CN108418681B - Attribute-based ciphertext retrieval system and method supporting proxy re-encryption - Google Patents
Attribute-based ciphertext retrieval system and method supporting proxy re-encryption Download PDFInfo
- Publication number
- CN108418681B CN108418681B CN201810058235.4A CN201810058235A CN108418681B CN 108418681 B CN108418681 B CN 108418681B CN 201810058235 A CN201810058235 A CN 201810058235A CN 108418681 B CN108418681 B CN 108418681B
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- keyword
- encryption
- key
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/56—Provisioning of proxy services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses an attribute-based ciphertext retrieval system and method supporting proxy re-encryption, which simultaneously realize two functions of safe retrieval by a user and effective sharing of search permission in a cloud environment. The access structure based on the LSSS linear secret sharing matrix adopted by the method not only supports fine-grained attribute description of access users, but also has higher computational efficiency. And in the threshold generation stage, the user key is blinded by using a random value and then submitted to a cloud server, so that the confidentiality and the safety of the user key are ensured. On the other hand, the entrusting problem of the search right when the authorized user is not on line in practical application is considered, the proxy re-encryption technology is introduced, and the cloud server realizes the conversion of the ciphertext, so that the encryption and decryption pressure of the data owner is reduced, and the system efficiency is greatly improved.
Description
Technical Field
The invention relates to an attribute-based ciphertext retrieval system and method supporting proxy re-encryption, and belongs to the technical field of cloud computing.
Background
Cloud computing is an emerging topic in the field of information technology, and is a further development of parallel computing, distributed computing and grid computing. Cloud storage is an important service of cloud computing, which allows data owners to store their data on the cloud, and cloud servers provide all-weather data access to users. An ordinary user can access data in the cloud server at any time and any place only by connecting one terminal, one smart phone or one tablet computer to the internet. For enterprise users, particularly small and medium-sized enterprises with limited funds, cloud computing enables the enterprise users to obtain flexible on-demand services without purchasing a hardware platform with high cost, so that the cost is reduced. Although cloud services provide such benefits, there are many security issues associated with uploading data to the cloud, which deprives the data owner of direct control over private data. To alleviate these concerns, data owners need to encrypt their data before it is stored to the cloud server. However, encryption affects the sharing of data and files. For example, the user cannot search for encrypted data in the cloud server. However, in the present day of rapid development of networks and information explosion, people need to quickly search for required information. Therefore, how to quickly and efficiently find the data which is interested by the user is an essential function in the cloud computing environment.
Searchable encryption is then proposed which enables retrieval of ciphertext, particularly for use in a cloud computing environment. With the rapid development of cloud computing, it is becoming more popular that users can use the massive storage and computing capabilities of cloud servers at a low price. Although public key searchable encryption currently in existence can safely and efficiently complete the search operation, in order to achieve control over the searcher, and a one-to-many communication mode. In 2013, Kulvaibhavh et al constructed a CP-ABE searchable encryption scheme (ABKS), the data owner of the scheme encrypts keywords by using an access structure, when a user wants to search a ciphertext, a key is generated according to the self attribute, the keyword to be retrieved is encrypted to generate a keyword threshold Trap, and the Trap is transmitted to a server. The server judges whether the user key attribute meets the access structure of the ciphertext, the keyword verification can be carried out when the attribute is met, and the server returns the ciphertext containing the search threshold to the user only under the condition that the attribute is matched with the keyword at the same time. The ABE refers to encryption based on attributes, the encryption scheme based on the attributes is divided into two types, namely Key-Policy ABE (KP-ABE) based on attribute encryption of a Key strategy and CP-ABE (Ciphertext-Policy ABE) based on attribute encryption of a Ciphertext strategy. In KP-ABE, the key is related to the access strategy, the cipher text is related to the attribute set, the encryptor can only select descriptive attributes for the data, can not decide who can decrypt the cipher text, and only can trust the key issuer; the attributes in CP-ABE are used to describe the user's private key, and the encryptor can use the access policy to decide which encrypted data can be accessed, but the encryptor does not know who can access the ciphertext. Therefore, the deployment mode of the CP-ABE is closer to that of the traditional access control model, the method can be well suitable for protecting sensitive data in a cloud computing environment, and meanwhile, the access strategy can be controlled more flexibly.
However, the ABKS scheme has some limitations in data sharing, such as the need to not delegate search rights to other users when the authorized user is not online. An effective method is to introduce a Proxy Re-encryption (PRE) technology, set an online semi-trusted Proxy to replace an authorizer to complete the conversion of a ciphertext, and importantly, the Proxy server does not know any information about a plaintext, thereby effectively realizing the sharing of a search right. However, in the existing scheme, the ABKS and the PRE are not well combined, and the requirement that the user is granted the right to safely retrieve and search to other users cannot be met at the same time.
Disclosure of Invention
In order to solve the problem that the granting of the search authority cannot be effectively realized in the searchable encryption scheme based on the attributes in the cloud computing environment, the invention provides an attribute-based ciphertext retrieval system and method supporting proxy re-encryption in the cloud computing. The invention uses the access structure of the LSSS to encrypt the ciphertext, realizes the description of the fine granularity of the attribute of the searcher by the data owner, flexibly controls the access authority and improves the system efficiency.
The invention adopts the following technical scheme for solving the technical problems:
on one hand, the invention provides an attribute-based ciphertext retrieval system supporting proxy re-encryption, which comprises an initialization module, a private key generation module, a ciphertext generation module, a threshold generation module, a ciphertext retrieval module, a re-encryption key generation module, a re-encryption ciphertext generation module and a re-encryption ciphertext retrieval module; wherein:
an initialization module: generating a system public key and a system master key by a private key generation center, wherein the system public key is public, and the system master key is stored by the private key generation center;
a private key generation module: generating a private key used by the user for decrypting the encrypted file according to the attribute set of the user;
the ciphertext generation module: the data owner utilizes the LSSS access structure to encrypt the key words and generate key word cryptographs;
a threshold generation module: the server encrypts and generates a threshold value according to a private key owned by a user and a keyword to be searched;
the ciphertext retrieval module: when the attribute of the private key owned by the user meets the access structure in the keyword ciphertext and the keyword to be searched in the threshold value is equal to the keyword in the keyword ciphertext, ciphertext retrieval is carried out, otherwise, the retrieval is failed;
a re-encryption key generation module: the authorized user generates a re-encryption key according to the private key of the authorized user and the new access structure, and then transmits the re-encryption key to the proxy server;
the re-encrypted ciphertext generating module: the proxy server re-encrypts the original ciphertext according to a re-encryption key provided by the authorized user to generate a re-encryption key ciphertext;
the re-encrypted ciphertext retrieval module: and when the attribute in the user private key meets the access structure in the re-encrypted keyword ciphertext and the threshold value of the keyword to be searched is equal to the keyword in the re-encrypted keyword ciphertext, searching the re-encrypted ciphertext, otherwise, failing to search.
As a further technical scheme of the invention, the ciphertext generating module uses an attribute-based encryption algorithm CP-ABE of a ciphertext strategy.
As a further technical scheme of the invention, the threshold generation module adopts a random value to perform blinding processing on the private key and then upload the private key to the cloud server.
As a further technical scheme of the invention, the re-encrypted ciphertext generation module uses a proxy re-encryption technology.
On the other hand, the invention also provides an attribute-based ciphertext retrieval method supporting proxy re-encryption, which comprises the following steps:
step 1: inputting a security parameter kappa and a global attribute U, and generating a system public key and a system master key by a private key generation center, wherein the system public key PK is public, and the system master key MSK is stored by the private key generation center:
MSK=(a,b,c)
wherein e isαIs a multi-linear mapping eα:G0×Gα→Gα+1|α=0,1,2},gjIs a prime p-order cyclic group GjJ is 0,1,2,3, and has gα+1=eα(g0,gα) H is a secure hash function,a, b, c are integer groups Z of order ppRandom integers of (a);
step 2: inputting a system public key PK, a system master key MSK and a user attribute set S, and generating a corresponding private key SK by a private key generation centerS:
SKS=(K,L,{Kx}x∈S)
Wherein the content of the first and second substances,Kx=H(x)th (-) is the hash function in step 1; the random value t is belonged to Zp;
And step 3: inputting a system public key PK, a keyword w and an access structure (M, rho), executing an encryption algorithm by a data owner, and generating a keyword ciphertext CPH:
CPH=(W1,W2,W3,{Ci,Di}1≤i≤l)
wherein M is a linear matrix of l rows and n columns, and ρ is a single mapping function that maps each row of matrix M to a user attribute;q1,q2are two random values; for theIs provided withFor M from line 1 to line l there isMiIs the vector corresponding to the ith row of the matrix M,y2,…,ynis a set of random values;
and 4, step 4: user input system public key PK and user private key SKSAnd generating a threshold TK with the keyword w' to be searched:
TK=(T1,T2,T3,T4,{Tx}x∈S)
And 5: if the authorized user grants the retrieval authority to other users, executing the step 6, otherwise, inputting a system public key PK, a user threshold TK and a keyword ciphertext CPH, and performing ciphertext retrieval by the cloud server, wherein the specific process comprises the following steps:
step 5-1: firstly, judging whether an attribute set in a private key of a data searcher meets an access structure (M, rho), if so, executing a step 5-2, otherwise, outputting inverted T to represent retrieval failure;
step 5-2: judging whether the keyword w' to be searched is equal to the keyword w in the keyword ciphertext, if so, judging that the keywords are consistent, and if so, successfully searching the keyword file by the server and then outputting a judgment value 1 to represent that the search is successful; otherwise, outputting a judgment value of 0 to indicate that the retrieval is failed;
step 6: inputting system public key PK and authorizing user to input own private key SKSAnd a new access structure (M ', ρ'), the re-encryption key RK being generated by the authorized user and then sent to the proxy server:
RK=(V1,V2,V3,{C′i′,D′i′}1≤i′≤l′,R1,R2,R3,R4,{Rx}x∈S)
where M ' is a linear matrix of l ' rows and n ' columns, and ρ ' is a single mapping function that maps each row of matrix M ' to a user attribute;q′1,q′2for two random values, the random value ∈R{0,1}κ(ii) a For theIs provided withFor M 'from line 1 to line l')M′i′Is the vector corresponding to the ith' row of the matrix M,y′2,…,y′nis a set of random values; random value mu epsilon Zp,For theIs provided with
And 7: inputting a system public key PK, an original ciphertext CPH and a re-encryption key RK, and calculating by the proxy server to obtain a re-encryption key ciphertext RCPH:
RCPH=(A1,V1,V2,V3,{C′i′,D′i′}1≤i′≤l′)
and 8: when the cloud server receives a keyword matching request of an authorized user, inputting a system public key PK, a threshold value of the authorized user and a re-encrypted keyword ciphertext RCPH, and executing re-encrypted keyword ciphertext retrieval by the cloud server, wherein the specific process comprises the following steps:
step 8-1: firstly, judging whether an attribute set in a private key of an authorized user meets a new access structure (M ', rho'), if so, executing a step 8-2, otherwise, outputting inverted T to represent that the retrieval is failed;
step 8-2: judging whether the keyword to be searched is equal to the keyword w in the re-encrypted keyword ciphertext, if so, judging that the keywords are consistent, and if so, successfully searching the keyword file by the server and then outputting a judgment value 1 to represent that the search is successful; otherwise, outputting a judgment value of 0 to indicate that the retrieval is failed.
As a further technical solution of the present invention, the threshold value of the authorized user in step 8 is generated according to the threshold value generation method in step 4.
As a further technical scheme of the invention, in step 5-1, whether the attribute set in the private key meets the access structure (M, rho) is judged, namely, the verification equation is obtainedWhether or not:
finding a constant vector [ omega ] in polynomial timei∈Zp}i∈ISo thatWhereinρ (·) is the single mapping function in step 3, the equation is true, i.e. it represents whether the attribute set satisfies the access structure, otherwise the equation is false, i.e. it represents that the attribute set does not satisfy the access structure.
As a further technical scheme of the invention, step 5-2, judging whether the keyword w ' to be searched is equal to the keyword w in the keyword ciphertext, namely determining that the keyword w ' is equal to the keyword w in the keyword ciphertext, namely the keyword w ' is the verification equation Eroot · e0(W2,T2)=e0(W1,T1)e0(T3,W3) Whether or not: if the equation is established, the keyword w 'is consistent with the keyword w, otherwise, the keyword w' is inconsistent with the keyword w.
Compared with the prior art, the invention adopting the technical scheme has the following technical effects:
1. according to the invention, a searchable encryption scheme of CP-ABE is adopted, an LSSS access structure is adopted to encrypt the ciphertext, an LSSS access strategy can realize fine-grained description of user attributes, the control of a data owner on the file access right is facilitated, the method accords with practical application, in the threshold calculation process, the private key of a user is firstly blinded, the private key is prevented from being leaked at a server, and the privacy of the user is protected;
2. the invention introduces the agent re-encryption technology to convert the encrypted ciphertext under one access structure into the ciphertext under the other access structure, thus realizing that the search authority is entrusted to other users when the authorized user is not on line, greatly reducing the encryption and decryption pressure of the authorized user, and the agent server can not obtain any information about the keyword ciphertext, thereby ensuring the safe access and sharing of data;
3. the invention effectively fuses the searchable encryption technology and the proxy re-encryption technology based on the attribute, fully utilizes the advantages of the searchable encryption technology and the proxy re-encryption technology, ensures the flexible control of the authority of the visitor, realizes the safe access and sharing of data, reduces the calculation cost and improves the system efficiency on the premise of effectively solving the problem of entrusting the search authority when the authorized user is not online in practical application.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Fig. 2 is a flowchart of a specific implementation of the ciphertext re-encryption algorithm of the present invention.
FIG. 3 is a diagram of a system model in a cloud computing environment according to the present invention.
Detailed Description
The technical scheme of the invention is further explained in detail by combining the attached drawings:
the invention discloses an attribute-based ciphertext retrieval system and method supporting proxy re-encryption in a cloud computing environment, which simultaneously realize two functions of safe retrieval and effective sharing of search permission for a user in the cloud environment. The access structure based on the LSSS linear secret sharing matrix adopted by the method not only supports fine-grained attribute description of access users, but also has higher computational efficiency. And in the threshold generation stage, the user key is blinded by using a random value and then submitted to a cloud server, so that the confidentiality and the safety of the user key are ensured. On the other hand, the entrusting problem of the search right when the authorized user is not on line in practical application is considered, the proxy re-encryption technology is introduced, and the cloud server realizes the conversion of the ciphertext, so that the encryption and decryption pressure of the data owner is reduced, and the system efficiency is greatly improved.
The invention relates to an attribute-based ciphertext retrieval system supporting proxy re-encryption in cloud computing, which comprises an initialization module, a private key generation module, a ciphertext generation module, a threshold generation module, a ciphertext retrieval module, a re-encryption key generation module, a re-encryption ciphertext generation module and a re-encryption ciphertext retrieval module.
An initialization module: generating a system public key and a system master key by a private key generation center, wherein the system public key is public, and the system master key is stored by the private key generation center;
a private key generation module: generating a private key used by the user for decrypting the encrypted file according to the attribute set of the user;
the ciphertext generation module: the data owner encrypts the key using the LSSS access structure to generate a key ciphertext.
A threshold generation module: the server encrypts and generates a threshold value according to a private key owned by a user and a keyword to be searched;
the ciphertext retrieval module: and if and only if the attribute in the user private key meets the access structure in the ciphertext and the keyword to be searched in the threshold value is equal to the keyword in the keyword ciphertext, the search is successful, otherwise, the search is failed.
A re-encryption key generation module: the authorized user generates a re-encryption key according to the private key of the authorized user and the new access structure, and then transmits the re-encryption key to the proxy server;
the re-encrypted ciphertext generating module: the proxy server re-encrypts the original ciphertext according to a re-encryption key provided by the authorized user to generate a re-encryption key ciphertext;
the re-encrypted ciphertext retrieval module: and if and only if the attribute in the private key of the authorized user meets the access structure in the re-encrypted keyword ciphertext and the keywords in the threshold value to be searched and the keywords in the re-encrypted keyword ciphertext are equal, the search is successful, otherwise, the search is failed.
The ciphertext generating module uses an encryption algorithm based on CP-ABE; the CP-ABE is an attribute encryption algorithm based on a ciphertext strategy, a private key in the algorithm is related to an attribute set, a ciphertext is related to an access structure, and the authority control of an owner to an accessor is easier to realize; by adopting the LSSS access structure, fine-grained description of the attributes of the accessor can be realized, and the access authority can be flexibly controlled.
The threshold generation module adopts a random value to blindly process the private key and then upload the private key to the cloud server, so that the private key is invisible to an untrusted server, the security of the private key is ensured, and the security of a ciphertext is ensured.
The two retrieval modules (the ciphertext retrieval module and the re-encrypted ciphertext retrieval module) only match keywords and do not perform decryption operation, and because the data ciphertext and the keyword ciphertext are bound with each other to form a corresponding relationship, when a user retrieves the corresponding keyword ciphertext, the user can submit the corresponding data ciphertext to the user, so that the data ciphertext can be safely protected, and only the keyword ciphertext is retrieved, so that the retrieval efficiency is improved.
The re-encrypted ciphertext generating module uses an agent re-encryption technology; the proxy re-encryption technology is an encryption technology for converting the ciphertext, wherein the cloud server plays a role of a proxy server and can convert the ciphertext which can be searched by an authorizer into the ciphertext which can be searched by the authorizer.
The proxy re-encryption technology is one-hop and one-way; according to the conversion times of the ciphertext in the proxy re-encryption, the proxy re-encryption scheme can be divided into a single hop and a multi-hop, wherein the single hop means that the proxy re-encryption scheme can only allow the ciphertext to be converted once, namely, the proxy re-encryption can only be performed once; multi-hop means that the ciphertext can be converted multiple times; the agent re-encryption can be divided into two-way encryption and one-way encryption according to the conversion direction of the ciphertext, wherein the two-way encryption means that the agent can convert the ciphertext decrypted by the A into the ciphertext decrypted by the B and can convert the ciphertext decrypted by the B into the ciphertext decrypted by the A; one-way means that only a ciphertext that a can decrypt is allowed to be converted into a ciphertext that B can decrypt.
The following describes an example of an attribute-based ciphertext retrieval method supporting proxy re-encryption in cloud computing.
As shown in fig. 1 to 3, the present invention further provides an attribute-based ciphertext retrieval method supporting proxy re-encryption in cloud computing, which includes the following steps:
step 1: inputting a security parameter kappa and a global attribute U, generating a system public key and a system master key by a private key generation center, wherein the public key is public, and the system master key is stored by the private key generation center, and the specific determination method comprises the following steps:
where PK represents the system public key, eαIs a multi-linear mapping eα:G0×Gα→Gα+1|α=0,1,2},gjIs a prime p-order cyclic group GjJ is 0,1,2,3, and has gα+1=eα(g0,gα) H is a secure hash function,
MSK ═ (a, b, c) formula 2
Wherein MSK is system master key, a, b, c are integer group Z of order ppRandom integer of (1).
And after the initialization module is executed, continuing to execute the step 2.
Step 2: inputting a system public key PK, a system master key MSK and a user attribute set S, and generating a corresponding private key SK by a private key generation centerSThe device is used for a threshold calculation module and a re-encryption key generation module.
SKS=(K,L,{Kx}x∈S) Formula 3
Wherein SKSRepresents the private key, K, L, KxAll are components of a private key, and a random value t ∈ Z is selectedpThen calculateFor any attribute x in the attribute set S, there is Kx=H(x)t。
Before uploading the data file to the cloud server, the data file and the keywords must be encrypted and then uploaded for data security and privacy, and step 3 is executed.
And step 3: the system public key PK, the keyword w and the access structure (M, ρ) are entered and the data owner performs the encryption algorithm. In the access structure (M, ρ), M is a l × n linear matrix, ρ is a single mapping function, and each row of the matrix can be mapped to a user attribute, where the specific encryption process includes the following steps:
CPH=(W1,W2,W3,{Ci,Di}1≤i≤l) Formula 4
Wherein CPH represents ciphertext, W1,W2,W3,Ci,DiIs a component of the ciphertext and randomly selects two random values q1,q2Then a set of random values is selected to form a random vectorFor the access matrix from row 1 to row lWherein M isiIs the vector corresponding to the ith row of the matrix M, and finally, a random value r is selected1,r2,…,rl∈Zp, Wherein w represents a key word, wherein,for theIs provided with
When the user wants to search the keywords, turning to a threshold generating module and executing the step 4;
and 4, step 4: the user inputs a system public key PK, a user private key SK and a keyword w' to be searched to generate a threshold value, and the specific calculation process comprises the following steps:
TK=(T1,T2,T3,T4,{Tx}x∈S) Formula 5
Wherein TK represents a threshold value, T1,T2,T3,T4,TxIs a component of the threshold value, first a random value s ∈ Z is selectedpCalculatingThe private key is then blinded with a random value,
when receiving the threshold value submitted by the user during retrieval, the cloud server transfers the threshold value to a ciphertext retrieval module and executes the step 5;
and 5: inputting a system public key PK, a user threshold TK and a keyword ciphertext CPH, and searching by a cloud server, wherein the specific process comprises the following steps:
step 5-1: firstly, judging whether the attribute set of the data searcher meets the access structure, namely verifying:
if the attributes satisfy the access structure, then the constant vector ω can be found within the polynomial timei∈Zp}i∈ISo thatWhereinIf the formula 6 is satisfied, namely the attribute of the searcher satisfies the access structure, otherwise, the formula 6 is not satisfied, which indicates that the attribute in the private key does not satisfy the access structure in the ciphertext, and outputs ≠ to represent that the retrieval fails;
step 5-2: if the formula 6 is satisfied, then, whether the keyword w' to be searched is equal to the keyword w in the keyword ciphertext is judged, that is, the Eroot. e is verified0(W2,T2)=e0(W1,T1)e0(T3,W3) Whether or not this is true. The verification process is as follows:
if the formula 7 is established, the keywords are consistent, the server successfully retrieves the keyword file and then outputs 1, which represents that the search is successful; otherwise, outputting a judgment value of 0 to indicate that the retrieval is failed.
If the authorized user (the authorized user is referred to as a data searcher before and at step 5, the authorized user is referred to as a proxy, and is referred to as a data searcher before proxy is not performed) wants to authorize the search authority to other users when the authorized user is not online, the authorized user goes to a re-encryption key generation module, and step 6 is executed;
step 6: inputting a system public key PK, inputting a private key SK of an authorized user and a new access structure (M ', rho'), wherein in the access structure (M ', rho'), M 'is a linear matrix of l' x n ', and rho' is a single mapping function, each row of the matrix can be mapped into a user attribute, and the authorized user generates a re-encryption key and then sends the re-encryption key to a proxy server, and the specific process is as follows:
RK=(V1,V2,V3,{C′i′,D′i′}1≤i′≤l′,R1,R2,R3,R4,{Rx}x∈S) Formula 8
Wherein RK represents a re-encryption key, V1,V2,V3,C′i′,D′i′,R1,R2,R3,R4,RxIs a component of the re-encryption key; first, a random value E is selectedR{0,1}κAnd then encrypted in accordance with the original ciphertext generation method. Firstly, randomly selecting two random values q'1,q′2Then a set of random values is selected to form a random vectorFor the access matrix from row 1 to row lWherein M'i′Is a vector corresponding to the ith 'row of the matrix M', and finally a random value r 'is selected'1,r′2,…,r′l′∈Zp,For theIs provided with Then selecting a random value mu epsilon ZpCalculating For theIs provided with
When the proxy server receives the re-encryption key provided by the authorizer, the proxy server goes to a re-encryption module, and the proxy server executes the step 7;
and 7: inputting a system public key PK, an original ciphertext CPH and a re-encryption key RK, and calculating by the proxy server to obtain a re-encryption key ciphertext, wherein the specific process is as follows:
RCPH=(A1,V1,V2,V3,{C′i′,D′i′}1≤i′≤l′) Formula 9
Wherein RCPH represents the re-encrypted ciphertext, A1,V1,V2,V3,Ci″,Di"is a component of the re-encrypted ciphertext, whereThe calculation is as follows:
when the cloud server receives the keyword matching request of the authorized user, the cloud server transfers the keyword matching request to a re-encryption ciphertext retrieval module, and step 8 is executed;
and 8: inputting a system public key PK, a threshold TK of an authorized person and a re-encrypted ciphertext RCPH, and executing re-encrypted ciphertext retrieval by a cloud server, wherein the specific process comprises the following steps:
step 8-1: firstly, judging whether an attribute set in a private key of an authorized user meets a new access structure (M ', rho'), if so, executing a step 8-2, otherwise, outputting inverted T to represent that the retrieval is failed;
step 8-2: firstly, according to threshold of authorized person and re-encrypted ciphertext calculating X-B1/e0(V2,T2) The threshold generation process of the authorized person is the same as step 4, wherein B1The calculation is as follows:
x is calculated next:
finally verify equation e2(V1,e1(T′2,A1))=e2(W1,e1(R2X)) whether or not
If w is w', namely the keyword in the re-encrypted keyword cipher text is consistent with the keyword in the threshold value, the formula 12 is established, a judgment value 1 is output, and the server successfully searches the keyword file. Otherwise, outputting a judgment value of 0 to indicate that the retrieval is failed.
In conclusion, the preferred embodiments of the present invention are described, it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the spirit of the present invention, and these modifications and decorations should be regarded as being within the protection scope of the present invention.
Claims (8)
1. An attribute-based ciphertext retrieval system supporting proxy re-encryption is characterized by comprising an initialization module, a private key generation module, a ciphertext generation module, a threshold generation module, a ciphertext retrieval module, a re-encryption key generation module, a re-encryption ciphertext generation module and a re-encryption ciphertext retrieval module; wherein:
an initialization module: generating a system public key and a system master key by a private key generation center, wherein the system public key is public, and the system master key is stored by the private key generation center;
a private key generation module: generating a private key used by the user for decrypting the encrypted file according to the attribute set of the user;
the ciphertext generation module: the data owner utilizes the LSSS access structure to encrypt the key words and generate key word cryptographs;
a threshold generation module: the server encrypts and generates a threshold value according to a private key owned by a user and a keyword to be searched;
the ciphertext retrieval module: when the attribute of the private key owned by the user meets the access structure in the keyword ciphertext and the keyword to be searched in the threshold value is equal to the keyword in the keyword ciphertext, ciphertext retrieval is carried out, otherwise, the retrieval is failed;
a re-encryption key generation module: the authorized user generates a re-encryption key according to the private key of the authorized user and the new access structure, and then transmits the re-encryption key to the proxy server;
the re-encrypted ciphertext generating module: the proxy server re-encrypts the original ciphertext according to a re-encryption key provided by the authorized user to generate a re-encryption key ciphertext;
the re-encrypted ciphertext retrieval module: and when the attribute in the user private key meets the access structure in the re-encrypted keyword ciphertext and the threshold value of the keyword to be searched is equal to the keyword in the re-encrypted keyword ciphertext, searching the re-encrypted ciphertext, otherwise, failing to search.
2. The system of claim 1, wherein the ciphertext generation module uses an attribute-based encryption algorithm CP-ABE of the ciphertext policy.
3. The system of claim 1, wherein the threshold generation module blinds the private key using a random value and uploads the blinded private key to the cloud server.
4. The system of claim 1, wherein the re-encrypted ciphertext generation module uses a proxy re-encryption technique.
5. An attribute-based ciphertext retrieval method supporting proxy re-encryption, the method comprising:
step 1: inputting a security parameter kappa and a global attribute U, and generating a system public key and a system master key by a private key generation center, wherein the system public key PK is public, and the system master key MSK is stored by the private key generation center:
MSK=(a,b,c)
wherein e isαIs a multi-linear mapping eα:G0×Gα→Gα+1|α=0,1,2},gjIs a prime p-order cyclic group GjJ is 0,1,2,3, and has gα+1=eα(g0,gα) H is a secure hash function,a, b, c are integer groups Z of order ppRandom integers of (a);
step 2: inputting a system public key PK, a system master key MSK and a user attribute set S, and generating a corresponding private key SK by a private key generation centerS:
SKS=(K,L,{Kx}x∈S)
Wherein the content of the first and second substances,Kx=H(x)th (-) is the hash function in step 1; the random value t is belonged to Zp;
And step 3: inputting a system public key PK, a keyword w and an access structure (M, rho), executing an encryption algorithm by a data owner, and generating a keyword ciphertext CPH:
CPH=(W1,W2,W3,{Ci,Di}1≤i≤l)
wherein M is a linear matrix of l rows and n columns, and ρ is a single mapping function that maps each row of matrix M to a user attribute;q1,q2are two random values; for theIs provided withFor M from line 1 to line l there isMiIs the vector corresponding to the ith row of the matrix M,y2,…,ynis a set of random values, ρ (-) is a single mapping function ρ;
and 4, step 4: user input system public key PK and user private key SKSAnd generating a threshold TK with the keyword w' to be searched:
TK=(T1,T2,T3,T4,{Tx}x∈S)
wherein the content of the first and second substances,Tx=(Kx)s=H(x)tsthe random value s is equal to Zp;
And 5: if the authorized user grants the retrieval authority to other users, executing the step 6, otherwise, inputting a system public key PK, a user threshold TK and a keyword ciphertext CPH, and performing ciphertext retrieval by the cloud server, wherein the specific process comprises the following steps:
step 5-1: firstly, judging whether an attribute set in a private key of a data searcher meets an access structure (M, rho), if so, executing a step 5-2, otherwise, outputting inverted T to represent retrieval failure;
step 5-2: judging whether the keyword w' to be searched is equal to the keyword w in the keyword ciphertext, if so, judging that the keywords are consistent, and if so, successfully searching the keyword file by the server and then outputting a judgment value 1 to represent that the search is successful; otherwise, outputting a judgment value of 0 to indicate that the retrieval is failed;
step 6: inputting system public key PK and authorizing user to input own private key SKSAnd a new access structure (M ', ρ'), the re-encryption key RK being generated by the authorized user and then sent to the proxy server:
RK=(V1,V2,V3,{C′i′,D′i′}1≤i′≤l′,R1,R2,R3,R4,{Rx}x∈S)
where M ' is a linear matrix of l ' rows and n ' columns, and ρ ' is a single mapping function that maps each row of matrix M ' to a user attribute;q′1,q′2for two random values, the random value ∈R{0,1}κ(ii) a For theIs provided withFor M 'from line 1 to line l')M′i′Is the vector corresponding to the ith' row of the matrix M,y′2,…,y′nis a set of random values; random value mu epsilon Zp,For theIs provided with
And 7: inputting a system public key PK, an original ciphertext CPH and a re-encryption key RK, and calculating by the proxy server to obtain a re-encryption key ciphertext RCPH:
RCPH=(A1,V1,V2,V3,{C′i′,D′i′}1≤i′≤l′)
and 8: when the cloud server receives a keyword matching request of an authorized user, inputting a system public key PK, a threshold value of the authorized user and a re-encrypted keyword ciphertext RCPH, and executing re-encrypted keyword ciphertext retrieval by the cloud server, wherein the specific process comprises the following steps:
step 8-1: firstly, judging whether an attribute set in a private key of an authorized user meets a new access structure (M ', rho'), if so, executing a step 8-2, otherwise, outputting inverted T to represent that the retrieval is failed;
step 8-2: judging whether the keyword to be searched is equal to the keyword w in the re-encrypted keyword ciphertext, if so, judging that the keywords are consistent, and if so, successfully searching the keyword file by the server and then outputting a judgment value 1 to represent that the search is successful; otherwise, outputting a judgment value of 0 to indicate that the retrieval is failed.
6. The method for retrieving the ciphertext based on the attribute, which supports the proxy re-encryption, as claimed in claim 5, wherein the threshold value of the authorized user in step 8 is generated according to the threshold value generation method in step 4.
7. The method for retrieving the ciphertext based on the attribute and supporting the proxy re-encryption as claimed in claim 5, wherein the step 5-1 is to determine whether the attribute set in the private key satisfies the access structure (M, p), that is, the verification equationWhether or not:
finding a constant vector [ omega ] in polynomial timei∈Zp}i∈ISo thatWhereinIf I ═ I, [ ρ (I) ∈ S ], ρ (·) is the single mapping function in step 3, the equation is true, i.e., it represents whether the attribute set satisfies the access structure, otherwise, the equation is false, i.e., it represents that the attribute set does not satisfy the access structure.
8. The method as claimed in claim 7, wherein the step 5-2 is performed to determine whether the keyword w' to be searched is equal to the keyword w in the keyword ciphertext, that is, the method supports proxy re-encryptionTo verify the equation Eroot. e0(W2,T2)=e0(W1,T1)e0(T3,W3) Whether or not: if the equation is established, the keyword w 'is consistent with the keyword w, otherwise, the keyword w' is inconsistent with the keyword w.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810058235.4A CN108418681B (en) | 2018-01-22 | 2018-01-22 | Attribute-based ciphertext retrieval system and method supporting proxy re-encryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810058235.4A CN108418681B (en) | 2018-01-22 | 2018-01-22 | Attribute-based ciphertext retrieval system and method supporting proxy re-encryption |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108418681A CN108418681A (en) | 2018-08-17 |
CN108418681B true CN108418681B (en) | 2020-10-23 |
Family
ID=63125911
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810058235.4A Active CN108418681B (en) | 2018-01-22 | 2018-01-22 | Attribute-based ciphertext retrieval system and method supporting proxy re-encryption |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108418681B (en) |
Families Citing this family (19)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109189727B (en) * | 2018-09-14 | 2021-07-23 | 江西理工大学 | Block chain ciphertext cloud storage sharing method based on attribute proxy re-encryption |
CN109120639B (en) * | 2018-09-26 | 2021-03-16 | 众安信息技术服务有限公司 | Data cloud storage encryption method and system based on block chain |
CN109510826A (en) * | 2018-11-16 | 2019-03-22 | 中国人民解放军战略支援部队信息工程大学 | Safe and reliable cloud storage method and device based on renewable encryption |
CN109740364B (en) * | 2019-01-04 | 2020-12-15 | 大连大学 | Attribute-based ciphertext searching method capable of controlling searching authority |
CN109451077A (en) * | 2019-01-04 | 2019-03-08 | 大连大学 | The model that medical cloud search permission is shared |
CN109660555B (en) * | 2019-01-09 | 2020-07-14 | 上海交通大学 | Content secure sharing method and system based on proxy re-encryption |
CN109872787A (en) * | 2019-02-02 | 2019-06-11 | 上海龙健信息技术科技有限公司 | A kind of publication of distributed data and method for subscribing |
CN110138561B (en) * | 2019-03-22 | 2021-09-17 | 西安电子科技大学 | Efficient ciphertext retrieval method based on CP-ABE automatic correction and cloud computing service system |
CN110224986B (en) * | 2019-05-07 | 2020-09-25 | 电子科技大学 | Efficient searchable access control method based on hidden policy CP-ABE |
CN110474768A (en) * | 2019-08-22 | 2019-11-19 | 上海豆米科技有限公司 | A kind of information safety transmission system and method having the control of group's decrypted rights |
CN110610102B (en) * | 2019-09-23 | 2021-06-25 | 郑州师范学院 | Data access method, device and system |
CN110851850B (en) * | 2019-11-18 | 2022-11-08 | 南京邮电大学 | Method for realizing searchable encryption system |
CN111541535B (en) * | 2020-04-17 | 2021-12-28 | 西南交通大学 | Boolean retrieval attribute-based encryption method capable of verifying search results |
CN111698240A (en) * | 2020-06-08 | 2020-09-22 | 南京工业大学 | CP-ABE encryption outsourcing |
CN112685763B (en) * | 2021-03-18 | 2021-08-03 | 上海众旦信息科技有限公司 | Data opening method and system based on ciphertext authorized access |
CN113630245B (en) * | 2021-07-20 | 2023-12-12 | 武汉理工大学 | Data encryption method and system based on threshold attribute |
CN113569271B (en) * | 2021-09-27 | 2022-01-25 | 深圳前海环融联易信息科技服务有限公司 | Threshold proxy re-encryption method based on attribute condition |
CN114036240B (en) * | 2021-11-25 | 2024-04-09 | 北京师范大学 | Multi-service provider privacy data sharing system and method based on block chain |
CN116319104B (en) * | 2023-05-22 | 2023-08-04 | 云上(江西)安全技术有限公司 | Data security operation method based on attribute re-encryption |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101220160B1 (en) * | 2012-03-09 | 2013-01-11 | 동국대학교 경주캠퍼스 산학협력단 | Secure data management method based on proxy re-encryption in mobile cloud environment |
CN103220291A (en) * | 2013-04-09 | 2013-07-24 | 电子科技大学 | Access control method base on attribute encryption algorithm |
CN104580205A (en) * | 2015-01-05 | 2015-04-29 | 南京邮电大学 | CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing |
CN106375346A (en) * | 2016-11-14 | 2017-02-01 | 北京邮电大学 | Condition-based broadcast agent re-encryption data protection method for cloud environment |
CN106452748A (en) * | 2016-10-18 | 2017-02-22 | 西安电子科技大学 | Multiple users-based outsourcing database audit method |
CN106656997A (en) * | 2016-11-09 | 2017-05-10 | 湖南科技学院 | Mobile social network based agent proxy re-encryption cross-domain friend-making privacy protection method |
-
2018
- 2018-01-22 CN CN201810058235.4A patent/CN108418681B/en active Active
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR101220160B1 (en) * | 2012-03-09 | 2013-01-11 | 동국대학교 경주캠퍼스 산학협력단 | Secure data management method based on proxy re-encryption in mobile cloud environment |
CN103220291A (en) * | 2013-04-09 | 2013-07-24 | 电子科技大学 | Access control method base on attribute encryption algorithm |
CN104580205A (en) * | 2015-01-05 | 2015-04-29 | 南京邮电大学 | CP-ABE-based fixed ciphertext length proxy re-encryption system and method in cloud computing |
CN106452748A (en) * | 2016-10-18 | 2017-02-22 | 西安电子科技大学 | Multiple users-based outsourcing database audit method |
CN106656997A (en) * | 2016-11-09 | 2017-05-10 | 湖南科技学院 | Mobile social network based agent proxy re-encryption cross-domain friend-making privacy protection method |
CN106375346A (en) * | 2016-11-14 | 2017-02-01 | 北京邮电大学 | Condition-based broadcast agent re-encryption data protection method for cloud environment |
Non-Patent Citations (2)
Title |
---|
"云存储环境下基于属性的密文策略访问控制机制研究";熊安萍;《电子科技大学博士学位论文》;20150401;全文 * |
WeiDong Zhong;Xu An Wang;Ziqing Wang;Yi Ding."Proxy Re-encryption with Keyword Search from Anonymous Conditional Proxy Re-encryption".《2011 Seventh International Conference on Computational Intelligence and Security》.2012, * |
Also Published As
Publication number | Publication date |
---|---|
CN108418681A (en) | 2018-08-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108418681B (en) | Attribute-based ciphertext retrieval system and method supporting proxy re-encryption | |
CN108881314B (en) | Privacy protection method and system based on CP-ABE ciphertext under fog computing environment | |
CN110474893B (en) | Heterogeneous cross-trust domain secret data secure sharing method and system | |
CN108768951B (en) | Data encryption and retrieval method for protecting file privacy in cloud environment | |
CN108989026B (en) | Method for revoking user attribute in publishing/subscribing environment | |
CN111835500A (en) | Searchable encryption data secure sharing method based on homomorphic encryption and block chain | |
CN108400871B (en) | In conjunction with the searching ciphertext system and method for identity and the support proxy re-encryption of attribute | |
KR102224998B1 (en) | Computer-implemented system and method for protecting sensitive data via data re-encryption | |
CN112989375B (en) | Hierarchical optimization encryption lossless privacy protection method | |
US20220014367A1 (en) | Decentralized computing systems and methods for performing actions using stored private data | |
GB2514428A (en) | Enabling access to data | |
CN113407627A (en) | Intelligent medical network system based on block chain and medical data sharing method | |
CN113569271A (en) | Threshold proxy re-encryption method and system based on attribute condition | |
CN114036240A (en) | Multi-service provider private data sharing system and method based on block chain | |
CN113515759A (en) | Block chain-based power terminal data access control method and system | |
CN106326666A (en) | Health record information management service system | |
Bhandari et al. | A framework for data security and storage in Cloud Computing | |
CN116662827A (en) | Decentralised fine-granularity privacy protection crowdsourcing task matching method and matching system | |
Mahalakshmi et al. | Effectuation of secure authorized deduplication in hybrid cloud | |
Ramachandran et al. | Secure and efficient data forwarding in untrusted cloud environment | |
CN112000985A (en) | Proxy re-encryption method and system with specified condition keyword search function | |
Madhumala et al. | Secure File Storage & Sharing on Cloud Using Cryptography | |
CN116248289A (en) | Industrial Internet identification analysis access control method based on ciphertext attribute encryption | |
Wang et al. | An effective verifiable symmetric searchable encryption scheme in cloud computing | |
CN110851850A (en) | Searchable encryption system based on general circuit access structure |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
CB02 | Change of applicant information |
Address after: 210003 Gulou District, Jiangsu, Nanjing new model road, No. 66 Applicant after: NANJING University OF POSTS AND TELECOMMUNICATIONS Address before: Yuen Road Qixia District of Nanjing City, Jiangsu Province, No. 9 210023 Applicant before: NANJING University OF POSTS AND TELECOMMUNICATIONS |
|
CB02 | Change of applicant information | ||
GR01 | Patent grant | ||
GR01 | Patent grant |