CN114745160A - Double-server multi-user searchable encryption method and device for resisting keyword guessing attack - Google Patents
Double-server multi-user searchable encryption method and device for resisting keyword guessing attack Download PDFInfo
- Publication number
- CN114745160A CN114745160A CN202210284356.7A CN202210284356A CN114745160A CN 114745160 A CN114745160 A CN 114745160A CN 202210284356 A CN202210284356 A CN 202210284356A CN 114745160 A CN114745160 A CN 114745160A
- Authority
- CN
- China
- Prior art keywords
- user
- server
- data
- storage server
- public
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000013475 authorization Methods 0.000 claims abstract description 93
- 125000004122 cyclic group Chemical group 0.000 claims description 20
- 230000005540 biological transmission Effects 0.000 claims description 14
- 238000013507 mapping Methods 0.000 claims description 3
- 238000010845 search algorithm Methods 0.000 claims description 3
- 230000009977 dual effect Effects 0.000 claims 1
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention discloses a double-server multi-user searchable encryption method and device for resisting keyword guessing attack, and relates to the technical field of information safety; after determining the key words, the data owner encrypts the data, generates an encryption index and stores the encryption index in a storage server; after the user purchases data, the data owner generates authorization information and sends the authorization information to the storage server and the front-end server; the user generates a user search trap door and sends the user search trap door to a front-end server for inquiring, and the front-end server generates a server search trap door and sends the server search trap door to a storage server; and after receiving the information, the storage server searches and interacts with the user. According to the invention, a secure channel and a trusted third party are not required, and a user does not need to interact with a data owner after purchasing data from the data owner, so that the burden of the data owner is reduced; the double servers are used for storing and searching the encrypted data, and the inverted index is adopted, so that the complexity of the searching time is reduced, the searching efficiency is improved, and the keyword guessing attack is effectively resisted.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a double-server multi-user searchable encryption method and device for resisting keyword guessing attack.
Background
The cloud storage system can upload the private data of the user to a remote cloud server, and the cost is far lower than that of a traditional local storage scheme. In recent years, more and more users select cloud storage services such as Onedrive, hundredth cloud, and arri cloud of microsoft to store and manage their private data. However, honest but curious cloud storage servers always let users worry about their data privacy issues. To address data privacy concerns, uploading encrypted data is considered a secure solution. For example, the AES symmetric encryption scheme may protect the privacy of data from being stolen by a spy of the cloud server, but may also result in a user not being able to delegate keyword searches to the cloud storage server. Search encryption technology has become a popular technology that combines privacy protection with keyword search. For example, following a scenario, a user purchases encrypted data stored on a remote cloud server from a small business. The service must delegate the server to allow users who purchase data to access the encrypted data and to prohibit access by illegitimate users, a scenario known as multi-user search. The searchable encryption technology integrates privacy protection and search functions, and a user can search on encrypted data. In 2000, Song et al first proposed a searchable encryption concept and implemented a searchable encryption scheme under a symmetric system that allowed data owners to generate search trapdoors for corresponding keywords. Symmetric searchable encryption allows encrypted data to be searched while protecting data and query confidentiality. In particular, symmetric searchable encryption works by generating an encryption index that is outsourced to a server along with encrypted data. When the user retrieves, the user encrypts the keywords to generate a search trapdoor, and the server executes search on the search trapdoor and the encrypted index and returns the result to the user. In a multi-user searchable encryption scenario, a searcher needs to obtain a trapdoor for searching and decrypting a key from a data owner through a secure channel, and with the secure channel, an efficient searchable symmetric encryption scheme can conveniently expand the multi-user search scenario. Or by a trusted third party, which may play a different role in different scenarios. The need for a secure channel or trusted third party system model increases the burden on the data owner; and the access control and search functions are unsafe, the keyword guessing attack cannot be resisted, the related ciphertext information can be obtained from the keywords, and the requirement of the big data era cannot be met.
The prior art discloses a multi-keyword search supporting public key encryption method for resisting keyword guessing attack, which comprises the following steps: the data owner and the data receiver register as legal authorized users in a trusted third party; the trusted third party runs a global parameter generation algorithm, outputs a global parameter set and sends the global parameter set to the cloud server, the authorized data owner and the authorized data receiver; the data owner receives the global parameter set and sends the encrypted document set and the keyword ciphertext to the cloud server; a data receiver receives the global parameter set, constructs a keyword trapdoor according to the query statement, and sends the keyword trapdoor to the cloud server; the cloud server receives the global parameter set, the encrypted ciphertext document, the keyword ciphertext and the keyword trapdoor, and returns the ciphertext document meeting the conditions to the authorized data receiver through running test algorithm verification. When the method is used for data interaction, a trusted third party is required to be relied on, and the burden of a data owner is large; the search function is unsafe and cannot effectively resist keyword guessing attack.
Disclosure of Invention
In order to overcome the defects that the existing searchable encryption method is low in safety and cannot resist keywords, the invention provides the double-server multi-user searchable encryption method and the double-server multi-user searchable encryption device which resist keyword guessing attack, a safety channel and a trusted third party are not required to be used, and the burden of a data owner is reduced; and the search efficiency is improved, and meanwhile, keyword guessing attack can be effectively resisted.
In order to solve the technical problems, the technical scheme of the invention is as follows:
the invention provides a double-server multi-user searchable encryption method for resisting keyword guessing attack, which comprises the following steps:
s1: the dual-server multi-user system comprises a user, a data owner, a storage server and a front-end server; the system generates a public parameter based on the input security parameter and the keyword word set space; respectively generating a data owner public and private key pair, a user public and private key pair, a storage server public and private key pair and a front-end server public and private key pair for a data owner, a user, a storage server and a front-end server based on public parameters;
s2: the data owner determines the private part of the data according to the keyword word set space, and encrypts the data by using the private key of the data owner, the public key of the storage server, the private part of the data and the corresponding keywords to generate a data ciphertext and an encryption index thereof; sending the decryption key for decrypting the data ciphertext, the data ciphertext and the encryption index thereof to a storage server for storage;
s3: after a user purchases data from a data owner, the data owner generates authorization information and sends the authorization information to a storage server; the storage server receives the authorization information and then sends the authorization information to the front-end server;
s4: the user generates a user search trapdoor according to a user private key, a storage server public key, a front-end server public key and corresponding keywords, and the user search trapdoor is used as a query request and sent to a front-end server;
s5: after receiving the query request, the front-end server generates a server search trapdoor by using a front-end server private key, authorization information and a user search trapdoor, and sends the server search trapdoor to a storage server; after the transmission is finished, updating the current authorization information;
s6: after receiving the server search trap door, the storage server searches for the trap door by using a storage server private key, authorization information and the server search trap door, searches in the encrypted index, and sends a data ciphertext and a decryption key corresponding to the encrypted index to a user; after the transmission is finished, updating the current authorization information;
s7: and the user decrypts the data ciphertext according to the received decryption key to obtain complete data.
The invention establishes a dual-server multi-user system, generates public parameters according to security parameters and keyword word set space, and generates respective public and private key pairs based on the public parameters by users, data owners, a storage server and a front-end server in a model; after determining the key words, the data owner encrypts the data by using a private key of the data owner, generates an encryption index and sends the encryption index to a storage server; after the user purchases data, the data owner generates authorization information according to the user public key and sends the authorization information to the storage server, and the storage server sends the authorization information to the front-end server; a user initiates a query request, generates a user search trap door by using a user private key and sends the user search trap door to a front-end server; after receiving the user search trap door, the front-end server generates a server search trap door by using a private key of the front-end server and sends the server search trap door to the storage server; after receiving the server searching trap door, the storage server interacts with the user; and the end user decrypts the data cipher text according to the received decryption key to obtain complete data.
Preferably, in step S1, the specific method for generating the public parameter based on the input security parameter and the keyword vocabulary space by the system is as follows:
system input-based safety parameters 1λAnd keyword word set space
Generate a common parameter, note
wherein ,
respectively representing a first multiplication cyclic group, a second multiplication cyclic group and a third multiplication cyclic group, wherein the orders are q; d1,g2Respectively representing a first multiplication cycle group generator and a second multiplication cycle group generator; e denotes bilinear mapping:
H1,H2,H3respectively representing a first, a second and a third hash function,
id denotes a data identifier.
Preferably, in step S1, the specific method for generating a data owner public and private key pair, a user public and private key pair, a storage server public and private key pair, and a front-end server public and private key pair for a data owner, a user, a storage server, and a front-end server, respectively, based on public parameters is as follows:
data possessionRandomly selecting the first parameter
Generating an element g based on a second multiplicative cyclic group in a common parameter2Generating data owner public and private key pair
wherein ,PKoRepresenting the data owner's public key, SKoRepresenting a data owner private key;
user uiRandomly selecting a second parameter
Generating an element g based on a second multiplicative cyclic group in a common parameter2Generating user public and private key pair
wherein ,PKiRepresenting the user's public key, SKiRepresenting a user private key, i being a positive integer;
the storage server randomly selects a third parameter
Generating element g based on first multiplication cycle group in common parameter1And a second multiplication cycle group generator g2Generating public and private key pair of storage server
wherein ,PKSSIndicating that the storage server public key is stored,
representing a first component of the storage server public key,
representing a second component of the storage server public key, SKSSRepresenting a storage server private key;
the front-end server randomly selects a fourth parameter
Generating element g based on first multiplication cycle group in common parameter1Generating a public and private key pair of the front-end server
wherein ,PKFSRepresenting the front-end server public key, SKFSRepresenting a front-end server private key;
wherein ,
represents a finite field ZqThe set of zeros is removed.
Preferably, the step S2 specifically includes:
s2.1: data owner in keyword word set space
Determining a keyword w, and randomly selecting a fifth parameter
Generating private portions of data
Pri is a list of variables, and the initialization value is Pri ═ p; pt [ w ]]A record representing a keyword w;
s2.2: randomly selecting an encryption key sk from a data identifier id by a data ownerid∈{0,1}λEncrypting the data based on a symmetric encryption algorithm to obtain a data ciphertext;
s2.3: the data owner is based on IndexEnc algorithm and according to the private key SK of the data owneroStorage server public key PKSSData private part Pri, keyword w, data identifier id and encryption key skidRandomly selecting a sixth parameter
Vector L ∈ {0,1}logqGenerating an encryption index C ═ C1,C2,C3]; wherein ,C1Representing the first component of the encryption index, C2Representing the second component of the encryption index, C3Representing an encryption index third component;
s2.4: the encryption key skidAnd the data cipher text and the encryption index C thereof are sent to the storage server as the decryption key for storage.
Preferably, the specific method of S2.3 is:
in the private part Pri, search by keyword w (w, Pt [ w)]),
If (w, Pt [ w ]]) Absence of (w, Pt [ w ]]L) to the private part Pri, at this point
If (w, Pt [ w ]]) Exist, let C1=Pt[w],
Updating Pt [ w ] in private portion Pri]=L;
wherein ,PKss,2Representing the second component of the storage server public key, i.e.
Preferably, in step S3, the specific method for generating the authorization information includes:
user uiAfter purchasing data from a data owner, the data owner obtains the user public key PK of the useri(ii) a The data owner based on the data owner private key SKoThe user public key PK of the useriAnd private part Pri calculates authorization information
in the formula ,AIo,iRepresenting data owner to user uiThe authorization information of (2).
Preferably, in step S4, the specific method for the user to generate the user search trapdoor according to the user private key, the storage server public key, the front-end server public key, and the corresponding keyword includes:
based on TrapGen algorithm, user uiAccording to the user private key SKiAnd storage server public key PKSSFront-end server public key PKFSAnd a keyword w, and randomly selecting a seventh parameter and an eighth parameter
Generating user search trapdoors
wherein ,Ti,wRepresenting user uiWith respect to the search trapdoor for the keyword w,
representing a user searching for the first component of the trapdoor,
representing the user searching for the second component of the trapdoor,
represents a user searching for a third component,
PKSS,1representing the first component of the storage server public key, i.e.
Preferably, in step S5, after the front-end server receives the query request, the specific method for generating the server search trapdoor by using the front-end server private key, the authorization information, and the user search trapdoor includes:
based on Fronttrap algorithm, the front-end server according to the front-end server private key SKFSAuthorization information AIo,iAnd user search for the trapdoor Ti,wGenerating server search trapdoors
wherein ,TFS,wRepresenting the search trapdoor of the front-end server FS with respect to the keyword w,
the presentation server searches for the trapdoor first component,
the presentation server searches for the trapdoor second component,
preferably, in step S6, after the storage server receives the server search trap, the specific method for searching the encrypted index by using the storage server private key, the authorization information, and the server search trap and sending the data ciphertext and the decryption key corresponding to the encrypted index to the user is as follows:
s6.1: based on Search algorithm, the storage server according to the storage server private key SKSSAuthorization information AIo,iAnd server search trapdoor TFS,wCalculating a first component of the keyword
S6.2: the storage server searches all the encryption indexes for the first component C of the encryption index1L' corresponding encryption index C ═ C1,C2,C3](ii) a If the search is not available, stopping the search; otherwise, calculating a ninth parameter
Tenth parameter U2=C3Will U is1,U2Sent to user ui;
S6.3: user uiReceive U1,U2Then, calculate
Liberating Pt [ w]Then sending the data to a storage server;
s6.4: the storage server receives Pt [ w ]]Then, L' is made Pt [ w ]]The data cryptograph and the decryption key sk corresponding to the encryption index C are obtainedidSent to user ui。
Preferably, in S5 and S6, the specific method for updating the current authorization information is as follows:
based on the RevUser algorithm, the front-end server sends the server search trapdoor to the storage server and then sends the user u to the storage serveriCorresponding authorization information AIo,iDeleting; after the data ciphertext and the decryption key of the storage server are sent to the user, the user u is sent to the useriCorresponding authorization information AIo,iAnd (5) deleting.
The invention also provides a double-server multi-user searchable encryption device for resisting keyword guessing attack, which is based on the searchable encryption method and comprises the following steps:
the system comprises a public and private key pair generation module, a dual-server multi-user system and a front-end server, wherein the dual-server multi-user system comprises users, data owners, a storage server and the front-end server; the system generates a public parameter based on the input security parameter and the keyword word set space; respectively generating a data owner public and private key pair, a user public and private key pair, a storage server public and private key pair and a front-end server public and private key pair for a data owner, a user, a storage server and a front-end server based on public parameters;
the data owner encrypts the data by using a private key of the data owner, a public key of the storage server, the private part of the data and a corresponding keyword to generate a data ciphertext and an encryption index thereof; sending the decryption key for decrypting the data ciphertext, the data ciphertext and the encryption index thereof to a storage server for storage;
the data owner generates authorization information and sends the authorization information to the storage server after the user purchases data from the data owner; the storage server receives the authorization information and then sends the authorization information to the front-end server;
the first trapdoor module is used for generating a user search trapdoor by a user according to a user private key, a storage server public key, a front-end server public key and corresponding keywords, and sending the user search trapdoor to the front-end server as a query request;
the front-end server generates a server search trap door by using a private key of the front-end server, authorization information and the user search trap door after receiving the query request, and sends the server search trap door to the storage server; after the transmission is finished, updating the current authorization information;
the search module is used for searching in the encrypted index by utilizing a private key of the storage server, authorization information and the server search trap door after the storage server receives the server search trap door, and sending a data ciphertext and a decryption key corresponding to the encrypted index to a user; after the transmission is finished, updating the current authorization information;
and the decryption module is used for decrypting the data ciphertext by the user according to the received decryption key to obtain complete data.
Compared with the prior art, the technical scheme of the invention has the beneficial effects that:
the invention establishes a dual-server multi-user system, generates public parameters according to security parameters and keyword word set space, and generates respective public and private key pairs for users, data owners, a storage server and a front-end server; after determining the key words, the data owner encrypts the data by using a private key of the data owner, generates an encryption index and sends the encryption index to a storage server; after the user purchases data, the data owner generates authorization information according to the user public key and sends the authorization information to the storage server, and the storage server sends the authorization information to the front-end server; a user initiates a query request, generates a user search trap door by using a user private key and sends the user search trap door to a front-end server; after receiving the information, the front-end server generates a server search trap door by using a front-end server private key and sends the server search trap door to a storage server; after receiving the information, the storage server interacts with the user; and the end user decrypts the data ciphertext according to the received decryption key to obtain complete data. According to the invention, a secure channel and a trusted third party are not required, and a user does not need to interact with a data owner after purchasing data from the data owner, so that the burden of the data owner is reduced; the double servers are used for storing and searching the encrypted data, and the inverted index is adopted, so that the complexity of the searching time is reduced, the searching efficiency is improved, and the keyword guessing attack can be effectively resisted.
Drawings
Fig. 1 is a flowchart of a dual-server multi-user searchable encryption method for resisting keyword guessing attacks according to embodiment 1.
Fig. 2 is a schematic structural diagram of a dual-server multi-user system according to embodiment 1.
Fig. 3 is a flowchart of generating a data cipher text and an encryption index thereof according to embodiment 3.
Detailed Description
The drawings are for illustrative purposes only and are not to be construed as limiting the patent;
for the purpose of better illustrating the embodiments, certain features of the drawings may be omitted, enlarged or reduced, and do not represent the size of an actual product;
it will be understood by those skilled in the art that certain well-known structures in the drawings and descriptions thereof may be omitted.
The technical solution of the present invention is further described below with reference to the accompanying drawings and examples.
Example 1
The embodiment provides a dual-server multi-user searchable encryption method for resisting keyword guessing attack, as shown in fig. 1, including:
s1: the dual-server multi-user system comprises a user, a data owner, a storage server and a front-end server; the system generates a public parameter based on the input security parameter and the keyword word set space; respectively generating a data owner public and private key pair, a user public and private key pair, a storage server public and private key pair and a front-end server public and private key pair for a data owner, a user, a storage server and a front-end server based on public parameters;
s2: the data owner determines the private part of the data according to the keyword word set space, and encrypts the data by using the private key of the data owner, the public key of the storage server, the private part of the data and the corresponding keywords to generate a data ciphertext and an encryption index thereof; sending the decryption key for decrypting the data ciphertext, the data ciphertext and the encryption index thereof to a storage server for storage;
s3: after a user purchases data from a data owner, the data owner generates authorization information and sends the authorization information to a storage server; the storage server receives the authorization information and then sends the authorization information to the front-end server;
s4: the user generates a user search trapdoor according to a user private key, a storage server public key, a front-end server public key and corresponding keywords, and the user search trapdoor is used as a query request and sent to a front-end server;
s5: after receiving the query request, the front-end server generates a server search trapdoor by using a front-end server private key, authorization information and a user search trapdoor, and sends the server search trapdoor to a storage server; after the transmission is finished, updating the current authorization information;
s6: after receiving the server search trap door, the storage server searches for the trap door by using a storage server private key, authorization information and the server search trap door, searches in the encrypted index, and sends a data ciphertext and a decryption key corresponding to the encrypted index to a user; after the transmission is finished, updating the current authorization information;
s7: and the user decrypts the data ciphertext according to the received decryption key to obtain complete data.
In a specific implementation process, as shown in fig. 2, a dual-server multi-user system is established in this embodiment, public parameters are generated according to security parameters and a keyword word set space, and users, data owners, a storage server and a front-end server in a model generate respective public and private key pairs based on the public parameters; after determining the key words, the data owner encrypts the data by using a private key of the data owner, generates an encryption index and sends the encryption index to a storage server; after the user purchases data, the data owner generates authorization information according to the user public key and sends the authorization information to the storage server, and the storage server sends the authorization information to the front-end server; a user initiates a query request, generates a user search trap door by using a user private key and sends the user search trap door to a front-end server; after receiving the user search trap door, the front-end server generates a server search trap door by using a private key of the front-end server and sends the server search trap door to the storage server; after receiving the server searching trap door, the storage server interacts with the user; and the end user decrypts the data ciphertext according to the received decryption key to obtain complete data. According to the invention, a secure channel and a trusted third party are not required, and a user does not need to interact with a data owner after purchasing data from the data owner, so that the burden of the data owner is reduced; the double servers are used for storing and searching the encrypted data, and the inverted index is adopted, so that the complexity of the searching time is reduced, the searching efficiency is improved, and the keyword guessing attack can be effectively resisted.
Example 2
The embodiment provides a double-server multi-user searchable encryption method for resisting keyword guessing attack, which comprises the following steps:
s1: the dual-server multi-user system comprises a user, a data owner, a storage server and a front-end server; the system generates a public parameter based on the input security parameter and the keyword word set space; respectively generating a data owner public and private key pair, a user public and private key pair, a storage server public and private key pair and a front-end server public and private key pair for a data owner, a user, a storage server and a front-end server based on public parameters; the method specifically comprises the following steps:
system input-based safety parameters 1λAnd keyword word set space
Generate a common parameter, note
wherein ,
respectively representing a first multiplication cyclic group, a second multiplication cyclic group and a third multiplication cyclic group, wherein the orders are q; g1,g2Respectively representing a first multiplication cyclic group generator and a second multiplication cyclic group generator; e denotes bilinear mapping:
H1,H2,H3respectively representing a first hash function, a second hash function and a third hash function,
id represents a data identifier;
the data owner randomly selects the first parameter
Generating an element g based on a second multiplicative cyclic group in a common parameter2Generating data owner public and private key pair
wherein ,PKoRepresenting the data owner's public key, SKoRepresenting a data owner private key;
user uiRandomly selecting a second parameter
Generating an element g based on a second multiplicative cyclic group in a common parameter2Generating user public and private key pair
wherein ,PKiRepresenting the user's public key, SKiRepresenting a user private key, i being a positive integer;
the storage server randomly selects a third parameter
Generating element g based on first multiplication cycle group in common parameter1And a second multiplication cycle group generator g2And generating a public and private key pair of the storage server
wherein ,PKSSIt is meant that the server public key is stored,
representing a first component of the storage server public key,
representing a storage server public key second component, SKSSRepresenting a storage server private key;
the front-end server randomly selects a fourth parameter
Generating element g based on first multiplication cycle group in common parameter1Generating a public and private key pair of the front-end server
wherein ,PKFSRepresenting the front-end server public key, SKFSRepresenting a front-end server private key;
wherein ,
represents a finite field ZqRemoving the set of zero elements;
s2: the data owner determines the private part of the data according to the keyword word set space, and encrypts the data by using the private key of the data owner, the public key of the storage server, the private part of the data and the corresponding keywords to generate a data ciphertext and an encryption index thereof; sending the decryption key for decrypting the data ciphertext, the data ciphertext and the encryption index thereof to a storage server for storage; the method comprises the following specific steps:
s2.1: the data owner determines a keyword w in the keyword word set space w and randomly selects a fifth parameter
Generating private portions of data
Pri is a list of variables, and the initialization value is Pri ═ p; pt [ w ]]A record representing a keyword w;
s2.2: randomly selecting an encryption key sk from a data identifier id by a data ownerid∈{0,1}λEncrypting the data based on a symmetric encryption algorithm to obtain a data ciphertext;
encrypting the data using a symmetric encryption method, such as AES;
s2.3: the data owner is based on IndexEnc algorithm and according to the private key SK of the data owneroStorage server public key PKSSData private part Pri, keyword w, data identifier id and encryption key skidRandomly selecting a sixth parameter
Vector L ∈ {0,1}logqGenerating an encryption index C ═ C1,C2,C3]; wherein ,C1Representing the first component of the encryption index, C2Representing the second component of the encryption index, C2Representing an encryption index third component; the method specifically comprises the following steps:
in the private part Pri, search by keyword w (w, Pt [ w)]),
If (w, Pt [ w ]]) Absence of (w, Pt [ w ]]L) to the private part Pri, at this point
If (w, Pt [ w ]]) Exist, let C1=Pt[w],
Updating Pt [ w ] in private portion Pri]Let Pt [ w ] be]=L;
wherein ,PKSS,2Representing the second component of the storage server public key, i.e.
S2.4: the encryption key skidThe data cipher text and the encryption index C thereof are sent to a storage server as a decryption key for storage;
s3: after a user purchases data from a data owner, the data owner generates authorization information and sends the authorization information to a storage server; the storage server receives the authorization information and then sends the authorization information to the front-end server;
the specific method for generating the authorization information comprises the following steps:
user uiAfter purchasing data from a data owner, the data owner obtains the user public key PK of the useri(ii) a The data owner based on the data owner private key SKoThe user public key PK of the useriAnd private part Pri calculating authorization information
in the formula ,AIo,iRepresenting data owner to user uiThe authorization information of (2);
s4: the user generates a user search trapdoor according to the user private key, the storage server public key, the front-end server public key and the corresponding key words, and the user search trapdoor is used as a query request and sent to the front-end server;
the specific method for generating the user search trapdoor comprises the following steps:
based on TrapGen algorithm, user uiAccording to the user private key SKiStorage server public key PKSSFront-end server public key PKFSAnd a keyword w, and randomly selecting a seventh parameter and an eighth parameter
Generating user search trapdoors
wherein ,Ti,wRepresenting user uiWith respect to the keyword wThe search trapdoor of (1) is,
representing a user searching for the first component of the trapdoor,
representing the user searching for the second component of the trapdoor,
representing a user searching for a third component of the threshold,
PKSS,1representing the first component of the storage server public key, i.e.
S5: after receiving the query request, the front-end server generates a server search trapdoor by using a front-end server private key, authorization information and a user search trapdoor, and sends the server search trapdoor to a storage server; after the transmission is finished, updating the current authorization information;
the specific method for generating the server search trapdoor comprises the following steps:
based on the FrontTrap algorithm, the front-end server according to the front-end server private key SKFSAI, authorization informationo,iAnd user search for the trapdoor Ti,wGenerating server search trapdoors
wherein ,TFS,wRepresenting the search trapdoor of the front-end server FS with respect to the keyword w,
the presentation server searches for the first component of the trapdoor,
the presentation server searches for the trapdoor second component,
s6: after receiving the server search trap door, the storage server searches for the trap door by using a storage server private key, authorization information and the server search trap door, searches in the encrypted index, and sends a data ciphertext and a decryption key corresponding to the encrypted index to a user; after the transmission is finished, updating the current authorization information; the method specifically comprises the following steps:
s6.1: based on Search algorithm, the storage server according to the storage server private key SKSSAuthorization information AIo,iAnd server search trapdoor TFS,wCalculating a first component of the keyword
S6.2: the storage server searches all the encryption indexes for the first component C of the encryption index1L' corresponds to an encryption index C ═ C1,C2,C3](ii) a If the search is not available, stopping the search; otherwise, calculating a ninth parameter
Tenth parameter U2=C3Will U is1,U2Sent to user ui;
S6.3: user uiReceive U1,U2Then, calculate
Liberating Pt [ w]Then sending the data to a storage server;
s6.4: the storage server receives Pt [ w ]]Then, L' is made Pt [ w ]]The data cipher text and the decryption key sk corresponding to the encryption index C are usedidSent to user ui。
S7: and the user decrypts the data ciphertext according to the received decryption key to obtain complete data.
In S5 and S6, the specific method of updating the current authorization information is:
based on the RevUser algorithm, the front-end server sends the server search trap door to the storageAfter the server, the user u is sent toiCorresponding authorization information AIo,iDeleting; after the data cipher text and the decryption key of the storage server are sent to the user, the user u is sent to the serveriCorresponding authorization information AIo,iAnd (5) deleting.
Example 3
The present embodiment provides a dual-server multi-user searchable encryption apparatus for resisting keyword guessing attack, based on the searchable encryption method described in embodiment 1 or 2, as shown in fig. 3, including:
the system comprises a public and private key pair generation module, a dual-server multi-user system and a front-end server, wherein the dual-server multi-user system comprises users, data owners, a storage server and the front-end server; the system generates a public parameter based on the input security parameter and the keyword word set space; respectively generating a data owner public and private key pair, a user public and private key pair, a storage server public and private key pair and a front-end server public and private key pair for a data owner, a user, a storage server and a front-end server based on public parameters;
the data owner encrypts the data by using the private key of the data owner, the public key of the storage server, the private part of the data and the corresponding key word to generate a data ciphertext and an encryption index thereof; sending the decryption key for decrypting the data ciphertext, the data ciphertext and the encryption index thereof to a storage server for storage;
the data owner generates authorization information and sends the authorization information to the storage server after the user purchases data from the data owner; the storage server receives the authorization information and then sends the authorization information to the front-end server;
the first trapdoor module is used for generating a user search trapdoor by a user according to a user private key, a storage server public key, a front-end server public key and corresponding keywords, and sending the user search trapdoor to the front-end server as a query request;
the front-end server generates a server search trap door by using a private key of the front-end server, authorization information and the user search trap door after receiving the query request, and sends the server search trap door to the storage server; after the transmission is finished, updating the current authorization information;
the search module is used for searching in the encrypted index by utilizing a private key of the storage server, authorization information and the server search trap door after the storage server receives the server search trap door, and sending a data ciphertext and a decryption key corresponding to the encrypted index to a user; after the transmission is finished, updating the current authorization information;
and the decryption module is used for decrypting the data ciphertext by the user according to the received decryption key to obtain complete data.
The same or similar reference numerals correspond to the same or similar parts;
the terms describing positional relationships in the drawings are for illustrative purposes only and are not to be construed as limiting the patent;
it should be understood that the above-described embodiments of the present invention are merely examples for clearly illustrating the present invention, and are not intended to limit the embodiments of the present invention. Other variations and modifications will be apparent to persons skilled in the art in light of the above description. And are neither required nor exhaustive of all embodiments. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present invention should be included in the protection scope of the claims of the present invention.
Claims (10)
1. A dual-server multi-user searchable encryption method resistant to keyword guessing attacks is characterized by comprising the following steps:
s1: the dual-server multi-user system comprises a user, a data owner, a storage server and a front-end server; the system generates a public parameter based on the input security parameter and the keyword word set space; respectively generating a data owner public and private key pair, a user public and private key pair, a storage server public and private key pair and a front-end server public and private key pair for a data owner, a user, a storage server and a front-end server based on public parameters;
s2: the data owner determines the private part of the data according to the keyword word set space, and encrypts the data by using the private key of the data owner, the public key of the storage server, the private part of the data and the corresponding keywords to generate a data ciphertext and an encryption index thereof; sending the decryption key for decrypting the data ciphertext, the data ciphertext and the encryption index thereof to a storage server for storage;
s3: after a user purchases data from a data owner, the data owner generates authorization information and sends the authorization information to a storage server; the storage server receives the authorization information and then sends the authorization information to the front-end server;
s4: the user generates a user search trapdoor according to a user private key, a storage server public key, a front-end server public key and corresponding keywords, and the user search trapdoor is used as a query request and sent to a front-end server;
s5: after receiving the query request, the front-end server generates a server search trapdoor by using a front-end server private key, authorization information and a user search trapdoor, and sends the server search trapdoor to a storage server; after the transmission is finished, updating the current authorization information;
s6: after receiving the server search trap door, the storage server searches for the trap door by using a storage server private key, authorization information and the server search trap door, searches in the encrypted index, and sends a data ciphertext and a decryption key corresponding to the encrypted index to a user; after the transmission is finished, updating the current authorization information;
s7: and the user decrypts the data ciphertext according to the received decryption key to obtain complete data.
2. The dual-server multi-user searchable encryption method according to claim 1, wherein in step S1, the specific method for generating the common parameter based on the input security parameter and the keyword word set space is as follows:
system input-based safety parameters 1λAnd keyword word set space
Generate a common parameter, note
wherein ,
respectively representing a first multiplication cyclic group, a second multiplication cyclic group and a third multiplication cyclic group, wherein the orders are q; g1,g2Respectively representing a first multiplication cyclic group generator and a second multiplication cyclic group generator; e denotes bilinear mapping:
H1,H2,H3respectively representing a first, a second and a third hash function, H1:
H2:
H3:
id denotes a data identifier.
3. The dual-server multi-user searchable encryption method according to claim 2, wherein in step S1, the specific method for generating the data owner public-private key pair, the user public-private key pair, the storage server public-private key pair and the front-end server public-private key pair for the data owner, the user, the storage server and the front-end server respectively based on public parameters is as follows:
the data owner randomly selects the first parameter
Generating element g based on second multiplication cyclic group in common parameter2Generating data owner public and private key pair
wherein ,PKoRepresenting the data owner's public key, SKoRepresenting a data owner private key;
user uiRandomly selecting a second parameter
Generating element g based on second multiplication cyclic group in common parameter2Generating user public and private key pair
wherein ,PKiRepresenting the user's public key, SKiRepresenting a user private key, i being a positive integer;
the storage server randomly selects a third parameter
Generating element g based on first multiplication cycle group in common parameter1And a second multiplication cyclic group generator g2And generating a public and private key pair of the storage server
wherein ,PKSSIt is meant that the server public key is stored,
representing a first component of the storage server public key,
representing a storage server public key second component, SKSSRepresenting a storage server private key;
the front-end server randomly selects a fourth parameter
Generating element g based on first multiplication cycle group in common parameter1Generating a public and private key pair of the front-end server
wherein ,PKFSRepresenting the front-end server public key, SKFSRepresenting a front-end server private key;
wherein ,
represents a finite field ZqThe set of zeros is removed.
4. The dual-server multi-user searchable encryption method according to claim 3, wherein said step S2 specifically includes:
s2.1: data owner in keyword word set space
Determining the key word w, and randomly selecting a fifth parameter
Generating private portions of data
Pri is a variable list, and the initialization value is Pri ═ p; pt [ w ]]A record representing a keyword w;
s2.2: randomly selecting an encryption key sk from a data identifier id by a data ownerid∈{0,1}λEncrypting the data based on a symmetric encryption algorithm to obtain a data ciphertext;
s2.3: the data owner is based on IndexEnc algorithm and according to the private key SK of the data owneroAnd storage server public key PKSSData private part Pri, keyword w, data identifier id and encryption key skidRandomly selecting a sixth parameter
Vector L ∈ {0,1}logqGenerating an encryption index C ═ C1,C2,C3]; wherein ,C1Representing the first component of the encryption index, C2Representing the second component of the encryption index, C3Representing an encryption index third component;
s2.4: the encryption key skidAnd the data cipher text and the encryption index C thereof are sent to the storage server as the decryption key for storage.
5. The dual-server multi-user searchable encryption method for resisting keyword guessing attack according to claim 4, wherein the specific method of S2.3 is as follows:
in the private part Pri, search by keyword w (w, Pt [ w)]),
If (w, Pt [ w ]]) Absence of (w, Pt [ w ]]L) to the private part Pri, at this point
If (w, Pt [ w ]]) Exist, let C1=Pt[w],
Updating Pt [ w ] in private portion Pri]Let Pt [ w ] be]=L;
wherein ,PKSS,2Representing the second component of the storage server public key, i.e.
6. The dual-server multi-user searchable encryption method according to claim 4, wherein in step S3, the specific method for generating the authorization information is as follows:
user uiAfter purchasing data from a data owner, the data owner obtains the user public key PK of the useri(ii) a The data owner based on the data owner private key SKoThe user public key PK of the useriAnd private part Pri calculates authorization information
in the formula ,AIo,iRepresenting data owner to user uiThe authorization information of (2).
7. The dual-server multi-user searchable encryption method according to claim 4, wherein in said step S4, the specific method for the user to generate the user search trapdoor according to the user private key, the storage server public key, the front-end server public key, and the corresponding keyword is as follows:
based on TrapGen algorithm, user uiAccording to the user private key SKiAnd storage server public key PKSSFront-end server public key PKFSAnd a keyword w, and randomly selecting a seventh parameter r and an eighth parameter r1,
Generating user search trapdoors
wherein ,Ti,wRepresenting user uiWith respect to the search trapdoor for the keyword w,
representing a user searching for the first component of the trapdoor,
representing the user searching for the second component of the trapdoor,
indicating that the user has searched for a third divisionThe amount of the (B) component (A),
PKSS,1representing the first component of the storage server public key, i.e.
8. The dual-server multi-user searchable encryption method for resisting keyword guess attack according to claim 7, where in step S5, after the front-end server receives the query request, the specific method for generating the server search trapdoor by using the front-end server private key, the authorization information and the user search trapdoor includes:
based on Fronttrap algorithm, the front-end server according to the front-end server private key SKFSAuthorization information AIo,iAnd user search for the trapdoor Ti,wGenerating server search trapdoors
wherein ,TFS,wRepresenting the search trapdoor of the front-end server FS with respect to the keyword w,
the presentation server searches for the trapdoor first component,
the presentation server searches for the second component of the trapdoor,
9. the dual-server multi-user searchable encryption method according to claim 8, wherein in step S6, after the storage server receives the server search trap, the storage server searches through the encryption index using the storage server private key, the authorization information, and the server search trap, and the specific method for sending the data ciphertext and the decryption key corresponding to the encryption index to the user is as follows:
s6.1: based on Search algorithm, the storage server according to the storage server private key SKSSAuthorization information AIo,iAnd server search trapdoor TFS,wCalculating a first component of the keyword
S6.2: the storage server searches all the encryption indexes for the first component C of the encryption index1L' corresponds to an encryption index C ═ C1,C2,C3](ii) a If the search is not available, stopping the search; otherwise, calculating a ninth parameter
Tenth parameter U2=C3Will U is1,U2Sent to user ui;
S6.3: user uiReceive U1,U2Then, calculate
Liberating Pt [ w]Then sending the data to a storage server;
s6.4: the storage server receives Pt [ w ]]Then, L' is made Pt [ w ]]The data cipher text and the decryption key sk corresponding to the encryption index C are usedidSent to user ui。
10. A dual server multi-user searchable encryption apparatus resistant to keyword guessing attacks, comprising:
the system comprises a public and private key pair generation module, a dual-server multi-user system and a front-end server, wherein the dual-server multi-user system comprises users, data owners, a storage server and the front-end server; the system generates a public parameter based on the input security parameter and the keyword word set space; respectively generating a data owner public and private key pair, a user public and private key pair, a storage server public and private key pair and a front-end server public and private key pair for a data owner, a user, a storage server and a front-end server based on public parameters;
the data owner encrypts the data by using a private key of the data owner, a public key of the storage server, the private part of the data and a corresponding keyword to generate a data ciphertext and an encryption index thereof; sending the decryption key for decrypting the data ciphertext, the data ciphertext and the encryption index thereof to a storage server for storage;
the authorization module is used for generating authorization information by the data owner after the user buys the data from the data owner and sending the authorization information to the storage server; the storage server receives the authorization information and then sends the authorization information to the front-end server;
the first trapdoor module is used for generating a user search trapdoor by a user according to a user private key, a storage server public key, a front-end server public key and corresponding keywords, and sending the user search trapdoor to the front-end server as a query request;
the front-end server generates a server search trap door by using a private key of the front-end server, authorization information and the user search trap door after receiving the query request, and sends the server search trap door to the storage server; after the transmission is finished, updating the current authorization information;
the searching module searches in the encrypted index by using a private key of the storage server, authorization information and the server search trap door after the storage server receives the server search trap door, and sends a data ciphertext and a decryption key corresponding to the encrypted index to a user; after the transmission is finished, updating the current authorization information;
and the decryption module is used for decrypting the data ciphertext by the user according to the received decryption key to obtain complete data.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210284356.7A CN114745160B (en) | 2022-03-22 | 2022-03-22 | Double-server multi-user searchable encryption method and device for resisting keyword guessing attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210284356.7A CN114745160B (en) | 2022-03-22 | 2022-03-22 | Double-server multi-user searchable encryption method and device for resisting keyword guessing attack |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114745160A true CN114745160A (en) | 2022-07-12 |
| CN114745160B CN114745160B (en) | 2023-05-30 |
Family
ID=82277728
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210284356.7A Active CN114745160B (en) | 2022-03-22 | 2022-03-22 | Double-server multi-user searchable encryption method and device for resisting keyword guessing attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114745160B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109086615A (en) * | 2018-08-03 | 2018-12-25 | 上海海事大学 | A kind of support multiple key search public key encryption method of anti-keyword guessing attack |
| CN112037870A (en) * | 2020-07-20 | 2020-12-04 | 北京航空航天大学 | Double-server light searchable encryption method and system supporting data partitioning |
| CN113779593A (en) * | 2021-08-13 | 2021-12-10 | 桂林电子科技大学 | Identity-based dual-server authorization ciphertext equivalence determination method |
-
2022
- 2022-03-22 CN CN202210284356.7A patent/CN114745160B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109086615A (en) * | 2018-08-03 | 2018-12-25 | 上海海事大学 | A kind of support multiple key search public key encryption method of anti-keyword guessing attack |
| CN112037870A (en) * | 2020-07-20 | 2020-12-04 | 北京航空航天大学 | Double-server light searchable encryption method and system supporting data partitioning |
| CN113779593A (en) * | 2021-08-13 | 2021-12-10 | 桂林电子科技大学 | Identity-based dual-server authorization ciphertext equivalence determination method |
Non-Patent Citations (2)
| Title |
|---|
| 曹素珍等: "抗关键词猜测的授权可搜索加密方案", 《电子与信息学报》 * |
| 郭轲鑫等: "基于双服务器的抗关键词猜测攻击的公钥可搜索加密方案", 《计算机应用研究》 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114745160B (en) | 2023-05-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107491497B (en) | Multi-user multi-keyword sequencing searchable encryption system supporting query in any language | |
| CN109450935B (en) | Verifiable semantic security multi-keyword search method in cloud storage | |
| CN107256248B (en) | Wildcard-based searchable encryption method in cloud storage security | |
| CN109493017B (en) | Trusted outsourcing storage method based on block chain | |
| CN105049196B (en) | The encryption method that multiple keywords of designated position can search in cloud storage | |
| CN106330865A (en) | Property base keyword searching method supporting efficient revocation in cloud environment | |
| CN110392038B (en) | Multi-key searchable encryption method capable of being verified in multi-user scene | |
| CN103281377A (en) | Cryptograph data storage and searching method for cloud | |
| CN112989375B (en) | Hierarchical optimization encryption lossless privacy protection method | |
| CN108632385B (en) | Time sequence-based cloud storage privacy protection method for multi-branch tree data index structure | |
| CN114826703B (en) | Block chain-based data search fine granularity access control method and system | |
| CN114021164B (en) | Credit system privacy protection method based on block chain | |
| CN112417006A (en) | Ciphertext keyword searching method, system, device and medium based on block chain | |
| CN114417073B (en) | Neighbor node query method and device of encryption graph and electronic equipment | |
| CN107294701B (en) | Multidimensional ciphertext interval query device and method with efficient key management | |
| CN112804052A (en) | User identity encryption method based on composite order group | |
| CN112000985A (en) | Proxy re-encryption method and system with specified condition keyword search function | |
| CN108259172B (en) | Ciphertext searching method in cloud storage system | |
| CN115459967A (en) | Ciphertext database query method and system based on searchable encryption | |
| CN114745160B (en) | Double-server multi-user searchable encryption method and device for resisting keyword guessing attack | |
| CN108471405A (en) | A kind of positive secrecy dynamic based on cloud disk can search for encrypted Protocol Design Method | |
| CN115174600A (en) | Ciphertext data encryption and safe retrieval method and device for cloud storage system | |
| Blömer et al. | Cloud architectures for searchable encryption | |
| CN110830252B (en) | Data encryption method, device, equipment and storage medium | |
| CN113868450A (en) | Remote sensing image safety retrieval method based on block chain |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |