CN113468556A - Data access control method with complete strategy hiding and related equipment thereof - Google Patents
Data access control method with complete strategy hiding and related equipment thereof Download PDFInfo
- Publication number
- CN113468556A CN113468556A CN202110632578.9A CN202110632578A CN113468556A CN 113468556 A CN113468556 A CN 113468556A CN 202110632578 A CN202110632578 A CN 202110632578A CN 113468556 A CN113468556 A CN 113468556A
- Authority
- CN
- China
- Prior art keywords
- homomorphic
- ciphertext
- node
- data
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The disclosure provides a data access control method of complete strategy hiding and a related device thereof. The method comprises the following steps: firstly initializing an access control system and generating each parameter, calculating bilinear pairing parameters and homomorphic parameters of attributes in the system according to the parameters, further calculating a public key and a master key, then acquiring an attribute set of a user, and calculating a corresponding private key of the user. And acquiring an access strategy of a data owner, constructing a homomorphic access tree structure, and encrypting plaintext data according to the homomorphic access tree structure and a public key to obtain ciphertext data. And finally, during decryption, performing attribute matching under complete strategy hiding according to the private key of the user and the acquired ciphertext, and when the attribute set of the user meets the access strategy set by the data owner in the ciphertext data, decrypting to obtain plaintext data.
Description
Technical Field
The present disclosure relates to the field of data security technologies, and in particular, to a data access control method with complete policy hiding and a related device thereof.
Background
With the rise of big data concepts, more and more traditional industries aim at big data, hope to drive innovation by using the big data, and further promote the progress of the industries. However, the big data may contain private information of an individual, and if the big data is directly published and shared, the private information may be leaked, and personal benefits may be damaged. In the big data sharing stage, an access control technology is generally adopted for data in the cloud to control the data sharing process, wherein a CP-ABE (ciphertext policy-attribute-based encryption) can provide fine-grained access control, and a data publisher has strong data control power, so that the method is very suitable for sharing the big data.
In the conventional CP-ABE scheme, referring to fig. 1, a key SK is associated with an attribute set, a ciphertext CT is associated with an access policy, and the ciphertext can be decrypted to obtain plaintext data only when the attribute set of a user satisfies the access policy of the ciphertext.
In the traditional CP-ABE scheme, the access policy is directly visible in the ciphertext without being hidden, so that the user can learn the access policy in the ciphertext by inference. When the access policy contains sensitive information, the user can acquire the sensitive information in the access policy, thereby causing the disclosure of the privacy information. Taking a medical scenario as an example, a patient sets the access policy of medical record data to "(outpatient service: cardiology department) AND (hospital: AA hospital)", which indicates that the patient wants a doctor in the cardiology department of the north hospital to view the medical record. However, when the user obtains the ciphertext of the medical record data, the user can deduce the access policy set by the patient from the ciphertext, so that the user knows that the patient has heart diseases, and the privacy information of the patient is leaked.
Disclosure of Invention
In view of the above, an object of the present disclosure is to provide a data access control method with complete policy hiding and a related device.
Based on the above object, the present disclosure provides a data access control method for complete policy hiding, including:
generating homomorphic encrypted parameters, and calculating the basic homomorphic parameters of each attribute according to the parameters;
constructing a homomorphic access tree structure according to an access strategy set by a data owner for plaintext data, wherein a first homomorphic ciphertext of each attribute in the access strategy is calculated according to the basic homomorphic parameters, and a corresponding homomorphic node is formed based on the first homomorphic ciphertext and is used as a leaf node of the homomorphic access tree structure;
encrypting the plaintext data based on the homomorphic access tree structure to obtain ciphertext data;
in response to receiving an acquisition request for a decryption private key from user equipment, extracting a user attribute set carried in the acquisition request, and acquiring the decryption private key of the user attribute set, wherein the decryption private key comprises a second homomorphic ciphertext of each attribute in the user attribute set, and the second homomorphic ciphertext is obtained by calculation according to the basic homomorphic parameter;
for each homomorphic node, calculating a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in the user attribute set based on a preset matching function so as to obtain a decryption value of the homomorphic node;
and in response to determining that the user attribute set meets the access policy according to the decryption values of the homomorphic nodes, allowing the user equipment to decrypt the ciphertext data to obtain the plaintext data.
Further, the constructing a homomorphic access tree structure according to the access policy set by the data owner for the plaintext data includes:
constructing an access tree structure according to the access strategy of the data owner;
inserting homomorphic nodes obtained by homomorphic encryption based on the leaf nodes between the leaf nodes and father nodes of the access tree structure, wherein the homomorphic nodes are used as father nodes of the leaf nodes and child nodes of original father nodes;
and removing original leaf child nodes in the access tree structure, and only reserving the homomorphic nodes as leaf nodes of the access tree structure.
Further, for each homomorphic node, calculating a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in each user attribute set based on a preset matching function to obtain a decrypted value of the homomorphic node, including:
performing attribute matching on each homomorphic node in the homomorphic access tree, and defining a matching function at the homomorphic node as Match (W)x,Wy′)=(Wy′Wx oo-WxWy oo)mod O2If and only if Match (W)x,Wy') 0, the attribute of said set of user attributes and the attribute in the access policy of the data owner represented by said homomorphic node are completely matched to obtain the decrypted value of said homomorphic node, if there is no Match (W)x,Wy') 0, the decryption value of said homomorphic node is 1, where Wy' A second homomorphic ciphertext, W, representing an attribute of the set of user attributesxA first homomorphic ciphertext, W, representing an attribute in an access policy of a data owner represented by the homomorphic nodex ooAnd Wy ooAnd respectively calculating homomorphic correction values according to the second correction homomorphic parameter and the first correction homomorphic parameter, wherein O is the product of two large prime numbers in homomorphic encryption.
Further, the node types in the homomorphic access tree structure include AND gates, OR gates, AND threshold gates.
Further, the encrypting the plaintext data based on the homomorphic access tree structure to obtain ciphertext data includes:
setting a secret shared value of a root node of the homomorphic access tree, and calculating a ciphertext parameter of the homomorphic access tree and the secret shared value of the homomorphic node according to the secret shared value of the root node and a bilinear pairing parameter;
calculating a bilinear pairing ciphertext of the homomorphic node according to the secret sharing value of the homomorphic node and the bilinear pairing parameter;
calculating to obtain a first homomorphic ciphertext of the homomorphic node according to the basic homomorphic parameter and the random homomorphic parameter of the homomorphic node;
performing second homomorphic encryption on the random homomorphic parameter to obtain a second correction homomorphic parameter;
encrypting plaintext data according to the total secret shared value to obtain a ciphertext main body; wherein the ciphertext data comprises: the ciphertext module comprises a ciphertext parameter, a ciphertext body, a second correction homomorphic parameter, a first homomorphic ciphertext and a bilinear pairing ciphertext.
Further, the step of, in response to receiving an acquisition request for a decryption private key from a user device, extracting a user attribute set carried in the acquisition request, and acquiring the decryption private key of the user attribute set includes:
calculating private key parameters of the user attribute set and bilinear pairing private keys of attributes in the user attribute set according to bilinear pairing parameters; the bilinear pairing parameters are obtained by calculation according to the generated bilinear mapping in an initialization stage;
multiplying the basic homomorphic parameter of the attribute in each user attribute set by a random homomorphic parameter to obtain a second homomorphic ciphertext of the attribute;
carrying out second homomorphic encryption on the random homomorphic parameters to obtain first correction homomorphic parameters; wherein the ciphertext data comprises: the system comprises a private key parameter, a first correction homomorphic parameter, a homomorphic encryption parameter, a second homomorphic ciphertext and a bilinear pairing private key.
Further, the setting of the secret sharing value of the root node of the homomorphic access tree and the calculation of the secret sharing value of the homomorphic node according to the secret sharing value of the root node include:
setting a secret sharing value of the homomorphic access tree root node to srootFrom the root node to the homomorphic node, the secret sharing value is recursively calculated:
in response to determining that a node is an AND gate, its secret sharing value s is set for each child node of the node using an (n, n) -Shamir secret sharing schemei=f(i);
In response to determining that the node is an OR gate, a (1, n) -Shamir secret sharing scheme is used, for each child node of the node, to set its secret sharing value si=f(i);
In response toDetermining that a node is a threshold gate, using a (t, n) -Shamir secret sharing scheme, where t is a threshold value for the node; for each child node of the node, its secret sharing value s is seti=f(i)。
Based on the same inventive concept, one or more embodiments of the present specification further provide a data access control device with complete policy hiding, including:
and the initialization module is configured to generate homomorphic encrypted parameters and calculate basic homomorphic parameters of each attribute according to the parameters.
The constructing module is configured to construct a homomorphic access tree structure according to an access strategy set by a data owner for plaintext data, wherein a first homomorphic ciphertext of each attribute in the access strategy is calculated according to the basic homomorphic parameters, and corresponding homomorphic nodes are formed on the basis of the first homomorphic ciphertext and are used as leaf nodes of the homomorphic access tree structure;
an encryption module configured to encrypt the plaintext data based on the homomorphic access tree structure to obtain ciphertext data;
the response module is configured to respond to an acquisition request for a decryption private key received from user equipment, extract a user attribute set carried in the acquisition request, and acquire the decryption private key of the user attribute set, wherein the decryption private key comprises a second homomorphic ciphertext of each attribute in the user attribute set, and the second homomorphic ciphertext is obtained by calculation according to the basic homomorphic parameter;
the matching module is configured to calculate, for each homomorphic node, a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in the user attribute set based on a preset matching function so as to obtain a decrypted value of the homomorphic node;
a decryption module configured to allow the user device to decrypt the ciphertext data to obtain the plaintext data in response to determining that the user attribute set satisfies the access policy according to the decryption values of the respective homomorphic nodes.
Based on the same inventive concept, one or more embodiments of the present specification further provide a data access control system with complete policy hiding, including a cloud server, an authority center, a data owner, and a user:
the cloud server is configured to store ciphertext data obtained by encrypting the data owner and send the ciphertext data to the user;
the authority center is configured to generate parameters, calculate bilinear pairing parameters and basic homomorphic parameters for attributes according to the parameters, and further calculate a public key and a master key;
calculating a private key corresponding to the user attribute set according to the acquisition request of the decryption private key of the user and the master key, and sending the private key to the user;
the data owner is configured to set an access strategy of plaintext data, construct a homomorphic access tree structure according to the access strategy of the data owner, encrypt the plaintext data according to the homomorphic access tree structure and a public key to obtain ciphertext data, and send the ciphertext data to the cloud server;
the user is configured to acquire the ciphertext data from the cloud server, match the user attribute set with the access policy of the ciphertext according to the key and the ciphertext data, and decrypt to obtain plaintext data in response to determining that the user attribute set meets the access policy of a data owner in the ciphertext data.
Based on the same inventive concept, one or more embodiments of the present specification further provide an electronic device, comprising a memory, a processor, and a computer program stored on the memory and executable on the processor, the processor implementing the method according to any one of claims 1 to 7 when executing the program.
As can be seen from the foregoing, according to the data access control method and related device for full policy hiding provided by the present disclosure, the attribute in the access policy is encrypted by using homomorphic encryption, so that the hiding of the attribute name and the attribute value, that is, the full policy hiding, is achieved. And ensuring that the user cannot acquire sensitive information from the access strategy of the ciphertext data. On the other hand, when the access policy is hidden, in order to ensure that the attribute matching in the decryption stage can be normally performed, the scheme constructs an attribute matching mechanism based on homomorphic encryption, so that the plaintext can be correctly decrypted from the ciphertext under the condition that the access policy is hidden.
Drawings
In order to more clearly illustrate the technical solutions in the present disclosure or related technologies, the drawings needed to be used in the description of the embodiments or related technologies are briefly introduced below, and it is obvious that the drawings in the following description are only embodiments of the present disclosure, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a schematic flow diagram of a conventional CP-ABE scheme;
FIG. 2 is a flow chart of a method for data access control with full policy hiding according to an embodiment of the disclosure;
FIG. 3 is a flow chart of the construction of a homomorphic access tree structure according to an embodiment of the present disclosure;
FIG. 4 is a diagram illustrating a homomorphic access tree structure according to an embodiment of the disclosure;
FIG. 5 is a flow chart of ciphertext data encryption according to an embodiment of the disclosure;
FIG. 6 is a schematic structural diagram of a data access control device with complete policy hiding according to an embodiment of the present disclosure;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
For the purpose of promoting a better understanding of the objects, aspects and advantages of the present disclosure, reference is made to the following detailed description taken in conjunction with the accompanying drawings.
It is to be noted that technical terms or scientific terms used in the embodiments of the present disclosure should have a general meaning as understood by those having ordinary skill in the art to which the present disclosure belongs, unless otherwise defined. The use of "first," "second," and similar terms in the embodiments of the disclosure is not intended to indicate any order, quantity, or importance, but rather to distinguish one element from another. The word "comprising" or "comprises", and the like, means that the element or item listed before the word covers the element or item listed after the word and its equivalents, but does not exclude other elements or items.
As described in the background section, existing CP-ABE solutions also have difficulty meeting security requirements. In implementing the present disclosure, the applicant finds that policy hiding schemes are divided into and gate based, access tree based and LSSS matrix based policy hiding schemes according to the access structure of CP-ABE. The access tree can express complex access strategies, and the access strategies are visual and easy to read, so that the method is suitable for being used in actual environments. The scholars respectively propose a partial strategy hiding CP-ABE scheme introducing random numbers and a full strategy hiding CP-ABE scheme based on end nodes. The former realizes hiding of attribute values in the access policy by introducing random numbers, and although the former has lower computational complexity, attribute names in the access policy are not hidden, and the former still has the risk of privacy disclosure. The latter constructs end nodes in an access tree structure, realizes complete policy hiding by removing leaf nodes, and realizes attribute matching operation of an access policy and an attribute set by a matching mechanism of the end nodes in a decryption stage, but each end node needs to be paired with all attributes in the attribute set of a user in the decryption stage, so that the computation complexity is high, and the method is not suitable for an actual environment. Currently, the research on the access tree-based policy hiding CP-ABE scheme is still less, and a scheme which combines complete policy hiding and low computational complexity is lacking.
In view of this, the present disclosure provides, in some embodiments, a data access control scheme with complete policy hiding, specifically, first generating parameters, calculating bilinear pairing parameters and homomorphic parameters for attributes according to the parameters, further generating a public key and a master key, then obtaining a user attribute set, and calculating a corresponding private key. And acquiring an access strategy of a data owner, constructing a homomorphic access tree structure, and encrypting a plaintext according to the homomorphic access tree structure and a public key to obtain a ciphertext. And finally, in decryption, matching the user attribute set with the access strategy of the ciphertext according to the user private key and the ciphertext data, and decrypting to obtain plaintext data when the user attribute set meets the access strategy of a data owner in the ciphertext.
Therefore, in the data access control scheme with completely hidden policies according to one or more embodiments of the present disclosure, homomorphic encryption is introduced based on a conventional access tree structure, a homomorphic access tree structure is constructed, and complete hiding of access policies is achieved.
The technical solutions of one or more embodiments of the present disclosure are described in detail below with reference to specific embodiments.
Referring to fig. 2, a data access control method of full policy hiding according to an embodiment of the present disclosure includes the following steps:
step S201, generating homomorphic encrypted parameters, and calculating the basic homomorphic parameters of each attribute according to the parameters.
Step S202, constructing a homomorphic access tree structure according to an access strategy set by a data owner for plaintext data, wherein a first homomorphic ciphertext of each attribute in the access strategy is calculated according to the basic homomorphic parameters, and corresponding homomorphic nodes are formed based on the first homomorphic ciphertext and are used as leaf nodes of the homomorphic access tree structure.
In this step, the plaintext data includes the attribute of the user, and is used to describe a user by several elements, including the attribute name and the attribute value. Specifically, the feature data may be natural or social attributes of the user, such as gender, age, occupation, place of residence, friend relationship, and the like, where the gender, age, occupation, place of residence, friend relationship, and the like are attribute names of the user, and specific contents thereof, such as male, 21 year, student, a certain cell, close relationship with xx, and the like are attribute values of the user; the characteristic data may also be historical behavior of the user, such as whether the user has gone to a certain hospital, has a certain disease, etc. Obviously, the specific content included in the feature data can be selected according to specific implementation requirements.
In this embodiment, the manner of obtaining the feature data is not specifically limited, and may be uploaded by a user or obtained from an external data source; for example, the natural attributes of the user, such as gender, age, etc., can be obtained from the user registration information database; the medical records of the user can be obtained from a database of the hospital platform.
In this step, referring to fig. 3, the step of constructing the homomorphic access tree structure may be completed by the following steps:
s301, constructing an access tree structure according to the access strategy of the data owner;
in this step, the constructed access tree structure is a conventional access tree structure.
S302, inserting homomorphic nodes obtained by homomorphic encryption based on the leaf nodes between the leaf nodes and father nodes of the access tree structure, wherein the homomorphic nodes are used as father nodes of the leaf nodes and child nodes of original father nodes;
s303, removing original leaf child nodes in the access tree structure, and only reserving the homomorphic nodes as leaf nodes of the access tree structure.
As can be seen from fig. 4, in the homomorphic access tree structure in this embodiment, the homomorphic node matched with the original leaf child node is used to replace the original leaf node, so that the original leaf child node is removed, and meanwhile, the information of the attribute value and the attribute name in the original leaf child node is hidden, thereby protecting the privacy of the user.
Step S203, encrypting the plaintext data based on the homomorphic access tree structure to obtain ciphertext data.
Step S204, in response to receiving an acquisition request for a decryption private key from user equipment, extracting a user attribute set carried in the acquisition request, and acquiring the decryption private key of the user attribute set, wherein the decryption private key comprises a second homomorphic ciphertext of each attribute in the user attribute set, and the second homomorphic ciphertext is obtained by calculation according to the basic homomorphic parameter.
Step S205, for each homomorphic node, calculating a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in the user attribute set based on a preset matching function to obtain a decryption value of the homomorphic node;
in this step, first, attribute matching is performed on each homomorphic node in the homomorphic access tree, and a matching function at the homomorphic node is defined as Match (W)x,Wy′)=(Wy′Wx oo-WxWy oo)mod O2If and only if Match (W)x,Wy') 0, the attribute of said set of user attributes and the attribute in the access policy of the data owner represented by said homomorphic node are completely matched to obtain the decrypted value of said homomorphic node, if there is no Match (W)x,Wy') 0, the decryption value of the homomorphic node is 1, i.e., the homomorphic node has not completed attribute matching, where Wy' A second homomorphic ciphertext, W, representing an attribute of the set of user attributesxA first homomorphic ciphertext, W, representing an attribute in an access policy of a data owner represented by the homomorphic nodex ooAnd Wy ooAnd respectively calculating homomorphic correction values according to the second correction homomorphic parameter and the first correction homomorphic parameter, wherein O is the product of two large prime numbers in homomorphic encryption.
Step S206, in response to determining that the user attribute set satisfies the access policy according to the decryption value of each homomorphic node, allowing the user equipment to decrypt the ciphertext data to obtain the plaintext data.
It can be seen that, in the present embodiment, the full policy hiding of CP-ABE is implemented based on homomorphic encryption, and has lower computational complexity. When the access tree structure is constructed according to the access policy, the user cannot know the attributes corresponding to the homomorphic nodes from the access policy because the homomorphic access tree structure removes the original leaf nodes. In the decryption stage, the matching operation under the attribute hiding condition is realized through an attribute matching mechanism based on homomorphic encryption, and then the decryption of the ciphertext is completed. Meanwhile, because the attribute matching mechanism is a multiplication operation between the first homomorphic ciphertext and the second homomorphic ciphertext, the computation complexity is much lower compared with the bilinear pairing operation required in the decryption stage. Therefore, compared with the original CP-ABE scheme, the scheme of introducing the new attribute matching mechanism has similar computational complexity in the decryption stage, but realizes complete strategy hiding; the complexity is significantly reduced compared to the existing strategy hiding CP-ABE scheme. The scheme gives consideration to complete strategy hiding and low computation complexity, is suitable for application in an actual environment, and has strong practical significance.
In some embodiments, the node types in the homomorphic access tree structure include AND gates, OR gates, AND threshold gates.
As an alternative embodiment, referring to fig. 5, for encrypting the plaintext data based on the homomorphic access tree structure in step S203 in the foregoing embodiment to obtain ciphertext data, the encrypting step may further include:
s501, setting a secret sharing value of a root node of the homomorphic access tree, and calculating a cipher text parameter of the homomorphic access tree and the secret sharing value of the homomorphic node according to the secret sharing value of the root node and a bilinear pairing parameter;
in this step, the secret sharing value of the root node of the homomorphic access tree is set as srootFrom the root node to the homomorphic node, the secret sharing value is recursively calculated:
if the node is an AND gate, its secret sharing value s is set for each child node of the node using the (n, n) -Shamir secret sharing schemei=f(i);
If the node is an OR gate, its secret sharing value s is set for each child node of the node using a (1, n) -Shamir secret sharing schemei=f(i);
If the node is a threshold gate, using a (t, n) -Shamir secret sharing scheme, where t is the threshold value for the node; for each child node of the node, its secret sharing value s is seti=f(i)。
In this embodiment, the AND gate indicates that the attributes represented by all child nodes connected to the AND are satisfied. For example < doctor > AND < cardiology > is the doctor of the cardiology department. An OR gate indicates that the attributes represented by all nodes connected to the OR need to satisfy only one of them. For example < doctor > OR < cardiology > is the doctor OR someone in the cardiology department. The Threshold gate indicates that the attributes represented by all nodes connected to the Threshold need to satisfy a set Threshold k, for example, if the Threshold of the Threshold gate is k, at least k child nodes in the child nodes need to satisfy.
S502, calculating a bilinear pairing ciphertext of the homomorphic node according to the secret sharing value and the bilinear pairing parameter of the homomorphic node;
s503, calculating to obtain a first homomorphic ciphertext of the homomorphic node according to the basic homomorphic parameter and the random homomorphic parameter of the homomorphic node.
In step S201, the system assigns a basic homomorphic parameter to each attribute, performs first homomorphic encryption for each leaf node in this step, and multiplies the basic homomorphic parameter of each leaf node by a random homomorphic parameter to obtain a first homomorphic ciphertext of each leaf node.
S504, second homomorphic encryption is carried out on the random homomorphic parameters to obtain second correction homomorphic parameters.
In this step, the purpose of the second homomorphic encryption is to secure the random homomorphic parameter.
S505, encrypting plaintext data according to the total secret shared value to obtain a ciphertext main body; wherein the ciphertext data comprises: the ciphertext module comprises a ciphertext parameter, a ciphertext body, a second correction homomorphic parameter, a first homomorphic ciphertext and a bilinear pairing ciphertext.
As a specific example, the mathematical procedure of the present embodiment is given:
generating bilinear mapping parameters: inputting a security parameter lambda, and generating a bilinear mapping e: g → GTWhere the order N of G is pqr. Gp、GqAnd GrThe generator is a subgroup of G with the order of p, q and rp、gqAnd gr。
Parameters for generating homomorphic encryption: two large prime numbers O are randomly selected1And O2Both satisfy gcd (o)1o2,(o1-1)(o2-1))=1。
Calculating O ═ O1o2,β=lcm(o1-1,o2-1). The selection of s is made at random,
and s satisfies gcd (L(s)βmod O2),O)=1。
Two prime numbers o 'are randomly selected'1And o'2Both satisfy gcd (o'1o′2,(o′1-1)(o′2-1))=1。
Calculating O ═ O'1o′2,β′=lcm(o′1-1,o′2-1). The s' is randomly selected,
and s 'satisfies gcd (L (s'β′mod O′2) O') is 1. Randomly selecting gamma' epsilon ZO′And 0 < γ '< O', gcd (γ ', O') -1.
Calculating bilinear pairing parameters of each attribute: for attribute set U ═ A1,A2,...,AnAnd possible attribute values within each set
Define all attributes as ui,j,i∈{1,...,n},j∈{1,...,ui}. Randomly selecting alpha, ti,j∈ZNAnd R0,Ri,j∈GqCalculating T0=gpR0And
calculating the basic homomorphism parameter of each attribute: randomly selecting gamma to ZOAnd 0 < gamma < O, gcd (gamma, O) ═ 1. Random selection of wi,j∈ZOCalculating
Export public key PK and master key MK are as follows:
and (3) key generation: input user attribute set L ═ L1,l2,...,lmConstructing a private key SK corresponding to L by using the key and the master key MKL。
Randomly selecting r ∈ ZpCalculating d0=gp α-r(private key parameter of user attribute set). For the
Random selection
(bilinear pairing private key for each attribute in the user attribute set), wherein
Is composed of
Corresponding ti,jThe value of (c).
Random selection of hx∈ZO′Calculating
(random homomorphism parameters) and
(first correction homomorphism parameter). For the
Is provided with
(basic homomorphism parameter multiplied by random homomorphismAnd obtaining a second homomorphic ciphertext by using the state parameters).
Outputting the private Key SKLThe following were used:
SKL={d0,d′0,{Wx,dx}1≤x≤m,{s,γ,O,s′,γ′,O′,β′}}
and (3) encryption process: and inputting a plaintext M, an access tree T and a public key PK to construct ciphertext data CT of the hidden access strategy.
Setting a secret sharing value of a root node of an access tree T to Sroot. From the root node to the homomorphic node, the secret sharing value is computed recursively as follows:
(a) if the node is an AND gate, the (n, n) -Shamir secret sharing scheme is used. For each child node of the node, its secret sharing value s is seti=f(i)。
(b) If the node is an OR gate, a (1, n) -Shamir secret sharing scheme is used. For each child node of the node, its secret sharing value s is seti=f(i)。
(c) If the node is a threshold gate, a (t, n) -Shamir secret sharing scheme is used, where t is the threshold value for the node. For each child node of the node, its secret sharing value s is seti=f(i)。
For leaf nodes of access tree T
Obtaining the secret sharing value s according to the methody. R 'is selected randomly'y∈GqCalculating
(bilinear pairing ciphertext).
Random selection of hy∈ZO′Calculating
(random homomorphism parameters) and
(second correction homomorphism parameter).
Random selection of R0′∈GqCalculating
(ciphertext parameter) and
(ciphertext body) have
(the basic homomorphism parameter is multiplied by the random homomorphism parameter to obtain a first homomorphism ciphertext).
Output secret data text CT is as follows:
wherein n istreeTo access the number of leaf nodes of the tree T.
And (3) decryption process: inputting a private key SKLAnd ciphertext data CT, and the decryption is divided into a matching stage and a calculating stage.
And in the matching stage, performing attribute matching on the homomorphic nodes.
Computing
And
(the homomorphic correction value is calculated based on the first correction homomorphic parameter and the second correction homomorphic parameter).
Definition of homomorphic sectionsPoint nodeyMatch function Match (W) of (C)x,Wy′)=(Wy′Wx oo-WxWy oo)mod O2. For the
Calculate Match (W)x,Wy′)=(Wy′Wx oo-WxWy oo)mod O2. If and only if Match (W)x,Wy') 0, the attributes are completely matched, i.e., nodeyCorresponding to cyAnd dxMatching, defining the decryption value function Dec (node) of the homomorphic nodey)=e(cy,dx)。
In the calculation stage, the decryption value of the homomorphic node is calculated according to the matching result in the matching stage, and then the plaintext is calculated according to the decryption value of the homomorphic node.
For homomorphic nodeyWhen there is a matchable attribute, Dec (node) is calculatedy)=e(cy,dx) The calculation process is as follows:
and matching the attribute set of the user and the homomorphic node through a matching function, and then performing bilinear pairing calculation through a bilinear pairing private key in the private key and a bilinear pairing ciphertext in the ciphertext to obtain a decryption value of the homomorphic node.
When there is no matchable attribute, Dec (node) is definedy)=1。
For the root node, the plaintext computation process is as follows:
it should be noted that the method of the embodiments of the present disclosure may be executed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene and completed by the mutual cooperation of a plurality of devices. In such a distributed scenario, one of the devices may only perform one or more steps of the method of the embodiments of the present disclosure, and the devices may interact with each other to complete the method.
It should be noted that the above describes some embodiments of the disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing may also be possible or may be advantageous.
Based on the same inventive concept, corresponding to the method of any embodiment, the disclosure also provides a data access control device with complete strategy hiding.
Referring to fig. 6, the data access control device with complete policy hiding includes:
601. and the initialization module is configured to generate homomorphic encrypted parameters and calculate basic homomorphic parameters of each attribute according to the parameters.
602. The constructing module is configured to construct a homomorphic access tree structure according to an access strategy set by a data owner for plaintext data, wherein a first homomorphic ciphertext of each attribute in the access strategy is calculated according to the basic homomorphic parameters, and corresponding homomorphic nodes are formed on the basis of the first homomorphic ciphertext and are used as leaf nodes of the homomorphic access tree structure;
603. an encryption module configured to encrypt the plaintext data based on the homomorphic access tree structure to obtain ciphertext data;
604. the response module is configured to respond to an acquisition request for a decryption private key received from user equipment, extract a user attribute set carried in the acquisition request, and acquire the decryption private key of the user attribute set, wherein the decryption private key comprises a second homomorphic ciphertext of each attribute in the user attribute set, and the second homomorphic ciphertext is obtained by calculation according to the basic homomorphic parameter;
605. the matching module is configured to calculate, for each homomorphic node, a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in the user attribute set based on a preset matching function so as to obtain a decrypted value of the homomorphic node;
606. a decryption module configured to allow the user device to decrypt the ciphertext data to obtain the plaintext data in response to determining that the user attribute set satisfies the access policy according to the decryption values of the respective homomorphic nodes.
For convenience of description, the above devices are described as being divided into various modules by functions, and are described separately. Of course, the functionality of the various modules may be implemented in the same one or more software and/or hardware implementations of the present disclosure.
The apparatus in the foregoing embodiment is used to implement a corresponding data access control method with complete policy hiding in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
Based on the same inventive concept, corresponding to the method of any embodiment, the disclosure also provides a data access control system with complete strategy hiding. The method comprises the following steps of cloud server, authority center, data owner and user:
the cloud server is configured to store ciphertext data encrypted by a data owner and send the ciphertext data to the user.
The authority center is configured to generate parameters, calculate bilinear pairing parameters and basic homomorphic parameters for attributes according to the parameters, and further calculate a public key and a master key;
wherein the parameters include p, q, n, λ, g, wherein p and q represent two large prime numbers, and both satisfy gcd (pq, (p-1) (q-1)) ═ 1. Calculate n ═ pq,. lambda. ═ lcm ((p-1)(q-1)). Randomly selecting g e ZpAnd g satisfies gcd (L (g)λmod N2) And N) is 1. And calculating homomorphic parameters, a public key and a master key for the attributes by adopting a homomorphic encryption algorithm Paillier.
Calculating a private key corresponding to the user attribute set according to the acquisition request of the decryption private key of the user and the master key, and sending the private key to the user;
the data owner is configured to set an access strategy of plaintext data, construct a homomorphic access tree structure according to the access strategy of the data owner, encrypt the plaintext data according to the homomorphic access tree structure and a public key to obtain ciphertext data, and send the ciphertext data to the cloud server;
the user is configured to acquire the ciphertext data from the cloud server, match the user attribute set with the access policy of the ciphertext according to the key and the ciphertext data, and decrypt to obtain plaintext data in response to determining that the user attribute set meets the access policy of a data owner in the ciphertext data.
Based on the same inventive concept, corresponding to the method of any embodiment described above, the present disclosure further provides an electronic device, including a memory, a processor, and a computer program stored on the memory and executable on the processor, where the processor executes the program to implement the data access control method of complete policy hiding according to any embodiment described above.
Fig. 7 is a schematic diagram illustrating a more specific hardware structure of an electronic device according to this embodiment, where the electronic device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein the processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 are communicatively coupled to each other within the device via bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit), a microprocessor, an Application Specific Integrated Circuit (ASIC), or one or more Integrated circuits, and is configured to execute related programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of a ROM (Read Only Memory), a RAM (Random Access Memory), a static storage device, a dynamic storage device, or the like. The memory 1020 may store an operating system and other application programs, and when the technical solution provided by the embodiments of the present specification is implemented by software or firmware, the relevant program codes are stored in the memory 1020 and called to be executed by the processor 1010.
The input/output interface 1030 is used for connecting an input/output module to input and output information. The i/o module may be configured as a component in a device (not shown) or may be external to the device to provide a corresponding function. The input devices may include a keyboard, a mouse, a touch screen, a microphone, various sensors, etc., and the output devices may include a display, a speaker, a vibrator, an indicator light, etc.
The communication interface 1040 is used for connecting a communication module (not shown in the drawings) to implement communication interaction between the present apparatus and other apparatuses. The communication module can realize communication in a wired mode (such as USB, network cable and the like) and also can realize communication in a wireless mode (such as mobile network, WIFI, Bluetooth and the like).
It should be noted that although the above-mentioned device only shows the processor 1010, the memory 1020, the input/output interface 1030, the communication interface 1040 and the bus 1050, in a specific implementation, the device may also include other components necessary for normal operation. In addition, those skilled in the art will appreciate that the above-described apparatus may also include only those components necessary to implement the embodiments of the present description, and not necessarily all of the components shown in the figures.
The electronic device of the foregoing embodiment is used to implement a corresponding data access control method with complete policy hiding in any of the foregoing embodiments, and has the beneficial effects of the corresponding method embodiment, which are not described herein again.
It should be noted that the embodiments of the present disclosure can be further described in the following ways:
a data access control method of full policy hiding, comprising:
and generating homomorphic encrypted parameters, and calculating the basic homomorphic parameters of each attribute according to the parameters.
Constructing a homomorphic access tree structure according to an access strategy set by a data owner for plaintext data, wherein a first homomorphic ciphertext of each attribute in the access strategy is calculated according to the basic homomorphic parameters, and a corresponding homomorphic node is formed based on the first homomorphic ciphertext and is used as a leaf node of the homomorphic access tree structure;
encrypting the plaintext data based on the homomorphic access tree structure to obtain ciphertext data;
in response to receiving an acquisition request for a decryption private key from user equipment, extracting a user attribute set carried in the acquisition request, and acquiring the decryption private key of the user attribute set, wherein the decryption private key comprises a second homomorphic ciphertext of each attribute in the user attribute set, and the second homomorphic ciphertext is obtained by calculation according to the basic homomorphic parameter;
for each homomorphic node, calculating a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in the user attribute set based on a preset matching function so as to obtain a decryption value of the homomorphic node;
and in response to determining that the user attribute set meets the access policy according to the decryption values of the homomorphic nodes, allowing the user equipment to decrypt the ciphertext data to obtain the plaintext data.
Further, the constructing a homomorphic access tree structure according to the access policy set by the data owner for the plaintext data includes:
constructing an access tree structure according to the access strategy of the data owner;
inserting homomorphic nodes obtained by homomorphic encryption based on the leaf nodes between the leaf nodes and father nodes of the access tree structure, wherein the homomorphic nodes are used as father nodes of the leaf nodes and child nodes of original father nodes;
and removing original leaf child nodes in the access tree structure, and only reserving the homomorphic nodes as leaf nodes of the access tree structure.
Further, for each homomorphic node, calculating a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in each user attribute set based on a preset matching function to obtain a decrypted value of the homomorphic node, including:
performing attribute matching on each homomorphic node in the homomorphic access tree, and defining a matching function at the homomorphic node as Match (W)x,Wy′)=(Wy′Wx oo-WxWy oo)mod O2If and only if Match (W)x,Wy') 0, the attribute of said set of user attributes and the attribute in the access policy of the data owner represented by said homomorphic node are completely matched to obtain the decrypted value of said homomorphic node, if there is no Match (W)x,Wy') 0, the decryption value of said homomorphic node is 1, where Wy' A second homomorphic ciphertext, W, representing an attribute of the set of user attributesxA first homomorphic ciphertext, W, representing an attribute in an access policy of a data owner represented by the homomorphic nodex ooAnd Wy ooAnd respectively calculating homomorphic correction values according to the second correction homomorphic parameter and the first correction homomorphic parameter, wherein O is the product of two large prime numbers in homomorphic encryption.
Further, the node types in the homomorphic access tree structure include AND gates, OR gates, AND threshold gates.
Further, the encrypting the plaintext data based on the homomorphic access tree structure to obtain ciphertext data includes:
setting a secret shared value of a root node of the homomorphic access tree, and calculating a ciphertext parameter of the homomorphic access tree and the secret shared value of the homomorphic node according to the secret shared value of the root node and a bilinear pairing parameter;
calculating a bilinear pairing ciphertext of the homomorphic node according to the secret sharing value of the homomorphic node and the bilinear pairing parameter;
calculating to obtain a first homomorphic ciphertext of the homomorphic node according to the basic homomorphic parameter and the random homomorphic parameter of the homomorphic node;
performing second homomorphic encryption on the random homomorphic parameter to obtain a second correction homomorphic parameter;
encrypting plaintext data according to the total secret shared value to obtain a ciphertext main body; wherein the ciphertext data comprises: the ciphertext module comprises a ciphertext parameter, a ciphertext body, a second correction homomorphic parameter, a first homomorphic ciphertext and a bilinear pairing ciphertext.
Further, the step of, in response to receiving an acquisition request for a decryption private key from a user device, extracting a user attribute set carried in the acquisition request, and acquiring the decryption private key of the user attribute set includes:
calculating private key parameters of the user attribute set and bilinear pairing private keys of attributes in the user attribute set according to bilinear pairing parameters; the bilinear pairing parameters are obtained by calculation according to the generated bilinear mapping in an initialization stage;
multiplying the basic homomorphic parameter of the attribute in each user attribute set by a random homomorphic parameter to obtain a second homomorphic ciphertext of the attribute;
carrying out second homomorphic encryption on the random homomorphic parameters to obtain first correction homomorphic parameters; wherein the ciphertext data comprises: the system comprises a private key parameter, a first correction homomorphic parameter, a homomorphic encryption parameter, a second homomorphic ciphertext and a bilinear pairing private key.
Further, the setting of the secret sharing value of the root node of the homomorphic access tree and the calculation of the secret sharing value of the homomorphic node according to the secret sharing value of the root node include:
setting a secret sharing value of the homomorphic access tree root node to srootFrom the root node to the homomorphic node, the secret sharing value is recursively calculated:
in response to determining that a node is an AND gate, its secret sharing value s is set for each child node of the node using an (n, n) -Shamir secret sharing schemei=f(i);
In response to determining that the node is an OR gate, a (1, n) -Shamir secret sharing scheme is used, for each child node of the node, to set its secret sharing value si=f(i);
In response to determining that the node is a threshold gate, using a (t, n) -Shamir secret sharing scheme, where t is a threshold value for the node; for each child node of the node, its secret sharing value s is seti=f(i)。
Further, a data access control device with complete policy hiding, comprising:
and the initialization module is configured to generate homomorphic encrypted parameters and calculate basic homomorphic parameters of each attribute according to the parameters.
The constructing module is configured to construct a homomorphic access tree structure according to an access strategy set by a data owner for plaintext data, wherein a first homomorphic ciphertext of each attribute in the access strategy is calculated according to the basic homomorphic parameters, and corresponding homomorphic nodes are formed on the basis of the first homomorphic ciphertext and are used as leaf nodes of the homomorphic access tree structure;
an encryption module configured to encrypt the plaintext data based on the homomorphic access tree structure to obtain ciphertext data;
the response module is configured to respond to an acquisition request for a decryption private key received from user equipment, extract a user attribute set carried in the acquisition request, and acquire the decryption private key of the user attribute set, wherein the decryption private key comprises a second homomorphic ciphertext of each attribute in the user attribute set, and the second homomorphic ciphertext is obtained by calculation according to the basic homomorphic parameter;
the matching module is configured to calculate, for each homomorphic node, a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in the user attribute set based on a preset matching function so as to obtain a decrypted value of the homomorphic node;
a decryption module configured to allow the user device to decrypt the ciphertext data to obtain the plaintext data in response to determining that the user attribute set satisfies the access policy according to the decryption values of the respective homomorphic nodes.
Further, a data access control system with complete hidden policy comprises a cloud server, an authority center, a data owner and a user:
the cloud server is configured to store ciphertext data encrypted by a data owner and send the ciphertext data to the user.
The authority center is configured to generate parameters, calculate bilinear pairing parameters and basic homomorphic parameters for attributes according to the parameters, and further calculate a public key and a master key;
calculating a private key corresponding to the user attribute set according to the acquisition request of the decryption private key of the user and the master key, and sending the private key to the user;
the data owner is configured to set an access strategy of plaintext data, construct a homomorphic access tree structure according to the access strategy of the data owner, encrypt the plaintext data according to the homomorphic access tree structure and a public key to obtain ciphertext data, and send the ciphertext data to the cloud server;
the user is configured to acquire the ciphertext data from the cloud server, match the user attribute set with the access policy of the ciphertext according to the key and the ciphertext data, and decrypt to obtain plaintext data in response to determining that the user attribute set meets the access policy of a data owner in the ciphertext data.
Further, an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method according to any of claims 1 to 7 when executing the program.
Those of ordinary skill in the art will understand that: the discussion of any embodiment above is meant to be exemplary only, and is not intended to intimate that the scope of the disclosure, including the claims, is limited to these examples; within the idea of the present disclosure, also technical features in the above embodiments or in different embodiments may be combined, steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present disclosure as described above, which are not provided in detail for the sake of brevity.
In addition, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown in the provided figures for simplicity of illustration and discussion, and so as not to obscure the embodiments of the disclosure. Furthermore, devices may be shown in block diagram form in order to avoid obscuring embodiments of the present disclosure, and this also takes into account the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform within which the embodiments of the present disclosure are to be implemented (i.e., specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the disclosure, it should be apparent to one skilled in the art that the embodiments of the disclosure can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative instead of restrictive.
While the present disclosure has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of these embodiments will be apparent to those of ordinary skill in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic ram (dram)) may use the discussed embodiments.
The disclosed embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Therefore, any omissions, modifications, equivalents, improvements, and the like that may be made within the spirit and principles of the embodiments of the disclosure are intended to be included within the scope of the disclosure.
Claims (10)
1. A data access control method of full policy hiding, comprising:
generating homomorphic encrypted parameters, and calculating the basic homomorphic parameters of each attribute according to the parameters;
constructing a homomorphic access tree structure according to an access strategy set by a data owner for plaintext data, wherein a first homomorphic ciphertext of each attribute in the access strategy is calculated according to the basic homomorphic parameters, and a corresponding homomorphic node is formed based on the first homomorphic ciphertext and is used as a leaf node of the homomorphic access tree structure;
encrypting the plaintext data based on the homomorphic access tree structure to obtain ciphertext data;
in response to receiving an acquisition request for a decryption private key from user equipment, extracting a user attribute set carried in the acquisition request, and acquiring the decryption private key of the user attribute set, wherein the decryption private key comprises a second homomorphic ciphertext of each attribute in the user attribute set, and the second homomorphic ciphertext is obtained by calculation according to the basic homomorphic parameter;
for each homomorphic node, calculating a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in the user attribute set based on a preset matching function so as to obtain a decryption value of the homomorphic node;
and in response to determining that the user attribute set meets the access policy according to the decryption values of the homomorphic nodes, allowing the user equipment to decrypt the ciphertext data to obtain the plaintext data.
2. The method of claim 1, wherein the constructing a homomorphic access tree structure according to access policies set by data owners for plaintext data comprises:
constructing an access tree structure according to the access strategy of the data owner;
inserting homomorphic nodes obtained by homomorphic encryption based on the leaf nodes between the leaf nodes and father nodes of the access tree structure, wherein the homomorphic nodes are used as father nodes of the leaf nodes and child nodes of original father nodes;
and removing original leaf child nodes in the access tree structure, and only reserving the homomorphic nodes as leaf nodes of the access tree structure.
3. The method according to claim 1, wherein for each homomorphic node, calculating a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of each attribute in the user attribute set based on a preset matching function to obtain a decrypted value of the homomorphic node comprises:
performing attribute matching on each homomorphic node in the homomorphic access tree, and defining a matching function at the homomorphic node as Match (W)x,Wy′)=(Wy′Wx oo-WxWy oo)mod O2If and only if Match (W)x,Wy') 0, the attribute of said set of user attributes and the attribute in the access policy of the data owner represented by said homomorphic node are completely matched to obtain the decrypted value of said homomorphic node, if there is no Match (W)x,Wy') 0, the decryption value of said homomorphic node is 1, where Wy' A second homomorphic ciphertext, W, representing an attribute of the set of user attributesxA first homomorphic ciphertext, W, representing an attribute in an access policy of a data owner represented by the homomorphic nodex ooAnd Wy ooAnd respectively calculating homomorphic correction values according to the second correction homomorphic parameter and the first correction homomorphic parameter, wherein O is the product of two large prime numbers in homomorphic encryption.
4. The method of claim 1, wherein the node types in the homomorphic access tree structure include AND gates, OR gates, AND threshold gates.
5. The method of claim 1, wherein the encrypting the plaintext data based on the homomorphic access tree structure to obtain ciphertext data comprises:
setting a secret shared value of a root node of the homomorphic access tree, and calculating a ciphertext parameter of the homomorphic access tree and the secret shared value of the homomorphic node according to the secret shared value of the root node and a bilinear pairing parameter;
calculating a bilinear pairing ciphertext of the homomorphic node according to the secret sharing value of the homomorphic node and the bilinear pairing parameter;
calculating to obtain a first homomorphic ciphertext of the homomorphic node according to the basic homomorphic parameter and the random homomorphic parameter of the homomorphic node;
performing second homomorphic encryption on the random homomorphic parameter to obtain a second correction homomorphic parameter;
encrypting plaintext data according to the total secret shared value to obtain a ciphertext main body; wherein the ciphertext data comprises: the ciphertext module comprises a ciphertext parameter, a ciphertext body, a second correction homomorphic parameter, a first homomorphic ciphertext and a bilinear pairing ciphertext.
6. The method of claim 1, wherein the, in response to receiving an acquisition request for a decryption private key from a user device, extracting a user attribute set carried in the acquisition request and acquiring the decryption private key of the user attribute set, comprises:
calculating private key parameters of the user attribute set and bilinear pairing private keys of attributes in the user attribute set according to bilinear pairing parameters; the bilinear pairing parameters are obtained by calculation according to the generated bilinear mapping in an initialization stage;
multiplying the basic homomorphic parameter of the attribute in each user attribute set by a random homomorphic parameter to obtain a second homomorphic ciphertext of the attribute;
carrying out second homomorphic encryption on the random homomorphic parameters to obtain first correction homomorphic parameters; wherein the ciphertext data comprises: the system comprises a private key parameter, a first correction homomorphic parameter, a homomorphic encryption parameter, a second homomorphic ciphertext and a bilinear pairing private key.
7. The method of claim 5, wherein the setting a secret sharing value of a root node of the homomorphic access tree, the computing the secret sharing value of the homomorphic node from the secret sharing value of the root node, comprises:
setting a secret sharing value of the homomorphic access tree root node to srootFrom the root node to the homomorphic node, the secret sharing value is recursively calculated:
in response to determining that a node is an AND gate, its secret sharing value s is set for each child node of the node using an (n, n) -Shamir secret sharing schemei=f(i);
In response to determining that the node is an OR gate, a (1, n) -Shamir secret sharing scheme is used, for each child node of the node, to set its secret sharing value si=f(i);
In response to determining that the node is a threshold gate, using a (t, n) -Shamir secret sharing scheme, where t is a threshold value for the node; for each child node of the node, its secret sharing value s is seti=f(i)。
8. A full policy-hidden data access control apparatus comprising:
and the initialization module is configured to generate homomorphic encrypted parameters and calculate basic homomorphic parameters of each attribute according to the parameters.
The constructing module is configured to construct a homomorphic access tree structure according to an access strategy set by a data owner for plaintext data, wherein a first homomorphic ciphertext of each attribute in the access strategy is calculated according to the basic homomorphic parameters, and corresponding homomorphic nodes are formed on the basis of the first homomorphic ciphertext and are used as leaf nodes of the homomorphic access tree structure;
an encryption module configured to encrypt the plaintext data based on the homomorphic access tree structure to obtain ciphertext data;
the response module is configured to respond to an acquisition request for a decryption private key received from user equipment, extract a user attribute set carried in the acquisition request, and acquire the decryption private key of the user attribute set, wherein the decryption private key comprises a second homomorphic ciphertext of each attribute in the user attribute set, and the second homomorphic ciphertext is obtained by calculation according to the basic homomorphic parameter;
the matching module is configured to calculate, for each homomorphic node, a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in the user attribute set based on a preset matching function so as to obtain a decrypted value of the homomorphic node;
a decryption module configured to allow the user device to decrypt the ciphertext data to obtain the plaintext data in response to determining that the user attribute set satisfies the access policy according to the decryption values of the respective homomorphic nodes.
9. A data access control system with complete policy hiding comprises a cloud server, an authority center, a data owner and a user:
the cloud server is configured to store ciphertext data obtained by encrypting the data owner and send the ciphertext data to the user;
the authority center is configured to generate parameters, calculate bilinear pairing parameters and basic homomorphic parameters for attributes according to the parameters, and further calculate a public key and a master key;
calculating a private key corresponding to the user attribute set according to the acquisition request of the decryption private key of the user and the master key, and sending the private key to the user;
the data owner is configured to set an access strategy of plaintext data, construct a homomorphic access tree structure according to the access strategy of the data owner, encrypt the plaintext data according to the homomorphic access tree structure and a public key to obtain ciphertext data, and send the ciphertext data to the cloud server;
the user is configured to acquire the ciphertext data from the cloud server, match the user attribute set with the access policy of the ciphertext according to the key and the ciphertext data, and decrypt to obtain plaintext data in response to determining that the user attribute set meets the access policy of a data owner in the ciphertext data.
10. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any one of claims 1 to 7 when executing the program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110632578.9A CN113468556B (en) | 2021-06-07 | 2021-06-07 | Data access control method with complete policy hiding and related equipment thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110632578.9A CN113468556B (en) | 2021-06-07 | 2021-06-07 | Data access control method with complete policy hiding and related equipment thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113468556A true CN113468556A (en) | 2021-10-01 |
| CN113468556B CN113468556B (en) | 2023-07-25 |
Family
ID=77868686
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110632578.9A Active CN113468556B (en) | 2021-06-07 | 2021-06-07 | Data access control method with complete policy hiding and related equipment thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113468556B (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114070553A (en) * | 2021-10-29 | 2022-02-18 | 深圳技术大学 | Private data matching method, system and storage medium |
| CN114244838A (en) * | 2021-12-17 | 2022-03-25 | 东软集团股份有限公司 | Encryption method and system, decryption method, device and equipment for block chain data |
| CN114567466A (en) * | 2022-02-17 | 2022-05-31 | 安徽师范大学 | CP-ABE strategy hiding-based high-efficiency fine-grained access control method |
| CN114915426A (en) * | 2022-05-20 | 2022-08-16 | 曲阜师范大学 | Certificateless based message recoverable blind signature method |
| CN114244838B (en) * | 2021-12-17 | 2024-06-04 | 东软集团股份有限公司 | Encryption method and system, decryption method, device and equipment for block chain data |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140177830A1 (en) * | 2012-09-03 | 2014-06-26 | Nec Europe Ltd. | Method and system for providing a public key/secret key pair for encrypting and decrypting data |
| US20160241399A1 (en) * | 2013-03-15 | 2016-08-18 | Arizona Board Of Regents On Behalf Of Arizona State University | Efficient Privacy-Preserving Ciphertext-Policy Attribute Based Encryption and Broadcast Encryption |
| CN108512662A (en) * | 2018-04-12 | 2018-09-07 | 上海海事大学 | The hiding multimachine structure encryption method of support policy on a kind of lattice |
| CN110099043A (en) * | 2019-03-24 | 2019-08-06 | 西安电子科技大学 | The hiding more authorization center access control methods of support policy, cloud storage system |
| CN110224986A (en) * | 2019-05-07 | 2019-09-10 | 电子科技大学 | It is a kind of that access control method efficiently can search for based on hiding strategy CP-ABE |
| CN112532588A (en) * | 2020-11-06 | 2021-03-19 | 北京工业大学 | Policy hidden type data access control method based on block chain |
-
2021
- 2021-06-07 CN CN202110632578.9A patent/CN113468556B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20140177830A1 (en) * | 2012-09-03 | 2014-06-26 | Nec Europe Ltd. | Method and system for providing a public key/secret key pair for encrypting and decrypting data |
| US20160241399A1 (en) * | 2013-03-15 | 2016-08-18 | Arizona Board Of Regents On Behalf Of Arizona State University | Efficient Privacy-Preserving Ciphertext-Policy Attribute Based Encryption and Broadcast Encryption |
| CN108512662A (en) * | 2018-04-12 | 2018-09-07 | 上海海事大学 | The hiding multimachine structure encryption method of support policy on a kind of lattice |
| CN110099043A (en) * | 2019-03-24 | 2019-08-06 | 西安电子科技大学 | The hiding more authorization center access control methods of support policy, cloud storage system |
| CN110224986A (en) * | 2019-05-07 | 2019-09-10 | 电子科技大学 | It is a kind of that access control method efficiently can search for based on hiding strategy CP-ABE |
| CN112532588A (en) * | 2020-11-06 | 2021-03-19 | 北京工业大学 | Policy hidden type data access control method based on block chain |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114070553A (en) * | 2021-10-29 | 2022-02-18 | 深圳技术大学 | Private data matching method, system and storage medium |
| CN114070553B (en) * | 2021-10-29 | 2023-05-30 | 深圳技术大学 | Private data matching method, system and storage medium |
| CN114244838A (en) * | 2021-12-17 | 2022-03-25 | 东软集团股份有限公司 | Encryption method and system, decryption method, device and equipment for block chain data |
| CN114244838B (en) * | 2021-12-17 | 2024-06-04 | 东软集团股份有限公司 | Encryption method and system, decryption method, device and equipment for block chain data |
| CN114567466A (en) * | 2022-02-17 | 2022-05-31 | 安徽师范大学 | CP-ABE strategy hiding-based high-efficiency fine-grained access control method |
| CN114915426A (en) * | 2022-05-20 | 2022-08-16 | 曲阜师范大学 | Certificateless based message recoverable blind signature method |
| CN114915426B (en) * | 2022-05-20 | 2023-12-15 | 曲阜师范大学 | Certificate-free message recoverable blind signature method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113468556B (en) | 2023-07-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113468556B (en) | Data access control method with complete policy hiding and related equipment thereof | |
| Yang et al. | Lightweight distributed secure data management system for health internet of things | |
| CN107683502B (en) | Generating cryptographic function parameters from compact source code | |
| US11436471B2 (en) | Prediction model sharing method and prediction model sharing system | |
| Kalyani et al. | An efficient approach for enhancing security in Internet of Things using the optimum authentication key | |
| Soni et al. | A pixel-based digital medical images protection using genetic algorithm with LSB watermark technique | |
| CN110348231A (en) | Realize the data homomorphism encryption and decryption method and device of secret protection | |
| US20140372769A1 (en) | Automatic Protocol Selection in Mixed-Protocol Secure Computation | |
| CN105210133B (en) | encryption system and encryption method | |
| CN109214201B (en) | Data sharing method, terminal equipment and computer readable storage medium | |
| JP2008500598A (en) | Method and apparatus for confidential information retrieval and lost communication with good communication efficiency | |
| Sharma et al. | RSA based encryption approach for preserving confidentiality of big data | |
| Parrilla et al. | Unified compact ECC-AES co-processor with group-key support for IoT devices in wireless sensor networks | |
| Boussif et al. | Smartphone application for medical images secured exchange based on encryption using the matrix product and the exclusive addition | |
| CN110383751A (en) | The PINOCCHIO/TRINOCCHIO of data about confirmation | |
| Owusu-Agyemeng et al. | MSDP: multi-scheme privacy-preserving deep learning via differential privacy | |
| CN111865555B (en) | Homomorphic encryption method based on k-Lin hypothesis | |
| CN115309861A (en) | Ciphertext retrieval system, method, computer equipment and storage medium | |
| Murillo-Escobar et al. | Chaotic encryption of real-time ECG signal in embedded system for secure telemedicine | |
| Guan et al. | Achieving secure and efficient data access control for cloud-integrated body sensor networks | |
| CN113849828A (en) | Anonymous generation and attestation of processed data | |
| CN110140161A (en) | Encrypt label generating means, retrieval and inquisition generating means and confidential search system | |
| JP5913041B2 (en) | Secret information concealment device, secret information restoration device, secret information concealment program, and secret information restoration program | |
| WO2022233605A1 (en) | Blind rotation for use in fully homomorphic encryption | |
| EP4087177A1 (en) | Blind rotation for use in fully homomorphic encryption |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |