CN112632598A

CN112632598A - Encrypted data retrieval and sharing method, system, medium, equipment and application

Info

Publication number: CN112632598A
Application number: CN202011430096.7A
Authority: CN
Inventors: 樊凯; 金海�; 王昊洋; 金雄海; 李晖
Original assignee: Xidian University
Current assignee: Xidian University
Priority date: 2020-12-09
Filing date: 2020-12-09
Publication date: 2021-04-09
Anticipated expiration: 2040-12-09
Also published as: CN112632598B

Abstract

The invention belongs to the technical field of information data processing, and discloses a method, a system, a medium, equipment and an application for retrieving and sharing encrypted data, wherein the method comprises the following steps: initializing a system; generating an encryption matrix index; generating a keyword trapdoor by using a paillier key pair; in the searching stage, ciphertext searching is carried out by using two ciphertext comparison algorithms; and after the intelligent vehicle obtains the query result, transmitting the attribute set of the intelligent vehicle to the authority platform. The authoritative platform resolves the dense-phase correlation key ciphertext based on the attribute set; and updating keywords or data. When the method is used for searching or sharing, data are encrypted, college searching can be realized, fuzzy searching can be performed on keywords with spelling errors, and results are sorted according to the relevance, so that accurate searching is realized; safe retrieval and sharing of data are realized, and fuzzy retrieval can be performed on keywords with spelling errors; the system can realize efficient and encrypted retrieval, and how to realize efficient encryption sharing.

Description

Encrypted data retrieval and sharing method, system, medium, equipment and application

Technical Field

The invention belongs to the technical field of information data processing, and particularly relates to a method, a system, a medium, equipment and an application for retrieving and sharing encrypted data.

Background

At present: as the market for IoV continues to expand, more and more vehicles and associated equipment are being integrated therein. It not only has an impact on network capacity, but also makes the network topology more complex. For these reasons, data sharing and transmission in dense areas of the network may be lost or congested, reducing network reliability and increasing transmission delay.

The disadvantage of the prior IoV technology is that the prior architecture is ground-based, providing network access services for vehicles and vehicular applications. The advent of SASAGETN in response to this major problem has provided a new line of thought for the expansion of IoV. SAGAVIN is a comprehensive network architecture which is based on the ground, multiple dimensions and different layers and is formed by adding a Low Earth Orbit Satellite (LEOS), an Unmanned Aerial Vehicle (UAV) and a High Altitude Platform (HAP) into a ground network. Various network devices in the aerospace field are utilized to provide real-time network access services for vehicles and vehicle-mounted applications in different environments. Notably, SAGIVN is susceptible to various types of attacks and threats as it contains various different types of network interfaces and communication modes.

Through the above analysis, the problems and defects of the prior art are as follows: the prior art SAGIVN is susceptible to various types of attacks and threats under various different types of network interfaces and communication modes.

The difficulty in solving the above problems and defects is: most of the existing data privacy protection aiming at the car networking environment is based on differential privacy protection in machine learning, and only information such as the position of a vehicle can be protected. An effective solution is not provided to the problem of safe storage and sharing of data generated by vehicles in the internet of vehicles. Meanwhile, the vehicle has high-speed mobility, so that higher requirements are provided for the topological structure of the proposed system, and it is difficult to meet the communication low-delay standard in the moving process of the vehicle on the premise of ensuring the safety.

The significance of solving the problems and the defects is as follows: the internet of vehicles serves as an important component in the internet of things, so that global intelligent transportation is greatly developed, but in recent years, the improvement of intelligent transportation is hindered by some problems existing in the internet of vehicles, firstly, the coverage range of the internet of vehicles cannot meet the current transportation requirement, many remote or incomplete areas of network infrastructure cannot be added into the internet of vehicles, in addition, the privacy protection of the vehicles in the internet of vehicles still stays at the stage of data such as positions, and an effective scheme is not provided for the safe storage and sharing of the data of the vehicles. The scheme combines the Internet of vehicles and the SAGIN and simultaneously provides an effective solution for the two problems by combining the searchable encryption technology.

Disclosure of Invention

Aiming at the problems in the prior art, the invention provides a method, a system, a medium, equipment and an application for retrieving and sharing encrypted data.

The invention is realized in such a way that an encrypted data retrieval and sharing method comprises the following steps:

in the initial stage of the system, firstly, system initialization is carried out, wherein the system initialization comprises key initialization and file initialization;

the authority uses an optimization algorithm to calculate the relevance scores among the keywords, uses a public key of the intelligent vehicle to encrypt the keywords in the dictionary or a certain single character to obtain a tuple, uses a hash function and a random function, and uses the obtained keyword ciphertext tuple and a file identifier to generate an encryption index;

the trapdoor generation comprises two parts; the intelligent automobile calculates the weights of all keywords in the query keyword set according to the dependency grammar and the phrase structure tree; the intelligent automobile generates a trap door by using a public key as a keyword, and a final tuple is obtained by combining the weight and the trap door;

after the tuple is obtained, the network access node firstly executes fuzzy search, the trapdoor tuple is put into a candidate set, and the network access node accurately searches the candidate set to obtain a final search result;

after obtaining the query result, the intelligent vehicle sends the attribute set of the intelligent vehicle to the authority, then the authority returns the encryption key, and the intelligent vehicle decrypts the file by using the key to obtain a plaintext set;

the data or keywords are updated.

Further, the specific initialization steps are as follows:

(1) initializing a key, setting a fuzzy value acc of query by a network access Node (NAP) to be x, wherein acc represents a text distance between two keywords, x is an integer, the NAP inputs a security parameter alpha to the AP, the AP outputs a character string K with the length of alpha, K is a key for symmetric encryption, the NAP inputs a security parameter mu to the AP, and the AP outputs a pair of keys, wherein the process is as follows:

step one, AP randomly selects two large prime numbers p and q, and calculates n as p multiplied by q, wherein p is more than 0 and less than 2^μ,0＜q＜2^μ,

Step two, AP calculates sigma ═ e^-1mod n, where e ═ lcm (p-1, q-1)

Thirdly, generating a public and private key pair by the AP, wherein pk is n and sk is (e, sigma);

(2) file initialization, SV extracting ω from a set of files_iConstructing a dictionary W, SV generating a corresponding file identifier id for each file_y(1 < y < n), transmitting the W and the plaintext data set to the AP, and encrypting the files in the file set by the AP by using the symmetric key K; the AP performs an attribute encryption on K, the attribute policy being defined by SV, the AP using the common parameter pp and a random number

The encryption key is calculated as follows:

the encryption key will be stored at the AP. When the SV needs to decrypt, they send the attribute set to the AP, which returns the decrypted K to the SV.

Further, the specific steps of constructing the index include:

(1) the AP calculates a relevance score between the file and the keyword by using an optimized TF multiplied by IDF algorithm;

(2) the AP executes preprocessing operation on the keywords in the dictionary;

(3) AP uses the public key pk of SV_cEncrypting the key words in the dictionary and the letter words or a single character in the key words to obtain the following tuples:

AP uses a hash function H_w(·),H_fAnd (c) a random function R (·), generating an encryption index using the obtained key ciphertext tuple and the file identifier, the creation steps of which are as follows:

step one, initializing a matrix eta of a (m '× n') latitude, wherein m is less than or equal to m ', n is less than or equal to n', m is the maximum number in a keyword set, n is the maximum number in a data set, and setting all elements in the matrix to be 0;

step two, for the encryption matrix index with x being 1,2, …, n 'and y being 1,2, …, m', the AP uses the hash function H_w(. to) generate a hash table α_w(. to) containing the mapping result α_w([w_i]_pk) The AP generates a hash table alpha by utilizing R (-) and H (-) values_f(. to) containing the mapping result α_f(f_y) As follows:

R(id_y)＝f_y

α_f(f_y)→t；

thirdly, establishing a corresponding relation between the file and the keywords based on the initialization matrix eta, if the file id_yThe keyword w appears in (1. ltoreq. y. ltoreq.n)_x(x is not less than 1 and not more than m), the corresponding element in the matrix eta is set as w_xAnd id_yTF x IDF value of, otherwise set to 0;

AP only transmits the encrypted index to NAP, and reserves hash function H_w(·)、H_f(. cndot.) and a random function R (-).

Further, the specific steps for generating the trapdoor are as follows:

the trap door generation comprises two parts, firstly, SV calculates the weight of all key words in a query key word set according to the dependency grammar and the phrase structure tree, secondly, the intelligent automobile generates the trap door for the key words through a key pair, and then the final tuple is obtained by combining the weight and the trap door;

(1) calculating the weight, wherein for each keyword in the query set, the initial keyword relationship is 1, if the keyword has a syntactic relationship with other keywords, the weight of the keyword is changed into 1+ R, wherein R represents the syntactic relationship;

for two search keys q₁And q is₂Syntactic relations are denoted as R (q)₁,q₂) If there is a grammatical relationship between them, then q₁And q is₂Respectively increase

And

wherein d is₁And d₂Respectively represent the distance between two keywords and the common ancestor node, d represents the distance between the keywords, i.e. d ═ d₁+d₂；

For any query Q ═ Q₁,q₂,…,q_zZ is the number of search keywords, and the weight value for keyword q is p × z, where p is the weight ratio of search keyword q:

the weight KW of the keyword q is expressed as:

(2) trapdoor generation, SV encrypting the query key w with their keys, SV encrypting the letters or single characters in the key wEncrypting to obtain ciphertext group

The SV adds the weight associated with the key to the tuple.

Further, after obtaining the tuple, the network access node first performs a fuzzy search, puts the trapdoor tuple into the candidate set, and the network access node accurately searches the candidate set to obtain a final search result specifically including:

CGE algorithm: SV and NAP respectively have a group of paillier key pairs of (pk, sk) and (pk)_NAP,sk_NAP) Given two integers a, b, two ciphertext integers a ═ a are obtained by encrypting with the public key pk]_pk,B＝[b]_pkThe CGE algorithm calculates A and B to obtain the relation between a and B;

the CGE algorithm is performed as follows:

(1) SV selects a relatively small positive integer r and calculates

According to additive homomorphism of the paillier encryption algorithm, there is

(a-b) and (a-b) × r are marked by the same flag, since r is a small positive integer, SV sends X to NAP;

(2) NAP decrypts X by using private key sk to obtain plaintext X, and if X is larger than or equal to 0, the plaintext X is decrypted by NAP

Otherwise cause to

Sending the results to the SVs;

(3) after receiving result, SV uses private key sk_cpEncrypt it to obtain

CE algorithm: the objective of the CE algorithm is to compute two ciphertext integers a ═ a]_pkAnd B ═ B]_pkDetermining whether the plaintext a and b are equal to realize an accurate searching function, and realizing twice CGE algorithm of the CE algorithm; during searching, after acquiring the trapdoor tuple TTS, the NAP firstly executes fuzzy search, puts items matched with the TTS into a candidate set TTS ', and the NAP accurately searches the TTS' to obtain a final result TTS ";

after the NAP obtains the final set TTS ', the NAP obtains row vectors associated with all items in the TTS' from the encryption matrix eta

NAP multiplies each row vector by the correlation coefficient of the corresponding keyword trapdoor sent by SV, adds all the row vectors and obtains v_resultAnd then transmitted to DC.

Further, after obtaining the above query result, the intelligent vehicle sends its own attribute set to the authority, and then the authority returns the encryption key, and the intelligent vehicle obtains a plaintext set by using the key decryption file to decrypt the file, which specifically includes: and after obtaining the query result, the SV transmits the attribute set Att to the AP. AP decrypts the relevant encryption key based on Att:

the SV decrypts the ciphertext data by using the symmetric key K to obtain a plaintext set of the query result, and the process is as follows:

the specific steps for updating the data or the keywords are as follows:

and (3) updating the keywords: the SV does not need to transmit the update status onto DC;

(1) key addition, when SV adds a key to a dictionary, an updated tuple is created containing the operation instruction op ═ addition "and the key W that needs to be added_addAfter AP receives the tuple from SV, AP first calculates W_addAnd the value of TF x IDF between each file, the AP encrypts W using paillier_addObtain ciphertext [ w_add]_paillierAnd deriving vectors based on the above values

AP forms a new tuple by the op and the vector and sends the new tuple to NAP, and the NAP utilizes the hash function H stored by the NAP_w(. a) is to

Mapping to the corresponding position in the matrix index and adding;

(2) the operation instruction of SV is op ═ deletion, and unlike the add operation, when NAP receives the key w_delCiphertext of (1)_del]_paillierTemporal NAP may use hash function H_w(. to) map its position in the matrix index and then remove the relevant vector v from the matrix index_del；

And (3) updating data: the data update and key update operations are completely different, the key update only needs to be operated on the NAP, and then the data update needs to be simultaneously performed on the NAP and the DC;

(1) data deletion, file update and key update are different, the file update requires the AP to send out update operation to the NAP and the DC, and in the case of file deletion, SV generates a tuple containing the file identifier f of the file to be deleted_delAnd deleting the instruction op as "deletion", after the AP receives the tuple, utilizing the hash function H stored by the AP_f(. to) map to obtain [ f_del]_paillierPosition of

AP will newly generate tuple (op, pos)_del) Sent to NAP and DC respectively, the NAP and DC are in alpha_f(. h) and their stored matrix indices;

(2) data addition, the data addition operation also needs the SV to send an operation instruction op ═ add', and the file addition indicator f_addAnd addition and f_addRelated keywords { [ w { [_n]_paillierL (n ═ i, j, z, m, n, p) } to AP; AP uses a hash function H_f(. to) map to obtain [ f_add]_paillierPosition pos of_addAP also calculates f_addAnd a keyword { [ w { [_n]_paillierTF × IDF between | (n ═ i, j, z, m, n, p) }; generating a set of tuples { ([ w ]_n]_paillier，(TF×IDF)_n) I (n ═ i, j, z, m, n, p) }, the AP will (op, [ f } will do_add]_paillier) Transmitted to DC for updating the two-way hash table alpha stored on DC_f(. to) while the AP will be (op, [ f)_add]_paillier,{([w_n]_paillier,(TF×IDF)_n) | l (n ═ i, j, z, m, n, p) }) is transmitted to the NAP, and the matrix index stored at the NAP is updated.

It is a further object of the invention to provide a computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of:

the data or keywords are updated.

It is another object of the present invention to provide a computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:

the data or keywords are updated.

Another object of the present invention is to provide a vehicle information data processing terminal for implementing the encrypted data retrieval and sharing method.

Another object of the present invention is to provide an encrypted data retrieving and sharing system implementing the encrypted data retrieving and sharing method, the encrypted data retrieving and sharing system comprising:

the system initialization module is used for carrying out system initialization including key initialization and file initialization at the initial stage of the system;

the system comprises an encryption index generation module, an authority and a file identifier generation module, wherein the encryption index generation module is used for calculating correlation row scores among keywords by using an optimization algorithm, acquiring tuples by using the keywords or a certain single character in a public key encryption dictionary of the intelligent vehicle, and generating an encryption index by using the acquired keyword ciphertext tuples and the file identifier by using a hash function and a random function by the authority;

the trapdoor generation module is used for generating the trapdoor; the intelligent automobile calculates the weights of all keywords in the query keyword set according to the dependency grammar and the phrase structure tree; the intelligent automobile generates a trap door by using a public key as a keyword, and a final tuple is obtained by combining the weight and the trap door;

the search result acquisition module is used for performing fuzzy search by the network access node after obtaining the tuple, putting the trapdoor tuple into the candidate set, and accurately searching the candidate set by the network access node to obtain a final search result;

the plaintext set acquisition module is used for sending the attribute set of the intelligent vehicle to the authority after the intelligent vehicle obtains the query result, the authority returns the encryption key, and the intelligent vehicle decrypts the file by using the key to obtain a plaintext set;

and the updating module is used for updating the data or the keywords.

By combining all the technical schemes, the invention has the advantages and positive effects that: the invention provides a safe and effective retrieval and sharing scheme based on encrypted data in order to ensure the safety and the effectiveness of data transmission, the data are encrypted when the data are retrieved or shared, and the scheme can realize college retrieval, can carry out fuzzy retrieval on keywords with spelling errors and sequence the results according to the relevance, thereby realizing accurate retrieval. The safe retrieval and sharing of data are realized, and fuzzy retrieval can be performed on keywords with spelling errors. The system can realize efficient and encrypted retrieval, and how to realize efficient encryption sharing.

Compared with the prior art, the invention has the following advantages:

(1) the invention relates to a keyword conversion method based on a one-way algorithm and parallel encryption. For misspellings of a letter, the scheme may use the misspelled key and the correct key to obtain the fuzzy value. In addition, the method is also effective for other spelling errors.

(2) In order to improve the accuracy of the query, the scheme introduces natural language processing in the trapdoor generation part, and calculates the weight of the keywords in the query keyword set by using the dependency grammar and the phrase structure tree before generating the query trapdoor, which plays an important role in improving the query accuracy by extracting the query part.

(3) The cross-language query method based on the ASCII codes the keywords in the dictionary, encrypts the keywords into the ciphertext by using a higher-level encryption technology, and can realize the cross-language query under any language environment.

(4) Access control management, in the existing loV architecture, data transmission and sharing are realized by using secure broadcast, which not only generates huge communication overhead, but also cannot perform fine management on user authorization, thereby realizing fine management on user access control.

(5) Performance and safety, the invention implements and evaluates the proposed solution according to a real SAGIVN environment. The result shows that the scheme realizes high-precision searching of data and confidentiality of the data.

Drawings

In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings needed to be used in the embodiments of the present application will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present application, and it is obvious for those skilled in the art that other drawings can be obtained from the drawings without creative efforts.

Fig. 1 is a flowchart of an encrypted data retrieving and sharing method according to an embodiment of the present invention.

FIG. 2 is a schematic structural diagram of an encrypted data retrieving and sharing system according to an embodiment of the present invention;

in fig. 2: 1. a system initialization module; 2. an encryption index generation module; 3. a trapdoor generation module; 4. a search result acquisition module; 5. a plaintext collection acquisition module; 6. and updating the module.

Fig. 3 is a flowchart of an implementation of the encrypted data retrieving and sharing method according to an embodiment of the present invention.

Fig. 4 is a sky-ground integration network diagram according to an embodiment of the present invention.

FIG. 5 is an index building block diagram provided by an embodiment of the invention.

FIG. 6 is a simulation diagram of index building provided by an embodiment of the present invention.

FIG. 7 is a simulation diagram of a trapdoor query according to an embodiment of the present invention.

FIG. 8 is a parse tree diagram according to an embodiment of the present invention.

FIG. 9 is a fuzzy query graph as provided by embodiments of the present invention.

Fig. 10 is a simulation diagram of fuzzy search according to an embodiment of the present invention.

FIG. 11 is an accurate query graph provided by embodiments of the present invention.

FIG. 12 is a diagram of an accurate search simulation provided by an embodiment of the present invention.

Fig. 13 is a query matching graph provided by an embodiment of the present invention.

Detailed Description

In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.

In view of the problems in the prior art, the present invention provides a method, system, medium, device and application for retrieving and sharing encrypted data, which will be described in detail with reference to the accompanying drawings.

As shown in fig. 1, the encrypted data retrieving and sharing method provided by the present invention includes the following steps:

s101: in the initial stage of the system, firstly, system initialization is carried out, wherein the system initialization comprises key initialization and file initialization;

s102: the authority uses an optimization algorithm to calculate the relevance scores among the keywords, uses a public key of the intelligent vehicle to encrypt the keywords in the dictionary or a certain single character to obtain a tuple, and uses a hash function and a random function to generate an encryption index by using the obtained keyword ciphertext tuple and a file identifier;

s103: the trapdoor generation comprises two parts; the intelligent automobile calculates the weights of all keywords in the query keyword set according to the dependency grammar and the phrase structure tree; the intelligent automobile generates a trap door by using a public key as a keyword, and a final tuple is obtained by combining the weight and the trap door;

s104: after the tuple is obtained, the network access node firstly executes fuzzy search, the trapdoor tuple is put into a candidate set, and the network access node accurately searches the candidate set to obtain a final search result;

s105: after obtaining the query result, the intelligent vehicle sends the attribute set of the intelligent vehicle to the authority, then the authority returns the encryption key, and the intelligent vehicle decrypts the file by using the key to obtain a plaintext set;

s106: the data or keywords are updated.

Those skilled in the art can also use other steps to implement the encrypted data retrieving and sharing method provided by the present invention, and the encrypted data retrieving and sharing method provided by the present invention in fig. 1 is only one specific embodiment.

As shown in fig. 2, the encrypted data retrieving and sharing system provided by the present invention includes:

the system initialization module 1 is used for performing system initialization including key initialization and file initialization at the initial stage of the system;

the encrypted index generation module 2 is used for calculating the relevance scores among the keywords by using an optimization algorithm by an authority, encrypting the keywords or a certain single character in a dictionary by using a public key of the intelligent vehicle to obtain a tuple, and generating an encrypted index by using the obtained keyword ciphertext tuple and a file identifier by the authority by using a hash function and a random function;

the trapdoor generation module 3 is used for generating the trapdoor; the intelligent automobile calculates the weights of all keywords in the query keyword set according to the dependency grammar and the phrase structure tree; the intelligent automobile generates a trap door by using a public key as a keyword, and a final tuple is obtained by combining the weight and the trap door;

the search result acquisition module 4 is used for performing fuzzy search by the network access node after obtaining the tuple, putting the trapdoor tuple into the candidate set, and accurately searching the candidate set by the network access node to obtain a final search result;

the plaintext set acquisition module 5 is used for sending the attribute set of the intelligent vehicle to the authority after the intelligent vehicle obtains the query result, returning the encryption key by the authority, and decrypting the file by the intelligent vehicle by using the key to obtain a plaintext set;

and the updating module 6 is used for updating the data or the keywords.

The technical solution of the present invention is further described below with reference to the accompanying drawings.

As shown in fig. 3, the encrypted data retrieving and sharing method provided by the present invention includes the following steps:

the method comprises the following steps: initializing a system;

step two: generating an index;

step three: generating a trap door;

step four: searching;

step five: decrypting the file;

step six: and (6) updating.

As shown in fig. 4, the present invention will be further described in more detail as follows:

the first step is as follows: system initialization

(1) And (5) key initialization. NAP (network access node) sets the fuzzy value acc of the query as x (acc denotes the text distance between two keywords, x is an integer). The NAP inputs a security parameter α to the AP, which outputs a string K of length α, K being a key for symmetric encryption. The NAP inputs the security parameter μ to the AP, which outputs a pair of keys as follows:

step one, AP randomly selects two large prime numbers p and q, and then calculates n as p multiplied by q, wherein p is more than 0 and less than 2^μ,0＜q＜2^μ,

Step two, AP calculates sigma ═ e^-1mod n, where e ═ lcm (p-1, q-1);

(2) and (5) initializing a file. SV extracts omega from a set of files_iA dictionary W is constructed. Furthermore, the SV generates a corresponding file identifier id for each file_y(1 < y < n), then W and the plaintext data set are transmitted to the AP. The AP encrypts the files in the file set with the symmetric key K. And the AP performs attribute encryption on K, the attribute policy being defined by SV. AP uses the common parameter pp and a random number

The encryption key is calculated as follows:

The second step is that: index generation

(1) The AP calculates the relevance score between the document and the keyword using an optimized TF x IDF algorithm.

(2) The AP performs a preprocessing operation on the keywords in the dictionary.

(3) AP uses the public key pk of SV_cEncrypting a keyword in a dictionary and a letter (Latin letter) or a single character in the keyword to obtain the following tuples:

the AP then uses a hash function H_w(·),H_fAnd (c) a random function R (·), generating an encryption index using the obtained key ciphertext tuple and the file identifier, the creation steps of which are as follows:

step one, initializing a matrix eta of a (m '× n') latitude, wherein m is less than or equal to m ', n is less than or equal to n' (m is the largest number in a keyword set, n is the largest number in a data set), and setting all elements in the matrix to be 0.

Step two, encrypting the matrix index for x ═ 1,2, …, n 'and y ═ 1,2, …, m'. AP utilizes a hash function H_w(. to) generate a hash table α_w(. to) containing the mapping result α_w([w_i]_pk). In addition, the AP generates a hash table α using R (-) and H (-) values_f(. to) containing the mapping result α_f(f_y) As follows:

R(id_y)＝f_y

α_f(f_y)→t；

and thirdly, constructing a corresponding relation between the file and the keyword based on the initialization matrix eta. If file id_yThe keyword w appears in (1. ltoreq. y. ltoreq.n)_x(x is not less than 1 and not more than m), the corresponding element in the matrix eta is set as w_xAnd id_yTF × IDF value, otherwise set to 0.

AP only transmits the encrypted index to NAP, and reserves hash function H_w(·)、H_f(. cndot.) and a random function R (-). Fig. 5 shows a construction process of the encryption matrix index.

The third step: trapdoor generation

Trapdoor generation consists of two parts. First, the smart car computes the weights of all keywords in the query keyword set according to the dependency grammar and the phrase structure tree. Secondly, the intelligent automobile generates a trap door for the key word through the key pair, and then a final tuple is obtained by combining the weight and the trap door.

(1) And (4) calculating the weight. For each keyword in the query set, the initial keyword relationship is 1, and if the keyword has a syntactic relationship with other keywords, its weight becomes 1+ R, where R represents the syntactic relationship.

For two search keys q₁And q is₂Syntactic relations are denoted as R (q)₁,q₂). If there is a grammatical relationship between them, then q₁And q is₂Respectively increase

And

wherein d is₁And d₂And respectively represent the distance between two key distances and a common ancestor node. d represents the distance between the keywords, i.e. d ═ d₁+d₂。

For any query Q ═ Q₁,q₂,…,q_zZ is the number of search keys. The weight value for keyword q is p × z, where p is the weight ratio of search keyword q, that is:

thus, the weight KW of the keyword q can be expressed as:

taking "multiple keyword search encryption" as an example, the grammar structure book and the dependency grammar are shown in fig. 6 respectively.

For example, it can be seen from fig. 6 that the distance between "encryption" and "multiplex" is 5, the syntax relationship is r (amod) ═ 1/(ln5), and the distances from "encryption" and "multiplex" to their common root nodes are 3 and 2, respectively, so the corresponding weights should be 2(ln5)/5 and 3(ln 5)/5. Likewise, the syntactic relationships between "multiple" and "keywords", and "multiple" are the same. With the above method, the final weights of "encryption" and "multiple" are kw (multiple) 1.23 and kw (encryption) 0.95, respectively.

(2) And (4) generating a trap door. SV encrypts the query key w with their key. In addition, SV encrypts the letters or single characters in the keyword w to obtain a ciphertext group

Finally, the SV adds the weight associated with the key to the tuple.

The fourth step: searching

The invention introduces two ciphertext comparison algorithms used in the search stage: CGE and CE.

CGE algorithm: SV and NAP respectively have a group of paillier key pairs of (pk, sk) and (pk)_NAP,sk_NAP). Given two integers a, b, two ciphertext integers a ═ a are obtained by encrypting with a public key pk]_pk,B＝[b]_pk. The CGE algorithm obtains the relationship between a and B by making some calculations for a and B. The CGE algorithm flow is as follows:

the CGE algorithm is performed as follows:

(1) SV selects a relatively small positive integer r and calculates

(a-b) And (a-b) r are labeled the same since r is a small positive integer. Finally, the SV sends X to the NAP.

(2) NAP decrypts X using private key sk to get plaintext X. If x is greater than or equal to 0, make

Otherwise cause to

The results are then sent to the SVs.

(3) After receiving result, SV uses private key sk_cpEncrypt it and then obtain

CE algorithm: the objective of the CE algorithm is to compute two ciphertext integers a ═ a]_pkAnd B ═ B]_pkTo determine whether the plaintexts a, b are equal, thereby implementing an accurate search function. The main idea of the CE algorithm is to implement twice CGE algorithm, which is as follows:

during searching, after acquiring the trapdoor tuple TTS, the NAP firstly executes fuzzy search, puts items matched with the TTS into a candidate set TTS ', and then the NAP carries out accurate search on the TTS' to obtain a final result TTS ". The fuzzy search and precise search algorithms are algorithm 3 and algorithm 4, respectively:

The NAP then multiplies each row vector by the correlation coefficient of the corresponding keyword trapdoor sent by the SV. Finally NAP adds all row vectors and gets v_resultAs shown in fig. 13, and then transmitted to DC.

The fifth step: file decryption

And after obtaining the query result, the SV transmits the attribute set Att to the AP. The AP decrypts the relevant encryption key based on Att, as follows:

and a sixth step: updating

The updating of the scheme is divided into two aspects of key updating and data updating. In this section, the present invention will introduce two aspects:

1. and (3) updating the keywords: since only the file-based two-way hash table is stored on the DC, the SV does not need to transmit the update status onto the DC.

(1) And adding the keywords. When SVs add keys to a dictionary, they need to create an updated tuple (containing the operation instruction op ═ addition "and the key W that needs to be added_add). After AP receives tuple sent by SV, AP calculates W first_addAnd the value of TF x IDF between each file. AP encrypts W using paillier_addObtain ciphertext [ w_add]_paillierAnd deriving vectors based on the above values

Eventually the AP will sum the op and the vector setInto a new tuple and sent to the NAP. NAP utilizes self-stored hash function H_w(. a) is to

Mapped to the corresponding position in the matrix index and added.

(2) And deleting the keywords. The keyword deletion and addition operations are substantially similar. The operation instruction of SV is op ═ deletion. Unlike the add operation, when the NAP receives the key w_delCiphertext of (1)_del]_paillierTemporal NAP may use hash function H_w(. to) map its position in the matrix index and then remove the relevant vector v from the matrix index_del。

2. And (3) updating data: data update and key update operations are quite different. The key update only needs to operate on the NAP. Data updates then need to be done simultaneously on the NAPs and the DC. The update flow will be described in detail below.

(1) And deleting the data. In the solution of the invention, file updates and keyword updates are different. File updates require the AP to issue update operations to the NAPs and the DC. Using file deletion as an example, SV generates a tuple containing the file identifier f of the file to be deleted_delAnd the delete instruction op ═ deletion. After the AP receives the tuple, the self-stored hash function H is utilized_f(. to) map to obtain [ f_del]_paillierPosition of

AP will newly generate tuple (op, pos)_del) Sent to NAP and DC respectively, and then NAP and DC are in alpha_fAnd (c) performing a delete operation with their stored matrix index.

(2) And (4) adding data. The data adding operation also needs the SV to send an operation instruction op ═ add', and the file adding indicator f_addAnd addition and f_addRelated keywords { [ w { [_n]_paillierI (n ═ i, j, z, m, n, p) } to the AP. The AP then uses a hash function H_f(. to) map to obtain [ f_add]_paillierPosition pos of_add. In addition, the AP also calculates f_addAnd a keyword { [ w { [_n]_paillierTF × IDF between | (n ═ i, j, z, m, n, p) }. Then generating a meta-group set { ([ w ]_n]_paillier，(TF×IDF)_n) I (n ═ i, j, z, m, n, p) }. AP will (op, [ f)_add]_paillier) Transmitted to DC for updating the two-way hash table alpha stored on DC_f(. cndot.). At the same time AP will (op, [ f)_add]_paillier,{([w_n]_paillier,(TF×IDF)_n) | l (n ═ i, j, z, m, n, p) }) is transmitted to the NAP for updating the matrix index stored at the NAP.

It should be noted that the embodiments of the present invention can be realized by hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided on a carrier medium such as a disk, CD-or DVD-ROM, programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier, for example. The apparatus and its modules of the present invention may be implemented by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., or by software executed by various types of processors, or by a combination of hardware circuits and software, e.g., firmware.

The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.

Claims

1. An encrypted data retrieving and sharing method, comprising:

the data or keywords are updated.

2. The encrypted data retrieving and sharing method according to claim 1, wherein the specific initialization steps are as follows:

step one, AP randomly selects two large prime numbers p and q, and calculates n as p multiplied by qWherein 0 < p < 2^μ,0＜q＜2^μ,

Step two, AP calculates sigma ═ e^-1modn, where e ═ lcm (p-1, q-1);

The encryption key is calculated as follows:

the encryption key will be stored at the AP, and when the SV needs to decrypt, they will send the set of attributes to the AP, which will return the decrypted K to the SV.

3. The encrypted data retrieving and sharing method according to claim 1, wherein the step of constructing the index comprises:

(2) the AP executes preprocessing operation on the keywords in the dictionary;

R(id_y)＝f_y

α_f(f_y)→t；

4. The encrypted data retrieving and sharing method of claim 1, wherein the specific steps for implementing trapdoor generation are as follows:

And

the weight KW of the keyword q is expressed as:

(2) and (3) generating a trap door, wherein SV encrypts a query keyword w by using a key of SV, and SV encrypts letters or single characters in the keyword w to obtain a ciphertext group

The SV adds the weight associated with the key to the tuple.

5. The encrypted data retrieving and sharing method of claim 1, wherein after obtaining the tuple, the net access node first performs a fuzzy search to put the trapdoor tuple into the candidate set, and the net access node performs an accurate search on the candidate set to obtain a final search result specifically comprises:

the CGE algorithm is performed as follows:

(1) SV selects a relatively small positive integer r and calculates

Otherwise cause to

Sending the results to the SVs;

(3) after receiving result, SV uses private key sk_cpEncrypt it to obtain

6. The encrypted data retrieval and sharing method according to claim 1, wherein the smart vehicle sends its attribute set to the authority after obtaining the query result, and then the authority returns the encryption key, and the smart vehicle decrypts the file by using the key to obtain the plaintext set for file decryption, specifically comprising: and after obtaining the query result, the SV transmits the attribute set Att of the SV to the AP, and the AP decrypts the related encryption key based on the Att:

the specific steps for updating the data or the keywords are as follows:

Mapping to the corresponding position in the matrix index and adding;

(1) data deletion, file update and key update are different, the file update requires the AP to send out update operation to the NAP and the DC, and in the case of file deletion, SV generates a tuple containing the data to be deletedFile identifier f of file_delAnd deleting the instruction op as "deletion", after the AP receives the tuple, utilizing the hash function H stored by the AP_f(. to) map to obtain [ f_del]_paillierPosition of

7. A computer device, characterized in that the computer device comprises a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to carry out the steps of:

the data or keywords are updated.

8. A computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:

the data or keywords are updated.

9. A vehicle information data processing terminal, characterized in that the vehicle information data processing terminal is used for realizing the encrypted data retrieval and sharing method of any one of claims 1 to 6.

10. An encrypted data retrieving and sharing system for implementing the encrypted data retrieving and sharing method according to any one of claims 1 to 6, wherein the encrypted data retrieving and sharing system comprises:

and the updating module is used for updating the data or the keywords.