CN109039578A - Secret protection encryption method, information data processing terminal based on homomorphic cryptography - Google Patents

Secret protection encryption method, information data processing terminal based on homomorphic cryptography Download PDF

Info

Publication number
CN109039578A
CN109039578A CN201811024659.5A CN201811024659A CN109039578A CN 109039578 A CN109039578 A CN 109039578A CN 201811024659 A CN201811024659 A CN 201811024659A CN 109039578 A CN109039578 A CN 109039578A
Authority
CN
China
Prior art keywords
user
request
information
service
agency
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201811024659.5A
Other languages
Chinese (zh)
Inventor
韦鹏程
李莉
颜蓓
周震
姜娇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chongqing University of Education
Original Assignee
Chongqing University of Education
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chongqing University of Education filed Critical Chongqing University of Education
Priority to CN201811024659.5A priority Critical patent/CN109039578A/en
Publication of CN109039578A publication Critical patent/CN109039578A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0407Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the identity of one or more communicating identities is hidden
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0884Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/008Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols involving homomorphic encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The invention belongs to the technical field of data processing characterized by agreement, secret protection encryption method based on homomorphic cryptography, information data processing terminal are disclosed;It selects hash function and selects a safe symmetric encipherment algorithm such as AES as encryption, enhance secret protection by the way of public, private key pair, and realize the request service to multiple users;The present invention makes that multiple mobile subscribers cooperate with each other and pseudonymity technology protects themselves identity information; simultaneously using themselves service request and other information of homomorphic cryptography technical protection; if user can obtain information needed in node B cache; then he will not be from server solicited message, this can reduce the risk of exposed user sensitive information;Otherwise, user is sent to server by aggregate request and is requested, and to realize k anonymity and diversity, so that service provider can not be by positioning service to request user, this can protect the position of user, query information and inquiry preference.

Description

Secret protection encryption method, information data processing terminal based on homomorphic cryptography
Technical field
The invention belongs to technical field of data processing characterized by agreement more particularly to a kind of based on the hidden of homomorphic cryptography Private protection encryption method, information data processing terminal.
Background technique
Currently, the prior art commonly used in the trade is such that rapid development and its extensive use with computer technology, People's lives increasingly be unable to do without computer product.And not all network be all it is believable, so information security at For the hot topic of all industries.When obtaining service, it is ensured that the sensitive data of mobile subscriber is effectively protected, except asking User outside the person of asking cannot obtain the information on services of requestor's acquisition, that is to say, that accessible and control third party.Based on category Property encryption be for data access control a kind of important cryptographic means.Up to the present, many has been proposed in scholars Encryption (ABE) scheme based on attribute.Encryption attribute ensure that the confidentiality of data as a kind of public-key cryptosystem first. Secondly, encryption attribute scheme can be used for the access control of user, identify and cancel user information.Encryption attribute allows for resisting Conspiracy attack, to prevent user by merging attribute unauthorized access unauthorized and private information.In order to keep protection scheme more flexible Access control policy, researcher further provides encryption attribute scheme based on key strategy and based on the category of Ciphertext policy Property encipherment scheme, traditional thresholding strategy access control scheme can only carry out one-to-one service, the meter of user cost and server It is counted as this and communications cost is higher;Existing encipherment scheme is poor for the confidentiality of mobile network's payment services, is unable to ensure The privacy information safety of user.(1) multiple users can common request paid service, so that the cost for reducing personal user is negative Load;(2) server only needs to can be realized multiple user service transmission using an encryption attribute, reduces the calculating of server Cost and communications cost.(3) program does not need individually to encrypt each user, and it reduce the calculating of service provider and communications Cost.(3) in this scheme, ciphertext CT can not be decrypted by not providing effective attribute and price, user to service provider, because The attribute information cryptographic attributes trees strategy of service provider is unsatisfactory for for user, this is because the private key SK attribute obtained from TA and The R attribute tree of ISP mismatches.(4) service provider receives in user's request every time, and ISP will check Whether the timestamp t in request is effective, can prevent the information of promoter's anonymous request himself.(5) in this scenario, multiple Mobile subscriber cooperates with each other and pseudonymity technology protects themselves identity information;(6) in the program, to server Before request service, mobile subscriber therefrom obtains corresponding information from node B cache first, and it is sensitive that this can reduce exposed user The risk of information;(7) k anonymity and diversity may be implemented in the program, so that service provider can not be by positioning service to asking User is asked, this can protect the position of user, query information and inquiry preference.
In conclusion problem of the existing technology is:
(1) traditional thresholding strategy access control scheme can only carry out one-to-one service, the meter of user cost and server It is counted as this and communications cost is higher.
(2) existing encipherment scheme is poor for the confidentiality of mobile network's payment services, is unable to ensure the privacy of user Information security.
Summary of the invention
In view of the problems of the existing technology, the present invention provides a kind of secret protection encryption side based on homomorphic cryptography Method, information data processing terminal.
The invention is realized in this way a kind of secret protection encryption method based on homomorphic cryptography, described to be added based on homomorphism Close secret protection encryption method includes: that multiple mobile subscribers cooperate with each other and pseudonymity technology protects themselves body Part information, while themselves service request and other information are protected using homomorphic cryptography technology, it is requested to server Before service, mobile subscriber therefrom obtains corresponding information from node B cache first;If user obtains institute in node B cache Information is needed, then he will not be from server solicited message;Otherwise, user is sent to server by aggregate request and is requested, and realizes that k hides Name property and diversity so that positioning service to request user can not be protected the position of user by service provider, query information with Inquire preference.
Further, the secret protection encryption method based on homomorphic cryptography the following steps are included:
Step 1: TA input security parameter simultaneously generates prime number q, and enabling G is q rank addition cyclic group, and GT is q rank multiplication loop Group, g are that G generates member;
Step 2: selection hash function H:{ 0,1 } → Zq, TA select a safe symmetric encipherment algorithm such as AES as plus It is close, select two random parameter α, β ∈ Zq, calculate h=gβ, f=g1/β, TA selection random numberCalculate Ppub=gs, open System parameter: { q, g, G, GT,e,e(g,g)α,h,f,Ppub};
Step 3: security system master key MK=(β, gα);Mobile subscriber ui, ISP and agency's use are non-right Encryption Algorithm RSA is claimed to generate corresponding public, private key pair;Mobile subscriber uiSubmit real user name IDiWith attribute set siTo TA;TA Select random number rij, j=1,2 ... ..., calculate s0=H (s) and PIDij=Encso(IDi||rij), the code name of user are as follows: PIDi ={ PIDi1,PIDi2,…};
Step 4: TA sends assumed name to u by safe lanei, TA, which passes through to calculate, generates private key, and secret is sent to user ui
Step 5: user uiL information on services is requested to surrounding broadcast, sends the requests to agency, other users receive After service request broadcast, if also wanting to request the service, request is sent to agency, all requests are sent to generation by calculating Reason;
Step 6: after agency receives request, judging whether request is consistent, if unanimously, request being merged and is sent to SP, if It is inconsistent, then service request is retransmitted, if service request cost meets SP, SP passes through all user's request attribute collection symphysis At access structure Γ, the information and broadcast of encryption are then obtained using access structure Γ cryptographic services content;
Step 7: after user receives SP broadcast enciphering information, if effective payment user, property set centainly meets access Structure Γ decrypts acquisition request service content l.
Further, TA chooses random number r ∈ Z in the step 4q, r is selected to all properties j ∈ sj∈Zq, TA is calculatedD is calculated to all propertiesj=gr·H(j)rj,Dj'=grj, TA selection SK=(D, Dj,Dj') it is used as private key, it is secret It is close to be sent to ui
Further, the user u of the step 5iRequest paid service l, uiL information on services is requested to surrounding broadcast first, It calculatesIt is sent to agency as request, wherein pkpIt is the public key of agency, t1It is the effective of request Time, k are uiThe minimal user number of syndication users request;After user receives service request broadcast, if it also thinks that request should Service, then sendWherein εijIt is random number;Within entire validity period, if number of members kl>=k, It calculates:
Wherein skpIt is that agency is held Private key, C1Receive uiAfterwards, if uiRequest service, calculates:Agency is then sent to, Using it as the public key sk of user's payment servicesp, piFor user's payment services expense.
Further, the step 6 is after agency receives k user's request, two request random numbers of more same user εijIt is whether consistent, if unanimously, integration:
Wherein, t is the timestamp for preventing Replay Attack, and SP receives C from acting on behalf of from d3, it is accomplished by all users and calculates Service request is spentThen decide whether to meet SP.If satisfied, SP passes through all user's request attribute collection symphysis At access structure Γ, the information and broadcast of encryption are then obtained using access structure Γ cryptographic services content.
Another object of the present invention is to provide the secret protection encryption methods described in a kind of implementation based on homomorphic cryptography Information data processing terminal.
In conclusion advantages of the present invention and good effect are as follows: the present invention can make multiple mobile subscribers cooperate with each other simultaneously Pseudonymity technology protects themselves identity information, while protecting themselves service using homomorphic cryptography technology Request and other information, if user can obtain information needed in node B cache, he will not from server solicited message, Reduce the risk of exposure user sensitive information;Otherwise, user is sent to server by aggregate request and is requested, to realize k anonymity Property and diversity query information and look into so that positioning service to request user can not be protected the position of user by service provider Ask preference.(1) multiple users can common request paid service, to reduce the cost burden of personal user;(2) server Need to can be realized the transmission of multiple user services using an encryption attribute, reduce server calculating cost and communication at This.(3) program does not need individually to encrypt each user, and it reduce the calculating of service provider and communications costs.(3) at this In kind scheme, effective attribute and price are not provided to service provider, user can not decrypt ciphertext CT, because user is unsatisfactory for The attribute information cryptographic attributes trees strategy of service provider, this is because the private key SK attribute that is obtained from TA and ISP R attribute tree mismatches.(4) service provider receives in user's request every time, and ISP will check the time in request It whether effective stabs t, the information of promoter's anonymous request himself can be prevented.(5) in this scenario, multiple mobile subscribers are mutual Cooperate and pseudonymity technology protects themselves identity information;(6) in the program, to server for services it Before, mobile subscriber therefrom obtains corresponding information from node B cache first, this can reduce the risk of exposed user sensitive information; (7) k anonymity and diversity may be implemented in the program, so that service provider can not be by positioning service to request user, this can To protect the position of user, query information and inquiry preference.
Detailed description of the invention
Fig. 1 is the secret protection encryption method flow chart provided in an embodiment of the present invention based on homomorphic cryptography.
Fig. 2 is the secret protection encryption method implementation flow chart provided in an embodiment of the present invention based on homomorphic cryptography.
Fig. 3 is that agency provided in an embodiment of the present invention receives user's participation number and time diagram.
Fig. 4 is ISP's encryption attribute computing cost figure provided in an embodiment of the present invention.
Fig. 5 is base station provided in an embodiment of the present invention and user's relationship between efficiency figure.
Fig. 6 is request quantity of service L provided in an embodiment of the present invention and time diagram (S=1km × 1km, v=1m/s;V= 2m/s)。
Fig. 7 is request quantity of service L provided in an embodiment of the present invention and time diagram (S=1.5km × 1.5km, v=1m/s; V=2m/s).
Fig. 8 is that runing time provided in an embodiment of the present invention compares figure (L=3).
Fig. 9 is that figure (L=3) is compared in additional information loss provided in an embodiment of the present invention.
Figure 10 is that tuple provided in an embodiment of the present invention hides rate figure (N=10K).
Specific embodiment
In order to make the objectives, technical solutions, and advantages of the present invention clearer, with reference to embodiments, to the present invention It is further elaborated.It should be appreciated that the specific embodiments described herein are merely illustrative of the present invention, it is not used to Limit the present invention.
Calculating cost and communications cost for traditional thresholding strategy access control scheme user cost and server compared with It is high;Existing encipherment scheme is poor for the confidentiality of mobile network's payment services, is unable to ensure the privacy information safety of user The problem of;Invention can make that multiple mobile subscribers cooperate with each other and pseudonymity technology protects themselves identity information, Themselves service request and other information are protected using homomorphic cryptography technology simultaneously.
Application principle of the invention is explained in detail with reference to the accompanying drawing.
As shown in Figure 1, the secret protection encryption method provided in an embodiment of the present invention based on homomorphic cryptography includes following step It is rapid:
S101: multiple mobile subscribers cooperate with each other and pseudonymity technology protects themselves identity information, simultaneously The service request and other information that themselves is protected using homomorphic cryptography technology are moved to before server for services It employs family and therefrom obtains corresponding information from node B cache first;
S102: if user can obtain information needed in node B cache, he will not be from server solicited message;It is no Then, user is sent to server by aggregate request and is requested, to realize k anonymity and diversity, so that service provider can not By positioning service to request user, the position of user, query information and inquiry preference can protect.
Application principle of the invention is further described with reference to the accompanying drawing.
As shown in Fig. 2, the secret protection encryption method provided in an embodiment of the present invention based on homomorphic cryptography specifically include with Lower step:
Step 1: TA input security parameter simultaneously generates prime number q, and enabling G is q rank addition cyclic group, and GT is q rank multiplication loop Group, g are that G generates member;
Step 2: selection hash function H:{ 0,1 } → Zq, TA select a safe symmetric encipherment algorithm such as AES as plus It is close, select two random parameter α, β ∈ Zq, calculate h=gβ, f=g1/β, TA selection random numberCalculate Ppub=gs, open System parameter: { q, g, G, GT,e,e(g,g)α,h,f,Ppub};
Step 3: security system master key MK=(β, gα).Mobile subscriber ui, ISP and agency's use are non-right Encryption Algorithm RSA is claimed to generate corresponding public, private key pair.Mobile subscriber uiSubmit real user name IDiWith attribute set siTo TA.TA Select random number rij, j=1,2 ... ..., calculate s0=H (s) and PIDij=Encso(IDi||rij), the code name of user are as follows: PIDi ={ PIDi1,PIDi2,…};
Step 4: TA sends assumed name to u by safe lanei, TA, which passes through to calculate, generates private key, and secret is sent to user ui
TA chooses random number r ∈ Zq, r is selected to all properties j ∈ sj∈Zq, TA calculates D=g(α+r)/β, to all properties Calculate Dj=gr·H(j)rj,Dj'=grj, TA selection SK=(D, Dj,Dj') it is used as private key, secret is sent to ui
Step 5: user uiL information on services is requested to surrounding broadcast, sends the requests to agency, other users receive After service request broadcast, if also wanting to request the service, request is sent to agency, all requests are sent to generation by calculating Reason;
It is assumed that user uiRequest paid service l, uiL information on services is requested to surrounding broadcast first, later, is calculatedIt is sent to agency as request, wherein pkpIt is the public key of agency, t1Be request it is effective when Between, k is uiThe minimal user number of syndication users request;After user receives service request broadcast, if it also wants to request the clothes Business, then sendWherein εijIt is random number.Within entire validity period, if number of members kl>=k, meter It calculates:
Wherein skpIt is that agency is held Private key, C1Receive uiAfterwards, if uiRequest service, calculates:Agency is then sent to, Using it as the public key sk of user's payment servicesp, piFor user's payment services expense;
Step 6: after agency receives request, judging whether request is consistent, if unanimously, request being merged and is sent to SP, if It is inconsistent, then service request is retransmitted, if service request cost meets SP, SP passes through all user's request attribute collection symphysis At access structure Γ, the information and broadcast of encryption are then obtained using access structure Γ cryptographic services content;
After agency receives k user's request, two request random number ε of more same userijIt is whether consistent, if one It causes, integrates following formula:
Wherein, t is the timestamp for preventing Replay Attack, and SP receives C from acting on behalf of from d3, it is accomplished by all users and calculates Service request is spentThen decide whether to meet SP.If satisfied, SP passes through all user's request attribute collection symphysis At access structure Γ, the information and broadcast of encryption are then obtained using access structure Γ cryptographic services content;
Step 7: after user receives SP broadcast enciphering information, if it centainly meets for effectively payment user, property set Access structure Γ, so it can decrypt acquisition request service content l.
Internet of Things is the important component of generation information technology, and " information in a preferred embodiment of the invention The important development stage in change " epoch.As its name suggests, Internet of Things is exactly the network of all things on earth connection.There are two meanings for this: firstly, object The core of networking and basis are still internet, this is extension and extension Internet-based.Secondly, client in any project and It is extended and extends between project, to carry out information exchange and communication, i.e. object phase interests.Internet of Things passes through communication cognition technology It is widely used in the network integration, such as Intellisense, identification technology and general fit calculation.Therefore, Internet of Things be also referred to as computer and The third wave that world information industry develops after internet.The band of position is divided into N*N block, each piece of packet by the present invention Containing multiple location coordinate informations, each location information stores different service request informations.The process of service request is as follows: mobile Information table needed for user's decryption, to check whether some service of specific position meets current demand.If met the requirements, Access terminates;Otherwise, it needs to execute the broadcast request message to surrounding user to service provider SP.Assuming that service provider mentions For n different service L=(L1,L2,...Ln)。
In order to protect the privacy and preference of personal user, uiIt directly cannot request to service to SP.Therefore, the present invention is using a kind of Strategy, the user for making mobile subscriber combine surrounding are sent collectively to SP, k- anonymity and l- diversity are realized, so that SP can not will be used Family is associated with service.In order to preferably protect the privacy of user, k user polymerizeing in present invention strategy needs to be more than its safety Threshold value thk, and the sum of service type needs the threshold value th greater than quantity of servicel.For mobile subscriber ui, definition:
bi=(bi1,bi2,...bin) (7)
Wherein bij∈ { 0,1 }, ifbij=1 is uiRequest first service of SP.Mobile subscriber is encrypted using some isomorphisms Parameter (ρ, τ, pk) encrypts message, then to SP inquiry request b1=(b11,b12,...b1n).After receiving SP message R ', base Stand and record and update corresponding storage information, so that subsequent mobile subscriber directly can obtain information from base station, without to SP request service accesses the frequency of SP and reduces privacy of user exposure, protects the position data of user to reduce user And required parameter.
Application effect of the invention is described in detail below with reference to comparative analysis.
The some functions of the present invention are simulated using C++, wherein each mobile subscriber can calculate data and lead to other people Letter.Present invention assumes that there are 100 mobile subscribers to be distributed in region S={ 1km × 1km, 1.5km × 1.5km × 1.5km }, point Not Biao Shi sparse region, close quarters, tr=50m, each user's ditch in the movement speed of user and point model in each region S Logical mobile radius is consistent.Present invention assessment reaches the delay of K- anonymity when mobile subscriber sends service request to agency.Assuming that Probability p needed for mobile subscriber requests service in this region is 25%.Assuming that user stops mobile and broadcast request in the time 0 Information on services, other users, which receive, to be requested and stops moving, and sends identical request message to agency.
The present invention is simulated experiment under different parameter settings, each run 30 minutes, averagely runs 1000 times. Fig. 3 shows the relationship between the quantity of participating user and the waiting time during request cooperation.It can be seen from the figure that in phase In waiting time together, in identical density area, user is moved faster, and the quantity of participating user is more.In system Service provider encrypts all information ciphertexts needed for all users in a ciphertext using CP-ABE Encryption Algorithm.It is not required to Each user is individually encrypted, it reduce the calculating of service provider and communications costs.CP-ABE Encryption Algorithm it is main when Between increase of the expense from attribute tree.That is, the time of building access-control attributes tree increases therewith with the increase of attribute Add, the time of Cryptographic Service Provider also increases simultaneously.Through the emulation experiment service for checking credentials provider during encryption attribute The calculating time.Experiment porch is window7 system, and processor is Intel (R) Core (i5-4430CPU3.00GHz), memory RAM is 4.00GB.Java code is write using MyEclipselO compiling platform, code is used based on bilinearity encryption (jPBC) The jPBC-API2.0.0 version in library carrys out simulated experiment.In order to reduce experimental error, all analogue datas pass through 2000 experiments It is averaged, as shown in Figure 3.ISP's encryption attribute computing cost as shown in figure 4, number of attributes slightly increases therewith, The decline of program computing cost.
Present invention assumes that 100 mobile subscribers are distributed in region S={ 1km × 1km, 1.5km × 1.5km × 1.5km }, With analog subscriber is sparse and close quarters, the movement speed of each user is v={ 1,2 } m/s.In the region S, each user's foundation Point model is mobile, communication radius tr=50m, and it is when realizing k- anonymity and the multifarious waiting of l- that the present invention, which assesses mobile subscriber, Between.Assuming that it is p that mobile subscriber, which needs to request the probability of service in this region,1, the cache information that is obtained from base station and he The unmatched Probability p of desired information2, it is p that successful connection, which obtains service probability,1(1-p2).Assuming that user stops moving in the time 0 Dynamic and broadcast request aggregation information, other users stop the mobile request being added later.Assuming that each mobile subscriber requests from SP The service of identical quantity and the service number NRS={ 1,2,3,4 } that each request is arranged, then SP has the service L=of 50 seed types (L1, L2..., Ln).Special parameter setting can see in the following table.
Simulation result such as Fig. 5.The present invention is simulated experiment under different parameter settings, and each run 30 minutes, Averagely run 1000 times.In communication initialization, present invention assumes that each mobile subscriber requests base station service to obtain required letter Cease p2=0.As time increases, the information of base station stored increases, p2Increase to 0.5 and reaches stable state.
In the region of certain scale, a certain number of mobile subscribers, efficiency is continuously increased with the increase for obtaining information. In specific time, quantitative user in particular size region can directly obtain from base station with the increase of the utilization rate of base station Win the confidence breath number of users and meanwhile increase, and user directly access SP frequency reduce, be effectively protected the identity of user With the privacy of inquiry, search efficiency is improved.When protocol environment reaches stable state, it is assumed that each mobile subscriber asks to base station Ask service that can obtain the Probability p of information needed2=0.5, with this condition, Fig. 6 is shown to be participated in during requesting polymerization The quantity of user and waiting time.It can be seen from the figure that the identical waiting time is used under conditions of equal densities region The mobile speed in family is bigger, and the anonymous number of realization is more.Under identical velocity conditions, the user density in some region is got over Greatly, the anonymity of realization is also higher.Fig. 6 shows service request number and the relationship of time in each request polymerization process.Fig. 6 In Fig. 7, certain moving area and movement speed is arranged in each figure, compares realize requested service with this condition Quantity and waiting time change.It can be seen from the figure that the value also will increase with the increase of waiting time.In addition, when single The quantity of service of user's request increases, and also realizes more othernesses simultaneously.The invention is requested using multi-user association to SP Payment services, common payment services, to reduce the cost burden of personal user.If the price highest of service 1 and K use Family common request service, then each cost user is P1k.With the increase of number of users, the cost of serving of single user will drop It is low.
Analysis is compared to the time is executed.As shown in figure 8, L-effectiveness be tuple is grouped and The most method of simple process member tuple, therefore required time is far below other two models.However, rating needs to distinguish attribute Value, and equiprobability model needs to adjust extensive bucket to handle remaining tuple, it is therefore desirable to the more time.
Then the present invention has tested additional information loss.During establishing extensive bucket, rating needs to handle remaining Attribute value, need to be added the residual value of extensive bucket appropriate, improve the extensive of the original bucket of L-.This model and probabilistic model it is effective Property also need to handle remaining tuple, in the bucket of sensitive attribute generalization add selection group in tuple.Therefore, with extensive bucket Extensive tuple is expanded to, there are some extensive expansions that extension bucket is greater than L, lead to the increasing of extensive degree and information amount lost Add.
S has sensitive attribute generalization a bucket1G_bucket2, G_barrels, bucket ... ..., | G_ Bucketi | indicate the number of elements in bucketi barrels of G_generalization.Additional information loss size is in SIt can be seen in figure 9 that existing extensive bucket is less likely extension, because Occur tuple in L=3 for rating to hide, and also there is rating lower additional information to lose.When not having When tuple hides rate, the additional information of second of realization of equiprobability model loses (optimal extensive bucket is searched for ten parts and hidden) It is similar to the first implementation method of equiprobability model, therefore testing only includes the first implementation method.
Then rate is hidden to tuple to test.In order to meet constraint condition itself, the present invention is needed in equiprobability mould Some tuples for not meeting anonymous requirement are hidden in type.The number of tuples hidden in hiding rate=tuple of tuple/in initial data Number of tuples in table.The model is not considered in this experiment, because there is no tuples to hide rate in L-effectiveness itself. Optimal extensive bucket combinatorial search algorithm is realized using non-recursive method.
From fig. 10 it can be seen that the first probability model approach (at least hides phase with weak rigidity rule prioritization+overall situation Close) hide rate increase sharply with the increase of L, (optimal extensive bucket search+local is hidden for second of implementation method and probabilistic model Hiding) tuple can be made to hide, and rate declines to a great extent or even the rate of hiding rating model reduces.In short, the present invention can be from experiment In find out, L-validity model is very simple, with grading compared to the hiding rate of no tuple.The validity of L- model is improved. Compared with other two kinds of models, the safety with higher of equiprobability model.Second of implementation method ratio has compared with rating There is higher information loss, but their tuple hiding reduces.
In this scheme, ciphertext CT can not be decrypted by not providing effective attribute and price, user to service provider, because The attribute information cryptographic attributes trees strategy of service provider is unsatisfactory for for user, this is because the private key SK attribute obtained from TA and The R attribute tree of ISP mismatches.Equally, the user of no TA authorization can not also decrypt ciphertext.When a service is requested, generation Comprehend the message for sending to service provider and having timestamp t, this makes each request have timeliness.Service provides every time Quotient receives in user's request, and ISP will check whether the timestamp t in request is effective.If effectively, it will be executed Otherwise the request of user abandons the message.The present invention add 1.5 trusted agent servers come transmit information can be effectively Prevent the spurious information of mobile subscriber, that is to say, that it can prevent the information of promoter's anonymous request himself.If no Using proxy server u, start 1 service request, other k-1 users are to u request message, then u can hide their ask It asks, declaration number of requests is k-1, to obtain 1 free service, after proxy server is added, such attack can be effectively prevented The generation hit.
With popularizing for mobile device, mobile subscriber will obtain service by using mobile device to maximize user Interests, and this behavior becomes more and more popular.But it is inevitably present the safety problem of such as privacy leakage etc.Make The one or more services of multi-user association request are realized with assumed name, are reduced user cost while realizing secret protection, are made With CP-ABE algorithm, the calculating cost and communications cost of service provider can be reduced, meanwhile, the program is there are attacker's In the case of have mass data collection.The sensitive information of user or server is how protected, good service is obtained and has become movement The key that privacy of user is studied in environment.Therefore, the present invention is allowed simultaneously using the sensitive information of special cryptographic means protection user User enjoys good service quality.In the present invention, server can only realize multiple users using an encryption attribute Service offering reduces the calculating cost and communications cost of server.
The foregoing is merely illustrative of the preferred embodiments of the present invention, is not intended to limit the invention, all in essence of the invention Made any modifications, equivalent replacements, and improvements etc., should all be included in the protection scope of the present invention within mind and principle.

Claims (6)

1. a kind of secret protection encryption method based on homomorphic cryptography, which is characterized in that the privacy based on homomorphic cryptography is protected Shield encryption method includes: that multiple mobile subscribers cooperate with each other and pseudonymity technology protects themselves identity information, together When themselves service request and other information are protected using homomorphic cryptography technology, to before server for services, Mobile subscriber therefrom obtains corresponding information from node B cache first;If user obtains information needed in node B cache, He will not be from server solicited message;Otherwise, user is sent to server by aggregate request and is requested, and realizes k anonymity and more Sample, so that positioning service to request user can not be protected the position of user by service provider, query information and inquiry are inclined It is good.
2. the secret protection encryption method based on homomorphic cryptography as described in claim 1, which is characterized in that described to be based on homomorphism The secret protection encryption method of encryption the following steps are included:
Step 1: TA input security parameter simultaneously generates prime number q, and enabling G is q rank addition cyclic group, and GT is q rank multiplicative cyclic group, and g is G generates member;
Step 2: selection hash function H:{ 0,1 } → Zq, TA select a safe symmetric encipherment algorithm such as AES as encryption, choosing Select two random parameter α, β ∈ Zq, calculate h=gβ, f=g1/β, TA selection random numberCalculate Ppub=gs, open system Parameter: { q, g, G, GT,e,e(g,g)α,h,f,Ppub};
Step 3: security system master key MK=(β, gα);Mobile subscriber ui, ISP and agency are added using asymmetric Close algorithm RSA generates corresponding public, private key pair;Mobile subscriber uiSubmit real user name IDiWith attribute set siTo TA;TA selection Random number rij, j=1,2 ... ..., calculate s0=H (s) and PIDij=Encso(IDi||rij), the code name of user are as follows: PIDi= {PIDi1,PIDi2,…};
Step 4: TA sends assumed name to u by safe lanei, TA, which passes through to calculate, generates private key, and secret is sent to user ui
Step 5: user uiL information on services is requested to surrounding broadcast, sends the requests to agency, other users receive service and ask After asking broadcast, if also wanting to request the service, request is sent to agency, all requests are sent to agency by calculating;
Step 6: after agency receives request, judging whether request is consistent, if unanimously, request being merged and is sent to SP, if different It causes, then retransmits service request, if service request cost meets SP, SP is generated by all user's request attribute set and visited It asks structure Γ, the information and broadcast of encryption is then obtained using access structure Γ cryptographic services content;
Step 7: after user receives SP broadcast enciphering information, if effective payment user, property set centainly meets access structure Γ decrypts acquisition request service content l.
3. the secret protection encryption method based on homomorphic cryptography as claimed in claim 2, which is characterized in that in the step 4 TA chooses random number r ∈ Zq, r is selected to all properties j ∈ sj∈Zq, TA calculates D=g(α+r)/β, D is calculated to all propertiesj= gr·H(j)rj,Dj'=grj, TA selection SK=(D, Dj,Dj') it is used as private key, secret is sent to ui
4. the secret protection encryption method based on homomorphic cryptography as claimed in claim 2, which is characterized in that the step 5 User uiRequest paid service l, uiL information on services is requested to surrounding broadcast first, is calculatedMake It is sent to agency for request, wherein pkpIt is the public key of agency, t1It is the effective time of request, k is uiSyndication users are requested most Few number of users;After user receives service request broadcast, if it also wants to request the service, sendWherein εijIt is random number;Within entire validity period, if number of members kl>=k is calculated:
Wherein skpIt is the held private key of agency, C1Receive uiAfterwards, if uiRequest service, calculates:It is then sent to agency, with it Public key sk as user's payment servicesp, piFor user's payment services expense.
5. the secret protection encryption method based on homomorphic cryptography as claimed in claim 2, which is characterized in that the step 6 exists After agency receives k user's request, two request random number ε of more same userijIt is whether consistent, if unanimously, integration:
Wherein, t is the timestamp for preventing Replay Attack, and SP receives C from acting on behalf of from d3, it is accomplished by all users' calculating services and asks Ask costThen decide whether to meet SP;It is accessed if satisfied, SP is generated by all user's request attribute set Then structure Γ obtains the information and broadcast of encryption using access structure Γ cryptographic services content.
6. a kind of Information Number for implementing the secret protection encryption method based on homomorphic cryptography described in claim 1~6 any one According to processing terminal.
CN201811024659.5A 2018-09-04 2018-09-04 Secret protection encryption method, information data processing terminal based on homomorphic cryptography Pending CN109039578A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811024659.5A CN109039578A (en) 2018-09-04 2018-09-04 Secret protection encryption method, information data processing terminal based on homomorphic cryptography

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811024659.5A CN109039578A (en) 2018-09-04 2018-09-04 Secret protection encryption method, information data processing terminal based on homomorphic cryptography

Publications (1)

Publication Number Publication Date
CN109039578A true CN109039578A (en) 2018-12-18

Family

ID=64623188

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811024659.5A Pending CN109039578A (en) 2018-09-04 2018-09-04 Secret protection encryption method, information data processing terminal based on homomorphic cryptography

Country Status (1)

Country Link
CN (1) CN109039578A (en)

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110086599A (en) * 2019-04-24 2019-08-02 电子科技大学 Hash calculation method and label decryption method based on homomorphism chameleon hash function
CN110308691A (en) * 2019-07-26 2019-10-08 湘潭大学 A kind of multidimensional data polymerization of ubiquitous electric power Internet of Things and access control method
CN110730187A (en) * 2019-10-22 2020-01-24 全链通有限公司 Transaction verification method, accounting node and medium based on block chain
CN111342975A (en) * 2020-03-04 2020-06-26 中国联合网络通信集团有限公司 Tobacco marketing method and device
CN111783109A (en) * 2019-04-04 2020-10-16 华控清交信息科技(北京)有限公司 Data query method, system and storage medium
CN112700637A (en) * 2020-12-01 2021-04-23 山东师范大学 Traffic density detection method and system based on position privacy protection
CN113094468A (en) * 2021-02-02 2021-07-09 北京融数联智科技有限公司 OT-based multi-data-source relational graph construction and data alignment method
CN113742779A (en) * 2021-09-18 2021-12-03 湖北工业大学 Service customization system and method with privacy protection function
CN114070566A (en) * 2021-09-13 2022-02-18 贵州华云信安科技有限公司 Information transmission method, provider platform, user platform and storage medium
US20220060314A1 (en) * 2020-08-18 2022-02-24 Seagate Technology Llc Privacy preserving fully homomorphic encryption with circuit verification
US11575501B2 (en) 2020-09-24 2023-02-07 Seagate Technology Llc Preserving aggregation using homomorphic encryption and trusted execution environment, secure against malicious aggregator

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120215845A1 (en) * 2011-02-22 2012-08-23 Nokia Corporation Method and apparatus for preserving privacy for appointment scheduling
CN106506165A (en) * 2016-11-02 2017-03-15 西安电子科技大学 Fictitious assets anonymity sort method based on homomorphic cryptography
CN108430050A (en) * 2018-01-30 2018-08-21 西安电子科技大学 Recommend method based on the mobile application with secret protection for trusting fusion and filtering

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120215845A1 (en) * 2011-02-22 2012-08-23 Nokia Corporation Method and apparatus for preserving privacy for appointment scheduling
CN106506165A (en) * 2016-11-02 2017-03-15 西安电子科技大学 Fictitious assets anonymity sort method based on homomorphic cryptography
CN108430050A (en) * 2018-01-30 2018-08-21 西安电子科技大学 Recommend method based on the mobile application with secret protection for trusting fusion and filtering

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
鲍传松: "移动网络中基于服务的用户隐私保护研究", 《中国优秀硕士学位论文全文数据库(信息科技辑)》 *

Cited By (16)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111783109A (en) * 2019-04-04 2020-10-16 华控清交信息科技(北京)有限公司 Data query method, system and storage medium
CN110086599A (en) * 2019-04-24 2019-08-02 电子科技大学 Hash calculation method and label decryption method based on homomorphism chameleon hash function
CN110308691A (en) * 2019-07-26 2019-10-08 湘潭大学 A kind of multidimensional data polymerization of ubiquitous electric power Internet of Things and access control method
CN110308691B (en) * 2019-07-26 2021-07-02 湘潭大学 Multidimensional data aggregation and access control method for ubiquitous power Internet of things
CN110730187A (en) * 2019-10-22 2020-01-24 全链通有限公司 Transaction verification method, accounting node and medium based on block chain
CN111342975B (en) * 2020-03-04 2022-07-29 中国联合网络通信集团有限公司 Tobacco marketing method and device
CN111342975A (en) * 2020-03-04 2020-06-26 中国联合网络通信集团有限公司 Tobacco marketing method and device
US11496287B2 (en) * 2020-08-18 2022-11-08 Seagate Technology Llc Privacy preserving fully homomorphic encryption with circuit verification
US20220060314A1 (en) * 2020-08-18 2022-02-24 Seagate Technology Llc Privacy preserving fully homomorphic encryption with circuit verification
US11575501B2 (en) 2020-09-24 2023-02-07 Seagate Technology Llc Preserving aggregation using homomorphic encryption and trusted execution environment, secure against malicious aggregator
CN112700637A (en) * 2020-12-01 2021-04-23 山东师范大学 Traffic density detection method and system based on position privacy protection
CN113094468A (en) * 2021-02-02 2021-07-09 北京融数联智科技有限公司 OT-based multi-data-source relational graph construction and data alignment method
CN114070566A (en) * 2021-09-13 2022-02-18 贵州华云信安科技有限公司 Information transmission method, provider platform, user platform and storage medium
CN114070566B (en) * 2021-09-13 2023-07-28 贵州华云信安科技有限公司 Information transmission method, provider platform, user platform and storage medium
CN113742779A (en) * 2021-09-18 2021-12-03 湖北工业大学 Service customization system and method with privacy protection function
CN113742779B (en) * 2021-09-18 2024-03-22 湖北工业大学 Service customization system and method with privacy protection function

Similar Documents

Publication Publication Date Title
CN109039578A (en) Secret protection encryption method, information data processing terminal based on homomorphic cryptography
Eskandarian et al. Express: Lowering the cost of metadata-hiding communication with cryptographic privacy
Zhong et al. Multi-authority attribute-based encryption access control scheme with policy hidden for cloud storage
US20210143987A1 (en) Privacy-preserving federated learning
Sun et al. User-defined privacy location-sharing system in mobile online social networks
CN111212084B (en) Attribute encryption access control method facing edge calculation
CN107689950B (en) Data publication method, apparatus, server and storage medium
Li et al. Scalable privacy-preserving participant selection for mobile crowdsensing systems: Participant grouping and secure group bidding
Yang et al. A location-based privacy-preserving oblivious sharing scheme for indoor navigation
Wei et al. Research on security of information sharing in internet of things based on key algorithm
JP7438361B2 (en) Privacy-preserving centroid model using secure multiparty computation
JP7422892B2 (en) Processing machine learning modeling data to improve classification accuracy
CN113393225B (en) Digital currency encryption payment method and system
Tu et al. A secure, efficient and verifiable multimedia data sharing scheme in fog networking system
Ling et al. Multiauthority Attribute‐Based Encryption with Traceable and Dynamic Policy Updating
Xiao et al. Blockchain based multi-authority fine-grained access control system with flexible revocation
Al‐Balasmeh et al. Framework of data privacy preservation and location obfuscation in vehicular cloud networks
CN113922957A (en) Virtual cloud wallet based on privacy protection calculation
Qin et al. A privacy-preserving blockchain-based tracing model for virus-infected people in cloud
Zeng et al. Deniable-based privacy-preserving authentication against location leakage in edge computing
Shi et al. Delegated Key‐Policy Attribute‐Based Set Intersection over Outsourced Encrypted Data Sets for CloudIoT
Yang et al. Federated medical learning framework based on blockchain and homomorphic encryption
Tang et al. Functional privacy-preserving outsourcing scheme with computation verifiability in fog computing
Dong et al. Research on quantum authentication methods for the secure access control among three elements of cloud computing
JP2023533906A (en) Privacy-preserving cross-domain experimental group segmentation and monitoring

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20181218