CN108881186A - A kind of shared compressed sensing encryption method with Error Control of achievable key - Google Patents
A kind of shared compressed sensing encryption method with Error Control of achievable key Download PDFInfo
- Publication number
- CN108881186A CN108881186A CN201810549669.4A CN201810549669A CN108881186A CN 108881186 A CN108881186 A CN 108881186A CN 201810549669 A CN201810549669 A CN 201810549669A CN 108881186 A CN108881186 A CN 108881186A
- Authority
- CN
- China
- Prior art keywords
- user
- indicate
- value
- data
- identity
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0407—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/1066—Session management
- H04L65/1073—Registration or de-registration
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/3033—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Business, Economics & Management (AREA)
- General Business, Economics & Management (AREA)
- Multimedia (AREA)
- Storage Device Security (AREA)
Abstract
A kind of shared compressed sensing encryption method with Error Control of achievable key, implementation step are:1. Cloud Server is registered to half honesty registration center RC registration;2. user registers to half honesty registration center RC;3. pre-processing be-encrypted data;4. being encrypted using compression sensing method to be-encrypted data;5. ciphertext Error Control is handled;6. anonymous Identity authenticates couple user;7 session key distributions;8. session key distribution;9. Cloud Server authenticates booking reader;10. Error Control restores ciphertext data;11. a pair ciphertext is decrypted;12. cancelling user and Cloud Server;13. user and Cloud Server are cancelled in recovery;14. increasing new user and Cloud Server.The safety of key is shared between the indistinguishability and user of present invention guarantee signal data energy, and solving the problems, such as to lose when ciphertext data packet is more than half fail to decrypt correctly.
Description
Technical field
The invention belongs to field of information security technology, and further relating to one of art of cryptography can be achieved key
Shared and Error Control compressed sensing encryption method.The present invention based on compressed sensing, propose one kind can be used for it is multiple
The safety of key is shared between user in Cloud Server, can Error Control safe encryption method.
Background technique
Compressed sensing (CS) encryption method is mainly used for improving the safety of data, while reducing storage, processing and transmission
Cost.A large amount of sampling times and space resources can be not only saved using compressed sensing, and can also be used to encrypted transmission number
According to, therefore can guarantee the safety of data.Existing compressed sensing encryption method combines multiple encryption algorithms often to improve
The safety of system.It is some to combine the technologies such as the same stream cipher of compressed sensing, index scramble, chaotic map algorithms to realize and add
The safety of close algorithm.Identical stream cipher code key, index matrix are utilized when decryption, mapping algorithm recovers initial data.This
The security performance of compressed sensing Encryption Algorithm can be improved in a little methods to a certain extent, but these methods are all based on individually
Encryption Algorithm design under the conditions of Cloud Server, can not achieve the encryption and transmission of data in cloudy server.And it can not
Realize that the safety of code key between user under cloudy server environment is shared.
Paper " the Computation Outsourcing Meets Lossy that Z Yushu and Z Jiantao are delivered at it
Channel:Secure Sparse Robustness Decoding Service in Multi-Clouds”(IEEE
Transactions on Big Data, 2017) a kind of compressed sensing based on multiple Cloud Server outsourcings storage is proposed in
Encryption method.This method has main steps that:(1) when system initialization, user first converts sparse 2D signal to dilute
Thin one-dimensional signal, and obtain corresponding sparse set.(2) when encrypting, user first chooses a security parameter, is generated using key
Algorithm generates a permutation vector and encryption vector, then exchanges corresponding sparse set using permutation vector, finally utilizes encryption
Sparse set encryption data is uploaded to cloudy server by the element after the sparse displacement of vector block encryption.(3) when decrypting,
After cloudy server receives the decryption demand of user, required ciphertext is sent to user, only possesses descrambled vector at this time
User can just be decrypted correctly ciphertext, and the illegal of descrambled vector is not unable to get real plaintext, while ensure that and lose
Still there is preferable restorability in the case where half data packet.But the shortcoming that this method still has is:This method
Belong to the solution that lost data packets are no more than total data half, once losing ciphertext data packet is more than total data half
It fail to decrypt correctly, and be not carried out between user when just not can guarantee recovery effects, therefore causing beyond half loss of data
The problem of safety of key is shared, can not prevent cloudy server from user's upload Key Exposure being gone out, while not accounting for energy
The problem of amount leakage, signal data are easy not can guarantee the indistinguishability of signal data energy, in reality by Attacks
It will cause serious safety problem in.
Xian Electronics Science and Technology University is in patent document " the image encryption side based on compressed sensing and index scramble of its application
Proposed in method " (application number 2001510705403.0,105306779 A of application publication number CN) it is a kind of based on compressed sensing and
Index the image encryption method of scramble.This method has main steps that:(1) original image is unfolded under orthogonal basis, is obtained dilute
Sparse coefficient.(2) with Logistic sequence control construction calculation matrix.(3) sparse coefficient is measured with calculation matrix, is obtained
Measured value.(4) scramble is carried out to measured value with Logistic sequence, the measured value after obtaining scramble.(5) by the measurement after scramble
Value carries out quantization and transmits as ciphertext.Shortcoming existing for this method is:This method building process only considered the life of code key
At not accounting for the secure distribution problem of key between user, and do not account for data-bag lost in ciphertext transmission process
The problem of, therefore ciphertext is caused to fail to decrypt correctly, it can not be used in the peace of data and image in multiple Cloud Servers
Full encryption.
Summary of the invention
It is an object of the invention in view of the above shortcomings of the prior art, propose that a kind of achievable key is shared and mistake control
The compressed sensing encryption method of system, the characteristics of to meet compressed sensing, when guaranteeing data-bag lost occur in ciphertext transmission process,
It can be still decrypted correctly ciphertext, realize the secure distribution problem of code key between user under cloudy server environment, it is whole to improve system
The security performance of body.
To achieve the above object, the technical solution adopted by the present invention includes the following steps:
(1) Cloud Server is registered to half honesty registration center RC:
The public identity value of information is sent to half honesty registration center RC by (1a) Cloud Server;
(1b) according to the following formula, half honesty registration center RC calculates the anonymous Identity value of each Cloud Server:
Wherein, stIndicate the anonymous Identity value of t-th of Cloud Server, H2() indicates what half honesty registration center RC chose
Safe impact resistant hash function, x indicate half honesty registration center RC in finite fieldOn the secret value that randomly selects,It indicates
The finite field that half honesty registration center RC is generated using the Big prime n randomly selected, g indicate finite fieldGeneration member, IDtTable
Show the public identity value of information to be registered of t-th of Cloud Server;
(1c) half honesty registration center RC stores Cloud Server anonymous Identity value into registered Cloud Server set;
(2) user registers to half honesty registration center RC:
(2a) utilizes identity information value formula to be registered, and each user to be registered calculates identity information value to be registered;
(2b) utilizes identity information value formula to be certified, and each user to be registered calculates identity information value to be certified;
(2c) according to the following formula, calculates the verifying identity information value of each user to be registered, and half honesty registration center RC will be tested
Card identity information value is sent to each user to be registered:
Fk=Vk+rk·P
hk=H1(Rk)
Wherein, FkIndicate the verification information value of k-th of user to be registered, rkIndicate that half honesty registration center RC is randomly selected
For calculating the verifying secret value of k-th of user authentication information to be registered, P expression addition cyclic group G1Generation member, G1It indicates
Rank is the addition cyclic group of p, hkIndicate the cryptographic Hash of the verification information of k-th of user to be registered, H1() indicates half honest registration
What center RC chose is different from H2() safe impact resistant hash function;
(2d) according to the following formula, calculates the anonymous Identity value of each user to be registered, and half honesty registration center RC is by anonymous body
Part value is sent to each user to be registered:
sk=H2(pk·PGk)
Wherein, pkIndicate the authenticating identity value of information of k-th of user to be registered, IDkIndicate the public affairs of k-th of user to be registered
Open identity information value, skIndicate k-th of user anonymity identity value to be registered;
(2e) half honesty registration center RC stores each user anonymity authentication value to be registered to registered users collection
In conjunction;
(2f) utilizes identity information verification method, the verifying that half honesty registration center RC of each user's checking to be registered is sent
Whether identity information value is true, if so, (2g) is executed, otherwise, identity information authentification failure;
(2g) utilizes private key formula, and each user to be registered calculates private key;
(3) be-encrypted data is pre-processed:
(3a) inputs be-encrypted data, and registration user carries out one-dimensional signal processing to the be-encrypted data of input;
(3b) registers user and utilizes SVD calculation matrix generation method, generates calculation matrix;
(3c) registration user successively records nonzero element in sparse vector, obtains sparse vector supported collection;
(3d) registers user and utilizes displacement support set creation method, generates the displacement support collection of sparse vector;
(3e) registers user and utilizes the sparse formula of specification, calculates the sparse value of specification of be-encrypted data;
(4) be-encrypted data is encrypted using compression sensing method:
(4a) according to the following formula, registration user calculates the encrypted cipher text of be-encrypted data:
Wherein, y indicate be-encrypted data encrypted cipher text, Φ indicate calculation matrix, Ψ indicate sparse matrix, θ indicate to
The sparse value of encryption data, | | | |2Indicate that 2 norms operate;
(4a) according to the following formula, registration user calculates the energy encrypted cipher text of sparse data:
Wherein, c indicates the energy encrypted cipher text of sparse data,Indicate xor operation, K1Indicate that pseudo-random function Γ is generated
Energy encryption key;
(5) ciphertext Error Control is handled:
(5a) according to the following formula, registration user calculates every group of grouping data length:
Wherein, m indicates packet data length, and α indicates the error rate that registration user is arranged according to the demand of Error Control, t
Indicate data grouping number;
(5b), divided by packet data number, obtains the shift length of packet data with ciphertext;
(5c) registers user and beats Error Control treated compression ciphertext, energy encrypted cipher text, sparse vector supported collection
Packet is sent to Cloud Server;
(6) between progress anonymous Identity certification user:
(6a) booking reader sends data subscription request to encryption data user is uploaded;
(6b) according to the following formula, calculates temporary identity authentication information parameter, uploads encryption data user and authenticates temporary identity
Information parameter is sent to booking reader:
bi=H3(Fi||ai·P||Ti||vaild period)
Wherein, biIndicate the temporary authentication information parameter of i-th of user of upload encryption data, H3() indicates that half is honest
Registration center RC selection is different from H1() and H2The impact resistant secure hash function of (), | | indicate cascade operation, aiIt indicates
Upload the temporary secret value of i-th of user selection of encryption data, TiIndicate upload encryption data i-th of user it is current when
Between stab, vaild period indicate certification legal time section;
(6c) according to the following formula, calculates temporary identity authentication information value, uploads encryption data user and authenticates temporary identity and believes
Breath value is sent to booking reader:
di=(ai+bi)-1·xi
Wherein, diIndicate the temporary authentication information value of i-th of user of upload encryption data, ()-1Indicate inversion operation,
xiIndicate the private key of i-th of user of upload encryption data;
(6d) according to the following formula, calculates anonymous Identity authentication information value, uploads encryption data user and authenticates anonymous Identity and believes
Breath value is sent to booking reader:
Wherein, tiIndicate the anonymous Identity authentication information value of i-th of user of upload encryption data;
(6e) according to the following formula, booking reader calculates the anonymous Identity authentication value for uploading encryption data user:
Wherein, CiIndicate that the anonymous Identity authentication value of i-th of user of upload encryption data, C indicate in half honest registration
The user anonymity authentication value that heart RC is randomly selected in finite field, λ indicate half honesty registration center RC in finite fieldIt is upper random
Secret value is chosen, N indicates that registration user and cloud serverless backup sum, ∏ indicate even to multiply operation;
Whether the anonymous Identity authentication value that (6f) booking reader verifies upload encryption data user is equal in half honest registration
The user anonymity authentication value that heart RC is announced, if so, (6g) is thened follow the steps, otherwise, authentication failure;
(6g) uses information authentication method, and booking reader is to the upload encryption data user's checking authenticated by anonymous Identity
Information;
(6h) according to the following formula, calculates temporary identity authentication information parameter, and booking reader is by temporary identity authentication information parameter
It is sent to and uploads encryption data user:
bi=H3(Fj||aj·P||Tj||vaild period)
Wherein, bjIndicate the temporary authentication information parameter of j-th of booking reader, ajIndicate facing for j-th of booking reader's selection
When secret value, TjIndicate the current time stamp of j-th of booking reader;
(6i) according to the following formula, calculates temporary identity authentication information value, and booking reader sends temporary identity authentication information value
To upload encryption data user:
dj=(aj+bj)-1·xj
Wherein, djIndicate the temporary authentication information value of j-th of booking reader, xjIndicate the private key of j-th of booking reader;
(6j) according to the following formula, calculates anonymous Identity authentication information value, and booking reader sends anonymous Identity authentication information value
To upload encryption data user:
Wherein, tjIndicate the anonymous Identity authentication information value of j-th of booking reader;
(6k) according to the following formula, uploads the anonymous Identity authentication value that encryption data user calculates booking reader:
Wherein, CjIndicate the anonymous Identity authentication value of j-th of booking reader;
Whether the anonymous Identity authentication value that (6l) uploads encryption data user's checking booking reader is equal in half honest registration
The anonymous authentication value that heart RC is announced, if so, (6m) is thened follow the steps, otherwise, authentication failure;
(6m) uses information authentication method, uploads the booking reader's that encryption data user's checking is authenticated by anonymous Identity
Verification information;
(7) session key distribution:
(7a) according to the following formula, booking reader calculates the session key for authenticating by anonymous Identity and uploading encryption data user:
Sk=H1(aj·Xi)
Wherein, Sk indicates the session key that booking reader calculates;
(7b) according to the following formula, uploads encryption data user and calculates the session key for authenticating booking reader by anonymous Identity:
Sk=H1(ai·Xj)
Wherein, Sk indicates to upload the session key of computing with encrypted data;
(8) decruption key is distributed:
(8a) according to the following formula, uploads the energy that encryption data user calculates after encryption and encrypts code key:
Wherein, K1' indicate that the energy of encryption encrypts code key;
(8b) uploads encryption data user and transmits the energy encryption code key and permutation function of encryption to booking reader,
Complete the distribution of decruption key;
(9) Cloud Server authenticates booking reader:
(9a) booking reader sends to Cloud Server and subscribes to request;
Anonymous Identity information is sent to Cloud Server by (9b) booking reader;
(9c) according to the following formula, Cloud Server calculates the anonymous Identity value of information of booking reader:
Wherein, CjIndicate the anonymous Identity value of information of booking reader;
Whether the anonymous Identity authentication value of (9d) Cloud Server authentication booking reader is equal to half honesty registration center RC
The anonymous authentication value of announcement, if so, (9e) is thened follow the steps, otherwise, authentication failure;
(9e) uses compressed sensing reconstructing method, calculates specification sparse data and energy encryption function, and Cloud Server will advise
Model sparse data and energy encryption function are sent to booking reader;
(10) Error Control restores ciphertext data:
(d-1) organizes the feelings of continuous data before (10a) is lost booking reader during receiving Cloud Server data
Condition, booking reader, which obtains, organizes continuous data, the L of d group data after extraction from d group to d+ (t-1)kBit is plain, d group data complete
L in portion's element and remaining set datakBit element can recover whole ciphertext data, wherein LkK after indicating in packet data
Data;
(10b) is lost arbitrary continuation (d-1) group data to booking reader during receiving Cloud Server data
Situation, booking reader obtains since next group of d' for losing data organizes data from d' group to 2d'-t (mod t), extracts d'
L in the whole elements and remaining set data of group datakBit element can recover whole original cipher text data, wherein mod
Indicate modulo operation;
(11) ciphertext is decrypted:
(11a) booking reader utilizes displacement support set creation method, obtains the displacement sparse vector supported collection of reduction;
(11b) according to the following formula, booking reader calculates the energy encryption function of decryption:
Wherein,Indicate the decryption energy encryption function calculated;
(11c) according to the following formula, booking reader calculates initial data:
Wherein,Indicate the sparse value of specification;
(12) user and Cloud Server are cancelled:
(12a) half honesty registration center RC gathers the expired user of revocation or the enrollment status information of Cloud Server set
It is removed from anonymous Identity verification function;
(12b) according to the following formula, half honesty registration center RC changes anonymous Identity verification function:
Wherein, C1(x) indicate that the anonymous Identity verification function of change, C' indicate the difference selected from finite field and C's
Anonymous Identity authentication value, λ ' indicate half honesty registration center RC in finite fieldOn randomly select secret value;
(12c) half honesty registration center RC broadcast anonymous Identity verification function completes destruction operation, other users or cloud clothes
The key and identity information of business device remain unchanged;
(13) restore revocation user and Cloud Server:
(13a) will restore when cancelling Cloud Server sending recovery request according to half honesty registration center RC of step (2)
The corresponding identity information of Cloud Server is added anonymous Identity verification function and completes to restore revocation user's operation, unrepealed cloud clothes
Business device does not need to update authentication information;
(13b) will restore user when cancelling user's sending recovery request, according to half honesty registration center RC of step (3)
Corresponding identity information is added anonymous Identity verification function and completes to restore revocation user's operation, and unrepealed user does not need more
New authentication information;
(14) increase new user and Cloud Server:
(14a) when new Cloud Server issues registration request, according to the honest registration center of step (2) half by new Cloud Server
Enrollment status information anonymous Identity verification function be added complete to increase the operation of new Cloud Server, the key of other Cloud Servers and
Identity information remains unchanged;
(14b) when new user issues registration request, according to the honest registration center of step (3) half by the registration body of new user
Part information is added anonymous Identity verification function and completes to increase new user's operation, and the key and identity information of other users is kept not
Become.
The present invention has the following advantages that compared with prior art:
First, since the present invention calculates the energy encrypted cipher text of sparse data, the problem of can preventing ciphertext energy leakage, is protected
The shortcomings that safety for having demonstrate,proved ciphertext overcomes in existing compressed sensing encryption technology, and signal data is easy by Attacks,
Guarantee the indistinguishability of signal data energy, so that general safety performance of the invention is more prominent.
Second, it since Error Control of the present invention restores ciphertext data, overcomes in existing compressed sensing encryption technology, loses
Ciphertext data packet is not more than can guarantee recovery effects disadvantage in the case where half, so that Error disposal performance of the present invention is more powerful.
Third devises session key distribution and decruption key distribution since the present invention authenticates anonymous Identity user,
It overcomes in existing compressed sensing encipherment scheme, user is uploaded the problem of Key Exposure is gone out by cloudy server, ensure that use
The safety of key is shared between family, so that the safety of key is higher in the present invention.
Detailed description of the invention
Fig. 1 is flow chart of the invention;
Fig. 2 is the flow chart of compressed sensing encryption and ciphertext Error Control processing step of the present invention.
Specific embodiment
With reference to the accompanying drawing, the present invention is described in further detail.
Referring to Fig.1, the specific steps of the invention to realization are described in further detail.
Step 1, Cloud Server is registered to half honesty registration center RC.
The public identity value of information is sent to half honesty registration center RC by Cloud Server.
According to the following formula, half honesty registration center RC calculates the anonymous Identity value of each Cloud Server:
Wherein, stIndicate the anonymous Identity value of t-th of Cloud Server, H2() indicates what half honesty registration center RC chose
Safe impact resistant hash function, x indicate half honesty registration center RC in finite fieldOn the secret value that randomly selects,Indicate half
The finite field that honest registration center RC is generated using the Big prime n randomly selected, g indicate finite fieldGeneration member, IDtIt indicates
The public identity value of information to be registered of t-th of Cloud Server.
Half honesty registration center RC stores Cloud Server anonymous Identity value into registered Cloud Server set.
Step 2, user registers to half honesty registration center RC.
Using identity information value formula to be registered, each user to be registered calculates identity information value to be registered.
The identity information value formula to be registered is as follows:
Wherein, PGkIndicate the identity information value to be registered of k-th of user to be registered, pwkIndicate k-th of user to be registered with
The identity secret value to be registered that machine is chosen, g indicate multiplication method cyclic group G2Generation member, G2Indicate that rank is the multiplicative cyclic group of p, p
Indicate the Big prime different from n that half honesty registration center RC is randomly selected.
Using identity information value formula to be certified, each user to be registered calculates identity information value to be certified.
The identity information value formula to be certified is as follows:
Vk=ek·P
Wherein, VkIndicate the identity information value to be certified of k-th of user to be registered, ekIndicate that k-th of user to be registered is random
The identity secret value to be certified chosen, P indicate addition cyclic group G1Generation member, G1Indicate that rank is the addition cyclic group of p.
According to the following formula, the verifying identity information value of each user to be registered is calculated, half honesty registration center RC will verify body
Part value of information is sent to each user to be registered:
Fk=Vk+rk·P
hk=H1(Rk)
Wherein, FkIndicate the verification information value of k-th of user to be registered, rkIndicate that half honesty registration center RC is randomly selected
For calculating the verifying secret value of k-th of user authentication information to be registered, P expression addition cyclic group G1Generation member, G1It indicates
Rank is the addition cyclic group of p, hkIndicate the cryptographic Hash of the verification information of k-th of user to be registered, H1() indicates half honest registration
What center RC chose is different from H2() safe impact resistant hash function.
According to the following formula, the anonymous Identity value of each user to be registered is calculated, half honesty registration center RC is by anonymous Identity value
It is sent to each user to be registered:
sk=H2(pk·PGk)
Wherein, pkIndicate the authenticating identity value of information of k-th of user to be registered, IDkIndicate the public affairs of k-th of user to be registered
Open identity information value, skIndicate k-th of user anonymity identity value to be registered.
Half honesty registration center RC is by each user anonymity authentication value storage to be registered into registered users set.
Using identity information verification method, the verifying identity of half honesty registration center RC transmission of each user's checking to be registered
Whether the value of information is true, if so, continue to execute, otherwise, identity information authentification failure.
The identity information verification method is that specific step is as follows:
According to the following formula, user to be registered calculates verifying equation:
Wherein,Indicate the partial secret value of k-th of private key for user to be registered, PpubIndicate half honesty registration center RC's
Public key parameter.
Whether user's checking verifying equation to be registered is equal, if so, identity information verifying is set up, otherwise, identity information is tested
Card failure.
Using private key formula, each user to be registered calculates private key.
The private key formula is as follows:
Wherein, x is half honesty registration center RC in finite fieldThe main private key randomly selected, xkIndicate k-th it is to be registered
Private key for user.
Step 3, be-encrypted data is pre-processed.
Be-encrypted data is inputted, registration user carries out one-dimensional signal processing to the be-encrypted data of input.
It registers user and utilizes SVD calculation matrix generation method, generate calculation matrix.
The SVD calculation matrix generation method is as follows:
It registers user and sparse matrix is obtained by learning method.
According to the following formula, registration user carries out singular value decomposition to sparse matrix:
Ψ=U Λ VT
Wherein, Ψ indicates to be n × m sparse matrix by the size that study obtains, and U, V respectively indicate sparse matrix by odd
The matrix that different decomposition obtains, T indicate transposition operation.
According to the following formula, registration user generates calculation matrix:
Wherein, Φ indicates that the size extracted is m × n calculation matrix, UlIt indicates to arrange the matrix formed, l by the preceding l of matrix U
Value it is equal with the compressed value m of compressed sensing data.
Registration user successively records nonzero element in sparse vector, obtains sparse vector supported collection.
It registers user and utilizes displacement support set creation method, generate the displacement support collection of sparse vector.
The displacement support set creation method is as follows:
User is registered from size to randomly select s different elements in the vector space of n, is put into vector space pl(l
=1, K, s) in obtain permutation vector, wherein s indicate sparse vector number.
According to the following formula, registration user calculates the displacement support collection of sparse vector:
s(pl)=s (sv(l))
Wherein, s (pl) indicate sparse vector displacement support collection, sv(l) sparse vector space l group element is indicated.
It registers user and utilizes the sparse formula of specification, calculate the sparse value of specification of be-encrypted data.
The sparse formula of specification is as follows:
Wherein, θ indicates the sparse value of be-encrypted data, and x indicates be-encrypted data,Indicate that the specification of be-encrypted data is dilute
Value is dredged, | | | |2Indicate that 2 norms operate.
Referring to Fig. 2, the compressed sensing encryption and ciphertext Error Control processing specific steps be applicable in the realization present invention is made
Further detailed description:
Step 4, be-encrypted data is encrypted using compression sensing method.
According to the following formula, registration user calculates the encrypted cipher text of be-encrypted data:
Wherein, y indicate be-encrypted data encrypted cipher text, Φ indicate calculation matrix, Ψ indicate sparse matrix, θ indicate to
The sparse value of encryption data, | | | |2Indicate that 2 norms operate.
According to the following formula, registration user calculates the energy encrypted cipher text of sparse data:
Wherein, c indicates the energy encrypted cipher text of sparse data,Indicate xor operation, K1Indicate that pseudo-random function Γ is generated
Energy encryption key.
Step 5, ciphertext Error Control is handled.
According to the following formula, registration user calculates every group of grouping data length:
Wherein, m indicates packet data length, and α indicates the error rate that registration user is arranged according to the demand of Error Control, t
Indicate data grouping number.
With ciphertext divided by packet data number, the shift length of packet data is obtained.
Register user by Error Control treated compression ciphertext, energy encrypted cipher text, sparse vector supported collection be packaged hair
It send to Cloud Server.
Step 6, between progress anonymous Identity certification user.
Booking reader sends data subscription request to encryption data user is uploaded.
According to the following formula, temporary identity authentication information parameter is calculated, uploads encryption data user for temporary identity authentication information
Parameter is sent to booking reader:
bi=H3(Fi||ai·P||Ti||vaild period)
Wherein, biIndicate the temporary authentication information parameter of i-th of user of upload encryption data, H3() indicates that half is honest
Registration center RC selection is different from H1() and H2The impact resistant secure hash function of (), | | indicate cascade operation, aiIt indicates
Upload the temporary secret value of i-th of user selection of encryption data, TiIndicate upload encryption data i-th of user it is current when
Between stab, vaild period indicate certification legal time section.
According to the following formula, temporary identity authentication information value is calculated, uploads encryption data user for temporary identity authentication information value
It is sent to booking reader:
di=(ai+bi)-1·xi
Wherein, diIndicate the temporary authentication information value of i-th of user of upload encryption data, ()-1Indicate inversion operation,
xiIndicate the private key of i-th of user of upload encryption data.
According to the following formula, anonymous Identity authentication information value is calculated, uploads encryption data user for anonymous Identity authentication information value
It is sent to booking reader:
Wherein, tiIndicate the anonymous Identity authentication information value of i-th of user of upload encryption data.
According to the following formula, booking reader calculates the anonymous Identity authentication value for uploading encryption data user:
Wherein, CiIndicate that the anonymous Identity authentication value of i-th of user of upload encryption data, C indicate in half honest registration
The user anonymity authentication value that heart RC is randomly selected in finite field, λ indicate half honesty registration center RC in finite fieldIt is upper random
Secret value is chosen, N indicates that registration user and cloud serverless backup sum, ∏ indicate even to multiply operation.
Whether the anonymous Identity authentication value that booking reader verifies upload encryption data user is equal to half honesty registration center RC
The user anonymity authentication value of announcement, if so, (6g) is thened follow the steps, otherwise, authentication failure.
Using information authentication method, booking reader believes the upload encryption data user's checking authenticated by anonymous Identity
Breath;
Specific step is as follows for the information authentication method:
According to the following formula, it receives user and calculates temporary authentication information:
bi=H3(Fi||Xi||Ti||vaild period)
hi=H1(Fi)
Wherein, bi,hiIt indicates to send user's temporary authentication information.
According to the following formula, user's checking authentication information is received:
di(Xi+biP)=hi·Ppub
Wherein, diIndicate send user temporary authentication information, if equation set up, send user information authentication at
Function, otherwise, authentification of message failure.
According to the following formula, temporary identity authentication information parameter is calculated, booking reader sends temporary identity authentication information parameter
To upload encryption data user:
bi=H3(Fj||aj·P||Tj||vaild period)
Wherein, bjIndicate the temporary authentication information parameter of j-th of booking reader, ajIndicate facing for j-th of booking reader's selection
When secret value, TjIndicate the current time stamp of j-th of booking reader.
According to the following formula, temporary identity authentication information value is calculated, temporary identity authentication information value is sent to by booking reader
Pass encryption data user:
dj=(aj+bj)-1·xj
Wherein, djIndicate the temporary authentication information value of j-th of booking reader, xjIndicate the private key of j-th of booking reader.
According to the following formula, anonymous Identity authentication information value is calculated, anonymous Identity authentication information value is sent to by booking reader
Pass encryption data user:
Wherein, tjIndicate the anonymous Identity authentication information value of j-th of booking reader.
According to the following formula, the anonymous Identity authentication value that encryption data user calculates booking reader is uploaded:
Wherein, CjIndicate the anonymous Identity authentication value of j-th of booking reader.
Whether the anonymous Identity authentication value for uploading encryption data user's checking booking reader is equal to half honesty registration center RC
The anonymous authentication value of announcement, if so, (6m) is thened follow the steps, otherwise, authentication failure.
Using information authentication method, the verifying for the booking reader that encryption data user's checking is authenticated by anonymous Identity is uploaded
Information.
Specific step is as follows for the information authentication method:
According to the following formula, it receives user and calculates temporary authentication information:
bi=H3(Fi||Xi||Ti||vaild period)
hi=H1(Fi)
Wherein, bi,hiIt indicates to send user's temporary authentication information.
According to the following formula, user's checking authentication information is received:
di(Xi+biP)=hi·Ppub
Wherein, diIndicate send user temporary authentication information, if equation set up, send user information authentication at
Function, otherwise, authentification of message failure.
Step 7, session key distribution.
According to the following formula, booking reader calculates the session key for authenticating by anonymous Identity and uploading encryption data user:
Sk=H1(aj·Xi)
Wherein, Sk indicates the session key that booking reader calculates.
According to the following formula, it uploads encryption data user and calculates the session key for authenticating booking reader by anonymous Identity:
Sk=H1(ai·Xj)
Wherein, Sk indicates to upload the session key of computing with encrypted data.
Step 8, decruption key is distributed.
According to the following formula, it uploads the energy that encryption data user calculates after encryption and encrypts code key:
Wherein, K1' indicate that the energy of encryption encrypts code key.
It uploads encryption data user to transmit the energy encryption code key and permutation function of encryption to booking reader, complete
The distribution of decruption key.
Step 9, Cloud Server authenticates booking reader.
Booking reader sends to Cloud Server and subscribes to request.
Anonymous Identity information is sent to Cloud Server by booking reader.
According to the following formula, Cloud Server calculates the anonymous Identity value of information of booking reader:
Wherein, CjIndicate the anonymous Identity value of information of booking reader.
Whether the anonymous Identity authentication value of Cloud Server authentication booking reader is equal to half honesty registration center RC announcement
Anonymous authentication value, if so, continue to execute, otherwise, authentication failure.
Using compressed sensing reconstructing method, calculates specification sparse data and energy encryption function, Cloud Server are dilute by specification
It dredges data and energy encryption function is sent to booking reader.
Specific step is as follows for the compressed sensing reconstructing method:
Cloud Server building restores the convex optimized algorithm of sparse data:
Wherein, min expression is minimized operation, | | | |1Indicate 1 norm, ε indicates permissible maximum residul difference value.
Calculate specification sparse data:
Wherein,Expression calculates specification sparse data, and rec indicates convex optimized algorithm.
Step 10, Error Control restores ciphertext data.
(d-1) organizes the case where continuous data before being lost during receiving Cloud Server data to booking reader, orders
It reads user and obtains (t-1) group continuous data, the L of d group data after extraction from d group to d+kAll members of bit element, d group data
L in element and remaining set datakBit element can recover whole ciphertext data, wherein LkK digit after indicating in packet data
According to.
The case where arbitrary continuation (d-1) group data are lost during receiving Cloud Server data to booking reader,
Booking reader obtains since next group of d' for losing data organizes data from d' group to 2d'-t (mod t), extracts d' group data
Whole elements and remaining set data in LkBit element can recover whole original cipher text data, wherein mod expression takes
Modulo operation.
Step 11, ciphertext is decrypted.
Booking reader utilizes displacement support set creation method, obtains the displacement sparse vector supported collection of reduction.
Described in displacement support set creation method it is as follows:
User is registered from size to randomly select s different elements in the vector space of n, is put into vector space pl(l
=1, K, s) in obtain permutation vector, wherein s indicate sparse vector number.
According to the following formula, registration user calculates the displacement support collection of sparse vector:
s(pl)=s (sv(l))
Wherein, s (pl) indicate sparse vector displacement support collection, sv(l) sparse vector space l group element is indicated.
According to the following formula, booking reader calculates the energy encryption function of decryption:
Wherein,Indicate the decryption energy encryption function calculated.
According to the following formula, booking reader calculates initial data:
Wherein,Indicate the sparse value of specification.
Step 12, user and Cloud Server are cancelled.
Half honesty registration center RC gathers the expired user of revocation or the enrollment status information of Cloud Server set is from hideing
It is removed in name authentication function.
According to the following formula, half honesty registration center RC changes anonymous Identity verification function:
Wherein, C1(x) indicate that the anonymous Identity verification function of change, C' indicate the difference selected from finite field and C's
Anonymous Identity authentication value, λ ' indicate half honesty registration center RC in finite fieldOn randomly select secret value.
Half honesty registration center RC broadcast anonymous Identity verification function completion destruction operation, other users or Cloud Server
Key and identity information remain unchanged.
Step 13, restore revocation user and Cloud Server.
When cancelling Cloud Server sending recovery request, cloud clothes will be restored according to half honesty registration center RC of step (2)
The corresponding identity information of business device is added anonymous Identity verification function and completes to restore revocation user's operation, unrepealed Cloud Server
It does not need to update authentication information.
When cancelling user's sending recovery request, it is corresponding that user will be restored according to half honesty registration center RC of step (3)
Identity information be added anonymous Identity verification function complete restore revocation user's operation, unrepealed user do not need update body
Part authentication information.
Step 14, increase new user and Cloud Server.
When new Cloud Server issues registration request, according to the honest registration center of step (2) half by the note of new Cloud Server
Volume identity information is added anonymous Identity verification function and completes to increase new Cloud Server operation, the key and identity of other Cloud Servers
Information remains unchanged.
When new user issues registration request, the enrollment status of new user is believed according to the honest registration center of step (3) half
Breath is added anonymous Identity verification function and completes to increase new user's operation, and the key and identity information of other users remains unchanged.
Referring to Fig. 2, the flow chart of compressed sensing encryption and the processing of ciphertext Error Control that the present invention is applicable in.Wherein, into
Row encryption data phase user generates calculation matrix, energy encrypted cipher text and displacement support collection using pretreatment, sparse to specification
Data encryption obtains encrypted cipher text;Error Control processing finally is carried out to ciphertext;By energy encrypted cipher text, displacement support collection is poor
The ciphertext of mistake control processing transmits in Cloud Server.
Claims (10)
1. a kind of shared compressed sensing encryption method with Error Control of achievable key, which is characterized in that calculate hideing for user
Name authentication value and authentication information are believed using anonymous Identity authentication method and information authentication method verifying anonymous Identity and certification
The legitimacy of breath calculates session code key to by the user of certification, and using ciphertext error control algorithm, user calculates every group of grouping
Data length and shift length obtain the ciphertext data of Error disposal;The specific steps of this method include as follows:
(1) Cloud Server is registered to half honesty registration center RC:
The public identity value of information is sent to half honesty registration center RC by (1a) Cloud Server;
(1b) according to the following formula, half honesty registration center RC calculates the anonymous Identity value of each Cloud Server:
Wherein, stIndicate the anonymous Identity value of t-th of Cloud Server, H2() indicates the safety that half honesty registration center RC chooses
Impact resistant hash function, x indicate half honesty registration center RC in finite fieldOn the secret value that randomly selects,Indicate that half is sincere
The finite field that real registration center RC is generated using the Big prime n randomly selected, g indicate finite fieldGeneration member, IDtIndicate the
The public identity value of information to be registered of t Cloud Server;
(1c) half honesty registration center RC stores Cloud Server anonymous Identity value into registered Cloud Server set;
(2) user registers to half honesty registration center RC:
(2a) utilizes identity information value formula to be registered, and each user to be registered calculates identity information value to be registered;
(2b) utilizes identity information value formula to be certified, and each user to be registered calculates identity information value to be certified;
(2c) according to the following formula, calculates the verifying identity information value of each user to be registered, and half honesty registration center RC will verify body
Part value of information is sent to each user to be registered:
Fk=Vk+rk·P
hk=H1(Rk)
Wherein, FkIndicate the verification information value of k-th of user to be registered, rkIndicate the use that half honesty registration center RC is randomly selected
In the verifying secret value for calculating k-th of user authentication information to be registered, P indicates addition cyclic group G1Generation member, G1Indicate that rank is
The addition cyclic group of p, hkIndicate the cryptographic Hash of the verification information of k-th of user to be registered, H1() indicates half honest registration center
What RC chose is different from H2() safe impact resistant hash function;
(2d) according to the following formula, calculates the anonymous Identity value of each user to be registered, and half honesty registration center RC is by anonymous Identity value
It is sent to each user to be registered:
sk=H2(pk·PGk)
Wherein, pkIndicate the authenticating identity value of information of k-th of user to be registered, IDkIndicate the open body of k-th of user to be registered
Part value of information, skIndicate k-th of user anonymity identity value to be registered;
(2e) half honesty registration center RC is by each user anonymity authentication value storage to be registered into registered users set;
(2f) utilizes identity information verification method, the verifying identity that half honesty registration center RC of each user's checking to be registered is sent
Whether the value of information is true, if so, (2g) is executed, otherwise, identity information authentification failure;
(2g) utilizes private key formula, and each user to be registered calculates private key;
(3) be-encrypted data is pre-processed:
(3a) inputs be-encrypted data, and registration user carries out one-dimensional signal processing to the be-encrypted data of input;
(3b) registers user and utilizes SVD calculation matrix generation method, generates calculation matrix;
(3c) registration user successively records nonzero element in sparse vector, obtains sparse vector supported collection;
(3d) registers user and utilizes displacement support set creation method, generates the displacement support collection of sparse vector;
(3e) registers user and utilizes the sparse formula of specification, calculates the sparse value of specification of be-encrypted data;
(4) be-encrypted data is encrypted using compression sensing method:
(4a) according to the following formula, registration user calculates the encrypted cipher text of be-encrypted data:
Wherein, y indicates that the encrypted cipher text of be-encrypted data, Φ indicate that calculation matrix, Ψ indicate that sparse matrix, θ indicate to be encrypted
The sparse value of data, | | | |2Indicate that 2 norms operate;
(4a) according to the following formula, registration user calculates the energy encrypted cipher text of sparse data:
Wherein, c indicates the energy encrypted cipher text of sparse data,Indicate xor operation, K1Indicate the energy that pseudo-random function Γ is generated
Measure encryption key;
(5) ciphertext Error Control is handled:
(5a) according to the following formula, registration user calculates every group of grouping data length:
Wherein, m indicates packet data length, and α indicates that the error rate that registration user is arranged according to the demand of Error Control, t indicate
Data grouping number;
(5b), divided by packet data number, obtains the shift length of packet data with ciphertext;
(5c) register user by Error Control treated compression ciphertext, energy encrypted cipher text, sparse vector supported collection be packaged hair
It send to Cloud Server;
(6) between progress anonymous Identity certification user:
(6a) booking reader sends data subscription request to encryption data user is uploaded;
(6b) according to the following formula, calculates temporary identity authentication information parameter, uploads encryption data user for temporary identity authentication information
Parameter is sent to booking reader:
bi=H3(Fi||ai·P||Ti||vaild period)
Wherein, biIndicate the temporary authentication information parameter of i-th of user of upload encryption data, H3() indicates half honest registration
RC selection in center is different from H1() and H2The impact resistant secure hash function of (), | | indicate cascade operation, aiIt indicates to upload
The temporary secret value of i-th of user selection of encryption data, TiIndicate the current time of i-th of user of upload encryption data
Stamp, vaild period indicate certification legal time section;
(6c) according to the following formula, calculates temporary identity authentication information value, uploads encryption data user for temporary identity authentication information value
It is sent to booking reader:
di=(ai+bi)-1·xi
Wherein, diIndicate the temporary authentication information value of i-th of user of upload encryption data, ()-1Indicate inversion operation, xiTable
Show the private key for uploading i-th of user of encryption data;
(6d) according to the following formula, calculates anonymous Identity authentication information value, uploads encryption data user for anonymous Identity authentication information value
It is sent to booking reader:
Wherein, tiIndicate the anonymous Identity authentication information value of i-th of user of upload encryption data;
(6e) according to the following formula, booking reader calculates the anonymous Identity authentication value for uploading encryption data user:
Wherein, CiIndicate that the anonymous Identity authentication value of i-th of user of upload encryption data, C indicate that half honesty registration center RC exists
The user anonymity authentication value randomly selected in finite field, λ indicate half honesty registration center RC in finite fieldOn randomly select it is secret
Close value, N indicate that registration user and cloud serverless backup sum, Π indicate even to multiply operation;
Whether the anonymous Identity authentication value that (6f) booking reader verifies upload encryption data user is equal to half honesty registration center RC
The user anonymity authentication value of announcement, if so, (6g) is thened follow the steps, otherwise, authentication failure;
(6g) uses information authentication method, and booking reader believes the upload encryption data user's checking authenticated by anonymous Identity
Breath;
(6h) according to the following formula, calculates temporary identity authentication information parameter, and booking reader sends temporary identity authentication information parameter
To upload encryption data user:
bi=H3(Fj||aj·P||Tj||vaild period)
Wherein, bjIndicate the temporary authentication information parameter of j-th of booking reader, ajIndicate the interim secret of j-th of booking reader's selection
Close value, TjIndicate the current time stamp of j-th of booking reader;
(6i) according to the following formula, calculates temporary identity authentication information value, and temporary identity authentication information value is sent to by booking reader
Pass encryption data user:
dj=(aj+bj)-1·xj
Wherein, djIndicate the temporary authentication information value of j-th of booking reader, xjIndicate the private key of j-th of booking reader;
(6j) according to the following formula, calculates anonymous Identity authentication information value, and anonymous Identity authentication information value is sent to by booking reader
Pass encryption data user:
Wherein, tjIndicate the anonymous Identity authentication information value of j-th of booking reader;
(6k) according to the following formula, uploads the anonymous Identity authentication value that encryption data user calculates booking reader:
Wherein, CjIndicate the anonymous Identity authentication value of j-th of booking reader;
Whether the anonymous Identity authentication value that (6l) uploads encryption data user's checking booking reader is equal to half honesty registration center RC
The anonymous authentication value of announcement, if so, (6m) is thened follow the steps, otherwise, authentication failure;
(6m) uses information authentication method, uploads the verifying for the booking reader that encryption data user's checking is authenticated by anonymous Identity
Information;
(7) session key distribution:
(7a) according to the following formula, booking reader calculates the session key for authenticating by anonymous Identity and uploading encryption data user:
Sk=H1(aj·Xi)
Wherein, Sk indicates the session key that booking reader calculates;
(7b) according to the following formula, uploads encryption data user and calculates the session key for authenticating booking reader by anonymous Identity:
Sk=H1(ai·Xj)
Wherein, Sk indicates to upload the session key of computing with encrypted data;
(8) decruption key is distributed:
(8a) according to the following formula, uploads the energy that encryption data user calculates after encryption and encrypts code key:
Wherein, K '1Indicate that the energy of encryption encrypts code key;
(8b) uploads encryption data user and transmits the energy encryption code key and permutation function of encryption to booking reader, completes
The distribution of decruption key;
(9) Cloud Server authenticates booking reader:
(9a) booking reader sends to Cloud Server and subscribes to request;
Anonymous Identity information is sent to Cloud Server by (9b) booking reader;
(9c) according to the following formula, Cloud Server calculates the anonymous Identity value of information of booking reader:
Wherein, CjIndicate the anonymous Identity value of information of booking reader;
Whether the anonymous Identity authentication value of (9d) Cloud Server authentication booking reader is equal to half honesty registration center RC announcement
Anonymous authentication value, if so, then follow the steps (9e), otherwise, authentication failure;
(9e) uses compressed sensing reconstructing method, calculates specification sparse data and energy encryption function, Cloud Server are dilute by specification
It dredges data and energy encryption function is sent to booking reader;
(10) Error Control restores ciphertext data:
(d-1) organizes the case where continuous data packet before (10a) is lost booking reader during receiving Cloud Server data,
Booking reader, which obtains, organizes continuous data, the L of d group data after extraction from d group to d+ (t-1)kThe whole of bit element, d group data
L in element and remaining set datakBit element can recover whole ciphertext data, wherein LkK digit after indicating in packet data
According to;
(10b) is lost the feelings of arbitrary continuation (d-1) group data packet to booking reader during receiving Cloud Server data
Condition, booking reader obtains since next group of d' for losing data organizes data from d' group to 2d'-t (mod t), extracts d' group
L in the whole elements and remaining set data of datakBit element can recover whole original cipher text data, wherein mod table
Show modulo operation;
(11) ciphertext is decrypted:
(11a) booking reader utilizes displacement support set creation method, obtains the displacement sparse vector supported collection of reduction;
(11b) according to the following formula, booking reader calculates the energy encryption function of decryption:
Wherein,Indicate the decryption energy encryption function calculated;
(11c) according to the following formula, booking reader calculates initial data:
Wherein,Indicate the sparse value of specification;
(12) user and Cloud Server are cancelled:
(12a) half honesty registration center RC gathers the expired user of revocation or the enrollment status information of Cloud Server set is from hideing
It is removed in name authentication function;
(12b) according to the following formula, half honesty registration center RC changes anonymous Identity verification function:
Wherein, C1(x) indicate that the anonymous Identity verification function of change, C' indicate the difference and anonymous body of C selected from finite field
Part authentication value, λ ' indicate half honesty registration center RC in finite fieldOn randomly select secret value;
(12c) half honesty registration center RC broadcast anonymous Identity verification function completes destruction operation, other users or Cloud Server
Key and identity information remain unchanged;
(13) restore revocation user and Cloud Server:
(13a) will restore cloud clothes when cancelling Cloud Server sending recovery request, according to half honesty registration center RC of step (2)
The corresponding identity information of business device is added anonymous Identity verification function and completes to restore revocation user's operation, unrepealed Cloud Server
It does not need to update authentication information;
It is corresponding that (13b) will restore user when cancelling user's sending recovery request, according to half honesty registration center RC of step (3)
Identity information be added anonymous Identity verification function complete restore revocation user's operation, unrepealed user do not need update body
Part authentication information;
(14) increase new user and Cloud Server:
(14a) when new Cloud Server issues registration request, according to the honest registration center of step (2) half by the note of new Cloud Server
Volume identity information is added anonymous Identity verification function and completes to increase new Cloud Server operation, the key and identity of other Cloud Servers
Information remains unchanged;
(14b) believes the enrollment status of new user when new user issues registration request, according to the honest registration center of step (3) half
Breath is added anonymous Identity verification function and completes to increase new user's operation, and the key and identity information of other users remains unchanged.
2. a kind of shared compressed sensing encryption method with Error Control of achievable key according to claim 1, special
Sign is:Identity information value formula to be registered described in step (2a) is as follows:
Wherein, PGkIndicate the identity information value to be registered of k-th of user to be registered, pwkIndicate that k-th of user to be registered selects at random
The identity secret value to be registered taken, g indicate multiplication method cyclic group G2Generation member, G2Indicate that rank is the multiplicative cyclic group of p, p is indicated
The Big prime different from n that half honesty registration center RC is randomly selected.
3. a kind of shared compressed sensing encryption method with Error Control of achievable key according to claim 1, special
Sign is:Identity information value formula to be certified described in step (2b) is as follows:
Vk=ek·P
Wherein, VkIndicate the identity information value to be certified of k-th of user to be registered, ekIndicate that k-th of user to be registered randomly selects
Identity secret value to be certified, P indicate addition cyclic group G1Generation member, G1Indicate that rank is the addition cyclic group of p.
4. a kind of shared compressed sensing encryption method with Error Control of achievable key according to claim 1, special
Sign is:Identity information verification method described in step (2f) is that specific step is as follows:
Step 1, according to the following formula, user to be registered calculate verifying equation:
Wherein,Indicate the partial secret value of k-th of private key for user to be registered, PpubIndicate the public key of half honesty registration center RC
Parameter;
Step 2, whether user's checking verifying equation to be registered is equal, if so, identity information verifying is set up, otherwise, identity information
Authentication failed.
5. a kind of shared compressed sensing encryption method with Error Control of achievable key according to claim 1, special
Sign is:Private key formula described in step (2g) is as follows:
Wherein, x is half honesty registration center RC in finite fieldThe main private key randomly selected, xkIndicate k-th of user to be registered
Private key.
6. a kind of shared compressed sensing encryption method with Error Control of achievable key according to claim 1, special
Sign is:SVD calculation matrix generation method described in step (3b) is as follows:
Step 1 registers user by learning method and obtains sparse matrix;
Step 2, according to the following formula, registration user carry out singular value decomposition to sparse matrix:
Ψ=U Λ VT
Wherein, Ψ indicates to be n × m sparse matrix by the size that study obtains, and U, V respectively indicate sparse matrix by unusual point
The matrix that solution obtains, T indicate transposition operation;
Step 3, according to the following formula, registration user generate calculation matrix:
Wherein, Φ indicates that the size extracted is m × n calculation matrix, UlIt indicates to arrange the matrix formed, the value of l by the preceding l of matrix U
It is equal with the compressed value m of compressed sensing data.
7. a kind of shared compressed sensing encryption method with Error Control of achievable key according to claim 1, special
Sign is:Displacement support set creation method described in step (3d), step (11a) is as follows:
Step 1 registers user from size to randomly select s different elements in the vector space of n, is put into vector space pl
Permutation vector is obtained in (l=1, K, s), wherein s indicates sparse vector number;
Step 2, according to the following formula, registration user calculate the displacement support collection of sparse vector:
s(pl)=s (sv(l))
Wherein, s (pl) indicate sparse vector displacement support collection, sv(l) sparse vector space l group element is indicated.
8. a kind of shared compressed sensing encryption method with Error Control of achievable key according to claim 1, special
Sign is:The sparse formula of specification described in step (3e) is as follows:
Wherein, θ indicates the sparse value of be-encrypted data, and x indicates be-encrypted data,Indicate the sparse value of specification of be-encrypted data,
||·||2Indicate that 2 norms operate.
9. a kind of shared compressed sensing encryption method with Error Control of achievable key according to claim 1, special
Sign is:Specific step is as follows for information authentication method described in step (6g), step (6m):
Step 1 receives user and calculates temporary authentication information according to the following formula:
bi=H3(Fi||Xi||Ti||vaild period)
hi=H1(Fi)
Wherein, bi,hiIt indicates to send user's temporary authentication information;
Step 2 receives user's checking authentication information according to the following formula:
di(Xi+biP)=hi·Ppub
Wherein, diIndicate that the temporary authentication information for sending user sends user information authentication success if equation is set up, it is no
Then, authentification of message fails.
10. a kind of shared compressed sensing encryption method with Error Control of achievable key according to claim 1, special
Sign is:Specific step is as follows for compressed sensing reconstructing method described in step (9e):
Step 1, Cloud Server building restore the convex optimized algorithm of sparse data:
Wherein, min expression is minimized operation, | | | |1Indicate 1 norm, ε indicates permissible maximum residul difference value;
Step 2 calculates specification sparse data:
Wherein,Expression calculates specification sparse data, and rec indicates convex optimized algorithm.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810549669.4A CN108881186B (en) | 2018-05-31 | 2018-05-31 | Compressed sensing encryption method capable of realizing key sharing and error control |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201810549669.4A CN108881186B (en) | 2018-05-31 | 2018-05-31 | Compressed sensing encryption method capable of realizing key sharing and error control |
Publications (2)
Publication Number | Publication Date |
---|---|
CN108881186A true CN108881186A (en) | 2018-11-23 |
CN108881186B CN108881186B (en) | 2020-06-16 |
Family
ID=64336245
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201810549669.4A Active CN108881186B (en) | 2018-05-31 | 2018-05-31 | Compressed sensing encryption method capable of realizing key sharing and error control |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN108881186B (en) |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109599170A (en) * | 2018-12-05 | 2019-04-09 | 易必祥 | Medical management method and system based on big data |
CN109992942A (en) * | 2019-01-03 | 2019-07-09 | 西安电子科技大学 | Secret protection face authentication method and system, intelligent terminal based on privacy sharing |
CN111900995A (en) * | 2020-07-27 | 2020-11-06 | 浙江工商大学 | Signal encryption method based on time-varying measurement matrix |
CN113485081A (en) * | 2021-07-09 | 2021-10-08 | 北京航空航天大学 | Non-cascade optical scanning holographic multi-image parallel encryption method |
CN117544430A (en) * | 2024-01-10 | 2024-02-09 | 北京佳芯信息科技有限公司 | Intelligent data encryption method and system |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6025679A (en) * | 1998-05-06 | 2000-02-15 | Raymond G. Harper | Lighting space controller |
CN105306779A (en) * | 2015-10-27 | 2016-02-03 | 西安电子科技大学 | Image encryption method based on compressive sensing and index scrambling |
WO2016085571A2 (en) * | 2014-09-30 | 2016-06-02 | Washington University | Compressed-sensing ultrafast photography (cup) |
CN105827632A (en) * | 2016-04-26 | 2016-08-03 | 广东技术师范学院 | Cloud computing CCS fine-grained data control method |
CN106921643A (en) * | 2015-12-28 | 2017-07-04 | 镇江市星禾物联科技有限公司 | A kind of Internet of Things aspect network data transmission method and security gateway equipment |
CN107241321A (en) * | 2017-05-26 | 2017-10-10 | 陕西科技大学 | A kind of personal medical information method for secret protection |
CN107731268A (en) * | 2017-09-27 | 2018-02-23 | 海南医学院 | A kind of electronic health record control system for realizing inter-region medical data sharing |
CN107743296A (en) * | 2017-11-15 | 2018-02-27 | 中国矿业大学(北京) | A kind of RSSI area segmentation formula localization methods based on compressed sensing |
CN107947915A (en) * | 2017-11-10 | 2018-04-20 | 西安电子科技大学 | Anonymous traitor tracing method based on compressed sensing |
-
2018
- 2018-05-31 CN CN201810549669.4A patent/CN108881186B/en active Active
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6025679A (en) * | 1998-05-06 | 2000-02-15 | Raymond G. Harper | Lighting space controller |
WO2016085571A2 (en) * | 2014-09-30 | 2016-06-02 | Washington University | Compressed-sensing ultrafast photography (cup) |
CN105306779A (en) * | 2015-10-27 | 2016-02-03 | 西安电子科技大学 | Image encryption method based on compressive sensing and index scrambling |
CN106921643A (en) * | 2015-12-28 | 2017-07-04 | 镇江市星禾物联科技有限公司 | A kind of Internet of Things aspect network data transmission method and security gateway equipment |
CN105827632A (en) * | 2016-04-26 | 2016-08-03 | 广东技术师范学院 | Cloud computing CCS fine-grained data control method |
CN107241321A (en) * | 2017-05-26 | 2017-10-10 | 陕西科技大学 | A kind of personal medical information method for secret protection |
CN107731268A (en) * | 2017-09-27 | 2018-02-23 | 海南医学院 | A kind of electronic health record control system for realizing inter-region medical data sharing |
CN107947915A (en) * | 2017-11-10 | 2018-04-20 | 西安电子科技大学 | Anonymous traitor tracing method based on compressed sensing |
CN107743296A (en) * | 2017-11-15 | 2018-02-27 | 中国矿业大学(北京) | A kind of RSSI area segmentation formula localization methods based on compressed sensing |
Non-Patent Citations (3)
Title |
---|
WEI LI,ET.AL: "《An Efficient ID-Based Mutual Authentication and Key Agreement Protocol for Mobile Multi-server Environment Without a Trusted Registration Center and ESL Attack》", 《SPRINGER》 * |
YUSHU ZHANG,ET.AL: "《Lossy Channel Secure Sparse Robustness Decoding Service in Multi-Clouds》", 《IEEE》 * |
王厚林等: "《一种基于压缩感知与混沌系统的比特级图像加密方法》", 《软件导刊》 * |
Cited By (7)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109599170A (en) * | 2018-12-05 | 2019-04-09 | 易必祥 | Medical management method and system based on big data |
CN109992942A (en) * | 2019-01-03 | 2019-07-09 | 西安电子科技大学 | Secret protection face authentication method and system, intelligent terminal based on privacy sharing |
CN111900995A (en) * | 2020-07-27 | 2020-11-06 | 浙江工商大学 | Signal encryption method based on time-varying measurement matrix |
CN113485081A (en) * | 2021-07-09 | 2021-10-08 | 北京航空航天大学 | Non-cascade optical scanning holographic multi-image parallel encryption method |
CN113485081B (en) * | 2021-07-09 | 2022-09-16 | 北京航空航天大学 | Non-cascade optical scanning holographic multi-image parallel encryption method |
CN117544430A (en) * | 2024-01-10 | 2024-02-09 | 北京佳芯信息科技有限公司 | Intelligent data encryption method and system |
CN117544430B (en) * | 2024-01-10 | 2024-03-29 | 北京佳芯信息科技有限公司 | Intelligent data encryption method and system |
Also Published As
Publication number | Publication date |
---|---|
CN108881186B (en) | 2020-06-16 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN108352015B (en) | Secure multi-party loss-resistant storage and encryption key transfer for blockchain based systems in conjunction with wallet management systems | |
US10027654B2 (en) | Method for authenticating a client device to a server using a secret element | |
CN108881186A (en) | A kind of shared compressed sensing encryption method with Error Control of achievable key | |
US20150244525A1 (en) | Authentication | |
CN110519046B (en) | Quantum communication service station key negotiation method and system based on one-time asymmetric key pair and QKD | |
WO2018110608A1 (en) | Collating system, method, device, and program | |
US20140359290A1 (en) | Authentication | |
US20150124963A1 (en) | Authentication | |
US20150326392A1 (en) | Matrix-based cryptosystem | |
CN110750796B (en) | Encrypted data deduplication method supporting public audit | |
CN110768781A (en) | Public and private key issuing and issuing method and system based on alliance chain and resisting quantum computation | |
Yang et al. | Zero knowledge based client side deduplication for encrypted files of secure cloud storage in smart cities | |
Fatahi et al. | High-efficient arbitrated quantum signature scheme based on cluster states | |
Song et al. | Cryptanalysis and improvement of verifiable quantum (k, n) secret sharing | |
Agrawal et al. | Game-set-MATCH: Using mobile devices for seamless external-facing biometric matching | |
CN113783683A (en) | Cloud platform privacy protection verifiable data aggregation method based on sensor network | |
CN110740034B (en) | Method and system for generating QKD network authentication key based on alliance chain | |
Thangavel et al. | An analysis of privacy preservation schemes in cloud computing | |
CN110737907A (en) | Anti-quantum computing cloud storage method and system based on alliance chain | |
JP2006227411A (en) | Communications system, encryption device, key generator, key generating method, restoration device, communication method, encryption method, and cryptography restoration method | |
Swetha et al. | A Modified Tiny Asymmetric Encryption for Secure Ftp to Network | |
Harn et al. | A novel threshold cryptography with membership authentication and key establishment | |
Zhang et al. | Privacy‐friendly weighted‐reputation aggregation protocols against malicious adversaries in cloud services | |
Palathingal et al. | Enhanced cloud data security using combined encryption and steganography | |
Murugan | An efficient algorithm on quantum computing with quantum key distribution for secure communication |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |