1≤j≤s) is sent to Cloud Server;
(S4e) Cloud Servers receive the request of userAfter (1≤j≤s), corresponding ciphertext document is found out in C(1 ≤ j≤s), and returned to user.
8. a kind of cloud storage searching method based on time release according to claim 7, it is characterised in that:
The detailed process of the step (S4c) is as follows:
(S4c1) time servers first verify that the identity information of user, if identity is legal, check public key PKα,1,…, PKα,s, the release time of respective private keys;If release private key SK is reached at presentα,1,…,SKα,sPeriod, then will be corresponding Private key SKα,j(1≤j≤s) is sent to user;If being not reaching to the defined period, private key SK is not returnedα,j(1≤j≤ s)。
9. a kind of cloud storage searching method based on time release according to claim 7 or 8, it is characterised in that:It is described Step (S5) detailed process is as follows:
(S5a) treats that user receivesAfter (1≤j≤s), user continues to communicate with time server, obtains relevant decruption key(1≤j≤s):Whether time server first verifies that the identity information of user, if identity is legal, checks and currently may be used To discharge public keyDecruption key corresponding to (1≤j≤s)(1≤j≤s);If it is then by corresponding decryption Key(1≤j≤s) is sent to user;It is described(j=1 ..., s) it is encryption(j=1 ..., s) used in Public key;
(S5b) user receives decruption keyAfter (1≤j≤s), first to arraySecond component ck of (1≤j≤s) αj(1≤j≤s) is decrypted:(1≤j≤s);It utilizes(1≤j≤s) is decrypted(1 ≤ j≤s) one-component(1≤j≤s)。
CN201711344491.1A 2017-12-15 2017-12-15 Cloud storage searching method based on time release Active CN108111587B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711344491.1A CN108111587B (en) 2017-12-15 2017-12-15 Cloud storage searching method based on time release

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711344491.1A CN108111587B (en) 2017-12-15 2017-12-15 Cloud storage searching method based on time release

Publications (2)

Publication Number Publication Date
CN108111587A true CN108111587A (en) 2018-06-01
CN108111587B CN108111587B (en) 2020-11-06

Family

ID=62217101

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711344491.1A Active CN108111587B (en) 2017-12-15 2017-12-15 Cloud storage searching method based on time release

Country Status (1)

Country Link
CN (1) CN108111587B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109145079A (en) * 2018-07-24 2019-01-04 南京邮电大学 Cloud based on personal interest user model can search for encryption method
CN109165520A (en) * 2018-07-16 2019-01-08 哈尔滨工业大学(深圳) Data ciphering method and its device, data encryption searching system
CN110380841A (en) * 2019-07-25 2019-10-25 黑龙江头雁科技有限公司 A kind of Electronic Document exchange encryption method based on BlockChain
CN112153078A (en) * 2020-10-26 2020-12-29 广州欧赛斯信息科技有限公司 Encryption method and system based on time release
WO2021017305A1 (en) * 2019-08-01 2021-02-04 平安科技(深圳)有限公司 Data query method and apparatus, electronic device, and computer readable storage medium
CN114024776A (en) * 2022-01-05 2022-02-08 北京理工大学 Encryption transmission method and system supporting timing decryption

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1487422A (en) * 2002-04-17 2004-04-07 微软公司 Encrypted data memory & data search based on public key
CN102024054A (en) * 2010-12-10 2011-04-20 中国科学院软件研究所 Ciphertext cloud-storage oriented document retrieval method and system
CN103023637A (en) * 2012-12-25 2013-04-03 电子科技大学 Encryption and search method for revocable keyword search public keys in cloud storage
CN103595730A (en) * 2013-11-28 2014-02-19 中国科学院信息工程研究所 Ciphertext cloud storage method and system
CN103731432A (en) * 2014-01-11 2014-04-16 西安电子科技大学昆山创新研究院 Multi-user supported searchable encryption system and method
CN104052740A (en) * 2014-05-22 2014-09-17 西安理工大学 Verifiable and searchable encryption method based on dictionary in cloud storage
CN104780161A (en) * 2015-03-23 2015-07-15 南京邮电大学 Searchable encryption method supporting multiple users in cloud storage
US9281941B2 (en) * 2012-02-17 2016-03-08 International Business Machines Corporation Homomorphic evaluation including key switching, modulus switching, and dynamic noise management
CN105763324A (en) * 2016-04-19 2016-07-13 四川理工学院 Controllable searchable encryption searching method being able to verify multi user-ends
CN106815350A (en) * 2017-01-19 2017-06-09 安徽大学 Dynamic ciphertext multi-key word searches for method generally in a kind of cloud environment
CN107395568A (en) * 2017-06-21 2017-11-24 西安电子科技大学 A kind of cipher text retrieval method of more data owner's certifications

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1487422A (en) * 2002-04-17 2004-04-07 微软公司 Encrypted data memory & data search based on public key
CN102024054A (en) * 2010-12-10 2011-04-20 中国科学院软件研究所 Ciphertext cloud-storage oriented document retrieval method and system
US9281941B2 (en) * 2012-02-17 2016-03-08 International Business Machines Corporation Homomorphic evaluation including key switching, modulus switching, and dynamic noise management
CN103023637A (en) * 2012-12-25 2013-04-03 电子科技大学 Encryption and search method for revocable keyword search public keys in cloud storage
CN103595730A (en) * 2013-11-28 2014-02-19 中国科学院信息工程研究所 Ciphertext cloud storage method and system
CN103731432A (en) * 2014-01-11 2014-04-16 西安电子科技大学昆山创新研究院 Multi-user supported searchable encryption system and method
CN104052740A (en) * 2014-05-22 2014-09-17 西安理工大学 Verifiable and searchable encryption method based on dictionary in cloud storage
CN104780161A (en) * 2015-03-23 2015-07-15 南京邮电大学 Searchable encryption method supporting multiple users in cloud storage
CN105763324A (en) * 2016-04-19 2016-07-13 四川理工学院 Controllable searchable encryption searching method being able to verify multi user-ends
CN106815350A (en) * 2017-01-19 2017-06-09 安徽大学 Dynamic ciphertext multi-key word searches for method generally in a kind of cloud environment
CN107395568A (en) * 2017-06-21 2017-11-24 西安电子科技大学 A kind of cipher text retrieval method of more data owner's certifications

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109165520A (en) * 2018-07-16 2019-01-08 哈尔滨工业大学(深圳) Data ciphering method and its device, data encryption searching system
CN109165520B (en) * 2018-07-16 2020-08-11 哈尔滨工业大学(深圳) Data encryption method and device and data encryption retrieval system
CN109145079A (en) * 2018-07-24 2019-01-04 南京邮电大学 Cloud based on personal interest user model can search for encryption method
CN109145079B (en) * 2018-07-24 2022-07-19 南京邮电大学 Cloud searchable encryption method based on personal interest user model
CN110380841A (en) * 2019-07-25 2019-10-25 黑龙江头雁科技有限公司 A kind of Electronic Document exchange encryption method based on BlockChain
WO2021017305A1 (en) * 2019-08-01 2021-02-04 平安科技(深圳)有限公司 Data query method and apparatus, electronic device, and computer readable storage medium
CN112153078A (en) * 2020-10-26 2020-12-29 广州欧赛斯信息科技有限公司 Encryption method and system based on time release
CN114024776A (en) * 2022-01-05 2022-02-08 北京理工大学 Encryption transmission method and system supporting timing decryption

Also Published As

Publication number Publication date
CN108111587B (en) 2020-11-06

Similar Documents

Publication Publication Date Title
CN107491497B (en) Multi-user multi-keyword sequencing searchable encryption system supporting query in any language
CN108111587A (en) A kind of cloud storage searching method based on time release
CN105681280B (en) Encryption method can search for based on Chinese in a kind of cloud environment
CN104021157B (en) Keyword in cloud storage based on Bilinear map can search for encryption method
Wang et al. Secure ranked keyword search over encrypted cloud data
Wang et al. Enabling secure and efficient ranked keyword search over outsourced cloud data
US9021259B2 (en) Encrypted database system, client terminal, encrypted database server, natural joining method, and program
CN105933281B (en) A kind of quantum homomorphism symmetrically can search for the method and system of encryption
CN105610910A (en) Cloud storage oriented ciphertext full-text search method and system based on full homomorphic ciphers
CN107256248A (en) Encryption method can search for based on asterisk wildcard in cloud storage safety
CN104899517B (en) Phrase-based can search for symmetric encryption method
CN112163854B (en) Hierarchical public key searchable encryption method and system based on block chain
CN104052740A (en) Verifiable and searchable encryption method based on dictionary in cloud storage
CN109361644A (en) A kind of Fog property base encryption method for supporting fast search and decryption
US10733317B2 (en) Searchable encryption processing system
Yuan et al. Towards privacy-preserving and practical image-centric social discovery
Wang et al. PeGraph: A system for privacy-preserving and efficient search over encrypted social graphs
Jiang et al. An Efficient Symmetric Searchable Encryption Scheme for Cloud Storage.
Liu et al. EncSIM: An encrypted similarity search service for distributed high-dimensional datasets
CN109672525B (en) Searchable public key encryption method and system with forward index
CN108650268A (en) It is a kind of realize multistage access can search for encryption method and system
KR100945535B1 (en) Key generating method for preventing dictionary attack and method of producing searchable keyword encryption and searching data using that
CN112765669B (en) Regular language searchable encryption system based on time authorization
Jiang et al. A novel privacy preserving keyword search scheme over encrypted cloud data
Raghavendra et al. DRSMS: Domain and range specific multi-keyword search over encrypted cloud data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant