CN115002754A - Lightweight data sharing method based on vehicle social network - Google Patents
Lightweight data sharing method based on vehicle social network Download PDFInfo
- Publication number
- CN115002754A CN115002754A CN202210174205.6A CN202210174205A CN115002754A CN 115002754 A CN115002754 A CN 115002754A CN 202210174205 A CN202210174205 A CN 202210174205A CN 115002754 A CN115002754 A CN 115002754A
- Authority
- CN
- China
- Prior art keywords
- data
- user
- ciphertext
- algorithm
- sharing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
- H04W4/44—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a lightweight data sharing method based on a vehicle social network, which is characterized by comprising the following steps: the method comprises the steps of system initialization, key generation, data encryption, user trapdoor generation, data matching, re-encryption key generation, re-encryption ciphertext generation, user decryption and the like, wherein if a user does not want to decrypt, the cloud server generates a re-encryption ciphertext for the next data user, and the next user decrypts the re-encryption ciphertext. And so on until the sharing path has the data users willing to decrypt. Compared with the prior art, the method has the advantages that the calculation efficiency is realized in data matching and data sharing, particularly the calculation cost of a user side is reduced, the privacy of search keywords of a data owner and the privacy of shared data are protected, multiple data owners and multiple data users are supported, and the method is particularly suitable for vehicle social networks.
Description
Technical Field
The invention relates to the technical field of data encryption, in particular to a lightweight data sharing method based on a vehicle social network.
Background
Vehicle Social Networks (VSNs), including social networks and vehicular networks (VANETS), provide data sharing between vehicles and vehicle or roadside units (RSUs) to reduce traffic congestion, travel time, and even provide comprehensive social services. With the development of Wireless Sensor Networks (WSNs) and cloud computing, more and more vsn data can be conveniently collected from heterogeneous mobile devices, such as on-board units (OBUs), passengers, and drivers. These data from heterogeneous sources (e.g., smart mobile data owners, RSUs) are aggregated and sent into a trusted vehicle cloud for remote storage and access. However, the outsourced data typically contains some sensitive information (e.g., the user's identity, traffic information, and vehicle information). Therefore, data privacy is critical in the VSN.
To protect data privacy, the data owner needs to encrypt the data using their public key before outsourcing. However, public key encryption techniques complicate data utilization of the vsn, especially data sharing and data retrieval. As a promising primitive, proxy re-encryption (PRE) allows a trusted vehicle cloud (i.e., a trusted agent) to convert ciphertext encrypted in the public of the data owner into ciphertext that the data user can decrypt without learning the plaintext. However, before the VSN scenario shares data, the data owner may not know who will be interested in her/his data. Therefore, an efficient mechanism is needed for the data owner to solve the data retrieval problem in the PRE. Due to the requirements of users on data acquisition and accuracy of mass data, efficient retrieval becomes a key problem of the VSN. Under the condition that the cloud cannot obtain corresponding ciphertext plaintext, public key encryption is carried out through keyword search (PEKS), and ciphertext retrieval on the cloud server can be achieved through trapdoor information generated by a user. Nevertheless, the cloud server in the PEKS can only search for ciphertext encrypted using the same public key. PKES is not suitable for VSN scenarios. In order to realize ciphertext matching of multiple users, Yang ET al propose PKE-ET construction, and a cloud server can test whether ciphertexts encrypted by the same and different public keys come from the same plaintext under the condition of not learning plaintext information.
In summary, the matching of data in the prior art basically adopts a time-consuming bilinear pairing operation to match the data, which undoubtedly reduces the computational efficiency of the system and is not suitable for the vehicle social network.
Disclosure of Invention
The invention aims to design a lightweight data sharing method based on a vehicle social network aiming at the defects of the prior art, which adopts a data sharing method with ciphertext search, fuses PRE in PKE-ET construction, matches a plurality of proper data users for a data owner by using PKE-ET, shares encrypted data to corresponding users according to the sequence of priority, realizes the search and sharing of the data while ensuring the confidentiality of the data, effectively solves the problem of limited computing capability of mobile equipment in the vehicle social network, not only ensures the data privacy, interest privacy and inquiry privacy of the data owner, but also resists the unauthorized access of a semi-credible cloud server to the data, uses an equality test based on public key encryption to realize the ciphertext matching between the data owner and the users, and uses a multi-hop agent to re-encrypt and share the encrypted data of the users, the method is particularly suitable for the social network environment of the vehicle, can realize fine-grained access control and data privacy protection, and has the advantages of simplicity, convenience, practicability, quickness, high calculation efficiency and small storage space.
The purpose of the invention is realized by the following steps: a lightweight data sharing method based on a vehicle social network is characterized in that the method matches a plurality of proper data users for data owners by using PKE-ET, and then shares encrypted data to corresponding users according to the priority sequence, and specifically comprises the following steps:
system initialization
The Trusted Authority (TA) selects a set of parameters at will under the bilinear library, and in two multiplication loop groups G 1 And G t Then randomly selecting a generator, then selecting system security parameters, generating a strong non-forgeable signature algorithm, defining 8 hash functions, and executing Setup (1) λ ) The → par algorithm generates the public parameter pp for the system.
(II) Key Generation
Trusted Authority (TA) executes KeyGen (pp, i/j) → (pk) i ,sk i )/(pk j ,sk j ) The algorithm selects a random number and generates a pair of public/private keys for the users (data owner and data consumer).
(III) data encryption
The data owner encrypts the shared data and the keywords to generate a data ciphertext, the data user encrypts the keywords of the interest data to generate the interest ciphertext, and the data ciphertext comprises: and sharing the data and the data ciphertext of the keyword.
(IV) trapdoor generation
The users (data owners and data users) use their private keys andthe cipher text generated by the algorithm is used as input and executedAnd (4) generating a trapdoor of the keyword by the algorithm, and uploading the trapdoor and the ciphertext to the cloud server.
(V) data matching
When the cloud server finds a message/interest pair, execution The algorithm checks whether the key word cryptographs uploaded by the data owner and the data user are matched,and the public key and the reputation value sigma of the successfully matched data user i And returning to the data owner.
(VI) multiple encryption Key Generation
Data owner based on user reputation value sigma i Establishing a data sharing pathThen executeAlgorithm for data sharing path Pa i Generates a re-encryption key and distributes the re-encryption key to the cloud server.
(VII) multiple encryption ciphertext Generation
Receive proxy re-encryption key, share path Pa i And after sharing the ciphertext of the data, the cloud server executesAlgorithm, data sharing path Pa i Sequentially generates re-encrypted ciphertexts.
(eight) user decryption
User execution with own private keyAfter the re-encrypted ciphertext is decrypted by the algorithm to obtain the data shared by the data owner, the data owner with high credit can have the decryption priority, and if the data owner with high credit cannot complete decryption, the cloud server automatically entrusts the data owner with high credit to the next data user with high credit.
The algorithm used in the present invention is illustrated as follows:
the Setup (1) λ ) The → par algorithm is executed by a Trusted Authority (TA) and generates the system public parameter pp on the security parameter λ.
The KeyGen (pp, i/j) → (pk) i ,sk i )/(pk j ,sk j ) Algorithm generation of public key pk i And the private key sk i KeyGen is trustedAuthority (TA) executes, entering system public parameters pp and data owner user identity information (i denotes data owner identity, j denotes data user identity), data owner public/private key pair (pk) i 、sk i ) Or public/private key pair (pk) of data consumer j ,sk j ) As an output.
The above-mentionedThe algorithm is implemented by the user (data owner and data consumer) and generates a ciphertext belonging to the data ownerInputting system public parameter pp, public key pk of data owner i Key word ω k i And a message m. Similarly, the ciphertext of the data user isWhere j represents the identity of the data user.
The above-mentionedAlgorithm for generating trapdoors for user iAs output, the public parameter par, the private key sk of the data owner i And ciphertextAs an input. Similarly, the trapdoor of the data user is
The describedThe algorithm is executed in the cloud server, and the output value is 0 or 1. The input of the algorithm is a public parameter par and a cipher textAnd corresponding trapdoorsAnd interest ciphertextAnd corresponding trapdoorsWherein the content of the first and second substances,is the ciphertext of the user of the data,is a trapdoor created by the data consumer.
The above-mentionedThe algorithm outputs one re-encryption key, And sends them in a secure manner to the corresponding cloud server. RKGen is performed by user i, the input comprising an autonomous path Pa i Private key sk of data owner i And a common parameter pp of the system.
The above-mentionedFor the re-encryption algorithm, ReEnc is executed by the cloud server and outputs the re-encrypted ciphertextCommon parameter pp and designated sharing path Pa of system i Re-encryption key from data consumer j to j +1And ciphertextAs an input to the process, the process may,the secret cipher text is added from the data owner i to the data user j.
The above-mentionedFor decryption algorithm, Dec is executed by user j, and inputs system public parameter par and cipher textAnd private key sk of user j j And then outputs the message m or the error message symbol ″. After decryption is successful, data consumer D j The shared information of the data owner is obtained. If the user does not want to decrypt, the cloud server generates a re-encrypted ciphertext for the next data user, and the re-encrypted ciphertext is decrypted by the next user. And so on until the sharing path Pa i Until the data user wishes to decrypt the data.
Compared with the prior art, the method has the advantages of ensuring the confidentiality of data, realizing data search and sharing, effectively solving the problem of limited computing capacity of mobile equipment in a vehicle social network, ensuring the data privacy, interest privacy and query privacy of a data owner, resisting unauthorized access of a semi-trusted cloud server to the data, realizing ciphertext matching between the data owner and a user by using an equality test based on public key encryption, re-encrypting to share the encrypted data of the user by using a multi-hop proxy, being particularly suitable for the vehicle social network environment, realizing fine-grained access control and data privacy protection, along with simplicity, convenience, practicability, rapidness, high computing efficiency and small storage space.
Drawings
FIG. 1 is a system diagram of the present invention;
FIG. 2 is a flow chart of the present invention.
Detailed Description
Firstly, the mathematical theory applied by the invention is explained as follows:
1. bilinear mapping
Let G be a multiplication cyclic group of order prime p, mapping e G- → G T Is a linear mapping if the mapping satisfies the following three conditions:
1) bilinear, with v ∈ G, a, b ∈ Z for all u, v ∈ G, a, b ∈ Z p E (u ^ a, v ^ b) ═ e (u, v) ab ;
2) Non-degradability, the presence of e (g, g) ≠ 1, else e (g, g) ab ≡1;
3) Computability, there is one valid algorithm to compute e (u, v) for all u, v.
In the invention, the bilinear pair e is G multiplied by G- → G T Is a mapping satisfying bilinear, non-degeneracy and computability, and maps the operation of two elements on the multiplication cyclic group of the order prime number to the multiplication cyclic group G T One element of (1).
2. Shamir secret sharing
The basic idea of the Shamir key sharing algorithm based on the Lagrange difference and the vector method is that a distributor divides private information into n encrypted information segments through an encryption polynomial, wherein a ciphertext can be reproduced only by a certain amount of encrypted information, and any part of ciphertext cannot be acquired by any small amount of encrypted information, and the method comprises the following specific steps:
2-1: setup (λ) outputs a large random prime number q as the common parameter pp when the security parameter λ is input.
2-2: generation (pp, s) when entering the common parameter pp and a secret value s ∈ Z q Then, the following operations are performed:
2-1-1: selecting a random polynomial f (x) with the order of (t-1), f (x) a 0 +a 1 x+…+a k-1 x t-1 (modq), wherein the secret information s ═ a 0 =f(0),a 0 ,a 1 ,…,a k-1 ∈Z q 。
2-1-2: all shared data are calculated: s i =f(x i )modq,in which x i ∈Z q ,i=1,2,…,n。
2-1-3: finally, the algorithm outputs a list of n points, { (x) 1 ,y 1 ),(x 2 ,y 2 ),…,(x n ,y n ) Each s i Are assigned to the corresponding information sharers.
2-2:When the common parameter pp and any t points are input, the algorithm can reconstruct the ciphertext of f (x) and outputWhereinI in (b) is a Lagrangian interpolation coefficient, and
3. proxy re-encryption (PRE)
In the PRE, the user can authorize the semi-trusted server, and then convert the ciphertext encrypted under the user public key into a ciphertext that can be decrypted by a certain user. It is to be noted that the cloud server cannot learn the plaintext and the private key in the conversion process, and the specific algorithm is as follows:
a one-way multi-hop proxy re-encryption scheme in a conventional PKI environment comprises the following algorithms:
1) the key generation algorithm keygen (par) → (pk; sk): the input system discloses parameter par, and the algorithm outputs (pk, sk) as a public and private key pair of a user.
2) Encryption algorithm Enc (par, M, pk) → C (0) : inputting system public parameter par, plaintext M in message space, public key pk of a certain user, and outputting ciphertext C encrypted by public key pk (0) Where 0 indicates that the ciphertext C has not been re-encrypted, C (0) Also known as the original ciphertext.
3) Transformation key generation algorithm RekeyGen (par, sk) i ,pk j )→rk i→j Inputting the system public parameter par, the private key sk of the authorized user i Public key pk of authorized user j The algorithm outputs a conversion key rk i→j For one-way re-encryption from an authorized user to an authorized user.
4) Re-encryption algorithm ReEnc (par, rk) i→j ,C i(n) )→C j(n+1) : inputting system public parameter par, user pk i To user pk j Is given by the conversion key rk i→j And user pk i Ciphertext C of i(n) Where n represents ciphertext C i(n) The number of times it is re-encrypted. The algorithm outputs the user pk j Ciphertext C of j(n+1) The ciphertext C j(n+1) Has been re-encrypted n +1 times, or ≠ represents ciphertext C i(n) Is illegal.
5) Decryption algorithm Dec 2 (par,sk j ,C j(n+1) ) → M: inputting the system public parameter par, the user private key sk j And user pk j Ciphertext C of j(n+1) . The algorithm outputs a corresponding plaintext M, or ^ represents a ciphertext C j(n+1) Is illegal.
4. Ciphertext equivalence test for public key encryption (PKE-ET)
The cipher text equivalence test based on public key encryption is an encryption technology which can directly judge whether two cipher texts contain the same message or not under the condition of no decryption. In PKE-ET, the public key pk is given separately 1 And pk 2 Two ciphertexts c generated below 1 And c 2 If and only if c 1 And c 2 When the same message is encrypted, the function Test (c, td, c ', td') returns 1, which includes the following steps:
4-1: setup (λ) → pp: and initializing an algorithm, inputting a safety parameter lambda, and outputting a system parameter pp.
4-2: KeyGen (pp) → (pk, sk): a key generation algorithm, inputs the system parameter pp, and outputs a public key and a private key (pk, sk).
4-3: enc (m, pk) → c: and the encryption algorithm inputs the plaintext m to be encrypted and the public key pk and outputs the ciphertext c.
4-4: dec (c, sk) → m: and a decryption algorithm, namely inputting the ciphertext C to be decrypted to belong to the C and the private key sk and outputting a ciphertext m.
4-5: aut (sk) → td: and (4) an authorization generation algorithm, inputting a private key sk and the like, and outputting an authorization trapdoor td.
4-6:Test(c 1 ,td 1 ,c 2 ,td 2 ) → 0,1) ciphertext equivalence test algorithm, input two sets of ciphertexts and corresponding authorization (c) 1 ,td 1 ) And (c) 2 ,td 2 ) And outputting a matching result: if c is 1 And c 2 If the corresponding plaintexts are the same, outputting 1; otherwise 0 is output.
Secondly, the implementation process of the invention
Referring to fig. 1, the present invention uses two access control structures, one is an equality test for data matching of the vehicle social network, which can be decrypted only by the data user with the same key as the data owner; the other is proxy re-encryption (PRE) which is used for defining data sharing and hiding the information of the data owner. The concept of the self-organizing path is introduced, so that a trustee (data user) is assigned by the trustee (data owner), the privacy of the data owner is ensured, and the collusion between the data user and the cloud server is prevented; in addition, the trapdoor can not reveal information of a user, privacy of keywords of a data owner and the data user is guaranteed, and meanwhile, the method improves efficiency by using a mixed encryption method.
In order to understand the technical means, technical features, objectives and effects achieved by the present invention, the present invention will be further described with reference to the following embodiments.
Example 1
Referring to fig. 2, the lightweight data sharing of the vehicle social network specifically includes the following steps:
system initialization
TA selects a safety parameter lambda as the input and the output of the system common parameter pp, and the specific operation is as follows:
1-1:Setup(1 λ ) Ta two groups G with the same prime number q are selected → par 1 And G t In which P is 1 Is taken from G 1 ,P 2 Is taken from G t . Suppose 1 λ Is a system security parameter, (G, S, V) is a one-time signature algorithm with strong non-forgeability, L s = L sig (1 λ ) Is the length of the authentication key. Secondly, TA defines some hash functions H 0 :H 1 :G 1 →(0,1) 3λ , H 2 :G 1 ×G t ×(0,1) 3λ →(0,1) 4λ ,H 3 :(0,1) λ →Z q ,H 4 :(0,1) λ →Z q ,H 5 :(0,1) λ →Z q , H 6 :(0,1) λ →Z q ,H 7 :(0,1) λ →Z q ,H 8 :(0,1) 3λ →Z q . Finally, these systems disclose a parameter of pp ═ (G) 1 ,G t ,P 1 ,P 2 ,q,H 1 ,H 2 ,H 3 ,H 4 ,H 5 ,H 6 ,H 7 ,H 8 ,H 0 ) To indicate.
(II) Key Generation
The TA generates a pair of public and private keys for each user in the system using the following method:
KeyGen(pp)→(pk i ,sk i ) The algorithm takes the public parameter pp as input and then randomly selects the private key sk i =a i ∈ Z q And calculates the public keyWherein
(III) data encryption
The data owner and the data user respectively adopt the following steps to encrypt the data and the keywords and upload the ciphertext to the cloud server.
Let m be an element (0,1) λ Representing data owner U i Of shared data, ω k i ∈(0,1) λ A key representing m. Then, four random numbers (r) are selected 1 ,r 2 ,x i-1 ,x i-2 )∈Z q And generates a ciphertextThe algorithm process is as follows:
step 3: given 3 points p 1 =(H 3 (ωk i ),H 4 (ωk i )),p 2 =(H 5 (ωk i ),H 6 (ωk i )),p 3 =(H 7 (ωk i ),ID RSU ) Construct an interpolation polynomial f (x) of degree 2 and then compute two point values y i-1 =f(x i-1 ),y i-2 = f(x i-2 ) And generate the followingCiphertext intermediate value of representation:
Step 6: finally, the ciphertextAndis uploaded to a cloud server, c j (m * ) Data user D j Generated by an encryption algorithm.
(IV) trapdoor generation
The data owner and the data user respectively generate a trap door through a trap door algorithm.
The data owner encrypts data for eachCreating a trapdoor And uploaded to the cloud server. Similarly, the data consumer is dedicated to each encrypted dataCreating a trapdoorAnd uploaded to the cloud server.
(V) data matching
After receiving a matching request of a data owner and a data user, the cloud server runs a test algorithmTo match the appropriate data consumer for the data owner, the algorithm performs the following steps:
5-1: by performingAuthentication informationIn relation toSignature S of i . Then, checkIf the check fails, the scheme is terminated, otherwise step 2 below continues.
Thereafter, point (x) is used i-1 ,y i-1 ), (x i-2 ,y i-2 ),(x j-1 ,y j-1 ) Reconstructing the function f (x), using the point (x) j-1 ,y j-1 ),(x j-2 ,y j-2 ),(x i-1 ,y i-1 ) The function f' (x) is reconstructed. If f (0) is f' (0), outputting 1; otherwise, 0 is output.
5-3: finally, the cloud server uses the public key pk of the data user j With a reputation value r υ j And sending to the data owner.
(VI) Generation of Re-encryption keys
Suppose a data owner U i Can successfully match to l data users within a period of time, then U i An ordered shared path is generated based on the reputation value of each data consumerWherein: pa i Is a length l, according to D j A public key sequence sorted by reputation value of, and (i) 1 ,…,i l ) E (1, …, j). Then, U i Using the following approach for the shared path Pa i Generates a re-encryption key. The specific steps of the RKGen algorithm are as follows:
(VII) ciphertext Re-encryption
Receiving these re-encryption keysThen, the cloud server executes a re-encryption algorithm to encrypt the ciphertext c of the data owner i (m) conversion to re-encrypted ciphertextAnd the corresponding data user can decrypt, and the algorithm is as follows:
7-1:the algorithm first checks whether it is satisfiedIf not, outputting ^ T. Then through executionDe-authentication informationIn relation toSignature S of i And detectingIf there is a check failure, the scheme is terminated, otherwise, cloud server computing is used Finally, output
(VIII) data decryption
Receiving the re-encrypted ciphertext from the cloud serverRear, Pa i Data user D in j The re-encrypted ciphertext may be decrypted by executing a Dec algorithmThe algorithm is as follows:
8-3: then pass through the pairDecrypting to obtain the plain texts m and r of the original text 1 If, if Andif true, m is accepted, otherwise, it is not accepted.
8-4: after decryption is successful, data consumer D j The shared information of the data owner is obtained. If the user does not want to decrypt, the cloud server generates a re-encrypted ciphertext for the next data user, and the re-encrypted ciphertext is decrypted by the next user. And so on until the sharing path Pa i Until the data user wishes to decrypt the data.
The foregoing shows and describes the general principles and features of the present invention, together with the advantages thereof, as will be apparent to those skilled in the art. The present invention may be modified in various forms and details without departing from the spirit and scope of the present invention as defined by the appended claims. The embodiments should be considered in descriptive sense only and not for purposes of limitation. Therefore, the detailed description of the present invention does not limit the scope of the present invention, which should be defined by the appended claims, and all the distinguishing technical features within the scope of the present invention should be construed as being included in the present invention.
Claims (3)
1. A lightweight data sharing method based on a vehicle social network is characterized by comprising the following steps:
system initialization
The trusted authority selects a set of parameters at will under the bilinear library, and in two multiplication loop groups G 1 And G t Then, a generator is randomly selected, then, system security parameters are selected, a strong non-forgeability signature algorithm is generated, 8 hash functions are defined, and Setup (1) is executed λ ) The → par algorithm generates the public parameter pp for the system;
(II) Key Generation
Trusted authority executes KeyGen (pp, i/j) → (pk) i ,sk i )/(pk j ,sk j ) The algorithm selects random numbers and generates a pair of public/private keys for a user;
(III) data encryption
The data owner encrypts the shared data and the keywords to generate a data ciphertext, the data user encrypts the keywords of the interest data to generate the interest ciphertext, and the data ciphertext comprises: sharing data and a data ciphertext of the keyword;
(IV) trapdoor generation
The user uses his own private key andthe cipher text generated by the algorithm is used as input and executedGenerating a trapdoor of the keyword by an algorithm, and then uploading the trapdoor and the ciphertext to a cloud server;
(V) data matching
When the cloud server finds a message/interest pair, execution The algorithm checks whether the cipher texts of the keywords uploaded by the data owner and the data user are matched or not, and the public key and the reputation value sigma of the successfully matched data user i Returning to the data owner;
(VI) multiple encryption Key Generation
Data owner based on user reputation value sigma i Establishing an ordered sharing pathExecuteAlgorithm for sharing path Pa i The user in the cloud server generates a re-encryption key and distributes the re-encryption key to the cloud server;
(VII) multiple encryption ciphertext Generation
Receiving proxy re-encryption key and sharing path Pa i And after sharing the ciphertext of the data, the cloud server executesAlgorithm, for sharing path Pa i Generating a corresponding re-encrypted ciphertext by each data user;
(VIII) data decryption
After receiving the re-encrypted ciphertext, the user executes the re-encrypted ciphertext by using the private key of the userThe re-encrypted ciphertext is decrypted by the algorithm to obtain the shared information of the data owner, if the user cannot complete decryption, the cloud server automatically entrusts the next data user to generate the re-encrypted ciphertext, anddecrypted by the next user, and so on until the sharing path Pa i Until the data user completes the decryption.
2. The lightweight data sharing method based on the vehicle social network is characterized in that a data owner encrypts data to be shared in a hybrid encryption mode, ciphertext of the shared data comprises ciphertext of related keywords, the data owner encrypts the keywords of the shared data and generates corresponding trapdoors for the keyword ciphertext, meanwhile, a data user encrypts the keywords of interest data and generates corresponding trapdoors for the interest keyword ciphertext, a cloud server judges whether the two keywords are equal and does not reveal privacy of the keywords, and the data owner adopts an equality test based on a public key to achieve data matching in the vehicle social network.
3. The lightweight data sharing method based on the vehicle social network is characterized in that the cloud server uses a proxy re-encryption technology to realize data sharing in the vehicle social network, an entrustor does not trust a secondary entrusted person and adopts an autonomous path method, a data owner generates an ordered sharing path according to the credit value of a data user, then a re-encrypted ciphertext is generated for the data user in the path and sent to the cloud server, and the cloud server converts the ciphertext into a re-encrypted ciphertext which can be decrypted by the data user after receiving the sharing path and the re-encrypted key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210174205.6A CN115002754B (en) | 2022-02-24 | 2022-02-24 | Lightweight data sharing method based on vehicle social network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210174205.6A CN115002754B (en) | 2022-02-24 | 2022-02-24 | Lightweight data sharing method based on vehicle social network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115002754A true CN115002754A (en) | 2022-09-02 |
CN115002754B CN115002754B (en) | 2023-03-31 |
Family
ID=83023451
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210174205.6A Active CN115002754B (en) | 2022-02-24 | 2022-02-24 | Lightweight data sharing method based on vehicle social network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115002754B (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103957109A (en) * | 2014-05-22 | 2014-07-30 | 武汉大学 | Cloud data privacy protection security re-encryption method |
CN108599937A (en) * | 2018-04-20 | 2018-09-28 | 西安电子科技大学 | A kind of public key encryption method that multiple key can search for |
WO2021095998A1 (en) * | 2019-11-15 | 2021-05-20 | Samsung Electronics Co., Ltd. | A trusted computing method and system |
CN113194078A (en) * | 2021-04-22 | 2021-07-30 | 西安电子科技大学 | Cloud-supported privacy protection sequencing multi-keyword search encryption method |
CN113407966A (en) * | 2021-06-25 | 2021-09-17 | 南京师范大学 | Searchable public key encryption method and system with key updating and ciphertext sharing functions |
-
2022
- 2022-02-24 CN CN202210174205.6A patent/CN115002754B/en active Active
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103957109A (en) * | 2014-05-22 | 2014-07-30 | 武汉大学 | Cloud data privacy protection security re-encryption method |
CN108599937A (en) * | 2018-04-20 | 2018-09-28 | 西安电子科技大学 | A kind of public key encryption method that multiple key can search for |
WO2021095998A1 (en) * | 2019-11-15 | 2021-05-20 | Samsung Electronics Co., Ltd. | A trusted computing method and system |
CN113194078A (en) * | 2021-04-22 | 2021-07-30 | 西安电子科技大学 | Cloud-supported privacy protection sequencing multi-keyword search encryption method |
CN113407966A (en) * | 2021-06-25 | 2021-09-17 | 南京师范大学 | Searchable public key encryption method and system with key updating and ciphertext sharing functions |
Also Published As
Publication number | Publication date |
---|---|
CN115002754B (en) | 2023-03-31 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111191288B (en) | Block chain data access right control method based on proxy re-encryption | |
CN111586000B (en) | Full-proxy homomorphic re-encryption transmission system and operation mechanism thereof | |
CN108632032B (en) | Safe multi-keyword sequencing retrieval system without key escrow | |
Zhang et al. | Data security and privacy-preserving in edge computing paradigm: Survey and open issues | |
CN112019591B (en) | Cloud data sharing method based on block chain | |
Zhang et al. | Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing | |
CN108881314B (en) | Privacy protection method and system based on CP-ABE ciphertext under fog computing environment | |
CN112204921A (en) | System and method for protecting data privacy of lightweight devices using blockchains and multi-party computing | |
Shao et al. | Fine-grained data sharing in cloud computing for mobile devices | |
CN107154845B (en) | BGN type ciphertext decryption outsourcing scheme based on attributes | |
CN110690959B (en) | Unmanned aerial vehicle safety certifiable information communication processing method based on cloud platform | |
CN110022309B (en) | Safe and efficient data sharing method in mobile cloud computing system | |
CN110830245B (en) | Anti-quantum-computation distributed Internet of vehicles method and system based on identity secret sharing and implicit certificate | |
CN112383550B (en) | Dynamic authority access control method based on privacy protection | |
CN111342976A (en) | Verifiable ideal lattice upper threshold proxy re-encryption method and system | |
CN112260829B (en) | Multi-authorization-based CP-ABE method for supporting mobile equipment under hybrid cloud | |
Zhang et al. | Efficient and privacy-aware attribute-based data sharing in mobile cloud computing | |
Jiang et al. | SDSS-MAC: Secure data sharing scheme in multi-authority cloud storage systems | |
CN111786786A (en) | Agent re-encryption method and system supporting equation judgment in cloud computing environment | |
Zhang et al. | A decentralized strongly secure attribute-based encryption and authentication scheme for distributed Internet of Mobile Things | |
Qin et al. | Simultaneous authentication and secrecy in identity-based data upload to cloud | |
Wang et al. | Tag-based verifiable delegated set intersection over outsourced private datasets | |
Vaanchig et al. | Constructing secure‐channel free identity‐based encryption with equality test for vehicle‐data sharing in cloud computing | |
CN108763944B (en) | Multi-center large-attribute domain attribute-based encryption method capable of being safely revoked in fog computing | |
CN113079177B (en) | Remote sensing data sharing method based on time and decryption frequency limitation |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |