CN114003942B - Encrypted Boolean search method and system supporting dynamic update in cloud environment - Google Patents

Encrypted Boolean search method and system supporting dynamic update in cloud environment Download PDF

Info

Publication number
CN114003942B
CN114003942B CN202111639831.XA CN202111639831A CN114003942B CN 114003942 B CN114003942 B CN 114003942B CN 202111639831 A CN202111639831 A CN 202111639831A CN 114003942 B CN114003942 B CN 114003942B
Authority
CN
China
Prior art keywords
search
index
key
keyword
token
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202111639831.XA
Other languages
Chinese (zh)
Other versions
CN114003942A (en
Inventor
胡文友
曲武
胡永亮
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jinjing Yunhua Shenyang Technology Co ltd
Beijing Jinjingyunhua Technology Co ltd
Original Assignee
Jinjing Yunhua Shenyang Technology Co ltd
Beijing Jinjingyunhua Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jinjing Yunhua Shenyang Technology Co ltd, Beijing Jinjingyunhua Technology Co ltd filed Critical Jinjing Yunhua Shenyang Technology Co ltd
Priority to CN202111639831.XA priority Critical patent/CN114003942B/en
Publication of CN114003942A publication Critical patent/CN114003942A/en
Application granted granted Critical
Publication of CN114003942B publication Critical patent/CN114003942B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/951Indexing; Web crawling techniques
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines

Abstract

The invention belongs to the technical field of safe search, and particularly relates to an encrypted Boolean search method and an encrypted Boolean search system supporting dynamic update in a cloud environment, wherein the method comprises the following steps: the data owner generates different keys; a data owner generates a keyword encryption index; the searching user sends a searching request to the data owner, and the data owner sends a key required for generating a searching token to the searching user after receiving the request and confirming that the identity of the searching user is reliable; a search user generates a search token according to keywords of Boolean search and a key sent by a data owner; the search user holds a search token, performs Boolean search on the ciphertext stored on the cloud server, and sends an encrypted search result to the search user; the searching user decrypts the searching result by using the key to complete the searching process; and carrying out index dynamic updating. The invention realizes dynamic updating of the index on one hand and improves the searching efficiency on the other hand.

Description

Encrypted Boolean search method and system supporting dynamic update in cloud environment
Technical Field
The invention belongs to the technical field of secure search, and particularly relates to an encrypted Boolean search method and system supporting dynamic update in a cloud environment.
Background
At the present stage, more and more users and enterprises choose to outsource own data storage and business computation to a cloud server, and in order to ensure confidentiality of cloud data, encryption of the data is considered at first. However, the original characteristics of the data are lost in the encrypted data. The generation of searchable encryption technology addresses this problem to some extent. However, most of the existing searchable encryption methods do not support dynamic updating of the index, so that the updating efficiency is low; meanwhile, Boolean search for multiple keywords cannot be supported, and actual requirements cannot be met. On the premise of ensuring the privacy of data to be searched, how to construct an encryptable boolean search scheme supporting dynamic updating needs technical means to be realized.
In the prior art, a patent of 'multi-keyword searchable encryption method and system supporting Boolean access control policy' (CN 112100649A) discloses a multi-keyword searchable encryption method and system supporting Boolean access control policy, wherein the method comprises the steps of firstly generating a system public key, a main key and an ElGamal private key by a trusted authority, disclosing a system public key cloud, and sending the private key to a data user; then the data owner generates an index ciphertext and a data ciphertext for the document and uploads the index ciphertext and the data ciphertext in the cloud; when a data user is searched, the attribute set and the query keyword predicate of the data user are uploaded to a credible authority to verify whether the user identity is legal or not, and when the user identity is legal, a search token is generated and sent to the data user; after receiving the retrieval token, the data user uploads the retrieval token in the cloud; after the cloud server receives the data, the system public key is used for checking whether each index ciphertext is matched with the retrieval token or not, and the matched data ciphertext is sent to the data user; and the data user recovers the data ciphertext into plaintext content by using the private key. The patent can realize fine-grained Boolean access control, Boolean multiple key word search and constant system key length. However, the following problems exist:
1) the problem of dynamically updating the keyword index is not considered, and when the keyword to be searched changes (increases, deletes, changes), the keyword index cannot be dynamically updated, and a new index needs to be reconstructed. That is to say, the keyword index dictionary needs to be updated once every time the keyword set to be searched is updated, which greatly wastes storage space and reduces updating efficiency;
2) in the process of constructing the encryption index, the traditional searchable encryption method is utilized for construction, the index is in the form of a dictionary, when Boolean search is carried out, the consumed storage space is very large, the communication complexity of the scheme is very high, and the increasing demands cannot be met;
3) only pairs are supported (key: file), other forms of data (multidimensional data, images, audio) and the like cannot be searched, and the popularity of the data is not considered.
Disclosure of Invention
In order to solve the technical problem, the invention provides an encrypted boolean search method and system supporting dynamic update in a cloud environment.
The invention is realized in such a way, and provides an encrypted Boolean search method supporting dynamic update in a cloud environment, which comprises the following steps:
1) the data owner generates different keys;
2) the data owner generates a keyword encryption index which comprises the encryption index of the single keyword and the encryption index of the intersection between the keywords, and uploads the encryption index to the cloud server;
3) the method comprises the steps that a search user sends a search request to a data owner, namely, the search request is made for ciphertext stored in a cloud server to be searched according to keywords, the data owner verifies the identity of the search user after receiving the request, a search token is generated by using a secret key after confirming that the identity of the search user is reliable, the search token is sent to the search user, and the search token corresponding to each keyword comprises two parts: intersection tokens between the single keyword token and the keywords;
4) the search user holds a search token, performs Boolean search on the ciphertext stored on the cloud server, and sends an encrypted search result to the search user;
5) the searching user decrypts the searching result by using the key to complete the searching process;
6) and carrying out index dynamic updating.
Preferably, in step 1), the step of generating the different keys by the data owner is:
101) data owner entering security parameters
Figure 156979DEST_PATH_IMAGE001
102) Outputting a symmetric encryption key according to a symmetric encryption method
Figure 807272DEST_PATH_IMAGE002
103) Outputting a 2DNF encrypted public and private key according to a 2DNF algorithm
Figure 135354DEST_PATH_IMAGE003
104) Outputting a GM encryption public and private key according to a GM encryption algorithm
Figure 961228DEST_PATH_IMAGE004
Further preferably, in step 2), the step of generating the encryption index for the single keyword comprises:
201-1) data owner for each keyword
Figure 280345DEST_PATH_IMAGE005
Generate a length of
Figure 293300DEST_PATH_IMAGE006
Binary index string of
Figure 706964DEST_PATH_IMAGE007
Each of which is
Figure 715240DEST_PATH_IMAGE007
Is stored in a dictionary data structure, denoted
Figure 421903DEST_PATH_IMAGE008
A size of
Figure 922154DEST_PATH_IMAGE009
As shown in the following formula:
Figure 418470DEST_PATH_IMAGE010
201-2) generating a single-key encryption index vector for each element in the dictionary
Figure 297564DEST_PATH_IMAGE011
(ii) a Wherein
Figure 277194DEST_PATH_IMAGE012
Figure 15474DEST_PATH_IMAGE013
Figure 879263DEST_PATH_IMAGE014
For each of the random vectors corresponding to the key,
Figure 347284DEST_PATH_IMAGE015
is a random number, and is a random number,
Figure 693952DEST_PATH_IMAGE016
is a random vector;
in step 2), the step of generating the encryption index of the intersection between the keywords is as follows:
202-1) data owner first for each keyword
Figure 260806DEST_PATH_IMAGE017
Followed by the keyword
Figure 85543DEST_PATH_IMAGE018
Making intersection to generate
Figure 798284DEST_PATH_IMAGE019
Individual intersection inverted index
Figure 565121DEST_PATH_IMAGE020
Generating the length of the inverted index of the intersection of each keyword as
Figure 261681DEST_PATH_IMAGE021
Binary index string of
Figure 155688DEST_PATH_IMAGE022
And sequentially storing the data in another dictionary;
202-2) for each element in the dictionary, using GM encryption generation
Figure 34520DEST_PATH_IMAGE023
Doing between the keywords of the intersection operation
Figure 722990DEST_PATH_IMAGE024
XOR operation, generation using 2DNF encryption
Figure 188738DEST_PATH_IMAGE025
Finally, data owner generation
Figure 355277DEST_PATH_IMAGE026
Further preferably, in step 3), the generating step of the single keyword token is:
the search user performs division operation by using the private key and the keyword to generate
Figure 88615DEST_PATH_IMAGE027
Then calculate
Figure 947987DEST_PATH_IMAGE028
Single keyword token
Figure 104293DEST_PATH_IMAGE029
The structure is as follows:
Figure 74523DEST_PATH_IMAGE030
wherein v iswqRepresenting a random vector corresponding to the keyword wq, and finishing the generation;
the generation steps of the intersection token among the keywords are as follows:
intersection tokens between keywords
Figure 396789DEST_PATH_IMAGE031
The method is composed of two parts, and because the last key word does not need to intersect with other key words, the first part is the first part
Figure 427062DEST_PATH_IMAGE032
A key pointWord and last, i.e. second
Figure 601822DEST_PATH_IMAGE033
The structure of the search token generated by each keyword is different from that of the previous search token
Figure 110164DEST_PATH_IMAGE032
A set of keywords
Figure 552515DEST_PATH_IMAGE034
For each keyword therein
Figure 19269DEST_PATH_IMAGE035
Followed by the keyword
Figure 415746DEST_PATH_IMAGE036
Generated as in the single key token generation method
Figure 462200DEST_PATH_IMAGE037
And
Figure 759058DEST_PATH_IMAGE038
the structure is as follows:
Figure 662292DEST_PATH_IMAGE039
(ii) a For the last keyword to be searched, intersection with other keywords is not needed, and only the single keyword search token is obtained
Figure 546065DEST_PATH_IMAGE040
And (4) finishing.
Further preferably, in step 4), the specific steps of boolean search are:
401) before the cloud server first traverses
Figure 661789DEST_PATH_IMAGE041
Search token for each keyword
Figure 78732DEST_PATH_IMAGE042
First, take out
Figure 356130DEST_PATH_IMAGE043
To pair
Figure 727200DEST_PATH_IMAGE044
Performing search to obtain by multiplication
Figure 381035DEST_PATH_IMAGE045
Figure 121327DEST_PATH_IMAGE045
Is the binary index string encrypted for the corresponding GM
Figure 835205DEST_PATH_IMAGE046
402) Cloud server fetching
Figure 693570DEST_PATH_IMAGE047
To pair
Figure 151097DEST_PATH_IMAGE048
Searching to obtain parameters
Figure 277053DEST_PATH_IMAGE049
Is a pair of
Figure 427412DEST_PATH_IMAGE050
With its following keywords
Figure 773074DEST_PATH_IMAGE051
Corresponding GM encrypted binary index string
Figure 503132DEST_PATH_IMAGE052
403) And the cloud server transmits all the obtained encryption parameters to the search user respectively.
Preferably, in step 6), the key index is dynamically updated when the key set changes, including encrypting the index for a single key
Figure 218016DEST_PATH_IMAGE053
And the intersection between the keywords encrypts the index
Figure 273697DEST_PATH_IMAGE054
Wherein for the replaced keyword
Figure 309917DEST_PATH_IMAGE055
Delete its sub-index
Figure 109246DEST_PATH_IMAGE056
For added keywords
Figure 429369DEST_PATH_IMAGE057
Adding its sub-index
Figure 663077DEST_PATH_IMAGE058
The single key index update algorithm is as follows:
Figure 701440DEST_PATH_IMAGE059
data owner updates the intersection encryption index between keys for the key being replaced
Figure 38880DEST_PATH_IMAGE060
Go through
Figure 964242DEST_PATH_IMAGE061
First, delete the dictionary
Figure 361725DEST_PATH_IMAGE062
In
Figure 871073DEST_PATH_IMAGE063
Corresponding elements, followed by successive traversal
Figure 12204DEST_PATH_IMAGE064
Middle key word
Figure 306920DEST_PATH_IMAGE065
Corresponding element is deleted and sub-index thereof is deleted
Figure 360457DEST_PATH_IMAGE066
Finally, for the added key
Figure 373413DEST_PATH_IMAGE067
Inserting it into
Figure 787076DEST_PATH_IMAGE068
Head, thus only requiring
Figure 451145DEST_PATH_IMAGE067
To pair
Figure 659272DEST_PATH_IMAGE068
Performing intersection operation on all other keywords in the Chinese character string and generating
Figure 893945DEST_PATH_IMAGE069
Put it into a dictionary
Figure 127611DEST_PATH_IMAGE070
Thus, the new key intersection encrypts the index
Figure 131339DEST_PATH_IMAGE071
After the generation, it is combined with
Figure 290794DEST_PATH_IMAGE072
The combination is carried out, and the combination,
Figure 12762DEST_PATH_IMAGE073
and (5) finishing updating.
The invention also provides an encrypted Boolean search system supporting dynamic update in the cloud environment, which comprises the following units:
a key generation unit for generating different keys by a data owner;
a key encryption index generation unit for generating a key by a data ownerEncrypted index, including encrypted index of single key
Figure 33808DEST_PATH_IMAGE074
And encryption index of intersection between keywords
Figure 908354DEST_PATH_IMAGE075
A search request transmitting unit for transmitting a search request to the data owner by a search user;
the search token key sending unit is used for sending the search token key to the search user after the data owner verifies the identity of the search user;
a search token generation unit for generating a search token by a search user using a search token key;
the Boolean search unit is used for performing Boolean search on the cloud server according to the request of the search user and then returning the encrypted search result to the search user;
the search result decryption unit is used for decrypting the Boolean search result by the search user;
and the index dynamic updating unit is used for dynamically updating the keyword index when the keyword set changes.
Compared with the prior art, the invention has the advantages that:
1) the invention supports the searchable encryption process of Boolean search and index dynamic update. Most of the traditional searchable encryption modes only support the search of a single keyword, and when the keyword set to be searched changes, the keyword index needs to be reconstructed, so that the efficiency is very low. The scheme utilizes the relevant knowledge of set theory to realize the Boolean search of the multi-keyword of the ciphertext stored in the cloud; the index is dynamically updated by auxiliary means such as cryptography knowledge and random vectors.
2) The invention has an original index construction mode. The index is compressed into a vector form, so that when the number of the keywords to be searched is too large, the communication complexity is obviously reduced, and meanwhile, only one multiplication and one decryption are needed during searching, and the searching efficiency is improved.
3) The invention adopts 2DNF addition homomorphic encryption and GM bit-by-bit encryption to encrypt the index and the search token, compared with Paillier encryption, the 2DNF encryption has higher efficiency on encrypting the short message, and simultaneously, the unique property of GM encryption makes the GM encryption very suitable for encrypting the binary string.
Drawings
FIG. 1 is an overall flow chart of the present invention;
FIG. 2 is a block diagram of the system of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention will be described in further detail with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
In order to solve the technical problem in the background technology, the technical scheme comprises three entities, namely a data owner, a search user and a cloud server. The data owner is responsible for generating a key to be used in the whole searching method and generating an encrypted file by using a symmetric encryption algorithm, namely the part responsible for initialization; meanwhile, generating a corresponding keyword set for the own file set, and generating an inverted index according to the keyword set and the keyword set; meanwhile, the generated inverted index is processed and encrypted and then uploaded to a cloud server, namely, the generated inverted index is responsible for generating the keyword index; as the Boolean search is to be realized, the index comprises a single keyword index and an intersection index; meanwhile, for each keyword to be searched, the data owner needs to generate a token corresponding to the keyword for the keyword, and transmit the token to the searching user; meanwhile, when the keyword index needs to be dynamically updated, the data owner is responsible for dynamically updating the index and generating a new keyword index; when a search user wants to search a ciphertext, the search user needs to send a search request to a data owner and hold a search token for Boolean search; meanwhile, the search user can obtain the final search result. For the cloud server, it mainly receives the encrypted index transmitted by the data owner; and receiving the search request and the corresponding search token of the trusted user, and performing Boolean search operation.
Specifically, referring to fig. 1, the present invention first provides an encrypted boolean search method supporting dynamic update in a cloud environment, including the following steps:
1) the data owner generates different keys;
in step 1), the steps of generating different keys by the data owner are as follows:
101) data owner entering security parameters
Figure 989442DEST_PATH_IMAGE001
102) Outputting a symmetric encryption key according to a symmetric encryption method
Figure 447975DEST_PATH_IMAGE002
103) Outputting a 2DNF encrypted public and private key according to a 2DNF algorithm
Figure 272711DEST_PATH_IMAGE003
104) Outputting a GM encryption public and private key according to a GM encryption algorithm
Figure 251031DEST_PATH_IMAGE004
2) The data owner generates a keyword encryption index which comprises the encryption index of the single keyword and the encryption index of the intersection between the keywords, and uploads the encryption index to the cloud server;
in step 2), the step of generating the encryption index of the single keyword comprises:
201-1) data owner for each keyword
Figure 253754DEST_PATH_IMAGE005
Generate a length of
Figure 950314DEST_PATH_IMAGE006
Binary index string of
Figure 828009DEST_PATH_IMAGE007
Each of which is
Figure 660836DEST_PATH_IMAGE007
Is stored in a dictionary data structure, denoted
Figure 349306DEST_PATH_IMAGE008
A size of
Figure 283895DEST_PATH_IMAGE009
As shown in the following formula:
Figure 450434DEST_PATH_IMAGE010
201-2) generating a single-key encryption index vector for each element in the dictionary
Figure 652615DEST_PATH_IMAGE011
(ii) a Wherein
Figure 511986DEST_PATH_IMAGE012
Figure 933871DEST_PATH_IMAGE013
Figure 638522DEST_PATH_IMAGE014
For each of the random vectors corresponding to the key,
Figure 445941DEST_PATH_IMAGE015
is a random number, and is a random number,
Figure 725482DEST_PATH_IMAGE016
is a random vector;
in step 2), the step of generating the encryption index of the intersection between the keywords is as follows:
202-1) data owner first for each keyword
Figure 883931DEST_PATH_IMAGE017
Followed by the keyword
Figure 143005DEST_PATH_IMAGE018
Making intersection to generate
Figure 116515DEST_PATH_IMAGE019
Individual intersection inverted index
Figure 317689DEST_PATH_IMAGE020
Generating the length of the inverted index of the intersection of each keyword as
Figure 432275DEST_PATH_IMAGE021
Binary index string of
Figure 26199DEST_PATH_IMAGE022
And sequentially storing the data in another dictionary;
202-2) for each element in the dictionary, using GM encryption generation
Figure 808210DEST_PATH_IMAGE023
Doing between the keywords of the intersection operation
Figure 163974DEST_PATH_IMAGE024
XOR operation, generation using 2DNF encryption
Figure 765857DEST_PATH_IMAGE025
Finally, data owner generation
Figure 366733DEST_PATH_IMAGE026
3) The method comprises the steps that a search user sends a search request to a data owner, namely, the search request is made for ciphertext stored in a cloud server to be searched according to keywords, the data owner verifies the identity of the search user after receiving the request, a search token is generated by using a secret key after confirming that the identity of the search user is reliable, the search token is sent to the search user, and the search token corresponding to each keyword comprises two parts: intersection tokens between the single keyword token and the keywords;
in step 3), the generation step of the single keyword token is as follows:
searching for a user to utilize a private key
Figure DEST_PATH_IMAGE077
Is divided by the key word to generate
Figure 799989DEST_PATH_IMAGE027
Then calculate
Figure 326654DEST_PATH_IMAGE028
Single keyword token
Figure 946991DEST_PATH_IMAGE029
The structure is as follows:
Figure 85979DEST_PATH_IMAGE030
wherein v iswqRepresenting a random vector corresponding to the keyword wq, and finishing the generation;
the generation steps of the intersection token among the keywords are as follows:
intersection tokens between keywords
Figure 842583DEST_PATH_IMAGE031
The method is composed of two parts, and because the last key word does not need to intersect with other key words, the first part is the first part
Figure 290882DEST_PATH_IMAGE032
A key word and the last one, i.e. the first
Figure 851045DEST_PATH_IMAGE033
The structure of the search token generated by each keyword is different from that of the previous search token
Figure 308571DEST_PATH_IMAGE032
A set of keywords
Figure 935993DEST_PATH_IMAGE034
For each keyword therein
Figure 555193DEST_PATH_IMAGE035
Followed by the keyword
Figure 618964DEST_PATH_IMAGE036
Generated as in the single key token generation method
Figure 863869DEST_PATH_IMAGE037
And
Figure 329486DEST_PATH_IMAGE038
the structure is as follows:
Figure 119587DEST_PATH_IMAGE039
(ii) a For the last keyword to be searched, intersection with other keywords is not needed, and only the single keyword search token is obtained
Figure 421387DEST_PATH_IMAGE040
And (4) finishing.
4) The search user holds a search token, performs Boolean search on the ciphertext stored on the cloud server, and sends an encrypted search result to the search user;
in the step 4), the specific steps of boolean search are:
401) before the cloud server first traverses
Figure 486295DEST_PATH_IMAGE041
Search token for each keyword
Figure 55685DEST_PATH_IMAGE042
First, take out
Figure 16688DEST_PATH_IMAGE043
To pair
Figure 55051DEST_PATH_IMAGE044
Performing search to obtain by multiplication
Figure 143224DEST_PATH_IMAGE045
Figure 317853DEST_PATH_IMAGE045
Is that
Figure DEST_PATH_IMAGE079
Corresponding GM encrypted binary index string
Figure 292500DEST_PATH_IMAGE046
402) Cloud server fetching
Figure 303313DEST_PATH_IMAGE047
To pair
Figure 444444DEST_PATH_IMAGE048
Searching to obtain parameters
Figure 473580DEST_PATH_IMAGE049
Is a pair of
Figure 291232DEST_PATH_IMAGE050
With its following keywords
Figure 304187DEST_PATH_IMAGE051
Corresponding GM encrypted binary index string
Figure 734163DEST_PATH_IMAGE052
403) And the cloud server transmits all the obtained encryption parameters to the search user respectively.
5) The searching user decrypts the searching result by using the key to complete the searching process;
6) and carrying out index dynamic updating.
In step 6), when the keyword set changes, the keyword index is dynamically updated, including the encryption index of the single keyword
Figure 883384DEST_PATH_IMAGE053
And the intersection between the keywords encrypts the index
Figure 622670DEST_PATH_IMAGE054
Wherein for the replaced keyword
Figure 130048DEST_PATH_IMAGE055
Delete its sub-index
Figure 612982DEST_PATH_IMAGE056
For added keywords
Figure 616710DEST_PATH_IMAGE057
Adding its sub-index
Figure 277629DEST_PATH_IMAGE058
The single key index update algorithm is as follows:
Figure 999598DEST_PATH_IMAGE059
data owner updates the intersection encryption index between keys for the key being replaced
Figure 269911DEST_PATH_IMAGE060
Go through
Figure 393725DEST_PATH_IMAGE061
First, delete the dictionary
Figure 209234DEST_PATH_IMAGE062
In
Figure 434810DEST_PATH_IMAGE063
Corresponding elements, followed by successive traversal
Figure 259547DEST_PATH_IMAGE064
Middle key word
Figure 487134DEST_PATH_IMAGE065
Corresponding element is deleted and sub-index thereof is deleted
Figure 739124DEST_PATH_IMAGE066
Finally, for the added key
Figure 170106DEST_PATH_IMAGE067
Inserting it into
Figure 283686DEST_PATH_IMAGE068
Head, thus only requiring
Figure 382092DEST_PATH_IMAGE067
To pair
Figure 804983DEST_PATH_IMAGE068
Performing intersection operation on all other keywords in the Chinese character string and generating
Figure 238108DEST_PATH_IMAGE069
Put it into a dictionary
Figure 686538DEST_PATH_IMAGE070
Thus, the new key intersection encrypts the index
Figure 170608DEST_PATH_IMAGE071
After the generation, it is combined with
Figure 13668DEST_PATH_IMAGE072
The combination is carried out, and the combination,
Figure 419242DEST_PATH_IMAGE073
and (5) finishing updating.
Referring to fig. 2, the present invention further provides an encrypted boolean search system supporting dynamic update in a cloud environment, including the following units:
a key generation unit for generating different keys by a data owner;
a key encryption index generation unit for generating a key encryption index including an encryption index of a single key by a data owner
Figure 123893DEST_PATH_IMAGE074
And encryption index of intersection between keywords
Figure 416465DEST_PATH_IMAGE075
A search request transmitting unit for transmitting a search request to the data owner by a search user;
the search token key sending unit is used for sending the search token key to the search user after the data owner verifies the identity of the search user;
a search token generation unit for generating a search token by a search user using a search token key;
the Boolean search unit is used for performing Boolean search on the cloud server according to the request of the search user and then returning the encrypted search result to the search user;
the search result decryption unit is used for decrypting the Boolean search result by the search user;
and the index dynamic updating unit is used for dynamically updating the keyword index when the keyword set changes.
Compared with the prior art mentioned in the background art, the method and the device realize the dynamic update of the keyword index while the ciphertext data in the cloud is searched in a Boolean mode. By compressing the index form into a vector, the index is dynamically updated, and the index updating efficiency is greatly improved.
The invention has lower storage overhead and search overhead. The index is compressed into a vector, and meanwhile, a lighter encryption means is utilized, so that the search efficiency and the index storage efficiency are improved, and the increasing demands of users can be better met.
The embodiments of the present invention have been described in detail with reference to the drawings, but the present invention is not limited to the above embodiments, and various changes can be made within the knowledge of those skilled in the art without departing from the gist of the present invention.

Claims (2)

1. The encrypted Boolean search method supporting dynamic update in the cloud environment is characterized by comprising the following steps:
1) the data owner generates different keys;
the steps of the data owner generating different keys are:
101) data owner entering security parameters
Figure 569130DEST_PATH_IMAGE001
102) Outputting a symmetric encryption key according to a symmetric encryption method
Figure 739080DEST_PATH_IMAGE002
103) Outputting a 2DNF encrypted public and private key according to a 2DNF algorithm
Figure 727764DEST_PATH_IMAGE003
104) Outputting a GM encryption public and private key according to a GM encryption algorithm
Figure 135612DEST_PATH_IMAGE004
2) The data owner generates a keyword encryption index which comprises the encryption index of the single keyword and the encryption index of the intersection between the keywords, and uploads the encryption index to the cloud server;
the generation steps of the encryption index of the single keyword are as follows:
201-1) data owner for each keyword
Figure 489233DEST_PATH_IMAGE005
Generate a length of
Figure 412058DEST_PATH_IMAGE006
Binary index string of
Figure 204434DEST_PATH_IMAGE007
Each of which is
Figure 935630DEST_PATH_IMAGE007
Is stored in a dictionary data structure, denoted
Figure 8888DEST_PATH_IMAGE008
A size of
Figure 419010DEST_PATH_IMAGE009
As shown in the following formula:
Figure 749497DEST_PATH_IMAGE010
201-2) generating a single-key encryption index vector for each element in the dictionary
Figure 600779DEST_PATH_IMAGE011
(ii) a Wherein
Figure 358519DEST_PATH_IMAGE012
Figure 662461DEST_PATH_IMAGE013
Figure 327798DEST_PATH_IMAGE014
For each of the random vectors corresponding to the key,
Figure 564744DEST_PATH_IMAGE015
is a random number, and is a random number,
Figure 227807DEST_PATH_IMAGE016
is a random vector;
the generation steps of the encryption index of the intersection between the keywords are as follows:
202-1) data owner first for each keyword
Figure 284624DEST_PATH_IMAGE017
Followed by the keyword
Figure 425756DEST_PATH_IMAGE018
Making intersection to generate
Figure 319806DEST_PATH_IMAGE019
Individual intersection inverted index
Figure 684928DEST_PATH_IMAGE020
Generating the length of the inverted index of the intersection of each keyword as
Figure 963462DEST_PATH_IMAGE021
Binary index string of
Figure 705022DEST_PATH_IMAGE022
And sequentially storing the data in another dictionary;
202-2) for each element in the dictionary, using GM encryption generation
Figure 385402DEST_PATH_IMAGE023
Doing between the keywords of the intersection operation
Figure 655847DEST_PATH_IMAGE024
XOR operation, generation using 2DNF encryption
Figure 156098DEST_PATH_IMAGE025
Finally, data owner generation
Figure 639032DEST_PATH_IMAGE026
3) The method comprises the steps that a search user sends a search request to a data owner, namely, the search request is made for ciphertext stored in a cloud server to be searched according to keywords, the data owner verifies the identity of the search user after receiving the request, a search token is generated by using a secret key after confirming that the identity of the search user is reliable, the search token is sent to the search user, and the search token corresponding to each keyword comprises two parts: intersection tokens between the single keyword token and the keywords;
the generation steps of the single keyword token are as follows:
data owner utilizing private keys
Figure 767394DEST_PATH_IMAGE027
Is divided by the key word to generate
Figure 208740DEST_PATH_IMAGE028
Then calculate
Figure 461866DEST_PATH_IMAGE029
Single keyword token
Figure 742632DEST_PATH_IMAGE031
The structure is as follows:
Figure 928763DEST_PATH_IMAGE032
wherein v iswqRepresenting a random vector corresponding to the keyword wq, and finishing the generation;
the generation steps of the intersection token among the keywords are as follows:
intersection tokens between keywords
Figure 72168DEST_PATH_IMAGE033
The method is composed of two parts, and because the last key word does not need to intersect with other key words, the first part is the first part
Figure 78170DEST_PATH_IMAGE034
A key word and the last one, i.e. the first
Figure 637327DEST_PATH_IMAGE035
The structure of the search token generated by each keyword is different from that of the previous search token
Figure 474702DEST_PATH_IMAGE036
A set of keywords
Figure 257851DEST_PATH_IMAGE037
For each keyword therein
Figure 751149DEST_PATH_IMAGE038
Followed by the keyword
Figure 645155DEST_PATH_IMAGE039
Generated as in the single key token generation method
Figure 743561DEST_PATH_IMAGE040
And
Figure 494349DEST_PATH_IMAGE041
the structure is as follows:
Figure 480802DEST_PATH_IMAGE042
(ii) a For the last keyword to be searched, intersection with other keywords is not needed, and only the single keyword search token is obtained
Figure 178500DEST_PATH_IMAGE043
Then the method is finished;
4) the search user holds a search token, performs Boolean search on the ciphertext stored on the cloud server, and sends an encrypted search result to the search user;
the specific steps of the boolean search are:
401) before the cloud server first traverses
Figure 131412DEST_PATH_IMAGE044
Search token for each keyword
Figure 53101DEST_PATH_IMAGE045
First, take out
Figure 255412DEST_PATH_IMAGE046
To pair
Figure 756801DEST_PATH_IMAGE047
Performing search to obtain by multiplication
Figure 298640DEST_PATH_IMAGE048
Figure 922389DEST_PATH_IMAGE049
Is that
Figure 346417DEST_PATH_IMAGE050
Corresponding GM encrypted binary index string
Figure 651496DEST_PATH_IMAGE051
402) Cloud server fetching
Figure 844580DEST_PATH_IMAGE052
To pair
Figure 875832DEST_PATH_IMAGE053
Searching to obtain parameters
Figure 583894DEST_PATH_IMAGE054
Is a pair of
Figure 692665DEST_PATH_IMAGE055
With its following keywords
Figure 271414DEST_PATH_IMAGE056
Corresponding GM encrypted binary index string
Figure 112331DEST_PATH_IMAGE057
403) The cloud server transmits all the obtained encryption parameters to the search user respectively;
5) the searching user decrypts the searching result by using the key to complete the searching process;
6) carrying out index dynamic updating;
dynamically updating the key index when the key set changes, including encrypting the single key index
Figure 838847DEST_PATH_IMAGE058
And the intersection between the keywords encrypts the index
Figure 220150DEST_PATH_IMAGE059
Wherein for the replaced keyword
Figure 387826DEST_PATH_IMAGE060
Delete its sub-index
Figure 930803DEST_PATH_IMAGE061
For added keywords
Figure 285561DEST_PATH_IMAGE062
Adding its sub-index
Figure 532871DEST_PATH_IMAGE063
The single key index update algorithm is as follows:
Figure 560913DEST_PATH_IMAGE064
data owner updates the intersection encryption index between keys for the key being replaced
Figure 805950DEST_PATH_IMAGE065
Go through
Figure 382425DEST_PATH_IMAGE066
First, delete the dictionary
Figure 167847DEST_PATH_IMAGE067
In
Figure 44536DEST_PATH_IMAGE068
Corresponding elements, followed by successive traversal
Figure 460474DEST_PATH_IMAGE069
Middle key word
Figure 524245DEST_PATH_IMAGE070
Corresponding element is deleted and sub-index thereof is deleted
Figure 847779DEST_PATH_IMAGE071
Finally, for the added key
Figure 578974DEST_PATH_IMAGE072
Inserting it into
Figure 696972DEST_PATH_IMAGE073
Head, thus only requiring
Figure 44777DEST_PATH_IMAGE074
To pair
Figure 844105DEST_PATH_IMAGE075
Performing intersection operation on all other keywords in the Chinese character string and generating
Figure 423948DEST_PATH_IMAGE076
Put it into a dictionary
Figure 978426DEST_PATH_IMAGE077
Thus, the new key intersection encrypts the index
Figure 813527DEST_PATH_IMAGE078
After the generation, it is combined with
Figure 682126DEST_PATH_IMAGE079
The combination is carried out, and the combination,
Figure 653493DEST_PATH_IMAGE080
and (5) finishing updating.
2. The encrypted boolean search system supporting dynamic update in a cloud environment using the encrypted boolean search method supporting dynamic update in a cloud environment of claim 1, characterized by comprising the following units:
a key generation unit for generating different keys by a data owner;
a key encryption index generation unit for generating a key encryption index including an encryption index of a single key by a data owner
Figure DEST_PATH_IMAGE081
And encryption index of intersection between keywords
Figure DEST_PATH_IMAGE082
A search request transmitting unit for transmitting a search request to the data owner by a search user;
the search token key sending unit is used for sending the search token key to the search user after the data owner verifies the identity of the search user;
a search token generation unit for generating a search token by a search user using a search token key;
the Boolean search unit is used for performing Boolean search on the cloud server according to the request of the search user and then returning the encrypted search result to the search user;
the search result decryption unit is used for decrypting the Boolean search result by the search user;
and the index dynamic updating unit is used for dynamically updating the keyword index when the keyword set changes.
CN202111639831.XA 2021-12-30 2021-12-30 Encrypted Boolean search method and system supporting dynamic update in cloud environment Active CN114003942B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111639831.XA CN114003942B (en) 2021-12-30 2021-12-30 Encrypted Boolean search method and system supporting dynamic update in cloud environment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111639831.XA CN114003942B (en) 2021-12-30 2021-12-30 Encrypted Boolean search method and system supporting dynamic update in cloud environment

Publications (2)

Publication Number Publication Date
CN114003942A CN114003942A (en) 2022-02-01
CN114003942B true CN114003942B (en) 2022-03-29

Family

ID=79932254

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111639831.XA Active CN114003942B (en) 2021-12-30 2021-12-30 Encrypted Boolean search method and system supporting dynamic update in cloud environment

Country Status (1)

Country Link
CN (1) CN114003942B (en)

Family Cites Families (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10554385B2 (en) * 2015-09-04 2020-02-04 Nec Corporation Method for providing encrypted data in a database and method for searching on encrypted data
EP3264289B1 (en) * 2016-06-30 2020-08-05 Huawei Technologies Co., Ltd. System and method for searching over encrypted data using a boolean search query
WO2018070932A1 (en) * 2016-10-14 2018-04-19 Huawei International Pte. Ltd. System and method for querying an encrypted database for documents satisfying an expressive keyword access structure
US11550833B2 (en) * 2017-10-24 2023-01-10 University Of Louisiana At Lafayette Architecture for semantic search over encrypted data in the cloud
CN110908959A (en) * 2019-10-30 2020-03-24 西安电子科技大学 Dynamic searchable encryption method supporting multi-keyword and result sorting
CN111913981B (en) * 2020-06-09 2022-04-22 华南理工大学 Online and offline attribute-based boolean keyword searchable encryption method and system

Also Published As

Publication number Publication date
CN114003942A (en) 2022-02-01

Similar Documents

Publication Publication Date Title
Sun et al. Practical non-interactive searchable encryption with forward and backward privacy
Du et al. Privacy-preserving indexing and query processing for secure dynamic cloud storage
CN106803784B (en) Lattice-based multi-user fuzzy searchable encryption method in secure multimedia cloud storage
US9355271B2 (en) System and method for dynamic, non-interactive, and parallelizable searchable symmetric encryption
CN109660555B (en) Content secure sharing method and system based on proxy re-encryption
CN112270006A (en) Searchable encryption method for hiding search mode and access mode in e-commerce platform
CN112800088A (en) Database ciphertext retrieval system and method based on bidirectional security index
WO2023044963A1 (en) Method and system for re-encrypting threshold proxy based on attribute condition
CN112800445B (en) Boolean query method for forward and backward security and verifiability of ciphertext data
JP6599066B1 (en) Registration device, server device, secret search system, secret search method, registration program, and server program
Jiang et al. An Efficient Symmetric Searchable Encryption Scheme for Cloud Storage.
Sun et al. A dynamic and non-interactive boolean searchable symmetric encryption in multi-client setting
Zhang et al. A dynamic searchable symmetric encryption scheme for multiuser with forward and backward security
CN109783456B (en) Duplication removing structure building method, duplication removing method, file retrieving method and duplication removing system
CN107294701B (en) Multidimensional ciphertext interval query device and method with efficient key management
CN109672525B (en) Searchable public key encryption method and system with forward index
Yan et al. Secure and efficient big data deduplication in fog computing
CN116107967B (en) Multi-keyword ciphertext searching method and system based on homomorphic encryption and tree structure
CN108920968B (en) File searchable encryption method based on connection keywords
CN114003942B (en) Encrypted Boolean search method and system supporting dynamic update in cloud environment
CN110928980A (en) Ciphertext data storage and retrieval method for mobile cloud computing
CN112507357B (en) Multi-stage interface design method based on key generator
KR20100003093A (en) Method of producing searchable keyword encryption based on public key for minimizing data size of searchable keyword encryption and method of searching data based on public key through that
WO2022076327A1 (en) Decentralized multi-authority attribute-based encryption
CN113065146A (en) Homomorphic encryption method for block chain data protection

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant