CN108471405A - A kind of positive secrecy dynamic based on cloud disk can search for encrypted Protocol Design Method - Google Patents

A kind of positive secrecy dynamic based on cloud disk can search for encrypted Protocol Design Method Download PDF

Info

Publication number
CN108471405A
CN108471405A CN201810187026.XA CN201810187026A CN108471405A CN 108471405 A CN108471405 A CN 108471405A CN 201810187026 A CN201810187026 A CN 201810187026A CN 108471405 A CN108471405 A CN 108471405A
Authority
CN
China
Prior art keywords
server
protocol
client
file
generate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810187026.XA
Other languages
Chinese (zh)
Inventor
刘凯
林小拉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sun Yat Sen University
Original Assignee
Sun Yat Sen University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sun Yat Sen University filed Critical Sun Yat Sen University
Priority to CN201810187026.XA priority Critical patent/CN108471405A/en
Publication of CN108471405A publication Critical patent/CN108471405A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/13File access structures, e.g. distributed indices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/14Details of searching files based on file metadata
    • G06F16/148File search processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/16File or folder operations, e.g. details of user interfaces specifically adapted to file systems
    • G06F16/162Delete operations
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/78Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure storage of data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Library & Information Science (AREA)
  • Human Computer Interaction (AREA)
  • Storage Device Security (AREA)

Abstract

本发明提供一种基于云盘的正向保密动态可搜索加密的协议设计方法,该方法通过分别对初始化索引协议、添加文件协议、搜索文件协议和删除文件协议进行创新的设计,使得搜索和更新的时间复杂度为别为,更为高效,也更为安全,是可并行化的。

The present invention provides a protocol design method for forward secrecy dynamic searchable encryption based on cloud disk. The method makes search and update by innovatively designing the protocol for initializing index, protocol for adding files, protocol for searching files and protocol for deleting files, respectively. The time complexity of and , is more efficient and safer, and is parallelizable.

Description

一种基于云盘的正向保密动态可搜索加密的协议设计方法A protocol design method for forward secrecy dynamic searchable encryption based on cloud disk

技术领域technical field

本发明涉及信息安全领域领域,更具体地,涉及一种基于云盘的正向保密动态可搜索加密的协议设计方法。The present invention relates to the field of information security, and more specifically, relates to a cloud disk-based forward secrecy dynamic searchable encryption protocol design method.

背景技术Background technique

可搜索加密(Searchable Encryption)是近几年来发展起来的一种支持用户在密文上进行关键字查找的密码学原语,它能够为用户节省大量的网络和计算开销,并充分利用云端服务器庞大的计算资源进行密文上的关键字查找,可搜索加密技术主要解决当数据存储在云端时,服务器不完全可信的前提下如何利用服务器来完成安全的关键字的搜索。可搜索加密主要包含对称可搜索加密(symetric searchable encryption,SSE)和非对称可搜索加密(asymmetric searchable encryption,ASE)两种类型,二者分别在功能和性能方面有不同的侧重点,分别用来解决云计算不同场景下的业务需求问题。在对称环境下,数据的产生者、搜索凭证的产生者以及解密者都是同一个用户。可搜索对称加密体制使得一个用户以私有的方式将自己的数据远程存储在一个半可信的云端服务器上,并保留选择性恢复所需文件的能力。可搜索机密的基本框架是:首先数据拥有者对数据加密并且创建安全索引,然后将加密猴的数据及其安全索引上传到云端服务器进行存储。当用户需要对该文档进行搜索时,利用秘钥对搜索关键字计算其搜索凭证发送给服务器,云服务器利用搜索凭证为用户搜索所需要的文件数据。数据拥有者和用户在不同的网络环境下可以指定为不同或者相同的用户实体。在非对称环境下,假定数据的产生者、搜索凭证的产生者以及解密者是不同的用户实体,是对对称环境下可搜索加密的一种扩展与推广。Searchable Encryption (Searchable Encryption) is a cryptographic primitive developed in recent years that supports users to search for keywords on ciphertext. It can save users a lot of network and computing overhead, and make full use of the huge cloud server. The searchable encryption technology mainly solves how to use the server to complete the safe keyword search under the premise that the server is not completely trusted when the data is stored in the cloud. Searchable encryption mainly includes two types: symmetric searchable encryption (SSE) and asymmetric searchable encryption (ASE), both of which have different emphases in terms of functions and performance, and are used for Solve the business needs of different cloud computing scenarios. In a symmetric environment, the generator of data, the generator of search credentials, and the decryptor are all the same user. The searchable symmetric encryption system enables a user to store his data remotely on a semi-trusted cloud server in a private manner, and retains the ability to selectively restore the required files. The basic framework of searchable secrets is: first, the data owner encrypts the data and creates a security index, and then uploads the encrypted data and its security index to the cloud server for storage. When the user needs to search for the document, the key is used to calculate the search voucher for the search keyword and send it to the server, and the cloud server uses the search voucher to search for the required file data for the user. Data owners and users can be designated as different or the same user entities in different network environments. In an asymmetric environment, it is assumed that the generator of data, the generator of search credentials, and the decryptor are different user entities, which is an extension and promotion of searchable encryption in a symmetric environment.

正向保密要求一个密钥只能访问由它所保护的数据;用来产生密钥的元素一次一换,不能再产生其他的密钥;一个密钥被破解,并不影响其他密钥的安全性。正向保密的一个重要特性就是服务器无法得知新添加的文件是否包含了在之前搜索过的文件中的任何关键字,这就使其对自适应的攻击拥有更强的抗性。第一个支持正向保密的可搜索加密方案是由Stefanov提出的,其搜索和更新的时间复杂度分别为O(dlog3N)和O(log2N)。本文则提出了一种更加高效的且安全的正向保密方案,其搜索和更新的时间复杂度分别为O(d)和O(r),并且是可并行化的,因此可将其与分布式云存储系统相结合。Forward secrecy requires that a key can only access the data protected by it; the elements used to generate the key are changed one at a time, and no other keys can be generated; one key is cracked, and the security of other keys is not affected sex. An important feature of forward secrecy is that the server cannot know whether the newly added file contains any keywords in the previously searched file, which makes it more resistant to adaptive attacks. The first searchable encryption scheme supporting forward secrecy was proposed by Stefanov, whose search and update time complexities are O(dlog 3 N) and O(log 2 N), respectively. This paper proposes a more efficient and secure forward secrecy scheme, whose search and update time complexities are O(d) and O(r) respectively, and can be parallelized, so it can be compared with the distributed Combined with cloud storage system.

发明内容Contents of the invention

本发明提供一种基于云盘的正向保密动态可搜索加密的协议设计方法,该方法,该方法设计出的协议使得动态可搜索加密更为高效,也更为安全。The invention provides a cloud disk-based forward secrecy dynamic searchable encryption protocol design method, the method and the protocol designed by the method make the dynamic searchable encryption more efficient and safer.

为了达到上述技术效果,本发明的技术方案如下:In order to achieve the above-mentioned technical effect, the technical scheme of the present invention is as follows:

一种基于云盘的正向保密动态可搜索加密的协议设计方法,包括以下步骤:A protocol design method for forward secrecy dynamic searchable encryption based on cloud disk, comprising the following steps:

S1:设计初始化索引协议;S1: Design initialization index protocol;

S2:设计添加文件协议;S2: Design and add file protocol;

S3:设计搜索文件协议;S3: Design search file protocol;

S4:设计删除文件协议。S4: Design a delete file protocol.

进一步地,所述步骤S1的过程是:Further, the process of step S1 is:

S11:使用符合要求的伪随机函数生成KGS11: Generate K G using a pseudo-random function that meets the requirements;

S12:生成对称加密算法的秘钥KSKES12: Generate the secret key K SKE of the symmetric encryption algorithm;

S13:将这两个秘钥存储到客户端;S13: store the two secret keys in the client;

S14:生成3个本地索引:FileCnt、SearchCnt和WordCnt;S14: Generate 3 local indexes: FileCnt, SearchCnt and WordCnt;

其中,KG主要用于在添加文件、搜索文件时生成秘钥Kw,以及在删除文件时生成删除秘钥Kf,而KSKE用于使用AES-128-CBC对称加密算法对文件进行加密。Among them, K G is mainly used to generate the secret key K w when adding files and searching files, and generating the deletion key K f when deleting files, while K SKE is used to encrypt files using the AES-128-CBC symmetric encryption algorithm .

进一步地,所述步骤S2的过程是:Further, the process of step S2 is:

S21:统计f包含的关键字个数,生成记录nf=WordCnt[f];S21: count the number of keywords contained in f, and generate a record n f =WordCnt[f];

S22:客户端使用KG和id(f)生成f的删除秘钥Kf=G(KG,id(f));S22: The client uses K G and id(f) to generate f's deletion key K f =G(K G ,id(f));

S23:客户端对f中的所有wi判断:若FileCnt[wi]为空,则FileCnt[wi]=1,若SearchCnt[wi]为空,则SearchCnt[wi]=0;S23: The client judges all w i in f: if FileCnt[ wi ] is empty, then FileCnt[ wi ]=1, if SearchCnt[ wi ] is empty, then SearchCnt[ wi ]=0;

S24:否则FileCnt[wi]++,表明f是第几个包含了关键字wi的;S24: Otherwise, FileCnt[w i ]++ indicates that f is the number one containing the keyword w i ;

S25:客户端使用SearchCnt[wi]计算wi对应的密钥 随后使用计算WPairs中的 S25: The client uses SearchCnt[w i ] to calculate the key corresponding to w i then use Compute the WPairs in and

S26:客户端使用Kf计算FPairs中的而对应的的值即等于WPairs中的值;S26: The client uses K f to calculate the And the corresponding The value is equal to WPairs value;

S27:客户端将文件进行加密,得到密文c,并将c、WPairs和FPairs一并发送给服务器;S27: The client encrypts the file to obtain the ciphertext c, and sends c, WPairs and FPairs to the server;

S28:服务器保存c,并将WPairs和FPairs分别插入到目录DictW和DictF中。S28: The server saves c, and inserts WPairs and FPairs into directories DictW and DictF respectively.

进一步地,所述步骤S3的过程是:Further, the process of step S3 is:

S31:用户生成w对应的密钥 S31: The user generates a key corresponding to w

S32:用户将搜索凭证(Kw,cnt=FileCnt[w])发送给服务器;S32: the user sends the search credential (K w , cnt=FileCnt[w]) to the server;

S33:服务器对i=1to cnt执行搜索操作:S33: The server performs a search operation on i=1to cnt:

计算算出所有符合要求的id(f);calculate Calculate all id(f) that meet the requirements;

S34:服务器通过定位到DictF中的对应项,按次序将存入队列q1,并在每一步删除DictW和DictF中的对应项;S34: The server passed Locate to the corresponding item in DictF, in order Store in queue q 1 , and delete corresponding entries in DictW and DictF at each step;

S35:服务器返回所有的f列表给用户;S35: the server returns all f-lists to the user;

S36:用户维护SearchCnt索引,SearchCnt++;S36: the user maintains the SearchCnt index, SearchCnt++;

S37:生成新的Kw,计算新的WPairs和FPairs发送给服务器;S37: Generate a new K w , calculate new WPairs and FPairs and send them to the server;

S38:服务器接收并更新目录DictW和DictF。S38: The server receives and updates the directories DictW and DictF.

进一步地,所述步骤S4的过程是:Further, the process of step S4 is:

S41:客户端生成删除秘钥Kf=G(KG,id(f));S41: The client generates a deletion key K f =G(K G ,id(f));

S42:客户端获取nf=WordCnt[id(f)],并删除WordCnt[id(f)];S42: The client acquires n f =WordCnt[id(f)], and deletes WordCnt[id(f)];

S43:客户端将(Kf,nf)发送给服务器;S43: the client sends (K f , n f ) to the server;

S44:服务器删除文件f;S44: the server deletes the file f;

S45:服务器对i=1tonf分别计算出删除并删除 S45: The server calculates respectively for i=1 ton f delete and remove

与现有技术相比,本发明技术方案的有益效果是:Compared with the prior art, the beneficial effects of the technical solution of the present invention are:

本发明通过分别对初始化索引协议、添加文件协议、搜索文件协议和删除文件协议进行创新的设计,使得搜索和更新的时间复杂度为别为O(d)和O(r),更为高效,也更为安全,是可并行化的。The present invention makes innovative designs on the initialization index protocol, adding file protocol, searching file protocol and deleting file protocol, so that the time complexity of searching and updating is respectively O(d) and O(r), which is more efficient. It is also safer and parallelizable.

附图说明Description of drawings

图1初始化协议设计图;Figure 1 initialization protocol design diagram;

图2加密上传文件协议设计图;Fig. 2 Encrypted file upload protocol design diagram;

图3基于加密索引上的文件搜索协议设计图;Figure 3 is based on the design diagram of the file search protocol on the encrypted index;

图4文件删除协议设计图;Figure 4 file deletion protocol design diagram;

图5首次添加文件后,客户端/服务器索引示意图;Figure 5 is a schematic diagram of client/server indexing after adding files for the first time;

图6搜索一次关键字w后,客户端/服务器索引示意图;Figure 6 is a schematic diagram of the client/server index after searching for the keyword w once;

图7删除文件f后,客户端/服务器索引示意图。Fig. 7 Schematic diagram of client/server indexing after file f is deleted.

具体实施方式Detailed ways

附图仅用于示例性说明,不能理解为对本专利的限制;The accompanying drawings are for illustrative purposes only and cannot be construed as limiting the patent;

为了更好说明本实施例,附图某些部件会有省略、放大或缩小,并不代表实际产品的尺寸;In order to better illustrate this embodiment, some parts in the drawings will be omitted, enlarged or reduced, and do not represent the size of the actual product;

对于本领域技术人员来说,附图中某些公知结构及其说明可能省略是可以理解的。For those skilled in the art, it is understandable that some well-known structures and descriptions thereof may be omitted in the drawings.

下面结合附图和实施例对本发明的技术方案做进一步的说明。The technical solutions of the present invention will be further described below in conjunction with the accompanying drawings and embodiments.

如图1-7所示,本方案和其他基于索引的对称可搜索加密方案一样,服务器存储了一个加密的索引,这个索引表示了每个文件和它们所包含的关键字之间的对应关系。服务器根据客户端的需求,在这个加密的索引上进行查找操作。在本方案中,客户端需要存储三张表:FileCnt用来存储每个关键字在所有文件中出现的次数;SearchCnt用来存储每个关键字被搜索过的次数;WordCnt用来存储每个被加密的文件所包含的关键字的个数。相应地服务器端则需要存储两张表:DictW是加密后的用于搜索的索引;DictF是加密后的用于在删除时更新DictW中对应条目的索引。DictW和DictF中存储的信息形式都是(addrw,valw)。As shown in Figure 1-7, this scheme is the same as other index-based symmetric searchable encryption schemes. The server stores an encrypted index, which represents the correspondence between each file and the keywords they contain. The server performs search operations on this encrypted index according to the needs of the client. In this solution, the client needs to store three tables: FileCnt is used to store the number of occurrences of each keyword in all files; SearchCnt is used to store the number of times each keyword has been searched; WordCnt is used to store the number of times each keyword The number of keywords contained in the encrypted file. Correspondingly, the server needs to store two tables: DictW is an encrypted index for searching; DictF is an encrypted index for updating corresponding entries in DictW when deleting. The form of information stored in DictW and DictF is (addr w , val w ).

上传文件时,首先需要给出该文件所包含的关键字。随后客户端将更新本地存储的三个字典中的内容,并根据协议的公式,分别生成每个关键字秘钥以及插入到的DictW和DictF字典中的内容。同时将文件进行加密,最后一起发送给服务器。When uploading a file, you first need to give the keywords contained in the file. Then the client will update the contents of the three dictionaries stored locally, and generate each keyword key and the contents inserted into the DictW and DictF dictionaries respectively according to the formula of the protocol. At the same time, the files are encrypted and finally sent to the server together.

搜索文件时,首先需要给出想要搜索的关键字w,随后客户端将在本地的FileCnt和SearchCnt中提取相应信息,生成w的对应搜索秘钥kw,将一个搜索token发送个服务器,服务器使用这个token中的内容,根据协议进行一系列计算,在DictW中找到所有的目标文件,并返回。最后客户端和服务器还需要将这五个索引中的相关内容进行一次更新以实现正向保密。除此之外,由于需要实现正向保密,每次搜索的最后都需要更新DictW中关于本次搜索的关键字w的对应索引,相应的我们也需要根据DictW来更新DictF中的对应索引。When searching for a file, you first need to give the keyword w you want to search for, and then the client will extract the corresponding information from the local FileCnt and SearchCnt, generate w's corresponding search key k w , and send a search token to a server, and the server Use the content in this token to perform a series of calculations according to the protocol, find all target files in DictW, and return them. Finally, the client and the server also need to update the relevant content in the five indexes to achieve forward secrecy. In addition, due to the need to achieve forward secrecy, at the end of each search, the corresponding index of the keyword w in DictW needs to be updated. Correspondingly, we also need to update the corresponding index in DictF according to DictW.

删除文件时,由于我们需要将DictW中所有关于该文件的条目都删除,但是由于DictW中的内容都是加密过的,因此我们需要增加一个DictF字典来进行辅助,DictF字典相当于一个指针,我们通过它来定位DictW中的内容,从而实现对DictW的更新。When deleting a file, we need to delete all the entries about the file in DictW, but since the content in DictW is encrypted, we need to add a DictF dictionary for assistance. The DictF dictionary is equivalent to a pointer. We Use it to locate the content in DictW, so as to realize the update of DictW.

为便于理解,首先介绍客户端和服务器的五个索引。客户端存储了三个字典,其中FileCnt存储了每个关键字在所有文件中出现的次数,SearchCnt存储了每个关键字被搜索的次数。WordCnt存储了每个被加密的文件所包含的关键字的个数。SearchCnt[w]被用于生成和更新搜索密钥kw(主要作为实现正向保密)。FileCnt[w]则用于和kw一起生成DictW=(addrw,valw)。这些内容也将在搜索中用于实现还原出目标文件的id。WordCnt[f]主要是在文件删除时起作用,用于和文件id一起生成DictF=(addrw,valw)的。而DictF中的valw的值就是DictW中的addrw的值,所以我们可以把DictF看作是一个指针。它用来在删除一个文件f时找到索引DictW中的关于f的每一项并进行删除。FileCnt和SearchCnt都是O(m)大小的(m为所有关键字的个数),WordCnt则是O(n)大小的(n为所有文件的个数)。For ease of understanding, first introduce the five indexes of the client and server. The client stores three dictionaries, where FileCnt stores the number of occurrences of each keyword in all files, and SearchCnt stores the number of times each keyword is searched. WordCnt stores the number of keywords contained in each encrypted file. SearchCnt[w] is used to generate and update the search key k w (mainly to achieve forward secrecy). FileCnt[w] is used to generate DictW=(addr w , val w ) together with k w . These contents will also be used in the search to restore the id of the target file. WordCnt[f] is mainly used to generate DictF=(addr w , val w ) together with the file id when the file is deleted. The value of val w in DictF is the value of addr w in DictW, so we can regard DictF as a pointer. It is used to find and delete every item about f in the index DictW when deleting a file f. Both FileCnt and SearchCnt are O(m) in size (m is the number of all keywords), and WordCnt is O(n) in size (n is the number of all files).

服务器端存储了两个字典,分别为DictW和DictF,其大小为O(N)=O(nm),即每个文件的每个关键字都将作为一条记录。DictW和DictF中存储的数据都是key-value的形式记作:其中的都是利用相应秘钥加密后的信息。我们可以将看作成一个地址,用于在查找中定位到对应的 Two dictionaries are stored on the server side, DictW and DictF respectively, and their size is O(N)=O(nm), that is, each keyword of each file will be used as a record. The data stored in DictW and DictF are all in the form of key-value: one of them and All information is encrypted with the corresponding key. we can put Think of it as an address for locating the corresponding

在DictW中,是由秘钥和FileCnt[wi]进行加密后得到的(是由wi和SearchCnt[wi]生成的)。则是关于某个包含了关键字wi的文件的文件标识符被加密后的信息。DictW中的信息是和每个关键字w以及FileCnt[w](w在文件中出现的次数)有关的。如果f是第i个包含了w的,那么就将f对应的文件标识符id(f)使用Kw和i进行加密。其中Kw又是由w和SearchCnt[w](w被搜索的次数)生成的。而加密后的值在DictW中的存储位置也是由w和FileCnt[w]产生的。因此,只要给定一个由关键字w和其被搜索次数SearchCnt[w]以及对应的FileCnt[w],服务器就可以在加密后的索引DictW中由定位到包含该关键字的所有条目,并通过解密得到id(f),然后返回对应的加密文件f。In DictW, is determined by the secret key After encrypting with FileCnt[w i ] ( is generated by w i and SearchCnt[wi ] ). It is the encrypted information about the file identifier of a file containing the keyword w i . The information in DictW is related to each keyword w and FileCnt[w] (the number of times w appears in the file). If f is the i-th one containing w, then encrypt the file identifier id(f) corresponding to f using K w and i. Among them, K w is generated by w and SearchCnt[w] (the number of times w is searched). The storage location of the encrypted value in DictW is also generated by w and FileCnt[w]. Therefore, as long as a keyword w and its search times SearchCnt[w] and the corresponding FileCnt[w] are given, the server can search the encrypted index DictW by locates all entries that contain the keyword, and passes the Decrypt to get id(f), and then return the corresponding encrypted file f.

在DictF中,是由秘钥kf和nf=WordCnt[f](从1到nf)进行加密后得到的(kf是由id(f)生成的)。而的值即等于DictW中的的值。由于在删除一个文件f后,需要更新DictW中所有关于f的条目。而由于DictW中的信息都是加密后的,如何根据f找到对应的索引便成了一个难题。为了解决这一问题,我们使用DictF和WordCnt来辅助解决。通过一个文件的id,我们可以在DictF中找到该文件的所有关键字的索引,再通过这些索引的val值,找到DictW中对应的addr值,从而进行删除。此外,由于每次搜索的最后都涉及到更新的DictW的操作,相应的DcitF中的内容也需要进行更新。由DictF中addr和val的生成规则易证DictF中的每一个addr和val都是唯一的,因此它相当于一个双向map。那么我们在更新DictW时,便可以通过DictW的addr来定位到DictF中对应的条目,并更新它们的val。In DictF, It is obtained by encrypting with the secret key k f and n f =WordCnt[f] (from 1 to n f ) (k f is generated by id(f)). and The value is equal to DictW in value. Because after deleting a file f, all entries about f in DictW need to be updated. Since all the information in DictW is encrypted, how to find the corresponding index according to f becomes a difficult problem. In order to solve this problem, we use DictF and WordCnt to assist. Through the id of a file, we can find the indexes of all keywords of the file in DictF, and then find the corresponding addr value in DictW through the val value of these indexes, so as to delete it. In addition, since the operation of the updated DictW is involved at the end of each search, the content in the corresponding DcitF also needs to be updated. It is easy to prove that each addr and val in DictF is unique by the generation rules of addr and val in DictF, so it is equivalent to a two-way map. Then when we update DictW, we can use the addr of DictW to locate the corresponding entries in DictF and update their val.

由上述我们可以看出,DictW和DictF中存储的都是每一个文件中每一个关键字的一条信息,他们的形式是一样的。区别在于DictW是以关键字为核心来构建的,主要用于搜索,而DictF则是以文件的id为核心来构建的,主要用于删除时维护DictW。From the above, we can see that DictW and DictF store a piece of information for each keyword in each file, and their forms are the same. The difference is that DictW is built with keywords as the core and is mainly used for searching, while DictF is built with the id of the file as the core and is mainly used to maintain DictW when deleting.

下面介绍本发明的协议设计。本发明提供的四个协议包括:初始化索引,添加文件,搜索文件、删除文件。下面分别对这四个协议进行详细的阐述。The protocol design of the present invention is introduced below. The four protocols provided by the present invention include: initializing index, adding files, searching files, and deleting files. The four protocols are described in detail below.

设计初始化索引协议主要分为4个步骤:The design initialization index protocol is mainly divided into 4 steps:

步骤1:使用符合要求的伪随机函数生成KGStep 1: Generate K G using a pseudo-random function that meets the requirements;

步骤2:生成对称加密算法的秘钥KSKEStep 2: Generate the secret key K SKE of the symmetric encryption algorithm;

步骤3:将这两个秘钥存储到客户端;Step 3: Store these two keys to the client;

步骤4:生成3个本地索引:FileCnt、SearchCnt和WordCnt。Step 4: Generate 3 local indexes: FileCnt, SearchCnt and WordCnt.

其中,KG主要用于在添加文件、搜索文件时生成秘钥Kw,以及在删除文件时生成删除秘钥Kf。而KSKE用于使用AES-128-CBC对称加密算法对文件进行加密。Among them, K G is mainly used to generate a secret key K w when adding a file and searching for a file, and generate a deletion key K f when deleting a file. And K SKE is used to encrypt files using AES-128-CBC symmetric encryption algorithm.

设计添加文件协议主要分为8个步骤:The design add file protocol is mainly divided into 8 steps:

步骤1:统计f包含的关键字个数,生成记录nf=WordCnt[f];Step 1: count the number of keywords contained in f, and generate a record n f =WordCnt[f];

步骤2:客户端使用KG和id(f)生成f的删除秘钥Kf=G(KG,id(f));Step 2: The client uses K G and id(f) to generate f's deletion key K f =G(K G ,id(f));

步骤3:客户端对f中的所有wi判断:若FileCnt[wi]为空,则FileCnt[wi]=1,若SearchCnt[wi]为空,则SearchCnt[wi]=0;Step 3: The client judges all w i in f: if FileCnt[ wi ] is empty, then FileCnt[ wi ]=1, if SearchCnt[ wi ] is empty, then SearchCnt[ wi ]=0;

步骤4:否则FileCnt[wi]++,表明f是第几个包含了关键字wi的;Step 4: Otherwise, FileCnt[w i ]++ indicates that f is the number one containing the keyword w i ;

步骤5:客户端使用SearchCnt[wi]计算wi对应的密钥 随后使用计算WPairs中的 Step 5: The client uses SearchCnt[w i ] to calculate the key corresponding to w i then use Compute the WPairs in and

步骤6:客户端使用Kf计算FPairs中的而对应的的值即等于WPairs中的值;Step 6: The client uses K f to calculate in FPairs And the corresponding The value is equal to WPairs value;

步骤7:客户端将文件进行加密,得到密文c。并将c、WPairs和FPairs一并发送给服务器;Step 7: The client encrypts the file to obtain the ciphertext c. And send c, WPairs and FPairs to the server;

步骤8:服务器保存c,并将WPairs和FPairs分别插入到目录DictW和DictF中。Step 8: The server saves c, and inserts WPairs and FPairs into directories DictW and DictF respectively.

有上述内容可以看出,添加文件时,我们根据协议的设计,将文件的id(f隐藏在索引中,生成了一个加密索引。在之后的搜索中,我们可以通过计算,还原出id(f),从而实现了可搜索加密。From the above content, we can see that when adding a file, we hide the id(f of the file in the index according to the design of the protocol, and generate an encrypted index. In the subsequent search, we can restore the id(f ), enabling searchable encryption.

设计基于关键字搜索加密文件主要分为8个步骤:Designing encrypted files based on keyword search is mainly divided into 8 steps:

步骤1:用户生成w对应的密钥Kwi=G(KG,wi||SearchCnt[wi]);Step 1: The user generates the key Kwi =G(K G , wi ||SearchCnt[ wi ]) corresponding to w;

步骤2:用户将搜索凭证(Kw,cnt=FileCnt[w])发送给服务器;Step 2: The user sends the search credential (K w , cnt=FileCnt[w]) to the server;

步骤3:服务器对i=1tocnt执行搜索操作:Step 3: The server performs a search operation on i=1tocnt:

计算算出所有符合要求的id(f);calculate Calculate all id(f) that meet the requirements;

步骤4:服务器通过定位到DictF中的对应项,按次序将存入队列q1,并在每一步删除DictW和DictF中的对应项;Step 4: The server passes Locate to the corresponding item in DictF, in order Store in queue q 1 , and delete corresponding entries in DictW and DictF at each step;

步骤5:服务器返回所有的f列表给用户;Step 5: The server returns all f-lists to the user;

步骤6:用户维护SearchCnt索引,SearchCnt++;Step 6: The user maintains the SearchCnt index, SearchCnt++;

步骤7:生成新的Kw,计算新的WPairs和FPairs发送给服务器;Step 7: Generate new K w , calculate new WPairs and FPairs and send them to the server;

步骤8:服务器接收并更新目录DictW和DictF;Step 8: The server receives and updates the directories DictW and DictF;

通过搜索协议的设计,系统通过计算可以还原出包含了关键字w的文件id(f),并且通过更新SearchCnt[w]以重新计算,更新包含了关键字w,由此实现了正向保密这一特性。Through the design of the search protocol, the system can restore the file id(f) containing the keyword w through calculation, and update SearchCnt[w] to recalculate, and the update contains the keyword w, thereby achieving forward secrecy. a characteristic.

设计删除文件协议主要分为5个步骤:The design of the delete file protocol is mainly divided into 5 steps:

步骤1:客户端生成删除秘钥Kf=G(KG,id(f));Step 1: The client generates the deletion key K f =G(K G ,id(f));

步骤2:客户端获取nf=WordCnt[id(f)],并删除WordCnt[id(f)];Step 2: the client obtains n f =WordCnt[id(f)], and deletes WordCnt[id(f)];

步骤3:客户端将(Kf,nf)发送给服务器;Step 3: The client sends (K f , n f ) to the server;

步骤4:服务器删除文件f;Step 4: The server deletes the file f;

步骤5:服务器对i=1tonf分别计算出删除并删除 Step 5: The server calculates respectively for i=1 ton f delete and remove

由于索引都是加密的,我们在删除文件时,无法对DictW进行更新,于是设计了删除协议,有上述内容可以看出,我们添加了一个索引DictF,其可以看做是DictW中对应项的指针,于是便可通过DictF维护DictW,保证了删除文件后,其相关索引也会被删除。Since the indexes are all encrypted, we cannot update DictW when deleting files, so we designed a deletion protocol. From the above content, we can see that we have added an index DictF, which can be regarded as a pointer to the corresponding item in DictW , so DictW can be maintained through DictF, which ensures that after deleting a file, its related indexes will also be deleted.

相同或相似的标号对应相同或相似的部件;The same or similar reference numerals correspond to the same or similar components;

附图中描述位置关系的用于仅用于示例性说明,不能理解为对本专利的限制;The positional relationship described in the drawings is only for illustrative purposes and cannot be construed as a limitation to this patent;

显然,本发明的上述实施例仅仅是为清楚地说明本发明所作的举例,而并非是对本发明的实施方式的限定。对于所属领域的普通技术人员来说,在上述说明的基础上还可以做出其它不同形式的变化或变动。这里无需也无法对所有的实施方式予以穷举。凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明权利要求的保护范围之内。Apparently, the above-mentioned embodiments of the present invention are only examples for clearly illustrating the present invention, rather than limiting the implementation of the present invention. For those of ordinary skill in the art, other changes or changes in different forms can be made on the basis of the above description. It is not necessary and impossible to exhaustively list all the implementation manners here. All modifications, equivalent replacements and improvements made within the spirit and principles of the present invention shall be included within the protection scope of the claims of the present invention.

Claims (5)

1.一种基于云盘的正向保密动态可搜索加密的协议设计方法,其特征在于,包括以下步骤:1. A protocol design method based on cloud disk forward secrecy dynamic searchable encryption, is characterized in that, comprises the following steps: S1:设计初始化索引协议;S1: Design initialization index protocol; S2:设计添加文件协议;S2: Design and add file protocol; S3:设计搜索文件协议;S3: Design search file protocol; S4:设计删除文件协议。S4: Design a delete file protocol. 2.根据权利要求1所述的基于云盘的正向保密动态可搜索加密的协议设计方法,其特征在于,所述步骤S1的过程是:2. the protocol design method based on cloud disk forward secrecy dynamic searchable encryption according to claim 1, is characterized in that, the process of described step S1 is: S11:使用符合要求的伪随机函数生成KGS11: Generate K G using a pseudo-random function that meets the requirements; S12:生成对称加密算法的秘钥KSKES12: Generate the secret key K SKE of the symmetric encryption algorithm; S13:将这两个秘钥存储到客户端;S13: store the two secret keys in the client; S14:生成3个本地索引:FileCnt、SearchCnt和WordCnt;S14: Generate 3 local indexes: FileCnt, SearchCnt and WordCnt; 其中,KG主要用于在添加文件、搜索文件时生成秘钥Kw,以及在删除文件时生成删除秘钥Kf,而KSKE用于使用AES-128-CBC对称加密算法对文件进行加密。Among them, K G is mainly used to generate the secret key K w when adding files and searching files, and generating the deletion key K f when deleting files, while K SKE is used to encrypt files using the AES-128-CBC symmetric encryption algorithm . 3.根据权利要求2所述的基于云盘的正向保密动态可搜索加密的协议设计方法,其特征在于,所述步骤S2的过程是:3. The protocol design method of forward secrecy dynamic searchable encryption based on cloud disk according to claim 2, characterized in that, the process of the step S2 is: S21:统计f包含的关键字个数,生成记录nf=WordCnt[f];S21: count the number of keywords contained in f, and generate a record n f =WordCnt[f]; S22:客户端使用KG和id(f)生成f的删除秘钥Kf=G(KG,id(f));S22: The client uses K G and id(f) to generate f's deletion key K f =G(K G ,id(f)); S23:客户端对f中的所有wi判断:若FileCnt[wi]为空,则FileCnt[wi]=1,若SearchCnt[wi]为空,则SearchCnt[wi]=0;S23: The client judges all w i in f: if FileCnt[ wi ] is empty, then FileCnt[ wi ]=1, if SearchCnt[ wi ] is empty, then SearchCnt[ wi ]=0; S24:否则FileCnt[wi]++,表明f是第几个包含了关键字wi的;S24: Otherwise, FileCnt[w i ]++ indicates that f is the number one containing the keyword w i ; S25:客户端使用SearchCnt[wi]计算wi对应的密钥 随后使用计算WPairs中的 S25: The client uses SearchCnt[w i ] to calculate the key corresponding to w i then use Compute the WPairs in and S26:客户端使用Kf计算FPairs中的而对应的的值即等于WPairs中的值;S26: The client uses K f to calculate the And the corresponding The value is equal to WPairs value; S27:客户端将文件进行加密,得到密文c,并将c、WPairs和FPairs一并发送给服务器;S27: The client encrypts the file to obtain the ciphertext c, and sends c, WPairs and FPairs to the server; S28:服务器保存c,并将WPairs和FPairs分别插入到目录DictW和DictF中。S28: The server saves c, and inserts WPairs and FPairs into directories DictW and DictF respectively. 4.根据权利要求3所述的基于云盘的正向保密动态可搜索加密的协议设计方法,其特征在于,所述步骤S3的过程是:4. the protocol design method of forward secrecy dynamic searchable encryption based on cloud disk according to claim 3, is characterized in that, the process of described step S3 is: S31:用户生成w对应的密钥 S31: The user generates a key corresponding to w S32:用户将搜索凭证(Kw,cnt=FileCnt[w])发送给服务器;S32: the user sends the search credential (K w , cnt=FileCnt[w]) to the server; S33:服务器对i=1to cnt执行搜索操作:S33: The server performs a search operation on i=1to cnt: 计算算出所有符合要求的id(f);calculate Calculate all id(f) that meet the requirements; S34:服务器通过定位到DictF中的对应项,按次序将存入队列q1,并在每一步删除DictW和DictF中的对应项;S34: The server passed Locate to the corresponding item in DictF, in order Store in queue q 1 , and delete corresponding entries in DictW and DictF at each step; S35:服务器返回所有的f列表给用户;S35: the server returns all f-lists to the user; S36:用户维护SearchCnt索引,SearchCnt++;S36: the user maintains the SearchCnt index, SearchCnt++; S37:生成新的Kw,计算新的WPairs和FPairs发送给服务器;S37: Generate a new K w , calculate new WPairs and FPairs and send them to the server; S38:服务器接收并更新目录DictW和DictF。S38: The server receives and updates the directories DictW and DictF. 5.根据权利要求4所述的基于云盘的正向保密动态可搜索加密的协议设计方法,其特征在于,所述步骤S4的过程是:5. the protocol design method based on the forward secrecy dynamic searchable encryption of cloud disk according to claim 4, is characterized in that, the process of described step S4 is: S41:客户端生成删除秘钥Kf=G(KG,id(f));S41: The client generates a deletion key K f =G(K G ,id(f)); S42:客户端获取nf=WordCnt[id(f)],并删除WordCnt[id(f)];S42: The client acquires n f =WordCnt[id(f)], and deletes WordCnt[id(f)]; S43:客户端将(Kf,nf)发送给服务器;S43: the client sends (K f , n f ) to the server; S44:服务器删除文件f;S44: the server deletes the file f; S45:服务器对i=1to nf分别计算出删除并删除 S45: The server calculates respectively for i=1to n f delete and remove
CN201810187026.XA 2018-03-07 2018-03-07 A kind of positive secrecy dynamic based on cloud disk can search for encrypted Protocol Design Method Pending CN108471405A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810187026.XA CN108471405A (en) 2018-03-07 2018-03-07 A kind of positive secrecy dynamic based on cloud disk can search for encrypted Protocol Design Method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810187026.XA CN108471405A (en) 2018-03-07 2018-03-07 A kind of positive secrecy dynamic based on cloud disk can search for encrypted Protocol Design Method

Publications (1)

Publication Number Publication Date
CN108471405A true CN108471405A (en) 2018-08-31

Family

ID=63265097

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810187026.XA Pending CN108471405A (en) 2018-03-07 2018-03-07 A kind of positive secrecy dynamic based on cloud disk can search for encrypted Protocol Design Method

Country Status (1)

Country Link
CN (1) CN108471405A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110457915A (en) * 2019-07-17 2019-11-15 华中科技大学 Efficient searchable symmetric encryption method and system with forward and backward security
CN115053224A (en) * 2019-12-12 2022-09-13 谷歌有限责任公司 Encrypted search without zero-day leakage

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110145594A1 (en) * 2009-12-16 2011-06-16 Electronics And Telecommunications Research Institute Method for performing searchable symmetric encryption
CN104780161A (en) * 2015-03-23 2015-07-15 南京邮电大学 Searchable encryption method supporting multiple users in cloud storage
CN104821876A (en) * 2015-04-16 2015-08-05 华中科技大学 Dynamic searchable symmetrical encryption method supporting physical deletion
CN105553660A (en) * 2016-01-25 2016-05-04 华中科技大学 Dynamic searchable public key encryption method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20110145594A1 (en) * 2009-12-16 2011-06-16 Electronics And Telecommunications Research Institute Method for performing searchable symmetric encryption
CN104780161A (en) * 2015-03-23 2015-07-15 南京邮电大学 Searchable encryption method supporting multiple users in cloud storage
CN104821876A (en) * 2015-04-16 2015-08-05 华中科技大学 Dynamic searchable symmetrical encryption method supporting physical deletion
CN105553660A (en) * 2016-01-25 2016-05-04 华中科技大学 Dynamic searchable public key encryption method

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
MUHAMMAD SAQIB NIAZ,GUNTER SAAKE: "《Forward Secure Searchable Symmetric Encryption》", 《12TH INTERNATIONAL CONFERENCE FOR INTERNET TECHNOLOGY AND SECURED TRANSACTIONS (ICITST)》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110457915A (en) * 2019-07-17 2019-11-15 华中科技大学 Efficient searchable symmetric encryption method and system with forward and backward security
CN110457915B (en) * 2019-07-17 2020-12-29 华中科技大学 Efficient and searchable symmetric encryption method and system with forward and backward security
CN115053224A (en) * 2019-12-12 2022-09-13 谷歌有限责任公司 Encrypted search without zero-day leakage
CN115053224B (en) * 2019-12-12 2023-05-12 谷歌有限责任公司 Encryption search without zero day leakage

Similar Documents

Publication Publication Date Title
US11537626B2 (en) Full-text fuzzy search method for similar-form Chinese characters in ciphertext domain
CN106815350B (en) Dynamic ciphertext multi-keyword fuzzy search method in cloud environment
CN106127075B (en) A searchable encryption method based on privacy protection in cloud storage environment
Salam et al. Implementation of searchable symmetric encryption for privacy-preserving keyword search on cloud storage
JP6234605B2 (en) Server device, search system, terminal device, search method, server program, and terminal program
CN107948146B (en) Connection keyword retrieval method based on attribute encryption in hybrid cloud
WO2012095973A1 (en) Data processing device and data archiving device
CN105681280A (en) Searchable encryption method based on Chinese in cloud environment
JP6239213B1 (en) Secret search system, secret search method, and secret search program
CN103970889A (en) Security cloud disc for Chinese and English keyword fuzzy search
CN106599719A (en) Ciphertext retrieval method supporting efficient key management
Dowsley et al. A survey on design and implementation of protected searchable data in the cloud
CN110166466A (en) It is a kind of efficiently the multi-user of renewal authority to can search for encryption method and system
Wang et al. Towards secure and effective utilization over encrypted cloud data
CN107094075B (en) A method for dynamic operation of data blocks based on convergent encryption
JP6289768B2 (en) ENCRYPTION DEVICE, ENCRYPTION PROGRAM, AND ENCRYPTION METHOD
CN108471405A (en) A kind of positive secrecy dynamic based on cloud disk can search for encrypted Protocol Design Method
CN107294701A (en) The multidimensional ciphertext interval query device and querying method managed with efficient key
Ti et al. Benchmarking dynamic searchable symmetric encryption scheme for cloud-Internet of things applications
CN117786751A (en) Symmetrical searchable encryption method, device, equipment and medium
CN112784309B (en) Data security management method, electronic device and storage medium
CN111835731B (en) A new dynamic symmetric searchable encryption method and device against file injection attacks
CN109582818B (en) A Searchable Encryption-Based Cloud Retrieval Method for Music Library
CN116996281B (en) Dynamic searchable symmetric encryption method, system and medium supporting ciphertext sharing
CN103995900A (en) Ciphertext cloud data inquiring method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
AD01 Patent right deemed abandoned
AD01 Patent right deemed abandoned

Effective date of abandoning: 20220812