CN113468556B - Data access control method with complete policy hiding and related equipment thereof - Google Patents
Data access control method with complete policy hiding and related equipment thereof Download PDFInfo
- Publication number
- CN113468556B CN113468556B CN202110632578.9A CN202110632578A CN113468556B CN 113468556 B CN113468556 B CN 113468556B CN 202110632578 A CN202110632578 A CN 202110632578A CN 113468556 B CN113468556 B CN 113468556B
- Authority
- CN
- China
- Prior art keywords
- homomorphic
- ciphertext
- node
- access
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/45—Structures or tools for the administration of authentication
- G06F21/46—Structures or tools for the administration of authentication by designing passwords or checking the strength of passwords
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The present disclosure provides a data access control method with complete policy hiding and related devices. The method comprises the following steps: firstly initializing an access control system, generating each parameter, calculating bilinear pairing parameters and homomorphic parameters of attributes in the system according to the parameters, further calculating a public key and a master key, then acquiring an attribute set of a user, and calculating a corresponding user private key. And acquiring an access strategy of the data owner, constructing a homomorphic access tree structure, and encrypting the plaintext data according to the homomorphic access tree structure and the public key to obtain ciphertext data. And finally, performing attribute matching under complete strategy hiding according to the private key of the user and the acquired ciphertext when decryption, and decrypting to obtain plaintext data when the attribute set of the user meets the access strategy set by the data owner in the ciphertext data.
Description
Technical Field
The disclosure relates to the technical field of data security, and in particular relates to a data access control method with complete policy hiding and related equipment thereof.
Background
With the rise of big data concepts, more and more traditional industries aim at big data, hope to drive innovation by using the big data, and further promote the progress of the industries. However, the big data may contain private information of the individual, and if the private information is directly distributed and shared, the private information may be revealed, which may cause damage to the benefit of the individual. In the big data sharing stage, an access control technology is generally adopted to control the sharing process of the data in the cloud, wherein a CP-ABE (ciphertext policy-attribute-based encryption) can provide fine-grained access control, and a data publisher has strong data control capability, so that the method is very suitable for sharing the big data.
In the conventional CP-ABE scheme, referring to fig. 1, a key SK is associated with an attribute set, a ciphertext CT is associated with an access policy, and if and only if the attribute set of a user satisfies the access policy of the ciphertext, the ciphertext can be decrypted to obtain plaintext data.
In the conventional CP-ABE scheme, the access policy is directly visible in the ciphertext, not hidden, so that the user can learn the access policy in the ciphertext by way of inference. When the access policy contains sensitive information, the user can acquire the sensitive information in the access policy, thereby causing disclosure of the private information. Taking a medical scenario as an example, a patient sets an access policy of medical record data thereof as "(outpatient: cardiology) AND (hospital: AA hospital)", which means that the patient wants a doctor of the cardiology of a great north hospital to view the medical record. However, when the user obtains the ciphertext of the medical record data, the access policy set by the patient can be deduced from the ciphertext, so that the patient is known to suffer from the heart disease, and the privacy information of the patient is revealed.
Disclosure of Invention
In view of the above, an object of the present disclosure is to provide a data access control method with complete policy hiding and related devices.
Based on the above objects, the present disclosure provides a data access control method with complete policy hiding, including:
generating homomorphic encryption parameters, and calculating basic homomorphic parameters of each attribute according to the parameters;
constructing a homomorphic access tree structure according to an access strategy set by a data owner for plaintext data, wherein a first homomorphic ciphertext of each attribute in the access strategy is calculated according to the basic homomorphic parameter, and a corresponding homomorphic node is formed based on the first homomorphic ciphertext to serve as a leaf node of the homomorphic access tree structure;
encrypting the plaintext data based on the homomorphic access tree structure to obtain ciphertext data;
responding to an acquisition request of a decryption private key received from user equipment, extracting a user attribute set carried in the acquisition request, and acquiring the decryption private key of the user attribute set, wherein the decryption private key comprises a second homomorphic ciphertext of each attribute in the user attribute set, and the second homomorphic ciphertext is calculated according to the basic homomorphic parameter;
for each homomorphic node, calculating a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in the user attribute set based on a preset matching function so as to obtain a decryption value of the homomorphic node;
And in response to determining that the set of user attributes meets the access policy according to the decryption values of the homomorphic nodes, allowing the user device to decrypt the ciphertext data to obtain the plaintext data.
Further, the constructing the homomorphic access tree structure according to the access policy set by the data owner for the plaintext data includes:
constructing an access tree structure according to the access strategy of the data owner;
inserting homomorphic nodes obtained by homomorphic encryption based on the leaf nodes between the leaf nodes and the parent nodes of the access tree structure, wherein the homomorphic nodes are used as the parent nodes of the leaf nodes and the child nodes of the original parent nodes;
and removing the original leaf nodes in the access tree structure, and only reserving the homomorphic nodes as the leaf nodes of the access tree structure.
Further, for each homomorphic node, calculating, based on a preset matching function, a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in each user attribute set, so as to obtain a decryption value of the homomorphic node, including:
performing attribute matching on each homomorphic node in the homomorphic access tree, and defining a matching function at the homomorphic node as Match (W x ,W y ′)=(W y ′W x oo -W x W y oo )mod O 2 If and only if Match (W x ,W y When') =0, the attribute of the user attribute set is completely matched with the attribute in the access policy of the data owner represented by the homomorphic node, so as to obtain the decryption value of the homomorphic node, if the Match (W x ,W y ') =0, the decryption value of the homomorphic node is 1, where W y ' second homomorphic ciphertext representing an attribute of the user attribute set, W x A first representing an attribute in an access policy of a data owner represented by the homomorphic nodeHomomorphic ciphertext, W x oo And W is y oo The homomorphic correction value is calculated according to the second correction homomorphic parameter and the first correction homomorphic parameter, and O is the product of two large prime numbers in homomorphic encryption.
Further, the node types in the homomorphic access tree structure include AND gates, OR gates, AND threshold gates.
Further, the encrypting the plaintext data based on the homomorphic access tree structure to obtain ciphertext data includes:
setting a secret sharing value of the root node of the homomorphic access tree, and calculating a ciphertext parameter of the homomorphic access tree and the secret sharing value of the homomorphic node according to the secret sharing value of the root node and the bilinear pairing parameter;
Calculating bilinear pairing ciphertext of the homomorphic node according to the secret sharing value and bilinear pairing parameter of the homomorphic node;
according to the basic homomorphic parameters and the random homomorphic parameters of the homomorphic nodes, calculating to obtain a first homomorphic ciphertext of the homomorphic nodes;
performing second homomorphic encryption on the random homomorphic parameters to obtain second correction homomorphic parameters;
encrypting the plaintext data according to the total secret sharing value to obtain a ciphertext main body; wherein the ciphertext data comprises: ciphertext parameters, ciphertext bodies, second correction homomorphism parameters, first homomorphism ciphertext and bilinear pairing ciphertext.
Further, the responding to the receiving of the obtaining request of the decryption private key from the user equipment, extracting the user attribute set carried in the obtaining request, and obtaining the decryption private key of the user attribute set, including:
calculating a private key parameter of the user attribute set and a bilinear pairing private key of an attribute in the user attribute set according to the bilinear pairing parameter; the bilinear pairing parameters are calculated according to the generated bilinear mapping in the initialization stage;
multiplying basic homomorphism parameters of the attributes in each user attribute set by random homomorphism parameters to obtain second homomorphism ciphertext of the attributes;
Performing second homomorphic encryption on the random homomorphic parameters to obtain first correction homomorphic parameters; wherein the ciphertext data comprises: the method comprises the steps of a private key parameter, a first correction homomorphic parameter, a homomorphic encryption parameter, a second homomorphic ciphertext and a bilinear pairing private key.
Further, setting the secret sharing value of the root node of the homomorphic access tree, and calculating the secret sharing value of the homomorphic node according to the secret sharing value of the root node, including:
setting the secret sharing value of the homomorphic access tree root node as s root Recursively calculating a secret sharing value from the root node to the homomorphic node:
in response to determining that the node is an AND gate, for each child node of the node, its secret sharing value s is set using an (n, n) -Shamir secret sharing scheme i =f(i);
In response to determining that the node is an OR gate, for each child node of the node, its secret sharing value s is set using a (1, n) -Shamir secret sharing scheme i =f(i);
In response to determining that the node is a threshold gate, using a (t, n) -Shamir secret sharing scheme, where t is a threshold value for the node; for each child node of the node, its secret sharing value s is set i =f(i)。
Based on the same inventive concept, one or more embodiments of the present disclosure further provide a data access control apparatus with complete policy hiding, including:
And the initialization module is configured to generate homomorphic encryption parameters, and calculate basic homomorphic parameters of each attribute according to the parameters.
The construction module is configured to construct a homomorphic access tree structure according to an access strategy set by a data owner for plaintext data, wherein a first homomorphic ciphertext of each attribute in the access strategy is calculated according to the basic homomorphic parameter, and a corresponding homomorphic node is formed based on the first homomorphic ciphertext to serve as a leaf node of the homomorphic access tree structure;
the encryption module is configured to encrypt the plaintext data based on the homomorphic access tree structure to obtain ciphertext data;
the response module is configured to respond to receiving an acquisition request of a decryption private key from user equipment, extract a user attribute set carried in the acquisition request, and acquire the decryption private key of the user attribute set, wherein the decryption private key comprises a second homomorphic ciphertext of each attribute in the user attribute set, and the second homomorphic ciphertext is calculated according to the basic homomorphic parameter;
the matching module is configured to calculate, for each homomorphic node, a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in the user attribute set based on a preset matching function so as to obtain a decryption value of the homomorphic node;
And a decryption module configured to allow the user device to decrypt the ciphertext data to obtain the plaintext data in response to determining that the set of user attributes satisfies the access policy according to a decryption value for each of the homomorphic nodes.
Based on the same inventive concept, one or more embodiments of the present specification further provide a data access control system with complete policy hiding, including a cloud server, an authority center, a data owner, and a user:
the cloud server is configured to store ciphertext data obtained by encryption of a data owner and send the ciphertext data to the user;
the authority center is configured to generate parameters, calculate bilinear pairing parameters and basic homomorphic parameters according to the parameters as attributes, and further calculate a public key and a master key;
calculating a private key corresponding to the user attribute set according to the obtaining request of the decrypting private key of the user and the master key, and sending the private key to the user;
the data owner is configured to set an access policy of plaintext data, construct a homomorphic access tree structure according to the access policy of the data owner, encrypt the plaintext data according to the homomorphic access tree structure and a public key to obtain ciphertext data, and send the ciphertext data to the cloud server;
The user is configured to acquire the ciphertext data from the cloud server, match the user attribute set with the access policy of the ciphertext according to the key and the ciphertext data, and decrypt to obtain plaintext data in response to determining that the user attribute set meets the access policy of the data owner in the ciphertext data.
Based on the same inventive concept, one or more embodiments of the present description also provide an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method according to any one of claims 1 to 7 when executing the program.
As can be seen from the above description, the data access control method and the related device for complete policy hiding provided by the present disclosure use homomorphic encryption to encrypt the attribute in the access policy, so as to implement hiding of the attribute name and the attribute value, i.e. complete policy hiding. The method and the device ensure that the user cannot acquire sensitive information from the access strategy of the ciphertext data. On the other hand, when the access strategy is hidden, in order to ensure that the attribute matching in the decryption stage can be normally performed, the scheme constructs an attribute matching mechanism based on homomorphic encryption, so that a plaintext can be correctly decrypted from a ciphertext under the condition of hiding the access strategy.
Drawings
In order to more clearly illustrate the technical solutions of the present disclosure or related art, the drawings required for the embodiments or related art description will be briefly described below, and it is apparent that the drawings in the following description are only embodiments of the present disclosure, and other drawings may be obtained according to these drawings without inventive effort to those of ordinary skill in the art.
FIG. 1 is a schematic flow chart of a conventional CP-ABE scheme;
FIG. 2 is a flow chart of a method of data access control with full policy hiding according to an embodiment of the present disclosure;
FIG. 3 is a flow chart of the construction of a homomorphic access tree structure in accordance with an embodiment of the present disclosure;
FIG. 4 is a schematic diagram of a homomorphic access tree structure in accordance with an embodiment of the present disclosure;
FIG. 5 is a ciphertext data encryption flow chart of an embodiment of the disclosure;
FIG. 6 is a schematic diagram of a data access control device with full policy hiding according to an embodiment of the disclosure;
fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the disclosure.
Detailed Description
For the purposes of promoting an understanding of the principles and advantages of the disclosure, reference will now be made to the embodiments illustrated in the drawings and specific language will be used to describe the same.
It should be noted that unless otherwise defined, technical or scientific terms used in the embodiments of the present disclosure should be given the ordinary meaning as understood by one of ordinary skill in the art to which the present disclosure pertains. The terms "first," "second," and the like, as used in embodiments of the present disclosure, do not denote any order, quantity, or importance, but rather are used to distinguish one element from another. The word "comprising" or "comprises", and the like, means that elements or items preceding the word are included in the element or item listed after the word and equivalents thereof, but does not exclude other elements or items.
As noted in the background section, existing CP-ABE schemes have also been difficult to meet security requirements. Applicants have discovered in implementing the present disclosure that policy hiding schemes are classified into and gate-based, access tree-based, and LSSS matrix-based policy hiding schemes according to the access structure of the CP-ABE. The access tree can express complex access strategies, and the access strategies are visual and easy to read and suitable for use in actual environments. The learner proposes a partial policy hiding CP-ABE scheme and a full policy hiding CP-ABE scheme based on the end node, respectively, which introduce random numbers. The attribute values in the access policy are hidden by introducing random numbers, and the attribute names in the access policy are not hidden although the attribute values have lower computational complexity, so that the risk of privacy disclosure still exists. The end nodes are built in the access tree structure, complete strategy hiding is achieved by removing leaf nodes, and the attribute matching operation of the access strategy and the attribute set is achieved through a matching mechanism of the end nodes in the decryption stage, but each end node in the decryption stage is matched with all the attributes in the attribute set of a user, so that the calculation complexity is high, and the method is not suitable for an actual environment. At present, the access tree-based strategy hiding CP-ABE scheme is still less studied, and a scheme which combines complete strategy hiding and low computational complexity is lacked.
In view of this, the disclosure provides a completely policy-hidden data access control scheme in some embodiments, specifically, first generating parameters, calculating bilinear pairing parameters and homomorphic parameters for attributes according to the parameters, further generating a public key and a master key, then acquiring a user attribute set, and calculating a corresponding private key. And acquiring an access strategy of the data owner, constructing a homomorphic access tree structure, and encrypting the plaintext according to the homomorphic access tree structure and the public key to obtain the ciphertext. And finally, in decryption, matching the user attribute set with the access strategy of the ciphertext according to the user private key and the ciphertext data, and in the case that the user attribute set meets the access strategy of the data owner in the ciphertext, decrypting to obtain plaintext data.
Therefore, the data access control scheme with complete strategy hiding of one or more embodiments of the present disclosure introduces homomorphic encryption based on the traditional access tree structure, constructs the homomorphic access tree structure, and realizes complete hiding of the access strategy.
The technical solutions of one or more embodiments of the present disclosure are described in detail below by means of specific embodiments.
Referring to fig. 2, a full policy hidden data access control method of one embodiment of the present disclosure includes the steps of:
Step S201, parameters of homomorphic encryption are generated, and basic homomorphic parameters of each attribute are calculated according to the parameters.
Step S202, constructing a homomorphic access tree structure according to an access strategy set by a data owner for plaintext data, wherein a first homomorphic ciphertext of each attribute in the access strategy is calculated according to the basic homomorphic parameter, and a corresponding homomorphic node is formed based on the first homomorphic ciphertext to serve as a leaf node of the homomorphic access tree structure.
In this step, the plaintext data includes attributes of the user, which are used to characterize a user by a number of elements, including an attribute name and an attribute value. Specifically, the characteristic data may be natural or social attributes of the user, such as gender, age, occupation, residence, friend relationship, etc., where gender, age, occupation, residence, friend relationship, etc. are attribute names of the user, and specific contents thereof, such as male, 21 years old, student, certain cell, close relationship with xx, etc., are attribute values of the user; the characteristic data may also be the historical behavior of the user, such as whether he has passed a hospital, has a disease, etc. Obviously, the specific content included in the feature data may be selected according to specific implementation requirements.
In this embodiment, the method for acquiring the feature data is not specifically limited, and may be uploaded by a user or acquired from an external data source; for example, the natural attributes such as the gender, age, etc. of the user may be acquired from the user registration information database; the medical records of the user can be obtained from a database of the hospital platform.
In this step, referring to fig. 3, the step of constructing the homomorphic access tree structure may be accomplished by:
s301, constructing an access tree structure according to the access strategy of the data owner;
in this step, the access tree structure constructed is a conventional access tree structure.
S302, inserting homomorphic nodes obtained by homomorphic encryption based on the leaf nodes between the leaf nodes and the parent nodes of the access tree structure, wherein the homomorphic nodes are used as the parent nodes of the leaf nodes and the child nodes of the original parent nodes;
s303, removing the original leaf nodes in the access tree structure, and only reserving the homomorphic nodes as the leaf nodes of the access tree structure.
As can be seen, referring to fig. 4, in the homomorphic access tree structure in this embodiment, the homomorphic node matched with the original leaf node is used to replace the original leaf node, so that the original leaf node is removed, and meanwhile, the information of the attribute value and the attribute name in the original leaf node is hidden, thereby protecting the privacy of the user.
Step 203, encrypting the plaintext data based on the homomorphic access tree structure to obtain ciphertext data.
Step S204, responding to an acquisition request of a decryption private key received from user equipment, extracting a user attribute set carried in the acquisition request, and acquiring the decryption private key of the user attribute set, wherein the decryption private key comprises a second homomorphic ciphertext of each attribute in the user attribute set, and the second homomorphic ciphertext is calculated according to the basic homomorphic parameter.
Step S205, for each homomorphic node, calculating a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in the user attribute set based on a preset matching function, so as to obtain a decryption value of the homomorphic node;
in this step, attribute matching is first performed on each homomorphic node in the homomorphic access tree, and a matching function at the homomorphic node is defined as Match (W x ,W y ′)=(W y ′W x oo -W x W y oo )mod O 2 If and only if Match (W x ,W y When') =0, the attribute of the user attribute set is completely matched with the attribute in the access policy of the data owner represented by the homomorphic node, so as to obtain the decryption value of the homomorphic node, if the Match (W x ,W y ') =0, the decryption value of the homomorphic node is 1, i.e. the homomorphic node does not complete attribute matching, where W y ' second homomorphic ciphertext representing an attribute of the user attribute set, W x A first homomorphic ciphertext representing an attribute in an access policy of a data owner represented by the homomorphic node, W x oo And W is y oo The homomorphic correction value is calculated according to the second correction homomorphic parameter and the first correction homomorphic parameter, and O is the product of two large prime numbers in homomorphic encryption.
Step S206, in response to determining that the user attribute set satisfies the access policy according to the decryption value of each homomorphic node, allowing the user device to decrypt the ciphertext data to obtain the plaintext data.
It can be seen that in this embodiment, the complete policy hiding of CP-ABE is achieved based on homomorphic encryption, and has lower computational complexity. When the access tree structure is constructed according to the access policy, the user cannot learn the attribute corresponding to the homomorphic node from the access policy because the homomorphic access tree structure removes the original leaf node. In the decryption stage, matching operation under the condition of attribute hiding is realized through an attribute matching mechanism based on homomorphic encryption, so that the decryption of the ciphertext is completed. Meanwhile, the attribute matching mechanism is multiplication operation between the first homomorphic ciphertext and the second homomorphic ciphertext, so that the calculation complexity is much lower than that of bilinear pairing operation required in a decryption stage. Therefore, in contrast, the calculation complexity of the scheme introducing the new attribute matching mechanism is similar to that of the original CP-ABE scheme in the decryption stage, but complete strategy hiding is realized; the complexity is significantly reduced compared to existing policy hiding CP-ABE schemes. The scheme gives consideration to complete strategy hiding and low computational complexity, is suitable for application in actual environments, and has stronger practical significance.
In some embodiments, the node types in the homomorphic access tree structure include AND gates, OR gates, AND threshold gates.
As an alternative embodiment, referring to fig. 5, for encrypting the plaintext data based on the homomorphic access tree structure in step S203 in the foregoing embodiment, to obtain ciphertext data, the encrypting step may further include:
s501, setting a secret sharing value of a root node of the homomorphic access tree, and calculating a ciphertext parameter of the homomorphic access tree and the secret sharing value of the homomorphic node according to the secret sharing value of the root node and the bilinear pairing parameter;
in this step, the secret sharing value of the root node of the homomorphic access tree is set as s root Recursively calculating a secret sharing value from the root node to the homomorphic node:
if the node is an AND gate, its secret sharing value s is set for each child node of the node using an (n, n) -Shamir secret sharing scheme i =f(i);
If the node is an OR gate, for each child node of the node, its secret sharing value s is set using a (1, n) -Shamir secret sharing scheme i =f(i);
If the node is a threshold gate, using a (t, n) -Shamir secret sharing scheme, where t is the threshold value of the node; for each child node of the node, its secret sharing value s is set i =f(i)。
In this embodiment, the AND gate indicates that the attribute represented by all child nodes connected to the AND is satisfied. For example < doctor > AND < cardiology >, is a doctor of the cardiology. The OR gate indicates that the attribute represented by all nodes connected to the OR only needs to satisfy one of them. For example < doctor > OR < cardiology >, that is, doctor OR someone in the cardiology. The Threshold gate indicates that the attribute represented by all nodes connected to the Threshold needs to satisfy a set Threshold k, for example, the Threshold of the Threshold gate is k, and at least k child nodes in the child nodes need to satisfy.
S502, calculating bilinear pairing ciphertext of the homomorphic node according to the secret sharing value and bilinear pairing parameters of the homomorphic node;
s503, calculating to obtain a first homomorphic ciphertext of the homomorphic node according to the basic homomorphic parameter and the random homomorphic parameter of the homomorphic node.
In step S201, the system assigns a basic homomorphic parameter to each attribute, in this step, performs first homomorphic encryption for each leaf node, and multiplies the basic homomorphic parameter of each leaf node by a random homomorphic parameter to obtain a first homomorphic ciphertext of each leaf node.
S504, performing second homomorphic encryption on the random homomorphic parameters to obtain second correction homomorphic parameters.
In this step, the purpose of the second homomorphic encryption is to secure the random homomorphic parameters.
S505, encrypting the plaintext data according to the total secret sharing value to obtain a ciphertext main body; wherein the ciphertext data comprises: ciphertext parameters, ciphertext bodies, second correction homomorphism parameters, first homomorphism ciphertext and bilinear pairing ciphertext.
As a specific example, the mathematical flow of the present embodiment is given:
generating bilinear mapping parameters: inputting a security parameter lambda and generating bilinear map e: g is G.fwdarw.G T Where the order n=pqr of G. G p 、G q And G r For subgroups of order p, q and r of G, the generator is G respectively p 、g q And g r 。
Generating parameters of homomorphic encryption: randomly selecting two large primes O 1 And O 2 Both satisfy gcd (o) 1 o 2 ,(o 1 -1)(o 2 -1))=1。
Calculate o=o 1 o 2 ,β=lcm(o 1 -1,o 2 -1). The selection of s is made at random,and s satisfies gcd (L(s) β mod O 2 ),O)=1。
Randomly selecting two large primes o' 1 And o' 2 Both satisfy gcd (o' 1 o′ 2 ,(o′ 1 -1)(o′ 2 -1))=1。
Calculate O '=o' 1 o′ 2 ,β′=lcm(o′ 1 -1,o′ 2 -1). Randomly selecting s',and s 'satisfies gcd (L (s' β′ mod O′ 2 ) O')=1. Randomly select gamma' e Z O′ And 0 < γ '< O', gcd (γ ', O')=1.
Calculating bilinear pairing parameters of each attribute: for the attribute set u= { a 1 ,A 2 ,...,A n Possible attribute values within each setDefine all attributes as u i,j ,i∈{1,...,n},j∈{1,...,u i }. Randomly select alpha, t i,j ∈Z N And R is 0 ,R i,j ∈G q Calculate T 0 =g p R 0 And->
Calculating basic homomorphism parameters of each attribute: randomly select gamma epsilon Z O And 0 < γ < O, gcd (γ, O) =1. Randomly select w i,j ∈Z O Calculation of
The output public key PK and the master key MK are as follows:
and (3) key generation: input user attribute set l= { L 1 ,l 2 ,...,l m And master key MK, constructing a private key SK corresponding to L L 。
Randomly select r.epsilon.Z p Calculate d 0 =g p α-r (private key parameters of the user's set of attributes). For the followingRandom selection->(bilinear pairing private key for each attribute in the user's set of attributes), wherein +.>Is thatCorresponding t i,j Is a value of (2).
Randomly select h x ∈Z O′ Calculation of(random homomorphism parameters) and(first correction homomorphism parameter). For->Has the following components(the base homomorphic parameter is multiplied by the random homomorphic parameter to obtain the second homomorphic ciphertext).
Output private key SK L The following are provided:
SK L ={d 0 ,d′ 0 ,{W x ,d x } 1≤x≤m ,{s,γ,O,s′,γ′,O′,β′}}
encryption process: and inputting a plaintext M, an access tree T and a public key PK, and constructing ciphertext data CT of a hidden access strategy.
Setting the secret sharing value of the root node of the access tree T as S root . From the root node to the homomorphic node, the secret sharing value is calculated recursively in the following manner:
(a) If the node is an AND gate, an (n, n) -Shamir secret sharing scheme is used. For each child node of the node, its secret sharing value s is set i =f(i)。
(b) Using (1, n) -Shamir secret sharer if node is OR gateAnd (3) a case. For each child node of the node, its secret sharing value s is set i =f(i)。
(c) If the node is a threshold gate, a (t, n) -Shamir secret sharing scheme is used, where t is the threshold value of the node. For each child node of the node, its secret sharing value s is set i =f(i)。
Leaf nodes for access tree TThe secret sharing value of the secret sharing value is s obtained according to the method y . Randomly select R' y ∈G q Calculate->(bilinear paired ciphertext).
Randomly select h y ∈Z O′ Calculation of(random homomorphism parameters) and(second correction homomorphism parameter).
Randomly select R 0 ′∈G q Calculation of(ciphertext parameter)(ciphertext body), have->(the base homomorphic parameter is multiplied by the random homomorphic parameter to obtain the first homomorphic ciphertext).
The output secret data text CT is as follows:
wherein n is tree Number of leaf nodes for access tree T.
Decryption: input private key SK L And the ciphertext data CT, deciphering is divided into a matching stage and a calculating stage.
And in the matching stage, performing attribute matching on the homomorphic nodes.
Calculation ofAnd->(homomorphism correction values are calculated from the first correction homomorphism parameter and the second correction homomorphism parameter).
Definition of homomorphic node y Matching function Match (W x ,W y ′)=(W y ′W x oo -W x W y oo )mod O 2 . For the followingCalculate Match (W) x ,W y ′)=(W y ′W x oo -W x W y oo )mod O 2 . If and only if Match (W x ,W y When') =0, the attributes match exactly, i.e., the node y Corresponding c y And d x Matching, a decryption value function Dec (node) defining the homomorphic node y )=e(c y ,d x )。
In the calculation stage, firstly, calculating the decryption value of the homomorphic node according to the matching result of the matching stage, and then calculating the plaintext through the decryption value of the homomorphic node.
For homomorphic node nodes y When there is a matchable attribute, dec (node) is calculated y )=e(c y ,d x ) The calculation process is as follows:
and matching the attribute set of the user with the homomorphic node through a matching function, and then performing bilinear matching calculation through bilinear matching private keys in the private keys and bilinear matching ciphertext in the ciphertext to obtain a decryption value of the homomorphic node.
When there is no matchable attribute, define Dec (node y )=1。
For the root node, the plaintext calculation process is as follows:
it should be noted that the method of the embodiments of the present disclosure may be performed by a single device, such as a computer or a server. The method of the embodiment can also be applied to a distributed scene, and is completed by mutually matching a plurality of devices. In the case of such a distributed scenario, one of the devices may perform only one or more steps of the methods of embodiments of the present disclosure, the devices interacting with each other to accomplish the methods.
It should be noted that the foregoing describes some embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims may be performed in a different order than in the embodiments described above and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
Based on the same inventive concept, the present disclosure also provides a data access control device with complete policy hiding, corresponding to the method of any embodiment described above.
Referring to fig. 6, the full policy hidden data access control device includes:
601. and the initialization module is configured to generate homomorphic encryption parameters, and calculate basic homomorphic parameters of each attribute according to the parameters.
602. The construction module is configured to construct a homomorphic access tree structure according to an access strategy set by a data owner for plaintext data, wherein a first homomorphic ciphertext of each attribute in the access strategy is calculated according to the basic homomorphic parameter, and a corresponding homomorphic node is formed based on the first homomorphic ciphertext to serve as a leaf node of the homomorphic access tree structure;
603. The encryption module is configured to encrypt the plaintext data based on the homomorphic access tree structure to obtain ciphertext data;
604. the response module is configured to respond to receiving an acquisition request of a decryption private key from user equipment, extract a user attribute set carried in the acquisition request, and acquire the decryption private key of the user attribute set, wherein the decryption private key comprises a second homomorphic ciphertext of each attribute in the user attribute set, and the second homomorphic ciphertext is calculated according to the basic homomorphic parameter;
605. the matching module is configured to calculate, for each homomorphic node, a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in the user attribute set based on a preset matching function so as to obtain a decryption value of the homomorphic node;
606. and a decryption module configured to allow the user device to decrypt the ciphertext data to obtain the plaintext data in response to determining that the set of user attributes satisfies the access policy according to a decryption value for each of the homomorphic nodes.
For convenience of description, the above devices are described as being functionally divided into various modules, respectively. Of course, the functions of the various modules may be implemented in the same one or more pieces of software and/or hardware when implementing the present disclosure.
The device of the foregoing embodiment is configured to implement the corresponding data access control method with complete policy hiding in any foregoing embodiment, and has the beneficial effects of the corresponding method embodiment, which is not described herein.
Based on the same inventive concept, the present disclosure also provides a data access control system with complete policy hiding, corresponding to the method of any embodiment described above. The method comprises the steps of cloud servers, authority centers, data owners and users:
the cloud server is configured to store ciphertext data obtained by encryption of a data owner and send the ciphertext data to the user.
The authority center is configured to generate parameters, calculate bilinear pairing parameters and basic homomorphic parameters according to the parameters as attributes, and further calculate a public key and a master key;
wherein the parameters include p, q, n, λ, g, where p and q represent two large prime numbers, and both satisfy gcd (pq, (p-1) (q-1))=1. N=pq, λ=lcm ((p-1) (q-1)) is calculated. Randomly select g E Z p And g satisfies gcd (L (g) λ mod N 2 ) N) =1. Homomorphic parameters, public keys and master keys are calculated by adopting a homomorphic encryption algorithm Paillier as an attribute.
Calculating a private key corresponding to the user attribute set according to the obtaining request of the decrypting private key of the user and the master key, and sending the private key to the user;
The data owner is configured to set an access policy of plaintext data, construct a homomorphic access tree structure according to the access policy of the data owner, encrypt the plaintext data according to the homomorphic access tree structure and a public key to obtain ciphertext data, and send the ciphertext data to the cloud server;
the user is configured to acquire the ciphertext data from the cloud server, match the user attribute set with the access policy of the ciphertext according to the key and the ciphertext data, and decrypt to obtain plaintext data in response to determining that the user attribute set meets the access policy of the data owner in the ciphertext data.
Based on the same inventive concept, the present disclosure also provides an electronic device corresponding to the method of any embodiment, including a memory, a processor, and a computer program stored on the memory and capable of running on the processor, where the processor implements the data access control method of complete policy hiding described in any embodiment when executing the program.
Fig. 7 is a schematic diagram of a hardware structure of an electronic device according to the embodiment, where the device may include: a processor 1010, a memory 1020, an input/output interface 1030, a communication interface 1040, and a bus 1050. Wherein processor 1010, memory 1020, input/output interface 1030, and communication interface 1040 implement communication connections therebetween within the device via a bus 1050.
The processor 1010 may be implemented by a general-purpose CPU (Central Processing Unit ), microprocessor, application specific integrated circuit (Application Specific Integrated Circuit, ASIC), or one or more integrated circuits, etc. for executing relevant programs to implement the technical solutions provided in the embodiments of the present disclosure.
The Memory 1020 may be implemented in the form of ROM (Read Only Memory), RAM (Random Access Memory ), static storage device, dynamic storage device, or the like. Memory 1020 may store an operating system and other application programs, and when the embodiments of the present specification are implemented in software or firmware, the associated program code is stored in memory 1020 and executed by processor 1010.
The input/output interface 1030 is used to connect with an input/output module for inputting and outputting information. The input/output module may be configured as a component in a device (not shown) or may be external to the device to provide corresponding functionality. Wherein the input devices may include a keyboard, mouse, touch screen, microphone, various types of sensors, etc., and the output devices may include a display, speaker, vibrator, indicator lights, etc.
Communication interface 1040 is used to connect communication modules (not shown) to enable communication interactions of the present device with other devices. The communication module may implement communication through a wired manner (such as USB, network cable, etc.), or may implement communication through a wireless manner (such as mobile network, WIFI, bluetooth, etc.).
Bus 1050 includes a path for transferring information between components of the device (e.g., processor 1010, memory 1020, input/output interface 1030, and communication interface 1040).
It should be noted that although the above-described device only shows processor 1010, memory 1020, input/output interface 1030, communication interface 1040, and bus 1050, in an implementation, the device may include other components necessary to achieve proper operation. Furthermore, it will be understood by those skilled in the art that the above-described apparatus may include only the components necessary to implement the embodiments of the present description, and not all the components shown in the drawings.
The electronic device of the foregoing embodiment is configured to implement the corresponding data access control method of complete policy hiding in any foregoing embodiment, and has the beneficial effects of the corresponding method embodiment, which is not described herein.
It should be noted that the embodiments of the present disclosure may be further described in the following manner:
a data access control method for complete policy hiding, comprising:
and generating homomorphic encryption parameters, and calculating basic homomorphic parameters of each attribute according to the parameters.
Constructing a homomorphic access tree structure according to an access strategy set by a data owner for plaintext data, wherein a first homomorphic ciphertext of each attribute in the access strategy is calculated according to the basic homomorphic parameter, and a corresponding homomorphic node is formed based on the first homomorphic ciphertext to serve as a leaf node of the homomorphic access tree structure;
encrypting the plaintext data based on the homomorphic access tree structure to obtain ciphertext data;
responding to an acquisition request of a decryption private key received from user equipment, extracting a user attribute set carried in the acquisition request, and acquiring the decryption private key of the user attribute set, wherein the decryption private key comprises a second homomorphic ciphertext of each attribute in the user attribute set, and the second homomorphic ciphertext is calculated according to the basic homomorphic parameter;
for each homomorphic node, calculating a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in the user attribute set based on a preset matching function so as to obtain a decryption value of the homomorphic node;
And in response to determining that the set of user attributes meets the access policy according to the decryption values of the homomorphic nodes, allowing the user device to decrypt the ciphertext data to obtain the plaintext data.
Further, the constructing the homomorphic access tree structure according to the access policy set by the data owner for the plaintext data includes:
constructing an access tree structure according to the access strategy of the data owner;
inserting homomorphic nodes obtained by homomorphic encryption based on the leaf nodes between the leaf nodes and the parent nodes of the access tree structure, wherein the homomorphic nodes are used as the parent nodes of the leaf nodes and the child nodes of the original parent nodes;
and removing the original leaf nodes in the access tree structure, and only reserving the homomorphic nodes as the leaf nodes of the access tree structure.
Further, for each homomorphic node, calculating, based on a preset matching function, a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in each user attribute set, so as to obtain a decryption value of the homomorphic node, including:
performing attribute matching on each homomorphic node in the homomorphic access tree, and defining a matching function at the homomorphic node as Match (W x ,W y ′)=(W y ′W x oo -W x W y oo )mod O 2 If and only if Match (W x ,W y When') =0, the attribute of the user attribute set is completely matched with the attribute in the access policy of the data owner represented by the homomorphic node, so as to obtain the decryption value of the homomorphic node, if the Match (W x ,W y ') =0, the decryption value of the homomorphic node is 1, where W y ' second homomorphic ciphertext representing an attribute of the user attribute set, W x A first homomorphic ciphertext representing an attribute in an access policy of a data owner represented by the homomorphic node, W x oo And W is y oo The homomorphic correction value is calculated according to the second correction homomorphic parameter and the first correction homomorphic parameter, and O is the product of two large prime numbers in homomorphic encryption.
Further, the node types in the homomorphic access tree structure include AND gates, OR gates, AND threshold gates.
Further, the encrypting the plaintext data based on the homomorphic access tree structure to obtain ciphertext data includes:
setting a secret sharing value of the root node of the homomorphic access tree, and calculating a ciphertext parameter of the homomorphic access tree and the secret sharing value of the homomorphic node according to the secret sharing value of the root node and the bilinear pairing parameter;
Calculating bilinear pairing ciphertext of the homomorphic node according to the secret sharing value and bilinear pairing parameter of the homomorphic node;
according to the basic homomorphic parameters and the random homomorphic parameters of the homomorphic nodes, calculating to obtain a first homomorphic ciphertext of the homomorphic nodes;
performing second homomorphic encryption on the random homomorphic parameters to obtain second correction homomorphic parameters;
encrypting the plaintext data according to the total secret sharing value to obtain a ciphertext main body; wherein the ciphertext data comprises: ciphertext parameters, ciphertext bodies, second correction homomorphism parameters, first homomorphism ciphertext and bilinear pairing ciphertext.
Further, the responding to the receiving of the obtaining request of the decryption private key from the user equipment, extracting the user attribute set carried in the obtaining request, and obtaining the decryption private key of the user attribute set, including:
calculating a private key parameter of the user attribute set and a bilinear pairing private key of an attribute in the user attribute set according to the bilinear pairing parameter; the bilinear pairing parameters are calculated according to the generated bilinear mapping in the initialization stage;
multiplying basic homomorphism parameters of the attributes in each user attribute set by random homomorphism parameters to obtain second homomorphism ciphertext of the attributes;
Performing second homomorphic encryption on the random homomorphic parameters to obtain first correction homomorphic parameters; wherein the ciphertext data comprises: the method comprises the steps of a private key parameter, a first correction homomorphic parameter, a homomorphic encryption parameter, a second homomorphic ciphertext and a bilinear pairing private key.
Further, setting the secret sharing value of the root node of the homomorphic access tree, and calculating the secret sharing value of the homomorphic node according to the secret sharing value of the root node, including:
setting the secret sharing value of the homomorphic access tree root node as s root Recursively calculating a secret sharing value from the root node to the homomorphic node:
in response to determining that the node is an AND gate, for each child node of the node, its secret sharing value s is set using an (n, n) -Shamir secret sharing scheme i =f(i);
In response to determining that the node is an OR gate, for each child node of the node, its secret sharing value s is set using a (1, n) -Shamir secret sharing scheme i =f(i);
In response to determining that the node is a threshold gate, using a (t, n) -Shamir secret sharing scheme, where t is a threshold value for the node; for each child node of the node, its secret sharing value s is set i =f(i)。
Further, a data access control apparatus with complete policy hiding, comprising:
And the initialization module is configured to generate homomorphic encryption parameters, and calculate basic homomorphic parameters of each attribute according to the parameters.
The construction module is configured to construct a homomorphic access tree structure according to an access strategy set by a data owner for plaintext data, wherein a first homomorphic ciphertext of each attribute in the access strategy is calculated according to the basic homomorphic parameter, and a corresponding homomorphic node is formed based on the first homomorphic ciphertext to serve as a leaf node of the homomorphic access tree structure;
the encryption module is configured to encrypt the plaintext data based on the homomorphic access tree structure to obtain ciphertext data;
the response module is configured to respond to receiving an acquisition request of a decryption private key from user equipment, extract a user attribute set carried in the acquisition request, and acquire the decryption private key of the user attribute set, wherein the decryption private key comprises a second homomorphic ciphertext of each attribute in the user attribute set, and the second homomorphic ciphertext is calculated according to the basic homomorphic parameter;
the matching module is configured to calculate, for each homomorphic node, a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in the user attribute set based on a preset matching function so as to obtain a decryption value of the homomorphic node;
And a decryption module configured to allow the user device to decrypt the ciphertext data to obtain the plaintext data in response to determining that the set of user attributes satisfies the access policy according to a decryption value for each of the homomorphic nodes.
Further, a data access control system with complete policy hiding comprises a cloud server, an authoritative center, a data owner and a user:
the cloud server is configured to store ciphertext data obtained by encryption of a data owner and send the ciphertext data to the user.
The authority center is configured to generate parameters, calculate bilinear pairing parameters and basic homomorphic parameters according to the parameters as attributes, and further calculate a public key and a master key;
calculating a private key corresponding to the user attribute set according to the obtaining request of the decrypting private key of the user and the master key, and sending the private key to the user;
the data owner is configured to set an access policy of plaintext data, construct a homomorphic access tree structure according to the access policy of the data owner, encrypt the plaintext data according to the homomorphic access tree structure and a public key to obtain ciphertext data, and send the ciphertext data to the cloud server;
The user is configured to acquire the ciphertext data from the cloud server, match the user attribute set with the access policy of the ciphertext according to the key and the ciphertext data, and decrypt to obtain plaintext data in response to determining that the user attribute set meets the access policy of the data owner in the ciphertext data.
Further, an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method according to any of claims 1 to 7 when executing the program.
Those of ordinary skill in the art will appreciate that: the discussion of any of the embodiments above is merely exemplary and is not intended to suggest that the scope of the disclosure, including the claims, is limited to these examples; the technical features of the above embodiments or in the different embodiments may also be combined under the idea of the present disclosure, the steps may be implemented in any order, and there are many other variations of the different aspects of the embodiments of the present disclosure as described above, which are not provided in details for the sake of brevity.
Additionally, well-known power/ground connections to Integrated Circuit (IC) chips and other components may or may not be shown within the provided figures, in order to simplify the illustration and discussion, and so as not to obscure the embodiments of the present disclosure. Furthermore, the devices may be shown in block diagram form in order to avoid obscuring the embodiments of the present disclosure, and this also accounts for the fact that specifics with respect to implementation of such block diagram devices are highly dependent upon the platform on which the embodiments of the present disclosure are to be implemented (i.e., such specifics should be well within purview of one skilled in the art). Where specific details (e.g., circuits) are set forth in order to describe example embodiments of the disclosure, it should be apparent to one skilled in the art that embodiments of the disclosure can be practiced without, or with variation of, these specific details. Accordingly, the description is to be regarded as illustrative in nature and not as restrictive.
While the present disclosure has been described in conjunction with specific embodiments thereof, many alternatives, modifications, and variations of those embodiments will be apparent to those skilled in the art in light of the foregoing description. For example, other memory architectures (e.g., dynamic RAM (DRAM)) may use the embodiments discussed.
The disclosed embodiments are intended to embrace all such alternatives, modifications and variances which fall within the broad scope of the appended claims. Accordingly, any omissions, modifications, equivalents, improvements, and the like, which are within the spirit and principles of the embodiments of the disclosure, are intended to be included within the scope of the disclosure.
Claims (9)
1. A data access control method for complete policy hiding, comprising:
generating homomorphic encryption parameters, and calculating basic homomorphic parameters of each attribute according to the parameters;
constructing a homomorphic access tree structure according to an access strategy set by a data owner for plaintext data, wherein a first homomorphic ciphertext of each attribute in the access strategy is calculated according to the basic homomorphic parameter, and a corresponding homomorphic node is formed based on the first homomorphic ciphertext to serve as a leaf node of the homomorphic access tree structure;
Encrypting the plaintext data based on the homomorphic access tree structure to obtain ciphertext data;
responding to an acquisition request of a decryption private key received from user equipment, extracting a user attribute set carried in the acquisition request, and acquiring the decryption private key of the user attribute set, wherein the decryption private key comprises a second homomorphic ciphertext of each attribute in the user attribute set, and the second homomorphic ciphertext is calculated according to the basic homomorphic parameter;
for each homomorphic node, calculating a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in the user attribute set based on a preset matching function so as to obtain a decryption value of the homomorphic node;
in response to determining that the set of user attributes meets the access policy according to the decryption values of the homomorphic nodes, allowing the user device to decrypt the ciphertext data to obtain the plaintext data;
wherein the constructing the homomorphic access tree structure according to the access policy set by the data owner for the plaintext data comprises:
constructing an access tree structure according to the access strategy of the data owner;
Inserting homomorphic nodes obtained by homomorphic encryption based on the leaf nodes between the leaf nodes and the parent nodes of the access tree structure, wherein the homomorphic nodes are used as the parent nodes of the leaf nodes and the child nodes of the original parent nodes;
and removing the original leaf nodes in the access tree structure, and only reserving the homomorphic nodes as the leaf nodes of the access tree structure.
2. The method according to claim 1, wherein for each homomorphic node, calculating, based on a preset matching function, a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in each user attribute set to obtain a decryption value of the homomorphic node, includes:
performing attribute matching on each homomorphic node in the homomorphic access tree, defining a matching function at the homomorphic node as,if and only if Match (W x ,W′ y ) When=0, the attribute of the user attribute set is completely matched with the attribute in the access policy of the data owner represented by the homomorphic node, so as to obtain the decryption value of the homomorphic node, if there is no Match (W x ,W′ y ) =0, the decryption value of the homomorphic node is 1, where W' y A second homomorphic ciphertext representative of an attribute in the user attribute set, W x Representing a first homomorphic ciphertext indicative of an attribute in an access policy of a data owner represented by the homomorphic node, ">And->The homomorphic correction value is calculated according to the second correction homomorphic parameter and the first correction homomorphic parameter, and O is the product of two large prime numbers in homomorphic encryption.
3. The method of claim 1, wherein node types in the homomorphic access tree structure comprise AND gates, OR gates, AND threshold gates.
4. The method of claim 1, wherein encrypting the plaintext data based on the homomorphic access tree structure to obtain ciphertext data comprises:
setting a secret sharing value of the root node of the homomorphic access tree, and calculating a ciphertext parameter of the homomorphic access tree and the secret sharing value of the homomorphic node according to the secret sharing value of the root node and the bilinear pairing parameter;
calculating bilinear pairing ciphertext of the homomorphic node according to the secret sharing value and bilinear pairing parameter of the homomorphic node;
according to the basic homomorphic parameters and the random homomorphic parameters of the homomorphic nodes, calculating to obtain a first homomorphic ciphertext of the homomorphic nodes;
Performing second homomorphic encryption on the random homomorphic parameters to obtain second correction homomorphic parameters;
encrypting the plaintext data according to the total secret sharing value to obtain a ciphertext main body; wherein the ciphertext data comprises: ciphertext parameters, ciphertext bodies, second correction homomorphism parameters, first homomorphism ciphertext and bilinear pairing ciphertext.
5. The method of claim 1, wherein the extracting the user attribute set carried in the acquisition request and acquiring the decryption private key of the user attribute set in response to receiving an acquisition request for the decryption private key from the user equipment comprises:
calculating a private key parameter of the user attribute set and a bilinear pairing private key of an attribute in the user attribute set according to the bilinear pairing parameter; the bilinear pairing parameters are calculated according to the generated bilinear mapping in the initialization stage;
multiplying basic homomorphism parameters of the attributes in each user attribute set by random homomorphism parameters to obtain second homomorphism ciphertext of the attributes;
performing second homomorphic encryption on the random homomorphic parameters to obtain first correction homomorphic parameters; wherein the ciphertext data comprises: the method comprises the steps of a private key parameter, a first correction homomorphic parameter, a homomorphic encryption parameter, a second homomorphic ciphertext and a bilinear pairing private key.
6. The method of claim 4, wherein the setting the secret sharing value of the homomorphic access tree root node, calculating the secret sharing value of the homomorphic node from the secret sharing value of the root node, comprises:
setting the secret sharing value of the homomorphic access tree root node as s root Recursively calculating a secret sharing value from the root node to the homomorphic node:
in response to determining that the node is an AND gate, for each child node of the node, a (n, n) -Shamir secret sharing scheme is used to setIts secret shared value s i =f(i);
In response to determining that the node is an OR gate, for each child node of the node, its secret sharing value s is set using a (1, n) -Shamir secret sharing scheme i =f(i);
In response to determining that the node is a threshold gate, using a (t, n) -Shamir secret sharing scheme, where t is a threshold value for the node; for each child node of the node, its secret sharing value s is set i =f(i)。
7. A full policy hidden data access control device, comprising:
the initialization module is configured to generate homomorphic encryption parameters, and basic homomorphic parameters of each attribute are calculated according to the parameters;
the construction module is configured to construct a homomorphic access tree structure according to an access strategy set by a data owner for plaintext data, wherein a first homomorphic ciphertext of each attribute in the access strategy is calculated according to the basic homomorphic parameter, and a corresponding homomorphic node is formed based on the first homomorphic ciphertext to serve as a leaf node of the homomorphic access tree structure;
Wherein the constructing the homomorphic access tree structure according to the access policy set by the data owner for the plaintext data comprises:
constructing an access tree structure according to the access strategy of the data owner;
inserting homomorphic nodes obtained by homomorphic encryption based on the leaf nodes between the leaf nodes and the parent nodes of the access tree structure, wherein the homomorphic nodes are used as the parent nodes of the leaf nodes and the child nodes of the original parent nodes;
removing the original leaf nodes in the access tree structure, and only reserving the homomorphic nodes as the leaf nodes of the access tree structure;
the encryption module is configured to encrypt the plaintext data based on the homomorphic access tree structure to obtain ciphertext data;
the response module is configured to respond to receiving an acquisition request of a decryption private key from user equipment, extract a user attribute set carried in the acquisition request, and acquire the decryption private key of the user attribute set, wherein the decryption private key comprises a second homomorphic ciphertext of each attribute in the user attribute set, and the second homomorphic ciphertext is calculated according to the basic homomorphic parameter;
the matching module is configured to calculate, for each homomorphic node, a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in the user attribute set based on a preset matching function so as to obtain a decryption value of the homomorphic node;
And a decryption module configured to allow the user device to decrypt the ciphertext data to obtain the plaintext data in response to determining that the set of user attributes satisfies the access policy according to a decryption value for each of the homomorphic nodes.
8. A fully curated data access control system comprising a cloud server, an authoritative center, a data owner, and a user:
the cloud server is configured to store ciphertext data obtained by encryption of a data owner and send the ciphertext data to the user;
the authority center is configured to generate parameters, calculate bilinear pairing parameters and basic homomorphic parameters according to the parameters as attributes, and further calculate a public key and a master key;
calculating a private key corresponding to the user attribute set according to the obtaining request of the decrypting private key of the user and the master key, and sending the private key to the user;
the data owner is configured to set an access policy of plaintext data, construct a homomorphic access tree structure according to the access policy of the data owner, encrypt the plaintext data according to the homomorphic access tree structure and a public key to obtain ciphertext data, and send the ciphertext data to the cloud server;
The encrypting the plaintext data according to the homomorphic access tree structure and the public key to obtain ciphertext data comprises the following steps: calculating a first homomorphic ciphertext of each attribute in the access strategy according to the basic homomorphic parameter, and forming a corresponding homomorphic node based on the first homomorphic ciphertext to serve as a leaf node of the homomorphic access tree structure;
the user is configured to acquire the ciphertext data from the cloud server, match the user attribute set with the access policy of the ciphertext according to the private key and the ciphertext data, and decrypt to obtain plaintext data in response to determining that the user attribute set meets the access policy of a data owner in the ciphertext data; the decryption private key comprises a second homomorphic ciphertext of each attribute in the user attribute set, and the second homomorphic ciphertext is calculated according to the basic homomorphic parameter;
and for each homomorphic node, calculating a matching value of the first homomorphic ciphertext corresponding to the homomorphic node and the second homomorphic ciphertext of the attribute in the user attribute set based on a preset matching function so as to obtain a decryption value of the homomorphic node.
9. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the method of any one of claims 1 to 6 when the program is executed.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110632578.9A CN113468556B (en) | 2021-06-07 | 2021-06-07 | Data access control method with complete policy hiding and related equipment thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110632578.9A CN113468556B (en) | 2021-06-07 | 2021-06-07 | Data access control method with complete policy hiding and related equipment thereof |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113468556A CN113468556A (en) | 2021-10-01 |
| CN113468556B true CN113468556B (en) | 2023-07-25 |
Family
ID=77868686
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110632578.9A Active CN113468556B (en) | 2021-06-07 | 2021-06-07 | Data access control method with complete policy hiding and related equipment thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113468556B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114070553B (en) * | 2021-10-29 | 2023-05-30 | 深圳技术大学 | Private data matching method, system and storage medium |
| CN114244838B (en) * | 2021-12-17 | 2024-06-04 | 东软集团股份有限公司 | Encryption method and system, decryption method, device and equipment for block chain data |
| CN114567466A (en) * | 2022-02-17 | 2022-05-31 | 安徽师范大学 | CP-ABE strategy hiding-based high-efficiency fine-grained access control method |
| CN114915426B (en) * | 2022-05-20 | 2023-12-15 | 曲阜师范大学 | Certificate-free message recoverable blind signature method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108512662A (en) * | 2018-04-12 | 2018-09-07 | 上海海事大学 | The hiding multimachine structure encryption method of support policy on a kind of lattice |
| CN110099043A (en) * | 2019-03-24 | 2019-08-06 | 西安电子科技大学 | The hiding more authorization center access control methods of support policy, cloud storage system |
| CN110224986A (en) * | 2019-05-07 | 2019-09-10 | 电子科技大学 | It is a kind of that access control method efficiently can search for based on hiding strategy CP-ABE |
| CN112532588A (en) * | 2020-11-06 | 2021-03-19 | 北京工业大学 | Policy hidden type data access control method based on block chain |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9256763B2 (en) * | 2012-09-03 | 2016-02-09 | Nec Europe Ltd. | Method and system for providing a public key/secret key pair for encrypting and decrypting data |
| US20160241399A1 (en) * | 2013-03-15 | 2016-08-18 | Arizona Board Of Regents On Behalf Of Arizona State University | Efficient Privacy-Preserving Ciphertext-Policy Attribute Based Encryption and Broadcast Encryption |
-
2021
- 2021-06-07 CN CN202110632578.9A patent/CN113468556B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108512662A (en) * | 2018-04-12 | 2018-09-07 | 上海海事大学 | The hiding multimachine structure encryption method of support policy on a kind of lattice |
| CN110099043A (en) * | 2019-03-24 | 2019-08-06 | 西安电子科技大学 | The hiding more authorization center access control methods of support policy, cloud storage system |
| CN110224986A (en) * | 2019-05-07 | 2019-09-10 | 电子科技大学 | It is a kind of that access control method efficiently can search for based on hiding strategy CP-ABE |
| CN112532588A (en) * | 2020-11-06 | 2021-03-19 | 北京工业大学 | Policy hidden type data access control method based on block chain |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113468556A (en) | 2021-10-01 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113468556B (en) | Data access control method with complete policy hiding and related equipment thereof | |
| US11902413B2 (en) | Secure machine learning analytics using homomorphic encryption | |
| CN107683502B (en) | Generating cryptographic function parameters from compact source code | |
| Kumar Pandey et al. | Encryption and steganography-based text extraction in IoT using the EWCTS optimizer | |
| US11436471B2 (en) | Prediction model sharing method and prediction model sharing system | |
| Sun et al. | A searchable personal health records framework with fine-grained access control in cloud-fog computing | |
| US11316665B2 (en) | Generating cryptographic function parameters based on an observed astronomical event | |
| Sharma et al. | RSA based encryption approach for preserving confidentiality of big data | |
| Senthilkumar et al. | SCB-HC-ECC–based privacy safeguard protocol for secure cloud storage of smart card–based health care system | |
| Parrilla et al. | Unified compact ECC-AES co-processor with group-key support for IoT devices in wireless sensor networks | |
| CN110383751A (en) | The PINOCCHIO/TRINOCCHIO of data about confirmation | |
| EP4202768A1 (en) | Machine learning model training method and related device | |
| Boussif et al. | Smartphone application for medical images secured exchange based on encryption using the matrix product and the exclusive addition | |
| US10079675B2 (en) | Generating cryptographic function parameters from a puzzle | |
| Owusu-Agyemeng et al. | MSDP: multi-scheme privacy-preserving deep learning via differential privacy | |
| CN111553443A (en) | Training method and device for referee document processing model and electronic equipment | |
| Olufemi Olakanmi et al. | MASHED: Security and privacy-aware mutual authentication scheme for heterogeneous and distributed mobile cloud computing services | |
| CN115309861A (en) | Ciphertext retrieval system, method, computer equipment and storage medium | |
| JP5913041B2 (en) | Secret information concealment device, secret information restoration device, secret information concealment program, and secret information restoration program | |
| CN110140161A (en) | Encrypt label generating means, retrieval and inquisition generating means and confidential search system | |
| Feintzeig | The classical limit of a state on the Weyl algebra | |
| CN112989370B (en) | Key filling method, system, device, equipment and storage medium | |
| TWI701931B (en) | Digital signature method with hierarchical mechanism and hardware wallet device suitable therefore | |
| EP4335073A1 (en) | Blind rotation for use in fully homomorphic encryption | |
| Gu et al. | Noncommutative lightweight signcryption for wireless sensor networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |