CN111614470A - Verifiable multi-keyword search method based on improved Merkle-Tree authentication method - Google Patents
Verifiable multi-keyword search method based on improved Merkle-Tree authentication method Download PDFInfo
- Publication number
- CN111614470A CN111614470A CN202010461876.1A CN202010461876A CN111614470A CN 111614470 A CN111614470 A CN 111614470A CN 202010461876 A CN202010461876 A CN 202010461876A CN 111614470 A CN111614470 A CN 111614470A
- Authority
- CN
- China
- Prior art keywords
- tree
- merkle
- root
- file
- authentication method
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 65
- 238000012795 verification Methods 0.000 claims abstract description 31
- 238000010845 search algorithm Methods 0.000 claims abstract description 8
- 238000004422 calculation algorithm Methods 0.000 abstract description 19
- 238000012217 deletion Methods 0.000 abstract description 5
- 230000037430 deletion Effects 0.000 abstract description 5
- 230000008569 process Effects 0.000 description 7
- 230000008901 benefit Effects 0.000 description 6
- 238000003780 insertion Methods 0.000 description 6
- 230000037431 insertion Effects 0.000 description 6
- 238000012986 modification Methods 0.000 description 5
- 230000004048 modification Effects 0.000 description 5
- 238000006467 substitution reaction Methods 0.000 description 4
- 238000013459 approach Methods 0.000 description 3
- 238000004891 communication Methods 0.000 description 3
- 239000002184 metal Substances 0.000 description 3
- 238000009826 distribution Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 238000004088 simulation Methods 0.000 description 2
- 230000006399 behavior Effects 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000002265 prevention Effects 0.000 description 1
- 230000008929 regeneration Effects 0.000 description 1
- 238000011069 regeneration method Methods 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- A—HUMAN NECESSITIES
- A63—SPORTS; GAMES; AMUSEMENTS
- A63F—CARD, BOARD, OR ROULETTE GAMES; INDOOR GAMES USING SMALL MOVING PLAYING BODIES; VIDEO GAMES; GAMES NOT OTHERWISE PROVIDED FOR
- A63F13/00—Video games, i.e. games using an electronically generated display having two or more dimensions
- A63F13/70—Game security or game management aspects
- A63F13/71—Game security or game management aspects using secure communication between game devices and game servers, e.g. by encrypting game data or authenticating players
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/14—Details of searching files based on file metadata
- G06F16/148—File search processing
- G06F16/152—File search processing using file content signatures, e.g. hash values
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
Abstract
The invention discloses a verifiable multi-keyword searching method based on an improved Merkle-Tree authentication method, which comprises the following steps: firstly, multi-keyword searching is carried out, so that efficient and accurate searching is realized; secondly, the search result is authenticated, and the effective authentication of the search result is realized, wherein the first step comprises the following steps: A. encrypting each file and creating an index; B. taking the file as a leaf node to generate a Merkle-Tree; C. signing the tree root; in the second step, the method comprises the following steps: D. encrypting the keywords to generate a trapdoor; E. the server executes a search algorithm; F. verifying whether the signature of the root was tampered with. The verification and update algorithm of the search scheme is constructed by using the improved Merkle-Tree authentication method, so that the high-efficiency verification and update of illegal operations such as data tampering, deletion and counterfeiting are prevented, and the freshness of the data is ensured by the connection of the timestamp field and the root node; secondly, the scheme meets the security requirements of indistinguishability and unforgeability of the ciphertext.
Description
Technical Field
The invention relates to a searching method, in particular to a verifiable multi-keyword searching method based on an improved Merkle-Tree authentication method, and belongs to the technical field of information security.
Background
With the continuous promotion of global informatization and the rapid development of the internet, big data has become an important production factor and has penetrated into various fields. The opening and sharing of big data and the verifiability of data search results are very important. Verifiability of search results means that the user can efficiently authenticate the search results returned by the server. The existing result verification method in the searchable encryption scheme generally has the problems of high cost, low efficiency and the like, and brings great challenges for realizing high-efficiency verification and safety requirements of multi-keyword search results.
In recent years, database security retrieval has attracted continuous attention of academia that existing outsourced database retrieval schemes can be classified into three categories according to different verification methods: the first method is to verify the integrity of the search results using an authentication data structure. The main idea is to create a global MHT with all data records of the database as leaf nodes, and the root nodes are stored on the server via user signatures. When wanting to verify a certain data record, the user does so by recalculating the signature of the MHT root node. However, a disadvantage of MHT based approaches is that the authentication process requires a large communication and computational overhead. The second type of approach is a probabilistic integrity verification scheme. The main skill is that the data owner inserts a small amount of "spy" data records into the database in advance, and then completes the verification by analyzing the "spy" data in the search results. If the spy data meeting a certain query condition is not returned, the user can determine that the server has cheating behaviors. However, this approach has two disadvantages: first, to achieve result verifiability, "spy" data must be shared to all authorized users. Therefore, the server can obtain all the espionage data by checking with a certain authorized user, so that the aim of cheating the user can be easily achieved by returning all data records to be verified in the later retrieval. Secondly, the method needs the server to return the whole data record, so that the traditional database query modes such as projection query and the like are not supported. The third category of methods is a verification scheme based on signature chain technology, which reduces the communication and computation overhead of the retrieval verification process compared to MHT-based methods. However, this method is difficult to handle the case where the search area is discontinuous, and thus the completeness of the integrity check is not achieved. The existing verification methods can not completely solve the verifiable problem of the retrieval result. In the traditional effective verification scheme, a user needs to entrust a third party to verify the search result, and although the method ensures the correctness of the search result, the calculation and communication overhead is increased.
Disclosure of Invention
The technical problem to be solved by the invention is as follows: providing a verifiable multi-keyword search method based on an improved Merkle-Tree authentication method, and realizing efficient and accurate multi-keyword search by constructing a multi-keyword searchable algorithm; secondly, a verification and dynamic updating algorithm of the search scheme is constructed by using an improved Merkle-Tree authentication method, so that the high-efficiency verification and updating of illegal operations such as data tampering, deletion and counterfeiting are prevented; finally, under the decision linear assumption and the CDH assumption, the safety of ciphertext indistinguishability and unforgeability can be met, and the existing problems are effectively solved.
The technical scheme of the invention is as follows: a verifiable multi-keyword search method based on an improved Merkle-Tree authentication method, the method comprises the following steps: firstly, multi-keyword searching is carried out, so that efficient and accurate searching is realized; secondly, the search result is authenticated, and the effective authentication of the search result is realized, wherein the first step comprises the following steps: A. encrypting each file and creating an index; B. taking the file as a leaf node to generate a Merkle-Tree; C. signing the tree root; in the second step, the method comprises the following steps: D. encrypting the keywords to generate a trapdoor; E. the server executes a search algorithm; F. verifying whether the signature of the root was tampered with.
Step one, multi-keyword search: the method has the advantages that files stored on the cloud server are efficiently and accurately searched, and a searchable algorithm of the multi-keyword is constructed.
And step two, the search result is authenticated, and the improved Merkle-Tree is utilized to realize the effective verification of the search result without the participation of a third party.
The step A is as follows: firstly, a key generation center generates a partial private key for a user ID in a ParKeyGen algorithm, and secondly, a user generates a final private key in the KeyGen algorithm according to the identity of the user; finally, the data owner encrypts the file and creates an index for the file.
The step B is as follows: and the data owner hashes the files to be stored as leaf nodes two by two to generate a Merkle-Tree. That is, the data owner divides the data file F to be stored in the server into n data blocks (F1, F2, …, fn) and encrypts the data blocks before uploading, and the data blocks are used as leaf nodes to generate a tree.
The step C is as follows: signing the root of the tree with a signature technique ρ ← (h)R)tWhere t represents the private key, hRRepresenting the root hash value of the tree.
After generating the file tag, the data is stored in each file block f [ i ]]Generate BLS signatureThe signature set isH (f [ i ] for data owner]) Spanning the tree as a leaf node, with the root node hRIs linked to the system date and time, i.e. hR=hR||dtThe signature of the root is denoted as ρ ← (h)R)t。
The step D is as follows: set of keywords for a given queryUser selection of element s ∈ ZpEncrypting the key word to generate trapdoor TW'={T1,,T2,T3,T4In which T is1=gt1s,
The step E is as follows: the server executes the search algorithmCalculating sigma1=σ2σ3Is true, where σ1=e(I2,T3),σ2=e(I1,T4),σ3=e(I3,T2)/e(I4,T1). And according to the corresponding query trapdoor submitted by the user, the cloud server executes a search algorithm to search a result matched with the trapdoor. Receiving trap door TW'Thereafter, the cloud server computes a four-tuple (σ)1,σ2,σ3) Where σ is1=e(I2,T3),σ2=e(I1,T4),σ3=e(I3,T2)/e(I4,T1) The cloud server passes the judgment formula sigma1=σ2σ3If true, to match the trapdoor TW'And an index I.
The step F is as follows: by means of a computer Whether effective verification of the search result is completed is established.
When the user receives the result C ', the user provides a challenge message to the cloud server and returns a corresponding auxiliary message to verify the correctness of the result C', and the user firstly selects k element setsAnd isSecondly, a random element b is selectedi∈ZpFinally, send challenge message M ← (i, b)i)i∈QSending the data to a cloud server; cloud server computingAndafter that time, the user can use the device,the cloud server responds to the user with the following as proof of possession:ai (i) is auxiliary information for node "i". The user verifies the file label and the root signature, and when the user receives the certification information responded by the cloud server, the following three formulas are required to be calculated to verify the correctness of the result:
the invention has the beneficial effects that: compared with the prior art, the technical scheme of the invention is adopted, and the improved Merkle-Tree authentication method is utilized to construct the verification and update algorithm of the search scheme, so that the high-efficiency verification and update of illegal operations such as data tampering, deletion and counterfeiting are prevented, and the freshness of data is ensured by the connection of the timestamp field and the root node; secondly, the scheme meets the security requirements of indistinguishability and unforgeability of the ciphertext.
Drawings
FIG. 1 is a general flow diagram of the present invention;
FIG. 2 is a flow chart of the improved MHT of the present invention;
FIG. 3 is a flow chart of data addition according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings.
Example 1: as shown in fig. 1 to 3, a verifiable multi-keyword search method based on the improved Merkle-Tree authentication method includes the following steps: firstly, multi-keyword searching is carried out, so that efficient and accurate searching is realized; secondly, the search result is authenticated, and the effective authentication of the search result is realized, wherein the first step comprises the following steps: A. encrypting each file and creating an index; B. taking the file as a leaf node to generate a Merkle-Tree; C. signing the tree root; in the second step, the method comprises the following steps: D. encrypting the keywords to generate a trapdoor; E. the server executes a search algorithm; F. verifying whether the signature of the root was tampered with.
Step one, multi-keyword search: the method has the advantages that files stored on the cloud server are efficiently and accurately searched, and a searchable algorithm of the multi-keyword is constructed.
And step two, the search result is authenticated, and the improved Merkle-Tree is utilized to realize the effective verification of the search result without the participation of a third party.
The step A is as follows: firstly, a key generation center generates a partial private key for a user ID in a ParKeyGen algorithm, and secondly, a user generates a final private key in the KeyGen algorithm according to the identity of the user; finally, the data owner encrypts the file and creates an index for the file.
The specific algorithm is as follows:
1) ParKeyGen (msk, ID): given the identity ID of a particular user, the key generation center selects a random element t1∈Zp *And calculateAnd sends it to the user through the secure channel, so that part of the private key of the user is pskID=(psk1,psk2)。
2)KeyGen(param,pskIDID, msk) user randomly selects two elements x ', y' ∈ Zp *And calculate gx',gy'The public and private key pair of the user is pk ═ gx',gy'},sk={pskID,x',y'}。
The step B is as follows: the data owner hashes the files to be stored as leaf nodes two by two to generate a tree. That is, the data owner divides the data file F to be stored in the server into n data blocks (F1, F2, …, fn) and encrypts the data blocks before uploading, and the data blocks are used as leaf nodes to generate a tree.
The specific algorithm is as follows;
1)Encrypt(F,W,pk,pskIDID): data owner from file f [ i ]]Extracting key word setAnd create index I for these filesi. The data owner selects two random numbers r1,r2∈Zp *And calculateFinally, the data owner will { I, C, τ, ρ } and the corresponding identity id ═ id { id ═ id }1,...,iddAnd uploading the data to a cloud server.
2)FileTagGen(fname,t,n,dt) The algorithm is executed by the data owner, generates a tag for file F, selects the random element μ ∈ G, t ∈ Zp *Generating a System date and time record dtAfter the system date and time are connected to the file tag τ, the freshness of the file is ensured so that pi ═ is (fname | | | n | | | μ | | dt) Where pi ∈ G and tau sigt(π) is the label of the file F, and the concatenated string "π" is stored locally for later verification of the file label.
The step C is as follows: signing root of Merkle-Tree with a signature technology as rho ← (h)R)tWhere t represents the private key, hRRepresenting the root hash value of the tree.
After generating the file tag, the data is stored in each file block f [ i ]]Generate BLS signatureThe signature set isH (f [ i ] for data owner]) Spanning the tree as a leaf node, with the root node hRIs linked to the system date and time, i.e. hR=hR||dtThe signature of the root is denoted as ρ ← (h)R)t。
The step D is as follows: set of keywords for a given queryUser selection of element s ∈ ZpEncrypting the key word to generate trapdoor TW'={T1,,T2,T3,T4And (c) the step of (c) in which, T3=gs,
the step E is as follows: the server executes the search algorithm to calculate sigma1=σ2σ3Is true, where σ1=e(I2,T3),σ2=e(I1,T4),σ3=e(I3,T2)/e(I4,T1). And according to the corresponding query trapdoor submitted by the user, the cloud server executes a search algorithm to search a result matched with the trapdoor. Receiving trap door TW'Thereafter, the cloud server computes a four-tuple (σ)1,σ2,σ3) Where σ is1=e(I2,T3),σ2=e(I1,T4),σ3=e(I3,T2)/e(I4,T1) The cloud server passes the judgment formula sigma1=σ2σ3If true, to match the trapdoor TW'And an index I.
The step F is as follows: by means of a computer Whether effective verification of the search result is completed is established.
When the user receives the result C ', the user provides a challenge message to the cloud server and returns a corresponding auxiliary message to verify the correctness of the result C', and the user firstly selects k element setsAnd isSecondly, a random element b is selectedi∈ZpFinally, send challenge message M ← (i, b)i)i∈QSending the data to a cloud server; cloud server computingAndthe cloud server then responds to the user as proof of possession:ai (i) is auxiliary information for node "i".
The user verifies the file label and the root signature, and when the user receives the certification information responded by the cloud server, the following three formulas are required to be calculated to verify the correctness of the result:
if the data owner wants to add a data block f at a particular location*The method is implemented according to the following operations:
b) Second, a new file label τ is generated*←sigt(fname||n||μ||dt). If the data owner inserts the data message asWhere I denotes data insertion, field "V" denotes the location of the new chunk to be inserted, V ← a denotes insertion after the I-th location, V ← B denotes insertion before the I-th location and sends these messages to the cloud server, which, upon receipt of the messages, saves f*And the corresponding leaf node h (f)*) The cloud server finds h (f [ i ] in the Merkle-Tree]) And retaining AI (i) insertion leaf node h (f)*) If the field "V" is set to "A", then there is a hash value (h (f [ i ])])||h(f*) Internal nodes of) will be connected into the original tree; if the field "V" is set to "B", there will be a hash value (h (f)*)||h(f[i]) Internal nodes of) are added to the original tree with index set to 2.
c) Finally, the cloud server modifies the detailed information of each node on the path from the ith node to the highest node (root). Due to the regeneration of the MHT, the cloud server generates a new root R and provides the data owner with a proof message of the insert operation, denoted asWherein AI (i) represents f [ i ] in the previous tree]The auxiliary information of (1). Upon receiving proof of the insertion process, the data owner first verifies τ, and after verification is successful, { h (f [ i ] is used]) AI (i) } producing root, then passing the verification formulaThis newly generated root, if it does, the data owner can now verify that the cloud server has correctly completed the file insertion process, using { h (f [ i ] i) }]),AI(i),,h(f*) Generate a new root and compare it with R ', if successful, the data owner authenticates R ' (h (R '))tAnd sending the data to the cloud server for updating. Finally, the data owner runs the authentication algorithm for the new data block, and when the result is true, the data owner can remove { ρ', f from local storage*,τ'}。
The data owner sends a request to the server to modify the data, and the data owner modifies the data in the following way: first, the following tags are generated for the new file
The data owner then generates a new file label: τ'. No.. go sigk(fname||n||μ||dt) A new tag is generated to verify the date and time of the modification to ensure the freshness of the data.
The data modification is framed asTransmitting these information to the server, where X denotes a modify operation and "i" denotes a block of data to be modified, and upon receipt of the above message, the server will perform the following substitutions: first, with fi' alternative fi(ii) a Secondly, use separatelyTau' substitutionAnd τ; finally, using h (f [ i ]]') substitution h (f [ i ]]). Finally, the server generates a new root hash value R' using h (f [ i [ ])]') Merkle-Tree reconstruction and provide proof of the modification process to the data owner for verification, i.e.After receiving the data modification certificate from the server, the data owner firstly verifies tau and secondly passes the formulaUsing { h (f [ i ]]'),AI(i))iρ verify the root. If the authentication is successful, the data owner uses { h (f [ i ])]'),AI(i))iCalculating a newly generated root and comparing it with R ', and if the comparison is successful, the data owner authenticates R' by the signature private key t, thus generating a signature ρ '═ h (R')tAnd sends it to the server store. Finally, the data owner runs a verification algorithm for the new data block, and if the result is true, the data owner can delete f i locally]',τ',ρ'}。
The invention discloses a verifiable multi-keyword search based on an improved Merkle-Tree authentication method, which is characterized by comprising the following steps: firstly, multi-keyword searching is realized, and efficient and accurate searching is realized; and secondly, the search result is authenticated, and the effective authentication of the search result is realized. The method comprises the steps that a verification and dynamic updating algorithm of a search scheme is constructed by using an improved Merkle-Tree authentication method, so that efficient verification and updating of illegal operations such as data tampering, deletion and counterfeiting are prevented; secondly, under the decision linear assumption and the CDH assumption, the scheme is to satisfy ciphertext indistinguishability and unforgeability, which has significant advantages in terms of computation cost and performance.
The present invention will be further described with reference to the drawings and examples of the specification, and the following equation is calculated to determine that no falsification has occurred.
Has a1=σ2σ3The above formula holds.
We pass the judgment formulaWhether or not it holds to ensure that the integrity verification of the search results is correct,
now consider the left side of the equation:
to make the explanation of the technical solution of the present invention clearer, the present invention can achieve the security of the cryptogram indistinguishability and the forgery prevention of the signature under the decision linear assumption and the CDH assumption, and we demonstrate the feasibility of the present invention and show a detailed process by the following examples.
Let SiEvent, Adv, indicating that adversary A wants to win game iiIndicating the advantage of adversary a. Suppose in addition to the predefined event EPWhen the game in the i +1 round is terminated and a random bit is output, the game in the i +1 round and the game in the i round perform the same operation. If E isPIs not negligible and it is independent of SiThen, there are:
therefore, the temperature of the molten metal is controlled,
next, we will show a series of secure game simulations as follows:
game 1: in this round of play, adversary a executes according to the steps defined in GameI, i.e. challenger C generates a master key, public parameters and a user-part private key. Order (ID)*,pkID *) Is the identity and public key of the user in the challenge phase, let C*=(I1 *,I2 *,I3 *,I4 *) The ciphertext returned to adversary a.
Game 2: in this round of play, A continues to perform the steps defined in Game1, except for H0Is a hash function that is collision resistant, and therefore,
Pr[S2]=Pr[S1]-AdvH0and Adv2=Adv1-AdvH0。
Game 3: in this round of Game, C executes the same Game as Game2 except for the generated common parameters;
1) c selection x, y ∈ Zp *、γu∈ {0, …, n } and ηu∈ {0, …, p }, such that ηu(n+1)<p。
3) C selects Tu'∈ZpSum vector (T)u1,…,Tun) Wherein T isuj∈Zηu,1≤j≤n。
it can be seen that the common parameters are not changed during the generation, and therefore,
Pr[S3]=Pr[S2]and Adv3=Adv2。
Game 4: in this round of play, except for the guessing phase, C executes the same Game as Game 3;
c is input ID ═ ID1,…,IDnTwo functions are defined:
in the guess phase, C checks Au(ID*) If it is equal to zero, C terminates and outputs b' ∈ {0,1} as a guess for A, otherwise C performs the same steps as the Game 3.
Due to (K)u',Ku1,…,Kun) Is not known to a in the sense that,
game 5: in this round of Game, C executes the same Game as Game4 except for the guessing phase, C checks whether the following occurs: a. theu(ID) ═ 0 denotes the user ID query predictive engine ParKeyGen;
Au(ID) ═ 0 indicates that the user ID inquires about the talker KeyGen.
If the two above cases occur, C terminates and b' ∈ {0,1} is output as a guess for A, since the occurrence of the above case is not independent of the Game4, we will estimateThe infimum limit of (1).
Where Ω denotes a set of user ID query speaker ParKeyGen, Ω' denotes a set of user ID query speaker KeyGen, ξ1Representing the number of queries to the predictive machine ParKeyGen, ξ2Indicates the number of times the propheter KeyGen was queried.
game 6: in the round game, except for using gx,gyAs well as the public key, where x, y are unknown to C, C executes the same Game as Game 5; except for the predictive engine ParKeyGen, C processes the predictive engine according to the algorithm specification.
Given a user ID, if Au(ID) ═ 0, then C terminates; otherwise it selects t1'∈Zp -And setting:
note that psk1And psk2Is an effective component of part of the private key because: whereinWe can see that: the distribution of the master key, public key and part of the private key is the same as that of Game5, so Adv6=Adv5。
Game 7: in this round of play, except for the challenge phase, C executes the same Game as Game6, giving (psk) from AID-=(psk1 *,psk2 *),ID*,W0,W1) (ii) a If Au (ID)*) If not equal to 0, C is terminated, otherwise b ∈ {0,1}, r is selected1,r2∈Zp *And C*=(I1 *,I2 *,I3 *,I4 *)。
We have Adv7=Adv6Since the distribution of the challenge cryptogram does not change.
Game 8: in this round of play, except for the generation of the challenge cryptogram, the Game executed by C is the same as Game7, given one DL instanceC*=(I1 *,I2 *,I3 *,I4 *) Wherein:
in this round of play, C does not use x, y, r1,r2The distinction degree of the Game7 and the Game8 is related to the DL problem. AdvDLRepresenting the advantage of enemy A in distinguishing DL problems, then | Pr [ S ]7]-Pr[S8]|≤AdvDL(λ); also, in Game8 wλIs perfectly hidden, thereforeThe simulation is complete and the following inequality:
Adv2=Adv3
Adv3=ηu(n+1)Adv4
Adv4≤2Adv5
Adv5=Adv6=Adv7≤AdvDL(λ)
the invention utilizes an improved Merkle-Tree authentication method to construct a verification and dynamic updating algorithm of a search scheme. The method and the device can prevent the high-efficiency verification and updating of illegal operations such as data tampering, deletion, counterfeiting and the like, and meet the requirements of high-efficiency verification and safety of multi-keyword search results. The algorithm efficiency is improved on the whole, so the method is extremely high in application value.
The present invention is not described in detail, but is known to those skilled in the art. Finally, the above embodiments are only for illustrating the technical solutions of the present invention and not for limiting, although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications or equivalent substitutions may be made to the technical solutions of the present invention without departing from the spirit and scope of the technical solutions of the present invention, and all of them should be covered in the claims of the present invention.
Claims (7)
1. A verifiable multi-keyword search method based on an improved Merkle-Tree authentication method is characterized in that: the method comprises the following steps: searching for multiple keywords; secondly, the search result is authenticated, and the first step comprises the following steps: A. encrypting each file and creating an index; B. taking the file as a leaf node to generate a Merkle-Tree; C. signing the tree root; in the second step, the method comprises the following steps: D. encrypting the keywords to generate a trapdoor; E. the server executes a search algorithm; F. verifying whether the signature of the root was tampered with.
2. The verifiable multi-keyword search method based on the improved Merkle-Tree authentication method as set forth in claim 1, wherein: the step A is as follows: firstly, a key generation center generates partial private keys for a data owner and a user, and secondly, the user generates a final private key according to the identity of the user; finally, the data owner encrypts the file and creates an index for the file.
3. The verifiable multi-keyword search method based on the improved Merkle-Tree authentication method as set forth in claim 1, wherein: the step B is as follows: and the data owner hashes the files to be stored as leaf nodes two by two to generate a Merkle-Tree.
4. The verifiable multi-keyword search method based on the improved Merkle-Tree authentication method as set forth in claim 1, wherein: the step C is as follows: signing the root of the tree with a signature technique ρ ← (h)R)tWhere t represents the private key, hRRepresenting the root hash value of the Merkle-Tree.
6. the verifiable multi-keyword search method based on the improved Merkle-Tree authentication method as set forth in claim 1, wherein: the step E is as follows: the server executes the search algorithm to calculate sigma1=σ2σ3Is true, where σ1=e(I2,T3),σ2=e(I1,T4),σ3=e(I3,T2)/e(I4,T1)。
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010461876.1A CN111614470A (en) | 2020-05-27 | 2020-05-27 | Verifiable multi-keyword search method based on improved Merkle-Tree authentication method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202010461876.1A CN111614470A (en) | 2020-05-27 | 2020-05-27 | Verifiable multi-keyword search method based on improved Merkle-Tree authentication method |
Publications (1)
Publication Number | Publication Date |
---|---|
CN111614470A true CN111614470A (en) | 2020-09-01 |
Family
ID=72203152
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202010461876.1A Pending CN111614470A (en) | 2020-05-27 | 2020-05-27 | Verifiable multi-keyword search method based on improved Merkle-Tree authentication method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN111614470A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112446041A (en) * | 2020-11-30 | 2021-03-05 | 西安电子科技大学 | Verifiable multi-keyword ciphertext query method and system based on security index |
Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150006899A1 (en) * | 2013-07-01 | 2015-01-01 | Samsung Electronics Co., Ltd. | Method and apparatus of data authentication |
CN105871543A (en) * | 2016-03-29 | 2016-08-17 | 西安电子科技大学 | Attribute-based multi-keyword ciphertext retrieval method under background of multiple data owners |
CN106815350A (en) * | 2017-01-19 | 2017-06-09 | 安徽大学 | Dynamic ciphertext multi-key word searches for method generally in a kind of cloud environment |
CN106897368A (en) * | 2017-01-16 | 2017-06-27 | 西安电子科技大学 | Database update operating method is set and its be can verify that in the summation of Merkle Hash |
CN108039943A (en) * | 2017-12-06 | 2018-05-15 | 清华大学深圳研究生院 | A kind of encryption searching method that can verify that |
CN108055122A (en) * | 2017-11-17 | 2018-05-18 | 西安电子科技大学 | The anti-RAM leakage dynamic that can verify that can search for encryption method, Cloud Server |
CN108256348A (en) * | 2017-11-30 | 2018-07-06 | 深圳大学 | A kind of cipher text searching result verification method and its system |
CN109088719A (en) * | 2018-08-14 | 2018-12-25 | 重庆第二师范学院 | Outsourced database multi-key word can verify that cipher text searching method, data processing system |
CN110781524A (en) * | 2019-10-29 | 2020-02-11 | 陕西师范大学 | Integrity verification method for data in hybrid cloud storage |
-
2020
- 2020-05-27 CN CN202010461876.1A patent/CN111614470A/en active Pending
Patent Citations (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20150006899A1 (en) * | 2013-07-01 | 2015-01-01 | Samsung Electronics Co., Ltd. | Method and apparatus of data authentication |
CN105871543A (en) * | 2016-03-29 | 2016-08-17 | 西安电子科技大学 | Attribute-based multi-keyword ciphertext retrieval method under background of multiple data owners |
CN106897368A (en) * | 2017-01-16 | 2017-06-27 | 西安电子科技大学 | Database update operating method is set and its be can verify that in the summation of Merkle Hash |
CN106815350A (en) * | 2017-01-19 | 2017-06-09 | 安徽大学 | Dynamic ciphertext multi-key word searches for method generally in a kind of cloud environment |
CN108055122A (en) * | 2017-11-17 | 2018-05-18 | 西安电子科技大学 | The anti-RAM leakage dynamic that can verify that can search for encryption method, Cloud Server |
CN108256348A (en) * | 2017-11-30 | 2018-07-06 | 深圳大学 | A kind of cipher text searching result verification method and its system |
CN108039943A (en) * | 2017-12-06 | 2018-05-15 | 清华大学深圳研究生院 | A kind of encryption searching method that can verify that |
CN109088719A (en) * | 2018-08-14 | 2018-12-25 | 重庆第二师范学院 | Outsourced database multi-key word can verify that cipher text searching method, data processing system |
CN110781524A (en) * | 2019-10-29 | 2020-02-11 | 陕西师范大学 | Integrity verification method for data in hybrid cloud storage |
Non-Patent Citations (2)
Title |
---|
NEENU GARG等: "RITS-MHT: Relative indexed and time stamped Merkle hash tree based data auditing protocol for cloud computing", 《JOURNAL OF NETWORK AND COMPUTER APPLICATIONS》 * |
YINBIN MIAO等: "Enabling verifiable multiple keywords search over encrypted cloud data", 《INFORMATION SCIENCES》 * |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN112446041A (en) * | 2020-11-30 | 2021-03-05 | 西安电子科技大学 | Verifiable multi-keyword ciphertext query method and system based on security index |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Bost et al. | Verifiable dynamic symmetric searchable encryption: Optimality and forward security | |
CN108039943B (en) | Verifiable encryption searching method | |
EP1701283B1 (en) | Method and System for Asymmetric Key Security | |
CN111639361A (en) | Block chain key management method, multi-person common signature method and electronic device | |
Schröder et al. | Verifiable data streaming | |
CN106936771A (en) | A kind of secure cloud storage method and system based on graded encryption | |
CN106330865A (en) | Property base keyword searching method supporting efficient revocation in cloud environment | |
CN110392038B (en) | Multi-key searchable encryption method capable of being verified in multi-user scene | |
CN111614680B (en) | CP-ABE-based traceable cloud storage access control method and system | |
CN111970299A (en) | Block chain-based distributed Internet of things equipment identity authentication device and method | |
CN110602099A (en) | Privacy protection method based on verifiable symmetric searchable encryption | |
Brunner et al. | SPROOF: A Platform for Issuing and Verifying Documents in a Public Blockchain. | |
WO2021108258A1 (en) | Optimizations for verification of interactions system and method using probability density functions | |
CN109088719B (en) | Outsourced database multi-key word can verify that cipher text searching method, data processing system | |
CN112565264B (en) | Cloud storage data integrity detection method based on block chain | |
CN109918451B (en) | Database management method and system based on block chain | |
Wang et al. | Efficient verifiable databases with additional insertion and deletion operations in cloud computing | |
JP6911231B1 (en) | Reliability verification system for digital asset data packets | |
CN111614470A (en) | Verifiable multi-keyword search method based on improved Merkle-Tree authentication method | |
CN110851848B (en) | Privacy protection method for symmetric searchable encryption | |
Liu et al. | Insecurity of an efficient privacy-preserving public auditing scheme for cloud data storage | |
CN112765570B (en) | Identity-based provable data holding method supporting data transfer | |
Junxiang et al. | Dynamic provable data possession with batch-update verifiability | |
CN114676449B (en) | Internet of things data searchable encryption method based on verifiable database | |
Goswami et al. | Stub Signature-Based Efficient Public Data Auditing System using Dynamic Procedures in Cloud Computing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20200901 |