CN111447200A

CN111447200A - Data processing method, device, system, electronic equipment and storage medium

Info

Publication number: CN111447200A
Application number: CN202010212549.2A
Authority: CN
Inventors: 董雯; 杨高波; 陈军; 李旭勇; 胡卫红
Original assignee: Hunan Xing Tian Electronic Technology Co ltd
Current assignee: Hunan Xingtian Electronic Technology Co ltd
Priority date: 2020-03-24
Filing date: 2020-03-24
Publication date: 2020-07-24
Anticipated expiration: 2040-03-24
Also published as: CN111447200B

Abstract

The present application relates to the field of information security and cloud computing technologies, and in particular, to a data processing method, apparatus, system, electronic device, and storage medium. The data processing method provided by the embodiment of the application acquires global parameters aiming at a data processing system; acquiring a current attribute set of a target user, determining an intersection of the current attribute set and a reference attribute set stored by each of N pieces of second equipment as a target attribute set, and acquiring N target attribute sets; obtaining a user private key based on the global parameter, the N target attribute sets and a first key pair sent by each of the N pieces of second equipment; and decrypting the target data through a user private key to obtain plaintext data. The data processing method, the device, the system, the electronic equipment and the storage medium provided by the embodiment of the application can ensure the safety of the target data.

Description

Data processing method, device, system, electronic equipment and storage medium

Technical Field

The present application relates to the field of information security and cloud computing technologies, and in particular, to a data processing method, apparatus, system, electronic device, and storage medium.

Background

In recent years, Attribute-Based Encryption (ABE) has been proposed for outsourcing systems, and ABE does not require prior information from the user during data processing and provides fine-grained access control. Currently, ABE is mainly divided into two mechanisms: cipher-Policy Attribute-Based Encryption (CP-ABE) and Key-Policy Attribute-Based Encryption (KP-ABE). Compared with a KP-AB E mechanism, the CP-ABE mechanism is more suitable for a cloud environment, because the CP-ABE mechanism associates a ciphertext with an access structure, a user private key is related to a user attribute, and when the user attribute corresponding to the user private key can meet the requirement that a data owner defines the access structure in the ciphertext, a user can decrypt target data to obtain plaintext data. In addition, a user may have multiple attributes, and the multiple attributes owned by a user may be managed by different attribute authority centers, for example, a doctor in a hospital may also be a researcher in a medical research institute, so that the doctor has both the attributes of the doctor and the researcher, while the hospital is an attribute authority management center for managing the attribute of the doctor, and the medical research institute is an attribute authority management center for managing the attribute of the researcher.

In the practical application process, usually, a user submits a plaintext identity (various attributes owned by the user can be determined according to the plaintext identity) to an attribute authority center, and the attribute authority center corresponding to the various attributes distributes a user private key. Therefore, once the attribute authority center colludes with other malicious users to steal the user information, for example, a user has three attributes, namely professor, computer science academy manager, and communication association reason, and the three attributes are managed by the three attribute authority centers, so that once the three attribute authority centers are corrupted collectively, the user private key can be obtained by using a plaintext identity, and finally target data can be stolen. Therefore, how to ensure the security of the target data becomes a technical problem to be solved urgently in the technical field of information security and cloud computing.

Disclosure of Invention

An object of the present invention is to provide a data processing method, device, system, electronic device and storage medium, so as to solve the above problems.

In a first aspect, a data processing method provided in an embodiment of the present application includes:

acquiring global parameters for a data processing system;

acquiring a current attribute set of a target user, determining an intersection of the current attribute set and a reference attribute set stored by each of N pieces of second equipment as a target attribute set, and acquiring N target attribute sets;

obtaining a user private key based on the global parameter, the N target attribute sets and a first key pair sent by each of the N pieces of second equipment;

and decrypting the target data through a user private key to obtain plaintext data.

The data processing method provided by the embodiment of the application obtains global parameters for a data processing system, obtains a current attribute set of a target user, determines an intersection of the current attribute set and a reference attribute set stored by each of N second devices to serve as the target attribute set, obtains N target attribute sets, obtains a user private key based on the global parameters, the N target attribute sets and a first key pair sent by each of the N second devices, and then decrypts the target data through the user private key to obtain plaintext data. Obviously, in the embodiment of the present application, the first device can obtain the private key of the user through interaction with each of the N second devices, so that the N second devices are prevented from obtaining the private key of the user in a collusion manner, and the target data is finally stolen, thereby ensuring the security of the target data.

With reference to the first aspect, an embodiment of the present application further provides a first optional implementation manner of the first aspect, where the obtaining a user private key based on the global parameter, the N target attribute sets, and the first key pair sent by each of the N pieces of second equipment includes:

aiming at each second device in the N second devices, an anonymous key issuing protocol is interactively executed with the second device, and an anonymous private key is calculated based on the global parameter and a target attribute set corresponding to the second device to obtain N groups of anonymous private keys;

and obtaining a user private key based on the global parameter, the first key pair sent by each of the N pieces of second equipment and the N groups of anonymous private keys.

With reference to the first optional implementation manner of the first aspect, this embodiment of the present application further provides a second optional implementation manner of the first aspect, where for each of the N second devices, an anonymous key issuing protocol is performed in an interactive manner with the second device, and an anonymous private key is calculated based on the global parameter and a target attribute set corresponding to the second device, so as to obtain N sets of anonymous private keys, where the method includes:

selecting a plurality of first secret values aiming at each of N pieces of second equipment, proving the plurality of first secret values by zero knowledge based on a first commitment scheme, wherein the commitment value generated in the first commitment scheme is the first commitment value, and the first commitment value is obtained based on global parameters;

receiving a second commitment value sent by a second device, wherein the second commitment value is a plurality of second secret values selected by the second device, and is based on a second commitment scheme, and the commitment value generated in the second commitment scheme is obtained based on a global parameter and the first commitment value when zero knowledge proves the plurality of second secret values;

and calculating the anonymous private key based on the target attribute set corresponding to the second device, the first secret value and the second commitment value so as to obtain N groups of anonymous private keys.

With reference to the second optional implementation manner of the first aspect, this embodiment of the present application further provides a third optional implementation manner of the first aspect, where the obtaining a user private key based on the global parameter, the first key pair sent by each of the N second devices, and the N groups of anonymous private keys includes:

aiming at each of N pieces of second equipment, receiving a plurality of second secret values sent by the second equipment, and calculating M key intermediate values by combining partial first secret values in a plurality of first secret values corresponding to the second equipment through a secret protocol to obtain N ＊ M key intermediate values;

and obtaining a user private key based on the global parameter, the first key pair sent by each of the N pieces of second equipment, the N groups of anonymous private keys and the N ＊ M key intermediate values.

With reference to the first aspect, an embodiment of the present application further provides a fourth optional implementation manner of the first aspect, where the decrypting the target data with the user private key includes:

selecting a key transformation random number;

performing exponential operation on a user private key based on a key transformation random number to obtain a transformation key, and sending target data and the transformation key to a cloud proxy server so that the cloud proxy server performs half decryption on the target data to obtain half decrypted data;

and receiving semi-decrypted data sent by the cloud proxy server, and carrying out full decryption on the semi-decrypted data by using the key transformation random number as a retrieval key to obtain plaintext data.

With reference to the first aspect, an embodiment of the present application further provides a fifth optional implementation manner of the first aspect, and the data processing method further includes:

and when a second key pair sent by any one of the N pieces of second equipment is received, updating the user private key according to the second key pair, and updating the first key pair generated by the second equipment to obtain the key pair when the second key pair is changed for the reference attribute set stored in the second equipment.

In a second aspect, an embodiment of the present application further provides a data processing method, which is applied to a data processing system including a first device and N second devices, where the data processing method includes:

each of the N pieces of second equipment acquires global parameters aiming at the data processing system, and generates a first key pair based on the global parameters and a reference attribute set stored by the second equipment;

the method comprises the steps that a first device obtains global parameters aiming at a data processing system, obtains a current attribute set of a target user, determines an intersection of the current attribute set and a reference attribute set stored by each second device in N second devices to serve as the target attribute set so as to obtain N target attribute sets, obtains a user private key based on the global parameters, the N target attribute sets and a first secret key pair sent by each second device in the N second devices, and decrypts the target data through the user private key to obtain plaintext data.

The data processing method in the embodiment of the present application has the same beneficial effects as the data processing method provided in the first aspect, or any one of the optional implementation manners of the first aspect, and details are not described here.

With reference to the second aspect, an embodiment of the present application further provides a first optional implementation manner of the second aspect, where the data processing system further includes a cloud proxy server, a cloud storage server, and a third device, and the data processing method further includes:

the cloud proxy server acquires global parameters aiming at the data processing system, acquires a plurality of outsourced encrypted random numbers, acquires a transformation ciphertext based on the global parameters and the outsourced encrypted random numbers, and sends the transformation ciphertext to the cloud storage server;

the third equipment acquires an access structure corresponding to the initial data, hides the attribute of the access structure to acquire a hidden structure, embeds the hidden structure into the initial data to acquire intermediate data, and sends the intermediate data to the cloud storage server;

and the cloud storage server takes the transformation ciphertext and the intermediate data together as target data.

With reference to the first optional implementation manner of the second aspect, an embodiment of the present application further provides a second optional implementation manner of the second aspect, and the data processing method further includes:

the method comprises the steps that a first device generates a data access request and sends the data access request to a cloud storage server;

the cloud storage server sends the target data to the first device based on the data access request.

In a third aspect, an embodiment of the present application further provides a data encryption apparatus, which is applied to a first device, and a data processing apparatus, including:

the global parameter acquisition module is used for acquiring global parameters aiming at the data processing system;

a target attribute set acquisition module, configured to acquire a current attribute set of a target user, and determine an intersection between the current attribute set and a reference attribute set stored by each of N pieces of second equipment, as a target attribute set, to obtain N target attribute sets;

the user private key acquisition module is used for acquiring a user private key based on the global parameters, the N target attribute sets and a first key pair sent by each of the N pieces of second equipment;

and the decryption processing module is used for decrypting the target data through a user private key to obtain plaintext data.

The data processing apparatus in the embodiment of the present application has the same beneficial effects as the data processing method provided in the first aspect, or any one of the optional implementation manners of the first aspect, and details are not described here.

In a fourth aspect, an embodiment of the present application further provides an electronic device, which includes a processor and a memory, where the memory stores a computer program, and the processor is configured to execute the computer program to implement the data processing method provided in the first aspect or any optional implementation manner of the first aspect.

The electronic device apparatus provided in the embodiment of the present application has the same beneficial effects as the data processing method provided in the first aspect, or any optional implementation manner of the first aspect, and details are not described here.

In a fifth aspect, an embodiment of the present application further provides a storage medium, where a computer program is stored on the storage medium, and when the computer program is executed, the data processing method provided in the first aspect or any optional implementation manner of the first aspect is implemented.

The storage medium provided in the embodiment of the present application has the same beneficial effects as the data processing method provided in the first aspect, or any optional implementation manner of the first aspect, and details are not described here.

In a sixth aspect, an embodiment of the present application further provides a data processing system, where the data processing system includes a first device and N second devices, and the first device is connected to the N second devices respectively;

each of the N pieces of second equipment is configured to acquire a global parameter for the data processing system, and generate a first key pair based on the global parameter and a reference attribute set stored by the second equipment;

the first device is used for acquiring global parameters for the data processing system, acquiring a current attribute set of a target user, determining an intersection of the current attribute set and a reference attribute set stored by each of the N second devices to serve as the target attribute set so as to acquire N target attribute sets, acquiring a user private key based on the global parameters, the N target attribute sets and a first key pair sent by each of the N second devices, and decrypting the target data through the user private key to acquire plaintext data.

The data processing system provided in the embodiment of the present application has the same beneficial effects as the data processing method provided in the second aspect, or any optional implementation manner of the second aspect, and details are not described here.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are required to be used in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and that those skilled in the art can also obtain other related drawings based on the drawings without inventive efforts.

Fig. 1 is a schematic structural block diagram of a data processing system according to an embodiment of the present application.

Fig. 2 is a schematic block diagram of another data processing system according to an embodiment of the present application.

Fig. 3 is a flowchart illustrating steps of a data processing method according to an embodiment of the present application.

Fig. 4 is a flowchart illustrating steps of another data processing method according to an embodiment of the present disclosure.

Fig. 5 is a schematic structural block diagram of a data processing apparatus according to an embodiment of the present application.

Reference numerals: 10-a data processing system; 100-a first device; 200-a second device; 300-a cloud proxy server; 400-cloud storage server; 500-a third device; 600-a data processing apparatus; 610-global parameter acquisition module; 620-target attribute set acquisition module; 630-a user private key obtaining module; 640-decryption processing module.

Detailed Description

In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be described below with reference to the drawings in the embodiments of the present application.

It should be noted that: like reference numbers and letters refer to like items in the following figures, and thus, once an item is defined in one figure, it need not be further defined and explained in subsequent figures.

The first embodiment:

referring to fig. 1, an embodiment of the present application provides a data processing system 10, where the data processing system 10 includes a first Device 100 and N second devices 200, where the first Device 100 is connected to the N second devices 200 respectively, the first Device 100 may be a terminal Device used by a user side, such as a smart phone, a tablet computer, a personal digital Assistant (pda), a Mobile Internet Device (MID), and the second Device 200 may be a server, such as a web server. In addition, in this embodiment of the application, the second device 200 may serve as an attribute authority center for storing a reference attribute set.

In this embodiment, each of the N second devices 200 is configured to obtain a global parameter for the data processing system 10, and generate a first key pair based on the global parameter and a reference attribute set stored by the second device 200, while the first device 100 is configured to obtain the global parameter for the data processing system 10, obtain a current attribute set of a target user, determine an intersection of the current attribute set and the reference attribute set stored by each of the N second devices 200, and use the intersection as a target attribute set to obtain N target attribute sets, obtain a user private key based on the global parameter, the N target attribute sets, and the first key pair sent by each of the N second devices 200, and decrypt the target data with the user private key to obtain plaintext data.

In addition, referring to fig. 2, the data processing system 10 provided in the embodiment of the present application may further include a cloud proxy 300, a cloud storage server 400, and a third device 500, where the cloud proxy 300 may be a web server, the cloud storage server 400 may be a database server, and the third device 500 may be an electronic device used by a data owner, the electronic device may be a server, such as a web server, a database server, and the like, and may also be a terminal device, such as a smart phone, a tablet computer, a PAD, a MID, and the like.

In this embodiment of the present application, the cloud proxy 300 obtains a global parameter for the data processing system 10, and obtains an outsource encryption random number, and based on the global parameter and the outsource encryption random number, obtains a transformation ciphertext, sends the transformation ciphertext to the cloud storage server 400, the third device 500 obtains an access structure corresponding to the initial data, and hides an attribute of the access structure, obtains a recessive structure, embeds the recessive structure into the initial data, obtains intermediate data, sends the intermediate data to the cloud storage server 400, and the cloud storage server 400 uses the transformation ciphertext and the intermediate data as target data together.

It should be understood that the component structures shown in fig. 1and 2 are merely illustrative of data processing system 10, and that embodiments of the present application provide data processing system 10 having fewer or more components than shown in fig. 1and 2, or having a different configuration than shown in fig. 1and 2. Hereinafter, a specific structure of the data processing system 10 provided in the embodiment of the present application and specific functions of each constituent structure will be described with reference to the data processing method provided in the second embodiment.

Second embodiment:

referring to fig. 3, fig. 3 is a schematic flowchart of a data processing method according to an embodiment of the present disclosure, where the data processing method is applied to a data processing system including a first device and N second devices. It should be noted that the data processing method provided in the embodiment of the present application is not limited by the sequence shown in fig. 3 and the following, and the specific flow and steps of the data processing method are described below with reference to fig. 3.

In step S100, each of the N second devices obtains a global parameter for the data processing system, and generates a first key pair based on the global parameter and a reference attribute set stored in the second device.

In the embodiment of the application, the global parameter for the data processing system can be obtained as a start instruction by inputting the security parameter, and the security parameter can be any random number. In the embodiment of the present application, the global parameter may be characterized as GP ═ G, (h, e, G)_TH), wherein G and G_TTwo cyclic groups of prime order p, G and h are generators of cyclic group G, cyclic group G and cyclic group G_TThere is a bilinear mapping e G × G → G_TAnd H is a strong collision-resistant hash function and is characterized as H: {0,1}^*→G。

In addition, in this embodiment of the application, the N second devices are independent of each other and do not affect each other, and the N second devices may be characterized as

Each second device is adapted to store a set of reference attributes, characterisationIs composed of

It should be noted that, in this embodiment of the present application, an intersection of reference attribute sets stored in any two second devices is null, and is characterized by being null

In this embodiment of the application, after each of the N pieces of second equipment obtains the global parameter for the data processing system, an attribute authority center (AA-Set up) algorithm may be used to generate a first key pair based on the global parameter and a reference attribute Set stored in the second equipment, and the first key pair is sent to the first equipment. For example, each of the N second devices runs the AA-Setup algorithm from Z_pSelecting a plurality of first random numbers in the domain, characterized as α_k,β_k,y_k∈Z_pMeanwhile, each of the N second devices also needs to be controlled from Z_pIn the domain, each attribute a in the reference attribute set stored for it_k,i(1≤i≤n_k) Selecting a second random number, and recording the second random number as t_k,i∈Z_pBased on this, the generation of the first key pair by each of the N second devices may be characterized as

Wherein, PK_kPublic key, MK, generated for the kth of the N second devices_kA master private key generated for a kth second device of the N second devices.

Step S200, the first device obtains global parameters aiming at the data processing system, obtains a current attribute set of a target user, determines an intersection of the current attribute set and a reference attribute set stored by each of N second devices to be used as the target attribute set so as to obtain N target attribute sets, obtains a user private key based on the global parameters, the N target attribute sets and a first key pair sent by each of the N second devices, and decrypts the target data through the user private key to obtain plaintext data.

Hereinafter, step S200 is decomposed into step S210, step S220, step S230, and step S240 to describe a specific flow of step S200.

In step S210, the first device obtains global parameters for the data processing system.

Similarly, in the embodiment of the present application, the global parameter for the data processing system may be obtained as a start instruction by inputting a security parameter, and the security parameter may be any random number. For the description of the global parameter, reference may be made to the detailed description of step S100, which is not described herein again.

Step S220, the first device obtains a current attribute set of the target user, and determines an intersection of the current attribute set and a reference attribute set stored by each of the N second devices, as a target attribute set, to obtain N target attribute sets.

In the embodiment of the application, after a target user logs in a security account through first equipment, an identity corresponding to the security account is acquired and is characterized by a GID_UAnd obtaining a current attribute set corresponding to the identity, characterized as

Thereafter, a reference attribute set stored by each of the N second devices is obtained to determine an intersection between the current attribute set and the reference attribute set stored by each of the N second devices, and an intersection between the current attribute set and a reference attribute set stored by a kth second device of the N second devices, that is, the kth target attribute set may be characterized as being a set of target attributes

It should be noted that, in the embodiment of the present application, the identity GID of the target user_UThe random number selected by the target user can ensure that the second equipment can not know the random numberThe identity information of the first device is directly represented by an identity identification number, namely an ID number, in the prior art, when the target user submits the identity information to an attribute authority center, the attribute authority center issues a user private key, the identity information is embedded into the user private key, and once the user private key is leaked, the identity information of the target user is synchronously leaked, so in the embodiment of the application, the random number selected by the target user is used as an identity identification GID_UThe privacy of the identity information of the target user can be enhanced.

In step S230, the first device obtains a user private key based on the global parameter, the N target attribute sets, and the first key pair sent by each of the N second devices.

In the embodiment of the present application, step S230 may include step S231 and step S232.

Step S231, the first device interacts with each of the N second devices to execute an anonymous key issuing protocol, and calculates an anonymous private key based on the global parameter and the target attribute set corresponding to the second device, so as to obtain N sets of anonymous private keys.

In this embodiment, the first device may select a plurality of first secret values for each of the N second devices, and proving a plurality of first secret values based on a first commitment scheme with zero knowledge, the commitment values generated in the first commitment scheme being first commitment values, the first commitment values being obtained based on global parameters, and thereafter, receiving a second commitment value sent by the second device, the second commitment value selecting a plurality of second secret values for the second device, and based on a second commitment scheme, zero knowledge proof of a plurality of second secret values, the commitment values generated in the second commitment scheme, the second commitment values being obtained based on the global parameters and the first commitment values, after the first secret value and the second commitment value are obtained, an anonymous private key is calculated based on a target attribute set corresponding to the second device, the first secret value and the second commitment value, so as to obtain N groups of anonymous private keys. Hereinafter, this process will be further described.

The first device may be selected from Z_pRandomly selecting three in the fieldThe first secret value, denoted u, ρ₁,ρ₂∈Z_pAnd from Z_pSelecting three first auxiliary values in the domain to be recorded as rho'₁,ρ'₂,ρ'₃∈Z_pAnd obtaining a plurality of first commitment values based on the global parameter, the three first secret values and the three first auxiliary values, and recording the first commitment values as

And combining the plurality of first commitment values

Sending the data to the kth second equipment AA in the N second equipment_k. Thereafter, the second device AA_kFrom Z_pSelecting a second auxiliary value in the field, denoted as η₁∈Z_pAnd transmitting the second auxiliary value to the first device. After receiving the second auxiliary value sent by the second device, the first device obtains a plurality of first verification values based on a partial secret value of the three first secret values, the three first auxiliary values, and the received second auxiliary value, and records the first verification values as

And sending the obtained plurality of first verification values to a kth second device AA of the N second devices_k. Finally, the kth second device AA of the N second devices_kAuthentication

If it is

Both are true, then the first device has zero knowledge to prove that it has a plurality of first secret values, i.e. has u, ρ₁,ρ₂。

First is provided withAfter proving that the user has a plurality of first secret values by zero-knowledge, the kth second device AA in the N second devices_kFrom Z_pTwo second secret values, denoted c, are randomly selected in the domain_u,e_u∈Z_pAnd from Z_pSelecting three third auxiliary values in the field to be recorded as c'_u,e'_u,l_u∈Z_pAnd obtaining a plurality of second commitment values based on the global parameter, the two second secret values and the three third auxiliary values, and recording the second commitment values as

Meanwhile, the kth second device AA in the N second devices_kAnd obtaining a plurality of second commitment values based on the global parameter, the plurality of first random numbers, the plurality of first commitment values, the two second secret values and the three third auxiliary values, and recording the plurality of second commitment values as

And all the second commitment values obtained currently

And sending the data to the first device. Thereafter, the first device is driven from Z_pSelecting a fourth auxiliary value in the field, denoted as η₂∈Z_pAnd sends the fourth auxiliary value to the kth second device AA of the N second devices_k. The kth second device AA of the N second devices_kAfter receiving the fourth auxiliary value sent by the first device, a plurality of second verification values are obtained based on the two second secret values, the three second auxiliary values and the received fourth auxiliary value, and are recorded as

And transmitting the plurality of first commitment values obtained again to the first device. Finally, the first device verifies

e(r₁,r₂)＝e(g,g)、e(r₃,r₄)＝e(h,h)、

If it is

e(r₁,r₂)＝e(g,g)、e(r₃,r₄)＝e(h,h)、

If all the second devices are true, the kth second device AA in the N second devices_kZero knowledge proves that it possesses a plurality of second secret values, i.e. possesses c_u,e_u。

After the first secret value and the second commitment value are obtained, an anonymous private key is calculated based on a target attribute set corresponding to the second device, the first secret value and the second commitment value to obtain N groups of anonymous private keys, wherein the kth group of anonymous private keys in the N groups of anonymous private keys can be characterized as

Step S232, the first device obtains the user private key based on the global parameter, the first key pair sent by each of the N second devices, and the N sets of anonymous private keys.

In this embodiment, the first device may receive, for each of the N second devices, a plurality of second secret values sent by the second device, and calculate, by using a secret protocol, M key intermediate values in combination with a part of first secret values in the plurality of first secret values corresponding to the second device, to obtain N ＊ M key intermediate values, where the secret protocol may be a 2-Party protocol, the value of M may be 2, and two key intermediate values may be characterized as γ_u＝ρ₁e_u、

Then, a user private key is obtained based on the global parameter, the first key pair sent by each of the N second devices, the N groups of anonymous private keys, and the N key intermediate values, and in this embodiment, the obtained user private key may be characterized as:

wherein the content of the first and second substances,

the calculation derivation process of (1) is as follows:

will gamma_u＝ρ₁e_u、

Substitution into

In the end of this process,

user private key SK_UIn

And

is calculated and derived

The calculation and derivation processes are similar, and details are not described in the embodiments of the present application.

In step S240, the first device decrypts the target data through the user private key to obtain plaintext data.

In the embodiment of the application, the first device may respond to a data access operation of a target user, generate a data access request, and send the data access request to the cloud storage server, and the cloud storage server sends target data to the first device based on the data access request. Based on this, it can be understood that the data processing method provided in the embodiment of the present application may also be applied to a data processing system including a first device, N second devices, a cloud proxy server, a cloud storage server, and a third device, and before performing step S240, the data processing method further includes step S300, step S400, and step S500.

Step S300, the cloud proxy server obtains global parameters aiming at the data processing system, obtains a plurality of outsourced encrypted random numbers, obtains a transformation ciphertext based on the global parameters and the outsourced encrypted random numbers, and sends the transformation ciphertext to the cloud storage server.

In the embodiment of the application, after the cloud proxy server obtains the global parameter for the data processing system and obtains the plurality of outsourced encrypted random numbers, a transformation ciphertext can be obtained through an offline encryption (offline. enc) algorithm based on the global parameter and the plurality of outsourced encrypted random numbers, and the transformation ciphertext is sent to the cloud storage server. Wherein the plurality of outsourced encrypted data can be three and can be from Z_pSelecting from the domain, and characterizing as lambda'_k,t_k,r_k∈Z_p(1. ltoreq. k. ltoreq.N), and the transform ciphertext may be characterized as

And S400, the third equipment acquires an access structure corresponding to the initial data, hides the attribute of the access structure to acquire a hidden structure, embeds the hidden structure into the initial data to acquire intermediate data, and sends the intermediate data to the cloud storage server.

In this embodiment of the application, the third device may obtain an access structure corresponding to the initial data, hide an attribute of the access structure, and obtain a hidden structure, for example, the hidden structure may be obtained from Z_pSelecting a third random number in the field, characterized as d ∈ Z_pThereafter, the formula is calculated by preprocessing

Hiding all attributes in the access structure to obtain a hidden structure, embedding the hidden structure into initial data to obtain intermediate data, and sending the intermediate data to a cloud storage server. In this way, the access result after attribute hiding is hidden in the initial data, and therefore, the security is high.

In the embodiment of the present application, the access structure may be represented in a matrix form, for example, characterized as

Where k denotes the second device, l_k×n_kRepresentation matrix M_kIs a_kLine n_kColumn, ρ_kIs to map the row to an attribute in the access structure. Thereafter, based on the slave Z_pA plurality of third random numbers selected in the domain form a random vector characterized by

Wherein s is_k,_2,k,…,_n,k∈Z_pIs s of_kFor a secret value common to each attribute authority center, order

Wherein the content of the first and second substances,i∈[1,l_k]，

representation matrix M_kRow i of (2), finally, again from Z_pSelecting a plurality of fourth random numbers in the domain, and recording the fourth random numbers as

And finally obtain intermediate data:

and S500, the cloud storage server takes the transformed ciphertext and the intermediate data together as target data.

Based on step S300 and step S400, in the embodiment of the present application, the obtained target data may be characterized as

In addition, in the embodiment of the present application, step S240 may be implemented by a key transformation generation (transckeygen) algorithm, and therefore, step S240 may further include step S241, step S242, and step S243.

In step S241, the first device selects a key transformation random number.

In the embodiment of the application, the first device may be selected from Z_pRandomly selecting keys in the domain to transform random numbers, denoted as z_k∈Z_p。

In step S242, the first device performs exponential operation on the user private key based on the key transformation random number to obtain a transformation key, and sends the target data and the transformation key to the cloud proxy server, so that the cloud proxy server performs half decryption on the target data to obtain half decrypted data.

It should be noted that, in the embodiment of the present application, the cloud storage server, based on the data access request,after sending the target data to the first device, the first device may pass the portion of the private key and the intermediate data, e.g., pass L_k,iAnd C₀Converting the plaintext attributes of the target user, in particular by calculating σ_x＝e(C₀,L_x) (x represents each plaintext attribute of the target user) such that the plaintext attribute of the target user corresponds to σ_x. Then, based on the random number of key transformation, the exponential operation is carried out on the private key of the user to obtain a transformation key which is characterized in that

Finally, the target data and the transformed key are sent to the cloud proxy server to enable the cloud proxy server to semi-decrypt the target data, e.g., by partially embedding the transformed key into the access structure

In the process, first, a calculation is made

And

then, the constant c is selected_k,i∈Z_p(i∈[1,l_k]) So that

Recalculation

Finally, the semi-decrypted data is obtained and recorded

In step S243, the first device receives the semi-decrypted data sent by the cloud proxy server, and obtains plaintext data by performing full decryption on the semi-decrypted data by using the key transformation random number as a retrieval key.

In this embodiment, the first device may change the key into the keyChanging random numbers as search keys, denoted as RK_U,k＝z_kThus, the semi-decrypted data can be completely decrypted to obtain plaintext data

Through the setting, the first equipment can obtain the private key of the user through interaction with each second equipment in the N second equipment, so that the N second equipment is prevented from obtaining the private key of the user in a conspiracy manner, the target data is finally stolen, and the safety of the target data is ensured.

In addition, in the embodiment of the present application, the data processing method may further include step S600, step S700, and step S800.

Step S600, when the reference attribute set stored by each of the N second devices changes, updating the generated first key pair to obtain a second key pair.

In the embodiment of the present application, when the kth second device AA is selected from the N second devices_kStored set of reference attributes Φ_k,URevoked, second device AA_kThe second device AA will be updated by the key update (UKeyGen) algorithm_kThe generated first key pair is updated to obtain a second key pair, which is marked as UK_kWhen the kth second device AA is in the N second devices_kA in the stored reference attribute set_k,τ(1. ltoreq. tau. ltoreq.m) is revoked, the second device AA_kA master private key t in the first key pair to be generated_k,τIs replaced by a member selected from Z_pA fifth random number randomly selected from the domains is recorded as t'_k,τ∈Z_pThus, the obtained second key pair is UK_k,τ＝t_k,τ-t'_k,τ。

Step S700, when the first device receives a second key pair sent by any one of the N second devices, updating the user private key according to the second key pair.

For example, when the ith attribute of the target user

When the temperature of the water is higher than the set temperature,

otherwise R'_k,τ＝R_k,τAfter updating the user private key based on the second key, the user private key may be characterized as

Step S800, when the third device receives the second key pair sent by any one of the N second devices, the third device updates the intermediate data according to the second key pair.

For example, ρ_k(τ)＝σ_k,τOf C'_6,k,τ＝C_6,k,τ-UK_k,τr_k,τOtherwise C'_6,k,τ＝C_6,k,τAfter updating the intermediate data according to the second key pair, the intermediate data may be characterized as

Hereinafter, the flow of the data processing method provided in the embodiment of the present application will be described further by way of example.

The global parameter may be characterized as GP ═ G, h, e, G_TH), wherein G and G_TTwo cyclic groups of prime order p, G and h are generators of cyclic group G, cyclic group G and cyclic group G_TThere is a bilinear mapping e G × G → G_TAnd H is a strong collision-resistant hash function and is characterized as H: {0,1}^*→ G. Let g be [4904333933695595040932055595577120523797887008023339526852539280668748553130728647674523542287093910996490633623872994511192781740441526167246472432015987,4071463690060053417114890117176788797772194343511568800135847146368097486576982942091313671358955188859199439092456585543195280945461809232144358285823661 ]]，h＝[5585447644879331581148630295819633756865828789914554041983728980551028875362344585896268495880970137678697477390886700677967859729329597136664261011082435,3432837635498000476498764741400019285920100454253041666072956956317373381023385253675847559172924555367607777580742525559923137798642792003305377654740522]. Also, assume that the data processing system includes two second devices, characterized by

Second device AA₁Storing a set of reference attributes

Second device AA₂Storing a set of reference attributes

The target user logged in through the first device is Alice, and the identity GID corresponding to the Alice of the target user_U398773081295341283659509837193130336236408057021, the current set of attributes for the target user Alice is

When step S100 is executed, the second device AA₁When running the AA-Setup algorithm, from Z_pSelecting a plurality of first random numbers in the domain, characterized as α₁,β₁,y₁∈Z_pSecond device AA₂When running the AA-Setup algorithm, from Z_pSelecting a plurality of first random numbers in the domain, characterized as α₂,β₂,y₂∈Z_pSuppose, { α₁＝496633995243636591975761853484151494395702908808，β₁＝89435311430904599699329754596835166282454472694，y₁＝307384223458127509367780655590270540079059149524}，{α₂＝503974077811825504876844777071084139455636584064，β₂＝469069725533530559223725386160757259230139654912，y₂＝687519478059223232560531069540310468795442665125}。

Thereafter, each of the two second devices AA_kAlso needs to be taken from Z_pIn a domain, a set of reference attributes stored for itEach attribute a in the contract_k,i(1≤i≤n_k) Selecting a second random number, and recording the second random number as t_k,i∈Z_pAssume, a second device AA₁Corresponding second random number t_1,i＝{'1':483158025582217754773275511628634701599873668822，'2':358874399606751716992905889073329858697907705383，'3'：112560640003239994765149531168987922125941040555，'4'：392626041195174988271879002795116140403237274126，'5'：382883241386532775084497611673176721085998413611}(1≤i≤5)，t_2,i＝{'6'：382729706041069354792744768870115750746695796295,'7'：448221980453587781987785908005531387559936161112，'8'：97552001307795491526858600199009553117201421849，'9'：692162049927110369567289480323487500560985414168，'10'：700567890722269809813431897741774592587193312374}}(1≤i≤5)。

Finally, each of the two second devices AA_kPublishing a public key of a generated first key pair

And stores the master private key of the generated first key pair

When step S220 included in step S200 is executed, the intersection of the current attribute set of the target user and the reference attribute set stored by the kth second device of the two second devices may be characterized as

Because, the current attribute set of the target user Alice is

Second device AA₁Storing a set of reference attributes

Second device AA₂Storing a set of reference attributes

Therefore, the current attribute set of the target user Alice and the second device AA₁The intersection of the reference attribute sets is { "1", "2" }, and the current attribute set of the target user Alice and the second device AA are stored₂The intersection of the reference attribute sets is stored as { "6", "10" }. When step S230 included in step S200 is executed, the user private key of the target user Alice is obtained as follows:

first device and second device AA₁Interaction Generation { D_1,1＝[5357703574661424871537579789418845424100171626154132277540525001311964452760892758823616927771188611566031989482171538164266738592393277434413756143753915，1970542077362908632619803175772033911626081036807573487309453102893811158412991043400299982383065396514265021493833791128883855855671797063370884333451187]，D_2,1＝[6309222968452979116375063932513619232711811968355583215832178575051119541456080090833943589413953658286018811284361527144919254781625375863890736252736418，2728606365554771769621378844648110932384806616540196607342110335098463843362358213774546588426501761977562355068801539645510528829680849635121059937333559]，D_3,1＝[7804310733663454783111283090278494891563819563539266183767583306278478146258090090411696631188813356166013693130522179359427474073768157075389833589031754，1860314663865257973599907898107794933957945122992160289646751285267481918453629996798480394711092287372913363096886632761583683966214444481301654942385259]，R_1,i＝{'2'：[6852214207142223623777095207369985875631561292203617029699199964912474364454938118874403420857386536775830066517723540878356587145000774703101365360495364，1413517462027899086800309761616365621301596161547837289546163971384367286845114264329484828984481299774457397210790880257949542208103374342833594955462226]，'1'：[7471146266235339095930589124624813303135504893390748807713648026831981059471317787756072644351442750418505455074737867291986288131276291571739696973576109，2197211596688574366953705655649093805959807287652025482886163596533670399500125817556563071067185158451240178964938830357390756043323757369647337525402659]}，L_1,i＝{'2'：[5741531680464018381673668705185254578223897554948628795528040311696706485403130341687286023916993833066034951266330553341492134664887085079566116611345168，8562847622301484769148371596710102485207444575235085066276877302656103417662616493726983051987308460738753283218753289548823251501210942573428457496156368]，'1'：[7347481454346994112994779383619592433448999213427508875958239974391620617468136038712049672086908239300951093874177676088501050354428001354392900677829930，1332911621242071776624205150975645117183920697637611407097129347990183047315723958658878850917353022219156003449429338861857469780920804795431325161429009]}}。

First device and second device AA₂Interaction Generation { D_1,2＝[1282993900357287306648331063586004110304140722088620475489917312967090919913888205263844831963297940763096137579959639165573203603912146262763283540284815，4907224314203411933789610623315063734903385212949419936201962837702090130839768042553367381590640302488243788123237453222725005856336736199283747633911369]，D_2,2＝[2604959306089416724934395243678907374745394780129674165678442069856414638407872507277801204744320966294008596991757085585709437735335837424792419277919168，10923833495920189295065451565113860118202243997173061 07841886030580114836337680106340599290458581268949706570643109333171090193287571037034210476708768942]，D_3,2＝[7245894027456177321145207602959666746420347354333073363886875746157359567031186318486302692860739536406390436813412633714727297788276393998009415796022656，8693102536647539094520175442182943002403735697163958188682927928673772280783933566834340458062801670837166571902258947498195998254688122631235511054313235]，R_2,i＝{'6'：[6106317232509330984413546253666186818250649242629379751993788766413601992191895167926732877133761212741722477242489363514189785181506245906050537744541252，5214794152878057362554661982822536166098922885217691189556496365084558561496792163969183960488673982592763694271051014524791673261612555040135122274695754]，'10'：[3081580396768375049301837784618773656752593090319162330248184684956334800434993240380228959750656929055562550321115594024907740735697630972920330713132135，2698905060221719011983050234148582830315785715549984614338829107440039688071729726565235227921498973142761895325607100248897728773626303311808755867485804]}，L_2,i＝{'6'：[1917131400922628325104147035076679390218318852515351273448836177971198001405831111266648902520148955796310669405865285199592396769607917425553740645211115,2643619530919155326839883791971887143081001633399278745948082331057507985398375894603582828332867749675732507499682319353376088209628167252941635281579623]，'10'：[604593278959113432574269376752958918460874757344130466907004300454844405552654887106715528870970067016215818634413528315321062394058551531652903576150870,902708650012311633589729582542594007874908792959091299580852167215098368310087460477435357049678213611627784226648220300473460983487138853367513197157287]}}。

When step S300 is executed, the cloud proxy server is the second device AA₁From Z_pSelecting three outsourced encrypted random numbers in the domain, wherein the three outsourced encrypted random numbers are characterized by being lambda'₁,t₁,r₁∈Z_pMeanwhile, the cloud proxy server is a second device AA₂From Z_pSelecting three outsourced encrypted random numbers in the domain, wherein the three outsourced encrypted random numbers are characterized by being lambda'₂,t₂,r₂∈Z_p. Let us assume, { λ'₁＝624706473854085335906899641212745095910733108742，t₁＝90408474268124431912772540005747406764516255844，r₁＝122257382614398596543671356156111918133160095431}，{λ'₂＝152363548479048470816902169792803266797568502687，t₂＝287518089444786747031892988745284889560583191524，r₂389560621721802283601466482834836168034880025249} after which a transformed ciphertext is obtained

Wherein, { C_1,1＝[7133250722456558903898996812967567104248248246131053176869087714256164410713516914832870455570806230665236388738748248381531945843137912696326407800999615，1081142670460633706325997569315629332971058262826333183884485890075958856241758505553902222028039810883805146404030338420857973287965679867462291769888159]，C_2,1＝[6784330247733489155046145051206133497352679676459349008125304403718304443885156352192067424659205857457959009391521048824149420074137822792608747361071784，5519093405065233966303273433386862823142930957364089389653255291142700355431778322074268829065585642657868057838909579017668744437775962076438690619216343]}，{C_1,2＝[2272719590566175369738347557206205989298015915017971889770959527114921660318505378215284143860308753709357617691899228110863030275309684493518935608385506，7429353560787358482873138060305225058695610031844626479216233299726612697882362624793817845717054129701245279261406836722640124376210709003139503412768090]，C_2,2＝[1491231748165403722206506918081987699235864989509724676249576584302087891309466210591266384952783539530195787344422501741139727818054284658816374437615026，2152267533470637315887723359641892449611000095935354182634981605344300618853413046727992261135746954489242302131973576689368932692923476752028783453235112]}。

In performing step S400, it is assumed that the initial data MSG ═ 70476708541439123816741917757750315832069909820105865920177122 99585934066819184122440359656730050979422051585514364841836744345513123186349204320481, 7109945970914176396117301334652411153490376924209203292032095640931678306783067830918403518439288577695845957459579585741574169315518120210159595921059210596192197344883]From Z to Z_pChoosing the third random number d ∈ Z in the field_pBy pre-processing the calculation formula

Hiding all attributes in the access structure, assuming again that the second device AA₁Has an access structure of '(1and 2) or 3or (5and 4)', a second device AA₂Has an access structure of '(6and 10) or 8or (9and 7)', the access structure being represented in matrix form

Wherein, i ∈ [1, l_k]，

And finally obtain intermediate data:

specific example of intermediate data is { { C₁＝[123200107631071471007849100443837255273055343385080730207867515241325382628047213604755354569035490820683537877450472790750770588913166234195738778232051，2391229775892403187187174643859091655348408904396764447251665992053650011705204765618523991568281022041716503380118549418110965638294309397704729382116552]，C_3,1＝[8310388367372036726316936688414067825074353918262807180527885959060061817931894218457421102991551894252111986705999551759685513236053284365919312360891486，1738719574613764670378892918557508333583693543594868475984872297756540825245267611320474514823417263269690206495543174169762448702653070893639565727563953]，C_4,1＝[2919161359793838437251938857670707437205396007257684798694563996412023223239292846611385882346517518860112048351011347061380443368025814580525063253308160，1817118553949339960556936715914869475541377566099230730043205503321874863488388823998303509204363440400842384261668556689747397564615866830042650430727566]，C_5,1,i＝{'1'：304196574084517830536432559676822078478205476860，'2'：3816427278106354853907347906731093964861326787，'3'：604576720890929306218957771446913062991549626933，'5'：50957247161933750699900276732506617926122645878，'4'：228088592098389816541962027589605074266672224440}，C_6,1,i＝{'1'：209979527759105024801830821680136539415696666572，'2'：54054472491843175263164785021428227273179623664，'3'：403558285586750655921116258695157728055267159928，'5'：676987035653775299866827638167664583455224284075，'4'：36329740592466774303625316980427020013506371983}，C₂＝[3303596699413675630121093676991496043625165985636678105357490039950134575373390497704327676671995028556623843830748528200120633436767540279630333254768065，2154714557630543151378243428341684242273272289078609765963201004874146441563282492744682207852471317639157256917758132046953892049180105958949984339348107]，C_3,2＝[350442026473225367871981699448529183559612112592723544648656993997196851963311074103096729039815211863703337297164731271257547080304278124459862479572187，8602197846161662541648404482580197395961242028591773586510787566537324544535427249651174184714530368707215107864782749892608536279419183903128672897678079]，C_4,2＝[4487871759706537017726866108687891313737812169791116903779036462649422259891877865619344006595432119708857814764826245077581072199877591430841824158118783，8386161682412742172263406796925020574184727968064898642297745099460981835370395315882457256459346169730367693789576960922990432537859603098827889032750286]，C_5,2,i＝{'6'：518440576759849674078088828630284434666661272301，'10'：713270890813881495798920680230732340313409187614，'8'：323610262705817852357256977029836529019913356988，'9'：675306366993106976394868203193918096820692823481，'7'：296251652614944479071360183786494763215495730357}，C_6,2,i＝{'6'：253997616507759057076368344778396107344388835090，'10'：514096517340208265686678229019949867459876030485，'8'：10131264607188771946674585799003639820960711880，'9'：290944565168127917322811183850546197359373150200，'7'：611732928304144047663418566960930540096609772633}}。

Based on step S300 and step S400, in the embodiment of the present application, when step S500 is executed, the obtained target data may be characterized as

The step S240 is performed by a key transformation generation (transckeygen) algorithm, and specifically, the first device may perform the step S241 included in the step S240 from Z_pRandom number z of domain random selection key transformation₁557503672279140125219516267191570937565013828555, when performing step S242 included in step S240, the first device may pass a portion of the private key and the intermediate data, e.g., L_k,iAnd C₀Converting the plaintext attributes of the target user, in particular by calculating σ_x＝e(C₀,L_x) (x represents each plaintext attribute of the target user), and thus, the plaintext attribute of the target user corresponds to σ_x. The first device transforms the random number z based on the key₁Performing exponential operation on the private key of the user to obtain a transformation key

Thereafter, the first device may move from Z_pRandom number z of domain random selection key transformation₂478303825511334607126938577847678205254123443019, also, when performing step S242 included in step S240, the first device may pass a part of the private key and the intermediate data, for example, L_k,iAnd C₀Target usersBy computing sigma_x＝e(C₀,L_x) (x represents each plaintext attribute of the target user), and thus, the plaintext attribute of the target user corresponds to σ_x. The first device transforms the random number z based on the key₂Performing exponential operation on the private key of the user to obtain a transformation key

Thereafter, a transformation key is obtained

After the transformation key is obtained, the first device sends the target data and the transformation key to the cloud proxy server, so that the cloud proxy server performs half decryption on the target data to obtain half decrypted data. In this process, first, X is calculated_1,1＝[5814680092534067205042088774016242999329480189471276249045265320730803740558457018952596345952619739086431796083208437547716964730624270806313714612364523，8611691246583338647483736323017825720582183210163579816994737759136338267325920825167046619519438702532913246363406202826164212068136444031163643294555956]，X_2,1＝[742476102417485335799779815016951294444316946971429606938048758003893578959038451127028559230172341578979022635585881119220074899212395172628683653540446，4829451030284885790632985767195044508142159457552900095899613458789970361514913426346044182605839313318796764043621096220463684124230992037017891986647391]，X_1,2＝[1430642040055855956546503695597718670914889986342725557104690142122435466598279541005152853696063192158118238111722037047416091957938061477399388754245834，1797338683875977694900816259932895824767295797292782891349936885451436795577361181839253764769133863999369968972240108142389558375380141183685605206592333]，X_2,2＝[1385287834160320321787122899263156356742966005935662982256746462877853328809248505815144286267734229494934416578589592446061969904532639566775909725255154，2793763510945037443964505885336200634582900639968969048139787127226651158675835089865885556934079690801598298916102404590816718680505211561351215258072993]. Then, the constant c is selected_k,i∈Z_p(i∈[1,l_k]) So that

Recalculate X_3,1＝[7338516109752784456907437852406786107645361333732108475822931212360630140893107032855523104516177723879151151716820758012978201982509001936775226949539645，2507854654491648752954391138124574416605311066657605656784809377629573466616099014358072263141449684772389175632936722138202386301342155312522833751112728]，X_3,2＝[1819059636131904743761739699663115568821829446236589191087418856442060375659623563373591260221819120878415389208289796293178931397767237195014612227273821，6910566034246743178309366938152167871554089513722339261217690272117219706177994964718169035166614526662770343563835862474503178884697878262709822624655143]. Finally, semi-decrypted data TM { [ 49932309564153539602877617617613109339180317120878707991735350596605177524478783306698495656789208943836092883454548530422871333524589524258242846385237301821, 37293310310740864342432502165322048089065055648922036489220389297524970527233570998474747474747474713035886943715825775204204204204775204775257757757752047755316167980998989]，[6778581619471595301008209096178284686919378585951137271244923971452467646153924251854396850004950712788824262105998943360668723223913419606251319971850563，6470914716024857371213713245421009220447315432755257630170771384269136933182085316929523598227424625328372250302530752871514604193209285954880366377666645]}。

When step S243 included in step S240 is executed, the key is converted into the random number z₁And a key-transformed random number z₂As a retrieval key, plaintext data can be obtained

For step S600, assume that a second device AA₁Stored set of reference attributes Φ₁The second device AA is revoked { "1", "2" } the second device AA is revoked₁The second device AA is updated by a key update (UKeyGen) algorithm₁Generated first key pair master private key t_1,τIs replaced by a member selected from Z_pT 'randomly selected from the Domain'_1,τ{ '1': 225962363151629470256261587879919736869568481483, '2': 274536231267249669131528262292919604976534573585} and in this way, the second key pair UK is obtained₁＝{'1'：257195662430588284517013923748714964730305187339，'2'：84338168339502047861377626780410253721373131798}。

For step S700, assume that the attribute of the non-revoked user Bob that still retains the revoked attribute is

The account number of the non-revocation user Bob logs in the first equipment, and the first equipment receives the second equipment AA₁After the second key pair is sent, the first key pair of the non-revoked user Bob is updated, and partial private keys corresponding to the attributes '1' and '2' are updated to be R₁'_,τ＝{'1'：[7652932676973753455154882115486157607451126154577771258533674553207066025469902755907873699524816376978804912661523170819850256616617358833419918689644238,6507946393859513326833133438388613143344503028268743134791714786501492504225855309581925855487389548318348061132073571050075745533635209392239752757411601]，'2'：[5882446370641059051380077658407241118942739524541318714134691030957074786671556509873522366788713667549798534994399310045907775613258523740227150887441551,2576564691815444906053868308566027905496461895593058527955373547072264945649590324578433521514698981683601476394417894634992854037435575603114207480903383]Finally, the private key of the user after the update of the non-revoke user Bob is

For step S800, ρ_k(τ)＝σ_k,τOf C'_6,1,τ400355646416233805753768792630940211858092305740, '2': 239662032310587353135341574938652317480527818120, the intermediate data may be characterized as having been updated according to the second key pair

The third embodiment:

referring to fig. 4, fig. 4 is a schematic flowchart illustrating a data processing method according to an embodiment of the present application, where the data processing method is applied to a first device included in the data processing system shown in fig. 1 or fig. 2. It should be noted that the data processing method provided in the embodiment of the present application is not limited by the sequence shown in fig. 4 and the following, and the specific flow and steps of the data processing method are described below with reference to fig. 4.

Step S001, global parameters for the data processing system are acquired.

For the description of step S001, reference may be made to the detailed description about step S210 in the data processing method provided in the second embodiment, which is not repeated herein.

Step S002, obtain the current attribute set of the target user, and determine the intersection of the current attribute set and the reference attribute set stored in each of the N second devices, as the target attribute set, so as to obtain N target attribute sets.

For the description of step S002, reference may be made to the detailed description of step S220 in the data processing method provided in the second embodiment, which is not repeated herein.

And step S003, obtaining a user private key based on the global parameters, the N target attribute sets and the first key pair sent by each of the N pieces of second equipment.

For the description of step S003, reference may be made to the detailed description of step S230 in the data processing method provided in the second embodiment, which is not repeated herein.

And step S004, decrypting the target data through the user private key to obtain plaintext data.

For the description of step S004, reference may be made to the detailed description of step S240 in the data processing method provided in the second embodiment, which is not repeated herein.

In the embodiment of the present application, step S003 may include step S0031 and step S0032.

Step S0031, aiming at each second device in the N second devices, an anonymous key issuing protocol is interactively executed with the second device, and an anonymous private key is calculated according to the global parameter and a target attribute set corresponding to the second device to obtain N groups of anonymous private keys.

In this embodiment of the application, for each of the N second devices, the first device may select a plurality of first secret values, and zero knowledge proves the plurality of first secret values based on a first commitment scheme, where a commitment value generated in the first commitment scheme is a first commitment value, the first commitment value is obtained based on the global parameter, and at the same time, the second device is received to send a second commitment value, and the second commitment value selects a plurality of second secret values for the second device, and based on the second commitment scheme, when zero knowledge proves the plurality of second secret values, the commitment value generated in the second commitment scheme is obtained based on the global parameter and the first commitment value, and then, based on a target attribute set, the first secret value, and the second commitment value corresponding to the second device, the anonymous private key is calculated to obtain the N group of anonymous private keys.

For the description of step S0031, reference may be made to the detailed description of step S231 in the data processing method provided in the second embodiment, which is not repeated herein.

And step S0032, obtaining a user private key based on the global parameters, the first key pair sent by each second device in the N second devices and the N groups of anonymous private keys.

In this embodiment of the application, for each of N pieces of second equipment, a first device may receive a plurality of second secret values sent by the second equipment, and calculate M key intermediate values by using a secret protocol in combination with a part of first secret values in the plurality of first secret values corresponding to the second equipment, so as to obtain N ＊ M key intermediate values, and thereafter, obtain a user private key based on a global parameter, a first key pair sent by each of the N pieces of second equipment, N groups of anonymous private keys, and N ＊ M key intermediate values.

For the description of step S0032, reference may be made to the detailed description of step S232 in the data processing method provided in the second embodiment, which is not repeated herein.

In the embodiment of the present application, step S004 may include step S0041, step S0042, and step S0043.

And step S0041, selecting a key transformation random number.

For the description of step S0041, reference may be made to the detailed description of step S241 in the data processing method provided in the second embodiment, which is not repeated herein.

And step S0042, performing exponential operation on the user private key based on the key transformation random number to obtain a transformation key, and sending the target data and the transformation key to the cloud proxy server so that the cloud proxy server performs half decryption on the target data to obtain half decrypted data.

For the description of step S0042, reference may be made to the detailed description of step S242 in the data processing method provided in the second embodiment, which is not repeated herein.

And S0043, receiving the semi-decrypted data sent by the cloud proxy server, and fully decrypting the semi-decrypted data by using the key transformation random number as a retrieval key to obtain plaintext data.

For the description of step S0043, reference may be made to the detailed description of step S243 in the data processing method provided in the second embodiment, which is not repeated herein.

The data processing method provided in the embodiment of the present application may further include step S005.

Step S005, when receiving a second key pair sent by any one of the N second devices, updating the user private key according to the second key pair, and when the second key pair changes for a reference attribute set stored in the second device, updating the first key pair generated by the second device to obtain the key pair.

For the description of step S005, reference may be made to the detailed description about step S700 in the data processing method provided in the second embodiment, which is not repeated herein.

The fourth embodiment:

based on the same inventive concept as the data processing method provided in the third embodiment, an embodiment of the present application further provides a data processing apparatus 600, please refer to fig. 5, where the data processing apparatus 600 includes a global parameter obtaining module 610, a target attribute set obtaining module 620, a user private key obtaining module 630, and a decryption processing module 640.

A global parameter obtaining module 610, configured to obtain global parameters for the data processing system.

The description of the global parameter obtaining module 610 may refer to the detailed description of step S001 in the embodiment related to the global parameter obtaining module 610, that is, step S001 may be executed by the global parameter obtaining module 610.

The target attribute set obtaining module 620 is configured to obtain a current attribute set of a target user, and determine an intersection between the current attribute set and a reference attribute set stored by each of the N pieces of second equipment, where the intersection is used as a target attribute set, so as to obtain N target attribute sets.

The description of the target attribute set obtaining module 620 may refer to the detailed description of step S002 in the embodiment related to the global parameter obtaining module 610, that is, step S002 may be executed by the target attribute set obtaining module 620.

The user private key obtaining module 630 is configured to obtain a user private key based on the global parameter, the N target attribute sets, and the first key pair sent by each of the N pieces of second equipment.

The description of the user private key obtaining module 630 may refer to the detailed description of step S003 in the embodiment related to the global parameter obtaining module 610, that is, step S003 may be executed by the user private key obtaining module 630.

And the decryption processing module 640 is configured to decrypt the target data through a user private key to obtain plaintext data.

The description of the decryption processing module 640 may refer to the detailed description of step S004 in the embodiment related to the global parameter obtaining module 610, that is, step S004 may be executed by the decryption processing module 640.

In this embodiment, the user private key obtaining module 630 may include an anonymous private key obtaining unit and a user private key obtaining unit.

And the anonymous private key acquisition unit is used for interactively executing an anonymous private key issuing protocol with the second equipment aiming at each second equipment in the N pieces of second equipment so as to calculate an anonymous private key based on the global parameter and the target attribute set corresponding to the second equipment to obtain N groups of anonymous private keys.

The description of the anonymous private key obtaining unit may refer to the detailed description of step S0031 in the embodiment related to the global parameter obtaining module 610, that is, step S0031 may be performed by the anonymous private key obtaining unit.

And the user private key obtaining unit is used for obtaining the user private key based on the global parameter, the first key pair sent by each of the N pieces of second equipment and the N groups of anonymous private keys.

The description of the user private key obtaining unit may refer to the detailed description of step S0032 in the embodiment related to the global parameter obtaining module 610, that is, step S0032 may be executed by the user private key obtaining unit.

In this embodiment, the decryption processing module 640 may include a random number selection unit, a half decryption unit, and a full decryption unit.

And the random number selecting unit is used for selecting the key transformation random number.

The description of the random number selection unit may refer to the detailed description of step S0041 in the embodiment related to the global parameter obtaining module 610, that is, step S0041 may be performed by the random number selection unit.

And the semi-decryption unit is used for carrying out exponential operation on the user private key based on the key transformation random number to obtain a transformation key and sending the target data and the transformation key to the cloud proxy server so that the cloud proxy server carries out semi-decryption on the target data to obtain semi-decrypted data.

The description of the half decryption unit may refer to the detailed description of step S0042 in the related embodiment of the global parameter obtaining module 610, that is, step S0042 may be executed by the half decryption unit.

And the full decryption unit is used for receiving the semi-decrypted data sent by the cloud proxy server, and obtaining plaintext data by fully decrypting the semi-decrypted data by using the key transformation random number as a retrieval key.

The description of the full decryption unit may refer to the detailed description of step S0043 in the embodiment related to the global parameter obtaining module 610, that is, step S0043 may be performed by the full decryption unit.

The data processing apparatus 600 provided in the embodiment of the present application may further include a key updating module.

And the key updating module is used for updating the user private key according to the second key pair when receiving the second key pair sent by any one of the N pieces of second equipment, and updating the first key pair generated by the second equipment to obtain the key pair when the second key pair is a reference attribute set stored in the second equipment and changes.

The description of the key update module may refer to the detailed description of step S005 in the embodiment related to the global parameter obtaining module 610, that is, step S005 may be executed by the key update module.

Fifth embodiment:

the embodiment of the present application further provides a first device, where the first device may be a terminal device that applies the data processing method provided in the third embodiment or is used in the data processing apparatus provided in the fourth embodiment, and the terminal device may be a smart phone, a tablet computer, a PAD, a MID, or the like.

Structurally, a first apparatus provided by embodiments of the present application may include a processor and a memory.

The processor and the memory are electrically connected, directly or indirectly, to enable data transmission or interaction, for example, the components may be electrically connected to each other via one or more communication buses or signal lines. The fourth embodiment described above provides a data processing apparatus including at least one software module which can be stored in a memory in the form of software or firmware (firmware) or solidified in an Operating System (OS) of the first device. The processor is configured to execute executable modules stored in the memory, for example, software functional modules and computer programs included in the data processing apparatus provided in the fourth embodiment, so as to implement the data processing method. The processor may execute the computer program upon receiving the execution instruction.

The processor may be an Integrated Circuit chip having Signal processing capability, or may be a general-purpose processor, for example, a Digital Signal Processor (DSP), an Application Specific Integrated Circuit (ASIC), a discrete gate or transistor logic device, or a discrete hardware component, and may implement or execute the methods, steps, and logic blocks disclosed in the embodiments of the present Application. A general purpose processor may be a microprocessor or any conventional processor or the like.

The Memory may be, but is not limited to, Random Access Memory (RAM), Read Only Memory (ROM), Programmable Read-Only Memory (PROM), Erasable Programmable Read-Only Memory (EPROM), and electrically Erasable Programmable Read-Only Memory (EEPROM). The memory is used for storing a program, and the processor executes the program after receiving the execution instruction.

It should be understood that the first device provided by the embodiments of the present application may have more components or a different configuration in addition to the processor and the memory.

Sixth embodiment:

the application embodiment further provides a storage medium, which is a computer-readable storage medium, on which a computer program is stored, and when the computer program is executed, the data processing method provided by the third embodiment can be implemented.

To sum up, the data processing method, the data processing apparatus, the data processing system, the electronic device, and the storage medium provided in the embodiments of the present application obtain global parameters for a data processing system, obtain a current attribute set of a target user, determine an intersection between the current attribute set and a reference attribute set stored by each of N second devices, and use the intersection as a target attribute set to obtain N target attribute sets, obtain a user private key based on the global parameters, the N target attribute sets, and a first key pair sent by each of the N second devices, and then decrypt the target data with the user private key to obtain plaintext data. Obviously, in the embodiment of the present application, the first device can obtain the private key of the user through interaction with each of the N second devices, so that the N second devices are prevented from obtaining the private key of the user in a collusion manner, and the target data is finally stolen, thereby ensuring the security of the target data.

In the embodiments provided in the present application, it should be understood that the disclosed apparatus and method can be implemented in other ways. The apparatus embodiments described above are merely illustrative, and for example, the flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.

In addition, the functional modules in each embodiment of the present application may be integrated together to form an independent part, or each module may exist separately, or two or more modules may be integrated to form an independent part.

The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer readable storage medium. Based on such understanding, the technical solution of the present application or portions thereof that substantially contribute to the prior art may be embodied in the form of a software product stored in a storage medium and including instructions for causing a computer device (which may be a personal computer, a server, or a network device) to execute all or part of the steps of the method described in each embodiment of the present application. And the aforementioned storage medium includes: various media capable of storing program codes, such as a U disk, a removable hard disk, a RAM, a ROM, a magnetic disk, or an optical disk.

It is noted that, herein, relational terms such as "first," "second," "third," and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Also, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus.

Claims

1. A data processing method applied to a first device, the data processing method comprising:

acquiring global parameters for a data processing system;

and decrypting the target data through the user private key to obtain plaintext data.

2. The data processing method of claim 1, wherein obtaining a user private key based on the global parameter, the N target attribute sets, and a first key pair sent by each of the N second devices comprises:

for each second device in the N second devices, an anonymous key issuing protocol is interactively executed with the second device, and an anonymous private key is calculated based on the global parameter and a target attribute set corresponding to the second device to obtain N groups of anonymous private keys;

3. The data processing method according to claim 2, wherein the performing, for each of the N second devices, an anonymous key distribution protocol with the second device, and calculating an anonymous private key based on the global parameter and a target attribute set corresponding to the second device to obtain N sets of anonymous private keys comprises:

selecting a plurality of first secret values for each of the N second devices, and proving the plurality of first secret values with zero knowledge based on a first commitment scheme, where a commitment value generated in the first commitment scheme is a first commitment value, and the first commitment value is obtained based on the global parameter;

receiving a second commitment value sent by the second device, wherein the second commitment value selects a plurality of second secret values for the second device, and is based on a second commitment scheme, and the commitment value generated in the second commitment scheme is obtained based on the global parameter and the first commitment value when zero knowledge proves the plurality of second secret values;

and calculating an anonymous private key based on the target attribute set corresponding to the second device, the first secret value and the second commitment value to obtain N groups of anonymous private keys.

4. The data processing method of claim 3, wherein obtaining a user private key based on the global parameter, the first key pair sent by each of the N second devices, and the N sets of anonymous private keys comprises:

for each of the N pieces of second equipment, receiving the plurality of second secret values sent by the second equipment, and calculating M key intermediate values by combining with a part of first secret values in the plurality of first secret values corresponding to the second equipment through a secret protocol to obtain N ＊ M key intermediate values;

and obtaining a user private key based on the global parameter, the first key pair sent by each of the N second devices, the N groups of anonymous private keys, and the N ＊ M key intermediate values.

5. The data processing method according to claim 1, wherein the decrypting the target data by the user private key comprises:

selecting a key transformation random number;

performing exponential operation on the user private key based on the key transformation random number to obtain a transformation key, and sending the target data and the transformation key to a cloud proxy server so that the cloud proxy server performs half decryption on the target data to obtain half decrypted data;

and receiving semi-decrypted data sent by the cloud proxy server, and carrying out full decryption on the semi-decrypted data by taking the key transformation random number as a retrieval key to obtain plaintext data.

6. The data processing method of claim 1, further comprising:

and when a second key pair sent by any one of the N second devices is received, updating the user private key according to the second key pair, and updating the first key pair generated by the second device to obtain a key pair when the second key pair changes for a reference attribute set stored in the second device.

7. A data processing method applied to a data processing system including a first device and N second devices, the data processing method comprising:

each of the N pieces of second equipment obtains a global parameter for the data processing system, and generates a first key pair based on the global parameter and a reference attribute set stored by the second equipment;

the first device obtains global parameters for a data processing system, obtains a current attribute set of a target user, determines an intersection of the current attribute set and a reference attribute set stored by each of the N second devices to serve as a target attribute set, obtains N target attribute sets, obtains a user private key based on the global parameters, the N target attribute sets, and a first key pair sent by each of the N second devices, and decrypts the target data through the user private key to obtain plaintext data.

8. The data processing method according to claim 7, wherein the data processing system further includes a cloud proxy server, a cloud storage server, and a third device, and the data processing method further includes:

the third equipment acquires an access structure corresponding to initial data, hides the attribute of the access structure to acquire a hidden structure, embeds the hidden structure into the initial data to acquire intermediate data, and sends the intermediate data to the cloud storage server;

and the cloud storage server takes the transformation ciphertext and the intermediate data together as the target data.

9. The data processing method of claim 8, further comprising:

the first equipment generates a data access request and sends the data access request to a cloud storage server;

10. A data encryption apparatus, applied to a first device, the data processing apparatus comprising:

a user private key obtaining module, configured to obtain a user private key based on the global parameter, the N target attribute sets, and a first key pair sent by each of the N pieces of second equipment;

and the decryption processing module is used for decrypting the target data through the user private key to obtain plaintext data.

11. An electronic device, comprising a processor and a memory, wherein the memory stores a computer program thereon, and the processor is configured to execute the computer program to implement the data processing method according to any one of claims 1 to 6.

12. A storage medium having a computer program stored thereon, wherein the computer program, when executed, implements the data processing method of any one of claims 1 to 6.

13. A data processing system is characterized by comprising a first device and N second devices, wherein the first device is respectively connected with the N second devices;

the first device is configured to obtain a global parameter for a data processing system, obtain a current attribute set of a target user, determine an intersection of the current attribute set and a reference attribute set stored by each of the N second devices, use the intersection as a target attribute set, obtain N target attribute sets, obtain a user private key based on the global parameter, the N target attribute sets, and a first key pair sent by each of the N second devices, and decrypt target data with the user private key to obtain plaintext data.