CN108737069A - A kind of detection method for supporting error logging positioning to can verify that database - Google Patents

A kind of detection method for supporting error logging positioning to can verify that database Download PDF

Info

Publication number
CN108737069A
CN108737069A CN201810349942.9A CN201810349942A CN108737069A CN 108737069 A CN108737069 A CN 108737069A CN 201810349942 A CN201810349942 A CN 201810349942A CN 108737069 A CN108737069 A CN 108737069A
Authority
CN
China
Prior art keywords
undertake
promise
algorithm
database
update
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201810349942.9A
Other languages
Chinese (zh)
Inventor
陈晓峰
张志为
邱震尧
陈满祥
王琳
田海博
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201810349942.9A priority Critical patent/CN108737069A/en
Publication of CN108737069A publication Critical patent/CN108737069A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention belongs to data complete preservation technical fields; disclose a kind of detection method for supporting error logging positioning to can verify that database; concept and method that vector promises to undertake tree are first proposed, solves the problems, such as that traditional vectorial promise method public key parameter is excessive, support checking partial and Tiered verification;And on this basis, it is proposed that supports error logging positioning can verify that Database Systems, improves traditional database verification method and is initializing the efficiency with inquiry phase, and provides the function of Tiered verification and error logging positioning.Present invention reduces the complexity that can verify that database security management, improve the verification efficiency of database, the function and practicability that can verify that Database Systems are enhanced, is suitable for existing dynamic data base system, it is ensured that the availability, integrality and high efficiency of database under cloud environment.

Description

A kind of detection method for supporting error logging positioning to can verify that database
Technical field
The invention belongs to data complete preservation technical fields more particularly to a kind of positioning of support error logging can verify that data The detection method in library.
Background technology
Currently, the prior art commonly used in the trade is such:Cloud computing technology by the calculating of a large amount of physical equipments, network and Storage resource integrates, and provides on-demand and elastic respective service to the user by internet.However, in order to make full use of this A little services, being executed in the past in local device for task need to entrust to cloud service provider.In this case, the use of cloud computing Family loses the control to oneself data, and data ownership is detached with administrative power can bring many security and privacy problems.Therefore, It usually wants external bag data to be encrypted, ensures only have validated user that could access and decrypt outer bag data.However, encryption is main What is protected is the confidentiality of outer bag data, then produces the concept that can verify that database (VDB), can be considered as a kind of special Can verify that calculating, provide the safety guarantee such as reliability, integrality, verifiability for cloud storage.Although a large number of researchers are It can verify that database through fully having studied and propose many and can verify that database scheme, but in a large amount of outer bag datas of processing still So there are different problems and challenge.First, the existing size that can verify that key parameter in database scheme for counting on a large scale It is unacceptable for.By be based on vector promise to undertake first of (VC) can verify that database scheme for, if one by This can verify that the database of database scheme protection possesses Q items record, and the size of private key parameter is more than Q, public key parameter Size is more than Q2.Huge public key amount can verify that the initialization of database and query steps bring higher calculating and communication Expense so that key is distributed and other related management processes are more complicated.Therefore, no matter outer bag data has much, needs to keep Cipher key size is as small as possible.Secondly, existing to can verify that database scheme verify whether Outsourced database is tampered, but nothing The record of method Wrong localization when verification result shows that outer bag data is changed without data owner's certification.It can verify that data The final goal in library only should not detect that database is tampered, it may be verified that the user of database needs to find specific mistake Record.This method is infeasible in practical application, especially when database is very big.Therefore, error logging positions Function should be introduced into and can verify that in database scheme.In addition, the record for belonging to the same logic full database is generally stored inside Different geographical locations, such as cloud storage and content distributing network (CDN).It can verify that database scheme verifies this using existing Kind of database, when server transport distributed recording, can bring additional communication overhead.Further, since enterprise is usually with stringent Hierarchical organization tissue, group application and hierarchical data management structure are widely adopted, and the access of data is controlled by the permission of user System.However, all tradition can verify that database scheme is able to validate only entire Outsourced database, these points can not be directly applied to Cloth data scene and individual-layer data scene.
In conclusion problem of the existing technology is:
(1) existing to can verify that database scheme is less efficient in initialization and inquiry phase, public key ginseng especially therein Number size can not be suitable for reality scene, cause excessive server storage pressure;
(2) existing to can verify that database scheme is only focused in the verification of entire Outsourced database, that is to say, that verifier is only Can judge whether entire database is tampered, and can not validation database a part and wrong data are positioned, shadow The flexibility of data base integrity verification is rung;
(3) existing to can verify that database scheme lacks distributed and Tiered verification, Database Systems are limited in distribution Application under scene.
Solve the difficulty and meaning of above-mentioned technical problem:How to compress public key parameter in the prior art is to solve above-mentioned ask The difficult point of (1) is inscribed, it can be achieved that completing the integrity verification of database with smaller memory space expense;How to be promised to undertake based on vector Method design a kind of new data structure be solve the above problems (2) difficult point, it can be achieved that flexible Database error record is fixed Position;How to construct a kind of new Tiered verification mechanism be solve the above problems (3) difficult point, it can be achieved that supporting distributed with layering The Database Systems of verification.
Invention content
In view of the problems of the existing technology, error logging positioning is supported to can verify that database the present invention provides a kind of Detection method.
The invention is realized in this way a kind of vector promises to undertake that tree, the vector promise to undertake that tree is in a recursive manner to message sequence Row do the q fork trees promised to undertake, leaf node shares Q message, and most deep non-leaf nodes is held to what its q child's message was done Promise, other non-leaf nodes are to promise to undertake done promise to its q child;Vector promises to undertake the size of the height n of tree, message sequence Meet relationship between Q and the size q of Committing unit
Further, the vector promises to undertake that the Committing unit of tree is to do the base unit promised to undertake using vectorial promise method, holds Promise unit is message subsequence or promise set;
Further, the vector promises to undertake that tree includes:
(1) key VCT.KeyGen (1 is generatedk,q,Q):Input security parameter k, the size q of each Committing unit and entire The size Q (Q=poly (k)) of message, key schedule VCT.KeyGen (1k, q, Q) and export common parameter collection PP and vector The height n for promising to undertake tree, from root to most deep non-leaf nodes;Message space is denoted asPromise to undertake that space is denoted as
(2) it calculates and promises to undertake VCT.ComPP(m1,…,mQ,f):Input the sequence containing Q messageWith mapping function f:According to common parameter PP, algorithm VCT.Com is promised to undertakePP (m1,…,mQ, f) and output additional information aux and promise set C, wherein each of C values are to the promise containing message or promise The vector that unit is done is promised to undertake;
(3) it opens and promises to undertake VCT.OpenPP(m,i,aux,AC,f):The message m for being i, additional letter are indexed in input database Cease aux, access control parameterWith mapping function f:Only accessed when AC meets When control rule, algorithm VCT.Open is openedPP(m, i, aux, AC, f) just exports evidence setM is all Q quilts I-th in commitment message;Algorithm is opened to be run by original promise person or other validated users;
(4) VCT.Ver is promised to undertake in verificationPP(C,m,i,Λi,AC):Input promises to undertake that set C, index are the message m of i, evidence collection Close ΛiWith access control parameter AC, verification function VCT.VerPP(C,m,i,Λi, AC) and outputOr (⊥, Ω);OutputMean that AC is unsatisfactory for access control policy;Otherwise, only work as ΛiIt is a vaild evidence, it was demonstrated that C is To sequence (m1,…,mQ) generate, wherein m=mi, then verify function just and exportOtherwise, (⊥, Ω) is exported, Middle Ω is error logging location;
(5) VCT.Ver is promised to undertake in updatePP(C,m,i,Λi,AC):Former message m on input promise set C, i-th of positioni With new information m 'iAnd mapping function f:Promise to undertake more new algorithm VCT.UpdatePP(C,mi,m′i, i, f) and output is newly Promise set C ' and fresh information set U;Promise to undertake more new algorithm by generating C and planning wherein i-th of message miIt is updated to m 'i Original promise person operation;
(6) more fresh evidence VCT.ProofUpdatePP(C,Λj,m′i,i,U):Set C, evidence set Λ are promised to undertake in inputi、 The quasi- new information m ' for replacing i-th of record in Outsourced databasei, fresh information U and mapping function f:Evidence updates Algorithm VCT.ProofUpdatePP(C,Λj,m′i, i, U, f) and the new evidence set Λ ' of outputj;Evidence more new algorithm is gathered around by any There is the evidence set Λ of j-th of message in corresponding CjUser operation, calculate to the new effective evidence sets of promise set C ' Λ′j
Further, the key schedule specifically includes:
VCT.KeyGen(1k,q,Q):Q is the size of each Committing unit, and Q is all sums by commitment message;In order to Convenient for indicating, Q=q is enabledn;Key schedule specific configuration is as follows:It enablesWithFor two prime number p rank Bilinear Groups, meet Bilinear map e:It enablesFor a random generation member;?Middle random selection z1,…,zq;To institute There is i=1 ..., q, settingTo all i, j=1 ..., q and i ≠ j, settingSetting PP=(g, {hi}i∈[1,q],{hi,j}i,j∈[1,q],i≠j);Message space isPromise to undertake that space is
(2) specifically include:
VCT.ComPP(m1,…,mQ,f):Enable Cx,yIt indicates that vector promises to undertake y-th of commitment value of xth layer in tree, promises to undertake set C is these Cx,ySet;Root node is expressed as C0,1, most deep node is expressed asMost deep section Point calculates as follows:
Wherein y=1 ..., qn-1;Using an impact resistant hash function f:By Bilinear GroupsIn member Element is mapped asIn element, then other node (Cx,y, wherein x=n-2 ..., 0 and y=1 ..., qx) calculate it is as follows:
Then, promise to undertake that set C={ C are promised to undertake in algorithm outputx,y|x∈[0,n-1],y∈[1,qx] and additional information aux= (m1,…,mQ);
(3) specifically include:
VCT.OpenPP(m,i,aux,AC,f):Access control parameter AC=(μ, ν) is decomposed, i.e., only allows to access μ layers The ν element, the validity for verifying AC parameters are as follows:IfAlgorithm is opened to terminate and export ⊥;Otherwise, it counts Calculate evidence set Λi;First, most Shenzhen Stock Exchange is according to Λi,n-1It calculates as follows:
WhereinWithIt is two to be respectively used to determine The function of i-th message Committing unit serial number and corresponding element serial number in xth layer;Then, for x=n-2 ..., ν is calculated:
Wherein θ (i) and δ () are that the function in above formula is identical;In addition, also needing to calculate one and Λi,xIt is corresponding Mi,x
Mi,n-1=mθ(i,n-1)q+δ(i,n-1)
Then, for x=n-2 ..., ν:
Mi,x=f (Cx+1,θ(i,x)q+δ(i,x));
Finally, it opens algorithm and exports Λi={ (Λi,x,Mi,x)|x∈[ν,n-1]};Input parameter μ and ν can for controlling Verify the scale of record;
The verification process of (4) includes:
VCT.VerPP(C,m,i,Λi,AC):It decomposes and authentication-access control parameter AC=(μ, ν) is as follows:IfVerification algorithm terminates and exports 0 and an empty setOtherwise, (α, β)=(- 1, -1) setting Rst=;It is right In x=n-1 ..., β=x is arranged in ν, ifSimultaneously continue setting α=1;It is no α=⊥ is then set and exits cycle;X after circulation terminates, if α=1 and β=ν, are verified, verification algorithm outputOtherwise explanation has the unauthenticated message being tampered, authentication failed, verification algorithm to provide the model where error message It encloses;Enable Φ (Cx,y) indicate with Cx,yIt is for the massage set of promise, then wrong to be recorded in Ω=Φ (Cβ,θ(i,β)+1)-Φ (Cβ+1,θ(i,β+1)+1) in range, verification algorithm exports (⊥, Ω);
Described (5) update:
VCT.UpdatePP(C,mi,m′i,i):Promise to undertake the update of more new algorithm from leaf node (i-th of message) to root node All promises on path;First, promise to undertake that more new algorithm updates the promise on (n-1)th layer,
Then, for other x=n-2 ..., 0, promise to undertake that update is as follows:
Wherein Cn,i=miAnd C 'n,i=m 'i;Finally, the promise set that the output of more new algorithm C ' and U, wherein C ' are new is promised to undertake {C′x,y|x∈[0,n-1],y∈[1,qx], U is fresh information (mi,m′i,i);
(6) the evidence update specifically includes:
VCT.ProofUpdatePP(C,Λj,m′i,i,U):Given U, possesses positioned at the original promise set C of j location messages With evidence set ΛjUser can use evidence update algorithm update its evidence set and promise to undertake gather, update include following Two steps:
Update is promised to undertake:With promise more new algorithm VCT.UpdatePP() is identical;
More fresh evidence:For all x=n-1 ..., 0, if δ (j, x)=δ (i, x), Λj,xIt remains unchanged;Otherwise for X=n-1 is calculated:
For x=n-2 ..., 0, it calculates:
Promising to undertake that the support error logging positioning of tree can test using the vector another object of the present invention is to provide a kind of The detection method of database is demonstrate,proved, the support error logging positioning can verify that the detection method of database includes:
(1) configuration phase HVDB.Setup (1k,q,DB,Q):It is Q to input security parameter k, Committing unit size q and size Database D B, placement algorithm HVDB.Setup (1k, q, DB, Q) output it is quasi- be distributed to client and for its privately owned key SK, It is quasi- to be distributed to the institute public key PK of the user of experimental evidence in need and intend the database for being encoded to S for being uploaded to server;Match Algorithm is set to be run by client;
(2) inquiry phase HVDB.Query (PK/SK, S, x, AC):Input the database after public key PK or private key SK, coding S, access control the parameter AC, search algorithm HVDB.Query (PK/SK, S, x, AC) of search index x and inquiry request person be first Check whether access control parameter AC effective, only when AC meets access control policy, just one query result τ of output= (v,π);Otherwise, an error result ⊥ is exported;Search algorithm is asked by client or validated user, is executed by server;
(3) Qualify Phase HVDB.Verify (PK, x, τ, AC):It inputs public key PK, search index x, query result τ and tests The access control parameter AC of card person, similar with search algorithm, verification algorithm HVDB.Verify (PK, x, τ, AC) is equally examined first The validity for looking into AC, when meeting simultaneously, AC is effective and τ correct verifications x then exports a value v and an empty set;Otherwise, one is exported A error result ⊥ and an empty set indicate that access control parameter AC is invalid, or one error result ⊥ of output and a table Show the non-empty range Ω of error logging position;
(4) client more new stage HVDB.ClientUpdate (SK, x, v '):Input private key SK, update recording indexes x New value v ' is recorded with x-th, if record is updated successfully, client more new algorithm HVDB.ClientUpdate (SK, x, v ') One update token t ' of outputxWith a new public key PK ';Otherwise, a mistake ⊥ is exported;Client more new algorithm is by client End operation, v ' is revised as by the value of x-th of data-base recording;
(5) server update stage HVDB.ServerUpdate (PK, S, x, t 'x):Input the number after public key PK, coding According to library S, update recording indexes x and update token t 'x, server update algorithm HVDB.ServerUpdate (PK, S, x, t 'x) defeated Go out in S and records new value v ' x-th;Server update algorithm is run by server, with the password t ' provided according to clientxCome Update the data library S.
Further, placement algorithm specifically includes in described (1):
HVDB.Setup(1k,q,DB,Q):The raw data base of input is the form of key-value pair, and is denoted as DB ={ (i, vi) | i=1 ..., Q };First, vector is called to promise to undertake that the key schedule in tree obtains common parameter set PP:
PP←VCT.KeyGen(1k,q,Q);
Input parameter therein is corresponding with the input parameter in this placement algorithm;Then the key-in the DB of decomposition data library Value is to recording to establish an array (v containing Q value1,…,vQ), and call vector to promise to undertake tree using common parameter set PP In promise algorithm obtain (C, aux):
(C,aux)←VCT.ComPP(v1,…,vQ);
Finally, intermediate parameters are combined into three output results:
Further, search algorithm detailed process is as follows in described (2):
HVDB.Query(PK,S,x,AC):Enable vx=DB (x) indicates the xth item record in database D B, decomposes and accesses control Parameter processed is AC=(μ, ν), indicates that inquiry request person can access all elements belonging to the ν promise in μ layers;Call to Amount promises to undertake the opening algorithm in tree, obtains the evidence set of xth item record:
Λx←VCT.OpenPP(vx,x,aux,(μ,ν));
Wherein all inputs are all directly or indirectly obtained from this search algorithm;Then, output result τ is made of following formula:
τ=(vxx)。
Further, verification algorithm specifically includes in described (3):
HVDB.Verify(PK,x,τ,AC):By calling vector to promise to undertake, the verification algorithm in tree completes data base querying knot Fruit is verified:
(RstValue,RstSet)←VCT.VerPP(C,x,vxx);
Then processing interim findings (RstValue, RstSet) are as follows:
RstValue=0 andVerification algorithm exportsIndicate that verifier does not have permission to access i-th Item records;
RstValue=1 andVerification algorithm exportsWherein vxFor the number decomposed from τ It is recorded according to library xth item, this output result indicates that database is not changed;
RstValue=⊥ andVerification algorithm exports (⊥, Ω), indicates in database in position range Ω There is data are unauthenticated to be tampered;Symbol ⊥ indicates that mistake, section Ω indicate error logging position range.
Further, client more new algorithm specifically includes in described (4):
HVDB.ClientUpdate(SK,x,v′):By calling vector to promise to undertake, the promise more new algorithm in tree completes client End update;Before performing an update, the integrality of current database is confirmed by search algorithm and verification algorithm;Renewal process is such as Under:First, client is recorded by the xth item for calling search algorithm to obtain database:
τ←HVDB.Query(PK,S,x);
Query result τ is obtained, client is checked by calling integrity verification algorithm to confirm that Outsourced database is unmodified Whether output meets verification algorithm:
It is proved to be successful, then client more new algorithm calls vector to promise to undertake the promise more new algorithm in tree:
(C′,U)←VCT.UpdatePP(C,vx,v′x, x),
Export new public key PK '=(PP, C ') and update token t 'x=(PK ', v 'x,U);Otherwise, client more new algorithm Terminate simultaneously output error ⊥;
Server update algorithm specifically includes in (5):
HVDB.ServerUpdate(PK,S,x,t′x):After client completes the update of xth item record, as data inventory Storage server receives update token t 'xWhen, start the correlation updated storage:Server decompose first update token be (PK ', v′x, U), xth data library record is then replaced with into v 'x, and the aux addition fresh informations U into S.
Another object of the present invention is to provide a kind of inspections can verify that database using the support error logging positioning The dynamic data base system of survey method.
In conclusion advantages of the present invention and good effect are:The present invention proposes the concept and method that vector promises to undertake tree, It is the recursive fashion extension that original vector promises to undertake definition, by element combinations at the unit of fixed size, these units are one group shared Key parameter, to realize the control of key parameter total amount;In addition, in vector promises to undertake tree, different units can correspond to different Access permission, the element in different units is relatively independent, they can be handled simultaneously respectively, this makes distributed and layering test Card becomes possible to.The invention also provides a new database hierarchy verification method, private key and public key quantity are by a perseverance Determine parameter decision, rather than is determined by the size of Outsourced database;Different from existing database verification method, data of the invention Library Tiered verification method allows a part for data user's verification Outsourced database according to user right;In addition, an if note Record is tampered, and database hierarchy verification method of the invention can also provide the position range where error logging index.
The comparison of technique effect and the prior art that the present invention realizes is as shown in table 1.Wherein, M, E, I, P indicate group respectivelyIn multiplying, exponent arithmetic, inversion operation and Bilinear map operation, groupIn add operation ignore, Q and q The size of the size and each Committing unit of entire database is indicated respectively,
Table 1
Description of the drawings
Fig. 1 is the detection method flow chart that support error logging positioning provided in an embodiment of the present invention can verify that database.
Fig. 2 is that vector provided in an embodiment of the present invention promises to undertake tree schematic diagram.
Specific implementation mode
In order to make the purpose , technical scheme and advantage of the present invention be clearer, with reference to embodiments, to the present invention It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to Limit the present invention.
The present invention realizes Tiered verification and the error logging positioning that can verify that in database, and control key parameter is big It is small, a kind of new data structure is devised based on vector promise --- vector promises to undertake tree.
As shown in Figure 1, the detection method packet provided in an embodiment of the present invention for supporting error logging positioning to can verify that database Include following steps:
S101:Configuration phase:By client to can verify that database (VDB) carry out initialization operation, define common parameter, It calculates vector to promise to undertake, and relevant information is sent and is uploaded to server together together with database, data are inquired for subsequent user In the process to the verification of data base integrity;
S102:Inquiry phase:Client submission inquiry request, the inquired data of database-located client, and according to public affairs Parameter calculates verification authority altogether, then issues client together with data;
S103:Qualify Phase:Client verifies credential server, is verified the inquired data of output;Otherwise Export validation failure;
S104:The client more new stage:When replacement, deletion and insertion operation (update operation) occur for client, client End, which updates common parameter and generates update token, gives server;
S105:The server update stage:The update token that server is provided according to common parameter and client is to database It is updated.
The present invention supports the database hierarchy verification method that error logging positions mainly to realize on the basis of existing technology Following target:
High efficiency.For arbitrary database D B ∈ [q] × { 0,1 }*, wherein q=poly (k), client, server and The calculating and storage resource that other users are spent are no more than
Support error logging positioning.For arbitrary database D B ∈ [q] × { 0,1 }*, wherein q=poly (k), when outer When bag data library is changed without data owner's certification, verifier can note abnormalities and obtain some clues to find mistake The serial number of record.
The application principle of the present invention is further described below in conjunction with the accompanying drawings.
The invention mainly comprises the contents of two parts, are that vector promises to undertake tree first, another is then to support error logging The database hierarchy verification method of positioning.
1, vector promises to undertake tree
1.1 vectors promise to undertake tree definition
Vector promises to undertake that tree (VCT) is the q for doing to promise to undertake in a recursive manner to a message sequence fork tree, and supports to open specific The promise of position;Its leaf node shares Q message, and most deep non-leaf nodes is the promise done to its q child's message, His non-leaf nodes is to promise to undertake done promise to its q child;Vector promises to undertake that the Committing unit in tree is promised to undertake using vector Method does the base unit promised to undertake, Committing unit can be message subsequence or promise set;Vector promises to undertake the height n of tree, disappears Meet relationship between the size Q and the size q of Committing unit of breath sequenceVector promises to undertake example such as Fig. 2 of tree It is shown.
Vector promises to undertake that tree is the non-interactive type cryptographic primitive for including following polynomial time algorithm:
VCT.KeyGen(1k,q,Q):Input security parameter k, the size q of each Committing unit and the size Q of entire message (Q=poly (k)), key schedule exports common parameter collection PP and vector promises to undertake the height n of tree (from root to most deep n omicronn-leaf Child node);Message space is denoted asPromise to undertake that space is denoted as
VCT.ComPP(m1,…,mQ,f):Input the sequence containing Q messageWith mapping letter Number f:According to common parameter PP, promises to undertake algorithm output additional information aux and promise to undertake set C, wherein each of C Value is that the vector done to the Committing unit containing message or promise is promised to undertake;
VCT.OpenPP(m,i,aux,AC,f):Index is the message m of i, additional information aux, accesses control in input database Parameter processedWith mapping function f:Only when AC meets access control rule, beat It opens algorithm and just exports evidence setM is all Q by i-th in commitment message;Algorithm is opened by original promise Person or the operation of other validated users;
VCT.VerPP(C,m,i,Λi,AC):Input promises to undertake that set C, index are the message m of i, evidence set ΛiAnd access Control parameter AC, verification function outputOr (⊥, Ω);OutputMean that AC is unsatisfactory for accessing control System strategy;Otherwise, only work as ΛiIt is a vaild evidence, it was demonstrated that C is to sequence (m1,…,mQ) generate, wherein m=mi, then It verifies function just and exportsOtherwise, (⊥, Ω) is exported, wherein Ω is to be tampered record location;
VCT.UpdatePP(C,mi,m′i,i,f):Former message m on input promise set C, i-th of positioniAnd new information m′iAnd mapping function f:Promise to undertake that more new algorithm exports new promise set C ' and fresh information set U;It promises to undertake more New algorithm is by generating C and planning wherein i-th of message miIt is updated to m 'iOriginal promise person operation;
VCT.ProofUpdatePP(C,Λj,m′i,i,U,f):Set C, evidence set Λ are promised to undertake in inputi, quasi- replace outsourcing The new information m ' of i-th of record in databasei, fresh information U and mapping function f:The output of evidence more new algorithm is new Evidence set Λ 'j;Evidence more new algorithm is by any evidence set Λ for possessing j-th of message in corresponding CjUser operation, Calculate evidence set Λ ' effective to new promise set C 'j
1.2 promise to undertake tree concrete scheme based on the CDH vectors assumed
The present invention is proposed promises to undertake tree tool based on the vectors assumed of computational Diffie-Hellman (CDH) in Bilinear Groups Body scheme promises to undertake Committing unit using the vectorial commitment scheme based on CDH.Determining for tree frame is promised to undertake according to above-mentioned vector Justice, vector of the invention promise to undertake that tree specific configuration is as follows:
VCT.KeyGen(1k,q,Q):Q is the size of each Committing unit, and Q is all sums by commitment message;In order to Convenient for indicating, Q=q is enabledn;Key schedule specific configuration is as follows:It enablesWithFor two prime number p rank Bilinear Groups, meet Bilinear map e:It enablesFor a random generation member;?Middle random selection z1,…,zq;To institute There is i=1 ..., q, settingTo all i, j=1 ..., q and i ≠ j, settingSetting PP=(g, {hi}i∈[1,q],{hi,j}i,j∈[1,q],i≠j);Message space isPromise to undertake that space is
VCT.ComPP(m1,…,mQ,f):Enable Cx,yIt indicates that vector promises to undertake y-th of commitment value of xth layer in tree, promises to undertake set C is these Cx,ySet;Root node is expressed as C0,1, most deep node is expressed asMost deep section Point calculates as follows:
Wherein y=1 ..., qn-1;Using an impact resistant hash function f:By Bilinear GroupsIn member Element is mapped asIn element, then other node (Cx,y, wherein x=n-2 ..., 0 and y=1 ..., qx) calculate it is as follows:
Then, promise to undertake that set C={ C are promised to undertake in algorithm outputx,y|x∈[0,n-1],y∈[1,qx] and additional information aux= (m1,…,mQ);
VCT.OpenPP(m,i,aux,AC,f):Access control parameter AC=(μ, ν) is decomposed, i.e., only allows to access μ layers The ν element, the validity for verifying AC parameters are as follows:IfAlgorithm is opened to terminate and export ⊥;Otherwise, it counts Calculate evidence set Λi;First, most Shenzhen Stock Exchange is according to Λi,n-1It calculates as follows:
WhereinWithIt is two to be respectively used to determine The function of i-th message Committing unit serial number and corresponding element serial number in xth layer;Then, for x=n-2 ..., ν is calculated
Wherein θ (i) and δ () are that the function in above formula is identical;In addition, also needing to calculate one and Λi,xIt is corresponding Mi,x
Mi,n-1=mθ(i,n-1)q+δ(i,n-1)
Then, for x=n-2 ..., ν:
Mi,x=f (Cx+1,θ(i,x)q+δ(i,x));
Finally, it opens algorithm and exports Λi={ (Λi,x,Mi,x)|x∈[ν,n-1]};Input parameter μ and ν can for controlling Verify the scale of record;
VCT.VerPP(C,m,i,Λi,AC):It decomposes and authentication-access control parameter AC=(μ, ν) is as follows:IfVerification algorithm terminates and exports 0 and an empty setOtherwise, (α, β)=(- 1, -1) setting Rst=;It is right In x=n-1 ..., β=x is arranged in ν, ifSimultaneously continue setting α=1;It is no α=⊥ is then set and exits cycle;X after circulation terminates, if α=1 and β=ν, are verified, verification algorithm outputOtherwise explanation has the unauthenticated message being tampered, authentication failed, verification algorithm to provide the model where error message It encloses;Enable Φ (Cx,y) indicate with Cx,yIt is for the massage set of promise, then wrong to be recorded in Ω=Φ (Cβ,θ(i,β)+1)-Φ (Cβ+1,θ(i,β+1)+1) in range, verification algorithm exports (⊥, Ω);
VCT.UpdatePP(C,mi,m′i,i):Promise to undertake the update of more new algorithm from leaf node (i-th of message) to root node All promises on path;First, promise to undertake that more new algorithm updates the promise on (n-1)th layer:
Then, for other x=n-2 ..., 0, promise to undertake that update is as follows:
Wherein Cn,i=miAnd C 'n,i=m 'i.Finally, the promise set that the output of more new algorithm C ' and U, wherein C ' are new is promised to undertake {C′x,y|x∈[0,n-1],y∈[1,qx], U is fresh information (mi,m′i,i);
VCT.ProofUpdatePP(C,Λj,m′i,i,U):Given U, possesses positioned at the original promise set C of j location messages With evidence set ΛjUser can use evidence update algorithm update its evidence set and promise to undertake gather, update include following Two steps:
Update is promised to undertake:With promise more new algorithm VCT.UpdatePP() is identical;
More fresh evidence:For all x=n-1 ..., 0, if δ (j, x)=δ (i, x), Λj,xIt remains unchanged;Otherwise for X=n-1 is calculated:
For x=n-2 ..., 0, it calculates:
2, the database hierarchy verification method of error logging positioning is supported
2.1 layerings can verify that database (HVDB) frame
The present invention extend it is existing can verify that database framework, improve calculating and the storage efficiency of initial phase, And provide the function of Tiered verification and Wrong localization record.The database hierarchy verification of the support error logging positioning of the present invention Method includes following polynomial time algorithm:
HVDB.Setup(1k,q,DB,Q):The database D B that security parameter k, Committing unit size q and size are Q is inputted, Placement algorithm output is quasi- be distributed to client (database owner) and for its privately owned key SK, intend being distributed in need test Demonstrate,prove the public key PK of the user of evidence and the quasi- database for being encoded to S for being uploaded to server;Placement algorithm is run by client;
HVDB.Query(PK/SK,S,x,AC):Input database S, the search index x after public key PK or private key SK, coding With the access control parameter AC of inquiry request person's (client or validated user), search algorithm first checks for access control parameter AC Whether effectively, only when AC meets access control policy, a query result τ=(v, π) is just exported;Otherwise, one is exported Error result ⊥;Search algorithm is asked by client or validated user, is executed by server;
HVDB.Verify(PK,x,τ,AC):Input the access control of public key PK, search index x, query result τ and verifier Parameter AC processed, similar with search algorithm, verification algorithm equally first checks for the validity of AC, when simultaneously meet AC effectively and τ just Really verification x then exports a value v and an empty set;Otherwise, it exports an error result ⊥ and an empty set indicates access control Parameter AC is invalid, or exports the non-empty range Ω of an error result ⊥ and an expression error logging position;
HVDB.ClientUpdate(SK,x,v′):Input private key SK, it updates recording indexes x and records new value for x-th V ', if record is updated successfully, client more new algorithm exports a update token t 'xWith a new public key PK ';Otherwise, Export a mistake ⊥;Client more new algorithm is run by client, and the value of x-th of data-base recording is revised as v ';
HVDB.ServerUpdate(PK,S,x,t′x):Input the database S after public key PK, coding, update recording indexes X and update token t 'x, new value v ' is recorded x-th in server update algorithm output S;Server update algorithm is by server Operation, with the password t ' provided according to clientxTo update the data library S.
2.2 promise to undertake that the layering of tree can verify that database concrete scheme based on vector
Promise to undertake that the layering of tree can verify that database concrete scheme construction is as follows based on vector:
HVDB.Setup(1k,q,DB,Q):Assuming that the raw data base of input is the form of key-value pair, and indicated For DB={ (i, vi) | i=1 ..., Q };First, vector is called to promise to undertake that the key schedule in tree obtains common parameter set PP:
PP←VCT.KeyGen(1k,q,Q);
Input parameter therein is corresponding with the input parameter in this placement algorithm;Then the key-in the DB of decomposition data library Value is to recording to establish an array (v containing Q value1,…,vQ), and call vector to promise to undertake tree using common parameter set PP In promise algorithm obtain (C, aux):
(C,aux)←VCT.ComPP(v1,…,vQ);
Finally, these intermediate parameters are combined into three output results:
HVDB.Query(PK,S,x,AC):Enable vx=DB (x) indicates the xth item record in database D B, decomposes and accesses control Parameter processed is AC=(μ, ν), indicates that inquiry request person can access all elements belonging to the ν promise in μ layers;Call to Amount promises to undertake the opening algorithm in tree, obtains the evidence set of xth item record:
Λx←VCT.OpenPP(vx,x,aux,(μ,ν));
Wherein all inputs are all directly or indirectly obtained from this search algorithm;Then, output result τ is made of following formula:
τ=(vxx);
HVDB.Verify(PK,x,τ,AC):By calling vector to promise to undertake, the verification algorithm in tree completes data base querying knot Fruit is verified:
(RstValue,RstSet)←VCT.VerPP(C,x,vxx);
Then processing interim findings (RstValue, RstSet) are as follows:
Situation 1:If RstValue=0 andVerification algorithm exportsIndicate that verifier does not weigh Limit accesses i-th record;
Situation 2:If RstValue=1 andVerification algorithm exportsWherein vxTo be decomposed from τ Obtained database xth item record, this output result indicate that database is not changed;
Situation 3:If RstValue=⊥ andVerification algorithm exports (⊥, Ω), indicates position in database There is data are unauthenticated to be tampered in range Ω;Symbol ⊥ indicates that mistake, section Ω indicate error logging position range;
The present invention supports open verification, therefore verification algorithm is input with public key PK;
HVDB.ClientUpdate(SK,x,v′):By calling vector to promise to undertake, the promise more new algorithm in tree completes client End update;Before performing an update, the integrality of current database is confirmed by search algorithm and verification algorithm;Renewal process is such as Under:First, client is recorded by the xth item for calling search algorithm to obtain database:
τ←HVDB.Query(PK,S,x);
Query result τ is obtained, client is checked by calling integrity verification algorithm to confirm that Outsourced database is unmodified Whether output meets the situation 2 in verification algorithm:
If being proved to be successful, client more new algorithm calls vector to promise to undertake the promise more new algorithm in tree:
(C′,U)←VCT.UpdatePP(C,vx,v′x,x);
Export new public key PK '=(PP, C ') and update token t 'x=(PK ', v 'x,U);Otherwise, client more new algorithm Terminate simultaneously output error ⊥;
HVDB.ServerUpdate(PK,S,x,t′x):After client completes the update of xth item record, as data inventory Storage server receives update token t 'xWhen, start the correlation updated storage:Server decompose first update token be (PK ', v′x, U), xth data library record is then replaced with into v 'x, and the aux addition fresh informations U into S.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all essences in the present invention All any modification, equivalent and improvement etc., should all be included in the protection scope of the present invention made by within refreshing and principle.

Claims (10)

1. a kind of vector promises to undertake tree, which is characterized in that the vector promises to undertake that tree is to be the q promised to undertake to message sequence in a recursive manner Fork tree, leaf node share Q message, and most deep non-leaf nodes is the promise done to its q child's message, other non-leaf Node is to promise to undertake done promise to its q child;Vector promises to undertake the height n of tree, the size Q of message sequence and Committing unit Meet relationship between size q
2. vector as described in claim 1 promises to undertake tree, which is characterized in that the vector promise to undertake the Committing unit of tree be using to Amount promise method does the base unit promised to undertake, Committing unit is message subsequence or promise set.
3. vector as described in claim 1 promises to undertake tree, which is characterized in that the vector promises to undertake that tree includes:
(1) key VCT.KeyGen (1 is generatedk,q,Q):Input security parameter k, the size q of each Committing unit and entire message Size Q (Q=poly (k)), key schedule VCT.KeyGen (1k, q, Q) and export common parameter collection PP and vector promise The height n of tree, from root to most deep non-leaf nodes;Message space is denoted asPromise to undertake that space is denoted as
(2) it calculates and promises to undertake VCT.ComPP(m1,…,mQ,f):Input the sequence containing Q message And mapping functionAccording to common parameter PP, algorithm VCT.Com is promised to undertakePP(m1,…,mQ, f) and output additional information Aux and promise set C, wherein each of C values are that the vector done to the Committing unit containing message or promise is promised to undertake;
(3) it opens and promises to undertake VCT.OpenPP(m,i,aux,AC,f):Index is message m, the additional information of i in input database Aux, access control parameterAnd mapping functionOnly control is accessed when AC meets When system rule, algorithm VCT.Open is openedPP(m, i, aux, AC, f) just exports evidence setM is all Q and is held I-th in promise message;Algorithm is opened to be run by original promise person or other validated users;
(4) VCT.Ver is promised to undertake in verificationPP(C,m,i,Λi,AC):Input promises to undertake that set C, index are the message m of i, evidence set Λi With access control parameter AC, verification function VCT.VerPP(C,m,i,Λi, AC) and outputOr (⊥, Ω);It is defeated Go outMean that AC is unsatisfactory for access control policy;Otherwise, only work as ΛiIt is a vaild evidence, it was demonstrated that C is to sequence (m1,…,mQ) generate, wherein m=mi, then verify function just and exportOtherwise, (⊥, Ω) is exported, wherein Ω is Error logging location;
(5) VCT.Ver is promised to undertake in updatePP(C,m,i,Λi,AC):Former message m on input promise set C, i-th of positioniWith it is new Message m 'iAnd mapping functionPromise to undertake more new algorithm VCT.UpdatePP(C,mi,m′i, i, f) and export new hold Promise set C ' and fresh information set U;Promise to undertake more new algorithm by generating C and planning wherein i-th of message miIt is updated to m 'iOriginal Beginning promise person runs;
(6) more fresh evidence VCT.ProofUpdatePP(C,Λj,m′i,i,U):Set C, evidence set Λ are promised to undertake in inputi, quasi- replace Change the new information m ' of i-th of record in Outsourced databasei, fresh information U and mapping functionEvidence more new algorithm VCT.ProofUpdatePP(C,Λj,m′i, i, U, f) and the new evidence set Λ ' of outputj;Evidence more new algorithm is possessed pair by any Answer the evidence set Λ of j-th of message in CjUser's operation, calculate evidence set Λ ' effective to new promise set C 'j
4. vector as claimed in claim 3 promises to undertake tree, which is characterized in that the key schedule specifically includes:
VCT.KeyGen(1k,q,Q):Q is the size of each Committing unit, and Q is all sums by commitment message;For the ease of It indicates, enables Q=qn;Key schedule specific configuration is as follows:It enablesWithFor two prime number p rank Bilinear Groups, meet two-wire Property mappingIt enablesFor a random generation member;?Middle random selection z1,…,zq;To all i =1 ..., q, settingTo all i, j=1 ..., q and i ≠ j, settingSetting PP=(g, {hi}i∈[1,q],{hi,j}i,j∈[1,q],i≠j);Message space isPromise to undertake that space is
(2) specifically include:
VCT.ComPP(m1,…,mQ,f):Enable Cx,yIt indicates that vector promises to undertake y-th of commitment value of xth layer in tree, promises to undertake that set C is this A little Cx,ySet;Root node is expressed as C0,1, most deep node is expressed asMost deep node calculates It is as follows:
Wherein y=1 ..., qn-1;Using an impact resistant hash functionBy Bilinear GroupsIn element reflect Penetrate forIn element, then other node (Cx,y, wherein x=n-2 ..., 0 and y=1 ..., qx) calculate it is as follows:
Then, promise to undertake that set C={ C are promised to undertake in algorithm outputx,y|x∈[0,n-1],y∈[1,qx] and additional information aux= (m1,…,mQ);
(3) specifically include:
VCT.OpenPP(m,i,aux,AC,f):Access control parameter AC=(μ, ν) is decomposed, i.e., only allows to access μ layers of ν A element, the validity for verifying AC parameters are as follows:IfAlgorithm is opened to terminate and export ⊥;Otherwise, card is calculated According to set Λi;First, most Shenzhen Stock Exchange is according to Λi,n-1It calculates as follows:
WhereinWithIt is two to be respectively used to determine xth layer In i-th message Committing unit serial number and corresponding element serial number function;Then, for x=n-2 ..., ν is calculated:
Wherein θ (i) and δ () are that the function in above formula is identical;In addition, also needing to calculate one and Λi,xCorresponding Mi,x
Mi,n-1=mθ(i,n-1)q+δ(i,n-1)
Then, for x=n-2 ..., ν:
Mi,x=f (Cx+1,θ(i,x)q+δ(i,x));
Finally, it opens algorithm and exports Λi={ (Λi,x,Mi,x)|x∈[ν,n-1]};Input parameter μ and ν can verify that note for controlling The scale of record;
The verification process of (4) includes:
VCT.VerPP(C,m,i,Λi,AC):It decomposes and authentication-access control parameter AC=(μ, ν) is as follows:IfVerification algorithm terminates and exports 0 and an empty setOtherwise, (α, β)=(- 1, -1) setting Rst=;It is right In x=n-1 ..., β=x is arranged in ν, ifSimultaneously continue setting α=1;It is no α=⊥ is then set and exits cycle;X after circulation terminates, if α=1 and β=ν, are verified, verification algorithm outputOtherwise explanation has the unauthenticated message being tampered, authentication failed, verification algorithm to provide the model where error message It encloses;Enable Φ (Cx,y) indicate with Cx,yIt is for the massage set of promise, then wrong to be recorded in Ω=Φ (Cβ,θ(i,β)+1)-Φ (Cβ+1,θ(i,β+1)+1) in range, verification algorithm exports (⊥, Ω);
Described (5) update:
VCT.UpdatePP(C,mi,m′i,i):Promise to undertake the update of more new algorithm from leaf node (i-th of message) to root node path On all promises;First, promise to undertake that more new algorithm updates the promise on (n-1)th layer,
Then, for other x=n-2 ..., 0, promise to undertake that update is as follows:
Wherein Cn,i=miAnd C 'n,i=m 'i;Finally, the promise set that the output of more new algorithm C ' and U, wherein C ' are new is promised to undertake {C′x,y|x∈[0,n-1],y∈[1,qx], U is fresh information (mi,m′i,i);
(6) the evidence update specifically includes:
VCT.ProofUpdatePP(C,Λj,m′i,i,U):Given U, possesses positioned at the original promise set C of j location messages and evidence Set ΛjUser can use evidence update algorithm update its evidence set and promise to undertake gather, update include following two steps Suddenly:
Update is promised to undertake:With promise more new algorithm VCT.UpdatePP() is identical;
More fresh evidence:For all x=n-1 ..., 0, if δ (j, x)=δ (i, x), Λj,xIt remains unchanged;Otherwise for x= N-1 is calculated:
For x=n-2 ..., 0, it calculates:
5. a kind of promising to undertake that the support error logging positioning of tree can verify that the detection side of database using vector described in claim 1 Method, which is characterized in that the support error logging positioning can verify that the detection method of database includes:
(1) configuration phase HVDB.Setup (1k,q,DB,Q):Input the number that security parameter k, Committing unit size q and size are Q According to library DB, placement algorithm HVDB.Setup (1k, q, DB, Q) and it exports and intends being distributed to client and be its privately owned key SK, intend dividing Issue the public key PK of the user of experimental evidence in need and the quasi- database for being encoded to S for being uploaded to server;Configuration is calculated Method is run by client;
(2) inquiry phase HVDB.Query (PK/SK, S, x, AC):Input public key PK or private key SK, coding after database S, look into Access control the parameter AC, search algorithm HVDB.Query (PK/SK, S, x, AC) for asking index x and inquiry request person are first checked for Whether access control parameter AC is effective, only when AC meets access control policy, just exports a query result τ=(v, π); Otherwise, an error result ⊥ is exported;Search algorithm is asked by client or validated user, is executed by server;
(3) Qualify Phase HVDB.Verify (PK, x, τ, AC):Input public key PK, search index x, query result τ and verifier Access control parameter AC, similar with search algorithm, verification algorithm HVDB.Verify (PK, x, τ, AC) equally first checks for AC Validity, when simultaneously meet AC effectively and τ correct verifications x then export a value v and an empty set;Otherwise, a mistake is exported Accidentally result ⊥ and an empty set indicate that access control parameter AC is invalid, or one error result ⊥ of output and an expression mistake Misdescription records the non-empty range Ω of position;
(4) client more new stage HVDB.ClientUpdate (SK, x, v '):Input private key SK, update recording indexes x and xth It is a to record new value v ', if record is updated successfully, client more new algorithm HVDB.ClientUpdate (SK, x, v ') outputs One update token t 'xWith a new public key PK ';Otherwise, a mistake ⊥ is exported;Client more new algorithm is transported by client Row, v ' is revised as by the value of x-th of data-base recording;
(5) server update stage HVDB.ServerUpdate (PK, S, x, t 'x):Input the database S after public key PK, coding, Update recording indexes x and update token t 'x, server update algorithm HVDB.ServerUpdate (PK, S, x, t 'x) export in S Record new value v ' x-th;Server update algorithm is run by server, with the password t ' provided according to clientxTo update Database S.
6. error logging positioning is supported to can verify that the detection method of database as claimed in claim 5, which is characterized in that described (1) placement algorithm specifically includes in:
HVDB.Setup(1k,q,DB,Q):The raw data base of input is the form of key-value pair, and be denoted as DB=(i, vi) | i=1 ..., Q };First, vector is called to promise to undertake that the key schedule in tree obtains common parameter set PP:
PP←VCT.KeyGen(1k,q,Q);
Input parameter therein is corresponding with the input parameter in this placement algorithm;Then the key-value pair in the DB of decomposition data library Record is to establish an array (v containing Q value1,…,vQ), and call vector to promise to undertake in tree using common parameter set PP Promise to undertake that algorithm obtains (C, aux):
(C,aux)←VCT.ComPP(v1,…,vQ);
Finally, intermediate parameters are combined into three output results:
7. error logging positioning is supported to can verify that the detection method of database as claimed in claim 5, which is characterized in that described (2) search algorithm detailed process is as follows in:
HVDB.Query(PK,S,x,AC):Enable vx=DB (x) indicates the xth item record in database D B, decomposes access control ginseng Number is AC=(μ, ν), indicates that inquiry request person can access all elements belonging to the ν promise in μ layers;Vector is called to hold Opening algorithm in promise tree obtains the evidence set of xth item record:
Λx←VCT.OpenPP(vx,x,aux,(μ,ν));
Wherein all inputs are all directly or indirectly obtained from this search algorithm;Then, output result τ is made of following formula:
τ=(vxx)。
8. error logging positioning is supported to can verify that the detection method of database as claimed in claim 5, which is characterized in that described (3) verification algorithm specifically includes in:
HVDB.Verify(PK,x,τ,AC):By calling vector to promise to undertake, the verification algorithm in tree is completed database query result and is tested Card:
(RstValue,RstSet)←VCT.VerPP(C,x,vxx);
Then processing interim findings (RstValue, RstSet) are as follows:
RstValue=0 andVerification algorithm exportsIndicate that verifier does not have permission to access i-th note Record;
RstValue=1 andVerification algorithm exportsWherein vxFor the database decomposed from τ Xth item records, this output result indicates that database is not changed;
RstValue=⊥ andVerification algorithm exports (⊥, Ω), indicates there is number in position range Ω in database It is tampered according to unauthenticated;Symbol ⊥ indicates that mistake, section Ω indicate error logging position range.
9. error logging positioning is supported to can verify that the detection method of database as claimed in claim 5, which is characterized in that described (4) client more new algorithm specifically includes in:
HVDB.ClientUpdate(SK,x,v′):By calling vector to promise to undertake, the promise more new algorithm in tree completes client more Newly;Before performing an update, the integrality of current database is confirmed by search algorithm and verification algorithm;Renewal process is as follows: First, client is recorded by the xth item for calling search algorithm to obtain database:
τ←HVDB.Query(PK,S,x);
Query result τ is obtained, client checks output by calling integrity verification algorithm to confirm that Outsourced database is unmodified Whether verification algorithm is met:
It is proved to be successful, then client more new algorithm calls vector to promise to undertake the promise more new algorithm in tree:
(C′,U)←VCT.UpdatePP(C,vx,v′x, x),
Export new public key PK '=(PP, C ') and update token t 'x=(PK ', v 'x,U);Otherwise, client more new algorithm terminates And output error ⊥;
Server update algorithm specifically includes in (5):
HVDB.ServerUpdate(PK,S,x,t′x):After client completes the update of xth item record, when database purchase service Device receives update token t 'xWhen, start the correlation updated storage:It is (PK ', v ' that server decomposes update token firstx, U), Then xth data library record is replaced with into v 'x, and the aux addition fresh informations U into S.
10. a kind of using the detection method for supporting error logging positioning to can verify that database described in claim 5~9 any one Dynamic data base system.
CN201810349942.9A 2018-04-18 2018-04-18 A kind of detection method for supporting error logging positioning to can verify that database Pending CN108737069A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810349942.9A CN108737069A (en) 2018-04-18 2018-04-18 A kind of detection method for supporting error logging positioning to can verify that database

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810349942.9A CN108737069A (en) 2018-04-18 2018-04-18 A kind of detection method for supporting error logging positioning to can verify that database

Publications (1)

Publication Number Publication Date
CN108737069A true CN108737069A (en) 2018-11-02

Family

ID=63939107

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810349942.9A Pending CN108737069A (en) 2018-04-18 2018-04-18 A kind of detection method for supporting error logging positioning to can verify that database

Country Status (1)

Country Link
CN (1) CN108737069A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114965941A (en) * 2022-04-15 2022-08-30 中电建路桥集团有限公司 Saline-alkali soil physical and chemical characteristic multi-scale intelligent sensing method and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070261074A1 (en) * 2006-04-25 2007-11-08 Chang Sik Yun Broadcast receiver and method for processing broadcast data
CN103024006B (en) * 2012-11-23 2016-05-25 西安电子科技大学 The method of the safe outsourcing that under a kind of cloud computing environment, bilinearity is right
CN102938767B (en) * 2012-11-13 2016-08-10 西安电子科技大学 The fuzzy keyword search methodology that efficiently can verify that based on the outer packet system of cloud data
CN106991148A (en) * 2017-03-27 2017-07-28 西安电子科技大学 It is a kind of to support the full database authentication system and method for updating operation

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070261074A1 (en) * 2006-04-25 2007-11-08 Chang Sik Yun Broadcast receiver and method for processing broadcast data
CN102938767B (en) * 2012-11-13 2016-08-10 西安电子科技大学 The fuzzy keyword search methodology that efficiently can verify that based on the outer packet system of cloud data
CN103024006B (en) * 2012-11-23 2016-05-25 西安电子科技大学 The method of the safe outsourcing that under a kind of cloud computing environment, bilinearity is right
CN106991148A (en) * 2017-03-27 2017-07-28 西安电子科技大学 It is a kind of to support the full database authentication system and method for updating operation

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
张志伟等: ""HVDB: a hierarchical verifiable database scheme with scalable updates"", 《SPRINGER LINK》 *
王剑锋: ""云环境下外包数据的高效检索及安全审计技术研究"", 《中国博士学位论文全文数据库 信息科技辑》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114965941A (en) * 2022-04-15 2022-08-30 中电建路桥集团有限公司 Saline-alkali soil physical and chemical characteristic multi-scale intelligent sensing method and system

Similar Documents

Publication Publication Date Title
Mikula et al. Identity and access management with blockchain in electronic healthcare records
Barsoum et al. Provable multicopy dynamic data possession in cloud computing systems
CN107864139A (en) A kind of cryptography attribute base access control method and system based on dynamic rules
CN104038349B (en) Effective and verifiable public key searching encryption method based on KP-ABE
CN103636160B (en) secure file sharing method and system
CN107634829A (en) Encrypted electronic medical records system and encryption method can search for based on attribute
US10846372B1 (en) Systems and methods for trustless proof of possession and transmission of secured data
US8620882B2 (en) Tokenization of multiple-field records
CN111986755A (en) Data sharing system based on block chain and attribute-based encryption
Jiang et al. Attribute-based encryption with blockchain protection scheme for electronic health records
CN106789080A (en) digital signature generation method and system
US20150207621A1 (en) Method for creating asymmetrical cryptographic key pairs
KR20070096014A (en) Identity-based key generating methods and devices
CN102170356A (en) Authentication system realizing method supporting exclusive control of digital signature key
Naresh et al. Blockchain‐based patient centric health care communication system
CN110390203A (en) A kind of hiding attribute base encryption method of the strategy can verify that decrypted rights
CN116303767A (en) Medical data multistage management and sharing method based on CP-ABE
Yang et al. A privacy‐preserving data transmission scheme based on oblivious transfer and blockchain technology in the smart healthcare
US11856095B2 (en) Apparatus and methods for validating user data by using cryptography
CN104160651A (en) Byzantine fault tolerance and threshold coin tossing
CN108737069A (en) A kind of detection method for supporting error logging positioning to can verify that database
Vamsi et al. Electronic health record security in cloud: Medical data protection using homomorphic encryption schemes
CN116527322A (en) Combined credit investigation method and device based on block chain and privacy calculation
CN116346306A (en) Multi-center attribute-based encryption method, computer readable storage medium and equipment
CN113656829A (en) Medical data security sharing method based on lattice code and alliance chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20181102

RJ01 Rejection of invention patent application after publication