CN113098678A - Information processing method, terminal, center device, server, and storage medium - Google Patents

Information processing method, terminal, center device, server, and storage medium Download PDF

Info

Publication number
CN113098678A
CN113098678A CN201911339683.2A CN201911339683A CN113098678A CN 113098678 A CN113098678 A CN 113098678A CN 201911339683 A CN201911339683 A CN 201911339683A CN 113098678 A CN113098678 A CN 113098678A
Authority
CN
China
Prior art keywords
ciphertext
private key
decryption
terminal
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201911339683.2A
Other languages
Chinese (zh)
Other versions
CN113098678B (en
Inventor
沈强磊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Mobile Communications Group Co Ltd
China Mobile Suzhou Software Technology Co Ltd
Original Assignee
China Mobile Communications Group Co Ltd
China Mobile Suzhou Software Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Mobile Communications Group Co Ltd, China Mobile Suzhou Software Technology Co Ltd filed Critical China Mobile Communications Group Co Ltd
Priority to CN201911339683.2A priority Critical patent/CN113098678B/en
Publication of CN113098678A publication Critical patent/CN113098678A/en
Application granted granted Critical
Publication of CN113098678B publication Critical patent/CN113098678B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/76Proxy, i.e. using intermediary entity to perform cryptographic operations

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The embodiment of the application discloses an information processing method, a central device obtains a master key and a user attribute set, the user attribute of a decryption terminal is obtained from the user attribute set, a first private key and a second private key corresponding to the decryption terminal are generated according to the user attribute and the master key, the first private key is irrelevant to the user attribute of the decryption terminal, the second private key is relevant to the user attribute of the decryption terminal, the first private key is sent to a proxy server for the proxy server to assist the decryption terminal in decryption, and the second private key is sent to the decryption terminal for the decryption terminal to use in decryption.

Description

Information processing method, terminal, center device, server, and storage medium
Technical Field
The present application relates to the field of data encryption technologies, and in particular, to an information processing method, a terminal, a central device, a server, and a storage medium.
Background
With the development of cloud computing technology, users usually place data on a cloud server, distributed computing is completed through the cloud server, so that local resources are released and used for needed applications, meanwhile, other users log in the cloud server to apply for accessing the data, and data sharing with other users is achieved.
Based on an attribute-based encryption (ABE) mechanism proposed by Sahai, Waters, and the like, a user can decrypt data using a private key associated with its own attribute, thereby enabling the user to obtain different access rights according to its own attribute and protecting the privacy of the user.
Disclosure of Invention
The embodiment of the application provides an information processing method, a terminal, a central device, a server and a storage medium, and aims to improve the security of user information and improve decryption efficiency.
The technical scheme of the application is realized as follows:
the embodiment of the application provides an information processing method, which is applied to central equipment and comprises the following steps: acquiring a master key and a user attribute set; the user attribute set is a set of attributes contained in the user in a user list, and the master key is obtained based on the acquired security parameters; acquiring the user attribute of the decryption terminal from the user attribute set; generating a first private key and a second private key corresponding to the decryption terminal according to the user attribute and the master key, wherein the first private key is irrelevant to the user attribute of the decryption terminal; the second private key is related to the user attribute of the decryption terminal; sending the first private key to a proxy server for the proxy server to assist the decryption terminal in decryption; and sending the second private key to the decryption terminal for the decryption terminal to use in decryption.
In the above method, the generating a first private key and a second private key corresponding to the decryption terminal according to the user attribute and the master key includes: acquiring a first random number and an attribute random number corresponding to the user attribute of the decryption terminal; generating the first private key according to the first random number and the master key; and acquiring a second private key of the decryption terminal according to the first random number, the attribute random number, the master key and the user attribute of the decryption terminal.
In the above method, before the obtaining the master key and the user attribute set, the method further includes: acquiring a security parameter and a system attribute set; the security parameters are parameters which are acquired by the central equipment and used for encryption; the system attribute set is all attribute sets; generating a system public key and the master key based on the security parameters; sending the system public key and the system attribute set to an encryption terminal so that the encryption terminal can encrypt a plaintext; the plaintext is data to be encrypted.
In the above method, the security parameters include: generating an element, a second random number and a third random number, wherein the second random number and the third random number are arbitrary positive numbers; generating a system public key and the master key based on the security parameters includes: and generating the system public key and the master key according to a preset bilinear mapping, the generator, the second random number and the third random number.
In the above method, the method further comprises: receiving revocation information sent by the decryption terminal; the decryption terminal is a terminal in the user list; updating the user list according to the revocation information to obtain an updated user list; generating an agent re-key; and sending the updated user list and the proxy re-key to the proxy server so that the proxy server updates the first private key based on the updated user list and the proxy re-key, and sending the proxy re-key to a storage server so that the storage server re-encrypts a ciphertext.
In the above method, the method further comprises: receiving attribute revocation information sent by the decryption terminal; acquiring a user attribute revocation list; the user attribute revocation list represents the terminals of the revoked attributes and the revoked attributes; updating the user attribute revocation list according to the attribute revocation information to obtain an updated user attribute revocation list; and sending the updated user attribute revocation list to the decryption terminal for use when the decryption terminal decrypts.
The embodiment of the application provides an information processing method, which is applied to a decryption terminal and comprises the following steps: receiving a second private key sent by the central equipment; obtaining a ciphertext through a storage server; receiving, by a proxy server, a first private key; and decrypting the ciphertext by adopting the first private key and the second private key to obtain a plaintext.
In the above method, the method further comprises: receiving a user attribute revocation list through a central device; and decrypting the ciphertext by adopting the first private key, the second private key and the user attribute revocation list to obtain the plaintext.
In the above method, the decrypting the ciphertext by using the first private key, the second private key, and the user attribute revocation list to obtain a plaintext includes: acquiring a first ciphertext component, a second ciphertext component, a main ciphertext component and an access structure tree from the ciphertext; the first ciphertext component is related to system attributes, the second ciphertext component is unrelated to the system attributes, the main ciphertext component is obtained after plaintext is encrypted, and the access structure tree is a decryption condition; and decrypting a main ciphertext component by using the first private key, the second private key, the first ciphertext component, the second ciphertext component, the access structure tree and the user attribute revocation list to obtain the plaintext.
In the above method, the decrypting a main ciphertext component by using the first private key, the second private key, the first ciphertext component, the second ciphertext component, the access structure tree, and the user attribute revocation list to obtain the plaintext includes: acquiring a recursive algorithm according to the second private key, the second ciphertext component and the access structure tree, and acquiring a recursive operation result according to the recursive algorithm and a user attribute revocation list; and decrypting according to the first private key, the first ciphertext component, the recursive operation result and the main ciphertext component to obtain the plaintext.
In the above method, the obtaining a result of the recursive operation according to a preset recursive algorithm, the second private key, the second ciphertext component, the access structure tree, and the user attribute revocation list includes: performing recursion operation on the current node in the access structure tree according to the recursion algorithm, the access structure tree and the user attribute revocation list to obtain a sub-recursion operation result; and continuing to perform recursive operation on the nodes in the previous layer based on the sub-recursive operation result until the root node performs the recursive operation to obtain the recursive operation result.
In the above method, the performing a recursive operation on a node at the bottom layer in the access structure tree according to the preset recursive algorithm, the access structure tree, and the user attribute revocation list to obtain a sub-recursive operation result includes: querying whether the attribute of the current node in the access structure tree is in the user attribute revocation list; when the attribute of the current node is in the user attribute revocation list, outputting a preset result as the recursive operation result; and when the attribute corresponding to the current node is not in the user attribute revocation list, carrying out recursive operation on the current node according to the recursive algorithm to obtain the sub-recursive operation result of the current node.
In the above method, after the first private key and the second private key are used to decrypt the ciphertext to obtain the plaintext, the method further includes: receiving, by the storage server, the re-encrypted ciphertext; receiving, by the proxy server, the updated first private key; and decrypting the re-encrypted ciphertext by using the updated first private key and the second private key to obtain the plaintext.
The embodiment of the application provides an information processing method, which is applied to an encryption terminal and comprises the following steps: receiving a system attribute set and a system public key through central equipment; acquiring encryption attributes from the system attribute set, and acquiring an access structure tree according to the encryption attributes; the encryption attribute is an attribute of a node of an access structure tree; encrypting a plaintext according to the system public key and the access structure tree to obtain a ciphertext; the plaintext is data to be encrypted; and sending the ciphertext to a storage server, so that the decryption terminal can acquire the ciphertext through the storage server.
In the above method, the encrypting a plaintext according to the system public key and a preset access structure tree to obtain a ciphertext includes: acquiring a fourth random number and a fifth random number; and encrypting the plaintext according to the access structure tree, the system public key, the fourth random number and the fifth random number to obtain the ciphertext.
In the above method, the encrypting the plaintext according to the access structure tree, the system public key, the fourth random number, and the fifth random number to obtain the ciphertext includes: determining a sixth random number according to the fourth random number and the fifth random number; acquiring a polynomial corresponding to the node of the access structure tree according to the fourth random number; generating a main ciphertext component according to the plaintext, the system public key and the sixth random number; generating a first ciphertext component according to the system public key, the fourth random number and the sixth random number; generating a second ciphertext component according to the system public key and the polynomial; and encrypting the plaintext according to the access structure tree, the main ciphertext component, the first ciphertext component and the second ciphertext component to obtain the ciphertext.
The embodiment of the application provides an information processing method, which is applied to a storage server and comprises the following steps: receiving a ciphertext transmitted by an encryption terminal; receiving a ciphertext access request of a decryption terminal; the ciphertext access request carries ciphertext description information of the request access; and the sign green is written in the specification, and the explanation ciphertext description information sends the ciphertext to the decryption terminal based on the ciphertext access request.
In the above method, before receiving the ciphertext access request of the decryption terminal, the method further includes: receiving an agent re-key of the central equipment; re-encrypting the ciphertext according to the proxy re-key to obtain a re-encrypted ciphertext; after receiving the ciphertext access request of the decryption terminal, the method further includes: and sending the re-encrypted ciphertext to the decryption terminal based on the ciphertext access request.
In the above method, re-encrypting the ciphertext according to the proxy re-key to obtain a re-encrypted ciphertext includes: acquiring a re-encrypted random number; obtaining an updated fourth random number according to the fourth random number and the re-encrypted random number; obtaining an updated fifth random number according to the fifth random number and the re-encrypted random number; updating the first ciphertext component and the main ciphertext component in the ciphertext according to the updated fourth random number and the updated fifth random number to obtain an updated first ciphertext component and an updated main ciphertext component; and re-encrypting the ciphertext according to the access structure tree, the updated first ciphertext component, the updated second ciphertext component and the updated main ciphertext component to obtain the re-encrypted ciphertext.
The embodiment of the application provides an information processing method, which is applied to a proxy server and comprises the following steps: receiving a first private key sent by central equipment; receiving a decryption request of a decryption terminal; and sending the first private key to the decryption terminal based on the decryption request.
In the above method, after receiving the first private key sent by the center device and before receiving the decryption request of the decryption terminal, the method further includes: receiving an agent re-key and an updated user list sent by the central equipment; updating the first private key according to the agent re-key and the updated user list to obtain an updated first private key; the sending the first private key to the decryption terminal based on the decryption request includes: and when the decryption terminal is in the updated user list, sending the updated first private key to the decryption terminal.
An embodiment of the present application provides a center device, including:
the acquisition module is used for acquiring a master key and a user attribute set; the user attribute set is a set of attributes contained in the user in a user list, and the master key is obtained based on the acquired security parameters;
acquiring the user attribute of the decryption terminal from the user attribute set;
the generation module is used for generating a first private key and a second private key corresponding to the decryption terminal according to the user attribute and the master key, wherein the first private key is irrelevant to the user attribute of the decryption terminal; the second private key is related to the user attribute of the decryption terminal;
the sending module is used for sending the first private key to a proxy server for the proxy server to assist the decryption terminal in decryption; and sending the second private key to the decryption terminal for the decryption terminal to use in decryption.
An embodiment of the present application provides a decryption terminal, including:
the receiving module is used for receiving a second private key sent by the central equipment; obtaining a ciphertext through a storage server; receiving, by a proxy server, a first private key; receiving a user attribute revocation list through a central device;
and the decryption module is used for decrypting the ciphertext by adopting the first private key and the second private key to obtain a plaintext.
The embodiment of the application provides a decryption terminal, including:
the acquisition module is used for receiving the system attribute set and the system public key through the central equipment; acquiring encryption attributes from the system attribute set, and acquiring an access structure tree according to the encryption attributes; the encryption attribute is an attribute of a node of an access structure tree;
the encryption module is used for encrypting a plaintext according to the system public key and the access structure tree to obtain a ciphertext; the plaintext is data to be encrypted;
and the sending module is used for sending the ciphertext to a storage server so that the decryption terminal can obtain the ciphertext through the storage server.
An embodiment of the present application provides a storage server, including:
the receiving module is used for receiving the ciphertext sent by the encryption terminal and receiving a ciphertext access request of the decryption terminal; the ciphertext access request carries ciphertext description information of the request access;
and the sending module is used for sending the ciphertext to the decryption terminal based on the ciphertext access request.
An embodiment of the present application provides a proxy server, including:
the receiving module is used for receiving a first private key sent by the central equipment and a decryption request of the decryption terminal;
and the sending module is used for sending the first private key to a decryption terminal based on the decryption request.
The embodiment of the application provides a storage medium, which is applied to a center device, wherein the storage medium stores one or more programs, and the one or more programs can be executed by one or more first processors to realize an information processing method corresponding to the center device side in the embodiment of the application.
The embodiment of the application provides a storage medium, which is applied to a decryption terminal, wherein the storage medium stores one or more programs, and the one or more programs can be executed by one or more second processors to realize an information processing method corresponding to the decryption terminal side in the embodiment of the application.
The embodiment of the application provides a storage medium, which is applied to an encryption terminal, wherein the storage medium stores one or more programs, and the one or more programs can be executed by one or more third processors to realize the information processing method corresponding to the encryption terminal side in the embodiment of the application.
The embodiment of the application provides a storage medium, which is applied to a storage server, wherein the storage medium stores one or more programs, and the one or more programs can be executed by one or more fourth processors to realize an information processing method corresponding to the storage server side in the embodiment of the application.
The embodiment of the application provides a storage medium, which is applied to a proxy server, wherein the storage medium stores one or more programs, and the one or more programs can be executed by one or more fifth processors to realize an information processing method corresponding to the proxy server side in the embodiment of the application.
The embodiment of the application provides an information processing method, after a central device acquires a master key and a user attribute set, the central device acquires the user attribute of a decryption terminal from the user attribute set, generates a first private key and a second private key corresponding to the decryption terminal according to the master key and the user attribute of the decryption terminal, wherein the first private key is irrelevant to the user attribute of the decryption terminal, the second private key is relevant to the user attribute of the decryption terminal, and then sends the first private key to a proxy server for the proxy server to assist the decryption terminal in decryption, and sends the second private key to the decryption terminal for the decryption terminal to use in decryption, namely, the second private key relevant to the user attribute in the application is kept by the user, and the proxy server can only acquire the first private key irrelevant to the user attribute, so that the proxy server cannot check user data, and the security of the user privacy is improved, therefore, when the user revokes and the private key needs to be updated, the authority limit of the revoked user can be realized by updating the first private key through the proxy server without updating the second private key, so that the calculation amount required for limiting the authority of the user is greatly reduced, and the encryption efficiency is improved.
Drawings
Fig. 1 is a schematic system structure diagram of an optional information processing method according to an embodiment of the present application;
fig. 2 is a schematic flowchart of an alternative information processing method according to an embodiment of the present application;
fig. 3 is a schematic flowchart of an alternative information processing method according to an embodiment of the present application;
fig. 4 is a schematic flowchart of an alternative information processing method according to an embodiment of the present application;
fig. 5 is a schematic flowchart of an alternative information processing method according to an embodiment of the present application;
fig. 6 is a schematic flowchart of an alternative information processing method according to an embodiment of the present application;
fig. 7 is a schematic flowchart of an optional information processing method according to a second embodiment of the present application;
fig. 8 is a schematic flowchart of an alternative information processing method according to a second embodiment of the present application;
fig. 9 is a schematic flowchart of an alternative information processing method according to a second embodiment of the present application;
fig. 10 is a schematic flowchart of an alternative information processing method according to the second embodiment of the present application;
fig. 11 is a schematic flowchart of an optional information processing method according to a second embodiment of the present application;
fig. 12 is a schematic flowchart of an alternative information processing method according to a second embodiment of the present application;
fig. 13 is a schematic flowchart of an optional information processing method according to a third embodiment of the present application;
fig. 14 is a schematic flowchart of an alternative information processing method according to a third embodiment of the present application;
fig. 15 is a schematic flowchart of an alternative information processing method according to the fourth embodiment of the present application;
fig. 16 is a schematic flowchart of an alternative information processing method according to the fourth embodiment of the present application;
fig. 17 is a schematic flowchart of an alternative information processing method according to the fourth embodiment of the present application;
fig. 18 is a schematic flowchart of an optional information processing method according to a fifth embodiment of the present application;
fig. 19 is a schematic flowchart of an optional information processing method according to a fifth embodiment of the present application;
fig. 20 is a schematic flowchart of an alternative information processing method according to a sixth embodiment of the present application;
fig. 21 is a schematic flowchart of an alternative information processing method according to a sixth embodiment of the present application;
fig. 22 is a schematic structural diagram of an alternative center device according to a seventh embodiment of the present disclosure;
fig. 23 is a first schematic structural diagram of an alternative decryption terminal according to a seventh embodiment of the present application;
fig. 24 is a first schematic structural diagram of an alternative encryption terminal according to a seventh embodiment of the present application;
fig. 25 is a first schematic structural diagram of an alternative storage server according to a seventh embodiment of the present disclosure;
fig. 26 is a first schematic structural diagram of an alternative proxy server according to a seventh embodiment of the present application;
fig. 27 is a schematic structural diagram of an alternative center device according to a seventh embodiment of the present disclosure;
fig. 28 is a schematic structural diagram of an alternative decryption terminal according to a seventh embodiment of the present application;
fig. 29 is a second schematic structural diagram of an optional encryption terminal according to a seventh embodiment of the present application;
fig. 30 is a schematic structural diagram of an alternative storage server according to a seventh embodiment of the present application;
fig. 31 is a schematic structural diagram of an alternative proxy server according to a seventh embodiment of the present application;
Detailed Description
The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application.
In order to more clearly illustrate the embodiments of the present application or technical solutions in the prior art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are only a part of the embodiments of the present application, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
The embodiment of the present application provides an information processing system architecture, which includes a central device 100, a proxy server 200, a storage server 300, and at least two terminals, wherein one terminal is an encryption terminal 400, and the other terminals are decryption terminals 500, as shown in fig. 1, wherein the central device 100 is connected to the proxy server 200, the storage server 300, the encryption terminal 400, and the decryption terminal 500, and the proxy server 200 and the storage server 300 are connected to the encryption terminal 400 and the decryption terminal 500, respectively.
Based on the above architecture, the embodiments of the present application propose the following implementation.
Example one
An embodiment of the present application provides a selectable information processing method, which is applied to a central device, and as shown in fig. 2, the method includes:
s201, acquiring a master key and a user attribute set; the user attribute set is a set of attributes contained in the user list, and the master key is obtained based on the acquired security parameters;
in the embodiment of the application, the user list comprises user names and user accounts of all registered terminals, the user acquires the only user name and user account after registering, only the terminal in the user list can acquire a private key to decrypt a ciphertext, and when the user is revoked, namely the user name and the user account of the terminal are revoked, the decryption authority of the revoked terminal needs to be limited; the user attribute set comprises the attribute set of each terminal in the user list, when the central equipment generates the private key of the decryption terminal, the user attribute of the decryption terminal can be obtained from the user attribute set, and the private key corresponding to the decryption terminal is generated according to the user attribute of the decryption terminal.
It should be noted that both the user list and the user attribute set are managed by the central device, the central device may obtain the user name and the user account of the user through a terminal used by the user, add the user name and the user account corresponding to the terminal into the user list, add the user name and the user account of the new user into the user list when a new user registers, and delete the user name and the user account of the user from the user list when the user in the user list is revoked, thereby updating the user list and enabling only the registered user name and user account to be in the user list.
In the embodiment of the application, after the user registers, the central device further obtains the attribute set of the newly registered user through the terminal, and adds the attribute set of the newly registered user into the user attribute set, so that the user attribute set comprises the attribute set of the registered user, and when the central device updates the user list, the attribute set of the user corresponding to the user attribute set is correspondingly updated.
It is to be understood that when the terminal is used by a registered user, the terminal is a registered terminal, wherein the user attribute of the terminal is an attribute of the user using the terminal, for example, when the user a uses a terminal, the user name, the user account number and the user attribute of the terminal are the user name, the user account number and the user attribute of the user a, and when the user a is revoked, that is, the user account number of the user a is revoked, and the terminal is used by the user B, the user name, the user account number and the user attribute of the terminal are the user name, the user account number and the user attribute of the user B.
S202, acquiring the user attribute of the decryption terminal from the user attribute set;
when the central device generates the corresponding private key for the decryption terminal, it needs to obtain the user attribute of the decryption terminal from the user attribute set, and generate the corresponding private key according to the user attribute of the decryption terminal, that is, the private key of each decryption terminal is related to its own attribute, and when the user attributes of the decryption terminals are different, the corresponding private keys are also different.
S203, generating a first private key and a second private key corresponding to the decryption terminal according to the user attribute and the master key, wherein the first private key is irrelevant to the user attribute of the decryption terminal; the second private key is related to the user attribute of the decryption terminal;
in the embodiment of the application, after the central device obtains the master key and the user attribute of the decryption terminal from the user attribute set, a second private key corresponding to the decryption terminal is generated according to the master key and the user attribute of the decryption terminal, and the second private key is related to the user attribute of the decryption terminal; the central equipment generates a first private key according to the master key, and the first private key is irrelevant to the user attribute.
S204, sending the first private key to the proxy server for the proxy server to assist the decryption terminal in decryption;
in the embodiment of the application, after the central device generates the first private key, the first private key is sent to the proxy server, and when the decryption terminal needs to decrypt, the first private key is obtained from the proxy server, so that the decryption terminal can decrypt according to the first private key and the second private key.
S205, sending the second private key to the decryption terminal for the decryption terminal to use in decryption.
It can be understood that after the central device generates the second private key, the central device sends the second private key to the corresponding decryption terminal, that is, the second private key related to the attribute of the decryption terminal is stored by the decryption terminal and cannot be checked by a third party organization, so that the security of the user data is improved.
It can be understood that, after the central device obtains the master key and the user attribute set, the central device obtains the user attribute of the decryption terminal from the user attribute set, and generates the first private key and the second private key corresponding to the decryption terminal according to the master key and the user attribute of the decryption terminal, wherein the first private key is irrelevant to the user attribute of the decryption terminal, and the second private key is relevant to the user attribute of the decryption terminal, and then sends the first private key to the proxy server for the proxy server to assist the decryption terminal in decryption, and sends the second private key to the decryption terminal for the decryption terminal to use during decryption, that is, in this application, the second private key relevant to the user attribute is kept by the user himself, and the proxy server can only obtain the first private key irrelevant to the user attribute, therefore, the proxy server cannot view the user data, thereby improving the security of the user privacy, when the user revocation happens and the private key needs to be updated, the authority limit of the revoked user can be realized by updating the first private key through the proxy server without updating the second private key, so that the calculation amount required for limiting the authority of the user is greatly reduced, and the encryption efficiency is improved.
In an embodiment of the present application, a specific implementation of generating, in S202, a first private key and a second private key corresponding to a decryption terminal according to a user attribute and the master key is shown in fig. 3, and may include:
s301, acquiring a first random number and an attribute random number corresponding to the user attribute of the decryption terminal;
in the embodiment of the present application, the first random number and the attribute random number are any positive numbers, and may be automatically generated by a random number generation algorithm, such as a linear congruence method, a square-mean-square method, a meisen rotation algorithm, and the like, and the specific algorithm is not specifically limited in the embodiment of the present application.
S302, generating a first private key of a decryption terminal according to the first random number and the master key;
s303, generating a second private key of the decryption terminal according to the first random number, the attribute random number, the master key and the user attribute of the decryption terminal.
In this embodiment of the present application, after obtaining the first random number, the attribute random number, the master key, and the user attribute of the decryption terminal, the central device may generate a first private key and a second private key of the decryption terminal, where the first private key is generated according to the first random number and the master key, the second private key is generated according to the attribute random number, the master key, and the user attribute of the decryption terminal, and both the first private key and the second private key may include multiple private key components, and the ciphertext is decrypted by these components, and a specific component composition is set by an actual need.
It should be noted that the second private key is associated with an attribute, and therefore, is also associated with a corresponding attribute random number.
It is understood that the center device generates the corresponding first random number and attribute random number for each decryption terminal, thereby generating the corresponding first private key and second private key thereof, and therefore, the corresponding first private key and second private key are different for different decryption terminals even with the same user attribute.
In an embodiment of the present application, before S201, an embodiment of the present application provides an optional information processing method, as shown in fig. 4, the method includes:
s401, obtaining a security parameter and a system attribute set; the security parameters are parameters used for encryption and acquired by the central equipment; the system attribute set is all attribute sets;
s402, generating a system public key and a master key based on the security parameters;
for example, for an enterprise office system, the system attribute set may be (department 1, department 2, male, female, manager, general staff member, or captain), so when new employees a and B join and register in the office system, the attribute of a is (department 1, male, general staff member), and the attribute of B is (manager, male), and a and B do not have the attribute that is not in the system attribute set, that is, the user attribute set is necessarily a subset of the system attribute set.
It can be understood that the central device generates a system public key and a master key, wherein the system public key is used for generating a ciphertext after being encrypted, and the master key is used for generating a private key, so that the private key can decrypt the ciphertext to obtain a plaintext.
In an embodiment of the present application, the central device obtains the security parameter to generate a system public key and a master key, where the security parameter may include a generator, a second random number and a third random number, where the second random number and the third random number are any positive numbers obtained through a random algorithm, and then generating the system public key and the master key according to the security parameter in S402 may include: and generating a system public key and a master key according to the preset bilinear mapping, the generating element, the second random number and the third random number.
In an embodiment of the present application, the central device selects a bilinear map G with generator G and a predetermined order of prime number p0Acquiring a second random number alpha and a third random number beta according to a random number algorithm, generating a system public key PK as formula (1) based on the second random number alpha and the third random number beta, and generating a master key MK as a public keyFormula (2):
Figure BDA0002331913280000131
MK=(β,gα) (2)
wherein, the system public key PK is based on the preset bilinear mapping G0The master key MK is generated according to the generator g, the second random number alpha and the third random number beta, a ciphertext obtained by encrypting a plaintext through PK is used, and the ciphertext can be decrypted through a private key generated by the MK to obtain the plaintext.
When generating a first private key and a second private key for a decryption terminal, a central device needs to obtain a first random number r and a user attribute set S of the decryption terminal, wherein the user attribute set S of the decryption terminal is a set of all user attributes of the decryption terminal, and then generates a corresponding attribute random number r for each attribute j in the user attribute set S of the decryption terminaljWherein r and rjIs an arbitrary positive number, whereby the center device generates a first private key D of the decryption terminalaGenerating a second private key D of the decryption terminal as formula (3)bIs formula (4):
Figure BDA0002331913280000141
Figure BDA0002331913280000142
wherein the first private key DaFrom component D1And D2Composition D of1Is generated according to a generator g, a first random number, a second random number and a third random number, D2Is generated according to the generator and the first random number; second private key DbFrom component DjAnd Dj'Composition, H (j) is the hash value corresponding to attribute j, DjIs based on the generator g in the master key MK, the attribute j of the decryption terminal andcorresponding attribute random number rjProduced of Dj'Is based on the generator g and the attribute random number r in the master key MKjGenerated, it can be understood that when there are n attributes in the user attribute set S of the decryption terminal, DaIn which n number of DjAnd n number of Dj'
S403, sending the system public key and the system attribute set to an encryption terminal so that the encryption terminal can encrypt a plaintext; the plaintext is the data to be encrypted.
It can be understood that after the central device obtains the system attribute set and generates the system public key, the system attribute set and the system public key are sent to the encryption terminal, so that the encryption terminal can select some user attributes in the system attribute set as encryption attributes according to needs, encrypt the plaintext by using the encryption attributes, and when the decryption terminal decrypts the ciphertext, the encryption attributes need to be decrypted by using the private key to obtain the plaintext, wherein the private key of the decryption terminal contains the user attributes of the decryption terminal, and when the user attributes of the decryption terminal contain the encryption attributes, the encryption attributes can be decrypted, so that the ciphertext is decrypted to obtain the plaintext.
Based on the foregoing embodiments, an embodiment of the present application further provides an optional information processing method, as shown in fig. 5, where the method includes:
s501, receiving revocation information sent by a decryption terminal; the decryption terminal is a terminal in the user list;
in the embodiment of the application, when a user revocation occurs, it is indicated that a decryption terminal in a user list has revoked its own user account, the decryption terminal is a revocation terminal, the central device receives revocation information sent by the revocation terminal, and the revocation information includes a user name and a user account of the revocation terminal.
S502, updating the user list according to the revocation information to obtain an updated user list;
s503, generating an agent re-key;
s504, the updated user list and the proxy re-key are sent to the proxy server, so that the proxy server updates the first private key based on the updated user list and the proxy re-key, and sends the proxy re-key to the storage server, and the storage server re-encrypts the ciphertext.
In the embodiment of the application, after receiving revocation information, the central device deletes the user name and the user account in the revocation information from the user list to obtain an updated user list, so that only the registered user name and the registered user account are in the user list.
In the embodiment of the application, after receiving the revocation information, the central device generates the proxy re-key, and sends the proxy re-key to the storage server, so that the storage server re-encrypts the ciphertext, and thus, the revocation terminal cannot decrypt the re-encrypted ciphertext by using the original private key, thereby realizing the limitation of the decryption authority of the revocation terminal.
Based on the foregoing embodiments, an embodiment of the present application further provides an optional information processing method, as shown in fig. 6, where the method includes:
s601, receiving attribute revocation information sent by a decryption terminal;
in this embodiment of the present application, when a user revocation occurs, it indicates that a user attribute of a decryption terminal in a user list is revoked, the decryption terminal is a terminal with a revoked attribute, the central device receives attribute revocation information sent by the terminal with the revoked attribute, where the attribute revocation information includes a user account of the terminal with the revoked attribute and a revoked user attribute, and it can be understood that the terminal with the revoked attribute may be any one or more decryption terminals, and the revoked user attribute may be any one or more attributes of the terminal with the revoked attribute, and then, decryption authority of the terminal with the revoked attribute needs to be limited, so that the terminal with the revoked attribute cannot decrypt a ciphertext.
S602, acquiring a user attribute revocation list; the user attribute revocation list represents the user name and the revoked attribute of the terminal with the revoked attribute;
it should be noted that the user attribute revocation list is an initialized empty list, and when the user attribute of the decryption terminal is revoked, the user account of the terminal to which the revocation attribute is added and the corresponding revoked user attribute are added in the user attribute revocation list, where the user attribute revocation list may be one table, where the table includes the user account and the corresponding revoked attribute, or may be multiple tables, that is, an empty list is initialized for each system attribute, the user account whose system attribute is revoked is placed in each list, and a specific form of the user attribute revocation list may be set as needed, which is not particularly limited in the embodiment of the present application.
S603, updating the user attribute revocation list according to the attribute revocation information to obtain an updated user attribute revocation list;
and S604, sending the updated user attribute revocation list to the decryption terminal for use when the decryption terminal decrypts the user attribute revocation list.
It can be understood that, after receiving the attribute revocation information of the decryption terminal, the central device adds the user account and the revoked user attribute in the attribute revocation information into the user attribute revocation list, so as to update the user attribute revocation list, obtain an updated user attribute revocation list, and sends the updated user attribute revocation list to the decryption terminal, so that the decryption terminal decrypts the ciphertext by using the user attribute revocation list, that is, when some user attributes of the decryption terminal are revoked, the second private key related to the user attribute is not updated, the decryption terminal still decrypts the ciphertext by using the original second private key, the original second private key includes the revoked user attribute, therefore, the decryption terminal also needs to use the user attribute revocation list, so as to avoid that the decryption terminal still has the same decryption right as before the user attribute is revoked after the user attribute is revoked, that is, the decryption terminal decrypts only the attributes that do not exist in the user attribute revocation list, thereby reducing the amount of decryption calculation and improving the decryption efficiency.
Example two
An embodiment of the present application provides an optional information processing method, which is applied to a decryption terminal, and as shown in fig. 7, the method includes:
s701, receiving a second private key sent by the central equipment;
s702, acquiring a ciphertext through a storage server;
s703, receiving a first private key through the proxy server;
s704, decrypting the ciphertext by using the first private key and the second private key to obtain a plaintext.
In this embodiment of the application, a user usually places a ciphertext on a storage server so that other users can view the ciphertext, that is, when a decryption terminal needs to view a plaintext, the ciphertext needs to be acquired through the storage server, and the ciphertext can be viewed after being decrypted, when a plurality of ciphertexts exist in the storage server, the decryption terminal needs to send a ciphertext request to the storage server, so as to instruct the storage server to send the ciphertext required by the decryption terminal to the decryption terminal, and then the decryption terminal decrypts the ciphertext to acquire the plaintext.
It should be noted that each decryption terminal has a unique first private key and a unique second private key, the central device generates a corresponding first private key for each decryption terminal, the second private keys are all placed in the proxy server, and when the decryption terminal needs to decrypt a ciphertext by using the first private key and the corresponding second private key, the proxy server needs to obtain the corresponding first private key, where the decryption terminal may send a decryption request to the proxy server to instruct the proxy server to send the corresponding first private key to the decryption terminal.
In the embodiment of the application, after the decryption terminal obtains the ciphertext and the first private key, the ciphertext can be decrypted through the first private key and the second private key, and accordingly the plaintext is obtained.
In an embodiment of the present application, the specific implementation of decrypting the ciphertext by using the first private key and the second private key in S704 to obtain the plaintext is shown in fig. 8, and may include:
s801, acquiring a first ciphertext component, a second ciphertext component, a main ciphertext component and an access structure tree from a ciphertext; the system comprises a first ciphertext component, a second ciphertext component, a main ciphertext component, an access structure tree and a system attribute, wherein the first ciphertext component is irrelevant to the system attribute, the second ciphertext component is relevant to the system attribute, the main ciphertext component is obtained after a plaintext is encrypted, and the access structure tree is a decryption condition;
s802, decrypting the main ciphertext component by adopting the first private key, the second private key, the first ciphertext component, the second ciphertext component, the access structure tree and the user attribute revocation list to obtain a plaintext.
In the embodiment of the application, the ciphertext obtained by the decryption terminal comprises a first ciphertext component, a second ciphertext component, a main ciphertext component and an access structure tree, wherein the main ciphertext component comprises a plaintext, and the first ciphertext component, the second ciphertext component and the access structure tree are all used for decrypting the main ciphertext component together with the first private key and the second private key to obtain the plaintext.
The system attribute related to the first ciphertext component is an encryption attribute selected from the system attribute set, when the decryption terminal has a user attribute consistent with the encryption attribute, the encryption attribute can be decrypted, and when the decryption result meets the decryption condition represented by the access structure tree, the main ciphertext component can be decrypted to obtain a plaintext.
For example, the ciphertext obtained by the decryption terminal is shown in formula (5):
Figure BDA0002331913280000181
where, τ represents the access structure tree,
Figure BDA0002331913280000182
being a master ciphertext component, CT1Representing a first ciphertext component, CT2Representing a second ciphertext component.
In an embodiment of the present application, the specific implementation that the decrypting is performed on the main ciphertext component by using the first private key, the second private key, the first ciphertext component, the second ciphertext component, the access structure tree, and the user attribute revocation list in S802 to obtain the plaintext is shown in fig. 9, and may include:
s901, acquiring a recursive algorithm according to a second private key, a second ciphertext component and an access structure tree, and acquiring a recursive operation result according to the recursive algorithm and a user attribute revocation list;
s902, decrypting according to the first private key, the first ciphertext component, the recursive operation result and the main ciphertext component to obtain a plaintext.
In the embodiment of the application, the recursive algorithm is obtained according to the second private key, the second ciphertext component and the access structure tree, when the user attribute of the decryption terminal meets the decryption condition, the recursive algorithm is used to obtain a recursive operation result in combination with the user attribute revocation list, the plaintext can be obtained according to the recursive operation result, the first private key, the first ciphertext component and the main ciphertext component, and when the user attribute of the decryption terminal does not meet the decryption condition, the recursive operation result cannot be obtained in combination with the user attribute revocation list, so the plaintext cannot be obtained.
It can be understood that in the embodiment of the present application, a plaintext is obtained through the first private key, the second private key, the ciphertext, and the user attribute revocation list, when a user attribute revocation occurs, the control of the decryption authority of the user who revokes the attribute can be realized only by updating the user attribute revocation list, and the first private key and the ciphertext do not need to be updated, so that the security is ensured, and the calculation amount is reduced.
In this embodiment of the present application, in S901, obtaining a recursive algorithm according to a second private key and a second ciphertext component, performing a recursive operation on an access structure tree according to the recursive algorithm and a user attribute revocation list, and obtaining a result of the recursive operation is specifically implemented as shown in fig. 10, and may include:
s1001, performing recursion operation on a current node in an access structure tree according to a recursion algorithm, the access structure tree and a user attribute revocation list to obtain a sub-recursion operation result;
and S1002, based on the sub-recursion operation result, continuing to perform recursion operation on the previous layer of nodes until the root node performs recursion operation, and obtaining a recursion operation result.
In the embodiment of the present application, the attribute of a node in an access structure tree includes a system attribute, a sub-recursion operation result of a current node is obtained according to a recursion algorithm and a user attribute revocation list, and a recursion operation result of a previous layer node can only be further obtained by obtaining the sub-recursion operation result of the current node.
In this embodiment of the present application, in S1001, performing recursive operation on a current node in an access structure tree according to a recursive algorithm, the access structure tree, and a user attribute revocation list, and obtaining a sub-recursive operation result is specifically implemented as shown in fig. 11, and may include:
s1101, inquiring whether the attribute of the current node in the access structure tree is in a user attribute revocation list;
s1102, when the attribute of the current node is in the user attribute revocation list, outputting a preset result as a recursive operation result;
and S1103, when the attribute corresponding to the current node is not in the user attribute revocation list, performing recursive operation on the current node according to a recursive algorithm to obtain a sub-recursive operation result of the current node.
In the embodiment of the present application, after the attribute of the decryption terminal is revoked, the second private key of the decryption terminal is not changed, because the second private key of the decryption terminal contains the attribute that the decryption terminal has been revoked, the sub-recursive operation result of the current node obtained by performing recursive operation on the current node using a recursive algorithm is consistent with the sub-recursive operation result obtained before the attribute is revoked, that is, the decryption authority that the decryption terminal has after the attribute is revoked is consistent with the decryption authority that the attribute has before the attribute is revoked, in order to limit the decryption authority of the terminal having the revoked attribute, the decryption terminal needs to query whether the attribute of the current node is in the user attribute revocation list before performing the recursive operation on the current node, when the attribute of the current node is in the user attribute list, it indicates that the user attribute corresponding to the decryption terminal has been revoked, the decryption terminal cannot obtain the sub-recursive operation result by performing the recursive operation on the current node, and at the moment, directly outputting the sub-recursion operation result of the current node as a preset result, wherein the preset result is different from the sub-recursion operation result, and when the attribute of the current node is not in the user attribute list, performing recursion operation on the current node to obtain the sub-recursion operation result.
In the embodiment of the application, the attribute of a leaf node in an access structure tree is an encryption attribute, a first recursion algorithm is defined for the leaf node according to a second private key and a second ciphertext component, when the attribute of the leaf node is a user attribute contained in the second private key of a decryption terminal, whether the attribute of the leaf node is in a user attribute revocation list is determined, if the attribute of the leaf node is not in the user attribute revocation list, a first recursion operation is performed for the leaf node according to the first recursion algorithm and the user attribute revocation list to obtain a first recursion operation result, otherwise, the first recursion operation result of the leaf node is directly output to be null; and when the attribute of the leaf node is not the user attribute contained in the first private key of the decryption terminal, directly outputting the first recursive operation result of the leaf node as null.
In this embodiment of the present application, a second recursion algorithm is defined for a parent node in an access structure tree, an attribute of the parent node in the access structure tree is a threshold value, and a number that nodes that are not empty in a recursion operation result of a next-layer node of the parent node need to satisfy characterizes that the recursion operation result of the parent node is not empty.
In the embodiment of the application, the sub-recursion operation result of the previous layer of nodes can only be obtained if the sub-recursion operation result of the current node is obtained, so that recursion operation is performed layer by layer from the leaf nodes, and the recursion operation result can not be obtained if the second recursion operation is performed on the root node until the current node is the root node.
For example, when the access structure tree has a parent node and three leaf nodes, where the attribute of the parent node is 2, and the attributes of the leaf nodes are a, b, and c, respectively, it means that when the user attribute of the decryption terminal includes any two of a, b, and c, the recursive operation result can be obtained according to the recursive algorithm, so as to obtain the plaintext, specifically, if the second private key of the decryption terminal 1 includes attributes a, c, and d, and the user attribute revocation list includes attribute c of the decryption terminal 1, then only the leaf node having attribute a can obtain the first recursive operation result that is not empty as the child recursive operation result, that is, only 1 child recursive operation result that is not empty is provided in the next-layer node of the parent node, and the threshold value of the parent node is not reached, then the parent node directly outputs the second recursive operation result as empty, that is, the recursive operation result of the access structure tree is empty, the decryption terminal 1 cannot acquire plaintext.
In an embodiment of the present application, after S704, an embodiment of the present application provides an optional information processing method, as shown in fig. 12, the method includes:
s1201, receiving the re-encrypted ciphertext through the storage server;
s1202, receiving the updated first private key through the proxy server;
s1203, decrypting the re-encrypted ciphertext by using the updated first private key and the updated second private key to obtain a plaintext.
In the embodiment of the application, after receiving revocation information of a revocation terminal, a central device generates an agent re-key and sends the agent re-key to a storage server and the agent re-key, the storage server re-encrypts a ciphertext according to the agent re-key to obtain a re-encrypted ciphertext, the agent server updates a first private key of an unreleased decryption terminal according to the agent re-key to obtain an updated first private key, so that the unreleased decryption terminal can decrypt the re-encrypted ciphertext by using the updated first private key and a second private key, wherein a user account of the unreleased decryption terminal is in a user list.
It can be understood that when the decryption terminal needs to check the ciphertext on the storage server, the decryption terminal sends a ciphertext request to the storage server to obtain the ciphertext, and sends a decryption request to the proxy server to obtain the first private key, when the storage server receives the ciphertext request, if the storage server stores the re-encrypted ciphertext, the re-encrypted ciphertext is returned to the decryption terminal, when the proxy server receives the decryption request, if the proxy server stores the updated first private key, the updated first private key is returned to the decryption terminals in the user list, then the decryption terminals in the user list can decrypt the re-encrypted ciphertext, and the decryption terminals not in the user list cannot decrypt the re-encrypted ciphertext and cannot obtain the plaintext because the decryption terminals cannot obtain the updated first private key.
EXAMPLE III
An embodiment of the present application provides a selectable information processing method, which is applied to an encryption terminal, and as shown in fig. 13, the method includes:
s1301, receiving a system attribute set and a system public key through central equipment;
s1302, obtaining encryption attributes from the system attribute set; obtaining an access structure tree according to the encryption attribute; the encryption attribute is an attribute of a node of the access structure tree;
s1303, encrypting the plaintext according to the system public key and the access structure tree to obtain a ciphertext; the plaintext is data to be encrypted;
and S1304, sending the ciphertext to a storage server, so that the decryption terminal can acquire the ciphertext through the storage server.
It should be noted that the encryption terminal is a terminal that places the ciphertext on the storage server for other terminals to view, and therefore, the encryption terminal may be any one of the terminals in the user list, and similarly, the decryption terminal is a terminal that decrypts the ciphertext to obtain the plaintext, and may also be any one of the terminals in the user list.
It can be understood that the encryption terminal places the ciphertext obtained by encrypting the data to be encrypted in the storage server, so that the decryption terminal can obtain the ciphertext through the storage server and decrypt the ciphertext according to the user attribute of the encryption terminal, therefore, after receiving the system attribute set and the system public key from the central device, the encryption terminal obtains the encryption attribute from the system attribute set, takes the encryption attribute as the attribute of the leaf node of the access structure tree, and then encrypts the plaintext according to the public key and the access structure tree to obtain the ciphertext, that is, the encryption terminal controls the decryption authority of the decryption terminal through the node of the access structure tree, the access structure tree represents the decryption condition which the decryption terminal needs to satisfy, and when the user attribute of the decryption terminal satisfies the decryption condition represented by the access structure tree, the plaintext can be obtained.
It can be understood that, in order to prevent the key from being cracked, the random number may be used for encryption to increase the security of the encryption, in the embodiment of the present application, in S1303, a plaintext is encrypted according to a system public key and an access structure tree, so as to obtain a ciphertext, where the method includes: the encryption terminal obtains the fourth random number and the fifth random number, and encrypts the plaintext according to the access structure tree, the system public key, the fourth random number and the fifth random number to obtain the plaintext, which is specifically implemented as shown in fig. 14, and the method includes:
s1401, determining a sixth random number according to the fourth random number and the fifth random number;
s1402, acquiring a polynomial corresponding to the node of the access structure tree according to the fourth random number;
s1403, generating a main ciphertext component according to the plaintext, the system public key and the sixth random number;
s1404, generating a first ciphertext component according to the system public key, the fourth random number and the sixth random number;
s1405, generating a second ciphertext component according to the system public key and the polynomial;
s1406, encrypting the plaintext according to the access structure tree, the main ciphertext component, the first ciphertext component and the second ciphertext component to obtain the ciphertext.
In the embodiment of the application, the encryption terminal firstly obtains a fourth random number and a fifth random number, the fourth random number and the fifth random number are random positive numbers, then determines a sixth random number from the fourth random number and the fifth random number, generates a main ciphertext component according to a plaintext, a system public key and the sixth random number, generates a first ciphertext component according to the system public key, the fourth random number and the sixth random number, determines a polynomial corresponding to a node of an access structure tree according to the fourth random number, and generates a second ciphertext component according to the system public key and the polynomial.
In an embodiment of the present application, the plaintext of the encryption terminal is M, and the fourth random number s is obtained1And a fifth random number s2Then, a sixth random number s and a polynomial q corresponding to the node of the access structure tree are determinedx(x) When the leaf node in the access structure tree is represented as y, the polynomial of the leaf node is qy(x) Then, can obtain
Figure BDA0002331913280000231
Is equation (6), the first ciphertext component CT1Is formula (7) and the second ciphertext component CT2Is formula (8):
Figure BDA0002331913280000232
Figure BDA0002331913280000233
Figure BDA0002331913280000234
att (y) represents the attribute of the leaf node, H (att (y)) represents the hash value of the attribute corresponding to the leaf node y, and qy(0) Is a constant term of a polynomial of a leaf node, and it should be noted here that the number of leaf nodes y in the access structure tree corresponds to CyAnd Cy'I.e. there are several leaf nodes corresponding to several CyAnd Cy'
The ciphertext CT may then be represented as equation (9):
Figure BDA0002331913280000235
wherein the polynomial for accessing the leaf nodes of the structure tree is a polynomial q based on the root node RR(x) The specific implementation is as follows: q furthermoreR(0)=s1I.e. constant terms of the root polynomial are determined, whereby the root polynomial can be defined in a variety of forms, where q is expressedR(x) Is defined as qR(x)=x2+x+s1To illustrate, as shown in equation (10), when x is the number of positions corresponding to the next-layer node of the root node, the constant term q of the polynomial of the next-layer node can be obtainedx(0) Namely:
qx(0)=qparent(x)(index(x)) (10)
wherein q isparent(x)(x) The polynomial expression representing the node at the upper layer of the node x, index (x), represents the number of positions of the node x, for example, the access structure tree has a parent node and 3 leaf nodes, the parent node is the root node, the 3 leaf nodes are x1, x2 and x3 from left to right, then index (x1) is 1, index (x2) is 2, index (x3) is 3, and the ciphertext CT is shown in equation (11):
Figure BDA0002331913280000241
then, a polynomial q is defined for the next level node x of the root node of the access structure treex(x) Let q bex(x) Satisfies the formula (10), then, when the random number s1Equal to 3, the constant term of the polynomial for node x is obtained: q. q.sx1(0)=1+1+3=5,qx2(0)=22+2+3=9,qx3(0)=32+3+3=15。
That is, after the constant term of the root node is determined, the polynomial expression of the root node may be defined, so as to obtain the constant term of the next layer node, and further determine the polynomial expression of the next layer node, and so on, so as to obtain the polynomial expressions and the constant terms of the polynomials accessing all nodes in the structure tree, and finally, determine the constant terms of the polynomials of the leaf nodes.
It can be understood that the main ciphertext component and the first ciphertext component are generated according to a random number, so that when user revocation occurs and a ciphertext is re-encrypted by using the random number as a proxy re-key, the first ciphertext component and the main ciphertext component are re-encrypted together, so that even if the revocation terminal has a recursive operation result obtained in the previous decryption, the re-encrypted main ciphertext component cannot be decrypted and a plaintext cannot be obtained.
In an embodiment of the present application, when the encrypted ciphertext CT of the encryption terminal is formula (9), the corresponding first private key D isaAnd a second private key DbWhen the two are respectively formula (3) and formula (4), the decryption terminal can decrypt the ciphertext to obtain the plaintext.
Let x represent a node in the access structure tree τ and i represent the attribute of node x.
When the node x is a leaf node, judging whether i is the user attribute of the decryption terminal, namely judging whether i belongs to the user set S of the decryption terminal, when i belongs to S, indicating that i is the user attribute of the decryption terminal, further judging whether i is in a user attribute revocation list, if i is not in the user attribute revocation list, carrying out recursive operation on the leaf node according to a first recursive algorithm, and carrying out a first recursive algorithm F on the leaf nodexDefined as formula (12):
Figure BDA0002331913280000242
for leaf node x, get CxIs the formula (13), Cx'Is formula (14):
Figure BDA0002331913280000243
Figure BDA0002331913280000244
the result of the first recursive operation to obtain the leaf node is formula (15):
Figure BDA0002331913280000251
if i belongs to S and i is in the user attribute revocation list, the output recursive operation result is null, namely Fx=⊥。
If it is not
Figure BDA0002331913280000256
If i is not the user attribute of the decryption terminal, the result of the recursive operation is output as null, namely Fx=⊥。
Thus, a first recursion operation result of each leaf node is obtained, and according to the first recursion operation result of the leaf node, a second recursion operation is performed on the previous layer node of the leaf node, and the specific process is as follows:
when the node x is a father node, judging whether the number of nodes with the recursive operation result not being empty in the next layer of the node x meets the attribute of the node x, namely a threshold value kx, and when the number of nodes with the recursive operation result not being empty in the next layer of the node x meets kx, according to a second recursive algorithm UxPerforming recursive operation to obtain a second recursive algorithm UxDefined by formula (16):
Figure BDA0002331913280000252
where i is index (z), i is the position number of node z, and S'x={index(z):z∈Sx},SxIs a set of nodes in the next level of node z to node x whose results of the recursive operation are not empty,
Figure BDA0002331913280000253
is a lange-gra's coefficient, and the second recursive operation result of the node x obtained according to the lagrange's interpolation theorem is formula (17):
Figure BDA0002331913280000254
when the recursion operation result in the node of the next layer of x is not emptyWhen the number of x does not satisfy kx, the output of the second recursive operation result of x is null, i.e. Ux=⊥。
For example, the number of nodes z in the next layer of x is 3, and the threshold value is 2, so that when the recursive operation result of 2 or more than 2 nodes in the nodes z is not null, there is a null result
Figure BDA0002331913280000255
Otherwise, Ux=⊥。
When the parent node x is the root node R and the number of nodes whose recursive operation results of the next layer of nodes of the root node R are not empty satisfies the threshold value of the root node, the second recursive operation result of the root node is obtained as a recursive operation result, which is formula (18):
Figure BDA0002331913280000261
define the decryption formula as formula (19):
Figure BDA0002331913280000262
the plaintext can be obtained by substituting the formula (3), the formula (4), the formula (9) and the formula (18) into the decryption formula (19), and the specific calculation process is shown as the formula (20):
Figure BDA0002331913280000263
in the embodiment of the application, when the user attribute of the decryption terminal meets the decryption condition corresponding to the access structure tree, the recursive operation result U can be obtainedRAnd then, a plaintext is obtained through a decryption formula, and when the user attribute of the decryption terminal does not meet the decryption condition corresponding to the access structure tree, the result of the recursive operation of the root node is null, and the plaintext cannot be obtained through the decryption formula.
It can be understood that, when one or more attributes of the decryption terminal are revoked, the recursive operation of the leaf node can be completed by querying the user attribute revocation list in cooperation with the original user attribute of the decryption terminal, that is, if the user attribute of the decryption terminal is revoked and the decryption condition corresponding to the access structure tree is satisfied, the first recursive operation result of the leaf node can be obtained, then, after the user attribute of the decryption terminal is revoked, the first recursive operation result of the leaf node corresponding to the revoked attribute is directly output as null by querying the user attribute revocation list, the recursive operation results of the leaf nodes corresponding to other unrevoked attributes can be directly output as the obtained first recursive operation result, that is, if the decryption terminal obtains the first recursive operation result before the attribute is revoked, then, after the attribute of the decryption terminal is cancelled, the first recursive operation result can be directly obtained without calculation, so that the operation amount of the recursive operation is reduced, and the decryption efficiency is improved.
Example four
An embodiment of the present application provides an optional information processing method, which is applied to a storage server, and as shown in fig. 15, the method includes:
s1501, receiving a ciphertext sent by an encryption terminal;
s1502, receiving a ciphertext access request of a decryption terminal; the ciphertext access request carries ciphertext description information of the request access;
and S1503, sending the ciphertext to the decryption terminal based on the ciphertext access request.
In the embodiment of the application, after the encryption terminal encrypts the plaintext to obtain the ciphertext, the ciphertext is sent to the storage server, when the decryption terminal needs to check the plaintext, a ciphertext access request needs to be sent to the storage server, and the ciphertext access request carries ciphertext description information requesting access, so that the storage server can judge the ciphertext corresponding to the plaintext that the decryption terminal needs to check according to the ciphertext access request, and send the corresponding ciphertext to the decryption terminal so that the decryption terminal can decrypt the ciphertext to obtain the plaintext.
In an embodiment of the present application, before S1502, an embodiment of the present application provides an optional information processing method, as shown in fig. 16, the method including:
s1601, receiving an agent re-key of the central equipment;
s1602, re-encrypting the ciphertext according to the proxy re-key to obtain a re-encrypted ciphertext;
in the embodiment of the application, after the storage server obtains the ciphertext sent by the encryption terminal, if the user is revoked, the central device generates the proxy re-key and sends the proxy re-key to the storage server, after the storage server receives the proxy re-key of the central device, the ciphertext is re-encrypted by using the proxy re-key to obtain the re-encrypted ciphertext, and then, if the storage server receives a ciphertext access request from the decryption terminal, the storage server sends the corresponding re-encrypted ciphertext to the decryption terminal to enable the decryption terminal to obtain the re-encrypted ciphertext, so that the revoked decryption terminal cannot decrypt the re-encrypted ciphertext by using the original private key.
In the embodiment of the present application, in S1602, the specific implementation of re-encrypting the ciphertext according to the proxy re-key to obtain a re-encrypted ciphertext is shown in fig. 17, where the method includes:
s1701, acquiring a re-encrypted random number;
s1702, obtaining an updated fifth random number according to the fifth random number and the re-encrypted random number;
s1703, updating the first ciphertext component and the main ciphertext component in the ciphertext according to the fourth random number and the updated fifth random number to obtain an updated first ciphertext component and an updated main ciphertext component;
and S1704, re-encrypting the ciphertext according to the access structure tree, the updated first ciphertext component, the updated second ciphertext component and the updated main ciphertext component to obtain a re-encrypted ciphertext.
In the embodiment of the application, after the central device generates the re-encryption key and sends the re-encryption key to the proxy server, the proxy server obtains the re-encryption random number, wherein the re-encryption random number is any positive number, the proxy server updates the fifth random number by using the re-encryption random number to obtain an updated fifth random number, and since the first ciphertext component and the main ciphertext component in the ciphertext are both generated by random numbers, the first ciphertext component and the main ciphertext component are updated according to the updated fifth random number and the proxy re-encryption key to obtain an updated first ciphertext component and an updated main ciphertext component.
In one embodiment of the present application, the fourth random number is s1The fifth random number is s2When the proxy re-encryption key sent by the central equipment is t and the obtained re-encryption random number is epsilon, the updated fifth random number s2' is formula (21):
s2'=s2+ε (21)
let the sixth random number s be the sum of the fourth random number and the fifth random number, then when the fifth random number is updated to s2Thereafter, the sixth random number s is also updated accordingly, and the updated sixth random number s' is formula (22):
s'=s1+s2'=s+ε (22)
thus, the main ciphertext component and the first ciphertext component are updated, the updated main ciphertext component is obtained as formula (23), and the updated first ciphertext component is obtained as formula (24):
Figure BDA0002331913280000281
Figure BDA0002331913280000282
then, the updated ciphertext is formula (25):
Figure BDA0002331913280000283
it can be understood that, when a user revokes, the storage server receives the proxy re-key sent by the central device, re-encrypts the ciphertext according to the proxy re-key, updates the first ciphertext component and the main ciphertext component, so that the revoked decryption terminal cannot decrypt the updated main ciphertext component by using the original private key, and cannot acquire the plaintext to limit the decryption authority of the revoked decryption terminal, and the unreleased decryption terminal can decrypt the re-encrypted ciphertext by using the updated first private key because of acquiring the updated first private key.
EXAMPLE five
An embodiment of the present application provides an optional information processing method, which is applied to a proxy server, and as shown in fig. 18, the method includes:
s1801, receiving a first private key sent by the central equipment;
s1802, receiving a decryption request of a decryption terminal;
s1803, based on the decryption request, the first private key is sent to the decryption terminal.
In the embodiment of the application, after the central device generates the first private key, the first private key is sent to the proxy server, when the decryption terminal needs to decrypt, a decryption request is sent to the proxy server, and the proxy server sends the first private key corresponding to the decryption terminal based on the decryption request, so that the decryption terminal can decrypt the ciphertext by using the first private key and the second private key.
In an embodiment of the present application, before S1802, an embodiment of the present application provides an optional information processing method, as shown in fig. 19, the method including:
s1901, receiving an agent re-key and an updated user list sent by the central equipment;
s1902, updating the first private key according to the agent rekey and the updated user list to obtain an updated first private key;
in the embodiment of the application, when the user is revoked, the central device generates an agent re-key and an updated user list and sends the agent re-key and the updated user list to the agent server, and the agent server updates the first private key of the decryption terminal in the updated user list according to the agent re-key, so that the decryption terminal in the updated user list can decrypt the re-encrypted ciphertext by using the updated first private key to obtain the plaintext.
In an embodiment of the present application, the proxy server receives the proxy re-key t, and updates the first private key in formula (3), and the updated first private key is obtained as formula (26):
Figure BDA0002331913280000291
wherein D is1Is updated to D1',D2Is not updated.
Based on the decryption request, sending the first private key to the decryption terminal, including:
and S1903, when the decryption terminal is in the updated user list, sending the updated first private key to the decryption terminal.
In the embodiment of the application, when a user is revoked, if the decryption terminal wants to check a plaintext and needs to decrypt a re-encrypted ciphertext, a decryption request needs to be sent to the proxy server, because the proxy server updates the first private key to the updated first private key according to the proxy re-key, the proxy server judges whether the decryption terminal sending the decryption request is in an updated user list or not based on the decryption request, when the decryption terminal sending the decryption request is in the updated user list, the decryption terminal is determined to be an un-revoked decryption terminal, and the proxy server sends the updated first private key corresponding to the decryption terminal, so that the decryption terminal can decrypt the re-encrypted ciphertext by using the updated first private key and the second private key.
Because the second ciphertext component and the second private key component are not updated after the user is revoked, when the user attribute of the decryption terminal meets the decryption condition represented by the access structure tree, the recursive algorithm defined according to the second ciphertext component and the second private key component still has the recursive operation result of
Figure BDA0002331913280000302
C in the first ciphertext component1And C2Is updated to C1' and C2',D1Is updated to D1',D2Not changing, then, by recursively operating the results and decrypting the publicThe decryption terminal can still obtain the plaintext M, and the specific calculation process is shown in formula (27):
Figure BDA0002331913280000301
it can be understood that, when a user revocation occurs, the proxy server obtains the updated first private key according to the proxy re-key and the updated user list, and therefore, when the decryption terminal needs to decrypt the re-encrypted ciphertext, a decryption request is sent to the proxy server, and when the proxy server determines that the decryption terminal sending the decryption request is in the updated user list, that is, the decryption terminal is an un-revoked decryption terminal, the corresponding updated first private key is sent to the decryption terminal, so that the un-revoked decryption terminal in the user list can decrypt the re-encrypted ciphertext by using the updated first private key, and the revoked decryption terminal cannot obtain the updated first private key because it is not in the updated user list, so that a plaintext cannot be obtained.
EXAMPLE six
An embodiment of the present application provides a selectable information processing method, which is applied to interaction between a central device, a decryption terminal, an encryption terminal, a storage server, and a proxy server, and as shown in fig. 20, the method includes:
s2001, the central equipment acquires the security parameters, the system attribute set and the user attribute set; generating a system public key, a first private key and a second private key according to the security parameters and the user attribute set;
s2002, the central equipment sends the system public key and the system attribute set to the encryption terminal;
s2003, the central equipment sends the first private key to the proxy server;
s2004, the central equipment sends the second private key to the decryption terminal;
s2005, the encryption terminal encrypts a plaintext according to the system public key and the system attribute set to generate a ciphertext;
s2006, the encryption terminal sends the ciphertext to a storage server;
s2007, the decryption terminal sends a ciphertext access request to the storage server;
s2008, the decryption terminal sends a decryption request to the proxy server;
s2009, the storage server responds to the ciphertext access request of the decryption terminal and sends the ciphertext to the decryption terminal;
s2010, the proxy server responds to a decryption request of the decryption terminal and sends the first private key to the decryption terminal;
and S2011, the decryption terminal decrypts the ciphertext according to the first private key and the second private key to obtain a plaintext.
It can be understood that, in the embodiment of the application, after the central device generates the first private key and the second private key, the first private key irrelevant to the user attribute is sent to the proxy server, and the second private key relevant to the user attribute is sent to the decryption terminal for storage, so that the user information is prevented from being leaked by a third-party mechanism, and the security of the user information is improved.
In this embodiment of the present application, after S2006, an information processing method applied to interaction between a central device, a proxy server, a storage server, and a decryption terminal is further provided in this embodiment of the present application, as shown in fig. 21, the method may include:
s2101, the central equipment receives revocation information;
s2102, the central device generates an agent rekey, acquires a user list, and updates the user list according to revocation information to obtain an updated user list;
s2103, the central equipment sends the updated user list and the proxy re-key to the proxy server;
s2104, the central equipment sends the proxy re-key to a storage server;
s2105, the proxy server updates the first private key according to the proxy re-key and the updated user list to obtain an updated first private key;
s2106, the storage server re-encrypts the ciphertext according to the proxy re-encryption key to obtain a re-encrypted ciphertext;
s2107, the decryption terminal sends a ciphertext access request to the storage server;
s2108, the decryption terminal sends a decryption request to the proxy server;
s2109, the storage server responds to the ciphertext access request of the decryption terminal and sends the re-encrypted ciphertext to the decryption terminal;
s2110, the proxy server responds to a decryption request of the decryption terminal, and sends the updated first private key to the decryption terminal when the decryption terminal is determined to be in the updated user list;
s2111, the decryption terminal decrypts the re-encrypted ciphertext according to the updated first private key and the second private key to obtain a plaintext.
It can be understood that, in the embodiment of the present application, when a user revocation occurs, a revoked decryption terminal sends revocation information to a central device, the central device updates a user list according to the revocation information to obtain an updated user list, and at the same time, generates a proxy re-key, and sends the proxy re-key and the updated user list to a proxy server, so that the proxy server updates a first private key to obtain an updated first private key; the central device sends the proxy re-key to the storage server, the storage server re-encrypts the ciphertext to obtain a re-encrypted ciphertext, so that when the decryption terminal needs to check data in the storage server, the obtained re-encrypted ciphertext is obtained, and only when the decryption terminal is in the updated user list, the decryption terminal is an unreleased decryption terminal which can obtain the updated first private key to decrypt the re-encrypted ciphertext, and the revoked decryption terminal is not in the updated user list, so that the updated first private key cannot be obtained, namely the re-encrypted ciphertext cannot be decrypted, and the plaintext cannot be obtained. The operating efficiency of the equipment is improved.
EXAMPLE seven
The embodiment of the application provides a center device, which corresponds to an information processing method; fig. 22 is a schematic structural diagram of an alternative center device according to an embodiment of the present application, where as shown in fig. 22, the center device 22 includes:
an obtaining module 221, configured to obtain a master key and a user attribute set; the user attribute set is a set of attributes contained in the user list, and the master key is obtained based on the acquired security parameters; acquiring the user attribute of the decryption terminal from the user attribute set;
a generating module 222, configured to generate a first private key and a second private key corresponding to the decryption terminal according to the user attribute and the master key, where the first private key is unrelated to the user attribute of the decryption terminal; the second private key is related to the user attribute of the decryption terminal;
a sending module 223, configured to send the first private key to the proxy server, so that the proxy server assists the decryption terminal in decrypting; and sending the second private key to the decryption terminal for the decryption terminal to use in decryption.
In some embodiments, the obtaining module 221 is further configured to obtain the first random number and an attribute random number corresponding to the user attribute of the decryption terminal, and correspondingly, the generating module 222 is further configured to obtain the second private key of the decryption terminal according to the first random number, the attribute random number, the master key, and the user attribute of the decryption terminal.
In some embodiments, the obtaining module 221 is further configured to obtain a security parameter and a system attribute set; correspondingly, the generating module 222 is further configured to generate a system public key and a master key based on the security parameter; the sending module 223 is further configured to send the system public key and the system attribute set to the encryption terminal, so that the encryption terminal encrypts the plaintext.
In some embodiments, the central apparatus 22 further comprises:
the receiving module is used for receiving revocation information sent by the decryption terminal; correspondingly, the generating module 222 is further configured to update the user list according to the revocation information, so as to obtain an updated user list; the sending module 223 is further configured to send the updated user list and the proxy re-key to the proxy server, so that the proxy server updates the first private key based on the updated user list and the proxy re-key, and sends the proxy re-key to the storage server, so that the storage server re-encrypts the ciphertext.
In some embodiments, the receiving module is further configured to receive attribute revocation information sent by the decryption terminal; the obtaining module 221 is further configured to obtain a user attribute revocation list; the generating module 222 is further configured to update the user attribute revocation list according to the attribute revocation information, so as to obtain an updated user attribute revocation list; the sending module 223 is further configured to send the updated user attribute revocation list to the decryption terminal for use when the decryption terminal decrypts the user attribute revocation list.
The embodiment of the application provides a decryption terminal, which corresponds to an information processing method; fig. 23 is a first schematic structural diagram of an alternative decryption terminal according to an embodiment of the present application, and as shown in fig. 23, the decryption terminal 23 includes:
a receiving module 231, configured to receive a second private key sent by the central device; obtaining a ciphertext through a storage server; receiving, by a proxy server, a first private key; receiving a user attribute revocation list through a central device;
and a decryption module 232, configured to decrypt the ciphertext by using the first private key, the second private key, and the user attribute revocation list.
In some embodiments, the receiving module 231 is further configured to receive, by the central device, the user attribute revocation list.
In some embodiments, the decryption module 232 is further configured to obtain the first ciphertext component, the second ciphertext component, the main ciphertext component, and the access structure tree from the ciphertext; the system comprises a first ciphertext component, a second ciphertext component, a main ciphertext component, an access structure tree and a system attribute, wherein the first ciphertext component is irrelevant to the system attribute, the second ciphertext component is relevant to the system attribute, the main ciphertext component is obtained after a plaintext is encrypted, and the access structure tree is a decryption condition; and decrypting the main ciphertext component by adopting the first private key, the second private key, the first ciphertext component, the second ciphertext component, the access structure tree and the user attribute revocation list to obtain a plaintext.
In some embodiments, the decryption module 232 is further configured to obtain a recursive algorithm according to the second private key, the second ciphertext component, and the access structure tree, and obtain a recursive operation result according to the recursive algorithm and the user attribute revocation list; and decrypting according to the first private key, the first ciphertext component, the recursive operation result and the main ciphertext component to obtain a plaintext.
In some embodiments, the decryption module 232 is further configured to perform recursive operation on the current node in the access structure tree according to the recursive algorithm, the access structure tree, and the user attribute revocation list, and obtain a sub-recursive operation result; and based on the sub-recursion operation result, continuing to perform recursion operation on the nodes in the previous layer until the root node performs recursion operation, and obtaining a recursion operation result.
In some embodiments, the decryption module 232 is further configured to query whether the attribute of the current node in the access structure tree is in the user attribute revocation list; when the attribute of the current node is in the user attribute revocation list, outputting a preset result as a recursive operation result; and when the attribute corresponding to the current node is not in the user attribute revocation list, carrying out recursive operation on the current node according to a recursive algorithm to obtain a sub-recursive operation result of the current node.
In some embodiments, the receiving module 231 is further configured to receive the re-encrypted ciphertext through the storage server; receiving, by the proxy server, the updated first private key; correspondingly, the decryption module 232 is further configured to decrypt the re-encrypted ciphertext by using the updated first private key and the updated second private key to obtain a plaintext.
The embodiment of the application provides an encryption terminal, which corresponds to an information processing method; fig. 24 is a schematic structural diagram of an optional encryption terminal according to an embodiment of the present application, where as shown in fig. 24, the encryption terminal 24 includes:
an obtaining module 241, configured to receive a system attribute set and a system public key through a central device; obtaining encryption attributes from the system attribute set; the encryption attribute is an attribute of a node of the access structure tree;
the encryption module 242 is configured to encrypt a plaintext according to the system public key and the access structure tree to obtain a ciphertext; the plaintext is data to be encrypted;
the sending module 243 is configured to send the ciphertext to the storage server, so that the decryption terminal can obtain the ciphertext through the storage server.
In some embodiments, the obtaining module 241 is further configured to obtain a fourth random number and a fifth random number; correspondingly, the encrypting module 242 is further configured to encrypt the plaintext according to the access structure tree, the system public key, the fourth random number, and the fifth random number to obtain the ciphertext.
In some embodiments, the encryption module 242 is further configured to determine a sixth random number according to the fourth random number and the fifth random number; acquiring a polynomial corresponding to a node of the access structure tree according to the fourth random number; generating a main ciphertext component according to a plaintext, the system public key and a sixth random number; generating a first ciphertext component according to the system public key, the fourth random number and the sixth random number; generating a second ciphertext component according to the system public key and the polynomial; and encrypting the plaintext according to the access structure tree, the main ciphertext component, the first ciphertext component and the second ciphertext component to obtain the ciphertext.
The embodiment of the application provides a storage server, which corresponds to an information processing method; fig. 25 is a schematic structural diagram of an alternative storage server according to an embodiment of the present application, where as shown in fig. 25, the storage server 25 includes:
a receiving module 251, configured to receive a ciphertext sent by the encryption terminal and receive a ciphertext access request of the decryption terminal; the ciphertext access request carries ciphertext description information of the request access;
and a sending module 252, configured to send the ciphertext to the decryption terminal based on the ciphertext access request.
In some embodiments, the receiving module 251 is further configured to receive a proxy re-key of the central device; correspondingly, the storage server further comprises:
the re-encryption module is used for re-encrypting the ciphertext according to the proxy re-key to obtain a re-encrypted ciphertext;
the sending module 252 is further configured to send the re-encrypted ciphertext to the decryption terminal based on the ciphertext access request.
The embodiment of the application provides a proxy server, which corresponds to an information processing method; fig. 26 is a schematic structural diagram of an alternative proxy server according to an embodiment of the present application, where as shown in fig. 26, the proxy server 26 includes:
a receiving module 261, configured to receive a first private key sent by the central device and a decryption request of the decryption terminal;
a sending module 262, configured to send the first private key to the decryption terminal based on the decryption request.
In some embodiments, the receiving module 261 is further configured to receive the proxy rekey and the updated user list sent by the central device, and accordingly, the proxy server further includes:
the updating module is used for updating the first private key according to the agent rekey and the updated user list to obtain an updated first private key;
the sending module 262 is further configured to send the updated first private key to the decryption terminal when the decryption terminal is in the updated user list.
The embodiment of the application provides a center device, which corresponds to an information processing method; fig. 27 is a schematic structural diagram of an optional center device according to an embodiment of the present application, and as shown in fig. 27, the terminal 27 includes:
a first processor 274, a first memory 275, and a first communication bus 276, the first memory 275 communicating with the first processor 274 through the first communication bus 276, the first memory 275 storing one or more programs executable by the first processor 274, the one or more programs, when executed, executing any one of the information processing methods of the previous embodiments through the first processor 274.
The embodiment of the application provides a decryption terminal, which corresponds to an information processing method; fig. 28 is a schematic structural diagram of an alternative decryption terminal according to an embodiment of the present application, and as shown in fig. 28, the decryption terminal 28 includes:
a second processor 284, a second memory 285 and a second communication bus 286, the second memory 285 communicating with the second processor 284 through the second communication bus 286, the second memory 285 storing one or more programs executable by the second processor 284, and when the one or more programs are executed, performing any one of the information processing methods according to the aforementioned embodiments by the second processor 284.
The embodiment of the application provides an encryption terminal, which corresponds to an information processing method; fig. 29 is a schematic structural diagram of a second encryption terminal provided in an embodiment of the present application, and as shown in fig. 29, the encryption terminal 29 includes:
a third processor 294, a third memory 295, and a third communication bus 296, the third memory 295 being in communication with the third processor 294 through the third communication bus 296, the third memory 295 storing one or more programs executable by the third processor 294, the one or more programs, when executed, causing the third processor 294 to perform any one of the information processing methods according to the foregoing embodiments.
The embodiment of the application provides a storage server, which corresponds to an information processing method; fig. 30 is a schematic structural diagram of an optional storage server according to an embodiment of the present application, where as shown in fig. 30, the storage server 30 includes:
a fourth processor 304, a fourth memory 305 and a fourth communication bus 306, the fourth memory 305 communicating with the fourth processor 304 via the fourth communication bus 306, the fourth memory 305 storing one or more programs executable by the fourth processor 304, the one or more programs, when executed, performing any one of the information processing methods according to the previous embodiments via the fourth processor 304.
The embodiment of the application provides a proxy server, which corresponds to an information processing method; fig. 31 is a schematic structural diagram of an optional proxy server according to an embodiment of the present application, and as shown in fig. 31, the proxy server 31 includes:
a fifth processor 314, a fifth memory 315 and a fifth communication bus 316, the fifth memory 315 communicating with the fifth processor 314 through the fifth communication bus 316, the fifth memory 315 storing one or more programs executable by the fifth processor 314, the one or more programs, when executed, performing any one of the information processing methods as the aforementioned embodiments by the fifth processor 314.
The embodiment of the present application provides a storage medium applied to a center device, where the storage medium stores one or more programs, the one or more programs are executable by one or more first processors 274, and when the program is executed by the first processor 274, the information processing method according to the embodiment of the present application is implemented.
The embodiment of the present application provides a storage medium applied to a decryption terminal, where the storage medium stores one or more programs, the one or more programs are executable by one or more second processors 284, and when the programs are executed by the second processors 284, the information processing method according to the embodiment of the present application is implemented.
The embodiment of the present application provides a storage medium, which is applied to an encryption terminal, and the storage medium stores one or more programs, the one or more programs are executable by one or more third processors 294, and when the programs are executed by the third processors 294, the information processing method according to the embodiment of the present application is implemented.
The embodiment of the present application provides a storage medium, which is applied to a storage server, where the storage medium stores one or more programs, the one or more programs are executable by one or more fourth processors 304, and when the programs are executed by the fourth processors 304, the information processing method according to the embodiment of the present application is implemented.
The embodiment of the present application provides a storage medium applied to a proxy server, where the storage medium stores one or more programs, the one or more programs are executable by one or more fifth processors 314, and when the program is executed by the fifth processor 314, the information processing method according to the embodiment of the present application is implemented.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of a hardware embodiment, a software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, optical storage, and the like) having computer-usable program code embodied therein.
The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The above description is only a preferred embodiment of the present application, and is not intended to limit the scope of the present application.

Claims (31)

1. An information processing method applied to a center device includes:
acquiring a master key and a user attribute set; the user attribute set is a set of attributes contained in the user in a user list, and the master key is obtained based on the acquired security parameters;
acquiring the user attribute of the decryption terminal from the user attribute set;
generating a first private key and a second private key corresponding to the decryption terminal according to the user attribute and the master key, wherein the first private key is irrelevant to the user attribute of the decryption terminal, and the second private key is relevant to the user attribute of the decryption terminal;
sending the first private key to a proxy server for the proxy server to assist the decryption terminal in decryption;
and sending the second private key to the decryption terminal for the decryption terminal to use in decryption.
2. The method according to claim 1, wherein the generating a first private key and a second private key corresponding to the decryption terminal according to the user attribute and the master key comprises:
acquiring a first random number and an attribute random number corresponding to the user attribute of the decryption terminal;
generating the first private key according to the first random number and the master key;
and acquiring a second private key of the decryption terminal according to the first random number, the attribute random number, the master key and the user attribute of the decryption terminal.
3. The method of claim 1, wherein prior to obtaining the master key and the set of user attributes, the method further comprises:
acquiring a security parameter and a system attribute set; the security parameters are parameters which are acquired by the central equipment and used for encryption; the system attribute set is all attribute sets;
generating a system public key and the master key based on the security parameters;
sending the system public key and the system attribute set to an encryption terminal so that the encryption terminal can encrypt a plaintext; the plaintext is data to be encrypted.
4. The method of claim 3, wherein the security parameters comprise: generating an element, a second random number and a third random number, wherein the second random number and the third random number are arbitrary positive numbers; generating a system public key and the master key based on the security parameters includes:
and generating the system public key and the master key according to a preset bilinear mapping, the generator, the second random number and the third random number.
5. The method according to any one of claims 1 to 4, further comprising:
receiving revocation information sent by the decryption terminal; the decryption terminal is a terminal in the user list;
updating the user list according to the revocation information to obtain an updated user list;
generating an agent re-key;
and sending the updated user list and the proxy re-key to the proxy server so that the proxy server updates the first private key based on the updated user list and the proxy re-key, and sending the proxy re-key to a storage server so that the storage server re-encrypts a ciphertext.
6. The method according to any one of claims 1 to 4, further comprising:
receiving attribute revocation information sent by the decryption terminal;
acquiring a user attribute revocation list; the user attribute revocation list represents the terminals of the revoked attributes and the revoked attributes;
updating the user attribute revocation list according to the attribute revocation information to obtain an updated user attribute revocation list;
and sending the updated user attribute revocation list to the decryption terminal for use when the decryption terminal decrypts.
7. An information processing method, applied to a decryption terminal, includes:
receiving a second private key sent by the central equipment;
obtaining a ciphertext through a storage server;
receiving, by a proxy server, a first private key;
and decrypting the ciphertext by adopting the first private key and the second private key to obtain a plaintext.
8. The method of claim 7, further comprising:
receiving a user attribute revocation list through a central device;
and decrypting the ciphertext by adopting the first private key, the second private key and the user attribute revocation list to obtain the plaintext.
9. The method of claim 8, wherein decrypting the ciphertext using the first and second private keys and the user attribute revocation list to obtain a plaintext comprises:
acquiring a first ciphertext component, a second ciphertext component, a main ciphertext component and an access structure tree from the ciphertext; the first ciphertext component is related to system attributes, the second ciphertext component is unrelated to the system attributes, the main ciphertext component is obtained after plaintext is encrypted, and the access structure tree is a decryption condition;
and decrypting a main ciphertext component by using the first private key, the second private key, the first ciphertext component, the second ciphertext component, the access structure tree and the user attribute revocation list to obtain the plaintext.
10. The method of claim 9, wherein the decrypting a master ciphertext component using the first private key, the second private key, the first ciphertext component, the second ciphertext component, the access structure tree, and the user attribute revocation list to obtain the plaintext comprises:
acquiring a recursive algorithm according to the second private key, the second ciphertext component and the access structure tree, and acquiring a recursive operation result according to the recursive algorithm and a user attribute revocation list;
and decrypting according to the first private key, the first ciphertext component, the recursive operation result and the main ciphertext component to obtain the plaintext.
11. The method of claim 10, wherein obtaining the result of the recursive operation according to the predetermined recursive algorithm, the second private key, the second ciphertext component, the access structure tree, and the user attribute revocation list comprises:
performing recursion operation on the current node in the access structure tree according to the recursion algorithm, the access structure tree and the user attribute revocation list to obtain a sub-recursion operation result;
and continuing to perform recursive operation on the nodes in the previous layer based on the sub-recursive operation result until the root node performs the recursive operation to obtain the recursive operation result.
12. The method of claim 11, wherein performing a recursive operation on a lowest node in the access structure tree according to the preset recursive algorithm, the access structure tree, and the user attribute revocation list to obtain a sub-recursive operation result comprises:
querying whether the attribute of the current node in the access structure tree is in the user attribute revocation list;
when the attribute of the current node is in the user attribute revocation list, outputting a preset result as the recursive operation result;
and when the attribute corresponding to the current node is not in the user attribute revocation list, carrying out recursive operation on the current node according to the recursive algorithm to obtain the sub-recursive operation result of the current node.
13. The method according to any one of claims 7 to 12, wherein after the decrypting the ciphertext using the first private key and the second private key to obtain the plaintext, the method further comprises:
receiving, by the storage server, the re-encrypted ciphertext;
receiving, by the proxy server, the updated first private key;
and decrypting the re-encrypted ciphertext by using the updated first private key and the updated second private key to obtain the plaintext.
14. An information processing method, applied to an encryption terminal, includes:
receiving a system attribute set and a system public key through central equipment;
acquiring encryption attributes from the system attribute set, and acquiring an access structure tree according to the encryption attributes; the encryption attribute is an attribute of a node of an access structure tree;
encrypting a plaintext according to the system public key and the access structure tree to obtain a ciphertext; the plaintext is data to be encrypted;
and sending the ciphertext to a storage server, so that the decryption terminal can acquire the ciphertext through the storage server.
15. The method according to claim 14, wherein the encrypting a plaintext according to the system public key and a preset access structure tree to obtain a ciphertext comprises:
acquiring a fourth random number and a fifth random number;
and encrypting the plaintext according to the access structure tree, the system public key, the fourth random number and the fifth random number to obtain the ciphertext.
16. The method according to claim 15, wherein the encrypting the plaintext according to the access structure tree, the system public key, the fourth random number, and the fifth random number to obtain the ciphertext comprises:
determining a sixth random number according to the fourth random number and the fifth random number;
acquiring a polynomial corresponding to the node of the access structure tree according to the fourth random number;
generating a main ciphertext component according to the plaintext, the system public key and the sixth random number;
generating a first ciphertext component according to the system public key, the fourth random number and the sixth random number;
generating a second ciphertext component according to the system public key and the polynomial;
and encrypting the plaintext according to the access structure tree, the main ciphertext component, the first ciphertext component and the second ciphertext component to obtain the ciphertext.
17. An encryption method applied to a storage server includes:
receiving a ciphertext transmitted by an encryption terminal;
receiving a ciphertext access request of a decryption terminal; the ciphertext access request carries ciphertext description information of the request access;
and sending the ciphertext to the decryption terminal based on the ciphertext access request.
18. The method of claim 17, before receiving the ciphertext access request of the decryption terminal, the method further comprising:
receiving an agent re-key of the central equipment;
re-encrypting the ciphertext according to the proxy re-key to obtain a re-encrypted ciphertext;
after receiving the ciphertext access request of the decryption terminal, the method further includes:
and sending the re-encrypted ciphertext to the decryption terminal based on the ciphertext access request.
19. The method of claim 18, the re-encrypting the ciphertext according to the proxy re-key to obtain a re-encrypted ciphertext, comprising:
acquiring a re-encrypted random number;
obtaining an updated fourth random number according to the fourth random number and the re-encrypted random number;
obtaining an updated fifth random number according to the fifth random number and the re-encrypted random number;
updating the first ciphertext component and the main ciphertext component in the ciphertext according to the updated fourth random number and the updated fifth random number to obtain an updated first ciphertext component and an updated main ciphertext component;
and re-encrypting the ciphertext according to the access structure tree, the updated first ciphertext component, the updated second ciphertext component and the updated main ciphertext component to obtain the re-encrypted ciphertext.
20. An encryption method applied to a proxy server, comprising:
receiving a first private key sent by central equipment;
receiving a decryption request of a decryption terminal;
and sending the first private key to the decryption terminal based on the decryption request.
21. The method according to claim 20, wherein after the receiving of the first private key sent by the center device and before the receiving of the decryption request of the decryption terminal, the method further comprises:
receiving an agent re-key and an updated user list sent by the central equipment;
updating the first private key according to the agent re-key and the updated user list to obtain an updated first private key;
the sending the first private key to the decryption terminal based on the decryption request includes:
and when the decryption terminal is in the updated user list, sending the updated first private key to the decryption terminal.
22. A center device, characterized in that the center device comprises:
the acquisition module is used for acquiring a master key and a user attribute set; the user attribute set is a set of attributes contained in the user in a user list, and the master key is obtained based on the acquired security parameters;
acquiring the user attribute of the decryption terminal from the user attribute set;
the generation module is used for generating a first private key and a second private key corresponding to the decryption terminal according to the user attribute and the master key, wherein the first private key is irrelevant to the user attribute of the decryption terminal; the second private key is related to the user attribute of the decryption terminal;
the sending module is used for sending the first private key to a proxy server for the proxy server to assist the decryption terminal in decryption; and sending the second private key to the decryption terminal for the decryption terminal to use in decryption.
23. A decryption terminal, characterized in that the decryption terminal comprises:
the receiving module is used for receiving a second private key sent by the central equipment; obtaining a ciphertext through a storage server; receiving, by a proxy server, a first private key; receiving a user attribute revocation list through a central device;
and the decryption module is used for decrypting the ciphertext by adopting the first private key and the second private key to obtain a plaintext.
24. An encryption terminal, characterized in that the encryption terminal comprises:
the acquisition module is used for receiving the system attribute set and the system public key through the central equipment; acquiring encryption attributes from the system attribute set, and acquiring an access structure tree according to the encryption attributes; the encryption attribute is an attribute of a node of an access structure tree;
the encryption module is used for encrypting a plaintext according to the system public key and the access structure tree to obtain a ciphertext; the plaintext is data to be encrypted;
and the sending module is used for sending the ciphertext to a storage server so that the decryption terminal can obtain the ciphertext through the storage server.
25. A storage server, the storage server comprising:
the receiving module is used for receiving the ciphertext sent by the encryption terminal and the ciphertext access request of the decryption terminal; the ciphertext access request carries ciphertext description information of the request access;
and the sending module is used for sending the ciphertext to the decryption terminal based on the ciphertext access request.
26. A proxy server, characterized in that the proxy server comprises:
the receiving module is used for receiving a first private key sent by the central equipment and a decryption request of the decryption terminal;
and the sending module is used for sending the first private key to a decryption terminal based on the decryption request.
27. A storage medium for use in a central device, the storage medium storing one or more programs executable by one or more first processors to implement a method as claimed in any one of claims 1-6.
28. A storage medium for a decryption terminal, the storage medium storing one or more programs executable by one or more second processors to implement a method according to any one of claims 7 to 13.
29. A storage medium for an encryption terminal, the storage medium storing one or more programs executable by one or more third processors to implement the method of any one of claims 14-16.
30. A storage medium applied to a storage server, wherein the storage medium stores one or more programs, and the one or more programs are executable by one or more fourth processors to implement the method according to any one of claims 17 to 19.
31. A storage medium applied to a proxy server, wherein the storage medium stores one or more programs, and the one or more programs are executable by one or more fifth processors to implement the method according to any one of claims 20 to 21.
CN201911339683.2A 2019-12-23 2019-12-23 Information processing method, terminal, center device, server, and storage medium Active CN113098678B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201911339683.2A CN113098678B (en) 2019-12-23 2019-12-23 Information processing method, terminal, center device, server, and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201911339683.2A CN113098678B (en) 2019-12-23 2019-12-23 Information processing method, terminal, center device, server, and storage medium

Publications (2)

Publication Number Publication Date
CN113098678A true CN113098678A (en) 2021-07-09
CN113098678B CN113098678B (en) 2022-06-03

Family

ID=76663962

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201911339683.2A Active CN113098678B (en) 2019-12-23 2019-12-23 Information processing method, terminal, center device, server, and storage medium

Country Status (1)

Country Link
CN (1) CN113098678B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113676462A (en) * 2021-08-03 2021-11-19 北京海泰方圆科技股份有限公司 Key distribution and decryption method, device, equipment and medium

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104113408A (en) * 2014-07-11 2014-10-22 西安电子科技大学 Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption
CN104883254A (en) * 2015-06-12 2015-09-02 深圳大学 Cloud computing platform oriented cryptograph access control system and access control method thereof
CN109068322A (en) * 2018-08-22 2018-12-21 航天信息股份有限公司 Decryption method, system, mobile terminal, server and storage medium
CN109286491A (en) * 2018-10-18 2019-01-29 上海海事大学 A kind of key policy attribute base encryption method based on proxy revocation
CN109818741A (en) * 2017-11-22 2019-05-28 航天信息股份有限公司 A kind of decryption calculation method and device based on elliptic curve
CN110099043A (en) * 2019-03-24 2019-08-06 西安电子科技大学 The hiding more authorization center access control methods of support policy, cloud storage system

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104113408A (en) * 2014-07-11 2014-10-22 西安电子科技大学 Method for realizing timely user attribute cancel based on ciphertext-policy attribute-based encryption
CN104883254A (en) * 2015-06-12 2015-09-02 深圳大学 Cloud computing platform oriented cryptograph access control system and access control method thereof
CN109818741A (en) * 2017-11-22 2019-05-28 航天信息股份有限公司 A kind of decryption calculation method and device based on elliptic curve
CN109068322A (en) * 2018-08-22 2018-12-21 航天信息股份有限公司 Decryption method, system, mobile terminal, server and storage medium
CN109286491A (en) * 2018-10-18 2019-01-29 上海海事大学 A kind of key policy attribute base encryption method based on proxy revocation
CN110099043A (en) * 2019-03-24 2019-08-06 西安电子科技大学 The hiding more authorization center access control methods of support policy, cloud storage system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113676462A (en) * 2021-08-03 2021-11-19 北京海泰方圆科技股份有限公司 Key distribution and decryption method, device, equipment and medium

Also Published As

Publication number Publication date
CN113098678B (en) 2022-06-03

Similar Documents

Publication Publication Date Title
Jung et al. Control cloud data access privilege and anonymity with fully anonymous attribute-based encryption
Li et al. A lightweight secure data sharing scheme for mobile cloud computing
Hur Attribute-based secure data sharing with hidden policies in smart grid
Koo et al. Secure and efficient data retrieval over encrypted data using attribute-based encryption in cloud storage
Zhou et al. Efficient and secure data storage operations for mobile cloud computing
Zhou et al. Achieving secure role-based access control on encrypted data in cloud storage
CN104901942B (en) A kind of distributed access control method based on encryption attribute
Liu et al. Multi-user searchable encryption with coarser-grained access control in hybrid cloud
CN114065265A (en) Fine-grained cloud storage access control method, system and equipment based on block chain technology
Zu et al. New ciphertext-policy attribute-based encryption with efficient revocation
KR101615137B1 (en) Data access method based on attributed
Ming et al. Efficient revocable multi-authority attribute-based encryption for cloud storage
Qinlong et al. Improving security and efciency for encrypted data sharing in online social networks
Patil et al. Non-transitive and collusion resistant quorum controlled proxy re-encryption scheme for resource constrained networks
Yang et al. ABAC: Attribute-based access control
Zhang et al. Multi‐authority attribute‐based encryption scheme with constant‐size ciphertexts and user revocation
CN110611571A (en) Revocable access control method of smart grid system based on fog
Lv et al. A secure and efficient revocation scheme for fine-grained access control in cloud storage
FU et al. Secure personal data sharing in cloud computing using attribute-based broadcast encryption
CN113098678B (en) Information processing method, terminal, center device, server, and storage medium
Hong et al. A key-insulated CP-ABE with key exposure accountability for secure data sharing in the cloud
More et al. Cloud data security using attribute-based key-aggregate cryptosystem
Liu et al. A temporal and spatial constrained attribute-based access control scheme for cloud storage
Dhal et al. RACC: An efficient and revocable fine grained access control model for cloud storage
Binbusayyis et al. Decentralized attribute-based encryption scheme with scalable revocation for sharing data in public cloud servers

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant