CN114710357A - Dynamic searchable encryption method supporting block verification in editable block chain - Google Patents

Dynamic searchable encryption method supporting block verification in editable block chain Download PDF

Info

Publication number
CN114710357A
CN114710357A CN202210378780.8A CN202210378780A CN114710357A CN 114710357 A CN114710357 A CN 114710357A CN 202210378780 A CN202210378780 A CN 202210378780A CN 114710357 A CN114710357 A CN 114710357A
Authority
CN
China
Prior art keywords
data
verification
search
editable
block chain
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210378780.8A
Other languages
Chinese (zh)
Other versions
CN114710357B (en
Inventor
杜瑞忠
刘娜
王晶泽
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hebei University
Original Assignee
Hebei University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hebei University filed Critical Hebei University
Priority to CN202210378780.8A priority Critical patent/CN114710357B/en
Publication of CN114710357A publication Critical patent/CN114710357A/en
Application granted granted Critical
Publication of CN114710357B publication Critical patent/CN114710357B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0869Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention provides a dynamic searchable encryption method supporting block verification in an editable block chain. A new method of combining end-cloud and editable block chains is adopted to replace a front-end-cloud type data retrieval and verification method. The block index structure has good retrieval performance, a data owner transmits the verification tags after the block is divided to the editable block chain, and the result verification function is realized by the editable block chain. Secondly, the result verification list generated according to the block index reduces the calculation cost for the subsequent result verification. In addition, the editable block chain technology realizes the rewritable storage of data on the premise of ensuring the fairness and the safety of the search service, and avoids the waste of the precious resources of blocks. The invention can realize the organic integration of editability and safety credibility of the block chain. When the client or the cloud server performs malicious behaviors, the fairness and the safety of the query service can still be ensured.

Description

Dynamic searchable encryption method supporting block verification in editable block chain
Technical Field
The invention relates to the technical field of information security, in particular to a dynamic searchable encryption method supporting block verification in an editable block chain.
Background
Searchable Encryption (SE) is a cryptographic primitive developed in recent years that supports users to perform keyword search on ciphertexts, and it can save a lot of computation and communication overhead for users and make full use of huge computing resources to perform keyword search on ciphertexts. In practice, however, the cloud server and the user are not both truthfully trusted entities. The cloud server may return only partial results to save computing resources. The user may falsely return a result by the lie cloud server in order to refuse to pay the fee. There is a reliability problem.
In order to solve the problem that a malicious server returns wrong results to a user, a ciphertext retrieval scheme which can verify the results based on PPtrie tree index is provided. Subsequently, bitcoin is introduced into multi-party computing to solve the fairness problem, and the protocol in the scheme can be regarded as an intelligent contract. In order to realize the publicization of the verification, the verification is completed by utilizing a pseudo-random function and a one-way function. The Merkle Hash Tree is combined with the k-means clustering, so that the verification efficiency is improved, and the safety is also improved. These schemes assume that the user is authentic and may honestly perform the authentication process and issue the authentication result. Some users may lie that the result is wrong with the goal of refusing to pay the service fee.
Chinese patent application document (CN113949548A) discloses an attribute encryption method with verifiable private keys and searchable multiple keywords in cloud storage, which combines an authenticatable outsourcing with keyword search encryption based on attribute encryption, effectively reduces the waste of local load and computing resources, realizes quick search, supports multiple keyword search, can effectively realize quick search, and solves the problems of network bandwidth waste and higher computing cost in the prior art.
The Chinese patent application document (CN113282542A) discloses a verifiable and searchable encryption method with forward security, which sends a security token corresponding to a keyword to a server, can prevent the relevant information of the keyword stored in a file from being exposed to the server, improves the security of the file storage, and enhances the resistance to illegal attacks such as file injection attack and the like; the verification information of the stored file is determined, integrity verification is carried out on the searched file returned by the server through the verification information, the integrity of file storage can be guaranteed, and the server is prevented from maliciously changing the stored file; by generating the state corresponding to the updating sequence of the verification information, the verification information can be traced, an ordered set of file identifiers to be verified can be obtained conveniently, and the storage operation of the client on the file identifiers is saved locally; by means of XOR processing, complexity of data processing can be reduced, communication traffic during searching is reduced, and searching efficiency is improved.
Currently, blockchain technology exhibits its potential to address reliability issues. And storing the encrypted index and the encrypted data in a cloud server for realizing the functions of data storage and search. Blockchains and intelligent contracts are used to verify the correctness of search results. Since the verification operation is performed by all nodes in the network, the correctness of the result can be ensured as long as most of the nodes are honest. However, the efficiency of agreement among nodes in distributed sharing is low, and a large amount of calculation overhead is generated when the intelligent contract performs complex calculation. The irreplaceable modification of the blockchain causes a large amount of storage overhead to be generated in each new transaction, thereby affecting the efficiency of result verification in the searchable encryption scheme and the performance of data updating and reducing the retrieval experience of the user.
Disclosure of Invention
The invention aims to provide a dynamic searchable encryption method for supporting block verification in an editable block chain, which can avoid storage and calculation limitations of blocks and can solve the problem of query result credibility caused by dishonest between a user and a cloud server.
The invention is realized by the following steps: a dynamic searchable encryption method supporting block verification in an editable block chain comprises the following steps:
A. a data owner inputs a safety parameter lambda and outputs a system parameter Para;
B. the data owner generates a random number lambda according to the system parameter PararAs a data update state and stored in a state set Map, and outputs a key Pair (PK) required for encryptionD,SKD);
C. Initializing the data owner's file according to the encryption key Pair (PK)D,SKD) Encrypting the query keyword/file set, generating and outputting an encryption index table
Figure BDA0003591790620000021
The encrypted keyword set CW and the encrypted file set CD are sent to a cloud server, and a generated result verification list L is stored in an editable block chain;
D. when a data user initiates search query, a search keyword w is sent to a data owner, and the data owner sends the search keyword w and a private key SK to the data ownerDSending authorization information for the data user; the data user generates a search token ST according to the authorization information;
E. the cloud server receives a search token ST sent by a data user to execute search operation: the cloud server firstly judges the correctness of the search token, and if the search token meets the conditions, the cloud server judges the correctness of the search token according to the encryption index table
Figure BDA0003591790620000022
Executing search operation and outputting search result set SRAnd verification set PRSending the data to an editable block chain;
F. editable tile link receiving cloud server sent (S)R,PR) Then, the verification operation is executed and the verification result identifier V is outputRIf the verification is passed, returning to 1, and sending the search result set to the data user by the editable block chain and charging the fee to the data user; otherwise, return to 0, and return the deposit to the data consumer.
Preferably, in step a, a security parameter λ is input, and a bilinear pairwise cryptographic parameter (G) is output1,G2,e,p,g1);G1And G2Is two multiplication cycle groups, p is a large prime number, e is a bilinear map e G1×G1→G2,g1Is G1The number of generations;
definition H1:{0,1}*→G1,H2:{0,1}*→ZpIs two hash functions, ZpIs a finite field of order p, h0And h1Are all belonged to G1Obtaining a system parameter Para as { G1,G2,e,p,g1,H1,H2,h0,h1}。
Preferably, in step B, the data owner is selected from the sequence l, …,2λChoose random parameter lambdar∈{l,…,2λThe status is used as the data updating status and recorded in a status set Map;
the data owner randomly selects x ∈ ZpAnd computing an asymmetric random number key Pair (PK)D,SKD) Wherein
Figure BDA0003591790620000031
SKD=x;
Data owner stores private key SKDAnd randomly selecting a parameter theta epsilon to ZpSecret storage;
data owner maps and PKDAre all sent to the cloud server and the editable blockchain.
Preferably, in step C, the data owner first constructs an index structure, the constructed index structure is composed of a plurality of perfect binary trees, and except that the heights of the last two perfect binary trees may be the same, the heights of the other perfect binary trees are reduced in a cascade manner;
the data owner partitions the index structure according to the number of perfect binary trees, and calculates the root node hash hr of each partition after partitioningiAnd a chunk index hash h (hr)i) And calculate σi
Figure BDA0003591790620000032
Figure BDA0003591790620000033
Then data owner according to σiComputing a local authentication tag betaj
Figure BDA0003591790620000034
Wherein k is the number of blocks after the block division; j is 1,2, … …, m, m is the number of keywords;
the final generated result verification list is L ═ beta12,…,βm}。
Preferably, in step D, the data user sends the search key w to the data owner, who randomly selects γ1∈ZpAnd calculate
Figure BDA0003591790620000035
And
Figure BDA0003591790620000036
wherein r is0=H2(d1) Is ZpIs determined by the random number of the random number,
Figure BDA0003591790620000037
d0and d1The authorization information is sent to the data user by the data owner; data user base on d0And d1Generating a search token ST ═ d0,d1)。
Preferably, in step E, the step of the cloud server determining the correctness of the search token specifically includes:
random selection of data owners x1,x2,y∈ZpCalculating
Figure BDA0003591790620000038
And
Figure BDA0003591790620000039
then, based on v and T, calculating
Figure BDA00035917906200000310
And the y, T and omega are measured0、Ω1And Ω2Sending the data to a cloud server;
the cloud server receives y, T and omega sent by a data owner0、Ω1And Ω2Then, it is judged whether or not the search token ST is satisfied
Figure BDA00035917906200000311
Wherein
Figure BDA00035917906200000312
If the condition is satisfied, the search token is correct.
Preferably, in step E, when the search token is correct, the cloud server indexes the table according to the encryption index
Figure BDA00035917906200000313
Executing search operation to obtain search result set SRThen calculates the verification tag
Figure BDA00035917906200000314
hriCPRoot hash generated for cloud server, while cloud server also generates chunk hash hr1CP,hr2CP,…,hrkCPThen search result set SRAnd verification set PR={h(hr1CP),h(hr2CP),…,h(hrkCP) μ to the editable block chain.
Preferably, in step F, the update status λ sent by the owner of the received data of the blockchain can be editedrThe editable block chain receives the verification tag P ═ β, μ and the search result set SRAnd then, verifying the result, which specifically comprises the following steps:
the editable blockchain calculates V according to the verification labelDO=e(β,g1);
And calculate
Figure BDA0003591790620000041
Block chain verification V may then be editedCP=VDOWhether the result is true or not; if yes, searching the result set SRSending to the data user; if not, the deposit is returned to the data consumer.
Preferably, the dynamic searchable encryption method supporting block verification in the editable block chain provided by the present invention further includes step G: when the file is updated, the data owner generates a new lambdar' recording in Map, and updating encryption index table
Figure BDA0003591790620000042
And uploading the encrypted keyword set CW ' and the encrypted file set CD ' to a cloud server, and uploading the updated result verification list L ' to an editable block chain by using an editable technology.
The method stores the encrypted data and the index in the cloud server, and the result verification list is stored in the editable block chain, so that the storage and calculation limitations of the blocks are avoided, and the problem of query result credibility caused by dishonest between a user and the cloud server is solved. The main contributions of the present invention are as follows:
1) in order to ensure efficient query and verification, the index is dynamically divided, parallel search is realized by using the partitioned index, and the updated data only affects a constant amount of data. In addition, the query result is subjected to block verification by using the verification tag generated by the block index.
2) By introducing an editable block chain technology, an entity (a data owner) with modification authority can change block data, so that uploading and updating of the verification tag are maintained conveniently, the result verification efficiency is improved, and the storage overhead of the verification tag is reduced.
3) The method and the device can prevent the cloud server from guessing the specific information of the keyword by searching the trapdoor, and realize the privacy protection of the search mode.
4) The data are subjected to gradient experiment by deploying the data into a local private test network (Ganache-cli). The experimental result analysis shows that the data query and verification performance has obvious advantages compared with other result verification schemes on the premise of ensuring the low-rate increase of the block number.
The invention constructs a dynamic searchable encryption method supporting block verification based on an editable block chain. The method has the following advantages: firstly, the block index structure has good retrieval performance; secondly, the calculation cost is reduced for the subsequent result verification according to the result verification list generated by the block index; thirdly, the editable block chain technology realizes the rewritable storage of data on the premise of ensuring the fairness and the safety of the search service, and avoids the waste of the precious resources of blocks.
Drawings
FIG. 1 is a system model diagram of the present invention.
FIG. 2 is a simplified flow diagram of the method of the present invention.
FIG. 3 is a flow chart of the method of the present invention after refinement.
Fig. 4 is a schematic diagram of data transmission between entities according to the present invention.
FIG. 5 is a diagram illustrating the addition and deletion of nodes in the index structure according to the present invention.
FIG. 6 is a diagram illustrating the blocking of an index structure according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the present invention is described in further detail below with reference to the accompanying drawings and embodiments.
In order to ensure the correctness and the integrity of the search result, the editable block chain is introduced as a third-party trusted entity. Meanwhile, in order not to impair the advantages of cloud storage, the overhead of result verification should be made as small as possible. In order to realize the functions, the invention dynamically divides an index structure, and generates the verification label by parallel calculation among block indexes. And uploading a result verification list L consisting of the verification tags to an editable block chain, and verifying the result retrieved by the cloud server. The verification mode not only can improve the generation efficiency of the verification label and reduce the size of the list L, but also can reduce the calculation overhead in the verification process of the editable block chain; in addition, updates to L are maintained using editable techniques, which also minimizes area-editable blockchain storage overhead.
As shown in fig. 1, the system model of the present invention includes four entities, namely, a Data Owner (DO), a Data User (DU), a Cloud Server (CSP), and an editable block chain (editable block chain). The editable block chain is called a block chain for short, the data user is a data user (called a user for short), and the Cloud server is a Cloud Platform (CP). The data owner can construct a safe index and ciphertext file and upload the index and ciphertext file to the cloud server. Meanwhile, the data owner can also upload the generated result verification list L to the editable block chain. After the data user makes a search request, the data owner authorizes the legal user. And a data user with the search authority can generate a token and submit a search query to the cloud server, and can receive a verified search result set sent by the block chain and decrypt the search result set locally. The cloud server is used for storing the security index and the ciphertext file and can provide search service for data users. And executing a search algorithm to obtain a search result, and sending the search result to the block chain for verifying the correctness of the result. User operations on data are treated as a transactional process, which is packaged into editable block chains by Smart Contracts (SC). The intelligent contract belongs to an editable block chain, and many operations in the editable block chain are completed according to the intelligent contract. The intelligent contract verifies the search result obtained by the cloud server through the result verification list L, and then sends the search result passing the verification to the data user. And an editable technology is used for completing the updating operation of the result verification list L, fine-grained modification of the block chain data on the transaction level is realized, and the low-rate increase of the block quantity is ensured.
The editable block chain is a new hot spot in the field of block chains, and aims to realize controllable editing operation of data on the chain on the premise of ensuring good properties such as safety and credibility of the block chain. The invention replaces the internal hash function of the block chain with the chameleon hash function, and realizes the editable of the blocks by using the collision of the chameleon hash.
The chameleon hash function is a one-way hash function with a trap door. If the trapdoor information is grasped, the hash collision of arbitrary input data can be easily calculated, so that the input of the hash function can be arbitrarily changed without changing the output of the hash function.
The chameleon hash function generally has four algorithms, namely a key generation algorithm HG, a hash generation algorithm CH, a hash verification algorithm HV and a hash collision algorithm HC. The four algorithms are as follows:
1)HG(1n) (hk, tk): and generating a public key hk and a private key (trapdoor) tk of the chameleon hash, wherein n is a security parameter.
2) CH (hk, x, r) ═ h, ξ): given a public key hk, arbitrary data x, and a random number r, a hash value h and a random number ξ are generated.
3) HV (hk, x, (h, ξ)): given a public key hk, arbitrary data x, a hash value h, and a random number ξ, if (h, ξ) is the correct hash value, 1 is output, otherwise 0 is output.
4) HC (tk, (h, x, ξ), x'): given a trapdoor tk, a triplet (h, x, ξ), and data x ', a new random number ξ' is output such that HV (hk, x, (h, ξ)) ═ HV (hk, x ', (h, ξ')) -1.
Obviously, mastering the trapdoor key means to have the modification right of the block chain, so that the management of the trapdoor key is crucial for the chameleon hash function.
As shown in fig. 2, the dynamic searchable encryption method for supporting block verification in an editable block chain of the present invention includes the following steps:
A. the data owner inputs the security parameter lambda and outputs a common system parameter Para, which is known to the entities.
B. The data owner generates a random number lambda from the common system parameter PararAs data update state identifier and stored in state set Map, and outputs key Pair (PK) required for encryptionD,SKD)。
C. The data owner's file is initialized according to the encryption key Pair (PK)D,SKD) Encrypting the query keyword/file set (W/F), generating and outputting an encryption index table
Figure BDA0003591790620000061
The encrypted keyword set CW and the encrypted file set CD are sent to a cloud server,and storing the generated result verification list L into the editable block chain.
D. When a data user initiates search inquiry, a search keyword w is sent to a data owner, and the data owner sends the search keyword w and a private key SK to the data ownerDSending authorization information for the data user; the data consumer generates a search token ST based on the authorization information.
E. The cloud server executes a search operation, and the cloud server receives a search token ST sent by the data user. Firstly, judging the correctness of the token, and if the token meets the conditions, judging whether the token meets the conditions according to an encryption index table
Figure BDA0003591790620000062
Executing search operation and outputting search result set SRAnd verification set PRSent to the editable block chain.
F. Editable tile link receiving cloud server sent (S)R,PR) Then, the verification operation is executed and the verification result identifier V is outputRIf the verification is passed, returning to 1, and sending the search result to the data user by the editable block chain and charging the fee to the data user; otherwise, return to 0, and return the deposit to the data consumer.
The dynamic searchable encryption method provided by the invention also comprises an updating step, which comprises the following steps:
G. when the file is updated, the data owner generates a new lambdar' recording in Map, and updating encryption index table
Figure BDA0003591790620000074
And uploading the encrypted keyword set CW ' and the encrypted file set CD ' to a cloud server, and uploading the updated result verification list L ' to an editable block chain by using an editable technology.
The respective steps are described in detail below with reference to the accompanying drawings.
With reference to fig. 2, 3 and 4, in step a, a safety parameter λ is input, and G is set1And G2Is two multiplication cycle groups, p is a large prime number, e is a bilinear map e G1×G1→G2,g1Is G1The number of generation of (2). Output bilinear pairwise cipher parameters (G)1,G2,e,p,g1)。
Definition H1:{0,1}*→G1,H2:{0,1}*→ZpIs two hash functions, ZpIs a finite field of order p, h0And h1Are all belonged to G1And obtaining a common system parameter of Para ═ G1,G2,e,p,g1,H1,H2,h0,h1}。
In step B, the data owner initializes the system locally, the data owner following the sequence { l, …,2, according to the common system parameters ParaλChoose random parameter lambdar∈{l,…,2λIt is recorded in the state set Map as a data update state. Lambda [ alpha ]rAnd the data update state identifier is used for indicating whether the data is updated or not.
Randomly selecting one x E ZpAnd calculating an asymmetric random number key Pair (PK) of the data ownerD,SKD) Wherein
Figure BDA0003591790620000071
SKDX. Data owner stores private key SKDAnd randomly selecting a parameter theta epsilon ZpAnd (4) secret storage. In addition, the data owner will Map and PKDAre all sent to the cloud server and the editable blockchain.
In step C, the data owner not only needs to encrypt the key/file set (W/F) to build the index, but also needs to generate the list L for result verification using the block index.
The data owner sets the file keyword set W to W1,w2,…,wmF and file set1,f2,…,fnAs input, a secure symmetric encryption algorithm Enc ═ E is selectedk,Dk) Encrypting the file, wherein the encrypted file is Cj=Ek(fj) J is 1,2, …, n. Wherein m is the number of keywordsAn amount; n is the number of files. Encrypting the keyword w specifically performs the following operations:
Figure BDA0003591790620000072
'l' represents 'OR', the keywords w and theta are OR-ed, and then hash is calculated to obtain the encrypted keywords
Figure BDA0003591790620000073
The invention adopts index blocking to realize parallel operation, accelerates the retrieval rate through parallel traversal in the execution process, facilitates the generation of the checking result verification list L and the subsequent verification operation, and has obvious advantages in the query and verification performance. And the block indexing structure is used for verifying the searchable encryption result in a block mode, so that the calculation overhead, the storage overhead and the communication overhead of the client are effectively reduced.
The indexing structure in the present invention consists of a number of perfect binary trees (each node except leaf nodes has two children, each layer is completely filled). In the index construction process, the keyword/document identifier pairs (w, id) are added in sequence, so the tree formation process has a sequence. All other binary trees are severely reduced in height (cascaded), except that the heights of the last two trees may be equal, a feature that will be maintained in subsequent updates. For any key w, the set of file identifiers containing w is packed into a plurality of perfect binary trees (triangles), then the largest perfect binary tree is formed, and the file identifiers that have formed the binary tree are subtracted to continue forming the next largest perfect binary tree. Thus, the heights of the remaining binary trees are successively reduced, except that the heights of the last two perfect binary trees may be the same. As shown in FIG. 5, if a key/document identifier pair (w, id) is to be added, the newly added node will be the parent of two perfect binary trees of the same height. Otherwise, the new node is a perfect binary tree with height 1. To delete (w, id), it is replaced with the root node of the last perfect binary tree, and the smallest perfect binary tree is split into two smaller binary trees. It can be seen that the cascade characteristics after addition and deletion do not change. Finally, any (parallel) tree traversal algorithm can traverse the data structure, so this structure can implement parallel queries and data updates, and has the property that the update data only affects a constant amount of data.
The above-described process of building the index structure is performed for each keyword. And then for each element W in the set of keywords WjAnd (j is more than or equal to 1 and less than or equal to m) carrying out index blocking on the generated inverted index, i is more than or equal to 1 and less than or equal to k (k is the number of the index blocking blocks). As shown in fig. 6, each perfect binary tree in the index structure is divided into one block, so k is the number of perfect binary trees. In fig. 6, k is 3, and the number of nodes in the index structure is 11; the index structure after the blocking is I ═ I1,I2,I3}. If the result verification list generated according to the divided blocks still exceeds the Gas limit of the Ether house when the result verification is carried out, the result is divided into three subtrees (blocks) on the basis of the blocks. Such as block index I in fig. 61The sub-trees subdivided are respectively Root nodes (roots)0) And its left and right sub-nodes (left sub-node Chd) except the root node00And right sub-node Chd01) And (4) regenerating an index structure. The secondary division mode is self-divided in the block, and still has an integral block structure when viewed from the outside. As in FIG. 6, for I1After the secondary blocking, has I1={Root0,Chd00,Chd01}. The blocking mode can realize dynamic division and effectively avoid storage waste. Then, the encrypted root node hash is calculated according to the blocking result
Figure BDA0003591790620000081
The data owner then computes a chunk index hash h (hr) against the root node hashi) And σi. Wherein the content of the first and second substances,
Figure BDA0003591790620000082
in the above formula, the first and second groups of the formula,
Figure BDA0003591790620000083
represents XOR, H (id)ri) Denotes the r-thiHash value of individual document identifier, hriRoot hash, h (hr) representing the ith chunki) Representing a chunk index hash. For a certain block i, it has riEach node, calculating hriThat is, the hash values of the document identifiers of all the nodes on the block are calculated, and then the XOR is performed. Finally, the data owner indexes the ciphertext and the encryption
Figure BDA0003591790620000084
And uploading to a cloud server.
Next, the data owner follows σiLocally computing an authentication tag betajIs concretely provided with
Figure BDA0003591790620000085
Finally, a result verification list L ═ beta corresponding to all keywords is obtained12,…,βm}. The data owner sends the result validation list L to the editable blockchain. After the editable block link receives the result verification list L sent by the data owner, the editable block link verifies the label beta according to the public key hkjAnd a random number r, calculating CH (hk, beta)jAnd r) ═ h, ξ), and the generated hash value h and the random number ξ are stored.
In step D, when a data user initiates a search query, it first needs to request a search right from a data owner, that is: the data consumer sends the search key w to the data owner. Random selection of gamma by data owner1∈ZpAnd calculate
Figure BDA0003591790620000091
And
Figure BDA0003591790620000092
wherein r is0=H2(d1) Is ZpIs determined by the random number of the random number,
Figure BDA0003591790620000093
data owner will authorize information d0And d1Sending the token to the data user, and generating a search token ST ═ d by the data user0,d1). The data user sends the search token ST to the cloud server.
Random selection of data owners x1,x2,y∈ZpCalculating
Figure BDA0003591790620000094
And
Figure BDA0003591790620000095
then, based on v and T, calculating
Figure BDA0003591790620000096
And the y, T and omega are measured0、Ω1And Ω2And sending the search token to the cloud server so that the cloud server can check the validity of the search token sent by the data user.
In step E, the cloud server obtains the encryption index
Figure BDA00035917906200000919
And encrypting the keyword set CW and calculating to determine whether or not a search token ST transmitted by a data user satisfies the condition before searching for the keyword
Figure BDA0003591790620000097
Wherein
Figure BDA0003591790620000098
If the condition is satisfied, the search token is correct. And if the search token is incorrect, the cloud server feeds back the search token to the data user.
If the search token is correct, the cloud server judges lambdar=λrCPWhether or not, λrIndicating the latest update identifier, λ, generated by the data ownerrCPAnd if the update identifiers are equal to each other, the update identifier is not updated between two queries. Therefore, if λr=λrCPIf yes, the updating does not occur, and the cloud server indexes according to the non-updated encryption indexes
Figure BDA0003591790620000099
A search is performed. If λr=λrCPIf the key word is not established, the key word is generated by the updated new index, and the cloud server needs to index according to the updated encryption index
Figure BDA00035917906200000910
A parallel search algorithm is executed.
The cloud server executes a search algorithm according to the encryption index (an un-updated or updated encryption index), specifically: when the number k of index blocks is more than or equal to 1, initializing
Figure BDA00035917906200000911
T represents the empty set, for j ═ 1,2, …, k, if neither subtree is empty chd00≠⊥(∨chd01Not equal to) (V.V. is extraction symbol, representing OR, chd00Denotes the left sub-tree, chd01Representing the right sub-tree), then the middle-order traversal algorithm is executed on each perfect binary tree, and calculation is carried out
Figure BDA00035917906200000912
Figure BDA00035917906200000913
And
Figure BDA00035917906200000914
are the files and file identifiers that satisfy the search token,
Figure BDA00035917906200000915
and
Figure BDA00035917906200000916
is the set of files and file identifiers that satisfy the search token,
Figure BDA00035917906200000917
is a search result set.
The cloud server according to SRIndex I ═ I1,I2,…Ik}, calculating the verification tag
Figure BDA00035917906200000918
hriCPRoot hash generated for cloud server, while cloud server also generates chunk hash hr1CP,hr2CP,…,hrkCP. The search result set S is thenRAnd verification set PR={h(hr1CP),h(hr2CP),…,h(hrkCP) μ to the editable block chain.
In the step F: editable block link receiving data owner sent update status lambdarThe editable block chain receives the verification tag P ═ β, μ and the search result set SRAnd then, verifying the result, which specifically comprises the following steps:
the editable blockchain calculates V according to the local verification tag betaDO=e(β,g1);
And calculating according to the verification label mu generated by the cloud server
Figure BDA0003591790620000101
Then verify VCP=VDOWhether or not this is true.
If VCP=VDOI.e. by
Figure BDA0003591790620000102
Then the search result is correct, and the verification result is output VRAs 1, the editable blockchain links the search results with λrAnd recording, sending the search result to the data user, charging the fee for the data user, and locally decrypting by the data user according to the search result (the data owner needs to send the symmetric encryption key to the data user). If card VCP=VDOIf not, then output VRThe editable block chain returns the deposit to the data user (the data user pays the deposit after obtaining the authorization information) at 0.
Step (ii) ofIn G, the data owner obtains the update state corresponding to the keyword w if lambdar′≠λrr' represents a new updated state), the following update operation is performed.
Let W 'and F' denote the updated set of keywords and documents, and choose a secure symmetric encryption algorithm Enc ═ Ek,Dk) Calculating the encrypted file CD ═ Ek(F′)。
For each element W in the set Wj' (j is more than or equal to 1 and less than or equal to m) and executing an encryption algorithm to obtain an encryption index
Figure BDA0003591790620000103
According to the updated index, executing corresponding calculation process in parallel to generate new local verification label betai'and a result verification list L'.
Will updated lambdar'and L' are uploaded to an editable blockchain. First, a safety parameter λ is given, and calculation is performed
(hk,tk)=HG(1λ)
A chameleon hashed public key hk and private key (trapdoor) tk are generated.
Then, a new random number is calculated
ξ′=HC(tk,(h,βi,ξ),βi′)
Then, HV (hk, β) is verifiedi,(h,ξ))=HV(hk,βi', (h, ξ')) 1 is true.
If so, updating the local authentication tag using editable techniques is successful.
In the present invention, an intelligent contract belonging to an editable blockchain is a "computer transaction agreement to execute contract terms". Specifically, each participant of the intelligent contract system runs a transaction-based state machine that, starting from a foundational state, executes transactions on the blockchain to transition them to some final state. Since the blockchain contains only valid transactions, the final state can be automatically agreed upon among all participants. The uploading and subsequent updating of the check list (i.e., the result verification list) generated from the block index, as well as the editable techniques employed to implement rewritable storage of data, are implemented in the smart contract. There are four main intelligent contracts, which are: block chain contracts, check list update contracts, fair trade contracts, and result validation contracts may be edited. The editable block chain contract and the check list updating contract are used for uploading and updating the check list, and the fair trade contract and the result verification contract ensure fairness and result verifiability.
The invention can achieve the purposes of protecting the privacy of the user and the data security. The security objective of the present invention is derived by enforcing the following constraints:
1) privacy. The files and query keys are kept secret throughout the search process. Neither the cloud server nor the editable blockchain can infer the private files of the client and the published search keywords.
2) And (4) safety. During program execution, it is ensured that no information is disclosed other than the results of the series of search requests, update requests, and access patterns. The present invention also treats the results of the update operation as part of the search pattern.
3) And (5) verifying. The malicious users and the malicious cloud servers need to be verified in a two-way mode, the verification process is carried out by the editable block chain, and honest operation of all entities is guaranteed.
4) And (4) fairness. If the user and the cloud server are in dispute, the exact error behavior can be detected fairly, and fair transaction is enforced. That is, if it is confirmed that the cloud server erroneously executed the requested search query, payment of a service fee for the query should be denied. Otherwise, if the user is confirmed to forge the verification result, the service fee of the query should be enforced.
The editable block chain architecture platform, the operation function and the fair payment mechanism are realized by using Python and an Etherhouse intelligent contract. The invention can still ensure the fairness and the safety of the query service when the user and the server perform malicious behaviors. The experimental result shows that the invention has good query performance, verification performance and storage performance.

Claims (9)

1. A dynamic searchable encryption method supporting block verification in an editable block chain is characterized by comprising the following steps:
A. a data owner inputs a safety parameter lambda and outputs a system parameter Para;
B. the data owner generates a random number lambda according to the system parameter PararAs a data update state and stored in a state set Map, and outputs a key Pair (PK) required for encryptionD,SKD);
C. Initializing the data owner's file according to the encryption key Pair (PK)D,SKD) Encrypting the query keyword/file set, generating and outputting an encryption index table
Figure FDA0003591790610000011
The encrypted keyword set CW and the encrypted file set CD are sent to a cloud server, and a generated result verification list L is stored in an editable block chain;
D. when a data user initiates search query, a search keyword w is sent to a data owner, and the data owner sends the search keyword w and a private key SK to the data ownerDSending authorization information for the data user; the data user generates a search token ST according to the authorization information;
E. the cloud server receives a search token ST sent by a data user to execute search operation: the cloud server firstly judges the correctness of the search token, and if the search token meets the conditions, the cloud server judges the correctness of the search token according to the encryption index table
Figure FDA0003591790610000012
Executing search operation and outputting search result set SRAnd verification set PRSending the data to an editable block chain;
F. editable tile link receiving cloud server sent (S)R,PR) Then, the verification operation is executed and the verification result identifier V is outputRAnd returning to 1 after verification, the editable block chain willSending the search result set to the data user and charging the fee to the data user; otherwise, return to 0, and return the deposit to the data consumer.
2. The method of claim 1, wherein in step a, a security parameter λ is input, and a bilinear pairwise cipher parameter (G) is output1,G2,e,p,g1);G1And G2Is two multiplication cycle groups, p is a large prime number, e is a bilinear map e G1×G1→G2,g1Is G1The number of generations;
definition H1:{0,1}*→G1,H2:{0,1}*→ZpIs two hash functions, ZpIs a finite field of order p, h0And h1Are all belonged to G1Obtaining a system parameter Para as { G1,G2,e,p,g1,H1,H2,h0,h1}。
3. The method of claim 2, wherein in step B, the data owner is selected from the sequence { l, …,2 ™λChoose random parameter lambdar∈{l,…,2λThe status is used as the data updating status and recorded in a status set Map;
the data owner randomly selects x ∈ ZpAnd computing an asymmetric random number key Pair (PK)D,SKD) Wherein
Figure FDA0003591790610000013
SKD=x;
Data owner stores private key SKDAnd randomly selecting a parameter theta epsilon to ZpSecret storage;
data owner maps and PKDAre all sent to the cloud server and the editable blockchain.
4. The method for dynamically searchable encryption supporting block verification in an editable block chain according to claim 3, wherein in step C, the data owner first constructs an index structure, the constructed index structure is composed of a plurality of perfect binary trees, and except that the heights of the last two perfect binary trees may be the same, the heights of the other perfect binary trees are reduced in a cascading manner;
the data owner divides the index structure into blocks according to the number of perfect binary trees, and calculates the root node Hash hr of each block after dividing the blocksiAnd a chunk index hash h (hr)i) And calculate σi
Figure FDA0003591790610000021
Figure FDA0003591790610000022
Then data owner according to σiComputing a local authentication tag betaj
Figure FDA0003591790610000023
Wherein k is the number of blocks after the block division; j is 1,2, … …, m, m is the number of keywords;
the final generated result verification list is L ═ beta12,…,βm}。
5. The method of claim 4, wherein in step D, the data consumer sends the search key w to the data owner, and the data owner randomly selects γ1∈ZpAnd calculate
Figure FDA0003591790610000024
And
Figure FDA0003591790610000025
wherein r is0=H2(d1) Is ZpIs determined by the random number of the random number,
Figure FDA0003591790610000026
d0and d1The authorization information is sent to the data user by the data owner; data user base on d0And d1Generating a search token ST ═ d0,d1)。
6. The dynamic searchable encryption method supporting blocking verification in an editable block chain according to claim 5, wherein in step E, the cloud server determines that the correctness of the search token is specifically:
random selection of data owners x1,x2,y∈ZpCalculating
Figure FDA0003591790610000027
And
Figure FDA0003591790610000028
then, calculate from v and T
Figure FDA0003591790610000029
And the y, T and omega are measured0、Ω1And Ω2Sending the data to a cloud server;
the cloud server receives y, T and omega sent by a data owner0、Ω1And Ω2Then, it is judged whether or not the search token ST is satisfied
Figure FDA00035917906100000210
Wherein
Figure FDA00035917906100000211
If the condition is satisfied, the search is indicatedThe token is correct.
7. The method of claim 6, wherein in step E, when the search token is correct, the cloud server checks the encryption index table
Figure FDA00035917906100000212
Executing search operation to obtain search result set SRThen calculates the verification tag
Figure FDA00035917906100000213
hriCPRoot hash generated for cloud server, while cloud server also generates chunk hash hr1CP,hr2CP,…,hrkCPThen search result set SRAnd verification set PR={h(hr1CP),h(hr2CP),…,h(hrkCP) μ to the editable block chain.
8. The method of claim 7, wherein in step F, the editable blockchain receives the updated status λ sent by the data ownerrThe editable block chain receives the verification tag P ═ β, μ and the search result set SRAnd then, verifying the result, which specifically comprises the following steps:
the editable blockchain calculates V according to the verification labelDO=e(β,g1);
And calculate
Figure FDA0003591790610000031
Block chain verification V may then be editedCP=VDOWhether the result is true or not; if yes, searching the result set SRSending to the data user; if not, the deposit is returned to the data consumer.
9. According to claim1-8, the dynamic searchable encryption method for supporting block verification in an editable block chain is characterized by further comprising the following steps: when the file is updated, the data owner generates a new lambdar' recording in Map, and updating encryption index table
Figure FDA0003591790610000032
And uploading the encrypted keyword set CW ' and the encrypted file set CD ' to a cloud server, and uploading the updated result verification list L ' to an editable block chain by using an editable technology.
CN202210378780.8A 2022-04-12 2022-04-12 Dynamic searchable encryption method supporting block verification in editable blockchain Active CN114710357B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210378780.8A CN114710357B (en) 2022-04-12 2022-04-12 Dynamic searchable encryption method supporting block verification in editable blockchain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210378780.8A CN114710357B (en) 2022-04-12 2022-04-12 Dynamic searchable encryption method supporting block verification in editable blockchain

Publications (2)

Publication Number Publication Date
CN114710357A true CN114710357A (en) 2022-07-05
CN114710357B CN114710357B (en) 2023-07-21

Family

ID=82174415

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210378780.8A Active CN114710357B (en) 2022-04-12 2022-04-12 Dynamic searchable encryption method supporting block verification in editable blockchain

Country Status (1)

Country Link
CN (1) CN114710357B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110602099A (en) * 2019-09-16 2019-12-20 广西师范大学 Privacy protection method based on verifiable symmetric searchable encryption
CN112417006A (en) * 2020-11-30 2021-02-26 齐鲁工业大学 Ciphertext keyword searching method, system, device and medium based on block chain
WO2021068726A1 (en) * 2019-10-08 2021-04-15 深圳前海微众银行股份有限公司 Method and device for storing and searching for transaction hash value in blockchain
CN113194078A (en) * 2021-04-22 2021-07-30 西安电子科技大学 Cloud-supported privacy protection sequencing multi-keyword search encryption method
CN113536389A (en) * 2021-06-15 2021-10-22 复旦大学 Fine-grained controllable decentralized editable block chain construction method and system

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110602099A (en) * 2019-09-16 2019-12-20 广西师范大学 Privacy protection method based on verifiable symmetric searchable encryption
WO2021068726A1 (en) * 2019-10-08 2021-04-15 深圳前海微众银行股份有限公司 Method and device for storing and searching for transaction hash value in blockchain
CN112417006A (en) * 2020-11-30 2021-02-26 齐鲁工业大学 Ciphertext keyword searching method, system, device and medium based on block chain
CN113194078A (en) * 2021-04-22 2021-07-30 西安电子科技大学 Cloud-supported privacy protection sequencing multi-keyword search encryption method
CN113536389A (en) * 2021-06-15 2021-10-22 复旦大学 Fine-grained controllable decentralized editable block chain construction method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
R. DU AND Y. WANG: "Verifiable Blockchain-Based Searchable Encryption with forward and backward privacy", 2020 16TH INTERNATIONAL CONFERENCE ON MOBILITY, SENSING AND NETWORKING (MSN), pages 630 - 635 *

Also Published As

Publication number Publication date
CN114710357B (en) 2023-07-21

Similar Documents

Publication Publication Date Title
CN109583885B (en) Round control of rewritable block chains
US11799660B2 (en) Optimizations for verification of interactions system and method
Zheng et al. Fair and dynamic proofs of retrievability
van den Hooff et al. Versum: Verifiable computations over large public logs
Ng et al. Private data deduplication protocols in cloud storage
Papamanthou et al. Authenticated hash tables
CN110599147A (en) Ciphertext retrieval fair payment method and system based on block chain
Esiner et al. Flexdpdp: Flexlist-based optimized dynamic provable data possession
JP2018528555A (en) Method and apparatus for distributed databases in a network
CN109428892B (en) Multi-stage rewritable block chain
US11468044B2 (en) Optimizations for verification of interactions system and method using probability density functions
CN109639436A (en) The data property held verification method and terminal device based on salt figure
Xu et al. EPBC: Efficient public blockchain client for lightweight users
CN112565264B (en) Cloud storage data integrity detection method based on block chain
CN115208628B (en) Data integrity verification method based on block chain
Xu et al. Efficient public blockchain client for lightweight users
CN112699123A (en) Method and system for verifying existence and integrity of data in data storage system
Etemad et al. Generic dynamic data outsourcing framework for integrity verification
Xu et al. A blockchain-based dynamic searchable symmetric encryption scheme under multiple clouds
Yan et al. Blockchain-based verifiable and dynamic multi-keyword ranked searchable encryption scheme in cloud computing
CN114710357B (en) Dynamic searchable encryption method supporting block verification in editable blockchain
CN114741711A (en) Multi-keyword searchable encryption method based on block chain
Junxiang et al. Dynamic provable data possession with batch-update verifiability
Tian et al. An arbitrable multi‐replica data auditing scheme based on smart contracts
Wang et al. Blockchain-Based Unbalanced PSI with Public Verification and Financial Security

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant