CN110717191A - Block chain data privacy protection access control method based on searchable attribute encryption - Google Patents
Block chain data privacy protection access control method based on searchable attribute encryption Download PDFInfo
- Publication number
- CN110717191A CN110717191A CN201911014447.3A CN201911014447A CN110717191A CN 110717191 A CN110717191 A CN 110717191A CN 201911014447 A CN201911014447 A CN 201911014447A CN 110717191 A CN110717191 A CN 110717191A
- Authority
- CN
- China
- Prior art keywords
- user
- attribute
- key
- transaction
- trapdoor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Withdrawn
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/30—Payment architectures, schemes or protocols characterised by the use of specific devices or networks
- G06Q20/36—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
- G06Q20/367—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
- G06Q20/3674—Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3825—Use of electronic signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/382—Payment protocols; Details thereof insuring higher security of transaction
- G06Q20/3829—Payment protocols; Details thereof insuring higher security of transaction involving key management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2117—User registration
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Finance (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- General Business, Economics & Management (AREA)
- Strategic Management (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Computer Networks & Wireless Communication (AREA)
- Databases & Information Systems (AREA)
- Medical Informatics (AREA)
- Automation & Control Theory (AREA)
- Storage Device Security (AREA)
Abstract
A block chain data privacy protection access control method based on searchable attribute encryption is characterized in that a data owner initializes and vectors U and U' are randomly selected. The trader a chooses the random numbers η, μ to run the key generation function to compute the public key PK. CA selects random numbers alpha and beta with different sizes, initializes calculation PK, and calculates MK. The transaction user A generates transaction information, encrypts the identity of the transaction user A, runs a wallet signature algorithm to carry out signature by using a private key corresponding to a wallet address, and sends the signature to the transaction user B, and the transaction information Tr can be obtained by the same methodAB. The trader extracts the plaintext information key from the trade and uses the index key gμAnd random number tau, mu pair key IwThe encryption is carried out in such a way that,obtain a transaction ciphertext CMAnd trapdoor ciphertext CTK. And calculating access authority VR', if the user attribute meets the combination of the access structure, obtaining a user key UK and decrypting the trapdoor key ciphertext to obtain the TK. And finally, constructing a keyword trapdoor T by utilizing the trapdoor key and the user keyW′And if the trapdoor is successfully matched, obtaining a transaction message ciphertext, and decrypting to obtain a transaction message M.
Description
Technical Field
The invention relates to the technical field of block chain data privacy protection safety.
Background
The block chain is used as a distributed database account book, and is widely applied to various industries due to the characteristics of public transparency, incapability of being tampered, decentralization and the like. The block chain plays an irreplaceable role in various industries such as finance, education, logistics chain and the like. Meanwhile, the method has great application potential in daily payment service.
Encryption of attributes: in an ABE system, an encryptor will associate encrypted data with a set of attributes. The right to have access to the primary key will issue a different private key to the user, where the user's private key is associated with an access structure above the attributes and reflects the access policy attributed to the user. The decryption algorithm allows the user to decrypt the data using the additional private key as long as the access policy specified by the private key allows.
Public key searchable encryption: the data sharing process in the public key searchable encryption mechanism does not involve the interaction of secret keys, data is encrypted by using the public key, a user decrypts the shared data by using the private key, and the security is based on difficult assumption.
Disclosure of Invention
The invention aims to provide a block chain data privacy protection access control method based on searchable attribute encryption.
The invention relates to a block chain data privacy protection access control method based on searchable attribute encryption, which comprises the following steps:
(1) registering: the user puts forward a registration application to the system, acquires an identity identifier RID and a user attribute set corresponding to the real identity information, and the data has a (transaction user) registration acquisition key and an identity identifier;
(2) initialization: data owner initialization: selecting a group G with a prime number p as an order and a generating element G0In the limiting zone ZpSelecting N elements as system attributes to form a system attribute set S, and making the attributes in S according to the attributesThe correlation between the two is divided into a tree and set as HiFor the depth of the ith tree, define H ═ max { Hi}i∈[1,x]Maximum depth in x trees; randomly selecting vector U ═ U (U)y)1≤y≤xAnd U ═ U'y′)1≤y′≤xWhere uy denotes the public parameter corresponding to the y-th attribute tree, uy∈G0,u′y′Expressing the public parameters corresponding to the y' th tree, trader A selects a group G with the order of prime number p and the generating element of G1Let H1:{0,1}*→G1Is a hash function; the trader selects two random numbers eta, mu to calculate the public key PK ═ g, gμAnd the private key SK ═ η represents a trapdoor key. CA initialization: z* PExpressed as a finite field ZpElement set of m and p prime from Z* PTwo random numbers α and β with different sizes are selected, and PK ═ G is calculated0,g,gβ,Y=e(g,g)αU, U', and calculate MK ═ α, β, defining a bilinear map e: g0×G0=G1;
(3) Transaction generation and signature: the transaction user A generates transaction information, encrypts the identity of the transaction user A, operates a wallet signature algorithm to carry out signature by using a private key corresponding to a wallet address, and sends the signature to the transaction user B, wherein the user signature process comprises the following steps: trans | | σA||CTATrAB=Trans||σA||CTA||σB||CTB;
(4) Index generation: the trader extracts the key from the trading plaintext information and uses the index key gμAnd encrypting the keywords by the random numbers tau and mu, wherein the keywords of the transaction information are calculated as follows: i isw=(I1,I2)=(g1 μr,e(H1(w)μ,g1 ητ));
(5) Encrypted (M, TK, PK) → CM,CTKAnd VR: setting the nth' user attribute a in the cipher text strategy attribute set Hn' at the m ' th attribute tree, depth h ', path Rn′=(an′0,an′1,...,an′k,...,an′h) Where k' is ∈ [0, h ]],an′k′Is the user attribute an′On the path Rn′Corresponding attribute of the k' th layer of (1), for policy attribute an', select its corresponding secret share w according to the mapping piAttribute ciphertext Cn′And policy parameter C'm′Is calculated as follows, the ciphertext is created as follows:
wherein u'm′Representing the public parameter, u, corresponding to the m' th attribute treek′Public parameters representing the k' th layer; the ciphertext is:
m is transaction plaintext information, S is secret value, E1Is a partial cipher text containing transaction plaintext information M;
(6) trapdoor generation (W', TK, UK, lambda) → TW′: in this algorithm, a random number is chosen and a trapdoor is calculated:
TW′=(T1,T2)=(λ·UK,H1(W′)λ·TK)
(7) and (3) testing: (RID, I)W,TW′)→{CM}: matching of calculations performed on the basis of the RID submitted by the user and the UK corresponding to this algorithmThe following were used:
if the search key of the user is the same as the search key contained in the index, the equation is established; the block chain returns the result to the user, otherwise, the empty set is returned to the user;
(8) secret keyAnd (3) key generation: set of attributes S for a useruMiddle nth user attribute anIs located in the ith attribute tree with the depth h and the path Rn=(an0,an1,...,ank,...,anh) Where k is [0, h ]],Is the user attribute anRoute RnCorresponding attributes of the kth layer, and selecting a random number r belonging to Z for resisting collusion attack by an authority center CA* PFor the attribute a of the usernSelecting a random number rn∈ZPAnd calculates an attribute private key dnPrivate key parameter DnAnd Dn' set of rights parameters, calculated as follows:
(9) Decryption (C)M,CTK,SK)→(M,TK,VR′):
Authorization set S in attributesu' of, user attribute anIn the m-th attribute tree, the policy attribute an' in m ' attribute trees, two satisfy m ═ m '; user attributes anDepth h and policy attribute a ofnThe depth of' satisfies: h is less than or equal to h'; user's attribute path Rn=(an0,an1,...,ank,...,anh) With policy attribute an' Attribute Path Rn′=(an′0,an′1,...,an′k′,...,an′h′) Satisfies the following conditions: when k is k', ank=an′k′Where k is [0, h ]],k′∈[0,h′](ii) a A for overlay policy attributesn' user attribute, decryption authority value dn' is calculated as follows:
deciphering bilinear map AniAnd the authority VR' of the user is calculated as follows:
if the user's authority satisfies the structure, the user can decrypt the trapdoor key:
the transaction message can be recovered as:
the invention has the advantages that:
(1) content privacy
The transaction information and the shared secret are encrypted by adopting an attribute encryption mechanism algorithm based on a ciphertext strategy, which is safer than a symmetric encryption algorithm. By encrypting the transaction information and the shared secret with the LSSS linear secret sharing structure, we can ensure the privacy of the contents of both parties to the transaction. And random number r is introduced in the process of generating the private keyjAn identification RID of the user interaction. Even if different users collude with each other without rightsThe private key cannot be obtained. Thus, despite collusion, an illegal user cannot obtain the transaction information and shared secrets.
(2) Identity privacy
By adopting an authority CA which stores a trapdoor key ciphertext, a trading user A does not need to be online at any time and randomly generates a key UK and an identity RID for each user. The RID sequence represents the identity of the user in the interaction process, and the identity privacy of the user is protected.
(3) Search privacy
The search mechanism of our scheme can resist a variety of attacks. During the index generation process, the transactor A encrypts the indexed key using a random number μ, and nodes on the blockchain cannot perform an internal key guessing attack by matching candidate keys to trapdoors. In the trapdoor generation stage, a random number is used for hiding a search key, so that a malicious node is prevented from executing key replay attack after the trapdoor is cracked. So blockchain network nodes and attackers cannot obtain useful information for keywords. Our scheme thus guarantees the privacy of the keywords without reducing the security of previous algorithms.
(4) Attribute privacy
The CA authority center realizes fine-grained access control, and meanwhile, the authority center authorizes users of the block chain through verifying VR, so that the risk brought by submitting an access structure to a block chain network is avoided. This mechanism preserves the attributes of the linear access structure established by the transaction party.
Detailed Description
The invention relates to a block chain data privacy protection access control method based on searchable attribute encryption, which comprises the following steps:
(1) registering: the user puts forward a registration application to the system, acquires an identity identifier RID and a user attribute set corresponding to the real identity information, and the data has a (transaction user) registration acquisition key and an identity identifier;
(2) initialization: data owner initialization: selecting a group G with a prime number p as an order and a generating element G0In the limiting zone ZpSelectingN elements as system attributes to form a system attribute set S, dividing the attributes in S into trees according to the correlation between the attributes, and setting HiFor the depth of the ith tree, define H ═ max { Hi}i∈[1,x]Maximum depth in x trees; randomly selecting vector U ═ U (U)y)1≤y≤xAnd U ═ U'y′)1≤y′≤xWherein u isyRepresenting the public parameter, u, corresponding to the y-th attribute treey∈G0,u′y′Expressing the public parameters corresponding to the y' th tree, trader A selects a group G with the order of prime number p and the generating element of G1Let H1:{0,1}*→G1Is a hash function. The trader selects two random numbers eta, mu to calculate the public key PK ═ g, gμAnd the private key SK ═ η represents a trapdoor key. CA initialization: z* PExpressed as a finite field ZpElement set of m and p prime from Z* PTwo random numbers α and β with different sizes are selected, and PK ═ G is calculated0,g,gβ,Y=e(g,g)αU, U', and calculate MK ═ α, β, defining a bilinear map e: g0×G0=G1;
(3) Transaction generation and signature: the transaction user A generates transaction information, encrypts the identity of the transaction user A, operates a wallet signature algorithm to carry out signature by using a private key corresponding to a wallet address, and sends the signature to the transaction user B, wherein the user signature process comprises the following steps: trans | | σA||CTATrAB=Trans||σA||CTA||σB||CTB;
(4) Index generation: the trader extracts the key from the trading plaintext information and uses the index key gμAnd encrypting the keywords by the random numbers tau and mu, wherein the keywords of the transaction information are calculated as follows: i isw=(I1,I2)=(g1 μτ,e(H1(w)μ,g1 ητ));
(5) Encrypted (M, TK, PK) → CM,CTKAnd VR: setting the nth' user attribute in the cipher text strategy attribute set Han' at the m ' th attribute tree, depth h ', path Rn′=(an′0,an′1,...,an′k,...,an′h) Where k' is ∈ [0, h ]],an′k′Is the user attribute an′On the path Rn′Corresponding attribute of the k' th layer of (1), for policy attribute an', select its corresponding secret share w according to the mapping piAttribute ciphertext Cn′And policy parameter C'n′Is calculated as follows, the ciphertext is created as follows:
wherein u'm′Representing the public parameter, u, corresponding to the m' th attribute treek′Public parameters representing the k' th layer; the ciphertext is:
m is the transaction plaintext information, s is the secret value, E1Is a partial cipher text containing transaction plaintext information M;
(6) trapdoor generation (W', TK, UK, lambda) → TW′: in this algorithm, a random number is chosen and a trapdoor is calculated:
TW′=(T1,T2)=(λ·UK,H1(W′)λ·TK)
(7) and (3) testing: (RID, I)W,TW′)→{CM}: matching of calculations performed on the basis of the RID submitted by the user and the UK corresponding to this algorithmThe following were used:
if the search key of the user is the same as the search key contained in the index, the equation is established; the block chain returns the result to the user, otherwise, the empty set is returned to the user;
(8) and (3) key generation: set of attributes S for a useruMiddle nth user attribute anIs located in the ith attribute tree with the depth h and the path Rn=(an0,an1,...,ank,...,anh) Wherein k is [0, h ]],Is the user attribute anRoute RnCorresponding attributes of the kth layer, and selecting a random number r belonging to Z for resisting collusion attack by an authority center CA* PFor the attribute a of the usernSelecting a random number rn∈ZPAnd calculates an attribute private key dnPrivate key parameter DnAnd Dn' set of rights parameters, calculated as follows:
(9) Decryption (C)M,CTK,SK)→(M,TK,VR′):
Authorization set S in attributesu' of, user attribute anIn the m-th attribute tree, the policy attribute an' in m ' attribute trees, two satisfy m ═ m '; user attributes anDepth h and policy attribute a ofnThe depth of' satisfies: h is less than or equal to h'; user's attribute path Rn=(an0,an1,...,ank,...,anh) With policy attribute an' Attribute Path Rn′=(an′0,an′1,...,an′k′,...,an′h′) Satisfies the following conditions: when k is k', ank=an′k′Where k is [0, h ]],k′∈[0,h′](ii) a A for overlay policy attributesn' user attribute, decryption authority value dn' is calculated as follows:
deciphering bilinear map AniAnd the authority VR' of the user is calculated as follows:
if the user's authority satisfies the structure, the user can decrypt the trapdoor key:
the transaction message can be recovered as:
description of the symbols:
H1:{0,1}*→G1: hash function
Ani: bilinear mapping
gμ: index key
Su: attribute collection
PK: public key
MK: master key
Cn′: attribute ciphertext
an: user attributes
Rn: attribute path
an': policy attributes
σA: signature of transaction user A
σB: signature of transacting user B
CTA: encryption of transaction user A identity
CTB: and encrypting the identity of the transaction user B.
M: clear text of transaction
s: secret value
CA: authoritative center
RID: identity label
VR': user rights restriction
UK: user key
TW′=(T1,T2)=(λ·UK,H1(W′)λ·TK): safety trap door
CTK: transaction information cipher text
Iw: transaction information keywords
The following examples are used to further develop the invention.
The block chain data privacy protection access control method based on searchable attribute encryption comprises the following specific implementation mode that firstly, two transaction parties (data owners) register identities to an authority center to obtain corresponding keys and identity identifiers RID, and send trapdoor key ciphertext, and the two transaction parties encrypt and sign to generate transaction information ciphertextAnd extracts the transaction information keyword Iw=(I1,I2)=(g1 μτ,e(H1(w)μ,g1 ητ) And the transaction information is added to the tail of the transaction information and sent to the block chain, and the miners' nodes are added into the block chain after verification. The data user (monitoring node) firstly registers the identity of the data user to the CA authority center and obtains the private key of the userAnd trapdoor key ciphertextAnd after the user decrypts the trapdoor key ciphertext, obtaining the user authority VR 'and the trapdoor key TK, sending the user authority VR' and the trapdoor key TK to the CA, and after the authority center verifies that the authority center legally meets the access structure, sending the user key UK to the data user. Data user constructed safety trap door TW′=(T1,T2)=(λ·UK,H1(W′)λTK) The data is sent to a block chain in a transaction form, and a miner node matches a keyword index at the tail part of transaction information sent by a data ownerAfter verification, the transaction information is sent to the data user, and the data user can decrypt and obtain the plaintext M of the transaction information.
Claims (1)
1. The block chain data privacy protection access control method based on searchable attribute encryption is characterized by comprising the following steps:
(1) registering: the user puts forward a registration application to the system, acquires an identity identifier RID and a user attribute set corresponding to the real identity information, and the data has a (transaction user) registration acquisition key and an identity identifier;
(2) initialization: data owner initialization: selecting a group G with a prime number p as an order and a generating element G0In the limiting zone ZpSelecting N elements as system attributes to form a system attribute set S, dividing the attributes in S into x trees according to the correlation between the attributes, and setting HiFor the depth of the ith tree, define: h ═ max { Hi}i∈[1,x]Maximum depth in x trees; randomly selecting vector U ═ U (U)y)1≤y≤xAnd U ═ U'y′)1≤y′≤xWherein u isyRepresenting the public parameter, u, corresponding to the y-th attribute treey∈G0,u′y′Expressing the public parameters corresponding to the y' th tree, trader A selects a group G with the order of prime number p and the generating element of G1Let H1:{0,1}*→G1Is a hash function; the trader selects two random numbers eta, mu to calculate the public key PK ═ g, gμThe private key SK ═ η represents a trapdoor key; CA initialization: z* PExpressed as a finite field ZpElement set of m and p prime from Z* PTwo random numbers α and β with different sizes are selected, and PK ═ G is calculated0,g,gβ,Y=e(g,g)αU, U', and calculate MK ═ α, β, defining a bilinear map e: g0×G0=G1;
(3) Transaction generation and signature: the transaction user A generates transaction information, encrypts the identity of the transaction user A, operates a wallet signature algorithm to carry out signature by using a private key corresponding to a wallet address, and sends the signature to the transaction user B, wherein the user signature process comprises the following steps: trans | | σA||CTATrAB=Trans||σA||CTA||σB||CTB;
(4) Index generation: the trader extracts the key from the trading plaintext information and uses the index key gμAnd encrypting the keywords by the random numbers tau and mu, wherein the keywords of the transaction information are calculated as follows:
(5) encrypted (M, TK, PK) → CM,CTKAnd VR: setting the nth' user attribute a in the cipher text strategy attribute set Hn' at the m ' th attribute tree, depth h ', path Rn′=(an′0,an′1,...,an′k,...,an′h) Where k' is ∈ [0, h ]],an′k′Is the user attribute an′On the path Rn′Corresponding attribute of the k' th layer of (1), for policy attribute an′Selecting its corresponding secret share w according to the mapping piAttribute ciphertext Cn′And policy parameter C'n′Is calculated as follows, the ciphertext is created as follows:
wherein u'm′Representing the public parameter, u, corresponding to the m' th attribute treek′Public parameters representing the k' th layer; the ciphertext is:
m is the transaction plaintext information, s is the secret value, E1Is a partial cipher text containing transaction plaintext information M;
(6) trapdoor generation (W', TK, UK, lambda) → TW′: in this algorithm, a random number is chosen and a trapdoor is calculated: t isW′=(T1,T2)=(λ·UK,H1(W′)λ·TK)
(7) And (3) testing: (RID, I)W,TW′)→{CM}: matching of calculations performed on the basis of the RID submitted by the user and the UK corresponding to this algorithmThe following were used:
if the search key of the user is the same as the search key contained in the index, the equation is established; the block chain returns the result to the user, otherwise, the empty set is returned to the user;
(8) and (3) key generation: set of attributes S for a useruMiddle nth user attribute anIs located in the ith attribute tree with the depth h and the path Rn=(an0,an1,...,ank,...,anh) Where k is [0, h ]],Is the user attribute anRoute RnCorresponding attributes of the kth layer, and selecting a random number r belonging to Z for resisting collusion attack by an authority center CA* PFor the attribute a of the usernSelecting a random number rn∈ZPAnd calculates an attribute private key dnPrivate key parameter DnAnd Dn' set of rights parameters, calculated as follows:
(9) Decryption (C)M,CTK,SK)→(M,TK,VR′):
Authorization set s in attributesu' of, user attribute anIn the m-th attribute tree, the policy attribute an' in m ' attribute trees, two satisfy m ═ m '; user attributes anDepth h and policy attribute a ofnThe depth of' satisfies: h is less than or equal toh'; user's attribute path Rn=(an0,an1,...,ank,...,anh) With policy attribute an' Attribute Path Rn′=(an′0,an′1,...,an′k′,...,an′h′) Satisfies the following conditions: when k is k', ank=an′k′Where k is [0, h ]],k′∈[0,h′](ii) a A for overlay policy attributesn' user attribute, decryption authority value dn' is calculated as follows:
deciphering bilinear map AniAnd the authority VR' of the user is calculated as follows:
if the authority of the user satisfies the structure, the users can decrypt the trapdoor key:
the transaction message can be recovered as:
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911014447.3A CN110717191A (en) | 2019-10-24 | 2019-10-24 | Block chain data privacy protection access control method based on searchable attribute encryption |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911014447.3A CN110717191A (en) | 2019-10-24 | 2019-10-24 | Block chain data privacy protection access control method based on searchable attribute encryption |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110717191A true CN110717191A (en) | 2020-01-21 |
Family
ID=69213216
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911014447.3A Withdrawn CN110717191A (en) | 2019-10-24 | 2019-10-24 | Block chain data privacy protection access control method based on searchable attribute encryption |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110717191A (en) |
Cited By (22)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111431715A (en) * | 2020-03-30 | 2020-07-17 | 中南民族大学 | Policy control signature method supporting privacy protection |
CN111614680A (en) * | 2020-05-25 | 2020-09-01 | 华中科技大学 | CP-ABE-based traceable cloud storage access control method and system |
CN111641641A (en) * | 2020-05-29 | 2020-09-08 | 兰州理工大学 | Block chain data sharing method based on searchable proxy re-encryption |
CN111859444A (en) * | 2020-06-12 | 2020-10-30 | 中国科学院信息工程研究所 | Block chain data supervision method and system based on attribute encryption |
CN112131316A (en) * | 2020-11-20 | 2020-12-25 | 腾讯科技(深圳)有限公司 | Data processing method and device applied to block chain system |
CN112163854A (en) * | 2020-09-14 | 2021-01-01 | 北京理工大学 | Hierarchical public key searchable encryption method and system based on block chain |
CN112543105A (en) * | 2020-11-26 | 2021-03-23 | 齐鲁工业大学 | Role-based complete access control method under intelligent contract |
CN112836229A (en) * | 2021-02-10 | 2021-05-25 | 北京深安信息科技有限公司 | Attribute-based encryption and block-chaining combined trusted data access control scheme |
CN112989375A (en) * | 2021-03-05 | 2021-06-18 | 武汉大学 | Hierarchical optimization encryption lossless privacy protection method |
CN113014563A (en) * | 2021-02-10 | 2021-06-22 | 华中科技大学 | Method and system for guaranteeing integrity of searchable public key encryption retrieval |
CN113127926A (en) * | 2021-03-12 | 2021-07-16 | 西安电子科技大学 | Method, system, storage medium and computer for analyzing statistical relevance of private data |
CN113158143A (en) * | 2020-01-22 | 2021-07-23 | 区块链新科技(广州)有限公司 | Key management method and device based on block chain digital copyright protection system |
CN113507366A (en) * | 2021-05-21 | 2021-10-15 | 北方工业大学 | Grid-based searchable log blind signature scheme |
CN113868450A (en) * | 2021-09-29 | 2021-12-31 | 武汉大学 | Remote sensing image safety retrieval method based on block chain |
CN113904823A (en) * | 2021-09-28 | 2022-01-07 | 长沙学院 | Constant-level authorization computation complexity attribute base searchable encryption method and system |
CN114036565A (en) * | 2021-11-19 | 2022-02-11 | 上海勃池信息技术有限公司 | Private information retrieval system and private information retrieval method |
CN115065479A (en) * | 2022-06-02 | 2022-09-16 | 西安电子科技大学 | Decentralized rewriting method for block chain |
CN115865520A (en) * | 2023-02-09 | 2023-03-28 | 西华大学 | Authentication and access control method with privacy protection in mobile cloud service environment |
CN115906185A (en) * | 2023-02-14 | 2023-04-04 | 蓝象智联(杭州)科技有限公司 | Batch hiding query method and device and storage medium |
CN117596085A (en) * | 2024-01-19 | 2024-02-23 | 华南理工大学 | Searchable encryption method with forward and backward privacy based on attribute set |
CN117596036A (en) * | 2023-11-20 | 2024-02-23 | 北京邮电大学 | Dynamic attribute-based encryption access control method with multi-time granularity constraint |
CN117997651A (en) * | 2024-04-03 | 2024-05-07 | 湖南天河国云科技有限公司 | Data sharing method, system, equipment and storage medium |
-
2019
- 2019-10-24 CN CN201911014447.3A patent/CN110717191A/en not_active Withdrawn
Cited By (37)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN113158143A (en) * | 2020-01-22 | 2021-07-23 | 区块链新科技(广州)有限公司 | Key management method and device based on block chain digital copyright protection system |
CN111431715B (en) * | 2020-03-30 | 2020-12-18 | 中南民族大学 | Policy control signature method supporting privacy protection |
CN111431715A (en) * | 2020-03-30 | 2020-07-17 | 中南民族大学 | Policy control signature method supporting privacy protection |
CN111614680A (en) * | 2020-05-25 | 2020-09-01 | 华中科技大学 | CP-ABE-based traceable cloud storage access control method and system |
CN111614680B (en) * | 2020-05-25 | 2021-04-02 | 华中科技大学 | CP-ABE-based traceable cloud storage access control method and system |
CN111641641A (en) * | 2020-05-29 | 2020-09-08 | 兰州理工大学 | Block chain data sharing method based on searchable proxy re-encryption |
CN111859444A (en) * | 2020-06-12 | 2020-10-30 | 中国科学院信息工程研究所 | Block chain data supervision method and system based on attribute encryption |
CN111859444B (en) * | 2020-06-12 | 2022-03-01 | 中国科学院信息工程研究所 | Block chain data supervision method and system based on attribute encryption |
CN112163854A (en) * | 2020-09-14 | 2021-01-01 | 北京理工大学 | Hierarchical public key searchable encryption method and system based on block chain |
CN112163854B (en) * | 2020-09-14 | 2022-08-05 | 北京理工大学 | Hierarchical public key searchable encryption method and system based on block chain |
CN112131316A (en) * | 2020-11-20 | 2020-12-25 | 腾讯科技(深圳)有限公司 | Data processing method and device applied to block chain system |
CN112543105A (en) * | 2020-11-26 | 2021-03-23 | 齐鲁工业大学 | Role-based complete access control method under intelligent contract |
CN112836229A (en) * | 2021-02-10 | 2021-05-25 | 北京深安信息科技有限公司 | Attribute-based encryption and block-chaining combined trusted data access control scheme |
CN113014563A (en) * | 2021-02-10 | 2021-06-22 | 华中科技大学 | Method and system for guaranteeing integrity of searchable public key encryption retrieval |
CN112989375B (en) * | 2021-03-05 | 2022-04-29 | 武汉大学 | Hierarchical optimization encryption lossless privacy protection method |
CN112989375A (en) * | 2021-03-05 | 2021-06-18 | 武汉大学 | Hierarchical optimization encryption lossless privacy protection method |
CN113127926B (en) * | 2021-03-12 | 2024-01-16 | 西安电子科技大学 | Method, system, storage medium and computer for analyzing statistical correlation of privacy data |
CN113127926A (en) * | 2021-03-12 | 2021-07-16 | 西安电子科技大学 | Method, system, storage medium and computer for analyzing statistical relevance of private data |
CN113507366A (en) * | 2021-05-21 | 2021-10-15 | 北方工业大学 | Grid-based searchable log blind signature scheme |
CN113507366B (en) * | 2021-05-21 | 2024-04-26 | 北方工业大学 | Grid-based searchable log blind signature scheme |
CN113904823A (en) * | 2021-09-28 | 2022-01-07 | 长沙学院 | Constant-level authorization computation complexity attribute base searchable encryption method and system |
CN113904823B (en) * | 2021-09-28 | 2024-02-27 | 长沙学院 | Attribute-based searchable encryption method and system for constant-level authorization computation complexity |
CN113868450B (en) * | 2021-09-29 | 2024-04-02 | 武汉大学 | Remote sensing image safety retrieval method based on block chain |
CN113868450A (en) * | 2021-09-29 | 2021-12-31 | 武汉大学 | Remote sensing image safety retrieval method based on block chain |
CN114036565B (en) * | 2021-11-19 | 2024-03-08 | 上海勃池信息技术有限公司 | Private information retrieval system and private information retrieval method |
CN114036565A (en) * | 2021-11-19 | 2022-02-11 | 上海勃池信息技术有限公司 | Private information retrieval system and private information retrieval method |
CN115065479A (en) * | 2022-06-02 | 2022-09-16 | 西安电子科技大学 | Decentralized rewriting method for block chain |
CN115065479B (en) * | 2022-06-02 | 2024-06-07 | 西安电子科技大学 | Decentralizing rewriting method for block chain |
CN115865520A (en) * | 2023-02-09 | 2023-03-28 | 西华大学 | Authentication and access control method with privacy protection in mobile cloud service environment |
CN115865520B (en) * | 2023-02-09 | 2023-04-28 | 西华大学 | Authentication and access control method with privacy protection in mobile cloud service environment |
CN115906185A (en) * | 2023-02-14 | 2023-04-04 | 蓝象智联(杭州)科技有限公司 | Batch hiding query method and device and storage medium |
CN115906185B (en) * | 2023-02-14 | 2023-07-28 | 蓝象智联(杭州)科技有限公司 | Batch hidden query method, device and storage medium |
CN117596036A (en) * | 2023-11-20 | 2024-02-23 | 北京邮电大学 | Dynamic attribute-based encryption access control method with multi-time granularity constraint |
CN117596036B (en) * | 2023-11-20 | 2024-06-11 | 北京邮电大学 | Dynamic attribute-based encryption access control method with multi-time granularity constraint |
CN117596085A (en) * | 2024-01-19 | 2024-02-23 | 华南理工大学 | Searchable encryption method with forward and backward privacy based on attribute set |
CN117997651A (en) * | 2024-04-03 | 2024-05-07 | 湖南天河国云科技有限公司 | Data sharing method, system, equipment and storage medium |
CN117997651B (en) * | 2024-04-03 | 2024-06-07 | 湖南天河国云科技有限公司 | Data sharing method, system, equipment and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110717191A (en) | Block chain data privacy protection access control method based on searchable attribute encryption | |
Qadir et al. | A review paper on cryptography | |
CN106357401B (en) | A kind of storage of private key and application method | |
Li et al. | Privacy-preserving-outsourced association rule mining on vertically partitioned databases | |
Patel et al. | Image encryption using different techniques: A review | |
CN103281377B (en) | A kind of encrypt data storage and querying method of facing cloud | |
EP2228942B1 (en) | Securing communications sent by a first user to a second user | |
US5557346A (en) | System and method for key escrow encryption | |
CN112148801B (en) | Method and device for predicting business object by combining multiple parties for protecting data privacy | |
CN111859444B (en) | Block chain data supervision method and system based on attribute encryption | |
WO2007103906A2 (en) | Secure data transmission using undiscoverable or black data | |
CN113158143B (en) | Key management method and device based on block chain digital copyright protection system | |
CN101529791A (en) | A method and apparatus to provide authentication and privacy with low complexity devices | |
CN103532701A (en) | Encryption and decryption method for numeric type data | |
Cha et al. | Blockchain based sensitive data management by using key escrow encryption system from the perspective of supply chain | |
Ra et al. | A key recovery system based on password-protected secret sharing in a permissioned blockchain | |
CN110690957A (en) | Anti-quantum-computation private key backup, loss reporting and recovery method and system based on alliance chain and implicit certificate | |
CN103493428B (en) | Data encryption | |
Kroll et al. | Secure protocols for accountable warrant execution | |
Shoukat et al. | A survey about latest trends and research issues of cryptographic elements | |
Jones et al. | Information Security: A Coordinated Strategy to Guarantee Data Security in Cloud Computing | |
CN113079177B (en) | Remote sensing data sharing method based on time and decryption frequency limitation | |
CN114065242A (en) | Privacy data protection method based on block chain technology | |
US10938790B2 (en) | Security system and method | |
CN114629640A (en) | White-box accountable attribute-based encryption system and method for solving key escrow problem |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WW01 | Invention patent application withdrawn after publication |
Application publication date: 20200121 |
|
WW01 | Invention patent application withdrawn after publication |