CN114884700B - Searchable public key encryption batch processing method and system for resisting key guessing attack - Google Patents
Searchable public key encryption batch processing method and system for resisting key guessing attack Download PDFInfo
- Publication number
- CN114884700B CN114884700B CN202210402936.1A CN202210402936A CN114884700B CN 114884700 B CN114884700 B CN 114884700B CN 202210402936 A CN202210402936 A CN 202210402936A CN 114884700 B CN114884700 B CN 114884700B
- Authority
- CN
- China
- Prior art keywords
- searchable
- key
- ciphertext
- keyword
- group
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000003672 processing method Methods 0.000 title claims abstract description 11
- 238000000034 method Methods 0.000 claims abstract description 24
- 238000012545 processing Methods 0.000 claims description 14
- 238000005516 engineering process Methods 0.000 abstract description 14
- 238000004891 communication Methods 0.000 abstract description 6
- 238000004364 calculation method Methods 0.000 abstract description 4
- 238000010586 diagram Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 3
- 230000007547 defect Effects 0.000 description 2
- 230000006872 improvement Effects 0.000 description 2
- 238000013475 authorization Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000013507 mapping Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0866—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3255—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a searchable public key encryption batch processing method and a system for resisting key guessing attack, belonging to the field of encryption and cloud storage security, wherein the method comprises the following steps: the receiving end generates corresponding group private keys for all the sending ends respectively by utilizing the group master key according to the identity IDs of all the sending ends; the sending end generates a searchable ciphertext containing the keyword and a file ciphertext by using the corresponding group private key, the ID and the keyword contained in the file to be uploaded, and uploads the searchable ciphertext and the file ciphertext to the cloud server; the receiving end generates a search trapdoor matched with the searchable ciphertext by utilizing the group master key according to the key and uploads the search trapdoor to the cloud server; and the cloud server matches all the searchable ciphertexts according to the search trapdoor and returns the file ciphertexts corresponding to the matched searchable ciphertexts to the receiving end. And the communication cost and the calculation cost of the searchable public key encryption technology based on the trusted sending end are reduced while the key word guessing attack is resisted.
Description
Technical Field
The invention belongs to the field of encryption and cloud storage security, and particularly relates to a searchable public key encryption batch processing method and system for resisting key guessing attack.
Background
With the rapid development of the internet, the data size of users is larger and larger, and the local storage space of the users is gradually unable to meet the demands of the users. Thus, more and more users choose to store their data in the cloud until needed. The cloud server may look up the data stored on the cloud by the user while correctly following the user instruction, resulting in disclosure of the privacy of the user. To ensure confidentiality and availability of cloud storage services, searchable encryption techniques are proposed. Searchable public key encryption is one of the searchable encryption techniques that is plagued by key guessing attacks due to the setting of its public key scenario. When any adversary obtains the search trapdoor sent by the receiving end, the adversary can traverse the key word space with the polynomial size, select the key words one by utilizing the public key disclosed by the receiving end to generate the corresponding key word ciphertext, and match the corresponding key word ciphertext with the captured search trapdoor, so that the corresponding plaintext key words are restored through the matching result.
In order to resist key word guessing attacks in the searchable public key encryption technology, scholars have proposed numerous solutions, and the main current schemes are mainly divided into four types: the method comprises the steps of a searchable public key encryption technology of a designated server, a searchable public key encryption technology of a plurality of servers, a searchable public key encryption technology based on fuzzy matching and a searchable public key encryption technology based on a trusted sending end. The method introduces the information of the transmitting end into the searchable public key encryption technology based on the searchable public key encryption technology of the trusted transmitting end, so that the search trapdoor generated by the receiving end can only be matched with the ciphertext generated by the specific trusted transmitting end, and therefore any adversary does not have the capability of generating the ciphertext of the effective key word.
The searchable public key encryption technology based on the trusted sender resists key guessing attack to a certain extent and does not have the defects of the other three schemes, but the method can cause new problems that the receiving end can only process data of a single sender at each time of searching, if searching data of a plurality of senders, searching trapdoors need to be independently constructed for each sender, and larger expenditure can be increased under the condition of more senders. Therefore, how to design a searchable public key encryption scheme that can resist key guessing attacks while keeping the overhead from being greatly improved is a need for a solution.
Disclosure of Invention
Aiming at the defects and improvement demands of the prior art, the invention provides a searchable public key encryption batch processing method and a searchable public key encryption batch processing system for resisting key guessing attacks, which aim to reduce the cost of a searchable public key encryption technology based on a trusted sending end from linearity to constant while resisting the key guessing attacks, and reduce the communication cost and the calculation cost.
In order to achieve the above object, according to one aspect of the present invention, there is provided a method for performing a batch processing of searchable public key encryption against a key guessing attack, for a group including a cloud server, a receiving end, and N sending ends, where N is greater than or equal to 1, the method comprising: s1, the receiving end generates corresponding group private keys for the sending ends respectively by using a group master key according to the identity ID of the sending ends; s2, the sending end generates a searchable ciphertext containing the keyword and a file ciphertext by using the corresponding group private key, the ID and the keyword contained in the file to be uploaded, and uploads the searchable ciphertext and the file ciphertext to the cloud server; s3, the receiving end generates a search trapdoor matched with the searchable ciphertext by utilizing the group master key according to the key and uploads the search trapdoor to the cloud server; and S4, the cloud server matches all the searchable ciphertexts according to the search trapdoor, and returns the file ciphertexts corresponding to the matched searchable ciphertexts to the receiving end.
Still further, the group private key generated in S1 is:
gsk i =H 1 (ID i ) gmsk
wherein ,gski For the group private key corresponding to the ith sender, ID i I=1, 2 for the identity ID of the i-th sender, i=1, 2 1 () Is a first cryptographic hash function.
Further, the searchable ciphertext generated in S2 is:
C wi =(C 1i ,C 2i )
C 1i =H 1 (ID i ) r
wherein ,Cwi The searchable ciphertext corresponding to the keyword w is C 1i C, as a first intermediate ciphertext corresponding to the keyword w 2i As the second intermediate ciphertext corresponding to the keyword w, gsk i The corresponding group private key of the ith transmitting end is w is the key word of the file to be uploaded, and the ID i I=1, 2 for the identity ID of the i-th sender, N, r is a random value, H 1 () For the first cryptographic hash function, H 2 () For a second cryptographic hash function, H 3 () For the third cryptographic hash function,is a bilinear map.
Still further, the search trapdoor generated in S3 is:
T w =H 2 (w) gmsk
wherein ,Tw The search trapdoor corresponding to the keyword w is the keyword to be searched, H 2 () For the second cryptographic hash function, gmsk is the group master key.
Still further, the searchable ciphertext and the search trapdoor matched in S4 satisfy:
wherein ,C1i C, as a first intermediate ciphertext corresponding to the keyword w 2i For the second intermediate ciphertext corresponding to the keyword w, T w Search trapdoor corresponding to keyword w, i=1, 2, N, H 3 () For the third cryptographic hash function,is a bilinear map.
Still further, the step S1 further includes: based on presetIs used for constructing bilinear mapping according to the security parameters of the (1)
wherein ,for the first elliptic curve group, < >>For the second elliptic curve group, < >>The length of the order of (2) is equal to the safety parameter; and randomly selecting a generator g in the first elliptic curve group.
Still further, the step S1 further includes: selecting three cryptographic hash functions H 1 、H 2 、H 3 :
Wherein k is the security parameter.
Still further, the step S1 further includes: in the multiplication groupAn element is randomly selected as the group master key.
According to another aspect of the invention, a searchable public key encryption batch processing system for resisting key guessing attack is provided, which comprises a cloud server, a receiving end and N sending ends, wherein N is more than or equal to 1; the receiving end is used for generating corresponding group private keys for the sending ends respectively by utilizing the group master key according to the identity ID of the sending ends; the sending end is used for generating a searchable ciphertext containing the key words and a file ciphertext by utilizing the corresponding group private key, the ID and the key words contained in the file to be uploaded and uploading the searchable ciphertext and the file ciphertext to the cloud server; the receiving end is also used for generating a search trapdoor matched with the searchable ciphertext by utilizing the group master key according to the key and uploading the search trapdoor to the cloud server; and the cloud server is used for matching all the searchable ciphertexts according to the search trapdoor and returning the file ciphertexts corresponding to the matched searchable ciphertexts to the receiving end.
In general, through the above technical solutions conceived by the present invention, the following beneficial effects can be obtained:
(1) The method comprises the steps of introducing a group into a searchable public key encryption technology based on a trusted sending end, establishing a group, adding all objects trusted by a receiving end into the group, enabling an attacker of keyword guessing attack to be unable to generate a searchable ciphertext capable of being matched with a search trapdoor of the receiving end by adopting a group signature mode, fundamentally resisting the keyword guessing attack, enabling one search trapdoor generated by the receiving end to be capable of being matched with the searchable ciphertext containing the same keyword generated by all group members at one time, reducing linear overhead problems existing in the searchable public key encryption technology based on the trusted sending end into constant-level overhead, reducing calculation overhead and communication overhead of the searchable public key encryption technology based on the trusted sending end under the condition of guaranteeing the keyword guessing attack safety, and improving the efficiency of a system;
(2) For the cloud server, specific plaintext keyword information is unknown, and because the cloud server does not have a group private key, an effective keyword ciphertext cannot be generated, so that the condition of starting keyword guessing attack cannot be met, and the cloud server can be prevented from stealing user privacy.
Drawings
FIG. 1 is a flow chart of a method for batch processing searchable public key encryption against key guessing attacks provided by an embodiment of the present invention;
fig. 2 is a schematic diagram of an application scenario of a searchable public key encryption batch processing method for resisting a key guessing attack according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a group key distribution flow in a method for performing batch processing of searchable public key encryption against key guessing attacks according to an embodiment of the present invention;
fig. 4 is an operation schematic diagram of uploading ciphertext and keyword ciphertext by a trusted transmitting end in a searchable public key encryption batch processing method for resisting a keyword guessing attack according to an embodiment of the present invention;
fig. 5 is a schematic diagram of operations of receiving end retrieval in a searchable public key encryption batch processing method for resisting a key guessing attack according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention. In addition, the technical features of the embodiments of the present invention described below may be combined with each other as long as they do not collide with each other.
In the present invention, the terms "first," "second," and the like in the description and in the drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order.
Fig. 1 is a flowchart of a searchable public key encryption batch processing method for resisting a key guessing attack according to an embodiment of the present invention. Referring to fig. 1, in conjunction with fig. 2-5, a method for processing a searchable public key encryption batch processing against a key guessing attack in this embodiment is described in detail, and the method includes operations S1-S4.
The searchable public key encryption batch processing method for resisting the key guessing attack is used for a group comprising a cloud server, a receiving end and N sending ends, wherein the sending ends in the group are called trusted sending ends, the sending ends outside the group are called untrusted sending ends, the receiving end is used as a group owner, and the trusted sending ends are used as group members.
Taking a cloud server, a receiving end and two sending ends (a trusted sending end A and a trusted sending end B) as an example, an application scene formed by the cloud server is shown in fig. 2, wherein the receiving end, the trusted sending end A and the trusted sending end B are respectively in communication connection with the cloud server in a wired or wireless mode. The receiving end and each transmitting end may be, for example, a computer, a server, a mobile computer, a smart phone, a tablet computer, a wearable device, or other devices having a communication function and transmitting information.
Before operation S1 is performed, parameter initialization setting is required. According to an embodiment of the invention, the parameter initialization settings include group master key settings. Specifically, in the multiplication groupAn element s is randomly selected as the group master key gmsk, gmsk≡s, +.>
According to an embodiment of the invention, parameter initialization setup includes building a bilinear mapAnd initializing parameters. Specifically, a bilinear map is constructed based on preset security parameters +.>And in the first elliptic curve group +.>Is constructed by randomly selecting generator g>The method comprises the following steps:
wherein ,for the first elliptic curve group, < >>For the second elliptic curve group, < >>The length of the order of (c) is equal to the safety parameter.
According to an embodiment of the present invention, the parameter initialization setting includes selecting three cryptographic hash functions H 1 、H 2 、H 3 :
Where k is a security parameter. Further, based on the initialized bilinear mapFirst elliptic curve group->Is a generator g of (1), three cryptographic hash functions H 1 、H 2 、H 3 Generating public parameter->
After the receiving end completes the initialization setting of the parameters, the public parameters are released to the cloud server, and the trusted sending end and the untrusted sending end can acquire the public parameters from the cloud server and complete the respective setting. Only the trusted sender can generate a valid key ciphertext, which requires the trusted sender to have additional information, which is also key to resist key guessing attacks.
In operation S1, the receiving end generates corresponding group private keys for each sending end respectively by using the group master key according to the identity IDs of the sending ends.
Before or during operation, the sending end can apply to join in the group of the receiving end. The receiving end (namely, the group owner) generates a corresponding group private key for each sending end by using the group master key according to the identity ID of each sending end so as to add the group private key into the group. The receiving end obtains the ID of each trusted sending end, and derives different group private keys for different members based on the ID of each member one by utilizing the own group master key, thereby achieving the purpose of group member authorization.
Taking fig. 3 as an example, the trusted sending end a, the trusted sending end B and the untrusted sending end C respectively send their identities to the receiving end, and the receiving end respectively sends corresponding group private keys for the trusted sending end a and the sending end B, and does not send the group private keys to the untrusted sending end C so as to reject the untrusted sending end C from being added into the group.
According to an embodiment of the present invention, the group private key generated in operation S1 is:
gsk i =H 1 (ID i ) gmsk
wherein ,gski For the group private key corresponding to the ith sender, ID i I=1, 2 for the identity ID of the i-th sender, i=1, 2 1 () Is a first cryptographic hash function.
And S2, the sending end generates a searchable ciphertext containing the keyword and a file ciphertext by using the corresponding group private key, the ID and the keyword contained in the file to be uploaded and uploads the searchable ciphertext and the file ciphertext to the cloud server.
According to an embodiment of the present invention, the searchable ciphertext generated in operation S2 is:
C wi =(C 1i ,C 2i )
C 1i =H 1 (ID i ) r
wherein ,Cwi The searchable ciphertext corresponding to the keyword w is C 1i C, as a first intermediate ciphertext corresponding to the keyword w 2i As the second intermediate ciphertext corresponding to the keyword w, gsk i The corresponding group private key of the ith transmitting end is w is the key word of the file to be uploaded, and the ID i I=1, 2 for the identity ID of the i-th sender, N, r is a random value, H 1 () For the first cryptographic hash function, H 2 () For a second cryptographic hash function, H 3 () For the third cryptographic hash function,is a bilinear map.
Before uploading the file to the cloud server, the trusted sending end needs to complete confidentiality protection of the data, as shown in fig. 4. The trusted sending end firstly encrypts the plaintext into a file ciphertext, then extracts keyword information from the plaintext, and executes operation S2 to encrypt the file ciphertext into a keyword ciphertext (namely a searchable ciphertext containing keywords), and finally, the file ciphertext and the keyword ciphertext are associated together and uploaded to the cloud server.
Each authorized group member has additional but different information (group private key gsk compared to other group outside adversaries i ) The use of this additional information, and its identity ID, in the generation of the key ciphertext enables the generation of authorized searchable ciphers, which is also not possessed by unauthorized adversaries.
And S3, the receiving end generates a search trapdoor matched with the searchable ciphertext by using the group master key according to the key and uploads the search trapdoor to the cloud server.
Referring to fig. 5, the receiving end may generate a search trapdoor to obtain all file ciphertexts that are sent to the receiving end and contain the key to be searched. In this embodiment, the group mode is used to enable the search trapdoor of the receiving end to match the searchable ciphertext of all the trusted sending ends, but not the searchable ciphertext generated by the untrusted sending end, which requires the search trapdoor T generated by the receiving end w Can be combined with keyword ciphertext C wi Medium identity information part C 1i Combining and group private key encryption part C 2i Matching.
According to an embodiment of the present invention, the search trapdoor generated in operation S3 is:
T w =H 2 (w) gmsk
wherein ,Tw The search trapdoor corresponding to the keyword w is the keyword to be searched, H 2 () For the second cryptographic hash function, gmsk is the group master key.
In the present embodiment, the trapdoor T is retrieved w Requiring the receiving end to encrypt using the group master key gmsk without any group private key gsk derived from the group master key gmsk i Is unable to generate a search trapdoor T that can be matched with the adversary w Is a valid key ciphertext. Trusted sender i uses group private key gsk i Encryption key w, receiving end uses group master key gmsk to encrypt key to be searched to generate search trapdoor T w So that the trapdoor T is retrieved w Will not be covered by the group private key gsk i Invalid searchable public key ciphertext C generated by an outside group adversary or an adversary using a group private key of other groups wi Matched so as to have a group private key gsk i Searchable ciphertext C generated by a group member of (a) wi With the feature of being automatically authorized.
And S4, the cloud server matches all the searchable ciphertexts according to the search trapdoor, and returns the file ciphertexts corresponding to the matched searchable ciphertexts to the receiving end.
In the embodiment of the invention, the cloud server not only needs to have verification keywordsThe information matching function needs to be provided with a group membership verification function, so that the cloud server needs to search trapdoors T according to the search trapdoors w And searchable ciphertext C wi And judging whether the key information and the group identity information pass the verification at the same time.
According to an embodiment of the present invention, the matching of all searchable ciphers by the cloud server according to the search trapdoor in operation S4 includes: the cloud server retrieves all the searchable ciphertext stored by the cloud server according to the retrieval trapdoor; when the searched ciphertext contains the keyword corresponding to the search trapdoor and the generator of the searched ciphertext is the sender in the group, namely, when the following conditions are satisfiedThe searchable ciphertext retrieved at this time is the searchable ciphertext that matches the retrieval trapdoor.
Cloud server based on retrieval trapdoor T w For all searchable ciphertexts C wi Matching is carried out, and corresponding file ciphertext is returned to the receiving end. In the embodiment of the invention, the cloud server can verify and find out all and search trapdoors T through a matching algorithm w The matched file ciphertext, but the information of the specific plaintext key w is not known to the cloud server, since the cloud server does not have the group private key gsk i Therefore, the effective keyword ciphertext C cannot be generated wi Therefore, the condition for launching the keyword guess attack cannot be satisfied.
In addition, although the group private key gsk of each group member i The searchable ciphertext generated by these different group private keys may all be matched by the search trapdoor generated by the group master key. This is because the group private key is generated from the group member's identity ID and the group master key gmsk, while the group private key gsk i And group member identity ID are further used to encrypt the key w to generate key ciphertext C wi Then the search trapdoor T generated using the group master key gmsk will be used w And each keyword ciphertext C wi The combination of the parts encrypted by the group membership ID, the combined result can be used for verifying whether the combined result is combined with the group membership IDEach keyword ciphertext C wi Middle quilt group private key gsk i The encrypted portions match. Therefore, the receiving end only uses one search trapdoor T w Can match the key ciphertext C generated by all the members in the group wi Therefore, communication overhead and calculation overhead of the searchable public key encryption technology based on the trusted sender in the multi-sender scene are greatly reduced. An efficient searchable public key encryption system that is resistant to key guessing attacks without the need for additional introduction of a third party and without the need for a designated server is achieved.
The embodiment of the invention also provides a searchable public key encryption batch processing system for resisting the key guessing attack, which comprises a cloud server, a receiving end and N sending ends, wherein N is more than or equal to 1.
The receiving end executes operation S1, configured to generate, according to the ID of each sending end, a corresponding group private key for each sending end by using the group master key.
The sending end executes operation S2, which is used for generating a searchable ciphertext containing the keyword and a file ciphertext by using the corresponding group private key, the identity ID and the keyword contained in the file to be uploaded, and uploading the searchable ciphertext and the file ciphertext to the cloud server.
The receiving end also executes operation S3, which is used for generating a search trapdoor matched with the searchable ciphertext by using the group master key according to the keyword, and uploading the search trapdoor to the cloud server.
And the cloud server executes an operation S4 for matching all the searchable ciphertexts according to the search trapdoor and returning the file ciphertexts corresponding to the matched searchable ciphertexts to the receiving end.
The searchable public key encryption batching system that is resistant to key guessing attacks is used to perform the searchable public key encryption batching method that is resistant to key guessing attacks in the embodiments shown in fig. 1-5 described above. For details not yet in this embodiment, please refer to the above-mentioned method for performing batch processing of searchable public key encryption against key guessing attacks in the embodiments shown in fig. 1-5, which is not described herein.
It will be readily appreciated by those skilled in the art that the foregoing description is merely a preferred embodiment of the invention and is not intended to limit the invention, but any modifications, equivalents, improvements or alternatives falling within the spirit and principles of the invention are intended to be included within the scope of the invention.
Claims (8)
1. A searchable public key encryption batch processing method for resisting key guessing attack is used for a group comprising a cloud server, a receiving end and N sending ends, wherein N is more than or equal to 1, and is characterized in that the method comprises the following steps:
s1, the receiving end generates corresponding group private keys for the sending ends respectively by using a group master key according to the identity ID of the sending ends;
s2, the sending end generates a searchable ciphertext containing the keyword and a file ciphertext by using the corresponding group private key, the ID and the keyword contained in the file to be uploaded, and uploads the searchable ciphertext and the file ciphertext to the cloud server;
s3, the receiving end generates a search trapdoor matched with the searchable ciphertext by utilizing the group master key according to the key and uploads the search trapdoor to the cloud server;
s4, the cloud server matches all the searchable ciphertexts according to the search trapdoor, and returns the file ciphertexts corresponding to the matched searchable ciphertexts to the receiving end;
the searchable ciphertext generated in S2 is:
C wi =(C 1i ,C 2i )
C 1i =H 1 (ID i ) r
wherein ,Cwi The searchable ciphertext corresponding to the keyword w is C 1i C, as a first intermediate ciphertext corresponding to the keyword w 2i As the second intermediate ciphertext corresponding to the keyword w, gsk i The corresponding group private key of the ith transmitting end is w is the key word of the file to be uploaded, and the ID i I=1, 2 for the identity ID of the i-th sender, N, r is a random value, H 1 () For the first cryptographic hash function, H 2 () For a second cryptographic hash function, H 3 () For the third cryptographic hash function,is a bilinear map;
in the step S3, the sending end encrypts the keyword by using the group private key, and the receiving end encrypts the keyword to be searched by using the group master key to generate the search trapdoor.
2. The method for batch processing searchable public key encryption resistant to key guessing attacks according to claim 1, wherein the group private key generated in S1 is:
gsk i =H 1 (ID i ) gmsk
wherein ,gski For the group private key corresponding to the ith sender, ID i I=1, 2 for the identity ID of the i-th sender, i=1, 2 1 () Is a first cryptographic hash function.
3. The method for batch processing searchable public key encryption resistant to guessing attacks of keywords according to claim 1, wherein the search trapdoor generated in S3 is:
T w =H 2 (w) gmsk
wherein ,Tw The search trapdoor corresponding to the keyword w is the keyword to be searched, H 2 () For the second cryptographic hash function, gmsk is the group master key.
4. The method for batch processing searchable public key encryption resistant to key guessing attacks according to claim 1, wherein the matching searchable ciphertext and search trapdoor in S4 satisfies:
5. A searchable public key encryption batching method resistant to key guessing attacks as in any of claims 1-4, wherein S1 is preceded by: constructing bilinear map based on preset security parameters/>
wherein ,for the first elliptic curve group, < >>For the second elliptic curve group, < >>The length of the order of (2) is equal to the safety parameter;
and randomly selecting a generator g in the first elliptic curve group.
8. A searchable public key encryption batch processing system for resisting key guessing attack is characterized by comprising a cloud server, a receiving end and N sending ends, wherein N is more than or equal to 1;
the receiving end is used for generating corresponding group private keys for the sending ends respectively by utilizing the group master key according to the identity ID of the sending ends;
the sending end is used for generating a searchable ciphertext containing the key words and a file ciphertext by utilizing the corresponding group private key, the ID and the key words contained in the file to be uploaded and uploading the searchable ciphertext and the file ciphertext to the cloud server;
the receiving end is further used for generating a search trapdoor matched with the searchable ciphertext by utilizing the group master key according to the keyword, and uploading the search trapdoor to the cloud server, wherein the sending end encrypts the keyword w by using the group private key, and the receiving end encrypts the keyword to be searched by using the group master key to generate the search trapdoor;
the cloud server is used for matching all the searchable ciphertexts according to the search trapdoor and returning the file ciphertexts corresponding to the matched searchable ciphertexts to the receiving end;
the searchable ciphertext is:
C wi =(C 1i ,C 2i )
C 1i =H 1 (ID i ) r
wherein ,Cwi The searchable ciphertext corresponding to the keyword w is C 1i C, as a first intermediate ciphertext corresponding to the keyword w 2i As the second intermediate ciphertext corresponding to the keyword w, gsk i The corresponding group private key of the ith transmitting end is w is the key word of the file to be uploaded, and the ID i I=1, 2 for the identity ID of the i-th sender, N, r is a random value, H 1 () For the first cryptographic hash function, H 2 () For a second cryptographic hash function, H 3 () For the third cryptographic hash function,is a bilinear map. />
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210402936.1A CN114884700B (en) | 2022-04-18 | 2022-04-18 | Searchable public key encryption batch processing method and system for resisting key guessing attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210402936.1A CN114884700B (en) | 2022-04-18 | 2022-04-18 | Searchable public key encryption batch processing method and system for resisting key guessing attack |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114884700A CN114884700A (en) | 2022-08-09 |
CN114884700B true CN114884700B (en) | 2023-04-28 |
Family
ID=82668917
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210402936.1A Active CN114884700B (en) | 2022-04-18 | 2022-04-18 | Searchable public key encryption batch processing method and system for resisting key guessing attack |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114884700B (en) |
Families Citing this family (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116074013B (en) * | 2022-11-18 | 2024-07-09 | 电子科技大学 | Public key searchable encryption method for resisting back door attack |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103873236A (en) * | 2012-12-12 | 2014-06-18 | 华为技术有限公司 | Searchable encryption method and equipment thereof |
CN105024802A (en) * | 2015-07-13 | 2015-11-04 | 西安理工大学 | Bilinear pairing-based multi-user multi-keyword searchable encryption method in cloud storage |
CN105553660A (en) * | 2016-01-25 | 2016-05-04 | 华中科技大学 | Dynamic searchable public key encryption method |
CN106534092A (en) * | 2016-11-02 | 2017-03-22 | 西安电子科技大学 | Message-based and key-dependent privacy data encryption method |
WO2017166054A1 (en) * | 2016-03-29 | 2017-10-05 | 深圳大学 | Quantum homomorphism symmetry searchable encryption method and system |
CN107395568A (en) * | 2017-06-21 | 2017-11-24 | 西安电子科技大学 | A kind of cipher text retrieval method of more data owner's certifications |
CN108449309A (en) * | 2018-01-19 | 2018-08-24 | 华中科技大学 | A kind of mixed type can search for encryption method and system |
CN111147508A (en) * | 2019-12-30 | 2020-05-12 | 福建师范大学 | Searchable attribute-based encryption method for resisting keyword guessing attack |
CN111416710A (en) * | 2020-03-24 | 2020-07-14 | 国网山东省电力公司 | Certificateless searchable encryption method and system applied to multiple receiving ends |
CN111464292A (en) * | 2020-03-24 | 2020-07-28 | 国网山东省电力公司 | Method and system for searchable encryption of certificateless public key |
CN112861153A (en) * | 2021-02-10 | 2021-05-28 | 华中科技大学 | Keyword searchable delay encryption method and system |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
KR20130085491A (en) * | 2011-12-09 | 2013-07-30 | 한국전자통신연구원 | Multi-user searchable encryption system with index validation and tracing and method thereof |
-
2022
- 2022-04-18 CN CN202210402936.1A patent/CN114884700B/en active Active
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103873236A (en) * | 2012-12-12 | 2014-06-18 | 华为技术有限公司 | Searchable encryption method and equipment thereof |
CN105024802A (en) * | 2015-07-13 | 2015-11-04 | 西安理工大学 | Bilinear pairing-based multi-user multi-keyword searchable encryption method in cloud storage |
CN105553660A (en) * | 2016-01-25 | 2016-05-04 | 华中科技大学 | Dynamic searchable public key encryption method |
WO2017166054A1 (en) * | 2016-03-29 | 2017-10-05 | 深圳大学 | Quantum homomorphism symmetry searchable encryption method and system |
CN106534092A (en) * | 2016-11-02 | 2017-03-22 | 西安电子科技大学 | Message-based and key-dependent privacy data encryption method |
CN107395568A (en) * | 2017-06-21 | 2017-11-24 | 西安电子科技大学 | A kind of cipher text retrieval method of more data owner's certifications |
CN108449309A (en) * | 2018-01-19 | 2018-08-24 | 华中科技大学 | A kind of mixed type can search for encryption method and system |
CN111147508A (en) * | 2019-12-30 | 2020-05-12 | 福建师范大学 | Searchable attribute-based encryption method for resisting keyword guessing attack |
CN111416710A (en) * | 2020-03-24 | 2020-07-14 | 国网山东省电力公司 | Certificateless searchable encryption method and system applied to multiple receiving ends |
CN111464292A (en) * | 2020-03-24 | 2020-07-28 | 国网山东省电力公司 | Method and system for searchable encryption of certificateless public key |
CN112861153A (en) * | 2021-02-10 | 2021-05-28 | 华中科技大学 | Keyword searchable delay encryption method and system |
Non-Patent Citations (3)
Title |
---|
"Lightweight Searchable Public-Key Encryption for Cloud-Assisted Wireless Sensor Networks";Peng Xu等;《 IEEE Transactions on Industrial Informatics 》;20211118;全文 * |
"Multi-User Dynamic Searchable Symmetric Encryption with Corrupted Participants";Javad Gharehchamani等;《 IEEE Transactions on Dependable and Secure Computing 》;20211212;全文 * |
"多用户环境下无证书认证可搜索加密方案";张玉磊等;《电子信息学报》;20200310;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN114884700A (en) | 2022-08-09 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Wang et al. | Secure ranked keyword search over encrypted cloud data | |
Chen et al. | A robust mutual authentication protocol for wireless sensor networks | |
US5666415A (en) | Method and apparatus for cryptographic authentication | |
Xie et al. | Cloud-based RFID authentication | |
Wen et al. | Secure data deduplication with reliable key management for dynamic updates in CPSS | |
JPH07212356A (en) | Certifying method and system of communication partner | |
Wang et al. | Secure channel free id-based searchable encryption for peer-to-peer group | |
KR20210139344A (en) | Methods and devices for performing data-driven activities | |
CN111177769A (en) | Private data protection list query method and related list query system | |
CN111416710A (en) | Certificateless searchable encryption method and system applied to multiple receiving ends | |
Li et al. | Key-aggregate searchable encryption under multi-owner setting for group data sharing in the cloud | |
CN106603539B (en) | Anti-desynchronization lightweight RFID bidirectional authentication method based on time factor | |
CN116318663A (en) | Multi-strategy safe ciphertext data sharing method based on privacy protection | |
CN114884700B (en) | Searchable public key encryption batch processing method and system for resisting key guessing attack | |
Farash | Cryptanalysis and improvement of ‘an improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks’ | |
Ye et al. | A verifiable dynamic multi-user searchable encryption scheme without trusted third parties | |
Cao et al. | Fuzzy Identity‐Based Ring Signature from Lattices | |
CN114928440A (en) | SM 9-based authentication searchable encryption method and system | |
Zhou et al. | Chaotic map‐based time‐aware multi‐keyword search scheme with designated server | |
Hu et al. | Public-key encryption with keyword search via obfuscation | |
Huang et al. | Password authenticated keyword search | |
KR102304831B1 (en) | Encryption systems and method using permutaion group based cryptographic techniques | |
CN111431839B (en) | Processing method and device for hiding user identification | |
Gasti et al. | Privacy-preserving user matching | |
CN116782210B (en) | Dynamic encryption key generation method of high-speed encryption algorithm |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |