CN108418681B - Attribute-based ciphertext retrieval system and method supporting proxy re-encryption - Google Patents

Attribute-based ciphertext retrieval system and method supporting proxy re-encryption Download PDF

Info

Publication number
CN108418681B
CN108418681B CN201810058235.4A CN201810058235A CN108418681B CN 108418681 B CN108418681 B CN 108418681B CN 201810058235 A CN201810058235 A CN 201810058235A CN 108418681 B CN108418681 B CN 108418681B
Authority
CN
China
Prior art keywords
ciphertext
keyword
encryption
key
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201810058235.4A
Other languages
Chinese (zh)
Other versions
CN108418681A (en
Inventor
陈燕俐
胡媛媛
朱敏惠
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Posts and Telecommunications
Original Assignee
Nanjing University of Posts and Telecommunications
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Posts and Telecommunications filed Critical Nanjing University of Posts and Telecommunications
Priority to CN201810058235.4A priority Critical patent/CN108418681B/en
Publication of CN108418681A publication Critical patent/CN108418681A/en
Application granted granted Critical
Publication of CN108418681B publication Critical patent/CN108418681B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an attribute-based ciphertext retrieval system and method supporting proxy re-encryption, which simultaneously realize two functions of safe retrieval by a user and effective sharing of search permission in a cloud environment. The access structure based on the LSSS linear secret sharing matrix adopted by the method not only supports fine-grained attribute description of access users, but also has higher computational efficiency. And in the threshold generation stage, the user key is blinded by using a random value and then submitted to a cloud server, so that the confidentiality and the safety of the user key are ensured. On the other hand, the entrusting problem of the search right when the authorized user is not on line in practical application is considered, the proxy re-encryption technology is introduced, and the cloud server realizes the conversion of the ciphertext, so that the encryption and decryption pressure of the data owner is reduced, and the system efficiency is greatly improved.

Description

Attribute-based ciphertext retrieval system and method supporting proxy re-encryption
Technical Field
The invention relates to an attribute-based ciphertext retrieval system and method supporting proxy re-encryption, and belongs to the technical field of cloud computing.
Background
Cloud computing is an emerging topic in the field of information technology, and is a further development of parallel computing, distributed computing and grid computing. Cloud storage is an important service of cloud computing, which allows data owners to store their data on the cloud, and cloud servers provide all-weather data access to users. An ordinary user can access data in the cloud server at any time and any place only by connecting one terminal, one smart phone or one tablet computer to the internet. For enterprise users, particularly small and medium-sized enterprises with limited funds, cloud computing enables the enterprise users to obtain flexible on-demand services without purchasing a hardware platform with high cost, so that the cost is reduced. Although cloud services provide such benefits, there are many security issues associated with uploading data to the cloud, which deprives the data owner of direct control over private data. To alleviate these concerns, data owners need to encrypt their data before it is stored to the cloud server. However, encryption affects the sharing of data and files. For example, the user cannot search for encrypted data in the cloud server. However, in the present day of rapid development of networks and information explosion, people need to quickly search for required information. Therefore, how to quickly and efficiently find the data which is interested by the user is an essential function in the cloud computing environment.
Searchable encryption is then proposed which enables retrieval of ciphertext, particularly for use in a cloud computing environment. With the rapid development of cloud computing, it is becoming more popular that users can use the massive storage and computing capabilities of cloud servers at a low price. Although public key searchable encryption currently in existence can safely and efficiently complete the search operation, in order to achieve control over the searcher, and a one-to-many communication mode. In 2013, Kulvaibhavh et al constructed a CP-ABE searchable encryption scheme (ABKS), the data owner of the scheme encrypts keywords by using an access structure, when a user wants to search a ciphertext, a key is generated according to the self attribute, the keyword to be retrieved is encrypted to generate a keyword threshold Trap, and the Trap is transmitted to a server. The server judges whether the user key attribute meets the access structure of the ciphertext, the keyword verification can be carried out when the attribute is met, and the server returns the ciphertext containing the search threshold to the user only under the condition that the attribute is matched with the keyword at the same time. The ABE refers to encryption based on attributes, the encryption scheme based on the attributes is divided into two types, namely Key-Policy ABE (KP-ABE) based on attribute encryption of a Key strategy and CP-ABE (Ciphertext-Policy ABE) based on attribute encryption of a Ciphertext strategy. In KP-ABE, the key is related to the access strategy, the cipher text is related to the attribute set, the encryptor can only select descriptive attributes for the data, can not decide who can decrypt the cipher text, and only can trust the key issuer; the attributes in CP-ABE are used to describe the user's private key, and the encryptor can use the access policy to decide which encrypted data can be accessed, but the encryptor does not know who can access the ciphertext. Therefore, the deployment mode of the CP-ABE is closer to that of the traditional access control model, the method can be well suitable for protecting sensitive data in a cloud computing environment, and meanwhile, the access strategy can be controlled more flexibly.
However, the ABKS scheme has some limitations in data sharing, such as the need to not delegate search rights to other users when the authorized user is not online. An effective method is to introduce a Proxy Re-encryption (PRE) technology, set an online semi-trusted Proxy to replace an authorizer to complete the conversion of a ciphertext, and importantly, the Proxy server does not know any information about a plaintext, thereby effectively realizing the sharing of a search right. However, in the existing scheme, the ABKS and the PRE are not well combined, and the requirement that the user is granted the right to safely retrieve and search to other users cannot be met at the same time.
Disclosure of Invention
In order to solve the problem that the granting of the search authority cannot be effectively realized in the searchable encryption scheme based on the attributes in the cloud computing environment, the invention provides an attribute-based ciphertext retrieval system and method supporting proxy re-encryption in the cloud computing. The invention uses the access structure of the LSSS to encrypt the ciphertext, realizes the description of the fine granularity of the attribute of the searcher by the data owner, flexibly controls the access authority and improves the system efficiency.
The invention adopts the following technical scheme for solving the technical problems:
on one hand, the invention provides an attribute-based ciphertext retrieval system supporting proxy re-encryption, which comprises an initialization module, a private key generation module, a ciphertext generation module, a threshold generation module, a ciphertext retrieval module, a re-encryption key generation module, a re-encryption ciphertext generation module and a re-encryption ciphertext retrieval module; wherein:
an initialization module: generating a system public key and a system master key by a private key generation center, wherein the system public key is public, and the system master key is stored by the private key generation center;
a private key generation module: generating a private key used by the user for decrypting the encrypted file according to the attribute set of the user;
the ciphertext generation module: the data owner utilizes the LSSS access structure to encrypt the key words and generate key word cryptographs;
a threshold generation module: the server encrypts and generates a threshold value according to a private key owned by a user and a keyword to be searched;
the ciphertext retrieval module: when the attribute of the private key owned by the user meets the access structure in the keyword ciphertext and the keyword to be searched in the threshold value is equal to the keyword in the keyword ciphertext, ciphertext retrieval is carried out, otherwise, the retrieval is failed;
a re-encryption key generation module: the authorized user generates a re-encryption key according to the private key of the authorized user and the new access structure, and then transmits the re-encryption key to the proxy server;
the re-encrypted ciphertext generating module: the proxy server re-encrypts the original ciphertext according to a re-encryption key provided by the authorized user to generate a re-encryption key ciphertext;
the re-encrypted ciphertext retrieval module: and when the attribute in the user private key meets the access structure in the re-encrypted keyword ciphertext and the threshold value of the keyword to be searched is equal to the keyword in the re-encrypted keyword ciphertext, searching the re-encrypted ciphertext, otherwise, failing to search.
As a further technical scheme of the invention, the ciphertext generating module uses an attribute-based encryption algorithm CP-ABE of a ciphertext strategy.
As a further technical scheme of the invention, the threshold generation module adopts a random value to perform blinding processing on the private key and then upload the private key to the cloud server.
As a further technical scheme of the invention, the re-encrypted ciphertext generation module uses a proxy re-encryption technology.
On the other hand, the invention also provides an attribute-based ciphertext retrieval method supporting proxy re-encryption, which comprises the following steps:
step 1: inputting a security parameter kappa and a global attribute U, and generating a system public key and a system master key by a private key generation center, wherein the system public key PK is public, and the system master key MSK is stored by the private key generation center:
Figure GDA0002539089840000031
MSK=(a,b,c)
wherein e isαIs a multi-linear mapping eα:G0×Gα→Gα+1|α=0,1,2},gjIs a prime p-order cyclic group GjJ is 0,1,2,3, and has gα+1=eα(g0,gα) H is a secure hash function,
Figure GDA0002539089840000032
a, b, c are integer groups Z of order ppRandom integers of (a);
step 2: inputting a system public key PK, a system master key MSK and a user attribute set S, and generating a corresponding private key SK by a private key generation centerS
SKS=(K,L,{Kx}x∈S)
Wherein the content of the first and second substances,
Figure GDA0002539089840000033
Kx=H(x)th (-) is the hash function in step 1; the random value t is belonged to Zp
And step 3: inputting a system public key PK, a keyword w and an access structure (M, rho), executing an encryption algorithm by a data owner, and generating a keyword ciphertext CPH:
CPH=(W1,W2,W3,{Ci,Di}1≤i≤l)
wherein M is a linear matrix of l rows and n columns, and ρ is a single mapping function that maps each row of matrix M to a user attribute;
Figure GDA0002539089840000034
q1,q2are two random values; for the
Figure GDA0002539089840000035
Is provided with
Figure GDA0002539089840000036
For M from line 1 to line l there is
Figure GDA0002539089840000037
MiIs the vector corresponding to the ith row of the matrix M,
Figure GDA0002539089840000038
y2,…,ynis a set of random values;
and 4, step 4: user input system public key PK and user private key SKSAnd generating a threshold TK with the keyword w' to be searched:
TK=(T1,T2,T3,T4,{Tx}x∈S)
wherein the content of the first and second substances,
Figure GDA0002539089840000041
the random value s ∈ Zp
And 5: if the authorized user grants the retrieval authority to other users, executing the step 6, otherwise, inputting a system public key PK, a user threshold TK and a keyword ciphertext CPH, and performing ciphertext retrieval by the cloud server, wherein the specific process comprises the following steps:
step 5-1: firstly, judging whether an attribute set in a private key of a data searcher meets an access structure (M, rho), if so, executing a step 5-2, otherwise, outputting inverted T to represent retrieval failure;
step 5-2: judging whether the keyword w' to be searched is equal to the keyword w in the keyword ciphertext, if so, judging that the keywords are consistent, and if so, successfully searching the keyword file by the server and then outputting a judgment value 1 to represent that the search is successful; otherwise, outputting a judgment value of 0 to indicate that the retrieval is failed;
step 6: inputting system public key PK and authorizing user to input own private key SKSAnd a new access structure (M ', ρ'), the re-encryption key RK being generated by the authorized user and then sent to the proxy server:
RK=(V1,V2,V3,{C′i′,D′i′}1≤i′≤l′,R1,R2,R3,R4,{Rx}x∈S)
where M ' is a linear matrix of l ' rows and n ' columns, and ρ ' is a single mapping function that maps each row of matrix M ' to a user attribute;
Figure GDA0002539089840000042
q′1,q′2for two random values, the random value ∈R{0,1}κ(ii) a For the
Figure GDA0002539089840000043
Is provided with
Figure GDA0002539089840000044
For M 'from line 1 to line l')
Figure GDA0002539089840000045
M′i′Is the vector corresponding to the ith' row of the matrix M,
Figure GDA0002539089840000046
y′2,…,y′nis a set of random values; random value mu epsilon Zp
Figure GDA0002539089840000047
For the
Figure GDA0002539089840000048
Is provided with
Figure GDA0002539089840000049
And 7: inputting a system public key PK, an original ciphertext CPH and a re-encryption key RK, and calculating by the proxy server to obtain a re-encryption key ciphertext RCPH:
RCPH=(A1,V1,V2,V3,{C′i′,D′i′}1≤i′≤l′)
wherein the content of the first and second substances,
Figure GDA00025390898400000410
and 8: when the cloud server receives a keyword matching request of an authorized user, inputting a system public key PK, a threshold value of the authorized user and a re-encrypted keyword ciphertext RCPH, and executing re-encrypted keyword ciphertext retrieval by the cloud server, wherein the specific process comprises the following steps:
step 8-1: firstly, judging whether an attribute set in a private key of an authorized user meets a new access structure (M ', rho'), if so, executing a step 8-2, otherwise, outputting inverted T to represent that the retrieval is failed;
step 8-2: judging whether the keyword to be searched is equal to the keyword w in the re-encrypted keyword ciphertext, if so, judging that the keywords are consistent, and if so, successfully searching the keyword file by the server and then outputting a judgment value 1 to represent that the search is successful; otherwise, outputting a judgment value of 0 to indicate that the retrieval is failed.
As a further technical solution of the present invention, the threshold value of the authorized user in step 8 is generated according to the threshold value generation method in step 4.
As a further technical scheme of the invention, in step 5-1, whether the attribute set in the private key meets the access structure (M, rho) is judged, namely, the verification equation is obtained
Figure GDA0002539089840000051
Whether or not:
finding a constant vector [ omega ] in polynomial timei∈Zp}i∈ISo that
Figure GDA0002539089840000052
Wherein
Figure GDA0002539089840000053
ρ (·) is the single mapping function in step 3, the equation is true, i.e. it represents whether the attribute set satisfies the access structure, otherwise the equation is false, i.e. it represents that the attribute set does not satisfy the access structure.
As a further technical scheme of the invention, step 5-2, judging whether the keyword w ' to be searched is equal to the keyword w in the keyword ciphertext, namely determining that the keyword w ' is equal to the keyword w in the keyword ciphertext, namely the keyword w ' is the verification equation Eroot · e0(W2,T2)=e0(W1,T1)e0(T3,W3) Whether or not: if the equation is established, the keyword w 'is consistent with the keyword w, otherwise, the keyword w' is inconsistent with the keyword w.
Compared with the prior art, the invention adopting the technical scheme has the following technical effects:
1. according to the invention, a searchable encryption scheme of CP-ABE is adopted, an LSSS access structure is adopted to encrypt the ciphertext, an LSSS access strategy can realize fine-grained description of user attributes, the control of a data owner on the file access right is facilitated, the method accords with practical application, in the threshold calculation process, the private key of a user is firstly blinded, the private key is prevented from being leaked at a server, and the privacy of the user is protected;
2. the invention introduces the agent re-encryption technology to convert the encrypted ciphertext under one access structure into the ciphertext under the other access structure, thus realizing that the search authority is entrusted to other users when the authorized user is not on line, greatly reducing the encryption and decryption pressure of the authorized user, and the agent server can not obtain any information about the keyword ciphertext, thereby ensuring the safe access and sharing of data;
3. the invention effectively fuses the searchable encryption technology and the proxy re-encryption technology based on the attribute, fully utilizes the advantages of the searchable encryption technology and the proxy re-encryption technology, ensures the flexible control of the authority of the visitor, realizes the safe access and sharing of data, reduces the calculation cost and improves the system efficiency on the premise of effectively solving the problem of entrusting the search authority when the authorized user is not online in practical application.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Fig. 2 is a flowchart of a specific implementation of the ciphertext re-encryption algorithm of the present invention.
FIG. 3 is a diagram of a system model in a cloud computing environment according to the present invention.
Detailed Description
The technical scheme of the invention is further explained in detail by combining the attached drawings:
the invention discloses an attribute-based ciphertext retrieval system and method supporting proxy re-encryption in a cloud computing environment, which simultaneously realize two functions of safe retrieval and effective sharing of search permission for a user in the cloud environment. The access structure based on the LSSS linear secret sharing matrix adopted by the method not only supports fine-grained attribute description of access users, but also has higher computational efficiency. And in the threshold generation stage, the user key is blinded by using a random value and then submitted to a cloud server, so that the confidentiality and the safety of the user key are ensured. On the other hand, the entrusting problem of the search right when the authorized user is not on line in practical application is considered, the proxy re-encryption technology is introduced, and the cloud server realizes the conversion of the ciphertext, so that the encryption and decryption pressure of the data owner is reduced, and the system efficiency is greatly improved.
The invention relates to an attribute-based ciphertext retrieval system supporting proxy re-encryption in cloud computing, which comprises an initialization module, a private key generation module, a ciphertext generation module, a threshold generation module, a ciphertext retrieval module, a re-encryption key generation module, a re-encryption ciphertext generation module and a re-encryption ciphertext retrieval module.
An initialization module: generating a system public key and a system master key by a private key generation center, wherein the system public key is public, and the system master key is stored by the private key generation center;
a private key generation module: generating a private key used by the user for decrypting the encrypted file according to the attribute set of the user;
the ciphertext generation module: the data owner encrypts the key using the LSSS access structure to generate a key ciphertext.
A threshold generation module: the server encrypts and generates a threshold value according to a private key owned by a user and a keyword to be searched;
the ciphertext retrieval module: and if and only if the attribute in the user private key meets the access structure in the ciphertext and the keyword to be searched in the threshold value is equal to the keyword in the keyword ciphertext, the search is successful, otherwise, the search is failed.
A re-encryption key generation module: the authorized user generates a re-encryption key according to the private key of the authorized user and the new access structure, and then transmits the re-encryption key to the proxy server;
the re-encrypted ciphertext generating module: the proxy server re-encrypts the original ciphertext according to a re-encryption key provided by the authorized user to generate a re-encryption key ciphertext;
the re-encrypted ciphertext retrieval module: and if and only if the attribute in the private key of the authorized user meets the access structure in the re-encrypted keyword ciphertext and the keywords in the threshold value to be searched and the keywords in the re-encrypted keyword ciphertext are equal, the search is successful, otherwise, the search is failed.
The ciphertext generating module uses an encryption algorithm based on CP-ABE; the CP-ABE is an attribute encryption algorithm based on a ciphertext strategy, a private key in the algorithm is related to an attribute set, a ciphertext is related to an access structure, and the authority control of an owner to an accessor is easier to realize; by adopting the LSSS access structure, fine-grained description of the attributes of the accessor can be realized, and the access authority can be flexibly controlled.
The threshold generation module adopts a random value to blindly process the private key and then upload the private key to the cloud server, so that the private key is invisible to an untrusted server, the security of the private key is ensured, and the security of a ciphertext is ensured.
The two retrieval modules (the ciphertext retrieval module and the re-encrypted ciphertext retrieval module) only match keywords and do not perform decryption operation, and because the data ciphertext and the keyword ciphertext are bound with each other to form a corresponding relationship, when a user retrieves the corresponding keyword ciphertext, the user can submit the corresponding data ciphertext to the user, so that the data ciphertext can be safely protected, and only the keyword ciphertext is retrieved, so that the retrieval efficiency is improved.
The re-encrypted ciphertext generating module uses an agent re-encryption technology; the proxy re-encryption technology is an encryption technology for converting the ciphertext, wherein the cloud server plays a role of a proxy server and can convert the ciphertext which can be searched by an authorizer into the ciphertext which can be searched by the authorizer.
The proxy re-encryption technology is one-hop and one-way; according to the conversion times of the ciphertext in the proxy re-encryption, the proxy re-encryption scheme can be divided into a single hop and a multi-hop, wherein the single hop means that the proxy re-encryption scheme can only allow the ciphertext to be converted once, namely, the proxy re-encryption can only be performed once; multi-hop means that the ciphertext can be converted multiple times; the agent re-encryption can be divided into two-way encryption and one-way encryption according to the conversion direction of the ciphertext, wherein the two-way encryption means that the agent can convert the ciphertext decrypted by the A into the ciphertext decrypted by the B and can convert the ciphertext decrypted by the B into the ciphertext decrypted by the A; one-way means that only a ciphertext that a can decrypt is allowed to be converted into a ciphertext that B can decrypt.
The following describes an example of an attribute-based ciphertext retrieval method supporting proxy re-encryption in cloud computing.
As shown in fig. 1 to 3, the present invention further provides an attribute-based ciphertext retrieval method supporting proxy re-encryption in cloud computing, which includes the following steps:
step 1: inputting a security parameter kappa and a global attribute U, generating a system public key and a system master key by a private key generation center, wherein the public key is public, and the system master key is stored by the private key generation center, and the specific determination method comprises the following steps:
Figure GDA0002539089840000071
where PK represents the system public key, eαIs a multi-linear mapping eα:G0×Gα→Gα+1|α=0,1,2},gjIs a prime p-order cyclic group GjJ is 0,1,2,3, and has gα+1=eα(g0,gα) H is a secure hash function,
Figure GDA0002539089840000072
MSK ═ (a, b, c) formula 2
Wherein MSK is system master key, a, b, c are integer group Z of order ppRandom integer of (1).
And after the initialization module is executed, continuing to execute the step 2.
Step 2: inputting a system public key PK, a system master key MSK and a user attribute set S, and generating a corresponding private key SK by a private key generation centerSThe device is used for a threshold calculation module and a re-encryption key generation module.
SKS=(K,L,{Kx}x∈S) Formula 3
Wherein SKSRepresents the private key, K, L, KxAll are components of a private key, and a random value t ∈ Z is selectedpThen calculate
Figure GDA0002539089840000081
For any attribute x in the attribute set S, there is Kx=H(x)t
Before uploading the data file to the cloud server, the data file and the keywords must be encrypted and then uploaded for data security and privacy, and step 3 is executed.
And step 3: the system public key PK, the keyword w and the access structure (M, ρ) are entered and the data owner performs the encryption algorithm. In the access structure (M, ρ), M is a l × n linear matrix, ρ is a single mapping function, and each row of the matrix can be mapped to a user attribute, where the specific encryption process includes the following steps:
CPH=(W1,W2,W3,{Ci,Di}1≤i≤l) Formula 4
Wherein CPH represents ciphertext, W1,W2,W3,Ci,DiIs a component of the ciphertext and randomly selects two random values q1,q2Then a set of random values is selected to form a random vector
Figure GDA0002539089840000082
For the access matrix from row 1 to row l
Figure GDA0002539089840000083
Wherein M isiIs the vector corresponding to the ith row of the matrix M, and finally, a random value r is selected1,r2,…,rl∈Zp
Figure GDA0002539089840000084
Figure GDA0002539089840000085
Wherein w represents a key word, wherein,
Figure GDA0002539089840000086
for the
Figure GDA0002539089840000087
Is provided with
Figure GDA0002539089840000088
Figure GDA0002539089840000089
When the user wants to search the keywords, turning to a threshold generating module and executing the step 4;
and 4, step 4: the user inputs a system public key PK, a user private key SK and a keyword w' to be searched to generate a threshold value, and the specific calculation process comprises the following steps:
TK=(T1,T2,T3,T4,{Tx}x∈S) Formula 5
Wherein TK represents a threshold value, T1,T2,T3,T4,TxIs a component of the threshold value, first a random value s ∈ Z is selectedpCalculating
Figure GDA00025390898400000810
The private key is then blinded with a random value,
Figure GDA00025390898400000811
Figure GDA00025390898400000812
when receiving the threshold value submitted by the user during retrieval, the cloud server transfers the threshold value to a ciphertext retrieval module and executes the step 5;
and 5: inputting a system public key PK, a user threshold TK and a keyword ciphertext CPH, and searching by a cloud server, wherein the specific process comprises the following steps:
step 5-1: firstly, judging whether the attribute set of the data searcher meets the access structure, namely verifying:
Figure GDA0002539089840000091
if the attributes satisfy the access structure, then the constant vector ω can be found within the polynomial timei∈Zp}i∈ISo that
Figure GDA0002539089840000092
Wherein
Figure GDA0002539089840000093
If the formula 6 is satisfied, namely the attribute of the searcher satisfies the access structure, otherwise, the formula 6 is not satisfied, which indicates that the attribute in the private key does not satisfy the access structure in the ciphertext, and outputs ≠ to represent that the retrieval fails;
step 5-2: if the formula 6 is satisfied, then, whether the keyword w' to be searched is equal to the keyword w in the keyword ciphertext is judged, that is, the Eroot. e is verified0(W2,T2)=e0(W1,T1)e0(T3,W3) Whether or not this is true. The verification process is as follows:
Figure GDA0002539089840000094
if the formula 7 is established, the keywords are consistent, the server successfully retrieves the keyword file and then outputs 1, which represents that the search is successful; otherwise, outputting a judgment value of 0 to indicate that the retrieval is failed.
If the authorized user (the authorized user is referred to as a data searcher before and at step 5, the authorized user is referred to as a proxy, and is referred to as a data searcher before proxy is not performed) wants to authorize the search authority to other users when the authorized user is not online, the authorized user goes to a re-encryption key generation module, and step 6 is executed;
step 6: inputting a system public key PK, inputting a private key SK of an authorized user and a new access structure (M ', rho'), wherein in the access structure (M ', rho'), M 'is a linear matrix of l' x n ', and rho' is a single mapping function, each row of the matrix can be mapped into a user attribute, and the authorized user generates a re-encryption key and then sends the re-encryption key to a proxy server, and the specific process is as follows:
RK=(V1,V2,V3,{C′i′,D′i′}1≤i′≤l′,R1,R2,R3,R4,{Rx}x∈S) Formula 8
Wherein RK represents a re-encryption key, V1,V2,V3,C′i′,D′i′,R1,R2,R3,R4,RxIs a component of the re-encryption key; first, a random value E is selectedR{0,1}κAnd then encrypted in accordance with the original ciphertext generation method. Firstly, randomly selecting two random values q'1,q′2Then a set of random values is selected to form a random vector
Figure GDA0002539089840000095
For the access matrix from row 1 to row l
Figure GDA0002539089840000096
Wherein M'i′Is a vector corresponding to the ith 'row of the matrix M', and finally a random value r 'is selected'1,r′2,…,r′l′∈Zp
Figure GDA0002539089840000097
For the
Figure GDA0002539089840000098
Is provided with
Figure GDA0002539089840000099
Figure GDA0002539089840000101
Then selecting a random value mu epsilon ZpCalculating
Figure GDA0002539089840000102
Figure GDA0002539089840000103
For the
Figure GDA0002539089840000104
Is provided with
Figure GDA0002539089840000105
When the proxy server receives the re-encryption key provided by the authorizer, the proxy server goes to a re-encryption module, and the proxy server executes the step 7;
and 7: inputting a system public key PK, an original ciphertext CPH and a re-encryption key RK, and calculating by the proxy server to obtain a re-encryption key ciphertext, wherein the specific process is as follows:
RCPH=(A1,V1,V2,V3,{C′i′,D′i′}1≤i′≤l′) Formula 9
Wherein RCPH represents the re-encrypted ciphertext, A1,V1,V2,V3,Ci″,Di"is a component of the re-encrypted ciphertext, where
Figure GDA0002539089840000106
The calculation is as follows:
Figure GDA0002539089840000107
when the cloud server receives the keyword matching request of the authorized user, the cloud server transfers the keyword matching request to a re-encryption ciphertext retrieval module, and step 8 is executed;
and 8: inputting a system public key PK, a threshold TK of an authorized person and a re-encrypted ciphertext RCPH, and executing re-encrypted ciphertext retrieval by a cloud server, wherein the specific process comprises the following steps:
step 8-1: firstly, judging whether an attribute set in a private key of an authorized user meets a new access structure (M ', rho'), if so, executing a step 8-2, otherwise, outputting inverted T to represent that the retrieval is failed;
step 8-2: firstly, according to threshold of authorized person and re-encrypted ciphertext calculating X-B1/e0(V2,T2) The threshold generation process of the authorized person is the same as step 4, wherein B1The calculation is as follows:
Figure GDA0002539089840000108
x is calculated next:
Figure GDA0002539089840000111
finally verify equation e2(V1,e1(T′2,A1))=e2(W1,e1(R2X)) whether or not
Namely, it is
Figure GDA0002539089840000112
If w is w', namely the keyword in the re-encrypted keyword cipher text is consistent with the keyword in the threshold value, the formula 12 is established, a judgment value 1 is output, and the server successfully searches the keyword file. Otherwise, outputting a judgment value of 0 to indicate that the retrieval is failed.
In conclusion, the preferred embodiments of the present invention are described, it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the spirit of the present invention, and these modifications and decorations should be regarded as being within the protection scope of the present invention.

Claims (8)

1. An attribute-based ciphertext retrieval system supporting proxy re-encryption is characterized by comprising an initialization module, a private key generation module, a ciphertext generation module, a threshold generation module, a ciphertext retrieval module, a re-encryption key generation module, a re-encryption ciphertext generation module and a re-encryption ciphertext retrieval module; wherein:
an initialization module: generating a system public key and a system master key by a private key generation center, wherein the system public key is public, and the system master key is stored by the private key generation center;
a private key generation module: generating a private key used by the user for decrypting the encrypted file according to the attribute set of the user;
the ciphertext generation module: the data owner utilizes the LSSS access structure to encrypt the key words and generate key word cryptographs;
a threshold generation module: the server encrypts and generates a threshold value according to a private key owned by a user and a keyword to be searched;
the ciphertext retrieval module: when the attribute of the private key owned by the user meets the access structure in the keyword ciphertext and the keyword to be searched in the threshold value is equal to the keyword in the keyword ciphertext, ciphertext retrieval is carried out, otherwise, the retrieval is failed;
a re-encryption key generation module: the authorized user generates a re-encryption key according to the private key of the authorized user and the new access structure, and then transmits the re-encryption key to the proxy server;
the re-encrypted ciphertext generating module: the proxy server re-encrypts the original ciphertext according to a re-encryption key provided by the authorized user to generate a re-encryption key ciphertext;
the re-encrypted ciphertext retrieval module: and when the attribute in the user private key meets the access structure in the re-encrypted keyword ciphertext and the threshold value of the keyword to be searched is equal to the keyword in the re-encrypted keyword ciphertext, searching the re-encrypted ciphertext, otherwise, failing to search.
2. The system of claim 1, wherein the ciphertext generation module uses an attribute-based encryption algorithm CP-ABE of the ciphertext policy.
3. The system of claim 1, wherein the threshold generation module blinds the private key using a random value and uploads the blinded private key to the cloud server.
4. The system of claim 1, wherein the re-encrypted ciphertext generation module uses a proxy re-encryption technique.
5. An attribute-based ciphertext retrieval method supporting proxy re-encryption, the method comprising:
step 1: inputting a security parameter kappa and a global attribute U, and generating a system public key and a system master key by a private key generation center, wherein the system public key PK is public, and the system master key MSK is stored by the private key generation center:
Figure FDA0002585221130000011
MSK=(a,b,c)
wherein e isαIs a multi-linear mapping eα:G0×Gα→Gα+1|α=0,1,2},gjIs a prime p-order cyclic group GjJ is 0,1,2,3, and has gα+1=eα(g0,gα) H is a secure hash function,
Figure FDA0002585221130000021
a, b, c are integer groups Z of order ppRandom integers of (a);
step 2: inputting a system public key PK, a system master key MSK and a user attribute set S, and generating a corresponding private key SK by a private key generation centerS
SKS=(K,L,{Kx}x∈S)
Wherein the content of the first and second substances,
Figure FDA0002585221130000022
Kx=H(x)th (-) is the hash function in step 1; the random value t is belonged to Zp
And step 3: inputting a system public key PK, a keyword w and an access structure (M, rho), executing an encryption algorithm by a data owner, and generating a keyword ciphertext CPH:
CPH=(W1,W2,W3,{Ci,Di}1≤i≤l)
wherein M is a linear matrix of l rows and n columns, and ρ is a single mapping function that maps each row of matrix M to a user attribute;
Figure FDA0002585221130000023
q1,q2are two random values; for the
Figure FDA0002585221130000024
Is provided with
Figure FDA0002585221130000025
For M from line 1 to line l there is
Figure FDA0002585221130000026
MiIs the vector corresponding to the ith row of the matrix M,
Figure FDA0002585221130000027
y2,…,ynis a set of random values, ρ (-) is a single mapping function ρ;
and 4, step 4: user input system public key PK and user private key SKSAnd generating a threshold TK with the keyword w' to be searched:
TK=(T1,T2,T3,T4,{Tx}x∈S)
wherein the content of the first and second substances,
Figure FDA0002585221130000028
Tx=(Kx)s=H(x)tsthe random value s is equal to Zp
And 5: if the authorized user grants the retrieval authority to other users, executing the step 6, otherwise, inputting a system public key PK, a user threshold TK and a keyword ciphertext CPH, and performing ciphertext retrieval by the cloud server, wherein the specific process comprises the following steps:
step 5-1: firstly, judging whether an attribute set in a private key of a data searcher meets an access structure (M, rho), if so, executing a step 5-2, otherwise, outputting inverted T to represent retrieval failure;
step 5-2: judging whether the keyword w' to be searched is equal to the keyword w in the keyword ciphertext, if so, judging that the keywords are consistent, and if so, successfully searching the keyword file by the server and then outputting a judgment value 1 to represent that the search is successful; otherwise, outputting a judgment value of 0 to indicate that the retrieval is failed;
step 6: inputting system public key PK and authorizing user to input own private key SKSAnd a new access structure (M ', ρ'), the re-encryption key RK being generated by the authorized user and then sent to the proxy server:
RK=(V1,V2,V3,{C′i′,D′i′}1≤i′≤l′,R1,R2,R3,R4,{Rx}x∈S)
where M ' is a linear matrix of l ' rows and n ' columns, and ρ ' is a single mapping function that maps each row of matrix M ' to a user attribute;
Figure FDA0002585221130000031
q′1,q′2for two random values, the random value ∈R{0,1}κ(ii) a For the
Figure FDA0002585221130000032
Is provided with
Figure FDA0002585221130000033
For M 'from line 1 to line l')
Figure FDA0002585221130000034
M′i′Is the vector corresponding to the ith' row of the matrix M,
Figure FDA0002585221130000035
y′2,…,y′nis a set of random values; random value mu epsilon Zp
Figure FDA0002585221130000036
For the
Figure FDA0002585221130000037
Is provided with
Figure FDA0002585221130000038
And 7: inputting a system public key PK, an original ciphertext CPH and a re-encryption key RK, and calculating by the proxy server to obtain a re-encryption key ciphertext RCPH:
RCPH=(A1,V1,V2,V3,{C′i′,D′i′}1≤i′≤l′)
wherein the content of the first and second substances,
Figure FDA0002585221130000039
and 8: when the cloud server receives a keyword matching request of an authorized user, inputting a system public key PK, a threshold value of the authorized user and a re-encrypted keyword ciphertext RCPH, and executing re-encrypted keyword ciphertext retrieval by the cloud server, wherein the specific process comprises the following steps:
step 8-1: firstly, judging whether an attribute set in a private key of an authorized user meets a new access structure (M ', rho'), if so, executing a step 8-2, otherwise, outputting inverted T to represent that the retrieval is failed;
step 8-2: judging whether the keyword to be searched is equal to the keyword w in the re-encrypted keyword ciphertext, if so, judging that the keywords are consistent, and if so, successfully searching the keyword file by the server and then outputting a judgment value 1 to represent that the search is successful; otherwise, outputting a judgment value of 0 to indicate that the retrieval is failed.
6. The method for retrieving the ciphertext based on the attribute, which supports the proxy re-encryption, as claimed in claim 5, wherein the threshold value of the authorized user in step 8 is generated according to the threshold value generation method in step 4.
7. The method for retrieving the ciphertext based on the attribute and supporting the proxy re-encryption as claimed in claim 5, wherein the step 5-1 is to determine whether the attribute set in the private key satisfies the access structure (M, p), that is, the verification equation
Figure FDA00025852211300000310
Whether or not:
finding a constant vector [ omega ] in polynomial timei∈Zp}i∈ISo that
Figure FDA00025852211300000311
Wherein
Figure FDA00025852211300000312
If I ═ I, [ ρ (I) ∈ S ], ρ (·) is the single mapping function in step 3, the equation is true, i.e., it represents whether the attribute set satisfies the access structure, otherwise, the equation is false, i.e., it represents that the attribute set does not satisfy the access structure.
8. The method as claimed in claim 7, wherein the step 5-2 is performed to determine whether the keyword w' to be searched is equal to the keyword w in the keyword ciphertext, that is, the method supports proxy re-encryptionTo verify the equation Eroot. e0(W2,T2)=e0(W1,T1)e0(T3,W3) Whether or not: if the equation is established, the keyword w 'is consistent with the keyword w, otherwise, the keyword w' is inconsistent with the keyword w.
CN201810058235.4A 2018-01-22 2018-01-22 Attribute-based ciphertext retrieval system and method supporting proxy re-encryption Active CN108418681B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810058235.4A CN108418681B (en) 2018-01-22 2018-01-22 Attribute-based ciphertext retrieval system and method supporting proxy re-encryption

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810058235.4A CN108418681B (en) 2018-01-22 2018-01-22 Attribute-based ciphertext retrieval system and method supporting proxy re-encryption

Publications (2)

Publication Number Publication Date
CN108418681A CN108418681A (en) 2018-08-17
CN108418681B true CN108418681B (en) 2020-10-23

Family

ID=63125911

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810058235.4A Active CN108418681B (en) 2018-01-22 2018-01-22 Attribute-based ciphertext retrieval system and method supporting proxy re-encryption

Country Status (1)

Country Link
CN (1) CN108418681B (en)

Families Citing this family (19)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109189727B (en) * 2018-09-14 2021-07-23 江西理工大学 Block chain ciphertext cloud storage sharing method based on attribute proxy re-encryption
CN109120639B (en) * 2018-09-26 2021-03-16 众安信息技术服务有限公司 Data cloud storage encryption method and system based on block chain
CN109510826A (en) * 2018-11-16 2019-03-22 中国人民解放军战略支援部队信息工程大学 Safe and reliable cloud storage method and device based on renewable encryption
CN109740364B (en) * 2019-01-04 2020-12-15 大连大学 Attribute-based ciphertext searching method capable of controlling searching authority
CN109451077A (en) * 2019-01-04 2019-03-08 大连大学 The model that medical cloud search permission is shared
CN109660555B (en) * 2019-01-09 2020-07-14 上海交通大学 Content secure sharing method and system based on proxy re-encryption
CN109872787A (en) * 2019-02-02 2019-06-11 上海龙健信息技术科技有限公司 A kind of publication of distributed data and method for subscribing
CN110138561B (en) * 2019-03-22 2021-09-17 西安电子科技大学 Efficient ciphertext retrieval method based on CP-ABE automatic correction and cloud computing service system
CN110224986B (en) * 2019-05-07 2020-09-25 电子科技大学 Efficient searchable access control method based on hidden policy CP-ABE
CN110474768A (en) * 2019-08-22 2019-11-19 上海豆米科技有限公司 A kind of information safety transmission system and method having the control of group's decrypted rights
CN110610102B (en) * 2019-09-23 2021-06-25 郑州师范学院 Data access method, device and system
CN110851850B (en) * 2019-11-18 2022-11-08 南京邮电大学 Method for realizing searchable encryption system
CN111541535B (en) * 2020-04-17 2021-12-28 西南交通大学 Boolean retrieval attribute-based encryption method capable of verifying search results
CN111698240A (en) * 2020-06-08 2020-09-22 南京工业大学 CP-ABE encryption outsourcing
CN112685763B (en) * 2021-03-18 2021-08-03 上海众旦信息科技有限公司 Data opening method and system based on ciphertext authorized access
CN113630245B (en) * 2021-07-20 2023-12-12 武汉理工大学 Data encryption method and system based on threshold attribute
CN113569271B (en) * 2021-09-27 2022-01-25 深圳前海环融联易信息科技服务有限公司 Threshold proxy re-encryption method based on attribute condition
CN114036240B (en) * 2021-11-25 2024-04-09 北京师范大学 Multi-service provider privacy data sharing system and method based on block chain
CN116319104B (en) * 2023-05-22 2023-08-04 云上(江西)安全技术有限公司 Data security operation method based on attribute re-encryption

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101220160B1 (en) * 2012-03-09 2013-01-11 동국대학교 경주캠퍼스 산학협력단 Secure data management method based on proxy re-encryption in mobile cloud environment
CN103220291A (en) * 2013-04-09 2013-07-24 电子科技大学 Access control method base on attribute encryption algorithm
CN104580205A (en) * 2015-01-05 2015-04-29 南京邮电大学 CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing
CN106375346A (en) * 2016-11-14 2017-02-01 北京邮电大学 Condition-based broadcast agent re-encryption data protection method for cloud environment
CN106452748A (en) * 2016-10-18 2017-02-22 西安电子科技大学 Multiple users-based outsourcing database audit method
CN106656997A (en) * 2016-11-09 2017-05-10 湖南科技学院 Mobile social network based agent proxy re-encryption cross-domain friend-making privacy protection method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101220160B1 (en) * 2012-03-09 2013-01-11 동국대학교 경주캠퍼스 산학협력단 Secure data management method based on proxy re-encryption in mobile cloud environment
CN103220291A (en) * 2013-04-09 2013-07-24 电子科技大学 Access control method base on attribute encryption algorithm
CN104580205A (en) * 2015-01-05 2015-04-29 南京邮电大学 CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing
CN106452748A (en) * 2016-10-18 2017-02-22 西安电子科技大学 Multiple users-based outsourcing database audit method
CN106656997A (en) * 2016-11-09 2017-05-10 湖南科技学院 Mobile social network based agent proxy re-encryption cross-domain friend-making privacy protection method
CN106375346A (en) * 2016-11-14 2017-02-01 北京邮电大学 Condition-based broadcast agent re-encryption data protection method for cloud environment

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"云存储环境下基于属性的密文策略访问控制机制研究";熊安萍;《电子科技大学博士学位论文》;20150401;全文 *
WeiDong Zhong;Xu An Wang;Ziqing Wang;Yi Ding."Proxy Re-encryption with Keyword Search from Anonymous Conditional Proxy Re-encryption".《2011 Seventh International Conference on Computational Intelligence and Security》.2012, *

Also Published As

Publication number Publication date
CN108418681A (en) 2018-08-17

Similar Documents

Publication Publication Date Title
CN108418681B (en) Attribute-based ciphertext retrieval system and method supporting proxy re-encryption
CN108881314B (en) Privacy protection method and system based on CP-ABE ciphertext under fog computing environment
CN110474893B (en) Heterogeneous cross-trust domain secret data secure sharing method and system
CN108768951B (en) Data encryption and retrieval method for protecting file privacy in cloud environment
CN108989026B (en) Method for revoking user attribute in publishing/subscribing environment
CN111835500A (en) Searchable encryption data secure sharing method based on homomorphic encryption and block chain
CN108400871B (en) In conjunction with the searching ciphertext system and method for identity and the support proxy re-encryption of attribute
KR102224998B1 (en) Computer-implemented system and method for protecting sensitive data via data re-encryption
CN112989375B (en) Hierarchical optimization encryption lossless privacy protection method
US20220014367A1 (en) Decentralized computing systems and methods for performing actions using stored private data
GB2514428A (en) Enabling access to data
CN113407627A (en) Intelligent medical network system based on block chain and medical data sharing method
CN113569271A (en) Threshold proxy re-encryption method and system based on attribute condition
CN114036240A (en) Multi-service provider private data sharing system and method based on block chain
CN113515759A (en) Block chain-based power terminal data access control method and system
CN106326666A (en) Health record information management service system
Bhandari et al. A framework for data security and storage in Cloud Computing
CN116662827A (en) Decentralised fine-granularity privacy protection crowdsourcing task matching method and matching system
Mahalakshmi et al. Effectuation of secure authorized deduplication in hybrid cloud
Ramachandran et al. Secure and efficient data forwarding in untrusted cloud environment
CN112000985A (en) Proxy re-encryption method and system with specified condition keyword search function
Madhumala et al. Secure File Storage & Sharing on Cloud Using Cryptography
CN116248289A (en) Industrial Internet identification analysis access control method based on ciphertext attribute encryption
Wang et al. An effective verifiable symmetric searchable encryption scheme in cloud computing
CN110851850A (en) Searchable encryption system based on general circuit access structure

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information

Address after: 210003 Gulou District, Jiangsu, Nanjing new model road, No. 66

Applicant after: NANJING University OF POSTS AND TELECOMMUNICATIONS

Address before: Yuen Road Qixia District of Nanjing City, Jiangsu Province, No. 9 210023

Applicant before: NANJING University OF POSTS AND TELECOMMUNICATIONS

CB02 Change of applicant information
GR01 Patent grant
GR01 Patent grant