CN111614470A - Verifiable multi-keyword search method based on improved Merkle-Tree authentication method - Google Patents

Verifiable multi-keyword search method based on improved Merkle-Tree authentication method Download PDF

Info

Publication number
CN111614470A
CN111614470A CN202010461876.1A CN202010461876A CN111614470A CN 111614470 A CN111614470 A CN 111614470A CN 202010461876 A CN202010461876 A CN 202010461876A CN 111614470 A CN111614470 A CN 111614470A
Authority
CN
China
Prior art keywords
tree
merkle
root
file
authentication method
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202010461876.1A
Other languages
Chinese (zh)
Inventor
田有亮
骆琴
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guizhou University
Original Assignee
Guizhou University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guizhou University filed Critical Guizhou University
Priority to CN202010461876.1A priority Critical patent/CN111614470A/en
Publication of CN111614470A publication Critical patent/CN111614470A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • AHUMAN NECESSITIES
    • A63SPORTS; GAMES; AMUSEMENTS
    • A63FCARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
    • A63F13/00Video games, i.e. games using an electronically generated display having two or more dimensions
    • A63F13/70Game security or game management aspects
    • A63F13/71Game security or game management aspects using secure communication between game devices and game servers, e.g. by encrypting game data or authenticating players
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/14Details of searching files based on file metadata
    • G06F16/148File search processing
    • G06F16/152File search processing using file content signatures, e.g. hash values
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates

Abstract

The invention discloses a verifiable multi-keyword searching method based on an improved Merkle-Tree authentication method, which comprises the following steps: firstly, multi-keyword searching is carried out, so that efficient and accurate searching is realized; secondly, the search result is authenticated, and the effective authentication of the search result is realized, wherein the first step comprises the following steps: A. encrypting each file and creating an index; B. taking the file as a leaf node to generate a Merkle-Tree; C. signing the tree root; in the second step, the method comprises the following steps: D. encrypting the keywords to generate a trapdoor; E. the server executes a search algorithm; F. verifying whether the signature of the root was tampered with. The verification and update algorithm of the search scheme is constructed by using the improved Merkle-Tree authentication method, so that the high-efficiency verification and update of illegal operations such as data tampering, deletion and counterfeiting are prevented, and the freshness of the data is ensured by the connection of the timestamp field and the root node; secondly, the scheme meets the security requirements of indistinguishability and unforgeability of the ciphertext.

Description

Verifiable multi-keyword search method based on improved Merkle-Tree authentication method
Technical Field
The invention relates to a searching method, in particular to a verifiable multi-keyword searching method based on an improved Merkle-Tree authentication method, and belongs to the technical field of information security.
Background
With the continuous promotion of global informatization and the rapid development of the internet, big data has become an important production factor and has penetrated into various fields. The opening and sharing of big data and the verifiability of data search results are very important. Verifiability of search results means that the user can efficiently authenticate the search results returned by the server. The existing result verification method in the searchable encryption scheme generally has the problems of high cost, low efficiency and the like, and brings great challenges for realizing high-efficiency verification and safety requirements of multi-keyword search results.
In recent years, database security retrieval has attracted continuous attention of academia that existing outsourced database retrieval schemes can be classified into three categories according to different verification methods: the first method is to verify the integrity of the search results using an authentication data structure. The main idea is to create a global MHT with all data records of the database as leaf nodes, and the root nodes are stored on the server via user signatures. When wanting to verify a certain data record, the user does so by recalculating the signature of the MHT root node. However, a disadvantage of MHT based approaches is that the authentication process requires a large communication and computational overhead. The second type of approach is a probabilistic integrity verification scheme. The main skill is that the data owner inserts a small amount of "spy" data records into the database in advance, and then completes the verification by analyzing the "spy" data in the search results. If the spy data meeting a certain query condition is not returned, the user can determine that the server has cheating behaviors. However, this approach has two disadvantages: first, to achieve result verifiability, "spy" data must be shared to all authorized users. Therefore, the server can obtain all the espionage data by checking with a certain authorized user, so that the aim of cheating the user can be easily achieved by returning all data records to be verified in the later retrieval. Secondly, the method needs the server to return the whole data record, so that the traditional database query modes such as projection query and the like are not supported. The third category of methods is a verification scheme based on signature chain technology, which reduces the communication and computation overhead of the retrieval verification process compared to MHT-based methods. However, this method is difficult to handle the case where the search area is discontinuous, and thus the completeness of the integrity check is not achieved. The existing verification methods can not completely solve the verifiable problem of the retrieval result. In the traditional effective verification scheme, a user needs to entrust a third party to verify the search result, and although the method ensures the correctness of the search result, the calculation and communication overhead is increased.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: providing a verifiable multi-keyword search method based on an improved Merkle-Tree authentication method, and realizing efficient and accurate multi-keyword search by constructing a multi-keyword searchable algorithm; secondly, a verification and dynamic updating algorithm of the search scheme is constructed by using an improved Merkle-Tree authentication method, so that the high-efficiency verification and updating of illegal operations such as data tampering, deletion and counterfeiting are prevented; finally, under the decision linear assumption and the CDH assumption, the safety of ciphertext indistinguishability and unforgeability can be met, and the existing problems are effectively solved.
The technical scheme of the invention is as follows: a verifiable multi-keyword search method based on an improved Merkle-Tree authentication method, the method comprises the following steps: firstly, multi-keyword searching is carried out, so that efficient and accurate searching is realized; secondly, the search result is authenticated, and the effective authentication of the search result is realized, wherein the first step comprises the following steps: A. encrypting each file and creating an index; B. taking the file as a leaf node to generate a Merkle-Tree; C. signing the tree root; in the second step, the method comprises the following steps: D. encrypting the keywords to generate a trapdoor; E. the server executes a search algorithm; F. verifying whether the signature of the root was tampered with.
Step one, multi-keyword search: the method has the advantages that files stored on the cloud server are efficiently and accurately searched, and a searchable algorithm of the multi-keyword is constructed.
And step two, the search result is authenticated, and the improved Merkle-Tree is utilized to realize the effective verification of the search result without the participation of a third party.
The step A is as follows: firstly, a key generation center generates a partial private key for a user ID in a ParKeyGen algorithm, and secondly, a user generates a final private key in the KeyGen algorithm according to the identity of the user; finally, the data owner encrypts the file and creates an index for the file.
The step B is as follows: and the data owner hashes the files to be stored as leaf nodes two by two to generate a Merkle-Tree. That is, the data owner divides the data file F to be stored in the server into n data blocks (F1, F2, …, fn) and encrypts the data blocks before uploading, and the data blocks are used as leaf nodes to generate a tree.
The step C is as follows: signing the root of the tree with a signature technique ρ ← (h)R)tWhere t represents the private key, hRRepresenting the root hash value of the tree.
After generating the file tag, the data is stored in each file block f [ i ]]Generate BLS signature
Figure BDA0002511272830000031
The signature set is
Figure BDA0002511272830000032
H (f [ i ] for data owner]) Spanning the tree as a leaf node, with the root node hRIs linked to the system date and time, i.e. hR=hR||dtThe signature of the root is denoted as ρ ← (h)R)t
The step D is as follows: set of keywords for a given query
Figure BDA0002511272830000033
User selection of element s ∈ ZpEncrypting the key word to generate trapdoor TW'={T1,,T2,T3,T4In which T is1=gt1s
Figure BDA0002511272830000034
The step E is as follows: the server executes the search algorithmCalculating sigma1=σ2σ3Is true, where σ1=e(I2,T3),σ2=e(I1,T4),σ3=e(I3,T2)/e(I4,T1). And according to the corresponding query trapdoor submitted by the user, the cloud server executes a search algorithm to search a result matched with the trapdoor. Receiving trap door TW'Thereafter, the cloud server computes a four-tuple (σ)123) Where σ is1=e(I2,T3),σ2=e(I1,T4),σ3=e(I3,T2)/e(I4,T1) The cloud server passes the judgment formula sigma1=σ2σ3If true, to match the trapdoor TW'And an index I.
The step F is as follows: by means of a computer
Figure BDA0002511272830000035
Figure BDA0002511272830000036
Whether effective verification of the search result is completed is established.
When the user receives the result C ', the user provides a challenge message to the cloud server and returns a corresponding auxiliary message to verify the correctness of the result C', and the user firstly selects k element sets
Figure BDA0002511272830000037
And is
Figure BDA0002511272830000038
Secondly, a random element b is selectedi∈ZpFinally, send challenge message M ← (i, b)i)i∈QSending the data to a cloud server; cloud server computing
Figure BDA0002511272830000039
And
Figure BDA00025112728300000310
after that time, the user can use the device,the cloud server responds to the user with the following as proof of possession:
Figure BDA00025112728300000311
ai (i) is auxiliary information for node "i". The user verifies the file label and the root signature, and when the user receives the certification information responded by the cloud server, the following three formulas are required to be calculated to verify the correctness of the result:
Figure BDA00025112728300000312
the invention has the beneficial effects that: compared with the prior art, the technical scheme of the invention is adopted, and the improved Merkle-Tree authentication method is utilized to construct the verification and update algorithm of the search scheme, so that the high-efficiency verification and update of illegal operations such as data tampering, deletion and counterfeiting are prevented, and the freshness of data is ensured by the connection of the timestamp field and the root node; secondly, the scheme meets the security requirements of indistinguishability and unforgeability of the ciphertext.
Drawings
FIG. 1 is a general flow diagram of the present invention;
FIG. 2 is a flow chart of the improved MHT of the present invention;
FIG. 3 is a flow chart of data addition according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings.
Example 1: as shown in fig. 1 to 3, a verifiable multi-keyword search method based on the improved Merkle-Tree authentication method includes the following steps: firstly, multi-keyword searching is carried out, so that efficient and accurate searching is realized; secondly, the search result is authenticated, and the effective authentication of the search result is realized, wherein the first step comprises the following steps: A. encrypting each file and creating an index; B. taking the file as a leaf node to generate a Merkle-Tree; C. signing the tree root; in the second step, the method comprises the following steps: D. encrypting the keywords to generate a trapdoor; E. the server executes a search algorithm; F. verifying whether the signature of the root was tampered with.
Step one, multi-keyword search: the method has the advantages that files stored on the cloud server are efficiently and accurately searched, and a searchable algorithm of the multi-keyword is constructed.
And step two, the search result is authenticated, and the improved Merkle-Tree is utilized to realize the effective verification of the search result without the participation of a third party.
The step A is as follows: firstly, a key generation center generates a partial private key for a user ID in a ParKeyGen algorithm, and secondly, a user generates a final private key in the KeyGen algorithm according to the identity of the user; finally, the data owner encrypts the file and creates an index for the file.
The specific algorithm is as follows:
1) ParKeyGen (msk, ID): given the identity ID of a particular user, the key generation center selects a random element t1∈Zp *And calculate
Figure BDA0002511272830000041
And sends it to the user through the secure channel, so that part of the private key of the user is pskID=(psk1,psk2)。
2)KeyGen(param,pskIDID, msk) user randomly selects two elements x ', y' ∈ Zp *And calculate gx',gy'The public and private key pair of the user is pk ═ gx',gy'},sk={pskID,x',y'}。
The step B is as follows: the data owner hashes the files to be stored as leaf nodes two by two to generate a tree. That is, the data owner divides the data file F to be stored in the server into n data blocks (F1, F2, …, fn) and encrypts the data blocks before uploading, and the data blocks are used as leaf nodes to generate a tree.
The specific algorithm is as follows;
1)Encrypt(F,W,pk,pskIDID): data owner from file f [ i ]]Extracting key word set
Figure BDA0002511272830000051
And create index I for these filesi. The data owner selects two random numbers r1,r2∈Zp *And calculate
Figure BDA0002511272830000052
Finally, the data owner will { I, C, τ, ρ } and the corresponding identity id ═ id { id ═ id }1,...,iddAnd uploading the data to a cloud server.
2)FileTagGen(fname,t,n,dt) The algorithm is executed by the data owner, generates a tag for file F, selects the random element μ ∈ G, t ∈ Zp *Generating a System date and time record dtAfter the system date and time are connected to the file tag τ, the freshness of the file is ensured so that pi ═ is (fname | | | n | | | μ | | dt) Where pi ∈ G and tau sigt(π) is the label of the file F, and the concatenated string "π" is stored locally for later verification of the file label.
The step C is as follows: signing root of Merkle-Tree with a signature technology as rho ← (h)R)tWhere t represents the private key, hRRepresenting the root hash value of the tree.
After generating the file tag, the data is stored in each file block f [ i ]]Generate BLS signature
Figure BDA0002511272830000053
The signature set is
Figure BDA0002511272830000054
H (f [ i ] for data owner]) Spanning the tree as a leaf node, with the root node hRIs linked to the system date and time, i.e. hR=hR||dtThe signature of the root is denoted as ρ ← (h)R)t
The step D is as follows: set of keywords for a given query
Figure BDA0002511272830000055
User selection of element s ∈ ZpEncrypting the key word to generate trapdoor TW'={T1,,T2,T3,T4And (c) the step of (c) in which,
Figure BDA0002511272830000056
Figure BDA0002511272830000057
T3=gs
Figure BDA0002511272830000058
the step E is as follows: the server executes the search algorithm to calculate sigma1=σ2σ3Is true, where σ1=e(I2,T3),σ2=e(I1,T4),σ3=e(I3,T2)/e(I4,T1). And according to the corresponding query trapdoor submitted by the user, the cloud server executes a search algorithm to search a result matched with the trapdoor. Receiving trap door TW'Thereafter, the cloud server computes a four-tuple (σ)123) Where σ is1=e(I2,T3),σ2=e(I1,T4),σ3=e(I3,T2)/e(I4,T1) The cloud server passes the judgment formula sigma1=σ2σ3If true, to match the trapdoor TW'And an index I.
The step F is as follows: by means of a computer
Figure BDA0002511272830000061
Figure BDA0002511272830000062
Whether effective verification of the search result is completed is established.
When the user receives the result C ', the user provides a challenge message to the cloud server and returns a corresponding auxiliary message to verify the correctness of the result C', and the user firstly selects k element sets
Figure BDA0002511272830000063
And is
Figure BDA0002511272830000064
Secondly, a random element b is selectedi∈ZpFinally, send challenge message M ← (i, b)i)i∈QSending the data to a cloud server; cloud server computing
Figure BDA0002511272830000065
And
Figure BDA0002511272830000066
the cloud server then responds to the user as proof of possession:
Figure BDA0002511272830000067
ai (i) is auxiliary information for node "i".
The user verifies the file label and the root signature, and when the user receives the certification information responded by the cloud server, the following three formulas are required to be calculated to verify the correctness of the result:
Figure BDA0002511272830000068
if the data owner wants to add a data block f at a particular location*The method is implemented according to the following operations:
a) first, a signature is generated for a new block of data
Figure BDA0002511272830000069
b) Second, a new file label τ is generated*←sigt(fname||n||μ||dt). If the data owner inserts the data message as
Figure BDA00025112728300000610
Where I denotes data insertion, field "V" denotes the location of the new chunk to be inserted, V ← a denotes insertion after the I-th location, V ← B denotes insertion before the I-th location and sends these messages to the cloud server, which, upon receipt of the messages, saves f*And the corresponding leaf node h (f)*) The cloud server finds h (f [ i ] in the Merkle-Tree]) And retaining AI (i) insertion leaf node h (f)*) If the field "V" is set to "A", then there is a hash value (h (f [ i ])])||h(f*) Internal nodes of) will be connected into the original tree; if the field "V" is set to "B", there will be a hash value (h (f)*)||h(f[i]) Internal nodes of) are added to the original tree with index set to 2.
c) Finally, the cloud server modifies the detailed information of each node on the path from the ith node to the highest node (root). Due to the regeneration of the MHT, the cloud server generates a new root R and provides the data owner with a proof message of the insert operation, denoted as
Figure BDA0002511272830000071
Wherein AI (i) represents f [ i ] in the previous tree]The auxiliary information of (1). Upon receiving proof of the insertion process, the data owner first verifies τ, and after verification is successful, { h (f [ i ] is used]) AI (i) } producing root, then passing the verification formula
Figure BDA0002511272830000072
This newly generated root, if it does, the data owner can now verify that the cloud server has correctly completed the file insertion process, using { h (f [ i ] i) }]),AI(i),,h(f*) Generate a new root and compare it with R ', if successful, the data owner authenticates R ' (h (R '))tAnd sending the data to the cloud server for updating. Finally, the data owner runs the authentication algorithm for the new data block, and when the result is true, the data owner can remove { ρ', f from local storage*,τ'}。
The data owner sends a request to the server to modify the data, and the data owner modifies the data in the following way: first, the following tags are generated for the new file
Figure BDA0002511272830000073
The data owner then generates a new file label: τ'. No.. go sigk(fname||n||μ||dt) A new tag is generated to verify the date and time of the modification to ensure the freshness of the data.
The data modification is framed as
Figure BDA0002511272830000074
Transmitting these information to the server, where X denotes a modify operation and "i" denotes a block of data to be modified, and upon receipt of the above message, the server will perform the following substitutions: first, with fi' alternative fi(ii) a Secondly, use separately
Figure BDA0002511272830000075
Tau' substitution
Figure BDA0002511272830000076
And τ; finally, using h (f [ i ]]') substitution h (f [ i ]]). Finally, the server generates a new root hash value R' using h (f [ i [ ])]') Merkle-Tree reconstruction and provide proof of the modification process to the data owner for verification, i.e.
Figure BDA0002511272830000077
After receiving the data modification certificate from the server, the data owner firstly verifies tau and secondly passes the formula
Figure BDA0002511272830000078
Using { h (f [ i ]]'),AI(i))iρ verify the root. If the authentication is successful, the data owner uses { h (f [ i ])]'),AI(i))iCalculating a newly generated root and comparing it with R ', and if the comparison is successful, the data owner authenticates R' by the signature private key t, thus generating a signature ρ '═ h (R')tAnd sends it to the server store. Finally, the data owner runs a verification algorithm for the new data block, and if the result is true, the data owner can delete f i locally]',τ',ρ'}。
The invention discloses a verifiable multi-keyword search based on an improved Merkle-Tree authentication method, which is characterized by comprising the following steps: firstly, multi-keyword searching is realized, and efficient and accurate searching is realized; and secondly, the search result is authenticated, and the effective authentication of the search result is realized. The method comprises the steps that a verification and dynamic updating algorithm of a search scheme is constructed by using an improved Merkle-Tree authentication method, so that efficient verification and updating of illegal operations such as data tampering, deletion and counterfeiting are prevented; secondly, under the decision linear assumption and the CDH assumption, the scheme is to satisfy ciphertext indistinguishability and unforgeability, which has significant advantages in terms of computation cost and performance.
The present invention will be further described with reference to the drawings and examples of the specification, and the following equation is calculated to determine that no falsification has occurred.
Figure BDA0002511272830000081
Figure BDA0002511272830000082
Figure BDA0002511272830000083
Figure BDA0002511272830000084
Has a1=σ2σ3The above formula holds.
We pass the judgment formula
Figure BDA0002511272830000085
Whether or not it holds to ensure that the integrity verification of the search results is correct,
now consider the left side of the equation:
Figure BDA0002511272830000086
to make the explanation of the technical solution of the present invention clearer, the present invention can achieve the security of the cryptogram indistinguishability and the forgery prevention of the signature under the decision linear assumption and the CDH assumption, and we demonstrate the feasibility of the present invention and show a detailed process by the following examples.
Let SiEvent, Adv, indicating that adversary A wants to win game iiIndicating the advantage of adversary a. Suppose in addition to the predefined event EPWhen the game in the i +1 round is terminated and a random bit is output, the game in the i +1 round and the game in the i round perform the same operation. If E isPIs not negligible and it is independent of SiThen, there are:
Figure BDA0002511272830000091
therefore, the temperature of the molten metal is controlled,
Figure BDA0002511272830000092
Figure BDA0002511272830000093
next, we will show a series of secure game simulations as follows:
game 1: in this round of play, adversary a executes according to the steps defined in GameI, i.e. challenger C generates a master key, public parameters and a user-part private key. Order (ID)*,pkID *) Is the identity and public key of the user in the challenge phase, let C*=(I1 *,I2 *,I3 *,I4 *) The ciphertext returned to adversary a.
Game 2: in this round of play, A continues to perform the steps defined in Game1, except for H0Is a hash function that is collision resistant, and therefore,
Pr[S2]=Pr[S1]-AdvH0and Adv2=Adv1-AdvH0
Game 3: in this round of Game, C executes the same Game as Game2 except for the generated common parameters;
1) c selection x, y ∈ Zp *、γu∈ {0, …, n } and ηu∈ {0, …, p }, such that ηu(n+1)<p。
2) C selection
Figure BDA0002511272830000097
Sum vector (K)u1,…,Kun) In which K isuj∈Zηu,1≤j≤n。
3) C selects Tu'∈ZpSum vector (T)u1,…,Tun) Wherein T isuj∈Zηu,1≤j≤n。
The common parameters are set as:
Figure BDA0002511272830000094
it can be seen that the common parameters are not changed during the generation, and therefore,
Pr[S3]=Pr[S2]and Adv3=Adv2
Game 4: in this round of play, except for the guessing phase, C executes the same Game as Game 3;
c is input ID ═ ID1,…,IDnTwo functions are defined:
Figure BDA0002511272830000095
Figure BDA0002511272830000096
in the guess phase, C checks Au(ID*) If it is equal to zero, C terminates and outputs b' ∈ {0,1} as a guess for A, otherwise C performs the same steps as the Game 3.
Due to (K)u',Ku1,…,Kun) Is not known to a in the sense that,
Figure BDA0002511272830000101
therefore, the temperature of the molten metal is controlled,
Figure BDA0002511272830000102
game 5: in this round of Game, C executes the same Game as Game4 except for the guessing phase, C checks whether the following occurs: a. theu(ID) ═ 0 denotes the user ID query predictive engine ParKeyGen;
Au(ID) ═ 0 indicates that the user ID inquires about the talker KeyGen.
If the two above cases occur, C terminates and b' ∈ {0,1} is output as a guess for A, since the occurrence of the above case is not independent of the Game4, we will estimate
Figure BDA00025112728300001013
The infimum limit of (1).
Figure BDA0002511272830000103
Where Ω denotes a set of user ID query speaker ParKeyGen, Ω' denotes a set of user ID query speaker KeyGen, ξ1Representing the number of queries to the predictive machine ParKeyGen, ξ2Indicates the number of times the propheter KeyGen was queried.
If ηu=2(ξ12) Then, then
Figure BDA0002511272830000104
Therefore, the temperature of the molten metal is controlled,
Figure BDA0002511272830000105
game 6: in the round game, except for using gx,gyAs well as the public key, where x, y are unknown to C, C executes the same Game as Game 5; except for the predictive engine ParKeyGen, C processes the predictive engine according to the algorithm specification.
Given a user ID, if Au(ID) ═ 0, then C terminates; otherwise it selects t1'∈Zp -And setting:
Figure BDA0002511272830000106
note that psk1And psk2Is an effective component of part of the private key because:
Figure BDA0002511272830000107
Figure BDA0002511272830000108
wherein
Figure BDA0002511272830000109
We can see that: the distribution of the master key, public key and part of the private key is the same as that of Game5, so Adv6=Adv5
Game 7: in this round of play, except for the challenge phase, C executes the same Game as Game6, giving (psk) from AID-=(psk1 *,psk2 *),ID*,W0,W1) (ii) a If Au (ID)*) If not equal to 0, C is terminated, otherwise b ∈ {0,1}, r is selected1,r2∈Zp *And C*=(I1 *,I2 *,I3 *,I4 *)。
Figure BDA00025112728300001010
We have Adv7=Adv6Since the distribution of the challenge cryptogram does not change.
Game 8: in this round of play, except for the generation of the challenge cryptogram, the Game executed by C is the same as Game7, given one DL instance
Figure BDA00025112728300001012
C*=(I1 *,I2 *,I3 *,I4 *) Wherein:
Figure BDA00025112728300001011
Figure BDA0002511272830000111
in this round of play, C does not use x, y, r1,r2The distinction degree of the Game7 and the Game8 is related to the DL problem. AdvDLRepresenting the advantage of enemy A in distinguishing DL problems, then | Pr [ S ]7]-Pr[S8]|≤AdvDL(λ); also, in Game8 wλIs perfectly hidden, therefore
Figure BDA0002511272830000112
The simulation is complete and the following inequality:
Figure BDA0002511272830000113
Adv2=Adv3
Adv3=ηu(n+1)Adv4
Adv4≤2Adv5
Adv5=Adv6=Adv7≤AdvDL(λ)
the invention utilizes an improved Merkle-Tree authentication method to construct a verification and dynamic updating algorithm of a search scheme. The method and the device can prevent the high-efficiency verification and updating of illegal operations such as data tampering, deletion, counterfeiting and the like, and meet the requirements of high-efficiency verification and safety of multi-keyword search results. The algorithm efficiency is improved on the whole, so the method is extremely high in application value.
The present invention is not described in detail, but is known to those skilled in the art. Finally, the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made to the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention, and all of them should be covered in the claims of the present invention.

Claims (7)

1. A verifiable multi-keyword search method based on an improved Merkle-Tree authentication method is characterized in that: the method comprises the following steps: searching for multiple keywords; secondly, the search result is authenticated, and the first step comprises the following steps: A. encrypting each file and creating an index; B. taking the file as a leaf node to generate a Merkle-Tree; C. signing the tree root; in the second step, the method comprises the following steps: D. encrypting the keywords to generate a trapdoor; E. the server executes a search algorithm; F. verifying whether the signature of the root was tampered with.
2. The verifiable multi-keyword search method based on the improved Merkle-Tree authentication method as set forth in claim 1, wherein: the step A is as follows: firstly, a key generation center generates partial private keys for a data owner and a user, and secondly, the user generates a final private key according to the identity of the user; finally, the data owner encrypts the file and creates an index for the file.
3. The verifiable multi-keyword search method based on the improved Merkle-Tree authentication method as set forth in claim 1, wherein: the step B is as follows: and the data owner hashes the files to be stored as leaf nodes two by two to generate a Merkle-Tree.
4. The verifiable multi-keyword search method based on the improved Merkle-Tree authentication method as set forth in claim 1, wherein: the step C is as follows: signing the root of the tree with a signature technique ρ ← (h)R)tWhere t represents the private key, hRRepresenting the root hash value of the Merkle-Tree.
5. The verifiable multi-keyword search method based on the improved Merkle-Tree authentication method as set forth in claim 1, wherein: the step D is as follows: encrypting the key word to generate trapdoor TW'={T1,,T2,T3,T4And (c) the step of (c) in which,
Figure FDA0002511272820000011
T3=gs
Figure FDA0002511272820000012
6. the verifiable multi-keyword search method based on the improved Merkle-Tree authentication method as set forth in claim 1, wherein: the step E is as follows: the server executes the search algorithm to calculate sigma1=σ2σ3Is true, where σ1=e(I2,T3),σ2=e(I1,T4),σ3=e(I3,T2)/e(I4,T1)。
7. The verifiable multi-keyword search method based on the improved Merkle-Tree authentication method as set forth in claim 1, wherein: the step F is as follows: by means of a computer
Figure FDA0002511272820000013
Figure FDA0002511272820000014
Whether effective verification of the search result is completed is established.
CN202010461876.1A 2020-05-27 2020-05-27 Verifiable multi-keyword search method based on improved Merkle-Tree authentication method Pending CN111614470A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010461876.1A CN111614470A (en) 2020-05-27 2020-05-27 Verifiable multi-keyword search method based on improved Merkle-Tree authentication method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010461876.1A CN111614470A (en) 2020-05-27 2020-05-27 Verifiable multi-keyword search method based on improved Merkle-Tree authentication method

Publications (1)

Publication Number Publication Date
CN111614470A true CN111614470A (en) 2020-09-01

Family

ID=72203152

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010461876.1A Pending CN111614470A (en) 2020-05-27 2020-05-27 Verifiable multi-keyword search method based on improved Merkle-Tree authentication method

Country Status (1)

Country Link
CN (1) CN111614470A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112446041A (en) * 2020-11-30 2021-03-05 西安电子科技大学 Verifiable multi-keyword ciphertext query method and system based on security index

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150006899A1 (en) * 2013-07-01 2015-01-01 Samsung Electronics Co., Ltd. Method and apparatus of data authentication
CN105871543A (en) * 2016-03-29 2016-08-17 西安电子科技大学 Attribute-based multi-keyword ciphertext retrieval method under background of multiple data owners
CN106815350A (en) * 2017-01-19 2017-06-09 安徽大学 Dynamic ciphertext multi-key word searches for method generally in a kind of cloud environment
CN106897368A (en) * 2017-01-16 2017-06-27 西安电子科技大学 Database update operating method is set and its be can verify that in the summation of Merkle Hash
CN108039943A (en) * 2017-12-06 2018-05-15 清华大学深圳研究生院 A kind of encryption searching method that can verify that
CN108055122A (en) * 2017-11-17 2018-05-18 西安电子科技大学 The anti-RAM leakage dynamic that can verify that can search for encryption method, Cloud Server
CN108256348A (en) * 2017-11-30 2018-07-06 深圳大学 A kind of cipher text searching result verification method and its system
CN109088719A (en) * 2018-08-14 2018-12-25 重庆第二师范学院 Outsourced database multi-key word can verify that cipher text searching method, data processing system
CN110781524A (en) * 2019-10-29 2020-02-11 陕西师范大学 Integrity verification method for data in hybrid cloud storage

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150006899A1 (en) * 2013-07-01 2015-01-01 Samsung Electronics Co., Ltd. Method and apparatus of data authentication
CN105871543A (en) * 2016-03-29 2016-08-17 西安电子科技大学 Attribute-based multi-keyword ciphertext retrieval method under background of multiple data owners
CN106897368A (en) * 2017-01-16 2017-06-27 西安电子科技大学 Database update operating method is set and its be can verify that in the summation of Merkle Hash
CN106815350A (en) * 2017-01-19 2017-06-09 安徽大学 Dynamic ciphertext multi-key word searches for method generally in a kind of cloud environment
CN108055122A (en) * 2017-11-17 2018-05-18 西安电子科技大学 The anti-RAM leakage dynamic that can verify that can search for encryption method, Cloud Server
CN108256348A (en) * 2017-11-30 2018-07-06 深圳大学 A kind of cipher text searching result verification method and its system
CN108039943A (en) * 2017-12-06 2018-05-15 清华大学深圳研究生院 A kind of encryption searching method that can verify that
CN109088719A (en) * 2018-08-14 2018-12-25 重庆第二师范学院 Outsourced database multi-key word can verify that cipher text searching method, data processing system
CN110781524A (en) * 2019-10-29 2020-02-11 陕西师范大学 Integrity verification method for data in hybrid cloud storage

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
NEENU GARG等: "RITS-MHT: Relative indexed and time stamped Merkle hash tree based data auditing protocol for cloud computing", 《JOURNAL OF NETWORK AND COMPUTER APPLICATIONS》 *
YINBIN MIAO等: "Enabling verifiable multiple keywords search over encrypted cloud data", 《INFORMATION SCIENCES》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112446041A (en) * 2020-11-30 2021-03-05 西安电子科技大学 Verifiable multi-keyword ciphertext query method and system based on security index

Similar Documents

Publication Publication Date Title
Bost et al. Verifiable dynamic symmetric searchable encryption: Optimality and forward security
CN108039943B (en) Verifiable encryption searching method
EP1701283B1 (en) Method and System for Asymmetric Key Security
CN111639361A (en) Block chain key management method, multi-person common signature method and electronic device
Schröder et al. Verifiable data streaming
CN106936771A (en) A kind of secure cloud storage method and system based on graded encryption
CN106330865A (en) Property base keyword searching method supporting efficient revocation in cloud environment
CN110392038B (en) Multi-key searchable encryption method capable of being verified in multi-user scene
CN111614680B (en) CP-ABE-based traceable cloud storage access control method and system
CN111970299A (en) Block chain-based distributed Internet of things equipment identity authentication device and method
CN110602099A (en) Privacy protection method based on verifiable symmetric searchable encryption
Brunner et al. SPROOF: A Platform for Issuing and Verifying Documents in a Public Blockchain.
WO2021108258A1 (en) Optimizations for verification of interactions system and method using probability density functions
CN109088719B (en) Outsourced database multi-key word can verify that cipher text searching method, data processing system
CN112565264B (en) Cloud storage data integrity detection method based on block chain
CN109918451B (en) Database management method and system based on block chain
Wang et al. Efficient verifiable databases with additional insertion and deletion operations in cloud computing
JP6911231B1 (en) Reliability verification system for digital asset data packets
CN111614470A (en) Verifiable multi-keyword search method based on improved Merkle-Tree authentication method
CN110851848B (en) Privacy protection method for symmetric searchable encryption
Liu et al. Insecurity of an efficient privacy-preserving public auditing scheme for cloud data storage
CN112765570B (en) Identity-based provable data holding method supporting data transfer
Junxiang et al. Dynamic provable data possession with batch-update verifiability
CN114676449B (en) Internet of things data searchable encryption method based on verifiable database
Goswami et al. Stub Signature-Based Efficient Public Data Auditing System using Dynamic Procedures in Cloud Computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20200901