CN111556048B - Attribute-based secure communication method and system supporting ciphertext mode matching - Google Patents

Attribute-based secure communication method and system supporting ciphertext mode matching Download PDF

Info

Publication number
CN111556048B
CN111556048B CN202010338665.9A CN202010338665A CN111556048B CN 111556048 B CN111556048 B CN 111556048B CN 202010338665 A CN202010338665 A CN 202010338665A CN 111556048 B CN111556048 B CN 111556048B
Authority
CN
China
Prior art keywords
ciphertext
data
terminal
query
plaintext
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010338665.9A
Other languages
Chinese (zh)
Other versions
CN111556048A (en
Inventor
王皓
孙茜
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong Normal University
Original Assignee
Shandong Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong Normal University filed Critical Shandong Normal University
Priority to CN202010338665.9A priority Critical patent/CN111556048B/en
Publication of CN111556048A publication Critical patent/CN111556048A/en
Application granted granted Critical
Publication of CN111556048B publication Critical patent/CN111556048B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0807Network architectures or network communication protocols for network security for authentication of entities using tickets, e.g. Kerberos
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/083Network architectures or network communication protocols for network security for authentication of entities using passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/068Authentication using credential vaults, e.g. password manager applications or one time password [OTP] applications

Abstract

The invention provides an attribute-based secure communication method and system supporting ciphertext mode matching, and belongs to the technical field of communication security.A first processor executes a system establishment algorithm to obtain system public parameters and a system master key, obtains a private key corresponding to an attribute set by using the system master key and a third processor attribute set, and returns the private key to the third processor; the second processor outputs a corresponding ciphertext; the third processor sends the query trapdoor to a cloud server; the cloud server executes a matching algorithm aiming at the query trapdoor and a part of ciphertext corresponding to the plaintext character string to obtain an index set and returns the index set to the third processor; the third processor judges whether the ciphertext contains the information expected by the ciphertext according to the index set, if so, downloads part of ciphertext of the plaintext data, and operates a decryption algorithm to obtain the plaintext data; the method and the device can realize the encryption and decryption functions based on the attributes, and simultaneously support the mode matching of the ciphertext, thereby realizing the query of the character string in the plaintext under the ciphertext state.

Description

Attribute-based secure communication method and system supporting ciphertext mode matching
Technical Field
The present disclosure relates to the field of communication security technologies, and in particular, to an attribute-based secure communication method and system supporting ciphertext pattern matching.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
With the development of big data and cloud computing technology, more and more users choose to store data on a cloud server, which brings great convenience to storage, management and use of data, but also brings risks of data leakage.
The inventor of the present disclosure finds that, in order to prevent data leakage, the conventional method is to encrypt data before uploading the data to a cloud server, but the conventional encryption method is generally not beneficial to data sharing and query, thereby reducing the efficiency of data sharing and query.
Disclosure of Invention
In order to solve the defects of the prior art, the present disclosure provides an attribute-based secure communication method and system supporting ciphertext mode matching, which can implement an encryption and decryption function based on attributes, and also support mode matching on a ciphertext, thereby implementing query on a character string in a plaintext text in a ciphertext state, and improving data sharing and query efficiency on the premise of ensuring data security.
In order to achieve the purpose, the following technical scheme is adopted in the disclosure:
the disclosure provides, in a first aspect, an attribute-based secure communication method supporting ciphertext pattern matching.
An attribute-based secure communication method supporting ciphertext mode matching is applied to a data query terminal;
the data query terminal sends the attribute set to the external encryption terminal and receives a private key of the attribute set sent back by the external encryption terminal;
the data query terminal sends a data query request to the data storage terminal, obtains a part of ciphertext corresponding to an access structure in the ciphertext, operates a part of decryption algorithm to decrypt, and obtains a token key if an attribute set owned by the data query terminal can meet the access structure;
when the data query terminal needs to query whether the ciphertext contains the first character string, operating a trapdoor generation algorithm, obtaining a query trapdoor corresponding to the first character string according to a private key and a token secret key of an attribute set of the data query terminal, and sending the query trapdoor to the data storage terminal;
the data query terminal acquires an index set obtained by the data storage terminal executing a matching algorithm according to the query trapdoor and a part of ciphertext corresponding to the character string in the ciphertext; and judging whether the ciphertext contains the information expected by the ciphertext according to the index set, if so, downloading partial ciphertext of the plaintext data in the ciphertext of the data storage terminal, and operating a decryption algorithm to obtain the plaintext data.
A second aspect of the present disclosure provides an attribute-based secure communications apparatus that supports ciphertext pattern matching.
An attribute-based secure communications apparatus supporting ciphertext mode matching, comprising a processor;
the processor sends the device attribute set to the external encryption terminal and receives a private key of the device attribute set sent back by the external encryption terminal;
the processor sends a data query request to the data storage terminal, obtains a part of ciphertext corresponding to the access structure in the ciphertext, operates a part of decryption algorithm to decrypt, and obtains a token key if an attribute set owned by the processor can meet the access structure;
when the processor needs to inquire whether the ciphertext contains the first character string, operating a trapdoor generation algorithm, obtaining an inquiry trapdoor corresponding to the first character string according to a private key and a token secret key of an attribute set of the processor, and sending the inquiry trapdoor to the data storage terminal;
the processor acquires an index set obtained by the data storage terminal executing a matching algorithm according to the query trapdoor and a part of ciphertext corresponding to the character string in the ciphertext; and judging whether the ciphertext contains the information expected by the ciphertext according to the index set, if so, downloading partial ciphertext of the plaintext data in the ciphertext of the data storage terminal, and operating a decryption algorithm to obtain the plaintext data.
A third aspect of the present disclosure provides an attribute-based secure communication method supporting ciphertext pattern matching.
An attribute-based secure communication method supporting ciphertext mode matching is applied to a data storage terminal;
the data storage terminal acquires and stores ciphertext obtained by inputting and encrypting the public parameter, the access structure, the plaintext character string and the plaintext data from the external terminal, wherein the ciphertext comprises a part of ciphertext corresponding to the access structure, a part of ciphertext corresponding to the plaintext character string and a part of ciphertext of the plaintext data;
the data storage terminal receives a query request of the data query terminal and returns part of ciphertext corresponding to the access structure to the data query terminal, so that the data query terminal judges that the owned attribute set can meet the access structure to obtain a token key;
the data storage terminal acquires a query trapdoor corresponding to a first character string obtained by the data query terminal according to a private key of an attribute set of the data query terminal and a token key of the data query terminal, executes a matching algorithm aiming at a part of ciphertext corresponding to the query trapdoor and a plaintext character string to obtain an index set, and returns the index set to the data query terminal so that the data query terminal can judge whether the ciphertext contains information which the data query terminal wants to obtain according to the index set;
the data storage terminal acquires a download command of the data query terminal and sends a part of ciphertext of the plaintext data to the data query terminal, so that the data query terminal obtains the plaintext data through a decryption algorithm.
A fourth aspect of the present disclosure provides a data storage device comprising a processor;
the processor acquires and stores a ciphertext obtained by encrypting the public parameter, the access structure, the plaintext character string and the plaintext data which are sent by the external terminal, wherein the ciphertext comprises a part of ciphertext corresponding to the access structure, a part of ciphertext corresponding to the plaintext character string and a part of ciphertext of the plaintext data;
the processor receives a query request of the data query terminal and returns part of ciphertext corresponding to the access structure to the data query terminal, so that the data query terminal judges that the owned attribute set can meet the access structure to obtain a token key;
the processor acquires a query trapdoor corresponding to a first character string obtained by the data query terminal according to a private key and a token private key of the attribute set of the data query terminal, executes a matching algorithm aiming at the query trapdoor and a part of ciphertext corresponding to a plaintext character string to obtain an index set, and returns the index set to the data query terminal; so that the data inquiry terminal judges whether the ciphertext contains the information expected by the data inquiry terminal according to the index set;
the processor acquires a downloading command of the data query terminal and sends a part of ciphertext of the plaintext data to the data query terminal so that the data query terminal obtains the plaintext data through a decryption algorithm.
The fifth aspect of the disclosure provides an attribute-based secure communication method supporting ciphertext mode matching.
An attribute-based secure communication method supporting ciphertext mode matching, which comprises a first terminal, a cloud server, a second terminal and a third terminal, and comprises the following steps:
the first terminal executes a system establishment algorithm to obtain a system public parameter and a system master key;
the third terminal applies for a key to the first terminal, the third terminal submits the attribute set of the key to the first terminal, and the first terminal runs a key generation algorithm to obtain a private key corresponding to the attribute set by using the system master key and the attribute set of the third terminal and returns the private key to the third terminal;
when the second terminal needs to encrypt the plaintext character string and the plaintext data, an encryption algorithm is operated, the public parameter, the access structure, the plaintext character string and the plaintext data are used as input, corresponding ciphertext is output, the ciphertext comprises a part of ciphertext corresponding to the access structure, a part of ciphertext corresponding to the plaintext character string and a part of ciphertext of the plaintext data, and the ciphertext is stored in the cloud server by the second terminal so that a third terminal can access the ciphertext;
when the cloud server receives a query request of a third terminal, returning part of ciphertext corresponding to the access structure to the third terminal, operating a part of decryption algorithm by the third terminal to decrypt, and if the attribute set owned by the third terminal can meet the access structure, obtaining a token key;
when the third terminal needs to inquire whether the ciphertext contains the first character string, operating a trapdoor generation algorithm to obtain an inquiry trapdoor corresponding to the first character string, and sending the inquiry trapdoor to the cloud server by the third terminal;
the cloud server executes a matching algorithm aiming at the query trapdoor and a part of ciphertext corresponding to the plaintext character string to obtain an index set, and the index set is returned to the third terminal;
and the third terminal judges whether the ciphertext contains the information expected by the third terminal according to the index set, if so, downloads part of the ciphertext of the plaintext data, and operates a decryption algorithm to obtain the plaintext data.
A sixth aspect of the present disclosure provides an attribute-based secure communication system supporting ciphertext pattern matching.
An attribute-based secure communication system supporting ciphertext pattern matching, comprising at least one first processor, at least one cloud server, at least one second processor, and at least one third processor, comprising:
the first processor executes a system establishment algorithm to obtain a system public parameter and a system master key;
the third processor applies for a key from the first processor, the third processor submits the attribute set of the key to the first processor, and the first processor runs a key generation algorithm to obtain a private key corresponding to the attribute set by using the system master key and the attribute set of the third processor and returns the private key to the third processor;
when the second processor needs to encrypt the plaintext character string and the plaintext data, an encryption algorithm is operated, corresponding ciphertext is output by taking the public parameter, the access structure, the plaintext character string and the plaintext data as input, the ciphertext comprises a part of ciphertext corresponding to the access structure, a part of ciphertext corresponding to the plaintext character string and a part of ciphertext of the plaintext data, and the ciphertext is stored in the cloud server by the second processor so that the third processor can access the ciphertext;
when the cloud server receives a query request of a third processor, returning part of ciphertext corresponding to the access structure to the third processor, operating a part of decryption algorithm by the third processor to decrypt, and if an attribute set owned by the third processor can meet the access structure, obtaining a token key;
when the third processor needs to inquire whether the ciphertext contains the first character string, operating a trapdoor generation algorithm to obtain an inquiry trapdoor corresponding to the first character string, and sending the inquiry trapdoor to the cloud server by the third processor;
the cloud server executes a matching algorithm aiming at the query trapdoor and a part of ciphertext corresponding to the plaintext character string to obtain an index set, wherein the index set points to the position of the first character string in the plaintext character string, and returns the index set to the third processor;
and the third processor judges whether the ciphertext contains the information expected by the ciphertext according to the index set, if so, downloads part of ciphertext of the plaintext data, and operates a decryption algorithm to obtain the plaintext data.
Compared with the prior art, the beneficial effect of this disclosure is:
1. the secure communication method, the device and the system can realize the encryption and decryption functions based on the attributes, and simultaneously support the mode matching of the ciphertext, thereby realizing the query of the character strings in the plaintext under the ciphertext state, and improving the data sharing and query efficiency on the premise of ensuring the data security.
2. According to the secure communication method, device and system, in the corresponding system, a data owner (a second terminal) encrypts data aiming at a specific access structure, and only a data user (a third terminal) with an attribute meeting the access structure can perform pattern matching query and decryption.
3. Compared with the standard attribute-based encryption, the attribute-based encryption supporting ciphertext mode matching provided by the invention has the capacity of querying the ciphertext, and a data user can query whether the ciphertext contains required content before downloading all the ciphertexts and decrypting, so that the communication and calculation expenses are saved.
4. Compared with the existing searchable attribute-based encryption, the secure communication method, the device and the system provided by the disclosure have the advantages that a data owner can perform pattern matching query on a text substring of a whole text ciphertext without presetting keywords.
5. Compared with the existing public key encryption supporting ciphertext mode matching, the secure communication method, the device and the system provided by the disclosure have the advantages that the access control function based on the attribute is added, and only the entity with the attribute meeting the access structure can be inquired and decrypted.
Drawings
Fig. 1 is a schematic flowchart of an attribute-based secure communication method supporting ciphertext pattern matching according to embodiment 5 of the present disclosure.
Fig. 2 is a schematic structural diagram of an attribute-based secure communication system supporting ciphertext pattern matching according to embodiment 6 of the present disclosure.
Detailed Description
It should be noted that the following detailed description is exemplary and is intended to provide further explanation of the disclosure. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments according to the present disclosure. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, and it should be understood that when the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof, unless the context clearly indicates otherwise.
The embodiments and features of the embodiments in the present application may be combined with each other without conflict.
Example 1:
the embodiment 1 of the present disclosure provides an attribute-based secure communication method supporting ciphertext mode matching, which is applied to a data query terminal;
the data query terminal sends the attribute set to the external encryption terminal and receives a private key of the attribute set sent back by the external encryption terminal;
the data query terminal sends a data query request to the data storage terminal, obtains a part of ciphertext corresponding to an access structure in the ciphertext, operates a part of decryption algorithm to decrypt, and obtains a token key if an attribute set owned by the data query terminal can meet the access structure;
when the data query terminal needs to query whether the ciphertext contains the first character string, operating a trapdoor generation algorithm, obtaining a query trapdoor corresponding to the first character string according to a private key and a token secret key of an attribute set of the data query terminal, and sending the query trapdoor to the data storage terminal;
the data query terminal acquires an index set obtained by the data storage terminal executing a matching algorithm according to the query trapdoor and a part of ciphertext corresponding to the character string in the ciphertext; and judging whether the ciphertext contains the information expected by the ciphertext according to the index set, if so, downloading partial ciphertext of the plaintext data in the ciphertext of the data storage terminal, and operating a decryption algorithm to obtain the plaintext data.
The specific communication mode is as follows:
contains four types of entities, namely, Key Generation Center (KGC); a Cloud Server (CS), i.e., a data storage terminal; data Owner (Data Owner, DO); data User (DU), i.e. Data query terminal.
The method comprises the following steps:
(1) the key generation center KGC executes a system establishment algorithm to obtain a system public parameter PP and a system master key MSK, and secretly stores the MSK for the external public PP;
(2) a data user DU applies a secret key to a secret key generation center KGC, the DU submits an attribute set S to the KGC, the KGC runs a secret key generation algorithm, and a private key SK corresponding to S is obtainedSAnd returns it to DU;
(3) when the data owner DO wishes to encrypt the plaintext character string T and the plaintext data D, the encryption algorithm is run to obtain a ciphertext
Figure BDA0002467738710000091
The DO stores the ciphertext in the cloud server CS so that the data user DU can access the ciphertext;
(4) when the cloud server CS receives the inquiry request of the data user DU, firstly part of the ciphertext is encrypted
Figure BDA0002467738710000092
Returning to DU, DU runs partial decryption algorithm, if attribute set S owned by DU can satisfy access structure
Figure BDA0002467738710000093
Obtaining a token key TK;
(5) if the data user DU wants to inquire whether the ciphertext contains the character string W, the trapdoor generation algorithm is operated to obtain the inquiry trapdoor td corresponding to WW(ii) a DU will tdWSending the data to a cloud server CS;
(6) cloud Server CS for tdWAnd CTTExecuting matching algorithm to obtain index set
Figure BDA0002467738710000094
And will be
Figure BDA0002467738710000095
Returning to the data user DU;
(7) data user DU based on
Figure BDA0002467738710000096
Judging whether the ciphertext contains the information expected by the ciphertext, if so, downloading partial ciphertext CTDAnd calculating a decryption algorithm to obtain plaintext data D;
the method specifically comprises the following algorithms:
(A) the system establishes an algorithm (Setup) that is run by KGC, inputs an attribute space U, which represents a set of all possible attributes in the system, and an integer n, which defines the maximum length of the plaintext string that can be encrypted, and outputs a public parameter PP and a master key MSK.
In particular, the method comprises the following steps of,
selecting a q-order bilinear group
Figure BDA0002467738710000097
And
Figure BDA0002467738710000098
wherein q is a prime number and g is
Figure BDA0002467738710000099
The bilinear map e exists:
Figure BDA00024677387100000910
for each attribute in attribute space U, in
Figure BDA00024677387100000911
In the selection of | U | random elementsVegetable extract
Figure BDA00024677387100000912
Selecting a standard symmetric encryption scheme
Figure BDA00024677387100000913
(e.g., AES, etc.) having a plaintext SPACE SPACEMThe key SPACE is SPACEKThe encryption algorithm is Enc, and the decryption algorithm is Dec;
for the
Figure BDA00024677387100000914
There is m ═ Dec (K, Enc (K, m)). Let f1And f2For the purpose of the two pseudo-random functions,
Figure BDA0002467738710000101
wherein
Figure BDA0002467738710000102
Random selection
Figure BDA0002467738710000103
For i ═ 0
Figure BDA0002467738710000104
And
Figure BDA0002467738710000105
then, a is randomly selected,
Figure BDA0002467738710000106
and calculate
Figure BDA0002467738710000107
Algorithm output common parameters
Figure BDA0002467738710000108
And master key MSK ═ g α, (z, { σs}s∈S)}。
(B) Key generation algorithm (KeyGen): the algorithm is operated by KGC, a master key MSK and an attribute set S are used as input, and a private key SK corresponding to the attribute set S is outputS
In particular, a master key MSK and a set of attributes
Figure BDA0002467738710000109
As an input; random selection
Figure BDA00024677387100001010
And returns to SKS:=(K0,K1,{K2,x}x∈S,K3) In which K is0=gαgβt,K1=gt
Figure BDA00024677387100001011
K3=(z,{σs}s∈S)。
(C) Encryption algorithm (Encrypt): the algorithm is run by the data owner DO with the common parameters PP, access structure
Figure BDA00024677387100001012
The plaintext character string T and the plaintext data D are input, and corresponding ciphertext CT is output, wherein the ciphertext CT comprises three parts: access structure
Figure BDA00024677387100001013
Corresponding partial cipher text
Figure BDA00024677387100001014
Partial cipher text CT corresponding to plaintext character string TTPartial ciphertext CT of plaintext data DD
Note: in practical applications, T is usually a description of D, and | D | > | T |. The data user judges whether the ciphertext contains the information which the data user wants by performing the pattern matching of the character string on the T.
Specifically, order
Figure BDA00024677387100001015
As an access structure, where M is one
Figure BDA00024677387100001016
The matrix, p, is a function that maps the row numbers of the matrix M to the corresponding attributes, i.e.
Figure BDA00024677387100001017
Random selection
Figure BDA00024677387100001018
And calculate
Figure BDA00024677387100001019
Then CTD=Enc(f1(TK),D);
Random selection
Figure BDA00024677387100001020
Order to
Figure BDA00024677387100001021
Then, calculate
Figure BDA00024677387100001022
Wherein M isiA row vector composed of the ith row element of the matrix M; then, randomly select
Figure BDA00024677387100001023
And calculate
Figure BDA00024677387100001024
Then
Figure BDA00024677387100001025
Let encryption string T ═ s0...sm-1Wherein m is less than or equal to n. First, r ═ f is calculated2(TK). Then, randomly select
Figure BDA0002467738710000111
For i-0.., m-1, calculate
Figure BDA0002467738710000112
Then
Figure BDA0002467738710000113
The algorithm outputs a ciphertext
Figure BDA0002467738710000114
(D) Partial decryption algorithm (PDecrypt): the algorithm is run by the data consumer DU, with partial cipher text
Figure BDA0002467738710000115
And a private key SKSFor input, if the attribute set S satisfies the access structure
Figure BDA0002467738710000116
The token key TK is output.
Specifically, when the cloud server CS receives the query request of the data user DU, it first sends the query request to the cloud server CS
Figure BDA0002467738710000117
Returning to the DU, if the properties of the DU satisfy the access structure, there is a set of DU
Figure BDA0002467738710000118
Make sigmai∈Wωiλi=x0
Then, the DU calculates:
Figure BDA0002467738710000119
(E) trapdoor generation algorithm (TDGen): the algorithm is run by the data user DU, with the character string W, private key SK to be inquiredSAnd the token key TK is used as input, and the query trapdoor td corresponding to the W is outputW
Specifically, the data user DU calculates r ═ f2(TK) and generates the trapdoor td according to the following calculationWWherein the character string W ═ W0...wl-1
For the
Figure BDA00024677387100001110
Initializing the array Ind [ s ]]0; for the
Figure BDA00024677387100001111
Initializing array L [ i ]]0; let the variable V be 0, c be 0;
the following is performed for i from 0 to l-1: if L [ Ind [ w ]i]]When being equal to 0, then
Figure BDA00024677387100001112
In the random value is given to L [ c]Initializing a set
Figure BDA00024677387100001113
Let c be c + 1; otherwise, it orders
Figure BDA00024677387100001114
Then calculate
Figure BDA00024677387100001115
Finally returning to the trapdoor
Figure BDA00024677387100001116
(F) Matching algorithm (Match): the algorithm can be represented by holding tdWIn the present system, the algorithm is specified to be run by the cloud server CS, with part of the cryptogram CTTAnd trapdoor tdWOutputting as input a set of indices j
Figure BDA00024677387100001117
Pointing to the location where the string W appears in the plaintext string T.
Specifically, input tdWAnd CTTFor j-0.. and m-l, it is checked whether the following equations hold
Figure BDA0002467738710000121
If true, return the set of indices j
Figure BDA0002467738710000122
(G) Decryption algorithm (Decrypt): the algorithm is run by the data consumer DU, with partial cipher text CTDAnd the token key TK is used as input, and plaintext data D is output.
Specifically, the partial ciphertext CT is processedDAnd a token key TK as input, and then D ═ Dec (f) is calculated1(TK),CTD)。
Example 2:
the embodiment 2 of the present disclosure provides an attribute-based secure communication apparatus supporting ciphertext mode matching, including a processor;
the processor sends the device attribute set to the external encryption terminal and receives a private key of the device attribute set sent back by the external encryption terminal;
the processor sends a data query request to the data storage terminal, obtains a part of ciphertext corresponding to the access structure in the ciphertext, operates a part of decryption algorithm to decrypt, and obtains a token key if an attribute set owned by the processor can meet the access structure;
when the processor needs to inquire whether the ciphertext contains the first character string, operating a trapdoor generation algorithm, obtaining an inquiry trapdoor corresponding to the first character string according to a private key and a token secret key of an attribute set of the processor, and sending the inquiry trapdoor to the data storage terminal;
the processor acquires an index set obtained by the data storage terminal executing a matching algorithm according to the query trapdoor and a part of ciphertext corresponding to the character string in the ciphertext; and judging whether the ciphertext contains the information expected by the ciphertext according to the index set, if so, downloading partial ciphertext of the plaintext data in the ciphertext of the data storage terminal, and operating a decryption algorithm to obtain the plaintext data.
The specific communication method is the same as the specific communication method in embodiment 1, and is not described herein again.
Example 3:
the embodiment 3 of the present disclosure provides an attribute-based secure communication method supporting ciphertext mode matching, which is applied to a data storage terminal;
the data storage terminal acquires and stores ciphertext obtained by inputting and encrypting the public parameter, the access structure, the plaintext character string and the plaintext data from the external terminal, wherein the ciphertext comprises a part of ciphertext corresponding to the access structure, a part of ciphertext corresponding to the plaintext character string and a part of ciphertext of the plaintext data;
the data storage terminal receives a query request of the data query terminal and returns part of ciphertext corresponding to the access structure to the data query terminal, so that the data query terminal judges that the owned attribute set can meet the access structure to obtain a token key;
the data storage terminal acquires a query trapdoor corresponding to a first character string obtained by the data query terminal according to a private key of an attribute set of the data query terminal and a token key of the data query terminal, executes a matching algorithm aiming at a part of ciphertext corresponding to the query trapdoor and a plaintext character string to obtain an index set, and returns the index set to the data query terminal so that the data query terminal can judge whether the ciphertext contains information which the data query terminal wants to obtain according to the index set;
the data storage terminal acquires a download command of the data query terminal and sends a part of ciphertext of the plaintext data to the data query terminal, so that the data query terminal obtains the plaintext data through a decryption algorithm.
The specific communication method is the same as the specific communication method in embodiment 1, and is not described herein again.
Example 4:
the embodiment 4 of the present disclosure provides a data storage device, including a processor, where the processor obtains and stores a ciphertext obtained by encrypting a public parameter, an access structure, a plaintext character string, and plaintext data, which are sent by an external terminal, as input, and the ciphertext includes a part of ciphertext corresponding to the access structure, a part of ciphertext corresponding to the plaintext character string, and a part of ciphertext of the plaintext data;
the processor receives a query request of the data query terminal and returns part of ciphertext corresponding to the access structure to the data query terminal, so that the data query terminal judges that the owned attribute set can meet the access structure to obtain a token key;
the processor acquires a query trapdoor corresponding to a first character string obtained by the data query terminal according to a private key and a token private key of the attribute set of the data query terminal, executes a matching algorithm aiming at the query trapdoor and a part of ciphertext corresponding to a plaintext character string to obtain an index set, and returns the index set to the data query terminal; so that the data inquiry terminal judges whether the ciphertext contains the information expected by the data inquiry terminal according to the index set;
the processor acquires a downloading command of the data query terminal and sends a part of ciphertext of the plaintext data to the data query terminal so that the data query terminal obtains the plaintext data through a decryption algorithm.
The specific communication method is the same as the specific communication method in embodiment 1, and is not described herein again.
Example 5:
as shown in fig. 1, an attribute-based secure communication method supporting ciphertext pattern matching is provided in embodiment 1 of the present disclosure, where the system includes four types of entities, namely, a Key Generation Center (KGC), that is, a first terminal; a Cloud Server (CS); a Data Owner (DO), i.e. a second terminal; data User (DU), i.e. the third terminal.
The method specifically comprises the following steps:
(1) the key generation center KGC executes a system establishment algorithm to obtain a system public parameter PP and a system master key MSK, and secretly stores the MSK for the external public PP;
(2) a data user DU applies a secret key to a secret key generation center KGC, the DU submits an attribute set S to the KGC, the KGC runs a secret key generation algorithm, and a private key SK corresponding to S is obtainedSAnd returns it to DU;
(3) when the data owner DO wishes to encrypt the plaintext character string T and the plaintext data D, itLine encryption algorithm to obtain ciphertext
Figure BDA0002467738710000141
The DO stores the ciphertext in the cloud server CS so that the data user DU can access the ciphertext;
(4) when the cloud server CS receives the inquiry request of the data user DU, firstly part of the ciphertext is encrypted
Figure BDA0002467738710000154
Returning to DU, DU runs partial decryption algorithm, if attribute set S owned by DU can satisfy access structure
Figure BDA0002467738710000155
Obtaining a token key TK;
(5) if the data user DU wants to inquire whether the ciphertext contains the character string W, the trapdoor generation algorithm is operated to obtain the inquiry trapdoor td corresponding to WW(ii) a DU to tdWSending the data to a cloud server CS;
(6) cloud Server CS for tdWAnd CTTExecuting matching algorithm to obtain index set
Figure BDA0002467738710000151
And will be
Figure BDA0002467738710000152
Returning to the data user DU;
(7) data user DU based on
Figure BDA0002467738710000153
Judging whether the ciphertext contains the information expected by the ciphertext, if so, downloading partial ciphertext CTDAnd calculating a decryption algorithm to obtain plaintext data D;
the specific communication method is the same as the specific communication method in embodiment 1, and is not described herein again.
Example 6:
the embodiment 6 of the present disclosure provides an attribute-based secure communication system supporting ciphertext pattern matching, including at least one first terminal, at least one cloud server, at least one second terminal, and at least one third terminal, including the following steps:
the first terminal executes a system establishment algorithm to obtain a system public parameter and a system master key;
the third terminal applies for a key to the first terminal, the third terminal submits the attribute set of the key to the first terminal, and the first terminal runs a key generation algorithm to obtain a private key corresponding to the attribute set by using the system master key and the attribute set of the third terminal and returns the private key to the third terminal;
when the second terminal needs to encrypt the plaintext character string and the plaintext data, an encryption algorithm is operated, the public parameter, the access structure, the plaintext character string and the plaintext data are used as input, corresponding ciphertext is output, the ciphertext comprises a part of ciphertext corresponding to the access structure, a part of ciphertext corresponding to the plaintext character string and a part of ciphertext of the plaintext data, and the ciphertext is stored in the cloud server by the second terminal so that a third terminal can access the ciphertext;
when the cloud server receives a query request of a third terminal, returning part of ciphertext corresponding to the access structure to the third terminal, operating a part of decryption algorithm by the third terminal to decrypt, and if the attribute set owned by the third terminal can meet the access structure, obtaining a token key;
when the third terminal needs to inquire whether the ciphertext contains the first character string, operating a trapdoor generation algorithm to obtain an inquiry trapdoor corresponding to the first character string, and sending the inquiry trapdoor to the cloud server by the third terminal;
the cloud server executes a matching algorithm aiming at the query trapdoor and a part of ciphertext corresponding to the plaintext character string to obtain an index set, the index set points to the position of the first character string in the plaintext character string, and the index set is returned to the third terminal;
and the third terminal judges whether the ciphertext contains the information expected by the third terminal according to the index set, if so, downloads part of the ciphertext of the plaintext data, and operates a decryption algorithm to obtain the plaintext data.
The specific communication method is the same as the specific communication method in embodiment 1, and is not described herein again.
The above description is only a preferred embodiment of the present disclosure and is not intended to limit the present disclosure, and various modifications and changes may be made to the present disclosure by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present disclosure should be included in the protection scope of the present disclosure.

Claims (10)

1. An attribute-based secure communication method supporting ciphertext mode matching is characterized by being applied to a data query terminal;
the data query terminal sends the attribute set to the external encryption terminal and receives a private key of the attribute set sent back by the external encryption terminal;
the data query terminal sends a data query request to the data storage terminal, obtains a part of ciphertext corresponding to an access structure in the ciphertext of the data storage terminal, operates a part of decryption algorithm to decrypt the ciphertext, and obtains a token key if an attribute set owned by the data query terminal can meet the access structure; the data owner encrypts the data aiming at a specific access structure, only the data user with the attribute meeting the access structure can perform pattern matching query and decryption, and the data owner does not need to preset keywords to allow the data user to perform pattern matching query of character strings on the ciphertext;
when the data query terminal needs to query whether the ciphertext contains the first character string, operating a trapdoor generation algorithm, obtaining a query trapdoor corresponding to the first character string according to a private key and a token secret key of an attribute set of the data query terminal, and sending the query trapdoor to the data storage terminal;
the data query terminal acquires an index set obtained by the data storage terminal executing a matching algorithm according to the query trapdoor and a part of ciphertext corresponding to the character string in the ciphertext; and judging whether the ciphertext contains the information expected by the ciphertext according to the index set, if so, downloading partial ciphertext of the plaintext data in the ciphertext of the data storage terminal, and operating a decryption algorithm to obtain the plaintext data.
2. The method of attribute-based secure communication supporting ciphertext pattern matching as claimed in claim 1, wherein the set of indices points to a position where the first string appears in the plaintext string.
3. An attribute-based secure communications apparatus that supports ciphertext mode matching, comprising a processor;
the processor sends the device attribute set to the external encryption terminal and receives a private key of the device attribute set sent back by the external encryption terminal;
the processor sends a data query request to the data storage terminal, acquires a part of ciphertext corresponding to an access structure in the ciphertext, operates a part of decryption algorithm to decrypt the ciphertext, and obtains a token key if an attribute set owned by the processor can meet the access structure; the data owner encrypts the data aiming at a specific access structure, only the data user with the attribute meeting the access structure can perform pattern matching query and decryption, and the data owner does not need to preset keywords to allow the data user to perform pattern matching query of character strings on the ciphertext;
when the processor needs to inquire whether the ciphertext contains the first character string, operating a trapdoor generation algorithm, obtaining an inquiry trapdoor corresponding to the first character string according to a private key and a token secret key of an attribute set of the processor, and sending the inquiry trapdoor to the data storage terminal;
the processor acquires an index set obtained by the data storage terminal executing a matching algorithm according to the query trapdoor and a part of ciphertext corresponding to the character string in the ciphertext; and judging whether the ciphertext contains the information expected by the ciphertext according to the index set, if so, downloading partial ciphertext of the plaintext data in the ciphertext of the data storage terminal, and operating a decryption algorithm to obtain the plaintext data.
4. The attribute-based secure communications apparatus that supports ciphertext pattern matching as claimed in claim 3, wherein the set of indices point to a position where the first string appears in the plaintext string.
5. An attribute-based secure communication method supporting ciphertext mode matching is characterized by being applied to a data storage terminal;
the data storage terminal acquires and stores ciphertext obtained by inputting and encrypting the public parameter, the access structure, the plaintext character string and the plaintext data from the external terminal, wherein the ciphertext comprises a part of ciphertext corresponding to the access structure, a part of ciphertext corresponding to the plaintext character string and a part of ciphertext of the plaintext data;
the data storage terminal receives a query request of the data query terminal and returns part of ciphertext corresponding to the access structure to the data query terminal, so that the data query terminal judges that the owned attribute set can meet the access structure to obtain a token key; the data owner encrypts the data aiming at a specific access structure, only the data user with the attribute meeting the access structure can perform pattern matching query and decryption, and the data owner does not need to preset keywords to allow the data user to perform pattern matching query of character strings on the ciphertext;
the data storage terminal acquires a query trapdoor corresponding to a first character string obtained by the data query terminal according to a private key of an attribute set of the data query terminal and a token key of the data query terminal, executes a matching algorithm aiming at a part of ciphertext corresponding to the query trapdoor and a plaintext character string to obtain an index set, and returns the index set to the data query terminal so that the data query terminal can judge whether the ciphertext contains information which the data query terminal wants to obtain according to the index set;
the data storage terminal acquires a download command of the data query terminal and sends a part of ciphertext of the plaintext data to the data query terminal, so that the data query terminal obtains the plaintext data through a decryption algorithm.
6. The method of attribute-based secure communication supporting ciphertext pattern matching as claimed in claim 5, wherein the set of indices points to a position where the first string appears in the plaintext string.
7. A data storage device comprising a processor;
the processor acquires and stores a ciphertext obtained by encrypting the public parameter, the access structure, the plaintext character string and the plaintext data which are sent by the external terminal, wherein the ciphertext comprises a part of ciphertext corresponding to the access structure, a part of ciphertext corresponding to the plaintext character string and a part of ciphertext of the plaintext data;
the processor receives a query request of the data query terminal and returns part of ciphertext corresponding to the access structure to the data query terminal, so that the data query terminal judges that the owned attribute set can meet the access structure to obtain a token key;
the processor acquires a query trapdoor corresponding to a first character string obtained by the data query terminal according to a private key and a token private key of the attribute set of the data query terminal, executes a matching algorithm aiming at the query trapdoor and a part of ciphertext corresponding to a plaintext character string to obtain an index set, and returns the index set to the data query terminal; so that the data inquiry terminal judges whether the ciphertext contains the information expected by the data inquiry terminal according to the index set;
the processor acquires a downloading command of the data query terminal and sends a part of ciphertext of the plaintext data to the data query terminal so that the data query terminal obtains the plaintext data through a decryption algorithm.
8. The data storage device of claim 7, wherein the index set points to a location in the plaintext string at which the first string occurs.
9. An attribute-based secure communication method supporting ciphertext mode matching is characterized in that a first terminal, a cloud server, a second terminal and a third terminal exist, and the method comprises the following steps:
the first terminal executes a system establishment algorithm to obtain a system public parameter and a system master key;
the third terminal applies for a key to the first terminal, the third terminal submits the attribute set of the key to the first terminal, and the first terminal runs a key generation algorithm to obtain a private key corresponding to the attribute set by using the system master key and the attribute set of the third terminal and returns the private key to the third terminal;
when the second terminal needs to encrypt the plaintext character string and the plaintext data, an encryption algorithm is operated, the public parameter, the access structure, the plaintext character string and the plaintext data are used as input, corresponding ciphertext is output, the ciphertext comprises a part of ciphertext corresponding to the access structure, a part of ciphertext corresponding to the plaintext character string and a part of ciphertext of the plaintext data, and the ciphertext is stored in the cloud server by the second terminal so that a third terminal can access the ciphertext;
when the cloud server receives a query request of a third terminal, returning part of ciphertext corresponding to the access structure to the third terminal, operating a part of decryption algorithm by the third terminal to decrypt the ciphertext, and if the attribute set owned by the third terminal can meet the access structure, obtaining a token key; the data owner encrypts the data aiming at a specific access structure, only the data user with the attribute meeting the access structure can perform pattern matching query and decryption, and the data owner does not need to preset keywords to allow the data user to perform pattern matching query of character strings on the ciphertext;
when the third terminal needs to inquire whether the ciphertext contains the first character string, operating a trapdoor generation algorithm to obtain an inquiry trapdoor corresponding to the first character string, and sending the inquiry trapdoor to the cloud server by the third terminal;
the cloud server executes a matching algorithm aiming at the query trapdoor and a part of ciphertext corresponding to the plaintext character string to obtain an index set, and the index set is returned to the third terminal;
and the third terminal judges whether the ciphertext contains the information expected by the third terminal according to the index set, if so, downloads part of the ciphertext of the plaintext data, and operates a decryption algorithm to obtain the plaintext data.
10. An attribute-based secure communication system supporting ciphertext pattern matching, comprising at least one first processor, at least one cloud server, at least one second processor, and at least one third processor, comprising:
the first processor executes a system establishment algorithm to obtain a system public parameter and a system master key;
the third processor applies for a key from the first processor, the third processor submits the attribute set of the key to the first processor, and the first processor runs a key generation algorithm to obtain a private key corresponding to the attribute set by using the system master key and the attribute set of the third processor and returns the private key to the third processor;
when the second processor needs to encrypt the plaintext character string and the plaintext data, an encryption algorithm is operated, corresponding ciphertext is output by taking the public parameter, the access structure, the plaintext character string and the plaintext data as input, the ciphertext comprises a part of ciphertext corresponding to the access structure, a part of ciphertext corresponding to the plaintext character string and a part of ciphertext of the plaintext data, and the ciphertext is stored in the cloud server by the second processor so that the third processor can access the ciphertext;
when the cloud server receives a query request of a third processor, returning part of ciphertext corresponding to the access structure to the third processor, operating a part of decryption algorithm by the third processor to decrypt the ciphertext, and if an attribute set owned by the third processor can meet the access structure, obtaining a token key; the data owner encrypts the data aiming at a specific access structure, only the data user with the attribute meeting the access structure can perform pattern matching query and decryption, and the data owner does not need to preset keywords to allow the data user to perform pattern matching query of character strings on the ciphertext;
when the third processor needs to inquire whether the ciphertext contains the first character string, operating a trapdoor generation algorithm to obtain an inquiry trapdoor corresponding to the first character string, and sending the inquiry trapdoor to the cloud server by the third processor;
the cloud server executes a matching algorithm aiming at the query trapdoor and a part of ciphertext corresponding to the plaintext character string to obtain an index set, wherein the index set points to the position of the first character string in the plaintext character string, and returns the index set to the third processor;
and the third processor judges whether the ciphertext contains the information expected by the ciphertext according to the index set, if so, downloads part of ciphertext of the plaintext data, and operates a decryption algorithm to obtain the plaintext data.
CN202010338665.9A 2020-04-26 2020-04-26 Attribute-based secure communication method and system supporting ciphertext mode matching Active CN111556048B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010338665.9A CN111556048B (en) 2020-04-26 2020-04-26 Attribute-based secure communication method and system supporting ciphertext mode matching

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010338665.9A CN111556048B (en) 2020-04-26 2020-04-26 Attribute-based secure communication method and system supporting ciphertext mode matching

Publications (2)

Publication Number Publication Date
CN111556048A CN111556048A (en) 2020-08-18
CN111556048B true CN111556048B (en) 2022-04-01

Family

ID=72004446

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010338665.9A Active CN111556048B (en) 2020-04-26 2020-04-26 Attribute-based secure communication method and system supporting ciphertext mode matching

Country Status (1)

Country Link
CN (1) CN111556048B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112115506B (en) * 2020-08-21 2022-10-25 山东师范大学 Attribute-based data searching method and system supporting Boolean query
CN112732776B (en) * 2020-12-25 2022-08-26 山东师范大学 Secure approximate pattern matching method and system and electronic equipment
CN113434555B (en) * 2021-07-09 2022-03-11 支付宝(杭州)信息技术有限公司 Data query method and device based on searchable encryption technology

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105323061A (en) * 2015-12-02 2016-02-10 河海大学 Outsourced key generation and decryption property-based system capable of realizing keyword search and decryption method
CN105871543A (en) * 2016-03-29 2016-08-17 西安电子科技大学 Attribute-based multi-keyword ciphertext retrieval method under background of multiple data owners
CN107948146A (en) * 2017-11-20 2018-04-20 武汉科技大学 A kind of connection keyword retrieval method based on encryption attribute in mixed cloud
WO2018113563A1 (en) * 2016-12-21 2018-06-28 哈尔滨工业大学深圳研究生院 Database query method and system having access control function
CN108390855A (en) * 2018-01-11 2018-08-10 中国人民解放军战略支援部队信息工程大学 A kind of attribute base keyword search encryption system and method towards cloud storage

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108200063B (en) * 2017-12-29 2020-01-03 华中科技大学 Searchable public key encryption method, system and server adopting same
CN108494768B (en) * 2018-03-22 2021-07-23 深圳大学 Ciphertext searching method and system supporting access control

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105323061A (en) * 2015-12-02 2016-02-10 河海大学 Outsourced key generation and decryption property-based system capable of realizing keyword search and decryption method
CN105871543A (en) * 2016-03-29 2016-08-17 西安电子科技大学 Attribute-based multi-keyword ciphertext retrieval method under background of multiple data owners
WO2018113563A1 (en) * 2016-12-21 2018-06-28 哈尔滨工业大学深圳研究生院 Database query method and system having access control function
CN107948146A (en) * 2017-11-20 2018-04-20 武汉科技大学 A kind of connection keyword retrieval method based on encryption attribute in mixed cloud
CN108390855A (en) * 2018-01-11 2018-08-10 中国人民解放军战略支援部队信息工程大学 A kind of attribute base keyword search encryption system and method towards cloud storage

Also Published As

Publication number Publication date
CN111556048A (en) 2020-08-18

Similar Documents

Publication Publication Date Title
CN108632248B (en) Data ciphering method, data query method, apparatus, equipment and storage medium
CN111556048B (en) Attribute-based secure communication method and system supporting ciphertext mode matching
US9379891B2 (en) Method and system for ID-based encryption and decryption
CN108599937B (en) Multi-keyword searchable public key encryption method
CN106549753B (en) A kind of encryption method that the support ciphertext of identity-based compares
CN106487506B (en) Multi-mechanism KP-ABE method supporting pre-encryption and outsourcing decryption
CN109361644B (en) Fuzzy attribute based encryption method supporting rapid search and decryption
CN108111587B (en) Cloud storage searching method based on time release
CN105553660B (en) A kind of dynamic can search for public key encryption method
Xi et al. Privacy preserving shortest path routing with an application to navigation
CN108632385B (en) Time sequence-based cloud storage privacy protection method for multi-branch tree data index structure
CN110035067B (en) Attribute encryption method supporting efficient data deduplication and attribute revocation in cloud storage
EP3908940A1 (en) A client-server computer system
CN111786786A (en) Agent re-encryption method and system supporting equation judgment in cloud computing environment
CN109981265A (en) A kind of ciphertext equivalence determination method without using Bilinear map of identity-based
CN111902809A (en) Ciphertext searching method, device and equipment based on CP-ABE under fog calculation and storage medium
CN114142996B (en) Searchable encryption method based on SM9 cryptographic algorithm
CN108920968B (en) File searchable encryption method based on connection keywords
Yan et al. Secure and efficient big data deduplication in fog computing
CN109274659B (en) Certificateless online/offline searchable ciphertext method
CN109359475B (en) Ciphertext policy attribute-based encryption method supporting multi-value attribute
CN111555861A (en) Circular range query method and system in cloud environment based on position privacy protection
WO2022213577A1 (en) Method and apparatus for querying spatial text
CN112115506B (en) Attribute-based data searching method and system supporting Boolean query
CN113132345B (en) Agent privacy set intersection method with searchable function

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant