CN115002754B - Lightweight data sharing method based on vehicle social network - Google Patents

Lightweight data sharing method based on vehicle social network Download PDF

Info

Publication number
CN115002754B
CN115002754B CN202210174205.6A CN202210174205A CN115002754B CN 115002754 B CN115002754 B CN 115002754B CN 202210174205 A CN202210174205 A CN 202210174205A CN 115002754 B CN115002754 B CN 115002754B
Authority
CN
China
Prior art keywords
data
ciphertext
user
algorithm
owner
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210174205.6A
Other languages
Chinese (zh)
Other versions
CN115002754A (en
Inventor
曹珍富
董晓蕾
沈佳辰
周元健
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
East China Normal University
Original Assignee
East China Normal University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by East China Normal University filed Critical East China Normal University
Priority to CN202210174205.6A priority Critical patent/CN115002754B/en
Publication of CN115002754A publication Critical patent/CN115002754A/en
Application granted granted Critical
Publication of CN115002754B publication Critical patent/CN115002754B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/03Protecting confidentiality, e.g. by encryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/041Key generation or derivation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0431Key distribution or pre-distribution; Key agreement
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • H04W12/043Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
    • H04W12/0433Key management protocols
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/08Access security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W4/00Services specially adapted for wireless communication networks; Facilities therefor
    • H04W4/30Services specially adapted for particular environments, situations or purposes
    • H04W4/40Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
    • H04W4/44Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种基于车辆社交网络的轻量级数据分享方法,其特点是该方法包括:系统初始化、密钥生成、数据加密、用户陷门生成、数据匹配、重加密密钥生成、重加密密文生成和用户解密等步骤,所述用户解密如果用户不愿意解密,云服务器将为下一个数据使用者生成重加密密文,由下一个用户解密。依次类推,直到分享路径中有数据使用者愿意解密为止。本发明与现有技术相比具有在数据匹配和数据分享中实现了计算效率的轻量级,特别是用户端的计算开销,保护了数据拥有者的搜索关键字隐私和分享数据的隐私,支持多数据拥有者和多数据使用者,尤其适用于车辆社交网络。

Figure 202210174205

The invention discloses a lightweight data sharing method based on a vehicle social network, which is characterized in that the method includes: system initialization, key generation, data encryption, user trapdoor generation, data matching, re-encryption key generation, re-encryption Steps such as generation of encrypted ciphertext and decryption by the user. If the user is unwilling to decrypt the decryption by the user, the cloud server will generate a re-encrypted ciphertext for the next data user, and the next user will decrypt it. And so on, until there is a data user willing to decrypt in the sharing path. Compared with the prior art, the present invention realizes the lightness of calculation efficiency in data matching and data sharing, especially the calculation overhead of the user end, protects the privacy of the data owner's search keyword and the privacy of shared data, and supports multiple Data owner and multiple data consumers, especially for vehicle social networks.

Figure 202210174205

Description

一种基于车辆社交网络的轻量级数据分享方法A lightweight data sharing method based on vehicle social network

技术领域Technical Field

本发明涉及数据加密技术领域,尤其是基于车辆社交网络的轻量级数据分享的方法。The present invention relates to the technical field of data encryption, and in particular to a method for lightweight data sharing based on a vehicle social network.

背景技术Background Art

车辆社交网络(VSN)包括社交网络和车载网路(VANETS),提供车辆和车辆或路边单位 (RSU)之间的数据共享,以减少交通拥堵、旅行时间,甚至提供全面的社会服务。随着无线传感器网络(WSN)和云计算的发展,越来越多的vsn数据可以方便地从异构移动设备中收集,如车载单元(OBU)、乘客和司机。这些来自异构源(例如,智能移动数据拥有者、RSU)的数据被聚合并发送到可信的车辆云中,以进行远程存储和访问。但是,外包的数据通常包含一些敏感信息(例如,用户的身份、交通信息和车辆信息)。因此,数据保密性在VSN中至关重要。Vehicular social networks (VSNs) include social networks and vehicle-mounted networks (VANETs), providing data sharing between vehicles and vehicles or roadside units (RSUs) to reduce traffic congestion, travel time, and even provide comprehensive social services. With the development of wireless sensor networks (WSNs) and cloud computing, more and more VSN data can be conveniently collected from heterogeneous mobile devices, such as onboard units (OBUs), passengers, and drivers. These data from heterogeneous sources (e.g., smart mobile data owners, RSUs) are aggregated and sent to a trusted vehicle cloud for remote storage and access. However, the outsourced data usually contains some sensitive information (e.g., user's identity, traffic information, and vehicle information). Therefore, data confidentiality is crucial in VSNs.

为了保护数据隐私,数据所有者需要在外包之前使用其公钥加密数据。然而,公钥加密技术使vsn的数据利用变得复杂,尤其是数据共享和数据检索。作为有前途的原语,代理重新加密(PRE)允许受信任的车辆云(即受信任的代理)在不学习明文的情况下,将在数据所有者公共下加密的密文转换为数据使用者可以解密的密文。但是,在VSN场景共享数据之前,数据所有者可能不清楚谁会对她/他的数据感兴趣。因此,数据所有者需要一种有效的机制来解决PRE中的数据检索问题。由于用户对数据获取和海量数据的准确性要求,高效检索成为 VSN的关键问题。在云无法获取相应的密文明文的情况下,通过关键字搜索(PEKS)进行公钥加密,通过用户生成的活板门信息,可以实现云服务器上的密文检索。尽管如此,PEKS中的云服务器只能搜索使用相同公钥加密的密文。因此PKES并不适合VSN场景。为了实现多用户的密文匹配,Yang等人提出了PKE-ET构建,云服务器在不学习明文信息的情况下,能够测试使用相同和不同公共密钥加密的密文是否来自同一明文。To protect data privacy, data owners need to encrypt data with their public key before outsourcing. However, public key encryption technology complicates data utilization in VSNs, especially data sharing and data retrieval. As a promising primitive, proxy re-encryption (PRE) allows a trusted vehicle cloud (i.e., a trusted agent) to convert ciphertext encrypted under the public key of the data owner into ciphertext that can be decrypted by data users without learning the plaintext. However, before sharing data in the VSN scenario, the data owner may not know who will be interested in her/his data. Therefore, the data owner needs an effective mechanism to solve the data retrieval problem in PRE. Due to the accuracy requirements of users for data acquisition and massive data, efficient retrieval becomes a key issue for VSN. In the case that the cloud cannot obtain the corresponding ciphertext, public key encryption by keyword search (PEKS) can be used to achieve ciphertext retrieval on the cloud server through the trapdoor information generated by the user. Nevertheless, the cloud server in PEKS can only search for ciphertext encrypted with the same public key. Therefore, PKES is not suitable for VSN scenarios. In order to achieve multi-user ciphertext matching, Yang et al. proposed a PKE-ET construction, in which the cloud server can test whether ciphertexts encrypted with the same and different public keys are from the same plaintext without learning the plaintext information.

综上所述,现有技术的数据的匹配基本都采用耗时的双线性配对操作进行数据的匹配,这无疑会降低了系统的计算效率,不适用于车辆社交网络。In summary, the data matching in the prior art basically adopts time-consuming bilinear pairing operations to match the data, which undoubtedly reduces the computational efficiency of the system and is not suitable for vehicle social networks.

发明内容Summary of the invention

本发明的目的是针对现有技术的不足而设计的一种基于车辆社交网络的轻量级数据分享方法,采用具有密文搜索的数据分享方法,将PRE融合在PKE-ET构建中,使用PKE-ET为数据所有者匹配一些合适的数据使用者,按优先级的顺序将加密的数据共享给相应的用户,在保证数据的机密性的同时实现数据的搜索和分享,有效解决了车辆社交网络中移动设备计算能力有限的问题,不但保证了数据拥有者的数据隐私、兴趣隐私和查询隐私,同时,也抵抗了半可信云服务器对数据的未授权访问,该方法使用基于公钥加密的相等性测试,实现数据拥有者和用户间的密文匹配,并使用多跳代理重加密去分享用户的加密数据,尤其适用于车辆社交网络环境中,可实现细粒度的访问控制和数据隐私性保护,具有方法简便,实用、快捷,计算效率高,存储空间小的优点。The purpose of the present invention is to design a lightweight data sharing method based on vehicle social network in view of the deficiencies of the prior art. The method adopts a data sharing method with ciphertext search, integrates PRE into PKE-ET construction, uses PKE-ET to match some suitable data users for data owners, shares encrypted data with corresponding users in order of priority, realizes data search and sharing while ensuring the confidentiality of data, effectively solves the problem of limited computing power of mobile devices in vehicle social network, not only ensures the data privacy, interest privacy and query privacy of data owners, but also resists unauthorized access to data by semi-trusted cloud servers. The method uses equality test based on public key encryption to realize ciphertext matching between data owners and users, and uses multi-hop proxy re-encryption to share the encrypted data of users. The method is particularly suitable for vehicle social network environment, can realize fine-grained access control and data privacy protection, and has the advantages of simple method, practicality, fastness, high computing efficiency and small storage space.

本发明的目的是这样实现的:一种基于车辆社交网络的轻量级数据分享方法,其特点是该方法使用PKE-ET为数据所有者匹配一些合适的数据使用者,然后按优先级的顺序将加密的数据共享给相应的用户,具体包括以下几个步骤:The object of the present invention is achieved by: a lightweight data sharing method based on vehicle social network, which is characterized in that the method uses PKE-ET to match some suitable data users for the data owner, and then shares the encrypted data with the corresponding users in order of priority, specifically including the following steps:

(一)系统初始化(I) System initialization

可信机构(TA)在双线性库下任意选择一套参数,在两个乘法循环群G1和Gt下各随机选取一个生成元,然后选取系统安全参数并生成一个强不可伪造性签名算法,并定义8个哈希函数,执行Setup(1λ)→par算法为系统生成公开参数pp。The trusted authority (TA) randomly selects a set of parameters under the bilinear library, randomly selects a generator under the two multiplication cycle groups G1 and Gt , then selects the system security parameters and generates a strong unforgeable signature algorithm, defines 8 hash functions, and executes the Setup(1 λ )→par algorithm to generate the public parameter pp for the system.

(二)密钥生成(II) Key Generation

可信机构(TA)执行KeyGen(pp,i/j)→(pki,ski)/(pkj,skj)算法选取随机数,为用户(数据拥有者和数据使用者)生成一对公/私钥。The trusted authority (TA) executes the KeyGen(pp,i/j)→(pk i ,sk i )/(pk j ,sk j ) algorithm to select a random number and generate a pair of public/private keys for the user (data owner and data user).

(三)数据加密(III) Data encryption

数据拥有者加密分享数据以及关键字生成数据密文,数据用户加密兴趣数据的关键字生成兴趣密文,所述数据密文包括:分享数据以及关键字的数据密文。The data owner encrypts the shared data and keywords to generate data ciphertext, and the data user encrypts the keywords of the interest data to generate interest ciphertext, wherein the data ciphertext includes: the data ciphertext of the shared data and keywords.

(四)陷门生成(IV) Trapdoor Generation

用户(数据拥有者和数据使用者)使用自己的私钥和

Figure BDA0003518415880000021
算法生成的密文作为输入,执行
Figure BDA0003518415880000022
算法生成关键字的陷门,然后与密文一起上传给云服务器。Users (data owners and data users) use their own private keys and
Figure BDA0003518415880000021
The ciphertext generated by the algorithm is used as input and executed
Figure BDA0003518415880000022
The algorithm generates a trapdoor for the keyword and then uploads it to the cloud server together with the ciphertext.

(五)数据匹配(V) Data Matching

当云服务器发现一个消息/兴趣对时,执行

Figure BDA0003518415880000023
Figure BDA0003518415880000024
算法,检查数据拥有者和数据使用者上传的关键字密文是否匹配,并将匹配成功的数据使用者的公钥和声誉值σi返回给数据所有者。When the cloud server finds a message/interest pair, it executes
Figure BDA0003518415880000023
Figure BDA0003518415880000024
The algorithm checks whether the keyword ciphertexts uploaded by the data owner and the data user match, and returns the public key and reputation value σ i of the successfully matched data user to the data owner.

(六)重加密密钥生成(VI) Re-encryption key generation

数据拥有者根据用户的声誉值σi建立一个数据分享路径

Figure BDA0003518415880000025
然后执行
Figure BDA0003518415880000026
算法,为数据分享路径Pai中的用户生成重加密密钥,并将重加密密钥分发给云服务器。The data owner establishes a data sharing path based on the user's reputation value σ i
Figure BDA0003518415880000025
Then execute
Figure BDA0003518415880000026
The algorithm generates re-encryption keys for users in the data sharing path Pa i and distributes the re-encryption keys to the cloud servers.

(七)重加密密文生成(VII) Re-encrypted ciphertext generation

收到代理重加密密钥、分享路径Pai和分享数据的密文后,云服务器执行

Figure BDA0003518415880000031
算法,为数据分享路径Pai的用户依次生成重加密密文。After receiving the proxy re-encryption key, the shared path Pa i, and the ciphertext of the shared data, the cloud server executes
Figure BDA0003518415880000031
The algorithm generates re-encrypted ciphertexts for users of the data sharing path Pa i in sequence.

(八)用户解密(VIII) User Decryption

用户用自己的私钥执行

Figure BDA0003518415880000032
算法解密重加密密文,得到数据拥有者分享的数据后,信用度高的数据拥有者可以具有解密优先级,如果信用高的数据拥有者不能完成解密,云服务器则将自动委托给下一个信用较高的数据使用者。The user executes with his own private key
Figure BDA0003518415880000032
After the algorithm decrypts and re-encrypts the ciphertext and obtains the data shared by the data owner, the data owner with high credit can have decryption priority. If the data owner with high credit cannot complete the decryption, the cloud server will automatically delegate it to the next data user with higher credit.

本发明使用的算法说明如下:The algorithm used in the present invention is described as follows:

所述Setup(1λ)→par算法由可信的权威机构(TA)执行,并在安全参数λ上生成系统公共参数pp。The Setup(1 λ )→par algorithm is executed by a trusted authority (TA) and generates a system public parameter pp based on the security parameter λ.

所述KeyGen(pp,i/j)→(pki,ski)/(pkj,skj)算法生成公钥pki和私钥ski,KeyGen由可信的权威机构(TA)执行,输入系统公共参数pp和数据拥有者用户的身份信息(i表示数据拥有者的身份,j表示数据使用者的身份),数据拥有者的公/私钥对(pki、ski)或数据使用者的公/ 私钥对(pkj,skj)作为输出。The KeyGen(pp,i/j)→( pki , ski )/( pkj , skj ) algorithm generates a public key pki and a private key ski . KeyGen is executed by a trusted authority (TA), and takes as input the system public parameter pp and the identity information of the data owner user (i represents the identity of the data owner, and j represents the identity of the data user). The public / private key pair (pki, ski ) of the data owner or the public/private key pair ( pkj , skj ) of the data user is output.

所述

Figure BDA0003518415880000033
算法由用户(数据拥有者和数据使用者)实现,并生成一个属于数据拥有者的密文
Figure BDA0003518415880000034
输入系统公共参数pp、数据拥有者的公钥pki、关键字ωki和消息m。同理,数据使用者的密文为
Figure BDA0003518415880000035
其中j表示数据使用者的身份。Said
Figure BDA0003518415880000033
The algorithm is implemented by the user (data owner and data user) and generates a ciphertext belonging to the data owner.
Figure BDA0003518415880000034
Input the system public parameter pp, the data owner's public key pki , the keyword ωki and the message m. Similarly, the ciphertext of the data user is
Figure BDA0003518415880000035
Where j represents the identity of the data user.

所述

Figure BDA0003518415880000036
算法用于生成用户i的陷门
Figure BDA0003518415880000037
作为输出,公共参数par、数据拥有者的私钥ski和密文
Figure BDA0003518415880000038
作为输入。同理,数据使用者的陷门为
Figure BDA0003518415880000039
Said
Figure BDA0003518415880000036
The algorithm is used to generate a trapdoor for user i
Figure BDA0003518415880000037
As output, the public parameter par, the data owner's private key sk i and the ciphertext
Figure BDA0003518415880000038
As input. Similarly, the trapdoor for data users is
Figure BDA0003518415880000039

所述

Figure BDA00035184158800000310
该算法在云服务器中执行,输出值为0或1。算法的输入为公共参数par、密文
Figure BDA00035184158800000311
和对应的陷门
Figure BDA00035184158800000312
以及兴趣密文
Figure BDA00035184158800000313
和对应的陷门
Figure BDA00035184158800000314
其中,
Figure BDA00035184158800000315
是数据使用者的密文,
Figure BDA00035184158800000316
是数据使用者产生的陷门。Said
Figure BDA00035184158800000310
The algorithm is executed in the cloud server and the output value is 0 or 1. The input of the algorithm is the public parameter par, the ciphertext
Figure BDA00035184158800000311
and the corresponding trapdoor
Figure BDA00035184158800000312
And interest ciphertext
Figure BDA00035184158800000313
and the corresponding trapdoor
Figure BDA00035184158800000314
in,
Figure BDA00035184158800000315
is the ciphertext of the data user,
Figure BDA00035184158800000316
It is a trapdoor created by the data user.

所述

Figure BDA00035184158800000317
该算法输出l个重加密密钥、
Figure BDA00035184158800000318
Figure BDA00035184158800000319
并以安全的方式将它们发送到相应的云服务器中。RKGen由用户i 执行,输入包括一个自主路径Pai、数据拥有者的私钥ski和系统的公共参数pp。Said
Figure BDA00035184158800000317
The algorithm outputs l re-encryption keys,
Figure BDA00035184158800000318
Figure BDA00035184158800000319
And send them to the corresponding cloud servers in a secure way. RKGen is executed by user i, and the input includes an autonomous path Pa i , the private key sk i of the data owner, and the public parameters pp of the system.

所述

Figure BDA0003518415880000041
为重新加密的算法,ReEnc由云服务器执行,并输出重新加密的密文
Figure BDA0003518415880000042
系统的公共参数pp、指定分享路径Pai、从数据使用者j到j+1的重新加密密钥
Figure BDA0003518415880000043
和密文
Figure BDA0003518415880000044
作为输入,
Figure BDA0003518415880000045
为数据拥有者i到数据使用者j的重加秘密密文。Said
Figure BDA0003518415880000041
ReEnc is the re-encryption algorithm. It is executed by the cloud server and outputs the re-encrypted ciphertext.
Figure BDA0003518415880000042
The system's public parameters pp, the specified sharing path Pa i , and the re-encryption key from data user j to j+1
Figure BDA0003518415880000043
and ciphertext
Figure BDA0003518415880000044
As input,
Figure BDA0003518415880000045
It is the re-added secret ciphertext from data owner i to data user j.

所述

Figure BDA0003518415880000046
为解密算法,Dec由用户j执行,输入系统公共参数par、密文
Figure BDA0003518415880000047
和用户j的私钥skj,然后输出消息m或错误信息符号⊥。在解密成功后,数据使用者Dj中会获得数据拥有者的分享信息。如果用户不愿意解密,云服务器将为下一个数据使用者生成重加密密文,由下一个用户解密。依次类推,直到分享路径Pai中有数据使用者愿意解密为止。Said
Figure BDA0003518415880000046
The decryption algorithm, Dec, is executed by user j, and inputs the system public parameters par, the ciphertext
Figure BDA0003518415880000047
and the private key sk j of user j, and then outputs the message m or the error message symbol ⊥. After the decryption is successful, the data user D j will obtain the shared information of the data owner. If the user is unwilling to decrypt, the cloud server will generate a re-encrypted ciphertext for the next data user, who will decrypt it. And so on, until there is a data user in the sharing path Pa i who is willing to decrypt.

本发明与现有技术相比具有保证数据的机密性的同时实现数据的搜索和分享,有效解决了车辆社交网络中移动设备计算能力有限的问题,不但保证了数据拥有者的数据隐私、兴趣隐私和查询隐私,同时,也抵抗了半可信云服务器对数据的未授权访问,该方法使用基于公钥加密的相等性测试,实现数据拥有者和用户间的密文匹配,并使用多跳代理重加密去分享用户的加密数据,尤其适用于车辆社交网络环境中,可实现细粒度的访问控制和数据隐私性保护,具有方法简便,实用、快捷,计算效率高,存储空间小的优点。Compared with the prior art, the present invention can realize data search and sharing while ensuring the confidentiality of data, effectively solving the problem of limited computing power of mobile devices in vehicle social networks, not only ensuring the data privacy, interest privacy and query privacy of data owners, but also resisting unauthorized access to data by semi-trusted cloud servers. The method uses equality test based on public key encryption to realize ciphertext matching between data owners and users, and uses multi-hop proxy re-encryption to share the user's encrypted data. It is particularly suitable for vehicle social network environments, and can realize fine-grained access control and data privacy protection. It has the advantages of simple method, practicality, speed, high computing efficiency and small storage space.

附图说明BRIEF DESCRIPTION OF THE DRAWINGS

图1为本发明系统图;Fig. 1 is a system diagram of the present invention;

图2为本发明流程图。FIG. 2 is a flow chart of the present invention.

具体实施方式DETAILED DESCRIPTION

一、本发明所应用的数学理论说明:1. Description of the mathematical theory used in the present invention:

1、双线性映射1. Bilinear mapping

设G为阶为素数p的乘法循环群,映射e:G×G-→GT是一个线性映射,如果映射满足以下三个条件:Let G be a multiplicative cyclic group of order prime p. The mapping e:G×G-→ GT is a linear mapping if it satisfies the following three conditions:

1)双线性,对于所有的u,v∈G,a,b∈Zp,有e(u^a,v^b)=e(u,v)ab1) Bilinear, for all u,v∈G,a,b∈Z p , e(u^a,v^b)=e(u,v) ab ;

2)非退化性,存在e(g,g)≠1,否则e(g,g)ab≡1;2) Non-degeneracy, there exists e(g,g)≠1, otherwise e(g,g) ab≡1 ;

3)可计算性,对于所有的u,v,存在一个有效的算法计算e(u,v)。3) Computability: For all u, v, there exists an efficient algorithm to calculate e(u, v).

本发明中双线性对e:G×G-→GT是一个满足双线性性、非退化性和可计算性的映射,将阶位素数的乘法循环群上的两个元素的运算映射到乘法循环群GT中的一个元素。In the present invention, the bilinear pairing e:G×G-→ GT is a mapping that satisfies bilinearity, non-degeneracy and computability, and maps the operation of two elements on the multiplicative cyclic group of prime numbers to an element in the multiplicative cyclic group GT .

2、Shamir秘密分享2. Shamir Secret Sharing

Shamir密钥共享算法基于拉格朗日差值和矢量方法,其基本思想是,分配者通加密多项式将私密信息分成n个加密信息片段,其中不少一定量的加密信息才可以重现密文,而通过任何少量的加密信息都无法获取到任何部分的密文,其具体步骤如下:The Shamir key sharing algorithm is based on the Lagrange difference and vector method. The basic idea is that the distributor divides the private information into n encrypted information fragments through the encryption polynomial, among which a certain amount of encrypted information can reproduce the ciphertext, and any part of the ciphertext cannot be obtained through any small amount of encrypted information. The specific steps are as follows:

2-1:Setup(λ):在输入安全参数λ时,会输出一个较大的随机素数q,作为公共参数pp。2-1: Setup(λ): When the security parameter λ is input, a large random prime number q will be output as the public parameter pp.

2-2:Generation(pp,s):当输入公共参数pp和一个秘密值s∈Zq,然后会执行以下的操作:2-2: Generation (pp, s): When the public parameter pp and a secret value s∈Z q are input, the following operations are performed:

2-1-1:选取一个随机,阶数为(t-1)的多项式f(x):f(x)=a0+a1x+…+ak-1xt-1(modq), 其中,私密信息s=a0=f(0),a0,a1,…,ak-1∈Zq2-1-1: Select a random polynomial f(x) of order (t-1): f(x) = a 0 + a 1 x + … + a k-1 x t-1 (modq), where the private information s = a 0 = f(0), a 0 , a 1 , …, a k-1 ∈ Z q .

2-1-2:计算所有的共享数据:si=f(xi)modq,in which xi∈Zq,i=1,2,…,n。2-1-2: Calculate all shared data: s i = f( xi ) mod q, in which x iZq , i = 1, 2,…, n.

2-1-3:最后,算法输出一个包含n个点的列表,{(x1,y1),(x2,y2),…,(xn,yn)},每个si被分配给对应的信息共享者。2-1-3: Finally, the algorithm outputs a list of n points, {(x 1 ,y 1 ),(x 2 ,y 2 ),…,(x n ,y n )}, and each s i is assigned to the corresponding information sharer.

2-2:

Figure BDA0003518415880000051
当输入公共参数pp和任意t个点时,算法可以重构f(x)并输出的密文
Figure BDA0003518415880000052
其中
Figure BDA0003518415880000053
中的i 是拉格朗日插值系数,且
Figure BDA0003518415880000054
2-2:
Figure BDA0003518415880000051
When the public parameter pp and any t points are input, the algorithm can reconstruct f(x) and output the ciphertext
Figure BDA0003518415880000052
in
Figure BDA0003518415880000053
where i is the Lagrange interpolation coefficient, and
Figure BDA0003518415880000054

3、代理重加密(PRE)3. Proxy Re-Encryption (PRE)

在PRE中用户可以将半可信的服务器进行授权,然后将用户公钥下加密的密文转换为某个用户能够解密的密文。值得注意的是,云服务器在转换过程中无法学习明文和私钥,其具体算法如下所示:In PRE, users can authorize semi-trusted servers and then convert ciphertext encrypted under the user's public key into ciphertext that a certain user can decrypt. It is worth noting that the cloud server cannot learn the plaintext and private key during the conversion process. The specific algorithm is as follows:

一个传统PKI环境下的单向多跳代理重加密方案包含下列算法:A one-way multi-hop proxy re-encryption scheme in a traditional PKI environment includes the following algorithms:

1)钥生成算法KeyGen(par)→(pk;sk):输入系统公开参数par,该算法输出(pk,sk)作为一个用户的公私钥对。1) Key generation algorithm KeyGen(par)→(pk;sk): Input the system public parameter par, and the algorithm outputs (pk,sk) as a user's public-private key pair.

2)加密算法Enc(par,M,pk)→C(0):输入系统公开参数par,消息空间中的明文M,某一用户的公钥pk,该算法输出由公钥pk加密的密文C(0),其中0表示密文C未被重加密过,C(0)又被称作原始密文。2) Encryption algorithm Enc(par,M,pk)→C (0) : Input system public parameter par, plaintext M in message space, and public key pk of a user. The algorithm outputs ciphertext C (0) encrypted by public key pk, where 0 indicates that ciphertext C has not been re-encrypted. C (0) is also called original ciphertext.

3)转换密钥生成算法RekeyGen(par,ski,pkj)→rki→j输入系统公开参数par,授权用户的私钥ski,被授权用户的公钥pkj,该算法输出转换密钥rki→j用于从授权用户到被授权用户之间的单向重加密。3) The conversion key generation algorithm RekeyGen(par, sk i , pk j )→rk i→j inputs the system public parameter par, the private key sk i of the authorized user, and the public key pk j of the authorized user. The algorithm outputs the conversion key rk i→j for one-way re-encryption from the authorized user to the authorized user.

4)重加密算法ReEnc(par,rki→j,Ci(n))→Cj(n+1):输入系统公开参数par,用户pki到用户pkj的转换密钥rki→j,及用户pki下的密文Ci(n),其中n表示密文Ci(n)被重加密的次数。该算法输出用户pkj下的密文Cj(n+1),该密文Cj(n+1)已进行过n+1次重加密,或⊥表示密文Ci(n)不合法。4) Re-encryption algorithm ReEnc(par,rk i→j ,C i(n) )→C j(n+1) : Input system public parameter par, conversion key rk i→j from user pk i to user pk j , and ciphertext C i(n) under user pk i , where n represents the number of times ciphertext C i(n) has been re-encrypted. The algorithm outputs ciphertext C j(n+1) under user pk j , which has been re-encrypted n+1 times, or ⊥ indicates that ciphertext C i(n) is illegal.

5)解密算法Dec2(par,skj,Cj(n+1))→M:输入系统公开参数par,用户私钥skj,及用户pkj下的密文Cj(n+1)。该算法输出对应的明文M,或⊥表示密文Cj(n+1)不合法。5) Decryption algorithm Dec 2 (par, sk j , C j(n+1) )→M: Input system public parameter par, user private key sk j , and ciphertext C j(n+1) under user pk j . The algorithm outputs the corresponding plaintext M, or ⊥ indicates that the ciphertext C j(n+1) is illegal.

4、公钥加密的密文等值测试(PKE-ET)4. Public Key Encryption Ciphertext Equivalence Test (PKE-ET)

基于公钥加密的密文等值测试是一种可以在不解密的情况下直接判断两个密文是否包含相同消息的加密技术。在PKE-ET中,给定分别在公钥pk1和pk2下生成的两个密文c1和c2,当且仅当c1和c2对同一消息进行加密时,函数测试Test(c,td,c′,td′)返回1,其具体步骤如下:Ciphertext equivalence test based on public key encryption is an encryption technology that can directly determine whether two ciphertexts contain the same message without decryption. In PKE-ET, given two ciphertexts c 1 and c 2 generated under public keys pk 1 and pk 2 respectively, the function test Test(c, td, c′, td′) returns 1 if and only if c 1 and c 2 encrypt the same message. The specific steps are as follows:

4-1:Setup(λ)→pp:初始化算法,输入安全参数λ,输出系统参数pp。4-1: Setup(λ)→pp: Initialize the algorithm, input security parameter λ, and output system parameter pp.

4-2:KeyGen(pp)→(pk,sk):密钥生成算法,输入系统参数pp,输出公钥与私钥(pk,sk)。4-2: KeyGen(pp)→(pk,sk): key generation algorithm, input system parameter pp, output public key and private key (pk,sk).

4-3:Enc(m,pk)→c:加密算法,输入待加密的明文m与公钥pk,输出密文c。4-3: Enc(m,pk)→c: encryption algorithm, inputs the plaintext m to be encrypted and the public key pk, and outputs the ciphertext c.

4-4:Dec(c,sk)→m:解密算法,输入待解密的密文c∈C与私钥sk,输出密文m。4-4: Dec(c,sk)→m: Decryption algorithm, input the ciphertext c∈C to be decrypted and the private key sk, and output the ciphertext m.

4-5:Aut(sk,·)→td:授权生成算法,输入私钥sk等,输出授权陷门td。4-5: Aut(sk,·)→td: authorization generation algorithm, input private key sk, etc., output authorization trapdoor td.

4-6:Test(c1,td1,c2,td2)→(0,1):密文等值测试算法,输入两组密文与对应的授权(c1,td1)与 (c2,td2),输出匹配结果:若c1与c2所对应的明文一样,则输出1;否则输出0。4-6: Test(c 1 ,td 1 ,c 2 ,td 2 )→(0,1): Ciphertext equivalence test algorithm, input two sets of ciphertext and the corresponding authorization (c 1 ,td 1 ) and (c 2 ,td 2 ), and output the matching result: if the plaintext corresponding to c 1 and c 2 is the same, output 1; otherwise output 0.

二、本发明的实现过程2. Implementation process of the present invention

参阅图1,本发明使用了两种访问控制结构,一种是相等性测试,用于车辆社交网络的数据匹配,只有和数据拥有者关键字相同的数据使用者能解密;另一种是代理重加密(PRE),用于定义数据分享,隐藏数据拥有者的信息。并且引入了自组路径的概念,使得被委托者(数据使用者)是由委托者(数据拥有者)指派的,既保证了数据拥有者的隐私又防止了数据使用者和云服务器合谋;除此之外,陷门不会泄露用户的信息,保证了数据拥有者和数据使用者关键词的隐私性,同时,我们的方法使用混合加密的方法提高了效率。Referring to Figure 1, the present invention uses two access control structures. One is the equality test, which is used for data matching in vehicle social networks. Only data users with the same keyword as the data owner can decrypt. The other is the proxy re-encryption (PRE), which is used to define data sharing and hide the information of the data owner. In addition, the concept of self-organizing path is introduced, so that the delegate (data user) is assigned by the delegator (data owner), which not only guarantees the privacy of the data owner but also prevents the collusion between the data user and the cloud server. In addition, the trapdoor will not leak the user's information, ensuring the privacy of the keywords of the data owner and the data user. At the same time, our method uses a hybrid encryption method to improve efficiency.

为了解本发明实现的技术手段、技术特征、达成目的与功效,下面将结合具体实施例,进一步阐述本发明。In order to understand the technical means, technical features, objectives and effects achieved by the present invention, the present invention will be further described below in conjunction with specific embodiments.

实施例1Example 1

参阅图2,车辆社交网络的轻量级数据分享具体包括下述步骤:Referring to FIG. 2 , lightweight data sharing in a vehicle social network specifically includes the following steps:

(一)系统初始化(I) System initialization

TA选择一个安全参数λ作为系统公共参数pp的输入与输出,具体操作如下所示:TA selects a security parameter λ as the input and output of the system public parameter pp. The specific operation is as follows:

1-1:Setup(1λ)→par.TA选择两个具有相同素数q群G1和Gt,其中P1取自G1,P2取自Gt。假设1λ是系统安全参数,Sig=(G,S,V)是一种具有强不可伪造性的一次签名算法,Ls=Lsig(1λ)是验证密钥的长度。其次,TA定义了一些哈希函数H0:

Figure BDA0003518415880000071
H1:G1→(0,1),H2:G1×Gt×(0,1)→(0,1),H3:(0,1)λ→Zq,H4:(0,1)λ→Zq,H5:(0,1)λ→Zq, H6:(0,1)λ→Zq,H7:(0,1)λ→Zq,H8:(0,1)→Zq。最后这些系统公开参数由pp= (G1,Gt,P1,P2,q,H1,H2,H3,H4,H5,H6,H7,H8,H0)来表示。1-1: Setup(1 λ )→par.TA selects two groups G 1 and G t with the same prime number q, where P 1 is taken from G 1 and P 2 is taken from G t . Assume that 1 λ is the system security parameter, Sig=(G,S,V) is a one-time signature algorithm with strong unforgeability, and L s =L sig (1 λ ) is the length of the verification key. Secondly, TA defines some hash functions H 0 :
Figure BDA0003518415880000071
H 1 : G 1 →(0,1) ,H 2 : G 1 ×G t ×(0,1) →(0,1) ,H 3 :(0,1) λ →Z q ,H 4 :(0,1) λ →Z q ,H 5 :(0,1) λ →Z q , H 6 :(0,1) λ →Z q ,H 7 :(0,1) λ →Z q ,H 8 :(0,1) →Z q . Finally, the public parameters of these systems are represented by pp = (G 1 ,G t ,P 1 ,P 2 ,q,H 1 ,H 2 ,H 3 ,H 4 ,H 5 ,H 6 ,H 7 ,H 8 ,H 0 ).

(二)密钥生成(II) Key Generation

TA采用下述方法为系统内每个用户生成一对公私钥:TA uses the following method to generate a pair of public and private keys for each user in the system:

KeyGen(pp)→(pki,ski).算法采用公共参数pp作为输入,然后随机选择私钥ski=ai∈ Zq,并计算公钥

Figure BDA0003518415880000072
其中
Figure BDA0003518415880000073
KeyGen( pp )→( pki , skj ). The algorithm takes the public parameter pp as input, then randomly selects a private key skj = ai∈Zq , and calculates the public key
Figure BDA0003518415880000072
in
Figure BDA0003518415880000073

(三)数据加密(III) Data encryption

数据拥有者和数据使用者各自采用以下步骤加密他们的数据和关键字并上传密文到云服务器。The data owner and data user each use the following steps to encrypt their data and keywords and upload the ciphertext to the cloud server.

Figure BDA0003518415880000074
让m∈(0,1)λ表示数据拥有者Ui的分享数据明文,ωki∈(0,1)λ表示m的关键字。然后,选择四个随机数(r1,r2,xi-1,xi-2)∈Zq并生成密文
Figure BDA0003518415880000075
算法过程如下:
Figure BDA0003518415880000074
Let m∈(0,1) λ denote the shared data plaintext of data owner U i and ωk i∈ (0,1) λ denote the keyword of m. Then, select four random numbers (r 1 ,r 2 ,xi -1 ,xi -2 )∈Z q and generate the ciphertext
Figure BDA0003518415880000075
The algorithm process is as follows:

Step 1:选择一个一次签名密钥对G(1λ)→(svk,ssk)并设

Figure BDA0003518415880000076
Step 1: Choose a one-time signature key pair G(1 λ )→(svk,ssk) and set
Figure BDA0003518415880000076

Step 2:计算

Figure BDA0003518415880000077
以及
Figure BDA0003518415880000078
Step 2: Calculation
Figure BDA0003518415880000077
as well as
Figure BDA0003518415880000078

Step3:给定3个点p1=(H3(ωki),H4(ωki)),p2=(H5(ωki),H6(ωki)),p3=(H7(ωki),IDRSU)构建度数为2的插值多项式f(x).然后计算两个点值yi-1=f(xi-1),yi-2= f(xi-2)并生成下述

Figure BDA0003518415880000081
表示的密文中间值:Step 3: Given three points p 1 = (H 3 ( ωki ), H 4 ( ωki )), p 2 = (H 5 ( ωki ), H 6 ( ωki )), p 3 = (H 7 ( ωki ), ID RSU ) construct an interpolation polynomial f(x) of degree 2. Then calculate the two point values yi -1 = f(xi -1 ), yi -2 = f(xi -2 ) and generate the following
Figure BDA0003518415880000081
The intermediate value of the ciphertext represented by:

Figure BDA0003518415880000082
Figure BDA0003518415880000083
Figure BDA0003518415880000082
Figure BDA0003518415880000083

Step 4:计算

Figure BDA0003518415880000084
Step 4: Calculation
Figure BDA0003518415880000084

Step 5:运行签名算法

Figure BDA0003518415880000085
Step 5: Run the signature algorithm
Figure BDA0003518415880000085

Step 6:最终,密文

Figure BDA0003518415880000086
以及
Figure BDA0003518415880000087
被上传到云服务器,cj(m*)被数据使用者Dj由加密算法生成。Step 6: Finally, the ciphertext
Figure BDA0003518415880000086
as well as
Figure BDA0003518415880000087
Uploaded to the cloud server, c j (m * ) is generated by the data user D j using an encryption algorithm.

(四)陷门生成(IV) Trapdoor Generation

数据拥有者与数据使用者通过陷门算法各自生成一个陷门。The data owner and the data user each generate a trapdoor through the trapdoor algorithm.

Figure BDA0003518415880000088
数据拥有者为每个加密数据
Figure BDA0003518415880000089
生成一个陷门
Figure BDA00035184158800000810
Figure BDA00035184158800000811
并上传给云服务器。同样的,数据使用者为了每个加密数据
Figure BDA00035184158800000812
生成一个陷门
Figure BDA00035184158800000813
并上传到云服务器。
Figure BDA0003518415880000088
The data owner shall encrypt each
Figure BDA0003518415880000089
Create a trapdoor
Figure BDA00035184158800000810
Figure BDA00035184158800000811
And upload to the cloud server. Similarly, data users need to
Figure BDA00035184158800000812
Create a trapdoor
Figure BDA00035184158800000813
And upload to the cloud server.

(五)数据匹配(V) Data Matching

收到数据拥有者和数据使用者的匹配请求之后,云服务器运行测试算法

Figure BDA00035184158800000814
为数据拥有者匹配合适的数据使用者,其算法执行如下述步骤:After receiving the matching request from the data owner and the data user, the cloud server runs the test algorithm
Figure BDA00035184158800000814
To match the data owner with the appropriate data user, the algorithm performs the following steps:

5-1:通过执行

Figure BDA00035184158800000815
验证信息
Figure BDA00035184158800000816
中关于
Figure BDA00035184158800000817
的签名Si。然后,检查
Figure BDA00035184158800000818
如果检查失败,则终止方案,否则继续进行下述步骤2。5-1: By execution
Figure BDA00035184158800000815
Verification Information
Figure BDA00035184158800000816
About
Figure BDA00035184158800000817
Then , check
Figure BDA00035184158800000818
If the check fails, terminate the scheme, otherwise proceed to step 2 below.

5-2:计算

Figure BDA00035184158800000819
5-2: Calculation
Figure BDA00035184158800000819

Figure BDA00035184158800000820
之后,使用点(xi-1,yi-1), (xi-2,yi-2),(xj-1,yj-1)重新构造函数f(x),使用点(xj-1,yj-1),(xj-2,yj-2),(xi-1,yi-1)重新构造函数f′(x)。如果f(0)=f′(0),则输出1;否则,输出0。
Figure BDA00035184158800000820
Afterwards, use the points (xi -1 , yi -1 ), (xi -2 , yi -2 ), (xj -1 , yj-1 ) to reconstruct the function f(x), and use the points (xj -1 , yj -1 ), (xj -2 , yj -2 ), ( xi-1 , yi -1 ) to reconstruct the function f′(x). If f(0) = f′(0), output 1; otherwise, output 0.

5-3:最后,云服务器将数据使用者的公钥pkj与信誉值rυj发送给数据拥有者。5-3: Finally, the cloud server sends the data user’s public key pk j and reputation value rυ j to the data owner.

(六)重加密密钥的生成(VI) Generation of re-encryption keys

假设一个数据拥有者Ui在一段时间内能够成功匹配到l个数据使用者,然后Ui会基于每个数据使用者的声誉值生成一个有序的共享路径

Figure BDA0003518415880000091
其中:Pai是一个长度为l,按Dj的信誉值排序的公钥序列,并且(i1,…,il)∈(1,…,j)。然后,Ui使用下面的方式为共享路径Pai中的每个数据使用者生成重加密密钥。RKGen算法的具体步骤如下:Assume that a data owner U i can successfully match l data users within a period of time, then U i will generate an ordered sharing path based on the reputation value of each data user
Figure BDA0003518415880000091
Where: Pa i is a public key sequence of length l, sorted by the reputation value of D j , and (i 1 ,…,i l )∈(1,…,j). Then, U i generates a re-encryption key for each data user in the shared path Pa i using the following method. The specific steps of the RKGen algorithm are as follows:

6-1:

Figure BDA0003518415880000092
Ui选取随机数
Figure BDA0003518415880000093
为Pai中的每个数据使用者计算一个重加密的密钥
Figure BDA0003518415880000094
6-1:
Figure BDA0003518415880000092
U i selects a random number
Figure BDA0003518415880000093
Calculate a re-encryption key for each data user in Pa i
Figure BDA0003518415880000094

其中:

Figure BDA0003518415880000095
in:
Figure BDA0003518415880000095

Figure BDA0003518415880000096
然后,将
Figure BDA0003518415880000097
和Pai上传到云服务器上。
Figure BDA0003518415880000096
Then,
Figure BDA0003518415880000097
and Pa i uploaded to the cloud server.

(七)密文重新加密(VII) Ciphertext Re-encryption

接收到这些重加密密钥

Figure BDA0003518415880000098
后,云服务器执行重加密算法,将数据拥有者的密文ci(m) 转换为重加密的密文
Figure BDA0003518415880000099
并且对应的数据使用者可以解密,其算法具体如下:Receive these re-encryption keys
Figure BDA0003518415880000098
After that, the cloud server executes the re-encryption algorithm to convert the data owner's ciphertext c i (m) into the re-encrypted ciphertext
Figure BDA0003518415880000099
And the corresponding data user can decrypt it, and the algorithm is as follows:

7-1:

Figure BDA00035184158800000910
该算法首先检查是否满足
Figure BDA00035184158800000911
如果不满足,则输出⊥。然后通过执行
Figure BDA00035184158800000912
去验证信息
Figure BDA00035184158800000913
中关于
Figure BDA00035184158800000914
的签名Si,并且检测
Figure BDA00035184158800000915
如果存在检查失败,则终止方案,否则,使用云服务器计算
Figure BDA00035184158800000916
Figure BDA00035184158800000917
最后,输出
Figure BDA00035184158800000918
7-1:
Figure BDA00035184158800000910
The algorithm first checks whether
Figure BDA00035184158800000911
If it is not satisfied, then output ⊥. Then by executing
Figure BDA00035184158800000912
To verify information
Figure BDA00035184158800000913
About
Figure BDA00035184158800000914
The signature S i of
Figure BDA00035184158800000915
If there is a check failure, the solution is terminated, otherwise, the cloud server is used to calculate
Figure BDA00035184158800000916
Figure BDA00035184158800000917
Finally, the output
Figure BDA00035184158800000918

(八)数据解密(VIII) Data Decryption

从云服务器中接收到重加密后的密文

Figure BDA00035184158800000919
后,Pai中的数据使用者Dj可以通过执行Dec算法来解密重加密后的密文
Figure BDA00035184158800000920
其算法具体如下:Receive the re-encrypted ciphertext from the cloud server
Figure BDA00035184158800000919
After that, the data user Dj in Pai can decrypt the re-encrypted ciphertext by executing the Dec algorithm.
Figure BDA00035184158800000920
The specific algorithm is as follows:

8-1:

Figure BDA00035184158800000921
8-1:
Figure BDA00035184158800000921

8-2:Dj计算

Figure BDA00035184158800000922
8-2: D j calculation
Figure BDA00035184158800000922

8-3:然后通过对

Figure BDA00035184158800000923
进行解密,获取原文的明文m和r1,如果
Figure BDA00035184158800000924
Figure BDA00035184158800000925
以及
Figure BDA00035184158800000926
成立,则m被接受,否则,不会被接受。8-3: Then through
Figure BDA00035184158800000923
Decrypt and obtain the original plaintext m and r 1. If
Figure BDA00035184158800000924
Figure BDA00035184158800000925
as well as
Figure BDA00035184158800000926
If it holds, m is accepted, otherwise, it is not accepted.

8-4:在解密成功后,数据使用者Dj中会获得数据拥有者的分享信息。如果用户不愿意解密,云服务器将为下一个数据使用者生成重加密密文,由下一个用户解密。依次类推,直到分享路径Pai中有数据使用者愿意解密为止。8-4: After the decryption is successful, the data user Dj will obtain the data owner's sharing information. If the user is unwilling to decrypt, the cloud server will generate a re-encrypted ciphertext for the next data user, who will decrypt it. And so on, until there is a data user in the sharing path Pai who is willing to decrypt.

以上显示和描述了本发明的基本原理和主要特征以及本发明的优点,本领域的技术人员应该了解。在不背离所附权利要求书限定的本发明的宗旨和范围的前提下,可以对本发明进行各种形式和细节上的修改。实施方式应该仅认为是说明性的,而不是强制性的。因此,本发明的详细描述不限定本发明的范围,本发明的范围应该由所附权利要求书限定,并且本发明的范围内的所有区别技术特征应理解为包含在本发明内。The above shows and describes the basic principles and main features of the present invention and the advantages of the present invention, and those skilled in the art should understand. Without departing from the purpose and scope of the present invention as defined in the appended claims, the present invention can be modified in various forms and details. The embodiments should be considered only as illustrative, not mandatory. Therefore, the detailed description of the present invention does not limit the scope of the present invention, the scope of the present invention should be defined by the appended claims, and all distinguishing technical features within the scope of the present invention should be understood to be included in the present invention.

Claims (3)

1.一种基于车辆社交网络的轻量级数据分享方法,其特征在于该方法具体包括以下步骤:1. A lightweight data sharing method based on a vehicle social network, characterized in that the method specifically comprises the following steps: (一)系统初始化(I) System initialization 可信机构TA在双线性库下任意选择一套参数,在两个乘法循环群G1和Gt下各随机选取一个生成元,然后选取系统安全参数并生成一个强不可伪造性签名算法,并定义8个哈希函数,执行Setup(1λ)→par算法为系统生成公开参数pp,所述Setup(1λ)→par算法的执行如下述步骤:The trusted institution TA selects a set of parameters arbitrarily under the bilinear library, randomly selects a generator under the two multiplication cycle groups G1 and Gt , then selects the system security parameters and generates a strong unforgeable signature algorithm, and defines 8 hash functions, and executes the Setup(1 λ )→par algorithm to generate a public parameter pp for the system. The execution of the Setup(1 λ )→par algorithm is as follows: 1-1:Setup(1λ)→pp.TA选择两个具有相同素数q群G1和Gt,其中P1取自G1,P2取自Gt,假设1λ是系统安全参数,Sig=(G,S,V)是一种具有强不可伪造性的一次签名算法,Ls=Lsig(1λ)是验证密钥的长度;其次,TA定义了一些哈希函数
Figure FDA0004089531020000015
H1:G1→(0,1),H2:G1×Gt×(0,1)→(0,1),H3:(0,1)λ→Zq,H4:(0,1)λ→Zq,H5:(0,1)λ→Zq,H6:(0,1)λ→Zq,H7:(0,1)λ→Zq,H8:(0,1)→Zq,最后这些系统公开参数由pp=(G1,Gt,P1,P2,q,H1,H2,H3,H4,H5,H6,H7,H8,H0)来表示;1-1: Setup(1 λ )→pp.TA selects two groups G 1 and G t with the same prime number q, where P 1 is taken from G 1 and P 2 is taken from G t . Assume that 1 λ is the system security parameter, Sig=(G,S,V) is a one-time signature algorithm with strong unforgeability, and L s =L sig (1 λ ) is the length of the verification key. Secondly, TA defines some hash functions
Figure FDA0004089531020000015
H 1 : G 1 →(0,1) , H 2 : G 1 ×G t ×(0,1) →(0,1) , H 3 :(0,1) λ →Z q , H 4 :(0,1) λ →Z q , H 5 :(0,1) λ →Z q , H 6 :(0,1) λ →Z q , H 7 :(0,1) λ →Z q , H 8 :(0,1) →Z q , finally these system public parameters are represented by pp=(G 1 ,G t ,P 1 ,P 2 ,q,H 1 ,H 2 ,H 3 ,H 4 ,H 5 ,H 6 ,H 7 ,H 8 ,H 0 ); 其中,TA:为可信机构;q为构造G1和Gt群的素数;G1、Gt分别为乘法循环群;P1、P2分别为G1、Gt群中的一个随机元;pp为系统的公开参数;G为强不可伪造性的一次签名算法中的一个函数;S为强不可伪造性的一次签名算法中的签名算法;V为强不可伪造性的一次签名算法中的验证算法;Wherein, TA: is a trusted authority; q is a prime number used to construct the G1 and Gt groups; G1 and Gt are respectively multiplication cyclic groups; P1 and P2 are respectively a random element in the G1 and Gt groups; pp is a public parameter of the system; G is a function in the one-time signature algorithm with strong unforgeability; S is the signature algorithm in the one-time signature algorithm with strong unforgeability; V is the verification algorithm in the one-time signature algorithm with strong unforgeability; (二)密钥生成(II) Key Generation 可信机构执行KeyGen(pp,i/j)→(pki,ski)/(pkj,skj)算法选取随机数,为数据拥有者和数据使用者生成一对公私钥,所述KeyGen(pp)→(pki,ski)算法采用公共参数pp作为输入,然后随机选择私钥ski=ai∈Zq,并计算公钥
Figure FDA0004089531020000011
其中
Figure FDA0004089531020000012
Figure FDA0004089531020000013
The trusted institution executes the KeyGen(pp, i/j)→( pki , skj )/( pki , skj ) algorithm to select random numbers and generate a pair of public and private keys for the data owner and the data user. The KeyGen(pp)→( pki , skj ) algorithm uses the public parameter pp as input, then randomly selects the private key skj = ai∈Zq , and calculates the public key
Figure FDA0004089531020000011
in
Figure FDA0004089531020000012
Figure FDA0004089531020000013
 其中,i/j为数据拥有者的编号/数据使用者的编号;(skj,pkj)为第j个数据使用者的公钥和私钥;(ski,pki)为第i个数据拥有者的公钥和私钥;
Figure FDA0004089531020000014
为第i个数据拥有者公钥的组成部分;Wherein, i/j is the number of the data owner/data user; (sk j , pk j ) is the public key and private key of the jth data user; (sk i , pk i ) is the public key and private key of the i-th data owner;
Figure FDA0004089531020000014
It is a component of the public key of the i-th data owner; (三)数据加密(III) Data encryption 数据使用者加密分享数据以及关键字生成数据密文,数据使用者加密兴趣数据的关键字生成兴趣密文,所述数据密文包括:分享数据以及关键字的数据密文;The data user encrypts the shared data and the keyword to generate data ciphertext, and the data user encrypts the keyword of the interest data to generate interest ciphertext, wherein the data ciphertext includes: the data ciphertext of the shared data and the keyword; (四)陷门生成(IV) Trapdoor Generation 数据拥有者和数据使用者使用自己的私钥和
Figure FDA0004089531020000021
算法生成的密文作为输入,执行
Figure FDA0004089531020000022
算法生成关键字的陷门,然后与密文一起上传给云服务器,所述
Figure FDA0004089531020000023
算法是数据拥有者为每个加密数据
Figure FDA0004089531020000024
生成一个陷门
Figure FDA0004089531020000025
并上传给云服务器,同样的,数据使用者为了每个加密数据
Figure FDA0004089531020000026
生成一个陷门
Figure FDA0004089531020000027
并上传到云服务器;Data owners and data users use their own private keys and
Figure FDA0004089531020000021
The ciphertext generated by the algorithm is used as input and executed
Figure FDA0004089531020000022
The algorithm generates a keyword trapdoor, which is then uploaded to the cloud server together with the ciphertext.
Figure FDA0004089531020000023
The algorithm is that the data owner encrypts each data
Figure FDA0004089531020000024
Create a trapdoor
Figure FDA0004089531020000025
And upload to the cloud server, similarly, data users need to encrypt data for each
Figure FDA0004089531020000026
Create a trapdoor
Figure FDA0004089531020000027
And upload to the cloud server; 其中,(ski,pki):第i个数据拥有者的公钥和私钥;m为数据拥有者想要分享的数据明文;ωki为数据拥有者i想要分享数据的关键字明文;
Figure FDA0004089531020000028
为m和ωki的密文,也就是数据拥有者想要分享的数据及其关键字的密文;
Figure FDA0004089531020000029
为数据使用者想要分享的数据及其关键字的密文;
Figure FDA00040895310200000210
为数据拥有者在密文
Figure FDA00040895310200000211
下生成的陷门;
Figure FDA00040895310200000212
为数据拥有者在密文
Figure FDA00040895310200000213
下生成的陷门;ai为数据拥有者的私钥;bj为数据使用者选择的一个随机数,并作为自己的私钥;
Figure FDA00040895310200000214
Figure FDA00040895310200000215
的中间值;
Figure FDA00040895310200000216
Figure FDA00040895310200000217
的中间值;
Figure FDA00040895310200000218
为数据使用者在加密阶段选择的一个随机数;Where, (sk i ,pk i ): the public key and private key of the i-th data owner; m is the plaintext data that the data owner wants to share; ωk i is the plaintext keyword that the data owner i wants to share;
Figure FDA0004089531020000028
is the ciphertext of m and ωki , that is, the ciphertext of the data and its keywords that the data owner wants to share;
Figure FDA0004089531020000029
The ciphertext of the data and keywords that the data user wants to share;
Figure FDA00040895310200000210
For the data owner in the ciphertext
Figure FDA00040895310200000211
The trapdoor generated below;
Figure FDA00040895310200000212
For the data owner in the ciphertext
Figure FDA00040895310200000213
The trapdoor generated by the following; a i is the private key of the data owner; b j is a random number selected by the data user and used as his own private key;
Figure FDA00040895310200000214
for
Figure FDA00040895310200000215
The median value of
Figure FDA00040895310200000216
for
Figure FDA00040895310200000217
The median value of
Figure FDA00040895310200000218
A random number selected by the data user during the encryption phase; (五)数据匹配(V) Data Matching 当云服务器发现一个消息/兴趣对时,执行
Figure FDA00040895310200000219
Figure FDA00040895310200000220
算法,检查数据拥有者和数据使用者上传的关键字密文是否匹配,并将匹配成功的数据使用者的公钥和声誉值σi返回给数据拥有者,所述
Figure FDA00040895310200000221
算法的执行如下述步骤:When the cloud server finds a message/interest pair, it executes
Figure FDA00040895310200000219
Figure FDA00040895310200000220
The algorithm checks whether the keyword ciphertext uploaded by the data owner and the data user matches, and returns the public key and reputation value σ i of the successfully matched data user to the data owner.
Figure FDA00040895310200000221
The algorithm is executed as follows: 5-1:通过执行
Figure FDA00040895310200000222
验证信息
Figure FDA00040895310200000223
中关于
Figure FDA00040895310200000224
的签名Si;然后,检查
Figure FDA00040895310200000225
如果检查失败,则终止方案,否则继续进行下述步骤5-2;5-1: By execution
Figure FDA00040895310200000222
Verification Information
Figure FDA00040895310200000223
About
Figure FDA00040895310200000224
Then , check
Figure FDA00040895310200000225
If the check fails, terminate the scheme, otherwise proceed to step 5-2 below; 5-2:计算
Figure FDA00040895310200000226
5-2: Calculation
Figure FDA00040895310200000226
Figure FDA00040895310200000227
之后,使用点(xi-1,yi-1),(xi-2,yi-2),(xj-1,yj-1)重新构造函数f(x),使用点(xj-1,yj-1),(xj-2,yj-2),(xi-1,yi-1)重新构造函数f′(x),如果f(0)=f′(0),则输出1;否则,输出0;
Figure FDA00040895310200000227
Afterwards, use the points (xi -1 , yi -1 ), (xi -2 , yi -2 ), (xj -1 , yj-1 ) to reconstruct the function f(x), and use the points (xj -1 , yj -1 ), (xj -2 , yj -2 ), ( xi-1 , yi -1 ) to reconstruct the function f′(x). If f(0) = f′(0), output 1; otherwise, output 0. 5-3:最后,云服务器将数据使用者的公钥pkj与信誉值rυj发送给数据拥有者;5-3: Finally, the cloud server sends the data user’s public key pk j and reputation value rυ j to the data owner; 其中,pki为数据拥有者i的公钥;
Figure FDA0004089531020000031
为pki的一个组成部分;m为数据拥有者想要分享的数据明文;
Figure FDA0004089531020000032
为m和ωki的密文,也就是数据拥有者想要分享的数据及其关键字的密文;Among them, pk i is the public key of data owner i;
Figure FDA0004089531020000031
is a component of pk i ; m is the plaintext data that the data owner wants to share;
Figure FDA0004089531020000032
is the ciphertext of m and ωki , that is, the ciphertext of the data and its keywords that the data owner wants to share;
Figure FDA0004089531020000033
为数据使用者想要分享的数据及其关键字的密文;
Figure FDA0004089531020000034
Figure FDA0004089531020000035
的组成元素;sυki、sυkj分别为一个随机数,作为数据拥有者使用强不可伪造性一次签名算法中的签名私钥;Si为数据拥有者产生的一个签名;ν()为强不可伪造性一次签名算法中的验证函数;xi-1,xi-2,yi-1,yi-2为数据拥有者选择的4个随机数;xj-1,xj-2,yj-1,yj-2为数据使用者选择的4个随机数;f(x)为一个多项式函数;
Figure FDA0004089531020000033
The ciphertext of the data and keywords that the data user wants to share;
Figure FDA0004089531020000034
for
Figure FDA0004089531020000035
The constituent elements of ; sυk i and sυk j are random numbers, respectively, which are used as the signature private key of the data owner in the strong unforgeable one-time signature algorithm; S i is a signature generated by the data owner; ν() is the verification function in the strong unforgeable one-time signature algorithm; x i-1 , x i-2 , y i-1 , y i-2 are 4 random numbers selected by the data owner; x j-1 , x j-2 , y j-1 , y j-2 are 4 random numbers selected by the data user; f(x) is a polynomial function; (六)重加密密钥生成(VI) Re-encryption key generation 数据拥有者根据数据使用者的声誉值σi建立一个有序的分享路径
Figure FDA0004089531020000036
Figure FDA0004089531020000037
执行
Figure FDA0004089531020000038
算法,为分享路径Pai中的数据使用者生成重加密密钥,并将重加密密钥分发给云服务器,所述
Figure FDA0004089531020000039
Figure FDA00040895310200000310
算法是数据拥有者Ui选取随机数
Figure FDA00040895310200000311
为Pai中的每个数据使用者计算一个重加密的密钥
Figure FDA00040895310200000312
The data owner establishes an orderly sharing path based on the reputation value σ i of the data user
Figure FDA0004089531020000036
Figure FDA0004089531020000037
implement
Figure FDA0004089531020000038
The algorithm generates a re-encryption key for the data user in the sharing path Pa i and distributes the re-encryption key to the cloud server.
Figure FDA0004089531020000039
Figure FDA00040895310200000310
The algorithm is that the data owner U i selects a random number
Figure FDA00040895310200000311
Calculate a re-encryption key for each data user in Pa i
Figure FDA00040895310200000312
 其中:
Figure FDA00040895310200000313
in:
Figure FDA00040895310200000313
Figure FDA00040895310200000314
然后,将
Figure FDA00040895310200000315
和Pai上传到云服务器上;Pai为数据拥有者根据数据使用者信誉值生成的一条有序分享路径,由数据使用者的公钥组成;
Figure FDA00040895310200000316
为数据拥有者想要分享的数据及其关键字的密文;ski为第i个数据拥有者的私钥;pkj为数据使用者的公钥;Ui为数据拥有者的一个身份标识;
Figure FDA00040895310200000317
Figure FDA00040895310200000318
分别为生成
Figure FDA00040895310200000319
产生的中间值;
Figure FDA00040895310200000314
Then,
Figure FDA00040895310200000315
and Pa i are uploaded to the cloud server; Pa i is an ordered sharing path generated by the data owner based on the reputation value of the data user, consisting of the public key of the data user;
Figure FDA00040895310200000316
is the ciphertext of the data and its keywords that the data owner wants to share; sk i is the private key of the i-th data owner; pk j is the public key of the data user; U i is an identity identifier of the data owner;
Figure FDA00040895310200000317
Figure FDA00040895310200000318
Generate
Figure FDA00040895310200000319
The resulting intermediate value; (七)重加密密文生成(VII) Re-encrypted ciphertext generation 收到重加密密钥、分享路径Pai和分享数据的密文后,云服务器执行
Figure FDA00040895310200000320
算法,为分享路径Pai中的每个数据使用者生成对应的重加密密文;所述
Figure FDA00040895310200000321
算法由云服务器执行,首先检查是否满足
Figure FDA00040895310200000322
如果不满足,则输出⊥;然后通过执行
Figure FDA0004089531020000041
去验证信息
Figure FDA0004089531020000042
中关于
Figure FDA0004089531020000043
的签名Si,并且检测
Figure FDA0004089531020000044
如果存在检查失败,则终止方案,否则,使用云服务器计算
Figure FDA0004089531020000045
Figure FDA0004089531020000046
After receiving the re-encryption key, sharing path Pa i and the ciphertext of the shared data, the cloud server executes
Figure FDA00040895310200000320
The algorithm generates a corresponding re-encrypted ciphertext for each data user in the sharing path Pa i ;
Figure FDA00040895310200000321
The algorithm is executed by the cloud server, first checking whether
Figure FDA00040895310200000322
If it is not satisfied, then output ⊥; then execute
Figure FDA0004089531020000041
To verify information
Figure FDA0004089531020000042
About
Figure FDA0004089531020000043
The signature S i of
Figure FDA0004089531020000044
If there is a check failure, the solution is terminated, otherwise, the cloud server is used to calculate
Figure FDA0004089531020000045
Figure FDA0004089531020000046
 最后,输出
Figure FDA0004089531020000047
Finally, the output
Figure FDA0004089531020000047
 其中,
Figure FDA0004089531020000048
为pki的一个组成部分;
Figure FDA0004089531020000049
为Pai中第j个数据使用者的公钥;
Figure FDA00040895310200000410
为Pai中第j+1个数据使用者的公钥;
Figure FDA00040895310200000411
为云服务器为Pai中第j个数据使用者产生的重加密密文;in,
Figure FDA0004089531020000048
is a component of pk i ;
Figure FDA0004089531020000049
is the public key of the jth data user in Pa i ;
Figure FDA00040895310200000410
is the public key of the j+1th data user in Pa i ;
Figure FDA00040895310200000411
is the re-encrypted ciphertext generated by the cloud server for the jth data user in Pa i ;
Figure FDA00040895310200000412
为Pai中第j+1个数据使用者产生的重加密密;⊥为协议终止符号;
Figure FDA00040895310200000412
is the re-encrypted key generated by the j+1th data user in Pa i ; ⊥ is the protocol termination symbol; (八)数据解密(VIII) Data Decryption 收到重加密密文后,数据使用者使用自己的私钥执行
Figure FDA00040895310200000413
算法解密重加密密文,获得数据拥有者的分享信息,如果数据使用者不能完成解密,云服务器将为下一个数据使用者生成重加密密文,并由下一个数据使用者解密,依次类推,直到分享路径Pai中有数据使用者完成解密为止,所述
Figure FDA00040895310200000414
算法的执行如下述步骤:8-1:
Figure FDA00040895310200000415
After receiving the re-encrypted ciphertext, the data user uses his own private key to execute
Figure FDA00040895310200000413
The algorithm decrypts the re-encrypted ciphertext and obtains the shared information of the data owner. If the data user cannot complete the decryption, the cloud server will generate a re-encrypted ciphertext for the next data user, and the next data user will decrypt it, and so on, until a data user in the sharing path Pa i completes the decryption.
Figure FDA00040895310200000414
The algorithm is executed as follows: 8-1:
Figure FDA00040895310200000415
 8-2:Dj计算
Figure FDA00040895310200000416
8-2: D j calculation
Figure FDA00040895310200000416
 8-3:然后通过对
Figure FDA00040895310200000417
进行解密,获取原文的明文m和r1,如果
Figure FDA00040895310200000418
以及
Figure FDA00040895310200000419
成立,则m被接受,否则,不会被接受;8-3: Then through
Figure FDA00040895310200000417
Decrypt and obtain the original plaintext m and r 1. If
Figure FDA00040895310200000418
as well as
Figure FDA00040895310200000419
If it holds, then m is accepted, otherwise, it will not be accepted; 8-4:在解密成功后,数据使用者Dj中会获得数据拥有者的分享信息,如果数据使用者不愿意解密,云服务器将为下一个数据使用者生成重加密密文,由下一个用户解密,依次类推,直到分享路径Pai中有数据使用者愿意解密为止;8-4: After the decryption is successful, the data user Dj will obtain the sharing information of the data owner. If the data user is unwilling to decrypt, the cloud server will generate a re-encrypted ciphertext for the next data user, who will decrypt it, and so on, until there is a data user in the sharing path Pai who is willing to decrypt; 其中,
Figure FDA00040895310200000420
为Pai中第j+1个数据使用者产生的重加密密文;Dj为数据使用者的一个身份标识;skj为数据使用者的私钥;r1,r2为数据拥有者在加密阶段所选择的两个随机数;
Figure FDA00040895310200000421
为生成
Figure FDA00040895310200000422
产生的中间值。in,
Figure FDA00040895310200000420
is the re-encrypted ciphertext generated by the j+1th data user in Pa i ; D j is an identity identifier of the data user; sk j is the private key of the data user; r 1 , r 2 are two random numbers selected by the data owner during the encryption phase;
Figure FDA00040895310200000421
To generate
Figure FDA00040895310200000422
The resulting intermediate value. 2.根据权利要求1所述的基于车辆社交网络的轻量级数据分享方法,其特征是在于数据拥有者采用混合加密模式加密要分享的数据,其分享数据的密文包括相关关键字的密文,数据拥有者加密分享数据的关键字,并为该关键字密文生成相应的陷门,同时,数据使用者加密兴趣数据的关键字,并为该兴趣关键字密文生成相应的陷门,云服务器判断两关键字是否相等,并且不会泄露关键字的隐私,数据拥有者采取基于公钥的相等性测试,实现车辆社交网络中的数据匹配。2. According to claim 1, the lightweight data sharing method based on vehicle social network is characterized in that the data owner adopts a hybrid encryption mode to encrypt the data to be shared, and the ciphertext of the shared data includes the ciphertext of relevant keywords. The data owner encrypts the keywords of the shared data and generates a corresponding trapdoor for the keyword ciphertext. At the same time, the data user encrypts the keywords of the interest data and generates a corresponding trapdoor for the interest keyword ciphertext. The cloud server determines whether the two keywords are equal and will not disclose the privacy of the keywords. The data owner adopts a public key-based equality test to achieve data matching in the vehicle social network. 3.根据权利要求1所述的基于车辆社交网络的轻量级数据分享方法,其特征在于云服务器使用代理重加密技术,实现车辆社交网络中的数据分享,委托者不信任次级被委托者,采用自主路径的办法,数据拥有者根据数据使用者的信誉值生成一个有序的分享路径,然后为路径内的数据使用者生成重加密密文并发送给云服务器,云服务器收到分享路径和重加密密钥后,将密文转化为数据使用者可解密的重加密密文。3. According to claim 1, the lightweight data sharing method based on vehicle social network is characterized in that the cloud server uses proxy re-encryption technology to realize data sharing in the vehicle social network. The delegator does not trust the secondary delegate and adopts the autonomous path method. The data owner generates an ordered sharing path according to the reputation value of the data user, and then generates a re-encrypted ciphertext for the data user in the path and sends it to the cloud server. After receiving the sharing path and the re-encryption key, the cloud server converts the ciphertext into a re-encrypted ciphertext that can be decrypted by the data user.
CN202210174205.6A 2022-02-24 2022-02-24 Lightweight data sharing method based on vehicle social network Active CN115002754B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210174205.6A CN115002754B (en) 2022-02-24 2022-02-24 Lightweight data sharing method based on vehicle social network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210174205.6A CN115002754B (en) 2022-02-24 2022-02-24 Lightweight data sharing method based on vehicle social network

Publications (2)

Publication Number Publication Date
CN115002754A CN115002754A (en) 2022-09-02
CN115002754B true CN115002754B (en) 2023-03-31

Family

ID=83023451

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210174205.6A Active CN115002754B (en) 2022-02-24 2022-02-24 Lightweight data sharing method based on vehicle social network

Country Status (1)

Country Link
CN (1) CN115002754B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117640082B (en) * 2023-12-06 2024-10-22 西华大学 Batch ciphertext equivalent test method and device

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103957109B (en) * 2014-05-22 2017-07-11 武汉大学 A kind of cloud data-privacy protects safe re-encryption method
CN108599937B (en) * 2018-04-20 2020-10-09 西安电子科技大学 Multi-keyword searchable public key encryption method
CN110855671B (en) * 2019-11-15 2022-02-08 三星电子(中国)研发中心 Trusted computing method and system
CN113194078B (en) * 2021-04-22 2023-04-07 西安电子科技大学 Sequencing multi-keyword search encryption method with privacy protection supported by cloud
CN113407966B (en) * 2021-06-25 2024-09-24 南京师范大学 Searchable public key encryption method and system with key updating and ciphertext sharing functions

Also Published As

Publication number Publication date
CN115002754A (en) 2022-09-02

Similar Documents

Publication Publication Date Title
CN110536259B (en) A lightweight privacy-preserving data multi-level aggregation method based on fog computing
CN112019591B (en) A blockchain-based cloud data sharing method
Zhang et al. Data security and privacy-preserving in edge computing paradigm: Survey and open issues
CN108881314B (en) Privacy protection method and system based on CP-ABE ciphertext under fog computing environment
Wang et al. A ciphertext-policy attribute-based encryption scheme supporting keyword search function
Deng et al. Ciphertext-policy attribute-based signcryption with verifiable outsourced designcryption for sharing personal health records
Shao et al. Fine-grained data sharing in cloud computing for mobile devices
CN114036539B (en) Secure and auditable IoT data sharing system and method based on blockchain
CN111447192B (en) A Lightweight Attribute-Based Signcryption Method for Cloud-Assisted IoT
CN112989375B (en) A Hierarchical Optimization Encryption Lossless Privacy Protection Method
CN106487506B (en) Multi-mechanism KP-ABE method supporting pre-encryption and outsourcing decryption
CN110022309B (en) Safe and efficient data sharing method in mobile cloud computing system
CN106230590A (en) Ciphertext strategy attribute-based encryption method for multiple authorization mechanisms
Li et al. ABKS-SKGA: Attribute-based keyword search secure against keyword guessing attack
Zhang et al. Efficient and privacy-aware attribute-based data sharing in mobile cloud computing
CN110933033A (en) Cross-domain access control method for multiple IoT domains in smart city environment
Wang et al. Attribute-based equality test over encrypted data without random oracles
Wang et al. Fully accountable data sharing for pay-as-you-go cloud scenes
Zhang et al. Cerberus: Privacy-preserving computation in edge computing
Zhang et al. Efficient fine-grained data sharing based on proxy re-encryption in iiot
CN111343273B (en) Attribute-based strategy hiding outsourcing signcryption method in Internet of vehicles environment
Debnath et al. Study and scope of signcryption for cloud data access control
CN115002754B (en) Lightweight data sharing method based on vehicle social network
CN106301776B (en) A multi-authority center outsourcing attribute base encryption method and system for keyword search
CN110933052A (en) A time domain-based encryption and its policy update method in edge environment

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant