CN109246098B - Method for supporting comparison of synchronous ciphertext of backup server - Google Patents
Method for supporting comparison of synchronous ciphertext of backup server Download PDFInfo
- Publication number
- CN109246098B CN109246098B CN201811009670.4A CN201811009670A CN109246098B CN 109246098 B CN109246098 B CN 109246098B CN 201811009670 A CN201811009670 A CN 201811009670A CN 109246098 B CN109246098 B CN 109246098B
- Authority
- CN
- China
- Prior art keywords
- server
- data
- ciphertext
- authorization
- backup server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 230000001360 synchronised effect Effects 0.000 title claims abstract description 14
- 238000013475 authorization Methods 0.000 claims abstract description 102
- 230000008569 process Effects 0.000 claims description 11
- 238000013507 mapping Methods 0.000 claims description 9
- 238000012795 verification Methods 0.000 claims description 5
- 238000005516 engineering process Methods 0.000 description 12
- 238000004364 calculation method Methods 0.000 description 7
- 238000012423 maintenance Methods 0.000 description 4
- 230000005540 biological transmission Effects 0.000 description 3
- 125000004122 cyclic group Chemical group 0.000 description 3
- 238000013500 data storage Methods 0.000 description 3
- 230000003993 interaction Effects 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000009977 dual effect Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 238000006467 substitution reaction Methods 0.000 description 2
- 230000003044 adaptive effect Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000004927 fusion Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000005477 standard model Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0807—Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1095—Replication or mirroring of data, e.g. scheduling or transport for data synchronisation between network nodes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
- H04L9/3033—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
- H04L9/3073—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3236—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
Abstract
The invention provides a method for supporting comparison of synchronous ciphertexts of a backup server, which comprises the following steps: a trusted authority TA selects a safety parameter and a collision-resistant hash function to generate a public parameter; each user generates a respective public key and private key, and the users comprise data decryptors; the main server and the backup server generate respective public keys and private keys; the data encryptor executes an encryption algorithm by using the public keys of the two data decryptors, and the generated ciphertext is sent to the two servers; the data decryptor downloads the corresponding ciphertext from any server, and then decrypts the ciphertext by using respective private keys; a data decryptor generates an authorization token ctk, and the main authorization server and the backup authorization server perform equivalence comparison on the ciphertext; the two servers decrypt the received authorization token ctk to obtain an authorization token tk; the two servers compare the stored user ciphertext data by using the authorization token tk to judge whether the compared user ciphertext encrypts the same plaintext message.
Description
Technical Field
The invention relates to the field of information security passwords, in particular to a method for supporting comparison of synchronous ciphertexts of a backup server.
Background
With the rapid development of information technology, the amount of data generated in daily work and life of people is increasingly huge, and more users adopt remote data storage modes such as cloud storage and the like in order to reduce the burden of locally storing large-scale data. By means of the service provided by the cloud server, users can access data of the users anytime and anywhere, and data sharing among multiple users is easy to achieve. However, while the user enjoys the convenience of the cloud storage service, the user data is completely controlled by the cloud server, and thus, the privacy and security of the data are worried.
In consideration of software and hardware configuration of the cloud server and a complex network environment, if the software and hardware are in failure, service cannot be provided for a user in real time; if a network attack is encountered, the cloud server may not provide services to the user for a certain time, and the user data may be leaked. In recent years, cases of leakage and loss of cloud storage user data are reported continuously, and therefore, it is urgently needed to design and deploy corresponding cloud data security protection measures to ensure privacy, security and availability of the user data.
In order to guarantee the safety and the usability of user data in a cloud server, an encryption technology suitable for double servers is introduced, ciphertext data of a user are stored on a main server and a backup server at the same time, when the main server breaks down or is attacked, the backup server is immediately used for providing service for the user, seamless server switching is completed, and the use experience of the user is not influenced. This requires that at any one time the primary and backup servers must store the same user data, have the same authorization available, and that the work of either server need not be done in cooperation with the other.
In consideration of the multi-user environment, the user data often has more than one receiver and user, for example, a piece of ciphertext data of a user can be decrypted and used by the user, and a leader mechanism of the user also has access and use rights. In this case, Dual-receiver encryption (DRE) may be used to solve the problem. With DRE technology, a sender can specify two intended recipients of ciphertext data when encrypting data, so that they can both decrypt the ciphertext without interaction during decryption.
Because the cloud server has not only strong storage capacity but also strong computing capacity, the user may wish to authorize part of the computing tasks to the cloud server for execution without affecting the privacy of the user data. The method includes the steps that a cloud server is trusted to perform equivalent comparison operation (ETC) on user ciphertext data to judge whether the user ciphertext encrypts the same plaintext data. The ciphertext equivalence comparison technology has wide application scenarios, such as ciphertext data table connection, ciphertext data duplication removal and the like.
Since the authorization of the user may be intercepted during the transmission process, the authorization information needs to be encrypted, so that only a legal cloud server can decrypt the authorization to obtain the authorization. In combination with the foregoing dual server model and dual receiver application scenario, it is obviously required that when any ciphertext data receiver authorizes a server, it must be able to authorize two servers to perform ciphertext comparison at the same time, so as to ensure that the main server and the backup server have the capability of providing the same service to the user at the same time. Therefore, the authorized encryption process also needs to be solved using DRE technology.
At present, partial DRE technology and ETC technology have been proposed, and very successful research results are obtained: designing an atternable security (IND-CCA2) cryptography scheme under the condition of adaptive selection ciphertext attack; constructing a cryptographic scheme which can prove safety under a standard model; constructing a cryptographic scheme based on provable security in an identity environment; designing general and semi-general cryptology scheme construction technology and the like. Although the above research results have good performance or properties in some aspect, there is no effective fusion between the existing DRE technology and the ETC technology to meet the aforementioned needs.
Disclosure of Invention
In view of the above-mentioned shortcomings of the prior art, it is an object of the present invention to provide a method for supporting comparison of sync secrets by a backup server.
To achieve the above and other related objects, the present invention provides a method for supporting comparison of synchronization ciphertexts of a backup server, comprising the steps of:
a trusted authority TA selects a safety parameter and a collision-resistant hash function to generate a public parameter;
each user generates a respective public key and a private key according to the public parameters, and the users comprise data decryptors;
the main server and the backup server respectively generate respective public keys and private keys according to the public parameters;
the data encryptor executes an encryption algorithm according to the public keys of the two data decryptors and generates corresponding ciphertexts, and the corresponding ciphertexts are sent to the main server and the backup server;
the data decryptor downloads the corresponding ciphertext from the main server or the backup server, and then decrypts the ciphertext by using respective private key;
a data decryptor generates an authorization token ctk through a one-time authorization process, and meanwhile, the main authorization server and the backup authorization server perform equivalence comparison on ciphertexts of the main authorization server and the backup authorization server;
the main server or the backup server decrypts the received authorization token ctk to obtain an authorization token tk;
the main server or the backup server compares the stored user ciphertext data by using the authorization token tk to judge whether the compared user ciphertext encrypts the same plaintext message.
Optionally, the public parameter para is specifically: para ═ GT,g,e,q,H1(·),H2(. DEG)), wherein G and GTFor two groups with prime number q, e represents bilinear mapping operation e, G × G → GT,H1(. and H)2(. cndot.) denotes collision-resistant hash functions, respectively.
Optionally, the generating, by each user, a respective public key and a respective private key according to the public parameter specifically includes:
user UiRandom selection of ZqTwo non-0 elements x in a domaini,1,xi,2And calculating two exponentiations X on the group Gi,1And Xi,2Wherein Representation field ZqIs given as a non-zero subset of elements {1, 2., q-1}, i ═ 1,2,
user UiGet the public key rpki=(Xi,1,Xi,2) And private key rski=(xi,1,xi,2)。
Optionally, the generating, by the main server and the backup server, respective public keys and private keys according to the public parameters specifically includes:
server SiRandomly selecting field ZqTwo non-0 elements y in (1)i,1,yi,2And calculating two exponentiations Y on the group Gi,1And Yi,2Wherein
Server SiGet the public key tpki=(Yi,1,Yi,2) And private key tski=(yi,1,yi,2)。
Optionally, the step of the data encryptor executing an encryption algorithm according to the public keys of the two data decryptors and generating corresponding ciphertexts specifically includes:
random selection of domain Z by data encryptorqTwo non-0 elements of (1)1,α2And calculating a ciphertext C of the data m, where C ═ (C)1,c2,c3,c4),The | | represents the character string concatenation,which represents a binary exclusive-or operation,t1and t2Respectively represent group GTThe two power operations of the above are performed,
optionally, the downloading, by the data decryptor, the corresponding ciphertext from the main server or the backup server, and then decrypting the ciphertext by using the respective private key specifically includes:
Data decryptor UiComputing group GTUpper power operation t1',And verifyAndwhether the result is true or not; if true, the decryptor UiAnd obtaining a plaintext message m, otherwise, failing to decrypt.
Optionally, the data decryptor generates the authorization token ctk through a one-time authorization process, and the authorization of the main server and the backup server to perform equivalence comparison on the ciphertexts thereof specifically includes:
data decryptor UiRandomly selecting field ZqIs not a 0 element beta, calculates v1,v2And v3(ii) a Wherein,r1,r2respectively represent group GTTwo power operations of r1=e(Y1,1,Y2,1)β,r2=e(Y1,2,Y2,2)β,v1=gβ,
Data decryptor UiThe encrypted authorization token ctk is given by (v)1,v2,v3) Is sent to the main server S1And a backup server S2。
Optionally, the decrypting, by the main server or the backup server, the received authorization token ctk to obtain the authorization token tk specifically includes:
server SiComputing group GTOf power-over operation r'1、r'2And an authorization token tk, wherein tk=v2/H1(r'1);
Verification H2(v1||v2||tk||r'2) Whether or not v3 holds; if so, the server Si gets the correct authorization token tk, otherwise it fails.
Optionally, the comparing, by the main server or the backup server, the stored user ciphertext data by using the authorization token tk to determine whether the compared user ciphertext encrypts the same plaintext message specifically includes:
server SiAuthenticationWhether the result is true or not; if so, the ciphertext C and the ciphertext C 'encrypt the same plaintext message, otherwise, the ciphertext C and the ciphertext C' encrypt different plaintext messages.
To achieve the above and other related objects, an apparatus for supporting comparison of synced ciphertexts at a backup server, the apparatus comprising:
the initialization module is suitable for selecting safety parameters and a collision-resistant hash function according to a trusted authority TA to generate public parameters;
the user key generation module is suitable for each user to generate a respective public key and a private key according to the public parameters, and the users comprise a data encryptor and a data decryptor;
the server key generation module is suitable for the main server and the backup server to generate respective public keys and private keys according to the public parameters respectively;
the data encryption module is suitable for a data encryptor to execute an encryption algorithm according to public keys of two data decryptors and generate corresponding ciphertexts, and the corresponding ciphertexts are sent to the main server and the backup server;
the data decryption module is suitable for a data decryptor to download the corresponding ciphertext from the main server or the backup server and then decrypt the ciphertext by utilizing respective private keys;
the authorization generation module is suitable for generating an authorization token ctk by a data decryptor through an authorization process, and simultaneously authorizing the main server and the backup server to perform equivalence comparison on ciphertexts of the main server and the backup server;
the authorization decryption module is suitable for the main server or the backup server to decrypt the received authorization token ctk so as to obtain an authorization token tk;
and the ciphertext comparison module is suitable for the main server or the backup server to compare the stored user ciphertext data by using the authorization token tk so as to judge whether the compared user ciphertext encrypts the same plaintext message.
As described above, the method for supporting comparison of synchronous ciphertext of backup server according to the present invention has the following beneficial effects:
the invention provides a method for supporting comparison of synchronous ciphertexts of a backup server, which is used for encrypting and decrypting data in a cloud storage environment, synchronously storing the data in double servers, authorizing encryption and decryption for a user and ensuring privacy and usability of the user data under an incompletely credible double-server model. By using the main server and the backup server to simultaneously store user data and simultaneously obtain the authorization of a user, when the function of the main server fails, the backup server can seamlessly realize function substitution; through the double decryptor technology of the ciphertext, a data encryptor can designate two expected data receivers or users, and the encryptor only needs to encrypt the data once, so that the calculation overhead of encryption is reduced.
Drawings
To further illustrate the description of the present invention, the following detailed description of the embodiments of the present invention is provided with reference to the accompanying drawings. It is appreciated that these drawings are merely exemplary and are not to be considered limiting of the scope of the invention.
FIG. 1 is a system architecture diagram of the method of the present invention.
FIG. 2 is a block flow diagram of the method of the present invention.
Detailed Description
The embodiments of the present invention are described below with reference to specific embodiments, and other advantages and effects of the present invention will be easily understood by those skilled in the art from the disclosure of the present specification. The invention is capable of other and different embodiments and of being practiced or of being carried out in various ways, and its several details are capable of modification in various respects, all without departing from the spirit and scope of the present invention. It is to be noted that the features in the following embodiments and examples may be combined with each other without conflict.
It should be noted that the drawings provided in the following embodiments are only for illustrating the basic idea of the present invention, and the components related to the present invention are only shown in the drawings rather than drawn according to the number, shape and size of the components in actual implementation, and the type, quantity and proportion of the components in actual implementation may be changed freely, and the layout of the components may be more complicated.
In order to make the technical solution of the present invention more clearly understood, some technical terms used in the present invention will be described.
(1) Trusted Authority (TA): and trusted by each entity, the system is responsible for generating the public parameters of the system and maintaining the public key information of all users.
(2) Data Encryptor (DE): the data sender calculates a pair of public and private keys of the data sender according to the system public parameters, sends the public keys to the TA for maintenance, can select two expected data receivers when executing a data encryption algorithm, and uploads encrypted ciphertext data to the main server and the backup server.
(3) Data Decryptor (DD): the two receivers are also called as data receivers, a pair of public and private keys of the receivers are calculated according to the system public parameters, the public keys are sent to the TA for maintenance, corresponding ciphertext data can be read from the main server and the backup server to execute a decryption algorithm, and authorization in a ciphertext form is generated and sent to the main server and the backup server.
(4) Master Server (MS): a pair of public and private keys of the user is calculated according to the system public parameters, the public key is sent to the TA for maintenance, data storage service can be provided for the user, and ciphertext authorization of the user can be decrypted so as to execute ciphertext equivalence comparison.
(5) Backup Server (BS): a pair of public and private keys of the user is calculated according to the system public parameters, the public key is sent to the TA for maintenance, data storage service can be provided for the user, ciphertext authorization of the user can be decrypted, ciphertext equivalence comparison is further executed, and service can be immediately provided for the user when the main server fails in function.
The cipher system designed by the invention uses the mathematical knowledge related to bilinear mapping, and the related definition explanation is specifically made here.
Defining a function mapping e G → GTMapping elements in cyclic group G to cyclic group GTWherein G and GTBoth are two cyclic groups of prime order q. The bilinear map e needs to satisfy the following characteristics:
(1) bilinear property: for any u, v ∈ G, any a, b ∈ ZqAll have e (u)a,vb)=e(u,v)abIs formed wherein Zq={0,1,2,...,q-1};
(2) Non-degenerate characteristics: at least one element G is present in group G such that e (G, G) is group GTA generator of (2);
(3) high efficiency: there are efficient algorithms that allow the value of e (u, v) to be efficiently calculated for any u, v ∈ G.
The hash function used in the present invention has two basic characteristics: unidirectionality and impact resistance; unidirectional means that it is efficient to deduce the output from the input of the hash function, and it is not possible to calculate its input from the output of the hash function; crashworthiness means that two different inputs cannot be found to have the same hash function value.
As shown in fig. 1, the present invention provides a method for supporting comparison of synchronous cryptographs of a backup server, which includes the following steps:
step 1, the trusted authority TA selects a safety parameter and a collision-resistant hash function to generate a public parameter.
Specifically, the step 1 specifically includes the following substeps:
step 11: the trusted authority TA inputs the system security parameter lambda and runs the initialization algorithm gamma (1)λ) Outputs two groups G and G of prime qTAnd a bilinear mapping operation e: GXG → GT;
Wherein, the initialization algorithm gamma (1)λ) The operation method comprises the following steps: the trusted authority TA inputs a system security parameter lambda, and the system selects a corresponding elliptic curve according to the size of lambda: y is2=X3+ aX + b (a and b are coefficients), and two prime q-order groups G, G are formed by points on the elliptic curveTSelecting a mapping function e to map the elements in the group G to the group GTPerforming the following steps; generally, the larger the value of the safety parameter λ, the more points on the selected elliptic curve, and the larger the cluster.
Step 12: the TA of the trusted authority runs a random number generation algorithm and randomly selects a generator G in the group G;
the random number generation algorithm comprises the following steps: according to the elliptic curve Y selected in step 112=X3+ aX + b, a value X of the argument X being chosen randomly1Calculating the value Y corresponding to the dependent variable Y1(ii) a If point (x)1,y1) In the group to be mapped, a random element is successfully generated; if point (x)1,y1) Not in the cluster, the value of X continues to be reselected until a point is found that appears in the cluster.
Step 13: trusted authority TA selects two anti-collision hash functions H1(. and H)2(. H), collision resistant hash function H1(. and H)2All of the characteristics of the collision-resistant hash function are satisfied. Wherein the anti-collision hash function H1(. and H)2(. The) can call run from the Pair-Based cryptography library function. Collision resistant hash function H1The input of (c) is a group GTThe output is an element in group G, H2The input of (c) contains three elements of group G and group GTIs output as a length log2(q)+log2| G | representing the length of the elements in group G.
Finally, the system disclosure parameter is expressed as para ═ G (G, G)T,g,e,q,H1(·),H2(·))。
And 2, each user generates a respective public key and a private key according to the public parameters, and the users comprise data decryptors.
In particular, the data decryptor UiRandom selection of ZqTwo non-0 elements in a domainAnd calculateAnddata decryptor UiGet the public key rpki=(Xi,1,Xi,2) And private key rski=(xi,1,xi,2);Xi,1And Xi,2Respectively representing two exponentiations over group G.
Wherein,representation field ZqIs selected randomly, the non-zero subset of elements {1, 2., q-1}, is selected randomlyThe function of the middle element can be called and run from the Pairing-Based cryptography library function.
Step 3, main server S1And a backup server S2Respectively generating respective public keys according to the public parametersAnd a private key.
In particular, a server Si(i ═ 1,2) randomly selecting field ZqTwo non-0 elements of (1)And calculateAndserver SiGet the public key tpki=(Yi,1,Yi,2) And private key tski=(yi,1,yi,2);Yi,1And Yi,2Respectively representing two exponentiations over group G.
And 4, the data encryptor executes an encryption algorithm according to the public keys of the two data decryptors and generates corresponding ciphertexts, and the corresponding ciphertexts are sent to the main server and the backup server.
Specifically, the data encryptor randomly selects the domain ZqTwo non-0 elements of (1)And calculate Andwhere | represents string concatenation,representing a binary XOR operation, t1And t2Respectively represent group GTTwo exponentiations of (a).
The data encryptor obtains the ciphertext C ═ C of the data m1,c2,c3,c4) Is stored inMaster server S1And a backup server S2Above.
Wherein, the generated ciphertext C can be decrypted by the data decryptor U at the same time1And U2Decryption and data decryptor U1And U2No interaction is needed between the two; ciphertext C is co-existed with main server S1And a backup server S2In addition, the two servers are ensured to store the same data when the main server S1When a fault occurs and service cannot be provided for a user, the synchronous backup server S can be switched to in real time2。
Step 5. data decryptor Ui(i ═ 1,2) slave master server S1Or backup server S2And downloading the corresponding ciphertext C, and then decrypting the ciphertext C by using respective private keys.
Specifically, step 5 specifically includes the following substeps:
step 52: data decryptor Ui(i-1, 2) calculationAuthenticationAndwhether the result is true or not; if the verification is passed, the decryptor Ui(i ═ 1,2) to get the plaintext message m, otherwise, the decryption fails;
step 6. data decryptor Ui(i ═ 1,2) through a single authorization process, an authorization token ctk is generated, while authorizing the master server S1And a backup server S2And carrying out equivalence comparison on the ciphertext.
Specifically, the step 6 specifically includes the following sub-steps:
step 61, data decryptor Ui(i ═ 1,2) randomly selecting field ZqIs not a 0 elementCalculating v1=gβ,r1=e(Y1,1,Y2,1)β,r2=e(Y1,2,Y2,2)β,And
step 62. data decryptor Ui(i-1, 2) the encrypted authorization token ctk-v1,v2,v3) Is sent to the main server S1And a backup server S2。
Wherein, the data decryptor U1And U2Step 6 may be performed to generate an authorization token ctk in ciphertext form, and ctk may be simultaneously accessed by the master server S1And a backup server S2Decrypting restores the authorization token tk, the main server S as long as ctk is not corrupted1And a backup server S2Must be decrypted to obtain tk, the main server S in the decryption process1And a backup server S2Without interaction, thus ensuring the main server S1And a backup server S2The same service can be provided to the user.
And 7, the main server or/and the backup server decrypts the received authorization token ctk to obtain an authorization token tk.
Server Si(i ═ 1 is the main server S1I-2 is the backup server S2) The received ciphertext authorization token ctk may be decrypted to obtain the authorization token tk.
Specifically, the step 7 specifically includes the following sub-steps:
Step 72, Server SiComputingVerification H2(v1||v2||tk||r'2) Whether or not v3 holds; if the verification passes, the server Si(i-1, 2) gets the correct authorization token tk, otherwise fails.
And 8, comparing the stored user ciphertext data by the main server or the backup server by using the authorization token tk to judge whether the compared user ciphertext encrypts the same plaintext message.
Server Si(i ═ 1 is the main server S1I-2 is the backup server S2) The stored user ciphertext data (such as C and C ') can be compared by using the authorization token tk to judge whether the ciphertext C and C' encrypt the same plaintext message; wherein, the calculation modes of the ciphertext C' and the ciphertext C are consistent.
Specifically, the step 8 specifically includes:
server Si(i-1, 2) authenticationWhether the result is true or not; if yes, outputting '1' to indicate that the ciphertext C and the ciphertext C 'encrypt the same plaintext message, otherwise, outputting' 0 'to indicate that the ciphertext C and the ciphertext C' encrypt different plaintext messages;
wherein, the main server S1And a backup server S2All of which can use the obtained authorization token tk to compare the ciphertext data of the user to whom the authorization was issued, meaning the host server S1And a backup server S2The same service can be provided to the user; furthermore, step 8 also supports the main server S1And a backup server S2The equivalent comparison is carried out on the ciphertext data of different sources as long as the equivalent comparison is obtainedThe authorized tokens issued by some users may be valid, for example, if the authorization tokens corresponding to the ciphertexts C and C' are tk respectively1And tk2Server Si(i-1, 2) authenticationIf so, ciphertext C and C 'encrypt the same plaintext message, otherwise C and C' encrypt different plaintext messages.
In summary, the present invention provides a method for supporting comparison of synchronous ciphertext of a backup server. Firstly, in a cloud storage environment, a data sender can designate two receivers for data to be encrypted, then ciphertext data is stored in a cloud end, only the designated receivers can obtain plaintext content of the data, and privacy of user data is fully guaranteed; secondly, when the user sends the ciphertext data to the cloud end, the ciphertext data need to be stored in the main server and the backup server at the same time, so that when the main server fails or is attacked and cannot provide service for the user, the main server can be switched to the backup server immediately, and the usability of the user data is improved; thirdly, two receivers of the data can authorize the main server and the backup server to compare the ciphertext data without decryption, so that the privacy of the user data is guaranteed to the maximum extent, and the state consistency of the main server and the backup server is guaranteed; and finally, the authorization of the data receiver is sent to the main server and the backup server in a ciphertext mode, so that the privacy of the authorization in the transmission process is ensured.
In another embodiment, the present invention further provides an apparatus for supporting comparison of synchronization ciphertexts of a backup server, including:
the initialization module is suitable for selecting safety parameters and a collision-resistant hash function according to a trusted authority TA to generate public parameters;
the user key generation module is suitable for each user to generate a respective public key and a private key according to the public parameters, and the users comprise a data encryptor and a data decryptor;
the server key generation module is suitable for the main server and the backup server to generate respective public keys and private keys according to the public parameters respectively;
the data encryption module is suitable for a data encryptor to execute an encryption algorithm according to public keys of two data decryptors and generate corresponding ciphertexts, and the corresponding ciphertexts are sent to the main server and the backup server;
the data decryption module is suitable for a data decryptor to download the corresponding ciphertext from the main server or the backup server and then decrypt the ciphertext by utilizing respective private keys;
the authorization generation module is suitable for generating an authorization token ctk by a data decryptor through an authorization process, and simultaneously authorizing the main server and the backup server to perform equivalence comparison on ciphertexts of the main server and the backup server;
the authorization decryption module is suitable for the main server or the backup server to decrypt the received authorization token ctk so as to obtain an authorization token tk;
and the ciphertext comparison module is suitable for the main server or the backup server to compare the stored user ciphertext data by using the authorization token tk so as to judge whether the compared user ciphertext encrypts the same plaintext message.
In this embodiment, the configuration, the role, or the implementation method of the initialization module, the user key generation module, the server key generation module, the data encryption module, the data decryption module, the authorization generation module, the authorization decryption module, and the ciphertext comparison module may be implemented in another embodiment, and this embodiment is not described in detail.
The device for supporting comparison of the synchronous ciphertext of the backup server ensures privacy and usability of cloud storage user data, reduces computing overhead of encrypted data of a sender, realizes safe data sharing among multiple users, and reduces computing cost of the users by using computing resources of the cloud server.
In summary, the method is used for encrypting and decrypting data, synchronously storing the data in the double servers and authorizing the encryption and decryption of the user in the cloud storage environment, and the privacy and the availability of the user data under the incompletely trusted double server model can be guaranteed. By using the main server and the backup server to simultaneously store user data and simultaneously obtain the authorization of a user, when the function of the main server fails, the backup server can seamlessly realize function substitution; through the double decryptor technology of the ciphertext, a data encryptor can designate two expected data receivers or users, and the encryptor only needs to encrypt the data once, so that the calculation overhead of encryption is reduced. The method has the advantages and effects that:
1) the method of the invention uses the main server and the backup server to simultaneously store the user data and obtain the user authorization, thereby realizing the synchronization of the states of the two servers, and when the main server can not provide the service due to the software and hardware configuration failure or the network attack, the system can be immediately switched to the backup server, thereby not influencing the experience of the user in using the cloud storage service. The main server and the backup server not only store the ciphertext data of the user, but also can execute equivalent comparison operation aiming at the ciphertext data of the user after obtaining the legal authorization of the user, and realize the division of the ciphertext data set on the premise of not deciphering, thereby reducing the calculation burden of the user.
2) The method allows the data sender to designate two data receivers, and the ciphertext data generated through one encryption process can be decrypted by the two receivers at the same time without repeatedly executing two encryption processes and respectively sending the ciphertext data to the two receivers, so that the calculation burden of the data encryptor is reduced. Since the ciphertext data is stored on the cloud server, secure sharing of data between the sender and the two receivers is achieved. After any receiver obtains the ciphertext data from the cloud server, the corresponding plaintext data can be obtained only by executing a decryption algorithm by using a closely-stored decryption private key.
3) The method of the invention considers the security of the user ciphertext data comparison authorization, when the user issues the authorization to the main server and the backup server, the user encrypts the authorization first and then sends the authorization in the form of the ciphertext to the two servers, so that the authorization content can not be leaked in the transmission process. After the main server and the backup server obtain the authorization in the form of the ciphertext respectively, the authorized decryption algorithm is executed by using the strictly kept decryption private key, and then the legal user authorization can be obtained. Before legal authorization of the user is obtained, the main server and the backup server cannot perform equivalence comparison on ciphertext data of the user, and safety of user data stored in a cloud is further guaranteed.
The foregoing embodiments are merely illustrative of the principles and utilities of the present invention and are not intended to limit the invention. Any person skilled in the art can modify or change the above-mentioned embodiments without departing from the spirit and scope of the present invention. Accordingly, it is intended that all equivalent modifications or changes which can be made by those skilled in the art without departing from the spirit and technical spirit of the present invention be covered by the claims of the present invention.
Claims (10)
1. A method for supporting synchronous ciphertext comparison of a backup server is characterized by comprising the following steps:
a trusted authority TA selects a safety parameter and a collision-resistant hash function to generate a public parameter; the method specifically comprises the following steps: the trusted authority TA inputs the system security parameter lambda and runs the initialization algorithm gamma (1)λ) Outputs two groups G and G of prime qTAnd a bilinear mapping operation e: GXG → GTWherein, the initialization algorithm gamma (1)λ) The operation method comprises the following steps: the trusted authority TA inputs a system security parameter lambda, and the system selects a corresponding elliptic curve according to the size of lambda: y is2=X3+ aX + b, a and b are coefficients, with points on the elliptic curve forming two prime q-th order clusters G, GTSelecting a mapping function e to map the elements in the group G to the group GTPerforming the following steps;
each user generates a respective public key and a private key according to the public parameters, and the users comprise data decryptors;
the main server and the backup server respectively generate respective public keys and private keys according to the public parameters;
the data encryptor executes an encryption algorithm according to the public keys of the two data decryptors and generates corresponding ciphertexts, and the corresponding ciphertexts are sent to the main server and the backup server;
the data decryptor downloads the corresponding ciphertext from the main server or the backup server, and then decrypts the ciphertext by using respective private key;
a data decryptor generates an authorization token ctk through a one-time authorization process, and meanwhile, the main authorization server and the backup authorization server perform equivalence comparison on ciphertexts of the main authorization server and the backup authorization server;
the main server or the backup server decrypts the received authorization token ctk to obtain an authorization token tk;
the main server or the backup server compares the stored user ciphertext data by using the authorization token tk to judge whether the compared user ciphertext encrypts the same plaintext message.
2. The method for supporting comparison of synchronous ciphertexts of a backup server according to claim 1, wherein the public parameters specifically include: para ═ GT,g,e,q,H1(·),H2(. DEG)), wherein G and GTFor two groups with prime number q, e represents bilinear mapping operation e, G × G → GT,H1(. and H)2(. cndot.) denotes the collision-resistant hash function, respectively, and G is an element in the group G.
3. The method of claim 2, wherein the step of generating a public key and a private key for each user according to the public parameters specifically comprises:
user UiRandom selection of ZqTwo non-0 elements x in a domaini,1,xi,2And calculating two exponentiations X on the group Gi,1And Xi,2Wherein x isi,1, Representation field ZqIs given as a non-zero subset of elements {1,2, ·, q-1}},i=1,2,
User UiGet the public key rpki=(Xi,1,Xi,2) And private key rski=(xi,1,xi,2) And G is an element in group G.
4. The method of claim 3, wherein the step of generating the public key and the private key of the primary server and the backup server according to the public parameter respectively comprises:
server SiRandomly selecting field ZqTwo non-0 elements y in (1)i,1,yi,2And calculating two exponentiations Y on the group Gi,1And Yi,2Wherein y isi,1,
Server SiGet the public key tpki=(Yi,1,Yi,2) And private key tski=(yi,1,yi,2)。
5. The method for supporting comparison of synchronous ciphertexts of a backup server according to claim 4, wherein the data encryptor executes an encryption algorithm according to the public keys of the two data decryptors and generates corresponding ciphertexts specifically comprises:
random selection of domain Z by data encryptorqTwo non-0 elements of (1)1,α2And calculating a ciphertext C of the data m, where C ═ (C)1,c2,c3,c4),The | | represents the character string concatenation,representing a binary exclusive-OR operation, alpha1,t1And t2Respectively represent group GTThe two power operations of the above are performed,
6. the method of claim 5, wherein the data decryptor downloads the corresponding ciphertext from the primary server or the backup server, and then decrypts the ciphertext with a respective private key specifically comprises:
7. The method for supporting comparison of synchronous ciphertexts of a backup server according to claim 6, wherein the data decryptor generates an authorization token ctk through an authorization process, and the authorization of the main server and the backup server to perform equivalence comparison on the ciphertexts thereof specifically comprises:
data decryptor UiRandomly selecting field ZqIs not a 0 element beta, calculates v1,v2And v3(ii) a Wherein,r1,r2respectively represent group GTTwo power operations of r1=e(Y1,1,Y2,1)β,r2=e(Y1,2,Y2,2)β,v1=gβ,
Data decryptor UiThe encrypted authorization token ctk is given by (v)1,v2,v3) Is sent to the main server S1And a backup server S2。
8. The method of claim 7, wherein the decrypting, by the primary server or the backup server, the received authorization token ctk to obtain the authorization token tk specifically comprises:
server SiComputing group GTOf power-over operation r'1、r'2And an authorization token tk, whereintk=v2/H1(r'1);
Verification H2(v1||v2||tk||r'2)=v3Whether the result is true or not; if so, the server SiGet the correct authorization token tk, otherwise fail.
9. The method of claim 8, wherein the step of comparing the stored user ciphertext data with the authorization token tk by the primary server or the backup server to determine whether the compared user ciphertext encrypts the same plaintext message specifically comprises:
10. An apparatus based on the method for supporting comparison of synchronization ciphertexts of the backup server as claimed in any one of claims 1 to 9, wherein the apparatus comprises:
the initialization module is suitable for selecting safety parameters and a collision-resistant hash function according to a trusted authority TA to generate public parameters; the user key generation module is suitable for each user to generate a respective public key and a private key according to the public parameters, and the users comprise a data encryptor and a data decryptor;
the server key generation module is suitable for the main server and the backup server to generate respective public keys and private keys according to the public parameters respectively;
the data encryption module is suitable for a data encryptor to execute an encryption algorithm according to public keys of two data decryptors and generate corresponding ciphertexts, and the corresponding ciphertexts are sent to the main server and the backup server;
the data decryption module is suitable for a data decryptor to download the corresponding ciphertext from the main server or the backup server and then decrypt the ciphertext by utilizing respective private keys;
the authorization generation module is suitable for generating an authorization token ctk by a data decryptor through an authorization process, and simultaneously authorizing the main server and the backup server to perform equivalence comparison on ciphertexts of the main server and the backup server;
the authorization decryption module is suitable for the main server or the backup server to decrypt the received authorization token ctk so as to obtain an authorization token tk;
and the ciphertext comparison module is suitable for the main server or the backup server to compare the stored user ciphertext data by using the authorization token tk so as to judge whether the compared user ciphertext encrypts the same plaintext message.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811009670.4A CN109246098B (en) | 2018-08-31 | 2018-08-31 | Method for supporting comparison of synchronous ciphertext of backup server |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811009670.4A CN109246098B (en) | 2018-08-31 | 2018-08-31 | Method for supporting comparison of synchronous ciphertext of backup server |
Publications (2)
Publication Number | Publication Date |
---|---|
CN109246098A CN109246098A (en) | 2019-01-18 |
CN109246098B true CN109246098B (en) | 2021-02-19 |
Family
ID=65069107
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811009670.4A Active CN109246098B (en) | 2018-08-31 | 2018-08-31 | Method for supporting comparison of synchronous ciphertext of backup server |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109246098B (en) |
Families Citing this family (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109784094B (en) * | 2019-01-21 | 2023-05-30 | 桂林电子科技大学 | Batch outsourcing data integrity auditing method and system supporting preprocessing |
CN110474764B (en) * | 2019-07-17 | 2021-03-26 | 华南农业大学 | Ciphertext data set intersection calculation method, device, system, client, server and medium |
CN111064770B (en) * | 2019-11-12 | 2021-11-05 | 国网辽宁省电力有限公司信息通信分公司 | Method and system for capturing and synchronizing data bypass of power grid system |
CN113972984B (en) * | 2020-07-24 | 2024-03-19 | 中国移动通信集团浙江有限公司 | ElGamal ciphertext equivalent judgment method and device |
WO2022094829A1 (en) * | 2020-11-05 | 2022-05-12 | 深圳技术大学 | Data security comparison protocol implementation method and system, electronic apparatus, and storage medium |
CN113411305A (en) * | 2021-05-14 | 2021-09-17 | 桂林电子科技大学 | Ciphertext equivalence comparison method based on double-server model |
CN113779593A (en) * | 2021-08-13 | 2021-12-10 | 桂林电子科技大学 | Identity-based dual-server authorization ciphertext equivalence determination method |
CN115378666A (en) * | 2022-08-04 | 2022-11-22 | 山东大学 | Public key encryption method and system supporting outsourced ciphertext data equality test |
CN115499229B (en) * | 2022-09-22 | 2024-05-17 | 淮阴工学院 | Cloud storage encryption data conversion method and system based on identity |
CN115632764B (en) * | 2022-09-26 | 2024-10-11 | 海南大学 | Industrial Internet of Things Cloud Ciphertext Data Comparison Method |
CN116737704B (en) * | 2023-06-02 | 2024-04-12 | 广州芳禾数据有限公司 | System and method for reducing redundancy and redundancy of consumption data in ciphertext state |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103440463A (en) * | 2013-09-17 | 2013-12-11 | 上海颐东网络信息有限公司 | Electronic file protection method based on label |
CN105610793A (en) * | 2015-12-18 | 2016-05-25 | 江苏大学 | Outsourced data encrypted storage and cryptograph query system and application method therefor |
CN106250453A (en) * | 2016-07-27 | 2016-12-21 | 北京电子科技学院 | The cipher text retrieval method of numeric type data based on cloud storage and device |
CN107122449A (en) * | 2017-04-25 | 2017-09-01 | 安徽大学 | File classification method and system based on public key encryption in multi-user environment |
CN108132977A (en) * | 2017-12-12 | 2018-06-08 | 华南农业大学 | Ciphertext database querying method and system based on vertical division |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US7346160B2 (en) * | 2003-04-23 | 2008-03-18 | Michaelsen David L | Randomization-based encryption apparatus and method |
-
2018
- 2018-08-31 CN CN201811009670.4A patent/CN109246098B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103440463A (en) * | 2013-09-17 | 2013-12-11 | 上海颐东网络信息有限公司 | Electronic file protection method based on label |
CN105610793A (en) * | 2015-12-18 | 2016-05-25 | 江苏大学 | Outsourced data encrypted storage and cryptograph query system and application method therefor |
CN106250453A (en) * | 2016-07-27 | 2016-12-21 | 北京电子科技学院 | The cipher text retrieval method of numeric type data based on cloud storage and device |
CN107122449A (en) * | 2017-04-25 | 2017-09-01 | 安徽大学 | File classification method and system based on public key encryption in multi-user environment |
CN108132977A (en) * | 2017-12-12 | 2018-06-08 | 华南农业大学 | Ciphertext database querying method and system based on vertical division |
Non-Patent Citations (1)
Title |
---|
云计算中基于身份的双服务器密文等值判定协议;吴黎兵 等;《计算机研究与发展》;20171015;第54卷(第10期);正文第2节第一段至第5节最后一段 * |
Also Published As
Publication number | Publication date |
---|---|
CN109246098A (en) | 2019-01-18 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109246098B (en) | Method for supporting comparison of synchronous ciphertext of backup server | |
CN111740828B (en) | Key generation method, device and equipment and encryption and decryption method | |
US11818262B2 (en) | Method and system for one-to-many symmetric cryptography and a network employing the same | |
US9246674B2 (en) | Generation of cryptographic keys | |
CN106230590B (en) | Ciphertext strategy attribute-based encryption method for multiple authorization mechanisms | |
JP2016158189A (en) | Change direction with key control system and change direction with key control method | |
WO2013056502A1 (en) | Hierarchical hybrid encryption method and apparatus of smart home system | |
CN114362928B (en) | Quantum key distribution and reconstruction method for multi-node encryption | |
CN106713349B (en) | Inter-group proxy re-encryption method capable of resisting attack of selecting cipher text | |
JP2020532177A (en) | Computer-implemented systems and methods for advanced data security, high-speed encryption, and transmission | |
CN111314050A (en) | Encryption and decryption method and device | |
CA3056814A1 (en) | Symmetric cryptographic method and system and applications thereof | |
CN113326518A (en) | Data processing method and device | |
Vandana et al. | Integrity based authentication and secure information transfer over cloud for hospital management system | |
CN112131596B (en) | Encryption and decryption method, equipment and storage medium | |
US11743039B2 (en) | System and method for data encryption using key derivation | |
CN111314051A (en) | Encryption and decryption method and device | |
CN110535873B (en) | Encryption method and decryption method applied to data collaborative encryption system | |
CN114900292B (en) | Pre-computing system, pre-computing data processing method and device | |
CN111064753B (en) | One-Time Pad-based password manager implementation method | |
CN114978496B (en) | Lightweight encryption-based safe data deduplication method | |
CN113961645A (en) | Data sharing method and device, storage medium and electronic equipment | |
CN117828645A (en) | Lightweight sensitive data access control method | |
CN116170139A (en) | Quantum encryption authentication fusion method, device and system | |
Limmanee et al. | Hybrid Encryption Scheme for Digital Content with Key Partitioning and Secret Mixing: Design and Implementation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant | ||
EE01 | Entry into force of recordation of patent licensing contract |
Application publication date: 20190118 Assignee: Guilin Weisichuang Technology Co.,Ltd. Assignor: GUILIN University OF ELECTRONIC TECHNOLOGY Contract record no.: X2023980046257 Denomination of invention: A method for supporting synchronous ciphertext comparison between backup servers Granted publication date: 20210219 License type: Common License Record date: 20231108 |
|
EE01 | Entry into force of recordation of patent licensing contract |