CN115033908A - Retrieval method for fine-grained dense state data of oil and gas exploration based on cloud storage - Google Patents

Retrieval method for fine-grained dense state data of oil and gas exploration based on cloud storage Download PDF

Info

Publication number
CN115033908A
CN115033908A CN202210962115.3A CN202210962115A CN115033908A CN 115033908 A CN115033908 A CN 115033908A CN 202210962115 A CN202210962115 A CN 202210962115A CN 115033908 A CN115033908 A CN 115033908A
Authority
CN
China
Prior art keywords
data
exploration
secret
center
fine
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210962115.3A
Other languages
Chinese (zh)
Other versions
CN115033908B (en
Inventor
张晓均
唐伟
王文琛
王鑫
张豪
李兴鹏
刘庆
唐浩宇
薛婧婷
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Southwest Petroleum University
Original Assignee
Southwest Petroleum University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Southwest Petroleum University filed Critical Southwest Petroleum University
Priority to CN202210962115.3A priority Critical patent/CN115033908B/en
Publication of CN115033908A publication Critical patent/CN115033908A/en
Application granted granted Critical
Publication of CN115033908B publication Critical patent/CN115033908B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6272Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database by registering files or documents with a third party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses an oil-gas exploration fine-grained dense-state data retrieval method based on cloud storage, which comprises the following steps: encrypting and uploading original oil and gas exploration fine-grained data; authorization of confidential data retrieval; searching secret state data; the cloud server aggregates the secret data; and (4) blinding, decrypting and statistically analyzing the aggregated confidential data. The confidentiality of oil-gas exploration fine-grained data is guaranteed not to be influenced by various attackers, the two-way privacy protection of the identity of a data owner and the identity of a data user during data sharing is also guaranteed, in addition, after aggregated secret-state data is retrieved from a cloud server by a data analysis center, the data owner and the data user need to be blinded and then decrypted, a second secret parameter is used during blinding, a decryption private key is used during decryption, even if the decryption private key is leaked, the attackers cannot obtain the blinded aggregated secret-state data, and the aggregation value of the original oil-gas exploration fine-grained data cannot be decrypted through the decryption private key, so that the leakage of oil-gas exploration fine-grained data information is prevented.

Description

基于云存储的油气勘探细粒度密态数据的检索方法Retrieval method for fine-grained dense state data of oil and gas exploration based on cloud storage

技术领域technical field

本发明属于油气勘探开发系统中大数据分析及安全处理领域,尤其涉及一种基于云存储的油气勘探细粒度密态数据的检索方法。The invention belongs to the field of big data analysis and security processing in an oil and gas exploration and development system, and in particular relates to a retrieval method for fine-grained dense state data of oil and gas exploration based on cloud storage.

背景技术Background technique

石油与天然气作为国家重要的能源矿产和战略物资,其安全是国家战略安全的重要基石。油气勘探工作作为油气工业的前端环节,包括资源寻找、开发方案的设计和实施等工作,对维持资源探明储量的稳定、保障石油工业的持续发展有着重要意义。研发机构能够对油气勘探数据的整合与分析得到一个全局的勘探模型,从而降低各个油气勘探机构在同一项目上的重复投入研发。Oil and natural gas are important national energy minerals and strategic materials, and their security is an important cornerstone of national strategic security. As the front-end link of the oil and gas industry, oil and gas exploration work, including the search for resources, the design and implementation of development plans, etc., is of great significance to maintaining the stability of proven resources and ensuring the sustainable development of the oil industry. R&D institutions can integrate and analyze oil and gas exploration data to obtain a global exploration model, thereby reducing the repeated investment in research and development of the same project by various oil and gas exploration institutions.

由于各个油气勘探现场的数据通常是机密数据,这些数据往往包含了油气勘探发现场地,机器投入,甚至油气运输路径。所以,这些战略数据的机密性通常是需要得到保障的。因此,各个勘探机构希望只能由自己访问到细粒度数据,并且只给相关数据分析中心授予数据使用权,以达到数据可用不可见的目的。也只有这样,作为数据拥有者才愿意贡献出自己的数据以获得更优的全局模型。Since the data of various oil and gas exploration sites are usually confidential data, these data often include oil and gas exploration and discovery sites, machine inputs, and even oil and gas transportation routes. Therefore, the confidentiality of these strategic data usually needs to be guaranteed. Therefore, various exploration agencies hope that they can only access fine-grained data by themselves, and only grant data use rights to the relevant data analysis centers, so as to achieve the purpose of invisible data availability. Only in this way, as data owners, are willing to contribute their own data to obtain a better global model.

此外,由于各个机构的数据存储服务通常都是外包到云服务器的,在这种模式下的数据是脱离了数据拥有者的掌控的。所以用户会采取上传加密数据的方式保证数据没有被泄露,但是这就不利于数据的授权过程。In addition, since the data storage services of various institutions are usually outsourced to cloud servers, the data in this mode is out of the control of the data owner. Therefore, users will upload encrypted data to ensure that the data is not leaked, but this is not conducive to the data authorization process.

所以,在数据存储外包的背景下,以保障这些多源异构勘探数据的机密性为基准,一个能够保留数据拥有者对自己数据的访问权限并能够实现分享数据使用权的共享方案俨然成为了大数据时代下新型智慧油气勘探开发的重要基石。Therefore, in the context of data storage outsourcing, based on ensuring the confidentiality of these multi-source heterogeneous exploration data, a sharing scheme that can retain the data owner's access rights to their own data and share the right to use the data has become a An important cornerstone of new smart oil and gas exploration and development in the era of big data.

发明内容SUMMARY OF THE INVENTION

本发明的目的在于克服现有技术的一项或多项不足,提供一种基于云存储的油气勘探细粒度密态数据的检索方法。The purpose of the present invention is to overcome one or more deficiencies of the prior art, and to provide a retrieval method for fine-grained dense state data of oil and gas exploration based on cloud storage.

本发明的目的是通过以下技术方案来实现的:The purpose of this invention is to realize through the following technical solutions:

基于云存储的油气勘探细粒度密态数据的检索方法,应用于油气勘探细粒度密态数据检索系统,所述油气勘探细粒度密态数据检索系统包括云服务器、勘探开发场区数据管理者、数据分析中心和可信中心,所述云服务器分别与勘探开发场区数据管理者、数据分析中心和可信中心通信连接,所述可信中心分别与勘探开发场区数据管理者和数据分析中心通信连接,所述勘探开发场区数据管理者拥有多个时间周期和多种类型的原始油气勘探细粒度数据,所述检索方法包括:A method for retrieving fine-grained dense state data for oil and gas exploration based on cloud storage is applied to a fine-grained dense state data retrieval system for oil and gas exploration. The oil and gas exploration fine-grained dense state data retrieval system includes a cloud server, an exploration and development site data manager, A data analysis center and a trusted center, the cloud servers are respectively connected to the exploration and development site data manager, the data analysis center, and the trusted center, and the trusted center is respectively connected to the exploration and development site data manager and the data analysis center Communication connection, the exploration and development site data manager has multiple time periods and multiple types of raw oil and gas exploration fine-grained data, and the retrieval method includes:

S1、原始油气勘探细粒度数据的加密和上传:勘探开发场区数据管理者获取可信中心经安全信道发送的容错参数,并使用该容错参数对自己的原始油气勘探细粒度数据进行加密,生成对应的密态数据,并将密态数据上传至云服务器;S1. Encryption and upload of original fine-grained data of oil and gas exploration: The data manager of the exploration and development field obtains the fault-tolerant parameters sent by the trusted center through the secure channel, and uses the fault-tolerant parameters to encrypt the original fine-grained data of oil and gas exploration to generate corresponding encrypted data, and upload the encrypted data to the cloud server;

S2、密态数据检索的授权:勘探开发场区数据管理者获取可信中心经安全信道发送的大素数,并根据所述大素数对可信中心所公开的盲化的第一公开参数进行去盲化,去盲化后生成用于授权检索的第一秘密参数,然后根据第一秘密参数制定多个不同的授权访问策略值,并将各个授权访问策略值作为一个第一多项式的根后恢复出该第一多项式,根据恢复出的第一多项式生成安全索引,将生成的安全索引上传至云服务器,其中所述授权访问策略值中包括密态数据的类型信息和所处的时间周期信息,不同授权访问策略值所包含的密态数据的类型信息和/或所处的时间周期信息不同;S2. Authorization of secret state data retrieval: The data manager of the exploration and development site obtains the large prime number sent by the trusted center through the secure channel, and de-selects the blinded first public parameter disclosed by the trusted center according to the large prime number. Blinding, after deblinding, the first secret parameter for authorized retrieval is generated, and then multiple different authorized access policy values are formulated according to the first secret parameter, and each authorized access policy value is used as the root of a first polynomial After recovering the first polynomial, generate a security index according to the recovered first polynomial, and upload the generated security index to the cloud server, wherein the authorized access policy value includes the type information of the encrypted data and all The time period information at the location, the type information and/or the time period information of the encrypted data contained in different authorized access policy values are different;

S3、密态数据的检索:数据分析中心获取可信中心经安全信道发送的第一秘密参数,并根据第一秘密参数重构授权访问策略值,并将该授权访问策略值发送给云服务器,其中重构的授权访问策略值为勘探开发场区数据管理者制定的授权访问策略值中的一个或多个;S3. Retrieval of confidential data: the data analysis center obtains the first secret parameter sent by the trusted center through the secure channel, reconstructs the authorized access policy value according to the first secret parameter, and sends the authorized access policy value to the cloud server, The reconstructed authorized access policy value is one or more of the authorized access policy values formulated by the data manager of the exploration and development site;

S4、云服务器聚合密态数据:云服务器根据所述安全索引和数据分析中心发送的授权访问策略值进行密态数据检索,并将检索到的密态数据进行聚合,然后返回聚合密态数据至数据分析中心;S4. Cloud server aggregates encrypted data: the cloud server retrieves encrypted data according to the security index and the authorized access policy value sent by the data analysis center, aggregates the retrieved encrypted data, and then returns the aggregated encrypted data to data analysis center;

S5、聚合密态数据的盲化、解密和统计分析:数据分析中心获取可信中心分配的用于盲化密文的第二秘密参数和用于解密密文的解密私钥,并根据第二秘密参数对聚合密态数据进行盲化,然后根据解密私钥对盲化后的聚合密态数据进行解密,得到原始油气勘探细粒度数据的聚合值,然后在隐私保护状态下根据原始油气勘探细粒度数据的聚合值进行统计分析。S5. Blinding, decryption and statistical analysis of aggregated ciphertext data: the data analysis center obtains the second secret parameter for blinding the ciphertext and the decryption private key for decrypting the ciphertext assigned by the trusted center, and according to the second The secret parameter blinds the aggregated dense state data, and then decrypts the blinded aggregated dense state data according to the decryption private key to obtain the aggregated value of the original fine-grained data of oil and gas exploration. Aggregate values of granularity data for statistical analysis.

优选地,所述S1之前还包括如下步骤:Preferably, before the S1, the following steps are also included:

系统初始化:可信中心设置该方法中涉及的安全密码组件,以及基于门限秘密共享方法的第二多项式、第一秘密参数、第二秘密参数和第三秘密参数,所述安全密码组件包括同态加密公开参数、解密私钥、乘法循环群、该乘法循环群的生成元和哈希函数。System initialization: the trusted center sets the security cryptographic components involved in the method, and the second polynomial, the first secret parameter, the second secret parameter and the third secret parameter based on the threshold secret sharing method, the security cryptographic components include Homomorphic encryption public parameters, decryption private key, multiplicative cyclic group, generator of the multiplicative cyclic group, and hash function.

优选地,所述勘探开发场区数据管理者获取可信中心经安全信道发送的容错参数前,勘探开发场区数据管理者向可信中心发送注册请求,可信中心记录勘探开发场区数据管理者的注册信息,并生成所述容错参数和所述大素数;Preferably, before the exploration and development site data manager obtains the fault tolerance parameters sent by the trusted center via the secure channel, the exploration and development site data manager sends a registration request to the trusted center, and the trusted center records the exploration and development site data management registration information of the user, and generate the fault tolerance parameter and the large prime number;

所述数据分析中心获取可信中心经安全信道发送的第一秘密参数前,数据分析中心向可信中心发送注册请求,可信中心根据该注册请求向数据分析中心发送第一秘密参数、第二秘密参数和解密私钥。Before the data analysis center obtains the first secret parameter sent by the trusted center through the secure channel, the data analysis center sends a registration request to the trusted center, and the trusted center sends the first secret parameter, the second secret parameter to the data analysis center according to the registration request. Secret parameters and decryption private key.

优选地,所述系统初始化具体包括如下子步骤:Preferably, the system initialization specifically includes the following sub-steps:

可信中心选择第一大素数

Figure DEST_PATH_IMAGE001
和第二大素数
Figure DEST_PATH_IMAGE002
,计算模数
Figure DEST_PATH_IMAGE003
、解密私钥
Figure DEST_PATH_IMAGE004
、同态加密公开参数一
Figure DEST_PATH_IMAGE005
和同态加密公开参数二
Figure DEST_PATH_IMAGE006
,其中
Figure DEST_PATH_IMAGE007
为循环群
Figure DEST_PATH_IMAGE008
的一个生成元;The trusted center chooses the first prime number
Figure DEST_PATH_IMAGE001
and the second largest prime number
Figure DEST_PATH_IMAGE002
, calculate the modulus
Figure DEST_PATH_IMAGE003
, decrypt the private key
Figure DEST_PATH_IMAGE004
, Homomorphic encryption public parameter 1
Figure DEST_PATH_IMAGE005
And homomorphic encryption public parameter two
Figure DEST_PATH_IMAGE006
,in
Figure DEST_PATH_IMAGE007
cyclic group
Figure DEST_PATH_IMAGE008
a generator of ;

可信中心选取一个p阶乘法循环群G和该乘法循环群G的一个生成元g;The trusted center selects a p-order multiplication cyclic group G and a generator g of the multiplication cyclic group G;

可信中心设置一个哈希函数H,其中

Figure DEST_PATH_IMAGE009
Figure DEST_PATH_IMAGE010
表示任意长度的比特串,
Figure DEST_PATH_IMAGE011
表示p-1阶乘法循环群;The trusted center sets a hash function H, where
Figure DEST_PATH_IMAGE009
,
Figure DEST_PATH_IMAGE010
represents a bit string of arbitrary length,
Figure DEST_PATH_IMAGE011
represents the p-1 order multiplication cyclic group;

可信中心选取第三秘密参数

Figure DEST_PATH_IMAGE012
Figure DEST_PATH_IMAGE013
次第二多项式
Figure DEST_PATH_IMAGE014
,其中
Figure DEST_PATH_IMAGE015
是变量,
Figure DEST_PATH_IMAGE016
分别是从有限域
Figure DEST_PATH_IMAGE017
中选取的第二多项式的系数;The trusted center selects the third secret parameter
Figure DEST_PATH_IMAGE012
and
Figure DEST_PATH_IMAGE013
second degree polynomial
Figure DEST_PATH_IMAGE014
,in
Figure DEST_PATH_IMAGE015
is the variable,
Figure DEST_PATH_IMAGE016
respectively from the finite field
Figure DEST_PATH_IMAGE017
The coefficients of the second polynomial selected in ;

可信中心公布第一参数集合

Figure DEST_PATH_IMAGE018
,并将第二参数集合
Figure DEST_PATH_IMAGE019
进行安全保存。The trusted center publishes the first parameter set
Figure DEST_PATH_IMAGE018
, and set the second parameter
Figure DEST_PATH_IMAGE019
for safe storage.

优选地,所述勘探开发场区数据管理者向可信中心发送注册请求,可信中心记录勘探开发场区数据管理者的注册信息,并生成所述容错参数和所述大素数,具体包括如下子步骤:Preferably, the exploration and development site data manager sends a registration request to a trusted center, and the trusted center records the registration information of the exploration and development site data manager, and generates the fault-tolerant parameter and the large prime number, which specifically include the following Substeps:

勘探开发场区数据管理者选择自己的私钥

Figure DEST_PATH_IMAGE020
,并计算自己的公钥
Figure DEST_PATH_IMAGE021
,然后将自己的公钥
Figure DEST_PATH_IMAGE022
和自己的身份
Figure DEST_PATH_IMAGE023
发送给可信中心进行注册;The data manager of the exploration and development site chooses his own private key
Figure DEST_PATH_IMAGE020
, and calculate your own public key
Figure DEST_PATH_IMAGE021
, then put your own public key
Figure DEST_PATH_IMAGE022
and own identity
Figure DEST_PATH_IMAGE023
Send it to the trusted center for registration;

可信中心经安全通道发送一个大素数

Figure DEST_PATH_IMAGE024
和容错参数
Figure DEST_PATH_IMAGE025
给勘探开发场区数据管理者,其中
Figure DEST_PATH_IMAGE026
;The trusted center sends a large prime number via the secure channel
Figure DEST_PATH_IMAGE024
and fault tolerance parameters
Figure DEST_PATH_IMAGE025
To data managers of exploration and development sites, including
Figure DEST_PATH_IMAGE026
;

可信中心经安全通道向云服务器发送

Figure DEST_PATH_IMAGE027
,且可信中心记录勘探开发场区数据管理者的注册信息
Figure DEST_PATH_IMAGE028
,其中
Figure DEST_PATH_IMAGE029
Figure DEST_PATH_IMAGE030
为向可信中心发起注册请求的勘探开发场区数据管理者的总数量;The trusted center sends the message to the cloud server through the secure channel
Figure DEST_PATH_IMAGE027
, and the trusted center records the registration information of the data manager of the exploration and development site
Figure DEST_PATH_IMAGE028
,in
Figure DEST_PATH_IMAGE029
,
Figure DEST_PATH_IMAGE030
The total number of data managers for exploration and development sites that have initiated registration requests to the Trusted Center;

所述数据分析中心向可信中心发送注册请求,可信中心根据该注册请求向数据分析中心发送第一秘密参数、第二秘密参数和解密私钥,具体包括如下子步骤:The data analysis center sends a registration request to the trusted center, and the trusted center sends the first secret parameter, the second secret parameter and the decryption private key to the data analysis center according to the registration request, which specifically includes the following sub-steps:

数据分析中心向可信中心发送包含自己身份

Figure DEST_PATH_IMAGE031
的注册请求;The data analysis center sends information containing its own identity to the trusted center
Figure DEST_PATH_IMAGE031
registration request;

可信中心选择用于授权检索的第一秘密参数

Figure DEST_PATH_IMAGE032
,第一秘密参数
Figure 555508DEST_PATH_IMAGE032
小于每一个大素数The trusted center selects the first secret parameter for authorized retrieval
Figure DEST_PATH_IMAGE032
, the first secret parameter
Figure 555508DEST_PATH_IMAGE032
less than every large prime number

Figure DEST_PATH_IMAGE033
,然后根据中国剩余定理计算盲化的第一公开参数
Figure DEST_PATH_IMAGE034
,其中
Figure DEST_PATH_IMAGE035
Figure DEST_PATH_IMAGE036
表示与勘探开发场区数据管理者身份
Figure 816856DEST_PATH_IMAGE023
中的下标i不同的下标序号;
Figure DEST_PATH_IMAGE033
, and then calculate the blinded first public parameter according to the Chinese remainder theorem
Figure DEST_PATH_IMAGE034
,in
Figure DEST_PATH_IMAGE035
,
Figure DEST_PATH_IMAGE036
Representation and identity of the data manager of the exploration and development site
Figure 816856DEST_PATH_IMAGE023
The subscript i in the subscript number is different;

可信中心选取第一随机数

Figure DEST_PATH_IMAGE037
,第一随机数
Figure 488271DEST_PATH_IMAGE037
满足等式
Figure DEST_PATH_IMAGE038
,并计算第二秘密参数
Figure DEST_PATH_IMAGE039
;The trusted center selects the first random number
Figure DEST_PATH_IMAGE037
, the first random number
Figure 488271DEST_PATH_IMAGE037
satisfy the equation
Figure DEST_PATH_IMAGE038
, and compute the second secret parameter
Figure DEST_PATH_IMAGE039
;

可信中心经安全信道向数据分析中心发送

Figure DEST_PATH_IMAGE040
,并公布
Figure DEST_PATH_IMAGE041
。The trusted center sends the data to the data analysis center via the secure channel
Figure DEST_PATH_IMAGE040
, and published
Figure DEST_PATH_IMAGE041
.

优选地,所述S1具体包括如下子步骤:Preferably, the S1 specifically includes the following sub-steps:

勘探开发场区数据管理者获取可信中心经安全信道发送的容错参数

Figure 481549DEST_PATH_IMAGE025
;The data manager of the exploration and development site obtains the fault-tolerant parameters sent by the trusted center through the secure channel
Figure 481549DEST_PATH_IMAGE025
;

勘探开发场区数据管理者对自己时间周期t内的第j种原始油气勘探细粒度数据

Figure DEST_PATH_IMAGE042
进行加密,生成自己时间周期t内的第j种原始油气勘探细粒度数据
Figure 922019DEST_PATH_IMAGE042
的密态数据
Figure DEST_PATH_IMAGE043
,其中密态数据分量一
Figure DEST_PATH_IMAGE044
,密态数据分量二
Figure DEST_PATH_IMAGE045
Figure DEST_PATH_IMAGE046
为勘探开发场区数据管理者选取的第二随机数;The fine-grained data of the jth original oil and gas exploration in the time period t of the exploration and development site data manager
Figure DEST_PATH_IMAGE042
Perform encryption to generate the jth original oil and gas exploration fine-grained data within its own time period t
Figure 922019DEST_PATH_IMAGE042
encrypted data
Figure DEST_PATH_IMAGE043
, where the dense-state data component is a
Figure DEST_PATH_IMAGE044
, dense state data component two
Figure DEST_PATH_IMAGE045
,
Figure DEST_PATH_IMAGE046
The second random number selected for the data manager of the exploration and development site;

勘探开发场区数据管理者将密态数据

Figure DEST_PATH_IMAGE047
上传至云服务器。Exploration and development site data managers will
Figure DEST_PATH_IMAGE047
Upload to cloud server.

优选地,所述S2具体包括如下子步骤:Preferably, the S2 specifically includes the following sub-steps:

勘探开发场区数据管理者获取可信中心经安全信道发送的大素数

Figure 980368DEST_PATH_IMAGE024
,并对盲化的第一公开参数进行去盲化,去盲化后生成第一秘密参数
Figure 575297DEST_PATH_IMAGE032
,其中
Figure DEST_PATH_IMAGE048
;The data manager of the exploration and development site obtains the large prime numbers sent by the trusted center through the secure channel
Figure 980368DEST_PATH_IMAGE024
, and deblind the blinded first public parameter, and generate the first secret parameter after deblinding
Figure 575297DEST_PATH_IMAGE032
,in
Figure DEST_PATH_IMAGE048
;

勘探开发场区数据管理者制定多个授权访问策略值

Figure DEST_PATH_IMAGE049
,并将各个授权访问策略值组合成检索策略集合
Figure DEST_PATH_IMAGE050
,其中
Figure DEST_PATH_IMAGE051
表示勘探开发场区数据管理者自己的第j种原始油气勘探细粒度数据,t表示原始油气勘探细粒度数据所处的时间周期,检索策略集合
Figure 180722DEST_PATH_IMAGE050
中包括
Figure DEST_PATH_IMAGE052
个授权访问策略值,分别为
Figure DEST_PATH_IMAGE053
Figure DEST_PATH_IMAGE054
为级联符号;Exploration and development site data managers formulate multiple authorized access policy values
Figure DEST_PATH_IMAGE049
, and combine each authorized access policy value into a retrieval policy set
Figure DEST_PATH_IMAGE050
,in
Figure DEST_PATH_IMAGE051
Represents the jth original fine-grained data of oil and gas exploration of the data manager of the exploration and development site, t represents the time period in which the original fine-grained data of oil and gas exploration is located, and the retrieval strategy set
Figure 180722DEST_PATH_IMAGE050
included
Figure DEST_PATH_IMAGE052
authorized access policy values, which are
Figure DEST_PATH_IMAGE053
,
Figure DEST_PATH_IMAGE054
is a cascading symbol;

勘探开发场区数据管理者构建

Figure DEST_PATH_IMAGE055
次第一多项式
Figure DEST_PATH_IMAGE056
,其中
Figure DEST_PATH_IMAGE057
是变量,
Figure DEST_PATH_IMAGE058
从有限域
Figure DEST_PATH_IMAGE059
中随机选取,
Figure DEST_PATH_IMAGE060
Figure DEST_PATH_IMAGE061
次第一多项式的系数;Construction of Data Managers in Exploration and Development Sites
Figure DEST_PATH_IMAGE055
first degree polynomial
Figure DEST_PATH_IMAGE056
,in
Figure DEST_PATH_IMAGE057
is the variable,
Figure DEST_PATH_IMAGE058
from a finite field
Figure DEST_PATH_IMAGE059
randomly selected from
Figure DEST_PATH_IMAGE060
Yes
Figure DEST_PATH_IMAGE061
coefficients of the first degree polynomial;

勘探开发场区数据管理者构建安全索引

Figure DEST_PATH_IMAGE062
Figure DEST_PATH_IMAGE063
是安全索引分量一,
Figure DEST_PATH_IMAGE064
是安全索引分量二,
Figure DEST_PATH_IMAGE065
是安全索引分量三,其中
Figure DEST_PATH_IMAGE066
;Exploration and development site data managers build security indexes
Figure DEST_PATH_IMAGE062
,
Figure DEST_PATH_IMAGE063
is the security index component one,
Figure DEST_PATH_IMAGE064
is the security index component two,
Figure DEST_PATH_IMAGE065
is the security index component three, where
Figure DEST_PATH_IMAGE066
;

勘探开发场区数据管理者将安全索引上传至云服务器。The data manager of the exploration and development site uploads the security index to the cloud server.

优选地,所述S3具体包括如下子步骤:Preferably, the S3 specifically includes the following sub-steps:

数据分析中心获取可信中心经安全信道发送的第一秘密参数

Figure 552664DEST_PATH_IMAGE032
,并重构授权访问策略值The data analysis center obtains the first secret parameter sent by the trusted center via the secure channel
Figure 552664DEST_PATH_IMAGE032
, and reconstruct the authorized access policy value

Figure DEST_PATH_IMAGE067
,将该授权访问策略值发送给云服务器。
Figure DEST_PATH_IMAGE067
, and send the authorized access policy value to the cloud server.

优选地,所述S4具体包括如下子步骤:Preferably, the S4 specifically includes the following sub-steps:

云服务器根据数据分析中心发送的授权访问策略值

Figure DEST_PATH_IMAGE068
构建向量一
Figure DEST_PATH_IMAGE069
;The cloud server is based on the authorized access policy value sent by the data analysis center
Figure DEST_PATH_IMAGE068
build vector one
Figure DEST_PATH_IMAGE069
;

云服务器根据安全索引构建向量二

Figure DEST_PATH_IMAGE070
;The cloud server constructs vector two according to the security index
Figure DEST_PATH_IMAGE070
;

云服务器进行密态数据检索测试,确定满足测试方程的密态数据,其中采用的测试方程为

Figure DEST_PATH_IMAGE071
;The cloud server performs the retrieval test of dense state data, and determines the dense state data that satisfies the test equation. The test equation used is:
Figure DEST_PATH_IMAGE071
;

云服务器计算拉格朗日插值系数

Figure DEST_PATH_IMAGE072
,其中
Figure DEST_PATH_IMAGE073
为与勘探开发场区数据管理者身份
Figure 109810DEST_PATH_IMAGE023
中的下标i不同的下标序号;Cloud server calculates Lagrangian interpolation coefficients
Figure DEST_PATH_IMAGE072
,in
Figure DEST_PATH_IMAGE073
Data manager identity for exploration and development sites
Figure 109810DEST_PATH_IMAGE023
The subscript i in the subscript number is different;

云服务器对所有满足测试方程的密态数据进行聚合,生成聚合密态数据

Figure DEST_PATH_IMAGE074
,并将聚合密态数据返回给数据分析中心,其中I表示成功上传自己的密态数据至云服务器的勘探开发场区数据管理者的下标集合,且
Figure DEST_PATH_IMAGE075
Figure DEST_PATH_IMAGE076
表示下标集合的大小。The cloud server aggregates all the dense state data that satisfy the test equation to generate aggregated dense state data
Figure DEST_PATH_IMAGE074
, and return the aggregated dense state data to the data analysis center, where I represents the subscript set of the data manager of the exploration and development site that successfully uploaded its own dense state data to the cloud server, and
Figure DEST_PATH_IMAGE075
,
Figure DEST_PATH_IMAGE076
Indicates the size of the subscript collection.

优选地,所述S5具体包括如下子步骤:Preferably, the S5 specifically includes the following sub-steps:

数据分析中心获取可信中心分配的第二秘密参数

Figure DEST_PATH_IMAGE077
和解密私钥
Figure DEST_PATH_IMAGE078
;The data analysis center obtains the second secret parameter assigned by the trusted center
Figure DEST_PATH_IMAGE077
and decrypt the private key
Figure DEST_PATH_IMAGE078
;

数据分析中心将聚合密态数据乘上第二秘密参数

Figure 834446DEST_PATH_IMAGE077
,获得盲化后的聚合密态数据The data analysis center multiplies the aggregated secret state data by the second secret parameter
Figure 834446DEST_PATH_IMAGE077
, to obtain blinded aggregated dense state data

Figure DEST_PATH_IMAGE079
,然后对盲化后的聚合密态数据进行解密,得到时间周期t内第j种原始油气勘探细粒度数据的聚合值
Figure DEST_PATH_IMAGE080
,其中
Figure DEST_PATH_IMAGE081
Figure 885972DEST_PATH_IMAGE078
在乘法循环群
Figure DEST_PATH_IMAGE082
中的逆元;
Figure DEST_PATH_IMAGE079
, and then decrypt the blinded aggregated dense state data to obtain the aggregated value of the jth original fine-grained oil and gas exploration data in time period t
Figure DEST_PATH_IMAGE080
,in
Figure DEST_PATH_IMAGE081
Yes
Figure 885972DEST_PATH_IMAGE078
Cyclic group in multiplication
Figure DEST_PATH_IMAGE082
The inverse element in ;

数据分析中心在隐私保护状态下根据时间周期t内第j种原始油气勘探细粒度数据的聚合值进行统计分析。The data analysis center performs statistical analysis according to the aggregated value of the jth original fine-grained data of oil and gas exploration in the time period t in the state of privacy protection.

本发明的有益效果是:The beneficial effects of the present invention are:

(1)、由于油气勘探细粒度数据与勘探机构的隐私密切相关,攻击者可能会从中推断出一些关键信息,本实施例实现的方法通过数据拥有者(勘探开发场区数据管理者)对拥有的原始油气勘探细粒度数据进行加密,且加密时使用自己的公钥以及可信中心向其分配的容错参数,使得存储在云服务器的数据为密态数据,通过可信中心作为可信的第三方,数据拥有者授权密态数据检索权限给在可信中心注册了的数据分析中心,数据分析中心检索到的是原始油气勘探细粒度数据的聚合值,数据分析中心可使用油气勘探细粒度数据的聚合值进行统计分析,但并不知道数据拥有者的身份;(1) Since the fine-grained data of oil and gas exploration is closely related to the privacy of the exploration organization, the attacker may infer some key information from it. The original fine-grained data of oil and gas exploration is encrypted, and its own public key and the fault-tolerant parameters assigned to it by the trusted center are used for encryption, so that the data stored in the cloud server is encrypted data, and the trusted center is used as a trusted third-party data. The three parties, the data owner authorizes the confidential data retrieval authority to the data analysis center registered in the trusted center. The data analysis center retrieves the aggregate value of the original oil and gas exploration fine-grained data, and the data analysis center can use the oil and gas exploration fine-grained data. Statistical analysis of the aggregated value of the data, but does not know the identity of the data owner;

综上所述,本实施例中实现的方法保证了油气勘探细粒度数据的机密性不受各种攻击者的影响,也保证了数据共享时数据拥有者身份和数据使用者身份的双向隐私保护。To sum up, the method implemented in this embodiment ensures that the confidentiality of the fine-grained data of oil and gas exploration is not affected by various attackers, and also ensures the bidirectional privacy protection of the identity of the data owner and the identity of the data user during data sharing. .

(2)、数据分析中心在从云服务器检索到聚合密态数据后,需先进行第一阶段的盲化,然后再进行第二阶段的解密,盲化时使用可信中心分配的第二秘密参数,解密使用可信中心分配的解密私钥,即使解密私钥被泄漏,攻击者无法获取到盲化后的聚合密态数据,也就无法通过解密私钥对聚合密态数据进行解密,从而也不会导致油气勘探细粒度数据信息的泄露。(2) After retrieving the aggregated secret data from the cloud server, the data analysis center needs to perform the first stage of blinding, and then the second stage of decryption, and use the second secret allocated by the trusted center for blinding. Parameter, decryption uses the decryption private key assigned by the trusted center. Even if the decryption private key is leaked, the attacker cannot obtain the blinded aggregated encrypted state data, and cannot decrypt the aggregated encrypted state data by decrypting the private key. It will not lead to the leakage of fine-grained data and information of oil and gas exploration.

(3)、在实际应用场景中,本实施例实现的方法能够使得数据分析中心和勘探开发场区数据管理者都可以检索不同时间周期的密态聚合数据,用于监测和评估勘探状况。(3) In a practical application scenario, the method implemented in this embodiment enables both the data analysis center and the data manager of the exploration and development site to retrieve dense aggregated data of different time periods for monitoring and evaluating the exploration status.

(4)、勘探开发场区数据管理者通过构建所有可能的授权访问策略值,勘探开发场区数据管理者可以授权数据分析中心灵活检索不同时间周期的聚合密态数据,只有提供出正确的授权访问策略值,方能通过云服务器的数据检索测试,除此之外任何实体都无法通过云服务器的数据检索测试。(4) By constructing all possible authorized access policy values, the data manager of the exploration and development site can authorize the data analysis center to flexibly retrieve aggregated dense state data of different time periods. Only by providing the correct authorization Only the access policy value can pass the data retrieval test of the cloud server, and any other entity cannot pass the data retrieval test of the cloud server.

(5)、在传输信道堵塞或人为破坏的情况下,本实施例实现的方法也能够在密态数据检索和聚合过程中实现容错功能。(5) In the case that the transmission channel is blocked or damaged, the method implemented in this embodiment can also implement a fault-tolerant function in the process of retrieving and aggregating data in a dense state.

附图说明Description of drawings

图1为油气勘探细粒度密态数据检索系统的架构图。Figure 1 is the architecture diagram of the fine-grained dense state data retrieval system for oil and gas exploration.

具体实施方式Detailed ways

下面将结合实施例,对本发明的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域技术人员在没有付出创造性劳动的前提下所获得的所有其他实施例,都属于本发明保护的范围。The technical solutions of the present invention will be clearly and completely described below with reference to the embodiments. Obviously, the described embodiments are only a part of the embodiments of the present invention, rather than all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative efforts shall fall within the protection scope of the present invention.

本实施例提供了一种基于云存储的油气勘探细粒度密态数据的检索方法,应用于油气勘探细粒度密态数据检索系统。如图1示出了油气勘探细粒度密态数据检索系统的架构图。油气勘探细粒度密态数据检索系统包括云服务器、勘探开发场区数据管理者、数据分析中心和可信中心,云服务器分别与勘探开发场区数据管理者、数据分析中心和可信中心通信连接,可信中心分别与勘探开发场区数据管理者和数据分析中心通信连接,勘探开发场区数据管理者作为数据拥有者,拥有多个时间周期和多种类型的原始油气勘探细粒度数据,原始油气勘探细粒度数据来源于勘探开发场区数据管理者所在的各个勘探开发现场,勘探开发现场包括勘探开发现场1、勘探开发现场2和勘探开发现场3等。This embodiment provides a method for retrieving fine-grained dense state data of oil and gas exploration based on cloud storage, which is applied to a system for retrieving fine-grained dense state data of oil and gas exploration. Figure 1 shows the architecture diagram of the fine-grained dense state data retrieval system for oil and gas exploration. The oil and gas exploration fine-grained and dense data retrieval system includes a cloud server, an exploration and development site data manager, a data analysis center and a trusted center. The cloud server is respectively connected to the exploration and development site data manager, data analysis center and trusted center. , the trusted center communicates with the exploration and development site data manager and the data analysis center respectively. As the data owner, the exploration and development site data manager has multiple time periods and multiple types of raw oil and gas exploration fine-grained data. The fine-grained data of oil and gas exploration comes from each exploration and development site where the data manager of the exploration and development site is located. The exploration and development site includes exploration and development site 1, exploration and development site 2, and exploration and development site 3.

基于云存储的油气勘探细粒度密态数据的检索方法具体包括:The retrieval method of fine-grained dense state data of oil and gas exploration based on cloud storage includes:

S1、原始油气勘探细粒度数据的加密和上传:勘探开发场区数据管理者获取可信中心经安全信道发送的容错参数,并使用该容错参数对自己的原始油气勘探细粒度数据进行加密,生成对应的密态数据,并将密态数据上传至云服务器。S1. Encryption and upload of original fine-grained data of oil and gas exploration: The data manager of the exploration and development field obtains the fault-tolerant parameters sent by the trusted center through the secure channel, and uses the fault-tolerant parameters to encrypt the original fine-grained data of oil and gas exploration to generate corresponding encrypted data, and upload the encrypted data to the cloud server.

S2、密态数据检索的授权:勘探开发场区数据管理者获取可信中心经安全信道发送的大素数,并根据大素数对可信中心所公开的盲化的第一公开参数进行去盲化,去盲化后生成用于授权检索的第一秘密参数,然后根据第一秘密参数制定多个授权访问策略值,并将各个授权访问策略值作为一个第一多项式的根后恢复出该第一多项式,根据恢复出的第一多项式生成安全索引,将生成的安全索引上传至云服务器,其中各个授权访问策略值包含的油气勘探细粒度数据所处的时间周期和/或油气勘探细粒度数据类型不同。S2. Authorization of secret state data retrieval: The data manager of the exploration and development site obtains the large prime number sent by the trusted center through the secure channel, and deblinds the blinded first public parameter disclosed by the trusted center according to the large prime number , after deblinding, a first secret parameter for authorized retrieval is generated, and then a plurality of authorized access policy values are formulated according to the first secret parameter, and each authorized access policy value is taken as the root of a first polynomial to recover the The first polynomial, generating a security index according to the recovered first polynomial, and uploading the generated security index to the cloud server, wherein the time period and/or the time period and/or the fine-grained data of oil and gas exploration included in each authorized access policy value There are different types of fine-grained data for oil and gas exploration.

S3、密态数据的检索:数据分析中心获取可信中心经安全信道发送的第一秘密参数,并根据第一秘密参数重构授权访问策略值,并将该授权访问策略值发送给云服务器,其中重构的授权访问策略值为勘探开发场区数据管理者制定的授权访问策略值中的一个或多个。S3. Retrieval of confidential data: the data analysis center obtains the first secret parameter sent by the trusted center through the secure channel, reconstructs the authorized access policy value according to the first secret parameter, and sends the authorized access policy value to the cloud server, The reconstructed authorized access policy value is one or more of the authorized access policy values formulated by the data manager of the exploration and development site.

S4、云服务器聚合密态数据:云服务器根据数据分析中心发送的授权访问策略值和安全索引进行密态数据检索测试,并将通过检索测试的密态数据进行聚合后返回聚合密态数据至数据分析中心。S4. Cloud server aggregates secret state data: The cloud server performs a secret state data retrieval test according to the authorized access policy value and security index sent by the data analysis center, and aggregates the secret state data that has passed the retrieval test and returns the aggregated secret state data to the data Analysis Center.

S5、聚合密态数据的盲化、解密和统计分析:数据分析中心获取可信中心分配的用于盲化密文的第二秘密参数和用于解密密文的解密私钥,并根据第二秘密参数对聚合密态数据进行盲化,然后根据解密私钥对盲化后的聚合密态数据进行解密,得到原始油气勘探细粒度数据的聚合值,然后在隐私保护状态下根据原始油气勘探细粒度数据的聚合值进行统计分析。S5. Blinding, decryption and statistical analysis of aggregated ciphertext data: the data analysis center obtains the second secret parameter for blinding the ciphertext and the decryption private key for decrypting the ciphertext assigned by the trusted center, and according to the second The secret parameter blinds the aggregated dense state data, and then decrypts the blinded aggregated dense state data according to the decryption private key to obtain the aggregated value of the original fine-grained data of oil and gas exploration. Aggregate values of granularity data for statistical analysis.

进一步地,S1之前还包括如下步骤:Further, before S1, the following steps are also included:

系统初始化:可信中心设置该方法中涉及的安全密码组件,以及基于门限秘密共享方法生成的用于勘探开发场区数据管理者注册和数据分析中心注册的第二多项式、第一秘密参数、第二秘密参数和第三秘密参数,安全密码组件包括同态加密公开参数、解密私钥、乘法循环群、该乘法循环群的生成元和哈希函数。System initialization: the trusted center sets the security cryptographic components involved in the method, as well as the second polynomial and the first secret parameters generated based on the threshold secret sharing method for the registration of the data manager of the exploration and development site and the registration of the data analysis center , a second secret parameter and a third secret parameter, the secure cryptographic component includes a homomorphic encryption public parameter, a decryption private key, a multiplication cyclic group, a generator of the multiplication cyclic group, and a hash function.

进一步地,勘探开发场区数据管理者获取可信中心经安全信道发送的容错参数前,勘探开发场区数据管理者向可信中心发送注册请求,可信中心记录勘探开发场区数据管理者的注册信息,并生成容错参数和大素数。数据分析中心获取可信中心经安全信道发送的第一秘密参数前,数据分析中心向可信中心发送注册请求,可信中心根据该注册请求向数据分析中心发送第一秘密参数、第二秘密参数和解密私钥。Further, before the data manager of the exploration and development site obtains the fault-tolerant parameters sent by the trusted center through the secure channel, the data manager of the exploration and development site sends a registration request to the trusted center, and the trusted center records the data of the data manager of the exploration and development site. Register information, and generate fault-tolerant parameters and large primes. Before the data analysis center obtains the first secret parameter sent by the trusted center through the secure channel, the data analysis center sends a registration request to the trusted center, and the trusted center sends the first secret parameter and the second secret parameter to the data analysis center according to the registration request. and decrypt the private key.

进一步地,系统初始化具体包括如下子步骤:Further, the system initialization specifically includes the following sub-steps:

S001、可信中心选择第一大素数

Figure 799570DEST_PATH_IMAGE001
和第二大素数
Figure 557310DEST_PATH_IMAGE002
,计算模数
Figure 350999DEST_PATH_IMAGE003
、解密私钥
Figure 954019DEST_PATH_IMAGE004
、同态加密公开参数一
Figure 925386DEST_PATH_IMAGE005
和同态加密公开参数二
Figure 89913DEST_PATH_IMAGE006
,其中
Figure 146731DEST_PATH_IMAGE007
为循环群
Figure 287862DEST_PATH_IMAGE008
的一个生成元。S001. The trusted center selects the first prime number
Figure 799570DEST_PATH_IMAGE001
and the second largest prime number
Figure 557310DEST_PATH_IMAGE002
, calculate the modulus
Figure 350999DEST_PATH_IMAGE003
, decrypt the private key
Figure 954019DEST_PATH_IMAGE004
, Homomorphic encryption public parameter 1
Figure 925386DEST_PATH_IMAGE005
And homomorphic encryption public parameter two
Figure 89913DEST_PATH_IMAGE006
,in
Figure 146731DEST_PATH_IMAGE007
cyclic group
Figure 287862DEST_PATH_IMAGE008
a generator of .

S002、可信中心选取一个p阶乘法循环群G和该乘法循环群G的一个生成元g。S002, the trusted center selects a p-order multiplication cyclic group G and a generator g of the multiplication cyclic group G.

S003、可信中心设置一个哈希函数H,其中

Figure 615200DEST_PATH_IMAGE009
Figure 714743DEST_PATH_IMAGE010
表示任意长度的比特串,
Figure 727699DEST_PATH_IMAGE011
表示p-1阶乘法循环群。S003, the trusted center sets a hash function H, wherein
Figure 615200DEST_PATH_IMAGE009
,
Figure 714743DEST_PATH_IMAGE010
represents a bit string of arbitrary length,
Figure 727699DEST_PATH_IMAGE011
Represents a multiplicative cyclic group of order p-1.

S004、可信中心选取第三秘密参数

Figure 938100DEST_PATH_IMAGE012
Figure 119945DEST_PATH_IMAGE013
次第二多项式
Figure 124810DEST_PATH_IMAGE014
,其中
Figure 890641DEST_PATH_IMAGE015
是变量,
Figure 140619DEST_PATH_IMAGE016
分别是从有限域
Figure 675506DEST_PATH_IMAGE017
中选取的第二多项式的系数。S004, the trusted center selects the third secret parameter
Figure 938100DEST_PATH_IMAGE012
and
Figure 119945DEST_PATH_IMAGE013
second degree polynomial
Figure 124810DEST_PATH_IMAGE014
,in
Figure 890641DEST_PATH_IMAGE015
is the variable,
Figure 140619DEST_PATH_IMAGE016
respectively from the finite field
Figure 675506DEST_PATH_IMAGE017
The coefficients of the second polynomial chosen in .

S005、可信中心公布第一参数集合

Figure 116851DEST_PATH_IMAGE018
,并将第二参数集合
Figure 369978DEST_PATH_IMAGE019
进行安全保存。S005, the trusted center publishes the first parameter set
Figure 116851DEST_PATH_IMAGE018
, and set the second parameter
Figure 369978DEST_PATH_IMAGE019
for safe storage.

进一步地,勘探开发场区数据管理者向可信中心发送注册请求,可信中心记录勘探开发场区数据管理者的注册信息,并生成容错参数和大素数,具体包括如下子步骤:Further, the exploration and development site data manager sends a registration request to the trusted center, and the trusted center records the registration information of the exploration and development site data manager, and generates fault-tolerant parameters and large prime numbers, which specifically include the following sub-steps:

SS01、勘探开发场区数据管理者选择自己的私钥

Figure 158068DEST_PATH_IMAGE020
,并计算自己的公钥
Figure 547461DEST_PATH_IMAGE021
,然后将自己的公钥
Figure 159708DEST_PATH_IMAGE022
和自己的身份
Figure 401595DEST_PATH_IMAGE023
发送给可信中心进行注册。SS01. The data manager of the exploration and development site chooses his own private key
Figure 158068DEST_PATH_IMAGE020
, and calculate your own public key
Figure 547461DEST_PATH_IMAGE021
, then put your own public key
Figure 159708DEST_PATH_IMAGE022
and own identity
Figure 401595DEST_PATH_IMAGE023
Send to trusted center for registration.

SS02、可信中心经安全通道发送一个大素数

Figure 757490DEST_PATH_IMAGE024
和容错参数
Figure 266969DEST_PATH_IMAGE025
给勘探开发场区数据管理者,其中
Figure DEST_PATH_IMAGE083
。SS02, the trusted center sends a large prime number through the secure channel
Figure 757490DEST_PATH_IMAGE024
and fault tolerance parameters
Figure 266969DEST_PATH_IMAGE025
To data managers of exploration and development sites, including
Figure DEST_PATH_IMAGE083
.

SS03、可信中心经安全通道向云服务器发送

Figure 348320DEST_PATH_IMAGE027
,且可信中心记录勘探开发场区数据管理者的注册信息
Figure 576039DEST_PATH_IMAGE028
,其中
Figure 204466DEST_PATH_IMAGE029
Figure 347214DEST_PATH_IMAGE030
为向可信中心发起注册请求的勘探开发场区数据管理者的总数量。SS03, the trusted center sends the message to the cloud server through the secure channel
Figure 348320DEST_PATH_IMAGE027
, and the trusted center records the registration information of the data manager of the exploration and development site
Figure 576039DEST_PATH_IMAGE028
,in
Figure 204466DEST_PATH_IMAGE029
,
Figure 347214DEST_PATH_IMAGE030
The total number of E&P site data managers who initiated registration requests to the Trusted Center.

进一步地,数据分析中心向可信中心发送注册请求,可信中心根据该注册请求向数据分析中心发送第一秘密参数、第二秘密参数和解密私钥,具体包括如下子步骤:Further, the data analysis center sends a registration request to the trusted center, and the trusted center sends the first secret parameter, the second secret parameter and the decryption private key to the data analysis center according to the registration request, which specifically includes the following sub-steps:

SSS01、数据分析中心向可信中心发送包含自己身份

Figure 35685DEST_PATH_IMAGE031
的注册请求。SSS01, the data analysis center sends a message containing its own identity to the trusted center
Figure 35685DEST_PATH_IMAGE031
registration request.

SSS02、可信中心选择用于授权检索的第一秘密参数

Figure 750700DEST_PATH_IMAGE032
,第一秘密参数
Figure 949862DEST_PATH_IMAGE032
小于每一个大SSS02, the trusted center selects the first secret parameter for authorized retrieval
Figure 750700DEST_PATH_IMAGE032
, the first secret parameter
Figure 949862DEST_PATH_IMAGE032
less than each big

素数

Figure 168354DEST_PATH_IMAGE033
,然后根据中国剩余定理计算盲化的第一公开参数
Figure 27726DEST_PATH_IMAGE034
,其中
Figure DEST_PATH_IMAGE084
Figure 793819DEST_PATH_IMAGE036
表示与勘探开发场区数据管理者身份
Figure 29628DEST_PATH_IMAGE023
中的下标i不同的下标序号。Prime number
Figure 168354DEST_PATH_IMAGE033
, and then calculate the blinded first public parameter according to the Chinese remainder theorem
Figure 27726DEST_PATH_IMAGE034
,in
Figure DEST_PATH_IMAGE084
,
Figure 793819DEST_PATH_IMAGE036
Representation and identity of the data manager of the exploration and development site
Figure 29628DEST_PATH_IMAGE023
The subscript i in the subscript number is different.

SSS03、可信中心选取第一随机数

Figure 368205DEST_PATH_IMAGE037
,第一随机数
Figure 165522DEST_PATH_IMAGE037
满足等式
Figure 323971DEST_PATH_IMAGE038
,并计算第二秘密参数
Figure 363471DEST_PATH_IMAGE039
。SSS03, the trusted center selects the first random number
Figure 368205DEST_PATH_IMAGE037
, the first random number
Figure 165522DEST_PATH_IMAGE037
satisfy the equation
Figure 323971DEST_PATH_IMAGE038
, and compute the second secret parameter
Figure 363471DEST_PATH_IMAGE039
.

SSS04、可信中心经安全信道向数据分析中心发送

Figure 323599DEST_PATH_IMAGE040
,并公布
Figure 524773DEST_PATH_IMAGE041
。SSS04, the trusted center sends to the data analysis center through a secure channel
Figure 323599DEST_PATH_IMAGE040
, and published
Figure 524773DEST_PATH_IMAGE041
.

进一步地,S1具体包括如下子步骤:Further, S1 specifically includes the following sub-steps:

S11、 勘探开发场区数据管理者获取可信中心经安全信道发送的容错参数

Figure 436098DEST_PATH_IMAGE025
。S11. The data manager of the exploration and development site obtains the fault-tolerant parameters sent by the trusted center through the secure channel
Figure 436098DEST_PATH_IMAGE025
.

S12、勘探开发场区数据管理者

Figure 515174DEST_PATH_IMAGE023
对自己时间周期t内的第j种原始油气勘探细粒度数据
Figure 828344DEST_PATH_IMAGE042
进行加密,生成自己时间周期t内的第j种原始油气勘探细粒度数据
Figure 997157DEST_PATH_IMAGE042
的密态数据
Figure 162822DEST_PATH_IMAGE043
,其中密态数据分量一
Figure 809704DEST_PATH_IMAGE044
,密态数据分量二
Figure DEST_PATH_IMAGE085
Figure DEST_PATH_IMAGE086
为勘探开发场区数据管理者
Figure 134637DEST_PATH_IMAGE023
选取的第二随机数。S12. Exploration and development site data manager
Figure 515174DEST_PATH_IMAGE023
Fine-grained data for the jth original oil and gas exploration in its own time period t
Figure 828344DEST_PATH_IMAGE042
Perform encryption to generate the jth original oil and gas exploration fine-grained data within its own time period t
Figure 997157DEST_PATH_IMAGE042
encrypted data
Figure 162822DEST_PATH_IMAGE043
, where the dense-state data component is a
Figure 809704DEST_PATH_IMAGE044
, dense state data component two
Figure DEST_PATH_IMAGE085
,
Figure DEST_PATH_IMAGE086
Data managers for exploration and development sites
Figure 134637DEST_PATH_IMAGE023
The second random number chosen.

S13、勘探开发场区数据管理者

Figure 677614DEST_PATH_IMAGE023
将密态数据
Figure 32372DEST_PATH_IMAGE047
上传至云服务器。S13. Exploration and development site data manager
Figure 677614DEST_PATH_IMAGE023
encrypted data
Figure 32372DEST_PATH_IMAGE047
Upload to cloud server.

进一步地,S2具体包括如下子步骤:Further, S2 specifically includes the following sub-steps:

S21、勘探开发场区数据管理者

Figure 441532DEST_PATH_IMAGE023
获取可信中心经安全信道发送的大素数
Figure 198136DEST_PATH_IMAGE024
,并对盲化的第一公开参数进行去盲化,去盲化后生成第一秘密参数
Figure 912014DEST_PATH_IMAGE032
,其中
Figure 19647DEST_PATH_IMAGE048
。S21. Exploration and development site data manager
Figure 441532DEST_PATH_IMAGE023
Get the large prime number sent by the trusted center over the secure channel
Figure 198136DEST_PATH_IMAGE024
, and deblind the blinded first public parameter, and generate the first secret parameter after deblinding
Figure 912014DEST_PATH_IMAGE032
,in
Figure 19647DEST_PATH_IMAGE048
.

S22、勘探开发场区数据管理者

Figure 978638DEST_PATH_IMAGE023
制定多个授权访问策略值
Figure DEST_PATH_IMAGE087
,并将各个授权访问策略值组合成检索策略集合
Figure 386486DEST_PATH_IMAGE050
,其中
Figure 536844DEST_PATH_IMAGE051
表示勘探开发场区数据管理者自己的第j种原始油气勘探细粒度数据,t表示原始油气勘探细粒度数据所处的时间周期,检索策略集合
Figure 367659DEST_PATH_IMAGE050
中包括
Figure 363297DEST_PATH_IMAGE052
个授权访问策略值,分别为
Figure 828913DEST_PATH_IMAGE053
Figure 150173DEST_PATH_IMAGE054
为级联符号。S22. Exploration and development site data manager
Figure 978638DEST_PATH_IMAGE023
Develop multiple authorized access policy values
Figure DEST_PATH_IMAGE087
, and combine each authorized access policy value into a retrieval policy set
Figure 386486DEST_PATH_IMAGE050
,in
Figure 536844DEST_PATH_IMAGE051
Represents the jth original fine-grained data of oil and gas exploration of the data manager of the exploration and development site, t represents the time period in which the original fine-grained data of oil and gas exploration is located, and the retrieval strategy set
Figure 367659DEST_PATH_IMAGE050
included
Figure 363297DEST_PATH_IMAGE052
authorized access policy values, which are
Figure 828913DEST_PATH_IMAGE053
,
Figure 150173DEST_PATH_IMAGE054
is a cascading symbol.

S23、勘探开发场区数据管理者

Figure 202705DEST_PATH_IMAGE023
构建
Figure 2034DEST_PATH_IMAGE055
次第一多项式
Figure 322157DEST_PATH_IMAGE056
,其中
Figure 79897DEST_PATH_IMAGE057
是变量,
Figure 619725DEST_PATH_IMAGE058
从有限域
Figure 488324DEST_PATH_IMAGE059
中选取,
Figure 459691DEST_PATH_IMAGE060
Figure 889798DEST_PATH_IMAGE061
次第一多项式的系数。S23. Exploration and development site data manager
Figure 202705DEST_PATH_IMAGE023
Construct
Figure 2034DEST_PATH_IMAGE055
first degree polynomial
Figure 322157DEST_PATH_IMAGE056
,in
Figure 79897DEST_PATH_IMAGE057
is the variable,
Figure 619725DEST_PATH_IMAGE058
from a finite field
Figure 488324DEST_PATH_IMAGE059
choose from,
Figure 459691DEST_PATH_IMAGE060
Yes
Figure 889798DEST_PATH_IMAGE061
coefficients of the first degree polynomial.

S24、 勘探开发场区数据管理者

Figure 681036DEST_PATH_IMAGE023
构建安全索引
Figure 353326DEST_PATH_IMAGE062
Figure 179200DEST_PATH_IMAGE063
是安全索引分量一,
Figure 514628DEST_PATH_IMAGE064
是安全索引分量二,
Figure 793163DEST_PATH_IMAGE065
是安全索引分量三,其中
Figure 737985DEST_PATH_IMAGE066
。S24. Exploration and development site data manager
Figure 681036DEST_PATH_IMAGE023
Build a secure index
Figure 353326DEST_PATH_IMAGE062
,
Figure 179200DEST_PATH_IMAGE063
is the security index component one,
Figure 514628DEST_PATH_IMAGE064
is the security index component two,
Figure 793163DEST_PATH_IMAGE065
is the security index component three, where
Figure 737985DEST_PATH_IMAGE066
.

S25、勘探开发场区数据管理者

Figure 654251DEST_PATH_IMAGE023
将安全索引上传至云服务器。S25. Exploration and development site data manager
Figure 654251DEST_PATH_IMAGE023
Upload the secure index to the cloud server.

进一步地,S3具体包括如下子步骤:Further, S3 specifically includes the following substeps:

S31、数据分析中心获取可信中心经安全信道发送的第一秘密参数

Figure 659116DEST_PATH_IMAGE032
,并重构授权访问S31. The data analysis center obtains the first secret parameter sent by the trusted center through the secure channel
Figure 659116DEST_PATH_IMAGE032
, and refactor authorized access

策略值

Figure 893788DEST_PATH_IMAGE067
,将该授权访问策略值发送给云服务器。policy value
Figure 893788DEST_PATH_IMAGE067
, and send the authorized access policy value to the cloud server.

优选地,S4具体包括如下子步骤:Preferably, S4 specifically includes the following sub-steps:

S41、云服务器根据数据分析中心发送的授权访问策略值

Figure 376722DEST_PATH_IMAGE068
构建向量一
Figure 646029DEST_PATH_IMAGE069
。S41. The cloud server sends the authorized access policy value according to the data analysis center
Figure 376722DEST_PATH_IMAGE068
build vector one
Figure 646029DEST_PATH_IMAGE069
.

S42、云服务器根据安全索引构建向量二

Figure 69400DEST_PATH_IMAGE070
。S42, the cloud server constructs the second vector according to the security index
Figure 69400DEST_PATH_IMAGE070
.

S43、云服务器进行密态数据检索测试,确定满足测试方程的密态数据,其中采用的测试方程为

Figure 56948DEST_PATH_IMAGE071
。S43. The cloud server performs a data retrieval test in a dense state, and determines the dense state data that satisfies the test equation, where the test equation used is:
Figure 56948DEST_PATH_IMAGE071
.

S44、云服务器计算拉格朗日插值系数

Figure 77993DEST_PATH_IMAGE072
,其中
Figure 467386DEST_PATH_IMAGE073
为与勘探开发场区数据管理者身份
Figure 49940DEST_PATH_IMAGE023
中的下标i不同的下标序号。S44, the cloud server calculates the Lagrangian interpolation coefficient
Figure 77993DEST_PATH_IMAGE072
,in
Figure 467386DEST_PATH_IMAGE073
Data manager identity for exploration and development sites
Figure 49940DEST_PATH_IMAGE023
The subscript i in the subscript number is different.

S45、云服务器对所有满足测试方程的密态数据进行聚合,生成聚合密态数据

Figure 524783DEST_PATH_IMAGE074
,并将聚合密态数据返回给数据分析中心,其中I表示成功上传自己的密态数据至云服务器的勘探开发场区数据管理者的下标集合,且
Figure 349520DEST_PATH_IMAGE075
Figure 327840DEST_PATH_IMAGE076
表示下标集合的大小。S45, the cloud server aggregates all the dense state data satisfying the test equation, and generates aggregated dense state data
Figure 524783DEST_PATH_IMAGE074
, and return the aggregated dense state data to the data analysis center, where I represents the subscript set of the data manager of the exploration and development site that successfully uploaded its own dense state data to the cloud server, and
Figure 349520DEST_PATH_IMAGE075
,
Figure 327840DEST_PATH_IMAGE076
Indicates the size of the subscript collection.

进一步地,S5具体包括如下子步骤:Further, S5 specifically includes the following substeps:

S51、数据分析中心获取可信中心分配的第二秘密参数

Figure 579830DEST_PATH_IMAGE077
和解密私钥
Figure 43435DEST_PATH_IMAGE078
。S51. The data analysis center obtains the second secret parameter assigned by the trusted center
Figure 579830DEST_PATH_IMAGE077
and decrypt the private key
Figure 43435DEST_PATH_IMAGE078
.

S52、数据分析中心将聚合密态数据乘上第二秘密参数

Figure 406283DEST_PATH_IMAGE077
,获得盲化后的聚合密态数据
Figure 504689DEST_PATH_IMAGE079
,然后对盲化后的聚合密态数据进行解密,得到时间周期t内的第j种原始油气勘探细粒度数据的聚合值
Figure DEST_PATH_IMAGE088
,其中
Figure 491362DEST_PATH_IMAGE081
Figure 675218DEST_PATH_IMAGE078
在乘法循环群
Figure 841758DEST_PATH_IMAGE082
中的逆元。S52. The data analysis center multiplies the aggregated secret state data by the second secret parameter
Figure 406283DEST_PATH_IMAGE077
, to obtain blinded aggregated dense state data
Figure 504689DEST_PATH_IMAGE079
, and then decrypt the blinded aggregated dense state data to obtain the aggregated value of the jth original fine-grained oil and gas exploration data in time period t
Figure DEST_PATH_IMAGE088
,in
Figure 491362DEST_PATH_IMAGE081
Yes
Figure 675218DEST_PATH_IMAGE078
Cyclic group in multiplication
Figure 841758DEST_PATH_IMAGE082
inverse of .

S53、数据分析中心在隐私保护状态下根据时间周期t内的第j种原始油气勘探细粒度数据的聚合值进行统计分析。统计分析包括对该种类型的油气勘探细粒度数据的平均状态值进行评估等。S53, the data analysis center performs statistical analysis according to the aggregated value of the jth original fine-grained oil and gas exploration data in the time period t in the privacy protection state. Statistical analysis includes evaluating the average state value of this type of oil and gas exploration fine-grained data.

对于勘探开发场区数据管理者

Figure DEST_PATH_IMAGE089
,因为有
Figure DEST_PATH_IMAGE090
,其中
Figure DEST_PATH_IMAGE091
Figure DEST_PATH_IMAGE092
,根据中国剩余定理可以得到:For exploration and development site data managers
Figure DEST_PATH_IMAGE089
, because there are
Figure DEST_PATH_IMAGE090
,in
Figure DEST_PATH_IMAGE091
and
Figure DEST_PATH_IMAGE092
, according to the Chinese remainder theorem, we can get:

Figure DEST_PATH_IMAGE093
Figure DEST_PATH_IMAGE093
.

因此,每个勘探开发场区数据管理者

Figure 76561DEST_PATH_IMAGE089
可以计算相同的值
Figure DEST_PATH_IMAGE094
。这些勘探开发场区数据管理者可以根据时间周期t的第j种类型油气勘探细粒度数据检索需求计算出相同的授权访问策略值
Figure DEST_PATH_IMAGE095
,这样数据分析中心就可以通过提交相同的授权访问策略值
Figure 562031DEST_PATH_IMAGE095
对云服务器中的聚合密态数据进行检索。Therefore, each exploration and development site data manager
Figure 76561DEST_PATH_IMAGE089
The same value can be calculated
Figure DEST_PATH_IMAGE094
. These exploration and development site data managers can calculate the same authorized access policy value according to the retrieval requirements of the jth type of oil and gas exploration fine-grained data in the time period t
Figure DEST_PATH_IMAGE095
, so that the data analysis center can access the policy value by submitting the same authorization
Figure 562031DEST_PATH_IMAGE095
Retrieve the aggregated dense state data in the cloud server.

一旦从数据分析中心接收到授权访问策略值

Figure 967605DEST_PATH_IMAGE095
,云服务器根据用于油气勘探密态数据检索的安全索引,构建向量一
Figure 937835DEST_PATH_IMAGE069
,构建向量二
Figure 777877DEST_PATH_IMAGE070
,测试方程的正确性推导如下:Once the authorized access policy value is received from the data analysis center
Figure 967605DEST_PATH_IMAGE095
, the cloud server constructs a vector
Figure 937835DEST_PATH_IMAGE069
, constructing vector two
Figure 777877DEST_PATH_IMAGE070
, the correctness of the test equation is derived as follows:

Figure DEST_PATH_IMAGE096
Figure DEST_PATH_IMAGE096

由于

Figure 136046DEST_PATH_IMAGE095
是每一个
Figure 61539DEST_PATH_IMAGE055
次函数的根,我们可以得到
Figure DEST_PATH_IMAGE097
。because
Figure 136046DEST_PATH_IMAGE095
is each
Figure 61539DEST_PATH_IMAGE055
the roots of the secondary function, we can get
Figure DEST_PATH_IMAGE097
.

云服务器产生聚合密态数据

Figure DEST_PATH_IMAGE098
,推导如下:Cloud server generates aggregated dense state data
Figure DEST_PATH_IMAGE098
, which is derived as follows:

Figure DEST_PATH_IMAGE099
Figure DEST_PATH_IMAGE099

然后,数据分析中心利用第二秘密参数

Figure 777736DEST_PATH_IMAGE077
计算盲化的聚合密态数据
Figure 236399DEST_PATH_IMAGE079
, 推导如下:
Figure DEST_PATH_IMAGE100
Then, the data analysis center utilizes the second secret parameter
Figure 777736DEST_PATH_IMAGE077
Computationally blinded aggregated dense state data
Figure 236399DEST_PATH_IMAGE079
, which is derived as follows:
Figure DEST_PATH_IMAGE100

其中,k表述

Figure DEST_PATH_IMAGE101
Figure DEST_PATH_IMAGE102
的倍数。Among them, k represents
Figure DEST_PATH_IMAGE101
Yes
Figure DEST_PATH_IMAGE102
multiples of .

最后,数据分析中心使用解密私钥

Figure DEST_PATH_IMAGE103
,解密方程
Figure DEST_PATH_IMAGE104
,推导如下:Finally, the data analysis center uses the decryption private key
Figure DEST_PATH_IMAGE103
, decrypt the equation
Figure DEST_PATH_IMAGE104
, which is derived as follows:

Figure 548825DEST_PATH_IMAGE104
Figure 548825DEST_PATH_IMAGE104

Figure DEST_PATH_IMAGE105
Figure DEST_PATH_IMAGE105
.

以上仅是本发明的优选实施方式,应当理解本发明并非局限于本文所披露的形式,不应看作是对其他实施例的排除,而可用于各种其他组合、修改和环境,并能够在本文所述构想范围内,通过上述教导或相关领域的技术或知识进行改动。而本领域人员所进行的改动和变化不脱离本发明的精神和范围,则都应在本发明所附权利要求的保护范围内。The above are only preferred embodiments of the present invention, and it should be understood that the present invention is not limited to the form disclosed herein, should not be regarded as an exclusion of other embodiments, but can be used in various other combinations, modifications and environments, and can be used in Within the scope of the concepts described herein, modifications can be made through the above teachings or skill or knowledge in the relevant field. However, modifications and changes made by those skilled in the art do not depart from the spirit and scope of the present invention, and should all fall within the protection scope of the appended claims of the present invention.

Claims (10)

1. The retrieval method of oil and gas exploration fine-grained dense-state data based on cloud storage is applied to an oil and gas exploration fine-grained dense-state data retrieval system, the oil and gas exploration fine-grained dense-state data retrieval system comprises a cloud server, an exploration and development field area data manager, a data analysis center and a credible center, the cloud server is respectively in communication connection with the exploration and development field area data manager, the data analysis center and the credible center, the credible center is respectively in communication connection with the exploration and development field area data manager and the data analysis center, and the exploration and development field area data manager has a plurality of time periods and a plurality of types of original oil and gas exploration fine-grained data, and is characterized by comprising the following steps:
s1, encryption and uploading of original oil and gas exploration fine-grained data: the method comprises the steps that a data manager of an exploration and development area obtains fault-tolerant parameters sent by a trusted center through a safety channel, encrypts original oil and gas exploration fine-grained data of the data manager by using the fault-tolerant parameters to generate corresponding secret data, and uploads the secret data to a cloud server;
s2, authorization of secret state data retrieval: an exploration and development field data manager obtains a large prime number sent by a trust center through a security channel, de-blindes a first public parameter which is disclosed by the trust center according to the large prime number, generates a first secret parameter for authorization retrieval after de-blinding, then makes a plurality of different authorization access strategy values according to the first secret parameter, recovers the first polynomial after taking each authorization access strategy value as a root of the first polynomial, generates a security index according to the recovered first polynomial, and uploads the generated security index to a cloud server, wherein the authorization access strategy value comprises type information of secret data and time period information of the secret data, and the type information and/or the time period information of the secret data contained in the different authorization access strategy values are different;
s3, searching secret state data: the data analysis center acquires a first secret parameter sent by the trusted center through a security channel, reconstructs an authorized access strategy value according to the first secret parameter, and sends the authorized access strategy value to the cloud server, wherein the reconstructed authorized access strategy value is one or more of authorized access strategy values made by an exploration and development field data manager;
s4, the cloud server aggregates the secret data: the cloud server retrieves the secret state data according to the security index and the authorized access strategy value sent by the data analysis center, aggregates the retrieved secret state data, and then returns the aggregated secret state data to the data analysis center;
s5, blinding, decrypting and statistically analyzing the aggregated confidential data: the data analysis center obtains a second secret parameter which is distributed by the credible center and used for blinding the ciphertext and a decryption private key used for decrypting the ciphertext, blinds the aggregated secret data according to the second secret parameter, decrypts the blinded aggregated secret data according to the decryption private key to obtain an aggregated value of original oil-gas exploration fine-grained data, and then carries out statistical analysis according to the aggregated value of the original oil-gas exploration fine-grained data in a privacy protection state.
2. The method for retrieving fine-grained dense data for oil and gas exploration based on cloud storage as claimed in claim 1, wherein said S1 is preceded by the steps of:
initializing a system: the trusted center sets a security password component related in the method, and a second polynomial, a first secret parameter, a second secret parameter and a third secret parameter based on a threshold secret sharing method, wherein the security password component comprises a homomorphic encryption public parameter, a decryption private key, a multiplication cyclic group, a generator of the multiplication cyclic group and a hash function.
3. The method for retrieving fine-grained dense-state data for oil and gas exploration based on cloud storage according to claim 2,
before the exploration and development field data manager acquires the fault-tolerant parameters sent by the trusted center through the safety channel, the exploration and development field data manager sends a registration request to the trusted center, and the trusted center records the registration information of the exploration and development field data manager and generates the fault-tolerant parameters and the large prime number;
before the data analysis center obtains a first secret parameter sent by the trusted center through a secure channel, the data analysis center sends a registration request to the trusted center, and the trusted center sends the first secret parameter, a second secret parameter and a decryption private key to the data analysis center according to the registration request.
4. The method for retrieving fine-grained dense-state data of oil and gas exploration based on cloud storage as claimed in claim 3, wherein the system initialization specifically comprises the following sub-steps:
the trust center selects the first large prime number
Figure 348453DEST_PATH_IMAGE001
And a second largest prime number
Figure 258640DEST_PATH_IMAGE002
Calculating the modulus
Figure 996920DEST_PATH_IMAGE003
Decrypting the private key
Figure 283545DEST_PATH_IMAGE004
Homomorphic encrypted public parameter one
Figure 922205DEST_PATH_IMAGE005
And homomorphic encryption public parameter two
Figure 268873DEST_PATH_IMAGE006
Wherein
Figure 353504DEST_PATH_IMAGE007
To a circulating group
Figure 164858DEST_PATH_IMAGE008
A generator of (2);
the credible center selects a p-factorial cyclic group G and a generator G of the multiplicative cyclic group G;
the trust center sets a hash function H, wherein
Figure 674337DEST_PATH_IMAGE009
Figure 942638DEST_PATH_IMAGE010
A bit string of an arbitrary length is represented,
Figure 904778DEST_PATH_IMAGE011
represents a p-1 factorial cyclic group;
the credible center selects a third secret parameter
Figure 782473DEST_PATH_IMAGE012
And
Figure 880879DEST_PATH_IMAGE013
second order polynomial
Figure 320082DEST_PATH_IMAGE014
Wherein
Figure 769518DEST_PATH_IMAGE015
Is a variable that is a function of,
Figure 188254DEST_PATH_IMAGE016
respectively from a finite field
Figure 141167DEST_PATH_IMAGE017
The coefficients of the selected second polynomial;
the trusted center publishes a first set of parameters
Figure 751271DEST_PATH_IMAGE018
And the second parameter is set
Figure 422423DEST_PATH_IMAGE019
And (5) performing safe preservation.
5. The method of claim 4 for retrieving fine grained dense data for oil and gas exploration based on cloud storage,
the exploration and development field data manager sends a registration request to a trusted center, the trusted center records registration information of the exploration and development field data manager and generates the fault-tolerant parameters and the large prime number, and the method specifically comprises the following sub-steps:
exploration and development field data manager selects own private key
Figure 907500DEST_PATH_IMAGE020
And calculates its own public key
Figure 980498DEST_PATH_IMAGE021
Then the public key of itself
Figure 761504DEST_PATH_IMAGE022
And its own identity
Figure 919953DEST_PATH_IMAGE023
Sending the information to a trusted center for registration;
the trust center sends a large prime number through the secure channel
Figure 668773DEST_PATH_IMAGE024
And fault tolerance parameters
Figure 861857DEST_PATH_IMAGE025
To the exploration and development field data manager, wherein
Figure 813763DEST_PATH_IMAGE026
The trusted center sends the information to the cloud server through the secure channel
Figure 459508DEST_PATH_IMAGE027
And the credible center records the registration information of the data manager of the exploration and development field area
Figure 20809DEST_PATH_IMAGE028
Wherein
Figure 333978DEST_PATH_IMAGE029
Figure 456786DEST_PATH_IMAGE030
To send to the trusted centerThe total number of survey development site data managers that initiated the registration request;
the data analysis center sends a registration request to a trusted center, and the trusted center sends a first secret parameter, a second secret parameter and a decryption private key to the data analysis center according to the registration request, and the method specifically comprises the following substeps:
the data analysis center sends the information containing the identity of the data analysis center to the trusted center
Figure 589827DEST_PATH_IMAGE031
The registration request of (2);
selection of a first secret parameter for authorized retrieval by a trusted center
Figure 846496DEST_PATH_IMAGE032
First secret parameter
Figure 791DEST_PATH_IMAGE032
Less than each large prime number
Figure 809347DEST_PATH_IMAGE033
Then, according to the Chinese remainder theorem, calculating the first public parameter of blindness
Figure 914837DEST_PATH_IMAGE034
Wherein
Figure 99831DEST_PATH_IMAGE035
Figure 371281DEST_PATH_IMAGE036
Representing and exploring development field data manager identity
Figure 85159DEST_PATH_IMAGE023
Subscript i in (1) is different from subscript number;
the trusted center selects a first random number
Figure 333738DEST_PATH_IMAGE037
First random number
Figure 541996DEST_PATH_IMAGE037
Satisfy the equation
Figure 418685DEST_PATH_IMAGE038
And calculating a second secret parameter
Figure 821241DEST_PATH_IMAGE039
The trusted center sends the data analysis center via a secure channel
Figure 416171DEST_PATH_IMAGE040
And publish
Figure 162541DEST_PATH_IMAGE041
6. The method for retrieving fine-grained dense-state data of oil and gas exploration based on cloud storage according to claim 5, wherein the step S1 specifically comprises the following sub-steps:
exploration and development field data manager acquires fault-tolerant parameters sent by trusted center through secure channel
Figure 159316DEST_PATH_IMAGE025
Exploration and development field data manager surveys fine-grained data of j original oil and gas in time period t
Figure 729843DEST_PATH_IMAGE042
Encrypting to generate the jth original oil and gas exploration fine-grained data in the time period t
Figure 421856DEST_PATH_IMAGE042
Secret state data of
Figure 486764DEST_PATH_IMAGE043
Wherein the secret data component is one
Figure 88777DEST_PATH_IMAGE044
Secret data component two
Figure 315359DEST_PATH_IMAGE045
Figure 871499DEST_PATH_IMAGE046
A second random number selected for an exploration and development field data manager;
data managers of exploration and development field regions send secret data
Figure 740098DEST_PATH_IMAGE047
And uploading to a cloud server.
7. The method for retrieving fine-grained and dense-state data of oil and gas exploration based on cloud storage as claimed in claim 6, wherein the step S2 specifically comprises the following substeps:
exploration and development field data manager obtains large prime number sent by trusted center through secure channel
Figure 931039DEST_PATH_IMAGE024
And de-blinding the blinded first public parameter to generate a first secret parameter
Figure 859681DEST_PATH_IMAGE032
Wherein
Figure 634608DEST_PATH_IMAGE048
Exploration and development field data manager establishes multiple authorized access strategy values
Figure 182264DEST_PATH_IMAGE049
And combining the various authorized access policy values into a retrieval policy set
Figure 742558DEST_PATH_IMAGE050
Wherein
Figure 327254DEST_PATH_IMAGE051
J-th original oil and gas exploration fine-grained data representing an exploration and development field data manager, t representing the time period of the original oil and gas exploration fine-grained data, and searching a strategy set
Figure 871368DEST_PATH_IMAGE050
Comprises
Figure 892606DEST_PATH_IMAGE052
An authorized access policy value of
Figure 307407DEST_PATH_IMAGE053
Figure 63005DEST_PATH_IMAGE054
Is a concatenated symbol;
exploration and development field data manager construction
Figure 563256DEST_PATH_IMAGE055
Second order polynomial
Figure 561037DEST_PATH_IMAGE056
Wherein
Figure 830344DEST_PATH_IMAGE057
Is a variable that is a function of,
Figure 756843DEST_PATH_IMAGE058
from a finite field
Figure 744391DEST_PATH_IMAGE059
The method comprises the steps of (1) randomly selecting,
Figure 283213DEST_PATH_IMAGE060
is that
Figure 407026DEST_PATH_IMAGE061
Coefficients of the second order first polynomial;
safety index construction by data manager of exploration and development field area
Figure 504427DEST_PATH_IMAGE062
Figure 713691DEST_PATH_IMAGE063
Is the one component of the security index, and,
Figure 53274DEST_PATH_IMAGE064
is the component two of the security index,
Figure 31595DEST_PATH_IMAGE065
is a security index component three, where
Figure 565475DEST_PATH_IMAGE066
And uploading the security index to a cloud server by the data manager of the exploration and development field.
8. The method for retrieving fine-grained dense-state data of oil and gas exploration based on cloud storage according to claim 7, wherein the step S3 specifically comprises the following sub-steps:
the data analysis center obtains a first secret parameter sent by the trusted center through a secure channel
Figure 527615DEST_PATH_IMAGE032
And reconstructing the authorized access policy value
Figure 142661DEST_PATH_IMAGE067
And sending the authorized access policy value to the cloud server.
9. The method for retrieving fine-grained and dense-state data of oil and gas exploration based on cloud storage according to claim 8, wherein the step S4 specifically comprises the following substeps:
the cloud server sends an authorized access policy value according to the data analysis center
Figure 241067DEST_PATH_IMAGE068
Construct vector one
Figure 945849DEST_PATH_IMAGE069
The cloud server constructs a vector two according to the security index
Figure 129705DEST_PATH_IMAGE070
The cloud server carries out retrieval test on the secret state data and determines the secret state data meeting a test equation, wherein the test equation is
Figure 811091DEST_PATH_IMAGE071
Cloud server computing Lagrange interpolation coefficient
Figure 29583DEST_PATH_IMAGE072
Wherein
Figure 374108DEST_PATH_IMAGE073
Developing site data manager identities for exploration
Figure 779681DEST_PATH_IMAGE023
Subscript i in (1) is different from subscript number;
the cloud server aggregates all the dense-state data meeting the test equation to generate aggregated dense-state data
Figure 861163DEST_PATH_IMAGE074
And returning the aggregated secret state data to the data analysis center, wherein I represents a subscript set of an exploration and development field data manager which successfully uploads the own secret state data to the cloud server, and
Figure 684894DEST_PATH_IMAGE075
Figure 449587DEST_PATH_IMAGE076
indicating the size of the set of indices.
10. The method for retrieving fine-grained dense data for oil and gas exploration based on cloud storage according to claim 9, wherein the step S5 specifically comprises the following sub-steps:
the data analysis center obtains a second secret parameter distributed by the credible center
Figure 591725DEST_PATH_IMAGE077
And decrypting the private key
Figure 365646DEST_PATH_IMAGE078
The data analysis center multiplies the aggregation secret state data by a second secret parameter
Figure 43883DEST_PATH_IMAGE077
Obtaining the blinded aggregated dense-state data
Figure 344590DEST_PATH_IMAGE079
And then decrypting the blinded aggregated dense-state data to obtain an aggregated value of j-th original oil-gas exploration fine-grained data in a time period t
Figure 724756DEST_PATH_IMAGE080
Wherein
Figure 53100DEST_PATH_IMAGE081
Is that
Figure 835111DEST_PATH_IMAGE078
In multiplication loop groups
Figure 456454DEST_PATH_IMAGE082
The inverse of (1);
and the data analysis center performs statistical analysis according to the aggregation value of the jth original oil and gas exploration fine-grained data in the time period t under the privacy protection state.
CN202210962115.3A 2022-08-11 2022-08-11 Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method Active CN115033908B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210962115.3A CN115033908B (en) 2022-08-11 2022-08-11 Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210962115.3A CN115033908B (en) 2022-08-11 2022-08-11 Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method

Publications (2)

Publication Number Publication Date
CN115033908A true CN115033908A (en) 2022-09-09
CN115033908B CN115033908B (en) 2022-10-21

Family

ID=83130320

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210962115.3A Active CN115033908B (en) 2022-08-11 2022-08-11 Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method

Country Status (1)

Country Link
CN (1) CN115033908B (en)

Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768951A (en) * 2018-05-03 2018-11-06 上海海事大学 The data encryption of protection file privacy and search method under a kind of cloud environment
CN108769020A (en) * 2018-05-29 2018-11-06 东北大学 A kind of the identity attribute proof system and method for secret protection
US20180373834A1 (en) * 2017-06-27 2018-12-27 Hyunghoon Cho Secure genome crowdsourcing for large-scale association studies
WO2019158209A1 (en) * 2018-02-16 2019-08-22 Ecole polytechnique fédérale de Lausanne (EPFL) Methods and systems for secure data exchange
US20200128022A1 (en) * 2018-10-19 2020-04-23 Digital Asset (Switzerland) GmbH Privacy preserving validation and commit architecture
CN111294366A (en) * 2020-05-13 2020-06-16 西南石油大学 Statistical analysis method for aggregation of encrypted data for resisting secret key leakage in smart power grid
CN111931249A (en) * 2020-09-22 2020-11-13 西南石油大学 Medical secret data statistical analysis method supporting transmission fault-tolerant mechanism
CN111930688A (en) * 2020-09-23 2020-11-13 西南石油大学 Method and device for searchable secret state data for multi-keyword query in cloud server
CN113194078A (en) * 2021-04-22 2021-07-30 西安电子科技大学 Cloud-supported privacy protection sequencing multi-keyword search encryption method
CN113204741A (en) * 2021-04-12 2021-08-03 中国电力科学研究院有限公司 Method and system suitable for intelligent power consumption data aggregation
CN113382016A (en) * 2021-06-28 2021-09-10 暨南大学 Fault-tolerant safe lightweight data aggregation method under intelligent power grid environment
CN114143094A (en) * 2021-12-02 2022-03-04 兰州理工大学 Multi-authorization attribute-based verifiable encryption method based on blockchain
CN114491578A (en) * 2021-12-24 2022-05-13 电子科技大学 A Secure Data Aggregation Method for Privacy Computing
US20220215948A1 (en) * 2021-01-07 2022-07-07 Abiomed, Inc. Network-based medical apparatus control and data management systems

Patent Citations (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20180373834A1 (en) * 2017-06-27 2018-12-27 Hyunghoon Cho Secure genome crowdsourcing for large-scale association studies
WO2019158209A1 (en) * 2018-02-16 2019-08-22 Ecole polytechnique fédérale de Lausanne (EPFL) Methods and systems for secure data exchange
CN108768951A (en) * 2018-05-03 2018-11-06 上海海事大学 The data encryption of protection file privacy and search method under a kind of cloud environment
CN108769020A (en) * 2018-05-29 2018-11-06 东北大学 A kind of the identity attribute proof system and method for secret protection
US20200128022A1 (en) * 2018-10-19 2020-04-23 Digital Asset (Switzerland) GmbH Privacy preserving validation and commit architecture
CN111294366A (en) * 2020-05-13 2020-06-16 西南石油大学 Statistical analysis method for aggregation of encrypted data for resisting secret key leakage in smart power grid
CN111931249A (en) * 2020-09-22 2020-11-13 西南石油大学 Medical secret data statistical analysis method supporting transmission fault-tolerant mechanism
CN111930688A (en) * 2020-09-23 2020-11-13 西南石油大学 Method and device for searchable secret state data for multi-keyword query in cloud server
US20220215948A1 (en) * 2021-01-07 2022-07-07 Abiomed, Inc. Network-based medical apparatus control and data management systems
CN113204741A (en) * 2021-04-12 2021-08-03 中国电力科学研究院有限公司 Method and system suitable for intelligent power consumption data aggregation
CN113194078A (en) * 2021-04-22 2021-07-30 西安电子科技大学 Cloud-supported privacy protection sequencing multi-keyword search encryption method
CN113382016A (en) * 2021-06-28 2021-09-10 暨南大学 Fault-tolerant safe lightweight data aggregation method under intelligent power grid environment
CN114143094A (en) * 2021-12-02 2022-03-04 兰州理工大学 Multi-authorization attribute-based verifiable encryption method based on blockchain
CN114491578A (en) * 2021-12-24 2022-05-13 电子科技大学 A Secure Data Aggregation Method for Privacy Computing

Non-Patent Citations (14)

* Cited by examiner, † Cited by third party
Title
KRZYSZTOF GRINING 等: "On practical privacy-preserving fault-tolerant data aggregation", 《INTERNATIONAL JOURNAL OF INFORMATION SECURITY》 *
RUN XIE 等: "Lattice-based searchable public-key encryption scheme for secure cloud storage", 《INTERNATIONAL JOURNAL OF WEB AND GRID SERVICES》 *
WEI ZHANG 等: "Inference Attack-Resistant E-Healthcare Cloud System with Fine-Grained Access Control", 《IEEE TRANSACTIONS ON SERVICES COMPUTIN》 *
XIAOJUN ZHANG 等: "Efficient light-weight private auditing scheme for cloud-based wireless body area networks", 《INTERNATIONAL JOURNAL OF ELECTRONIC SECURITY AND DIGITAL FORENSICS》 *
XIAOJUN ZHANG 等: "Lightweight Multidimensional Encrypted Data Aggregation Scheme With Fault Tolerance for Fog-Assisted Smart Grids", 《IEEE SYSTEMS JOURNA》 *
YINBIN MIAO 等: "Multi-Authority Attribute-Based Keyword Search over Encrypted Cloud Data", 《IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING》 *
ZHANG XIAOJUN 等: "Designated Cloud Server Public Key Encryption with Keyword Search from Lattice in the Standard Model", 《CHINESE JOURNALOF ELECTRONICS》 *
周俊 等: "边缘计算隐私保护研究进展", 《计算机研究与发展》 *
岳玮: "云环境下支持密文搜索的健康数据安全共享研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *
张晓均 等: "可验证的云存储医疗加密数据统计分析方案", 《计算机工程》 *
张金丹: "面向安全云存储的密码协议研究", 《中国优秀博士学位论文全文数据库 信息科技辑》 *
曹来成 等: "属性盲化的模糊可搜索加密云存储方案", 《北京理工大学学报》 *
郝嘉禄: "云计算数据安全及访问控制关键技术研究", 《中国优秀博士学位论文全文数据库 信息科技辑》 *
骆琴: "云数据共享的搜索与验证方法研究", 《中国优秀硕士学位论文全文数据库 信息科技辑》 *

Also Published As

Publication number Publication date
CN115033908B (en) 2022-10-21

Similar Documents

Publication Publication Date Title
US11425171B2 (en) Method and system for cryptographic attribute-based access control supporting dynamic rules
WO2018113563A1 (en) Database query method and system having access control function
CN104038341B (en) A kind of cross-system of identity-based acts on behalf of re-encryption method
CN104168108B (en) It is a kind of to reveal the traceable attribute base mixed encryption method of key
CN112989375B (en) A Hierarchical Optimization Encryption Lossless Privacy Protection Method
CN106059763B (en) Attribute-based multi-organization hierarchical ciphertext policy weight encryption method in cloud environment
CN104320393B (en) The controllable efficient attribute base proxy re-encryption method of re-encryption
CN104038349A (en) Effective and verifiable public key searching encryption method based on KP-ABE
CN108989026A (en) A kind of voidable method of user property under publish/subscribe environment
CN106375346A (en) A data protection method based on conditional broadcast agent re-encryption in cloud environment
Xu et al. Enabling authorized encrypted search for multi-authority medical databases
CN111953483B (en) A Criterion-Based Access Control Method for Multiple Authorities
Xu et al. Enabling comparable search over encrypted data for IoT with privacy-preserving
Sandhia et al. Secure sharing of data in cloud using MA-CPABE with elliptic curve cryptography
Deng et al. Tracing and revoking leaked credentials: accountability in leaking sensitive outsourced data
CN117240452A (en) A blockchain-based secure sharing method for plateau data
Cai et al. Vizard: A metadata-hiding data analytic system with end-to-end policy controls
CN115033908B (en) Cloud storage-based oil and gas exploration fine-grained dense-state data retrieval method
Roy et al. Mh-abe: multi-authority and hierarchical attribute based encryption scheme for secure electronic health record sharing
CN117155675A (en) A fine-grained access control method that supports data security classification in a dual-cloud environment
Lyu et al. Towards Personal Data Sharing Autonomy: A Task-driven Data Capsule Sharing System
Tang et al. Enabling Authorized Fine-Grained Data Retrieval over Aggregated Encrypted Medical Data in Cloud-Assisted E-health Systems
Chuang et al. An Efficient GDPR-Compliant Data Management for IoHT Applications
Devassy Research Project Questions
CN111970296A (en) Efficient file hierarchical attribute-based encryption method and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant