CN115002754A - Lightweight data sharing method based on vehicle social network - Google Patents

Lightweight data sharing method based on vehicle social network Download PDF

Info

Publication number
CN115002754A
CN115002754A CN202210174205.6A CN202210174205A CN115002754A CN 115002754 A CN115002754 A CN 115002754A CN 202210174205 A CN202210174205 A CN 202210174205A CN 115002754 A CN115002754 A CN 115002754A
Authority
CN
China
Prior art keywords
data
user
ciphertext
algorithm
sharing
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210174205.6A
Other languages
Chinese (zh)
Other versions
CN115002754B (en
Inventor
曹珍富
董晓蕾
沈佳辰
周元健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
East China Normal University
Original Assignee
East China Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by East China Normal University filed Critical East China Normal University
Priority to CN202210174205.6A priority Critical patent/CN115002754B/en
Publication of CN115002754A publication Critical patent/CN115002754A/en
Application granted granted Critical
Publication of CN115002754B publication Critical patent/CN115002754B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/44Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a lightweight data sharing method based on a vehicle social network, which is characterized by comprising the following steps: the method comprises the steps of system initialization, key generation, data encryption, user trapdoor generation, data matching, re-encryption key generation, re-encryption ciphertext generation, user decryption and the like, wherein if a user does not want to decrypt, the cloud server generates a re-encryption ciphertext for the next data user, and the next user decrypts the re-encryption ciphertext. And so on until the sharing path has the data users willing to decrypt. Compared with the prior art, the method has the advantages that the calculation efficiency is realized in data matching and data sharing, particularly the calculation cost of a user side is reduced, the privacy of search keywords of a data owner and the privacy of shared data are protected, multiple data owners and multiple data users are supported, and the method is particularly suitable for vehicle social networks.

Description

Lightweight data sharing method based on vehicle social network
Technical Field
The invention relates to the technical field of data encryption, in particular to a lightweight data sharing method based on a vehicle social network.
Background
Vehicle Social Networks (VSNs), including social networks and vehicular networks (VANETS), provide data sharing between vehicles and vehicle or roadside units (RSUs) to reduce traffic congestion, travel time, and even provide comprehensive social services. With the development of Wireless Sensor Networks (WSNs) and cloud computing, more and more vsn data can be conveniently collected from heterogeneous mobile devices, such as on-board units (OBUs), passengers, and drivers. These data from heterogeneous sources (e.g., smart mobile data owners, RSUs) are aggregated and sent into a trusted vehicle cloud for remote storage and access. However, the outsourced data typically contains some sensitive information (e.g., the user's identity, traffic information, and vehicle information). Therefore, data privacy is critical in the VSN.
To protect data privacy, the data owner needs to encrypt the data using their public key before outsourcing. However, public key encryption techniques complicate data utilization of the vsn, especially data sharing and data retrieval. As a promising primitive, proxy re-encryption (PRE) allows a trusted vehicle cloud (i.e., a trusted agent) to convert ciphertext encrypted in the public of the data owner into ciphertext that the data user can decrypt without learning the plaintext. However, before the VSN scenario shares data, the data owner may not know who will be interested in her/his data. Therefore, an efficient mechanism is needed for the data owner to solve the data retrieval problem in the PRE. Due to the requirements of users on data acquisition and accuracy of mass data, efficient retrieval becomes a key problem of the VSN. Under the condition that the cloud cannot obtain corresponding ciphertext plaintext, public key encryption is carried out through keyword search (PEKS), and ciphertext retrieval on the cloud server can be achieved through trapdoor information generated by a user. Nevertheless, the cloud server in the PEKS can only search for ciphertext encrypted using the same public key. PKES is not suitable for VSN scenarios. In order to realize ciphertext matching of multiple users, Yang ET al propose PKE-ET construction, and a cloud server can test whether ciphertexts encrypted by the same and different public keys come from the same plaintext under the condition of not learning plaintext information.
In summary, the matching of data in the prior art basically adopts a time-consuming bilinear pairing operation to match the data, which undoubtedly reduces the computational efficiency of the system and is not suitable for the vehicle social network.
Disclosure of Invention
The invention aims to design a lightweight data sharing method based on a vehicle social network aiming at the defects of the prior art, which adopts a data sharing method with ciphertext search, fuses PRE in PKE-ET construction, matches a plurality of proper data users for a data owner by using PKE-ET, shares encrypted data to corresponding users according to the sequence of priority, realizes the search and sharing of the data while ensuring the confidentiality of the data, effectively solves the problem of limited computing capability of mobile equipment in the vehicle social network, not only ensures the data privacy, interest privacy and inquiry privacy of the data owner, but also resists the unauthorized access of a semi-credible cloud server to the data, uses an equality test based on public key encryption to realize the ciphertext matching between the data owner and the users, and uses a multi-hop agent to re-encrypt and share the encrypted data of the users, the method is particularly suitable for the social network environment of the vehicle, can realize fine-grained access control and data privacy protection, and has the advantages of simplicity, convenience, practicability, quickness, high calculation efficiency and small storage space.
The purpose of the invention is realized by the following steps: a lightweight data sharing method based on a vehicle social network is characterized in that the method matches a plurality of proper data users for data owners by using PKE-ET, and then shares encrypted data to corresponding users according to the priority sequence, and specifically comprises the following steps:
system initialization
The Trusted Authority (TA) selects a set of parameters at will under the bilinear library, and in two multiplication loop groups G 1 And G t Then randomly selecting a generator, then selecting system security parameters, generating a strong non-forgeable signature algorithm, defining 8 hash functions, and executing Setup (1) λ ) The → par algorithm generates the public parameter pp for the system.
(II) Key Generation
Trusted Authority (TA) executes KeyGen (pp, i/j) → (pk) i ,sk i )/(pk j ,sk j ) The algorithm selects a random number and generates a pair of public/private keys for the users (data owner and data consumer).
(III) data encryption
The data owner encrypts the shared data and the keywords to generate a data ciphertext, the data user encrypts the keywords of the interest data to generate the interest ciphertext, and the data ciphertext comprises: and sharing the data and the data ciphertext of the keyword.
(IV) trapdoor generation
The users (data owners and data users) use their private keys and
Figure BDA0003518415880000021
the cipher text generated by the algorithm is used as input and executed
Figure BDA0003518415880000022
And (4) generating a trapdoor of the keyword by the algorithm, and uploading the trapdoor and the ciphertext to the cloud server.
(V) data matching
When the cloud server finds a message/interest pair, execution
Figure BDA0003518415880000023
Figure BDA0003518415880000024
The algorithm checks whether the key word cryptographs uploaded by the data owner and the data user are matched,and the public key and the reputation value sigma of the successfully matched data user i And returning to the data owner.
(VI) multiple encryption Key Generation
Data owner based on user reputation value sigma i Establishing a data sharing path
Figure BDA0003518415880000025
Then execute
Figure BDA0003518415880000026
Algorithm for data sharing path Pa i Generates a re-encryption key and distributes the re-encryption key to the cloud server.
(VII) multiple encryption ciphertext Generation
Receive proxy re-encryption key, share path Pa i And after sharing the ciphertext of the data, the cloud server executes
Figure BDA0003518415880000031
Algorithm, data sharing path Pa i Sequentially generates re-encrypted ciphertexts.
(eight) user decryption
User execution with own private key
Figure BDA0003518415880000032
After the re-encrypted ciphertext is decrypted by the algorithm to obtain the data shared by the data owner, the data owner with high credit can have the decryption priority, and if the data owner with high credit cannot complete decryption, the cloud server automatically entrusts the data owner with high credit to the next data user with high credit.
The algorithm used in the present invention is illustrated as follows:
the Setup (1) λ ) The → par algorithm is executed by a Trusted Authority (TA) and generates the system public parameter pp on the security parameter λ.
The KeyGen (pp, i/j) → (pk) i ,sk i )/(pk j ,sk j ) Algorithm generation of public key pk i And the private key sk i KeyGen is trustedAuthority (TA) executes, entering system public parameters pp and data owner user identity information (i denotes data owner identity, j denotes data user identity), data owner public/private key pair (pk) i 、sk i ) Or public/private key pair (pk) of data consumer j ,sk j ) As an output.
The above-mentioned
Figure BDA0003518415880000033
The algorithm is implemented by the user (data owner and data consumer) and generates a ciphertext belonging to the data owner
Figure BDA0003518415880000034
Inputting system public parameter pp, public key pk of data owner i Key word ω k i And a message m. Similarly, the ciphertext of the data user is
Figure BDA0003518415880000035
Where j represents the identity of the data user.
The above-mentioned
Figure BDA0003518415880000036
Algorithm for generating trapdoors for user i
Figure BDA0003518415880000037
As output, the public parameter par, the private key sk of the data owner i And ciphertext
Figure BDA0003518415880000038
As an input. Similarly, the trapdoor of the data user is
Figure BDA0003518415880000039
The described
Figure BDA00035184158800000310
The algorithm is executed in the cloud server, and the output value is 0 or 1. The input of the algorithm is a public parameter par and a cipher text
Figure BDA00035184158800000311
And corresponding trapdoors
Figure BDA00035184158800000312
And interest ciphertext
Figure BDA00035184158800000313
And corresponding trapdoors
Figure BDA00035184158800000314
Wherein the content of the first and second substances,
Figure BDA00035184158800000315
is the ciphertext of the user of the data,
Figure BDA00035184158800000316
is a trapdoor created by the data consumer.
The above-mentioned
Figure BDA00035184158800000317
The algorithm outputs one re-encryption key,
Figure BDA00035184158800000318
Figure BDA00035184158800000319
And sends them in a secure manner to the corresponding cloud server. RKGen is performed by user i, the input comprising an autonomous path Pa i Private key sk of data owner i And a common parameter pp of the system.
The above-mentioned
Figure BDA0003518415880000041
For the re-encryption algorithm, ReEnc is executed by the cloud server and outputs the re-encrypted ciphertext
Figure BDA0003518415880000042
Common parameter pp and designated sharing path Pa of system i Re-encryption key from data consumer j to j +1
Figure BDA0003518415880000043
And ciphertext
Figure BDA0003518415880000044
As an input to the process, the process may,
Figure BDA0003518415880000045
the secret cipher text is added from the data owner i to the data user j.
The above-mentioned
Figure BDA0003518415880000046
For decryption algorithm, Dec is executed by user j, and inputs system public parameter par and cipher text
Figure BDA0003518415880000047
And private key sk of user j j And then outputs the message m or the error message symbol ″. After decryption is successful, data consumer D j The shared information of the data owner is obtained. If the user does not want to decrypt, the cloud server generates a re-encrypted ciphertext for the next data user, and the re-encrypted ciphertext is decrypted by the next user. And so on until the sharing path Pa i Until the data user wishes to decrypt the data.
Compared with the prior art, the method has the advantages of ensuring the confidentiality of data, realizing data search and sharing, effectively solving the problem of limited computing capacity of mobile equipment in a vehicle social network, ensuring the data privacy, interest privacy and query privacy of a data owner, resisting unauthorized access of a semi-trusted cloud server to the data, realizing ciphertext matching between the data owner and a user by using an equality test based on public key encryption, re-encrypting to share the encrypted data of the user by using a multi-hop proxy, being particularly suitable for the vehicle social network environment, realizing fine-grained access control and data privacy protection, along with simplicity, convenience, practicability, rapidness, high computing efficiency and small storage space.
Drawings
FIG. 1 is a system diagram of the present invention;
FIG. 2 is a flow chart of the present invention.
Detailed Description
Firstly, the mathematical theory applied by the invention is explained as follows:
1. bilinear mapping
Let G be a multiplication cyclic group of order prime p, mapping e G- → G T Is a linear mapping if the mapping satisfies the following three conditions:
1) bilinear, with v ∈ G, a, b ∈ Z for all u, v ∈ G, a, b ∈ Z p E (u ^ a, v ^ b) ═ e (u, v) ab
2) Non-degradability, the presence of e (g, g) ≠ 1, else e (g, g) ab ≡1;
3) Computability, there is one valid algorithm to compute e (u, v) for all u, v.
In the invention, the bilinear pair e is G multiplied by G- → G T Is a mapping satisfying bilinear, non-degeneracy and computability, and maps the operation of two elements on the multiplication cyclic group of the order prime number to the multiplication cyclic group G T One element of (1).
2. Shamir secret sharing
The basic idea of the Shamir key sharing algorithm based on the Lagrange difference and the vector method is that a distributor divides private information into n encrypted information segments through an encryption polynomial, wherein a ciphertext can be reproduced only by a certain amount of encrypted information, and any part of ciphertext cannot be acquired by any small amount of encrypted information, and the method comprises the following specific steps:
2-1: setup (λ) outputs a large random prime number q as the common parameter pp when the security parameter λ is input.
2-2: generation (pp, s) when entering the common parameter pp and a secret value s ∈ Z q Then, the following operations are performed:
2-1-1: selecting a random polynomial f (x) with the order of (t-1), f (x) a 0 +a 1 x+…+a k-1 x t-1 (modq), wherein the secret information s ═ a 0 =f(0),a 0 ,a 1 ,…,a k-1 ∈Z q
2-1-2: all shared data are calculated: s i =f(x i )modq,in which x i ∈Z q ,i=1,2,…,n。
2-1-3: finally, the algorithm outputs a list of n points, { (x) 1 ,y 1 ),(x 2 ,y 2 ),…,(x n ,y n ) Each s i Are assigned to the corresponding information sharers.
2-2:
Figure BDA0003518415880000051
When the common parameter pp and any t points are input, the algorithm can reconstruct the ciphertext of f (x) and output
Figure BDA0003518415880000052
Wherein
Figure BDA0003518415880000053
I in (b) is a Lagrangian interpolation coefficient, and
Figure BDA0003518415880000054
3. proxy re-encryption (PRE)
In the PRE, the user can authorize the semi-trusted server, and then convert the ciphertext encrypted under the user public key into a ciphertext that can be decrypted by a certain user. It is to be noted that the cloud server cannot learn the plaintext and the private key in the conversion process, and the specific algorithm is as follows:
a one-way multi-hop proxy re-encryption scheme in a conventional PKI environment comprises the following algorithms:
1) the key generation algorithm keygen (par) → (pk; sk): the input system discloses parameter par, and the algorithm outputs (pk, sk) as a public and private key pair of a user.
2) Encryption algorithm Enc (par, M, pk) → C (0) : inputting system public parameter par, plaintext M in message space, public key pk of a certain user, and outputting ciphertext C encrypted by public key pk (0) Where 0 indicates that the ciphertext C has not been re-encrypted, C (0) Also known as the original ciphertext.
3) Transformation key generation algorithm RekeyGen (par, sk) i ,pk j )→rk i→j Inputting the system public parameter par, the private key sk of the authorized user i Public key pk of authorized user j The algorithm outputs a conversion key rk i→j For one-way re-encryption from an authorized user to an authorized user.
4) Re-encryption algorithm ReEnc (par, rk) i→j ,C i(n) )→C j(n+1) : inputting system public parameter par, user pk i To user pk j Is given by the conversion key rk i→j And user pk i Ciphertext C of i(n) Where n represents ciphertext C i(n) The number of times it is re-encrypted. The algorithm outputs the user pk j Ciphertext C of j(n+1) The ciphertext C j(n+1) Has been re-encrypted n +1 times, or ≠ represents ciphertext C i(n) Is illegal.
5) Decryption algorithm Dec 2 (par,sk j ,C j(n+1) ) → M: inputting the system public parameter par, the user private key sk j And user pk j Ciphertext C of j(n+1) . The algorithm outputs a corresponding plaintext M, or ^ represents a ciphertext C j(n+1) Is illegal.
4. Ciphertext equivalence test for public key encryption (PKE-ET)
The cipher text equivalence test based on public key encryption is an encryption technology which can directly judge whether two cipher texts contain the same message or not under the condition of no decryption. In PKE-ET, the public key pk is given separately 1 And pk 2 Two ciphertexts c generated below 1 And c 2 If and only if c 1 And c 2 When the same message is encrypted, the function Test (c, td, c ', td') returns 1, which includes the following steps:
4-1: setup (λ) → pp: and initializing an algorithm, inputting a safety parameter lambda, and outputting a system parameter pp.
4-2: KeyGen (pp) → (pk, sk): a key generation algorithm, inputs the system parameter pp, and outputs a public key and a private key (pk, sk).
4-3: enc (m, pk) → c: and the encryption algorithm inputs the plaintext m to be encrypted and the public key pk and outputs the ciphertext c.
4-4: dec (c, sk) → m: and a decryption algorithm, namely inputting the ciphertext C to be decrypted to belong to the C and the private key sk and outputting a ciphertext m.
4-5: aut (sk) → td: and (4) an authorization generation algorithm, inputting a private key sk and the like, and outputting an authorization trapdoor td.
4-6:Test(c 1 ,td 1 ,c 2 ,td 2 ) → 0,1) ciphertext equivalence test algorithm, input two sets of ciphertexts and corresponding authorization (c) 1 ,td 1 ) And (c) 2 ,td 2 ) And outputting a matching result: if c is 1 And c 2 If the corresponding plaintexts are the same, outputting 1; otherwise 0 is output.
Secondly, the implementation process of the invention
Referring to fig. 1, the present invention uses two access control structures, one is an equality test for data matching of the vehicle social network, which can be decrypted only by the data user with the same key as the data owner; the other is proxy re-encryption (PRE) which is used for defining data sharing and hiding the information of the data owner. The concept of the self-organizing path is introduced, so that a trustee (data user) is assigned by the trustee (data owner), the privacy of the data owner is ensured, and the collusion between the data user and the cloud server is prevented; in addition, the trapdoor can not reveal information of a user, privacy of keywords of a data owner and the data user is guaranteed, and meanwhile, the method improves efficiency by using a mixed encryption method.
In order to understand the technical means, technical features, objectives and effects achieved by the present invention, the present invention will be further described with reference to the following embodiments.
Example 1
Referring to fig. 2, the lightweight data sharing of the vehicle social network specifically includes the following steps:
system initialization
TA selects a safety parameter lambda as the input and the output of the system common parameter pp, and the specific operation is as follows:
1-1:Setup(1 λ ) Ta two groups G with the same prime number q are selected → par 1 And G t In which P is 1 Is taken from G 1 ,P 2 Is taken from G t . Suppose 1 λ Is a system security parameter, (G, S, V) is a one-time signature algorithm with strong non-forgeability, L s = L sig (1 λ ) Is the length of the authentication key. Secondly, TA defines some hash functions H 0 :
Figure BDA0003518415880000071
H 1 :G 1 →(0,1) , H 2 :G 1 ×G t ×(0,1) →(0,1) ,H 3 :(0,1) λ →Z q ,H 4 :(0,1) λ →Z q ,H 5 :(0,1) λ →Z q , H 6 :(0,1) λ →Z q ,H 7 :(0,1) λ →Z q ,H 8 :(0,1) →Z q . Finally, these systems disclose a parameter of pp ═ (G) 1 ,G t ,P 1 ,P 2 ,q,H 1 ,H 2 ,H 3 ,H 4 ,H 5 ,H 6 ,H 7 ,H 8 ,H 0 ) To indicate.
(II) Key Generation
The TA generates a pair of public and private keys for each user in the system using the following method:
KeyGen(pp)→(pk i ,sk i ) The algorithm takes the public parameter pp as input and then randomly selects the private key sk i =a i ∈ Z q And calculates the public key
Figure BDA0003518415880000072
Wherein
Figure BDA0003518415880000073
(III) data encryption
The data owner and the data user respectively adopt the following steps to encrypt the data and the keywords and upload the ciphertext to the cloud server.
Figure BDA0003518415880000074
Let m be an element (0,1) λ Representing data owner U i Of shared data, ω k i ∈(0,1) λ A key representing m. Then, four random numbers (r) are selected 1 ,r 2 ,x i-1 ,x i-2 )∈Z q And generates a ciphertext
Figure BDA0003518415880000075
The algorithm process is as follows:
step 1: selecting a one-time signature key pair G (1) λ ) → (svk, ssk) combined chamber
Figure BDA0003518415880000076
Step 2: computing
Figure BDA0003518415880000077
And
Figure BDA0003518415880000078
step 3: given 3 points p 1 =(H 3 (ωk i ),H 4 (ωk i )),p 2 =(H 5 (ωk i ),H 6 (ωk i )),p 3 =(H 7 (ωk i ),ID RSU ) Construct an interpolation polynomial f (x) of degree 2 and then compute two point values y i-1 =f(x i-1 ),y i-2 = f(x i-2 ) And generate the following
Figure BDA0003518415880000081
Ciphertext intermediate value of representation:
Figure BDA0003518415880000082
Figure BDA0003518415880000083
step 4: computing
Figure BDA0003518415880000084
Step 5: running signature algorithms
Figure BDA0003518415880000085
Step 6: finally, the ciphertext
Figure BDA0003518415880000086
And
Figure BDA0003518415880000087
is uploaded to a cloud server, c j (m * ) Data user D j Generated by an encryption algorithm.
(IV) trapdoor generation
The data owner and the data user respectively generate a trap door through a trap door algorithm.
Figure BDA0003518415880000088
The data owner encrypts data for each
Figure BDA0003518415880000089
Creating a trapdoor
Figure BDA00035184158800000810
Figure BDA00035184158800000811
And uploaded to the cloud server. Similarly, the data consumer is dedicated to each encrypted data
Figure BDA00035184158800000812
Creating a trapdoor
Figure BDA00035184158800000813
And uploaded to the cloud server.
(V) data matching
After receiving a matching request of a data owner and a data user, the cloud server runs a test algorithm
Figure BDA00035184158800000814
To match the appropriate data consumer for the data owner, the algorithm performs the following steps:
5-1: by performing
Figure BDA00035184158800000815
Authentication information
Figure BDA00035184158800000816
In relation to
Figure BDA00035184158800000817
Signature S of i . Then, check
Figure BDA00035184158800000818
If the check fails, the scheme is terminated, otherwise step 2 below continues.
5-2: computing
Figure BDA00035184158800000819
Figure BDA00035184158800000820
Thereafter, point (x) is used i-1 ,y i-1 ), (x i-2 ,y i-2 ),(x j-1 ,y j-1 ) Reconstructing the function f (x), using the point (x) j-1 ,y j-1 ),(x j-2 ,y j-2 ),(x i-1 ,y i-1 ) The function f' (x) is reconstructed. If f (0) is f' (0), outputting 1; otherwise, 0 is output.
5-3: finally, the cloud server uses the public key pk of the data user j With a reputation value r υ j And sending to the data owner.
(VI) Generation of Re-encryption keys
Suppose a data owner U i Can successfully match to l data users within a period of time, then U i An ordered shared path is generated based on the reputation value of each data consumer
Figure BDA0003518415880000091
Wherein: pa i Is a length l, according to D j A public key sequence sorted by reputation value of, and (i) 1 ,…,i l ) E (1, …, j). Then, U i Using the following approach for the shared path Pa i Generates a re-encryption key. The specific steps of the RKGen algorithm are as follows:
6-1:
Figure BDA0003518415880000092
U i selecting random numbers
Figure BDA0003518415880000093
Is Pa i Each data consumer in (1) calculates a re-encrypted key
Figure BDA0003518415880000094
Wherein:
Figure BDA0003518415880000095
Figure BDA0003518415880000096
then, will
Figure BDA0003518415880000097
And Pa i And uploading to a cloud server.
(VII) ciphertext Re-encryption
Receiving these re-encryption keys
Figure BDA0003518415880000098
Then, the cloud server executes a re-encryption algorithm to encrypt the ciphertext c of the data owner i (m) conversion to re-encrypted ciphertext
Figure BDA0003518415880000099
And the corresponding data user can decrypt, and the algorithm is as follows:
7-1:
Figure BDA00035184158800000910
the algorithm first checks whether it is satisfied
Figure BDA00035184158800000911
If not, outputting ^ T. Then through execution
Figure BDA00035184158800000912
De-authentication information
Figure BDA00035184158800000913
In relation to
Figure BDA00035184158800000914
Signature S of i And detecting
Figure BDA00035184158800000915
If there is a check failure, the scheme is terminated, otherwise, cloud server computing is used
Figure BDA00035184158800000916
Figure BDA00035184158800000917
Finally, output
Figure BDA00035184158800000918
(VIII) data decryption
Receiving the re-encrypted ciphertext from the cloud server
Figure BDA00035184158800000919
Rear, Pa i Data user D in j The re-encrypted ciphertext may be decrypted by executing a Dec algorithm
Figure BDA00035184158800000920
The algorithm is as follows:
8-1:
Figure BDA00035184158800000921
8-2:D j computing
Figure BDA00035184158800000922
8-3: then pass through the pair
Figure BDA00035184158800000923
Decrypting to obtain the plain texts m and r of the original text 1 If, if
Figure BDA00035184158800000924
Figure BDA00035184158800000925
And
Figure BDA00035184158800000926
if true, m is accepted, otherwise, it is not accepted.
8-4: after decryption is successful, data consumer D j The shared information of the data owner is obtained. If the user does not want to decrypt, the cloud server generates a re-encrypted ciphertext for the next data user, and the re-encrypted ciphertext is decrypted by the next user. And so on until the sharing path Pa i Until the data user wishes to decrypt the data.
The foregoing shows and describes the general principles and features of the present invention, together with the advantages thereof, as will be apparent to those skilled in the art. The present invention may be modified in various forms and details without departing from the spirit and scope of the present invention as defined by the appended claims. The embodiments should be considered in descriptive sense only and not for purposes of limitation. Therefore, the detailed description of the present invention does not limit the scope of the present invention, which should be defined by the appended claims, and all the distinguishing technical features within the scope of the present invention should be construed as being included in the present invention.

Claims (3)

1. A lightweight data sharing method based on a vehicle social network is characterized by comprising the following steps:
system initialization
The trusted authority selects a set of parameters at will under the bilinear library, and in two multiplication loop groups G 1 And G t Then, a generator is randomly selected, then, system security parameters are selected, a strong non-forgeability signature algorithm is generated, 8 hash functions are defined, and Setup (1) is executed λ ) The → par algorithm generates the public parameter pp for the system;
(II) Key Generation
Trusted authority executes KeyGen (pp, i/j) → (pk) i ,sk i )/(pk j ,sk j ) The algorithm selects random numbers and generates a pair of public/private keys for a user;
(III) data encryption
The data owner encrypts the shared data and the keywords to generate a data ciphertext, the data user encrypts the keywords of the interest data to generate the interest ciphertext, and the data ciphertext comprises: sharing data and a data ciphertext of the keyword;
(IV) trapdoor generation
The user uses his own private key and
Figure FDA0003518415870000011
the cipher text generated by the algorithm is used as input and executed
Figure FDA0003518415870000012
Generating a trapdoor of the keyword by an algorithm, and then uploading the trapdoor and the ciphertext to a cloud server;
(V) data matching
When the cloud server finds a message/interest pair, execution
Figure FDA0003518415870000013
Figure FDA0003518415870000014
The algorithm checks whether the cipher texts of the keywords uploaded by the data owner and the data user are matched or not, and the public key and the reputation value sigma of the successfully matched data user i Returning to the data owner;
(VI) multiple encryption Key Generation
Data owner based on user reputation value sigma i Establishing an ordered sharing path
Figure FDA0003518415870000015
Execute
Figure FDA0003518415870000016
Algorithm for sharing path Pa i The user in the cloud server generates a re-encryption key and distributes the re-encryption key to the cloud server;
(VII) multiple encryption ciphertext Generation
Receiving proxy re-encryption key and sharing path Pa i And after sharing the ciphertext of the data, the cloud server executes
Figure FDA0003518415870000017
Algorithm, for sharing path Pa i Generating a corresponding re-encrypted ciphertext by each data user;
(VIII) data decryption
After receiving the re-encrypted ciphertext, the user executes the re-encrypted ciphertext by using the private key of the user
Figure FDA0003518415870000018
The re-encrypted ciphertext is decrypted by the algorithm to obtain the shared information of the data owner, if the user cannot complete decryption, the cloud server automatically entrusts the next data user to generate the re-encrypted ciphertext, anddecrypted by the next user, and so on until the sharing path Pa i Until the data user completes the decryption.
2. The lightweight data sharing method based on the vehicle social network is characterized in that a data owner encrypts data to be shared in a hybrid encryption mode, ciphertext of the shared data comprises ciphertext of related keywords, the data owner encrypts the keywords of the shared data and generates corresponding trapdoors for the keyword ciphertext, meanwhile, a data user encrypts the keywords of interest data and generates corresponding trapdoors for the interest keyword ciphertext, a cloud server judges whether the two keywords are equal and does not reveal privacy of the keywords, and the data owner adopts an equality test based on a public key to achieve data matching in the vehicle social network.
3. The lightweight data sharing method based on the vehicle social network is characterized in that the cloud server uses a proxy re-encryption technology to realize data sharing in the vehicle social network, an entrustor does not trust a secondary entrusted person and adopts an autonomous path method, a data owner generates an ordered sharing path according to the credit value of a data user, then a re-encrypted ciphertext is generated for the data user in the path and sent to the cloud server, and the cloud server converts the ciphertext into a re-encrypted ciphertext which can be decrypted by the data user after receiving the sharing path and the re-encrypted key.
CN202210174205.6A 2022-02-24 2022-02-24 Lightweight data sharing method based on vehicle social network Active CN115002754B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210174205.6A CN115002754B (en) 2022-02-24 2022-02-24 Lightweight data sharing method based on vehicle social network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210174205.6A CN115002754B (en) 2022-02-24 2022-02-24 Lightweight data sharing method based on vehicle social network

Publications (2)

Publication Number Publication Date
CN115002754A true CN115002754A (en) 2022-09-02
CN115002754B CN115002754B (en) 2023-03-31

Family

ID=83023451

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210174205.6A Active CN115002754B (en) 2022-02-24 2022-02-24 Lightweight data sharing method based on vehicle social network

Country Status (1)

Country Link
CN (1) CN115002754B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103957109A (en) * 2014-05-22 2014-07-30 武汉大学 Cloud data privacy protection security re-encryption method
CN108599937A (en) * 2018-04-20 2018-09-28 西安电子科技大学 A kind of public key encryption method that multiple key can search for
WO2021095998A1 (en) * 2019-11-15 2021-05-20 Samsung Electronics Co., Ltd. A trusted computing method and system
CN113194078A (en) * 2021-04-22 2021-07-30 西安电子科技大学 Cloud-supported privacy protection sequencing multi-keyword search encryption method
CN113407966A (en) * 2021-06-25 2021-09-17 南京师范大学 Searchable public key encryption method and system with key updating and ciphertext sharing functions

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103957109A (en) * 2014-05-22 2014-07-30 武汉大学 Cloud data privacy protection security re-encryption method
CN108599937A (en) * 2018-04-20 2018-09-28 西安电子科技大学 A kind of public key encryption method that multiple key can search for
WO2021095998A1 (en) * 2019-11-15 2021-05-20 Samsung Electronics Co., Ltd. A trusted computing method and system
CN113194078A (en) * 2021-04-22 2021-07-30 西安电子科技大学 Cloud-supported privacy protection sequencing multi-keyword search encryption method
CN113407966A (en) * 2021-06-25 2021-09-17 南京师范大学 Searchable public key encryption method and system with key updating and ciphertext sharing functions

Also Published As

Publication number Publication date
CN115002754B (en) 2023-03-31

Similar Documents

Publication Publication Date Title
CN111191288B (en) Block chain data access right control method based on proxy re-encryption
CN111586000B (en) Full-proxy homomorphic re-encryption transmission system and operation mechanism thereof
CN108632032B (en) Safe multi-keyword sequencing retrieval system without key escrow
Zhang et al. Data security and privacy-preserving in edge computing paradigm: Survey and open issues
CN112019591B (en) Cloud data sharing method based on block chain
Zhang et al. Ensuring attribute privacy protection and fast decryption for outsourced data security in mobile cloud computing
CN108881314B (en) Privacy protection method and system based on CP-ABE ciphertext under fog computing environment
CN112204921A (en) System and method for protecting data privacy of lightweight devices using blockchains and multi-party computing
Shao et al. Fine-grained data sharing in cloud computing for mobile devices
CN107154845B (en) BGN type ciphertext decryption outsourcing scheme based on attributes
CN110690959B (en) Unmanned aerial vehicle safety certifiable information communication processing method based on cloud platform
CN110022309B (en) Safe and efficient data sharing method in mobile cloud computing system
CN110830245B (en) Anti-quantum-computation distributed Internet of vehicles method and system based on identity secret sharing and implicit certificate
CN112383550B (en) Dynamic authority access control method based on privacy protection
CN111342976A (en) Verifiable ideal lattice upper threshold proxy re-encryption method and system
CN112260829B (en) Multi-authorization-based CP-ABE method for supporting mobile equipment under hybrid cloud
Zhang et al. Efficient and privacy-aware attribute-based data sharing in mobile cloud computing
Jiang et al. SDSS-MAC: Secure data sharing scheme in multi-authority cloud storage systems
CN111786786A (en) Agent re-encryption method and system supporting equation judgment in cloud computing environment
Zhang et al. A decentralized strongly secure attribute-based encryption and authentication scheme for distributed Internet of Mobile Things
Qin et al. Simultaneous authentication and secrecy in identity-based data upload to cloud
Wang et al. Tag-based verifiable delegated set intersection over outsourced private datasets
Vaanchig et al. Constructing secure‐channel free identity‐based encryption with equality test for vehicle‐data sharing in cloud computing
CN108763944B (en) Multi-center large-attribute domain attribute-based encryption method capable of being safely revoked in fog computing
CN113079177B (en) Remote sensing data sharing method based on time and decryption frequency limitation

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant