CN108111587A - A kind of cloud storage searching method based on time release - Google Patents
A kind of cloud storage searching method based on time release Download PDFInfo
- Publication number
- CN108111587A CN108111587A CN201711344491.1A CN201711344491A CN108111587A CN 108111587 A CN108111587 A CN 108111587A CN 201711344491 A CN201711344491 A CN 201711344491A CN 108111587 A CN108111587 A CN 108111587A
- Authority
- CN
- China
- Prior art keywords
- user
- key
- document
- time
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/951—Indexing; Web crawling techniques
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0478—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/068—Network architectures or network communication protocols for network security for supporting key management in a packet data network using time-dependent keys, e.g. periodically changing keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
Abstract
The invention belongs to cloud storage fields, and in particular to a kind of cloud storage searching method based on time release.The present invention defines clear data time permission, and is stored after being encrypted to high in the clouds.When user wants to search for document, the search instruction that server by utilizing user generates is inquired about, and in query process, server, user, time server tripartite, which interacts, finally obtains the cryptograph files of needs.Then user and time server continue communication and obtain the corresponding decruption key of ciphertext, and lower decryption file online.The present invention has taken into full account the requirement in terms of the time access permission of electronic document, and the privacy and time that ensure that data consult permission, have very strong practicability.
Description
Technical field
The invention belongs to cloud storage fields, and more particularly to one kind can be within some following period on encrypted electronic document
The method for realizing search.
Background technology
With the rapid proliferation of Internet, the storage of information has also been redirect to from traditional papery archive utilizes this atural object
Manage the form of disk electronic archive.However today's society is the epoch of an information explosion, the amount of storage of information is exponentially
Increase, this also means that the expenses such as the maintenance management of information and purchase disk are constantly increasing.On August 9th, 2006, Google
CEO Eric Schmidt (Eric Schmidt) in search engine conference (SES San Jose 2006) for the first time
It is proposed " the concept of cloud computing (Cloud Computing).Then, the companies such as Amazon, Microsoft, IBM announce respective cloud
Concept product-cloud storage.
Cloud storage refers to through functions such as cluster application, network technology or distributed file systems, will be a large amount of each in network
The different types of storage device of kind gathers collaborative work by application software, and common data storage and the business of externally providing is visited
Ask a system of function.The system can reduce the expense of the physics of individual subscriber local, cost etc., make user real
The enjoyment of querying individual data whenever and wherever possible is realized, therefore personal local data is uploaded to high in the clouds by more and more users.
However, once these data are stored in high in the clouds, user also just loses directly control power to data in itself.In these data
Sensitive information be often object that other people steal, the leaking data event broken out again and again in recent years allows user to have become increasingly aware of
Ensure the importance of data-privacy safety.
Using cryptographic technique by data encryption, high in the clouds is then uploaded to again, and undoubtedly the privacy to data and safety rise
Certain guaranteeing role has been arrived, however which type of encryption technology will influence the search efficiency of data using.If using normal
The encryption technology of rule, user need all to download high in the clouds data, be then decrypted on home server, finishing screen
Select the document sets of oneself needs.Assuming that the fiber bandwidth that user uses is 100M, then theoretically per second to download
The file of 12.8Mb, for the data of 100G, under whole it is complete take around 2 it is small when.Therefore, come for the data of lightweight
It says, user can utilize this traditional way of search, but when data are larger, this kind of method is simultaneously impracticable.
Song etc. proposed the encrypted concept of search in 2000, and gave a kind of feasible scheme.This scheme master
Pseudo-random function and pseudo-random generator are used, in search process is performed, server is needed search instruction and ciphertext
Matching test is carried out by bit, if be successfully tested, returns to the ciphertext, therefore the search complexity of the agreement is O (n),
Middle n is the length of single document.Boneh etc. will search for encrypted thought in 2003 and be introduced into public-key cryptosystem, propose
Public key encryption search plan (PEKS), so far, search encryption mainly encrypt (SSE) comprising public key search encryption and asymmetric search
Both direction.In general, the encrypted function of public key search is more powerful, but generally can all be used in most PEKS schemes
Bilinear map, therefore search efficiency is not high.In SSE schemes, the encryption and decryption key of user is the same, therefore SSE is to realization
Multiple users upload document, it is necessary to by the cipher key broadcasting to user simultaneously, and the function that this also results in SSE indirectly is not powerful enough,
However the efficiency of SSE is more much higher than PEKS.
In SSE, main there are three participants:Data owner U, server S and retrieval user U1.Retrieve user U1With
Data owner U can be same person, can not also be same, if U1It is different with U, then U1It needs key K being broadcast to U.SSE
Main thought be:Data owner U utilizes key K by local data D=(D1,D2,…,Dn) it is encrypted to C=(C1,
C2,…,Cn).Meanwhile data owner U creates concordance list an I, last U for data D and stores C and I to above server S.
Retrieve user U1If inquiring about the document for including keyword w, he generates a search for keyword w and refers to first with key K
T (w) is made, t (w) is then sent to server S.S finds out the set of pointers of the document comprising w, Ran Hougen by t (w) in I
According to these pointers, corresponding ciphertext data are returned into user U1.Finally, U1On the local device using key K to these ciphertexts
It is decrypted.
The SSE schemes of early stage only support the precise search of single keyword, and later researcher carries out the function of SSE
Certain extension, such as search for generally, range searching, subset search, News Search, sorted search, sentence data search and boolean
Search etc..However these functions have certain limitation, can not solve the problems, such as the search in special occasions.For example, current
SSE schemes in, do not consider the time rights concerns of user's accessed document, so according to current way of search, once with
Family performs and once searches for, he will obtain the All Files of oneself needs immediately.It is to need however, in many actual search problems
Consider time factor.
For example, to avoid children that dispute occurs due to properties division, current many businessman can make a will in advance, and by lawyer
Security management this document.The testament can only can just be opened in the specific time according to the rules.Due to existing encryption search skill
Art not can effectively solve the problem that problems, and which also limits the use scopes of cloud storage technology.For another example, in electronic voting system,
The voting results of oneself are uploaded to high in the clouds by each voter's anonymity.Candidate cannot know the poll of oneself in advance, only arrive
In the open stage, he just knows the aggregate votes of oneself.In fact, this search encryption technology based on time release is except restraining
Lawyer's offices, electronic voting system use outer, also some other application scenario, such as national total marks of the examination inquiry system
Deng.
A kind of method for solving problem above at present is administrator's transmitting file on the previous second of defined time, however this
Kind method is considerable for light weight level data, but is easily made in the case that file size is bigger, and quantity is more
Into network blockage, and then user cannot be made to obtain corresponding query result at the first time.On the other hand, existing this technology
Do not consider the privacy of data, therefore have the potentially possible of information leakage at any time.
In view of the above problems, we it is necessary to provide one kind at the appointed time in section, to be realized on encrypted electronic document
The method of search.
The content of the invention
In order to which after some following time point, search is realized on encrypted electronic document, the present invention proposes one kind and is based on
The cloud storage searching method of time release.Time release is an Encryption Algorithm based on some following time point, the purpose is to
It cannot be decrypted before ensureing encrypted information at the appointed time.
A kind of cloud storage searching method based on time release proposed by the present invention, including data owner, Cloud Server,
User;
Data owner is used to that local data to be encrypted and upload to Cloud Server.
Cloud Server is used to store data and user is helped to scan for data.
It is characterized in that:Time server is further included, the time server is a believable center;
Mainly comprise the steps of:
(S1), data owner inputs a system security parameter λ, and generation one is for encrypted document and constructs index
Key array is expressed as n+3 dimension keysN is greater than the integer equal to 1, represents document sets D
Included in document number.The time server inputs security parameter λ, generates and broadcasts a series of with time phase at random
The public key of pass;It is expressed asWithThe integer equal to 1 is greater than, m is in database
Keyword number, the value of s depends on the maximum of the number of the document associated by keyword in database.
(S2), data owner is by local document sets D=(D1,D2,…,Dn) it is encrypted to ciphertext document sets C=(C1,
C2,…,Cn).Meanwhile data owner creates an encrypted indexes Table I for document sets D, data owner is by ciphertext document sets C
Above concordance list I storages to Cloud Server.Wherein each document representation is Di(1≤i≤n), each ciphertext document representation are:
Ci(1≤i≤n)。
(S3), validated user inquiry includes keyword wαThe document of (1≤α≤m) is keyword w first with keyαIt is raw
Into a search instruction Tr (wα), then by search instruction Tr (wα) it is sent to Cloud Server.
(S4), Cloud Server passes through search instruction Tr (wα) found out in concordance list I comprising keyword wαDocument pointer
SetSince Cloud Server is without these file pointer collectionCorresponding decruption keyServer is needed these file pointersReturn to user.User receives file and refers to
Pin setIt communicates afterwards with time server.Time server first verifies that whether the identity information of user is legal,
If legal, section is interior by corresponding decruption key at the appointed time for itSafety is sent to the user.With
Family receives decruption keyAfterwards, from file pointer setIn decrypt clear text file identity
IdentifierUser communicates again with Cloud Server, and it is allowed to return corresponding ciphertext document
(S5), decryption phase:User receives ciphertext collectionAfterwards, communicate again with time server, and from when
Between server obtain corresponding decruption keyEnd user utilizes these keysRespectively
To ciphertextIt is decrypted, obtains corresponding cleartext information
In the step (S2) data owner's encrypted document and while establishing concordance list employ symmetric key cryptography system and
The method that public encryption system is combined ultimately generates corresponding ciphertext and concordance list.
Specifically, the process of data owner's encrypted document is as follows:
(S2a) data owners utilize keyEncrypted document D respectively1,…,Dn:1
≤ i≤n, whereinRepresent document DiCorresponding encrypted result,Represent a kind of symmetric encipherment algorithm,
And the encryption key used in algorithm is1≤i≤n.Then, data owner chooses the n public keys with time correlationOne by one to used private key during encrypted documentIt is encrypted, we are represented with ckiEncryption
As a result:HereRepresent a kind of public key encryption algorithm, it is used in algorithm plus
Migong key isDocument DiCorresponding ciphertext is denoted asUser is by ciphertext Ci(i
=1 ..., n) it is uploaded on Cloud Server;
Specifically, the process of data owner's construction concordance list is as follows:
(S2b1) data owners extract set of keywords W={ w from document sets D1,…,wm}.Assuming that each document
Di(1≤i≤n) all there are one unique identification identifier idi(i=1 ..., n), the identifier can use the two of a k bit
System string representation.To each keyword wl∈ W (l=1 ..., m) choose the null set D (w that size is sl), and by as follows
Mode is to set D (wl) in element assignment:If document Di(1≤i≤n) includes keyword wl, then by document DiIt is corresponding
Identification identifier idiIt is stored in D (wl) in.OrderIf D (wl) in element number be less than s when, at random
Choose s- | D (wl) | the string of binary characters of a k bits is filled, and with symbol id 'j(id′j≠idj) represent corresponding body
Part identifier, wherein j=1 ..., s- | D (wl)|.Data owner utilizes key K1With pseudo-random function F1To each keyword
wl(l=1 ..., m) encryption becomes t (wl)=F1(K1,wl) (l=1 ..., m).Assuming that A be one be initialized as empty m ×
S dimension groups, the array are used to store D (wl) each element in (l=1 ..., m) relevant information.Specifically, data possess
Person is to each D (wl) element id in (l=1 ..., m)j(1≤j≤s) encryption one by one, then these encrypted results with
The associated form of chained list is respectively stored in A (addr (Nl,1)),A(addr(Nl,2)),,…,A(addr(Nl,s)) in, here
addr(Nl,1),addr(Nl,2),…,addr(Nl,s) s different positions in representing matrix A.Data owner chooses one
{0,1}k×{0,1}kForm T, and each keyword w in array AlThe head node of chained list corresponding to (1≤l≤m)
Location information addr (Nl,1) and t (wl) (1≤l≤m) encryption be (t (wl),And it is stored in form
In T.
(S2b2) concordance list I=(A, T) is uploaded to cloud server by.
The construction of matrix A in the step (S2b1) is as follows:
(S2b11) is to D (wl) each element id in (1≤l≤m)j(1≤j≤s) utilizes symmetric cryptography and public key encryption
The thought being combined is encrypted.Specifically, to each element idj, utilize key K3With keyword wlIt calculates:(1≤l≤m,1≤j≤s).Then using symmetric encryption scheme δ .Enc () andBy idj
It is encrypted as (1≤l≤m,1≤j≤s).It is selected in all public key set announced from Cloud Server
Take the s public key PK with time correlationl,1,…,PKl,s, and utilize public key cryptography scheme ε2.Enc () encrypts here one by one
The key used(1≤j≤s), corresponding ciphertext is denoted as Finally
OrderThe value represents element idjEncrypted result.To each keyword wl(1≤l≤m) is selected at random in A
Take s different empty position addr (Nl,1),…,addr(Nl,s) (1≤l≤m), and by information(1≤l≤m, 1≤j≤s) is sequentially stored on corresponding position, here addr
(Nl,s+1)=⊥ represents the terminating symbol for reading data, writing data program.
The construction of form T in the step (S2b1) is as follows:
(S2b12) data owners utilize pseudo-random function F1, key K1,K2To each keyword wl(1≤l≤m) is counted
It calculates:t(wl)=F1(K1,wl), l (wl)=F1(K2,wl).Then by array (t (wl),It is arranged according to dictionary
The mode of sequence method is stored in form T.
Specifically, the detailed process of the step (S3) is as follows:
(S3a) user utilizes key (K1,K2) to the keyword w of desired inquiryα∈ W generation search instruction Tr (wα)=(t
(wα),l(wα),h(wα))=(F1(K1,wα),F1(K2,wα), F3(K1,wα)), and server is sent it to, wherein t (wα) be
Search instruction Tr (wα) in first score value, l (wα) it is search instruction Tr (wα) in second score value, h (wα) refer to for search
Make Tr (wα) in the 3rd score value.
Specifically, step (S4) detailed process is as follows:
(S4a) Cloud Servers are according to search instruction Tr (wα) in first score value t (wα), it is found in form T pair
The value answeredThen Tr (w are utilizedα) in second score value l (wα) and γ exclusive or, obtain address addr
(Nα,1).Server extracts array A (addr (Nα,1)) in the data that are storedIt preserves
The pointer information value of first portionAnd utilize Tr (wα) in the 3rd score value h (wα) and data
Exclusive or obtains addr (Nα,2).Read array A (addr (Nα,2)) in the data that are stored
Preserve pointer information valueThen Tr (w are utilizedα) in the 3rd score value h (wα) and data
Exclusive or obtains addr (Nα,3).Above step is repeated until server runs into addr (Nα,(s+1)Until)=⊥, such cloud service
Device can obtain pointer information successively
(S4b) Cloud Servers are by the pointer information set in previous stepReturn to user.
(S4c) user receives pointer information setAfterwards, communicate with time server, it is corresponding to obtain
Decruption key SKα,1,…,SKα,s。
(S4d) the decruption key SK of user's time of receipt (T of R) server releaseα,,jAfter (t=1 ..., s), the key SK is utilizedα,jSolution
Close arrayIn second component Then it is sharp
WithDecryptionIn one-component
Subsequent user continues to communicate with Cloud Server.
(S4e) Cloud Servers receive the request of userAfterwards, corresponding ciphertext document is found out in C And returned to user.
The detailed process of the step (S4c) is as follows:
(S4c1) whether time servers first verify that the identity information of user, if identity is legal, checks and currently may be used
To discharge public key PKα,1,…,PKα,sCorresponding private key SKα,1,…,SKα,s.If private key SK can be discharged at presentα,j(1≤j≤
S), then the value is sent to user;If being not reaching to the defined period, private key SK is not returnedα,j(1≤j≤s)。
Specifically, step (S5) detailed process is as follows:
(S5a) treats that user receivesAfterwards, user continues to communicate with time server, obtains relevant decryption
KeyTime server first verifies that the identity information of user, if identity is legal, check it is current whether
Public key can be dischargedCorresponding decruption keyIf it is then the value is sent to
User.HereIt is encryptionUsed public key.
(S5b) user receives decruption keyAfterwards, it is right firstSecond component ck
αjIt is decrypted:Then utilizeDecryptionThe first point
Amount
Compared with the prior art, the invention has the advantages that.
1. it ensure that the privacy of high in the clouds document.It is stored after clear data is encrypted beyond the clouds, on the one hand protects data
On the other hand privacy brings conveniently to user, user can be allowed to inquire about the number of oneself in arbitrary equipment anywhere or anytime
According to.
2. data can be uploaded in advance, the workload of data owner is simplified.In the way of before, data owner needs
It to wait until that the previous second of specific time could upload document, and network blockage is subject to during document is uploaded.It utilizes
The cipher mode of time releasing mechanism handles data, data can be caused to be uploaded to high in the clouds in advance.
3. time of specification user inquiry.Some data can only be in the period that some will be specified in future in real life
It is inquired about, such as testament, national unified examination score inquiry etc..The present invention constructs database one and time correlation
Index, so may be such that user can only inquire and the relevant data set of keyword within the specific period.
Description of the drawings
Fig. 1 is the system frame structure of the present invention.
Specific embodiment
Below in conjunction with the accompanying drawings, by taking embodiment 1 as an example, technical scheme is specifically described.We are right first
Used mathematic sign is briefly described.
εa=(εa.Enc (), εa.Dec ()) safety cipher system algorithm, wherein εa.Enc it is corresponding
Encryption Algorithm, εa.Dec it is corresponding decipherment algorithm.As a=1, which is symmetric encipherment algorithm, as a=2, the algorithm
For public key encryption algorithm.
δ=(δ .Enc (), δ .Dec ()) determines symmetric encipherment algorithm, and wherein δ .Enc are to encrypt accordingly
Algorithm, δ .Dec are corresponding decipherment algorithms.The output length of the algorithm is k bits.
(PK, SK) public private key pair, wherein PK is public key, and SK is corresponding private key.
Fb:{0,1}k×{0,1}*→{0,1}kPseudo-random function, b=1,2,3.
π:{0,1}k×{0,1}k→{0,1}kπ is the pseudo-random permutation of k-bit to k-bit.
D=(D1,D2,…,Dn) collection of document.
D (w) includes the document identifier set of keyword w.
The set that W is made of the keyword in D.
idiI-th of document DiCorresponding file identifier is made of k-bit strings of binary characters.
The array of A ms.
addr(Ni,j) represent the addr (N of array Ai,j) a position, it is represented by k-bit strings of binary characters.
T{0,1}k×{0,1}kArray.
| W | the number of element in set W.
Embodiment 1
In the present embodiment, it is related to four participants altogether:Data owner, Cloud Server, time server, user.Tool
There are five links altogether during body is realized:
1st, key generation phase:In this stage, user inputs security parameter λ, generates key arrayAnd time server input security parameter λ, and broadcast public key to members
WithThe corresponding private key of these public keys is published to legal use by time server within the time then specified
Family.Security parameter λ takes the binary number of at least 256 bits.
2nd, encrypting stage:Assuming that data owner has n document D=(D1,D2,…,Dn) need to upload to high in the clouds, therefore
He will complete following two steps:
A) encrypted document datas.Data owner is to each document DiUtilize keyIt is encrypted, i.e.,Data owner chooses public keyAccording to the thought of public encryption system to keyIt is encryptedFinal document DiCorresponding ciphertext is
B) constructs concordance list I.Data owner extracts set of keywords W, it is assumed that | W |=m.Then to each keyword
wl∈ W, respectively to set D (wl) carry out assignment:If document Dj(j=1 ..., n) include keyword wl(l=1 ..., m), then
By DjDocument identifier idj(j=1 ..., n) it is deposited into set D (wl) in.Remember sl=| D (wl) | (l=1 ..., m), and makeIf D (wl) in element number be less than s, then randomly select s-slA k dimension character strings { 0,1 }kBy D (wl)
(l=1 ..., m) it fills until s element.Global variable ctr=1 is made, from keyword w1Start, one by one to keyword wl(l
=1 .., m) do following computing:
I) calculates t (wl)←F1(K1,wl), l (wl)←F1(K2,wl),By number
Group (t (wl),It is stored in the way of dictionary ranking method in form T, hereTable
Show that integer x passes through pseudo-random permutation functionIt is mapped on the position of the addr (y) of array A.
II) is to D (wl) in each elementChoose the public key PK with time correlationl,j(j=1 ..., s),
And do following computing:With
And it makes
III) makes ctr=ctr+1, calculatesIt will
It is stored in array A (addr (Nl,j)) in (j=1 ..., s), wherein addr (Nl,(s+1))=⊥ represents null character, meaning operation
Terminate.
Concordance list I=(A, T) is made, ciphertext C and I are uploaded to high in the clouds by data owner.
3rd, search instruction generation phase:Keyword w is included when user wants inquiryαFile when, the user utilize key
K1,K2To keyword wαCalculate t (wα)←F1(K1,wα), l (wα)←F1(K2,wα) and h (wα)←F3(K1,wα).Make Tr (wα)=
(t(wα),l(wα),h(wα)) it is search instruction, and the value is sent to Cloud Server.
4th, the execution stage is searched for:When Cloud Server receives the search instruction Tr (w that user sendsα) after, it is first with t
(wα) found in form TThen by l (wα) obtainRead array
A(addr(Nα,1)) in informationStore informationDue to h (wα)=F3(K1,wα),
Therefore Cloud Server can calculateCloud Server continues to read
A(addr(Nα,2)) in valueThe above method is repeated until addr (Nl,(s+1))=⊥,
Cloud Server can obtain successivelyAnd returned to user.
User receivesAfterwards, the identity information of oneself is sent to time server, once it is verified, the time
Whether server access currently can discharge public key PKα,j(j=1 ..., s) corresponding private key SKα,1,…,SKα,s.It is if current
Can be release, then time server is by corresponding private key SKα,j(1≤j≤s) returns to user, if currently not allowing to release
Let smuggled articles pass key SKα,j(1≤j≤s) does not return the value then to user.
User receives SKα,jAfter (1≤j≤s), the value pair is utilizedSecond component
It is decrypted:Then utilizeTo corresponding
One-componentDo following computing:User is to Cloud Server
It asks forCorresponding ciphertext documentAfter Cloud Server receives instruction, corresponding ciphertext is returned
DocumentTo user.
5th, decryption phase:User receivesAfterwards, public key is asked for time server again
Corresponding decruption keyTime server is combined according to the response of userIn it is embedded
The temporal information entered, according to the specified time by corresponding decruption keyIt is sent to user.End user receives
It arrives Afterwards, these are utilizedIt is rightSecond component ck αj(1≤j≤
S) calculateThen utilizeTo corresponding's
One-componentIt calculates:Finally, user has been obtained comprising key
Word wαDocument
The above is only the preferred embodiment of the present invention, it is noted that for the ordinary skill people of the art
For member, without departing from the principle of the present invention, several improvements and modifications can also be made, these improvements and modifications also should
It is considered as protection scope of the present invention.
Claims (9)
1. a kind of cloud storage searching method based on time release, mainly including data owner, Cloud Server, user, spy
Sign is:
Time server is further included, the time server is a believable center;
The method comprises the steps of:
(S1), data owner inputs security parameter λ, and generation one is for encrypted document and the key array of construction index, table
It is shown as n+3 dimension keysN is greater than the integer equal to 1, represents the text that document sets D is included
The number of shelves;The time server inputs security parameter λ, generates at random and broadcasts a series of and time correlation public key;
It is expressed asAnd PK1,1,…,PKm,s, m, s be greater than the integer equal to 1, and m is the keyword in database
Number, the value of s are determined by the maximum of the number of the document associated by keyword in database;
(S2), data owner is by local document sets D=(D1,D2,…,Dn) it is encrypted to ciphertext document sets C=(C1,C2,…,
Cn);Meanwhile data owner creates an encrypted indexes Table I for document sets D, data owner is by ciphertext document sets C and index
Table I is stored to above Cloud Server;Wherein each document representation is Di(1≤i≤n), corresponding ciphertext document representation are:Ci(1
≤i≤n);
(S3), validated user inquiry includes keyword wαThe document of (1≤α≤m), the user are keyword first with key
wαGenerate a search instruction Tr (wα), then by search instruction Tr (wα) it is sent to Cloud Server;
(S4), Cloud Server passes through search instruction Tr (wα) found out in concordance list I comprising keyword wαDocument set of pointersServer is needed these file pointersReturn to user;User receives file pointer setIt communicates afterwards with time server;After the identity information of time server verification user is legal, then not
Come in period for specifying by corresponding decruption key SKα,1,…,SKα,sThe user is sent to, it is close that the user receives decryption
Key SKα,1,…,SKα,sAfterwards, from file pointer setIn decrypt plain text document identification identifierThe validated user communicates again with Cloud Server, and it is allowed to return corresponding ciphertext document
(S5), decryption phase:User receives ciphertext documentAfterwards, communicate with time server, and from time server
There obtains corresponding decruption keyThe user is using these keys to ciphertext collectionIt is solved
It is close, obtain corresponding cleartext information
2. a kind of cloud storage searching method based on time release according to claim 1, it is characterised in that:The step
(S2) it is combined in when data owner's encrypted document and generation concordance list using symmetric key cryptography system and public encryption system
Method, it is final to generate ciphertext and encrypted concordance list.
3. a kind of cloud storage searching method based on time release according to claim 2, it is characterised in that:
The detailed process of data owner's encrypted document is as follows:
(S2a) data owners utilize keyEncrypted document Di(1≤i≤n):Wherein≤ n) represent corresponding encrypted result;Then the n public key with time correlation is utilized(i=1 .., n) difference
Encryption key (i=1 .., n);Document DiCorresponding ciphertext document is(i=
1 .., n), the data owner is by ciphertext document sets C=(C1,…,Cn) it is uploaded to Cloud Server;
The detailed process that the data owner constructs concordance list is as follows:
(S2b1) data owners extract set of keywords W from document sets D, and to each keyword wl∈ W (l=1 ..,
M), D (w are calculatedl), the D (wl) it is by comprising keyword wlDocument DjIdentifier idjThe set of composition, the document mark
Know symbol idjIt is the string of binary characters of a k bit;Data owner utilizes key K1With pseudo-random function F1Each crucial
Word wlIt is encrypted to t (wl) (l=1 .., m);The data owner chooses | W | × s dimensions are initialized as empty array A, described
Array A is used to store D (wl) each element in (l=1 .., m) relevant information;Data owner is first to D (wl) (l=
1 .., m) in each element idljThen (j=1 .., s) encryption is stored in these values in the form of chained list is associated
Addr (the N of matrix Al,1),…,addr(Nl,s) on position;If D (wl) element number in (l=1 .., m) less than s when,
Data owner randomly selects s- | D (wl) | the string of binary characters of a k dimensions bitBy D (wl) fill to s
Element;The data owner chooses one { 0,1 }k×{0,1}kForm T, and each keyword w in array Al(l=
1 .., m) corresponding chained list head node location information addr (Nl,1) and keyword wlSecret value t (wl) (l=1 ..,
M) encryption is (t (wl), l (wl)⊕addr(Nl,1)), then the result is stored according to dictionary ranking method in form T;
(S2b2) concordance list I=(A, T) is uploaded to Cloud Server by.
4. a kind of cloud storage searching method based on time release according to claim 3, it is characterised in that:
The construction of matrix A in the step (S2b1) is as follows:
(S2b11) first, to each D (wl) each element id in (l=1 .., m)j(j=1 .., s) does following processing:Profit
With key K3With keyword wlIt calculates:Using symmetric encryption scheme δ .Enc () andBy idj
(1≤j≤s) is encrypted asChoose the s public key PK with time correlationl,1,…,PKl,s,
And utilize public key cryptography scheme ε2.Enc () encrypts key used herein one by one(1≤j≤s), corresponding ciphertext
It is denoted as Final orderThe value is expressed as element
idjEncryption pointers value;S different empty position addr (N are chosen in A at randoml,1),…,addr(Nl,s), respectively by information⊕F3(K1,wl) (1≤j≤s) be stored in A (addr (Nl,j)) in (1≤j≤s);The addr
(Nl,s+1)=⊥, as the terminating symbol for reading data, writing data.
5. a kind of cloud storage searching method based on time release according to claim 3, it is characterised in that:
The construction of form T in the step (S2b1) is as follows:
(S2b12) data owners utilize pseudo-random function F1, key K1,K2To each keyword wl(1≤l≤m) is calculated:t
(wl)=F1(K1,wl), l (wl)=F1(K2,wl);Then by array (t (wl), l (wl)⊕addr(Nl,1)) sort according to dictionary
The mode of method is stored in form T.
6. a kind of cloud storage searching method based on time release according to claim 3 or 4 or 5, it is characterised in that:Institute
It is as follows to state step (S3) detailed process:
(S3a) user utilizes key (K1,K2) the keyword w that is inquired for oneselfαGenerate search instruction Tr (wα)=(t (wα),l
(wα),h(wα)), and send it to server;Wherein t (wα) it is search instruction Tr (wα) in first score value, l (wα) be
Search instruction Tr (wα) in second score value, h (wα) it is search instruction Tr (wα) in the 3rd score value.
7. a kind of cloud storage searching method based on time release according to claim 6, it is characterised in that:The step
(S4) detailed process is as follows:
(S4a) Cloud Servers are according to search instruction Tr (wα) in first score value t (wα), it is found in form T corresponding
Value γ=l (wα)⊕addr(Nα,1);Utilize Tr (wα) in second score value l (wα), conversion γ ⊕ l (w are to γα), it obtains
Address addr (Nα,1) information;Cloud Server extracts array A (addr (Nα,1)) in the data that are storedaddr(Nα,2)
⊕F3(K1,wα), preserve the pointer value in the dataUtilize Tr (wα) in the 3rd score value h (wα), to above-mentioned data
addr(Nα,2)⊕F3(K1,wα) convert:addr(Nα,2)⊕F3(K1,wα)⊕h(wα) obtain addr (Nα,2);Repeat above step
Suddenly until Cloud Server runs into addr (Nα,(s+1)Until)=⊥, Cloud Server can obtain set of pointers successively
(S4b) Cloud Servers are by the set of pointers in step (S4a)Value return to user;
(S4c) user receivesAfterwards, communicate with time server, to obtain corresponding decruption key
SKα,1,…,SKα,s;
(S4d) the decruption key SK of user's time of receipt (T of R) server releaseα, after j (1≤j≤s), utilize the key SKα,j(1≤j
≤ s) decryption arraySecond component value in (1≤j≤s)Profit
With(1≤j≤s) decrypts arrayFirst component value of (1≤j≤s)
User will(1≤j≤s) is sent to Cloud Server;
(S4e) Cloud Servers receive the request of userAfter (1≤j≤s), corresponding ciphertext document is found out in C(1
≤ j≤s), and returned to user.
8. a kind of cloud storage searching method based on time release according to claim 7, it is characterised in that:
The detailed process of the step (S4c) is as follows:
(S4c1) time servers first verify that the identity information of user, if identity is legal, check public key PKα,1,…,
PKα,s, the release time of respective private keys;If release private key SK is reached at presentα,1,…,SKα,sPeriod, then will be corresponding
Private key SKα,j(1≤j≤s) is sent to user;If being not reaching to the defined period, private key SK is not returnedα,j(1≤j≤
s)。
9. a kind of cloud storage searching method based on time release according to claim 7 or 8, it is characterised in that:It is described
Step (S5) detailed process is as follows:
(S5a) treats that user receivesAfter (1≤j≤s), user continues to communicate with time server, obtains relevant decruption key(1≤j≤s):Whether time server first verifies that the identity information of user, if identity is legal, checks and currently may be used
To discharge public keyDecruption key corresponding to (1≤j≤s)(1≤j≤s);If it is then by corresponding decryption
Key(1≤j≤s) is sent to user;It is described(j=1 ..., s) it is encryption(j=1 ..., s) used in
Public key;
(S5b) user receives decruption keyAfter (1≤j≤s), first to arraySecond component ck of (1≤j≤s)
αj(1≤j≤s) is decrypted:(1≤j≤s);It utilizes(1≤j≤s) is decrypted(1
≤ j≤s) one-component(1≤j≤s)。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711344491.1A CN108111587B (en) | 2017-12-15 | 2017-12-15 | Cloud storage searching method based on time release |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201711344491.1A CN108111587B (en) | 2017-12-15 | 2017-12-15 | Cloud storage searching method based on time release |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108111587A true CN108111587A (en) | 2018-06-01 |
CN108111587B CN108111587B (en) | 2020-11-06 |
Family
ID=62217101
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201711344491.1A Active CN108111587B (en) | 2017-12-15 | 2017-12-15 | Cloud storage searching method based on time release |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108111587B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109145079A (en) * | 2018-07-24 | 2019-01-04 | 南京邮电大学 | Cloud based on personal interest user model can search for encryption method |
CN109165520A (en) * | 2018-07-16 | 2019-01-08 | 哈尔滨工业大学(深圳) | Data ciphering method and its device, data encryption searching system |
CN110380841A (en) * | 2019-07-25 | 2019-10-25 | 黑龙江头雁科技有限公司 | A kind of Electronic Document exchange encryption method based on BlockChain |
CN112153078A (en) * | 2020-10-26 | 2020-12-29 | 广州欧赛斯信息科技有限公司 | Encryption method and system based on time release |
WO2021017305A1 (en) * | 2019-08-01 | 2021-02-04 | 平安科技(深圳)有限公司 | Data query method and apparatus, electronic device, and computer readable storage medium |
CN114024776A (en) * | 2022-01-05 | 2022-02-08 | 北京理工大学 | Encryption transmission method and system supporting timing decryption |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1487422A (en) * | 2002-04-17 | 2004-04-07 | 微软公司 | Encrypted data memory & data search based on public key |
CN102024054A (en) * | 2010-12-10 | 2011-04-20 | 中国科学院软件研究所 | Ciphertext cloud-storage oriented document retrieval method and system |
CN103023637A (en) * | 2012-12-25 | 2013-04-03 | 电子科技大学 | Encryption and search method for revocable keyword search public keys in cloud storage |
CN103595730A (en) * | 2013-11-28 | 2014-02-19 | 中国科学院信息工程研究所 | Ciphertext cloud storage method and system |
CN103731432A (en) * | 2014-01-11 | 2014-04-16 | 西安电子科技大学昆山创新研究院 | Multi-user supported searchable encryption system and method |
CN104052740A (en) * | 2014-05-22 | 2014-09-17 | 西安理工大学 | Verifiable and searchable encryption method based on dictionary in cloud storage |
CN104780161A (en) * | 2015-03-23 | 2015-07-15 | 南京邮电大学 | Searchable encryption method supporting multiple users in cloud storage |
US9281941B2 (en) * | 2012-02-17 | 2016-03-08 | International Business Machines Corporation | Homomorphic evaluation including key switching, modulus switching, and dynamic noise management |
CN105763324A (en) * | 2016-04-19 | 2016-07-13 | 四川理工学院 | Controllable searchable encryption searching method being able to verify multi user-ends |
CN106815350A (en) * | 2017-01-19 | 2017-06-09 | 安徽大学 | Dynamic ciphertext multi-key word searches for method generally in a kind of cloud environment |
CN107395568A (en) * | 2017-06-21 | 2017-11-24 | 西安电子科技大学 | A kind of cipher text retrieval method of more data owner's certifications |
-
2017
- 2017-12-15 CN CN201711344491.1A patent/CN108111587B/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1487422A (en) * | 2002-04-17 | 2004-04-07 | 微软公司 | Encrypted data memory & data search based on public key |
CN102024054A (en) * | 2010-12-10 | 2011-04-20 | 中国科学院软件研究所 | Ciphertext cloud-storage oriented document retrieval method and system |
US9281941B2 (en) * | 2012-02-17 | 2016-03-08 | International Business Machines Corporation | Homomorphic evaluation including key switching, modulus switching, and dynamic noise management |
CN103023637A (en) * | 2012-12-25 | 2013-04-03 | 电子科技大学 | Encryption and search method for revocable keyword search public keys in cloud storage |
CN103595730A (en) * | 2013-11-28 | 2014-02-19 | 中国科学院信息工程研究所 | Ciphertext cloud storage method and system |
CN103731432A (en) * | 2014-01-11 | 2014-04-16 | 西安电子科技大学昆山创新研究院 | Multi-user supported searchable encryption system and method |
CN104052740A (en) * | 2014-05-22 | 2014-09-17 | 西安理工大学 | Verifiable and searchable encryption method based on dictionary in cloud storage |
CN104780161A (en) * | 2015-03-23 | 2015-07-15 | 南京邮电大学 | Searchable encryption method supporting multiple users in cloud storage |
CN105763324A (en) * | 2016-04-19 | 2016-07-13 | 四川理工学院 | Controllable searchable encryption searching method being able to verify multi user-ends |
CN106815350A (en) * | 2017-01-19 | 2017-06-09 | 安徽大学 | Dynamic ciphertext multi-key word searches for method generally in a kind of cloud environment |
CN107395568A (en) * | 2017-06-21 | 2017-11-24 | 西安电子科技大学 | A kind of cipher text retrieval method of more data owner's certifications |
Cited By (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109165520A (en) * | 2018-07-16 | 2019-01-08 | 哈尔滨工业大学(深圳) | Data ciphering method and its device, data encryption searching system |
CN109165520B (en) * | 2018-07-16 | 2020-08-11 | 哈尔滨工业大学(深圳) | Data encryption method and device and data encryption retrieval system |
CN109145079A (en) * | 2018-07-24 | 2019-01-04 | 南京邮电大学 | Cloud based on personal interest user model can search for encryption method |
CN109145079B (en) * | 2018-07-24 | 2022-07-19 | 南京邮电大学 | Cloud searchable encryption method based on personal interest user model |
CN110380841A (en) * | 2019-07-25 | 2019-10-25 | 黑龙江头雁科技有限公司 | A kind of Electronic Document exchange encryption method based on BlockChain |
WO2021017305A1 (en) * | 2019-08-01 | 2021-02-04 | 平安科技(深圳)有限公司 | Data query method and apparatus, electronic device, and computer readable storage medium |
CN112153078A (en) * | 2020-10-26 | 2020-12-29 | 广州欧赛斯信息科技有限公司 | Encryption method and system based on time release |
CN114024776A (en) * | 2022-01-05 | 2022-02-08 | 北京理工大学 | Encryption transmission method and system supporting timing decryption |
Also Published As
Publication number | Publication date |
---|---|
CN108111587B (en) | 2020-11-06 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107491497B (en) | Multi-user multi-keyword sequencing searchable encryption system supporting query in any language | |
CN108111587A (en) | A kind of cloud storage searching method based on time release | |
CN105681280B (en) | Encryption method can search for based on Chinese in a kind of cloud environment | |
CN104021157B (en) | Keyword in cloud storage based on Bilinear map can search for encryption method | |
Wang et al. | Secure ranked keyword search over encrypted cloud data | |
Wang et al. | Enabling secure and efficient ranked keyword search over outsourced cloud data | |
US9021259B2 (en) | Encrypted database system, client terminal, encrypted database server, natural joining method, and program | |
CN105933281B (en) | A kind of quantum homomorphism symmetrically can search for the method and system of encryption | |
CN105610910A (en) | Cloud storage oriented ciphertext full-text search method and system based on full homomorphic ciphers | |
CN107256248A (en) | Encryption method can search for based on asterisk wildcard in cloud storage safety | |
CN104899517B (en) | Phrase-based can search for symmetric encryption method | |
CN112163854B (en) | Hierarchical public key searchable encryption method and system based on block chain | |
CN104052740A (en) | Verifiable and searchable encryption method based on dictionary in cloud storage | |
CN109361644A (en) | A kind of Fog property base encryption method for supporting fast search and decryption | |
US10733317B2 (en) | Searchable encryption processing system | |
Yuan et al. | Towards privacy-preserving and practical image-centric social discovery | |
Wang et al. | PeGraph: A system for privacy-preserving and efficient search over encrypted social graphs | |
Jiang et al. | An Efficient Symmetric Searchable Encryption Scheme for Cloud Storage. | |
Liu et al. | EncSIM: An encrypted similarity search service for distributed high-dimensional datasets | |
CN109672525B (en) | Searchable public key encryption method and system with forward index | |
CN108650268A (en) | It is a kind of realize multistage access can search for encryption method and system | |
KR100945535B1 (en) | Key generating method for preventing dictionary attack and method of producing searchable keyword encryption and searching data using that | |
CN112765669B (en) | Regular language searchable encryption system based on time authorization | |
Jiang et al. | A novel privacy preserving keyword search scheme over encrypted cloud data | |
Raghavendra et al. | DRSMS: Domain and range specific multi-keyword search over encrypted cloud data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |