CN114357477B - Boolean keyword searchable encryption method supporting large-scale user group - Google Patents
Boolean keyword searchable encryption method supporting large-scale user group Download PDFInfo
- Publication number
- CN114357477B CN114357477B CN202111561029.3A CN202111561029A CN114357477B CN 114357477 B CN114357477 B CN 114357477B CN 202111561029 A CN202111561029 A CN 202111561029A CN 114357477 B CN114357477 B CN 114357477B
- Authority
- CN
- China
- Prior art keywords
- keyword
- node
- calculation
- attribute
- recursive
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000004364 calculation method Methods 0.000 claims description 82
- 238000006243 chemical reaction Methods 0.000 claims description 46
- 238000012795 verification Methods 0.000 claims description 26
- 230000014509 gene expression Effects 0.000 claims description 23
- 238000013507 mapping Methods 0.000 claims description 11
- 125000004122 cyclic group Chemical group 0.000 claims description 9
- 230000008569 process Effects 0.000 claims description 9
- 241000764238 Isis Species 0.000 claims description 2
- 230000002776 aggregation Effects 0.000 claims 1
- 238000004220 aggregation Methods 0.000 claims 1
- 230000008520 organization Effects 0.000 abstract description 10
- 239000003814 drug Substances 0.000 description 11
- 201000010099 disease Diseases 0.000 description 10
- 208000037265 diseases, disorders, signs and symptoms Diseases 0.000 description 10
- 229940079593 drug Drugs 0.000 description 10
- SNIOPGDIGTZGOP-UHFFFAOYSA-N Nitroglycerin Chemical compound [O-][N+](=O)OCC(O[N+]([O-])=O)CO[N+]([O-])=O SNIOPGDIGTZGOP-UHFFFAOYSA-N 0.000 description 5
- 239000000006 Nitroglycerin Substances 0.000 description 5
- 229960003711 glyceryl trinitrate Drugs 0.000 description 5
- 208000019622 heart disease Diseases 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 206010020772 Hypertension Diseases 0.000 description 2
- XSDQTOBWRPYKKA-UHFFFAOYSA-N amiloride Chemical compound NC(=N)NC(=O)C1=NC(Cl)=C(N)N=C1N XSDQTOBWRPYKKA-UHFFFAOYSA-N 0.000 description 2
- 229960002576 amiloride Drugs 0.000 description 2
- 239000002131 composite material Substances 0.000 description 2
- BSYNRYMUTXBXSQ-UHFFFAOYSA-N Aspirin Chemical compound CC(=O)OC1=CC=CC=C1C(O)=O BSYNRYMUTXBXSQ-UHFFFAOYSA-N 0.000 description 1
- 241001643392 Cyclea Species 0.000 description 1
- 206010052568 Urticaria chronic Diseases 0.000 description 1
- 229960001138 acetylsalicylic acid Drugs 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 208000024376 chronic urticaria Diseases 0.000 description 1
- 208000029078 coronary artery disease Diseases 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 206010012601 diabetes mellitus Diseases 0.000 description 1
- 238000001647 drug administration Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 229960003088 loratadine Drugs 0.000 description 1
- JCCNYMKQOSZNPW-UHFFFAOYSA-N loratadine Chemical compound C1CN(C(=O)OCC)CCC1=C1C2=NC=CC=C2CCC2=CC(Cl)=CC=C21 JCCNYMKQOSZNPW-UHFFFAOYSA-N 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 239000000126 substance Substances 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a Boolean keyword searchable encryption method supporting a large-scale user group, which is based on a recursive attribute set structure, an access tree structure and a recursive keyword set structure, and realizes flexible access policy matching and fine-grained access control on the premise of facing the large-scale user. Firstly, the invention supports a more flexible data user attribute organization mode and more flexible access strategy matching, thereby realizing more efficient access control. The invention uses the access tree to represent the access strategy and organizes the data user attributes in a recursive set structure, thereby realizing more efficient access strategy matching. In addition, the invention also supports a more flexible keyword organization mode and Boolean keyword retrieval. In the invention, the flexible keyword organization and Boolean keyword search are realized by adopting a method of organizing keywords into a recursive set and performing Boolean matching operation.
Description
Technical Field
The invention relates to the technical field of cryptography, in particular to a Boolean keyword searchable encryption method supporting a large-scale user group.
Background
In order to be able to provide the user with the ability to search for keywords on ciphertext data, a searchable encryption (Searchable Encryption, SE for short) technique is proposed as a solution. The existing searchable encryption schemes can be divided into two types according to different encryption methods, symmetric searchable encryption (Symmetric Searchable Encryption, SSE for short) and Public key searchable encryption (PEKS for short). In a public-key searchable encryption scheme, a data owner encrypts data using a public key of a given user before uploading the data to a cloud server, after which the user can search and decrypt the data using their private key.
However, the basic PEKS scheme has limitations in some practical application scenarios. For example, in a healthcare system, personal health information of a patient can only be retrieved by authorized doctors of a specified identity. In this case, in order to achieve both keyword query and fine-grained access control on encrypted data, researchers have proposed attribute-based searchable encryption methods, and there are many works on which there are corresponding researches.
While existing work provides solutions for attribute-based keyword searching, no solution exists at present that can support three aspects of flexible access policy matching, flexible expression of user attributes and flexible keyword searching on the premise of facing large-scale users. Therefore, how to design a perfect keyword searching method based on attributes capable of supporting large-scale users aiming at the three aspects of contents under the background of rapid development of big data and cloud computing nowadays becomes a problem to be solved.
Disclosure of Invention
The invention aims to solve the defects in the prior art and provide a Boolean keyword searchable encryption method supporting a large-scale user group. Under the background of cloud computing, the invention realizes flexible access policy matching and fine-grained access control on the premise of facing large-scale users based on a recursive attribute set structure, an access tree structure and a recursive keyword set structure. By using boolean search to support multi-keyword search, data of interest to a user can be effectively and flexibly located, and three aspects of flexible access policy matching, flexible expression of user attributes and flexible keyword search are satisfied.
The aim of the invention can be achieved by adopting the following technical scheme:
a boolean keyword searchable encryption method supporting a large-scale user group, the encryption method comprising the steps of:
s1, initializing a system: the trusted authority TA generates a public key pk and a master key mk according to the security parameter K, and publicly distributes the public key pk to the cloud server;
s2, generating a private key: the data user organizes its own attributes into a recursive attribute setIt is then sent to the trusted authority TA, which uses the master key mk and the recursive property set +.>Generating a private key sk and transmitting the private key sk to the data user, wherein the attribute set +.>Is resolved into { A } 0 ,A 1 ,...,A n },A i Representation->The ith sub-attribute set in (1) assuming sub-attribute set A i Containing m i Personal attributes (i.e.)>Wherein a is i,j Representing the sub-attribute set A i The j-th attribute of (a);
s3, encryption: data owner uses system public key pk, recursive keyword set And Access Tree->Generating a ciphertext C for the document, uploading the ciphertext C to a cloud server, and recursing the keyword set W V Element->Representing the ith subset of the recursive keyword set, is parsed into (w ρ(i′,1) ,w ρ(i′,2) ,...,) Recursive keyword name set +.>Recursive keyword set W V Having the same structure, elements in the set +.>Representing a recursive keyword name setIs resolved into (ρ (i ', 1), ρ (i', 2),. ρ (i ', m' i′ ) And), wherein m' i′ Representing the number of keywords in the ith keyword subset, ρ (i ', j') representing the name of the jth keyword in the ith keyword subset, w ρ(i′,j′) A value representing the j 'th keyword in the i' th keyword subset;
s4, search token generation: the data user uses the private key obtained in the step S2 to combine the local Boolean keyword value expression B of the data user V Generating a retrieval token TK, wherein B V Is an access tree structure, B N Expressed is a Boolean keyword name expression with sum B V The same access tree structure for B V Leaf nodes in (a)The keyword value is expressed as +.>Wherein the method comprises the steps ofRepresenting the corresponding keyword names;
s5, ciphertext search: and (3) the data user sends the retrieval token TK generated in the step (S4) to the cloud server, after the cloud server receives the retrieval token TK, the cloud server checks the ciphertext C stored on the cloud server by using the retrieval token TK, whether the ciphertext C is matched or not is checked, and the ciphertext C meeting the matching condition is sent to the data user.
Further, the step S1 is as follows:
s1a, trusted authority TA uses group generatorExecution->Generation of (p, G, G) T E), wherein p is a prime number, G and G T For the p-order cycleA ring group, G is a generator of G, e: g is G.fwdarw.G T Is a bilinear map;
s1b, a trusted authority TA selects two anti-collision hash functions H 0 (. Cndot.) and H 1 (. Cndot.) wherein the hash function H 0 (. Cndot.) satisfies the following mapping:wherein (1)>Is the set of all numbers that are prime to prime p, the hash function H 1 (. Cndot.) satisfies the following mapping: {0,1} * →G;
S1c, a trusted authority TA randomly selects first, second, third and fourth parameters beta for realizing private key generation, document encryption and generation of search tokens 1 ,β 2 ,α,And by calculation ∈>
S1d, the trusted authority TA obtains the system public key according to the variables Master key mk=<β 1 ,β 2 ,α>。
Further, the step S2 is as follows:
s2a, trusted authority TA is a recursive attribute setRandom selection->For recursive property set->Each subset A i Select r i Wherein r is the attribute set +.>Parameters r for subsequent and access tree matching verification i Is an attribute set->Subset A of (2) i Parameters for matching verification of subsequent and access trees, assuming recursive property set +. >N+1 subsets are shared, and for the 2 nd to n+1 th subsets, their parameters r i Satisfy->Let 1 st subset A 0 Parameter r of (2) 0 =r,Is a set of all numbers that interprime with prime number p;
s2b, trusted authority TA also needs to be a recursive attribute setEach attribute a of (a) i,j Selecting a parameter r i,j For subsequent matching calculations, wherein +.>
S2c, trusted authority TA calculationFor subsequent generation->Calculate-> And->For subsequent generation->And->Wherein i is more than or equal to 0 and less than or equal to n, j is more than or equal to 1 and less than or equal to m i ;
S2d, trusted authority TA calculationFor subsequent generation->Wherein i is more than or equal to 1 and less than or equal to n;
s2e, the trusted authority TA obtains the private key of the data user according to the variablesAnd sends it to the data user.
Further, the step S3 is as follows:
s3a, randomly selecting a recursive keyword set W by a data owner V Parameters for match verificationIs the set of all numbers that are prime to prime p, and calculates the parameters for ciphertext and keyword match verification calculation +.>And parameters for conversion calculation at conversion node +.>
S3b, the data owner generates a set containing n' random parametersWherein s is i′ Is a recursive keyword set W V Is>Parameters for match verification, let s0=s, be subset +. >Parameters for performing matching verification;
s3c, the data owner generates a random parameter set for subsequent matching calculationWherein s is i′,j′ Corresponding keyword w ρ(i′,j′) ;
S3d, calculating parameters for calculating keyword matching algorithm DecryptNodeII by a data ownerAnd->Wherein, i 'is more than or equal to 0 and less than or equal to n', j 'is more than or equal to 1 and less than or equal to m' i′ Keyword matching algorithm DecryptNodeII is used for ciphertext and search token keyword matching calculation, and then calculation enables subset of recursive keyword set to be +.>S of (2) i′ Conversion to subset->S of (2) 0 Parameter of->Wherein i 'is more than or equal to 1 and n';
s3e, data owner uses secret sharing algorithm Computing secret sharing of s, where q v (0) Values of constants in secret sharing polynomial representing node v, +.>Representing Access Tree->Leaf node of->Representation according to s and access tree->Running a secret sharing algorithm;
s3f, data owner is directed to access treeIs calculated for the attribute matching algorithm DecryptNodeI calculation>And->Attribute matching algorithm DecryptNodeI for user attribute set sumAccessing tree matching calculation;
s3g, to access the treeIs expressed as +.>For every node-> Data owner calculation->Wherein (1)>The support sets are mutually converted at a conversion node x;
S3h, obtaining ciphertext by the data owner according to the variables obtained in the steps
Further, the step S4 is as follows:
s4a, randomly selecting a value by a data userFor subsequent parameter generation and for calculation of parameters for conversion calculation at conversion nodes +.>
S4b, data user uses secret sharing algorithmCalculating a secret fraction of tShared, for each leaf node->Data user calculates the parameter +.f for the subsequent keyword matching algorithm DecryptNodeII calculation>And-> For each conversion node->The data user calculates the parameters for the conversion calculation at the conversion node +.>
S4c, the data user analyzes the private key sk into the following steps of And calculates the parameter ++for ciphertext and keyword match verification calculation> Parameter +.>And->Wherein i is more than or equal to 0 and less than or equal to n, j is more than or equal to 1 and less than or equal to m i The method comprises the steps of carrying out a first treatment on the surface of the And enable subset A i R of (2) i Conversion to subset A 0 R of (2) 0 Parameter of->Wherein i is more than or equal to 1 and less than or equal to n;
s4d, obtaining the retrieval token by the data user according to the variables obtained in the steps
Further, the step S5 is as follows:
s5a, the cloud server analyzes the ciphertext C into a ciphertext C Parsing the search token TK into
S5b, according to the access treeAnd attribute set->For access tree +.>The cloud server returns a set S τ Wherein S is τ The elements of (a) are labels of node tau, each label u corresponding to oneSet A u Each set A u Can satisfy sub access tree->For root node R, there is +.> The corresponding set is S R ;
S5c, if the attribute setSatisfy Access Tree->Then for each node τ, the slave set S is random τ Selecting a label, marked as u, and running an attribute matching algorithm DecryptNodeI (C, TK, τ, u) which inputs ciphertext C, retrieves token TK, node τ and label u by calculating ∈>Outputting the calculation result F of the node tau τ Wherein C τ And C' τ Is the parameter corresponding to node tau in ciphertext C, < >>And->Is the search token TK node tau in subset A u Parameters of corresponding attributes in the database; if there is no access tree satisfied->Attribute set +.>Return to "0”;
S5d, for a given recursive keyword name set W N And boolean keyword name expression B N For each node of BNThe cloud server calculates a tag set +.>Each tag h corresponds to a subset of WN +.>Each subset ofSubtree of BN can be satisfied->For root node->There is->The corresponding set is +.>
S5e, if recursive keyword name Structure W N Satisfy boolean keyword name expression B N Then for each nodeRandom Slave set- >Selecting a tag, labeled h, and running a keyword matching algorithm +.>The algorithm inputs ciphertext C, retrieves token TK, node +.>And tag h by calculating +.>Output node->Is->Wherein (1)>And->Is the node in the search token TK->Corresponding parameters, C ρ(h,j′) And C' ρ(h,j′) Is the junction +.>In subset->Parameters corresponding to keyword names; if not, satisfying Boolean keyword name expression B N Recursive keyword name structure W N Then return to "0";
s5f, calculating parameters for verifying matching calculation by using cloud serverAnd judgeWhether or not it is, wherein->The result of matching calculation of the ciphertext keyword and the user search keyword is that of matching calculation of the access tree and the user attribute is F, and if the result is true, 0 is output; if not, outputting a '1'; wherein e (G, G) represents the mapping of two elements in the cyclic group G into the multiplicative cyclic group G T Is a component of the group.
Compared with the prior art, the invention has the following advantages and effects:
1. flexible access policy expression. The invention allows the data owner to implement the access strategy to the data, wherein the access strategy is expressed in the form of an access tree with conversion nodes, not only supports the Boolean expressions nested by logic words such as AND, OR AND the like, but also selectively allows the data user to combine the attributes in the attribute set to meet the access strategy, AND can help the data owner flexibly control AND authorize the data.
2. Flexible keyword and data user attribute organization forms. The invention organizes the attributes of the key words and the data users in a recursive set, and can solve the problem that the composite key words and the data users have composite attributes.
3. Boolean keyword searches are supported. The invention also supports Boolean keyword search in which keywords are organized into access tree form, which brings greater flexibility to data users in searching encrypted data and supports search strategies of nesting logic words such as AND, OR, NOT. The method helps the user to accurately find the required data and reduces the transmission cost and the calculation cost.
4. Practicality and safety. The invention adopts the combination order group, bilinear mapping, access tree and recursion attribute set to construct, has the characteristics of strategy hiding and leakage resistance, has stronger safety, provides flexible access strategy expression, efficient access strategy matching and flexible expression of keyword searching, and has better practicability.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this application, illustrate embodiments of the invention and together with the description serve to explain the invention and do not constitute a limitation on the invention. In the drawings:
FIG. 1 is a flowchart of a searchable encryption methodology disclosed in the present invention that supports fine-grained access control and Boolean keyword searching based on an access tree structure;
FIG. 2 is a schematic diagram of an application environment of a searchable encryption method supporting fine-grained Boolean access control and Boolean keyword retrieval disclosed in the present invention;
FIG. 3 is a block diagram of a searchable encryption system supporting fine-grained Boolean access control and Boolean keyword retrieval as disclosed in the present invention;
FIG. 4 is an access policy diagram set by the data owner;
FIG. 5 is another access policy diagram set by a data owner.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Example 1
The flexible Access policy matching can help the data owner to flexibly manage the data, and most of the existing works adopt Access policies represented by an Access Tree (Access Tree) or a linear password sharing scheme (Linear Secret Sharing Schemes, LSSS for short); the expression mode of the user attribute can support more fine-grained access control, and most of the existing works combine the user attribute in the form of character strings or combine the attribute into a single attribute set or a recursive attribute set structure; the flexible keyword search can bring flexible selection to the search of the data user, and the existing scheme mainly supports one of the following three search modes: matching search, connecting keyword search and boolean keyword search, wherein the matching search has the worst flexibility and the boolean keyword search has the best flexibility.
In a practical application scenario, the attributes of the data user are very complex, such as data user a, which can be a researcher of university a, a master of a pharmaceutical department, and a professor of a chemical department. Therefore, in a scenario facing large-scale users, reasonable organization of user attributes and flexible access control matching are also key to implementation of the scheme. Under such a premise, flexible keyword organization and an efficient keyword search method are also key to improving overall performance.
The Boolean keyword searchable encryption method of the three contents of flexible access policy matching, flexible expression of user attributes and flexible keyword search is supported on the premise of facing large-scale users.
Before introducing the technical scheme, the mathematical foundation and definition related to the invention are firstly described as follows:
bilinear pair
Let G and G T Is two p-order cyclic groups, and G is the generator of G. Bilinear map e: G x G → G T The following properties are satisfied:
(1) Bilinear: for any G, h E G, a, b E Z p Has e (g) a ,h b )=e(g,h) ab 。
(2) Non-degradability: e (g, g) +.1.
Wherein e (G, G) represents the mapping of two elements in the cyclic group G into the multiplicative cyclic group G T Without losing its isomorphism.
The technical scheme provided by the embodiment is a boolean searchable encryption scheme supporting fine-grained boolean access control, flexible attribute set structure and keyword structure, comprising the following steps:
s1, initializing a system: the trusted authority TA generates a public key pk and a master key mk according to the security parameter K, and publicly distributes the public key pk to the cloud server.
The trusted authority TA is a completely trusted third party security mechanism and is responsible for generating a pair of a system public key pk and a master key mk, and generating a corresponding private key sk according to an attribute set of a data user, where the system public key pk, the master key mk and the private key sk are binary codes with a certain length.
After the trusted authority TA generates the public key pk and the master key mk, the public key pk is published in a cloud storage server or broadcast to all users in the system, and all users in the system have the authority to access the public key pk; the master key mk is properly stored in the trusted authority TA, only the trusted authority TA having access to the master key mk.
The specific process of the step is as follows:
s1a, trusted authority TA uses group generator Execution->Generation of (p, G, G) T E), wherein p is a prime number, G and G T For a cyclic group of order p, G is the generator of G, e: g is G.fwdarw.G T Is a bilinear map;
s1b, a trusted authority TA selects two anti-collision hash functions H 0 (. Cndot.) and H 1 (. Cndot.) wherein the hash function H 0 (. Cndot.) satisfies the following mapping:wherein (1)>Is the set of all numbers that are prime to prime p, the hash function H 1 (. Cndot.) satisfies the following mapping: {0,1} * →G;
S1c, randomly selecting a first, a second, a third and a third which are used for realizing private key generation, document encryption and generation of search tokens by a trusted authority TAFour parameters beta 1 ,β 2 ,α,And by calculation ∈>
S1d, the trusted authority TA obtains the system public key according to the variables Master key mk=<β 1 ,β 2 ,α>。
S2, generating a private key: the data user organizes its own attributes into a recursive attribute setIt is then sent to the trusted authority TA, which uses the master key mk and the recursive property set +.>Generating a private key sk and transmitting the private key sk to the data user, wherein the attribute set +.>Is resolved into { A } 0 ,A 1 ,...,A n },A i Representation->The ith sub-attribute set in (1) assuming sub-attribute set A i Containing m i The property can be expressed as +.>Wherein a is i,j Representing the sub-attribute set A i Is the j-th attribute in (a).
The specific process of the step is as follows:
s2a, trusted authority TA is a recursive attribute setRandom selection->For recursive property set->Each subset A i Select r i Wherein r is the attribute set +.>Parameters r for subsequent and access tree matching verification i Is an attribute set->Subset A of (2) i Parameters for matching verification of subsequent and access trees, assuming recursive property set +.>N+1 subsets are shared, and for the 2 nd to n+1 th subsets, their parameters r i Satisfy->Let 1 st subset A 0 Parameter r of (2) 0 =r;
S2b, trusted authority TA also needs to be a recursive attribute setEach attribute a of (a) i,j Selecting a parameter r i,j For subsequent matching calculations, wherein +.>
S2c, trusted authority TA calculationFor subsequent generation->Calculate-> And->For subsequent generation->And->Wherein i is more than or equal to 0 and less than or equal to n, j is more than or equal to 1 and less than or equal to m i ;
S2d, trusted authority TA calculationFor subsequent generation->Wherein i is more than or equal to 1 and less than or equal to n;
s2e, the trusted authority TA obtains the private key of the data user according to the variablesAnd sends it to the data user.
S3, encryption: data owner uses system public key pk, recursive keyword set And Access Tree->Generating a ciphertext C for the document, uploading the ciphertext C to a cloud server, and recursing the keyword set W V Element->Representing the ith subset of the recursive keyword set, is parsed intoRecursive keyword name set +.>Recursive keyword set W V Having the same structure, elements in the set +.>Represented is the i ' th subset in the recursive keyword name set, parsed into (ρ (i ', 1), ρ (i ', 2),. ρ (i ', m ' i′ ) And), wherein m' i′ Representing the number of keywords in the ith keyword subset, ρ (i ', j') representing the name of the jth keyword in the ith keyword subset, w ρ(i′,j′) A value representing the j 'th keyword in the i' th keyword subset;
the specific process of the step is as follows:
s3a, randomly selecting a recursive keyword set W by a data owner V Parameters for match verificationAnd calculate the parameter ++for ciphertext and keyword match verification calculation>And parameters for conversion calculation at conversion node +.>
S3b, the data owner generates a set containing n' random parameterss i′ Is a recursive keyword set W V Is>Parameters for matching verification, let s 0 =s, is a subset->Parameters for performing matching verification;
s3c, the data owner generates a random parameter set for subsequent matching calculation Wherein s is i′,j′ Corresponding keyword w ρ(i′,j′) ;
S3d, calculating parameters for calculating keyword matching algorithm DecryptNodeII by a data ownerWherein, i 'is more than or equal to 0 and less than or equal to n', j 'is more than or equal to 1 and less than or equal to m' i′ Keyword matching algorithm DecryptNodeII is an algorithm for ciphertext and search token keyword matching calculation followed by calculation to enable a subset of the recursive keyword set +.>S of (2) i′ Conversion to subset->S0 parameter of (2)Wherein i' is more than or equal to 1 and n;
s3e, data owner uses secret sharing algorithmMethod of Computing secret sharing of s, where q v (0) Values of constants in secret sharing polynomial representing node v, +.>Representing Access Tree->Leaf node of->Representation according to s and access tree->Running a secret sharing algorithm;
s3f, data owner is directed to access treeParameters and +.about.f. for the calculation of the attribute matching algorithm DecryptNodeI are calculated for each leaf node of (A)>And->The attribute matching algorithm DecryptNodeI is an algorithm for matching calculation of a user attribute set and an access tree;
s3g, to access the treeIs expressed as +.>For every node-> Data owner calculation->Wherein (1)>The support sets are mutually converted at a conversion node x;
s3h, obtaining ciphertext by the data owner according to the variables obtained in the steps
S4, search token generation: the data user uses the private key obtained in the step S2 to combine the local Boolean keyword value expression B of the data user V Generating a retrieval token TK, wherein B V Is an access tree structure, B N Expressed is a Boolean keyword name expression with sum B V The same access tree structure for B V Leaf nodes in (a)The keyword value is expressed as +.>Wherein the method comprises the steps ofRepresenting the corresponding keyword names; the specific process of the step is as follows:
s4a, randomly selecting a value by a data userFor subsequent parameter generation and computation for conversion at conversion nodesCalculated parameters->
S4b, data user uses secret sharing algorithmSecret sharing of t is calculated +.>Data user calculates the parameter +.f for the subsequent keyword matching algorithm DecryptNodeII calculation>And-> For each conversion node->The data user calculates the parameters for the conversion calculation at the conversion node +.>
S4c, the data user analyzes the private key sk into the following steps of And calculates the parameter ++for ciphertext and keyword match verification calculation> Parameter +.>And->Wherein i is more than or equal to 0 and less than or equal to n, j is more than or equal to 1 and less than or equal to m i The method comprises the steps of carrying out a first treatment on the surface of the And enable subset A i R of (2) i Conversion to subset A 0 R of (2) 0 Parameter of->Wherein i is more than or equal to 1 and less than or equal to n;
s4d, obtaining the retrieval token by the data user according to the variables obtained in the steps
S5, ciphertext search: and (3) the data user sends the retrieval token TK generated in the step (S4) to the cloud server, after the cloud server receives the retrieval token TK, the cloud server checks the ciphertext C stored on the cloud server by using the retrieval token TK, whether the ciphertext C is matched or not is checked, and the ciphertext C meeting the matching condition is sent to the data user.
The specific process of the step is as follows:
s5a, the cloud server analyzes the ciphertext C into a ciphertext C Parsing the search token TK into
S5b, according to the access treeAnd attribute set->For access tree +.>The cloud server returns a set S τ Wherein S is τ Is the label of node tau, each label u corresponds to a set a u Each set A u Can satisfy sub access tree->For root node R, there is +.> The corresponding set is S R ;
S5c, if the attribute setSatisfy Access Tree->Then for each node τ, the slave set S is random τ Selecting a label, marked as u, and running an attribute matching algorithm DecryptNodeI (C, TK, τ, u) which inputs ciphertext C, retrieves token TK, node τ and label u by calculating ∈>Returning the calculation result of the output node tau to F τ Wherein C τ And C' τ Is the node tau corresponding in ciphertext CParameter of->And->Is the search token TK node tau in subset A u Parameters of corresponding attributes in the database; if there is no access tree satisfied->Attribute set +.>Then a "0" is returned.
According to the node type of tau, u in the attribute matching algorithm DecryptNodeI (C, TK, tau, u) has the following two different calculation modes:
when the node tau is a leaf node, if the attribute att (tau) epsilon A corresponding to the node tau i Then the attribute matching algorithm DecryptNodeI (C, TK, τ, u) is run and outputOtherwise, the algorithm returns 'T';
when the node tau is a non-leaf node, the cloud server first calculates a k containing the node tau τ Set E of sub-nodes τ ,E τ Each node z of (1) must satisfy a set of labels S for which label u belongs to z z ,u∈S z Or z is a conversion node and there is at least one tag u' e S z The method comprises the steps of carrying out a first treatment on the surface of the Then running attribute matching algorithm DecryptNodeI (C, TK, z, u'), outputtingThen, F 'is paired according to the value of the tag u' z Conversion using a conversion formula, when u=0, calculate +.>Outputting the calculated result +.>Wherein->Is the corresponding parameter of tag u' in the search token TK,/or->Is the parameter corresponding to the node z in the ciphertext C; when u.noteq.0, calculate +. >Outputting the calculated result +.>Wherein->Is the parameter corresponding to the tag u in the search token TK;
complete E of calculation τ After each node of (2), F is calculated using the following formula τ :
Wherein,,k=index(z),U z ={index(z):z∈E τ the function of index (·) is to obtain the label of the node;
then, the attribute matching algorithm DecryptNodeI (C, TK, R, u) is operated to calculate the root node R, and when the label u=0 of R, the calculation result F is output R =e(g,g) trs The method comprises the steps of carrying out a first treatment on the surface of the When u is not equal to 0, the calculation result is outputFinally, F is calculated from the tag u, and when the tag u=0, let f=f R The method comprises the steps of carrying out a first treatment on the surface of the When u+.0, calculateOutputting the calculated result f=e (g, g) trs 。
S5d, for a given recursive keyword name set W N And boolean keyword name expression B N For each node of BNThe cloud server calculates a tag set +.>Each tag h corresponds to a subset of WN +.>Each subset ofSubtree of BN can be satisfied->For root node->There is->The corresponding set is +.>
S5e, if recursive keyword name Structure W N Satisfy boolean keyword name expression B N Then for each nodeRandom Slave set->Selecting a labelLabel marked h and running keyword matching algorithm +.>The algorithm inputs ciphertext C, retrieves token TK, node +.>And tag h by calculating +. >Output node->Is calculated according to the calculation result of (2)Wherein (1)>And->Is the node in the search token TK->Corresponding parameters, C ρ(h,j′) And C' ρ(h,j′) Is the junction +.>In subset->Parameters corresponding to keyword names; if not, satisfying Boolean keyword name expression B N The recursive keyword name structure WN of (c) returns a "0". According to->Is a node type of (a) keyword matching algorithm +.>There are two different calculation modes: />
When the node isIs a leaf node, if->Keyword matching algorithmReturning to the reverse T shape; otherwise, assume->ThenAnd running a keyword matching algorithm +.>Output result->Wherein s is h Representation subset->Corresponding matching verification random number, +.>A constant in a secret sharing polynomial representing node τ; when node->When the node is a non-leaf node, the cloud server firstly calculates a node containing +.>Is->The set of child nodes->Each node->Must satisfy the label h belonging to->Tag set +.> Or->Is a switching node and at least one tag is present +.>Then, a keyword matching algorithm is operatedOutput->Then, according to the value pair of tag h +.>Conversion using a conversion formula, when h=0, calculate +.>Outputting the calculated result +.>Wherein->Is node->Corresponding parameters, K, in the search token TK h′ Is the corresponding parameter of the tag h' in the ciphertext C; when h.noteq.0, calculate +.> Outputting the calculated result +.>Wherein K is h Is the corresponding parameter of tag h in ciphertext C.
After the calculation is completedAfter each node of (2), the following formula is used to calculate +.>
Wherein,,then, a keyword matching algorithm is run +.>For root node->Calculation is performed when->Is the standard of (2)When sign h=0, outputting the calculation result +.>When h is not equal to 0, outputting the calculation result +.>Finally, calculate +_based on tag h>When tag h=0, let +.>When h.noteq.0, calculate +.>Outputting the calculated result +.>
S5f, calculating parameters for verifying matching calculation by using cloud serverAnd judgeWhether or not it is, wherein->The result of matching calculation of the ciphertext keyword and the user search keyword is that of matching calculation of the access tree and the user attribute is F, and if the result is true, 0 is output; if not, a "1" is output.
Example 2
As shown in fig. 3, the present embodiment further provides a boolean keyword ciphertext retrieval system for a large-scale user, which includes the following four parts: the cloud storage subsystem is operated on the cloud server; an encryption subsystem running at the data owner side; a user retrieval token generation and decryption subsystem running on the data user side; an initialization and private key generation subsystem running in the trusted authority TA.
The initialization and private key generation subsystem running in the trusted authority TA comprises the following modules: the system comprises an initialization module, a master key storage module and a private key generation module. The system comprises an initialization module, a master key storage module, a trusted authority TA, a cloud server and a cloud server, wherein the initialization module is used for generating a system public key and a master key, publishing the system public key to the cloud server in a public way, storing the master key to the master key storage module, and the master key storage module is used for storing the master key and only allowing the trusted authority TA to access; the private key generation module is used for receiving the attribute set of the data userGenerating a user private key sk by using the master key, and sending the user private key sk to the data user.
The cloud storage subsystem running on the cloud server comprises the following modules: the system comprises a system public key disclosure module, a storage module and a retrieval module. The system public key module publicly distributes a system public key pk generated by a trusted authority TA; the storage module is used for storing the encrypted data ciphertext of the data owner; the retrieval module carries out one-to-one matching operation on the retrieval token and the data ciphertext, and sends the data ciphertext meeting the matching condition to the data user after the data ciphertext is obtained from the storage module.
The encryption subsystem running on the data owner side comprises a data encryption module, the data encryption module obtains a system public key from the cloud server, encrypts a file by using the key and an access strategy defined by the data owner, obtains a data ciphertext, and sends the data ciphertext to the cloud server.
The user retrieval token generation and decryption subsystem running on the data user side comprises the following modules: the system comprises a search token generation module, a user search module and a data decryption module. The search token generation module is responsible for generating a search token by using a private key of a data user and a keyword predicate of a user query; the user retrieval module is responsible for sending the retrieval token to the cloud server to complete the retrieval operation; and the data decryption module decrypts the retrieved data ciphertext by using the user private key to recover the plaintext content.
To further illustrate this approach, a searchable encryption methodology supporting flexible access policy matching, flexible user attribute organization, and boolean keyword retrieval for application to healthcare scenarios in accordance with an embodiment of the present invention is described below in conjunction with fig. 2.
In this embodiment, the keyword set structure of the file has a height of 2; the access policy access tree height of the data owner is 2; the data user's attribute set structure height is 2. The specific flow in this example is as follows:
t1, a trusted authority TA operates an initialization module, generates a system public key pk and a master key mk according to a security parameter K, and publishes the system public key pk to a cloud server; at the same time, the data user sends own attribute set to the trusted authority TA The set of attributes for data user 1 is represented as: { institution: university A, job site: researcher, { department: pharmacy, job site: owner }, { department: chemistry, job site: professor }; trusted authority TA based on master key mk and data user attribute set +.>Generating a private key sk of the data user, and sending the private key sk to the data user. And the master key mk is saved to the master key storage module.
T2, data owner 1 owns three documents 1, 2, 3, wherein:
the recursive keyword set for document 1 is expressed as: { name: li Xiaoming, disease: heart disease, medication: lipraton, { name: li Xiaoming, disease: hypertension, medication: amiloride, { name: li Xiaoming, disease: heart disease, medication: nitroglycerin }, the access policy implemented access tree structure is shown in fig. 4;
the recursive keyword set for document 2 is expressed as: { name: wang Xiaomei, disease: coronary heart disease, drug administration: aspirin, { name: wang Xiaomei, disease: hypertension, medication: amiloride, { name: wang Xiaomei, disease: heart disease, medication: nitroglycerin }, the access policy implemented access tree structure is shown in fig. 5;
the document 3 recursive keyword set is expressed as: { name: zhang Xiaogang, disease: chronic urticaria, medication: loratadine, { name: zhang Xiaogang, disease: diabetes mellitus, medication: baida, name: zhang Xiaogang, disease: heart disease, medication: nitroglycerin }, the access policy implemented access tree structure is shown in fig. 4;
To encrypt the above document, the data owner 1 first runs the encryption subsystem, and obtains the system public key pk from the cloud storage subsystem on the cloud server. Then the subsystem uses the system public key pk to encrypt three documents in turn to generate ciphertext { C ] i } i=1,2,3 Uploading to a cloud server.
And T3, after the cloud server receives the ciphertext set of the data owner 1, storing the ciphertext set in a storage module of the cloud storage subsystem. For simplicity of explanation, it is assumed here that the current storage module stores only the three ciphertexts { C } of the data owner 1 described above i } i=1,2,3 。
T4, if the data user wants to inquire about the related document that the disease is heart disease and the used medicine is liprital or nitroglycerin, operating a search token generation module of a user search token generation and decryption subsystem, wherein the module enables a user private key sk and a query keyword predicateAND ((medication= "liprital") OR (medication= "nitroglycerin)) generates a search token TK, AND sends the search token TK to the user search module. The user retrieval module sends the retrieval token TK to the cloud server for the next retrieval operation.
After receiving the query request of the data user 1, the cloud server runs a retrieval module which compares the retrieval token TK with the ciphertext C in the storage module 1 、C 2 、C 3 And performing matching operation sequentially. After the matching operation is completed, the cloud server will meet the condition ciphertext C 1 And C 3 Return toData user 1.
T6 data user 1 receives returned data ciphertext C 1 And C 3 After that, a decryption module of the user searching and decrypting subsystem is operated, and the module uses the private key sk to decrypt the ciphertext C 1 And C 3 Plain text contents of the document 1 and the document 3 are obtained.
In summary, the boolean keyword searchable encryption method supporting large-scale user groups disclosed in the embodiment supports a more flexible data user attribute organization manner and a more flexible access policy matching, thereby realizing more efficient access control. In the prior art, most techniques do improvement or expansion work based on an ABE (attribute-based encryption) scheme or a PEKS (public-key encryption with keyword search, public-key searchable encryption) scheme. At present, although the two schemes can realize fine-granularity access control, the attributes of the data users are still integrated into a single attribute set, and the actual use scene is not met. The invention uses the access tree to represent the access strategy and organizes the data user attributes in a recursive set structure, thereby realizing more efficient access strategy matching. In addition, the encryption method also supports a more flexible keyword organization mode and Boolean keyword retrieval. In the prior art, some technologies only support data owners to encrypt data for single keywords, data users use the single keywords to search, AND do not support boolean keyword searches with logic word nesting such as AND, OR AND the like; meanwhile, keywords in the prior art are organized in a set, and efficient keyword matching cannot be performed in some actual use scenes. In the invention, the flexible keyword organization and Boolean keyword search are realized by adopting a method of organizing keywords into a recursive set and performing Boolean matching operation.
The above examples are preferred embodiments of the present invention, but the embodiments of the present invention are not limited to the above examples, and any other changes, modifications, substitutions, combinations, and simplifications that do not depart from the spirit and principle of the present invention should be made in the equivalent manner, and the embodiments are included in the protection scope of the present invention.
Claims (4)
1. A boolean keyword searchable encryption method supporting a large-scale user group, the encryption method comprising the steps of:
s1, initializing a system: the trusted authority TA generates a public key pk and a master key mk according to the security parameter K, and publicly distributes the public key pk to the cloud server;
s2, generating a private key: the data user organizes its own attributes into a recursive attribute setIt is then sent to the trusted authority TA, which uses the master key mk and the recursive property set +.>Generating a private key sk and transmitting the private key sk to the data user, wherein the attribute set +.>Is resolved into { A } 0 ,A 1 ,...,A n },A i Representation->The ith sub-attribute set in (1) assuming sub-attribute set A i Containing m i Personal attributes (i.e.)>Wherein a is i,j Representing the sub-attribute set A i The j-th attribute of (a);
s3, encryption: data owner uses system public key pk, recursive keyword set And Access Tree->Generating a ciphertext C for the document, uploading the ciphertext C to a cloud server, and recursing the keyword set W V Element->Representing the ith subset of the recursive keyword set, is parsed intoRecursive keyword name set +.>Recursive keyword set W V Having the same structure, elements in the set +.>Represented is the i ' th subset in the recursive keyword name set, parsed into (ρ (i ', 1), ρ (i ', 2),. ρ (i ', m ' i′ ) And), wherein m' i′ Representing the number of keywords in the ith keyword subset, ρ (i ', j') representing the name of the jth keyword in the ith keyword subset, w ρ(i′,j′) A value representing the j 'th keyword in the i' th keyword subset;
s4, search token generation: the data user uses the private key obtained in the step S2 to combine the local Boolean keyword value expression B of the data user V Generating a retrieval token TK, wherein B V Is an access tree structure, B N Expressed is a Boolean keyword name expression with sum B V The same access tree structure for B V Leaf nodes in (a)The keyword value is expressed as +.>Wherein the method comprises the steps ofRepresenting the corresponding keyword names;
the process of the step S4 is as follows:
S4a, randomly selecting a value by a data userFor subsequent parameter generation and for calculation of parameters for conversion calculation at conversion nodes +.>G is a generator of G, and alpha and gamma are third and fourth parameters for realizing private key generation, document encryption and generation of a retrieval token;
s4b, data user uses secret sharing algorithmSecret sharing of t is calculated +.>Data user calculation parameters for keyword matching algorithm DecryptNodeII calculation>And-> For each conversion node->The data user calculates the parameters for the conversion calculation at the conversion node +.>β 2 Is a second parameter for implementing private key generation, document encryption and generation of a search token, hash function H 0 (. Cndot.) satisfies the following mapping:wherein (1)>Is the set of all numbers that are prime to prime p,/->Representing each conversion node->A constant in a secret sharing polynomial;
s4c, the data user analyzes the private key sk into the following steps of1≤j≤m i },{E i |1≤i≤n}>And calculates the parameter ++for ciphertext and keyword match verification calculation>Parameter +.>And->Wherein i is more than or equal to 0 and less than or equal to n, j is more than or equal to 1 and less than or equal to m i The method comprises the steps of carrying out a first treatment on the surface of the And enable subset A i R of (2) i Conversion to subset A 0 R of (2) 0 Is of the ginsengCount->Wherein the trusted authority TA calculates +. >For subsequent generation->Is an attribute set->Subset A of (2) i Parameters for matching verification of subsequent and access trees, assuming recursive property set +.>N+1 subsets are shared, and for the 2 nd to n+1 th subsets, their parameters r i Satisfy->Let 1 st subset A 0 Parameter r of (2) 0 =r;
S4d, obtaining the retrieval token by the data user according to the variables obtained in the steps
Wherein the trusted authority TA calculationFor subsequent generation->
S5, ciphertext search: the data user sends the retrieval token TK generated in the step S4 to the cloud server, after the cloud server receives the retrieval token TK, the cloud server checks the ciphertext C stored on the cloud server by using the retrieval token TK, whether the ciphertext C is matched or not is checked, and the ciphertext C meeting the matching condition is sent to the data user;
the process of the step S5 is as follows:
s5a, the cloud server analyzes the ciphertext C into a ciphertext C Is a parameter for ciphertext and keyword matching verification calculation,/-for> Is a parameter for conversion calculation at the conversion node, n' is a random parameter s i′ Number, K of i′ Is to make a subset of the recursive keyword setS of (2) i′ Conversion to subset->S of (2) 0 Parameter of->And->Du ShiParameters for the calculation of the attribute matching algorithm DecryptNodeI, +.>Is an access tree->Is used for resolving the retrieval token TK into the conversion node set of (1)
S5b, according to the access treeAnd attribute set->For access tree +.>The cloud server returns a set S τ Wherein S is τ Is the label of node tau, each label u corresponds to a set a u Each set A u Can satisfy sub access tree->For root node R, there is +.> The corresponding set is S R ;
S5c, if the attribute setSatisfy Access Tree->Then for each node τ, the slave set S is random τ Selecting a label, marked as u, and running an attribute matching algorithm DecryptNodeI (C, TK, τ, u) which inputs ciphertext C, retrieves token TK, node τ and label u by calculating ∈>Outputting the calculation result F of the node tau τ Wherein C τ And C' τ Is the parameter corresponding to node tau in ciphertext C, < >>And->Is the search token TK node tau in subset A u Parameters of corresponding attributes in the database; if there is no access tree satisfied->Attribute set +.>Then a "0" is returned;
in the step S5C, according to the node type of the node τ, the attribute matching algorithm decryptnodebi (C, TK, τ, u) has two different calculation modes:
when the node tau is a leaf node, if the attribute att (tau) epsilon A corresponding to the node tau i Then the attribute matching algorithm DecryptNodeI (C, TK, τ, u) is run and output e:G×G→G T Is a bilinear map; otherwise, the algorithm returns 'T';
when the node tau is a non-leaf node, the cloud server first calculates a k containing the node tau τ Set E of sub-nodes τ ,E τ Each node z of (1) must satisfy a set of labels S for which label u belongs to z z ,u∈S z Or z is a conversion node and there is at least one tag u' e S z The method comprises the steps of carrying out a first treatment on the surface of the Then running attribute matching algorithm DecryptNodeI (C, TK, z, u,) and outputtingThen, F 'is paired according to the value of the tag u' z Conversion is performed using a conversion formula, and when u=0, calculation is performedOutputting the calculated result +.>Wherein->Is the corresponding parameter of tag u' in the search token TK,/or->Is the parameter corresponding to the node z in the ciphertext C; when u.noteq.0, calculate +.>Outputting the calculated result +.>Wherein->Is the parameter corresponding to the tag u in the search token TK;
complete E of calculation τ After each node of (2), F is calculated using the following formula τ :
Wherein,,k=index(z),U z ={index(z):z∈E τ the function of index (·) is to obtain the label of the node;
then, the attribute matching algorithm DecryptNodeI (C, TK, R, u) is operated to calculate the root node R, and when the label u=0 of R, the calculation result F is output R =e(g,g) trs The method comprises the steps of carrying out a first treatment on the surface of the When u is not equal to 0, the calculation result is outputFinally, F is calculated from the tag u, and when the tag u=0, let f=f R The method comprises the steps of carrying out a first treatment on the surface of the When u.noteq.0, calculate +.>Outputting the calculated result f=e (g, g) trs ;
S5d, for a given recursive keyword name set W N And boolean keyword name expression B N For B N Each node of (2)The cloud server calculates a tag set +.>Each tag h corresponds to one W N Is>Each subset->Can all satisfy B N Is->For root node->There is->The corresponding set is +.>
In the step S5d, according to the nodeIs a node type of (a) keyword matching algorithm +.>There are two different calculation modes:
when the node isIs a leaf node, if->Keyword matching algorithmReturning to the reverse T shape; otherwise, assume-> ThenAnd running a keyword matching algorithm +.>Output result->Wherein s is h Representation subset->Corresponding matching verification random number, +.>Representation node->A constant in a secret sharing polynomial;
when the node isWhen the node is a non-leaf node, the cloud server firstly calculates a node containing +.>Is->Aggregation of sub-nodesEach node->Must satisfy the label h belonging to->Tag set +.> Or->Is a switching node and at least one tag is present +.>Then, a keyword matching algorithm is run +.>Output->Then, according to the value pair of tag h +.>Conversion using a conversion formula, when h=0, calculate +. >Outputting the calculated result +.>Wherein->Is node->Corresponding parameters, K, in the search token TK h′ Is the corresponding parameter of the tag h' in the ciphertext C; when h.noteq.0, calculate +.> Outputting the calculated result +.>Wherein K is h Is the corresponding parameter of the label h in the ciphertext C;
after the calculation is completedAfter each node of (2), the following formula is used to calculate +.>
Wherein,,
then, a keyword matching algorithm is runFor root node->Calculation is performed when->When the label h=0, the output meterCalculation result->When h is not equal to 0, outputting the calculated resultFinally, calculate +_based on tag h>When tag h=0, let +.>When h+.0, calculateOutputting the calculated result +.>
S5e, if recursive keyword name Structure W N Satisfy boolean keyword name expression B N Then for each nodeRandom Slave set->Selecting a tag, labeled h, and running a keyword matching algorithm +.>The algorithm inputs ciphertext C, retrieves token TK, node +.>And tag h by calculating +.>Output node->Is->Wherein (1)>And->Is the node in the search token TK->Corresponding parameters, C ρ(h,j′) And C' ρ(h,j′) Is the junction +.>In subset->Parameters corresponding to keyword names; if not, satisfying Boolean keyword name expression B N Recursive keyword name structure W N Then return to "0";
s5f, calculating parameters for verifying matching calculation by using cloud serverAnd judge->Whether or not it is true, wherein s 0 Is subset->Parameters for performing match verification, ++>The result of matching calculation of the ciphertext keyword and the user search keyword is that of matching calculation of the access tree and the user attribute is F, and if the result is true, 0 is output; if not, outputting a '1'; wherein e (G, G) represents the mapping of two elements in the cyclic group G into the multiplicative cyclic group G T Is a component of the group.
2. The boolean keyword searchable encryption method supporting a large-scale user group according to claim 1, wherein said step S1 process is as follows:
s1a, trusted authority TA uses group generatorExecution->Generation of (p, G, G) T E), wherein p is a prime number, G and G T For a cyclic group of order p, G is the generator of G, e: g is G.fwdarw.G T Is a bilinear map;
s1b, a trusted authority TA selects two anti-collision hash functions H 0 (. Cndot.) and H 1 (. Cndot.) wherein the hash function H 0 (. Cndot.) satisfies the following mapping:wherein (1)>Is the set of all numbers that are prime to prime p, the hash function H 1 (. Cndot.) satisfies the following mapping: {0,1} * →G;
S1c, a trusted authority TA randomly selects first, second, third and fourth parameters beta for realizing private key generation, document encryption and generation of search tokens 1 ,β 2 ,α,And by calculation ∈>g α ,g αγ ,g 1/γ ;
S1d, the trusted authority TA obtains the system public key according to the variables Master key mk=<β 1 ,β 2 ,α>。
3. The boolean keyword searchable encryption method supporting a large-scale user group according to claim 1, wherein said step S2 process is as follows:
s2a, trusted authority TA is a recursive attribute setRandom selection->For recursive property set->Each subset A i Select r i Wherein r is the attribute set +.>Parameters r for subsequent and access tree matching verification i Is an attribute set->Subset A of (2) i Parameters for matching verification of subsequent and access trees, assuming recursive property set +.>N+1 subsets are shared, and for the 2 nd to n+1 th subsets, their parameters r i Satisfy->Let 1 st subset A 0 Parameter r of (2) 0 =r,Is a set of all numbers that interprime with prime number p;
s2b, trusted authority TA also needs to be a recursive attribute setEach attribute a of (a) i,j Selecting a parameter r i,j For subsequent matching calculations, wherein +.>
S2c, trusted authority TA calculationFor subsequent generation->Calculate- > And->For subsequent generation->And->Wherein i is more than or equal to 0 and less than or equal to n, j is more than or equal to 1 and less than or equal to m i ;
S2d, trusted authority TA calculationFor subsequent generation->Wherein i is more than or equal to 1 and less than or equal to n;
s2e, the trusted authority TA obtains the private key of the data user according to the variablesAnd sends it to the data user.
4. The boolean keyword searchable encryption method supporting a large-scale user group according to claim 1, wherein said step S3 is as follows:
s3a, randomly selecting a recursive keyword set W by a data owner V Parameters for match verificationIs the set of all numbers that are prime to prime p, and calculates parameters for ciphertext and keyword match verification calculationsAnd parameters for conversion calculation at conversion node +.>
S3b, the data owner generates a set containing n' random parametersWherein s is i′ Is a recursive keyword set W V Is>Parameters for matching verification, let s 0 =s, is a subset->Parameters for performing matching verification;
s3c, the data owner generates a random parameter set for subsequent matching calculationWherein s is i′,j′ Corresponding keyword w ρ(i′,j′) ;
S3d, calculating parameters for calculating keyword matching algorithm DecryptNodeII by a data owner And->Wherein, i 'is more than or equal to 0 and less than or equal to n', j 'is more than or equal to 1 and less than or equal to m' i′ Keyword matching algorithm DecryptNodeII is used for ciphertext and search token keyword matching calculation, and then calculation enables subset of recursive keyword set to be +.>S of (2) i′ Conversion to subset->S of (2) 0 Parameter of->Wherein i 'is more than or equal to 1 and n';
s3e, data owner uses secret sharing algorithm Computing secret sharing of s, where q v (0) Values of constants in secret sharing polynomial representing node v, +.>Representing Access Tree->Leaf node of->Representation according to s and access tree->Running a secret sharing algorithm;
s3f, data owner is directed to access treeIs calculated for the attribute matching algorithm DecryptNodeI calculation>And->The attribute matching algorithm DecryptNodeI is used for matching calculation of a user attribute set and an access tree;
s3g, to access the treeIs expressed as +.>For every node-> Data owner calculation->Wherein (1)>The support sets are mutually converted at a conversion node x;
s3h, obtaining ciphertext by the data owner according to the variables obtained in the steps
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111561029.3A CN114357477B (en) | 2021-12-15 | 2021-12-15 | Boolean keyword searchable encryption method supporting large-scale user group |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111561029.3A CN114357477B (en) | 2021-12-15 | 2021-12-15 | Boolean keyword searchable encryption method supporting large-scale user group |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114357477A CN114357477A (en) | 2022-04-15 |
CN114357477B true CN114357477B (en) | 2023-07-18 |
Family
ID=81101833
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111561029.3A Active CN114357477B (en) | 2021-12-15 | 2021-12-15 | Boolean keyword searchable encryption method supporting large-scale user group |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114357477B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116910788B (en) * | 2023-08-15 | 2024-06-11 | 广州粤建三和软件股份有限公司 | Searchable encryption management method and device for service data and storage medium |
Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107491497A (en) * | 2017-07-25 | 2017-12-19 | 福州大学 | Multi-user's multi-key word sequence of any language inquiry is supported to can search for encryption system |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP2709306B1 (en) * | 2012-09-14 | 2019-03-06 | Alcatel Lucent | Method and system to perform secure boolean search over encrypted documents |
CN111913981B (en) * | 2020-06-09 | 2022-04-22 | 华南理工大学 | Online and offline attribute-based boolean keyword searchable encryption method and system |
CN111966802A (en) * | 2020-07-31 | 2020-11-20 | 河海大学 | Attribute-based encryption method and system supporting keyword Boolean search |
CN112100649B (en) * | 2020-08-06 | 2022-12-16 | 华南理工大学 | Multi-keyword searchable encryption method and system supporting Boolean access control strategy |
-
2021
- 2021-12-15 CN CN202111561029.3A patent/CN114357477B/en active Active
Patent Citations (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107491497A (en) * | 2017-07-25 | 2017-12-19 | 福州大学 | Multi-user's multi-key word sequence of any language inquiry is supported to can search for encryption system |
Also Published As
Publication number | Publication date |
---|---|
CN114357477A (en) | 2022-04-15 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Cui et al. | Efficient and expressive keyword search over encrypted data in cloud | |
Shen et al. | Secure phrase search for intelligent processing of encrypted data in cloud-based IoT | |
CN111913981B (en) | Online and offline attribute-based boolean keyword searchable encryption method and system | |
CN105024802B (en) | Multi-user's multi-key word based on Bilinear map can search for encryption method in cloud storage | |
CN102369687A (en) | Cryptographic system, cryptographic communication method, encryption apparatus, key generation apparatus, decryption apparatus, content server, program, and storage medium | |
KR20130085491A (en) | Multi-user searchable encryption system with index validation and tracing and method thereof | |
CN112100649B (en) | Multi-keyword searchable encryption method and system supporting Boolean access control strategy | |
Kim et al. | Private compound wildcard queries using fully homomorphic encryption | |
CN106980796B (en) | MDB-based cloud environment+Search method of tree multi-domain connection keywords | |
WO2018070932A1 (en) | System and method for querying an encrypted database for documents satisfying an expressive keyword access structure | |
Kissel et al. | Verifiable phrase search over encrypted data secure against a semi-honest-but-curious adversary | |
CN114357477B (en) | Boolean keyword searchable encryption method supporting large-scale user group | |
Cao et al. | A Lightweight Fine‐Grained Search Scheme over Encrypted Data in Cloud‐Assisted Wireless Body Area Networks | |
CN108471417B (en) | Keyword query method based on hierarchical attributes in cloud environment | |
Akavia et al. | Secure search via multi-ring fully homomorphic encryption | |
CN109672525B (en) | Searchable public key encryption method and system with forward index | |
CN117194516A (en) | Keyword-oriented privacy protection similarity query method in intelligent medical treatment | |
Lu et al. | Novel Searchable Attribute‐Based Encryption for the Internet of Things | |
CN115694974A (en) | Ciphertext data sharing method and system based on collaborative searchable | |
Jho et al. | Symmetric searchable encryption with efficient conjunctive keyword search | |
Zhang et al. | Multi-user and keyword-based searchable encryption scheme | |
JP5486519B2 (en) | Search system, determination device, vector construction device, method and program thereof | |
CN112328626B (en) | Searchable encryption method facing cloud environment and supporting fuzzy keyword sequencing | |
Hu et al. | Attribute-based encryption of LSSS access structure with expressive dynamic attributes based on consortium blockchain | |
Zhang et al. | Efficient keyword search for public-key setting |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |