CN109246098B - Method for supporting comparison of synchronous ciphertext of backup server - Google Patents

Method for supporting comparison of synchronous ciphertext of backup server Download PDF

Info

Publication number
CN109246098B
CN109246098B CN201811009670.4A CN201811009670A CN109246098B CN 109246098 B CN109246098 B CN 109246098B CN 201811009670 A CN201811009670 A CN 201811009670A CN 109246098 B CN109246098 B CN 109246098B
Authority
CN
China
Prior art keywords
server
data
ciphertext
authorization
backup server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201811009670.4A
Other languages
Chinese (zh)
Other versions
CN109246098A (en
Inventor
王玉珏
丁勇
赵萌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guilin University of Electronic Technology
Original Assignee
Guilin University of Electronic Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guilin University of Electronic Technology filed Critical Guilin University of Electronic Technology
Priority to CN201811009670.4A priority Critical patent/CN109246098B/en
Publication of CN109246098A publication Critical patent/CN109246098A/en
Application granted granted Critical
Publication of CN109246098B publication Critical patent/CN109246098B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1095Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/321Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
    • H04L9/3213Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a method for supporting comparison of synchronous ciphertexts of a backup server, which comprises the following steps: a trusted authority TA selects a safety parameter and a collision-resistant hash function to generate a public parameter; each user generates a respective public key and private key, and the users comprise data decryptors; the main server and the backup server generate respective public keys and private keys; the data encryptor executes an encryption algorithm by using the public keys of the two data decryptors, and the generated ciphertext is sent to the two servers; the data decryptor downloads the corresponding ciphertext from any server, and then decrypts the ciphertext by using respective private keys; a data decryptor generates an authorization token ctk, and the main authorization server and the backup authorization server perform equivalence comparison on the ciphertext; the two servers decrypt the received authorization token ctk to obtain an authorization token tk; the two servers compare the stored user ciphertext data by using the authorization token tk to judge whether the compared user ciphertext encrypts the same plaintext message.

Description

Method for supporting comparison of synchronous ciphertext of backup server
Technical Field
The invention relates to the field of information security passwords, in particular to a method for supporting comparison of synchronous ciphertexts of a backup server.
Background
With the rapid development of information technology, the amount of data generated in daily work and life of people is increasingly huge, and more users adopt remote data storage modes such as cloud storage and the like in order to reduce the burden of locally storing large-scale data. By means of the service provided by the cloud server, users can access data of the users anytime and anywhere, and data sharing among multiple users is easy to achieve. However, while the user enjoys the convenience of the cloud storage service, the user data is completely controlled by the cloud server, and thus, the privacy and security of the data are worried.
In consideration of software and hardware configuration of the cloud server and a complex network environment, if the software and hardware are in failure, service cannot be provided for a user in real time; if a network attack is encountered, the cloud server may not provide services to the user for a certain time, and the user data may be leaked. In recent years, cases of leakage and loss of cloud storage user data are reported continuously, and therefore, it is urgently needed to design and deploy corresponding cloud data security protection measures to ensure privacy, security and availability of the user data.
In order to guarantee the safety and the usability of user data in a cloud server, an encryption technology suitable for double servers is introduced, ciphertext data of a user are stored on a main server and a backup server at the same time, when the main server breaks down or is attacked, the backup server is immediately used for providing service for the user, seamless server switching is completed, and the use experience of the user is not influenced. This requires that at any one time the primary and backup servers must store the same user data, have the same authorization available, and that the work of either server need not be done in cooperation with the other.
In consideration of the multi-user environment, the user data often has more than one receiver and user, for example, a piece of ciphertext data of a user can be decrypted and used by the user, and a leader mechanism of the user also has access and use rights. In this case, Dual-receiver encryption (DRE) may be used to solve the problem. With DRE technology, a sender can specify two intended recipients of ciphertext data when encrypting data, so that they can both decrypt the ciphertext without interaction during decryption.
Because the cloud server has not only strong storage capacity but also strong computing capacity, the user may wish to authorize part of the computing tasks to the cloud server for execution without affecting the privacy of the user data. The method includes the steps that a cloud server is trusted to perform equivalent comparison operation (ETC) on user ciphertext data to judge whether the user ciphertext encrypts the same plaintext data. The ciphertext equivalence comparison technology has wide application scenarios, such as ciphertext data table connection, ciphertext data duplication removal and the like.
Since the authorization of the user may be intercepted during the transmission process, the authorization information needs to be encrypted, so that only a legal cloud server can decrypt the authorization to obtain the authorization. In combination with the foregoing dual server model and dual receiver application scenario, it is obviously required that when any ciphertext data receiver authorizes a server, it must be able to authorize two servers to perform ciphertext comparison at the same time, so as to ensure that the main server and the backup server have the capability of providing the same service to the user at the same time. Therefore, the authorized encryption process also needs to be solved using DRE technology.
At present, partial DRE technology and ETC technology have been proposed, and very successful research results are obtained: designing an atternable security (IND-CCA2) cryptography scheme under the condition of adaptive selection ciphertext attack; constructing a cryptographic scheme which can prove safety under a standard model; constructing a cryptographic scheme based on provable security in an identity environment; designing general and semi-general cryptology scheme construction technology and the like. Although the above research results have good performance or properties in some aspect, there is no effective fusion between the existing DRE technology and the ETC technology to meet the aforementioned needs.
Disclosure of Invention
In view of the above-mentioned shortcomings of the prior art, it is an object of the present invention to provide a method for supporting comparison of sync secrets by a backup server.
To achieve the above and other related objects, the present invention provides a method for supporting comparison of synchronization ciphertexts of a backup server, comprising the steps of:
a trusted authority TA selects a safety parameter and a collision-resistant hash function to generate a public parameter;
each user generates a respective public key and a private key according to the public parameters, and the users comprise data decryptors;
the main server and the backup server respectively generate respective public keys and private keys according to the public parameters;
the data encryptor executes an encryption algorithm according to the public keys of the two data decryptors and generates corresponding ciphertexts, and the corresponding ciphertexts are sent to the main server and the backup server;
the data decryptor downloads the corresponding ciphertext from the main server or the backup server, and then decrypts the ciphertext by using respective private key;
a data decryptor generates an authorization token ctk through a one-time authorization process, and meanwhile, the main authorization server and the backup authorization server perform equivalence comparison on ciphertexts of the main authorization server and the backup authorization server;
the main server or the backup server decrypts the received authorization token ctk to obtain an authorization token tk;
the main server or the backup server compares the stored user ciphertext data by using the authorization token tk to judge whether the compared user ciphertext encrypts the same plaintext message.
Optionally, the public parameter para is specifically: para ═ GT,g,e,q,H1(·),H2(. DEG)), wherein G and GTFor two groups with prime number q, e represents bilinear mapping operation e, G × G → GT,H1(. and H)2(. cndot.) denotes collision-resistant hash functions, respectively.
Optionally, the generating, by each user, a respective public key and a respective private key according to the public parameter specifically includes:
user UiRandom selection of ZqTwo non-0 elements x in a domaini,1,xi,2And calculating two exponentiations X on the group Gi,1And Xi,2Wherein
Figure BDA0001784763960000031
Figure BDA0001784763960000032
Representation field ZqIs given as a non-zero subset of elements {1, 2., q-1}, i ═ 1,2,
Figure BDA0001784763960000033
user UiGet the public key rpki=(Xi,1,Xi,2) And private key rski=(xi,1,xi,2)。
Optionally, the generating, by the main server and the backup server, respective public keys and private keys according to the public parameters specifically includes:
server SiRandomly selecting field ZqTwo non-0 elements y in (1)i,1,yi,2And calculating two exponentiations Y on the group Gi,1And Yi,2Wherein
Figure BDA0001784763960000034
Server SiGet the public key tpki=(Yi,1,Yi,2) And private key tski=(yi,1,yi,2)。
Optionally, the step of the data encryptor executing an encryption algorithm according to the public keys of the two data decryptors and generating corresponding ciphertexts specifically includes:
random selection of domain Z by data encryptorqTwo non-0 elements of (1)12And calculating a ciphertext C of the data m, where C ═ (C)1,c2,c3,c4),
Figure BDA0001784763960000035
The | | represents the character string concatenation,
Figure BDA0001784763960000036
which represents a binary exclusive-or operation,
Figure BDA0001784763960000037
t1and t2Respectively represent group GTThe two power operations of the above are performed,
Figure BDA0001784763960000038
optionally, the downloading, by the data decryptor, the corresponding ciphertext from the main server or the backup server, and then decrypting the ciphertext by using the respective private key specifically includes:
data decryptor UiComputing group GTOf power over t'2And m | | | α1
Figure BDA0001784763960000039
Figure BDA00017847639600000310
Data decryptor UiComputing group GTUpper power operation t1',
Figure BDA00017847639600000311
And verify
Figure BDA00017847639600000312
And
Figure BDA00017847639600000313
whether the result is true or not; if true, the decryptor UiAnd obtaining a plaintext message m, otherwise, failing to decrypt.
Optionally, the data decryptor generates the authorization token ctk through a one-time authorization process, and the authorization of the main server and the backup server to perform equivalence comparison on the ciphertexts thereof specifically includes:
data decryptor UiRandomly selecting field ZqIs not a 0 element beta, calculates v1,v2And v3(ii) a Wherein,
Figure BDA00017847639600000314
r1,r2respectively represent group GTTwo power operations of r1=e(Y1,1,Y2,1)β,r2=e(Y1,2,Y2,2)β,v1=gβ
Figure BDA00017847639600000315
Data decryptor UiThe encrypted authorization token ctk is given by (v)1,v2,v3) Is sent to the main server S1And a backup server S2
Optionally, the decrypting, by the main server or the backup server, the received authorization token ctk to obtain the authorization token tk specifically includes:
server SiComputing group GTOf power-over operation r'1、r'2And an authorization token tk, wherein
Figure BDA0001784763960000041
Figure BDA0001784763960000042
tk=v2/H1(r'1);
Verification H2(v1||v2||tk||r'2) Whether or not v3 holds; if so, the server Si gets the correct authorization token tk, otherwise it fails.
Optionally, the comparing, by the main server or the backup server, the stored user ciphertext data by using the authorization token tk to determine whether the compared user ciphertext encrypts the same plaintext message specifically includes:
server SiAuthentication
Figure BDA0001784763960000043
Whether the result is true or not; if so, the ciphertext C and the ciphertext C 'encrypt the same plaintext message, otherwise, the ciphertext C and the ciphertext C' encrypt different plaintext messages.
To achieve the above and other related objects, an apparatus for supporting comparison of synced ciphertexts at a backup server, the apparatus comprising:
the initialization module is suitable for selecting safety parameters and a collision-resistant hash function according to a trusted authority TA to generate public parameters;
the user key generation module is suitable for each user to generate a respective public key and a private key according to the public parameters, and the users comprise a data encryptor and a data decryptor;
the server key generation module is suitable for the main server and the backup server to generate respective public keys and private keys according to the public parameters respectively;
the data encryption module is suitable for a data encryptor to execute an encryption algorithm according to public keys of two data decryptors and generate corresponding ciphertexts, and the corresponding ciphertexts are sent to the main server and the backup server;
the data decryption module is suitable for a data decryptor to download the corresponding ciphertext from the main server or the backup server and then decrypt the ciphertext by utilizing respective private keys;
the authorization generation module is suitable for generating an authorization token ctk by a data decryptor through an authorization process, and simultaneously authorizing the main server and the backup server to perform equivalence comparison on ciphertexts of the main server and the backup server;
the authorization decryption module is suitable for the main server or the backup server to decrypt the received authorization token ctk so as to obtain an authorization token tk;
and the ciphertext comparison module is suitable for the main server or the backup server to compare the stored user ciphertext data by using the authorization token tk so as to judge whether the compared user ciphertext encrypts the same plaintext message.
As described above, the method for supporting comparison of synchronous ciphertext of backup server according to the present invention has the following beneficial effects:
the invention provides a method for supporting comparison of synchronous ciphertexts of a backup server, which is used for encrypting and decrypting data in a cloud storage environment, synchronously storing the data in double servers, authorizing encryption and decryption for a user and ensuring privacy and usability of the user data under an incompletely credible double-server model. By using the main server and the backup server to simultaneously store user data and simultaneously obtain the authorization of a user, when the function of the main server fails, the backup server can seamlessly realize function substitution; through the double decryptor technology of the ciphertext, a data encryptor can designate two expected data receivers or users, and the encryptor only needs to encrypt the data once, so that the calculation overhead of encryption is reduced.
Drawings
To further illustrate the description of the present invention, the following detailed description of the embodiments of the present invention is provided with reference to the accompanying drawings. It is appreciated that these drawings are merely exemplary and are not to be considered limiting of the scope of the invention.
FIG. 1 is a system architecture diagram of the method of the present invention.
FIG. 2 is a block flow diagram of the method of the present invention.
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present invention, and the components related to the present invention are only shown in the drawings rather than drawn according to the number, shape and size of the components in actual implementation, and the type, quantity and proportion of the components in actual implementation may be changed freely, and the layout of the components may be more complicated.
In order to make the technical solution of the present invention more clearly understood, some technical terms used in the present invention will be described.
(1) Trusted Authority (TA): and trusted by each entity, the system is responsible for generating the public parameters of the system and maintaining the public key information of all users.
(2) Data Encryptor (DE): the data sender calculates a pair of public and private keys of the data sender according to the system public parameters, sends the public keys to the TA for maintenance, can select two expected data receivers when executing a data encryption algorithm, and uploads encrypted ciphertext data to the main server and the backup server.
(3) Data Decryptor (DD): the two receivers are also called as data receivers, a pair of public and private keys of the receivers are calculated according to the system public parameters, the public keys are sent to the TA for maintenance, corresponding ciphertext data can be read from the main server and the backup server to execute a decryption algorithm, and authorization in a ciphertext form is generated and sent to the main server and the backup server.
(4) Master Server (MS): a pair of public and private keys of the user is calculated according to the system public parameters, the public key is sent to the TA for maintenance, data storage service can be provided for the user, and ciphertext authorization of the user can be decrypted so as to execute ciphertext equivalence comparison.
(5) Backup Server (BS): a pair of public and private keys of the user is calculated according to the system public parameters, the public key is sent to the TA for maintenance, data storage service can be provided for the user, ciphertext authorization of the user can be decrypted, ciphertext equivalence comparison is further executed, and service can be immediately provided for the user when the main server fails in function.
The cipher system designed by the invention uses the mathematical knowledge related to bilinear mapping, and the related definition explanation is specifically made here.
Defining a function mapping e G → GTMapping elements in cyclic group G to cyclic group GTWherein G and GTBoth are two cyclic groups of prime order q. The bilinear map e needs to satisfy the following characteristics:
(1) bilinear property: for any u, v ∈ G, any a, b ∈ ZqAll have e (u)a,vb)=e(u,v)abIs formed wherein Zq={0,1,2,...,q-1};
(2) Non-degenerate characteristics: at least one element G is present in group G such that e (G, G) is group GTA generator of (2);
(3) high efficiency: there are efficient algorithms that allow the value of e (u, v) to be efficiently calculated for any u, v ∈ G.
The hash function used in the present invention has two basic characteristics: unidirectionality and impact resistance; unidirectional means that it is efficient to deduce the output from the input of the hash function, and it is not possible to calculate its input from the output of the hash function; crashworthiness means that two different inputs cannot be found to have the same hash function value.
As shown in fig. 1, the present invention provides a method for supporting comparison of synchronous cryptographs of a backup server, which includes the following steps:
step 1, the trusted authority TA selects a safety parameter and a collision-resistant hash function to generate a public parameter.
Specifically, the step 1 specifically includes the following substeps:
step 11: the trusted authority TA inputs the system security parameter lambda and runs the initialization algorithm gamma (1)λ) Outputs two groups G and G of prime qTAnd a bilinear mapping operation e: GXG → GT
Wherein, the initialization algorithm gamma (1)λ) The operation method comprises the following steps: the trusted authority TA inputs a system security parameter lambda, and the system selects a corresponding elliptic curve according to the size of lambda: y is2=X3+ aX + b (a and b are coefficients), and two prime q-order groups G, G are formed by points on the elliptic curveTSelecting a mapping function e to map the elements in the group G to the group GTPerforming the following steps; generally, the larger the value of the safety parameter λ, the more points on the selected elliptic curve, and the larger the cluster.
Step 12: the TA of the trusted authority runs a random number generation algorithm and randomly selects a generator G in the group G;
the random number generation algorithm comprises the following steps: according to the elliptic curve Y selected in step 112=X3+ aX + b, a value X of the argument X being chosen randomly1Calculating the value Y corresponding to the dependent variable Y1(ii) a If point (x)1,y1) In the group to be mapped, a random element is successfully generated; if point (x)1,y1) Not in the cluster, the value of X continues to be reselected until a point is found that appears in the cluster.
Step 13: trusted authority TA selects two anti-collision hash functions H1(. and H)2(. H), collision resistant hash function H1(. and H)2All of the characteristics of the collision-resistant hash function are satisfied. Wherein the anti-collision hash function H1(. and H)2(. The) can call run from the Pair-Based cryptography library function. Collision resistant hash function H1The input of (c) is a group GTThe output is an element in group G, H2The input of (c) contains three elements of group G and group GTIs output as a length log2(q)+log2| G | representing the length of the elements in group G.
Finally, the system disclosure parameter is expressed as para ═ G (G, G)T,g,e,q,H1(·),H2(·))。
And 2, each user generates a respective public key and a private key according to the public parameters, and the users comprise data decryptors.
In particular, the data decryptor UiRandom selection of ZqTwo non-0 elements in a domain
Figure BDA0001784763960000071
And calculate
Figure BDA0001784763960000072
And
Figure BDA0001784763960000073
data decryptor UiGet the public key rpki=(Xi,1,Xi,2) And private key rski=(xi,1,xi,2);Xi,1And Xi,2Respectively representing two exponentiations over group G.
Wherein,
Figure BDA0001784763960000074
representation field ZqIs selected randomly, the non-zero subset of elements {1, 2., q-1}, is selected randomly
Figure BDA0001784763960000075
The function of the middle element can be called and run from the Pairing-Based cryptography library function.
Step 3, main server S1And a backup server S2Respectively generating respective public keys according to the public parametersAnd a private key.
In particular, a server Si(i ═ 1,2) randomly selecting field ZqTwo non-0 elements of (1)
Figure BDA0001784763960000076
And calculate
Figure BDA0001784763960000077
And
Figure BDA0001784763960000078
server SiGet the public key tpki=(Yi,1,Yi,2) And private key tski=(yi,1,yi,2);Yi,1And Yi,2Respectively representing two exponentiations over group G.
And 4, the data encryptor executes an encryption algorithm according to the public keys of the two data decryptors and generates corresponding ciphertexts, and the corresponding ciphertexts are sent to the main server and the backup server.
Specifically, the data encryptor randomly selects the domain ZqTwo non-0 elements of (1)
Figure BDA0001784763960000079
And calculate
Figure BDA00017847639600000710
Figure BDA00017847639600000711
And
Figure BDA00017847639600000712
where | represents string concatenation,
Figure BDA00017847639600000713
representing a binary XOR operation, t1And t2Respectively represent group GTTwo exponentiations of (a).
The data encryptor obtains the ciphertext C ═ C of the data m1,c2,c3,c4) Is stored inMaster server S1And a backup server S2Above.
Wherein, the generated ciphertext C can be decrypted by the data decryptor U at the same time1And U2Decryption and data decryptor U1And U2No interaction is needed between the two; ciphertext C is co-existed with main server S1And a backup server S2In addition, the two servers are ensured to store the same data when the main server S1When a fault occurs and service cannot be provided for a user, the synchronous backup server S can be switched to in real time2
Step 5. data decryptor Ui(i ═ 1,2) slave master server S1Or backup server S2And downloading the corresponding ciphertext C, and then decrypting the ciphertext C by using respective private keys.
Specifically, step 5 specifically includes the following substeps:
step 51: data decryptor Ui(i-1, 2) calculation
Figure BDA0001784763960000081
And
Figure BDA0001784763960000082
step 52: data decryptor Ui(i-1, 2) calculation
Figure BDA0001784763960000083
Authentication
Figure BDA0001784763960000084
And
Figure BDA0001784763960000085
whether the result is true or not; if the verification is passed, the decryptor Ui(i ═ 1,2) to get the plaintext message m, otherwise, the decryption fails;
step 6. data decryptor Ui(i ═ 1,2) through a single authorization process, an authorization token ctk is generated, while authorizing the master server S1And a backup server S2And carrying out equivalence comparison on the ciphertext.
Specifically, the step 6 specifically includes the following sub-steps:
step 61, data decryptor Ui(i ═ 1,2) randomly selecting field ZqIs not a 0 element
Figure BDA0001784763960000086
Calculating v1=gβ,r1=e(Y1,1,Y2,1)β,r2=e(Y1,2,Y2,2)β
Figure BDA0001784763960000087
And
Figure BDA0001784763960000088
step 62. data decryptor Ui(i-1, 2) the encrypted authorization token ctk-v1,v2,v3) Is sent to the main server S1And a backup server S2
Wherein, the data decryptor U1And U2Step 6 may be performed to generate an authorization token ctk in ciphertext form, and ctk may be simultaneously accessed by the master server S1And a backup server S2Decrypting restores the authorization token tk, the main server S as long as ctk is not corrupted1And a backup server S2Must be decrypted to obtain tk, the main server S in the decryption process1And a backup server S2Without interaction, thus ensuring the main server S1And a backup server S2The same service can be provided to the user.
And 7, the main server or/and the backup server decrypts the received authorization token ctk to obtain an authorization token tk.
Server Si(i ═ 1 is the main server S1I-2 is the backup server S2) The received ciphertext authorization token ctk may be decrypted to obtain the authorization token tk.
Specifically, the step 7 specifically includes the following sub-steps:
step 71. clothesServer SiComputing
Figure BDA0001784763960000089
And tk ═ v2/H1(r'1);
Step 72, Server SiComputing
Figure BDA00017847639600000810
Verification H2(v1||v2||tk||r'2) Whether or not v3 holds; if the verification passes, the server Si(i-1, 2) gets the correct authorization token tk, otherwise fails.
And 8, comparing the stored user ciphertext data by the main server or the backup server by using the authorization token tk to judge whether the compared user ciphertext encrypts the same plaintext message.
Server Si(i ═ 1 is the main server S1I-2 is the backup server S2) The stored user ciphertext data (such as C and C ') can be compared by using the authorization token tk to judge whether the ciphertext C and C' encrypt the same plaintext message; wherein, the calculation modes of the ciphertext C' and the ciphertext C are consistent.
Specifically, the step 8 specifically includes:
server Si(i-1, 2) authentication
Figure BDA0001784763960000091
Whether the result is true or not; if yes, outputting '1' to indicate that the ciphertext C and the ciphertext C 'encrypt the same plaintext message, otherwise, outputting' 0 'to indicate that the ciphertext C and the ciphertext C' encrypt different plaintext messages;
wherein, the main server S1And a backup server S2All of which can use the obtained authorization token tk to compare the ciphertext data of the user to whom the authorization was issued, meaning the host server S1And a backup server S2The same service can be provided to the user; furthermore, step 8 also supports the main server S1And a backup server S2The equivalent comparison is carried out on the ciphertext data of different sources as long as the equivalent comparison is obtainedThe authorized tokens issued by some users may be valid, for example, if the authorization tokens corresponding to the ciphertexts C and C' are tk respectively1And tk2Server Si(i-1, 2) authentication
Figure BDA0001784763960000092
If so, ciphertext C and C 'encrypt the same plaintext message, otherwise C and C' encrypt different plaintext messages.
In summary, the present invention provides a method for supporting comparison of synchronous ciphertext of a backup server. Firstly, in a cloud storage environment, a data sender can designate two receivers for data to be encrypted, then ciphertext data is stored in a cloud end, only the designated receivers can obtain plaintext content of the data, and privacy of user data is fully guaranteed; secondly, when the user sends the ciphertext data to the cloud end, the ciphertext data need to be stored in the main server and the backup server at the same time, so that when the main server fails or is attacked and cannot provide service for the user, the main server can be switched to the backup server immediately, and the usability of the user data is improved; thirdly, two receivers of the data can authorize the main server and the backup server to compare the ciphertext data without decryption, so that the privacy of the user data is guaranteed to the maximum extent, and the state consistency of the main server and the backup server is guaranteed; and finally, the authorization of the data receiver is sent to the main server and the backup server in a ciphertext mode, so that the privacy of the authorization in the transmission process is ensured.
In another embodiment, the present invention further provides an apparatus for supporting comparison of synchronization ciphertexts of a backup server, including:
the initialization module is suitable for selecting safety parameters and a collision-resistant hash function according to a trusted authority TA to generate public parameters;
the user key generation module is suitable for each user to generate a respective public key and a private key according to the public parameters, and the users comprise a data encryptor and a data decryptor;
the server key generation module is suitable for the main server and the backup server to generate respective public keys and private keys according to the public parameters respectively;
the data encryption module is suitable for a data encryptor to execute an encryption algorithm according to public keys of two data decryptors and generate corresponding ciphertexts, and the corresponding ciphertexts are sent to the main server and the backup server;
the data decryption module is suitable for a data decryptor to download the corresponding ciphertext from the main server or the backup server and then decrypt the ciphertext by utilizing respective private keys;
the authorization generation module is suitable for generating an authorization token ctk by a data decryptor through an authorization process, and simultaneously authorizing the main server and the backup server to perform equivalence comparison on ciphertexts of the main server and the backup server;
the authorization decryption module is suitable for the main server or the backup server to decrypt the received authorization token ctk so as to obtain an authorization token tk;
and the ciphertext comparison module is suitable for the main server or the backup server to compare the stored user ciphertext data by using the authorization token tk so as to judge whether the compared user ciphertext encrypts the same plaintext message.
In this embodiment, the configuration, the role, or the implementation method of the initialization module, the user key generation module, the server key generation module, the data encryption module, the data decryption module, the authorization generation module, the authorization decryption module, and the ciphertext comparison module may be implemented in another embodiment, and this embodiment is not described in detail.
The device for supporting comparison of the synchronous ciphertext of the backup server ensures privacy and usability of cloud storage user data, reduces computing overhead of encrypted data of a sender, realizes safe data sharing among multiple users, and reduces computing cost of the users by using computing resources of the cloud server.
In summary, the method is used for encrypting and decrypting data, synchronously storing the data in the double servers and authorizing the encryption and decryption of the user in the cloud storage environment, and the privacy and the availability of the user data under the incompletely trusted double server model can be guaranteed. By using the main server and the backup server to simultaneously store user data and simultaneously obtain the authorization of a user, when the function of the main server fails, the backup server can seamlessly realize function substitution; through the double decryptor technology of the ciphertext, a data encryptor can designate two expected data receivers or users, and the encryptor only needs to encrypt the data once, so that the calculation overhead of encryption is reduced. The method has the advantages and effects that:
1) the method of the invention uses the main server and the backup server to simultaneously store the user data and obtain the user authorization, thereby realizing the synchronization of the states of the two servers, and when the main server can not provide the service due to the software and hardware configuration failure or the network attack, the system can be immediately switched to the backup server, thereby not influencing the experience of the user in using the cloud storage service. The main server and the backup server not only store the ciphertext data of the user, but also can execute equivalent comparison operation aiming at the ciphertext data of the user after obtaining the legal authorization of the user, and realize the division of the ciphertext data set on the premise of not deciphering, thereby reducing the calculation burden of the user.
2) The method allows the data sender to designate two data receivers, and the ciphertext data generated through one encryption process can be decrypted by the two receivers at the same time without repeatedly executing two encryption processes and respectively sending the ciphertext data to the two receivers, so that the calculation burden of the data encryptor is reduced. Since the ciphertext data is stored on the cloud server, secure sharing of data between the sender and the two receivers is achieved. After any receiver obtains the ciphertext data from the cloud server, the corresponding plaintext data can be obtained only by executing a decryption algorithm by using a closely-stored decryption private key.
3) The method of the invention considers the security of the user ciphertext data comparison authorization, when the user issues the authorization to the main server and the backup server, the user encrypts the authorization first and then sends the authorization in the form of the ciphertext to the two servers, so that the authorization content can not be leaked in the transmission process. After the main server and the backup server obtain the authorization in the form of the ciphertext respectively, the authorized decryption algorithm is executed by using the strictly kept decryption private key, and then the legal user authorization can be obtained. Before legal authorization of the user is obtained, the main server and the backup server cannot perform equivalence comparison on ciphertext data of the user, and safety of user data stored in a cloud is further guaranteed.
The foregoing embodiments are merely illustrative of the principles and utilities of the present invention and are not intended to limit the invention. Any person skilled in the art can modify or change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical spirit of the present invention be covered by the claims of the present invention.

Claims (10)

1. A method for supporting synchronous ciphertext comparison of a backup server is characterized by comprising the following steps:
a trusted authority TA selects a safety parameter and a collision-resistant hash function to generate a public parameter; the method specifically comprises the following steps: the trusted authority TA inputs the system security parameter lambda and runs the initialization algorithm gamma (1)λ) Outputs two groups G and G of prime qTAnd a bilinear mapping operation e: GXG → GTWherein, the initialization algorithm gamma (1)λ) The operation method comprises the following steps: the trusted authority TA inputs a system security parameter lambda, and the system selects a corresponding elliptic curve according to the size of lambda: y is2=X3+ aX + b, a and b are coefficients, with points on the elliptic curve forming two prime q-th order clusters G, GTSelecting a mapping function e to map the elements in the group G to the group GTPerforming the following steps;
each user generates a respective public key and a private key according to the public parameters, and the users comprise data decryptors;
the main server and the backup server respectively generate respective public keys and private keys according to the public parameters;
the data encryptor executes an encryption algorithm according to the public keys of the two data decryptors and generates corresponding ciphertexts, and the corresponding ciphertexts are sent to the main server and the backup server;
the data decryptor downloads the corresponding ciphertext from the main server or the backup server, and then decrypts the ciphertext by using respective private key;
a data decryptor generates an authorization token ctk through a one-time authorization process, and meanwhile, the main authorization server and the backup authorization server perform equivalence comparison on ciphertexts of the main authorization server and the backup authorization server;
the main server or the backup server decrypts the received authorization token ctk to obtain an authorization token tk;
the main server or the backup server compares the stored user ciphertext data by using the authorization token tk to judge whether the compared user ciphertext encrypts the same plaintext message.
2. The method for supporting comparison of synchronous ciphertexts of a backup server according to claim 1, wherein the public parameters specifically include: para ═ GT,g,e,q,H1(·),H2(. DEG)), wherein G and GTFor two groups with prime number q, e represents bilinear mapping operation e, G × G → GT,H1(. and H)2(. cndot.) denotes the collision-resistant hash function, respectively, and G is an element in the group G.
3. The method of claim 2, wherein the step of generating a public key and a private key for each user according to the public parameters specifically comprises:
user UiRandom selection of ZqTwo non-0 elements x in a domaini,1,xi,2And calculating two exponentiations X on the group Gi,1And Xi,2Wherein x isi,1,
Figure FDA0002809743170000011
Figure FDA0002809743170000012
Representation field ZqIs given as a non-zero subset of elements {1,2, ·, q-1}},i=1,2,
Figure FDA0002809743170000013
User UiGet the public key rpki=(Xi,1,Xi,2) And private key rski=(xi,1,xi,2) And G is an element in group G.
4. The method of claim 3, wherein the step of generating the public key and the private key of the primary server and the backup server according to the public parameter respectively comprises:
server SiRandomly selecting field ZqTwo non-0 elements y in (1)i,1,yi,2And calculating two exponentiations Y on the group Gi,1And Yi,2Wherein y isi,1,
Figure FDA0002809743170000021
Server SiGet the public key tpki=(Yi,1,Yi,2) And private key tski=(yi,1,yi,2)。
5. The method for supporting comparison of synchronous ciphertexts of a backup server according to claim 4, wherein the data encryptor executes an encryption algorithm according to the public keys of the two data decryptors and generates corresponding ciphertexts specifically comprises:
random selection of domain Z by data encryptorqTwo non-0 elements of (1)12And calculating a ciphertext C of the data m, where C ═ (C)1,c2,c3,c4),
Figure FDA0002809743170000022
The | | represents the character string concatenation,
Figure FDA0002809743170000023
representing a binary exclusive-OR operation, alpha1,
Figure FDA0002809743170000024
t1And t2Respectively represent group GTThe two power operations of the above are performed,
Figure FDA0002809743170000025
6. the method of claim 5, wherein the data decryptor downloads the corresponding ciphertext from the primary server or the backup server, and then decrypts the ciphertext with a respective private key specifically comprises:
data decryptor UiComputing group GTOf power over t'2And m | | | α1
Figure FDA0002809743170000026
Data decryptor UiComputing group GTOf power over t'1
Figure FDA0002809743170000027
And verify
Figure FDA0002809743170000028
And
Figure FDA0002809743170000029
whether the result is true or not; if true, the decryptor UiAnd obtaining a plaintext message m, otherwise, failing to decrypt.
7. The method for supporting comparison of synchronous ciphertexts of a backup server according to claim 6, wherein the data decryptor generates an authorization token ctk through an authorization process, and the authorization of the main server and the backup server to perform equivalence comparison on the ciphertexts thereof specifically comprises:
data decryptor UiRandomly selecting field ZqIs not a 0 element beta, calculates v1,v2And v3(ii) a Wherein,
Figure FDA00028097431700000210
r1,r2respectively represent group GTTwo power operations of r1=e(Y1,1,Y2,1)β,r2=e(Y1,2,Y2,2)β,v1=gβ
Figure FDA00028097431700000211
Figure FDA00028097431700000212
Data decryptor UiThe encrypted authorization token ctk is given by (v)1,v2,v3) Is sent to the main server S1And a backup server S2
8. The method of claim 7, wherein the decrypting, by the primary server or the backup server, the received authorization token ctk to obtain the authorization token tk specifically comprises:
server SiComputing group GTOf power-over operation r'1、r'2And an authorization token tk, wherein
Figure FDA00028097431700000213
tk=v2/H1(r'1);
Verification H2(v1||v2||tk||r'2)=v3Whether the result is true or not; if so, the server SiGet the correct authorization token tk, otherwise fail.
9. The method of claim 8, wherein the step of comparing the stored user ciphertext data with the authorization token tk by the primary server or the backup server to determine whether the compared user ciphertext encrypts the same plaintext message specifically comprises:
server SiAuthentication
Figure FDA0002809743170000031
Whether the result is true or not; if so, the ciphertext C and the ciphertext C 'encrypt the same plaintext message, otherwise, the ciphertext C and the ciphertext C' encrypt different plaintext messages.
10. An apparatus based on the method for supporting comparison of synchronization ciphertexts of the backup server as claimed in any one of claims 1 to 9, wherein the apparatus comprises:
the initialization module is suitable for selecting safety parameters and a collision-resistant hash function according to a trusted authority TA to generate public parameters; the user key generation module is suitable for each user to generate a respective public key and a private key according to the public parameters, and the users comprise a data encryptor and a data decryptor;
the server key generation module is suitable for the main server and the backup server to generate respective public keys and private keys according to the public parameters respectively;
the data encryption module is suitable for a data encryptor to execute an encryption algorithm according to public keys of two data decryptors and generate corresponding ciphertexts, and the corresponding ciphertexts are sent to the main server and the backup server;
the data decryption module is suitable for a data decryptor to download the corresponding ciphertext from the main server or the backup server and then decrypt the ciphertext by utilizing respective private keys;
the authorization generation module is suitable for generating an authorization token ctk by a data decryptor through an authorization process, and simultaneously authorizing the main server and the backup server to perform equivalence comparison on ciphertexts of the main server and the backup server;
the authorization decryption module is suitable for the main server or the backup server to decrypt the received authorization token ctk so as to obtain an authorization token tk;
and the ciphertext comparison module is suitable for the main server or the backup server to compare the stored user ciphertext data by using the authorization token tk so as to judge whether the compared user ciphertext encrypts the same plaintext message.
CN201811009670.4A 2018-08-31 2018-08-31 Method for supporting comparison of synchronous ciphertext of backup server Active CN109246098B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201811009670.4A CN109246098B (en) 2018-08-31 2018-08-31 Method for supporting comparison of synchronous ciphertext of backup server

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201811009670.4A CN109246098B (en) 2018-08-31 2018-08-31 Method for supporting comparison of synchronous ciphertext of backup server

Publications (2)

Publication Number Publication Date
CN109246098A CN109246098A (en) 2019-01-18
CN109246098B true CN109246098B (en) 2021-02-19

Family

ID=65069107

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201811009670.4A Active CN109246098B (en) 2018-08-31 2018-08-31 Method for supporting comparison of synchronous ciphertext of backup server

Country Status (1)

Country Link
CN (1) CN109246098B (en)

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109784094B (en) * 2019-01-21 2023-05-30 桂林电子科技大学 Batch outsourcing data integrity auditing method and system supporting preprocessing
CN110474764B (en) * 2019-07-17 2021-03-26 华南农业大学 Ciphertext data set intersection calculation method, device, system, client, server and medium
CN111064770B (en) * 2019-11-12 2021-11-05 国网辽宁省电力有限公司信息通信分公司 Method and system for capturing and synchronizing data bypass of power grid system
CN113972984B (en) * 2020-07-24 2024-03-19 中国移动通信集团浙江有限公司 ElGamal ciphertext equivalent judgment method and device
WO2022094829A1 (en) * 2020-11-05 2022-05-12 深圳技术大学 Data security comparison protocol implementation method and system, electronic apparatus, and storage medium
CN113411305A (en) * 2021-05-14 2021-09-17 桂林电子科技大学 Ciphertext equivalence comparison method based on double-server model
CN113779593A (en) * 2021-08-13 2021-12-10 桂林电子科技大学 Identity-based dual-server authorization ciphertext equivalence determination method
CN115378666A (en) * 2022-08-04 2022-11-22 山东大学 Public key encryption method and system supporting outsourced ciphertext data equality test
CN115499229B (en) * 2022-09-22 2024-05-17 淮阴工学院 Cloud storage encryption data conversion method and system based on identity
CN115632764B (en) * 2022-09-26 2024-10-11 海南大学 Industrial Internet of Things Cloud Ciphertext Data Comparison Method
CN116737704B (en) * 2023-06-02 2024-04-12 广州芳禾数据有限公司 System and method for reducing redundancy and redundancy of consumption data in ciphertext state

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103440463A (en) * 2013-09-17 2013-12-11 上海颐东网络信息有限公司 Electronic file protection method based on label
CN105610793A (en) * 2015-12-18 2016-05-25 江苏大学 Outsourced data encrypted storage and cryptograph query system and application method therefor
CN106250453A (en) * 2016-07-27 2016-12-21 北京电子科技学院 The cipher text retrieval method of numeric type data based on cloud storage and device
CN107122449A (en) * 2017-04-25 2017-09-01 安徽大学 File classification method and system based on public key encryption in multi-user environment
CN108132977A (en) * 2017-12-12 2018-06-08 华南农业大学 Ciphertext database querying method and system based on vertical division

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7346160B2 (en) * 2003-04-23 2008-03-18 Michaelsen David L Randomization-based encryption apparatus and method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103440463A (en) * 2013-09-17 2013-12-11 上海颐东网络信息有限公司 Electronic file protection method based on label
CN105610793A (en) * 2015-12-18 2016-05-25 江苏大学 Outsourced data encrypted storage and cryptograph query system and application method therefor
CN106250453A (en) * 2016-07-27 2016-12-21 北京电子科技学院 The cipher text retrieval method of numeric type data based on cloud storage and device
CN107122449A (en) * 2017-04-25 2017-09-01 安徽大学 File classification method and system based on public key encryption in multi-user environment
CN108132977A (en) * 2017-12-12 2018-06-08 华南农业大学 Ciphertext database querying method and system based on vertical division

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
云计算中基于身份的双服务器密文等值判定协议;吴黎兵 等;《计算机研究与发展》;20171015;第54卷(第10期);正文第2节第一段至第5节最后一段 *

Also Published As

Publication number Publication date
CN109246098A (en) 2019-01-18

Similar Documents

Publication Publication Date Title
CN109246098B (en) Method for supporting comparison of synchronous ciphertext of backup server
CN111740828B (en) Key generation method, device and equipment and encryption and decryption method
US11818262B2 (en) Method and system for one-to-many symmetric cryptography and a network employing the same
US9246674B2 (en) Generation of cryptographic keys
CN106230590B (en) Ciphertext strategy attribute-based encryption method for multiple authorization mechanisms
JP2016158189A (en) Change direction with key control system and change direction with key control method
WO2013056502A1 (en) Hierarchical hybrid encryption method and apparatus of smart home system
CN114362928B (en) Quantum key distribution and reconstruction method for multi-node encryption
CN106713349B (en) Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text
JP2020532177A (en) Computer-implemented systems and methods for advanced data security, high-speed encryption, and transmission
CN111314050A (en) Encryption and decryption method and device
CA3056814A1 (en) Symmetric cryptographic method and system and applications thereof
CN113326518A (en) Data processing method and device
Vandana et al. Integrity based authentication and secure information transfer over cloud for hospital management system
CN112131596B (en) Encryption and decryption method, equipment and storage medium
US11743039B2 (en) System and method for data encryption using key derivation
CN111314051A (en) Encryption and decryption method and device
CN110535873B (en) Encryption method and decryption method applied to data collaborative encryption system
CN114900292B (en) Pre-computing system, pre-computing data processing method and device
CN111064753B (en) One-Time Pad-based password manager implementation method
CN114978496B (en) Lightweight encryption-based safe data deduplication method
CN113961645A (en) Data sharing method and device, storage medium and electronic equipment
CN117828645A (en) Lightweight sensitive data access control method
CN116170139A (en) Quantum encryption authentication fusion method, device and system
Limmanee et al. Hybrid Encryption Scheme for Digital Content with Key Partitioning and Secret Mixing: Design and Implementation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
EE01 Entry into force of recordation of patent licensing contract

Application publication date: 20190118

Assignee: Guilin Weisichuang Technology Co.,Ltd.

Assignor: GUILIN University OF ELECTRONIC TECHNOLOGY

Contract record no.: X2023980046257

Denomination of invention: A method for supporting synchronous ciphertext comparison between backup servers

Granted publication date: 20210219

License type: Common License

Record date: 20231108

EE01 Entry into force of recordation of patent licensing contract