CN114884700B - Searchable public key encryption batch processing method and system for resisting key guessing attack - Google Patents

Searchable public key encryption batch processing method and system for resisting key guessing attack Download PDF

Info

Publication number
CN114884700B
CN114884700B CN202210402936.1A CN202210402936A CN114884700B CN 114884700 B CN114884700 B CN 114884700B CN 202210402936 A CN202210402936 A CN 202210402936A CN 114884700 B CN114884700 B CN 114884700B
Authority
CN
China
Prior art keywords
searchable
key
ciphertext
keyword
group
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210402936.1A
Other languages
Chinese (zh)
Other versions
CN114884700A (en
Inventor
王蔚
郑子临
徐鹏
杨天若
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN202210402936.1A priority Critical patent/CN114884700B/en
Publication of CN114884700A publication Critical patent/CN114884700A/en
Application granted granted Critical
Publication of CN114884700B publication Critical patent/CN114884700B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a searchable public key encryption batch processing method and a system for resisting key guessing attack, belonging to the field of encryption and cloud storage security, wherein the method comprises the following steps: the receiving end generates corresponding group private keys for all the sending ends respectively by utilizing the group master key according to the identity IDs of all the sending ends; the sending end generates a searchable ciphertext containing the keyword and a file ciphertext by using the corresponding group private key, the ID and the keyword contained in the file to be uploaded, and uploads the searchable ciphertext and the file ciphertext to the cloud server; the receiving end generates a search trapdoor matched with the searchable ciphertext by utilizing the group master key according to the key and uploads the search trapdoor to the cloud server; and the cloud server matches all the searchable ciphertexts according to the search trapdoor and returns the file ciphertexts corresponding to the matched searchable ciphertexts to the receiving end. And the communication cost and the calculation cost of the searchable public key encryption technology based on the trusted sending end are reduced while the key word guessing attack is resisted.

Description

Searchable public key encryption batch processing method and system for resisting key guessing attack
Technical Field
The invention belongs to the field of encryption and cloud storage security, and particularly relates to a searchable public key encryption batch processing method and system for resisting key guessing attack.
Background
With the rapid development of the internet, the data size of users is larger and larger, and the local storage space of the users is gradually unable to meet the demands of the users. Thus, more and more users choose to store their data in the cloud until needed. The cloud server may look up the data stored on the cloud by the user while correctly following the user instruction, resulting in disclosure of the privacy of the user. To ensure confidentiality and availability of cloud storage services, searchable encryption techniques are proposed. Searchable public key encryption is one of the searchable encryption techniques that is plagued by key guessing attacks due to the setting of its public key scenario. When any adversary obtains the search trapdoor sent by the receiving end, the adversary can traverse the key word space with the polynomial size, select the key words one by utilizing the public key disclosed by the receiving end to generate the corresponding key word ciphertext, and match the corresponding key word ciphertext with the captured search trapdoor, so that the corresponding plaintext key words are restored through the matching result.
In order to resist key word guessing attacks in the searchable public key encryption technology, scholars have proposed numerous solutions, and the main current schemes are mainly divided into four types: the method comprises the steps of a searchable public key encryption technology of a designated server, a searchable public key encryption technology of a plurality of servers, a searchable public key encryption technology based on fuzzy matching and a searchable public key encryption technology based on a trusted sending end. The method introduces the information of the transmitting end into the searchable public key encryption technology based on the searchable public key encryption technology of the trusted transmitting end, so that the search trapdoor generated by the receiving end can only be matched with the ciphertext generated by the specific trusted transmitting end, and therefore any adversary does not have the capability of generating the ciphertext of the effective key word.
The searchable public key encryption technology based on the trusted sender resists key guessing attack to a certain extent and does not have the defects of the other three schemes, but the method can cause new problems that the receiving end can only process data of a single sender at each time of searching, if searching data of a plurality of senders, searching trapdoors need to be independently constructed for each sender, and larger expenditure can be increased under the condition of more senders. Therefore, how to design a searchable public key encryption scheme that can resist key guessing attacks while keeping the overhead from being greatly improved is a need for a solution.
Disclosure of Invention
Aiming at the defects and improvement demands of the prior art, the invention provides a searchable public key encryption batch processing method and a searchable public key encryption batch processing system for resisting key guessing attacks, which aim to reduce the cost of a searchable public key encryption technology based on a trusted sending end from linearity to constant while resisting the key guessing attacks, and reduce the communication cost and the calculation cost.
In order to achieve the above object, according to one aspect of the present invention, there is provided a method for performing a batch processing of searchable public key encryption against a key guessing attack, for a group including a cloud server, a receiving end, and N sending ends, where N is greater than or equal to 1, the method comprising: s1, the receiving end generates corresponding group private keys for the sending ends respectively by using a group master key according to the identity ID of the sending ends; s2, the sending end generates a searchable ciphertext containing the keyword and a file ciphertext by using the corresponding group private key, the ID and the keyword contained in the file to be uploaded, and uploads the searchable ciphertext and the file ciphertext to the cloud server; s3, the receiving end generates a search trapdoor matched with the searchable ciphertext by utilizing the group master key according to the key and uploads the search trapdoor to the cloud server; and S4, the cloud server matches all the searchable ciphertexts according to the search trapdoor, and returns the file ciphertexts corresponding to the matched searchable ciphertexts to the receiving end.
Still further, the group private key generated in S1 is:
gsk i =H 1 (ID i ) gmsk
wherein ,gski For the group private key corresponding to the ith sender, ID i I=1, 2 for the identity ID of the i-th sender, i=1, 2 1 () Is a first cryptographic hash function.
Further, the searchable ciphertext generated in S2 is:
C wi =(C 1i ,C 2i )
Figure BDA0003600733890000031
C 1i =H 1 (ID i ) r
wherein ,Cwi The searchable ciphertext corresponding to the keyword w is C 1i C, as a first intermediate ciphertext corresponding to the keyword w 2i As the second intermediate ciphertext corresponding to the keyword w, gsk i The corresponding group private key of the ith transmitting end is w is the key word of the file to be uploaded, and the ID i I=1, 2 for the identity ID of the i-th sender, N, r is a random value, H 1 () For the first cryptographic hash function, H 2 () For a second cryptographic hash function, H 3 () For the third cryptographic hash function,
Figure BDA0003600733890000032
is a bilinear map.
Still further, the search trapdoor generated in S3 is:
T w =H 2 (w) gmsk
wherein ,Tw The search trapdoor corresponding to the keyword w is the keyword to be searched, H 2 () For the second cryptographic hash function, gmsk is the group master key.
Still further, the searchable ciphertext and the search trapdoor matched in S4 satisfy:
Figure BDA0003600733890000033
wherein ,C1i C, as a first intermediate ciphertext corresponding to the keyword w 2i For the second intermediate ciphertext corresponding to the keyword w, T w Search trapdoor corresponding to keyword w, i=1, 2, N, H 3 () For the third cryptographic hash function,
Figure BDA0003600733890000034
is a bilinear map.
Still further, the step S1 further includes: based on presetIs used for constructing bilinear mapping according to the security parameters of the (1)
Figure BDA0003600733890000035
Figure BDA0003600733890000036
wherein ,
Figure BDA0003600733890000037
for the first elliptic curve group, < >>
Figure BDA0003600733890000038
For the second elliptic curve group, < >>
Figure BDA0003600733890000039
The length of the order of (2) is equal to the safety parameter; and randomly selecting a generator g in the first elliptic curve group.
Still further, the step S1 further includes: selecting three cryptographic hash functions H 1 、H 2 、H 3
Figure BDA0003600733890000041
Figure BDA0003600733890000042
Figure BDA0003600733890000043
Wherein k is the security parameter.
Still further, the step S1 further includes: in the multiplication group
Figure BDA0003600733890000044
An element is randomly selected as the group master key.
According to another aspect of the invention, a searchable public key encryption batch processing system for resisting key guessing attack is provided, which comprises a cloud server, a receiving end and N sending ends, wherein N is more than or equal to 1; the receiving end is used for generating corresponding group private keys for the sending ends respectively by utilizing the group master key according to the identity ID of the sending ends; the sending end is used for generating a searchable ciphertext containing the key words and a file ciphertext by utilizing the corresponding group private key, the ID and the key words contained in the file to be uploaded and uploading the searchable ciphertext and the file ciphertext to the cloud server; the receiving end is also used for generating a search trapdoor matched with the searchable ciphertext by utilizing the group master key according to the key and uploading the search trapdoor to the cloud server; and the cloud server is used for matching all the searchable ciphertexts according to the search trapdoor and returning the file ciphertexts corresponding to the matched searchable ciphertexts to the receiving end.
In general, through the above technical solutions conceived by the present invention, the following beneficial effects can be obtained:
(1) The method comprises the steps of introducing a group into a searchable public key encryption technology based on a trusted sending end, establishing a group, adding all objects trusted by a receiving end into the group, enabling an attacker of keyword guessing attack to be unable to generate a searchable ciphertext capable of being matched with a search trapdoor of the receiving end by adopting a group signature mode, fundamentally resisting the keyword guessing attack, enabling one search trapdoor generated by the receiving end to be capable of being matched with the searchable ciphertext containing the same keyword generated by all group members at one time, reducing linear overhead problems existing in the searchable public key encryption technology based on the trusted sending end into constant-level overhead, reducing calculation overhead and communication overhead of the searchable public key encryption technology based on the trusted sending end under the condition of guaranteeing the keyword guessing attack safety, and improving the efficiency of a system;
(2) For the cloud server, specific plaintext keyword information is unknown, and because the cloud server does not have a group private key, an effective keyword ciphertext cannot be generated, so that the condition of starting keyword guessing attack cannot be met, and the cloud server can be prevented from stealing user privacy.
Drawings
FIG. 1 is a flow chart of a method for batch processing searchable public key encryption against key guessing attacks provided by an embodiment of the present invention;
fig. 2 is a schematic diagram of an application scenario of a searchable public key encryption batch processing method for resisting a key guessing attack according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a group key distribution flow in a method for performing batch processing of searchable public key encryption against key guessing attacks according to an embodiment of the present invention;
fig. 4 is an operation schematic diagram of uploading ciphertext and keyword ciphertext by a trusted transmitting end in a searchable public key encryption batch processing method for resisting a keyword guessing attack according to an embodiment of the present invention;
fig. 5 is a schematic diagram of operations of receiving end retrieval in a searchable public key encryption batch processing method for resisting a key guessing attack according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention. In addition, the technical features of the embodiments of the present invention described below may be combined with each other as long as they do not collide with each other.
In the present invention, the terms "first," "second," and the like in the description and in the drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order.
Fig. 1 is a flowchart of a searchable public key encryption batch processing method for resisting a key guessing attack according to an embodiment of the present invention. Referring to fig. 1, in conjunction with fig. 2-5, a method for processing a searchable public key encryption batch processing against a key guessing attack in this embodiment is described in detail, and the method includes operations S1-S4.
The searchable public key encryption batch processing method for resisting the key guessing attack is used for a group comprising a cloud server, a receiving end and N sending ends, wherein the sending ends in the group are called trusted sending ends, the sending ends outside the group are called untrusted sending ends, the receiving end is used as a group owner, and the trusted sending ends are used as group members.
Taking a cloud server, a receiving end and two sending ends (a trusted sending end A and a trusted sending end B) as an example, an application scene formed by the cloud server is shown in fig. 2, wherein the receiving end, the trusted sending end A and the trusted sending end B are respectively in communication connection with the cloud server in a wired or wireless mode. The receiving end and each transmitting end may be, for example, a computer, a server, a mobile computer, a smart phone, a tablet computer, a wearable device, or other devices having a communication function and transmitting information.
Before operation S1 is performed, parameter initialization setting is required. According to an embodiment of the invention, the parameter initialization settings include group master key settings. Specifically, in the multiplication group
Figure BDA0003600733890000061
An element s is randomly selected as the group master key gmsk, gmsk≡s, +.>
Figure BDA0003600733890000062
According to an embodiment of the invention, parameter initialization setup includes building a bilinear map
Figure BDA0003600733890000063
And initializing parameters. Specifically, a bilinear map is constructed based on preset security parameters +.>
Figure BDA0003600733890000064
And in the first elliptic curve group +.>
Figure BDA0003600733890000065
Is constructed by randomly selecting generator g>
Figure BDA0003600733890000066
The method comprises the following steps:
Figure BDA0003600733890000067
wherein ,
Figure BDA0003600733890000068
for the first elliptic curve group, < >>
Figure BDA0003600733890000069
For the second elliptic curve group, < >>
Figure BDA00036007338900000610
The length of the order of (c) is equal to the safety parameter.
According to an embodiment of the present invention, the parameter initialization setting includes selecting three cryptographic hash functions H 1 、H 2 、H 3
Figure BDA00036007338900000611
Figure BDA00036007338900000612
Figure BDA00036007338900000613
Where k is a security parameter. Further, based on the initialized bilinear map
Figure BDA00036007338900000614
First elliptic curve group->
Figure BDA00036007338900000615
Is a generator g of (1), three cryptographic hash functions H 1 、H 2 、H 3 Generating public parameter->
Figure BDA00036007338900000616
After the receiving end completes the initialization setting of the parameters, the public parameters are released to the cloud server, and the trusted sending end and the untrusted sending end can acquire the public parameters from the cloud server and complete the respective setting. Only the trusted sender can generate a valid key ciphertext, which requires the trusted sender to have additional information, which is also key to resist key guessing attacks.
In operation S1, the receiving end generates corresponding group private keys for each sending end respectively by using the group master key according to the identity IDs of the sending ends.
Before or during operation, the sending end can apply to join in the group of the receiving end. The receiving end (namely, the group owner) generates a corresponding group private key for each sending end by using the group master key according to the identity ID of each sending end so as to add the group private key into the group. The receiving end obtains the ID of each trusted sending end, and derives different group private keys for different members based on the ID of each member one by utilizing the own group master key, thereby achieving the purpose of group member authorization.
Taking fig. 3 as an example, the trusted sending end a, the trusted sending end B and the untrusted sending end C respectively send their identities to the receiving end, and the receiving end respectively sends corresponding group private keys for the trusted sending end a and the sending end B, and does not send the group private keys to the untrusted sending end C so as to reject the untrusted sending end C from being added into the group.
According to an embodiment of the present invention, the group private key generated in operation S1 is:
gsk i =H 1 (ID i ) gmsk
wherein ,gski For the group private key corresponding to the ith sender, ID i I=1, 2 for the identity ID of the i-th sender, i=1, 2 1 () Is a first cryptographic hash function.
And S2, the sending end generates a searchable ciphertext containing the keyword and a file ciphertext by using the corresponding group private key, the ID and the keyword contained in the file to be uploaded and uploads the searchable ciphertext and the file ciphertext to the cloud server.
According to an embodiment of the present invention, the searchable ciphertext generated in operation S2 is:
C wi =(C 1i ,C 2i )
Figure BDA0003600733890000071
C 1i =H 1 (ID i ) r
wherein ,Cwi The searchable ciphertext corresponding to the keyword w is C 1i C, as a first intermediate ciphertext corresponding to the keyword w 2i As the second intermediate ciphertext corresponding to the keyword w, gsk i The corresponding group private key of the ith transmitting end is w is the key word of the file to be uploaded, and the ID i I=1, 2 for the identity ID of the i-th sender, N, r is a random value, H 1 () For the first cryptographic hash function, H 2 () For a second cryptographic hash function, H 3 () For the third cryptographic hash function,
Figure BDA0003600733890000081
is a bilinear map.
Before uploading the file to the cloud server, the trusted sending end needs to complete confidentiality protection of the data, as shown in fig. 4. The trusted sending end firstly encrypts the plaintext into a file ciphertext, then extracts keyword information from the plaintext, and executes operation S2 to encrypt the file ciphertext into a keyword ciphertext (namely a searchable ciphertext containing keywords), and finally, the file ciphertext and the keyword ciphertext are associated together and uploaded to the cloud server.
Each authorized group member has additional but different information (group private key gsk compared to other group outside adversaries i ) The use of this additional information, and its identity ID, in the generation of the key ciphertext enables the generation of authorized searchable ciphers, which is also not possessed by unauthorized adversaries.
And S3, the receiving end generates a search trapdoor matched with the searchable ciphertext by using the group master key according to the key and uploads the search trapdoor to the cloud server.
Referring to fig. 5, the receiving end may generate a search trapdoor to obtain all file ciphertexts that are sent to the receiving end and contain the key to be searched. In this embodiment, the group mode is used to enable the search trapdoor of the receiving end to match the searchable ciphertext of all the trusted sending ends, but not the searchable ciphertext generated by the untrusted sending end, which requires the search trapdoor T generated by the receiving end w Can be combined with keyword ciphertext C wi Medium identity information part C 1i Combining and group private key encryption part C 2i Matching.
According to an embodiment of the present invention, the search trapdoor generated in operation S3 is:
T w =H 2 (w) gmsk
wherein ,Tw The search trapdoor corresponding to the keyword w is the keyword to be searched, H 2 () For the second cryptographic hash function, gmsk is the group master key.
In the present embodiment, the trapdoor T is retrieved w Requiring the receiving end to encrypt using the group master key gmsk without any group private key gsk derived from the group master key gmsk i Is unable to generate a search trapdoor T that can be matched with the adversary w Is a valid key ciphertext. Trusted sender i uses group private key gsk i Encryption key w, receiving end uses group master key gmsk to encrypt key to be searched to generate search trapdoor T w So that the trapdoor T is retrieved w Will not be covered by the group private key gsk i Invalid searchable public key ciphertext C generated by an outside group adversary or an adversary using a group private key of other groups wi Matched so as to have a group private key gsk i Searchable ciphertext C generated by a group member of (a) wi With the feature of being automatically authorized.
And S4, the cloud server matches all the searchable ciphertexts according to the search trapdoor, and returns the file ciphertexts corresponding to the matched searchable ciphertexts to the receiving end.
In the embodiment of the invention, the cloud server not only needs to have verification keywordsThe information matching function needs to be provided with a group membership verification function, so that the cloud server needs to search trapdoors T according to the search trapdoors w And searchable ciphertext C wi And judging whether the key information and the group identity information pass the verification at the same time.
According to an embodiment of the present invention, the matching of all searchable ciphers by the cloud server according to the search trapdoor in operation S4 includes: the cloud server retrieves all the searchable ciphertext stored by the cloud server according to the retrieval trapdoor; when the searched ciphertext contains the keyword corresponding to the search trapdoor and the generator of the searched ciphertext is the sender in the group, namely, when the following conditions are satisfied
Figure BDA0003600733890000091
The searchable ciphertext retrieved at this time is the searchable ciphertext that matches the retrieval trapdoor.
Cloud server based on retrieval trapdoor T w For all searchable ciphertexts C wi Matching is carried out, and corresponding file ciphertext is returned to the receiving end. In the embodiment of the invention, the cloud server can verify and find out all and search trapdoors T through a matching algorithm w The matched file ciphertext, but the information of the specific plaintext key w is not known to the cloud server, since the cloud server does not have the group private key gsk i Therefore, the effective keyword ciphertext C cannot be generated wi Therefore, the condition for launching the keyword guess attack cannot be satisfied.
In addition, although the group private key gsk of each group member i The searchable ciphertext generated by these different group private keys may all be matched by the search trapdoor generated by the group master key. This is because the group private key is generated from the group member's identity ID and the group master key gmsk, while the group private key gsk i And group member identity ID are further used to encrypt the key w to generate key ciphertext C wi Then the search trapdoor T generated using the group master key gmsk will be used w And each keyword ciphertext C wi The combination of the parts encrypted by the group membership ID, the combined result can be used for verifying whether the combined result is combined with the group membership IDEach keyword ciphertext C wi Middle quilt group private key gsk i The encrypted portions match. Therefore, the receiving end only uses one search trapdoor T w Can match the key ciphertext C generated by all the members in the group wi Therefore, communication overhead and calculation overhead of the searchable public key encryption technology based on the trusted sender in the multi-sender scene are greatly reduced. An efficient searchable public key encryption system that is resistant to key guessing attacks without the need for additional introduction of a third party and without the need for a designated server is achieved.
The embodiment of the invention also provides a searchable public key encryption batch processing system for resisting the key guessing attack, which comprises a cloud server, a receiving end and N sending ends, wherein N is more than or equal to 1.
The receiving end executes operation S1, configured to generate, according to the ID of each sending end, a corresponding group private key for each sending end by using the group master key.
The sending end executes operation S2, which is used for generating a searchable ciphertext containing the keyword and a file ciphertext by using the corresponding group private key, the identity ID and the keyword contained in the file to be uploaded, and uploading the searchable ciphertext and the file ciphertext to the cloud server.
The receiving end also executes operation S3, which is used for generating a search trapdoor matched with the searchable ciphertext by using the group master key according to the keyword, and uploading the search trapdoor to the cloud server.
And the cloud server executes an operation S4 for matching all the searchable ciphertexts according to the search trapdoor and returning the file ciphertexts corresponding to the matched searchable ciphertexts to the receiving end.
The searchable public key encryption batching system that is resistant to key guessing attacks is used to perform the searchable public key encryption batching method that is resistant to key guessing attacks in the embodiments shown in fig. 1-5 described above. For details not yet in this embodiment, please refer to the above-mentioned method for performing batch processing of searchable public key encryption against key guessing attacks in the embodiments shown in fig. 1-5, which is not described herein.
It will be readily appreciated by those skilled in the art that the foregoing description is merely a preferred embodiment of the invention and is not intended to limit the invention, but any modifications, equivalents, improvements or alternatives falling within the spirit and principles of the invention are intended to be included within the scope of the invention.

Claims (8)

1. A searchable public key encryption batch processing method for resisting key guessing attack is used for a group comprising a cloud server, a receiving end and N sending ends, wherein N is more than or equal to 1, and is characterized in that the method comprises the following steps:
s1, the receiving end generates corresponding group private keys for the sending ends respectively by using a group master key according to the identity ID of the sending ends;
s2, the sending end generates a searchable ciphertext containing the keyword and a file ciphertext by using the corresponding group private key, the ID and the keyword contained in the file to be uploaded, and uploads the searchable ciphertext and the file ciphertext to the cloud server;
s3, the receiving end generates a search trapdoor matched with the searchable ciphertext by utilizing the group master key according to the key and uploads the search trapdoor to the cloud server;
s4, the cloud server matches all the searchable ciphertexts according to the search trapdoor, and returns the file ciphertexts corresponding to the matched searchable ciphertexts to the receiving end;
the searchable ciphertext generated in S2 is:
C wi =(C 1i ,C 2i )
Figure FDA0004124912330000011
C 1i =H 1 (ID i ) r
wherein ,Cwi The searchable ciphertext corresponding to the keyword w is C 1i C, as a first intermediate ciphertext corresponding to the keyword w 2i As the second intermediate ciphertext corresponding to the keyword w, gsk i The corresponding group private key of the ith transmitting end is w is the key word of the file to be uploaded, and the ID i I=1, 2 for the identity ID of the i-th sender, N, r is a random value, H 1 () For the first cryptographic hash function, H 2 () For a second cryptographic hash function, H 3 () For the third cryptographic hash function,
Figure FDA0004124912330000012
is a bilinear map;
in the step S3, the sending end encrypts the keyword by using the group private key, and the receiving end encrypts the keyword to be searched by using the group master key to generate the search trapdoor.
2. The method for batch processing searchable public key encryption resistant to key guessing attacks according to claim 1, wherein the group private key generated in S1 is:
gsk i =H 1 (ID i ) gmsk
wherein ,gski For the group private key corresponding to the ith sender, ID i I=1, 2 for the identity ID of the i-th sender, i=1, 2 1 () Is a first cryptographic hash function.
3. The method for batch processing searchable public key encryption resistant to guessing attacks of keywords according to claim 1, wherein the search trapdoor generated in S3 is:
T w =H 2 (w) gmsk
wherein ,Tw The search trapdoor corresponding to the keyword w is the keyword to be searched, H 2 () For the second cryptographic hash function, gmsk is the group master key.
4. The method for batch processing searchable public key encryption resistant to key guessing attacks according to claim 1, wherein the matching searchable ciphertext and search trapdoor in S4 satisfies:
Figure FDA0004124912330000021
wherein ,C1i For the first medium corresponding to the keyword wCiphertext C 2i For the second intermediate ciphertext corresponding to the keyword w, T w Search trapdoor corresponding to keyword w, i=1, 2, N, H 3 () For the third cryptographic hash function,
Figure FDA0004124912330000022
is a bilinear map.
5. A searchable public key encryption batching method resistant to key guessing attacks as in any of claims 1-4, wherein S1 is preceded by: constructing bilinear map based on preset security parameters
Figure FDA0004124912330000031
/>
Figure FDA0004124912330000032
wherein ,
Figure FDA0004124912330000033
for the first elliptic curve group, < >>
Figure FDA0004124912330000034
For the second elliptic curve group, < >>
Figure FDA0004124912330000035
The length of the order of (2) is equal to the safety parameter;
and randomly selecting a generator g in the first elliptic curve group.
6. The method for searchable public key encryption batch processing that resists key guessing attacks according to claim 5, wherein S1 further comprises, before: selecting three cryptographic hash functions H 1 、H 2 、H 3
H 1
Figure FDA0004124912330000036
H 2
Figure FDA0004124912330000037
H 3
Figure FDA0004124912330000038
Wherein k is the security parameter.
7. A searchable public key encryption batching method resistant to key guessing attacks as in any of claims 1-4, wherein S1 is preceded by: in the multiplication group
Figure FDA0004124912330000039
An element is randomly selected as the group master key.
8. A searchable public key encryption batch processing system for resisting key guessing attack is characterized by comprising a cloud server, a receiving end and N sending ends, wherein N is more than or equal to 1;
the receiving end is used for generating corresponding group private keys for the sending ends respectively by utilizing the group master key according to the identity ID of the sending ends;
the sending end is used for generating a searchable ciphertext containing the key words and a file ciphertext by utilizing the corresponding group private key, the ID and the key words contained in the file to be uploaded and uploading the searchable ciphertext and the file ciphertext to the cloud server;
the receiving end is further used for generating a search trapdoor matched with the searchable ciphertext by utilizing the group master key according to the keyword, and uploading the search trapdoor to the cloud server, wherein the sending end encrypts the keyword w by using the group private key, and the receiving end encrypts the keyword to be searched by using the group master key to generate the search trapdoor;
the cloud server is used for matching all the searchable ciphertexts according to the search trapdoor and returning the file ciphertexts corresponding to the matched searchable ciphertexts to the receiving end;
the searchable ciphertext is:
C wi =(C 1i ,C 2i )
Figure FDA0004124912330000041
C 1i =H 1 (ID i ) r
wherein ,Cwi The searchable ciphertext corresponding to the keyword w is C 1i C, as a first intermediate ciphertext corresponding to the keyword w 2i As the second intermediate ciphertext corresponding to the keyword w, gsk i The corresponding group private key of the ith transmitting end is w is the key word of the file to be uploaded, and the ID i I=1, 2 for the identity ID of the i-th sender, N, r is a random value, H 1 () For the first cryptographic hash function, H 2 () For a second cryptographic hash function, H 3 () For the third cryptographic hash function,
Figure FDA0004124912330000042
is a bilinear map. />
CN202210402936.1A 2022-04-18 2022-04-18 Searchable public key encryption batch processing method and system for resisting key guessing attack Active CN114884700B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210402936.1A CN114884700B (en) 2022-04-18 2022-04-18 Searchable public key encryption batch processing method and system for resisting key guessing attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210402936.1A CN114884700B (en) 2022-04-18 2022-04-18 Searchable public key encryption batch processing method and system for resisting key guessing attack

Publications (2)

Publication Number Publication Date
CN114884700A CN114884700A (en) 2022-08-09
CN114884700B true CN114884700B (en) 2023-04-28

Family

ID=82668917

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210402936.1A Active CN114884700B (en) 2022-04-18 2022-04-18 Searchable public key encryption batch processing method and system for resisting key guessing attack

Country Status (1)

Country Link
CN (1) CN114884700B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116074013B (en) * 2022-11-18 2024-07-09 电子科技大学 Public key searchable encryption method for resisting back door attack

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103873236A (en) * 2012-12-12 2014-06-18 华为技术有限公司 Searchable encryption method and equipment thereof
CN105024802A (en) * 2015-07-13 2015-11-04 西安理工大学 Bilinear pairing-based multi-user multi-keyword searchable encryption method in cloud storage
CN105553660A (en) * 2016-01-25 2016-05-04 华中科技大学 Dynamic searchable public key encryption method
CN106534092A (en) * 2016-11-02 2017-03-22 西安电子科技大学 Message-based and key-dependent privacy data encryption method
WO2017166054A1 (en) * 2016-03-29 2017-10-05 深圳大学 Quantum homomorphism symmetry searchable encryption method and system
CN107395568A (en) * 2017-06-21 2017-11-24 西安电子科技大学 A kind of cipher text retrieval method of more data owner's certifications
CN108449309A (en) * 2018-01-19 2018-08-24 华中科技大学 A kind of mixed type can search for encryption method and system
CN111147508A (en) * 2019-12-30 2020-05-12 福建师范大学 Searchable attribute-based encryption method for resisting keyword guessing attack
CN111416710A (en) * 2020-03-24 2020-07-14 国网山东省电力公司 Certificateless searchable encryption method and system applied to multiple receiving ends
CN111464292A (en) * 2020-03-24 2020-07-28 国网山东省电力公司 Method and system for searchable encryption of certificateless public key
CN112861153A (en) * 2021-02-10 2021-05-28 华中科技大学 Keyword searchable delay encryption method and system

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR20130085491A (en) * 2011-12-09 2013-07-30 한국전자통신연구원 Multi-user searchable encryption system with index validation and tracing and method thereof

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103873236A (en) * 2012-12-12 2014-06-18 华为技术有限公司 Searchable encryption method and equipment thereof
CN105024802A (en) * 2015-07-13 2015-11-04 西安理工大学 Bilinear pairing-based multi-user multi-keyword searchable encryption method in cloud storage
CN105553660A (en) * 2016-01-25 2016-05-04 华中科技大学 Dynamic searchable public key encryption method
WO2017166054A1 (en) * 2016-03-29 2017-10-05 深圳大学 Quantum homomorphism symmetry searchable encryption method and system
CN106534092A (en) * 2016-11-02 2017-03-22 西安电子科技大学 Message-based and key-dependent privacy data encryption method
CN107395568A (en) * 2017-06-21 2017-11-24 西安电子科技大学 A kind of cipher text retrieval method of more data owner's certifications
CN108449309A (en) * 2018-01-19 2018-08-24 华中科技大学 A kind of mixed type can search for encryption method and system
CN111147508A (en) * 2019-12-30 2020-05-12 福建师范大学 Searchable attribute-based encryption method for resisting keyword guessing attack
CN111416710A (en) * 2020-03-24 2020-07-14 国网山东省电力公司 Certificateless searchable encryption method and system applied to multiple receiving ends
CN111464292A (en) * 2020-03-24 2020-07-28 国网山东省电力公司 Method and system for searchable encryption of certificateless public key
CN112861153A (en) * 2021-02-10 2021-05-28 华中科技大学 Keyword searchable delay encryption method and system

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
"Lightweight Searchable Public-Key Encryption for Cloud-Assisted Wireless Sensor Networks";Peng Xu等;《 IEEE Transactions on Industrial Informatics 》;20211118;全文 *
"Multi-User Dynamic Searchable Symmetric Encryption with Corrupted Participants";Javad Gharehchamani等;《 IEEE Transactions on Dependable and Secure Computing 》;20211212;全文 *
"多用户环境下无证书认证可搜索加密方案";张玉磊等;《电子信息学报》;20200310;全文 *

Also Published As

Publication number Publication date
CN114884700A (en) 2022-08-09

Similar Documents

Publication Publication Date Title
Wang et al. Secure ranked keyword search over encrypted cloud data
Chen et al. A robust mutual authentication protocol for wireless sensor networks
US5666415A (en) Method and apparatus for cryptographic authentication
Xie et al. Cloud-based RFID authentication
Wen et al. Secure data deduplication with reliable key management for dynamic updates in CPSS
JPH07212356A (en) Certifying method and system of communication partner
Wang et al. Secure channel free id-based searchable encryption for peer-to-peer group
KR20210139344A (en) Methods and devices for performing data-driven activities
CN111177769A (en) Private data protection list query method and related list query system
CN111416710A (en) Certificateless searchable encryption method and system applied to multiple receiving ends
Li et al. Key-aggregate searchable encryption under multi-owner setting for group data sharing in the cloud
CN106603539B (en) Anti-desynchronization lightweight RFID bidirectional authentication method based on time factor
CN116318663A (en) Multi-strategy safe ciphertext data sharing method based on privacy protection
CN114884700B (en) Searchable public key encryption batch processing method and system for resisting key guessing attack
Farash Cryptanalysis and improvement of ‘an improved authentication with key agreement scheme on elliptic curve cryptosystem for global mobility networks’
Ye et al. A verifiable dynamic multi-user searchable encryption scheme without trusted third parties
Cao et al. Fuzzy Identity‐Based Ring Signature from Lattices
CN114928440A (en) SM 9-based authentication searchable encryption method and system
Zhou et al. Chaotic map‐based time‐aware multi‐keyword search scheme with designated server
Hu et al. Public-key encryption with keyword search via obfuscation
Huang et al. Password authenticated keyword search
KR102304831B1 (en) Encryption systems and method using permutaion group based cryptographic techniques
CN111431839B (en) Processing method and device for hiding user identification
Gasti et al. Privacy-preserving user matching
CN116782210B (en) Dynamic encryption key generation method of high-speed encryption algorithm

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant