CN114430321A - DFA self-adaptive security-based black box traceable key attribute encryption method and device - Google Patents

DFA self-adaptive security-based black box traceable key attribute encryption method and device Download PDF

Info

Publication number
CN114430321A
CN114430321A CN202210357035.5A CN202210357035A CN114430321A CN 114430321 A CN114430321 A CN 114430321A CN 202210357035 A CN202210357035 A CN 202210357035A CN 114430321 A CN114430321 A CN 114430321A
Authority
CN
China
Prior art keywords
key
data
decryption
algorithm
attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210357035.5A
Other languages
Chinese (zh)
Other versions
CN114430321B (en
Inventor
蒋琳
徐颖
王轩
吴宇琳
陈倩
熊力瑶
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Harbin Institute Of Technology shenzhen Shenzhen Institute Of Science And Technology Innovation Harbin Institute Of Technology
Original Assignee
Harbin Institute Of Technology shenzhen Shenzhen Institute Of Science And Technology Innovation Harbin Institute Of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Harbin Institute Of Technology shenzhen Shenzhen Institute Of Science And Technology Innovation Harbin Institute Of Technology filed Critical Harbin Institute Of Technology shenzhen Shenzhen Institute Of Science And Technology Innovation Harbin Institute Of Technology
Priority to CN202210357035.5A priority Critical patent/CN114430321B/en
Publication of CN114430321A publication Critical patent/CN114430321A/en
Application granted granted Critical
Publication of CN114430321B publication Critical patent/CN114430321B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Security & Cryptography (AREA)
  • Mathematical Physics (AREA)
  • Physics & Mathematics (AREA)
  • Pure & Applied Mathematics (AREA)
  • Mathematical Optimization (AREA)
  • Computing Systems (AREA)
  • Mathematical Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Algebra (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a DFA self-adaptive security-based black box traceable key attribute encryption method and device, comprising the following steps: key generation center operation initialization algorithm generation system public keyPKAnd a master private keyMSKAnd will bePKSending to the data owner; the data owner willPKData to be encryptedmAnd datamAttribute string ofωAs input, running an encryption algorithm generates a ciphertextCT(ii) a Identity information of data userIDAnd granted deterministic finite automata model
Figure 902252DEST_PATH_IMAGE001
Sending the key to a key generation center; key generation center utilizationMSKPKIDAnd
Figure 100004_DEST_PATH_IMAGE002
running a key generation algorithm to generate a decryption key
Figure 763898DEST_PATH_IMAGE003
And user identity keyKey ID Will (a)Key ID ,ID) Logging in user hash tableLISTIn addition, will
Figure 100004_DEST_PATH_IMAGE004
Sending to the data user; data user requests ciphertext from cloud serverCTInput of
Figure 677496DEST_PATH_IMAGE005
AndCTrunning decryption algorithm to obtain data by decoding ciphertextm. The invention takes DFA as the access structure, can process any long attribute character string and matching range attribute, and makes the access control more flexible.

Description

DFA self-adaptive security-based black box traceable key attribute encryption method and device
Technical Field
The invention belongs to the technical field of black box tracking, and particularly relates to a DFA (distributed feedback analysis) self-adaptive security-based black box traceable key attribute encryption method and device.
Background
Because of the trust problem between the cloud server and the user, the common practice at present is to encrypt data and store the encrypted data in the cloud server, but if the data is stored in the server in a form of ciphertext, a new problem is brought, namely how to control the authority of the user for accessing the data. In the conventional public key encryption, a ciphertext is generated by one public key encryption, and each user needs to regenerate one ciphertext, which greatly occupies the storage space of a server and needs a large amount of overhead in the encryption and transmission processes. Attribute-based Encryption (ABE) is a form of public key Encryption in which a key pair is associated with an attribute, rather than with a single user or entity. The encrypting user may specify a policy during encryption to decide who may access the data, and the plaintext data may be decrypted as long as the decrypted user attributes satisfy the policy. Data encrypted using ABE may be accessed by multiple authorized users. And the ABE is further divided into two types of KP-ABE (Key-Policy Attribute-Based Encryption, KP-ABE) and CP-ABE (Cipher-Policy Attribute-Based Encryption, KP-ABE) according to the relationship between the Key/ciphertext and the strategy. In KP-ABE, the cipher text is related to attribute set, and the user private key is related to policy. In contrast, in CP-ABE, the ciphertext is associated with the access policy and the user private key is associated with the set of attributes.
In the prior art, a similar black box tracking algorithm is used for a black box traceable ciphertext policy attribute-based encryption method aiming at an LSSS access structure, but the existing LSSS and access tree structure cannot process attribute character strings with any length, so that some defects exist in the aspect of access control, the security is not enough, and higher self-adaptive security cannot be achieved.
Disclosure of Invention
The invention mainly aims to overcome the defects and shortcomings of the prior art, and provides a DFA (distributed data architecture) adaptive security-based black box traceable key attribute encryption method and device, which can construct a black box traceable attribute encryption method which has more flexible access control, meets adaptive security and can support the property of the universe.
In order to achieve the purpose, the invention adopts the following technical scheme:
the invention provides a DFA self-adaptive security-based black box traceable key attribute encryption method, which is characterized by comprising the following steps:
key generation center operation initialization algorithm
Figure DEST_PATH_IMAGE001
Generating a system public keyPKAnd a master private keyMSKAnd apply the system public keyPKSending to the data owner;
data owner will system public keyPKData to be encryptedmAnd datamAttribute string ofωRunning the encryption algorithm as input
Figure 814466DEST_PATH_IMAGE002
Generating a ciphertextCTAnd the cipher text is encryptedCTSending the data to a cloud server for storage;
identity information of data userIDAnd granted deterministic finite automata model
Figure DEST_PATH_IMAGE003
And is sent to a key generation center, wherein,Qis the number of states of the state machine,
Figure 407428DEST_PATH_IMAGE004
is a ring of integers modulo N that is,
Figure DEST_PATH_IMAGE005
is the function of the transfer function(s),
Figure 536927DEST_PATH_IMAGE006
and
Figure DEST_PATH_IMAGE007
respectively, an initial state and an acceptance state;
key generation center utilizing master private keyMSKSystem public keyPKIdentity informationIDAnd deterministic finite automata model
Figure 820535DEST_PATH_IMAGE008
Running a key generation algorithm
Figure DEST_PATH_IMAGE009
Generating decryption keys
Figure 709993DEST_PATH_IMAGE010
And user identity keyKey ID Will be
Figure DEST_PATH_IMAGE011
Logging in user hash tableLISTAnd will decrypt the key
Figure 635093DEST_PATH_IMAGE012
Send to data toThe user;
data user requests ciphertext from cloud serverCTInputting a secret key
Figure 14121DEST_PATH_IMAGE012
And ciphertextCTRunning a decryption algorithm
Figure DEST_PATH_IMAGE013
Decoding the ciphertext to obtain datam
As a preferred technical solution, the initialization algorithm
Figure 129232DEST_PATH_IMAGE014
The method specifically comprises the following steps:
inputting the safety parameter lambda into an initialization algorithm, and initializing to obtain a resultant order group
Figure DEST_PATH_IMAGE015
Generating a system public key from the resultant order group
Figure 320917DEST_PATH_IMAGE016
Wherein
Figure 195463DEST_PATH_IMAGE018
Is a group-generating algorithm that is,P 1P 2 P 3are three mutually different large prime numbers,GandG T is of orderNThe resultant order group of (a) is,Nis thatP 1P 2 P 3The multiplication of (a) by (b),ein order to be a bilinear mapping,
Figure DEST_PATH_IMAGE019
Figure 263170DEST_PATH_IMAGE020
andfis a slave groupGMiddle order isP 1A subgroup ofG p1Wherein the generation elements are randomly selected from the group of generation elements,
Figure DEST_PATH_IMAGE021
αandβis a slave dieNInteger ring ofZ N Randomly selected elements;
will be provided with
Figure 846336DEST_PATH_IMAGE022
As a result of the system public key,
Figure 421805DEST_PATH_IMAGE023
as the system master key.
As a preferred technical solution, the encryption algorithm
Figure DEST_PATH_IMAGE024
The method specifically comprises the following steps:
inputting datamSystem public keyPKAnd attribute string of dataω
Parsing from each digit of a string
Figure 195199DEST_PATH_IMAGE025
lTo representωNumber of bits of (D), slave modeNInteger ring of
Figure 696457DEST_PATH_IMAGE026
In selecting random number
Figure DEST_PATH_IMAGE027
Using these random numbers
Figure 533963DEST_PATH_IMAGE028
And in the system public key
Figure DEST_PATH_IMAGE029
Using pairwise coding formulae
Figure 555533DEST_PATH_IMAGE030
Generate, generate
Figure DEST_PATH_IMAGE031
Wherein
Figure 699944DEST_PATH_IMAGE032
The coding combination formula is as follows:
Figure DEST_PATH_IMAGE033
generating according to the calculation:
Figure 670305DEST_PATH_IMAGE034
will beCTUploading to a cloud server;
wherein,
Figure DEST_PATH_IMAGE035
attribute character string representing dataωEach of the bits of (a) to (b),
Figure 27731DEST_PATH_IMAGE036
is a parameter randomly chosen from a ring of integers,
Figure DEST_PATH_IMAGE037
a parameter for participating in encryption generated using the random number and the common parameter,
Figure 272898DEST_PATH_IMAGE038
representing stored random numbersS i The value of (a) is,
Figure 475079DEST_PATH_IMAGE039
representing attribute strings embedded in a user for encryptionωTo (1) aiThe parameters of the bit of information are,
Figure DEST_PATH_IMAGE040
show that
Figure 147499DEST_PATH_IMAGE041
Generator on these element pair group
Figure 553073DEST_PATH_IMAGE042
The parameters obtained by the exponentiation operation,C 0 is a public commitment to the secret value,
Figure DEST_PATH_IMAGE043
representing datamThe encrypted main ciphertext.
As a preferred technical solution, the key generation algorithm
Figure 837817DEST_PATH_IMAGE044
The method specifically comprises the following steps:
input-authorized DFA description
Figure 661548DEST_PATH_IMAGE045
System public keyPKMaster private keyMSKAnd user identityID
Order tonIndicating the number of states of the state machine, i.e.
Figure DEST_PATH_IMAGE046
Let us orderLThe number of transfer functions representing the automaton being
Figure 737826DEST_PATH_IMAGE047
Having a transfer function
Figure DEST_PATH_IMAGE048
Wherein
Figure 568379DEST_PATH_IMAGE049
Respectively, the states of a certain state machine,
Figure DEST_PATH_IMAGE050
single character mapping received for a state machine
Figure 379516DEST_PATH_IMAGE026
An integer of (2), selecting a random number
Figure 323332DEST_PATH_IMAGE051
For each state
Figure DEST_PATH_IMAGE052
Selecting a corresponding random number
Figure 570512DEST_PATH_IMAGE053
And make an order
Figure DEST_PATH_IMAGE054
Let us order
Figure 498148DEST_PATH_IMAGE055
Use of
Figure DEST_PATH_IMAGE056
Random number of
Figure 249328DEST_PATH_IMAGE057
And in common parameters
Figure 782072DEST_PATH_IMAGE029
As a coding formula
Figure DEST_PATH_IMAGE058
Is input to, generated from
Figure 200153DEST_PATH_IMAGE059
Figure DEST_PATH_IMAGE060
Wherein
Figure 615084DEST_PATH_IMAGE061
A parameter representing the mapping of each state in the state machine to an element on the complex order group,
Figure DEST_PATH_IMAGE062
parameters representing some of the public parameters and the primary private key elements embedded,
Figure 904377DEST_PATH_IMAGE063
representing parameters after the t-th transfer equation encoding, and participating in operation when identifying the attribute character string and performing state jump;
selecting different random numbers for each user
Figure DEST_PATH_IMAGE064
Calculating user identity key
Figure 353944DEST_PATH_IMAGE065
Will be
Figure 880609DEST_PATH_IMAGE011
Deposit to user hash tableLISTIn the middle, let
Figure DEST_PATH_IMAGE066
Representing parameters
Figure 48416DEST_PATH_IMAGE067
Number of inner elements, from groupGIn the order ofPSubgroup of 3
Figure DEST_PATH_IMAGE068
In the random selectionm 1A generator
Figure 875820DEST_PATH_IMAGE069
Generating a user private key of
Figure DEST_PATH_IMAGE070
Will be
Figure 445473DEST_PATH_IMAGE071
Sending the information to an authorized user requesting the private key;
wherein
Figure DEST_PATH_IMAGE072
Representing a parameter containing a primary private key element,
Figure 205356DEST_PATH_IMAGE067
indicating use of
Figure 798143DEST_PATH_IMAGE073
After performing dot product operation on group
Figure DEST_PATH_IMAGE074
Various parameters are hidden.
As a preferred technical solution, the decryption algorithm
Figure 316323DEST_PATH_IMAGE075
The method specifically comprises the following steps:
input ciphertextCTAnd a decryption key
Figure 193012DEST_PATH_IMAGE071
And performing decryption operation:
the algorithm first lets deterministic finite automata in the key
Figure 687578DEST_PATH_IMAGE008
Matching attribute stringsωIf, if
Figure 266196DEST_PATH_IMAGE008
Does not accept attribute stringsωThe algorithm outputs an error sign, otherwise, if it is acceptableωHave a correspondence tol+1 states
Figure 261834DEST_PATH_IMAGE076
To for
Figure 100002_DEST_PATH_IMAGE077
Is provided withlA transfer function
Figure 540499DEST_PATH_IMAGE078
In the last state
Figure 848377DEST_PATH_IMAGE079
For each transfer function
Figure 399444DEST_PATH_IMAGE080
Finding transfer functions encoded in DFA
Figure 100002_DEST_PATH_IMAGE081
(ii) a The pairing formula of the decryption algorithm is set as
Figure 277402DEST_PATH_IMAGE082
WhereinEIs to make a vector
Figure 100002_DEST_PATH_IMAGE083
And
Figure 518896DEST_PATH_IMAGE084
the calculated matrix is combined as follows:
Figure 100002_DEST_PATH_IMAGE085
wherein
Figure 794413DEST_PATH_IMAGE086
Representing the calculation process of state jump;
the decryption calculation is as follows:
Figure 100002_DEST_PATH_IMAGE087
wherein,
Figure 645825DEST_PATH_IMAGE088
is the result of an intermediate operation resulting from the decryption,
Figure 100002_DEST_PATH_IMAGE089
is the final output result in the decryption process.
As a preferred technical solution, if the key is embedded in an illegal black box that cannot obtain a structure, the identity of the owner of the key needs to be found, specifically:
random selection of data by a trackermAttribute string capable of matching access structure in this illegal black boxωAnd system public keyPKAnd running the algorithm
Figure 419484DEST_PATH_IMAGE090
In the generation of cryptographic algorithms
Figure 610425DEST_PATH_IMAGE040
In the calculation process of (2), from an integer ring
Figure 7908DEST_PATH_IMAGE026
In the method, a random number is randomly acquired
Figure 100002_DEST_PATH_IMAGE091
Using random numbers
Figure 848082DEST_PATH_IMAGE092
Replacement of
Figure 739946DEST_PATH_IMAGE028
In (1)SParticipating in operation to obtain a tracking cipher textTraceCTThe tracking cipher textTraceCTStructure and generalCTIn the same way, only
Figure 34661DEST_PATH_IMAGE040
InSIs replaced by
Figure 117892DEST_PATH_IMAGE091
Let us order
Figure 100002_DEST_PATH_IMAGE093
To express new
Figure 678318DEST_PATH_IMAGE040
And use of
Figure 722673DEST_PATH_IMAGE091
AndSgenerating trapdoors
Figure 137474DEST_PATH_IMAGE094
Then it will reserve the trapdoor itself and will track the ciphertextTraceCTSending to a decryption machine, the decryption machine decrypting the algorithm according to the decryption algorithm
Figure 100002_DEST_PATH_IMAGE095
And (3) carrying out operation:
Figure 689809DEST_PATH_IMAGE096
wherein
Figure 100002_DEST_PATH_IMAGE097
The decryption machine performs decryption operation on the tracking ciphertext to obtain an intermediate result, and performs decryption operation on the last step to obtain a decryption result
Figure 501645DEST_PATH_IMAGE098
Because the decryption black box cannot distinguishTraceCTAndCTso as to output the decryption result of the tracking cipher text
Figure 100002_DEST_PATH_IMAGE099
The tracker obtains
Figure 797628DEST_PATH_IMAGE099
Then, the data in the hand is passedmTrap doortdThe following operations are carried out to obtain the main key corresponding to the user identity in the user identity tableKey ID
Figure 53554DEST_PATH_IMAGE100
Tracing the passage of a personKey ID From user hash tablesLISTCheck user identity informationID
Preferably, the slave group generates a key based on the key generation algorithmGMiddle order isP 3A subgroup ofG p3In the random selection of group elements
Figure 100002_DEST_PATH_IMAGE101
And performing dot multiplication operation to hide the random number.
The invention provides a black box traceable key attribute encryption system based on DFA self-adaptive security, which is applied to the black box traceable key attribute encryption method based on DFA self-adaptive security and comprises an initialization module, an encryption module, a data sending module, a key generation module and a decryption module;
the initialization module is used for operating an initialization algorithm by the key generation center
Figure 42369DEST_PATH_IMAGE102
Generating a system public keyPKAnd a master private keyMSKAnd apply the system public keyPKSending to the data owner;
the encryption module is used for the data owner to use the system public keyPKData to be encryptedmAnd datamAttribute string ofωRunning the encryption algorithm as input
Figure 29917DEST_PATH_IMAGE002
Generating a ciphertextCTAnd the cipher text is encryptedCTSending the data to a cloud server for storage;
the data sending module is used for requesting the ciphertext from the cloud server by the data userCTInputting a secret key
Figure 565809DEST_PATH_IMAGE071
And ciphertextCTRunning a decryption algorithm
Figure 100002_DEST_PATH_IMAGE103
Decoding the ciphertext to obtain datam
The key generation module and the key generation center utilize a master private keyMSKSystem public keyPKIdentity informationIDAnd deterministic finite automata model
Figure 768252DEST_PATH_IMAGE008
Running a key generation algorithm
Figure 849340DEST_PATH_IMAGE104
Generating decryption keys
Figure 435436DEST_PATH_IMAGE071
And user identity keyKey ID Will be
Figure 100002_DEST_PATH_IMAGE105
Logging in user hash tableLISTAnd will decrypt the key
Figure 338801DEST_PATH_IMAGE071
Sending to the data user;
the decryption module is used for requesting ciphertext from the cloud server by the data userCTInputting a secret key
Figure 831968DEST_PATH_IMAGE071
And ciphertextCTRunning a decryption algorithm
Figure 349537DEST_PATH_IMAGE103
Decoding the ciphertext to obtain datam
Yet another aspect of the present invention provides an electronic device, including:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores computer program instructions executable by the at least one processor to enable the at least one processor to perform the DFA-based adaptive security black-box traceable key attribute encryption method.
Yet another aspect of the present invention provides a computer-readable storage medium storing a program which, when executed by a processor, implements the DFA-based adaptive security black-box traceable key attribute encryption method.
Compared with the prior art, the invention has the following advantages and beneficial effects:
1. the invention takes DFA as the access structure, can process any long attribute character string, can match the range attribute, and solves the technical problem that any character input can not be processed, thereby achieving the technical effect of more flexible access control function.
2. The invention adopts the technology of paired coding and high-efficiency black box tracking algorithm, solves the problems that the black box tracking can not be carried out based on the attribute encryption of the DFA and the small attribute set and the safety in the ABE scheme with the black box tracking algorithm, thereby achieving the technical effects of supporting the property of the universe, adaptively and safely supporting the attribute encryption with the black box tracking function of the DFA.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a flowchart of a DFA-based adaptive security black-box traceable key attribute encryption method according to an embodiment of the present invention;
fig. 2 is a block diagram of a DFA-based adaptive security black-box traceable key attribute encryption system according to an embodiment of the present invention.
Fig. 3 is a block diagram of an electronic device according to an embodiment of the invention.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. It is to be understood that the embodiments described are only a few embodiments of the present application and not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
The policies mentioned in this application are all represented using access structures. In 2007, scholars proposed access trees as a CPABE solution for access structures. Where leaf nodes of the tree represent user attributes and non-leaf nodes represent and or gate logic. The same year has proposed a (t, n) threshold strategy. A scholars in 2011 proposed an attribute encryption Scheme based on a Linear Secret Sharing Scheme (LSSS) as an access policy. In order to satisfy the requirement of being capable of processing the attribute of an input character string with any length, a scholars designs an attribute encryption scheme taking Deterministic Finite Automata (DFA) as an access structure.
White/black box tracking: in KP-ABE, users with the same access structure will have the same decryption rights. Since the private key of the user is only related to the access structure, some users are motivated by interests to intentionally reveal their private key to illegal users for use, and therefore the problem that the key can be blamed is a relatively popular research direction. And further classifying the key leakage and decryption algorithm into white box tracking and black box tracking according to whether the key needs to be known during key accountability. White-box tracing means we can know the internal structure of the compromised key and the decryption algorithm; the black box tracking is a black box which can be used for decoding a ciphertext, the internal structure of the black box is unknown, and the identity of the black box is tracked only through the decoded object.
Large unisource: attribute encryption is further divided into small universe (small universe) and large universe (large universe) attribute structures. In the microcosm structure, a full set of attributes needs to be input in an initialization stage, the size of an attribute space is bounded in security parameters, the attributes are fixed during setting, and the size of a common parameter is increased along with the increase of the full set of attributes. In the Large universe structure, only the safety parameter lambda is needed in the initialization stage, and the size and the attribute of the public parameter are irrelevant.
For simplicity of expression, the letter head with wavy lines representing a set of numbers, e.g.
Figure 531251DEST_PATH_IMAGE106
Deterministic Finite Automata (DFA).
The black box traceable key attribute encryption method based on DFA self-adaptive security utilizes an encryption algorithm to realize the black box tracing function of attribute encryption, the algorithm is realized based on an attribute encryption scheme that a deterministic finite automaton is used as an access structure, and the method mainly comprises the following parts:
1. initialization algorithm
Figure 159678DEST_PATH_IMAGE001
: the initialization algorithm only needs a parameter lambda and meets the large riverse attribute;
inputting the safety parameter lambda into an initialization algorithm, and initializing to obtain a resultant order group
Figure 510281DEST_PATH_IMAGE015
Generating a system public key from the composite order group
Figure 198752DEST_PATH_IMAGE016
Wherein
Figure 133341DEST_PATH_IMAGE018
Is a group-generating algorithm that is,P 1P 2 P 3are three mutually different large prime numbers,GandG T is of orderNThe resultant order group of (a) is,Nis thatP 1P 2 P 3The product of (a) and (b),ein order to be a bilinear mapping,
Figure 565459DEST_PATH_IMAGE019
Figure 767639DEST_PATH_IMAGE020
andfis a slave groupGMiddle order isP 1A subgroup ofG p1Wherein the generation elements are randomly selected from the group,
Figure 100002_DEST_PATH_IMAGE107
αandβis a slave dieNInteger ring ofZ N Randomly selected elements;
will be provided with
Figure 440060DEST_PATH_IMAGE022
As a result of the system public key,
Figure 111213DEST_PATH_IMAGE023
as the system master key.
2. Key generation algorithm
Figure 157859DEST_PATH_IMAGE108
: generating a key using the DFA as an access structure, specifically:
input-authorized DFA description
Figure 840644DEST_PATH_IMAGE045
System public keyPKMaster private keyMSKAnd user identityID
Order tonIndicating the number of states of the state machine, i.e.
Figure 100002_DEST_PATH_IMAGE109
Let us orderLThe number of transfer functions representing the automaton being
Figure 182501DEST_PATH_IMAGE110
Having a transfer function
Figure 100002_DEST_PATH_IMAGE111
Wherein
Figure 888420DEST_PATH_IMAGE112
Respectively, the states of a certain state machine,
Figure 662341DEST_PATH_IMAGE050
single character mapping received for a state machine
Figure 842043DEST_PATH_IMAGE026
An integer of (2), selecting a random number
Figure 43218DEST_PATH_IMAGE051
For each state
Figure 439695DEST_PATH_IMAGE052
Selecting a corresponding random number
Figure 17307DEST_PATH_IMAGE053
And make an order
Figure 48586DEST_PATH_IMAGE054
Let us order
Figure 155082DEST_PATH_IMAGE055
Use of
Figure 38855DEST_PATH_IMAGE056
Random number of
Figure 154579DEST_PATH_IMAGE057
And in common parameters
Figure 43294DEST_PATH_IMAGE029
As a coding formula
Figure 586271DEST_PATH_IMAGE058
Is input to, generated from
Figure 957340DEST_PATH_IMAGE059
Figure 100002_DEST_PATH_IMAGE113
Wherein
Figure 922760DEST_PATH_IMAGE061
A parameter representing the mapping of each state in the state machine to an element on the complex order group,
Figure 289150DEST_PATH_IMAGE114
parameters representing some of the public parameters and the primary private key elements embedded,
Figure 100002_DEST_PATH_IMAGE115
representing parameters after the t-th transfer equation encoding, and participating in operation when identifying the attribute character string and performing state jump;
selecting different random numbers for each user
Figure 471870DEST_PATH_IMAGE064
Calculating user identity key
Figure 425176DEST_PATH_IMAGE065
Will be
Figure 633435DEST_PATH_IMAGE011
Deposit to user hash tableLISTIn the middle, let
Figure 244544DEST_PATH_IMAGE116
Representing parameters
Figure 100002_DEST_PATH_IMAGE117
Number of inner elements, from groupGIn the order ofPSubgroup of 3
Figure 440908DEST_PATH_IMAGE068
In the random selectionm 1A generator
Figure 520991DEST_PATH_IMAGE069
Generating a user private key of
Figure 516629DEST_PATH_IMAGE118
Will be
Figure 488303DEST_PATH_IMAGE071
Sending the information to an authorized user requesting the private key;
wherein
Figure 543984DEST_PATH_IMAGE072
Representing a parameter containing a primary private key element,
Figure 845783DEST_PATH_IMAGE067
indicating use of
Figure 645112DEST_PATH_IMAGE073
After performing dot product operation on group
Figure 480081DEST_PATH_IMAGE074
Various parameters are hidden.
3. Encryption algorithm
Figure 582030DEST_PATH_IMAGE024
The method specifically comprises the following steps:
inputting datamSystem public keyPKAnd attributes of the data.
Parsing from each digit of a string
Figure 620393DEST_PATH_IMAGE025
lTo representωNumber of bits of (D), slave modeNInteger ring of
Figure 944451DEST_PATH_IMAGE026
In selecting random number
Figure 100002_DEST_PATH_IMAGE119
Using these random numbers
Figure 197709DEST_PATH_IMAGE028
And in the system public key
Figure 703515DEST_PATH_IMAGE029
Using pairwise coding formulas
Figure 494753DEST_PATH_IMAGE030
Generate, generate
Figure 386617DEST_PATH_IMAGE031
Wherein
Figure 681332DEST_PATH_IMAGE120
The coding combination formula is as follows:
Figure 100002_DEST_PATH_IMAGE121
generating according to the calculation:
Figure 829810DEST_PATH_IMAGE122
will beCTUploading to a cloud server;
wherein,
Figure 593498DEST_PATH_IMAGE035
attribute character string representing dataωEach of the bits of (a) to (b),
Figure 272741DEST_PATH_IMAGE036
is a parameter randomly chosen from a ring of integers,
Figure 936809DEST_PATH_IMAGE037
a parameter for participating in encryption generated using the random number and the common parameter,
Figure 941674DEST_PATH_IMAGE038
indicating storage of random numbersS i The value of (a) is,
Figure 192658DEST_PATH_IMAGE039
representing attribute strings embedded in a user for encryptionωTo (1) aiThe parameters of the bit of information are,
Figure 410013DEST_PATH_IMAGE040
show that
Figure 100002_DEST_PATH_IMAGE123
Generator on these element pair group
Figure 259414DEST_PATH_IMAGE042
The parameters obtained by the exponentiation operation,C 0 is a public commitment to a secret value,
Figure 44967DEST_PATH_IMAGE043
Representing datamThe encrypted main ciphertext.
4. Decryption algorithm
Figure 281782DEST_PATH_IMAGE124
The method specifically comprises the following steps:
inputting cipher textCTAnd a decryption key
Figure 568407DEST_PATH_IMAGE071
And performing decryption operation:
the algorithm first lets deterministic finite automata in the key
Figure 177374DEST_PATH_IMAGE008
Matching attribute stringsωIf, if
Figure 524042DEST_PATH_IMAGE008
Does not accept attribute stringsωThe algorithm outputs an error sign, otherwise, if it is acceptableωHave a correspondence tol+1 states
Figure 262801DEST_PATH_IMAGE076
To a
Figure 87538DEST_PATH_IMAGE077
Is provided withlA transfer function
Figure 82170DEST_PATH_IMAGE078
In the last state
Figure 68581DEST_PATH_IMAGE079
For each transfer function
Figure 279988DEST_PATH_IMAGE080
Finding transfer functions for coding in DFA
Figure 314940DEST_PATH_IMAGE081
(ii) a The pairing formula of the decryption algorithm is set as
Figure 665543DEST_PATH_IMAGE082
WhereinEIs to make a vector
Figure 88434DEST_PATH_IMAGE083
And
Figure 288603DEST_PATH_IMAGE084
combining the calculated matrices as follows:
Figure 720721DEST_PATH_IMAGE085
wherein
Figure 922901DEST_PATH_IMAGE086
Representing the calculation process of state jump;
the decryption calculation is as follows:
Figure 782273DEST_PATH_IMAGE087
wherein,
Figure 938579DEST_PATH_IMAGE088
is the result of an intermediate operation resulting from the decryption,
Figure 174388DEST_PATH_IMAGE089
is the final output result in the decryption process.
As shown in fig. 1, the architecture of the black box traceable key attribute encryption method based on DFA adaptive security according to the present invention includes a key generation center, a data owner, a data consumer, and a cloud server;
(A) the key generation center:
the key generation center is an authority that is fully trusted in the present system. Generating a system public key for a system during initializationPKAnd a master keyMSKAnd generates for the user in a key generation phaseBecome a decryption keySK ID And user identity keyKey ID . The key generation center firstly selects different security parameters lambda according to different security levels required by the system, and operates the initialization algorithm of the system to generate a system public keyPKAnd a master keyMSK. In the process of generating user key, the key generation center provides deterministic finite automata according to users
Figure 499583DEST_PATH_IMAGE008
And a master keyMSKGenerating a decryption key for the userSK ID And user identity keyKey ID Will be
Figure 529856DEST_PATH_IMAGE105
Deposit to user hash tableLISTThen, willSK ID And sending the data to the corresponding user.
(B) The data owner:
the data owner is a user who owns the data, and the data owner uses the system public key transmitted by the key generation centerPKAnd attributes of the data itselfωEncrypting the data to generate a ciphertextCTAnd storing the ciphertext in the cloud server for the data user to obtain.
(C) The data user:
the data consumer in the system has access strategy to data, and the access strategy can be deterministic finite automata
Figure 439038DEST_PATH_IMAGE008
And (4) showing. Deterministic finite automata for data consumer delivery
Figure 212959DEST_PATH_IMAGE008
Obtaining a decryption key for a cloud serverSK ID . The data user uses his own decryption keySK ID And unlocking the ciphertext.
(D) The cloud server:
the cloud server has a ciphertext database forDepositing encrypted dataCTWhen the user requests the ciphertext, the ciphertext data requested by the user is returnedCT
Referring to fig. 1 again, the black box traceable key attribute encryption method based on DFA adaptive security of the present invention specifically includes the following 10 steps:
(1) running algorithms from key generation centers
Figure 100002_DEST_PATH_IMAGE125
Generating a system public keyPKAnd a master private keyMSK
(2) The key generation center sends the system public keyPKSending to the data owner;
(3) data owner will system public keyPKData, datamAttribute string ofωAnd data that needs to be encryptedmAs input, running an encryption algorithm
Figure 61835DEST_PATH_IMAGE126
Generating a ciphertext CT;
(4) data owner will encryptCTSending the data to a cloud server for storage;
(5) identity of data userIDDeterministic finite automata model for information and authorization
Figure 100002_DEST_PATH_IMAGE127
Sending the key to a key generation center;
(6) key generation center utilizing master private keyMSKSystem public keyPKIdentity informationIDAnd deterministic finite automata model
Figure 311944DEST_PATH_IMAGE008
Running a key generation algorithm
Figure 957689DEST_PATH_IMAGE128
Generating decryption keys
Figure 20454DEST_PATH_IMAGE071
And user identity keyKey ID Will be
Figure 68044DEST_PATH_IMAGE011
Logging in user hash tableLISTAnd will decrypt the key
Figure 689387DEST_PATH_IMAGE071
Sending to the data user;
(7) the key generation center decrypts the key
Figure 556849DEST_PATH_IMAGE071
Sending to the data user;
(8) data user requests ciphertext from cloud serverCT
(9) Cloud server returns ciphertextCT
(10) Data user input key
Figure 423305DEST_PATH_IMAGE071
And ciphertextCTRun decryption
Figure 325402DEST_PATH_IMAGE075
Algorithm, decoding ciphertext to obtain datam
Further, when black box tracking is performed, if a key is embedded in an illegal black box that cannot obtain a structure, the identity of the owner of the key needs to be found.
Only in the process of the encryption algorithm, a random number is randomly acquired
Figure 100002_DEST_PATH_IMAGE129
. Then will be
Figure 171174DEST_PATH_IMAGE130
All ofSIs replaced by
Figure 11086DEST_PATH_IMAGE091
And obtaining a trapdoor
Figure 930500DEST_PATH_IMAGE094
. Then will beCipher text
Figure 936371DEST_PATH_IMAGE131
And sending the data to a decryption machine for decryption. Because the decryption machine only operates according to a fixed program flow: (run Decrypt algorithm):
Figure 260036DEST_PATH_IMAGE096
the final result obtained by the machine is
Figure 367669DEST_PATH_IMAGE098
Such a result can be obtained and then passed through the data in handmTrap doortdThe operation is carried out, and the operation is carried out,
Figure 77393DEST_PATH_IMAGE100
then, the corresponding user identity information is searched in the user hash tableIDThe owner of the key that constructed the black box can be known.
Aiming at the problem of key abuse of DFA-based attribute encryption at present, the invention provides a high-efficiency DFA-based adaptive security attribute encryption scheme with black box tracking, on one hand, a pairwise coding mode is used, the scheme is constructed on a combined order bilinear group, the scheme security is improved to be adaptive security, and the scheme has a large riverse structure; on the other hand, the user identity is embedded into the user key, a smart and efficient tracking algorithm is constructed, and black box tracking of illegal decryption equipment is achieved. The present invention uses DFAs as a black-box traceable scheme for access structures and pairwise coding techniques to obtain cosmic properties and adaptive security functions.
It should be noted that, for the sake of simplicity, the foregoing method embodiments are described as a series of acts or combinations, but those skilled in the art should understand that the present invention is not limited by the described order of acts, as some steps may be performed in other orders or simultaneously according to the present invention.
Based on the same idea as the black box traceable key attribute encryption method based on the DFA adaptive security in the above embodiment, the present invention further provides a black box traceable key attribute encryption system based on the DFA adaptive security, which can be used to execute the above black box traceable key attribute encryption method based on the DFA adaptive security. For convenience of illustration, the structural schematic diagram of the DFA-based adaptive security black box traceable key attribute encryption system embodiment only shows a part related to the embodiment of the present invention, and those skilled in the art will understand that the illustrated structure does not constitute a limitation to the apparatus, and may include more or less components than those illustrated, or combine some components, or arrange different components.
Referring to fig. 2, in another embodiment of the present application, a DFA adaptive security-based black box traceable key attribute encryption system 100 is provided, which includes an initialization module 101, an encryption module 102, a data transmission module 103, a key generation module 104, and a decryption module 105;
the initialization module 101 is used for operating an initialization algorithm in the key generation center
Figure 688503DEST_PATH_IMAGE102
Generating a system public keyPKAnd a master private keyMSKAnd apply the system public keyPKSending to the data owner;
the encryption module 102 is used for the data owner to apply the system public keyPKData to be encryptedmAnd datamAttribute string ofωRunning the encryption algorithm as input
Figure DEST_PATH_IMAGE132
Generating a ciphertextCTAnd the cipher text is encryptedCTSending the data to a cloud server for storage;
the data sending module 103 is used for the data user to send the identity informationIDAnd granted deterministic finite automata model
Figure 386331DEST_PATH_IMAGE133
And is sent to a key generation center, wherein,Qis the number of states of the state machine,
Figure DEST_PATH_IMAGE134
Is a ring of integers modulo N that is,
Figure 27266DEST_PATH_IMAGE005
is the function of the transfer of the signal,
Figure 39216DEST_PATH_IMAGE006
and
Figure 504832DEST_PATH_IMAGE135
respectively an initial state and an acceptance state;
the key generation module 104 is used for the key generation center to utilize the master private keyMSKSystem public keyPKIdentity informationIDAnd deterministic finite automata model
Figure 812710DEST_PATH_IMAGE008
Running a key generation algorithm
Figure 100002_DEST_PATH_IMAGE136
Generating decryption keys
Figure 442406DEST_PATH_IMAGE071
And user identity keyKey ID Will be
Figure 976155DEST_PATH_IMAGE105
Logging in user hash tableLISTAnd will decrypt the key
Figure 811125DEST_PATH_IMAGE071
Sending to the data user;
the decryption module 105 requests the ciphertext from the cloud server by the data userCTInputting a secret key
Figure 303286DEST_PATH_IMAGE071
And ciphertextCTRunning a decryption algorithm
Figure 951436DEST_PATH_IMAGE103
Decoding the ciphertext to obtain datam
It should be noted that, the black box traceable key attribute encryption system based on DFA adaptive security of the present invention corresponds to the black box traceable key attribute encryption method based on DFA adaptive security of the present invention one to one, and the technical features and the advantages thereof described in the above-mentioned embodiment of the black box traceable key attribute encryption method based on DFA adaptive security are all applicable to the embodiment of the black box traceable key attribute encryption based on DFA adaptive security, and specific contents may refer to the description in the embodiment of the method of the present invention, and are not described herein again, and thus it is stated that.
In addition, in the implementation of the black box traceable key attribute encryption system based on DFA adaptive security according to the foregoing embodiment, the logical division of each program module is only an example, and in practical applications, the foregoing function allocation may be performed by different program modules according to needs, for example, due to configuration requirements of corresponding hardware or convenience of implementation of software, that is, the internal structure of the black box traceable key attribute encryption system based on DFA adaptive security is divided into different program modules to perform all or part of the above-described functions.
Referring to fig. 3, in an embodiment, an electronic device for implementing the method for black box traceable key attribute encryption based on DFA adaptive security is provided, where the electronic device 200 may include a first processor 201, a first memory 202, and a bus, and may further include a computer program, such as the black box traceable key attribute encryption program 203 based on DFA adaptive security, stored in the first memory 202 and executable on the first processor 201.
The first memory 202 includes at least one type of readable storage medium, which includes flash memory, removable hard disk, multimedia card, card-type memory (e.g., SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, etc. The first memory 202 may in some embodiments be an internal storage unit of the electronic device 200, such as a removable hard disk of the electronic device 200. The first memory 202 may also be an external storage device of the electronic device 200 in other embodiments, such as a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like, which are provided on the electronic device 200. Further, the first memory 202 may also include both an internal storage unit and an external storage device of the electronic device 200. The first memory 202 may be used not only to store application software installed in the electronic device 200 and various types of data, such as codes of the multi-party privacy protecting machine learning program 203, but also to temporarily store data that has been output or will be output.
The first processor 201 may be composed of an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be composed of a plurality of integrated circuits packaged with the same function or different functions, and includes one or more Central Processing Units (CPUs), microprocessors, digital Processing chips, graphics processors, and combinations of various control chips. The first processor 201 is a Control Unit (Control Unit) of the electronic device, connects various components of the whole electronic device by using various interfaces and lines, and executes various functions and processes data of the electronic device 200 by running or executing programs or modules stored in the first memory 202 and calling data stored in the first memory 202.
Fig. 3 shows only an electronic device having components, and those skilled in the art will appreciate that the structure shown in fig. 3 does not constitute a limitation of the electronic device 200, and may include fewer or more components than those shown, or some components may be combined, or a different arrangement of components.
The DFA-based adaptive security black-box traceable key attribute encryption program 203 stored in the first memory 202 of the electronic device 200 is a combination of instructions that, when executed in the first processor 201, may implement:
key generation center operation initialization algorithm
Figure 806653DEST_PATH_IMAGE001
Generating a system public keyPKAnd a master private keyMSKAnd apply the system public keyPKSending to the data owner;
data owner will system public keyPKData to be encryptedmAnd datamAttribute string ofωRunning the encryption algorithm as input
Figure 246862DEST_PATH_IMAGE132
Generating a ciphertextCTAnd the cipher text is encryptedCTSending the data to a cloud server for storage;
identity information of data userIDAnd granted deterministic finite automata model
Figure 863919DEST_PATH_IMAGE003
And is sent to a key generation center, wherein,Qis the number of states of the state machine,
Figure 497900DEST_PATH_IMAGE134
is a ring of integers modulo N that is,
Figure 373452DEST_PATH_IMAGE005
is the function of the transfer function(s),
Figure 418900DEST_PATH_IMAGE006
and
Figure 844676DEST_PATH_IMAGE007
respectively, an initial state and an acceptance state;
key generation center utilizing master private keyMSKSystem public keyPKIdentity informationIDAnd deterministic finite automata model
Figure 857631DEST_PATH_IMAGE008
Running a key generation algorithm
Figure 287607DEST_PATH_IMAGE137
Generating decryption keys
Figure 810730DEST_PATH_IMAGE071
And user identity keyKey ID Will be
Figure 550016DEST_PATH_IMAGE011
Logging in user hash tableLISTAnd will decrypt the key
Figure 269841DEST_PATH_IMAGE071
Sending to the data user;
data user requests ciphertext from cloud serverCTInputting a secret key
Figure 864027DEST_PATH_IMAGE071
And ciphertextCTRunning a decryption algorithm
Figure 133334DEST_PATH_IMAGE013
Decoding the ciphertext to obtain datam
Further, the modules/units integrated with the electronic device 200, if implemented in the form of software functional units and sold or used as independent products, may be stored in a non-volatile computer-readable storage medium. The computer-readable medium may include: any entity or device capable of carrying said computer program code, recording medium, U-disk, removable hard disk, magnetic disk, optical disk, computer Memory, Read-Only Memory (ROM).
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above can be implemented by a computer program, which can be stored in a non-volatile computer-readable storage medium, and can include the processes of the embodiments of the methods described above when the program is executed. Any reference to memory, storage, database, or other medium used in the embodiments provided herein may include non-volatile and/or volatile memory, among others. Non-volatile memory can include read-only memory (ROM), Programmable ROM (PROM), Electrically Programmable ROM (EPROM), Electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), Dynamic RAM (DRAM), Synchronous DRAM (SDRAM), Double Data Rate SDRAM (DDRSDRAM), Enhanced SDRAM (ESDRAM), synchronous Link (Synchlink) DRAM (SLDRAM), Rambus (Rambus) direct RAM (RDRAM), direct bused dynamic RAM (DRDRAM), and bused dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above embodiments are preferred embodiments of the present invention, but the present invention is not limited to the above embodiments, and any other changes, modifications, substitutions, combinations, and simplifications which do not depart from the spirit and principle of the present invention should be construed as equivalents thereof, and all such changes, modifications, substitutions, combinations, and simplifications are intended to be included in the scope of the present invention.

Claims (10)

1. The DFA self-adaptive security-based black box traceable key attribute encryption method is characterized by comprising the following steps of:
key generation center operation initialization algorithm
Figure DEST_PATH_IMAGE002
Generating a system public keyPKAnd a master private keyMSKAnd apply the system public keyPKSending to the data owner;
data owner will system public keyPKData to be encryptedmAnd datamAttribute string ofωRunning the encryption algorithm as input
Figure DEST_PATH_IMAGE004
Generating a ciphertextCTAnd the cipher text is encryptedCTSending the data to a cloud server for storage;
data managementUser identity informationIDAnd granted deterministic finite automata model
Figure DEST_PATH_IMAGE006
And is sent to a key generation center, wherein,Qis the number of states of the state machine,
Figure DEST_PATH_IMAGE008
is a ring of integers modulo N that is,
Figure DEST_PATH_IMAGE010
is the function of the transfer function(s),
Figure DEST_PATH_IMAGE012
and
Figure DEST_PATH_IMAGE014
respectively, an initial state and an acceptance state;
key generation center utilizing master private keyMSKSystem public keyPKIdentity informationIDAnd deterministic finite automata model
Figure DEST_PATH_IMAGE016
Running a key generation algorithm
Figure DEST_PATH_IMAGE018
Generating decryption keys
Figure DEST_PATH_IMAGE020
And user identity keyKey ID Will be
Figure DEST_PATH_IMAGE022
Logging in user hash tableLISTAnd will decrypt the key
Figure DEST_PATH_IMAGE023
Sending to the data user;
data user requests secret from cloud serverArticle (Chinese character)CTInputting a secret key
Figure 978085DEST_PATH_IMAGE020
And ciphertextCTRunning a decryption algorithm
Figure DEST_PATH_IMAGE025
Decoding the ciphertext to obtain datam
2. The DFA adaptive security-based black-box traceable key attribute encryption method of claim 1, wherein the initialization algorithm
Figure DEST_PATH_IMAGE026
The method specifically comprises the following steps:
inputting the safety parameter lambda into an initialization algorithm, and initializing to obtain a resultant order group
Figure DEST_PATH_IMAGE028
Generating a system public key from the resultant order group
Figure DEST_PATH_IMAGE030
Wherein
Figure DEST_PATH_IMAGE032
Is a group-generating algorithm that is,P 1P 2 P 3are three mutually different large prime numbers,GandG T is of orderNThe resultant order group of (a) is,Nis thatP 1P 2 P 3The multiplication of (a) by (b),ein order to be a bilinear mapping,
Figure DEST_PATH_IMAGE034
Figure DEST_PATH_IMAGE036
andfis a slave groupGMiddle order isP 1A subgroup ofG p1ZhongrandThe selected generating element is selected according to the number of the generating elements,
Figure DEST_PATH_IMAGE038
αandβis a slave dieNInteger ring ofZ N Randomly selected elements;
will be provided with
Figure DEST_PATH_IMAGE039
As a result of the system public key,
Figure DEST_PATH_IMAGE041
as the system master key.
3. The DFA adaptive security-based black-box traceable key attribute encryption method of claim 1, wherein the encryption algorithm is
Figure DEST_PATH_IMAGE042
The method specifically comprises the following steps:
inputting datamSystem public keyPKAnd attribute string of dataω
Parsing from each digit of a string
Figure DEST_PATH_IMAGE044
lTo representωNumber of bits of (D), slave modeNInteger ring of
Figure DEST_PATH_IMAGE045
In selecting random number
Figure DEST_PATH_IMAGE047
Using these random numbers
Figure DEST_PATH_IMAGE049
And in the system public key
Figure DEST_PATH_IMAGE051
Using pairwise coding formulas
Figure DEST_PATH_IMAGE053
Generate, generate
Figure DEST_PATH_IMAGE055
Wherein
Figure DEST_PATH_IMAGE057
The coding combination formula is as follows:
Figure DEST_PATH_IMAGE059
generating according to the calculation:
Figure DEST_PATH_IMAGE061
will beCTUploading to a cloud server;
wherein,
Figure DEST_PATH_IMAGE063
attribute character string representing dataωEach of the bits of (a) to (b),
Figure DEST_PATH_IMAGE065
is a parameter randomly chosen from a ring of integers,
Figure DEST_PATH_IMAGE067
a parameter for participating in encryption generated using the random number and the common parameter,
Figure DEST_PATH_IMAGE069
representing stored random numbersS i The value of (a) is,
Figure DEST_PATH_IMAGE071
representing attribute strings embedded in a user for encryptionωTo (1) aiThe parameters of the bit of information are,
Figure DEST_PATH_IMAGE073
show that
Figure DEST_PATH_IMAGE075
Generator on these element pair group
Figure 524253DEST_PATH_IMAGE036
The parameters obtained by the exponentiation operation,C 0 is a public commitment to the secret value,
Figure DEST_PATH_IMAGE077
representing datamThe encrypted main ciphertext.
4. The DFA-based adaptive security black-box traceable key attribute encryption method of claim 1, wherein the key generation algorithm
Figure DEST_PATH_IMAGE078
The method specifically comprises the following steps:
input-authorized DFA description
Figure DEST_PATH_IMAGE079
System public keyPKMaster private keyMSKAnd user identityID
Order tonIndicating the number of states of the state machine, i.e.
Figure DEST_PATH_IMAGE081
Let us orderLThe number of transfer functions representing the automaton being
Figure DEST_PATH_IMAGE083
Having a transfer function
Figure DEST_PATH_IMAGE085
Wherein
Figure DEST_PATH_IMAGE087
Are respectively in a certain stateThe state of the machine is such that,
Figure DEST_PATH_IMAGE089
single character mapping received for a state machine
Figure 387212DEST_PATH_IMAGE045
An integer of (2), selecting a random number
Figure DEST_PATH_IMAGE091
For each state
Figure DEST_PATH_IMAGE093
Selecting a corresponding random number
Figure DEST_PATH_IMAGE095
And make an order
Figure DEST_PATH_IMAGE097
Let us order
Figure DEST_PATH_IMAGE099
Use of
Figure DEST_PATH_IMAGE101
Random number of
Figure DEST_PATH_IMAGE103
And in common parameters
Figure 283886DEST_PATH_IMAGE051
As a coding formula
Figure DEST_PATH_IMAGE105
Is input to, generated from
Figure DEST_PATH_IMAGE107
Figure DEST_PATH_IMAGE109
Wherein
Figure DEST_PATH_IMAGE111
A parameter representing the mapping of each state in the state machine to an element on the complex order group,
Figure DEST_PATH_IMAGE113
parameters representing some of the public parameters and the primary private key elements embedded,
Figure DEST_PATH_IMAGE115
representing parameters after the t-th transfer equation encoding, and participating in operation when identifying the attribute character string and performing state jump;
selecting different random numbers for each user
Figure DEST_PATH_IMAGE117
Calculating user identity key
Figure DEST_PATH_IMAGE119
Will be
Figure 179817DEST_PATH_IMAGE022
Deposit to user hash tableLISTIn the middle, let
Figure DEST_PATH_IMAGE121
Representing parameters
Figure DEST_PATH_IMAGE123
Number of inner elements, from groupGIn the order ofPSubgroup of 3
Figure DEST_PATH_IMAGE125
In the random selectionm 1A generator
Figure DEST_PATH_IMAGE127
Generating a user private key of
Figure DEST_PATH_IMAGE129
Will be
Figure 126913DEST_PATH_IMAGE020
Sending the information to an authorized user requesting the private key;
wherein
Figure DEST_PATH_IMAGE131
Representing a parameter containing a primary private key element,
Figure 579234DEST_PATH_IMAGE123
indicating usage
Figure DEST_PATH_IMAGE133
After performing dot product operation on group
Figure DEST_PATH_IMAGE135
Various parameters are hidden parameters.
5. The DFA-based adaptive security black-box traceable key attribute encryption method of claim 1, wherein the decryption algorithm
Figure DEST_PATH_IMAGE136
The method specifically comprises the following steps:
inputting cipher textCTAnd a decryption key
Figure 230664DEST_PATH_IMAGE020
And performing decryption operation:
the algorithm first lets deterministic finite automata in the key
Figure 509329DEST_PATH_IMAGE016
Matching attribute stringsωIf, if
Figure 565010DEST_PATH_IMAGE016
Does not accept attribute stringsωThe algorithm outputs an error sign, otherwise, if it is acceptableωHave a correspondence tol+1 states
Figure DEST_PATH_IMAGE138
To a
Figure DEST_PATH_IMAGE140
Is provided withlA transfer function
Figure DEST_PATH_IMAGE142
In the last state
Figure DEST_PATH_IMAGE144
For each transfer function
Figure DEST_PATH_IMAGE146
Finding transfer functions for coding in DFA
Figure DEST_PATH_IMAGE148
(ii) a The pairing formula of the decryption algorithm is set as
Figure DEST_PATH_IMAGE150
WhereinEIs to make a vector
Figure DEST_PATH_IMAGE152
And
Figure DEST_PATH_IMAGE154
combining the calculated matrices as follows:
Figure DEST_PATH_IMAGE156
wherein
Figure DEST_PATH_IMAGE158
Representing the calculation process of state jump;
the decryption calculation is as follows:
Figure DEST_PATH_IMAGE160
wherein,
Figure DEST_PATH_IMAGE162
is the result of an intermediate operation resulting from the decryption,
Figure DEST_PATH_IMAGE164
is the final output result in the decryption process.
6. The DFA-based adaptive security black box traceable key attribute encryption method of claim 1, wherein if the key is embedded in an illegal black box that cannot obtain a structure, the identity of the owner of the key needs to be found, specifically:
random selection of data by a trackermAttribute string capable of matching access structure in this illegal black boxωAnd system public keyPKAnd running the algorithm
Figure DEST_PATH_IMAGE166
In the generation of cryptographic algorithms
Figure 105625DEST_PATH_IMAGE073
In the calculation process of (2), from an integer ring
Figure 904954DEST_PATH_IMAGE045
In the method, a random number is randomly acquired
Figure DEST_PATH_IMAGE168
Using random numbers
Figure DEST_PATH_IMAGE169
Replacement of
Figure 615290DEST_PATH_IMAGE049
In (1)SParticipating in operation to obtain a tracking cipher textTraceCTThe tracing cipher textTraceCTStructure and generalCTIn the same way, only
Figure 107451DEST_PATH_IMAGE073
InSIs replaced by
Figure 162126DEST_PATH_IMAGE168
Let us order
Figure DEST_PATH_IMAGE171
To express new
Figure 536782DEST_PATH_IMAGE073
And use of
Figure 508149DEST_PATH_IMAGE168
AndSgenerating trapdoors
Figure DEST_PATH_IMAGE173
Then it retains the trapdoor itself and will track the ciphertextTraceCTSending to a decryption machine, the decryption machine decrypting the algorithm according to the decryption algorithm
Figure DEST_PATH_IMAGE175
And (3) carrying out operation:
Figure DEST_PATH_IMAGE177
wherein
Figure DEST_PATH_IMAGE179
The decryption machine performs decryption operation on the tracking ciphertext to obtain an intermediate result, and performs decryption operation on the last step to obtain a decryption result
Figure DEST_PATH_IMAGE181
Because the decryption black box cannot distinguishTraceCTAndCTso as to output the decryption result of the tracking cipher text
Figure DEST_PATH_IMAGE183
The tracker obtains
Figure 16884DEST_PATH_IMAGE183
Then, the data in the hand is passedmTrap doortdThe following operations are carried out to obtain the main key corresponding to the user identity in the user identity tableKey ID
Figure DEST_PATH_IMAGE185
Tracing the passage of a personKey ID From user hash tablesLISTCheck user identity informationID
7. The DFA-based adaptive security black-box traceable key attribute encryption method of claim 4, wherein in the key generation algorithm, the slave group generates the key attribute from the groupGMiddle order isP 3A subgroup ofG p3In the random selection of group elements
Figure DEST_PATH_IMAGE187
And performing dot multiplication operation to hide the random number.
8. The black box traceable key attribute encryption system based on DFA adaptive security is characterized in that the black box traceable key attribute encryption method based on DFA adaptive security is applied to any one of claims 1 to 7, and comprises an initialization module, an encryption module, a data transmission module, a key generation module and a decryption module;
the initialization module is used for operating an initialization algorithm by the key generation center
Figure DEST_PATH_IMAGE188
Generating a system public keyPKAnd a master private keyMSKAnd apply the system public keyPKSending to the data owner;
the encryption module is used for the data owner to use the system public keyPKData to be encryptedmAnd datamAttribute string ofωRunning the encryption algorithm as input
Figure 995074DEST_PATH_IMAGE004
Generating a ciphertextCTAnd the cipher text is encryptedCTSending the data to a cloud server for storage;
the data sending module is used for requesting the ciphertext from the cloud server by the data userCTInputting a secret key
Figure 136205DEST_PATH_IMAGE020
And ciphertextCTRunning a decryption algorithm
Figure 447232DEST_PATH_IMAGE136
Decoding the ciphertext to obtain datam
The key generation module and the key generation center utilize a master private keyMSKSystem public keyPKIdentity informationIDAnd deterministic finite automata model
Figure 281196DEST_PATH_IMAGE016
Running a key generation algorithm
Figure DEST_PATH_IMAGE189
Generating decryption keys
Figure 608665DEST_PATH_IMAGE020
And user identity keyKey ID Will be
Figure DEST_PATH_IMAGE190
For depositHousehold hash tableLISTAnd will decrypt the key
Figure 163274DEST_PATH_IMAGE020
Sending to the data user;
the decryption module is used for requesting ciphertext from the cloud server by the data userCTInputting a secret key
Figure 827343DEST_PATH_IMAGE020
And ciphertextCTRunning a decryption algorithm
Figure 832208DEST_PATH_IMAGE136
Decoding the ciphertext to obtain datam
9. An electronic device, characterized in that the electronic device comprises:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores computer program instructions executable by the at least one processor to cause the at least one processor to perform the DFA adaptive security based black-box traceable key attribute encryption method of any of claims 1-7.
10. A computer-readable storage medium storing a program, wherein the program, when executed by a processor, implements the DFA adaptive security based black-box traceable key attribute encryption method of any of claims 1-7.
CN202210357035.5A 2022-04-07 2022-04-07 DFA self-adaptive security-based black box traceable key attribute encryption method and device Active CN114430321B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210357035.5A CN114430321B (en) 2022-04-07 2022-04-07 DFA self-adaptive security-based black box traceable key attribute encryption method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210357035.5A CN114430321B (en) 2022-04-07 2022-04-07 DFA self-adaptive security-based black box traceable key attribute encryption method and device

Publications (2)

Publication Number Publication Date
CN114430321A true CN114430321A (en) 2022-05-03
CN114430321B CN114430321B (en) 2022-07-12

Family

ID=81314446

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210357035.5A Active CN114430321B (en) 2022-04-07 2022-04-07 DFA self-adaptive security-based black box traceable key attribute encryption method and device

Country Status (1)

Country Link
CN (1) CN114430321B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115396222A (en) * 2022-08-30 2022-11-25 重庆紫光华山智安科技有限公司 Device instruction execution method, system, electronic device and readable storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8566601B1 (en) * 2012-09-12 2013-10-22 Zeutro Llc Systems and methods for functional encryption using a string of arbitrary length
CN106888080A (en) * 2015-11-25 2017-06-23 恩智浦有限公司 Protection whitepack feistel network implementations are in case fault analysis
CN111447209A (en) * 2020-03-24 2020-07-24 西南交通大学 Black box traceable ciphertext policy attribute-based encryption method
CN113489591A (en) * 2021-06-04 2021-10-08 杭州师范大学 Traceable comparison attribute encryption method based on multiple authorization centers

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8566601B1 (en) * 2012-09-12 2013-10-22 Zeutro Llc Systems and methods for functional encryption using a string of arbitrary length
CN106888080A (en) * 2015-11-25 2017-06-23 恩智浦有限公司 Protection whitepack feistel network implementations are in case fault analysis
CN111447209A (en) * 2020-03-24 2020-07-24 西南交通大学 Black box traceable ciphertext policy attribute-based encryption method
CN113489591A (en) * 2021-06-04 2021-10-08 杭州师范大学 Traceable comparison attribute encryption method based on multiple authorization centers

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
JUNQING GONG AND HOETECK WEE: "daptively Secure ABE for DFA from k-Lin and More", 《HTTPS://EPRINT.IACR.ORG/2020/194.PDF 》 *
孟飞: "将属性加密体制应用于云存储中关键问题的研", 《CNKI中国博士学位论文全文数据库信息科技辑》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115396222A (en) * 2022-08-30 2022-11-25 重庆紫光华山智安科技有限公司 Device instruction execution method, system, electronic device and readable storage medium
CN115396222B (en) * 2022-08-30 2024-03-12 重庆紫光华山智安科技有限公司 Device instruction execution method, system, electronic device and readable storage medium

Also Published As

Publication number Publication date
CN114430321B (en) 2022-07-12

Similar Documents

Publication Publication Date Title
CN111130757B (en) Multi-cloud CP-ABE access control method based on block chain
US8121294B2 (en) System and method for a derivation function for key per page
US8171306B2 (en) Universal secure token for obfuscation and tamper resistance
TW201812638A (en) Storage design method of blockchain encrypted radio frequency chip
CN105306194B (en) For encrypted file and/or the multiple encryption method and system of communications protocol
CN106534092A (en) Message-based and key-dependent privacy data encryption method
CN110710155A (en) Progressive key encryption algorithm
CN105721135B (en) Implement the method for cryptographic operation using replacement box
CN106888080A (en) Protection whitepack feistel network implementations are in case fault analysis
CN106888081B (en) Wide coding of intermediate values within white-box implementations
CN105721146B (en) A kind of big data sharing method towards cloud storage based on SMC
CN105024803A (en) Behavioral fingerprint in a white-box implementation
TWI597960B (en) Key splitting
Aruna et al. Medical healthcare system with hybrid block based predictive models for quality preserving in medical images using machine learning techniques
CN114500069A (en) Method and system for storing and sharing electronic contract
Almuzaini et al. Key Aggregation Cryptosystem and Double Encryption Method for Cloud‐Based Intelligent Machine Learning Techniques‐Based Health Monitoring Systems
CN114430321B (en) DFA self-adaptive security-based black box traceable key attribute encryption method and device
CN107360252B (en) Data security access method authorized by heterogeneous cloud domain
Joseph et al. A Novel Algorithm for secured data sharing in cloud using GWOA-DNA cryptography
WO2023134576A1 (en) Data encryption method, attribute authorization center, and storage medium
CN116248289A (en) Industrial Internet identification analysis access control method based on ciphertext attribute encryption
Kavuri et al. An improved integrated hash and attributed based encryption model on high dimensional data in cloud environment
Elumalai et al. Secure and efficient data storage with Rivest Shamir Adleman algorithm in cloud environment
Lin et al. A secure fine-grained access control mechanism for networked storage systems
Naik et al. Original Research Article Key management and access control based on combination of cipher text-policy attribute-based encryption with Proxy Re-Encryption for cloud data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant