CN114567465A - Searchable encryption method for classified medical data based on block chain - Google Patents

Searchable encryption method for classified medical data based on block chain Download PDF

Info

Publication number
CN114567465A
CN114567465A CN202210144437.7A CN202210144437A CN114567465A CN 114567465 A CN114567465 A CN 114567465A CN 202210144437 A CN202210144437 A CN 202210144437A CN 114567465 A CN114567465 A CN 114567465A
Authority
CN
China
Prior art keywords
data
medical data
ciphertext
key
owner
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210144437.7A
Other languages
Chinese (zh)
Other versions
CN114567465B (en
Inventor
汤雨晴
陈付龙
王灿玲
黄静
吴伟
张钰漩
罗永龙
接标
谌章义
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Anhui Normal University
Original Assignee
Anhui Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Anhui Normal University filed Critical Anhui Normal University
Priority to CN202210144437.7A priority Critical patent/CN114567465B/en
Publication of CN114567465A publication Critical patent/CN114567465A/en
Application granted granted Critical
Publication of CN114567465B publication Critical patent/CN114567465B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/221Column-oriented storage; Management thereof
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3297Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving time stamps, e.g. generation of time stamps

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • General Physics & Mathematics (AREA)
  • Power Engineering (AREA)
  • Software Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Medical Treatment And Welfare Office Work (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a searchable encryption method for classified medical data based on a block chain, which comprises the following steps: step 1, initializing a system; step 2, key generation and user registration; step 3, generating and storing a ciphertext; step 4, generating a trap door; and 5, searching and sharing the ciphertext. The method can meet the search requirements of third-party data users on medical data with different sensitivity levels, improve the safety of the searchable encryption scheme and reduce the calculation and storage expenses.

Description

Searchable encryption method for classified medical data based on block chain
Technical Field
The invention relates to the technical field of information security, in particular to a searchable encryption method for classified medical data based on a block chain.
Background
Medical data often contains a large amount of sensitive information, and data leakage can have serious consequences, so that a large amount of medical data is stored in a cloud server in an encrypted manner. Although the traditional cloud encryption storage mode reduces huge cost brought by local storage and can ensure the confidentiality of data, the problems of difficult retrieval of encrypted data, leakage risk of sensitive data in the data sharing process and the like also exist. The searchable encryption method can realize keyword search of the ciphertext on the premise of ensuring data security. In addition, different medical data has different sensitivities, and the sensitivity of medical data such as the identification number of a patient, a home address, a contact phone, and the like is the highest, while the sensitivity of medical data such as sex, personal preference, family history, and the like is relatively low. In practical applications, different data may be of interest to the user. For patients, when a data user wants to search for extremely sensitive personal information, the patient often wants to be able to create a search trapdoor only by himself. However, given the large computational burden of trapdoors on the patient side, it is contemplated that a physician may generate a search trapdoor when the data user searches for other less sensitive data.
In 2004, Boneh et al presented the concept of public key based searchable encryption (PEKS). Numerous searchable encryption schemes that support concatenated keyword queries, fuzzy keyword queries, wildcard keyword queries, etc. have then been proposed in succession. Most PEKS schemes heretofore have been vulnerable to keyword guessing attacks. In 2018, Wu et al constructed a secure and effective searchable public key encryption scheme using a DH shared key. Their schemes, while resistant to internal keyword guessing attacks and file injection attacks, are not resistant to online keyword guessing attacks and support multi-keyword searches. In 2020, Pakniat et al proposed a certificateless authenticated encrypted search scheme that supports multiple keyword searches. Although their solution provides an enhanced security model, the search efficiency is low. In recent years, with the development of blockchain technology, blockchain technology has been gradually applied to the medical field. The combination of the block chain technology and the searchable encryption well solves the problem of high dependence of the traditional third-party center. Wang et al have proposed a block chain-based personal health profile sharing scheme, and their scheme has adopted searchable encryption and attribute set encryption techniques to achieve keyword search and fine-grained access control, while also supporting verification of data integrity, but cannot share the public part and the private part in electronic medical records, respectively.
Therefore, it is urgently needed to provide a searchable encryption method for classified medical data based on a blockchain to solve the technical problem.
Disclosure of Invention
The invention aims to provide a block chain-based searchable encryption method for classified medical data, which can meet the search requirements of third-party data users on medical data with different sensitivity levels, improve the security of a searchable encryption scheme and reduce the calculation and storage costs.
In order to achieve the above object, the present invention provides a searchable encryption method for classified medical data based on blockchains, comprising:
step 1, initializing a system;
step 2, key generation and user registration;
step 3, generating and storing a ciphertext;
step 4, generating a trap door;
and 5, searching and sharing the ciphertext.
Preferably, step 1 comprises:
the trusted authority TA selects a bilinear map e G1×G1=GTTwo hash functions
Figure BDA0003508202940000021
And
Figure BDA0003508202940000022
and a symmetric encryption algorithm E (-) in which G1And GTAre all multiplications of prime order q, G1Is g; trusted authority TA publishes system parameter para ═ (G)l,GT,q,g,e,H1,H2,E(·))。
Preferably, step 2 comprises:
step 2a, randomly selecting trusted authority A
Figure BDA0003508202940000031
Computing the public and private key pair of the data provider DP as { skp,pkp}={x,gx}; similarly, trusted authority A randomly selects
Figure BDA0003508202940000032
Computing the public and private key pair of the data owner DO as
Figure BDA0003508202940000033
Step 2b, the data owner DO will
Figure BDA0003508202940000034
Sent to the blockchain master node, wherein the IDiIs the unique identity of the data owner DO,
Figure BDA0003508202940000035
is the public key of the data owner DO; the main node of the block chain returns the account address A to the data user DOiAnd will be
Figure BDA0003508202940000036
Recording is carried out locally; at this point, the data owner DO completes the registration.
Preferably, in step 3, the data owner will (ID)i,Ai) Sent to the data provider DP, which generates the raw medical data M ═ M for the data owner DOl,MhAnd extracting MlAnd MhIs W ═ W1……wnW'1……w′nIn which M islFor less sensitive data, MhIs highly sensitive data; the data provider DP then encrypts the raw medical data and its set of keywords separately.
Preferably, step 3 comprises:
step 3a, the data provider DP calculates DH key between DP and DO by using Diffie-Hellman key agreement algorithm
Figure BDA0003508202940000037
Generating low-sensitivity data M by encrypting K as encryption keylIs encrypted by the encryption key
Figure BDA0003508202940000038
DP then generates low sensitivity data MlIs given as the set of keywords W ═ W1……wnC ofW=(A,B,C,{Di}i∈[1,n]);
Step 3b, the data provider DP uses the public key of the data owner DO
Figure BDA0003508202940000039
Generating highly sensitive data MhIs encrypted by the encryption key
Figure BDA00035082029400000310
Then, highly sensitive data M is generatedhIs equal to { W'1……w′nC ofW′=(A′,B′,C′,{D′j}j∈[1,n]);
To this end, the data provider obtains the original medical data ciphertext
Figure BDA0003508202940000041
Key word ciphertext CWAnd CW′(ii) a Data owner DP ciphertext C of original medical dataMSending the data to a cloud server, and after the data is successfully stored, returning the storage position F of the original data ciphertext by the cloud server CSiThe data owner DO uses its own private key skoFor storage position FiSigned, after which the data owner DP will send the data package (C)W,CW′,(Fi).sig,IDi,DkH (M)) as a transaction to a blockchain network, where DkIs the signature of the data provider DP.
Preferably, step 4 includes that when the DU needs to search for a certain type of medical data, the DU sends a trapdoor request to a corresponding trapdoor producer
Figure BDA0003508202940000042
Step 4a, when the data user DU requests to search for the low-sensitivity medical data MlAt the time, a set of keywords to be searched is generated by the data provider DP or the data owner DO
Figure BDA0003508202940000043
Trapdoor
Figure BDA0003508202940000044
Step 4b, when the data user DU requests to search for the highly sensitive medical data MhAt the time, the set of keywords to be searched can only be generated by the data owner DO
Figure BDA0003508202940000045
Trapdoor
Figure BDA0003508202940000046
After the trapdoor is generated, the generator of the trapdoor will trap the trapdoor
Figure BDA0003508202940000047
Or
Figure BDA0003508202940000048
Current time t1、IDiAnd IDjAnd uploading to the intelligent contracts in the blockchain.
Preferably, step 5 comprises the third party data user DU sending an identity IDjRequesting the intelligent contract to execute the search algorithm, the intelligent contract firstly obtaining the current time stamp t2Judgment of t2-t1<Whether delta t is true or not, wherein delta t is the preset trap door effective time, if t is true2-t1<Δ t, the intelligent contract continues to execute the following search algorithm:
step 5a, inputting keyword index ciphertext CW=(A,B,C,{Di}i∈[1,n]) And trap door
Figure BDA0003508202940000049
Respectively calculate
Figure BDA00035082029400000410
μ2C and
Figure BDA00035082029400000411
then determining mu1=μ2·μ3Whether the equation is established or not is judged, if the equation is established, the search algorithm is successfully executed; otherwise, the search algorithm fails to execute;
step 5b, inputting keyword index ciphertext CW′=(A′,B′,C′,{D′j}j∈[1,n]) And trap door
Figure BDA00035082029400000412
Respectively calculate
Figure BDA0003508202940000051
μ′2Is equal to C' and
Figure BDA0003508202940000052
then judging mu'1=μ′2·μ′3Whether the equation is established or not is judged, if the equation is established, the search algorithm is successfully executed; otherwise, the search algorithm fails to execute;
when the search is successful, the master node of the block chain first utilizes the public key of the DO
Figure BDA0003508202940000053
Verifying storage location FiAfter the signature is successfully verified, the block chain main node returns to the storage position F of the original medical data ciphertextiAnd account address a of data owner DOiAccount A to third party data user DUjIn the above, if the DU wants to obtain the original medical data of the DO, the DU may access the account a of the DOiAn access request is sent.
Preferably, in step 3a, first the data provider DP calculates the key between the data owner DO and the data provider DP according to the Diffie-Hellman key agreement algorithm
Figure BDA0003508202940000054
Encrypting low-sensitivity medical data M by taking K as encryption keylObtaining a ciphertext
Figure BDA0003508202940000055
The data provider DP then randomly selects
Figure BDA0003508202940000056
Calculate A ═ e (g, g)ra、B=gr
Figure BDA0003508202940000057
And
Figure BDA0003508202940000058
wherein
Figure BDA0003508202940000059
Low-sensitivity medical data MlThe key word ciphertext is CW=(A,B,C,{Di}i∈[1,n]);
In step 3b, the data provider DP utilizes the dataPublic key of owner DO
Figure BDA00035082029400000510
Generating highly sensitive data MhIs encrypted by
Figure BDA00035082029400000511
Then, data provider DP selection
Figure BDA00035082029400000512
As a random number, a' ═ e (g, g) was calculatedr
Figure BDA00035082029400000513
And
Figure BDA00035082029400000514
highly sensitive medical data MhThe key word ciphertext is CW′=(A′,B′,C′,{D′j}j∈[1,n])。
Preferably, the trapdoors of the trapdoor generation stage are generated by a designated trapdoor generator, and the highly sensitive medical data M are generated according to different sensitivity levels of the medical datahThe search trapdoor of (2) can only be generated by the data owner DO, while the less sensitive medical data MlThe search trapdoor(s) may be generated by a data provider DP, and is specifically implemented as:
in step 4a, when the third party data user DU searches for the hypo-sensitive medical data MlThe keyword set of the input search is
Figure BDA0003508202940000061
First, the private key sk of the DP is used by the data provider DPpAnd the public key of the data owner DO
Figure BDA0003508202940000062
Or the private key sk of the DO is used by the data owner DOoAnd the public key pk of DPpCalculating DH keys
Figure BDA0003508202940000063
Then, followMachine selection
Figure BDA0003508202940000064
Computing
Figure BDA0003508202940000065
Figure BDA0003508202940000066
Wherein a ═ H1(K)=H1(gxy) (ii) a The key word ciphertext is
Figure BDA0003508202940000067
In step 4b, when the third party data user DU searches the high sensitive medical data MhInputting a set of keywords to be searched
Figure BDA0003508202940000068
The private key sk of the DO can only be used by the data owner DOoAnd the public key pk of DPpComputing
Figure BDA0003508202940000069
And
Figure BDA00035082029400000610
the key word cryptograph is
Figure BDA00035082029400000611
Preferably, in the ciphertext search and sharing stage, the DU sends a keyword search request to the blockchain, and after verifying the validity of the trapdoor, an intelligent contract deployed in the blockchain network starts to execute a search algorithm, where the specific search process is as follows:
in step 5a, when the low-sensitivity medical data M is searchedlTime, input keyword cipher text CW=(A,B,C,{Di}i∈[1,n]) Trap door
Figure BDA00035082029400000612
Computing
Figure BDA00035082029400000613
μ2=C,
Figure BDA00035082029400000614
Then determining mu1=μ2·μ3Whether the result is true or not; if the equality is established, the keyword to be searched is successfully matched with the ciphertext, and the intelligent contract returns to 'TRUE'; otherwise, returning to 'FALSE';
in step 5b, when the highly sensitive medical data M is searchedhTime, input keyword cipher text CW′=(A′,B′,C′,{D′j}j∈[1,n]) Trap door
Figure BDA00035082029400000615
Computing
Figure BDA00035082029400000616
μ′2=C′,
Figure BDA00035082029400000617
Then judging mu'1=μ′2·μ′3Whether the result is true or not; if the equality is established, the keyword to be searched is successfully matched with the ciphertext, and the intelligent contract returns to 'TRUE'; otherwise, "FALSE" is returned.
According to the technical scheme, the original medical data are stored in the cloud server in an encrypted manner, and the keyword ciphertext, the hash value of the original data and the data ciphertext storage position are uploaded to the block chain, so that the original medical data and the keyword ciphertext are not easy to be distorted, and the storage pressure of the block chain is effectively reduced; secondly, according to different sensitivities of the medical data, the invention mainly divides the medical data into two types: high sensitive data and low sensitive data, and two different public key searchable encryption schemes are respectively provided for the two types of data. The method and the device realize that the searched trapdoor can only be generated by a designated trapdoor producer, not only reduce the calculation cost of generating all the trapdoors by a data owner, but also meet different searching requirements of third-party data users; finally, the invention automatically executes the search algorithm by utilizing the intelligent contract, thereby not only ensuring the high efficiency and the accuracy of the search process, but also saving the search expense of the user; meanwhile, the intelligent contract judges whether the trapdoor is in the valid period or not by calculating the time difference, so that the time controllability of the trapdoor is realized.
Additional features and advantages of the invention will be set forth in the detailed description which follows.
Drawings
The accompanying drawings, which are included to provide a further understanding of the invention and are incorporated in and constitute a part of this specification, illustrate embodiments of the invention and together with the description serve to explain the principles of the invention and not to limit the invention. In the drawings:
FIG. 1 is a system block diagram of a blockchain-based method for searchable encryption of classified medical data according to the present invention;
FIG. 2 is a flow chart of system initialization and data encryption in the block chain-based classified medical data searchable encryption method provided by the present invention;
FIG. 3 is a flowchart of a trap request and keyword search in a blockchain-based classified medical data searchable encryption method provided by the present invention;
fig. 4 is a flowchart of an algorithm of the block chain-based classified medical data searchable encryption method provided by the present invention.
Detailed Description
The following detailed description of embodiments of the invention refers to the accompanying drawings. It should be understood that the detailed description and specific examples, while indicating the present invention, are given by way of illustration and explanation only, not limitation.
Referring to fig. 1, the present invention comprises six main bodies: the data owner DO, the data provider DP, the third party data user DU, the trusted authority TA, the block chain BC and the cloud server CS. Wherein the data owner DO has ownership of the medical data and is responsible for generating a search trapdoor of highly sensitive data for the third party data users DU. Meanwhile, the DO can authorize the DP of the data provider to encrypt the medical data of the DO; and the data provider DP is responsible for encrypting the original medical data and the keyword set, uploading the medical data ciphertext to the cloud server, and uploading the keyword ciphertext to the block chain. In addition, the DP is also responsible for generating search trapdoors for low sensitive data for third party data users DU; the third party data user DU mainly refers to a third party user interested in different medical data; the trusted authority TA is responsible for generating public and private key pairs for DO, DP and DU; the block chain BC stores the keyword ciphertext and is responsible for executing a keyword search algorithm; the cloud server is mainly responsible for storing original medical data ciphertexts uploaded by the DP.
Referring to fig. 2, the specific implementation of the system initialization and data encryption storage phase is as follows:
(1) a system initialization stage: the trusted authority TA selects a bilinear map e G1×G1=GTTwo hash functions
Figure BDA0003508202940000081
And
Figure BDA0003508202940000082
and a symmetric encryption algorithm E (-) in which G1And GTAre all multiplications of prime order q, G1Is g. Trusted authority TA publishes system parameter para ═ (G)l,GT,q,g,e,H1,H2,E(·))。
(2) And key generation and user registration stages:
(2a) trusted authority A random selection
Figure BDA0003508202940000083
Public and private key pair of data provider DP is { skp,pkp}={x,gx}. Similarly, trusted authority A randomly selects
Figure BDA0003508202940000084
Computing the public and private key pair of the data owner DO as
Figure BDA0003508202940000085
(2b)DO will
Figure BDA0003508202940000086
Sent to the blockchain master node, wherein the IDiIs the global identity of the data owner DO,
Figure BDA0003508202940000087
is the public key of the data owner DO. The main node of the block chain returns the account address A to the data user DOiAnd will be
Figure BDA0003508202940000091
The recording is local. At this point, the data owner DO completes the registration.
(3) Ciphertext generation and storage stage: the data provider DP generates the raw medical data M ═ M for the data owner DOl,MhAnd define MlAnd MhIs W ═ W1……wnW'1……w′nIn which M islFor less sensitive medical data, MhIs highly sensitive medical data. The data provider DP then encrypts the two sets of medical data and keywords with different sensitivities:
(3a) for low-sensitivity medical data MlFirst, the data provider DP computes the key between the data owner DO and the data provider DP according to the Diffie-Hellman key agreement algorithm
Figure BDA0003508202940000092
Encryption of low sensitive data M using a shared secret key KlGenerating a ciphertext
Figure BDA0003508202940000093
The data provider DP is then the low-sensitivity data MlGenerating a keyword W ═ W1……wnC ofW=(A,B,C,{Di}i∈[1,n]) Wherein A ═ e (g, g)ra、B=gr
Figure BDA0003508202940000094
Figure BDA0003508202940000095
(3b) For highly sensitive medical data MhFirst, the data provider DP uses the public key of the data owner DO
Figure BDA0003508202940000096
Encrypting original medical data MhGenerating a ciphertext
Figure BDA0003508202940000097
The data provider DP is then the highly sensitive data MhGenerating a keyword W '═ { W'1……w′nC ofW′=(A′,B′,C′,{D′j}j∈[1,n]) Wherein a' ═ e (g, g)r
Figure BDA0003508202940000098
Figure BDA0003508202940000099
After the ciphertext is generated, the data owner DP encrypts the original medical data ciphertext
Figure BDA00035082029400000910
Sending to the cloud server when CMAfter being successfully stored, the cloud server CS returns the storage position F of the original data ciphertextiThe data owner DO uses its own private key skoFor storage position FiSigned, after which the data provider DP will send the data package (C)W,CW′,H(M),(Fi).sig,IDi,Dk) Is sent as a transaction to the blockchain network, where DkIs the signature of the data provider DP, and h (m) is the hash value of the medical data. To this end, the original medical data ciphertext CMKeyword cryptograph (C) of medical data of different sensitivity levels successfully stored in cloudW,CW′) Medical data hash value H (M) and storage location (F)i).sigSuccessfully stored in the blockchain;
referring to fig. 3, the specific implementation of the trapdoor generation and keyword search phase is as follows:
(4) a trapdoor generation stage: when DU of data user needs to search for a certain type of medical data, DU sends trapdoor request to corresponding trapdoor producer
Figure BDA0003508202940000101
(4a) The method comprises the following steps When data user DU searches low sensitive medical data MlThe private key sk of the DP is used by the data provider DPpAnd the public key of the data owner DO
Figure BDA0003508202940000102
Or the data owner DO utilizes the private key sk of the DOoAnd the public key pk of the data provider DPpGenerating a set of keywords to be searched
Figure BDA0003508202940000103
Trapdoor
Figure BDA0003508202940000104
Wherein
Figure BDA0003508202940000105
Figure BDA0003508202940000106
a=H1(K)=H1(gxy);
(4b) The method comprises the following steps When data user DU searches high sensitive medical data MhIn this case, the private key sk of the data owner DO can only be used by the data owner DOoAnd the public key pk of the data provider DPpGenerating a set of keywords to be searched
Figure BDA0003508202940000107
Trapdoor
Figure BDA0003508202940000108
Wherein
Figure BDA0003508202940000109
Figure BDA00035082029400001010
After the trapdoor is generated, the generator of the trapdoor can enable the trapdoor to be
Figure BDA00035082029400001011
Or
Figure BDA00035082029400001012
Current time t1、IDiAnd IDjAnd uploading to the intelligent contracts in the blockchain.
(5) Ciphertext searching and sharing stage: after the trap door is searched and successfully uploaded, the data user sends a global identity IDjRequesting the intelligent contract to execute the search algorithm, the intelligent contract first obtaining the current time stamp t2Judgment of t2-t1<Whether delta t is established or not, wherein delta t is the preset effective time of the trap door, if t is established2-t1<Delta t, the intelligent contract continues to execute the following search algorithm, otherwise, the search algorithm fails to execute;
(5a) the method comprises the following steps The intelligent contract indexes the ciphertext C according to the known keywordsW=(A,B,C,{Di}i∈[1,n]) And trap door
Figure BDA0003508202940000111
Time, respectively calculate
Figure BDA0003508202940000112
μ2C and
Figure BDA0003508202940000113
then determining mu1=μ2·μ3If the equation is established, outputting 'TRUE' by the intelligent contract to represent that the search algorithm is successfully executed, otherwise, outputting 'FALSE';
(5b) the method comprises the following steps Intelligent contracts are indexed according to known keywordsCiphertext CW′=(A′,B′,C′,{D′j}j∈[1,n]) And trap door
Figure BDA0003508202940000114
Time, respectively calculate
Figure BDA0003508202940000115
μ′2C' and
Figure BDA0003508202940000116
then judging mu'1=μ′2·μ′3If the equality is established, the intelligent contract outputs 'TRUE' to indicate that the search algorithm is successfully executed, otherwise, outputs 'FALSE';
when the keywords to be searched are successfully matched, the block chain main node firstly carries out the matching according to the ID of the data user DOiFinding the public key of the corresponding data owner DO
Figure BDA0003508202940000117
Verifying storage location FiAfter the signature is successfully verified, the main node of the block chain stores the storage position F of the original medical data ciphertextiAnd account address a of data owner DOiAccount A sent to third party data user DUjIn the above, if the DU wants to obtain the original medical data of the DO, the DU may access the account a of the DOiAn access request is sent.
Through the technical scheme, the original medical data are stored in the cloud server in an encrypted manner, and the keyword ciphertext, the hash value of the original data and the data ciphertext storage position are uploaded to the block chain, so that the original medical data and the keyword ciphertext are not easy to be distorted, and the storage pressure of the block chain is effectively reduced; meanwhile, according to different sensitivities of the medical data, the invention mainly divides the medical data into two types: high sensitive data and low sensitive data, and two different public key searchable encryption schemes are respectively provided for the two types of data. The method and the device realize that the trap door searching can only be generated by a designated trap door producer, not only reduce the calculation cost of generating all trap doors by a data owner, but also meet different searching requirements of third-party data users. Moreover, the invention automatically executes the search algorithm by utilizing the intelligent contract, thereby not only ensuring the high efficiency and the accuracy of the search process, but also saving the search expense of the user; meanwhile, the intelligent contract judges whether the trapdoor is in the valid period or not by calculating the time difference, so that the time controllability of the trapdoor is realized.
The preferred embodiments of the present invention have been described in detail with reference to the accompanying drawings, however, the present invention is not limited to the specific details of the above embodiments, and various simple modifications can be made to the technical solution of the present invention within the technical idea of the present invention, and these simple modifications are within the protective scope of the present invention.
It should be noted that the various technical features described in the above embodiments can be combined in any suitable manner without contradiction, and the invention is not described in any way for the possible combinations in order to avoid unnecessary repetition.
In addition, any combination of the various embodiments of the present invention is also possible, and the same should be considered as the disclosure of the present invention as long as it does not depart from the spirit of the present invention.

Claims (10)

1. A searchable encryption method for classified medical data based on a blockchain is characterized by comprising the following steps:
step 1, initializing a system;
step 2, key generation and user registration;
step 3, generating and storing a ciphertext;
step 4, generating a trap door;
and 5, searching and sharing the ciphertext.
2. The block chain based classified medical data searchable encryption method according to claim 1, wherein step 1 comprises:
the trusted authority TA selects a bilinear map e G1×G1=GTTwo hash functions
Figure FDA0003508202930000011
And
Figure FDA0003508202930000012
and a symmetric encryption algorithm E (-) in which G1And GTAre multiplications of prime order q, G1Is g; trusted authority TA publishes system parameter para ═ (G)l,GT,q,g,e,Hl,H2,E(·))。
3. The block chain based classified medical data searchable encryption method according to claim 1, wherein step 2 comprises:
step 2a, the trusted authority A randomly selects
Figure FDA0003508202930000013
Computing the public and private key pair of the data provider DP as { skp,pkp}={x,gx}; similarly, trusted authority A randomly selects
Figure FDA0003508202930000014
Computing the public and private key pair of the data owner DO as
Figure FDA0003508202930000015
Step 2b, the data owner DO will
Figure FDA0003508202930000016
Sent to the blockchain master node, wherein the IDiIs the unique identity of the data owner DO,
Figure FDA0003508202930000017
is the public key of the data owner DO; the main node of the block chain returns the account address A to the data user DOiAnd will (ID)i,
Figure FDA0003508202930000018
Ai) Recording locally; at this point, the data owner DO completes the registration.
4. The blockchain-based classified medical data searchable encryption method according to claim 1, wherein in step 3, the data owner will (ID)i,Ai) Sent to the data provider DP, which generates the raw medical data M for the data owner DOl,MhAnd extracting MlAnd MhIs W ═ W1……wnW'1……w′nIn which M islFor less sensitive data, MhData that is highly sensitive; the data provider DP then encrypts the raw medical data and its set of keywords separately.
5. The block chain based classified medical data searchable encryption method according to claim 4, wherein step 3 comprises:
step 3a, the data provider DP calculates DH key between DP and DO by using Diffie-Hellman key agreement algorithm
Figure FDA0003508202930000021
Generating low-sensitivity data M by encrypting K as encryption keylCipher text C ofMl(ii) a DP then generates low sensitivity data MlIs given as the set of keywords W ═ W1……wnC ofW=(A,B,C,{Di}i∈[1,n]);
Step 3b, the data provider DP uses the public key of the data owner DO
Figure FDA0003508202930000022
Generating highly sensitive data MhIs encrypted by the encryption key
Figure FDA0003508202930000023
Then, highly sensitive data M is generatedhIs equal to { W'1……w′nC ofW′=(A′,B′,C′,{D′j}j∈[1,n]);
To this end, the data provider obtains the original medical data ciphertext
Figure FDA0003508202930000024
Key word ciphertext CWAnd CW′(ii) a Data owner DP ciphertext C of original medical dataMSending the data to a cloud server, and after the data is successfully stored, returning the storage position F of the original data ciphertext by the cloud server CSiThe data owner DO uses its own private key skoFor storage position FiSigned, after which the data owner DP will send the data package (C)W,CW′,(Fi)·sig,IDi,DkH (M)) as a transaction to a blockchain network, where DkIs the signature of the data provider DP.
6. The block chain based classified medical data searchable encryption method of claim 1, wherein step 4 comprises sending a trapdoor request to a corresponding trapdoor generator by a third party Data User (DU) when DU needs to search for a certain type of medical data, (b
Figure FDA0003508202930000031
IDj):
Step 4a, when the data user DU requests to search for the low-sensitivity medical data MlAt the time, a set of keywords to be searched is generated by the data provider DP or the data owner DO
Figure FDA0003508202930000032
Trapdoor
Figure FDA0003508202930000033
Step 4b, when the data user DU asksSearching for highly sensitive medical data MhAt the time, the set of keywords to be searched can only be generated by the data owner DO
Figure FDA0003508202930000034
Trapdoor
Figure FDA0003508202930000035
After the trapdoor is generated, the generator of the trapdoor will trap the door
Figure FDA0003508202930000036
Or
Figure FDA0003508202930000037
Current time t1、IDiAnd IDjAnd uploading to an intelligent contract in the blockchain.
7. The block chain based searchable encryption method for categorized medical data according to claim 1, wherein step 5 comprises third party data user DU sending identity IDjRequesting the intelligent contract to execute the search algorithm, the intelligent contract first obtaining the current time stamp t2Judgment of t2-t1If < Δ t is true, where Δ t is the preset trapdoor active time, if t2-t1< Δ t, the intelligent contract continues to execute the following search algorithm:
step 5a, inputting keyword index ciphertext CW=(A,B,C,{Di}i∈[1,n]) And trap door
Figure FDA0003508202930000038
Respectively calculate
Figure FDA0003508202930000039
μ2C and
Figure FDA00035082029300000310
then theJudgment of mu1=μ2·μ3Whether the equation is established or not is judged, if the equation is established, the search algorithm is successfully executed; otherwise, the search algorithm fails to execute;
step 5b, inputting keyword index ciphertext CW′=(A′,B′,C′,{D′j}j∈[1,n]) And trap door
Figure FDA00035082029300000311
Respectively calculate
Figure FDA00035082029300000312
μ′2Is equal to C' and
Figure FDA00035082029300000313
then judging mu'1=μ′2·μ′3If the equality is established, the search algorithm is successfully executed; otherwise, the search algorithm fails to execute;
when the search is successful, the master node of the block chain first utilizes the public key of the DO
Figure FDA0003508202930000041
Verifying storage location FiAfter the signature is successfully verified, the block chain main node returns to the storage position F of the original medical data ciphertextiAnd account address a of data owner DOiAccount A to third party data user DUjIn the above, if the DU wants to obtain the original medical data of the DO, the DU may access the account a of the DOiAn access request is sent.
8. The blockchain-based searchable encryption method of classified medical data according to claim 5, wherein in step 3a, first, the data provider DP calculates a key between the data owner DO and the data provider DP according to a Diffie-Hellman key agreement algorithm
Figure FDA0003508202930000042
Encryption with K as encryption key is desensitizedMedical sensing data MlObtaining a ciphertext
Figure FDA0003508202930000043
The data provider DP then randomly selects
Figure FDA0003508202930000044
Calculate A ═ e (g, g)ra、B=gr
Figure FDA0003508202930000045
And
Figure FDA0003508202930000046
wherein
Figure FDA0003508202930000047
Low-sensitivity medical data MlThe key word ciphertext is CW=(A,B,C,{Di}i∈[1,n]);
In step 3b, the data provider DP utilizes the public key of the data owner DO
Figure FDA0003508202930000048
Generating highly sensitive data MhIs encrypted by the encryption key
Figure FDA0003508202930000049
Then, data provider DP selection
Figure FDA00035082029300000410
As a random number, a' ═ e (g, g) was calculatedr
Figure FDA00035082029300000411
And
Figure FDA00035082029300000412
highly sensitive medical data MhIs CW′=(A′,B′,C′,{D′j}j∈[1,n])。
9. The blockchain-based searchable encryption method for classified medical data according to claim 6, wherein the trapdoors of the trapdoor generation stage are generated by designated trapdoor generators, and the highly sensitive medical data M is generated according to different sensitivity levels of the medical datahCan only be generated by the data owner DO, while less sensitive medical data MlThe search trapdoor(s) may be generated by a data provider DP, and is specifically implemented as:
in step 4a, when the third party data user DU searches for the hypo-sensitive medical data MlThe keyword set of the input search is
Figure FDA0003508202930000051
First, the private key sk of the DP is used by the data provider DPpAnd the public key of the data owner DO
Figure FDA0003508202930000052
Or the private key sk of the DO is used by the data owner DOoAnd the public key pk of DPpCalculating DH keys
Figure FDA0003508202930000053
Then, randomly select
Figure FDA0003508202930000054
Computing
Figure FDA0003508202930000055
Figure FDA0003508202930000056
Wherein a ═ H1(K)=H1(gxy) (ii) a The key word ciphertext is
Figure FDA0003508202930000057
In step 4b, when the number of the third party is less than the number of the first partySearching for highly sensitive medical data M from user DUhInputting a set of keywords to be searched
Figure FDA0003508202930000058
The private key sk of the DO can only be used by the data owner DOoAnd the public key pk of DPpComputing
Figure FDA0003508202930000059
And
Figure FDA00035082029300000510
the key word ciphertext is
Figure FDA00035082029300000511
10. The block chain-based classified medical data searchable encryption method according to claim 7, wherein in the ciphertext searching and sharing phase, the DU sends a keyword search request to the block chain, and after verifying validity of the trapdoor, an intelligent contract deployed in a block chain network starts to execute a search algorithm, and the specific search process is as follows:
in step 5a, when the low-sensitivity medical data M is searchedlTime, input keyword cipher text CW=(A,B,C,{Di}i∈[1,n]) Trap door
Figure FDA00035082029300000512
Calculating out
Figure FDA00035082029300000513
μ2=C,
Figure FDA00035082029300000514
Then determining mu1=μ2·μ3Whether the result is true or not; if the equality is established, the keyword to be searched is successfully matched with the ciphertext, and the intelligent contract returns to 'TRUE'; otherwise, return "FALSE”;
In step 5b, when the highly sensitive medical data M is searchedhTime, input keyword cipher text CW′=(A′,B′,C′,{D′j}j∈[1,n]) Trap door
Figure FDA00035082029300000515
Computing
Figure FDA00035082029300000516
μ′2=C′,
Figure FDA0003508202930000061
Then judging mu'1=μ′2·μ′3Whether the result is true or not; if the equality is established, the keyword to be searched is successfully matched with the ciphertext, and the intelligent contract returns to 'TRUE'; otherwise, "FALSE" is returned.
CN202210144437.7A 2022-02-17 2022-02-17 Block chain-based classified medical data searchable encryption method Active CN114567465B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210144437.7A CN114567465B (en) 2022-02-17 2022-02-17 Block chain-based classified medical data searchable encryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210144437.7A CN114567465B (en) 2022-02-17 2022-02-17 Block chain-based classified medical data searchable encryption method

Publications (2)

Publication Number Publication Date
CN114567465A true CN114567465A (en) 2022-05-31
CN114567465B CN114567465B (en) 2024-05-24

Family

ID=81713837

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210144437.7A Active CN114567465B (en) 2022-02-17 2022-02-17 Block chain-based classified medical data searchable encryption method

Country Status (1)

Country Link
CN (1) CN114567465B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114900318A (en) * 2022-06-02 2022-08-12 浙江工商大学 Key agreement protocol and verifiable round-of-communication searchable encryption method
CN115314225A (en) * 2022-08-08 2022-11-08 西南石油大学 Electronic medical record sharing and verifiable system based on block chain

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014028524A1 (en) * 2012-08-15 2014-02-20 Visa International Service Association Searchable encrypted data
CN108200063A (en) * 2017-12-29 2018-06-22 华中科技大学 It is a kind of to can search for public key encryption method, system and server using this method
US20190229906A1 (en) * 2018-01-19 2019-07-25 Huazhong University Of Science And Technology Method of hybrid searchable encryption and system using the same
CN111835500A (en) * 2020-07-08 2020-10-27 浙江工商大学 Searchable encryption data secure sharing method based on homomorphic encryption and block chain
CN112417006A (en) * 2020-11-30 2021-02-26 齐鲁工业大学 Ciphertext keyword searching method, system, device and medium based on block chain
CN112765650A (en) * 2021-01-05 2021-05-07 西安电子科技大学 Attribute-based searchable encryption block chain medical data sharing method
CN113194078A (en) * 2021-04-22 2021-07-30 西安电子科技大学 Cloud-supported privacy protection sequencing multi-keyword search encryption method
CN113407966A (en) * 2021-06-25 2021-09-17 南京师范大学 Searchable public key encryption method and system with key updating and ciphertext sharing functions
CN113407627A (en) * 2021-06-17 2021-09-17 安徽师范大学 Intelligent medical network system based on block chain and medical data sharing method

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2014028524A1 (en) * 2012-08-15 2014-02-20 Visa International Service Association Searchable encrypted data
CN110086830A (en) * 2012-08-15 2019-08-02 维萨国际服务协会 The encrypted data that can search for
CN108200063A (en) * 2017-12-29 2018-06-22 华中科技大学 It is a kind of to can search for public key encryption method, system and server using this method
US20190229906A1 (en) * 2018-01-19 2019-07-25 Huazhong University Of Science And Technology Method of hybrid searchable encryption and system using the same
CN111835500A (en) * 2020-07-08 2020-10-27 浙江工商大学 Searchable encryption data secure sharing method based on homomorphic encryption and block chain
CN112417006A (en) * 2020-11-30 2021-02-26 齐鲁工业大学 Ciphertext keyword searching method, system, device and medium based on block chain
CN112765650A (en) * 2021-01-05 2021-05-07 西安电子科技大学 Attribute-based searchable encryption block chain medical data sharing method
CN113194078A (en) * 2021-04-22 2021-07-30 西安电子科技大学 Cloud-supported privacy protection sequencing multi-keyword search encryption method
CN113407627A (en) * 2021-06-17 2021-09-17 安徽师范大学 Intelligent medical network system based on block chain and medical data sharing method
CN113407966A (en) * 2021-06-25 2021-09-17 南京师范大学 Searchable public key encryption method and system with key updating and ciphertext sharing functions

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
丁晓晖: "智能合约辅助下满足前后向安全的动态可搜索加密方案", 计算机工程 *
牛淑芬;刘文科;陈俐霞;王彩芬;杜小妮;: "基于联盟链的可搜索加密电子病历数据共享方案", 通信学报, no. 08 *
闫玺玺;原笑含;汤永利;陈艳丽;: "基于区块链且支持验证的属性基搜索加密方案", 通信学报, no. 02 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114900318A (en) * 2022-06-02 2022-08-12 浙江工商大学 Key agreement protocol and verifiable round-of-communication searchable encryption method
CN114900318B (en) * 2022-06-02 2024-04-19 浙江工商大学 One-round communication searchable encryption method based on key negotiation protocol and verifiable
CN115314225A (en) * 2022-08-08 2022-11-08 西南石油大学 Electronic medical record sharing and verifiable system based on block chain

Also Published As

Publication number Publication date
CN114567465B (en) 2024-05-24

Similar Documents

Publication Publication Date Title
US11973889B2 (en) Searchable encrypted data sharing method and system based on blockchain and homomorphic encryption
CN113194078B (en) Sequencing multi-keyword search encryption method with privacy protection supported by cloud
JP4896537B2 (en) Method and system for asymmetric key security
CN110224986A (en) It is a kind of that access control method efficiently can search for based on hiding strategy CP-ABE
CN107948146B (en) Connection keyword retrieval method based on attribute encryption in hybrid cloud
CN102187618B (en) Method and apparatus for pseudonym generation and authentication
CN112365945B (en) Electronic medical record fine granularity access control and ciphertext searchable method based on blockchain
CN114567465B (en) Block chain-based classified medical data searchable encryption method
Su et al. BA-RMKABSE: Blockchain-aided ranked multi-keyword attribute-based searchable encryption with hiding policy for smart health system
CN108390855A (en) A kind of attribute base keyword search encryption system and method towards cloud storage
CN108171066A (en) The cross-domain searching method of keyword and system in a kind of medical treatment cloud under secret protection
CN112511599B (en) Civil air defense data sharing system and method based on block chain
CN111726363A (en) Attribute-based multi-user connection keyword searchable encryption method
CN115021903B (en) Electronic medical record sharing method and system based on blockchain
CN108092766A (en) A kind of cipher text searching method for verifying authority and its system
CN114826703A (en) Block chain-based data search fine-grained access control method and system
CN112532650A (en) Block chain-based multi-backup safe deletion method and system
Fan et al. Verifiable attribute-based multi-keyword search over encrypted cloud data in multi-owner setting
CN111159352B (en) Encryption and decryption method supporting multi-keyword weighted retrieval and result ordering and capable of being verified
CN114139194A (en) Privacy protection task allocation method based on task content
Yin et al. Attribute-based multiparty searchable encryption model for privacy protection of text data
CN114142996B (en) Searchable encryption method based on SM9 cryptographic algorithm
CN116663046A (en) Private data sharing and retrieving method, system and equipment based on blockchain
CN115412259B (en) Block chain-based cloud health system searchable proxy signcryption method and product
Nie et al. Time‐enabled and verifiable secure search for blockchain‐empowered electronic health record sharing in IoT

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant