CN115021993A - Verifiable public key searchable encryption system and method - Google Patents

Verifiable public key searchable encryption system and method Download PDF

Info

Publication number
CN115021993A
CN115021993A CN202210587635.0A CN202210587635A CN115021993A CN 115021993 A CN115021993 A CN 115021993A CN 202210587635 A CN202210587635 A CN 202210587635A CN 115021993 A CN115021993 A CN 115021993A
Authority
CN
China
Prior art keywords
searchable
public key
key
sender
cloud server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210587635.0A
Other languages
Chinese (zh)
Other versions
CN115021993B (en
Inventor
戚丽君
庄金成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong University
Original Assignee
Shandong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong University filed Critical Shandong University
Priority to CN202210587635.0A priority Critical patent/CN115021993B/en
Publication of CN115021993A publication Critical patent/CN115021993A/en
Application granted granted Critical
Publication of CN115021993B publication Critical patent/CN115021993B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD

Abstract

The disclosure provides a verifiable public key searchable encryption system and a method, which belong to the technical field of searchable encryption, wherein the scheme comprises a key generation center, a sender, a receiver and a cloud server; wherein: the key generation center is used for initializing the operation environment and generating a main public key and a main private key based on a built-in initialization algorithm; the sender and the receiver obtain respective public keys and corresponding private keys thereof through the key generation center; the sender generates a searchable cipher text for the keywords attached to each encrypted file according to the public key and the private key of the sender and the public key of the receiver, and uploads the generated searchable cipher text and the encrypted file corresponding to the searchable cipher text to the cloud server; the receiving party generates a retrieval trapdoor based on a preset search keyword and submits the retrieval trapdoor to the cloud server; and the cloud server retrieves all searchable ciphertexts based on the retrieval trapdoor and sends the encrypted file corresponding to the matched searchable ciphertexts to the receiving party.

Description

Verifiable public key searchable encryption system and method
Technical Field
The disclosure belongs to the technical field of searchable encryption, and particularly relates to a system and a method for verifiable public key searchable encryption.
Background
The statements in this section merely provide background information related to the present disclosure and may not necessarily constitute prior art.
In the big data era, cloud storage and computing provide great convenience and management efficiency. With the rapid development of networks, the data volume is also increasing dramatically. To ensure the privacy and security of the stored data, users typically encrypt and store it in the cloud. However, in such an environment, the user will encounter a problem of being unable to search for keywords in the massive data, which limits flexibility of file sharing in the cloud environment to some extent. Public Key Encryption with Keyword Search (PEKS) can effectively support users to retrieve encrypted data in the cloud. The goal of PEKS is to retrieve the target encrypted file by searching for a particular keyword. It enables any sender to send encrypted files to the server, including searchable ciphertext associated with the keyword. The recipient may retrieve an encrypted file containing a particular key.
However, PEKS does not provide trapdoor privacy, i.e., trapdoors are prone to reveal keyword information. More specifically, the ciphertext of any selected key may be freely generated using the public key of the recipient. Thus, when a trapdoor is obtained, it can be checked by a test algorithm whether the trapdoor is associated with a key. To prevent such information leakage, Huang and Li propose Public Key Authenticated Encryption (PAEKS) using Keyword Search, in which Encryption requires a Key of a sender, so that an attacker cannot freely generate a ciphertext of an arbitrarily selected Keyword.
With some pioneering work by researchers, many PAEKS protocols have been introduced to enhance the safety of PAEKS protocols. Some of them further consider the forthcoming quantum attack. In various PAEKS schemes Qin et al first think that in the actual scenario, each encrypted file is associated with multiple searchable ciphertexts. In this case, PAEKS needs to ensure that no adversary knows whether two searchable ciphertext tuples exist that are associated with the same key, respectively. Therefore, they introduced an enhanced security concept called Multi-Ciphertext indifference (MCI) to simulate such a scenario. Further, Pan and Li follow this concept, introducing a concept called Multi-Trapdoor Privacy (MTP) to ensure that no adversary knows whether two Trapdoor tuples each have a Trapdoor associated with the same key. However, the inventors have found that the Pan and Li scheme not only fails to satisfy MCI, but also has drawbacks in terms of safety certification of MTP. Furthermore, to resist quantum attacks, Behnia et al propose PEKS schemes based on NTRU and LWE, respectively. Zhang et al proposed a PAEKS scheme based on LWE to achieve higher security. Unfortunately, these solutions have some drawbacks in terms of privacy protection for keyword searches.
Disclosure of Invention
In order to solve the above problems, the present disclosure provides a verifiable public key searchable encryption system and method, and the scheme provides a search function for protecting privacy, meets the indistinguishability of multiple secrets and the privacy of multiple trapdoors, and can effectively resist keyword guessing attacks.
According to a first aspect of the embodiments of the present disclosure, there is provided a verifiable public key searchable encryption system, including a key generation center, a sender, a receiver, and a cloud server; wherein: the key generation center is used for initializing the operation environment and generating a main public key and a main private key based on a built-in initialization algorithm;
the sender and the receiver obtain respective public keys and corresponding private keys thereof through the key generation center; the public key and the private key are generated based on a key derivation algorithm built in the key generation center and the master public key and the master private key;
the sender generates a searchable cipher text for the keywords attached to each encrypted file according to the public key and the private key of the sender and the public key of the receiver, and uploads the generated searchable cipher text and the encrypted file corresponding to the searchable cipher text to the cloud server;
the receiving party generates a retrieval trapdoor based on a preset search keyword and submits the retrieval trapdoor to the cloud server;
and the cloud server retrieves all searchable ciphertexts based on the retrieval trapdoor and sends the encrypted file corresponding to the matched searchable ciphertexts to the receiving party.
Furthermore, the sender generates a searchable cipher text for the keywords attached to each encrypted file according to the public key and the private key of the sender and the public key of the receiver, and the sender performs identity verification on the keywords when encrypting the keywords by introducing the private key of the sender into the generation of the searchable cipher text.
Further, the searchable ciphertext is generated by specifically adopting the following steps:
calculating the hash value of the keyword attached to each encrypted file;
calculating intermediate parameters of the searchable ciphertext according to the hash value of the corresponding keyword;
running a SamplePre (sk, pk, h, zeta, sigma, alpha, u) algorithm according to the public key of the receiver, wherein pk and sk are respectively the public key and the private key of the sender, and h belongs to R q And
Figure BDA0003666480380000033
calculating verification parameters for given parameters, wherein zeta, sigma and alpha are Gaussian parameters;
and uniformly and randomly selecting a polynomial, and calculating a direct parameter for generating the searchable cipher text by combining the intermediate parameter and the verification parameter of the searchable cipher text to generate the searchable cipher text.
Further, the receiver generates a retrieval trapdoor based on a preset search keyword and submits the retrieval trapdoor to the cloud server, specifically:
calculating a hash value of a preset searched keyword;
calculating an intermediate parameter of the retrieval trapdoor according to the hash value of the corresponding keyword;
generating a polynomial based on the intermediate parameters of the retrieval trapdoor and the primary image sampling algorithm, wherein the polynomial is used for generating the retrieval trapdoor; and the product of the transposition of the intermediate parameter of the retrieval trapdoor and the polynomial is equal to the randomly selected polynomial in the process of generating the searchable ciphertext.
Further, the cloud server retrieves all searchable ciphertexts based on the retrieval trapdoor, specifically:
calculating a judgment parameter according to the retrieval trapdoor and the searchable ciphertext;
if the judgment parameter meets the preset condition, y is equal to 1, otherwise, y is equal to 0;
calculating h ═ h (y),
Figure BDA0003666480380000032
if it is not
Figure BDA0003666480380000031
c is equal to 0, the retrieval trapdoor and the searchable ciphertext are matched with each other, otherwise, the retrieval trapdoor and the searchable ciphertext are not matched.
Further, the method generates a master public key and a master private key based on a built-in initialization algorithm, where the initialization algorithm specifically includes: and running a TrapGen function generating polynomial and a trap door related to the polynomial, and calculating to obtain a main public key and a main private key based on the polynomial and the trap door.
Further, the key derivation algorithm adopts a Derive (mpk, msk, ID) algorithm, where mpk is a master public key, msk is a master private key, and ID is an ID of a sender or a receiver.
According to a second aspect of the embodiments of the present disclosure, there is provided a verifiable public key searchable encryption method based on the above-mentioned one verifiable public key searchable encryption system, the method including:
initializing a key generation center operating environment, and generating a main public key and a main private key based on a built-in initialization algorithm;
generating respective public keys of the sender and the receiver and corresponding private keys thereof through the key generation center; the sender generates a searchable cipher text for the keywords attached to each encrypted file based on the public key and the private key of the sender and the public key of the receiver, and uploads the generated searchable cipher text and the encrypted file corresponding to the searchable cipher text to the cloud server; the receiving party generates a retrieval trapdoor based on a preset search keyword and sends the retrieval trapdoor to the cloud server;
and the cloud server retrieves all searchable ciphertexts based on the retrieval trapdoor and sends the encrypted file corresponding to the matched searchable ciphertexts to the receiving party.
According to a third aspect of the embodiments of the present invention, there is provided an electronic device, including a memory, a processor, and a computer program stored in the memory for execution, the processor executing the computer program to perform the following steps:
initializing a key generation center operating environment, and generating a main public key and a main private key based on a built-in initialization algorithm;
generating respective public keys of the sender and the receiver and corresponding private keys thereof through the key generation center; the sender generates a searchable cipher text for the keywords attached to each encrypted file based on the public key and the private key of the sender and the public key of the receiver, and uploads the generated searchable cipher text and the encrypted file corresponding to the searchable cipher text to the cloud server; the receiving party generates a retrieval trapdoor based on a preset search keyword and sends the retrieval trapdoor to the cloud server;
and the cloud server retrieves all searchable ciphertexts based on the retrieval trapdoor and sends the encrypted file corresponding to the matched searchable ciphertexts to the receiving party.
According to a fourth aspect of embodiments of the present invention, there is provided a non-transitory computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of:
initializing a key generation center operating environment, and generating a main public key and a main private key based on a built-in initialization algorithm;
generating respective public keys of the sender and the receiver and corresponding private keys thereof through the key generation center; the sender generates a searchable cipher text for the keywords attached to each encrypted file based on the public key and the private key of the sender and the public key of the receiver, and uploads the generated searchable cipher text and the encrypted file corresponding to the searchable cipher text to the cloud server; the receiving party generates a retrieval trapdoor based on a preset search keyword and sends the retrieval trapdoor to the cloud server;
and the cloud server retrieves all searchable ciphertexts based on the retrieval trapdoor and sends the encrypted file corresponding to the matched searchable ciphertexts to the receiving party.
Compared with the prior art, the beneficial effect of this disclosure is:
(1) the scheme provides a search function for protecting privacy, meets the indistinguishable multi-ciphertext and multi-trapdoor privacy, and can effectively resist keyword guessing attack.
(2) According to the scheme, the private key of the sender is used as the input of the generation process of the searchable cipher text, so that the sender can carry out identity verification on the keyword when encrypting the keyword, and the server cannot launch keyword guessing attack on the cipher text shared by the sender and the receiver again, because the server cannot represent the sender to calculate the authenticated cipher text, namely, an internal attacker cannot launch the keyword guessing attack again.
(3) The scheme takes the ID of the sender and the ID of the receiver as the corresponding public key, thereby effectively simplifying the complexity of public key management and improving the processing efficiency.
Advantages of additional aspects of the disclosure will be set forth in part in the description which follows, and in part will be obvious from the description, or may be learned by practice of the disclosure.
Drawings
The accompanying drawings, which are included to provide a further understanding of the disclosure, illustrate embodiments of the disclosure and together with the description serve to explain the disclosure and are not to limit the disclosure.
Fig. 1 is a schematic diagram of an operation process of a verifiable public key searchable encryption system according to an embodiment of the present disclosure.
Detailed Description
The present disclosure is further described with reference to the following drawings and examples.
It should be noted that the following detailed description is exemplary and is intended to provide further explanation of the disclosure. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this disclosure belongs.
It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments according to the present disclosure. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, and it should be understood that when the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof, unless the context clearly indicates otherwise.
The embodiments and features of the embodiments in the present disclosure may be combined with each other without conflict.
The first embodiment is as follows:
it is an object of the present embodiment to provide a verifiable public key searchable encryption system.
As shown in fig. 1, a verifiable public key searchable encryption system includes a key generation center, a sender, a receiver, and a cloud server; wherein: the key generation center is used for initializing the operation environment and generating a main public key and a main private key based on a built-in initialization algorithm;
the sender and the receiver obtain respective public keys and corresponding private keys thereof through the key generation center; the public key and the private key are generated based on a key derivation algorithm built in the key generation center and the master public key and the master private key;
the sender generates a searchable cipher text for the keywords attached to each encrypted file according to the public key and the private key of the sender and the public key of the receiver, and uploads the generated searchable cipher text and the encrypted file corresponding to the searchable cipher text to the cloud server;
the receiving party generates a retrieval trapdoor based on a preset search keyword and submits the retrieval trapdoor to the cloud server;
and the cloud server retrieves all searchable ciphertexts based on the retrieval trapdoor and sends the encrypted file corresponding to the matched searchable ciphertexts to the receiving party.
Furthermore, the sender generates a searchable cipher text for the keywords attached to each encrypted file according to the public key and the private key of the sender and the public key of the receiver, and the sender performs identity verification on the keywords when encrypting the keywords by introducing the private key of the sender into the generation of the searchable cipher text.
Further, the searchable ciphertext is generated by specifically adopting the following steps:
calculating the hash value of the keyword attached to each encrypted file;
calculating intermediate parameters of the searchable ciphertext according to the hash value of the corresponding keyword;
running a SamplePre (sk, pk, h, zeta, sigma, alpha, u) algorithm according to the public key of the receiver, wherein pk and sk are respectively the public key and the private key of the sender, and h belongs to R q And
Figure BDA0003666480380000071
calculating verification parameters for given parameters, wherein zeta, sigma and alpha are Gaussian parameters;
and uniformly and randomly selecting a polynomial, and calculating a direct parameter for generating the searchable cipher text by combining the intermediate parameter and the verification parameter of the searchable cipher text to generate the searchable cipher text.
Further, the receiver generates a retrieval trapdoor based on a preset search keyword and submits the retrieval trapdoor to the cloud server, specifically:
calculating a hash value of a preset searched keyword;
calculating an intermediate parameter of the retrieval trapdoor according to the hash value of the corresponding keyword;
generating a polynomial based on the intermediate parameters of the retrieval trapdoor and the primary image sampling algorithm, wherein the polynomial is used for generating the retrieval trapdoor; and the product of the transposition of the intermediate parameter of the retrieval trapdoor and the polynomial is equal to the randomly selected polynomial in the process of generating the searchable ciphertext.
Further, the cloud server retrieves all searchable ciphertexts based on the retrieval trapdoor, specifically:
calculating a judgment parameter according to the retrieval trapdoor and the searchable ciphertext;
if the judgment parameter meets the preset condition, y is 1, otherwise y is 0;
calculating h ═ h (y),
Figure BDA0003666480380000072
if it is used
Figure BDA0003666480380000081
If c is equal, the retrieval trapdoor and the searchable ciphertext are matched, otherwise, the retrieval trapdoor and the searchable ciphertext are not matched.
Further, the method generates a master public key and a master private key based on a built-in initialization algorithm, where the initialization algorithm specifically includes: and running a TrapGen function generating polynomial and a trap door related to the polynomial, and calculating to obtain a main public key and a main private key based on the polynomial and the trap door.
Further, the key derivation algorithm adopts a Derive (mpk, msk, ID) algorithm, where mpk is a master public key, msk is a master private key, and ID is an ID of a sender or a receiver.
Specifically, for the convenience of understanding, the scheme of the present embodiment is described in detail below with reference to the accompanying drawings:
in order to solve the problems in the prior art, this embodiment provides a verifiable public key searchable encryption system, where the system includes a key generation center, a sender, a receiver, and a cloud server, and specifically executes the following processes:
(1) the key generation center initializes the operation environment, and the used main public key and the corresponding main private key are generated by an initialization algorithm in the operation process;
wherein the initialization algorithm is Setup (1) λ ) An algorithm, where λ is a security bit, and the initialization algorithm specifically is:
the key generation center runs TrapSen (q, sigma, h is 0) algorithm according to a safety parameter lambda preset by a system, wherein q is the modulus of a ring, sigma is a Gaussian parameter, and h belongs to R q And
Figure BDA0003666480380000082
is a given parameter. If a' is not given at the input, it indicates that the algorithm is at
Figure BDA0003666480380000083
Wherein a' is selected uniformly. Generating a polynomial
Figure BDA0003666480380000084
And trapdoors associated therewith
Figure BDA0003666480380000085
Thereby calculating a master public key mpk and a master private key msk.
Wherein, the superscripts m and k are known setting parameters. The method specifically comprises the following substeps:
uniformly and randomly selecting polynomial u ← R q
Running TrapGen (q, sigma, h ═ 0) algorithm, where q is the modulus of the ring, sigma is the Gaussian parameter, h ∈ R q And
Figure BDA0003666480380000086
is a given parameter. If a' is not given at the input, it indicates that the algorithm is at
Figure BDA0003666480380000087
Wherein a' is uniformly selected. The algorithm generates a polynomial
Figure BDA0003666480380000088
And trapdoors associated therewith
Figure BDA0003666480380000089
Satisfy a ═ a' T ,-a′ T T) T
And generating a master public key mpk ═ a and a master private key msk ═ T according to the result of the steps.
(2) The sender and the receiver respectively send the identity id to a secret key generation center to obtain respective public keys and corresponding private keys. This step takes the user's identity as their public key, which simplifies the complexity of public key management. The public key and the corresponding private key used in the operation process are generated by a key generation center operating a key derivation algorithm;
the key derivation algorithm is a Derive (mpk, msk, id) algorithm, where id is an identity of a sender (or a receiver), and the key derivation algorithm specifically includes:
the key generation center calculates the hash value of the identity according to the received identity id; and calculating the intermediate parameter h according to the hash value of the corresponding identity. The key generation center runs a DelTrap (mpk, msk, h, s) algorithm, wherein mpk and msk are a main public key and a main private key of KGC respectively,
Figure BDA0003666480380000091
given the parameters. From which the public and private keys of the user are calculated. The method specifically comprises the following substeps:
for identity id, calculate h id H (id), wherein the function
Figure BDA0003666480380000092
Is a Full-Rank differential coding (FRD) function which can convert the Full-Rank differential coding (FRD) function into a Full-Rank differential coding (FRD) function
Figure BDA0003666480380000093
The element in (1) is mapped to R q The reversible element of (1);
calculating a i =(a,h idg ) T =(a′ T ,-a′ T T,h idg ) T Wherein, in the process,
Figure BDA0003666480380000094
running DelTrap (mpk, msk, h, s) algorithm, outputting T, wherein mpk and msk are the main public key and the main private key of KGC respectively,
Figure BDA0003666480380000095
given the parameters. Wherein the Deltrap algorithm comes from the paper Micciancio, D., Peikert, C.: trapdoors for latices: simpler, light, master, small in: advances in cryptography-EUROCRYPT 2012.pp.700-718 (2012).
Generating a publication according to the result of the above stepsKey pk ═ a i : and the private key sk ═ T.
(3) And the sender generates a searchable cipher text for the keywords attached to each encrypted file according to the private key of the public key and the public key of the receiver, and uploads the generated searchable cipher text and the cipher text file to the cloud server together. This step requires the sender to authenticate the key as it is encrypted. To accomplish this, the present technique takes the sender's private key as part of the input. Therefore, the server cannot again launch a key guessing attack on the ciphertext shared by the sender and receiver, because it cannot compute an authenticated ciphertext on behalf of the sender. I.e., the insider cannot move critical test guessing attacks any more.
The process that the sender generates the searchable ciphertexts for the keywords attached to each encrypted file according to the secret key is as follows:
calculating the hash value of the keyword attached to each encrypted file;
calculating intermediate parameters of the searchable ciphertexts according to the hash values of the corresponding keywords;
running a primitive sampling SamplePre (sk, pk, h, zeta, sigma, alpha, u) algorithm according to the public key of a receiver, wherein pk and sk are respectively the public key and the private key of a sender, and h belongs to R q And
Figure BDA0003666480380000107
is a given parameter, ζ, σ, α are gaussian parameters. Thereby calculating the verification parameter. Wherein the SamplePre algorithm comes from the papers michianciio, d., Peikert, c. (2012). Simpler, righter, Faster, smaller. in: EUROCRYPT 2012. characteristics Notes in Computer Science, vol 7237. Springer; paper Genise, n., michciancio, d.: fast Gaussian sampling for trailer drilling with arbitrary module in: eurocypt 2018 shows a loop variant of the algorithm, which is used in this embodiment.
Uniformly and randomly selecting a polynomial, and calculating a direct parameter for generating the searchable cipher text by combining the intermediate parameter and the verification parameter of the searchable cipher text to generate the searchable cipher text;
and the sender generates a searchable ciphertext s for the keywords attached to each encrypted file and uploads the generated searchable ciphertext and the ciphertext file to the cloud server together. The method specifically comprises the following substeps:
for the keyword w, calculate h w H (w), wherein the function
Figure BDA0003666480380000101
Is a full rank differential coding function which can be applied to
Figure BDA0003666480380000102
The element in (1) is mapped to R q The reversible element of (1);
calculating a w =a T +(0,h w g T ) T =(a T ,h w g T +h id g T ) T Where a is the public key of the recipient,
Figure BDA0003666480380000103
uniformly and randomly selecting polynomial s ← U (R) q ),
Figure BDA0003666480380000104
Figure BDA0003666480380000105
e′←D R,τ ,c 1 ∈R 2 Wherein
Figure BDA0003666480380000106
Represents R m-k (R k R) a Gaussian distribution with variance τ (γ, τ);
computing
Figure BDA0003666480380000111
And
Figure BDA0003666480380000112
wherein
Figure BDA0003666480380000113
Represents a floor function for q/2;
computing
Figure BDA0003666480380000114
And
Figure BDA0003666480380000115
wherein a is s Is the public key of the sender;
operation of
Figure BDA0003666480380000116
Algorithm, where T s Is the public key of the sender, a s′ As described above, id s For the identity of the sender, h ∈ R q Is a given parameter, ζ, σ, α are gaussian parameters. Thereby calculating the verification parameter c 1 : satisfy the following requirements
Figure BDA0003666480380000117
Generating searchable cipher text s ═ b, c according to the result of the above steps 2 ,c 1 )。
(4) And the receiving party generates a retrieval trapdoor based on the preset searched keywords and submits the retrieval trapdoor to the cloud server.
The process of generating the retrieval trapdoor comprises the following steps:
calculating a hash value of a preset searched keyword;
calculating an intermediate parameter of the retrieval trapdoor according to the hash value of the corresponding keyword;
generating a polynomial based on the intermediate parameters of the retrieval trapdoor and the primary image sampling algorithm, wherein the polynomial is used for generating the retrieval trapdoor; and the product of the transposition of the intermediate parameter of the retrieval trapdoor and the polynomial is equal to the randomly selected polynomial in the process of generating the searchable ciphertext.
Specifically, the receiving party inputs a keyword w desired to be searched, and generates a retrieval trapdoor t w ∈R m And submitted to the cloud server. The method specifically comprises the following substeps:
to key pointWord w, calculate h w H (w), where function H is an FRD function as described above;
calculating a w =a T +(0,h w g T ) T =(a T ,h w g T +h id g T ) T
Running the pre-image sample SamplePre (T, a) w ,h w ζ, σ, α, u) algorithm to generate a polynomial x ∈ R m To satisfy
Figure BDA0003666480380000118
Wherein T, a w ,h w U is as described above, ζ, σ, α are given gaussian parameters;
generating a retrieval trapdoor t according to the result of the steps w X. The superscripts T are all transposed.
(5) And the cloud server retrieves all searchable ciphertexts according to the retrieval trapdoor, returns all matched ciphertext files of the searchable ciphertexts and sends the ciphertext files to the receiving party.
The process of the cloud server retrieving all searchable ciphertexts according to the retrieval trapdoor is as follows:
according to the search trapdoor t w And searchable ciphertext s ═ b, c 2 ,c 1 ) Calculating the judgment parameter y ═ c 2 -b T t w
Wherein, b, c 2 ,c 1 Direct parameters for searchable ciphertexts, c 1 ←{0,1};
If the judgment parameter y is closer to
Figure BDA0003666480380000121
But not 0, then y is 1, otherwise y is 0; wherein
Figure BDA0003666480380000122
Represents a floor function for q/2; q is the modulus of the integer ring, a known parameter;
calculating h ═ h (y),
Figure BDA0003666480380000123
if it is not
Figure BDA0003666480380000124
c is equal to 0, the retrieval trapdoor and the searchable ciphertext are matched with each other, otherwise, the retrieval trapdoor and the searchable ciphertext are not matched.
And according to the result of the process, the cloud server returns all the ciphertext files meeting the trapdoor retrieval condition.
The scheme is based on the Ring-ISIS/LWE difficulty assumption of the lattice cipher, which provides long-term security and is currently considered to be resistant to attack by quantum computers, done under a standard model. The invention provides a search function for protecting privacy, and meets the requirements of indistinguishability of multiple ciphertext and privacy of multiple trapdoors. The security of the key ciphertext is based on the difficulty of the Ring-LWE problem and the security of the key trapdoor is based on the difficulty of the Ring-ISIS problem. The present invention provides a privacy-preserving search function that is resistant to keyword guessing attacks, as compared to Behnia et al and Zhang et al PEKS schemes.
Example two:
it is an object of the present embodiment to provide a verifiable public key searchable encryption method.
A verifiable public key searchable encryption method based on one of the verifiable public key searchable encryption systems described above, the method comprising:
initializing a key generation center operating environment, and generating a main public key and a main private key based on a built-in initialization algorithm;
generating respective public keys of the sender and the receiver and corresponding private keys thereof through the key generation center; the sender generates a searchable cipher text for the keywords attached to each encrypted file based on the public key and the private key of the sender and the public key of the receiver, and uploads the generated searchable cipher text and the encrypted file corresponding to the searchable cipher text to the cloud server; the receiving party generates a retrieval trapdoor based on a preset search keyword and sends the retrieval trapdoor to the cloud server;
and the cloud server retrieves all searchable ciphertexts based on the retrieval trapdoor and sends the encrypted file corresponding to the matched searchable ciphertexts to the receiving party.
Further, the system of the present embodiment corresponds to the method of the first embodiment, and the technical details thereof have been described in detail in the first embodiment, so that the details are not repeated herein.
Example three:
the embodiment aims at providing an electronic device.
An electronic device comprising a memory, a processor and a computer program stored to run on the memory, the processor when executing the program performing the steps of:
initializing a key generation center operating environment, and generating a main public key and a main private key based on a built-in initialization algorithm;
generating respective public keys of the sender and the receiver and corresponding private keys thereof through the key generation center; the sender generates a searchable cipher text for the keywords attached to each encrypted file based on the public key and the private key of the sender and the public key of the receiver, and uploads the generated searchable cipher text and the encrypted file corresponding to the searchable cipher text to the cloud server; the receiving party generates a retrieval trapdoor based on a preset search keyword and sends the retrieval trapdoor to the cloud server;
and the cloud server retrieves all searchable ciphertexts based on the retrieval trapdoor and sends the encrypted file corresponding to the matched searchable ciphertexts to the receiving party.
Example four:
it is an object of the present embodiments to provide a non-transitory computer-readable storage medium.
A non-transitory computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of:
initializing a key generation center operating environment, and generating a main public key and a main private key based on a built-in initialization algorithm;
generating respective public keys of the sender and the receiver and corresponding private keys thereof through the key generation center; the sender generates a searchable cipher text for the keywords attached to each encrypted file based on the public key and the private key of the sender and the public key of the receiver, and uploads the generated searchable cipher text and the encrypted file corresponding to the searchable cipher text to the cloud server; the receiving party generates a retrieval trapdoor based on a preset search keyword and sends the retrieval trapdoor to the cloud server;
and the cloud server retrieves all searchable ciphertexts based on the retrieval trapdoor and sends the encrypted file corresponding to the matched searchable ciphertexts to the receiving party.
Those of ordinary skill in the art will appreciate that the various illustrative elements, i.e., algorithm steps, described in connection with the embodiments disclosed herein may be implemented as electronic hardware or combinations of computer software and electronic hardware. Whether such functionality is implemented as hardware or software depends upon the particular application and design constraints imposed on the implementation. Skilled artisans may implement the described functionality in varying ways for each particular application, but such implementation decisions should not be interpreted as causing a departure from the scope of the present disclosure.
The verifiable public key searchable encryption system and method provided by the embodiment can be realized, and have wide application prospects.
The above description is only a preferred embodiment of the present disclosure and is not intended to limit the present disclosure, and various modifications and changes may be made to the present disclosure by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present disclosure should be included in the protection scope of the present disclosure.

Claims (10)

1. A verifiable public key searchable encryption system is characterized by comprising a key generation center, a sender, a receiver and a cloud server; wherein: the key generation center is used for initializing the operation environment and generating a main public key and a main private key based on a built-in initialization algorithm;
the sender and the receiver obtain respective public keys and corresponding private keys thereof through the key generation center; the public key and the private key are generated based on a key derivation algorithm built in the key generation center and the master public key and the master private key;
the sender generates a searchable cipher text for the keywords attached to each encrypted file according to the public key and the private key of the sender and the public key of the receiver, and uploads the generated searchable cipher text and the encrypted file corresponding to the searchable cipher text to the cloud server;
the receiving party generates a retrieval trapdoor based on a preset search keyword and submits the retrieval trapdoor to the cloud server;
and the cloud server retrieves all searchable ciphertexts based on the retrieval trapdoor and sends the encrypted file corresponding to the matched searchable ciphertexts to the receiving party.
2. The verifiable public key searchable encryption system according to claim 1, wherein the sender generates searchable ciphertexts for keywords attached to each encrypted file according to the public key and the private key of the sender and the public key of the receiver, and by introducing the private key of the sender into the generation of the searchable ciphertexts, the sender performs identity verification on the keywords when encrypting the keywords.
3. The verifiable public key searchable encryption system according to claim 1, wherein said searchable ciphertext is generated using the steps of:
calculating the hash value of the keyword attached to each encrypted file;
calculating intermediate parameters of the searchable ciphertext according to the hash value of the corresponding keyword;
running a SamplePre (sk, pk, h, zeta, sigma, alpha, u) algorithm according to the public key of the receiver, wherein pk and sk are respectively the public key and the private key of the sender, and h belongs to R q And
Figure FDA0003666480370000021
calculating verification parameters for given parameters, wherein zeta, sigma and alpha are Gaussian parameters;
and uniformly and randomly selecting a polynomial, and combining the intermediate parameters and the verification parameters of the searchable ciphertext to calculate direct parameters for generating the searchable ciphertext and generate the searchable ciphertext.
4. The verifiable public key searchable encryption system according to claim 1, wherein the recipient generates a search trapdoor based on a preset search keyword and submits the search trapdoor to the cloud server, specifically:
calculating a hash value of a preset searched keyword;
calculating an intermediate parameter of the retrieval trapdoor according to the hash value of the corresponding keyword;
generating a polynomial based on the intermediate parameters of the retrieval trapdoor and the primary image sampling algorithm, wherein the polynomial is used for generating the retrieval trapdoor; and the product of the transposition of the intermediate parameter of the retrieval trapdoor and the polynomial is equal to the randomly selected polynomial in the process of generating the searchable ciphertext.
5. The verifiable public key searchable encryption system according to claim 1, wherein said cloud server retrieves all searchable ciphertexts based on a retrieval trapdoor, specifically:
calculating a judgment parameter according to the retrieval trapdoor and the searchable ciphertext;
if the judgment parameter meets the preset condition, y is 1, otherwise y is 0;
calculating h ═ h (y),
Figure FDA0003666480370000022
if it is not
Figure FDA0003666480370000023
The retrieval trapdoor and the searchable ciphertext are mutually matched, otherwise, the retrieval trapdoor and the searchable ciphertext are not matched.
6. The verifiable public key searchable encryption system as claimed in claim 1, wherein said generating a master public key and a master private key is based on a built-in initialization algorithm, wherein said initialization algorithm is specifically: and operating a TrapGen function generator polynomial and a trapdoor associated with the polynomial, and calculating to obtain a main public key and a main private key based on the polynomial and the trapdoor.
7. A verifiable public key searchable encryption system as in claim 1, wherein said key derivation algorithm employs a Derive (mpk, msk, ID) algorithm, where mpk is a master public key, msk is a master private key, and ID is the identity ID of the sender or receiver.
8. A verifiable public key searchable encryption method based on a verifiable public key searchable encryption system according to any of claims 1-7, said method comprising:
initializing a key generation center operating environment, and generating a main public key and a main private key based on a built-in initialization algorithm;
generating respective public keys of the sender and the receiver and corresponding private keys thereof through the key generation center; the sender generates searchable ciphertexts for the keywords attached to each encrypted file based on the public key and the private key of the sender and the public key of the receiver, and uploads the generated searchable ciphertexts and the encrypted files corresponding to the searchable ciphertexts to the cloud server; the receiving party generates a retrieval trapdoor based on a preset search keyword and sends the retrieval trapdoor to the cloud server;
and the cloud server retrieves all searchable ciphertexts based on the retrieval trapdoor and sends the encrypted file corresponding to the matched searchable ciphertexts to the receiving party.
9. An electronic device comprising a memory, a processor, and a computer program stored for execution on the memory, wherein the processor executes the program to perform the steps of:
initializing a key generation center operating environment, and generating a main public key and a main private key based on a built-in initialization algorithm;
generating respective public keys of the sender and the receiver and corresponding private keys thereof through the key generation center; the sender generates a searchable cipher text for the keywords attached to each encrypted file based on the public key and the private key of the sender and the public key of the receiver, and uploads the generated searchable cipher text and the encrypted file corresponding to the searchable cipher text to the cloud server; the receiving party generates a retrieval trapdoor based on a preset search keyword and sends the retrieval trapdoor to the cloud server;
and the cloud server retrieves all searchable ciphertexts based on the retrieval trapdoor and sends the encrypted file corresponding to the matched searchable ciphertexts to the receiving party.
10. A non-transitory computer readable storage medium having a computer program stored thereon, the program when executed by a processor performing the steps of:
initializing a key generation center operating environment, and generating a main public key and a main private key based on a built-in initialization algorithm;
generating respective public keys of the sender and the receiver and corresponding private keys thereof through the key generation center; the sender generates a searchable cipher text for the keywords attached to each encrypted file based on the public key and the private key of the sender and the public key of the receiver, and uploads the generated searchable cipher text and the encrypted file corresponding to the searchable cipher text to the cloud server; the receiving party generates a retrieval trapdoor based on a preset search keyword and sends the retrieval trapdoor to the cloud server;
and the cloud server retrieves all searchable ciphertexts based on the retrieval trapdoor and sends the encrypted file corresponding to the matched searchable ciphertexts to the receiving party.
CN202210587635.0A 2022-05-27 2022-05-27 Verifiable public key searchable encryption system and method Active CN115021993B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210587635.0A CN115021993B (en) 2022-05-27 2022-05-27 Verifiable public key searchable encryption system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210587635.0A CN115021993B (en) 2022-05-27 2022-05-27 Verifiable public key searchable encryption system and method

Publications (2)

Publication Number Publication Date
CN115021993A true CN115021993A (en) 2022-09-06
CN115021993B CN115021993B (en) 2023-02-28

Family

ID=83070278

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210587635.0A Active CN115021993B (en) 2022-05-27 2022-05-27 Verifiable public key searchable encryption system and method

Country Status (1)

Country Link
CN (1) CN115021993B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116599771A (en) * 2023-07-14 2023-08-15 浙江云针信息科技有限公司 Data hierarchical protection transmission method and device, storage medium and terminal

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105553660A (en) * 2016-01-25 2016-05-04 华中科技大学 Dynamic searchable public key encryption method
CN106803784A (en) * 2017-03-30 2017-06-06 福州大学 The multi-user based on lattice is fuzzy in secure multimedia cloud storage can search for encryption method
CN109086615A (en) * 2018-08-03 2018-12-25 上海海事大学 A kind of support multiple key search public key encryption method of anti-keyword guessing attack
US20190207763A1 (en) * 2017-12-29 2019-07-04 Huazhong University Of Science And Technology Method of searchable public-key encryption and system and server using the same
CN112861153A (en) * 2021-02-10 2021-05-28 华中科技大学 Keyword searchable delay encryption method and system
CN113626484A (en) * 2021-07-03 2021-11-09 西安电子科技大学 Searchable encryption method and system capable of flexibly replacing ciphertext and computer equipment
CN113794561A (en) * 2021-09-14 2021-12-14 山东大学 Public key searchable encryption method and system
CN114244498A (en) * 2021-12-06 2022-03-25 国网河南省电力公司电力科学研究院 Dynamic searchable public key encryption method with forward security

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105553660A (en) * 2016-01-25 2016-05-04 华中科技大学 Dynamic searchable public key encryption method
CN106803784A (en) * 2017-03-30 2017-06-06 福州大学 The multi-user based on lattice is fuzzy in secure multimedia cloud storage can search for encryption method
US20190207763A1 (en) * 2017-12-29 2019-07-04 Huazhong University Of Science And Technology Method of searchable public-key encryption and system and server using the same
CN109086615A (en) * 2018-08-03 2018-12-25 上海海事大学 A kind of support multiple key search public key encryption method of anti-keyword guessing attack
CN112861153A (en) * 2021-02-10 2021-05-28 华中科技大学 Keyword searchable delay encryption method and system
CN113626484A (en) * 2021-07-03 2021-11-09 西安电子科技大学 Searchable encryption method and system capable of flexibly replacing ciphertext and computer equipment
CN113794561A (en) * 2021-09-14 2021-12-14 山东大学 Public key searchable encryption method and system
CN114244498A (en) * 2021-12-06 2022-03-25 国网河南省电力公司电力科学研究院 Dynamic searchable public key encryption method with forward security

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
曹素珍 等: "基于身份的具有否认认证的关键字可搜索加密方案", 《电子与信息学报》 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116599771A (en) * 2023-07-14 2023-08-15 浙江云针信息科技有限公司 Data hierarchical protection transmission method and device, storage medium and terminal
CN116599771B (en) * 2023-07-14 2023-09-22 浙江云针信息科技有限公司 Data hierarchical protection transmission method and device, storage medium and terminal

Also Published As

Publication number Publication date
CN115021993B (en) 2023-02-28

Similar Documents

Publication Publication Date Title
CN110224986B (en) Efficient searchable access control method based on hidden policy CP-ABE
Yang et al. Lightweight and privacy-preserving delegatable proofs of storage with data dynamics in cloud storage
Wang et al. Attribute-based data sharing scheme revisited in cloud computing
Li et al. Outsourced privacy-preserving classification service over encrypted data
CN108599937B (en) Multi-keyword searchable public key encryption method
US10129029B2 (en) Proofs of plaintext knowledge and group signatures incorporating same
CN106789044B (en) Searchable encryption method for cipher text data public key stored in cloud on grid under standard model
CN116957790A (en) Method and system for realizing universal certification of exchange on blockchain
Sun et al. Secure searchable public key encryption against insider keyword guessing attacks from indistinguishability obfuscation
Hamlin et al. Multi-key searchable encryption, revisited
Cheon et al. Ghostshell: Secure biometric authentication using integrity-based homomorphic evaluations
Zhang et al. DOPIV: Post-quantum secure identity-based data outsourcing with public integrity verification in cloud storage
Xu et al. Multi-writer searchable encryption: An LWE-based realization and implementation
CN110866135B (en) Response length hiding-based k-NN image retrieval method and system
CN111902809B (en) Ciphertext searching method, device, equipment and storage medium based on CP-ABE under fog calculation
Li et al. Enabling efficient and secure data sharing in cloud computing
CN111431705B (en) Reverse password firewall method suitable for searchable encryption
Liu et al. Efficient and strongly unforgeable identity‐based signature scheme from lattices in the standard model
CN112332979B (en) Ciphertext search method, system and equipment in cloud computing environment
CN112861153A (en) Keyword searchable delay encryption method and system
Qin et al. Simultaneous authentication and secrecy in identity-based data upload to cloud
Cheng et al. Public key authenticated encryption with keyword search from LWE
CN114422273B (en) Sensitive decision data safety sharing method in intelligent construction engineering information system
Lyu et al. Tightly SIM-SO-CCA secure public key encryption from standard assumptions
CN115021993B (en) Verifiable public key searchable encryption system and method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant