CN115002754B - Lightweight data sharing method based on vehicle social network - Google Patents
Lightweight data sharing method based on vehicle social network Download PDFInfo
- Publication number
- CN115002754B CN115002754B CN202210174205.6A CN202210174205A CN115002754B CN 115002754 B CN115002754 B CN 115002754B CN 202210174205 A CN202210174205 A CN 202210174205A CN 115002754 B CN115002754 B CN 115002754B
- Authority
- CN
- China
- Prior art keywords
- data
- user
- ciphertext
- algorithm
- owner
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 230000006870 function Effects 0.000 claims description 11
- 238000012360 testing method Methods 0.000 claims description 10
- 238000005516 engineering process Methods 0.000 claims description 2
- 238000012795 verification Methods 0.000 claims 2
- 239000000470 constituent Substances 0.000 claims 1
- 229910052731 fluorine Inorganic materials 0.000 claims 1
- 125000001153 fluoro group Chemical group F* 0.000 claims 1
- 238000013507 mapping Methods 0.000 description 4
- 238000013475 authorization Methods 0.000 description 3
- 238000006243 chemical reaction Methods 0.000 description 3
- 238000010276 construction Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 125000004122 cyclic group Chemical group 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012946 outsourcing Methods 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000009466 transformation Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/03—Protecting confidentiality, e.g. by encryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/041—Key generation or derivation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0431—Key distribution or pre-distribution; Key agreement
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
- H04W12/043—Key management, e.g. using generic bootstrapping architecture [GBA] using a trusted network node as an anchor
- H04W12/0433—Key management protocols
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/30—Services specially adapted for particular environments, situations or purposes
- H04W4/40—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P]
- H04W4/44—Services specially adapted for particular environments, situations or purposes for vehicles, e.g. vehicle-to-pedestrians [V2P] for communication between vehicles and infrastructures, e.g. vehicle-to-cloud [V2C] or vehicle-to-home [V2H]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a lightweight data sharing method based on a vehicle social network, which is characterized by comprising the following steps: the method comprises the steps of system initialization, key generation, data encryption, user trapdoor generation, data matching, re-encryption key generation, re-encryption ciphertext generation, user decryption and the like, wherein if a user does not want to decrypt, the cloud server generates a re-encryption ciphertext for the next data user, and the next user decrypts the re-encryption ciphertext. And so on until the sharing path has the data users willing to decrypt. Compared with the prior art, the method has the advantages that the calculation efficiency is realized in data matching and data sharing, particularly the calculation cost of a user side is low, the privacy of search keywords of a data owner and the privacy of shared data are protected, multiple data owners and multiple data users are supported, and the method is particularly suitable for a vehicle social network.
Description
Technical Field
The invention relates to the technical field of data encryption, in particular to a lightweight data sharing method based on a vehicle social network.
Background
Vehicle Social Networks (VSNs), including social networks and vehicular networks (VANETS), provide data sharing between vehicles and vehicle or roadside units (RSUs) to reduce traffic congestion, travel time, and even provide comprehensive social services. With the development of Wireless Sensor Networks (WSNs) and cloud computing, more and more vsn data can be conveniently collected from heterogeneous mobile devices, such as on-board units (OBUs), passengers, and drivers. These data from heterogeneous sources (e.g., smart mobile data owners, RSUs) are aggregated and sent into a trusted vehicle cloud for remote storage and access. However, the outsourced data typically contains some sensitive information (e.g., the user's identity, traffic information, and vehicle information). Therefore, data privacy is critical in the VSN.
To protect data privacy, the data owner needs to encrypt the data using their public key before outsourcing. However, public key encryption techniques complicate data utilization of the vsn, especially data sharing and data retrieval. As a promising primitive, proxy re-encryption (PRE) allows a trusted vehicle cloud (i.e., a trusted agent) to convert ciphertext encrypted in the public of the data owner into ciphertext that the data user can decrypt without learning the plaintext. However, before the VSN scenario shares data, the data owner may not know who will be interested in her/his data. Therefore, the data owner needs an efficient mechanism to solve the data retrieval problem in the PRE. Due to the requirements of users on data acquisition and accuracy of mass data, efficient retrieval becomes a key problem of the VSN. Under the condition that the cloud cannot obtain corresponding ciphertext plaintext, public key encryption is carried out through keyword search (PEKS), and ciphertext retrieval on the cloud server can be achieved through trapdoor information generated by a user. Nevertheless, the cloud server in the PEKS can only search for ciphertext encrypted using the same public key. PKES is not suitable for VSN scenarios. In order to realize ciphertext matching of multiple users, yang ET al propose PKE-ET construction, and a cloud server can test whether ciphertexts encrypted by the same and different public keys come from the same plaintext under the condition of not learning plaintext information.
In summary, the matching of data in the prior art basically adopts a time-consuming bilinear pairing operation to match data, which undoubtedly reduces the computational efficiency of the system and is not suitable for the vehicle social network.
Disclosure of Invention
The invention aims to design a lightweight data sharing method based on a vehicle social network aiming at the defects of the prior art, which adopts a data sharing method with ciphertext search, fuses PRE in PKE-ET construction, matches a plurality of proper data users for a data owner by using PKE-ET, shares encrypted data to corresponding users according to the sequence of priority, realizes the search and sharing of the data while ensuring the confidentiality of the data, effectively solves the problem of limited computing capability of mobile equipment in the vehicle social network, not only ensures the data privacy, interest privacy and inquiry privacy of the data owner, but also resists unauthorized access of a semi-credible cloud server to the data.
The purpose of the invention is realized as follows: a lightweight data sharing method based on a vehicle social network is characterized in that the method uses PKE-ET to match some proper data users for data owners, and then encrypted data are shared to corresponding users according to the priority sequence, and the method specifically comprises the following steps:
system initialization
The Trusted Authority (TA) selects a set of parameters at will under the bilinear library, and in two multiplication loop groups G 1 And G t Then randomly selecting a generator, then selecting system security parameters, generating a strong non-forgeable signature algorithm, defining 8 hash functions, and executing Setup (1) λ ) The → par algorithm generates the public parameter pp for the system.
(II) Key Generation
Trusted Authority (TA) executes KeyGen (pp, i/j) → (pk) i ,sk i )/(pk j ,sk j ) The algorithm selects a random number and generates a pair of public/private keys for the users (data owner and data consumer).
(III) data encryption
The data owner encrypts the shared data and the keywords to generate a data ciphertext, the data user encrypts the keywords of the interest data to generate the interest ciphertext, and the data ciphertext comprises: sharing data and data ciphertext of the keyword.
(IV) trapdoor generation
The users (data owners and data users) use their private keys andthe cipher text generated by the algorithm is used as input and executedAnd (4) generating a trapdoor of the keyword by the algorithm, and uploading the trapdoor and the ciphertext to the cloud server.
(V) data matching
When a cloud server discovers a message/interest pair, execution The algorithm checks whether the cipher texts of the keywords uploaded by the data owner and the data user are matched or not, and the public key and the reputation value sigma of the successfully matched data user i And returning to the data owner.
(VI) multiple encryption Key Generation
Data owner based on user reputation value sigma i Establishing a data sharing pathAnd then executes>Algorithm for data sharing path Pa i The user in (1) generates a re-encryption key and distributes the re-encryption key to the cloud server.
(VII) multiple encryption ciphertext Generation
Receive proxy re-encryption key, share path Pa i And after sharing the ciphertext of the data, the cloud server executesAlgorithm, as data sharing pathPa i Sequentially generates re-encrypted ciphertexts.
(eight) user decryption
User execution with own private keyAnd after the algorithm decrypts the re-encrypted ciphertext to obtain the data shared by the data owner, the data owner with high credit degree can have decryption priority, and if the data owner with high credit cannot complete decryption, the cloud server automatically entrusts the decryption priority to the next data user with higher credit.
The algorithm used in the present invention is illustrated as follows:
the Setup (1) λ ) The → par algorithm is executed by a Trusted Authority (TA) and generates the system public parameter pp on the security parameter λ.
The KeyGen (pp, i/j) → (pk) i ,sk i )/(pk j ,sk j ) Algorithm generation of public key pk i And the private key sk i KeyGen is executed by a Trusted Authority (TA) and enters the system public parameters pp and the identity information of the data owner's user (i denotes the data owner's identity and j denotes the data user's identity), the public/private key pair (pk) of the data owner i 、sk i ) Or public/private key pair (pk) of data consumer j ,sk j ) As an output.
The above-mentionedThe algorithm is implemented by the subscribers (data owner and data consumer) and generates a ciphertext which belongs to the data owner>Inputting system public parameter pp, public key pk of data owner i Key word ω k i And a message m. Similarly, the ciphertext of the data user is ^ H>Where j represents the identity of the data user.
The above-mentionedThe algorithm is used to generate a trapdoor @foruser i>As output, the public parameter par, the private key sk of the data owner i And ciphertext->As an input. Similarly, the trapdoor of the data user is
The above-mentionedThe algorithm is executed in the cloud server, and the output value is 0 or 1. The input of the algorithm is a public parameter par, a ciphertext->And a corresponding trapdoor->And interest ciphertext>And a corresponding trapdoor>Wherein it is present>Is the ciphertext of the data user>Is a trapdoor created by the data consumer.
The above-mentionedThe algorithm outputs one re-encryption key, And sends them in a secure manner to the corresponding cloud server. RKGen is performed by user i, the input comprising an autonomous path Pa i Private key sk of data owner i And the common parameter pp of the system.
The above-mentionedFor the re-encryption algorithm, renec is executed by the cloud server and outputs re-encrypted ciphertext +>Common parameter pp and appointed sharing path Pa of system i Re-encryption key from data user j to j +1 @>And ciphertext->As an input, is selected>And adding the secret ciphertext for the data owner i to the data user j.
The above-mentionedFor the decryption algorithm, dec is executed by user j, inputting the system common parameter par, ciphertext ≥>And private key sk of user j j Then outputs a message m orThe error message symbol ≠ T. After decryption is successful, data consumer D j The shared information of the data owner is obtained. If the user does not want to decrypt, the cloud server generates a re-encrypted ciphertext for the next data user, and the re-encrypted ciphertext is decrypted by the next user. And so on until the sharing path Pa i Until the user with the data wishes to decrypt the data.
Compared with the prior art, the method has the advantages of ensuring the confidentiality of data, realizing data search and sharing, effectively solving the problem of limited computing capacity of mobile equipment in the vehicle social network, ensuring the data privacy, interest privacy and inquiry privacy of a data owner, resisting unauthorized access of a semi-trusted cloud server to the data, realizing ciphertext matching between the data owner and the user by using an equality test based on public key encryption, sharing the encrypted data of the user by using multi-hop proxy re-encryption, being particularly suitable for the vehicle social network environment, realizing fine-grained access control and data privacy protection, along with simplicity, convenience, practicability, rapidness, high computing efficiency and small storage space.
Drawings
FIG. 1 is a system diagram of the present invention;
FIG. 2 is a flow chart of the present invention.
Detailed Description
1. The mathematical theory applied by the invention explains that:
1. bilinear mapping
Let G be a multiplication cyclic group of order prime p, mapping e G- → G T Is a linear mapping if the mapping satisfies the following three conditions:
1) Bilinear, with v ∈ G, a, b ∈ Z for all u, v ∈ G, a, b ∈ Z p E (u ^ a, v ^ b) = e (u, v) ab ;
2) Non-degradability, the presence of e (g, g) ≠ 1, else e (g, g) ab ≡1;
3) Computability, there is one valid algorithm to compute e (u, v) for all u, v.
In the invention, the bilinear pair e is G multiplied by G- → G T Is a linear satisfying bilinear negationMapping of degeneracy and computability to map operations of two elements on a multiplication cycle group of order prime numbers to a multiplication cycle group G T One element of (1).
2. Shamir secret sharing
The basic idea of the Shamir key sharing algorithm based on the Lagrange difference and the vector method is that a distributor divides private information into n encrypted information segments through an encryption polynomial, wherein a ciphertext can be reproduced only by a certain amount of encrypted information, and any part of ciphertext cannot be acquired by any small amount of encrypted information, and the method comprises the following specific steps:
2-1: setup (λ) outputs a large random prime number q as the common parameter pp when the security parameter λ is input.
2-2: generation (pp, s) when entering the common parameter pp and a secret value s ∈ Z q Then, the following operations are performed:
2-1-1: selecting a random polynomial f (x) with the order of (t-1), f (x) = a 0 +a 1 x+…+a k-1 x t-1 (modq) where secret information s = a 0 =f(0),a 0 ,a 1 ,…,a k-1 ∈Z q 。
2-1-2: all shared data are calculated: s i =f(x i )modq,in which x i ∈Z q ,i=1,2,…,n。
2-1-3: finally, the algorithm outputs a list of n points, { (x) 1 ,y 1 ),(x 2 ,y 2 ),…,(x n ,y n ) Each s i Are assigned to the corresponding information sharers.
2-2:When the common parameter pp and any t points are input, the algorithm can reconstruct f (x) and output the ciphertext->Wherein->I in is the Lagrangian interpolation coefficient, and->
3. Proxy re-encryption (PRE)
In the PRE, the user can authorize the semi-trusted server, and then convert the ciphertext encrypted under the user public key into a ciphertext that can be decrypted by a certain user. It is to be noted that the cloud server cannot learn the plaintext and the private key in the conversion process, and the specific algorithm is as follows:
a one-way multi-hop proxy re-encryption scheme in a conventional PKI environment comprises the following algorithms:
1) The key generation algorithm KeyGen (par) → (pk; sk): the input system discloses parameter par, and the algorithm outputs (pk, sk) as a public and private key pair of a user.
2) Encryption algorithm Enc (par, M, pk) → C (0) : inputting system public parameter par, plaintext M in message space, public key pk of a certain user, and outputting ciphertext C encrypted by public key pk (0) Where 0 indicates that the ciphertext C has not been re-encrypted, C (0) Also known as the original ciphertext.
3) Transformation key generation algorithm RekeyGen (par, sk) i ,pk j )→rk i→j Inputting the system public parameter par, the private key sk of the authorized user i Public key pk of authorized user j The algorithm outputs a conversion key rk i→j For one-way re-encryption from an authorized user to an authorized user.
4) Re-encryption algorithm ReEnc (par, rk) i→j ,C i(n) )→C j(n+1) : inputting system public parameter par, user pk i To the user pk j Is given by the conversion key rk i→j And user pk i Ciphertext C of i(n) Where n represents ciphertext C i(n) The number of times it is re-encrypted. The algorithm outputs the user pk j Ciphertext C of j(n+1) The ciphertext C j(n+1) Has been re-encrypted n +1 times, or ≠ represents ciphertext C i(n) Is illegal.
5) Decryption algorithm Dec 2 (par,sk j ,C j(n+1) ) → M: inputting the system public parameter par, the user private key sk j And user pk j Ciphertext C of j(n+1) . The algorithm outputs a corresponding plaintext M, or T represents a ciphertext C j(n+1) Is illegal.
4. Ciphertext equivalence test of public key encryption (PKE-ET)
The cipher text equivalence test based on public key encryption is an encryption technology which can directly judge whether two cipher texts contain the same message or not under the condition of no decryption. In PKE-ET, the public key pk is given separately 1 And pk 2 Two ciphertexts c generated below 1 And c 2 If and only if c 1 And c 2 When the same message is encrypted, the function Test (c, td, c ', td') returns 1, which includes the following steps:
4-1: setup (λ) → pp: and initializing an algorithm, inputting a safety parameter lambda, and outputting a system parameter pp.
4-2: keyGen (pp) → (pk, sk): a key generation algorithm, inputs the system parameters pp, and outputs the public key and the private key (pk, sk).
4-3: enc (m, pk) → c: and the encryption algorithm inputs the plaintext m to be encrypted and the public key pk and outputs the ciphertext c.
4-4: dec (c, sk) → m: and a decryption algorithm, namely inputting the ciphertext C to be decrypted to belong to the C and the private key sk and outputting a ciphertext m.
4-5: aut (sk) → td: and (4) an authorization generation algorithm, inputting a private key sk and the like, and outputting an authorization trapdoor td.
4-6:Test(c 1 ,td 1 ,c 2 ,td 2 ) → 0,1 ciphertext equivalence test algorithm, input two sets of ciphertext and corresponding authorization (c) 1 ,td 1 ) And (c) 2 ,td 2 ) And outputting a matching result: if c is 1 And c 2 If the corresponding plaintexts are the same, outputting 1; otherwise 0 is output.
2. Implementation of the invention
Referring to fig. 1, the present invention uses two access control structures, one is an equality test for data matching of the vehicle social network, which can be decrypted only by data users with the same key as the data owner; the other is proxy re-encryption (PRE) which is used for defining data sharing and hiding the information of the data owner. The concept of the self-organizing path is introduced, so that a trustee (data user) is assigned by the trustee (data owner), the privacy of the data owner is ensured, and the collusion between the data user and the cloud server is prevented; in addition, the trapdoor can not reveal information of a user, privacy of keywords of a data owner and the data user is guaranteed, and meanwhile, the mixed encryption method is used for improving efficiency.
To achieve the technical means, technical features, and objectives and effects of the present invention, the present invention will be further described with reference to the following embodiments.
Example 1
Referring to fig. 2, the lightweight data sharing of the vehicle social network specifically includes the following steps:
system initialization
TA selects a safety parameter lambda as the input and the output of the system common parameter pp, and the specific operation is as follows:
1-1:Setup(1 λ ) Ta two groups G with the same prime number q are selected → par 1 And G t In which P is 1 Is taken from G 1 ,P 2 Is taken from G t . Suppose 1 λ Is a system security parameter, sig = (G, S, V) is a one-time signature algorithm with strong non-forgeability, L s = L sig (1 λ ) Is the length of the authentication key. Secondly, TA defines some hash functions H 0 :H 1 :G 1 →(0,1) 3λ , H 2 :G 1 ×G t ×(0,1) 3λ →(0,1) 4λ ,H 3 :(0,1) λ →Z q ,H 4 :(0,1) λ →Z q ,H 5 :(0,1) λ →Z q , H 6 :(0,1) λ →Z q ,H 7 :(0,1) λ →Z q ,H 8 :(0,1) 3λ →Z q . Finally these system public parameters are pp = (G) 1 ,G t ,P 1 ,P 2 ,q,H 1 ,H 2 ,H 3 ,H 4 ,H 5 ,H 6 ,H 7 ,H 8 ,H 0 ) To indicate.
(II) Key Generation
The TA generates a pair of public and private keys for each user in the system using the following method:
KeyGen(pp)→(pk i ,sk i ) The algorithm takes the public parameter pp as input and then randomly selects the private key sk i =a i ∈ Z q And calculates the public keyWherein->
(III) data encryption
The data owner and the data user respectively adopt the following steps to encrypt the data and the keywords and upload the ciphertext to the cloud server.
Let m be an element (0,1) λ Representing data owner U i Share data plaintext, ω k i ∈(0,1) λ A key representing m. Then, four random numbers (r) are selected 1 ,r 2 ,x i-1 ,x i-2 )∈Z q And generates a ciphertextThe algorithm process is as follows:
Step3: given 3 points p 1 =(H 3 (ωk i ),H 4 (ωk i )),p 2 =(H 5 (ωk i ),H 6 (ωk i )),p 3 =(H 7 (ωk i ),ID RSU ) Construct an interpolation polynomial f (x) of degree 2 i-1 =f(x i-1 ),y i-2 = f(x i-2 ) And generate the followingCiphertext intermediate value of representation:
Step 6: finally, the ciphertextAndis uploaded to a cloud server, c j (m * ) Data user D j Generated by an encryption algorithm.
(IV) trapdoor generation
The data owner and the data user respectively generate a trap door through a trap door algorithm.
The data owner->Generates a trapdoor> And uploaded to the cloud server. Likewise, the data user has for each encrypted data &>Generates a trap door->And uploaded to the cloud server.
(V) data matching
After receiving a matching request of a data owner and a data user, the cloud server runs a test algorithmTo match the appropriate data consumer for the data owner, the algorithm performs the following steps:
5-1: by performingAuthentication information->In relation to>Signature S of i . Then, check->If the check fails, the scheme is terminated, otherwise step 2 below continues.
Thereafter, point (x) is used i-1 ,y i-1 ), (x i-2 ,y i-2 ),(x j-1 ,y j-1 ) Reconstructing the function f (x) using the points (x) j-1 ,y j-1 ),(x j-2 ,y j-2 ),(x i-1 ,y i-1 ) The function f' (x) is reconstructed. If f (0) = f' (0), 1 is output; otherwise, 0 is output.
5-3: finally, the cloud server uses the public key pk of the data user j With a reputation value r υ j And sending to the data owner.
(VI) Generation of Re-encryption keys
Suppose a data owner U i Can successfully match to l data users within a period of time, then U i An ordered share path is generated based on the reputation value of each data consumerWherein: pa is i Is a length l, in accordance with D j A public key sequence sorted by reputation value of, and (i) 1 ,…,i l ) E (1, …, j). Then, U i Use the following approach for the shared path Pa i Each data consumer in (a) generates a re-encryption key. The specific steps of the RKGen algorithm are as follows:
(VII) ciphertext re-encryption
Receiving these re-encryption keysThen, the cloud server executes a re-encryption algorithm to encrypt the ciphertext c of the data owner i (m) convert to ciphertext that is re-encrypted->And the corresponding data user can decrypt, and the algorithm is as follows:
7-1:the algorithm first checks whether it is satisfiedIf not, outputting ^ T. And then by executing>De-authentication letterInformation processing deviceIn relation to>Signature S of i And detects->If there is a check failure, the scheme is terminated, otherwise, cloud server computing is used Finally, the output->
(eight) data decryption
Receiving the re-encrypted ciphertext from the cloud serverRear, pa i Data user D in j The re-encrypted ciphertext may be decrypted by executing the Dec algorithm>The algorithm is as follows:
8-3: then pass through the pairDecrypting to obtain the plain texts m and r of the original text 1 If +> And->If so, m is accepted, otherwise, it is not accepted.
8-4: after decryption succeeds, data consumer D j The shared information of the data owner is obtained. If the user does not want to decrypt, the cloud server generates a re-encrypted ciphertext for the next data user, and the re-encrypted ciphertext is decrypted by the next user. And so on until the sharing path Pa i Until the data user wishes to decrypt the data.
The foregoing shows and describes the general principles and features of the present invention, together with the advantages thereof, as will be apparent to those skilled in the art. The present invention may be modified in various forms and details without departing from the spirit and scope of the present invention as defined by the appended claims. The embodiments should be considered in descriptive sense only and not for purposes of limitation. Therefore, the detailed description of the present invention does not limit the scope of the present invention, which should be defined by the appended claims, and all the distinguishing features within the scope of the present invention should be construed as being included in the present invention.
Claims (3)
1. A lightweight data sharing method based on a vehicle social network is characterized by comprising the following steps:
system initialization
The trusted authority TA selects a set of parameters at will under the bilinear library, and in two multiplication loop groups G 1 And G t Then randomly selecting a generator, then selecting system security parameters, generating a strong non-forgeable signature algorithm, defining 8 hash functions, and executing Setup (1) λ ) The → par algorithm generates the public parameter pp for the system, the Setup (1) λ ) The execution of the → par algorithm is as follows:
1-1:Setup(1 λ ) Ta selects two q-groups G with the same prime number 1 And G t In which P is 1 Is taken from G 1 ,P 2 Is taken from G t Assume 1 λ Is a system security parameter, sig = (G, S, V) is a one-time signature algorithm with strong non-forgeability, L s =L sig (1 λ ) Is the length of the authentication key; secondly, TA defines some hash functionsH 1 :G 1 →(0,1) 3λ ,H 2 :G 1 ×G t ×(0,1) 3λ →(0,1) 4λ ,H 3 :(0,1) λ →Z q ,H 4 :(0,1) λ →Z q ,H 5 :(0,1) λ →Z q ,H 6 :(0,1) λ →Z q ,H 7 :(0,1) λ →Z q ,H 8 :(0,1) 3λ →Z q Finally, these system public parameters are pp = (G) 1 ,G t ,P 1 ,P 2 ,q,H 1 ,H 2 ,H 3 ,H 4 ,H 5 ,H 6 ,H 7 ,H 8 ,H 0 ) To represent;
wherein TA is a trusted authority; q is the structures G1 and G t The prime number of the group; g 1 And Gt are multiplication cycle groups respectively; p 1 、P 2 Are each G 1 、G t A random element in the group; pp is the public parameter of the system; g is a function in a strong non-forgeable one-time signature algorithm; s is a signature algorithm in a strong non-forgeable one-time signature algorithm; v is a verification algorithm in the strong non-forgeable one-time signature algorithm;
(II) Key Generation
Trusted authority executes KeyGen (pp, i/j) → (pk) i ,sk i )/(pk j ,sk j ) Algorithm selection randomA machine number for generating a pair of public and private keys for data owner and data user, the KeyGen (pp) → (pk) i ,sk i ) The algorithm takes the public parameter pp as input and then randomly selects the private key sk i =a i ∈Z q And calculates the public keyWherein->
Wherein i/j is the number of the data owner/the number of the data user; (sk) j ,pk j ) Public key and private key of j-th data user; (sk) i ,pk i ) The public key and the private key of the ith data owner;is a component of the ith data owner public key;
(III) data encryption
The data user encrypts the shared data and the keywords to generate a data ciphertext, the data user encrypts the keywords of the interest data to generate the interest ciphertext, and the data ciphertext comprises: sharing data and a data ciphertext of the keyword;
(IV) trapdoor generation
Data owners and data consumers use their own private keys andcipher text generated by algorithm as input, executing->The trap door of the key word is generated by the algorithm and then uploaded to the cloud server together with the ciphertext, and the & ltSUB & gt/SUB & lt/SUB & gt>The algorithm is that the data owner->Generates a trapdoor>And uploaded to the cloud server, and likewise, the data user for each encrypted data ≥ s>Generates a trapdoor>Uploading the data to a cloud server;
wherein (sk) i ,pk i ) The public key and the private key of the ith data owner; m is a data plaintext which the data owner wants to share; omega k i A keyword plaintext of data which a data owner i wants to share;is m and ω k i The ciphertext of the data and the keyword thereof that the data owner wants to share;The data users want to share and the ciphertext of the keywords of the data users;For data owner in ciphertext->A lower generated trapdoor;In the ciphertext for the data ownerA lower generated trapdoor; a is i A private key that is the owner of the data; b j A random number is selected for a data user and is used as a private key of the data user;Is->A median value of (d);Is->A median value of (d);A random number selected for the data user during the encryption phase;
(V) data matching
When the cloud server finds a message/interest pair, execution The algorithm checks whether the cipher texts of the keywords uploaded by the data owner and the data user are matched or not, and the public key and the reputation value sigma of the successfully matched data user i Returned to the data owner, said +>The algorithm is executed as the following steps:
5-1: by performingAuthentication information &>In relation to>Signature S of i (ii) a Then, check >>If the check fails, terminating the scheme, otherwise continuing to the following step 5-2;
Thereafter, point (x) is used i-1 ,y i-1 ),(x i-2 ,y i-2 ),(x j-1 ,y j-1 ) Reconstructing the function f (x) using the points (x) j-1 ,y j-1 ),(x j-2 ,y j-2 ),(x i-1 ,y i-1 ) Reconstructing the function f '(x), if f (0) = f' (0), outputting 1; otherwise, outputting 0;
5-3: finally, the cloud server uses the public key pk of the data user j With a reputation value r υ j Sending to the data owner;
wherein, pk i A public key of a data owner i;is pk i A component of (a); m is a data plaintext which the data owner wants to share;Is m and ω k i The ciphertext of the data and the keyword that the data owner wants to share;
the data users want to share and the ciphertext of the keywords of the data users;Is->The constituent elements of (a); s ups k i 、sυk j Respectively is a random number which is used as a signature private key in a strong non-forgeable one-time signature algorithm by a data owner; s i A signature generated for the data owner; v () is a verification function in a strong non-forgeable one-time signature algorithm; x is a radical of a fluorine atom i-1 ,x i-2 ,y i-1 ,y i-2 4 random numbers selected for the data owner; x is the number of j-1 ,x j-2 ,y j-1 ,y j-2 4 random numbers selected for the data user; f (x) is a polynomial function;
(VI) Re-encryption Key Generation
Data owner based on reputation value sigma of data user i Establishing an ordered sharing path Execute>Algorithm for sharing path Pa i The data user in (1) generates a re-encryption key, and distributes the re-encryption key to the cloud server,is/are> The algorithm is a data owner U i Selecting a random number->Is Pa i Each data consumer in (a) calculates a re-encrypted key @>
then will->And Pa i Uploading to a cloud server; pa is i An ordered sharing path is generated for the data owner according to the reputation value of the data user and consists of the public key of the data user;The data owner wants to share and the ciphertext of the keyword of the data owner; sk i A private key of the ith data owner; pk j A public key for the data user; u shape i An identity of the data owner; Are respectively generating>The resulting intermediate value;
(VII) multiple encryption ciphertext Generation
Receive the re-encryption key and share the path Pa i And after sharing the ciphertext of the data, the cloud server executesAlgorithm for sharing path Pa i Each data user in (1) generates a corresponding re-encrypted ciphertext; is/are>The algorithm is executed by the cloud server, first checking if ÷ in/out is satisfied>If not, outputting T; then through executionDe-authentication information>In relation to>Signature S of i And detects->If there is a check failure, the scheme is terminated, otherwise, the cloud server is used to compute ≧ the @>
Wherein,is pk i A component of (a);Is Pa i The public key of the j-th data user;Is Pa i The public key of the j +1 th data user;For cloud server Pa i The re-encrypted ciphertext generated by the jth data user;
(VIII) data decryption
After receiving the re-encrypted ciphertext, the data user executes the re-encrypted ciphertext using the user's private keyThe algorithm decrypts the re-encrypted ciphertext to obtain the sharing information of the data owner, if the data user can not complete decryption, the cloud server generates the re-encrypted ciphertext for the next data user, the next data user decrypts the re-encrypted ciphertext, and the like until the sharing path Pa i Until the data user completes the decryption,is/are>The algorithm is executed as the following steps: 8-1:
8-3: then pass through the pairDecrypting to obtain the plain texts m and r of the original text 1 If, ifAnd->If yes, m is accepted, otherwise, m is not accepted; />
8-4: after decryption is successful, data consumer D j If the data user does not want to decrypt the shared information, the cloud server generates a re-encrypted ciphertext for the next data user, the re-encrypted ciphertext is decrypted by the next user, and the like until a sharing path Pa i Until the user with data is willing to decrypt;
2. The lightweight data sharing method based on the vehicle social network is characterized in that a data owner encrypts data to be shared in a hybrid encryption mode, ciphertext of the shared data comprises ciphertext of related keywords, the data owner encrypts the keywords of the shared data and generates corresponding trapdoors for the keyword ciphertext, meanwhile, a data user encrypts the keywords of interest data and generates corresponding trapdoors for the interest keyword ciphertext, a cloud server judges whether the two keywords are equal and does not reveal privacy of the keywords, and the data owner adopts an equality test based on a public key to realize data matching in the vehicle social network.
3. The lightweight data sharing method based on the vehicle social network is characterized in that the cloud server uses a proxy re-encryption technology to realize data sharing in the vehicle social network, an entrustor does not trust a secondary entrusted person and adopts an autonomous path method, a data owner generates an ordered sharing path according to the credit value of a data user, then a re-encrypted ciphertext is generated for the data user in the path and sent to the cloud server, and the cloud server converts the ciphertext into a re-encrypted ciphertext which can be decrypted by the data user after receiving the sharing path and the re-encrypted key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210174205.6A CN115002754B (en) | 2022-02-24 | 2022-02-24 | Lightweight data sharing method based on vehicle social network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210174205.6A CN115002754B (en) | 2022-02-24 | 2022-02-24 | Lightweight data sharing method based on vehicle social network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115002754A CN115002754A (en) | 2022-09-02 |
CN115002754B true CN115002754B (en) | 2023-03-31 |
Family
ID=83023451
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210174205.6A Active CN115002754B (en) | 2022-02-24 | 2022-02-24 | Lightweight data sharing method based on vehicle social network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115002754B (en) |
Family Cites Families (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN103957109B (en) * | 2014-05-22 | 2017-07-11 | 武汉大学 | A kind of cloud data-privacy protects safe re-encryption method |
CN108599937B (en) * | 2018-04-20 | 2020-10-09 | 西安电子科技大学 | Multi-keyword searchable public key encryption method |
CN110855671B (en) * | 2019-11-15 | 2022-02-08 | 三星电子(中国)研发中心 | Trusted computing method and system |
CN113194078B (en) * | 2021-04-22 | 2023-04-07 | 西安电子科技大学 | Sequencing multi-keyword search encryption method with privacy protection supported by cloud |
CN113407966B (en) * | 2021-06-25 | 2024-09-24 | 南京师范大学 | Searchable public key encryption method and system with key updating and ciphertext sharing functions |
-
2022
- 2022-02-24 CN CN202210174205.6A patent/CN115002754B/en active Active
Also Published As
Publication number | Publication date |
---|---|
CN115002754A (en) | 2022-09-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111191288B (en) | Block chain data access right control method based on proxy re-encryption | |
CN111586000B (en) | Full-proxy homomorphic re-encryption transmission system and operation mechanism thereof | |
CN110536259B (en) | Lightweight privacy protection data multistage aggregation method based on fog calculation | |
CN108632032B (en) | Safe multi-keyword sequencing retrieval system without key escrow | |
Zhang et al. | Data security and privacy-preserving in edge computing paradigm: Survey and open issues | |
CN112019591B (en) | Cloud data sharing method based on block chain | |
CN108881314B (en) | Privacy protection method and system based on CP-ABE ciphertext under fog computing environment | |
CN111092717B (en) | Group authentication-based safe and reliable communication method in smart home environment | |
CN110690959B (en) | Unmanned aerial vehicle safety certifiable information communication processing method based on cloud platform | |
CN110830245B (en) | Anti-quantum-computation distributed Internet of vehicles method and system based on identity secret sharing and implicit certificate | |
CN107154845B (en) | BGN type ciphertext decryption outsourcing scheme based on attributes | |
CN109831430A (en) | Safely controllable efficient data sharing method and system under a kind of cloud computing environment | |
CN112383550B (en) | Dynamic authority access control method based on privacy protection | |
CN114039790A (en) | Block chain-based fine-grained cloud storage security access control method | |
CN111342976A (en) | Verifiable ideal lattice upper threshold proxy re-encryption method and system | |
CN110022309B (en) | Safe and efficient data sharing method in mobile cloud computing system | |
CN114036539A (en) | Safety auditable Internet of things data sharing system and method based on block chain | |
CN112260829B (en) | Multi-authorization-based CP-ABE method for supporting mobile equipment under hybrid cloud | |
Zhang et al. | A decentralized strongly secure attribute-based encryption and authentication scheme for distributed Internet of Mobile Things | |
CN111786786A (en) | Agent re-encryption method and system supporting equation judgment in cloud computing environment | |
Ambrosin et al. | Odin: O bfuscation-based privacy-preserving consensus algorithm for d ecentralized i nformation fusion in smart device n etworks | |
Badr et al. | Blockchain-based ride-sharing system with accurate matching and privacy-preservation | |
CN113360944A (en) | Dynamic access control system and method for power internet of things | |
Qin et al. | Simultaneous authentication and secrecy in identity-based data upload to cloud | |
Zhang et al. | Cerberus: Privacy-preserving computation in edge computing |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |