CN112380553A - Multi-key searchable encryption method and system based on attribute access control structure - Google Patents

Multi-key searchable encryption method and system based on attribute access control structure Download PDF

Info

Publication number
CN112380553A
CN112380553A CN202011337817.XA CN202011337817A CN112380553A CN 112380553 A CN112380553 A CN 112380553A CN 202011337817 A CN202011337817 A CN 202011337817A CN 112380553 A CN112380553 A CN 112380553A
Authority
CN
China
Prior art keywords
user
data
attribute
access control
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202011337817.XA
Other languages
Chinese (zh)
Other versions
CN112380553B (en
Inventor
李婉华
徐玲玲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
South China University of Technology SCUT
Original Assignee
South China University of Technology SCUT
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by South China University of Technology SCUT filed Critical South China University of Technology SCUT
Priority to CN202011337817.XA priority Critical patent/CN112380553B/en
Publication of CN112380553A publication Critical patent/CN112380553A/en
Application granted granted Critical
Publication of CN112380553B publication Critical patent/CN112380553B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/176Support for shared access to files; File sharing support
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a multi-key searchable encryption method and a multi-key searchable encryption system based on an attribute access control structure, wherein in the background of cloud storage, a VBTree is adopted to divide an attribute set, the attribute set is bound with the access authority of a file, whether the user is a legal user or not and the file set which can be accessed by the user can be effectively determined according to the attribute set submitted by the user, and therefore huge expenses of traversing all files of a data owner once when the user is verified to be the legal user or not are avoided; meanwhile, the combined query of multiple keywords is realized, so that the query result is more flexible and accurate; and the data owner need not generate an authorization key for each authorized user and for each file they have access to, but only for each authorized user.

Description

Multi-key searchable encryption method and system based on attribute access control structure
Technical Field
The invention relates to the technical field of cryptography and secure data sharing, in particular to a multi-key searchable encryption method and system based on an attribute access control structure.
Background
Cloud computing has been a research hotspot of researchers in recent years due to the advantages of economy, convenience, strong expandability and the like. It provides a good platform for users to share data. In practical applications, in order to protect user privacy and realize secure data sharing, security protection measures need to be implemented on a data sharing platform. For example, in a medical health system, different medical research institutions and hospitals need to share a large amount of medical data to provide treatment plans for patients, obtain medical statistical data and promote the development of scientific research, and then the data of the patients can be uploaded to a cloud server to be shared. However, in such a system, in order to avoid the leakage of sensitive data of a patient, the data of the patient needs to be encrypted, and a data user (such as a doctor, a researcher of a medical research institution, etc.) can obtain the data of a specific patient by searching keywords, and the searchable encryption scheme can solve the problem well.
Searchable encryption allows a data owner (such as a patient) to upload sensitive data to a cloud server after encryption, authorized users (such as doctors, researchers of medical institutions and the like) can generate trapdoors by using specific keywords through encryption and upload the trapdoors to the cloud server, the cloud server performs retrieval through the trapdoors, ciphertext containing keyword information (such as medical records of some patients) is returned to the authorized users, and the authorized users decrypt the ciphertext to obtain original medical data. In the process, the server cannot know the sensitive data of the data owner and the keywords queried by the authorized person, so that the privacy of the data owner is protected.
Among searchable encryption schemes, searchable encryption schemes that support conjunctive keyword queries are more widely applicable. However, the current scheme is a searchable encryption scheme with a single keyword, which often cannot satisfy an application scenario in which multiple keywords are simultaneously screened, and easily causes the problems of low matching degree between query results and target results, excessively large number of returned results, and excessively long time for returning results. In order to meet the requirement of a scene of screening a plurality of keywords at the same time, the intuitive method is to respectively query a plurality of times of single keywords, and finally, an intersection is taken for the result, but a file set containing each keyword is leaked. In the existing searchable encryption scheme supporting the conjunctive keyword query, a Tree structure is often used to organize the keywords, such as a red-black Tree, a Virtual Binary Tree (VBTree), and the like. In 2018, Wu constructs a searchable encryption scheme supporting retrieval of conjunctive keywords based on VBTree. VBTree is a complete binary tree in a logical sense, each leaf node stores information of a keyword set included in a file, and in order to insert a keyword in a file into the tree, the information of the keywords needs to be encrypted from the leaf node corresponding to the file from bottom to top and then inserted into all nodes passing from the node to a root node. The root node contains the keyword information for all documents. Each node of the VBTree has a unique path, the path of the root node is "" and for an internal node, assuming that the path is s, the left child path is s | |0 and the right child path is s | | 1. When the keywords are inquired, firstly, starting from a root node, judging whether the keywords to be inquired are all in the root node, and if so, continuously searching whether the keywords are in the left child and the right child; if not, it is stated that the keyword to be queried is not in any of the files, and the query may be terminated. When the leaf node is found and the keywords to be inquired are all in the node, the finding is successful, and at the moment, the path of the root node can be converted into the corresponding file number for returning. It should be noted that VBTree is not a true binary tree, but a temporary logical binary tree. After the binary tree is constructed, the keyword information of each node is scrambled and inserted into a hash table, and the hash table is filled with some redundant information. When performing keyword search, the cloud server actually performs keyword search on the hash table. The VBTree structure has the advantages that firstly, the complexity of the query time of the hash table is O (1), and the query efficiency is high; secondly, except for the height of the binary tree, the server cannot recover other structural information of the binary tree from the hash table, so that the safety is ensured; in addition, compared with a red-black tree, the VBTree does not need to store other additional information such as branches and tree nodes, and memory consumption is reduced.
Multi-user searchable encryption is a more complex and adaptive model of searchable encryption. A multi-user searchable encryption system has multiple users, each of which may be a data owner or an authorized user that shares data with a particular user. In order to realize data security, it is intuitive that a data owner encrypts different files with different keys to achieve the purpose of file access control. However, if an authorized user needs to retrieve multiple files containing the same keyword, which are from different data owners, a trapdoor needs to be generated for each file containing the keyword, and the efficiency of such processing is too low, and how to generate only one trapdoor to retrieve all authorized files is a problem that multi-user searchable encryption needs to be solved.
A multi-key searchable encryption (MKSE) scheme is a new technology to solve the above problems, and was proposed by Popa in 2013. The MKSE scheme contains two requirements: (1) in the multi-user searchable encryption scheme, files are provided by different data owners and are encrypted by different keys respectively. (2) When an authorized user needs to search for a certain keyword, files encrypted with different keys can be searched by only generating one trapdoor, and the trapdoor does not need to be generated for each file of each data owner. In 2014, Tang constructed a multi-key searchable encryption scheme based on the Popa scheme. Assuming that the security parameter is λ, the common parameter used by this scheme is params ═ (Γ, H)2) Wherein Γ ═ G (p, G)1,G2,GT,e,g1,g2),H:{0,1}*→G1,H1:{0,1}*→G2. After system setup, user ui(which may be the data owner or data consumer) first generates its own public and private keys, where the public key is the key of the data owner or data consumer
Figure BDA0002797753990000031
Private key MSKi=(MPKi,xi,yi). When data user utWant to search for data owner uiWhen the document is being recorded, he first requests an authorization
Figure BDA0002797753990000032
Is sent to ui。uiWhen generating index for documents, a unique mark id and a document key FK are selected for each documentid=(k1,k2) Where id ∈ {0,1}λ,k1、k2∈ZpThen, each keyword in the document is encrypted by using a document key to obtain (c)1,c2) Wherein
Figure BDA0002797753990000033
uiAll key word cryptographs of a document are combined into a list TAGidFor utTransmitted TKt→i,uiFirst by its own private key xiCalculate out
Figure BDA0002797753990000034
Then regenerating the authority value
Figure BDA0002797753990000035
uiSending the authority information to utAnd adds to the rights list of this document
Figure BDA0002797753990000036
Indicating that all users in this table can query uiThe file of (2). Because there is no trust center, the addition and deletion of users is realized by the data owner. The index table of each file of the data owner is indexid=(id,TAGidid). Data owner uiAnd encrypting each file and then sending the encrypted file and the index table to the cloud server. When data user ujTo search for data owner uiWhen it calculates the trapdoor
Figure BDA0002797753990000037
And the trap door and the own authority value
Figure BDA0002797753990000038
Sending the file to a cloud server, and searching whether an index table corresponding to each file contains a permission value or not by the cloud server
Figure BDA0002797753990000039
If it contains, u is statedjAccess to these documents is granted. If u isjIf the document is searched, the cloud server pair ujAll documents with access to test
Figure BDA00027977539900000310
If it is true, if ujIf the document of the other person is searched, the cloud server pair ujAll documents with access to test
Figure BDA00027977539900000311
Whether or not this is true. And finally, returning the file meeting the condition to the authorized user.
Although the above described work provides a more adaptive, simple, and flexible solution for multi-user searchable encryption, the following disadvantages remain:
because the scheme can only carry out the retrieval of a single keyword every time, the application scene of screening a plurality of keywords at the same time cannot be met, and the problems that the matching degree of the query result and the target result is not high enough, the number of returned results is too large, and the time for returning the results is too long are easily caused.
The scheme binds each file of a data owner with the authority values of all authorized users capable of accessing the file, and before searching keywords, the authority list delta of all file index tables needs to be searchedidAnd traversing once to find files which the authorized user has access right, and searching keywords in the indexes of the files. In practical application, the number of files owned by a data owner is usually huge, the number of files required to be searched by an authorized user is usually small, and the overhead of a mode of searching which files can be accessed by the authorized user by traversing the authority lists of all the file index tables is too large.
In this scheme, the data owner needs to generate a set of authorization keys for each file that each authorized user can access, the number of authorization keys increasing linearly with the number of authorized users and linearly with the number of files that each authorized user can access. The computing power and storage capacity are often limited for the data owner, who is exposed to a heavy computational burden as the number of authorized users and the number of files increase.
Without a secure channel for the transmission of authority values and trapdoors, this solution is not resistant to keyword guessing attacks. Suppose the attacker is AsIt can obtain its own authority value
Figure BDA0002797753990000041
And then utilizes its own private key ysCalculate out
Figure BDA0002797753990000042
To guess user utKeyword of query, attacker AsObtaining utTrapdoor
Figure BDA0002797753990000043
And authority value
Figure BDA0002797753990000044
AsGuessing a keyword w' and testing
Figure BDA0002797753990000045
Whether or not this is true. If yes, the keyword guessing is successful. However, the attack is limited to authorized users having the same file access right, and the attack cannot be performed on the data owner because the data owner uses k1Encrypted, authorized user k2Encryption, the authority value generated by the data owner in searching the own document is
Figure BDA0002797753990000046
Rather than to
Figure BDA0002797753990000047
But only have
Figure BDA0002797753990000048
Can the data owner's file be matched.
Disclosure of Invention
The invention aims to overcome the defects of the prior art and provide a multi-key searchable encryption method based on an attribute access control structure, and the method provides fine-grained access control and a flexible and efficient keyword retrieval solution for realizing multi-user security data sharing in the context of big data and cloud storage.
It is a second object of the present invention to provide a multi-key searchable encryption system based on attribute access control structures.
The first purpose of the invention is realized by the following technical scheme: a multi-key searchable encryption method based on an attribute access control structure comprises the following steps:
s1, generating a system public parameter params by an authority, and then publishing the system public parameter on a cloud server or broadcasting the system public parameter to all users in the system, wherein all the users in the system have the authority to access the system public parameter;
s2, the data user registers to the authority to become a legal user and obtains the attribute set generated by the authority for the legal user; the data owner also registers to the authority to become a legal user and obtains the authority to use certain attributes to formulate the access control strategy;
s3, the data owner adopts VBTree to formulate corresponding access control strategy according to the data files which the data owner wants to share and the attribute set of the data user which can access the files, an attribute access control list T, a mapping table M for assisting attribute query and a file index table Lambda for keyword access control are generated, the data owner encrypts the data files into ciphertext, and the attribute access control list T is encryptediistThe mapping table M, the file index table Lambda and the ciphertext are sent to the cloud server;
s4, when the data user wants to obtain the access authority of the file of a certain data owner, an authorization request is sent to the data owner; if the data owner agrees to authorize the data user, sending an authorization key to the data user;
s5, when a data user needs to search the file of the data owner, firstly submitting an attribute set and an authorization key of the data user to a cloud server, matching the attribute set of the data user with an attribute access control list by the cloud server, and if the attribute set of the data user meets the attribute access control list of the data owner, recording a matched node path and the authorization key by the cloud server;
and S6, when the data user submits the key word trapdoor, the cloud server obtains the path and the authorization key of the data user from the record, then matches the key word trapdoor with the file index table based on the path and the authorization key of the data user, and if the matching is successful, returns the corresponding file ciphertext to the data user.
Preferably, the process of step S1 is as follows:
s11, the authority generates a public parameter params according to the safety parameter lambda:
memory cell group
Figure BDA0002797753990000051
Wherein G is1、G2、GTIs three cyclic groups of order p, N is a large integer, g1Is G1G is a generator of2Is G2The generator of (e): g1×G2→GTIs a bilinear map, H1:{0,1}*→G1,H2:{0,1}*→G2,H3:{0,1}*×GT→GTAre three anti-collision hash functions that are,
Figure BDA0002797753990000052
s12, the authority publishes the system public parameters on the cloud server or broadcasts and sends the public parameters to all users in the system, and each participant generates own key according to the public parameters:
for data owner useriFirst, it selects a random number
Figure BDA0002797753990000053
Let private key SKi=<xi,yi>Computing public keys
Figure BDA0002797753990000054
For data userjFirst, it selects a random number
Figure BDA0002797753990000055
Let private key SKj=<xj,yj>Computing public keys
Figure BDA0002797753990000056
For the cloud server, it selects a random number
Figure BDA0002797753990000057
Let private key SKc=xcComputing public keys
Figure BDA0002797753990000058
Preferably, the process of step S2 is as follows:
the authority firstly generates a system attribute set U-ZN,ZNIs an integer group of modulo N, ZN={0,1,...,N-1};
A data consumer registers with an authority to become a valid consumer, and the authority generates a set of attributes for the data consumer
Figure BDA0002797753990000061
The data owner registers with an authority to become a valid user, and the authority generates a set of attributes for the data owner to formulate an access control structure
Figure BDA0002797753990000062
Further, in step S3, the data owner useriGenerating an attribute access control list TiistAnd mapping table M as follows:
s311, suppose the data owner useriIs to be an attribute set T containing n attributes ═ T1,T2,...,TnGenerate attribute access control list, then data owner useriFirstly, randomly selecting a random number
Figure BDA0002797753990000063
And construct a depth of
Figure BDA0002797753990000064
Complete binary tree of d1Represents useriThe number of the set attribute sets;
let path (v) denote the path from the root node to node v, which is a binary string, with the left child of each node denoted by "0" and the right child denoted by "1"; let node(s) denote all nodes from root to leaf, s is the number of nodes of the complete binary tree;
s312, then inserting n attributes into the attribute access control tree, wherein each time one attribute is inserted into the attribute access control tree, the attribute information is inserted from the root node to each node of the leaf nodes from top to bottom, namely
Figure BDA0002797753990000065
Wherein v belongs to nodes(s), s belongs to [1, d ]1],TjRepresents the jth attribute, j ∈ [1, n ]];
S313, after the insertion is finished, the useriThe value of each node of the complete binary tree is disturbed, and the disturbed node value is inserted into a hash table TiistInserting some random values into the hash table;
S314、userithe complete binary tree is traversed from bottom to top and a mapping table M for auxiliary queries is generated in the form of<path(v),num>Wherein, for a leaf node,<path(v),num>representing that the attribute set corresponding to the node v contains num attributes; for a non-leaf node, the node is,<path(v),num>the expression node v selects the smaller num of the left and right children as the attribute number num of the node v;
S315、useriaccess control list T of attributesiistMapping table M and binary tree depth depTAnd sending to the CS.
Further, in step S3, the data owner useriThe process of generating the file index table Λ is as follows:
s321, assuming a data owner useriTo generate a file index table for a user matching one of its attribute sets for m keywords, first, a keyword set W containing m keywords is set to { W }1,w2,...,wmThe path (v) corresponding to the attribute set and the attribute set are used as input, and a depth is constructed
Figure BDA0002797753990000071
Complete binary tree of d2Represents useriThe number of the set keyword sets;
s322, then inserting m keywords into the complete binary tree, wherein each time a keyword is inserted into the complete binary tree, the keyword information is inserted from the root node to each node of the leaf nodes from top to bottom, i.e. the keyword information is inserted from the root node to each node of the leaf nodes
Figure BDA0002797753990000072
u∈Nodes(s),s∈[1,d2],wzDenotes the z-th keyword, z ∈ [1, m [ ]];
S323, for each leaf node of the attribute access control tree, namely each attribute set, respectively generating a corresponding sub-tree to perform access control on the keywords based on the steps;
S324、userithe values of all nodes of the subtrees are scrambled and then inserted into a hash table Lambda, and random values are inserted into the hash table;
S325、useridocument fileIndex table Λ and binary tree depth depQAnd sending to the CS.
Preferably, in step S3, the data owner encrypts each file to be shared with a different symmetric key.
Preferably, the process of step S4 is as follows:
s41, user when data userjUser who wants to access data owneriWhen sharing a file, it first calculates
Figure BDA0002797753990000073
Order authorization request
Figure BDA0002797753990000074
userjTK is preparedj→iIs sent to the useri
S42, user as data owneriReceive userjTransmitted TKj→iIt first calculates
Figure BDA0002797753990000075
Judgment of
Figure BDA0002797753990000076
And
Figure BDA0002797753990000077
whether or not equal, if userjIf the user is a legal user, the two are equal;
s43 at
Figure BDA0002797753990000081
And
Figure BDA0002797753990000082
in case of equality, useriThen recover to
Figure BDA0002797753990000083
Calculating authorization keys
Figure BDA0002797753990000084
And will be
Figure BDA0002797753990000085
Returned to the userj
Preferably, the process of step S5 is as follows:
s51, user of data userjTo access data owner useriFirst, a random number r ∈ Z is selectedp *And is the own attribute set L ═ L1,L2,...,Lk} generating Attribute ciphertext
Figure BDA0002797753990000086
Wherein k is the number of attributes submitted by the data user;
S52、userjcomputing
Figure BDA0002797753990000087
Order authentication request
Figure BDA0002797753990000088
userjC is to beL、TKj→c,1And its own authorization key
Figure BDA0002797753990000089
Sending the data to the CS;
s53, calculating CS
Figure BDA00027977539900000810
Judgment of
Figure BDA00027977539900000811
And
Figure BDA00027977539900000812
whether or not equal, if userjIf the user is a legal user, the two are equal;
s54 at
Figure BDA00027977539900000813
And
Figure BDA00027977539900000814
if they are equal, CS recovers g1 rAnd performing an attribute set validation algorithm
Figure BDA00027977539900000815
Figure BDA0002797753990000091
If userjSatisfies user's attributeiThe CS will record the user if the attribute of CS accesses the control structurejThe authorization key and the path meeting the attribute access control structure, only the user is needed for the verification of the attribute setjWhen the search is performed for the first time, and when the keyword search is performed for the next time, the CS directly performs the search for the keyword from the record.
Preferably, the process of step S6 is as follows:
s61, user of data userjTo access data owner useriFirst selecting a random number r2∈Zp *And is the keyword w to be queried1,w2,...,wtGenerating keyword trapdoors
Figure BDA0002797753990000092
Wherein t is the number of the keywords and the number of the keyword trapdoors;
S62、userjcomputing
Figure BDA0002797753990000093
Order file access request
Figure BDA0002797753990000094
userjMixing TR and TKj→c,2Sending the data to the CS;
s63, CS calculation
Figure BDA0002797753990000095
Judgment of
Figure BDA0002797753990000096
And
Figure BDA0002797753990000097
whether or not equal, if userjIf the user is a legal user, the two are equal;
in that
Figure BDA0002797753990000101
And
Figure BDA0002797753990000102
when the two are equal, the CS is recovered
Figure BDA0002797753990000103
And executing a keyword search algorithm
Figure BDA0002797753990000104
Figure BDA0002797753990000105
The second purpose of the invention is realized by the following technical scheme: a multi-key searchable encryption system based on an attribute access control structure comprises an authority, a cloud server, a plurality of data owners and a plurality of data users, and the system executes the multi-key searchable encryption method based on the attribute access control structure to realize data secure sharing.
Compared with the prior art, the invention has the following advantages and effects:
(1) an efficient access control policy. According to the invention, access control is carried out on users by adopting encryption based on attributes instead of making access control strategies for each user or each file, and different attribute sets are organized by adopting the virtual binary search tree, so that the access control efficiency is improved, strategy hiding is realized, and the attribute values are not exposed to the cloud in a plaintext form.
(2) And flexible conjuncted keyword retrieval is supported. The invention supports flexible retrieval of the conjunctive keywords, organizes each file and the keyword set corresponding to the file by adopting a virtual binary tree method, brings greater flexibility to the retrieval of the encrypted data for the user, and improves the retrieval efficiency.
(3) Scanning of all documents is avoided when finding authorized documents. The invention combines the attribute set with the file set, directly hits the files which can be accessed by the authorized user according to the attribute set of the authorized user, does not need to scan all the files once, and greatly shortens the time for searching the files.
(4) And when searching the keywords, avoiding scanning all the authorization files. The invention adopts the mode of inverted index, determines the target file according to the submitted keyword set matched with the trapdoor, does not need to scan all the authorized files once, and greatly shortens the retrieval time.
(5) A secure channel is not required for the transmission of the trapdoor and the authorization key. The invention adopts a mode of designating the server, so that only a specific server can obtain the true trapdoor of the user, and an attacker cannot carry out keyword guessing attack on the information transmitted by the public channel.
(6) Practicality and safety. The invention adopts prime order group, bilinear mapping and virtual binary search tree to construct, has the characteristics of strategy hiding and leakage resistance, has stronger safety, and has better flexibility and practicability in the aspects of access control, file retrieval and keyword retrieval.
Drawings
Fig. 1 is a model diagram of a multi-key searchable encryption system based on an attribute access control structure according to the present invention.
Fig. 2 is a flow chart of the multi-key searchable encryption method based on the attribute access control structure of the present invention.
Fig. 3 is a schematic diagram of an attribute access control structure and a keyword access control structure.
Detailed Description
The present invention will be described in further detail with reference to examples and drawings, but the present invention is not limited thereto.
The invention provides a multi-key searchable encryption method and system supporting conjunctive keyword retrieval by utilizing searchable encryption and an attribute-based access control structure technology. Under the background of cloud storage, the VBTree is adopted to divide the attribute set, the attribute set is bound with the access authority of the file, whether the user is a legal user or not and the file set which can be accessed by the user can be effectively determined according to the attribute set submitted by the user, and therefore huge expenditure for traversing all files of a data owner once when the user is verified to be the legal user or not is avoided; meanwhile, the combined query of multiple keywords is realized, so that the query result is more flexible and accurate; and the data owner need not generate an authorization key for each authorized user and for each file they have access to, but only one authorization key for each authorized user; in addition, the invention adopts a method of appointing the server, avoids guessing attack by external keywords and solves four problems in the prior art.
Examples
The embodiment discloses a multi-key searchable encryption method based on an attribute access control structure, which is applied to a multi-key searchable encryption system based on the attribute access control structure, wherein a system model is shown in fig. 1 and mainly comprises four types of participants: one Authority (TA), one Cloud Server (CS), multiple Data Owners (DO), and multiple Data consumers (DU).
The Authority (TA) is a third-party trusted authority and is responsible for generating system public parameters and generating user attributes.
A Cloud Server (CS) is a designated server that is honest and curious, i.e., capable of honestly executing instructions and returning correct results, but may actively collect and analyze user data, such as data owner's files, file indexes, data user's attribute sets, keywords of queries, etc.
The Data Owner (DO) has a plurality of data files, can store the own data files in the cloud server, and selectively shares the own data files with data users having different attribute sets by formulating a certain access control strategy. The DO needs to register with an authority and obtain rights to use certain attributes to formulate access control policies.
A Data User (DU) may first register with an authority and obtain its own set of attributes. If a DU is authorized by DO, the DU is called authorized user, and it can obtain access rights for some file retrieval (determined according to its attribute set), and then obtain the target file through keyword retrieval. Each user in the system may be either a data owner or a data consumer.
The system may be a system that may actually share data, such as a medical health system, where the data user may be a doctor, a researcher in a medical institution, etc., the data owner may be a patient, and the sharable data may be a patient record.
The multi-key searchable encryption method based on the attribute access control structure is shown in fig. 2, and specifically includes the following steps:
first phase (system setup phase): and the authority generates a system public parameter params, and then the system public parameter is published on a cloud server or broadcast and sent to all users in the system, and all the users in the system have the authority to access the system public parameter.
The process is as follows:
s11, the authority generates a public parameter params according to the safety parameter lambda:
memory cell group
Figure BDA0002797753990000121
Wherein G is1、G2、GTIs three cyclic groups of order p, N is a large integer, g1Is G1G is a generator of2Is G2The generator of (e): g1×G2→GTIs a bilinear map, H1:{0,1}*→G1,H2:{0,1}*→G2,H3:{0,1}*×GT→GTAre three anti-collision hash functions that are,
Figure BDA0002797753990000131
in the system initialization phase, lambda is used as the input of the system, params is used as the output of the system, and lambda determines the cycle group G used1、G2、GTThe larger the λ, the larger p, and the safer the system.
S12, the authority publishes the system public parameters on the cloud server or broadcasts and sends the public parameters to all users in the system, and each participant generates own key according to the public parameters:
for data owner useriFirst, it selects a random number
Figure BDA0002797753990000132
Let private key SKi=<xi,yi>Computing public keys
Figure BDA0002797753990000133
For data userjFirst, it selects a random number
Figure BDA0002797753990000134
Let private key SKj=<xj,yj>Computing public keys
Figure BDA0002797753990000135
For the cloud server, it selects a random number
Figure BDA0002797753990000136
Let private key SKc=xcComputing public keys
Figure BDA0002797753990000137
S2, the authority firstly generates a system attribute set U-ZN,ZNIs an integer group of modulo N, ZN={0,1,...N-1 }; a data consumer registers with an authority as a legitimate consumer and obtains a set of attributes generated for it by the authority
Figure BDA0002797753990000138
The data owner also registers with the authority as a legitimate user and obtains the authority to formulate an access control policy using certain attributes, i.e. the set of attributes for which the authority generates to formulate an access control structure
Figure BDA0002797753990000139
And a second stage: the data owner adopts VBTree to formulate corresponding access control strategy according to the data files which the data owner wants to share and the attribute set of the data user which can access the files, and generates an attribute access control list TiistA mapping table M for auxiliary attribute query and a file index table Lambda for keyword access control, wherein a data owner encrypts a data file into a ciphertext and encrypts an attribute access control list TiistAnd the mapping table M, the file index table Lambda and the ciphertext are sent to the cloud server.
The process is as follows:
(1) generating an attribute access control list and a mapping table M:
s311, suppose the data owner useriIs to be an attribute set T containing n attributes ═ T1,T2,...,TnGenerate attribute access control list, then data owner useriFirstly, randomly selecting a random number
Figure BDA00027977539900001310
And construct a depth of
Figure BDA00027977539900001311
Complete binary tree of d1Represents useriThe number of the set attribute sets of the data users can be multiple, one attribute set can contain multiple attributes, and the attributes of the attribute sets are all in the same nodeThe above.
Let path (v) denote the path from the root node to node v, which is a binary string, and the left child of each node is denoted by "0" and the right child is denoted by "1", e.g., the root node is denoted by "", the left child of the root node is denoted by "0", and the right child of the node is denoted by "01", see fig. 3.
Let Node(s) denote leaf from root to leafsIs the number of nodes of the complete binary tree.
S312, then inserting n attributes into the attribute access control tree, wherein each time one attribute is inserted into the attribute access control tree, the attribute information is inserted from the root node to each node of the leaf nodes from top to bottom, namely
Figure BDA0002797753990000141
Wherein v belongs to nodes(s), s belongs to [1, d ]1],TjRepresents the jth attribute, j ∈ [1, n ]]. As in fig. 3, the root node of the complete binary tree contains all attributes a, b, c, d.
S313, after the insertion is finished, the useriThe value of each node of the complete binary tree is disturbed, and the disturbed node value is inserted into a hash table TiistAnd some random values are inserted into the hash table.
S314、useriThe complete binary tree is traversed from bottom to top and a mapping table M for auxiliary queries is generated in the form of<path(v),num>Wherein, for a leaf node,<path(v),num>representing that the attribute set corresponding to the node v contains num attributes; for a non-leaf node, the node is,<path(v),num>and the node v selects the smaller num of the left and right children as the attribute number num of the node v.
S315、useriAccess control list T of attributesiistMapping table M and binary tree depth depTAnd sending to the CS.
(2) Generating a file index table lambda:
s321, assuming a data owner useriTo generate a key word for m users matching a set of attributesThe file index table of (1) is obtained by first setting a keyword set W containing m keywords to { W }1,w2,...,wmThe path (v) corresponding to the attribute set and the attribute set are used as input, and a depth is constructed
Figure BDA0002797753990000143
Complete binary tree of d2Represents useriThe number of the set of keywords.
S322, then inserting m keywords into the complete binary tree, wherein each time a keyword is inserted into the complete binary tree, the keyword information is inserted from the root node to each node of the leaf nodes from top to bottom, i.e. the keyword information is inserted from the root node to each node of the leaf nodes
Figure BDA0002797753990000142
u∈Nodes(s),s∈[1,d2],wzDenotes the z-th keyword, z ∈ [1, m [ ]]。
S323, for each leaf node of the attribute access control tree, that is, each attribute set, respectively generating a corresponding sub-tree based on the steps S321 to S322 to perform access control on the keyword. As shown in fig. 3, after the keywords are inserted, the root node of the subtree contains all the keywords a, B, C, and D, and the paths have f1(0000), f2(0001), f3(0010), and f4(0011), respectively.
S324、useriThe values of each node of the subtrees are scrambled and then inserted into a hash table Lambda, and random values are inserted into the hash table.
S325、useriIndexing the file with table Λ and binary tree depth depQAnd sending to the CS.
(3) And (3) generating a ciphertext: the data owner encrypts each file to be shared by using a different symmetric key and sends the encrypted file to the CS.
Third stage (application and grant of access rights): when a data user wants to obtain the access authority of a file of a certain data owner, an authorization request is sent to the data owner; if the data owner agrees to authorize the data user, an authorization key is sent to the data user.
The process is as follows:
s41, user when data userjUser who wants to access data owneriWhen sharing a file, it first calculates
Figure BDA0002797753990000151
Order authorization request
Figure BDA0002797753990000152
userjTK is preparedj→iIs sent to the useri
S42, user as data owneriReceive userjTransmitted TKj→iIt first calculates
Figure BDA0002797753990000153
Judgment of
Figure BDA0002797753990000154
And
Figure BDA0002797753990000155
whether or not equal, if userjIf the user is a legal user, the two are equal;
s43 at
Figure BDA0002797753990000156
And
Figure BDA0002797753990000157
in case of equality, useriThen recover to
Figure BDA0002797753990000158
Calculating authorization keys
Figure BDA0002797753990000159
And will be
Figure BDA00027977539900001510
Returned to the userj
Fourth stage (verification of user attribute set): when a data user needs to retrieve a file of a data owner, firstly submitting an attribute set and an authorization key of the data user to a cloud server, matching the attribute set of the data user with an attribute access control list by the cloud server, and recording a path which accords with an attribute access control structure and the authorization key by the cloud server if the attribute set of the data user meets the attribute access control list of the data owner.
The process is as follows:
s51, user of data userjTo access data owner useriFirst, a random number r ∈ Z is selectedp *And is the own attribute set L ═ L1,L2,...,Lk} generating Attribute ciphertext
Figure BDA0002797753990000161
Wherein k is the number of attributes submitted by the data user;
S52、userjcomputing
Figure BDA0002797753990000162
Order authentication request
Figure BDA0002797753990000163
userjC is to beL、TKj→c,1And its own authorization key
Figure BDA0002797753990000164
Sending the data to the CS;
s53, calculating CS
Figure BDA0002797753990000165
Judgment of
Figure BDA0002797753990000166
And
Figure BDA0002797753990000167
whether or not equal, if userjIf the user is a legal user, the two are equal;
s54 at
Figure BDA0002797753990000168
And
Figure BDA0002797753990000169
if they are equal, CS recovers g1 rAnd performing an attribute set validation algorithm
Figure BDA00027977539900001610
Figure BDA0002797753990000171
If userjSatisfies user's attributeiThe CS will record the user if the attribute of CS accesses the control structurejAnd the path that satisfies the attribute access control structure, so that only the user is needed for the authentication of the attribute setjThe search is performed for the first time, and the search for the keyword can be performed directly from the record by the CS when the keyword search is performed for the next time.
Fifth stage (verification of keyword trapdoors): and when the data user submits the keyword trapdoor, the cloud server obtains the path and the authorization key of the data user from the record, then matches the keyword trapdoor with the file index table based on the path and the authorization key of the data user, and if the matching is successful, returns a corresponding file ciphertext to the data user.
The process is as follows:
s61, user of data userjTo access data owner useriFirst selecting a random number r2∈Zp *And is the keyword w to be queried1,w2,...,wtGenerating keyword trapdoors
Figure BDA0002797753990000172
Wherein t is the number of the keywords and the number of the keyword trapdoors;
S62、userjcomputing
Figure BDA0002797753990000173
Order file access request
Figure BDA0002797753990000181
userjMixing TR and TKj→c,2Sending the data to the CS;
s63, CS calculation
Figure BDA0002797753990000182
Judgment of
Figure BDA0002797753990000183
And
Figure BDA0002797753990000184
whether or not equal, if userjIf the user is a legal user, the two are equal;
in that
Figure BDA0002797753990000185
And
Figure BDA0002797753990000186
when the two are equal, the CS is recovered
Figure BDA0002797753990000187
And executing a keyword search algorithm
Figure BDA0002797753990000188
Figure BDA0002797753990000189
Therefore, the legitimate userjAnd finally, the required ciphertext can be accessed, and the original data file can be obtained through decryption.
The method of the embodiment has the following advantages:
1. attribute-based access control is combined with a multi-key searchable encryption scheme. Among existing multi-key searchable encryption schemes, most require access control at the file level or authorized user level. In the multi-key searchable encryption scheme, each file is encrypted by adopting a different key, so that the authority information of an authorized user is often required to be added to each file at a file level; at the authorized user level, it is necessary to transmit in advance the key of the file that the authorized user can access to the authorized user, and the like. Such operation is not practical because the number of files owned by each data owner and the number of authorized users are likely to be enormous in practical applications. The method combines the access control based on the attribute with a multi-key searchable encryption scheme, judges the effectiveness of the user according to the attribute set and divides a file set which can be accessed by an authorized user. The fine-grained access control is realized, and the scheme efficiency is greatly improved.
2. Policy hiding is implemented. In existing searchable encryption schemes based on attribute access control structures, attribute names and even attribute values are not usually hidden, which results in the cloud server being able to deduce some private information of the DO from these attributes. Even some schemes hide attribute names or attribute values, which typically requires a large overhead. In the method of the embodiment, the attribute set owned by the data user and the attribute set used by the data owner for attribute access control are encrypted, so that the potential security problems are avoided.
3. And matching the attribute set and searching the keywords by adopting a tree structure. In the existing multi-key searchable encryption system, it is usually necessary to scan all files of a data owner to find out files that can be accessed by an authorized user, so that the time for finding a file that a certain data user is authorized to access increases linearly with the number of files. In the keyword retrieval stage, files are generally matched one by one according to trapdoors, so that the matching time linearly increases with the number of files. The method combines the attribute set with the file set which can be accessed by the user and accords with the attribute set, processes the file index table in an inverted index mode, firstly extracts the keywords in the file, and then divides the keyword set according to the different keywords. Because the matching of the attribute set and the keyword query are carried out on the virtual binary tree, the matching time and the query time are irrelevant to the number of files, and a logarithmic relation is presented between the matching time and the number of the attribute sets and between the query time and the number of the keyword sets, thereby greatly shortening the matching and query time.
4. And the search of the conjunctive keywords is flexibly supported. In the searchable encryption scheme, some technologies can only support single-keyword queries, and if more flexible conjunctive keyword queries are to be completed, the single-keyword queries need to be repeatedly executed and the intersection of the results needs to be obtained, which in turn may leak the file information containing each keyword. The method adopts the virtual binary search tree to organize different keyword sets, and the searching of multiple keywords is performed layer by layer downwards during searching, so that the searching can be completed only by executing an algorithm once.
5. A particular cloud server is designated during trapdoor generation. In some multi-key searchable encryption schemes, if there is no secure channel for transmission of authority values and trapdoors, an attacker can intercept the authorized keys and keywords of others and use the authorized keys to participate in calculation to implement keyword guessing attacks. In the method, the public key of the designated cloud server is used for calculation in the trap door generation stage, so that only the cloud server can obtain the real trap door even if no secure channel is used for selection limitation and trap door transmission.
The above embodiments are preferred embodiments of the present invention, but the present invention is not limited to the above embodiments, and any other changes, modifications, substitutions, combinations, and simplifications which do not depart from the spirit and principle of the present invention should be construed as equivalents thereof, and all such changes, modifications, substitutions, combinations, and simplifications are intended to be included in the scope of the present invention.

Claims (10)

1. A multi-key searchable encryption method based on an attribute access control structure is characterized by comprising the following steps:
s1, generating a system public parameter params by an authority, and then publishing the system public parameter on a cloud server or broadcasting the system public parameter to all users in the system, wherein all the users in the system have the authority to access the system public parameter;
s2, the data user registers to the authority to become a legal user and obtains the attribute set generated by the authority for the legal user; the data owner also registers to the authority to become a legal user and obtains the authority to use certain attributes to formulate the access control strategy;
s3, the data owner adopts VBTree to formulate corresponding access control strategy according to the data files which the data owner wants to share and the attribute set of the data user which can access the files, an attribute access control list T, a mapping table M for assisting attribute query and a file index table Lambda for keyword access control are generated, the data owner encrypts the data files into ciphertext, and the attribute access control list T is encryptediistThe mapping table M, the file index table Lambda and the ciphertext are sent to the cloud server;
s4, when the data user wants to obtain the access authority of the file of a certain data owner, an authorization request is sent to the data owner; if the data owner agrees to authorize the data user, sending an authorization key to the data user;
s5, when a data user needs to search the file of the data owner, firstly submitting an attribute set and an authorization key of the data user to a cloud server, matching the attribute set of the data user with an attribute access control list by the cloud server, and if the attribute set of the data user meets the attribute access control list of the data owner, recording a matched node path and the authorization key by the cloud server;
and S6, when the data user submits the key word trapdoor, the cloud server obtains the path and the authorization key of the data user from the record, then matches the key word trapdoor with the file index table based on the path and the authorization key of the data user, and if the matching is successful, returns the corresponding file ciphertext to the data user.
2. The method for multi-key searchable encryption according to claim 1, wherein the process of step S1 is as follows:
s11, the authority generates a public parameter params according to the safety parameter lambda:
memory cell group
Figure FDA0002797753980000011
Wherein G is1、G2、GTIs three cyclic groups of order p, N is a large integer, g1Is G1G is a generator of2Is G2The generator of (e): g1×G2→GTIs a bilinear map, H1:{0,1}*→G1,H2:{0,1}*→G2,H3:{0,1}*×GT→GTAre three anti-collision hash functions that are,
Figure FDA0002797753980000012
s12, the authority publishes the system public parameters on the cloud server or broadcasts and sends the public parameters to all users in the system, and each participant generates own key according to the public parameters:
for data owner useriFirst, it selects a random number xi、yiE group
Figure FDA0002797753980000021
Let private key SKi=<xi,yi>Computing public keys
Figure FDA0002797753980000022
For data userjFirst, it selects a random number
Figure FDA0002797753980000023
Let private key SKj=<xj,yj>Computing public keys
Figure FDA0002797753980000024
For the cloud server, it selects a random number
Figure FDA0002797753980000025
Let private key SKc=xcComputing public keys
Figure FDA0002797753980000026
3. The method for multi-key searchable encryption according to claim 1, wherein the process of step S2 is as follows:
the authority firstly generates a system attribute set U-ZN,ZNIs an integer group of modulo N, ZN={0,1,...,N-1};
A data consumer registers with an authority to become a valid consumer, and the authority generates a set of attributes for the data consumer
Figure FDA0002797753980000027
The data owner registers with an authority to become a valid user, and the authority generates a set of attributes for the data owner to formulate an access control structure
Figure FDA0002797753980000028
4. The method for multi-key searchable encryption based on attribute access control structures according to claim 2, wherein in step S3, the data owner useriGenerating an attribute access control list TiistAnd mapping table M as follows:
s311, suppose the data owner useriIs to be an attribute set T containing n attributes ═ T1,T2,...,TnGenerate attribute access control list, then data owner useriFirstly, randomly selecting a random number
Figure FDA0002797753980000029
And construct a depth of
Figure FDA00027977539800000210
Complete binary tree of d1Represents useriThe number of the set attribute sets;
let path (v) denote the path from the root node to node v, which is a binary string, with the left child of each node denoted by "0" and the right child denoted by "1"; let node(s) denote all nodes from root to leaf, s is the number of nodes of the complete binary tree;
s312, then inserting n attributes into the attribute access control tree, wherein each time one attribute is inserted into the attribute access control tree, the attribute information is inserted from the root node to each node of the leaf nodes from top to bottom, namely
Figure FDA00027977539800000211
Wherein v belongs to nodes(s), s belongs to [1, d ]1],TjRepresents the jth attribute, j ∈ [1, n ]];
S313, after the insertion is finished, the useriThe value of each node of the complete binary tree is disturbed, and the disturbed node value is inserted into a hash table TiistInserting some random values into the hash table;
S314、userithe complete binary tree is traversed from bottom to top and a mapping table M for auxiliary queries is generated in the form of<path(v),num>Wherein, for a leaf node,<path(v),num>representing that the attribute set corresponding to the node v contains num attributes; for a non-leaf node, the node is,<path(v),num>the expression node v selects the smaller num of the left and right children as the attribute number num of the node v;
S315、useriaccess control list T of attributesiistMapping table M and binary tree depth depTAnd sending to the CS.
5. The method for multi-key searchable encryption based on attribute access control structures according to claim 4, wherein in step S3, the data owner useriThe process of generating the file index table Λ is as follows:
s321, assuming a data owner useriTo generate a file index table for a user matching one of its attribute sets for m keywords, first, a keyword set W containing m keywords is set to { W }1,w2,...,wmThe path (v) corresponding to the attribute set and the attribute set are used as input, and a depth is constructed
Figure FDA0002797753980000031
Complete binary tree of d2Represents useriThe number of the set keyword sets;
s322, then inserting m keywords into the complete binary tree, wherein each time a keyword is inserted into the complete binary tree, the keyword information is inserted from the root node to each node of the leaf nodes from top to bottom, i.e. the keyword information is inserted from the root node to each node of the leaf nodes
Figure FDA0002797753980000032
u∈Nodes(s),s∈[1,d2],wzDenotes the z-th keyword, z ∈ [1, m [ ]];
S323, for each leaf node of the attribute access control tree, namely each attribute set, respectively generating a corresponding sub-tree to perform access control on the keywords based on the steps;
S324、userithe values of all nodes of the subtrees are scrambled and then inserted into a hash table Lambda, and random values are inserted into the hash table;
S325、useriindexing the file with table Λ and binary tree depth depQAnd sending to the CS.
6. The method for multi-key searchable encryption according to claim 1, wherein in step S3, the data owner encrypts each file to be shared with a different symmetric key.
7. The method for multi-key searchable encryption according to claim 1, wherein the process of step S4 is as follows:
s41, user when data userjUser who wants to access data owneriWhen sharing a file, it first calculates
Figure FDA0002797753980000041
Order authorization request
Figure FDA0002797753980000042
userjTK is preparedj→iIs sent to the useri
S42, user as data owneriReceive userjTransmitted TKj→iIt first calculates
Figure FDA0002797753980000043
Judgment of
Figure FDA0002797753980000044
And
Figure FDA0002797753980000045
whether or not equal, if userjIf the user is a legal user, the two are equal;
s43 at
Figure FDA0002797753980000046
And
Figure FDA0002797753980000047
in case of equality, useriThen recover to
Figure FDA0002797753980000048
Calculating authorization keys
Figure FDA0002797753980000049
And will be
Figure FDA00027977539800000410
Returned to the userj
8. The method for multi-key searchable encryption according to claim 1, wherein the process of step S5 is as follows:
s51, user of data userjTo access data owner useriFirst, a random number r ∈ Z is selectedp *And is the own attribute set L ═ L1,L2,...,Lk} generating Attribute ciphertext
Figure FDA00027977539800000411
Wherein k is the number of attributes submitted by the data user;
S52、userjcomputing
Figure FDA00027977539800000412
Order authentication request
Figure FDA00027977539800000413
userjC is to beL、TKj→c,1And its own authorization key
Figure FDA00027977539800000414
Sending the data to the CS;
s53, calculating CS
Figure FDA00027977539800000415
Judgment of
Figure FDA00027977539800000416
And
Figure FDA00027977539800000417
whether or not equal, if userjIf the user is a legal user, the two are equal;
s54 at
Figure FDA0002797753980000051
And
Figure FDA0002797753980000052
if they are equal, CS recovers g1 rAnd performing an attribute set validation algorithm
Figure FDA0002797753980000053
Figure FDA0002797753980000054
If userjSatisfies user's attributeiThe CS will record the user if the attribute of CS accesses the control structurejThe authorization key and the path meeting the attribute access control structure, only the user is needed for the verification of the attribute setjWhen the search is performed for the first time, and when the keyword search is performed for the next time, the CS directly performs the search for the keyword from the record.
9. The method for multi-key searchable encryption according to claim 1, wherein the process of step S6 is as follows:
s61, user of data userjTo access data owner useriFirst selecting a random number r2∈Zp *And is the keyword w to be queried1,w2,...,wtGenerating keyword trapdoors
Figure FDA0002797753980000055
Wherein t is the number of the keywords and the number of the keyword trapdoors;
S62、userjcomputing
Figure FDA0002797753980000056
Order file access request
Figure FDA0002797753980000061
userjMixing TR and TKj→c,2Sending the data to the CS;
s63, CS calculation
Figure FDA0002797753980000062
Judgment of
Figure FDA0002797753980000063
And
Figure FDA0002797753980000064
whether or not equal, if userjIf the user is a legal user, the two are equal;
in that
Figure FDA0002797753980000065
And
Figure FDA0002797753980000066
when the two are equal, the CS is recovered
Figure FDA0002797753980000067
And executing a keyword search algorithm
Figure FDA0002797753980000068
Figure FDA0002797753980000069
10. A multi-key searchable encryption system based on an attribute access control structure, which is characterized by comprising an authority, a cloud server, a plurality of data owners and a plurality of data users, wherein the system executes the multi-key searchable encryption method based on the attribute access control structure according to any one of claims 1 to 9 to realize data secure sharing.
CN202011337817.XA 2020-11-25 2020-11-25 Multi-key searchable encryption method and system based on attribute access control structure Active CN112380553B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011337817.XA CN112380553B (en) 2020-11-25 2020-11-25 Multi-key searchable encryption method and system based on attribute access control structure

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011337817.XA CN112380553B (en) 2020-11-25 2020-11-25 Multi-key searchable encryption method and system based on attribute access control structure

Publications (2)

Publication Number Publication Date
CN112380553A true CN112380553A (en) 2021-02-19
CN112380553B CN112380553B (en) 2022-12-16

Family

ID=74587610

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011337817.XA Active CN112380553B (en) 2020-11-25 2020-11-25 Multi-key searchable encryption method and system based on attribute access control structure

Country Status (1)

Country Link
CN (1) CN112380553B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113032816A (en) * 2021-05-21 2021-06-25 神威超算(北京)科技有限公司 Encrypted file searching method, device and computer readable medium
CN113132345A (en) * 2021-03-04 2021-07-16 北京航空航天大学 Agent privacy set intersection method with searchable function
CN113158174A (en) * 2021-04-06 2021-07-23 上海交通大学 Automatic search system of grouping cipher actual key information based on graph theory
CN113411323A (en) * 2021-06-16 2021-09-17 上海应用技术大学 Medical record data access control system and method based on attribute encryption
CN115174568A (en) * 2022-06-23 2022-10-11 南京信息工程大学 Attribute-based ciphertext retrieval method
CN116405929A (en) * 2023-06-09 2023-07-07 贵州联广科技股份有限公司 Secure access processing method and system suitable for cluster communication

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468121A (en) * 2014-11-27 2015-03-25 重庆邮电大学 Public-key searchable encryption method supporting multi-secret-key encryption based on designated server
CN105871543A (en) * 2016-03-29 2016-08-17 西安电子科技大学 Attribute-based multi-keyword ciphertext retrieval method under background of multiple data owners
WO2016197770A1 (en) * 2015-06-12 2016-12-15 深圳大学 Access control system and access control method thereof for cloud storage service platform
CN107634829A (en) * 2017-09-12 2018-01-26 南京理工大学 Encrypted electronic medical records system and encryption method can search for based on attribute
CN108156140A (en) * 2017-12-13 2018-06-12 西安电子科技大学 A kind of multiple key that numerical attribute is supported to compare can search for encryption method
CN111726363A (en) * 2020-06-24 2020-09-29 暨南大学 Attribute-based multi-user connection keyword searchable encryption method

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104468121A (en) * 2014-11-27 2015-03-25 重庆邮电大学 Public-key searchable encryption method supporting multi-secret-key encryption based on designated server
WO2016197770A1 (en) * 2015-06-12 2016-12-15 深圳大学 Access control system and access control method thereof for cloud storage service platform
CN105871543A (en) * 2016-03-29 2016-08-17 西安电子科技大学 Attribute-based multi-keyword ciphertext retrieval method under background of multiple data owners
CN107634829A (en) * 2017-09-12 2018-01-26 南京理工大学 Encrypted electronic medical records system and encryption method can search for based on attribute
CN108156140A (en) * 2017-12-13 2018-06-12 西安电子科技大学 A kind of multiple key that numerical attribute is supported to compare can search for encryption method
CN111726363A (en) * 2020-06-24 2020-09-29 暨南大学 Attribute-based multi-user connection keyword searchable encryption method

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
李晓蓉等: "云计算中基于属性的可搜索加密电子病历系统", 《计算机科学》 *
王静宇等: "一种基于属性加密的细粒度云访问控制方案", 《微电子学与计算机》 *
黄海平等: "一种基于云存储的多服务器多关键词可搜索加密方案", 《电子与信息学报》 *

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113132345A (en) * 2021-03-04 2021-07-16 北京航空航天大学 Agent privacy set intersection method with searchable function
CN113158174A (en) * 2021-04-06 2021-07-23 上海交通大学 Automatic search system of grouping cipher actual key information based on graph theory
CN113158174B (en) * 2021-04-06 2022-06-21 上海交通大学 Automatic search system of grouping cipher actual key information based on graph theory
CN113032816A (en) * 2021-05-21 2021-06-25 神威超算(北京)科技有限公司 Encrypted file searching method, device and computer readable medium
CN113411323A (en) * 2021-06-16 2021-09-17 上海应用技术大学 Medical record data access control system and method based on attribute encryption
CN115174568A (en) * 2022-06-23 2022-10-11 南京信息工程大学 Attribute-based ciphertext retrieval method
CN116405929A (en) * 2023-06-09 2023-07-07 贵州联广科技股份有限公司 Secure access processing method and system suitable for cluster communication
CN116405929B (en) * 2023-06-09 2023-08-15 贵州联广科技股份有限公司 Secure access processing method and system suitable for cluster communication

Also Published As

Publication number Publication date
CN112380553B (en) 2022-12-16

Similar Documents

Publication Publication Date Title
CN112380553B (en) Multi-key searchable encryption method and system based on attribute access control structure
Niu et al. Electronic health record sharing scheme with searchable attribute-based encryption on blockchain
Miao et al. m 2-ABKS: Attribute-based multi-keyword search over encrypted personal health records in multi-owner setting
Peng et al. An efficient ranked multi-keyword search for multiple data owners over encrypted cloud data
Guo et al. Towards public verifiable and forward-privacy encrypted search by using blockchain
CN106850652B (en) Arbitration searchable encryption method
Li et al. Achieving authorized and ranked multi-keyword search over encrypted cloud data
CN112365945B (en) Electronic medical record fine granularity access control and ciphertext searchable method based on blockchain
Su et al. BA-RMKABSE: Blockchain-aided ranked multi-keyword attribute-based searchable encryption with hiding policy for smart health system
WO2022099495A1 (en) Ciphertext search method, system, and device in cloud computing environment
WO2018122287A1 (en) Method and system for search pattern oblivious dynamic symmetric searchable encryption
CN106921674A (en) The re-encryption semanteme of acting on behalf of that quantum is attacked after anti-can search for encryption method
CN108171066A (en) The cross-domain searching method of keyword and system in a kind of medical treatment cloud under secret protection
CN111726363A (en) Attribute-based multi-user connection keyword searchable encryption method
Yang et al. Flexible wildcard searchable encryption system
Dai et al. A privacy-preserving multi-keyword ranked search over encrypted data in hybrid clouds
CN106980796A (en) MDB is based under cloud environment+The multiple domain of tree connects the searching method of keyword
Cao et al. Privacy-preserving conjunctive keyword search on encrypted data with enhanced fine-grained access control
Halder et al. Enabling secure time-series data sharing via homomorphic encryption in cloud-assisted IIoT
Huang et al. Privacy-preserving traceable attribute-based keyword search in multi-authority medical cloud
CN109740378B (en) Security pair index structure resisting keyword privacy disclosure and retrieval method thereof
Zhang et al. Towards Privacy-Preserving Cloud Storage: A Blockchain Approach.
CN114254344A (en) Private data range query method of shared database based on block chain
Wang et al. Attribute-based encrypted search for multi-owner and multi-user model
Smithamol et al. PECS: Privacy enhanced conjunctive search over encrypted data in the cloud supporting parallel search

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant