CN112100649B - Multi-keyword searchable encryption method and system supporting Boolean access control strategy - Google Patents

Multi-keyword searchable encryption method and system supporting Boolean access control strategy Download PDF

Info

Publication number
CN112100649B
CN112100649B CN202010781185.XA CN202010781185A CN112100649B CN 112100649 B CN112100649 B CN 112100649B CN 202010781185 A CN202010781185 A CN 202010781185A CN 112100649 B CN112100649 B CN 112100649B
Authority
CN
China
Prior art keywords
data
key
ciphertext
user
group
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202010781185.XA
Other languages
Chinese (zh)
Other versions
CN112100649A (en
Inventor
徐玲玲
陈建彰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
South China University of Technology SCUT
Original Assignee
South China University of Technology SCUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by South China University of Technology SCUT filed Critical South China University of Technology SCUT
Priority to CN202010781185.XA priority Critical patent/CN112100649B/en
Publication of CN112100649A publication Critical patent/CN112100649A/en
Application granted granted Critical
Publication of CN112100649B publication Critical patent/CN112100649B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a multi-keyword searchable encryption method and a multi-keyword searchable encryption system supporting Boolean access control strategies, wherein the method comprises the steps that a trusted authority generates a system public key, a main key and an ElGamal private key, the system public key is cloud-opened, and the private key is sent to a data user; then the data owner generates an index ciphertext and a data ciphertext for the document and uploads the index ciphertext and the data ciphertext in the cloud; when a data user searches, the attribute set and the query keyword predicate of the data user are uploaded to a trusted authority to verify whether the user identity is legal or not, and when the user identity is legal, a search token is generated and sent to the data user; after receiving the retrieval token, the data user uploads the retrieval token in the cloud; after the cloud server receives the data, the system public key is used for checking whether each index ciphertext is matched with the retrieval token or not, and the matched data ciphertext is sent to the data user; and the data user recovers the data ciphertext into plaintext content by using the private key. The invention can realize fine granularity Boolean access control, boolean multiple key word search and constant system key length.

Description

Multi-keyword searchable encryption method and system supporting Boolean access control strategy
Technical Field
The invention relates to the technical field of information retrieval and cryptography, in particular to a multi-keyword searchable encryption method and a multi-keyword searchable encryption system supporting Boolean access control strategies.
Background
With the rapid development of internet technology and the popularity of cloud computing technology, more and more enterprise users and individuals store their data in the cloud instead of the past practice of storing the data in their own data centers. The user can retrieve data in the cloud anytime and anywhere and can easily share the data to the licensee. However, cloud computing offers us convenience while presenting a serious security risk. When data is outsourced to a cloud server in clear text, it may be subject to illegal access by a cloud service provider or hacker. The conventional solution is to encrypt data and store the encrypted data in a cloud server in a form of ciphertext, but the conventional plaintext retrieval technology cannot be applied to the ciphertext.
In order to enable a user to perform keyword search on ciphertext data, a Searchable Encryption (SE) technique has been proposed as a solution. According to different Encryption methods, searchable Encryption can be divided into Searchable Symmetric Encryption (SSE) and Public Key Encryption with Keyword Search (PEKS). In public key based searchable encryption, the data owner encrypts the data using the public key of a given user before uploading the data to the cloud server, after which these users can search and decrypt the data using their private key. The basic PEKS scheme, however, cannot be effectively applied in some practical application scenarios. For example, in a healthcare system, a patient may desire that his personal health record be retrievable only by authorized physicians in some designated roles. In this situation, in order to achieve both keyword query and fine-grained access control on encrypted data, researchers have proposed searchable encryption methods based on attributes, and many efforts have been made to deal with these methods. In these works, each data is encrypted using a mandatory access control policy, and the ciphertext can only be decrypted if and only if the set of attributes of the data user satisfies the access policy.
Although the existing work provides solutions for attribute-based keyword search, none of the solutions can simultaneously solve four problems of flexible expressiveness of access policy, concealment of access policy, flexible expressiveness of keyword search, and fixed system key length. The flexible expression of the Access policy can help the data owner to flexibly manage the data, and most of the existing work adopts the Access policy expressed by a Linear Secret Sharing Scheme (LSSS) or an Access Tree (Access Tree). Hiding the access policy has a very important role in ensuring user privacy and data security, some existing methods do not support this feature, and some methods support hiding part of the policy, that is, only the attribute name of the access policy is exposed, and all attribute values are hidden in the cloud server. The flexibility of keyword search can bring flexible choice for the search of data users, and the existing scheme mainly supports one of the following three search modes: match search, join key search, and boolean key search, with match search being the least flexible and boolean key search being the most flexible. Constant-level key length is an ideal feature for attribute-based keyword searching, and in some existing schemes, the key length depends on the size of an attribute field or the size of a keyword field, the size of the attribute field must be bounded by a polynomial, and some schemes, the key length is constant-level, and thus, the attribute field can be allowed to grow exponentially.
In summary, even though some work has proposed excellent solutions to some of the above four problems, it is inevitable to make compromises in other aspects, and the four problems cannot be solved at the same time. Therefore, how to design a complete attribute-based keyword search method aiming at the above four problems in the context of big data and cloud storage becomes a key problem to be solved urgently.
Disclosure of Invention
The first purpose of the present invention is to overcome the drawbacks and deficiencies of the prior art, and to provide a multi-keyword searchable encryption method supporting boolean access control policy, which can be used to solve the technical problems of fine-grained boolean access control, boolean multi-keyword search, security of ciphertext data, and the like, in the context of big data and cloud storage.
It is a second object of the present invention to provide a multi-key searchable encryption system that supports boolean access control policies, which can support both boolean key search and boolean access control, as well as constant-level system key lengths.
The first purpose of the invention is realized by the following technical scheme: a multi-keyword searchable encryption method supporting Boolean access control strategies comprises the following steps:
s1, generating a system public key pk, a master key mk and an ElGamal private key a 'by a trusted authority TA, distributing the system public key pk to a cloud server in a public way, storing the master key mk in the trusted authority TA, and sending the ElGamal private key a' to a data user;
s2, encryption: the data owner uses the system public key pk, the set of keywords O = (O) 1 ,...,o m ) And an access strategy P for generating an index ciphertext C for the document I And data ciphertext C D And combining the ciphertext C I 、C D Uploading to a cloud server;
s3, generating a token: when a data user performs a search operation, first, the attribute set S = (a) needs to be set 1 ,...,a n ) And query keyword predicates
Figure BDA0002620273030000031
Uploading the data to a trusted authority TA, verifying whether the identity of the data user is legal or not by the trusted authority TA, and if so, generating a retrieval token for the data user by using a system public key pk and a master key mk
Figure BDA0002620273030000032
And store the token
Figure BDA0002620273030000033
Sending the data to the data user;
s4, searching a ciphertext: the data user receives the search token sent by the trusted authority TA
Figure BDA0002620273030000034
Then, sending the retrieval token to a cloud server; after the cloud server receives the index ciphertext C, aiming at each index ciphertext C I Checking whether the index ciphertext and the retrieval token are matched by using the system public key pk, and enabling the data ciphertext C meeting the matching condition D Sending the data to a data user;
s5, decryption: data user receives data cipher text C D Then, using ElGamal private key a', data ciphertext C D Restored to the corresponding plaintext content.
Preferably, in step S1, the trusted authority TA generates the system public key pk, the master key mk, and the ElGamal private key a' as follows:
s11, the credible authority TA uses a group generator of a composite order bilinear group
Figure BDA0002620273030000035
Execute
Figure BDA0002620273030000036
Generating a tuple (p) 1 ,p 2 ,p 3 ,p 4 ,G,G T And e) in which (a) is added,
Figure BDA0002620273030000037
for input group generatorsSafety parameter, p 1 ,p 2 ,p 3 ,p 4 Is four different prime numbers, G and G T Is a cyclic group of order N, and N = p 1 p 2 p 3 p 4 And satisfying bilinear mapping relation e: g × G → G T The relational expression maps two elements in the group G to the group G T One element of (1);
Figure BDA00026202730300000313
each represents p of G 1 ,p 2 ,p 3 ,p 4 A subgroup of orders;
s12, randomly selecting elements a, a', alpha belonging to a group Z by a trusted authority TA N Randomly extracting elements g, h belonging to a group
Figure BDA0002620273030000038
Element X 3 E group
Figure BDA0002620273030000039
Elements Z, X 4 E group
Figure BDA00026202730300000310
And calculated H = hZ, Y = e (g, g) α H and Y represent members of the system public key, respectively;
s13, the trusted authority TA selects a collision-resistant hash function f, wherein the hash function f meets the following mapping:
Figure BDA00026202730300000311
s14, the trusted authority TA obtains a system public key pk =according to the variables<N,g,g a ,g a′ ,f,Y,H,X 4 >Master key mk =<α,h,X 3 >And the ElGamal private key a';
the ElGamal private key a' is specifically sent to the data user through an encrypted channel.
Further, the encryption process of step S2 is as follows:
s21, data ownerMapping a keyword predicate P into a linear secret sharing scheme expression
Figure BDA00026202730300000312
Wherein A is l s Shared matrix of x n, l s Representing the number of rows and n representing the number of columns; ρ is a function that maps each row of matrix a to an attribute field; t is represented by
Figure BDA0002620273030000041
Form (b), t ρ(i) Is an attribute of the attribute field rho (i), i is greater than or equal to 1 and less than or equal to l s
The data owner randomly generates a vector v = (s, v) 2 One-to-one, vn) epsilon group
Figure BDA0002620273030000042
And slave group
Figure BDA0002620273030000043
In which an element Z is randomly selected 1 ;s,v 2 ,v n As components in vector v;
for each row A of the matrix A i From group Z N In the random selection of element r i And slave group
Figure BDA0002620273030000044
In the random selection of two elements Z c,i ,Z d,i
For each keyword o x From the group
Figure BDA0002620273030000045
In the random selection of an element Z e,x Wherein x is more than or equal to 1 and less than or equal to m;
s22, the data owner calculates and obtains an index ciphertext C according to the variables I
Figure BDA00026202730300000422
Wherein, C 0 =Y s ,C 1 =g s Z 1
Figure BDA0002620273030000046
Figure BDA0002620273030000047
S23, the data owner randomly generates a multi-bit symmetric key psi, and the document content is encrypted by using an AES algorithm to obtain a ciphertext C D,1
S24, the data owner uses an ElGamal algorithm to encrypt the symmetric key psi to obtain a ciphertext C D,2 The specific process comprises the following steps: obtaining g and g from system public key pk a′ Randomly selecting element y from group G, and calculating to obtain delta 1 =g y ,ε=(g a′ ) y (ii) a Then, the symmetric key ψ is mapped to an element ψ' on G, and δ is calculated 2 = ψ' epsilon, and finally generates a ciphertext C D,2 =(δ 1 ,δ 2 );
S25, the data owner obtains a data ciphertext C according to the variables of the steps S23 and S24 D =<C D,1 ,C D,2 >。
Further, in step S3, the trusted authority TA generates a token as follows:
s31, querying keyword predicates by trusted authority TA
Figure BDA0002620273030000048
Mapping to a linear secret sharing scheme representation
Figure BDA0002620273030000049
Figure BDA00026202730300000410
Wherein the content of the first and second substances,
Figure BDA00026202730300000411
is a O Xm shared matrix, l O Representing the number of rows, m representing the number of columns;
Figure BDA00026202730300000412
is a matrix
Figure BDA00026202730300000413
Each line of (a) maps to a function of a key field;
Figure BDA00026202730300000414
is shown as
Figure BDA00026202730300000415
In the form of (a) a (b),
Figure BDA00026202730300000416
is a keyword field
Figure BDA00026202730300000417
The key word of 1 is less than or equal to x' and less than or equal to l O
S32, the credible authority TA slave group Z N In the random selection of two elements c 1 ,c 2 Generating a vector
Figure BDA00026202730300000418
Wherein, the first and the second end of the pipe are connected with each other,
Figure BDA00026202730300000419
as random numbers, from groups
Figure BDA00026202730300000420
In the random selection of two elements R 0 ,R 1
S33, S = (a) for attribute set 1 ,...,a n ) Each attribute a in i′ From the group
Figure BDA00026202730300000421
In the random selection of element R i′ ,1≤i′≤n;
S34, for
Figure BDA0002620273030000051
Each row of
Figure BDA0002620273030000052
From group Z N In the random selection of elements s x′ From the group
Figure BDA0002620273030000053
In the random selection of two elements
Figure BDA0002620273030000054
S35, the trusted authority TA calculates and obtains the retrieval token according to the variables
Figure BDA0002620273030000055
Figure BDA0002620273030000056
Wherein, the first and the second end of the pipe are connected with each other,
Figure BDA0002620273030000057
Figure BDA0002620273030000058
further, the ciphertext search process of step S4 is as follows:
s41, the cloud server searches the token
Figure BDA0002620273030000059
Is resolved into
Figure BDA00026202730300000510
Index ciphertext C I Is resolved into
Figure BDA00026202730300000511
S42, the cloud server calculates I from (A, rho) A,ρ Here I A,ρ Represents {1,.. Multidot.l s All minimum subsets of (A, rho) are satisfied; wherein, if present
Figure BDA00026202730300000512
And the existence of a set of constants w i″ } i″∈I So that sigma i″∈I w i″ A i″ = 1,0, ·, 0), I is said to satisfy (a, ρ);
likewise, cloud server from
Figure BDA00026202730300000513
In the calculation of
Figure BDA00026202730300000514
Here, the
Figure BDA00026202730300000515
Represents {1,.. Multidot.l O All of them satisfy
Figure BDA00026202730300000516
A set formed by the smallest subset of (c); wherein, if present
Figure BDA00026202730300000517
And existence of a set of constants
Figure BDA00026202730300000518
So that
Figure BDA00026202730300000519
Figure BDA00026202730300000520
Then call
Figure BDA00026202730300000521
Satisfy the requirement of
Figure BDA00026202730300000522
S43, if there is I ∈ I A,ρ And
Figure BDA00026202730300000523
in which sigma i″∈I w i″ A i″ = 1,0,. 0) for certain constants w i″ } i″∈I Is formed,
Figure BDA00026202730300000524
For certain constants
Figure BDA00026202730300000525
If it holds, so that the following equation holds, the algorithm outputs 1, indicating the search token
Figure BDA00026202730300000526
Index ciphertext C I Match and cipher the corresponding data D Sending the data to a data user; otherwise, the algorithm outputs 0, which indicates that the two are not matched;
the equation is:
Figure BDA00026202730300000527
further, the decrypted data cipher text C of step S5 D =<C D,1 ,C D,2 >The process of (2) is as follows:
s51, the data user uses the ElGamal algorithm to process the ciphertext
Figure BDA00026202730300000528
Decryption to obtain a symmetric key psi:
using the ElGamal private key a', the calculation yields ∈ = δ 1 a′ Subsequently, ψ' = δ is calculated 2 ε -1 Finally mapping psi' back to the symmetric key psi;
s52, decrypting ciphertext by using the symmetric key psi
Figure BDA0002620273030000061
And obtaining the plaintext content of the document.
Preferably, the trusted authority TA is a fully trusted third party security authority, and is responsible for generating the system public key pk and the master key mk, and the ElGamal private key a 'for file decryption, where the system public key pk, the master key mk, and the ElGamal private key a' are binary codes with a certain length.
The second purpose of the invention is realized by the following technical scheme: a multi-key searchable encryption system that supports boolean access control policies, comprising: an initialization and token generation subsystem operating in a trusted authority TA, an encryption subsystem operating in a data owner side, a cloud storage subsystem operating on a cloud server, a user retrieval and decryption subsystem operating in a data user side, wherein,
the initialization and token generation subsystem operating in the trusted authority TA comprises an initialization module, a master key storage module and a token generation module:
the initialization module is used for generating a system public key pk, a master key mk and an ElGamal private key a ', distributing the public development of the system public key pk to a cloud server, storing the master key mk to the master key storage module and sending the ElGamal private key a' to a data user;
the master key storage module is used for storing a master key mk and only allowing the access of a trusted authority TA;
the token generation module is used for responding to a retrieval token generation request of the data user, checking the validity of the identity of the data user, and generating a retrieval token for the data user by using the system public key pk and the master key mk under the condition that the identity of the data user is legal
Figure BDA0002620273030000062
And to token the search
Figure BDA0002620273030000063
Sending the data to a data user;
the encryption subsystem operating at the data owner end comprises a data encryption module and an index encryption module:
the data encryption module is used for acquiring a system public key pk from the cloud server, encrypting the document by using the system public key pk to obtain a data ciphertext, and then sending the data ciphertext to the cloud server;
the index encryption module is used for encrypting the keyword set of each document and the implemented access strategy by using the system public key pk to obtain a corresponding index ciphertext and sending the index ciphertext to the cloud server;
the cloud storage subsystem running on the cloud server comprises a system public key public module, a storage module and a retrieval module:
the system public key public module is used for publicly releasing the system public key generated by the trusted authority TA;
the storage module is used for storing the data ciphertext and the index ciphertext encrypted by the data owner;
the retrieval module is used for aiming at each index ciphertext C I Checking whether the index ciphertext is matched with the search token by using the system public key pk, and obtaining a data ciphertext C meeting the matching condition from the storage module D And sends it to the data user;
the user retrieval and decryption subsystem running at the data user side comprises a user retrieval module and a data decryption module:
the user search module is used for sending a token generation request to the trusted authority TA and simultaneously enabling the attribute set S = (a) of the data user 1 ,...,a n ) And query keyword predicates
Figure BDA0002620273030000071
Uploading the search token to a trusted authority TA to finish the generation operation of the search token, and when receiving the search token of the trusted authority TA
Figure BDA0002620273030000072
Then, the user retrieval module is further used for sending the token to the cloud server to continue to complete retrieval operation;
the data decryption module is used for using an ElGamal private key a' to obtain a data ciphertext C D Decrypting to recover the data cipher text into corresponding plain text content。
Preferably, the data owner terminal and the data user terminal are terminal devices with operation processing capability, including a smart phone, a tablet, and a computer.
Compared with the prior art, the invention has the following advantages and effects:
(1) In the multi-keyword searchable encryption method AND system, the data owner is allowed to implement the access strategy on the data, AND the access strategy supports Boolean expression forms of logic word nesting such as AND, OR AND the like, so that the data owner can be helped to flexibly control AND authorize the data, AND fine-grained Boolean access control is realized.
(2) The invention also supports Boolean keyword search represented by a Linear Secret Sharing Scheme (LSSS), AND the existing two schemes based on ABE (attribute-based encryption) OR PEKS (public-key encryption with keyword search, public key searchable encryption) can realize fine-grained access control, but the search strategy is still concentrated on equivalent search OR AND connection search of multiple keywords, but does NOT support Boolean keyword search of nesting of logical words such as AND, OR AND the like.
(3) The method and the system are constructed by adopting a composite order group, bilinear mapping and a Linear Secret Sharing Scheme (LSSS), have the characteristics of strategy hiding and leakage resistance, and have stronger safety; and the problems of flexible expressiveness of the access strategy, concealment of the access strategy, flexible expressiveness of keyword search, key length and the like are balanced, and the method has better practicability.
(4) The invention adopts the access strategy expressed by a Linear Secret Sharing Scheme (LSSS), only the structure with the attribute field is contained in the ciphertext, the attribute value is not exposed to the cloud in a plaintext mode, and the data concealment and the safety are good.
(5) The key used by the invention can adopt the system key length of a constant level, and is mainly based on the use of a hash function f, and does not depend on the number of the attribute field and the key field, nor the scale of the attribute field.
Drawings
Fig. 1 is a flow diagram of a multi-key searchable encryption method supporting boolean access control policies of the present invention.
Fig. 2 is a block diagram of the architecture of a multi-key searchable encryption system supporting boolean access control policies of the present invention.
Fig. 3 is a schematic diagram of an application environment of the multi-key searchable encryption system supporting boolean access control policies of the present invention.
Detailed Description
The present invention will be described in further detail with reference to examples and drawings, but the present invention is not limited thereto.
Example 1
The embodiment discloses a multi-keyword searchable encryption method supporting a Boolean access control strategy, and in the background of cloud storage, the embodiment is based on a searchable encryption technology and an attribute encryption technology, uses LSSS to express an access strategy and a search strategy, can support Boolean keyword search, and can effectively position data in which a user is interested; meanwhile, flexibility and hiding of an access strategy are realized, and fine-grained Boolean access control is supported; and supports a constant level of system key length. As shown in fig. 1, the method is applied to an application system including a trusted authority, a data user side, a data owner side, and a cloud server, such as a healthcare system, a school educational administration system, and the method includes the following steps:
s1, a trusted authority TA generates a system public key pk, a master key mk and an ElGamal private key a', and pubically develops and distributes the system public key pk to a cloud server, and all data users of the system have the right of accessing the system public key pk; the trusted authority TA stores the master key mk in the trusted authority TA, and only the trusted authority TA has the authority of accessing the master key mk; the trusted authority TA sends the ElGamal private key a' to the data users through the encryption channel, and each data user has a private key specific to itself.
The trusted authority TA is a fully trusted third-party security authority, and is responsible for generating a system public key pk and a master key mk, and an ElGamal private key a 'for file decryption, where the system public key pk, the master key mk, and the ElGamal private key a' all represent (or are encoded) into a binary code with a certain length under a computer.
The system public key pk, the master key mk, and the ElGamal private key a' are generated as follows:
s11, the credible authority TA uses a group generator of a composite order bilinear group
Figure BDA0002620273030000081
Execute
Figure BDA0002620273030000082
Generating a tuple (p) 1 ,p 2 ,p 3 ,p 4 ,G,G T And e) in which (a) is added,
Figure BDA0002620273030000083
for inputting safety parameters of the group generator, p 1 ,p 2 ,p 3 ,p 4 Is four different prime numbers, G and G T Is a cyclic group of order N, and N = p 1 p 2 p 3 p 4 And satisfying the bilinear mapping relation e: g × G → G T The relational expression maps two elements in the group G to the group G T One element of (a);
Figure BDA0002620273030000084
each represents p of G 1 ,p 2 ,p 3 ,p 4 A subgroup of orders;
s12, randomly selecting elements a, a', alpha belonging to a group Z by a trusted authority TA N Randomly extracting elements g, h belonging to a group
Figure BDA0002620273030000091
Element X 3 E group
Figure BDA0002620273030000092
Elements Z, X 4 E group
Figure BDA0002620273030000093
And calculated to obtain H = hZ, Y = e (g, g) α H and Y represent members of the system public key, respectively;
s13, the trusted authority TA selects a collision-resistant hash function f, wherein the hash function f meets the following mapping:
Figure BDA0002620273030000094
s14, the trusted authority TA obtains a system public key pk =according to the variables<N,g,ga,g a′ ,f,Y,H,X 4 >Master key mk =<α,h,X 3 >And ElGamal private key a'.
S2, encryption: the data owner uses the system public key pk, the keyword set O = (O) 1 ,...,o m ) And an access policy P for generating an index ciphertext C for the document I And data ciphertext C D And combines the ciphertext C I 、C D And uploading to a cloud server.
Wherein the access policy
Figure BDA00026202730300000915
The access policy may be referred to as a keyword predicate, AND may be regarded as an attribute set formed by connecting logical words such as AND OR, AND used to represent attribute conditions that must be satisfied by a data user who can read the file. For example, assume that there is a document with an access policy of
Figure BDA0002620273030000095
OR (agency = "hospital a" AND department = "cardiology"), where number, agency, department are attribute fields, AND 01234, hospital a, cardiology are attribute values, then the access policy
Figure BDA0002620273030000096
This document is only accessible to data users who satisfy the code 01234, or who are cardiology at the institution, hospital a, and department.
Index ciphertext C I The data owner is encrypted by the key words and the access strategy. Data cipher text C D The method refers to ciphertext data obtained by encrypting the content of the document. Index ciphertext C I And data ciphertext C D The encryption process of (1) is as follows:
s2l, predicating the keywords by a data owner
Figure BDA0002620273030000097
Mapping to a Linear Secret Sharing Scheme (LSSS) representation
Figure BDA0002620273030000098
Wherein A is l s Shared matrix of x n, l s Representing the number of rows and n representing the number of columns; ρ is a function that maps each row of matrix a to an attribute field; t is represented as
Figure BDA0002620273030000099
Form (a) t ρ(i) Is an attribute of the attribute field ρ (i), i is 1. Ltoreq. I.ltoreq.l s
The data owner randomly generates a vector v = (s, v) 2 ,...,v n ) E group
Figure BDA00026202730300000910
And a slave group
Figure BDA00026202730300000911
In which an element Z is randomly selected 1 (ii) a Here, all components in the vector are randomly selected, and S is continuously used in step S22;
for each row A of the matrix A i Corresponding to the slave group Z N In the random selection of element r i And slave group
Figure BDA00026202730300000912
In the random selection of two elements Z c,i ,Z d,i
For each keyword o x Corresponding to the slave group
Figure BDA00026202730300000913
In the random selection of an element Z e,x Wherein x is more than or equal to 1 and less than or equal to m;
s22, the data owner calculates and obtains an index ciphertext C according to the variables I
Figure BDA00026202730300000914
Wherein, C 0 =Y s ,C 1 =g s Z 1
Figure BDA0002620273030000101
Figure BDA0002620273030000102
S23, the data owner randomly generates a multi-bit symmetric key psi, and the document content of the key psi is encrypted by using an AES algorithm to obtain a ciphertext C D,1 (ii) a The embodiment specifically generates a symmetric key ψ of 256 bits;
s24, the data owner uses an ElGamal algorithm to encrypt the symmetric key psi to obtain a ciphertext C D,2 The specific process comprises the following steps: obtaining g and g from system public key pk a′ ,g、g a′ Is an element in the system public key pk, and since the data owner can access the system public key, he can also extract the corresponding element from the system public key; randomly selecting element y from group G, and calculating to obtain delta 1 =g y ,ε=(g a′ ) y; then, the symmetric key ψ is mapped to an element ψ' on G, and δ is calculated 2 = ψ' epsilon, and finally ciphertext C is generated D,2 =(δ 1 ,δ 2 );
S25, the data owner obtains the data ciphertext according to the variables of the steps S23 and S24C D =<C D,1 ,C D,2 >。
S3, generating a token: when a data user performs a search operation, first, the attribute set S = (a) needs to be set 1 ,...,a n ) And query keyword predicates
Figure BDA0002620273030000103
Uploading the data to a trusted authority TA, verifying whether the identity of the data user is legal or not by the trusted authority TA, and if so, generating a retrieval token for the data user by using a system public key pk and a master key mk
Figure BDA0002620273030000104
And store the token
Figure BDA0002620273030000105
And sending the data to the data user. The retrieval token may also be referred to as a query token.
Wherein the query key predicates
Figure BDA0002620273030000106
Can be regarded as a keyword set formed by connecting logical words such as AND, OR AND the like, AND is used for indicating what data a data user wants to inquire. For example, assume that there is a query keyword predicate of
Figure BDA0002620273030000107
Figure BDA0002620273030000108
OR name = "liming", where provider, disease, name are key fields, and hospital a, heart disease, liming are keys, the query key predicates
Figure BDA0002620273030000109
The representative user wants to search all documents whose provider is hospital a and whose disease is heart disease, or whose name is plum.
The procedure for the trusted authority TA to generate tokens is as follows:
s31, querying keyword predicates by trusted authority TA
Figure BDA00026202730300001010
Mapping to a linear secret sharing scheme representation
Figure BDA00026202730300001011
Wherein, the first and the second end of the pipe are connected with each other,
Figure BDA00026202730300001012
is a 1 O Shared matrix of x m, l O Representing the number of rows, m representing the number of columns;
Figure BDA00026202730300001013
is a general matrix
Figure BDA00026202730300001014
Each line of (a) maps to a function of a key field;
Figure BDA00026202730300001015
is shown as
Figure BDA00026202730300001016
In the form of (a) a (b),
Figure BDA00026202730300001017
is a keyword field
Figure BDA00026202730300001018
The key word of 1 is less than or equal to x' and less than or equal to l O
S32, subordinate group Z of trusted authority TA N In the random selection of two elements c 1 ,c 2 Generating a vector
Figure BDA00026202730300001019
Wherein the content of the first and second substances,
Figure BDA00026202730300001020
as random numbers, from the group
Figure BDA00026202730300001021
In the random selection of two elements R 0 ,R 1
S33, S = (a) for attribute set 1 ,...,a n ) Each attribute a in (1) i′ From the group
Figure BDA0002620273030000111
In the random selection of element R i′ ,1≤i′≤n;
S34, for
Figure BDA0002620273030000112
Each row of
Figure BDA0002620273030000113
From group Z N In the random selection of an element s x′ From the group
Figure BDA0002620273030000114
In the random selection of two elements
Figure BDA0002620273030000115
1≤x′≤l O
S35, the trusted authority TA calculates and obtains the retrieval token according to the variables
Figure BDA0002620273030000116
Figure BDA0002620273030000117
Wherein, the first and the second end of the pipe are connected with each other,
Figure BDA0002620273030000118
Figure BDA0002620273030000119
s4, searching a ciphertext: data user receiving trustSearch token sent by authority TA
Figure BDA00026202730300001110
Then, sending the retrieval token to a cloud server; after the cloud server receives the index ciphertext C, aiming at each index ciphertext C I Checking whether the index ciphertext and the retrieval token are matched by using the system public key pk, and transmitting the data ciphertext C meeting the matching condition D And sending the data to a data user.
The ciphertext search process is as follows:
s41, the cloud server searches the token
Figure BDA00026202730300001111
Is resolved into
Figure BDA00026202730300001112
Index ciphertext C I Is resolved into
Figure BDA00026202730300001113
S42, the cloud server calculates I from (A, rho) A,ρ Here I A,ρ Represents {1,.. Multidot.l s All minimum subsets of (A, rho) are satisfied; wherein, if present
Figure BDA00026202730300001114
And the existence of a set of constants w i″ } i″∈I So that sigma i″∈I w i″ A i″ = 1,0, ·, 0), I is said to satisfy (a, ρ);
likewise, cloud server from
Figure BDA00026202730300001115
Middle calculation
Figure BDA00026202730300001116
Here, the
Figure BDA00026202730300001117
Represents {1,.. Multidot.l O All of them satisfy
Figure BDA00026202730300001118
A set formed by the smallest subset of (c); wherein, if present
Figure BDA00026202730300001119
And existence of a set of constants
Figure BDA00026202730300001120
So that
Figure BDA00026202730300001121
Figure BDA00026202730300001122
Then call
Figure BDA00026202730300001123
Satisfy the requirements of
Figure BDA00026202730300001124
S43, if there is I ∈ I A,ρ And
Figure BDA00026202730300001125
in which sigma i″∈I w i″ A i″ = (1, 0,. 0, 0) for certain constants { w } i″ } i″∈I Is formed,
Figure BDA00026202730300001126
For some constant
Figure BDA00026202730300001127
If true, such that the following equation is true, the algorithm outputs a 1, indicating the search token
Figure BDA00026202730300001128
And index ciphertext C I Match and cipher the corresponding data D Sending the data to a data user; otherwise, the algorithm outputs 0, which indicates that the two are not matched;
the outputs "1" and "0" are generally expressed by using boolean variables (bool) under a computer, where "1" corresponds to "true" of the boolean variable, i.e., "the two match". While a "0" corresponds to a "false" of the boolean variable, denoted "false", i.e., "the two do not match".
The equation is:
Figure BDA0002620273030000121
s5, decryption: data user receives data cipher text C D Then, using ElGamal private key a', data ciphertext C D Recovering to corresponding plaintext content, as follows:
s51, the data user uses ElGamal algorithm to process the ciphertext
Figure BDA0002620273030000122
Decryption to obtain a symmetric key psi:
using the ElGamal private key a', the calculation yields epsilon = δ 1 a′ Subsequently calculating ψ' = δ 2 ε -1 Finally mapping psi' back to the symmetric key psi;
s52, decrypting ciphertext by using the symmetric key psi
Figure BDA0002620273030000123
And obtaining the plaintext content of the document.
Example 2
The embodiment discloses a multi-key searchable encryption system supporting a boolean access control policy, as shown in fig. 2, including: the system comprises an initialization and token generation subsystem running in a trusted authority TA, an encryption subsystem running in a data owner end, a cloud storage subsystem running in a cloud server, and a user retrieval and decryption subsystem running in a data user end.
The trusted authority TA is a completely trusted third-party security organization, and the data owner side and the data user side are terminal devices with operation processing capability, including smart phones, tablets, and computers. The system may perform the multi-key searchable encryption method described in embodiment 1 that supports boolean access control policies.
The initialization and token generation subsystem operating in the trusted authority TA comprises an initialization module, a master key storage module and a token generation module:
the initialization module is used for generating a system public key pk, a master key mk and an ElGamal private key a ', distributing the public development of the system public key pk to a cloud server, storing the master key mk to the master key storage module and sending the ElGamal private key a' to a data user;
the master key storage module is used for storing a master key mk and only allowing access of a trusted authority TA;
the token generation module is used for responding to a retrieval token generation request of the data user, checking the validity of the identity of the data user, and generating a retrieval token for the data user by using the system public key pk and the master key mk under the condition that the identity of the data user is legal
Figure BDA0002620273030000124
And to token the search
Figure BDA0002620273030000125
And sending the data to a data user.
The encryption subsystem operating at the data owner end comprises a data encryption module and an index encryption module:
the data encryption module is used for acquiring a system public key pk from the cloud server, encrypting the document by using the system public key pk to obtain a data ciphertext, and then sending the data ciphertext to the cloud server;
the index encryption module is used for encrypting the keyword set of each document and the implemented access strategy by using the system public key pk to obtain a corresponding index ciphertext and sending the index ciphertext to the cloud server.
As shown in fig. 2, since each document has its own data ciphertext and index ciphertext, which are associated with each other, the data ciphertext is usually packed with the index ciphertext and sent to the storage module.
The cloud storage subsystem running on the cloud server comprises a system public key public module, a storage module and a retrieval module:
the system public key public module is used for publicly releasing the system public key generated by the trusted authority TA;
the storage module is used for storing the data ciphertext and the index ciphertext encrypted by the data owner;
the retrieval module is used for aiming at each index ciphertext C I Checking whether the index ciphertext is matched with the search token by using the system public key pk, and obtaining a data ciphertext C meeting the matching condition from the storage module D And sends it to the data user.
The user retrieval and decryption subsystem running at the data user side comprises a user retrieval module and a data decryption module:
the user search module is used for sending a token generation request to the trusted authority TA and simultaneously sending an attribute set S = (a) of the data user 1 ,...,a n ) And query keyword predicates
Figure BDA0002620273030000131
Uploading the data to a trusted authority TA to finish the generation operation of the search token, and when receiving the search token of the trusted authority TA
Figure BDA0002620273030000132
Then, the user retrieval module is further used for sending the token to the cloud server to continue to complete retrieval operation;
the data decryption module is used for using an ElGamal private key a' to obtain a data ciphertext C D And decrypting to recover the data ciphertext into corresponding plaintext content.
As shown in fig. 3, the system of the present embodiment is applied to a medical scene, and the system may specifically be a healthcare system. The system has a multi-location data user (data user 1, data user 2, \ 8230; \8230;, data user m), and may store documents of multi-location data owners (data owner 1, data owner 2, \8230;, data owner n). Here, the number m' =5 of keyword fields of the document is set, and each keyword field is name, age, sex, disease, provider; the number n' =4 of attribute fields of the data user, and each attribute field is name, number, organization and department.
The working process of the system is as follows:
firstly, the trusted authority runs an initialization module of an initialization and token generation subsystem: according to security parameters
Figure BDA0002620273030000133
Generating a system public key pk, a master key mk and an ElGamal private key a ', publicly developing the system public key pk to a cloud server, storing the master key mk to a master key storage module, and sending the ElGamal private key a' to a data user.
The data owner 1 is set to own three documents 1, 2, 3. Wherein:
the keywords corresponding to each keyword field of the document 1 are as follows: "wu epi", "23", "men", "heart disease" and "hospital a", the access policy implemented is: number = "01234" or (institution = "hospital a" AND department = "cardiology");
the keywords corresponding to each keyword field of the document 2 are as follows: "plum", "27", "male", "myocarditis", hospital a ", the access policy implemented was: number = "01234" or agency = "hospital a";
the keywords corresponding to each keyword field of the document 3 are as follows in sequence: "liu hua", "20", "man", "heart disease" and "hospital a", the access policies implemented are: number = "12345" or (institution = "hospital a" AND department = "cardiology");
in order to encrypt the documents, the data owner 1 firstly operates an encryption subsystem, obtains a system public key pk from a cloud storage subsystem on a cloud server, and then sequentially encrypts the three documents by using the system public key pk to generate an index ciphertext
Figure BDA0002620273030000141
And data cipher text
Figure BDA0002620273030000142
And cipher the data
Figure BDA0002620273030000143
And uploading to a cloud server.
And after receiving the data ciphertext of the data owner 1, the cloud server stores the data ciphertext in a storage module of the cloud storage subsystem. For simplicity of explanation, it is assumed here that the current storage module stores only the above three ciphertexts of data owner 1
Figure BDA0002620273030000144
The attributes corresponding to each attribute field of the data user 1 are as follows: "Wangshuang", "01234", "Hospital A" and "department of cardiology". If the data user wants to inquire about the document with the provider being hospital A and the disease being heart disease, the user searching module of the user searching and decrypting subsystem is operated, and the user attribute set S = ('king frost', '01234', 'hospital A', 'cardiology'), and the predicate of the inquiry keyword
Figure BDA0002620273030000145
The AND (disease = "heart disease") is sent to the trusted authority TA so that the trusted authority TA verifies the user identity AND generates a search token.
The trusted authority TA receives the user attribute set S and the query keyword predicate of the data user 1
Figure BDA0002620273030000146
Thereafter, a token generation module is run which, after verifying that the identity of the data user 1 is legitimate, uses the system public key pk and the master key mk to generate a retrieval token for it
Figure BDA0002620273030000147
And to token the search
Figure BDA0002620273030000148
To the data user 1.
Data user 1 receives search token of credible authority TA
Figure BDA0002620273030000149
And then, operating the user retrieval module to send the retrieval token to the cloud server so as to perform the next retrieval operation.
After the cloud server receives a query request of a data user 1 (the data user operates a user retrieval module of a user retrieval and decryption subsystem and inputs a user attribute set and a query keyword predicate), the cloud server operates a retrieval module which uses a system public key pk to retrieve a token
Figure BDA0002620273030000151
And index ciphertext in storage module
Figure BDA0002620273030000152
And carrying out matching operation in sequence. It is assumed here that the data cipher text
Figure BDA0002620273030000153
Matching, when the matching operation is completed, the cloud server encrypts the data cipher text meeting the conditions
Figure BDA0002620273030000154
And returns to data user 1.
The data user 1 receives the returned data ciphertext
Figure BDA0002620273030000155
Then, a decryption module of the user retrieval and decryption subsystem is operated, and the decryption module decrypts the data ciphertext by using the ElGamal private key a
Figure BDA0002620273030000156
The plaintext content of the document 1 is recovered.
It should be noted that, the system of the present embodiment is only illustrated by the division of the functional modules, and in practical applications, the functions may be distributed by different functional modules as needed, that is, the internal structure may be divided into different functional modules to complete all or part of the functions described above.
The above embodiments are preferred embodiments of the present invention, but the present invention is not limited to the above embodiments, and any other changes, modifications, substitutions, combinations, and simplifications which do not depart from the spirit and principle of the present invention should be construed as equivalents thereof, and all such changes, modifications, substitutions, combinations, and simplifications are intended to be included in the scope of the present invention.

Claims (8)

1. A multi-keyword searchable encryption method supporting Boolean access control policies is characterized by comprising the following steps:
s1, generating a system public key pk, a master key mk and an ElGamal private key a 'by a trusted authority TA, distributing the system public key pk to a cloud server in a public way, storing the master key mk in the trusted authority TA, and sending the ElGamal private key a' to a data user;
s2, encryption: the data owner uses the system public key pk, the set of keywords O = (O) 1 ,...,o m ) And access policy
Figure FDA00039020323500000126
Generating index ciphertext C for a document I And data cipher text C D And combines the ciphertext C I 、C D Uploading to a cloud server;
s3, generating a retrieval token: when a data user performs a search operation, first, the attribute set S = (a) needs to be set 1 ,...,a n ) And query keyword predicates
Figure FDA0003902032350000011
Uploading the data to a trusted authority TA, verifying whether the identity of the data user is legal or not by the trusted authority TA, and if the identity of the data user is legal, generating a retrieval token for the data user by using a system public key pk and a master key mk
Figure FDA0003902032350000012
And to token the search
Figure FDA0003902032350000013
Sending the data to the data user;
the process of the trusted authority TA generating the search token is as follows:
s31, the credible authority TA predicates the query keyword
Figure FDA0003902032350000014
Mapping to a linear secret sharing scheme representation
Figure FDA0003902032350000015
Figure FDA0003902032350000016
Wherein, the first and the second end of the pipe are connected with each other,
Figure FDA0003902032350000017
is a O Shared matrix of x m, l O Representing the number of rows, m representing the number of columns;
Figure FDA0003902032350000018
is a general matrix
Figure FDA0003902032350000019
Each line of (a) maps to a function of a key field;
Figure FDA00039020323500000110
is shown as
Figure FDA00039020323500000111
In the form of (a) a (b),
Figure FDA00039020323500000112
is the key pointWord field
Figure FDA00039020323500000113
The key word of 1 is less than or equal to x' and less than or equal to l O
S32, the credible authority TA slave group Z N In the random selection of two elements c 1 ,c 2 Generating a vector
Figure FDA00039020323500000114
Wherein the content of the first and second substances,
Figure FDA00039020323500000115
as random numbers, from groups
Figure FDA00039020323500000116
In the random selection of two elements R 0 ,R 1
S33, S = (a) for attribute set 1 ,...,a n ) Each attribute a in i′ From the group
Figure FDA00039020323500000117
In the random selection of element R i′ ,1≤i′≤n;
S34, for
Figure FDA00039020323500000118
Each row of
Figure FDA00039020323500000119
From group Z N In the random selection of an element s x′ From the group
Figure FDA00039020323500000120
In the random selection of two elements
Figure FDA00039020323500000121
S35, the trusted authority TA calculates and obtains a retrieval token
Figure FDA00039020323500000122
Figure FDA00039020323500000123
Wherein the content of the first and second substances,
Figure FDA00039020323500000124
and α is a trusted authority TA slave group Z N The elements that are randomly drawn are selected,
Figure FDA00039020323500000125
Figure FDA00039020323500000214
f is a hash function, g and h are trusted authority TA slave groups
Figure FDA0003902032350000021
The elements that are randomly drawn are selected,
Figure FDA0003902032350000022
s4, searching a ciphertext: the data user receives the search token sent by the credible authority TA
Figure FDA0003902032350000023
Then, sending the retrieval token to a cloud server; after the cloud server receives the index ciphertext C, aiming at each index ciphertext C I Checking whether the index ciphertext and the retrieval token are matched by using the system public key pk, and enabling the data ciphertext C meeting the matching condition D Sending the data to a data user;
s5, decryption: data user receives data cipher text C D Then, using ElGamal private key a', data ciphertext C D Restored to the corresponding plaintext content.
2. The multi-key searchable encryption method supporting boolean access control policies according to claim 1, characterized in that in step S1, the trusted authority TA generates the system public key pk, the master key mk, and the ElGamal private key a' as follows:
s11, the credible authority TA uses a group generator of a composite order bilinear group
Figure FDA0003902032350000024
Execution G (1) K ) Generating tuples (p) 1 ,p 2 ,p 3 ,p 4 ,G,G T And e), wherein,
Figure FDA0003902032350000025
for inputting safety parameters of the group generator, p 1 ,p 2 ,p 3 ,p 4 Is four different prime numbers, G and G T Is a cyclic group of order N, and N = p 1 p 2 p 3 p 4 And satisfying the bilinear mapping relation e: g × G → G T The bilinear mapping relation represents that two elements in the group G are mapped to the group G T One element of (1);
Figure FDA0003902032350000026
Figure FDA0003902032350000027
each represents p of G 1 ,p 2 ,p 3 ,p 4 A subgroup of orders;
s12, randomly selecting elements a, a', alpha belonging to the group Z by the trusted authority TA N Randomly extracting elements g, h belonging to a group
Figure FDA0003902032350000028
Element X 3 E group
Figure FDA0003902032350000029
Elements Z, X 4 E group
Figure FDA00039020323500000210
And calculated to obtain H = hZ, Y = e (g, g) α H and Y represent members of the system public key, respectively;
s13, the trusted authority TA selects a collision-resistant hash function f, wherein the hash function f meets the following mapping:
Figure FDA00039020323500000211
s14, the trusted authority TA obtains the system public key pk =<N,g,g a ,g a′ ,f,Y,H,X 4 >Master key mk =<α,h,X 3 >And the ElGamal private key a';
the ElGamal private key a' is specifically sent to the data user through an encrypted channel.
3. The multi-key searchable encryption method supporting boolean access control policies according to claim 2, characterized in that the encryption procedure of step S2 is as follows:
s21, the data owner predicates the keywords
Figure FDA00039020323500000212
Mapping to a linear secret sharing scheme representation
Figure FDA00039020323500000213
Wherein A is l s Shared matrix of x n, l s Representing the number of rows, n the number of columns; ρ is a function that maps each row of matrix a to an attribute field; t is represented by
Figure FDA0003902032350000031
Form (a) t ρ(i) Is an attribute of the attribute field rho (i), i is greater than or equal to 1 and less than or equal to l s
The data owner randomly generates a vector v = (s, v) 2 ,...,v n ) E group
Figure FDA0003902032350000032
And a slave group
Figure FDA0003902032350000033
In which an element Z is randomly selected 1 ;s,v 2 ,v n As components in vector v;
for each row A of the matrix A i From group Z N In the random selection of element r i And slave group
Figure FDA0003902032350000034
In the random selection of two elements Z c,i ,Z d,i
For each keyword o x From the group
Figure FDA0003902032350000035
In the random selection of an element Z e,x Wherein x is more than or equal to 1 and less than or equal to m;
s22, calculating by the data owner to obtain an index ciphertext C I
Figure FDA0003902032350000036
Wherein, C 0 =Y s ,C 1 =g s Z 1
Figure FDA0003902032350000037
Figure FDA0003902032350000038
S23, the data owner randomly generates a multi-bit symmetric key psi, and the document content of the key psi is encrypted by using an AES algorithm to obtain a ciphertext C D,1
S24, the data owner encrypts the symmetric key psi to obtain a ciphertext C by using an ElGamal algorithm D,2 The specific process comprises the following steps: disclosure of Slave systemsObtaining g and g from the secret key pk a′ Randomly selecting element y from group G, and calculating to obtain delta 1 =g y ,ε=(g a′ ) y (ii) a Then, the symmetric key ψ is mapped to an element ψ' on G, and δ is calculated 2 = ψ' epsilon, and finally ciphertext C is generated D,2 =(δ 1 ,δ 2 );
S25, the data owner obtains a data ciphertext C according to the variables of the steps S23 and S24 D =<C D,1 ,C D,2 >。
4. The multi-key searchable encryption method supporting a boolean access control policy according to claim 2, characterized in that the search ciphertext process of step S4 is as follows:
s41, the cloud server searches the token
Figure FDA0003902032350000039
Is resolved into
Figure FDA00039020323500000310
Index ciphertext C I Is resolved into
Figure FDA00039020323500000322
S42, the cloud server calculates I from (A, rho) A,ρ Here I A,ρ Represents {1,.. Multidot.l s All minimum subsets of (A, rho) are satisfied; wherein, if present
Figure FDA00039020323500000311
And the existence of a set of constants w i″ } i″∈I So that ∑ i″∈I w i″ A i″ = 1,0, ·, 0), I is said to satisfy (a, ρ);
likewise, cloud server slave
Figure FDA00039020323500000312
Middle calculation
Figure FDA00039020323500000313
Here, the
Figure FDA00039020323500000314
Represents {1,.. Multidot.l O All of them satisfy
Figure FDA00039020323500000315
A set formed by the smallest subset of (c); wherein, if present
Figure FDA00039020323500000316
And existence of a set of constants
Figure FDA00039020323500000317
So that
Figure FDA00039020323500000318
Figure FDA00039020323500000319
Then call
Figure FDA00039020323500000320
Satisfy the requirement of
Figure FDA00039020323500000321
S43, if there is I ∈ I A,ρ And
Figure FDA0003902032350000041
wherein ∑ i″∈I w i″ A i″ = 1,0,. 0) for certain constants w i″ } i″∈I Is established,
Figure FDA0003902032350000042
For some constant
Figure FDA0003902032350000043
If it holds, so that the following equation holds, the algorithm outputs 1, indicating the search token
Figure FDA0003902032350000044
And index ciphertext C I Match and encrypt the corresponding data cipher text C D Sending the data to a data user; otherwise, the algorithm outputs 0, which indicates that the two are not matched;
the equation is:
Figure FDA0003902032350000045
5. the multi-key searchable encryption method supporting Boolean access control policy according to claim 3, wherein the decrypted data ciphertext C of step S5 D =<C D,1 ,C D,2 >The process of (2) is as follows:
s51, the data user uses the ElGamal algorithm to process the ciphertext C D,2 Decryption to obtain a symmetric key psi:
using the ElGamal private key a', the calculation yields ∈ = δ 1 a Subsequently, ψ' = δ is calculated 2 ε -1 Mapping psi' back to the symmetric key psi;
s52, decrypting ciphertext C by using symmetric key psi D,1 And obtaining the plaintext content of the document.
6. The multi-key searchable encryption method supporting a boolean access control policy according to claim 1, wherein the trusted authority TA is a fully trusted third party security authority responsible for generating a system public key pk and a master key mk, and an ElGamal private key a 'for file decryption, wherein the system public key pk, the master key mk, and the ElGamal private key a' are all binary codes with a certain length.
7. A multi-key searchable encryption system that supports boolean access control policies, comprising: an initialization and retrieval token generation subsystem operating in a trusted authority TA, an encryption subsystem operating in a data owner side, a cloud storage subsystem operating on a cloud server, a user retrieval and decryption subsystem operating in a data user side, wherein,
the initialization and retrieval token generation subsystem operating in the trusted authority TA comprises an initialization module, a master key storage module and a retrieval token generation module:
the initialization module is used for generating a system public key pk, a master key mk and an ElGamal private key a ', publicly developing the system public key pk to a cloud server, storing the master key mk to the master key storage module, and sending the E1Gamal private key a' to a data user;
the master key storage module is used for storing a master key mk and only allowing access of a trusted authority TA;
the retrieval token generation module is used for responding to a retrieval token generation request of the data user, checking the validity of the identity of the data user, and generating a retrieval token for the data user by using the system public key pk and the master key mk under the condition that the identity of the data user is legal
Figure FDA0003902032350000051
And to token the search
Figure FDA0003902032350000052
Sending the data to a data user;
the process of generating the retrieval token is as follows:
s31, the credible authority TA predicates the query keyword
Figure FDA0003902032350000053
Mapping to a linear secret sharing scheme representation
Figure FDA0003902032350000054
Figure FDA0003902032350000055
Wherein the content of the first and second substances,
Figure FDA0003902032350000056
is a O Xm shared matrix, l O Representing the number of rows, m representing the number of columns;
Figure FDA0003902032350000057
is a general matrix
Figure FDA0003902032350000058
Each line of (a) maps to a function of a key field;
Figure FDA0003902032350000059
is shown as
Figure FDA00039020323500000510
In the form of (a) a (b),
Figure FDA00039020323500000511
is a keyword field
Figure FDA00039020323500000512
The key word of 1 is less than or equal to x' and less than or equal to l O
S32, the credible authority TA slave group Z N In the random selection of two elements c 1 ,c 2 Generating a vector
Figure FDA00039020323500000513
Wherein the content of the first and second substances,
Figure FDA00039020323500000514
as random numbers, from the group
Figure FDA00039020323500000515
In the random selection of two elements R 0 ,R 1
S33、For attribute set S = (a) 1 ,...,a n ) Each attribute a in (1) i′ From the group
Figure FDA00039020323500000516
In the random selection of element R i′ ,1≤i′≤n;
S34, for
Figure FDA00039020323500000517
Each row of
Figure FDA00039020323500000518
From group Z N In the random selection of elements s x′ From the group
Figure FDA00039020323500000519
In the random selection of two elements
Figure FDA00039020323500000520
S35, the trusted authority TA calculates and obtains a retrieval token
Figure FDA00039020323500000521
Figure FDA00039020323500000522
Wherein, the first and the second end of the pipe are connected with each other,
Figure FDA00039020323500000523
Figure FDA00039020323500000524
the encryption subsystem running at the data owner end comprises a data encryption module and an index encryption module:
the data encryption module is used for acquiring a system public key pk from the cloud server, encrypting a document by using the system public key pk to obtain a data ciphertext and then sending the data ciphertext to the cloud server;
the index encryption module is used for encrypting the keyword set of each document and the implemented access strategy by using the system public key pk to obtain a corresponding index ciphertext and sending the index ciphertext to the cloud server;
the cloud storage subsystem running on the cloud server comprises a system public key public module, a storage module and a retrieval module:
the system public key public module is used for publicly releasing the system public key generated by the trusted authority TA;
the storage module is used for storing the data ciphertext and the index ciphertext encrypted by the data owner;
the retrieval module is used for aiming at each index ciphertext C I Checking whether the index ciphertext is matched with the search token by using the system public key pk, and obtaining a data ciphertext C meeting the matching condition from the storage module D And sends it to the data user;
the user retrieval and decryption subsystem running at the data user side comprises a user retrieval module and a data decryption module:
the user search module is used for sending a search token generation request to the trusted authority TA and simultaneously enabling the attribute set S = (a) of the data user 1 ,...,a n ) And query keyword predicates
Figure FDA0003902032350000061
Uploading the search token to a trusted authority TA to finish the generation operation of the search token, and when receiving the search token of the trusted authority TA
Figure FDA0003902032350000062
Then, the user retrieval module is also used for sending the retrieval token to the cloud server to continue to complete the retrieval operation;
the data decryption module is used for using an ElGamal private key a' to obtain a data ciphertext C D And decrypting and restoring the data ciphertext into corresponding plaintext content.
8. The system of claim 7, wherein the data owner side and the data user side are end devices with arithmetic processing capabilities, such as smart phones, tablets and computers.
CN202010781185.XA 2020-08-06 2020-08-06 Multi-keyword searchable encryption method and system supporting Boolean access control strategy Active CN112100649B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010781185.XA CN112100649B (en) 2020-08-06 2020-08-06 Multi-keyword searchable encryption method and system supporting Boolean access control strategy

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010781185.XA CN112100649B (en) 2020-08-06 2020-08-06 Multi-keyword searchable encryption method and system supporting Boolean access control strategy

Publications (2)

Publication Number Publication Date
CN112100649A CN112100649A (en) 2020-12-18
CN112100649B true CN112100649B (en) 2022-12-16

Family

ID=73750233

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010781185.XA Active CN112100649B (en) 2020-08-06 2020-08-06 Multi-keyword searchable encryption method and system supporting Boolean access control strategy

Country Status (1)

Country Link
CN (1) CN112100649B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112751670B (en) * 2020-12-30 2022-11-11 西安邮电大学 Attribute-based searchable encryption of multi-center ciphertext strategy and corresponding method for searching and acquiring data
CN114357477B (en) * 2021-12-15 2023-07-18 华南理工大学 Boolean keyword searchable encryption method supporting large-scale user group
CN115150196B (en) * 2022-09-01 2022-11-18 北京金睛云华科技有限公司 Ciphertext data-based anomaly detection method, device and equipment under normal distribution

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108156140A (en) * 2017-12-13 2018-06-12 西安电子科技大学 A kind of multiple key that numerical attribute is supported to compare can search for encryption method
CN108390855A (en) * 2018-01-11 2018-08-10 中国人民解放军战略支援部队信息工程大学 A kind of attribute base keyword search encryption system and method towards cloud storage
CN109361644A (en) * 2018-08-22 2019-02-19 西安工业大学 A kind of Fog property base encryption method for supporting fast search and decryption

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103731432B (en) * 2014-01-11 2017-02-08 西安电子科技大学昆山创新研究院 Multi-user supported searchable encryption method
CN105871543B (en) * 2016-03-29 2019-02-15 西安电子科技大学 Multiple key cipher text retrieval method under more data owner's backgrounds based on attribute
EP3627371A3 (en) * 2017-02-22 2020-07-15 Kindite Ltd. Encrypting data records and processing encrypted records without exposing plaintext

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108156140A (en) * 2017-12-13 2018-06-12 西安电子科技大学 A kind of multiple key that numerical attribute is supported to compare can search for encryption method
CN108390855A (en) * 2018-01-11 2018-08-10 中国人民解放军战略支援部队信息工程大学 A kind of attribute base keyword search encryption system and method towards cloud storage
CN109361644A (en) * 2018-08-22 2019-02-19 西安工业大学 A kind of Fog property base encryption method for supporting fast search and decryption

Also Published As

Publication number Publication date
CN112100649A (en) 2020-12-18

Similar Documents

Publication Publication Date Title
Sun et al. PMRSS: privacy-preserving medical record searching scheme for intelligent diagnosis in IoT healthcare
Ramu A secure cloud framework to share EHRs using modified CP-ABE and the attribute bloom filter
CN112100649B (en) Multi-keyword searchable encryption method and system supporting Boolean access control strategy
US8898478B2 (en) Method for querying data in privacy preserving manner using attributes
CN108768951B (en) Data encryption and retrieval method for protecting file privacy in cloud environment
CN107948146B (en) Connection keyword retrieval method based on attribute encryption in hybrid cloud
WO2019080281A1 (en) Health record access control system and method in electronic medical cloud
CN111913981B (en) Online and offline attribute-based boolean keyword searchable encryption method and system
Ying et al. A lightweight policy preserving EHR sharing scheme in the cloud
Yao et al. Privacy-preserving search over encrypted personal health record in multi-source cloud
CN110866135B (en) Response length hiding-based k-NN image retrieval method and system
US11716191B2 (en) Method, apparatus, and computer-readable medium for searching polymorphically encrypted data
Huang et al. FSSR: Fine-grained EHRs sharing via similarity-based recommendation in cloud-assisted eHealthcare system
CN114598472A (en) Conditional-hidden searchable agent re-encryption method based on block chain and storage medium
CN114579998A (en) Block chain assisted medical big data search mechanism and privacy protection method
Wen et al. Leaf: A faster secure search algorithm via localization, extraction, and reconstruction
Zhang et al. NANO: Cryptographic Enforcement of Readability and Editability Governance in Blockchain Databases
Kim et al. Privacy-preserving parallel kNN classification algorithm using index-based filtering in cloud computing
Park et al. PKIS: practical keyword index search on cloud datacenter
Niu et al. A data-sharing scheme that supports multi-keyword search for electronic medical records
KR20120002729A (en) Search system and method in multi-user
CN116611083A (en) Medical data sharing method and system
Muhammad et al. A secure data outsourcing scheme based on Asmuth–Bloom secret sharing
CN113132345B (en) Agent privacy set intersection method with searchable function
CN115694974A (en) Ciphertext data sharing method and system based on collaborative searchable

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant