CN111464292A - Method and system for searchable encryption of certificateless public key - Google Patents

Method and system for searchable encryption of certificateless public key Download PDF

Info

Publication number
CN111464292A
CN111464292A CN202010212306.9A CN202010212306A CN111464292A CN 111464292 A CN111464292 A CN 111464292A CN 202010212306 A CN202010212306 A CN 202010212306A CN 111464292 A CN111464292 A CN 111464292A
Authority
CN
China
Prior art keywords
public key
key
partial
cloud server
receiving end
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010212306.9A
Other languages
Chinese (zh)
Other versions
CN111464292B (en
Inventor
王勇
李磊
马强
管荑
李慧聪
田大伟
耿玉杰
刘勇
林琳
马米米
何德彪
罗敏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University WHU
State Grid Shandong Electric Power Co Ltd
Original Assignee
Wuhan University WHU
State Grid Shandong Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU, State Grid Shandong Electric Power Co Ltd filed Critical Wuhan University WHU
Priority to CN202010212306.9A priority Critical patent/CN111464292B/en
Publication of CN111464292A publication Critical patent/CN111464292A/en
Application granted granted Critical
Publication of CN111464292B publication Critical patent/CN111464292B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Algebra (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Optimization (AREA)
  • Mathematical Physics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Computer Hardware Design (AREA)
  • Power Engineering (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a method and a system for searching and encrypting a certificateless public key, which can be effectively and safely guaranteed in practical application without a random prophone model, and comprises a key generation center, a data sending end, a data receiving end and a cloud server, wherein the key generation center is responsible for generating partial private keys for the data sending end, the data receiving end and the cloud server; the data sending end is responsible for encrypting the data; the data receiving end is responsible for generating a trap door of the keyword to be retrieved; and the cloud server is responsible for storing and retrieving the ciphertext data. According to the invention, a public and private key pair is added to the data sending end and the cloud server, so that trapdoor transmission can be carried out through a public channel, meanwhile, the attack of keyword guessing can be resisted, the retrieval function of ciphertext data is realized, and the indistinguishability of the ciphertext data and the indistinguishability of the trapdoor are ensured.

Description

Method and system for searchable encryption of certificateless public key
Technical Field
The invention relates to the technical field of information security, in particular to a method and a system for searchable encryption of certificateless public keys.
Background
The public key searchable encryption is an encryption mechanism for realizing the retrieval function of ciphertext data, and can realize the retrieval function of ciphertext data according to keywords by a user. The data sender encrypts own data by using a public key of the data receiver, then uploads ciphertext data to the cloud server, the data receiver generates a trapdoor of a keyword to be retrieved by using a private key of the data receiver, submits the trapdoor to the cloud server, and finally the cloud server matches the trapdoor with the stored ciphertext data and returns the data which is successfully matched.
Public key searchable encryption technology was proposed by Boneh et al in 2004. Compared with the symmetric searchable encryption, the method does not need the data sender and the data receiver to establish a secure channel in advance to perform the secret key negotiation process, and is not limited to a single-user application scenario. Public key searchable encryption the public key of a user is some publicly known identity information, and a receiver can complete retrieval of ciphertext data without interaction with a sender. Public key searchable encryption has two basic security properties: the first is the indistinguishability of the ciphertext, that is, given two keywords, one keyword is randomly selected for encryption, and an attacker cannot determine which keyword the ciphertext is generated by; the second is the indistinguishability of trapdoors, that is, given two keywords, one is randomly selected and a corresponding trapdoor is generated, and an attacker cannot determine which keyword corresponds to the trapdoor.
In comparison, the combination of the C L C technology and the public key searchable encryption not only overcomes the problem of certificate management in the encryption system based on PKI, but also avoids the problem of key escrow in the encryption system based on IBC, thereby greatly reducing the maintenance cost of the system and meeting the ciphertext indistinguishability and trapdoor indistinguishability required by the scheme.
However, existing certificateless searchable encryption schemes are all provably secure under a random speaker model, but provably secure schemes under a random speaker model may not be secure in actual implementation. Therefore, the design of a secure and efficient certificateless searchable encryption scheme that can be certified without a random oracle is a research hotspot.
The above is only for the purpose of assisting understanding of the technical aspects of the present invention, and does not represent an admission that the above is prior art.
Disclosure of Invention
The invention mainly aims to provide a certificateless public key searchable encryption method and system, and aims to solve the technical problems that how to provide a certificateless searchable encryption scheme on the basis of no random predictive model is needed in the prior art, and the scheme can ensure high efficiency and safety in practical application.
The present invention provides a searchable encryption method for certificateless public keys, which comprises the following steps:
step 10: the cloud server acquires a part of public key T transmitted by the key generation center through a secure channelCAnd part of the private key dCSaid partial public key TCAnd the partial private key dCGenerating, by the key generation center, based on the identity information of the cloud server;
step 20: the cloud server randomly creates a secret value xCFrom said secret value xCGenerating partial public key XCAnd based on said partial public key XCThe partial public key TCThe partial private key dCThe secret value xCAnd a random point creating public key PKCAnd a private key SKC
Step 30: the sending end obtains a part of public key T sent by the key generation center through a secure channelSAnd part of the private key dSSaid partial public key TSAnd the partial private key dSGenerating, by the key generation center, based on the identity information of the sender;
step 40: the sending end randomly creates a secret value xSFrom said secret value xSGenerating partial public key XSAnd based on said partial public key XSThe partial public key TSThe partial private key dSAnd said secret value xSCreating a public key PKSAnd a private key SKS
Step 50: the receiving end obtains a part of public key T transmitted by the key generation center through a secure channelRAnd part of the private key dRSaid partial public key TRAnd the partial private key dRGenerating, by the key generation center, based on the identity information of the receiving end;
step 60: the receiving end randomly creates a secret value xRAnd based on said secret value xRGenerating partial public key XRAnd based on said partial public key XRThe partial public key TRThe partial private key dRThe secret value xRA plurality of random numbers and a partial public key generation public key PK generated based on the random numbersRAnd a private key SKR
Step 70: the sending end determines a keyword w; determining a public key PK of the cloud server through identity information of the cloud serverC(ii) a Determining the public key PK of the receiving terminal according to the identity information of the receiving terminalR(ii) a And according to the key word w and the system master public key PpubThe public key PKRPartial public key X ofRPartial public key TRThe public key PKCPartial public key X ofCThe partial public key TCAnd the private key SKSEncrypting the target data to generate a ciphertext Cw(ii) a The ciphertext CwTransmitting to the cloud server, wherein the system master public key PpubIs disclosed by the key generation center;
step 80: the receiving end determines the public key PK of the cloud server through the identity information of the cloud serverC(ii) a Determining the public key PK of the sender according to the identity information of the senderS(ii) a And based on said public key PKCThe public key PKSThe private key SKRGenerating a trapdoor T of the keyword ww(ii) a The trap door TwTransmitting to the cloud server;
step 90: the cloud server transmits the ciphertext C through a preset matching algorithmwAnd trap door TwMatching is carried out, and a matching result is output;
in step 70, the sending end further performs the following substep method to encrypt the target data by encrypting the keyword w, where the substep includes:
substep E1 calculating β ═ h6(IDS,IDR,XS,XR,TS,TR,Ppub),
Figure BDA0002423243340000031
Wherein, IDRIdentity information, ID, representing said receiving endSIdentity information representing the sender, αRFormed by a one-way hash function formula αR=h0(IDR,TR) Generating; h is0(·)、h1(. and h)6(. to) represents a one-way hash function;
sub-step E2: calculating W ═ h2(w,ψ),η=h4(W);
Substep E3 calculation βC=h5(IDC,XC,TC,Ppub),
Figure BDA0002423243340000032
Figure BDA0002423243340000033
Wherein h is2(·)、h3(·)、h4(. and h)5(. to) represents a one-way hash function; IDCIdentity information representing the cloud server, αCFormed by a one-way hash function formula αC=h0(IDC,TC) Generating;
Figure BDA00024232433400000310
is a random point, and is used for representing the public key PK of the cloud serverCThe partial public key of (1);
sub-step E4: generating a signature key pair (ssk, svk) ← KeyGen, and setting a signature public key c0=svk;
Sub-step E5: two integers r are randomly selected and the number of the integers r,
Figure BDA0002423243340000034
wherein the content of the first and second substances,
Figure BDA0002423243340000035
is an integer set composed of 1,2, …, p-1, p is prime number(ii) a The secret value belongs to a set
Figure BDA0002423243340000036
Sub-step E6: calculating the intermediate value C1=gr′;
Sub-step E7: calculating intermediate values
Figure BDA0002423243340000037
Sub-step E8: calculating intermediate values
Figure BDA0002423243340000038
Sub-step E9: calculating intermediate values
Figure BDA0002423243340000039
Sub-step E10: calculating intermediate values
Figure BDA0002423243340000041
Sub-step E11: calculating a signature value σ ═ Sign (ssk, (C)1,C2,C3,C4,C5));
Sub-step E12: outputting the ciphertext Cw=(σ,c0,C1,C2,C3,C4,C5);
Wherein G is1,G2,GTA cyclic group of order p; g, the content of the carbon dioxide is,
Figure BDA0002423243340000042
are respectively group G1And G2A generator of (2);
Figure BDA0002423243340000043
represents group G2The elements of (1); gu
Figure BDA0002423243340000044
Represents group G1,G2Middle element g and
Figure BDA0002423243340000045
to the u-th power of; e represents a symbol from G1×G2To GTBilinear pairwise mapping; sign denotes a signature scheme, and σ ═ Sign (·) is calculated as a signature for a message;
Figure BDA0002423243340000046
public key PK representing the receiving endRThe partial public key of (1) is,
Figure BDA0002423243340000047
public key PK representing the receiving endRIs part of the public key.
Correspondingly, the step 10 specifically includes:
the key generation center generates ID according to the identity information of the cloud serverCGenerating a partial private key d for the cloud serverC
The key generation center randomly selects an integer
Figure BDA0002423243340000048
And calculates a partial public key
Figure BDA0002423243340000049
The key generation center calculates αC=h0(IDC,TC) Partial private key dC=tC+sαCmod p, mod p representing modulo p operations;
the key generation center uses the partial public key TCAnd the partial private key dCSending the data to the cloud server through a secure channel;
correspondingly, the step 20 specifically includes:
the cloud server randomly creates a secret value xCBased on the formula
Figure BDA00024232433400000410
Generating partial public key XC
The cloud server randomly selects a point
Figure BDA00024232433400000411
Random point will be
Figure BDA00024232433400000412
As part of the public key;
based on said partial public key XCThe partial public key TCRandom point, random point
Figure BDA00024232433400000413
Creating a public key PKC(ii) a And based on said secret value xCAnd part of the private key dCCreating a private Key SKC
Correspondingly, the step 30 specifically includes:
the key generation center generates a key according to the ID of the identity information of the sending endSGenerating a partial private key d for the senderS
The key generation center randomly selects an integer
Figure BDA00024232433400000414
And calculates a partial public key
Figure BDA00024232433400000415
The key generation center calculates αS=h0(IDS,TS) Partial private key dS=tS+sαSmod p, mod p representing modulo p operations;
the key generation center uses the partial public key TSAnd the partial private key dSSending the data to the sending end through a safety channel;
correspondingly, the step 40 specifically includes:
the cloud server randomly creates a secret value xSBased on the formula
Figure BDA0002423243340000051
Generating partial public key XS
Based on said partial public key XSAnd said partial public key TSCreating a public key PKS(ii) a And based on said secret value xSAnd part of the private key dSCreating a private Key SKS
Correspondingly, the step 50 specifically includes:
the key generation center generates a key according to the ID of the receiving endRGenerating a partial private key d for the receiving endR
The key generation center randomly selects an integer
Figure BDA0002423243340000052
And calculates a partial public key
Figure BDA0002423243340000053
The key generation center calculates αR=h0(IDR,TR) Partial private key dR=tR+sαRmod p, mod p representing modulo p operations;
the key generation center uses the partial public key TRAnd the partial private key dRSending the data to the receiving end through a safety channel;
correspondingly, the step 60 specifically includes the following sub-steps:
substep D1: the receiving end randomly creates a secret value xRBased on the formula
Figure BDA0002423243340000054
Generating partial public key XR
Substep D2: the receiving end randomly selects n +1 number
Figure BDA0002423243340000055
Substep D3: the receiving end calculates partial public key
Figure BDA0002423243340000056
And is provided with
Figure BDA0002423243340000057
Substep D4: the receiving end randomly selects two numbers
Figure BDA0002423243340000058
And calculates a partial public key based on the random number y
Figure BDA0002423243340000059
Computing a partial public key based on a random number z
Figure BDA00024232433400000510
Substep D5: the receiving end sets a public key
Figure BDA00024232433400000511
Setting a private key SKR=(xR,dR,y,z,e0,…,en) (ii) a Wherein, XR、TR
Figure BDA00024232433400000512
Is a part of the public key of the receiving end; the secret value xRSaid partial private key dRRandom numbers y, z, e0,…,enIs part of the private key of the receiving end.
Accordingly, the step 80 is based on the public key PKCThe public key PKsThe private key SKRGenerating a trapdoor T of the keyword wwThe method specifically comprises the following substeps:
sub-step F1, the receiving end calculates the hash value β ═ h6(IDS,IDR,XS,XR,TS,TR,Ppub),
Figure BDA00024232433400000513
Sub-step F2: the receiving end calculates the Hash value W as h2(w,ψ),η=h4(W);
Sub-step F3: the receiving end randomly selects an integer
Figure BDA0002423243340000061
Sub-step F4: the receiving end calculates the trap door value
Figure BDA0002423243340000062
Sub-step F5: the receiving end outputs a trapdoor Tw=(dw,sw)。
Correspondingly, the step 90 specifically includes:
the cloud server transmits the ciphertext C transmitted by the transmitting endw=(σ,c0,C1,C2,C3,C4,C5) Trapdoor T submitted by the receiving endW=(dW,sW) Matching through a preset matching algorithm;
wherein the matching by the preset matching algorithm comprises:
the cloud server calculates a hash value
Figure BDA0002423243340000063
The cloud server verifies Verify (c)0,σ,(C1,C2,C3,C4,C5))=1,
Figure BDA0002423243340000064
Figure BDA0002423243340000065
Whether the two doors are formed or not, if all the two doors are formed, the trapdoor TwAnd the ciphertext CwThe matching is judged to be successful when the keywords which are the same are included; otherwise, judging that the matching fails.
In addition, in order to achieve the above object, the present invention further provides a certificateless public key searchable encryption system, which includes a cloud server, a sending end, a receiving end and a key generation center;
a cloud server for acquiring a part of the public key T transmitted by the key generation center through the secure channelCAnd part of the private key dCSaid partial public key TCAnd the partial private key dCGenerating, by the key generation center, based on the identity information of the cloud server;
the cloud server is further used for randomly creating a secret value xCFrom said secret value xCGenerating partial public key XCAnd based on said partial public key XCThe partial public key TCThe partial private key dCThe secret value xCAnd a random point creating public key PKCAnd a private key SKC
A sending end for obtaining part of the public key T sent by the key generation center through a secure channelSAnd part of the private key dSSaid partial public key TSAnd the partial private key dSGenerating, by the key generation center, based on the identity information of the sender;
the sending end is also used for randomly creating a secret value xSFrom said secret value xSGenerating partial public key XSAnd based on said partial public key XSThe partial public key TSThe partial private key dSAnd said secret value xSCreating a public key PKSAnd a private key SKS
A receiving end for obtaining part of the public key T transmitted by the key generation center through the secure channelRAnd part of the private key dRSaid partial public key TRAnd the partial private key dRGenerating, by the key generation center, based on the identity information of the receiving end;
the receiving end is also used for randomly creating a secret value xRAnd based on said secret value xRGenerating partial public key XRAnd based on said partial public key XRThe partial public key TRThe partial private key dRThe secret value xRCreating a public key by using a plurality of random numbers and a partial public key generated based on the random numbersPKRAnd a private key SKR
The sending end is also used for determining a keyword w; determining a public key PK of the cloud server through identity information of the cloud serverC(ii) a Determining the public key PK of the receiving terminal according to the identity information of the receiving terminalR(ii) a And according to the key word w and the system master public key PpubThe public key PKRPartial public key X ofRPartial public key TRThe public key PKCPartial public key X ofCThe partial public key TCAnd the private key SKSEncrypting the target data to generate a ciphertext Cw(ii) a The ciphertext CwTransmitting to the cloud server, wherein the system master public key PpubIs disclosed by the key generation center;
the receiving end is further configured to determine a public key PK of the cloud server according to the identity information of the cloud serverC(ii) a Determining the public key PK of the sender according to the identity information of the senderS(ii) a And based on said public key PKCThe public key PKSThe private key SKRGenerating a trapdoor T of the keyword ww(ii) a The trap door TwTransmitting to the cloud server;
the cloud server is further used for transmitting the ciphertext C through a preset matching algorithmwAnd trap door TwMatching is carried out, and a matching result is output;
wherein, the sending end further includes:
a first calculating unit for calculating β h6(IDS,IDR,XS,XR,TS,TR,Ppub),
Figure BDA0002423243340000071
Wherein, IDRIdentity information, ID, representing said receiving endSIdentity information representing the sender, αRFormed by a one-way hash function formula αR=h0(IDR,TR) Generating; h is0(·)、h1(. and h)6(. to) represents a one-way hash function;
a second calculation unit for calculating W ═ h2(w,ψ),η=h4(W);
Third calculation unit calculation βC=h5(IDC,XC,TC,Ppub),
Figure BDA0002423243340000072
Wherein h is2(·)、h3(·)、h4(. and h)5(. to) represents a one-way hash function; IDCIdentity information representing the cloud server, αCFormed by a one-way hash function formula αC=h0(IDC,TC) Generating;
Figure BDA0002423243340000073
is a random point, and is used for representing the public key PK of the cloud serverCThe partial public key of (1);
a fourth computing unit for generating a signature key pair (ssk, svk) ← KeyGen, and setting a signature public key c0=svk;
A fifth calculation unit randomly selects two integers r,
Figure BDA0002423243340000074
wherein the content of the first and second substances,
Figure BDA0002423243340000081
is an integer set consisting of 1,2, …, p-1, p is a prime number; the secret value belongs to a set
Figure BDA0002423243340000082
A sixth calculating unit for calculating the intermediate value C1=gr′;
A seventh calculating unit calculating an intermediate value
Figure BDA0002423243340000083
Eighth calculation unit calculating an intermediate value
Figure BDA0002423243340000084
A ninth calculating unit calculating an intermediate value
Figure BDA0002423243340000085
A tenth calculating unit calculating an intermediate value
Figure BDA0002423243340000086
An eleventh calculation unit calculates a signature value σ ═ Sign (ssk, (C)1,C2,C3,C4,C5));
A twelfth calculating unit: outputting the ciphertext Cw=(σ,c0,C1,C2,C3,C4,C5);
Wherein G is1,G2,GTA cyclic group of order p; g, the content of the carbon dioxide is,
Figure BDA0002423243340000087
are respectively group G1And G2A generator of (2);
Figure BDA0002423243340000088
represents group G2The elements of (1); gu
Figure BDA0002423243340000089
Represents group G1,G2Middle element g and
Figure BDA00024232433400000810
to the u-th power of; e represents a symbol from G1×G2To GTBilinear pairwise mapping; sig ═ (KeyGen, Sign, Verify) denotes a signature scheme, and σ ═ Sign () is calculated as a signature for a message;
Figure BDA00024232433400000811
public key PK representing the receiving endRThe partial public key of (1) is,
Figure BDA00024232433400000812
public key PK representing the receiving endRIs part of the public key.
The technical scheme provided by the invention has the beneficial effects that:
the certificateless public key searchable encryption method provided by the invention can obtain high-efficiency and safe guarantee in practical application without being based on a random prophetic model, and the key generation center is responsible for generating partial private keys for the data sending end, the data receiving end and the cloud server; the data sending end is responsible for encrypting the data; the data receiving end is responsible for generating a trap door of the keyword to be retrieved; the cloud server is responsible for storing and retrieving the ciphertext data;
according to the invention, a public and private key pair is added to the data sending end and the cloud server, so that trapdoor transmission can be carried out through a public channel, meanwhile, the attack of keyword guessing can be resisted, the retrieval function of ciphertext data is realized, and the indistinguishability of the ciphertext data and the indistinguishability of the trapdoor are ensured; secondly, the invention can also avoid the problems of certificate management and key escrow, and meanwhile, a safe channel transmission trap door does not need to be established.
Drawings
Fig. 1 is a schematic diagram of an encryption process performed by a sending end in a certificateless public key searchable encryption method provided by the present invention;
fig. 2 is a block diagram of a certificateless public key searchable encryption system provided by the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
The symbols of the embodiments of the present invention are described as follows:
p: a large prime number.
Figure BDA0002423243340000091
And the integer set is composed of 1,2, … and p-1.
G1,G2,GT: cyclic groups of order p.
g,
Figure BDA0002423243340000092
Are respectively group G1And G2The generator of (1).
Figure BDA0002423243340000093
Group G2Of (1).
gu
Figure BDA0002423243340000094
Group G1,G2Middle element g and
Figure BDA0002423243340000095
to the power of u.
e: from G1×G2To GTBilinear pair mapping.
h0(·),h1(·),h2(·),h3(·),h4(·),h5(·),h6(. o): a one-way hash function.
s: a system master key held in secret by a Key Generation Center (KGC).
Ppub: the system main public key disclosed by KGC has a calculation formula of Ppub=gs
sig ═ (KeyGen, Sign, Verify): a signature scheme computes σ ═ Sign (·) as a signature on a message.
IDI: a discernible identification of user I.
dI: a partial private key of user I.
xI: the secret value of user I.
SKI: the private key of user I.
PKI: the public key of user I.
w: a key to be encrypted.
w': the keyword to be retrieved.
n: the bit length of the key w.
mod p: modulo p arithmetic. E.g., 19mod5 ≡ 4.
The invention aims to realize data sharing under the condition that a data sender and a data receiver do not interact, and the cloud server provides ciphertext data storage and retrieval services for the sender and the receiver respectively, but ensures that the cloud server cannot acquire any information about plaintext from ciphertext data.
Aiming at the purpose of the invention, the invention provides a certificateless public key searchable encryption method, which relates to four ends, namely four participating roles: one is a Key Generation Center (KGC), one is a data Sender (Sender), one is a data Receiver (Receiver), and one is a Cloud Server (Cloud Server). The KGC is mainly responsible for generating partial private keys of the Sender/Receiver/Server.
The identifiers of Sender, Receiver, and Cloud Server are ID's, respectivelyS、IDR、IDCIts public/private key pair is respectively (PK)S,SKS)、(PKR,SKR)、(PKC,SKC). Is provided (w)1,w2,…,wn) Is a bit representation of the key w to be encrypted.
(1) Firstly, for a key generation center KGC, the function is to generate a part of private keys for users;
it is understood that the user I herein includes the above-mentioned data sending end (denoted by S), data receiving end (denoted by R) and cloud server (denoted by C);
given user identity IDIFor generating part of private key d of user IIKGC should perform the following operation steps:
a1: randomly selecting an integer
Figure BDA0002423243340000101
And calculate
Figure BDA0002423243340000102
A2 calculation αI=h0(IDI,TI),dI=tI+sαImod p;
A3: sending { T }I,dIGive user I.
(2) User I (I-S, I-C, I-R) receives the transmitted TI,dIAfter that, user I creates a secret value:
user I randomly selects an integer
Figure BDA0002423243340000103
As its own secret value.
(3) A public/private key pair of user I (I-S, I-C, I-R) generates:
the cloud server (I ═ C) performs the following operation steps to generate its own public/private key Pair (PK)C,SKC):
B1: computing
Figure BDA0002423243340000104
B2: randomly selecting a point
Figure BDA0002423243340000105
B3: is provided with
Figure BDA0002423243340000106
SKC=(xC,dC)。
The sender (I ═ S) performs the following arithmetic steps to generate its own public/private key Pair (PK)S,SKS):
C1: computing
Figure BDA0002423243340000107
C2: setting PKS=(XS,TS),SKS=(xS,dS)。
The receiving end (I ═ R) performs the following operation steps to generate its own public/private key Pair (PK)R,SKR):
D1: computing
Figure BDA0002423243340000111
D2: randomly selecting n +1 number
Figure BDA0002423243340000112
D3: computing
Figure BDA0002423243340000113
And is provided with
Figure BDA0002423243340000114
D4: randomly selecting two numbers
Figure BDA0002423243340000115
And calculate
Figure BDA0002423243340000116
D5: is provided with
Figure BDA0002423243340000117
SKR=(xR,dR,y,z,e0,…,en)。
Note: order to
Figure BDA0002423243340000118
Defining a hash function H with algebraic structure {0,1}n→G1Satisfy the requirement of
Figure BDA0002423243340000119
(4) An encryption algorithm;
the transmitting end (I ═ S) performs the following operation steps to implement the encryption flow of the present embodiment, so as to encrypt the keyword w (i.e., encrypt the target data):
substep E1 calculating β ═ h6(IDS,IDR,XS,XR,TS,TR,Ppub),
Figure BDA00024232433400001110
Wherein, IDRIdentity information, ID, representing said receiving endSIdentity information representing the sender, αRFormed by a one-way hash function formula αR=h0(IDR,TR) Generating; h is0(·)、h1(. and h)6(. to) represents a one-way hash function;
sub-step E2: calculating W ═ h2(w,ψ),η=h4(W);
Substep E3 calculation βC=h5(IDC,XC,TC,Ppub),
Figure BDA00024232433400001111
Figure BDA00024232433400001112
Wherein h is2(·)、h3(·)、h4(. and h)5(. to) represents a one-way hash function; IDCIdentity information representing the cloud server, αCFormed by a one-way hash function formula αC=h0(IDC,TC) Generating;
Figure BDA00024232433400001113
is a random point, and is used for representing the public key PK of the cloud serverCThe partial public key of (1);
sub-step E4: generating a signature key pair (ssk, svk) ← KeyGen, and setting a signature public key c0=svk;
Sub-step E5: two integers r are randomly selected and the number of the integers r,
Figure BDA00024232433400001114
wherein the content of the first and second substances,
Figure BDA00024232433400001115
is an integer set consisting of 1,2, …, p-1, p is a prime number; the secret value belongs to a set
Figure BDA00024232433400001116
Sub-step E6: calculating the intermediate value C1=gr′;
Sub-step E7: calculating intermediate values
Figure BDA00024232433400001117
Sub-step E8: calculating intermediate values
Figure BDA0002423243340000121
Sub-step E9: calculating intermediate values
Figure BDA0002423243340000122
Sub-step E10: calculating intermediate values
Figure BDA0002423243340000123
Sub-step E11: calculating a signature value σ ═ Sign (ssk, (C)1,C2,C3,C4,C5));
Sub-step E12: outputting the ciphertext Cw=(σ,c0,C1,C2,C3,C4,C5);
It should be noted that, the flow of the encryption steps performed by the sending end may refer to fig. 1.
(5) Trapdoor generation
The receiving end (I ═ R) performs the following sub-operation steps to generate the trapdoor of the key w:
step F1, the receiving end calculates the hash value β ═ h6(IDS,IDR,XS,XR,TS,TR,Ppub),
Figure BDA0002423243340000124
Sub-step F2: the receiving end calculates the Hash value W as h2(w,ψ),η=h4(W);
Sub-step F3: the receiving end randomly selects an integer
Figure BDA0002423243340000125
Sub-step F4: the receiving end calculates the trap door value
Figure BDA0002423243340000126
Sub-step F5: the receiving end outputs a trapdoor Tw=(dw,sw)。
(6) Testing
In order to search the file containing the keyword w, the cloud server executes the following preset matching algorithm to receive the trapdoor Tw=(dw,sw) And ciphertext Cw=(σ,c0,C1,C2,C3,C4,C5) Carrying out matching test:
g1: computing
Figure BDA0002423243340000127
G2: verification Verify (c)0,σ,(C1,C2,C3,C4,C5))=1,
Figure BDA0002423243340000128
Figure BDA0002423243340000129
Whether the result is true or not; if all the results are true, T is indicatedwAnd CwContaining the same key word and outputting 1; otherwise, 0 is output.
The certificateless public key searchable encryption method of the embodiment adds a public and private key pair to the data sending end and the cloud server, can perform trapdoor transmission through a public channel, can resist attack of keyword guessing, achieves a retrieval function of ciphertext data, and guarantees the indistinguishability of the ciphertext data and the indistinguishability of the trapdoor. Secondly, the problem of certificate management and key escrow is avoided, and meanwhile, a safe channel transmission trap door does not need to be established; finally, compared with other searchable encryption schemes based on certificateless mechanisms, the scheme can prove safe without a random predicting machine, and the security model is stronger.
In addition, the present invention also proposes an embodiment of a certificateless public key searchable encryption system, which, with reference to figure 2,
the system comprises a cloud server 01, a sending end 02, a receiving end 03 and a key generation center 04;
a cloud server 01 for acquiring a part of the public key T transmitted by the key generation center 04 through the secure channelCAnd part of the private key dCSaid partial public key TCAnd the partial private key dCGenerating, by the key generation center, based on the identity information of the cloud server;
the cloud server 01 is further configured to randomly create a secret value xCFrom said secret value xCGenerating partial public key XCAnd based on said partial public key XCThe partial public key TCThe partial private key dCThe secret value xCAnd a random point creating public key PKCAnd a private key SKC
A sending end 02 for obtaining a part of the public key T sent by the key generation center 04 through a secure channelSAnd part of the private key dSSaid partial public key TSAnd the partial private key dSGenerating, by the key generation center, based on the identity information of the sender;
the sending end 02 is further configured to randomly create a secret value xSFrom said secret value xSGenerating partial public key XSAnd based on said partial public key XSThe partial public key TSThe partial private key dSAnd said secret value xSCreating a public key PKSAnd a private key SKS
A receiving end 03 for obtaining a part of the public key T transmitted by the key generation center 04 through a secure channelRAnd part of the private key dRSaid partial public key TRAnd the partial private key dRGenerating, by the key generation center, based on the identity information of the receiving end;
the receiving end 03 is further configured to randomly create a secret value xRAnd based on said secret value xRGenerating partial public key XRAnd based on said partial public key XRThe partial public key TRThe partial private key dRThe secret value xRA plurality of random numbers and a partial public key generation public key PK generated based on the random numbersRAnd a private key SKR
The sending end 02 is further configured to determine a keyword w; determining a public key PK of the cloud server through identity information of the cloud serverC(ii) a Determining the public key PK of the receiving terminal according to the identity information of the receiving terminalR(ii) a And according to the key word w and the system master public key PpubThe public key PKRPartial public key X ofRPartial public key TRThe public key PKCPartial public key X ofCThe partial public key TCAnd the private key SKSEncrypting the target data to generate a ciphertext Cw(ii) a The ciphertext CwTransmitting to the cloud server, wherein the system master public key PpubIs disclosed by the key generation center;
the receiving end 03 is further configured to determine the public key PK of the cloud server according to the identity information of the cloud serverC(ii) a Determining the public key PK of the sender according to the identity information of the senderS(ii) a And based on said public key PKCThe public key PKSThe private key SKRGenerating a trapdoor T of the keyword ww(ii) a The trap door TwTransmitting to the cloud server;
the cloud server 01 is further configured to use a preset matching algorithm to match the ciphertext CwAnd trap door TwMatching is carried out, and a matching result is output;
wherein, the sending end 02 further includes:
a first calculating unit for calculating β h6(IDS,IDR,XS,XR,TS,TR,Ppub),
Figure BDA0002423243340000141
Wherein, IDRIdentity information, ID, representing said receiving endSIdentity information representing the sender, αRFormed by a one-way hash function formula αR=h0(IDR,TR) Generating; h is0(·)、h1(. and h)6(. to) represents a one-way hash function;
a second calculation unit for calculating W ═ h2(w,ψ),η=h4(W);
Third calculation unit calculation βC=h5(IDC,XC,TC,Ppub),
Figure BDA0002423243340000142
Wherein h is2(·)、h3(·)、h4(. and h)5(. to) represents a one-way hash function; IDCIdentity information representing the cloud server, αCFormed by a one-way hash function formula αC=h0(IDC,TC) Generating;
Figure BDA0002423243340000143
is a random point, and is used for representing the public key PK of the cloud serverCThe partial public key of (1);
a fourth calculation unit for generating a signature key pair (ssk, sv)k) Oid ← KeyGen, and set signature public key c0=svk;
A fifth calculation unit randomly selects two integers r,
Figure BDA0002423243340000144
wherein the content of the first and second substances,
Figure BDA0002423243340000145
is an integer set consisting of 1,2, …, p-1, p is a prime number; the secret value belongs to a set
Figure BDA0002423243340000146
A sixth calculating unit for calculating the intermediate value C1=gr′;
A seventh calculating unit calculating an intermediate value
Figure BDA0002423243340000147
Eighth calculation unit calculating an intermediate value
Figure BDA0002423243340000148
A ninth calculating unit calculating an intermediate value
Figure BDA0002423243340000149
A tenth calculating unit calculating an intermediate value
Figure BDA00024232433400001410
An eleventh calculation unit calculates a signature value σ ═ Sign (ssk, (C)1,C2,C3,C4,C5));
A twelfth calculating unit: outputting the ciphertext Cw=(σ,c0,C1,C2,C3,C4,C5);
Wherein G is1,G2,GTA cyclic group of order p; g, the content of the carbon dioxide is,
Figure BDA00024232433400001411
are respectively group G1And G2A generator of (2);
Figure BDA00024232433400001412
represents group G2The elements of (1); gu
Figure BDA00024232433400001413
Represents group G1,G2Middle element g and
Figure BDA00024232433400001414
to the u-th power of; e represents a symbol from G1×G2To GTBilinear pairwise mapping; sig ═ (KeyGen, Sign, Verify) denotes a signature scheme, and σ ═ Sign () is calculated as a signature for a message;
Figure BDA00024232433400001415
public key PK representing the receiving endRThe partial public key of (1) is,
Figure BDA0002423243340000151
public key PK representing the receiving endRIs part of the public key.
The system of this embodiment has added public private key pair of data sending end 02 and cloud ware 01, both can carry out the trapdoor transmission through open channel, can resist the attack of keyword guessing again simultaneously, has realized the retrieval function of cryptograph data, has ensured the indistinguishable nature of cryptograph data and the indistinguishable nature of trapdoor simultaneously. Secondly, the problem of certificate management and key escrow is avoided, and meanwhile, a safe channel transmission trap door does not need to be established; finally, compared with other searchable encryption schemes based on certificateless mechanisms, the scheme can prove safe without a random predicting machine, and the security model is stronger.
It should be noted that, in this document, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or system that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or system. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or system that comprises the element.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Through the above description of the embodiments, those skilled in the art will clearly understand that the method of the above embodiments can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware, but in many cases, the former is a better implementation manner. Based on such understanding, the technical solution of the present invention may be embodied in the form of a software product, which is stored in a storage medium (e.g., ROM/RAM, magnetic disk, optical disk) as described above and includes instructions for enabling a terminal device (e.g., a mobile phone, a computer, a server, an air conditioner, or a network device) to execute the method according to the embodiments of the present invention.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (7)

1. A certificateless public key searchable encryption method, comprising the steps of:
step 10: the cloud server acquires a part of public key T transmitted by the key generation center through a secure channelCAnd part of the private key dCSaid partial public key TCAnd the partial private key dCGenerating, by the key generation center, based on the identity information of the cloud server;
step 20: the cloud server randomly creates a secret value xCFrom said secret value xCGenerating partial public key XCAnd based on said partial public key XCThe partial public key TCThe partial private key dCThe secret value xCAnd a random point creating public key PKCAnd a private key SKC
Step 30: the sending end obtains a part of public key T sent by the key generation center through a secure channelSAnd part of the private key dSSaid partial public key TSAnd the partial private key dSGenerating, by the key generation center, based on the identity information of the sender;
step 40: the sending end randomly creates a secret value xSFrom said secret value xSGenerating partial public key XSAnd based on said partial public key XSThe partial public key TSThe partial private key dSAnd said secret value xSCreating a public key PKSAnd a private key SKS
Step 50: the receiving end obtains a part of public key T transmitted by the key generation center through a secure channelRAnd part of the private key dRSaid partial public key TRAnd the partial private key dRGenerating, by the key generation center, based on the identity information of the receiving end;
step 60: the receiving end randomly creates a secret value xRAnd based on said secret value xRGenerating partial public key XRAnd based on said partial public key XRThe partial public key TRThe partial private key dRThe secret value xRA plurality of random numbers and a partial public key generation public key PK generated based on the random numbersRAnd a private key SKR
Step 70: the sending end determines a keyword w; determining a public key PK of the cloud server through identity information of the cloud serverC(ii) a Determining the public key PK of the receiving terminal according to the identity information of the receiving terminalR(ii) a And according to the keyword w and the system masterPublic key PpubThe public key PKRPartial public key X ofRPartial public key TRThe public key PKCPartial public key X ofCThe partial public key TCAnd the private key SKSEncrypting the target data to generate a ciphertext Cw(ii) a The ciphertext CwTransmitting to the cloud server, wherein the system master public key PpubIs disclosed by the key generation center;
step 80: the receiving end determines the public key PK of the cloud server through the identity information of the cloud serverC(ii) a Determining the public key PK of the sender according to the identity information of the senderS(ii) a And based on said public key PKCThe public key PKSThe private key SKRGenerating a trapdoor T of the keyword ww(ii) a The trap door TwTransmitting to the cloud server;
step 90: the cloud server transmits the ciphertext C through a preset matching algorithmwAnd trap door TwMatching is carried out, and a matching result is output;
in step 70, the sending end further performs the following substep method to encrypt the target data by encrypting the keyword w, where the substep includes:
substep E1 calculating β ═ h6(IDS,IDR,XS,XR,TS,TR,Ppub),
Figure FDA0002423243330000021
Wherein, IDRIdentity information, ID, representing said receiving endSIdentity information representing the sender, αRFormed by a one-way hash function formula αR=h0(IDR,TR) Generating; h is0(·)、h1(. and h)6(. to) represents a one-way hash function;
sub-step E2: calculating W ═ h2(w,ψ),η=h4(W);
Sub-step E3:calculation βC=h5(IDC,XC,TC,Ppub),
Figure FDA0002423243330000022
Figure FDA00024232433300000212
Wherein h is2(·)、h3(·)、h4(. and h)5(. to) represents a one-way hash function; IDCIdentity information representing the cloud server, αCFormed by a one-way hash function formula αC=h0(IDC,TC) Generating;
Figure FDA0002423243330000023
is a random point, and is used for representing the public key PK of the cloud serverCThe partial public key of (1);
sub-step E4: generating a signature key pair (ssk, svk) ← KeyGen, and setting a signature public key c0=svk;
Sub-step E5: randomly selecting two integers
Figure FDA0002423243330000024
Wherein the content of the first and second substances,
Figure FDA0002423243330000025
is an integer set consisting of 1,2, …, p-1, p is a prime number; the secret value belongs to a set
Figure FDA0002423243330000026
Sub-step E6: calculating the intermediate value C1=gr′
Sub-step E7: calculating intermediate values
Figure FDA0002423243330000027
Substeps ofE8: calculating intermediate values
Figure FDA0002423243330000028
Sub-step E9: calculating intermediate values
Figure FDA0002423243330000029
Sub-step E10: calculating intermediate values
Figure FDA00024232433300000210
Sub-step E11: calculating a signature value σ ═ Sign (ssk, (C)1,C2,C3,C4,C5));
Sub-step E12: outputting the ciphertext Cw=(σ,c0,C1,C2,C3,C4,C5);
Wherein G is1,G2,GTA cyclic group of order p; g, the content of the carbon dioxide is,
Figure FDA00024232433300000211
are respectively group G1And G2A generator of (2);
Figure FDA0002423243330000031
represents group G2The elements of (1); gu
Figure FDA0002423243330000032
Represents group G1,G2Middle element g and
Figure FDA0002423243330000033
to the u-th power of; e represents a symbol from G1×G2To GTBilinear pairwise mapping; sig ═ (KeyGen, Sign, Verify) denotes a signature scheme, and σ ═ Sign () is calculated as a signature for a message;
Figure FDA0002423243330000034
public key PK representing the receiving endRThe partial public key of (1) is,
Figure FDA0002423243330000035
public key PK representing the receiving endRIs part of the public key.
2. The certificateless public key searchable encryption method according to claim 1, wherein said step 10 specifically comprises:
the key generation center generates ID according to the identity information of the cloud serverCGenerating a partial private key d for the cloud serverC
The key generation center randomly selects an integer
Figure FDA0002423243330000036
And calculates a partial public key
Figure FDA0002423243330000037
The key generation center calculates αC=h0(IDC,TC) Partial private key dC=tC+sαCmod p, mod p representing modulo p operations;
the key generation center uses the partial public key TCAnd the partial private key dCSending the data to the cloud server through a secure channel;
correspondingly, the step 20 specifically includes:
the cloud server randomly creates a secret value xCBased on the formula
Figure FDA0002423243330000038
Generating partial public key XC
The cloud server randomly selects a point
Figure FDA0002423243330000039
Random point will be
Figure FDA00024232433300000310
As part of the public key;
based on said partial public key XCThe partial public key TCRandom point, random point
Figure FDA00024232433300000311
Creating a public key PKC(ii) a And based on said secret value xCAnd part of the private key dCCreating a private Key SKC
3. The certificateless public key searchable encryption method according to claim 2, wherein said step 30 specifically comprises:
the key generation center generates a key according to the ID of the identity information of the sending endSGenerating a partial private key d for the senderS
The key generation center randomly selects an integer
Figure FDA00024232433300000312
And calculates a partial public key
Figure FDA00024232433300000313
The key generation center calculates αS=h0(IDS,TS) Partial private key dS=tS+sαSmod p, mod p representing modulo p operations;
the key generation center uses the partial public key TSAnd the partial private key dSSending the data to the sending end through a safety channel;
correspondingly, the step 40 specifically includes:
the cloud server randomly creates a secret value xSBased on the formula
Figure FDA00024232433300000314
Generating partial public key XS
Based onSaid partial public key XSAnd said partial public key TSCreating a public key PKS(ii) a And based on said secret value xSAnd part of the private key dSCreating a private Key SKS
4. The certificateless public key searchable encryption method according to claim 3, wherein said step 50 specifically comprises:
the key generation center generates a key according to the ID of the receiving endRGenerating a partial private key d for the receiving endR
The key generation center randomly selects an integer
Figure FDA0002423243330000041
And calculates a partial public key
Figure FDA0002423243330000042
The key generation center calculates αR=h0(IDR,TR) Partial private key dR=tR+sαRmod p, mod p representing modulo p operations;
the key generation center uses the partial public key TRAnd the partial private key dRSending the data to the receiving end through a safety channel;
correspondingly, the step 60 specifically includes the following sub-steps:
substep D1: the receiving end randomly creates a secret value xRBased on the formula
Figure FDA0002423243330000043
Generating partial public key XR
Substep D2: the receiving end randomly selects n +1 number
Figure FDA0002423243330000044
Substep D3: the receiving end calculates partial public key
Figure FDA0002423243330000045
And is provided with
Figure FDA0002423243330000046
Substep D4: the receiving end randomly selects two numbers
Figure FDA0002423243330000047
And calculates a partial public key based on the random number y
Figure FDA0002423243330000048
Computing a partial public key based on a random number z
Figure FDA0002423243330000049
Substep D5: the receiving end sets a public key
Figure FDA00024232433300000410
Setting a private key SKR=(xR,dR,y,z,e0,…,en) (ii) a Wherein, XR、TR
Figure FDA00024232433300000411
Is a part of the public key of the receiving end; the secret value xRSaid partial private key dRRandom numbers y, z, e0,…,enIs part of the private key of the receiving end.
5. The certificateless public key searchable encryption method of claim 4, wherein said step 80 is based on said public key PKCThe public key PKSThe private key SKRGenerating a trapdoor T of the keyword wwThe method specifically comprises the following substeps:
sub-step F1, the receiving end calculates the hash value β ═ h6(IDS,IDR,XS,XR,TS,TR,Ppub),
Figure FDA00024232433300000412
Sub-step F2: the receiving end calculates the Hash value W as h2(w,ψ),η=h4(W);
Sub-step F3: the receiving end randomly selects an integer
Figure FDA0002423243330000051
Sub-step F4: the receiving end calculates the trap door value
Figure FDA0002423243330000052
Sub-step F5: the receiving end outputs a trapdoor Tw=(dw,sw)。
6. The certificateless public key searchable encryption method according to claim 5, wherein said step 90 specifically comprises:
the cloud server transmits the ciphertext C transmitted by the transmitting endw=(σ,c0,C1,C2,C3,C4,C5) Trapdoor T submitted by the receiving endw=(dw,sw) Matching through a preset matching algorithm;
wherein the matching by the preset matching algorithm comprises:
the cloud server calculates a hash value
Figure FDA0002423243330000053
The cloud server verifies Verify (c)0,σ,(C1,C2,C3,C4,C5))=1,
Figure FDA0002423243330000054
Figure FDA0002423243330000055
Whether the two doors are formed or not, if all the two doors are formed, the trapdoor TwAnd the ciphertext CwThe matching is judged to be successful when the keywords which are the same are included; otherwise, judging that the matching fails.
7. A certificateless public key searchable encryption system is characterized by comprising a cloud server, a sending end, a receiving end and a key generation center;
a cloud server for acquiring a part of the public key T transmitted by the key generation center through the secure channelCAnd part of the private key dCSaid partial public key TCAnd the partial private key dCGenerating, by the key generation center, based on the identity information of the cloud server;
the cloud server is further used for randomly creating a secret value xCFrom said secret value xCGenerating partial public key XCAnd based on said partial public key XCThe partial public key TCThe partial private key dCThe secret value xCAnd a random point creating public key PKCAnd a private key SKC
A sending end for obtaining part of the public key T sent by the key generation center through a secure channelSAnd part of the private key dSSaid partial public key TSAnd the partial private key dSGenerating, by the key generation center, based on the identity information of the sender;
the sending end is also used for randomly creating a secret value xSFrom said secret value xSGenerating partial public key XSAnd based on said partial public key XSThe partial public key TSThe partial private key dSAnd said secret value xSCreating a public key PKSAnd a private key SKS
A receiving end for obtaining part of the public key T transmitted by the key generation center through the secure channelRAnd part of the private key dRSaid partial public key TRAnd the partial private keydRGenerating, by the key generation center, based on the identity information of the receiving end;
the receiving end is also used for randomly creating a secret value xRAnd based on said secret value xRGenerating partial public key XRAnd based on said partial public key XRThe partial public key TRThe partial private key dRThe secret value xRA plurality of random numbers and a partial public key generation public key PK generated based on the random numbersRAnd a private key SKR
The sending end is also used for determining a keyword w; determining a public key PK of the cloud server through identity information of the cloud serverC(ii) a Determining the public key PK of the receiving terminal according to the identity information of the receiving terminalR(ii) a And according to the key word w and the system master public key PpubThe public key PKRPartial public key X ofRPartial public key TRThe public key PKCPartial public key X ofCThe partial public key TCAnd the private key SKSEncrypting the target data to generate a ciphertext Cw(ii) a The ciphertext CwTransmitting to the cloud server, wherein the system master public key PpubIs disclosed by the key generation center;
the receiving end is further configured to determine a public key PK of the cloud server according to the identity information of the cloud serverC(ii) a Determining the public key PK of the sender according to the identity information of the senderS(ii) a And based on said public key PKCThe public key PKSThe private key SKRGenerating a trapdoor T of the keyword ww(ii) a The trap door TwTransmitting to the cloud server;
the cloud server is further used for transmitting the ciphertext C through a preset matching algorithmwAnd trap door TwMatching is carried out, and a matching result is output;
wherein, the sending end further includes:
a first calculating unit for calculating β h6(IDS,IDR,XS,XR,TS,TR,Ppub),
Figure FDA0002423243330000061
Wherein, IDRIdentity information, ID, representing said receiving endSIdentity information representing the sender, αRFormed by a one-way hash function formula αR=h0(IDR,TR) Generating; h is0(·)、h1(. and h)6(. to) represents a one-way hash function;
a second calculation unit for calculating W ═ h2(w,ψ),η=h4(W);
Third calculation unit calculation βC=h5(IDC,XC,TC,Ppub),
Figure FDA0002423243330000062
Wherein h is2(·)、h3(·)、h4(. and h)5(. to) represents a one-way hash function; IDCIdentity information representing the cloud server, αCFormed by a one-way hash function formula αC=h0(IDC,TC) Generating;
Figure FDA0002423243330000063
is a random point, and is used for representing the public key PK of the cloud serverCThe partial public key of (1);
a fourth computing unit for generating a signature key pair (ssk, svk) ← KeyGen, and setting a signature public key c0=svk;
A fifth calculation unit for randomly selecting two integers
Figure FDA0002423243330000071
Wherein the content of the first and second substances,
Figure FDA0002423243330000072
is an integer set consisting of 1,2, …, p-1P is prime number; the secret value belongs to a set
Figure FDA0002423243330000073
A sixth calculating unit for calculating the intermediate value C1=gr′
A seventh calculating unit calculating an intermediate value
Figure FDA0002423243330000074
Eighth calculation unit calculating an intermediate value
Figure FDA0002423243330000075
A ninth calculating unit calculating an intermediate value
Figure FDA0002423243330000076
A tenth calculating unit calculating an intermediate value
Figure FDA0002423243330000077
An eleventh calculation unit calculates a signature value σ ═ Sign (ssk, (C)1,C2,C3,C4,C5));
A twelfth calculating unit: outputting the ciphertext Cw=(σ,c0,C1,C2,C3,C4,C5);
Wherein G is1,G2,GTA cyclic group of order p; g, the content of the carbon dioxide is,
Figure FDA0002423243330000078
are respectively group G1And G2A generator of (2);
Figure FDA0002423243330000079
represents group G2The elements of (1); gu
Figure FDA00024232433300000710
Represents group G1,G2Middle element g and
Figure FDA00024232433300000711
to the u-th power of; e represents a symbol from G1×G2To GTBilinear pairwise mapping; sig ═ (KeyGen, Sign, Verify) denotes a signature scheme, and σ ═ Sign () is calculated as a signature for a message;
Figure FDA00024232433300000712
public key PK representing the receiving endRThe partial public key of (1) is,
Figure FDA00024232433300000713
public key PK representing the receiving endRIs part of the public key.
CN202010212306.9A 2020-03-24 2020-03-24 Method and system for searchable encryption of certificateless public key Active CN111464292B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010212306.9A CN111464292B (en) 2020-03-24 2020-03-24 Method and system for searchable encryption of certificateless public key

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010212306.9A CN111464292B (en) 2020-03-24 2020-03-24 Method and system for searchable encryption of certificateless public key

Publications (2)

Publication Number Publication Date
CN111464292A true CN111464292A (en) 2020-07-28
CN111464292B CN111464292B (en) 2023-04-18

Family

ID=71679798

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010212306.9A Active CN111464292B (en) 2020-03-24 2020-03-24 Method and system for searchable encryption of certificateless public key

Country Status (1)

Country Link
CN (1) CN111464292B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114884700A (en) * 2022-04-18 2022-08-09 华中科技大学 Searchable public key encryption batch processing method and system for resisting keyword guessing attack

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105282167A (en) * 2015-11-06 2016-01-27 福建工程学院 Searchable certificateless public key encryption method
CN107438006A (en) * 2017-09-12 2017-12-05 西安电子科技大学 Full multi-receiver label decryption method of the anonymity without certificate

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105282167A (en) * 2015-11-06 2016-01-27 福建工程学院 Searchable certificateless public key encryption method
CN107438006A (en) * 2017-09-12 2017-12-05 西安电子科技大学 Full multi-receiver label decryption method of the anonymity without certificate

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114884700A (en) * 2022-04-18 2022-08-09 华中科技大学 Searchable public key encryption batch processing method and system for resisting keyword guessing attack
CN114884700B (en) * 2022-04-18 2023-04-28 华中科技大学 Searchable public key encryption batch processing method and system for resisting key guessing attack

Also Published As

Publication number Publication date
CN111464292B (en) 2023-04-18

Similar Documents

Publication Publication Date Title
Liu et al. Self-generated-certificate public key cryptography and certificateless signature/encryption scheme in the standard model
Zhou et al. Provable certificateless generalized signcryption scheme
CN111416710B (en) Certificateless searchable encryption method and system applied to multiple receiving ends
Hwang et al. Certificateless public key encryption secure against malicious KGC attacks in the standard model
Qin et al. Simultaneous authentication and secrecy in identity-based data upload to cloud
CN112398637A (en) Equality test method based on certificate-free bookmark password
Sun et al. Short-ciphertext and BDH-based CCA2 secure certificateless encryption
CN111464292B (en) Method and system for searchable encryption of certificateless public key
Chen et al. Identity-based key-insulated signcryption
Tan An Improvement on a three-party authentication key exchange protocol using elliptic curve cryptography.
Lu et al. Constructing designated server public key encryption with keyword search schemes withstanding keyword guessing attacks
Xie et al. Identity-based chameleon hash without random oracles and application in the mobile internet
CN114826611B (en) IND-sID-CCA2 security identification broadcast encryption method based on SM9 of national cipher
Yang et al. Certificateless cryptography with KGC trust level 3
Hwang et al. Modern Cryptography with Proof Techniques and Implementations
Cheng et al. Cryptanalysis and improvement of a certificateless encryption scheme in the standard model
CN109412815B (en) Method and system for realizing cross-domain secure communication
CN114070549A (en) Key generation method, device, equipment and storage medium
Liu et al. (Identity-based) dual receiver encryption from lattice-based programmable hash functions with high min-entropy
Qin et al. A new identity based signcryption scheme in the standard model
CN115442102B (en) Equation test method based on SM9 algorithm
CN114070550B (en) Information processing method, device, equipment and storage medium
CN114520718B (en) Certificate-based signature method for resisting revealing attack
Zhang et al. Key-evolving hierarchical ID-based signcryption
CN113347009B (en) Certificateless threshold signcryption method based on elliptic curve cryptosystem

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant