CN108881186A - A kind of shared compressed sensing encryption method with Error Control of achievable key - Google Patents

A kind of shared compressed sensing encryption method with Error Control of achievable key Download PDF

Info

Publication number
CN108881186A
CN108881186A CN201810549669.4A CN201810549669A CN108881186A CN 108881186 A CN108881186 A CN 108881186A CN 201810549669 A CN201810549669 A CN 201810549669A CN 108881186 A CN108881186 A CN 108881186A
Authority
CN
China
Prior art keywords
user
indicate
value
data
identity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810549669.4A
Other languages
Chinese (zh)
Other versions
CN108881186B (en
Inventor
高军涛
张鹏
贾文娟
李雪莲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201810549669.4A priority Critical patent/CN108881186B/en
Publication of CN108881186A publication Critical patent/CN108881186A/en
Application granted granted Critical
Publication of CN108881186B publication Critical patent/CN108881186B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/1066Session management
    • H04L65/1073Registration or de-registration
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • General Business, Economics & Management (AREA)
  • Multimedia (AREA)
  • Storage Device Security (AREA)

Abstract

A kind of shared compressed sensing encryption method with Error Control of achievable key, implementation step are:1. Cloud Server is registered to half honesty registration center RC registration;2. user registers to half honesty registration center RC;3. pre-processing be-encrypted data;4. being encrypted using compression sensing method to be-encrypted data;5. ciphertext Error Control is handled;6. anonymous Identity authenticates couple user;7 session key distributions;8. session key distribution;9. Cloud Server authenticates booking reader;10. Error Control restores ciphertext data;11. a pair ciphertext is decrypted;12. cancelling user and Cloud Server;13. user and Cloud Server are cancelled in recovery;14. increasing new user and Cloud Server.The safety of key is shared between the indistinguishability and user of present invention guarantee signal data energy, and solving the problems, such as to lose when ciphertext data packet is more than half fail to decrypt correctly.

Description

A kind of shared compressed sensing encryption method with Error Control of achievable key
Technical field
The invention belongs to field of information security technology, and further relating to one of art of cryptography can be achieved key Shared and Error Control compressed sensing encryption method.The present invention based on compressed sensing, propose one kind can be used for it is multiple The safety of key is shared between user in Cloud Server, can Error Control safe encryption method.
Background technique
Compressed sensing (CS) encryption method is mainly used for improving the safety of data, while reducing storage, processing and transmission Cost.A large amount of sampling times and space resources can be not only saved using compressed sensing, and can also be used to encrypted transmission number According to, therefore can guarantee the safety of data.Existing compressed sensing encryption method combines multiple encryption algorithms often to improve The safety of system.It is some to combine the technologies such as the same stream cipher of compressed sensing, index scramble, chaotic map algorithms to realize and add The safety of close algorithm.Identical stream cipher code key, index matrix are utilized when decryption, mapping algorithm recovers initial data.This The security performance of compressed sensing Encryption Algorithm can be improved in a little methods to a certain extent, but these methods are all based on individually Encryption Algorithm design under the conditions of Cloud Server, can not achieve the encryption and transmission of data in cloudy server.And it can not Realize that the safety of code key between user under cloudy server environment is shared.
Paper " the Computation Outsourcing Meets Lossy that Z Yushu and Z Jiantao are delivered at it Channel:Secure Sparse Robustness Decoding Service in Multi-Clouds”(IEEE Transactions on Big Data, 2017) a kind of compressed sensing based on multiple Cloud Server outsourcings storage is proposed in Encryption method.This method has main steps that:(1) when system initialization, user first converts sparse 2D signal to dilute Thin one-dimensional signal, and obtain corresponding sparse set.(2) when encrypting, user first chooses a security parameter, is generated using key Algorithm generates a permutation vector and encryption vector, then exchanges corresponding sparse set using permutation vector, finally utilizes encryption Sparse set encryption data is uploaded to cloudy server by the element after the sparse displacement of vector block encryption.(3) when decrypting, After cloudy server receives the decryption demand of user, required ciphertext is sent to user, only possesses descrambled vector at this time User can just be decrypted correctly ciphertext, and the illegal of descrambled vector is not unable to get real plaintext, while ensure that and lose Still there is preferable restorability in the case where half data packet.But the shortcoming that this method still has is:This method Belong to the solution that lost data packets are no more than total data half, once losing ciphertext data packet is more than total data half It fail to decrypt correctly, and be not carried out between user when just not can guarantee recovery effects, therefore causing beyond half loss of data The problem of safety of key is shared, can not prevent cloudy server from user's upload Key Exposure being gone out, while not accounting for energy The problem of amount leakage, signal data are easy not can guarantee the indistinguishability of signal data energy, in reality by Attacks It will cause serious safety problem in.
Xian Electronics Science and Technology University is in patent document " the image encryption side based on compressed sensing and index scramble of its application Proposed in method " (application number 2001510705403.0,105306779 A of application publication number CN) it is a kind of based on compressed sensing and Index the image encryption method of scramble.This method has main steps that:(1) original image is unfolded under orthogonal basis, is obtained dilute Sparse coefficient.(2) with Logistic sequence control construction calculation matrix.(3) sparse coefficient is measured with calculation matrix, is obtained Measured value.(4) scramble is carried out to measured value with Logistic sequence, the measured value after obtaining scramble.(5) by the measurement after scramble Value carries out quantization and transmits as ciphertext.Shortcoming existing for this method is:This method building process only considered the life of code key At not accounting for the secure distribution problem of key between user, and do not account for data-bag lost in ciphertext transmission process The problem of, therefore ciphertext is caused to fail to decrypt correctly, it can not be used in the peace of data and image in multiple Cloud Servers Full encryption.
Summary of the invention
It is an object of the invention in view of the above shortcomings of the prior art, propose that a kind of achievable key is shared and mistake control The compressed sensing encryption method of system, the characteristics of to meet compressed sensing, when guaranteeing data-bag lost occur in ciphertext transmission process, It can be still decrypted correctly ciphertext, realize the secure distribution problem of code key between user under cloudy server environment, it is whole to improve system The security performance of body.
To achieve the above object, the technical solution adopted by the present invention includes the following steps:
(1) Cloud Server is registered to half honesty registration center RC:
The public identity value of information is sent to half honesty registration center RC by (1a) Cloud Server;
(1b) according to the following formula, half honesty registration center RC calculates the anonymous Identity value of each Cloud Server:
Wherein, stIndicate the anonymous Identity value of t-th of Cloud Server, H2() indicates what half honesty registration center RC chose Safe impact resistant hash function, x indicate half honesty registration center RC in finite fieldOn the secret value that randomly selects,It indicates The finite field that half honesty registration center RC is generated using the Big prime n randomly selected, g indicate finite fieldGeneration member, IDtTable Show the public identity value of information to be registered of t-th of Cloud Server;
(1c) half honesty registration center RC stores Cloud Server anonymous Identity value into registered Cloud Server set;
(2) user registers to half honesty registration center RC:
(2a) utilizes identity information value formula to be registered, and each user to be registered calculates identity information value to be registered;
(2b) utilizes identity information value formula to be certified, and each user to be registered calculates identity information value to be certified;
(2c) according to the following formula, calculates the verifying identity information value of each user to be registered, and half honesty registration center RC will be tested Card identity information value is sent to each user to be registered:
Fk=Vk+rk·P
hk=H1(Rk)
Wherein, FkIndicate the verification information value of k-th of user to be registered, rkIndicate that half honesty registration center RC is randomly selected For calculating the verifying secret value of k-th of user authentication information to be registered, P expression addition cyclic group G1Generation member, G1It indicates Rank is the addition cyclic group of p, hkIndicate the cryptographic Hash of the verification information of k-th of user to be registered, H1() indicates half honest registration What center RC chose is different from H2() safe impact resistant hash function;
(2d) according to the following formula, calculates the anonymous Identity value of each user to be registered, and half honesty registration center RC is by anonymous body Part value is sent to each user to be registered:
sk=H2(pk·PGk)
Wherein, pkIndicate the authenticating identity value of information of k-th of user to be registered, IDkIndicate the public affairs of k-th of user to be registered Open identity information value, skIndicate k-th of user anonymity identity value to be registered;
(2e) half honesty registration center RC stores each user anonymity authentication value to be registered to registered users collection In conjunction;
(2f) utilizes identity information verification method, the verifying that half honesty registration center RC of each user's checking to be registered is sent Whether identity information value is true, if so, (2g) is executed, otherwise, identity information authentification failure;
(2g) utilizes private key formula, and each user to be registered calculates private key;
(3) be-encrypted data is pre-processed:
(3a) inputs be-encrypted data, and registration user carries out one-dimensional signal processing to the be-encrypted data of input;
(3b) registers user and utilizes SVD calculation matrix generation method, generates calculation matrix;
(3c) registration user successively records nonzero element in sparse vector, obtains sparse vector supported collection;
(3d) registers user and utilizes displacement support set creation method, generates the displacement support collection of sparse vector;
(3e) registers user and utilizes the sparse formula of specification, calculates the sparse value of specification of be-encrypted data;
(4) be-encrypted data is encrypted using compression sensing method:
(4a) according to the following formula, registration user calculates the encrypted cipher text of be-encrypted data:
Wherein, y indicate be-encrypted data encrypted cipher text, Φ indicate calculation matrix, Ψ indicate sparse matrix, θ indicate to The sparse value of encryption data, | | | |2Indicate that 2 norms operate;
(4a) according to the following formula, registration user calculates the energy encrypted cipher text of sparse data:
Wherein, c indicates the energy encrypted cipher text of sparse data,Indicate xor operation, K1Indicate that pseudo-random function Γ is generated Energy encryption key;
(5) ciphertext Error Control is handled:
(5a) according to the following formula, registration user calculates every group of grouping data length:
Wherein, m indicates packet data length, and α indicates the error rate that registration user is arranged according to the demand of Error Control, t Indicate data grouping number;
(5b), divided by packet data number, obtains the shift length of packet data with ciphertext;
(5c) registers user and beats Error Control treated compression ciphertext, energy encrypted cipher text, sparse vector supported collection Packet is sent to Cloud Server;
(6) between progress anonymous Identity certification user:
(6a) booking reader sends data subscription request to encryption data user is uploaded;
(6b) according to the following formula, calculates temporary identity authentication information parameter, uploads encryption data user and authenticates temporary identity Information parameter is sent to booking reader:
bi=H3(Fi||ai·P||Ti||vaild period)
Wherein, biIndicate the temporary authentication information parameter of i-th of user of upload encryption data, H3() indicates that half is honest Registration center RC selection is different from H1() and H2The impact resistant secure hash function of (), | | indicate cascade operation, aiIt indicates Upload the temporary secret value of i-th of user selection of encryption data, TiIndicate upload encryption data i-th of user it is current when Between stab, vaild period indicate certification legal time section;
(6c) according to the following formula, calculates temporary identity authentication information value, uploads encryption data user and authenticates temporary identity and believes Breath value is sent to booking reader:
di=(ai+bi)-1·xi
Wherein, diIndicate the temporary authentication information value of i-th of user of upload encryption data, ()-1Indicate inversion operation, xiIndicate the private key of i-th of user of upload encryption data;
(6d) according to the following formula, calculates anonymous Identity authentication information value, uploads encryption data user and authenticates anonymous Identity and believes Breath value is sent to booking reader:
Wherein, tiIndicate the anonymous Identity authentication information value of i-th of user of upload encryption data;
(6e) according to the following formula, booking reader calculates the anonymous Identity authentication value for uploading encryption data user:
Wherein, CiIndicate that the anonymous Identity authentication value of i-th of user of upload encryption data, C indicate in half honest registration The user anonymity authentication value that heart RC is randomly selected in finite field, λ indicate half honesty registration center RC in finite fieldIt is upper random Secret value is chosen, N indicates that registration user and cloud serverless backup sum, ∏ indicate even to multiply operation;
Whether the anonymous Identity authentication value that (6f) booking reader verifies upload encryption data user is equal in half honest registration The user anonymity authentication value that heart RC is announced, if so, (6g) is thened follow the steps, otherwise, authentication failure;
(6g) uses information authentication method, and booking reader is to the upload encryption data user's checking authenticated by anonymous Identity Information;
(6h) according to the following formula, calculates temporary identity authentication information parameter, and booking reader is by temporary identity authentication information parameter It is sent to and uploads encryption data user:
bi=H3(Fj||aj·P||Tj||vaild period)
Wherein, bjIndicate the temporary authentication information parameter of j-th of booking reader, ajIndicate facing for j-th of booking reader's selection When secret value, TjIndicate the current time stamp of j-th of booking reader;
(6i) according to the following formula, calculates temporary identity authentication information value, and booking reader sends temporary identity authentication information value To upload encryption data user:
dj=(aj+bj)-1·xj
Wherein, djIndicate the temporary authentication information value of j-th of booking reader, xjIndicate the private key of j-th of booking reader;
(6j) according to the following formula, calculates anonymous Identity authentication information value, and booking reader sends anonymous Identity authentication information value To upload encryption data user:
Wherein, tjIndicate the anonymous Identity authentication information value of j-th of booking reader;
(6k) according to the following formula, uploads the anonymous Identity authentication value that encryption data user calculates booking reader:
Wherein, CjIndicate the anonymous Identity authentication value of j-th of booking reader;
Whether the anonymous Identity authentication value that (6l) uploads encryption data user's checking booking reader is equal in half honest registration The anonymous authentication value that heart RC is announced, if so, (6m) is thened follow the steps, otherwise, authentication failure;
(6m) uses information authentication method, uploads the booking reader's that encryption data user's checking is authenticated by anonymous Identity Verification information;
(7) session key distribution:
(7a) according to the following formula, booking reader calculates the session key for authenticating by anonymous Identity and uploading encryption data user:
Sk=H1(aj·Xi)
Wherein, Sk indicates the session key that booking reader calculates;
(7b) according to the following formula, uploads encryption data user and calculates the session key for authenticating booking reader by anonymous Identity:
Sk=H1(ai·Xj)
Wherein, Sk indicates to upload the session key of computing with encrypted data;
(8) decruption key is distributed:
(8a) according to the following formula, uploads the energy that encryption data user calculates after encryption and encrypts code key:
Wherein, K1' indicate that the energy of encryption encrypts code key;
(8b) uploads encryption data user and transmits the energy encryption code key and permutation function of encryption to booking reader, Complete the distribution of decruption key;
(9) Cloud Server authenticates booking reader:
(9a) booking reader sends to Cloud Server and subscribes to request;
Anonymous Identity information is sent to Cloud Server by (9b) booking reader;
(9c) according to the following formula, Cloud Server calculates the anonymous Identity value of information of booking reader:
Wherein, CjIndicate the anonymous Identity value of information of booking reader;
Whether the anonymous Identity authentication value of (9d) Cloud Server authentication booking reader is equal to half honesty registration center RC The anonymous authentication value of announcement, if so, (9e) is thened follow the steps, otherwise, authentication failure;
(9e) uses compressed sensing reconstructing method, calculates specification sparse data and energy encryption function, and Cloud Server will advise Model sparse data and energy encryption function are sent to booking reader;
(10) Error Control restores ciphertext data:
(d-1) organizes the feelings of continuous data before (10a) is lost booking reader during receiving Cloud Server data Condition, booking reader, which obtains, organizes continuous data, the L of d group data after extraction from d group to d+ (t-1)kBit is plain, d group data complete L in portion's element and remaining set datakBit element can recover whole ciphertext data, wherein LkK after indicating in packet data Data;
(10b) is lost arbitrary continuation (d-1) group data to booking reader during receiving Cloud Server data Situation, booking reader obtains since next group of d' for losing data organizes data from d' group to 2d'-t (mod t), extracts d' L in the whole elements and remaining set data of group datakBit element can recover whole original cipher text data, wherein mod Indicate modulo operation;
(11) ciphertext is decrypted:
(11a) booking reader utilizes displacement support set creation method, obtains the displacement sparse vector supported collection of reduction;
(11b) according to the following formula, booking reader calculates the energy encryption function of decryption:
Wherein,Indicate the decryption energy encryption function calculated;
(11c) according to the following formula, booking reader calculates initial data:
Wherein,Indicate the sparse value of specification;
(12) user and Cloud Server are cancelled:
(12a) half honesty registration center RC gathers the expired user of revocation or the enrollment status information of Cloud Server set It is removed from anonymous Identity verification function;
(12b) according to the following formula, half honesty registration center RC changes anonymous Identity verification function:
Wherein, C1(x) indicate that the anonymous Identity verification function of change, C' indicate the difference selected from finite field and C's Anonymous Identity authentication value, λ ' indicate half honesty registration center RC in finite fieldOn randomly select secret value;
(12c) half honesty registration center RC broadcast anonymous Identity verification function completes destruction operation, other users or cloud clothes The key and identity information of business device remain unchanged;
(13) restore revocation user and Cloud Server:
(13a) will restore when cancelling Cloud Server sending recovery request according to half honesty registration center RC of step (2) The corresponding identity information of Cloud Server is added anonymous Identity verification function and completes to restore revocation user's operation, unrepealed cloud clothes Business device does not need to update authentication information;
(13b) will restore user when cancelling user's sending recovery request, according to half honesty registration center RC of step (3) Corresponding identity information is added anonymous Identity verification function and completes to restore revocation user's operation, and unrepealed user does not need more New authentication information;
(14) increase new user and Cloud Server:
(14a) when new Cloud Server issues registration request, according to the honest registration center of step (2) half by new Cloud Server Enrollment status information anonymous Identity verification function be added complete to increase the operation of new Cloud Server, the key of other Cloud Servers and Identity information remains unchanged;
(14b) when new user issues registration request, according to the honest registration center of step (3) half by the registration body of new user Part information is added anonymous Identity verification function and completes to increase new user's operation, and the key and identity information of other users is kept not Become.
The present invention has the following advantages that compared with prior art:
First, since the present invention calculates the energy encrypted cipher text of sparse data, the problem of can preventing ciphertext energy leakage, is protected The shortcomings that safety for having demonstrate,proved ciphertext overcomes in existing compressed sensing encryption technology, and signal data is easy by Attacks, Guarantee the indistinguishability of signal data energy, so that general safety performance of the invention is more prominent.
Second, it since Error Control of the present invention restores ciphertext data, overcomes in existing compressed sensing encryption technology, loses Ciphertext data packet is not more than can guarantee recovery effects disadvantage in the case where half, so that Error disposal performance of the present invention is more powerful.
Third devises session key distribution and decruption key distribution since the present invention authenticates anonymous Identity user, It overcomes in existing compressed sensing encipherment scheme, user is uploaded the problem of Key Exposure is gone out by cloudy server, ensure that use The safety of key is shared between family, so that the safety of key is higher in the present invention.
Detailed description of the invention
Fig. 1 is flow chart of the invention;
Fig. 2 is the flow chart of compressed sensing encryption and ciphertext Error Control processing step of the present invention.
Specific embodiment
With reference to the accompanying drawing, the present invention is described in further detail.
Referring to Fig.1, the specific steps of the invention to realization are described in further detail.
Step 1, Cloud Server is registered to half honesty registration center RC.
The public identity value of information is sent to half honesty registration center RC by Cloud Server.
According to the following formula, half honesty registration center RC calculates the anonymous Identity value of each Cloud Server:
Wherein, stIndicate the anonymous Identity value of t-th of Cloud Server, H2() indicates what half honesty registration center RC chose Safe impact resistant hash function, x indicate half honesty registration center RC in finite fieldOn the secret value that randomly selects,Indicate half The finite field that honest registration center RC is generated using the Big prime n randomly selected, g indicate finite fieldGeneration member, IDtIt indicates The public identity value of information to be registered of t-th of Cloud Server.
Half honesty registration center RC stores Cloud Server anonymous Identity value into registered Cloud Server set.
Step 2, user registers to half honesty registration center RC.
Using identity information value formula to be registered, each user to be registered calculates identity information value to be registered.
The identity information value formula to be registered is as follows:
Wherein, PGkIndicate the identity information value to be registered of k-th of user to be registered, pwkIndicate k-th of user to be registered with The identity secret value to be registered that machine is chosen, g indicate multiplication method cyclic group G2Generation member, G2Indicate that rank is the multiplicative cyclic group of p, p Indicate the Big prime different from n that half honesty registration center RC is randomly selected.
Using identity information value formula to be certified, each user to be registered calculates identity information value to be certified.
The identity information value formula to be certified is as follows:
Vk=ek·P
Wherein, VkIndicate the identity information value to be certified of k-th of user to be registered, ekIndicate that k-th of user to be registered is random The identity secret value to be certified chosen, P indicate addition cyclic group G1Generation member, G1Indicate that rank is the addition cyclic group of p.
According to the following formula, the verifying identity information value of each user to be registered is calculated, half honesty registration center RC will verify body Part value of information is sent to each user to be registered:
Fk=Vk+rk·P
hk=H1(Rk)
Wherein, FkIndicate the verification information value of k-th of user to be registered, rkIndicate that half honesty registration center RC is randomly selected For calculating the verifying secret value of k-th of user authentication information to be registered, P expression addition cyclic group G1Generation member, G1It indicates Rank is the addition cyclic group of p, hkIndicate the cryptographic Hash of the verification information of k-th of user to be registered, H1() indicates half honest registration What center RC chose is different from H2() safe impact resistant hash function.
According to the following formula, the anonymous Identity value of each user to be registered is calculated, half honesty registration center RC is by anonymous Identity value It is sent to each user to be registered:
sk=H2(pk·PGk)
Wherein, pkIndicate the authenticating identity value of information of k-th of user to be registered, IDkIndicate the public affairs of k-th of user to be registered Open identity information value, skIndicate k-th of user anonymity identity value to be registered.
Half honesty registration center RC is by each user anonymity authentication value storage to be registered into registered users set.
Using identity information verification method, the verifying identity of half honesty registration center RC transmission of each user's checking to be registered Whether the value of information is true, if so, continue to execute, otherwise, identity information authentification failure.
The identity information verification method is that specific step is as follows:
According to the following formula, user to be registered calculates verifying equation:
Wherein,Indicate the partial secret value of k-th of private key for user to be registered, PpubIndicate half honesty registration center RC's Public key parameter.
Whether user's checking verifying equation to be registered is equal, if so, identity information verifying is set up, otherwise, identity information is tested Card failure.
Using private key formula, each user to be registered calculates private key.
The private key formula is as follows:
Wherein, x is half honesty registration center RC in finite fieldThe main private key randomly selected, xkIndicate k-th it is to be registered Private key for user.
Step 3, be-encrypted data is pre-processed.
Be-encrypted data is inputted, registration user carries out one-dimensional signal processing to the be-encrypted data of input.
It registers user and utilizes SVD calculation matrix generation method, generate calculation matrix.
The SVD calculation matrix generation method is as follows:
It registers user and sparse matrix is obtained by learning method.
According to the following formula, registration user carries out singular value decomposition to sparse matrix:
Ψ=U Λ VT
Wherein, Ψ indicates to be n × m sparse matrix by the size that study obtains, and U, V respectively indicate sparse matrix by odd The matrix that different decomposition obtains, T indicate transposition operation.
According to the following formula, registration user generates calculation matrix:
Wherein, Φ indicates that the size extracted is m × n calculation matrix, UlIt indicates to arrange the matrix formed, l by the preceding l of matrix U Value it is equal with the compressed value m of compressed sensing data.
Registration user successively records nonzero element in sparse vector, obtains sparse vector supported collection.
It registers user and utilizes displacement support set creation method, generate the displacement support collection of sparse vector.
The displacement support set creation method is as follows:
User is registered from size to randomly select s different elements in the vector space of n, is put into vector space pl(l =1, K, s) in obtain permutation vector, wherein s indicate sparse vector number.
According to the following formula, registration user calculates the displacement support collection of sparse vector:
s(pl)=s (sv(l))
Wherein, s (pl) indicate sparse vector displacement support collection, sv(l) sparse vector space l group element is indicated.
It registers user and utilizes the sparse formula of specification, calculate the sparse value of specification of be-encrypted data.
The sparse formula of specification is as follows:
Wherein, θ indicates the sparse value of be-encrypted data, and x indicates be-encrypted data,Indicate that the specification of be-encrypted data is dilute Value is dredged, | | | |2Indicate that 2 norms operate.
Referring to Fig. 2, the compressed sensing encryption and ciphertext Error Control processing specific steps be applicable in the realization present invention is made Further detailed description:
Step 4, be-encrypted data is encrypted using compression sensing method.
According to the following formula, registration user calculates the encrypted cipher text of be-encrypted data:
Wherein, y indicate be-encrypted data encrypted cipher text, Φ indicate calculation matrix, Ψ indicate sparse matrix, θ indicate to The sparse value of encryption data, | | | |2Indicate that 2 norms operate.
According to the following formula, registration user calculates the energy encrypted cipher text of sparse data:
Wherein, c indicates the energy encrypted cipher text of sparse data,Indicate xor operation, K1Indicate that pseudo-random function Γ is generated Energy encryption key.
Step 5, ciphertext Error Control is handled.
According to the following formula, registration user calculates every group of grouping data length:
Wherein, m indicates packet data length, and α indicates the error rate that registration user is arranged according to the demand of Error Control, t Indicate data grouping number.
With ciphertext divided by packet data number, the shift length of packet data is obtained.
Register user by Error Control treated compression ciphertext, energy encrypted cipher text, sparse vector supported collection be packaged hair It send to Cloud Server.
Step 6, between progress anonymous Identity certification user.
Booking reader sends data subscription request to encryption data user is uploaded.
According to the following formula, temporary identity authentication information parameter is calculated, uploads encryption data user for temporary identity authentication information Parameter is sent to booking reader:
bi=H3(Fi||ai·P||Ti||vaild period)
Wherein, biIndicate the temporary authentication information parameter of i-th of user of upload encryption data, H3() indicates that half is honest Registration center RC selection is different from H1() and H2The impact resistant secure hash function of (), | | indicate cascade operation, aiIt indicates Upload the temporary secret value of i-th of user selection of encryption data, TiIndicate upload encryption data i-th of user it is current when Between stab, vaild period indicate certification legal time section.
According to the following formula, temporary identity authentication information value is calculated, uploads encryption data user for temporary identity authentication information value It is sent to booking reader:
di=(ai+bi)-1·xi
Wherein, diIndicate the temporary authentication information value of i-th of user of upload encryption data, ()-1Indicate inversion operation, xiIndicate the private key of i-th of user of upload encryption data.
According to the following formula, anonymous Identity authentication information value is calculated, uploads encryption data user for anonymous Identity authentication information value It is sent to booking reader:
Wherein, tiIndicate the anonymous Identity authentication information value of i-th of user of upload encryption data.
According to the following formula, booking reader calculates the anonymous Identity authentication value for uploading encryption data user:
Wherein, CiIndicate that the anonymous Identity authentication value of i-th of user of upload encryption data, C indicate in half honest registration The user anonymity authentication value that heart RC is randomly selected in finite field, λ indicate half honesty registration center RC in finite fieldIt is upper random Secret value is chosen, N indicates that registration user and cloud serverless backup sum, ∏ indicate even to multiply operation.
Whether the anonymous Identity authentication value that booking reader verifies upload encryption data user is equal to half honesty registration center RC The user anonymity authentication value of announcement, if so, (6g) is thened follow the steps, otherwise, authentication failure.
Using information authentication method, booking reader believes the upload encryption data user's checking authenticated by anonymous Identity Breath;
Specific step is as follows for the information authentication method:
According to the following formula, it receives user and calculates temporary authentication information:
bi=H3(Fi||Xi||Ti||vaild period)
hi=H1(Fi)
Wherein, bi,hiIt indicates to send user's temporary authentication information.
According to the following formula, user's checking authentication information is received:
di(Xi+biP)=hi·Ppub
Wherein, diIndicate send user temporary authentication information, if equation set up, send user information authentication at Function, otherwise, authentification of message failure.
According to the following formula, temporary identity authentication information parameter is calculated, booking reader sends temporary identity authentication information parameter To upload encryption data user:
bi=H3(Fj||aj·P||Tj||vaild period)
Wherein, bjIndicate the temporary authentication information parameter of j-th of booking reader, ajIndicate facing for j-th of booking reader's selection When secret value, TjIndicate the current time stamp of j-th of booking reader.
According to the following formula, temporary identity authentication information value is calculated, temporary identity authentication information value is sent to by booking reader Pass encryption data user:
dj=(aj+bj)-1·xj
Wherein, djIndicate the temporary authentication information value of j-th of booking reader, xjIndicate the private key of j-th of booking reader.
According to the following formula, anonymous Identity authentication information value is calculated, anonymous Identity authentication information value is sent to by booking reader Pass encryption data user:
Wherein, tjIndicate the anonymous Identity authentication information value of j-th of booking reader.
According to the following formula, the anonymous Identity authentication value that encryption data user calculates booking reader is uploaded:
Wherein, CjIndicate the anonymous Identity authentication value of j-th of booking reader.
Whether the anonymous Identity authentication value for uploading encryption data user's checking booking reader is equal to half honesty registration center RC The anonymous authentication value of announcement, if so, (6m) is thened follow the steps, otherwise, authentication failure.
Using information authentication method, the verifying for the booking reader that encryption data user's checking is authenticated by anonymous Identity is uploaded Information.
Specific step is as follows for the information authentication method:
According to the following formula, it receives user and calculates temporary authentication information:
bi=H3(Fi||Xi||Ti||vaild period)
hi=H1(Fi)
Wherein, bi,hiIt indicates to send user's temporary authentication information.
According to the following formula, user's checking authentication information is received:
di(Xi+biP)=hi·Ppub
Wherein, diIndicate send user temporary authentication information, if equation set up, send user information authentication at Function, otherwise, authentification of message failure.
Step 7, session key distribution.
According to the following formula, booking reader calculates the session key for authenticating by anonymous Identity and uploading encryption data user:
Sk=H1(aj·Xi)
Wherein, Sk indicates the session key that booking reader calculates.
According to the following formula, it uploads encryption data user and calculates the session key for authenticating booking reader by anonymous Identity:
Sk=H1(ai·Xj)
Wherein, Sk indicates to upload the session key of computing with encrypted data.
Step 8, decruption key is distributed.
According to the following formula, it uploads the energy that encryption data user calculates after encryption and encrypts code key:
Wherein, K1' indicate that the energy of encryption encrypts code key.
It uploads encryption data user to transmit the energy encryption code key and permutation function of encryption to booking reader, complete The distribution of decruption key.
Step 9, Cloud Server authenticates booking reader.
Booking reader sends to Cloud Server and subscribes to request.
Anonymous Identity information is sent to Cloud Server by booking reader.
According to the following formula, Cloud Server calculates the anonymous Identity value of information of booking reader:
Wherein, CjIndicate the anonymous Identity value of information of booking reader.
Whether the anonymous Identity authentication value of Cloud Server authentication booking reader is equal to half honesty registration center RC announcement Anonymous authentication value, if so, continue to execute, otherwise, authentication failure.
Using compressed sensing reconstructing method, calculates specification sparse data and energy encryption function, Cloud Server are dilute by specification It dredges data and energy encryption function is sent to booking reader.
Specific step is as follows for the compressed sensing reconstructing method:
Cloud Server building restores the convex optimized algorithm of sparse data:
Wherein, min expression is minimized operation, | | | |1Indicate 1 norm, ε indicates permissible maximum residul difference value.
Calculate specification sparse data:
Wherein,Expression calculates specification sparse data, and rec indicates convex optimized algorithm.
Step 10, Error Control restores ciphertext data.
(d-1) organizes the case where continuous data before being lost during receiving Cloud Server data to booking reader, orders It reads user and obtains (t-1) group continuous data, the L of d group data after extraction from d group to d+kAll members of bit element, d group data L in element and remaining set datakBit element can recover whole ciphertext data, wherein LkK digit after indicating in packet data According to.
The case where arbitrary continuation (d-1) group data are lost during receiving Cloud Server data to booking reader, Booking reader obtains since next group of d' for losing data organizes data from d' group to 2d'-t (mod t), extracts d' group data Whole elements and remaining set data in LkBit element can recover whole original cipher text data, wherein mod expression takes Modulo operation.
Step 11, ciphertext is decrypted.
Booking reader utilizes displacement support set creation method, obtains the displacement sparse vector supported collection of reduction.
Described in displacement support set creation method it is as follows:
User is registered from size to randomly select s different elements in the vector space of n, is put into vector space pl(l =1, K, s) in obtain permutation vector, wherein s indicate sparse vector number.
According to the following formula, registration user calculates the displacement support collection of sparse vector:
s(pl)=s (sv(l))
Wherein, s (pl) indicate sparse vector displacement support collection, sv(l) sparse vector space l group element is indicated.
According to the following formula, booking reader calculates the energy encryption function of decryption:
Wherein,Indicate the decryption energy encryption function calculated.
According to the following formula, booking reader calculates initial data:
Wherein,Indicate the sparse value of specification.
Step 12, user and Cloud Server are cancelled.
Half honesty registration center RC gathers the expired user of revocation or the enrollment status information of Cloud Server set is from hideing It is removed in name authentication function.
According to the following formula, half honesty registration center RC changes anonymous Identity verification function:
Wherein, C1(x) indicate that the anonymous Identity verification function of change, C' indicate the difference selected from finite field and C's Anonymous Identity authentication value, λ ' indicate half honesty registration center RC in finite fieldOn randomly select secret value.
Half honesty registration center RC broadcast anonymous Identity verification function completion destruction operation, other users or Cloud Server Key and identity information remain unchanged.
Step 13, restore revocation user and Cloud Server.
When cancelling Cloud Server sending recovery request, cloud clothes will be restored according to half honesty registration center RC of step (2) The corresponding identity information of business device is added anonymous Identity verification function and completes to restore revocation user's operation, unrepealed Cloud Server It does not need to update authentication information.
When cancelling user's sending recovery request, it is corresponding that user will be restored according to half honesty registration center RC of step (3) Identity information be added anonymous Identity verification function complete restore revocation user's operation, unrepealed user do not need update body Part authentication information.
Step 14, increase new user and Cloud Server.
When new Cloud Server issues registration request, according to the honest registration center of step (2) half by the note of new Cloud Server Volume identity information is added anonymous Identity verification function and completes to increase new Cloud Server operation, the key and identity of other Cloud Servers Information remains unchanged.
When new user issues registration request, the enrollment status of new user is believed according to the honest registration center of step (3) half Breath is added anonymous Identity verification function and completes to increase new user's operation, and the key and identity information of other users remains unchanged.
Referring to Fig. 2, the flow chart of compressed sensing encryption and the processing of ciphertext Error Control that the present invention is applicable in.Wherein, into Row encryption data phase user generates calculation matrix, energy encrypted cipher text and displacement support collection using pretreatment, sparse to specification Data encryption obtains encrypted cipher text;Error Control processing finally is carried out to ciphertext;By energy encrypted cipher text, displacement support collection is poor The ciphertext of mistake control processing transmits in Cloud Server.

Claims (10)

1. a kind of shared compressed sensing encryption method with Error Control of achievable key, which is characterized in that calculate hideing for user Name authentication value and authentication information are believed using anonymous Identity authentication method and information authentication method verifying anonymous Identity and certification The legitimacy of breath calculates session code key to by the user of certification, and using ciphertext error control algorithm, user calculates every group of grouping Data length and shift length obtain the ciphertext data of Error disposal;The specific steps of this method include as follows:
(1) Cloud Server is registered to half honesty registration center RC:
The public identity value of information is sent to half honesty registration center RC by (1a) Cloud Server;
(1b) according to the following formula, half honesty registration center RC calculates the anonymous Identity value of each Cloud Server:
Wherein, stIndicate the anonymous Identity value of t-th of Cloud Server, H2() indicates the safety that half honesty registration center RC chooses Impact resistant hash function, x indicate half honesty registration center RC in finite fieldOn the secret value that randomly selects,Indicate that half is sincere The finite field that real registration center RC is generated using the Big prime n randomly selected, g indicate finite fieldGeneration member, IDtIndicate the The public identity value of information to be registered of t Cloud Server;
(1c) half honesty registration center RC stores Cloud Server anonymous Identity value into registered Cloud Server set;
(2) user registers to half honesty registration center RC:
(2a) utilizes identity information value formula to be registered, and each user to be registered calculates identity information value to be registered;
(2b) utilizes identity information value formula to be certified, and each user to be registered calculates identity information value to be certified;
(2c) according to the following formula, calculates the verifying identity information value of each user to be registered, and half honesty registration center RC will verify body Part value of information is sent to each user to be registered:
Fk=Vk+rk·P
hk=H1(Rk)
Wherein, FkIndicate the verification information value of k-th of user to be registered, rkIndicate the use that half honesty registration center RC is randomly selected In the verifying secret value for calculating k-th of user authentication information to be registered, P indicates addition cyclic group G1Generation member, G1Indicate that rank is The addition cyclic group of p, hkIndicate the cryptographic Hash of the verification information of k-th of user to be registered, H1() indicates half honest registration center What RC chose is different from H2() safe impact resistant hash function;
(2d) according to the following formula, calculates the anonymous Identity value of each user to be registered, and half honesty registration center RC is by anonymous Identity value It is sent to each user to be registered:
sk=H2(pk·PGk)
Wherein, pkIndicate the authenticating identity value of information of k-th of user to be registered, IDkIndicate the open body of k-th of user to be registered Part value of information, skIndicate k-th of user anonymity identity value to be registered;
(2e) half honesty registration center RC is by each user anonymity authentication value storage to be registered into registered users set;
(2f) utilizes identity information verification method, the verifying identity that half honesty registration center RC of each user's checking to be registered is sent Whether the value of information is true, if so, (2g) is executed, otherwise, identity information authentification failure;
(2g) utilizes private key formula, and each user to be registered calculates private key;
(3) be-encrypted data is pre-processed:
(3a) inputs be-encrypted data, and registration user carries out one-dimensional signal processing to the be-encrypted data of input;
(3b) registers user and utilizes SVD calculation matrix generation method, generates calculation matrix;
(3c) registration user successively records nonzero element in sparse vector, obtains sparse vector supported collection;
(3d) registers user and utilizes displacement support set creation method, generates the displacement support collection of sparse vector;
(3e) registers user and utilizes the sparse formula of specification, calculates the sparse value of specification of be-encrypted data;
(4) be-encrypted data is encrypted using compression sensing method:
(4a) according to the following formula, registration user calculates the encrypted cipher text of be-encrypted data:
Wherein, y indicates that the encrypted cipher text of be-encrypted data, Φ indicate that calculation matrix, Ψ indicate that sparse matrix, θ indicate to be encrypted The sparse value of data, | | | |2Indicate that 2 norms operate;
(4a) according to the following formula, registration user calculates the energy encrypted cipher text of sparse data:
Wherein, c indicates the energy encrypted cipher text of sparse data,Indicate xor operation, K1Indicate the energy that pseudo-random function Γ is generated Measure encryption key;
(5) ciphertext Error Control is handled:
(5a) according to the following formula, registration user calculates every group of grouping data length:
Wherein, m indicates packet data length, and α indicates that the error rate that registration user is arranged according to the demand of Error Control, t indicate Data grouping number;
(5b), divided by packet data number, obtains the shift length of packet data with ciphertext;
(5c) register user by Error Control treated compression ciphertext, energy encrypted cipher text, sparse vector supported collection be packaged hair It send to Cloud Server;
(6) between progress anonymous Identity certification user:
(6a) booking reader sends data subscription request to encryption data user is uploaded;
(6b) according to the following formula, calculates temporary identity authentication information parameter, uploads encryption data user for temporary identity authentication information Parameter is sent to booking reader:
bi=H3(Fi||ai·P||Ti||vaild period)
Wherein, biIndicate the temporary authentication information parameter of i-th of user of upload encryption data, H3() indicates half honest registration RC selection in center is different from H1() and H2The impact resistant secure hash function of (), | | indicate cascade operation, aiIt indicates to upload The temporary secret value of i-th of user selection of encryption data, TiIndicate the current time of i-th of user of upload encryption data Stamp, vaild period indicate certification legal time section;
(6c) according to the following formula, calculates temporary identity authentication information value, uploads encryption data user for temporary identity authentication information value It is sent to booking reader:
di=(ai+bi)-1·xi
Wherein, diIndicate the temporary authentication information value of i-th of user of upload encryption data, ()-1Indicate inversion operation, xiTable Show the private key for uploading i-th of user of encryption data;
(6d) according to the following formula, calculates anonymous Identity authentication information value, uploads encryption data user for anonymous Identity authentication information value It is sent to booking reader:
Wherein, tiIndicate the anonymous Identity authentication information value of i-th of user of upload encryption data;
(6e) according to the following formula, booking reader calculates the anonymous Identity authentication value for uploading encryption data user:
Wherein, CiIndicate that the anonymous Identity authentication value of i-th of user of upload encryption data, C indicate that half honesty registration center RC exists The user anonymity authentication value randomly selected in finite field, λ indicate half honesty registration center RC in finite fieldOn randomly select it is secret Close value, N indicate that registration user and cloud serverless backup sum, Π indicate even to multiply operation;
Whether the anonymous Identity authentication value that (6f) booking reader verifies upload encryption data user is equal to half honesty registration center RC The user anonymity authentication value of announcement, if so, (6g) is thened follow the steps, otherwise, authentication failure;
(6g) uses information authentication method, and booking reader believes the upload encryption data user's checking authenticated by anonymous Identity Breath;
(6h) according to the following formula, calculates temporary identity authentication information parameter, and booking reader sends temporary identity authentication information parameter To upload encryption data user:
bi=H3(Fj||aj·P||Tj||vaild period)
Wherein, bjIndicate the temporary authentication information parameter of j-th of booking reader, ajIndicate the interim secret of j-th of booking reader's selection Close value, TjIndicate the current time stamp of j-th of booking reader;
(6i) according to the following formula, calculates temporary identity authentication information value, and temporary identity authentication information value is sent to by booking reader Pass encryption data user:
dj=(aj+bj)-1·xj
Wherein, djIndicate the temporary authentication information value of j-th of booking reader, xjIndicate the private key of j-th of booking reader;
(6j) according to the following formula, calculates anonymous Identity authentication information value, and anonymous Identity authentication information value is sent to by booking reader Pass encryption data user:
Wherein, tjIndicate the anonymous Identity authentication information value of j-th of booking reader;
(6k) according to the following formula, uploads the anonymous Identity authentication value that encryption data user calculates booking reader:
Wherein, CjIndicate the anonymous Identity authentication value of j-th of booking reader;
Whether the anonymous Identity authentication value that (6l) uploads encryption data user's checking booking reader is equal to half honesty registration center RC The anonymous authentication value of announcement, if so, (6m) is thened follow the steps, otherwise, authentication failure;
(6m) uses information authentication method, uploads the verifying for the booking reader that encryption data user's checking is authenticated by anonymous Identity Information;
(7) session key distribution:
(7a) according to the following formula, booking reader calculates the session key for authenticating by anonymous Identity and uploading encryption data user:
Sk=H1(aj·Xi)
Wherein, Sk indicates the session key that booking reader calculates;
(7b) according to the following formula, uploads encryption data user and calculates the session key for authenticating booking reader by anonymous Identity:
Sk=H1(ai·Xj)
Wherein, Sk indicates to upload the session key of computing with encrypted data;
(8) decruption key is distributed:
(8a) according to the following formula, uploads the energy that encryption data user calculates after encryption and encrypts code key:
Wherein, K '1Indicate that the energy of encryption encrypts code key;
(8b) uploads encryption data user and transmits the energy encryption code key and permutation function of encryption to booking reader, completes The distribution of decruption key;
(9) Cloud Server authenticates booking reader:
(9a) booking reader sends to Cloud Server and subscribes to request;
Anonymous Identity information is sent to Cloud Server by (9b) booking reader;
(9c) according to the following formula, Cloud Server calculates the anonymous Identity value of information of booking reader:
Wherein, CjIndicate the anonymous Identity value of information of booking reader;
Whether the anonymous Identity authentication value of (9d) Cloud Server authentication booking reader is equal to half honesty registration center RC announcement Anonymous authentication value, if so, then follow the steps (9e), otherwise, authentication failure;
(9e) uses compressed sensing reconstructing method, calculates specification sparse data and energy encryption function, Cloud Server are dilute by specification It dredges data and energy encryption function is sent to booking reader;
(10) Error Control restores ciphertext data:
(d-1) organizes the case where continuous data packet before (10a) is lost booking reader during receiving Cloud Server data, Booking reader, which obtains, organizes continuous data, the L of d group data after extraction from d group to d+ (t-1)kThe whole of bit element, d group data L in element and remaining set datakBit element can recover whole ciphertext data, wherein LkK digit after indicating in packet data According to;
(10b) is lost the feelings of arbitrary continuation (d-1) group data packet to booking reader during receiving Cloud Server data Condition, booking reader obtains since next group of d' for losing data organizes data from d' group to 2d'-t (mod t), extracts d' group L in the whole elements and remaining set data of datakBit element can recover whole original cipher text data, wherein mod table Show modulo operation;
(11) ciphertext is decrypted:
(11a) booking reader utilizes displacement support set creation method, obtains the displacement sparse vector supported collection of reduction;
(11b) according to the following formula, booking reader calculates the energy encryption function of decryption:
Wherein,Indicate the decryption energy encryption function calculated;
(11c) according to the following formula, booking reader calculates initial data:
Wherein,Indicate the sparse value of specification;
(12) user and Cloud Server are cancelled:
(12a) half honesty registration center RC gathers the expired user of revocation or the enrollment status information of Cloud Server set is from hideing It is removed in name authentication function;
(12b) according to the following formula, half honesty registration center RC changes anonymous Identity verification function:
Wherein, C1(x) indicate that the anonymous Identity verification function of change, C' indicate the difference and anonymous body of C selected from finite field Part authentication value, λ ' indicate half honesty registration center RC in finite fieldOn randomly select secret value;
(12c) half honesty registration center RC broadcast anonymous Identity verification function completes destruction operation, other users or Cloud Server Key and identity information remain unchanged;
(13) restore revocation user and Cloud Server:
(13a) will restore cloud clothes when cancelling Cloud Server sending recovery request, according to half honesty registration center RC of step (2) The corresponding identity information of business device is added anonymous Identity verification function and completes to restore revocation user's operation, unrepealed Cloud Server It does not need to update authentication information;
It is corresponding that (13b) will restore user when cancelling user's sending recovery request, according to half honesty registration center RC of step (3) Identity information be added anonymous Identity verification function complete restore revocation user's operation, unrepealed user do not need update body Part authentication information;
(14) increase new user and Cloud Server:
(14a) when new Cloud Server issues registration request, according to the honest registration center of step (2) half by the note of new Cloud Server Volume identity information is added anonymous Identity verification function and completes to increase new Cloud Server operation, the key and identity of other Cloud Servers Information remains unchanged;
(14b) believes the enrollment status of new user when new user issues registration request, according to the honest registration center of step (3) half Breath is added anonymous Identity verification function and completes to increase new user's operation, and the key and identity information of other users remains unchanged.
2. a kind of shared compressed sensing encryption method with Error Control of achievable key according to claim 1, special Sign is:Identity information value formula to be registered described in step (2a) is as follows:
Wherein, PGkIndicate the identity information value to be registered of k-th of user to be registered, pwkIndicate that k-th of user to be registered selects at random The identity secret value to be registered taken, g indicate multiplication method cyclic group G2Generation member, G2Indicate that rank is the multiplicative cyclic group of p, p is indicated The Big prime different from n that half honesty registration center RC is randomly selected.
3. a kind of shared compressed sensing encryption method with Error Control of achievable key according to claim 1, special Sign is:Identity information value formula to be certified described in step (2b) is as follows:
Vk=ek·P
Wherein, VkIndicate the identity information value to be certified of k-th of user to be registered, ekIndicate that k-th of user to be registered randomly selects Identity secret value to be certified, P indicate addition cyclic group G1Generation member, G1Indicate that rank is the addition cyclic group of p.
4. a kind of shared compressed sensing encryption method with Error Control of achievable key according to claim 1, special Sign is:Identity information verification method described in step (2f) is that specific step is as follows:
Step 1, according to the following formula, user to be registered calculate verifying equation:
Wherein,Indicate the partial secret value of k-th of private key for user to be registered, PpubIndicate the public key of half honesty registration center RC Parameter;
Step 2, whether user's checking verifying equation to be registered is equal, if so, identity information verifying is set up, otherwise, identity information Authentication failed.
5. a kind of shared compressed sensing encryption method with Error Control of achievable key according to claim 1, special Sign is:Private key formula described in step (2g) is as follows:
Wherein, x is half honesty registration center RC in finite fieldThe main private key randomly selected, xkIndicate k-th of user to be registered Private key.
6. a kind of shared compressed sensing encryption method with Error Control of achievable key according to claim 1, special Sign is:SVD calculation matrix generation method described in step (3b) is as follows:
Step 1 registers user by learning method and obtains sparse matrix;
Step 2, according to the following formula, registration user carry out singular value decomposition to sparse matrix:
Ψ=U Λ VT
Wherein, Ψ indicates to be n × m sparse matrix by the size that study obtains, and U, V respectively indicate sparse matrix by unusual point The matrix that solution obtains, T indicate transposition operation;
Step 3, according to the following formula, registration user generate calculation matrix:
Wherein, Φ indicates that the size extracted is m × n calculation matrix, UlIt indicates to arrange the matrix formed, the value of l by the preceding l of matrix U It is equal with the compressed value m of compressed sensing data.
7. a kind of shared compressed sensing encryption method with Error Control of achievable key according to claim 1, special Sign is:Displacement support set creation method described in step (3d), step (11a) is as follows:
Step 1 registers user from size to randomly select s different elements in the vector space of n, is put into vector space pl Permutation vector is obtained in (l=1, K, s), wherein s indicates sparse vector number;
Step 2, according to the following formula, registration user calculate the displacement support collection of sparse vector:
s(pl)=s (sv(l))
Wherein, s (pl) indicate sparse vector displacement support collection, sv(l) sparse vector space l group element is indicated.
8. a kind of shared compressed sensing encryption method with Error Control of achievable key according to claim 1, special Sign is:The sparse formula of specification described in step (3e) is as follows:
Wherein, θ indicates the sparse value of be-encrypted data, and x indicates be-encrypted data,Indicate the sparse value of specification of be-encrypted data, ||·||2Indicate that 2 norms operate.
9. a kind of shared compressed sensing encryption method with Error Control of achievable key according to claim 1, special Sign is:Specific step is as follows for information authentication method described in step (6g), step (6m):
Step 1 receives user and calculates temporary authentication information according to the following formula:
bi=H3(Fi||Xi||Ti||vaild period)
hi=H1(Fi)
Wherein, bi,hiIt indicates to send user's temporary authentication information;
Step 2 receives user's checking authentication information according to the following formula:
di(Xi+biP)=hi·Ppub
Wherein, diIndicate that the temporary authentication information for sending user sends user information authentication success if equation is set up, it is no Then, authentification of message fails.
10. a kind of shared compressed sensing encryption method with Error Control of achievable key according to claim 1, special Sign is:Specific step is as follows for compressed sensing reconstructing method described in step (9e):
Step 1, Cloud Server building restore the convex optimized algorithm of sparse data:
Wherein, min expression is minimized operation, | | | |1Indicate 1 norm, ε indicates permissible maximum residul difference value;
Step 2 calculates specification sparse data:
Wherein,Expression calculates specification sparse data, and rec indicates convex optimized algorithm.
CN201810549669.4A 2018-05-31 2018-05-31 Compressed sensing encryption method capable of realizing key sharing and error control Active CN108881186B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810549669.4A CN108881186B (en) 2018-05-31 2018-05-31 Compressed sensing encryption method capable of realizing key sharing and error control

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810549669.4A CN108881186B (en) 2018-05-31 2018-05-31 Compressed sensing encryption method capable of realizing key sharing and error control

Publications (2)

Publication Number Publication Date
CN108881186A true CN108881186A (en) 2018-11-23
CN108881186B CN108881186B (en) 2020-06-16

Family

ID=64336245

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810549669.4A Active CN108881186B (en) 2018-05-31 2018-05-31 Compressed sensing encryption method capable of realizing key sharing and error control

Country Status (1)

Country Link
CN (1) CN108881186B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109599170A (en) * 2018-12-05 2019-04-09 易必祥 Medical management method and system based on big data
CN109992942A (en) * 2019-01-03 2019-07-09 西安电子科技大学 Secret protection face authentication method and system, intelligent terminal based on privacy sharing
CN111900995A (en) * 2020-07-27 2020-11-06 浙江工商大学 Signal encryption method based on time-varying measurement matrix
CN113485081A (en) * 2021-07-09 2021-10-08 北京航空航天大学 Non-cascade optical scanning holographic multi-image parallel encryption method
CN117544430A (en) * 2024-01-10 2024-02-09 北京佳芯信息科技有限公司 Intelligent data encryption method and system

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6025679A (en) * 1998-05-06 2000-02-15 Raymond G. Harper Lighting space controller
CN105306779A (en) * 2015-10-27 2016-02-03 西安电子科技大学 Image encryption method based on compressive sensing and index scrambling
WO2016085571A2 (en) * 2014-09-30 2016-06-02 Washington University Compressed-sensing ultrafast photography (cup)
CN105827632A (en) * 2016-04-26 2016-08-03 广东技术师范学院 Cloud computing CCS fine-grained data control method
CN106921643A (en) * 2015-12-28 2017-07-04 镇江市星禾物联科技有限公司 A kind of Internet of Things aspect network data transmission method and security gateway equipment
CN107241321A (en) * 2017-05-26 2017-10-10 陕西科技大学 A kind of personal medical information method for secret protection
CN107731268A (en) * 2017-09-27 2018-02-23 海南医学院 A kind of electronic health record control system for realizing inter-region medical data sharing
CN107743296A (en) * 2017-11-15 2018-02-27 中国矿业大学(北京) A kind of RSSI area segmentation formula localization methods based on compressed sensing
CN107947915A (en) * 2017-11-10 2018-04-20 西安电子科技大学 Anonymous traitor tracing method based on compressed sensing

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6025679A (en) * 1998-05-06 2000-02-15 Raymond G. Harper Lighting space controller
WO2016085571A2 (en) * 2014-09-30 2016-06-02 Washington University Compressed-sensing ultrafast photography (cup)
CN105306779A (en) * 2015-10-27 2016-02-03 西安电子科技大学 Image encryption method based on compressive sensing and index scrambling
CN106921643A (en) * 2015-12-28 2017-07-04 镇江市星禾物联科技有限公司 A kind of Internet of Things aspect network data transmission method and security gateway equipment
CN105827632A (en) * 2016-04-26 2016-08-03 广东技术师范学院 Cloud computing CCS fine-grained data control method
CN107241321A (en) * 2017-05-26 2017-10-10 陕西科技大学 A kind of personal medical information method for secret protection
CN107731268A (en) * 2017-09-27 2018-02-23 海南医学院 A kind of electronic health record control system for realizing inter-region medical data sharing
CN107947915A (en) * 2017-11-10 2018-04-20 西安电子科技大学 Anonymous traitor tracing method based on compressed sensing
CN107743296A (en) * 2017-11-15 2018-02-27 中国矿业大学(北京) A kind of RSSI area segmentation formula localization methods based on compressed sensing

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
WEI LI,ET.AL: "《An Efficient ID-Based Mutual Authentication and Key Agreement Protocol for Mobile Multi-server Environment Without a Trusted Registration Center and ESL Attack》", 《SPRINGER》 *
YUSHU ZHANG,ET.AL: "《Lossy Channel Secure Sparse Robustness Decoding Service in Multi-Clouds》", 《IEEE》 *
王厚林等: "《一种基于压缩感知与混沌系统的比特级图像加密方法》", 《软件导刊》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109599170A (en) * 2018-12-05 2019-04-09 易必祥 Medical management method and system based on big data
CN109992942A (en) * 2019-01-03 2019-07-09 西安电子科技大学 Secret protection face authentication method and system, intelligent terminal based on privacy sharing
CN111900995A (en) * 2020-07-27 2020-11-06 浙江工商大学 Signal encryption method based on time-varying measurement matrix
CN113485081A (en) * 2021-07-09 2021-10-08 北京航空航天大学 Non-cascade optical scanning holographic multi-image parallel encryption method
CN113485081B (en) * 2021-07-09 2022-09-16 北京航空航天大学 Non-cascade optical scanning holographic multi-image parallel encryption method
CN117544430A (en) * 2024-01-10 2024-02-09 北京佳芯信息科技有限公司 Intelligent data encryption method and system
CN117544430B (en) * 2024-01-10 2024-03-29 北京佳芯信息科技有限公司 Intelligent data encryption method and system

Also Published As

Publication number Publication date
CN108881186B (en) 2020-06-16

Similar Documents

Publication Publication Date Title
CN108352015B (en) Secure multi-party loss-resistant storage and encryption key transfer for blockchain based systems in conjunction with wallet management systems
US10027654B2 (en) Method for authenticating a client device to a server using a secret element
CN108881186A (en) A kind of shared compressed sensing encryption method with Error Control of achievable key
US20150244525A1 (en) Authentication
CN110519046B (en) Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD
WO2018110608A1 (en) Collating system, method, device, and program
US20140359290A1 (en) Authentication
US20150124963A1 (en) Authentication
US20150326392A1 (en) Matrix-based cryptosystem
CN110750796B (en) Encrypted data deduplication method supporting public audit
CN110768781A (en) Public and private key issuing and issuing method and system based on alliance chain and resisting quantum computation
Yang et al. Zero knowledge based client side deduplication for encrypted files of secure cloud storage in smart cities
Fatahi et al. High-efficient arbitrated quantum signature scheme based on cluster states
Song et al. Cryptanalysis and improvement of verifiable quantum (k, n) secret sharing
Agrawal et al. Game-set-MATCH: Using mobile devices for seamless external-facing biometric matching
CN113783683A (en) Cloud platform privacy protection verifiable data aggregation method based on sensor network
CN110740034B (en) Method and system for generating QKD network authentication key based on alliance chain
Thangavel et al. An analysis of privacy preservation schemes in cloud computing
CN110737907A (en) Anti-quantum computing cloud storage method and system based on alliance chain
JP2006227411A (en) Communications system, encryption device, key generator, key generating method, restoration device, communication method, encryption method, and cryptography restoration method
Swetha et al. A Modified Tiny Asymmetric Encryption for Secure Ftp to Network
Harn et al. A novel threshold cryptography with membership authentication and key establishment
Zhang et al. Privacy‐friendly weighted‐reputation aggregation protocols against malicious adversaries in cloud services
Palathingal et al. Enhanced cloud data security using combined encryption and steganography
Murugan An efficient algorithm on quantum computing with quantum key distribution for secure communication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant