CN112632598B - Encrypted data retrieval and sharing method, system, medium, equipment and application - Google Patents

Encrypted data retrieval and sharing method, system, medium, equipment and application Download PDF

Info

Publication number
CN112632598B
CN112632598B CN202011430096.7A CN202011430096A CN112632598B CN 112632598 B CN112632598 B CN 112632598B CN 202011430096 A CN202011430096 A CN 202011430096A CN 112632598 B CN112632598 B CN 112632598B
Authority
CN
China
Prior art keywords
key
nap
keyword
tuple
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011430096.7A
Other languages
Chinese (zh)
Other versions
CN112632598A (en
Inventor
樊凯
金海�
王昊洋
金雄海
李晖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN202011430096.7A priority Critical patent/CN112632598B/en
Publication of CN112632598A publication Critical patent/CN112632598A/en
Application granted granted Critical
Publication of CN112632598B publication Critical patent/CN112632598B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/176Support for shared access to files; File sharing support
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention belongs to the technical field of information data processing, and discloses a method, a system, a medium, equipment and an application for retrieving and sharing encrypted data, wherein the method comprises the following steps: initializing a system; generating an encryption matrix index; generating a keyword trapdoor by using a paillier key pair; in the searching stage, ciphertext searching is carried out by using two ciphertext comparison algorithms; and after the intelligent vehicle obtains the query result, transmitting the attribute set of the intelligent vehicle to the authority platform. The authoritative platform resolves the dense-phase correlation key ciphertext based on the attribute set; and updating keywords or data. When the method is used for searching or sharing, data are encrypted, efficient searching can be achieved, fuzzy searching can be conducted on keywords with spelling errors, and the results are sorted according to the relevancy, so that accurate searching is achieved; safe retrieval and sharing of data are realized, and fuzzy retrieval can be performed on keywords with spelling errors; the system can realize efficient and encrypted retrieval, and how to realize efficient encryption sharing.

Description

Encrypted data retrieval and sharing method, system, medium, equipment and application
Technical Field
The invention belongs to the technical field of information data processing, and particularly relates to a method, a system, a medium, equipment and an application for retrieving and sharing encrypted data.
Background
At present: with the continued expansion of the IoV market, more and more vehicles and related facilities are integrated therein. It not only has an impact on network capacity, but also makes the network topology more complex. For these reasons, data sharing and transmission in dense areas of the network may be lost or congested, reducing network reliability and increasing transmission delay.
The disadvantage of the existing IoV technology is mainly that the existing architecture is ground-based, providing network access services for vehicles and vehicle applications. Aiming at the main problem, the appearance of SAGEVN provides a new idea for the popularization of IoV. SAGAVIN is a comprehensive network architecture which is based on the ground, multiple dimensions and different layers and is formed by adding a Low Earth Orbit Satellite (LEOS), an Unmanned Aerial Vehicle (UAV) and a High Altitude Platform (HAP) into a ground network. Various network devices in the aerospace field are utilized to provide real-time network access services for vehicles and vehicle-mounted applications in different environments. Notably, SAGIVN is susceptible to various types of attacks and threats as it contains various different types of network interfaces and communication modes.
Through the above analysis, the problems and defects of the prior art are as follows: the prior art SAGIVN is susceptible to various types of attacks and threats under various different types of network interfaces and communication modes.
The difficulty in solving the above problems and defects is: most of the existing data privacy protection aiming at the car networking environment is based on differential privacy protection in machine learning, and only information such as the position of a vehicle can be protected. An effective solution is not provided for the problem of safe storage and sharing of data generated by vehicles in the internet of vehicles. Meanwhile, the vehicle has high-speed mobility, so that higher requirements are provided for the topological structure of the proposed system, and it is difficult to meet the communication low-delay standard in the moving process of the vehicle on the premise of ensuring the safety.
The significance for solving the problems and the defects is as follows: the internet of vehicles serves as an important component in the internet of things, so that global intelligent transportation is greatly developed, but in recent years, the improvement of intelligent transportation is hindered by some problems existing in the internet of vehicles, firstly, the coverage range of the internet of vehicles cannot meet the current transportation requirement, many remote or incomplete areas of network infrastructure cannot be added into the internet of vehicles, in addition, the privacy protection of the vehicles in the internet of vehicles still stays at the stage of data such as positions, and an effective scheme is not provided for the safe storage and sharing of the data of the vehicles. The scheme combines the Internet of vehicles and the SAGIN, and simultaneously provides an effective solution for the two problems by combining a searchable encryption technology.
Disclosure of Invention
Aiming at the problems in the prior art, the invention provides a method, a system, a medium, equipment and an application for retrieving and sharing encrypted data.
The invention is realized in such a way that an encrypted data retrieval and sharing method comprises the following steps:
in the initial stage of the system, firstly, system initialization is carried out, wherein the system initialization comprises key initialization and file initialization;
the authority uses an optimization algorithm to calculate the relevance scores among the keywords, uses a public key of the intelligent vehicle to encrypt the keywords in the dictionary or a certain single character to obtain a tuple, uses a hash function and a random function, and uses the obtained keyword ciphertext tuple and a file identifier to generate an encryption index;
the trapdoor generation comprises two parts; the intelligent automobile calculates the weights of all key words in the query key word set according to the dependency grammar and the phrase structure tree; the intelligent automobile generates a trap door by using a public key as a keyword, and a final tuple is obtained by combining the weight and the trap door;
after the tuple is obtained, the network access node firstly executes fuzzy search, the trapdoor tuple is put into a candidate set, and the network access node accurately searches the candidate set to obtain a final search result;
after the intelligent vehicle obtains the query result, the attribute set of the intelligent vehicle is sent to an authority, then the authority returns an encryption key, and the intelligent vehicle decrypts the file by using the key to obtain a plaintext set;
the data or keywords are updated.
Further, the specific initialization steps are as follows:
(1) Initializing a key, setting a fuzzy value acc = x of query by a network access Node (NAP), wherein acc represents a text distance between two keywords, x is an integer, the NAP inputs a security parameter alpha to the AP, the AP outputs a character string K with the length of alpha, K is a key for symmetric encryption, the NAP inputs a security parameter mu to the AP, and the AP outputs a pair of keys, wherein the process is as follows:
step one, AP randomly selects two large prime numbers p and q, and calculates n = p multiplied by q, wherein p is more than 0 and less than 2 μ ,0<q<2 μ ,
Step two, AP calculates sigma = e -1 mod n, where e = lcm (p-1, q-1)
Step three, generating a public and private key pair by the AP, wherein pk = n and sk = (e, sigma) respectively;
(2) File initialization, SV extracts ω from the set of files i Constructing a dictionary W, and generating a corresponding file identifier id for each file by SV y (1 < y < n), transmitting the W and the plaintext data set to the AP, and encrypting the files in the file set by the AP by using the symmetric key K; the AP performs an attribute encryption on K, the attribute policy being defined by SV, the AP using the common parameter pp and a random number
Figure BDA0002826345550000031
The encryption key is calculated as follows:
Figure BDA0002826345550000032
the encryption key will be stored on the AP. When the SV needs to be decrypted, they send the attribute set to the AP, and the AP returns the decrypted K to the SV.
Further, the specific steps of constructing the index include:
(1) The AP calculates a relevance score between the file and the keyword by using an optimized TF multiplied by IDF algorithm;
(2) The AP executes preprocessing operation on the keywords in the dictionary;
(3) AP uses the public key pk of SV c Encrypting the key words in the dictionary and the letter words or a single character in the key words to obtain the following tuples:
Figure BDA0002826345550000033
AP uses a hash function H w (·),H f (. Cndot.) and a random function R (-), using the obtained key ciphertext tuple and the file identifier to generate an encryption index, which is created by the steps of:
step one, initializing a matrix eta of a (m '× n') latitude, wherein m is less than or equal to m ', n is less than or equal to n', m is the maximum number in a keyword set, n is the maximum number in a data set, and setting all elements in the matrix to be 0;
step two, for x =1,2, \8230;, n 'and y =1,2, \8230;, m' encryption matrix index, AP utilizes hash function H w (. To) generate a hash table α w (. To) in which the mapping result α is included w ([w i ] pk ) AP uses R (-) and H (-) to generate a hash table alpha f (. To) containing the mapping result α f (f y ) As follows:
R(id y )=f y
α f (f y )→t;
thirdly, establishing a corresponding relation between the file and the keywords based on the initialization matrix eta, if the file id y The keyword w appears in (1. Ltoreq. Y. Ltoreq.n) x (x is not less than 1 and not more than m), the corresponding element in the matrix eta is set as w x And id y TF x IDF value of, otherwise set to 0;
AP only transmits the encrypted index to NAP, and reserves hash function H w (·)、H f (. Cndot.) and a random function R (-).
Further, the specific steps for realizing the generation of the trapdoor are as follows:
the trap door generation comprises two parts, firstly, SV calculates the weight of all key words in a query key word set according to the dependency grammar and the phrase structure tree, secondly, the intelligent automobile generates the trap door for the key words through a key pair, and then the final tuple is obtained by combining the weight and the trap door;
(1) Calculating the weight, wherein for each keyword in the query set, the initial keyword relationship is 1, and if the keyword has a syntactic relationship with other keywords, the weight of the keyword is 1+ R, wherein R represents the syntactic relationship;
for two search keys q 1 And q is 2 Syntactic relations are denoted as R (q) 1 ,q 2 ) If there is a grammatical relationship between them, then q 1 And q is 2 Respectively increase
Figure BDA0002826345550000041
And
Figure BDA0002826345550000042
wherein d is 1 And d 2 Respectively, represent the distance between two key words and the common ancestor node, d represents the distance between the key words, i.e. d = d 1 +d 2
Q = { Q ] for any query 1 ,q 2 ,…,q z Z is the number of search keywords, and the weight value for keyword q is p × z, where p is the weight ratio of search keyword q:
Figure BDA0002826345550000051
the weight KW of the keyword q is expressed as:
Figure BDA0002826345550000052
(2) And (3) generating a trap door, wherein SV encrypts a query keyword w by using a key of SV, and SV encrypts letters or single characters in the keyword w to obtain a ciphertext group
Figure BDA0002826345550000053
The SV adds a weight associated with the key to the tuple.
Further, after obtaining the tuple, the network access node first performs a fuzzy search, puts the trapdoor tuple into the candidate set, and the network access node accurately searches the candidate set to obtain a final search result specifically including:
CGE algorithm: SV and NAP respectively have a group of paillier key pairs of (pk, sk) and (pk) NAP ,sk NAP ) Given two integers a, b, two ciphertext integers a = [ a ] are obtained by encrypting with a public key pk] pk ,B=[b] pk The CGE algorithm calculates A and B to obtain the relation between a and B;
the CGE algorithm is performed as follows:
(1) SV selects a relatively small positive integer r and calculates
Figure BDA0002826345550000054
According to the additive homomorphism of the paillier encryption algorithm, exist
Figure BDA0002826345550000055
(a-b) and (a-b) × r are marked by the same flag, since r is a small positive integer, SV sends X to NAP;
(2) NAP decrypts X by using private key sk to obtain plaintext X, and if X is larger than or equal to 0, the plaintext X is decrypted by NAP
Figure BDA0002826345550000056
Otherwise cause to
Figure BDA0002826345550000057
Sending the results to the SVs;
(3) After receiving result, SV uses private key sk cp Encrypt it to obtain
Figure BDA0002826345550000058
CE algorithm: the objective of the CE algorithm is to compute two ciphertext integers a = [ a = [ a ]] pk And B = [ B ]] pk Determining whether the plaintext a and b are equal to realize an accurate searching function, and realizing twice CGE algorithm of the CE algorithm; during searching, after acquiring the trapdoor tuple TTS, the NAP firstly executes fuzzy search, puts items matched with the TTS into a candidate set TTS ', and the NAP accurately searches the TTS' to obtain a final result TTS ";
obtaining the final set TTS at NAP"after that, NAP obtains row vectors associated with all items in TTS" from the encryption matrix η
Figure BDA0002826345550000061
NAP multiplies each row vector by the correlation coefficient of the corresponding keyword trapdoor sent by SV, adds all the row vectors and obtains v result And then transmitted to DC.
Further, after obtaining the above query result, the intelligent vehicle sends its own attribute set to the authority, and then the authority returns the encryption key, and the intelligent vehicle obtains a plaintext set by using the key decryption file to decrypt the file, which specifically includes: and after obtaining the query result, the SV transmits the attribute set Att to the AP. AP decrypts the relevant encryption key based on Att:
Figure BDA0002826345550000062
the SV decrypts the ciphertext data by using the symmetric key K to obtain a plaintext set of the query result, and the process is as follows:
Figure BDA0002826345550000063
Figure BDA0002826345550000064
the specific steps for updating the data or the keywords are as follows:
and (3) updating the keywords: the SV does not need to transmit the update status onto DC;
(1) Key addition, when SV adds a key to the dictionary, an updated tuple is created containing the operation instruction op = "addition" and the key W that needs to be added add After AP receives tuple from SV, AP first calculates W add And the value of TF x IDF between each file, the AP encrypts W using paillier add Obtain ciphertext [ w add ] paillier And is based onValue of a face obtains a vector
Figure BDA0002826345550000065
AP forms a new tuple by the op and the vector and sends the new tuple to NAP, and the NAP utilizes the hash function H stored by the NAP w (. A) will
Figure BDA0002826345550000071
Mapping to the corresponding position in the matrix index and adding;
(2) The key is deleted, the operation instruction of SV is op = 'deletion', and different from the adding operation, when NAP receives the key w del Ciphertext [ w del ] paillier The time NAP may use the hash function H w (. To) map its position in the matrix index and then remove the relevant vector v from the matrix index del
And (3) updating data: the data update and key update operations are completely different, the key update only needs to be operated on the NAP, and then the data update needs to be simultaneously performed on the NAP and the DC;
(1) Data deletion, file update and key update are different, the file update requires the AP to send out update operation to the NAP and the DC, and in the case of file deletion, SV generates a tuple containing the file identifier f of the file to be deleted del And a deletion instruction op = 'deletion', after the AP receives the tuple, the hash function H stored by the AP is used f (. To) map to obtain [ f del ] paillier Position of
Figure BDA0002826345550000072
AP will newly generate tuple (op, pos) del ) Sent to NAP and DC respectively, and the NAP and DC are in alpha f (. H) and their stored matrix indices;
(2) Data addition, the data addition operation also needs the SV to send an operation instruction op = 'add' first, and the file addition indicator f add And addition of and f add Related keywords { [ w { [ n ] paillier L (n = i, j, z, m, n, p) } to AP; AP uses a hash function H f (. To) map to obtain [ f add ] paillier Position pos of add AP also calculates f add And a keyword { [ w { [ n ] paillier TF × IDF between | (n = i, j, z, m, n, p) }; generating a set of tuples { ([ w ] n ] paillier ,(TF×IDF) n ) | | (n = i, j, z, m, n, p) }, the AP will be (op, [ f } add ] paillier ) Transmitted to DC for updating the two-way hash table alpha stored on DC f (. To) while the AP will be (op, [ f) add ] paillier ,{([w n ] paillier ,(TF×IDF) n ) | l (n = i, j, z, m, n, p) }) is transmitted to the NAP, updating the matrix index stored at the NAP.
It is a further object of the invention to provide a computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the steps of:
in the initial stage of the system, firstly, system initialization is carried out, wherein the system initialization comprises key initialization and file initialization;
the authority uses an optimization algorithm to calculate the relevance scores among the keywords, uses a public key of the intelligent vehicle to encrypt the keywords in the dictionary or a certain single character to obtain a tuple, uses a hash function and a random function, and uses the obtained keyword ciphertext tuple and a file identifier to generate an encryption index;
the trapdoor generation comprises two parts; the intelligent automobile calculates the weights of all keywords in the query keyword set according to the dependency grammar and the phrase structure tree; the intelligent automobile utilizes the public key as a keyword to generate a trapdoor, and a final tuple is obtained by combining the weight and the trapdoor;
after the tuple is obtained, the network access node firstly executes fuzzy search, puts the trapdoor tuple into a candidate set, and accurately searches the candidate set by the network access node to obtain a final search result;
after the intelligent vehicle obtains the query result, the attribute set of the intelligent vehicle is sent to an authority, then the authority returns an encryption key, and the intelligent vehicle decrypts the file by using the key to obtain a plaintext set;
the data or keywords are updated.
It is another object of the present invention to provide a computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of:
in the initial stage of the system, firstly, system initialization is carried out, wherein the system initialization comprises key initialization and file initialization;
the authority uses an optimization algorithm to calculate the relevance scores among the keywords, uses a public key of the intelligent vehicle to encrypt the keywords in the dictionary or a certain single character to obtain a tuple, uses a hash function and a random function, and uses the obtained keyword ciphertext tuple and a file identifier to generate an encryption index;
the trapdoor generation comprises two parts; the intelligent automobile calculates the weights of all keywords in the query keyword set according to the dependency grammar and the phrase structure tree; the intelligent automobile utilizes the public key as a keyword to generate a trapdoor, and a final tuple is obtained by combining the weight and the trapdoor;
after the tuple is obtained, the network access node firstly executes fuzzy search, the trapdoor tuple is put into a candidate set, and the network access node accurately searches the candidate set to obtain a final search result;
after the intelligent vehicle obtains the query result, the attribute set of the intelligent vehicle is sent to an authority, then the authority returns an encryption key, and the intelligent vehicle decrypts the file by using the key to obtain a plaintext set;
the data or keywords are updated.
Another object of the present invention is to provide a vehicle information data processing terminal for implementing the encrypted data retrieving and sharing method.
Another object of the present invention is to provide an encrypted data retrieving and sharing system implementing the encrypted data retrieving and sharing method, the encrypted data retrieving and sharing system comprising:
the system initialization module is used for carrying out system initialization including key initialization and file initialization at the initial stage of the system;
the system comprises an encryption index generation module, an authority and a file identifier generation module, wherein the encryption index generation module is used for calculating correlation row scores among keywords by using an optimization algorithm, acquiring tuples by using the keywords or a certain single character in a public key encryption dictionary of the intelligent vehicle, and generating an encryption index by using the acquired keyword ciphertext tuples and the file identifier by using a hash function and a random function by the authority;
the trapdoor generation module is used for generating the trapdoor; the intelligent automobile calculates the weights of all key words in the query key word set according to the dependency grammar and the phrase structure tree; the intelligent automobile generates a trap door by using a public key as a keyword, and a final tuple is obtained by combining the weight and the trap door;
the search result acquisition module is used for performing fuzzy search by the network access node after obtaining the tuple, putting the trapdoor tuple into the candidate set, and accurately searching the candidate set by the network access node to obtain a final search result;
the plaintext set acquisition module is used for sending the attribute set of the intelligent vehicle to the authority after the intelligent vehicle obtains the query result, the authority returns the encryption key, and the intelligent vehicle decrypts the file by using the encryption key to obtain a plaintext set;
and the updating module is used for updating the data or the keywords.
By combining all the technical schemes, the invention has the advantages and positive effects that: the invention provides a safe and effective retrieval and sharing scheme based on encrypted data in order to ensure the safety and the effectiveness of data transmission, the data are encrypted when the data are retrieved or shared, and the scheme can realize college retrieval, can carry out fuzzy retrieval on keywords with spelling errors and sequence the results according to the relevance, thereby realizing accurate retrieval. The safe retrieval and sharing of data are realized, and fuzzy retrieval can be performed on keywords with spelling errors. The system can realize efficient and encrypted retrieval, and how to realize efficient encryption sharing.
Compared with the prior art, the invention has the following advantages:
(1) The invention relates to a keyword conversion method based on a one-way algorithm and parallel encryption. For misspellings of a letter, the scheme may use the misspelled key and the correct key to obtain the fuzzy value. In addition, the method is also effective for other spelling errors.
(2) In order to improve the accuracy of the query, the scheme introduces natural language processing in the trapdoor generation part, and calculates the weight of the keywords in the query keyword set by using the dependency grammar and the phrase structure tree before generating the query trapdoor, which plays an important role in improving the query accuracy by extracting the query part.
(3) The cross-language query method based on the ASCII codes the keywords in the dictionary, encrypts the keywords into the ciphertext by using a higher-level encryption technology, and can realize the cross-language query under any language environment.
(4) Access control management, the existing loV architecture realizes data transmission and sharing by using secure broadcasting, which not only generates huge communication overhead, but also cannot perform fine management on user authorization, thereby realizing fine management of user access control.
(5) Performance and safety, the invention implements and evaluates the proposed solution according to a real SAGIVN environment. The result shows that the scheme realizes high-precision data search and data confidentiality.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings required to be used in the embodiments of the present application will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on the drawings without creative efforts.
Fig. 1 is a flowchart of an encrypted data retrieving and sharing method according to an embodiment of the present invention.
FIG. 2 is a schematic structural diagram of an encrypted data retrieving and sharing system according to an embodiment of the present invention;
in FIG. 2: 1. a system initialization module; 2. an encryption index generation module; 3. a trapdoor generation module; 4. a search result acquisition module; 5. a plaintext collection acquisition module; 6. and updating the module.
Fig. 3 is a flowchart of an implementation of the encrypted data retrieving and sharing method according to an embodiment of the present invention.
Fig. 4 is a skyward-integrated network diagram according to an embodiment of the present invention.
FIG. 5 is a diagram of an index building provided by an embodiment of the invention.
FIG. 6 is a simulation diagram of index building provided by an embodiment of the present invention.
FIG. 7 is a simulation diagram of a trapdoor query according to an embodiment of the present invention.
FIG. 8 is a parse tree diagram according to an embodiment of the present invention.
FIG. 9 is a fuzzy query graph as provided by embodiments of the present invention.
Fig. 10 is a simulation diagram of fuzzy search according to an embodiment of the present invention.
FIG. 11 is an accurate query graph provided by embodiments of the present invention.
FIG. 12 is a diagram of an accurate search simulation provided by an embodiment of the present invention.
Fig. 13 is a query matching graph provided by an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is further described in detail with reference to the following embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.
In view of the problems in the prior art, the present invention provides a method, a system, a medium, a device and an application for retrieving and sharing encrypted data, and the present invention is described in detail below with reference to the accompanying drawings.
As shown in fig. 1, the encrypted data retrieving and sharing method provided by the present invention includes the following steps:
s101: in the initial stage of the system, firstly, system initialization is carried out, wherein the system initialization comprises key initialization and file initialization;
s102: the authority calculates correlation row scores among the keywords by using an optimization algorithm, obtains tuples by using the keywords or a certain single character in a public key encryption dictionary of the intelligent vehicle, and generates an encryption index by using a hash function and a random function and using the obtained keyword ciphertext tuples and a file identifier;
s103: the trapdoor generation comprises two parts; the intelligent automobile calculates the weights of all keywords in the query keyword set according to the dependency grammar and the phrase structure tree; the intelligent automobile utilizes the public key as a keyword to generate a trapdoor, and a final tuple is obtained by combining the weight and the trapdoor;
s104: after the tuple is obtained, the network access node firstly executes fuzzy search, the trapdoor tuple is put into a candidate set, and the network access node accurately searches the candidate set to obtain a final search result;
s105: after obtaining the query result, the intelligent vehicle sends the attribute set of the intelligent vehicle to the authority, then the authority returns the encryption key, and the intelligent vehicle decrypts the file by using the key to obtain a plaintext set;
s106: the data or keywords are updated.
Those skilled in the art can also use other steps to implement the encrypted data retrieving and sharing method provided by the present invention, and the encrypted data retrieving and sharing method provided by the present invention in fig. 1 is only one specific embodiment.
As shown in fig. 2, the encrypted data retrieving and sharing system provided by the present invention includes:
the system initialization module 1 is used for performing system initialization including key initialization and file initialization at the initial stage of the system;
the encrypted index generation module 2 is used for calculating the relevance scores among the keywords by using an optimization algorithm by an authority, encrypting the keywords or a certain single character in a dictionary by using a public key of the intelligent vehicle to obtain a tuple, and generating an encrypted index by using the obtained keyword ciphertext tuple and a file identifier by the authority by using a hash function and a random function;
the trapdoor generation module 3 is used for generating the trapdoor; the intelligent automobile calculates the weights of all keywords in the query keyword set according to the dependency grammar and the phrase structure tree; the intelligent automobile utilizes the public key as a keyword to generate a trapdoor, and a final tuple is obtained by combining the weight and the trapdoor;
the search result acquisition module 4 is used for performing fuzzy search by the network access node after obtaining the tuple, putting the trapdoor tuple into the candidate set, and accurately searching the candidate set by the network access node to obtain a final search result;
the plaintext set acquisition module 5 is used for sending the attribute set of the intelligent vehicle to the authority after the intelligent vehicle obtains the query result, returning the encryption key by the authority, and decrypting the file by the intelligent vehicle by using the key to obtain a plaintext set;
and the updating module 6 is used for updating the data or the keywords.
The technical solution of the present invention is further described below with reference to the accompanying drawings.
As shown in fig. 3, the encrypted data retrieving and sharing method provided by the present invention includes the following steps:
the method comprises the following steps: initializing a system;
step two: generating an index;
step three: generating a trap door;
step four: searching;
step five: decrypting the file;
step six: and (4) updating.
As shown in fig. 4, the present invention will be further described in more detail as follows:
the first step is as follows: system initialization
(1) And (5) initializing a key. NAP (network access node) sets the fuzzy value acc = x of the query (acc denotes the text distance between two keywords, x is an integer). The NAP inputs a security parameter α to the AP, which outputs a string K of length α, K being a key for symmetric encryption. The NAP inputs the security parameter μ to the AP, which outputs a pair of keys, as follows:
step one, AP randomly selects two large prime numbers p and q, and then n = p × q is calculated, wherein p is more than 0 and less than 2 μ ,0<q<2 μ ,
Step two, AP calculates sigma = e -1 mod n, where e = lcm (p-1, q-1);
thirdly, generating a public and private key pair by the AP, wherein the public and private key pair is pk = n and sk = (e, sigma) respectively;
(2) And (6) initializing the file. SV extracts omega from a set of files i A dictionary W is constructed. Furthermore, the SV generates a corresponding file identifier id for each file y (1 < y < n), then W and the plaintext data set are transmitted to the AP. The AP encrypts the files in the file collection with the symmetric key K. And the AP performs attribute encryption on K, the attribute policy being defined by SV. AP uses the common parameter pp and a random number
Figure BDA0002826345550000131
The encryption key is calculated as follows:
Figure BDA0002826345550000132
the encryption key will be stored on the AP. When the SV needs to decrypt, they send the attribute set to the AP, which returns the decrypted K to the SV.
The second step is that: index generation
(1) The AP calculates the relevance score between the document and the keyword using an optimized TF x IDF algorithm.
(2) The AP performs a preprocessing operation on the keywords in the dictionary.
(3) AP uses the public key pk of SV c Encrypting a keyword in a dictionary and a letter (Latin letter) or a single character in the keyword to obtain the following tuples:
Figure BDA0002826345550000141
the AP then uses a hash function H w (·),H f (. And random function)The number R (-) generates an encryption index using the obtained key ciphertext tuple and the file identifier, which is created as follows:
step one, initializing a matrix eta of a (m '× n') latitude, wherein m is less than or equal to m ', n is less than or equal to n' (m is the largest number in a keyword set, n is the largest number in a data set), and setting all elements in the matrix to be 0.
Step two, encrypt matrix indexes for x =1,2, \8230;, n 'and y =1,2, \8230;, m'. AP utilizes a hash function H w (. DEG) generating a hash table alpha w (. To) containing the mapping result α w ([w i ] pk ). In addition, the AP generates a hash table α using R (-) and H (-) values f (. To) containing the mapping result α f (f y ) As follows:
R(id y )=f y
α f (f y )→t;
and thirdly, constructing a corresponding relation between the file and the keyword based on the initialization matrix eta. If file id y The keyword w appears in (1 ≦ y ≦ n) x (x is not less than 1 and not more than m), the corresponding element in the matrix eta is set as w x And id y TF × IDF value, otherwise set to 0.
AP only transmits the encrypted index to NAP, and reserves hash function H w (·)、H f (. Cndot.) and a random function R (-). Fig. 5 shows a construction process of the encryption matrix index.
The third step: trapdoor generation
Trapdoor generation consists of two parts. First, the smart car computes the weights of all keywords in the query keyword set according to the dependency grammar and the phrase structure tree. Secondly, the intelligent automobile generates a trapdoor for the keyword through the key pair, and then a final tuple is obtained by combining the weight and the trapdoor.
(1) And (4) calculating the weight. For each keyword in the query set, the initial keyword relationship is 1, and if the keyword has syntactic relationship with other keywords, the weight of the keyword becomes 1+ R, where R represents the syntactic relationship.
For two search keys q 1 And q is 2 Sentence(s)The normal relation is represented as R (q) 1 ,q 2 ). If there is a grammatical relationship between them, then q 1 And q is 2 Are respectively increased
Figure BDA0002826345550000151
And
Figure BDA0002826345550000152
wherein d is 1 And d 2 And respectively represent the distance between two key distances and a common ancestor node. d represents the distance between the keywords, i.e. d = d 1 +d 2
Q = { Q ] for any query 1 ,q 2 ,…,q z Z is the number of search keys. The weight value for keyword q is p × z, where p is the weight ratio of search keyword q, that is:
Figure BDA0002826345550000153
thus, the weight KW of the keyword q can be expressed as:
Figure BDA0002826345550000154
taking "multiple keyword search encryption" as an example of the query set, the syntax structure book and the dependency syntax are shown in fig. 6 respectively.
For example, it can be seen from fig. 6 that the distance between "encryption" and "multiplex" is 5, the syntactic relation is that R (amod) = 1/(ln 5), and the distances from "encryption" and "multiplex" to their common root nodes are 3 and 2, respectively, so the corresponding weights should be 2 (ln 5)/5 and 3 (ln 5)/5. Likewise, the syntactic relationships between "multiple" and "keywords", and "multiple" are the same. With the above method, the final weights of "encryption" and "multiple" are KW (multiple) =1.23 and KW (encryption) =0.95, respectively.
(2) And generating the trapdoor. SV using themThe key encrypts the query key w. In addition, SV encrypts the letters or single characters in the keyword w to obtain a ciphertext group
Figure BDA0002826345550000161
Finally, the SV adds the weight associated with the key to the tuple.
The fourth step: searching
The invention introduces two ciphertext comparison algorithms used in the search stage: CGE and CE.
CGE algorithm: SV and NAP each have a set of paillier key pairs (pk, sk) and (pk) respectively NAP ,sk NAP ). Given two integers a, b, two ciphertext integers a = [ a ] are obtained by encrypting with a public key pk] pk ,B=[b] pk . The CGE algorithm obtains the relationship between a and B by making some calculations for a and B. The CGE algorithm flow is as follows:
Figure BDA0002826345550000162
the CGE algorithm is performed as follows:
(1) SV selects a relatively small positive integer r and calculates
Figure BDA0002826345550000163
According to the additive homomorphism of the paillier encryption algorithm, exist
Figure BDA0002826345550000164
(a-b) and (a-b) × r are denoted by the same symbol, since r is a small positive integer. Finally, SV sends X to NAP.
(2) NAP decrypts X using private key sk to get plaintext X. If x is greater than or equal to 0, make
Figure BDA0002826345550000165
Otherwise cause to
Figure BDA0002826345550000166
The results are then sent to the SVs.
(3) At the receipt of rAfter esult, SV uses the private key sk cp Encrypt it and then obtain
Figure BDA0002826345550000171
CE algorithm: the objective of the CE algorithm is to compute two ciphertext integers a = [ a ]] pk And B = [ B ]] pk To determine whether the plain texts a, b are equal, thereby implementing an accurate search function. The main idea of the CE algorithm is to implement twice CGE algorithm, which is as follows:
Figure BDA0002826345550000172
during searching, after acquiring the trapdoor tuple TTS, the NAP firstly executes fuzzy search, puts items matched with the TTS into a candidate set TTS ', and then the NAP carries out accurate search on the TTS' to obtain a final result TTS ". The fuzzy search and precise search algorithms are algorithm 3 and algorithm 4, respectively:
Figure BDA0002826345550000173
Figure BDA0002826345550000181
after NAP obtains a final set TTS ', NAP obtains row vectors related to all items in TTS' from an encryption matrix eta
Figure BDA0002826345550000182
The NAP then multiplies each row vector by the correlation coefficient of the corresponding keyword trapdoor sent by the SV. NAP finally adds all row vectors and obtains v result As shown in fig. 13, and then transmitted to DC.
The fifth step: file decryption
And after obtaining the query result, the SV transmits the attribute set Att of the SV to the AP. The AP decrypts the relevant encryption key based on Att, as follows:
Figure BDA0002826345550000183
the SV decrypts the ciphertext data by using the symmetric key K to obtain a plaintext set of the query result, and the process is as follows:
Figure BDA0002826345550000184
and a sixth step: updating
The updating of the scheme is divided into two aspects of key updating and data updating. In this section, the present invention will introduce two aspects:
1. and (3) updating the keywords: since only the file-based bidirectional hash table is stored on the DC, the SV does not need to transmit the update state onto the DC.
(1) And adding the keywords. When SVs add keys to a dictionary, they need to create an updated tuple (containing the operation instruction op = "addition" and the key W that needs to be added) add ). After AP receives tuple sent by SV, AP first calculates W add And the value of TF x IDF between each file. AP encrypts W using paillier add Obtain the ciphertext [ w add ] paillier And deriving a vector based on the above values
Figure BDA0002826345550000191
Eventually the AP composes the op and vector into a new tuple and sends it to the NAP. NAP utilizes self-stored hash function H w (. A) will
Figure BDA0002826345550000192
Mapped to the corresponding location in the matrix index and added.
(2) And deleting the keywords. The keyword deletion and addition operations are substantially similar. The operation instruction of SV is op = "deletion". Unlike the add operation, when the NAP receives the key w del Ciphertext [ w del ] paillier Temporal NAP may use hash function H w (. To) mappingIts position in the matrix index and then the associated vector v is removed from the matrix index del
2. And (3) updating data: data update and key update operations are quite different. The key update only needs to operate on the NAP. Data updates then need to be done simultaneously on the NAPs and the DC. The update flow will be described in detail below.
(1) And deleting the data. In the solution of the invention, file updates and keyword updates are different. File updates require the AP to issue update operations to the NAPs and the DC. Taking file deletion as an example, SV generates a tuple containing the file identifier f of the file to be deleted del And a delete instruction op = "deletion". After the AP receives the tuple, the self-stored hash function H is utilized f (. To) map to obtain [ f del ] paillier In the position of
Figure BDA0002826345550000193
AP will newly generate tuple (op, pos) del ) Sent to NAP and DC respectively, and then NAP and DC are in alpha f (. Cndot.) and their stored matrix index.
(2) And (4) adding data. The data adding operation also needs the SV to send an operation instruction op = "add" and a file adding indicator f first add And addition and f add Related keywords { [ w { [ n ] paillier L (n = i, j, z, m, n, p) } to AP. The AP then uses a hash function H f (. To) map to obtain [ f add ] paillier Position pos of add . In addition, the AP also calculates f add And a keyword { [ w { [ n ] paillier TF × IDF between | (n = i, j, z, m, n, p) }. Then generating a set of tuples { ([ w ] n ] paillier ,(TF×IDF) n ) | | (n = i, j, z, m, n, p) }. AP will (op, [ f) add ] paillier ) Transmitted to DC for updating the bidirectional hash table alpha stored on DC f (. Cndot.). At the same time the AP will be (op, [ f ] add ] paillier ,{([w n ] paillier ,(TF×IDF) n ) | l (n = i, j, z, m, n, p) }) is transmitted to the NAP for updating the matrix index stored at the NAP.
It should be noted that embodiments of the present invention can be realized in hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or specially designed hardware. Those skilled in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such code being provided on a carrier medium such as a disk, CD-or DVD-ROM, programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier, for example. The apparatus and its modules of the present invention may be implemented by hardware circuits such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., or by software executed by various types of processors, or by a combination of hardware circuits and software, e.g., firmware.
The above description is only for the purpose of illustrating the present invention and the appended claims are not to be construed as limiting the scope of the invention, which is intended to cover all modifications, equivalents and improvements that are within the spirit and scope of the invention as defined by the appended claims.

Claims (7)

1. An encrypted data retrieving and sharing method, comprising:
in the initial stage of the system, firstly, system initialization is carried out, wherein the system initialization comprises key initialization and file initialization;
the authority calculates the correlation score between the keywords by using an optimization algorithm, obtains a tuple by using the keywords or a certain single character in a public key encryption dictionary of the intelligent vehicle, and generates an encryption index by using a hash function and a random function and the obtained keyword ciphertext tuple and a file identifier;
the trapdoor generation comprises two parts; the intelligent automobile calculates the weights of all keywords in the query keyword set according to the dependency grammar and the phrase structure tree; the intelligent automobile generates a trap door by using a public key as a keyword, and a final tuple is obtained by combining the weight and the trap door;
after the tuple is obtained, the network access node firstly executes fuzzy search, the trapdoor tuple is put into a candidate set, and the network access node accurately searches the candidate set to obtain a final search result;
after the intelligent vehicle obtains the query result, the attribute set of the intelligent vehicle is sent to an authority, then the authority returns an encryption key, and the intelligent vehicle decrypts the file by using the key to obtain a plaintext set;
updating data or keywords;
the specific initialization steps are as follows:
(1) Initializing a key, setting a fuzzy value acc = x of query by a network access Node (NAP), wherein acc represents a text distance between two keywords, x is an integer, the NAP inputs a security parameter alpha to an authorization center (AP), the AP outputs a character string K with the length of alpha, K is a key for symmetric encryption, the NAP inputs a security parameter mu to the AP, and the AP outputs a pair of keys, wherein the process is as follows:
step one, AP randomly selects two large prime numbers p and q, and calculates n = p multiplied by q, wherein p is more than 0 and less than 2 μ ,0<q<2 μ ,
Step two, AP calculates sigma = e -1 mod n, where e = lcm (p-1, q-1);
thirdly, generating a public and private key pair by the AP, wherein the public and private key pair is pk = n and sk = (e, sigma) respectively;
(2) File initialization, extracting omega from file set by intelligent vehicle SV i Constructing a dictionary W, and generating a corresponding file identifier id for each file by the SV y If y is more than 1 and less than n, transmitting the W and the plaintext data set to an authorization center AP, and encrypting the files in the file set by the authorization center AP by using a symmetric key K; the authorization center AP performs an attribute encryption of K, the attribute policy being defined by the intelligent vehicle SV, the authorization center AP using the common parameter pp and a random number
Figure FDA0003835215740000021
The encryption key is calculated as follows:
Figure FDA0003835215740000022
the encryption key is stored in the authorization center AP, when the intelligent vehicle SV needs to be decrypted, the encryption key sends the attribute set to the authorization center AP, and the authorization center AP returns the decrypted K to the intelligent vehicle SV;
the specific steps for realizing the generation of the trapdoor are as follows:
the trap door generation comprises two parts, firstly, SV calculates the weight of all key words in a query key word set according to the dependency grammar and the phrase structure tree, secondly, the intelligent automobile generates the trap door for the key words through a key pair, and then the final tuple is obtained by combining the weight and the trap door;
(1) Calculating the weight, wherein for each keyword in the query set, the initial keyword relationship is 1, if the keyword has a syntactic relationship with other keywords, the weight of the keyword becomes 1+ R, wherein R represents the syntactic relationship;
for two search keys q 1 And q is 2 Syntactic relations are denoted as R (q) 1 ,q 2 ) If there is a grammatical relationship between them, then q 1 And q is 2 Respectively increase
Figure FDA0003835215740000023
And
Figure FDA0003835215740000024
wherein d is 1 And d 2 Respectively, represent the distance between two key words and the common ancestor node, d represents the distance between the key words, i.e. d = d 1 +d 2
Q = { Q ] for any query 1 ,q 2 ,…,q z Z is the number of search keywords, and the weight value for keyword q isp × z, where p is the weight ratio of the search key q:
Figure FDA0003835215740000025
the weight KW of the keyword q is expressed as:
Figure FDA0003835215740000026
(2) And (3) generating a trap door, wherein SV encrypts a query keyword w by using a key of SV, and SV encrypts letters or single characters in the keyword w to obtain a ciphertext group
Figure FDA0003835215740000031
The SV adds a weight associated with the key to the tuple;
after obtaining the tuple, the network access node firstly executes fuzzy search, puts the trapdoor tuple into a candidate set, and accurately searches the candidate set by the network access node to obtain a final search result, wherein the step of accurately searching the candidate set by the network access node specifically comprises the following steps:
CGE algorithm: SV and NAP respectively have a group of paillier key pairs of (pk, sk) and (pk) NAP ,sk NAP ) Given two integers a, b, two ciphertext integers a = [ a ] are obtained by encrypting with a public key pk] pk ,B=[b] pk The CGE algorithm calculates A and B to obtain the relation between a and B;
the CGE algorithm is performed as follows:
(1) SV selects a relatively small positive integer r and calculates
Figure FDA0003835215740000032
According to the additive homomorphism of the paillier encryption algorithm, exist
Figure FDA0003835215740000033
(a-b) and (a-b) × r have the same designation, since r is a small positive integer and SV sends X to NAP;
(2) NAP decrypts X by using private key sk to obtain plaintext X, and if X is larger than or equal to 0, the plaintext X is decrypted by NAP
Figure FDA0003835215740000034
Otherwise cause to
Figure FDA0003835215740000035
Sending the results to the SVs;
(3) After receiving result, SV uses private key sk cp Encrypt it to obtain
Figure FDA0003835215740000036
CE algorithm: the objective of the CE algorithm is to compute two ciphertext integers a = [ a ]] pk And B = [ B ]] pk Determining whether the plaintext a and b are equal to realize an accurate searching function, and realizing twice CGE algorithm by the CE algorithm; during searching, after acquiring the trapdoor tuple TTS, the NAP firstly executes fuzzy search, puts items matched with the TTS into a candidate set TTS ', and the NAP accurately searches the TTS' to obtain a final result TTS ";
after the NAP obtains the final set TTS ', the NAP obtains row vectors associated with all items in the TTS' from the encryption matrix eta
Figure FDA0003835215740000037
NAP multiplies each row vector by the correlation coefficient of the corresponding keyword trapdoor sent by SV, adds all the row vectors and obtains v result And then transmitted to DC.
2. The encrypted data retrieving and sharing method according to claim 1, wherein the step of constructing the index comprises:
(1) The AP calculates a relevance score between the file and the keyword by using an optimized TF multiplied by IDF algorithm;
(2) The AP executes preprocessing operation on the keywords in the dictionary;
(3) AP uses the public Key of SV
Figure FDA0003835215740000041
Encrypting a keyword in a dictionary and a letter or a single character in the keyword to obtain the following tuples:
Figure FDA0003835215740000042
Figure FDA0003835215740000043
Figure FDA0003835215740000044
AP uses a hash function H w (·),H f And (c) a random function R (·), generating an encryption index using the obtained key ciphertext tuple and the file identifier, the creation steps of which are as follows:
step one, initializing a matrix eta of a (m '× n') latitude, wherein m is less than or equal to m ', n is less than or equal to n', m is the maximum number in a keyword set, n is the maximum number in a data set, and setting all elements in the matrix to be 0;
step two, for x =1,2, \8230;, n 'and y =1,2, \8230;, m' encryption matrix index, AP utilizes hash function H w (. DEG) generating a hash table alpha w (. To) in which the mapping result α is included w ([w i ] pk ) AP uses R (-) and H (-) to generate a hash table alpha f (. To) containing the mapping result α f (f y ) As follows:
R(id y )=f y
α f (f y )→t;
thirdly, establishing a corresponding relation between the file and the keywords based on the initialization matrix eta, if the file id y And the key word w appears in the case that y is more than 1 and less than n x X is more than or equal to 1 and less than or equal to m, the corresponding element in the matrix eta is set as w x And id y TF × IDF value of otherwiseSet to 0;
AP only transmits the encrypted index to NAP, and reserves hash function H w (·)、H f (. Cndot.) and a random function R (-).
3. The encrypted data retrieval and sharing method according to claim 1, wherein the smart vehicle sends its attribute set to the authority after obtaining the query result, and then the authority returns the encryption key, and the smart vehicle decrypts the file by using the key to obtain the plaintext set for file decryption, specifically comprising: after obtaining the query result, the SV transmits the attribute set Att of the SV to the AP, and the AP decrypts the relevant encryption key based on the Att:
Figure FDA0003835215740000051
the SV decrypts the ciphertext data by using the symmetric key K to obtain a plaintext set of the query result, and the process is as follows:
Figure FDA0003835215740000052
Figure FDA0003835215740000053
the specific steps for updating the data or the keywords are as follows:
and (3) updating the keywords: the SV does not need to transmit the update status onto DC;
(1) Key addition, when SV adds a key to the dictionary, an updated tuple is created containing the operation instruction op = "addition" and the key W that needs to be added add After AP receives the tuple from SV, AP first calculates W add And the value of TF x IDF between each file, the AP encrypts W using paillier add Obtain ciphertext [ w add ] paillier And deriving a vector based on the above values
Figure FDA0003835215740000054
AP forms a new tuple by the op and the vector and sends the new tuple to NAP, and the NAP utilizes the hash function H stored by the NAP w (. A) is to
Figure FDA0003835215740000055
Mapping to corresponding positions in the matrix index and adding the positions;
(2) The keyword is deleted, the operation instruction of SV is op = "deletion", and different from the adding operation, when NAP receives the keyword w del Ciphertext of (1) del ] paillier Temporal NAP may use hash function H w (. To) map its position in the matrix index and then remove the relevant vector v from the matrix index del
And (3) updating data: the data update and key update operations are completely different, the key update only needs to be operated on the NAP, and then the data update needs to be simultaneously performed on the NAP and the DC;
(1) Data deletion, file update and key update are different, the file update requires the AP to send out update operation to the NAP and the DC, and in the case of file deletion, SV generates a tuple containing the file identifier f of the file to be deleted del And deleting the instruction op = 'deletion', after the AP receives the tuple, utilizing the hash function H stored by the AP f (. To) map to obtain [ f del ] paillier Position of
Figure FDA0003835215740000061
AP will newly generate tuple (op, pos) del ) Sent to NAP and DC respectively, the NAP and DC are in alpha f (. H) and their stored matrix indices;
(2) Data addition, the data addition operation also needs the SV to send an operation instruction op = 'add' and a file addition indicator f firstly add And addition and f add Related keywords { [ w { [ n ] paillier L (n = i, j, z, m, n, p) } to AP; AP uses Hash function H f (·) Map acquisition [ f add ] paillier Position pos of add AP also calculates f add And a keyword { [ w { [ n ] paillier TF × IDF between | (n = i, j, z, m, n, p) }; generating a set of tuples { ([ w ] n ] paillier ,(TF×IDF) n ) | | (n = i, j, z, m, n, p) }, the AP will be (op, [ f } add ] paillier ) Transmitted to DC for updating the bidirectional hash table alpha stored on DC f (. C.) while AP will be (op, [ f.) add ] paillier ,{([w n ] paillier ,(TF×IDF) n ) | l (n = i, j, z, m, n, p) }) is transmitted to the NAP, updating the matrix index stored at the NAP.
4. A computer device comprising a memory and a processor, the memory storing a computer program which, when executed by the processor, causes the processor to perform the encrypted data retrieval and sharing method of any one of claims 1 to 3.
5. A computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the encrypted data retrieval and sharing method of any one of claims 1 to 3.
6. A vehicle information data processing terminal characterized by being configured to implement the encrypted data retrieval and sharing method according to any one of claims 1 to 3.
7. An encrypted data retrieval and sharing system for implementing the encrypted data retrieval and sharing method according to any one of claims 1 to 3, wherein the encrypted data retrieval and sharing system comprises:
the system initialization module is used for performing system initialization firstly in the system initialization stage, wherein the system initialization comprises key initialization and file initialization;
the system comprises an encryption index generation module, an encryption index generation module and a file identifier generation module, wherein the encryption index generation module is used for calculating a correlation score between keywords by using an optimization algorithm by an authority, acquiring a tuple by using the keyword or a single character in a public key encryption dictionary of the intelligent vehicle, and generating an encryption index by using a hash function and a random function by the authority and using the acquired keyword ciphertext tuple and the file identifier;
the trapdoor generation module is used for generating the trapdoor; the intelligent automobile calculates the weights of all keywords in the query keyword set according to the dependency grammar and the phrase structure tree; the intelligent automobile generates a trap door by using a public key as a keyword, and a final tuple is obtained by combining the weight and the trap door;
the search result acquisition module is used for performing fuzzy search by the network access node after the tuple is obtained, putting the trapdoor tuple into the candidate set, and performing accurate search on the candidate set by the network access node to obtain a final search result;
the plaintext set acquisition module is used for sending the attribute set of the intelligent vehicle to the authority after the intelligent vehicle obtains the query result, the authority returns the encryption key, and the intelligent vehicle decrypts the file by using the key to obtain a plaintext set;
and the updating module is used for updating the data or the keywords.
CN202011430096.7A 2020-12-09 2020-12-09 Encrypted data retrieval and sharing method, system, medium, equipment and application Active CN112632598B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011430096.7A CN112632598B (en) 2020-12-09 2020-12-09 Encrypted data retrieval and sharing method, system, medium, equipment and application

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011430096.7A CN112632598B (en) 2020-12-09 2020-12-09 Encrypted data retrieval and sharing method, system, medium, equipment and application

Publications (2)

Publication Number Publication Date
CN112632598A CN112632598A (en) 2021-04-09
CN112632598B true CN112632598B (en) 2022-10-18

Family

ID=75308970

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011430096.7A Active CN112632598B (en) 2020-12-09 2020-12-09 Encrypted data retrieval and sharing method, system, medium, equipment and application

Country Status (1)

Country Link
CN (1) CN112632598B (en)

Families Citing this family (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113343000A (en) * 2021-05-17 2021-09-03 杭州未名信科科技有限公司 Image encryption method and device based on national cryptographic algorithm, electronic equipment and medium
CN114219052A (en) * 2022-02-23 2022-03-22 富算科技(上海)有限公司 Graph data fusion method and device, electronic equipment and storage medium
CN114422273B (en) * 2022-03-29 2022-06-17 四川高速公路建设开发集团有限公司 Sensitive decision data safety sharing method in intelligent construction engineering information system
CN114826736A (en) * 2022-04-26 2022-07-29 平安普惠企业管理有限公司 Information sharing method, device, equipment and storage medium
CN114727106A (en) * 2022-06-08 2022-07-08 深圳市温暖生活科技有限公司 Signal processing and transmission method and system of electronic equipment
CN115033925B (en) * 2022-08-11 2022-10-28 三未信安科技股份有限公司 Database security retrieval method
CN117131209B (en) * 2023-10-26 2024-02-13 中国传媒大学 Phrase searching and verifying method and system for encrypted data based on blockchain
CN117574435B (en) * 2024-01-12 2024-04-23 云阵(杭州)互联网技术有限公司 Multi-keyword trace query method, device and system based on homomorphic encryption
CN117596085A (en) * 2024-01-19 2024-02-23 华南理工大学 Searchable encryption method with forward and backward privacy based on attribute set

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106326360A (en) * 2016-08-10 2017-01-11 武汉科技大学 Fuzzy multi-keyword retrieval method of encrypted data in cloud environment
WO2018047698A1 (en) * 2016-09-12 2018-03-15 日本電信電話株式会社 Encoded message retrieval method, message transmission/reception system, server, terminal, and program
CN108345802A (en) * 2018-02-11 2018-07-31 西安电子科技大学 Join safe and efficient cipher text retrieval method, the onboard system of cloud system based on vehicle
CN108712366A (en) * 2018-03-27 2018-10-26 西安电子科技大学 That morphology meaning of a word fuzzy search is supported in cloud environment can search for encryption method and system
WO2019153813A1 (en) * 2018-02-07 2019-08-15 华南理工大学 Full-text fuzzy retrieval method for similar chinese characters in ciphertext domain
CN110908959A (en) * 2019-10-30 2020-03-24 西安电子科技大学 Dynamic searchable encryption method supporting multi-keyword and result sorting
CN111556495A (en) * 2020-03-19 2020-08-18 西安电子科技大学 Multi-user searchable encryption method and encryption system in Internet of vehicles environment

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106326360A (en) * 2016-08-10 2017-01-11 武汉科技大学 Fuzzy multi-keyword retrieval method of encrypted data in cloud environment
WO2018047698A1 (en) * 2016-09-12 2018-03-15 日本電信電話株式会社 Encoded message retrieval method, message transmission/reception system, server, terminal, and program
WO2019153813A1 (en) * 2018-02-07 2019-08-15 华南理工大学 Full-text fuzzy retrieval method for similar chinese characters in ciphertext domain
CN108345802A (en) * 2018-02-11 2018-07-31 西安电子科技大学 Join safe and efficient cipher text retrieval method, the onboard system of cloud system based on vehicle
CN108712366A (en) * 2018-03-27 2018-10-26 西安电子科技大学 That morphology meaning of a word fuzzy search is supported in cloud environment can search for encryption method and system
CN110908959A (en) * 2019-10-30 2020-03-24 西安电子科技大学 Dynamic searchable encryption method supporting multi-keyword and result sorting
CN111556495A (en) * 2020-03-19 2020-08-18 西安电子科技大学 Multi-user searchable encryption method and encryption system in Internet of vehicles environment

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
A Novel Dynamic Ranked Fuzzy Keyword Search over Cloud Encrypted Data;Wang Jie等;《2014 IEEE 12th International Conference on Dependable, Autonomic and Secure Computing》;20141106;全文 *
Secure and Efficient Privacy-Preserving Ciphertext Retrieval in Connected Vehicular Cloud Computing;Kai Fan等;《IEEE Network》;20180604;全文 *
云环境下支持多用户模糊检索加密算法研究;李陶深等;《小型微型计算机系统》;20161015(第10期);全文 *
基于语义扩展的多关键词可搜索加密算法;徐光伟等;《计算机研究与发展》;20191031;全文 *

Also Published As

Publication number Publication date
CN112632598A (en) 2021-04-09

Similar Documents

Publication Publication Date Title
CN112632598B (en) Encrypted data retrieval and sharing method, system, medium, equipment and application
Jiang et al. A utility-aware general framework with quantifiable privacy preservation for destination prediction in LBSs
US11537626B2 (en) Full-text fuzzy search method for similar-form Chinese characters in ciphertext domain
Fu et al. Enabling central keyword-based semantic extension search over encrypted outsourced data
CN106815350B (en) Dynamic ciphertext multi-keyword fuzzy search method in cloud environment
CN110138561B (en) Efficient ciphertext retrieval method based on CP-ABE automatic correction and cloud computing service system
CN113626484B (en) Encryption method, system and computer equipment capable of flexibly replacing ciphertext and searching
CN108388807A (en) It is a kind of that the multiple key sequence that efficiently can verify that of preference search and Boolean Search is supported to can search for encryption method
Jing et al. Authentication of k nearest neighbor query on road networks
CN104023051A (en) Multi-user multi-keyword searchable encryption method in cloud storage
CN109493017A (en) Credible outsourcing storage method based on block chain
CN108345802B (en) Safe and efficient ciphertext retrieval method based on vehicle-connected cloud system and vehicle-mounted system
CN110908959A (en) Dynamic searchable encryption method supporting multi-keyword and result sorting
Negi et al. Pystin: Enabling Secure LBS in Smart Cities With Privacy-Preserving Top-$ k $ Spatial–Textual Query
Kermanshahi et al. Geometric range search on encrypted data with forward/backward security
CN109088719A (en) Outsourced database multi-key word can verify that cipher text searching method, data processing system
Du et al. GraphShield: Dynamic large graphs for secure queries with forward privacy
CN114531220A (en) Efficient fault-tolerant dynamic phrase searching method based on forward privacy and backward privacy
CN110222520B (en) Keyword query method for supporting graph encrypted data in cloud environment
Wang et al. Encrypted data retrieval and sharing scheme in space–air–ground-integrated vehicular networks
Li et al. Secure semantic-aware search over dynamic spatial data in VANETs
Xu et al. Dynamic chameleon authentication tree for verifiable data streaming in 5G networks
CN108319659B (en) Social contact discovery method based on encrypted image quick search
CN112118257B (en) Security-enhanced keyword search method based on public key encryption
Huang et al. Efficient fuzzy keyword search over encrypted medical and health data in hybrid cloud

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant