CN113411305A - Ciphertext equivalence comparison method based on double-server model - Google Patents

Ciphertext equivalence comparison method based on double-server model Download PDF

Info

Publication number
CN113411305A
CN113411305A CN202110528777.5A CN202110528777A CN113411305A CN 113411305 A CN113411305 A CN 113411305A CN 202110528777 A CN202110528777 A CN 202110528777A CN 113411305 A CN113411305 A CN 113411305A
Authority
CN
China
Prior art keywords
server
ciphertext
data
auxiliary
authorization
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110528777.5A
Other languages
Chinese (zh)
Inventor
赵萌
丁勇
王玉珏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guilin University of Electronic Technology
Original Assignee
Guilin University of Electronic Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guilin University of Electronic Technology filed Critical Guilin University of Electronic Technology
Priority to CN202110528777.5A priority Critical patent/CN113411305A/en
Publication of CN113411305A publication Critical patent/CN113411305A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Abstract

The invention discloses a ciphertext equivalence comparison method based on a dual-server model, which comprises the steps that a trusted authority generates system public parameters, members in a system generate respective public keys and private keys according to the system public parameters, a data sender encrypts data, the generated ciphertext is sent to a main server to be stored, and a data receiver decrypts the ciphertext; the equivalent comparison is performed on the ciphertext based on the double servers in the cloud storage environment, and the data guessing attack faced by the single server mode is effectively prevented. Until unauthorized, no server can perform the ciphertext equivalence comparison. After the authorization is obtained, the single server cannot perform ciphertext equivalence comparison, and the method and the system well ensure the privacy of the user outsourced data in two stages before and after the server obtains the authorization.

Description

Ciphertext equivalence comparison method based on double-server model
Technical Field
The invention relates to the technical field of information security passwords, in particular to a ciphertext equivalence comparison method based on a double-server model.
Background
In a cloud computing environment, in order to ensure data privacy, data needs to be stored on a cloud server in a ciphertext form. But the common data cipher does not support equivalence comparison. In order to solve the problem, researchers have proposed a large number of ciphertext equivalence comparison methods based on a single server model, but under the single server model, after a server obtains user authorization, the server can launch guess attack on outsourced ciphertext of the user while executing legal ciphertext equivalence comparison.
Disclosure of Invention
The invention aims to provide a ciphertext equivalence comparison method based on a double-server model, and aims to solve the technical problem that data storage safety in a cloud storage environment is not high in the prior art.
In order to achieve the above object, the ciphertext equivalence comparison method based on the dual-server model adopted by the invention comprises the following steps:
initializing a system, and generating system public parameters;
the data receiver generates a receiver public key and a receiver private key according to the system public parameters;
the main server and the auxiliary server generate respective public keys and private keys according to the system public parameters;
the data sender encrypts data and sends the generated ciphertext to the main server for storage;
the data receiver decrypts the ciphertext;
a data receiver generates ciphertext authorization and respectively sends the ciphertext authorization to the main server and the auxiliary server;
and the main server and the auxiliary server respectively carry out processing judgment and output comparison results.
Optionally, the system includes a trusted authority, a data sender, a data receiver, a main server and an auxiliary server, where the trusted authority is trusted by each entity and is responsible for generating system public parameters, the data sender is responsible for encrypting and sending data, the data receiver decrypts data and generates authorization for the main server and the auxiliary server, and the main server and the auxiliary server perform ciphertext equivalence comparison to output a result.
Optionally, the system public parameter is output after the trusted authority selects a security parameter, a cyclic group and a collision-resistant hash function.
Optionally, in the process of encrypting data by a data sender and sending the generated ciphertext to the main server for storage, the data sender encrypts the data by using the public key of the receiver, the public key of the main server and the public key of the auxiliary server.
Optionally, in the process of decrypting the ciphertext by the data receiver, the data receiver uses the receiver private key to decrypt the ciphertext.
Optionally, the ciphertext authorization is generated according to the recipient private key, the public key of the primary server, and the public key of the secondary server.
Optionally, in the process that the main server and the auxiliary server respectively perform processing and judgment and output a comparison result, the main server and the auxiliary server decrypt the ciphertext authorization according to respective private keys, the main server generates an intermediate result of the equivalence judgment according to the authorization and sends the intermediate result to the auxiliary server, and the auxiliary server judges the received intermediate result and outputs the comparison result.
Optionally, the step of the secondary server determining the received intermediate result and outputting the comparison result includes: the intermediate results are compared with each other in an equivalent manner,
if equal, the number 1 is output, which indicates that the encrypted data are equal;
if not, a digital 0 is output, which indicates that the encrypted data are not equal.
The ciphertext equivalence comparison method based on the dual-server model comprises the steps that system public parameters are generated through the trusted authority, members in the system generate respective public keys and private keys according to the system public parameters, a data sender encrypts data and sends the generated ciphertext to the main server for storage, and a data receiver decrypts the ciphertext; the equivalent comparison is performed on the ciphertext based on the double servers in the cloud storage environment, and the data guessing attack faced by the single server mode is effectively prevented. Until unauthorized, no server can perform the ciphertext equivalence comparison. After the authorization is obtained, the single server cannot perform ciphertext equivalence comparison, and the method and the system well ensure the privacy of the user outsourced data in two stages before and after the server obtains the authorization.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a schematic flow chart of a ciphertext equivalence comparison method based on a dual-server model.
Fig. 2 is a schematic diagram of the system of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
Referring to fig. 1 to 2, the present invention provides a ciphertext equivalence comparison method based on a dual-server model, including the following steps:
s1: initializing a system, and generating system public parameters;
s2: the data receiver generates a receiver public key and a receiver private key according to the system public parameters;
s3: the main server and the auxiliary server generate respective public keys and private keys according to the system public parameters;
s4: the data sender encrypts data and sends the generated ciphertext to the main server for storage;
s5: the data receiver decrypts the ciphertext;
s6: a data receiver generates ciphertext authorization and respectively sends the ciphertext authorization to the main server and the auxiliary server;
s7: and the main server and the auxiliary server respectively carry out processing judgment and output comparison results.
The system comprises a trusted authority, a data sender, a data receiver, a main server and an auxiliary server, wherein the trusted authority is trusted by all entities and is responsible for generating system public parameters, the data sender is responsible for encrypting and sending data, the data receiver decrypts the data and generates authorization for the main server and the auxiliary server, and the main server and the auxiliary server execute ciphertext equivalence comparison to output results.
And the system public parameters are output after the trusted authority selects the safety parameters, the cyclic group and the anti-collision hash function.
And in the process that a data sender encrypts data and sends the generated ciphertext to the main server for storage, the data sender encrypts the data by using the public key of the receiver, the public key of the main server and the public key of the auxiliary server.
And in the process that the data receiver decrypts the ciphertext, the data receiver decrypts by using the receiver private key.
The ciphertext authorization is generated according to the receiver private key, the public key of the main server and the public key of the auxiliary server.
And in the process of respectively processing and judging the main server and the auxiliary server and outputting a comparison result, the main server and the auxiliary server decrypt the ciphertext authorization according to respective private keys, the main server generates an intermediate result of equivalent judgment according to the authorization and sends the intermediate result to the auxiliary server, and the auxiliary server judges the received intermediate result and outputs the comparison result.
The steps of judging the received intermediate result and outputting the comparison result by the auxiliary server comprise: the intermediate results are compared with each other in an equivalent manner,
if equal, the number 1 is output, which indicates that the encrypted data are equal;
if not, a digital 0 is output, which indicates that the encrypted data are not equal.
Specifically, the trusted authority TA inputs the security parameter λ and outputs the system public parameter R ═ G (G, G)T,p,e,g,H1,H2,H3). Wherein G and GTRepresenting two p-order cyclic groups, p being a large prime number. e: g → GTRepresenting a bilinear mapping operation. G denotes a generator selected from the cyclic group G. H1:G×GT→G,H2:G×G→{0,1}|G|+|p|And H3:GT→ZpThree collision-resistant hash functions are represented, where | G | and | p | represent the cyclic group G and the domain Z, respectivelypLength of upper element, ZpRepresenting {0, 1, 2.., p-1 }.
Optionally, the data receiver generates respective public key and private key according to the system public parameter.
In particular, each data receiver Ui(i is more than or equal to 1 and less than or equal to n) randomly selecting three elements
Figure BDA0003066273450000041
Where n represents the number of data recipients,
Figure BDA0003066273450000042
representing the set 1, 2. Computing
Figure BDA0003066273450000043
Figure BDA0003066273450000044
And
Figure BDA0003066273450000045
thus, the data receiver UiThe private key of (1) is ski=(ai,1,ai,2,ai,3) The public key is pki=(θi,1,θi,2,θi,3)。
Optionally, each server generates a respective public key and a private key according to the system public parameters, and includes a main server and an auxiliary server.
In particular, a server Sj(j ═ 1 as the main server S1J 2 is the auxiliary server S2) Randomly selecting two elements
Figure BDA0003066273450000046
Computing
Figure BDA0003066273450000047
And
Figure BDA0003066273450000048
thus, the server SjHas a private key of sskj=(aj,1,aj,2) The public key is
Figure BDA0003066273450000049
Optionally, the data sender encrypts the data using the public key of the data receiver, and sends the generated ciphertext to the main server for storage.
Specifically, for data m ∈ G, the data sender randomly selects an element
Figure BDA0003066273450000051
Computing
c1=gδ
Figure BDA0003066273450000052
Figure BDA0003066273450000059
The calculated ciphertext c is equal to (c)1,c2,c3) Is sent to the main server S1
Optionally, the data receiver decrypts the ciphertext thereof using its own private key.
In particular, for storage in the main server S1Data receiver U ofiAny ciphertext of (c ═ c)1,c2,c3) Data receiver UiAccording to its own private key ski=(ai,1,ai,2,ai,3) Decrypt it, i.e.
(1) Computing intermediate results
Figure BDA0003066273450000053
(2) Computing
Figure BDA0003066273450000054
(3) Verification c1=gδ′And Δ ═ m'δ′And if so, outputting m', otherwise, outputting an error mark of ^ T.
Optionally, the data receiver generates a same authorization for the two servers according to the private key of the data receiver and the public keys of the main server and the auxiliary server, and sends the authorization to the main server and the auxiliary server respectively.
In particular, a data receiver UiAccording to its own private key ski=(ai,1,ai,2,ai,3) And the public key spk of the primary and secondary servers1And spk2An identical authorization is generated for both servers. Data receiver UiRandomly selecting elements
Figure BDA0003066273450000055
Computing
Figure BDA0003066273450000056
Data receiver UiConverting the authorization r to (r)1,r2) Respectively sent to the main server S1And an auxiliary server S2
Optionally, the primary server and the secondary server decrypt the received authorization in the form of the ciphertext according to their own private keys.
In particular, the main server S1According to its own private key ssk1=(a1,1,a1,2) Authorization r ═ for received ciphertext form (r)1,r2) Decryption is performed. Master server S1Computing
(1) Computing
Figure BDA0003066273450000057
(2) Verification equation
Figure BDA0003066273450000058
If yes, outputting authorization w ═ ai,1If not, outputting an error mark.
Auxiliary server S2The same authorization w ═ a can be decrypted in a similar manneri,1′。
Optionally, for the two ciphertexts of the data receiver, the main server generates an intermediate result of the equivalence judgment according to the authorization and sends the intermediate result to the auxiliary server.
In particular for the data receiver UiTwo ciphertexts c ═ c1,c2,c3) And c ═ c1′,c2′,c3') host server S1The following procedure is performed according to the grant w to generate an intermediate result of the equivalence determination. Master server S1Computing
Figure BDA0003066273450000061
Sending the intermediate result (gamma, gamma') to the secondary server S2
Optionally, the auxiliary server determines the intermediate result received from the main server, and outputs 1 if the data corresponding to the ciphertext is equal, or outputs 0 if not.
In particular, for the intermediate results (γ, γ') received from the primary server, the secondary server S2The following process is executed to determine the data receiver UiTwo ciphertexts c ═ c1,c2,c3) And c ═ c1′,c2′,c3') whether the encrypted data is equal. Auxiliary server S2Computing
Figure BDA0003066273450000062
If the equation holds, 1 is output, meaning data receiver UiTwo ciphertexts c ═ c1,c2,c3) And c ═ c1′,c2′,c3') the encrypted data is equal, otherwise a 0 is output, meaning that the two ciphertext encrypted data are not equal.
While the invention has been described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention as defined by the appended claims.

Claims (8)

1. A ciphertext equivalence comparison method based on a double-server model is characterized by comprising the following steps:
initializing a system, and generating system public parameters;
the data receiver generates a receiver public key and a receiver private key according to the system public parameters;
the main server and the auxiliary server generate respective public keys and private keys according to the system public parameters;
the data sender encrypts data and sends the generated ciphertext to the main server for storage;
the data receiver decrypts the ciphertext;
a data receiver generates ciphertext authorization and respectively sends the ciphertext authorization to the main server and the auxiliary server;
and the main server and the auxiliary server respectively carry out processing judgment and output comparison results.
2. The ciphertext equivalence comparison method based on the dual-server model, according to claim 1, wherein the system comprises a trusted authority, a data sender, a data receiver, a main server and an auxiliary server, the trusted authority is trusted by each entity and is responsible for generating system public parameters, the data sender is responsible for encrypting and sending data, the data receiver decrypts data and generates authorization for the main server and the auxiliary server, and the main server and the auxiliary server execute ciphertext equivalence comparison and output results.
3. The ciphertext equivalence comparison method based on the dual-server model, as claimed in claim 2, wherein the system public parameters are output after the trusted authority selects security parameters, cyclic groups and collision-resistant hash functions.
4. The dual-server model-based ciphertext equivalence comparison method of claim 3, wherein in the process of encrypting data by a data sender and sending the generated ciphertext to the primary server for storage, the data sender encrypts data using the recipient public key, the public key of the primary server, and the public key of the secondary server.
5. The dual-server model-based ciphertext equivalence comparison method of claim 4, wherein in decrypting the ciphertext by a data recipient, the data recipient uses the recipient private key to decrypt.
6. The dual-server model-based ciphertext equivalence comparison method of claim 5, wherein the ciphertext authority is generated based on the recipient private key, the primary server public key, and the secondary server public key.
7. The ciphertext equivalence comparison method based on the dual-server model as claimed in claim 6, wherein in the process that the main server and the auxiliary server respectively perform processing judgment and output comparison results, the main server and the auxiliary server decrypt the ciphertext authorization according to respective private keys, the main server generates an intermediate result of equivalence judgment according to authorization and sends the intermediate result to the auxiliary server, and the auxiliary server judges the received intermediate result and outputs the comparison result.
8. The ciphertext equivalence comparison method based on the dual-server model of claim 7, wherein the step of the secondary server determining the received intermediate result and outputting the comparison result comprises: the intermediate results are compared with each other in an equivalent manner,
if equal, the number 1 is output, which indicates that the encrypted data are equal;
if not, a digital 0 is output, which indicates that the encrypted data are not equal.
CN202110528777.5A 2021-05-14 2021-05-14 Ciphertext equivalence comparison method based on double-server model Pending CN113411305A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110528777.5A CN113411305A (en) 2021-05-14 2021-05-14 Ciphertext equivalence comparison method based on double-server model

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110528777.5A CN113411305A (en) 2021-05-14 2021-05-14 Ciphertext equivalence comparison method based on double-server model

Publications (1)

Publication Number Publication Date
CN113411305A true CN113411305A (en) 2021-09-17

Family

ID=77678491

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110528777.5A Pending CN113411305A (en) 2021-05-14 2021-05-14 Ciphertext equivalence comparison method based on double-server model

Country Status (1)

Country Link
CN (1) CN113411305A (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109246098A (en) * 2018-08-31 2019-01-18 桂林电子科技大学 A method of support the synchronous ciphertext of backup server to compare
CN109981265A (en) * 2019-03-12 2019-07-05 武汉大学 A kind of ciphertext equivalence determination method without using Bilinear map of identity-based
CN110162998A (en) * 2019-04-29 2019-08-23 华南农业大学 Identity ciphering equivalence test method, device, system and medium based on user group

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109246098A (en) * 2018-08-31 2019-01-18 桂林电子科技大学 A method of support the synchronous ciphertext of backup server to compare
CN109981265A (en) * 2019-03-12 2019-07-05 武汉大学 A kind of ciphertext equivalence determination method without using Bilinear map of identity-based
CN110162998A (en) * 2019-04-29 2019-08-23 华南农业大学 Identity ciphering equivalence test method, device, system and medium based on user group

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
张宇波: "云计算中密文等值判定机制设计与安全性分析", 《信息科技》 *

Similar Documents

Publication Publication Date Title
CN110213042B (en) Cloud data deduplication method based on certificate-free proxy re-encryption
CA2806357C (en) Authenticated encryption for digital signatures with message recovery
US7657037B2 (en) Apparatus and method for identity-based encryption within a conventional public-key infrastructure
US7516321B2 (en) Method, system and device for enabling delegation of authority and access control methods based on delegated authority
US7574596B2 (en) Cryptographic method and apparatus
CN110113155B (en) High-efficiency certificateless public key encryption method
CN110958219B (en) SM2 proxy re-encryption method and device for medical cloud shared data
US20120096273A1 (en) Authenticated encryption for digital signatures with message recovery
CN109873699B (en) Revocable identity public key encryption method
CN107086911B (en) CCA (clear channel assessment) safe proxy re-encryption method capable of delegating verification
CA2590989A1 (en) Protocol and method for client-server mutual authentication using event-based otp
JP4776906B2 (en) Signature generation method and information processing apparatus
GB2401012A (en) Identifier-based encryption
CN114726546B (en) Digital identity authentication method, device, equipment and storage medium
CN110784300B (en) Secret key synthesis method based on multiplication homomorphic encryption
CN109088721B (en) Entrustable uncovering and encrypting method
CN113098681B (en) Port order enhanced and updatable blinded key management method in cloud storage
CN110798313B (en) Secret dynamic sharing-based collaborative generation method and system for number containing secret
CN114362912A (en) Identification password generation method based on distributed key center, electronic device and medium
CN113656818B (en) Trusted-free third party cloud storage ciphertext deduplication method and system meeting semantic security
CN113779593A (en) Identity-based dual-server authorization ciphertext equivalence determination method
CN116318636A (en) SM 2-based threshold signature method
CN113411305A (en) Ciphertext equivalence comparison method based on double-server model
Rasmussen et al. Weak and strong deniable authenticated encryption: on their relationship and applications
CN109412815B (en) Method and system for realizing cross-domain secure communication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20210917