CN115225260B - Dynamic searchable encryption method - Google Patents

Dynamic searchable encryption method Download PDF

Info

Publication number
CN115225260B
CN115225260B CN202210549179.0A CN202210549179A CN115225260B CN 115225260 B CN115225260 B CN 115225260B CN 202210549179 A CN202210549179 A CN 202210549179A CN 115225260 B CN115225260 B CN 115225260B
Authority
CN
China
Prior art keywords
data
key
file identifier
client
keyword
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210549179.0A
Other languages
Chinese (zh)
Other versions
CN115225260A (en
Inventor
刘琴
彭宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hunan University
Original Assignee
Hunan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hunan University filed Critical Hunan University
Priority to CN202210549179.0A priority Critical patent/CN115225260B/en
Publication of CN115225260A publication Critical patent/CN115225260A/en
Application granted granted Critical
Publication of CN115225260B publication Critical patent/CN115225260B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/21Design, administration or maintenance of databases
    • G06F16/215Improving data quality; Data cleansing, e.g. de-duplication, removing invalid entries or correcting typographical errors
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/22Indexing; Data structures therefor; Storage structures
    • G06F16/2282Tablespace storage structures; Management thereof
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/20Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
    • G06F16/24Querying
    • G06F16/245Query processing
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Mining & Analysis (AREA)
  • Software Systems (AREA)
  • Quality & Reliability (AREA)
  • Computational Linguistics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention provides a dynamic searchable encryption method, which utilizes a double-chain structure to construct a file identifier encryption and decryption key, allows a client to update data stored in a server as required, and after deletion operation is performed, the double-chain key of a corresponding file cannot be completely recovered, so that the deleted file cannot be queried in a subsequent query process, and thus backward security is realized.

Description

Dynamic searchable encryption method
Technical Field
The invention relates to the technical field of dynamic searchable encryption, in particular to a dynamic searchable encryption method for constructing a secret key based on a double-chain structure so as to realize backward security.
Background
With the high-speed development of networks such as the internet, the internet of things and mobile terminals and intelligent devices, the variety and the scale of data are increasing at unprecedented speeds, and abundant data resources are formed. In order to store and share these data resources more conveniently, it is common practice for the data owner to host the own data at the local client to the service end such as the cloud platform, and then the service end provides various services for the data user. Meanwhile, in order to ensure data security, a data owner encrypts data at a client and then outsources ciphertext data to a server side such as a cloud platform for storage.
In order to securely develop various cloud services, such as a keyword-based query service, on encrypted data, searchable encryption techniques are widely used. To further satisfy the feature of data dynamics in big data environments, dynamic searchable encryption is proposed that allows users to update data that has been outsourced into the cloud platform on demand. Research shows how forward security and backward security are guaranteed in the updating process is two important aspects of the searchable encryption technology. Forward security requires that newly added files cannot be retrieved using the previous query trapdoor, and backward security emphasizes that files that have been deleted cannot be retrieved any more. The forward security can be realized by trapdoor replacement, keyword counter and other technologies, and the backward security usually needs complex encryption primitives (such as an public RAM (public key) or multiple rounds of interactive inquiry, so that the problem of low efficiency exists. Sun et al in document "Practical backward-secure searchable encryption from symmetric puncturable encryption" construct a symmetric puncturable encryption scheme using a puncturable pseudorandom function to achieve backward security on the premise of ensuring single round searching. However, in the deleting process, a large amount of PKS (Public Key Share) needs to be sent to the cloud server, so that a large amount of communication overhead is caused; in addition, symmetric puncturable encryption is based on an AES structure, and multiple rounds of AES encryption are involved in the construction process, so that the efficiency is low. Therefore, how to guarantee backward security while improving the operation efficiency of the dynamic query scheme remains a very troublesome problem.
Disclosure of Invention
In order to solve the above-mentioned defects existing in the prior art, the invention provides a dynamic searchable encryption method, utilize the double-chain structure to construct the file identifier encryption and decryption key, it allows the customer end to update the data stored in server end as required, the double-chain key of the corresponding file can not be fully recovered after carrying out the deletion operation, guarantee the file deleted can not be inquired in the subsequent inquiry process thus realize the backward security, meanwhile the scheme is based on the simple encryption primitive (such as hash function, pseudo-random function) to construct, the overall operation efficiency is high, realize safe and efficient dynamic addition, deletion and inquiry.
According to a first aspect of the present invention, there is provided a dynamically searchable encryption method comprising: a data adding step, a data deleting step and a data inquiring step;
the client comprises a plaintext index table DB, a master private key msk and a symmetric encryption key k e Wherein the DB stores keyword-file identifier pairs, each keyword w in the DB corresponds to a sub-data set DB (w), the sub-data set comprises all keyword-file identifier pairs corresponding to the keywords, the sub-data set is divided into one or more segments, a system parameter t represents the maximum number of keyword-file identifier pairs which can be contained in each segment, and a system parameter d represents the maximum number of keyword-file identifier pairs which can be deleted in each segment;
the server side comprises a ciphertext index table EDB, and the EDB comprises a query ciphertext index table T S Deleting ciphertext index table T D Storing ciphertext data generated by the data adding step;
the data adding step comprises the following steps:
step 101: the client determines the order c of the keyword-file identifier pairs to be operated (w, f) in DB (w), (w, f) in the segment p to which DB (w) belongs, and (w, f) in the segment p, records the total number cnt of keyword-file identifier pairs and the total number S of segments in DB (w) in a local table Tc (w)
Step 102: client side encrypts (w, f) and generates data addition trapdoorsWherein e 1 First query ciphertext as (w, f), e 2 Second query ciphertext of (w, f,)>E is 1 And e 2 At T S Order of e 3 Deletion ciphertext of (w, f), ++>E is 3 At T D Will be τ add Sending the message to a server;
step 103: server receives tau add Post-update EDB, letAnd->
Generating e in step 102 1 And e 2 The method specifically comprises the following steps:
step A1: for w and p, encryption is performed by HMAC algorithm H using msk, generating forward chain root key K of segment p w,p And a reverse link root key K' w,p ,(K w,p ,K′ w,p ) ≡h (msk, w||p), where||is string join operation;
step A2: generating (w, f) a corresponding file identifier keyb k =2K w,p,k,i -K′ w,p,k,i ,K w,p,k,i =X(d w,p,k ,i),K′ w,p,k,i =X(d′ w,p,k ,t+1-i),d w,p,k ←H(K w,p,k ),d′ w,p,k ←H(K′ w,p,k ) Wherein k is [1, d ]],/>Representing exclusive or operation, b k K is the kth double-stranded key of (w, f), K w,p,k,i K 'is the kth forward chain key of (w, f)' w,p,k,i The kth reverse link key, d, is (w, f) w,p,k The kth forward chain key, d 'for segment p' w,p,k A kth reverse link key that is segment p;
wherein X is a key cycle generation algorithm, and the first input is a seed key seed The second input is the iteration number n and the output pair key seed Iterating the numerical value after n times of hash functions are executed;
step A3: use sk w,f Generating a first query ciphertext from the encrypted file identifier fAccording to a unitary linear function F k (x)=(K′ w,p,k,i -K w,p,k,i )x+b k Generating a second query ciphertext->
Step 102 generatesAnd->The method specifically comprises the following steps:
step B1: encryption of w by a pseudo-random function F using msk to generate a position calculation key PK w ←F(msk,w);
Step B2: use of PK w Encrypting the position information of (w, f) to generate
Generating e in step 102 3 The method specifically comprises the following steps:
step C1: using k e P and i are encrypted through an encryption process SE.Enc of a symmetric encryption algorithm to generate a deleted ciphertext e 3 ←SE.Enc(k e ,p||i);
The data deleting step comprises the following steps:
step 201: the client encrypts the keyword-file identifier pair (w, f) to be operated on and generates a data deletion trapdoor tau del ←H(PK w W f), will tau del Sending the message to a server;
step 202: server receives tau del After that, obtain T Ddel ]The corresponding deleted ciphertext e 3 Send e 3 Giving the client;
step 203: client receives e 3 Thereafter, use k e Decryption process se.dec versus e by symmetric encryption algorithm 3 Decryption is performed to generate (w, f) segments and sequences in segments (p, i) ≡SE. Dec (k) e ,e 3 ) Recording (p, i) to a local table Tc (w);
the data query step comprises the following steps:
step 301: the client determines a segment set Q in which the data deletion step is not performed in a segment set R, DB (w) in which the data deletion step is performed in DB (w) and the number of times that the data deletion step is performed for each segment in set R according to cnt in Tc (w), S in w, and the keyword-file identifier pair to which the deletion step belongs and the order in the segments corresponding to the keyword w to be operated;
step 302: the client generates a data query trapdoor tau corresponding to the keyword w to be operated srh ←(cnt,PK w12 ) Wherein the first query information τ 1 ←(K w,q ,K′ w,q ) q∈Q ,K w,q For the forward link key of segment Q in set Q, K' w,q For the reverse link root key of segment Q in set Q, a second query information τ 2 ←((K w,r,h,j+1 ,K′ w,r,h,j-1 ) h∈[1,z] ,(d w,r,g ,d′ w,r,g ) g∈[z+1,d] ) r∈R Z is the number of times a data deletion step has been performed on segment R in set R, z.ltoreq.d, keyword-file identifier pair (w, f) at the j-th position on segment R r,j ) Is the object of the h-th data deletion step on segment r, K w,r,h,j+1 For the j+1th position keyword-file identifier pair (w, f) on segment r r,j+1 ) The h forward chain key, K' w,r,h,j-1 For the j-1 th location keyword-file identifier pair (w, f r,j-1 ) Is the h reverse link key, d w,r,g G ' forward chain key, d ' for segment r ' w,r,g The g-th reverse link key for segment r; client sends τ srh The server is given;
step 303: server receives tau srh Thereafter, according to τ srh Obtaining a file identifier Fu Mingwen corresponding to w and not subjected to the data deletion step, and obtaining the file identifier Fu Mingwen corresponding to w and not subjected to the data deletion step according to tau srh The file identifier Fu Mingwen corresponding to w and subjected to the data deletion step cannot be obtained;
step 304: the server returns the obtained plaintext of all the file identifiers to the client as a query result;
further, the dynamic searchable encryption method provided by the invention is characterized in that the data deleting step further comprises the following steps:
the server sends e 3 After the client is given, e corresponding to (w, f) in EDB 1 、e 2 、e 3 Is not cleared.
Further, the dynamically searchable encryption method provided by the present invention is characterized in that step 302 further includes:
client generation τ srh After that, empty T C [w]Is a content of (3).
Further, the dynamically searchable encryption method provided by the present invention is characterized in that step 303 includes:
step 3031: according to cnt and PK w Acquisition of T S A first query ciphertext and a second query ciphertext of all keyword-file identifier pairs corresponding to w;
step 3032: according to τ 1 Obtaining a key of a keyword-file identifier pair corresponding to the file identifier key in the set Q, and decrypting a corresponding first query ciphertext to obtain a file identifier Fu Mingwen in the set Q;
step 3033: according to τ 2 Obtaining a key of a corresponding file identifier of the keyword-file identifier pair in the set R, which has not executed the data deleting step, and decrypting the corresponding first query ciphertext to obtain a file identifier Fu Mingwen in the set Q.
According to a second aspect of the present invention, there is provided a computer device characterized by comprising:
a memory for storing instructions; and
and a processor for invoking the instructions stored in the memory to perform the dynamically searchable encryption method of the first aspect.
According to a third aspect of the present invention there is provided a computer readable storage medium storing instructions which, when executed by a processor, perform the dynamic searchable encryption method of the first aspect.
Compared with the prior art, the technical scheme of the invention has at least the following beneficial effects:
(1) The invention constructs the file identifier encryption and decryption key based on the key construction method of the double-chain structure, which allows the client to update the data stored in the server according to the need, and after the deletion operation is executed, the server cannot completely recover the double-chain key of the file even if the corresponding file is not cleared at the server, so that the decryption key cannot be obtained, and the file cannot obtain a plaintext in the subsequent query process, namely cannot be queried, thereby realizing the backward security of the dynamic update process.
(2) The encryption and decryption operations of the invention all adopt lightweight primitives, and particularly, complex calculation is not needed in the process of deleting data, and only the client is needed to record the deleted state.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the invention as claimed.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the invention and together with the description, serve to explain the principles of the invention.
FIG. 1 is a flow chart illustrating the main steps of dynamic encryption according to an exemplary embodiment.
FIG. 2 is a schematic diagram illustrating client-server interactions according to an example embodiment.
FIG. 3 is a schematic diagram illustrating a file identifier key generation process according to an example embodiment.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention. In addition, the technical features of the embodiments of the present invention described below may be combined with each other as long as they do not collide with each other.
Before explaining the technical scheme of the invention in detail, the meanings indicated by the partial symbols referred to in the text are listed as follows:
reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings.
The invention provides a dynamic searchable encryption method 10, as shown in fig. 1, which realizes dynamic update and security query at a server side such as a cloud platform through three different processes of a data adding step 100, a data deleting step 200 and a data querying step 300.
Wherein, the client is usually a terminal device of a data owner, such as a personal computer, a mobile phone and the like, and the data storage amount and the available functions are limited; the server side is usually a large-scale computer system such as a cloud platform and a cluster server, and has large data storage capacity and can provide powerful functions. Data owners often need to store data of clients to a server to obtain more services, but the server may not be trusted, so that encrypted data needs to be stored to the server, the encrypted data can be dynamically updated, and forward and backward security in the dynamic updating process is ensured.
In the initialization stage, the client preprocesses the local file data set to form a set of keyword-file identifier pairs, namely a plaintext index table DB, wherein each keyword in the DB corresponds to one sub-data set, the sub-data set comprises all keyword-file identifier pairs corresponding to the keyword, and the sub-data set is divided into one or more segments. Because the invention adopts the concept of segmentation to generate the queriable ciphertext index, the client generates system parameters (t, d) in the initialization process, wherein the system parameters t represent the maximum number of keyword-file identifier pairs which can be accommodated by each segment, and the system parameters d represent the maximum number of keyword-file identifier pairs which can be deleted in each segment.
In some embodiments, the client achieves the partitioning of the subset of data by processing the DB to form an inverted index, the order c of the keyword-file identifier pairs (w, f) in the DB (w), i.e., the order of (w, f) in the inverted index of w on the DB.
In the initialization stage, the client also generates a main private key msk and a symmetric encryption key k e . In some embodiments, a client generates msk and k from a given security parameter λ e
The server stores a ciphertext index table EDB, which comprises a query ciphertext index table T S Deleting ciphertext index table T D The ciphertext data generated in the data adding step 100 is stored, and in the initialization stage, the server may generate the data structure corresponding to the EDB in advance, or may be generated gradually in the data adding step 100. For a keyword-file identifier pair (w, f), its encrypted ciphertext is added to the EDB, where the query ciphertext e 1 And e 2 Stored in a query ciphertext index table T S In (a) and (b)Position for decrypting and recovering plaintext f and deleting ciphertext e in data query step 300 3 Stored in the deleted ciphertext index table T D Is->A location for feeding back to the client information that the file should be deleted in a data deletion step 200,and thus decrypted by the client.
Next, the data adding step 100, the data deleting step 200, and the data querying step 300 will be described in detail.
In the data adding step 100, for the keyword-file identifier pair to be operated (w, f), that is, the information of (w, f) needs to be added to the server, the steps include:
in step 101, the client determines (w, f) location information c, p, i, and stores size information cnt and S of DB (w) in Tc (w).
Specifically, the total number cnt of keyword-file identifier pairs in the DB (w) may be obtained when the client preprocesses to generate the DB, and in some embodiments, the client obtains the maximum ranking number of w in the inverted index on the DB by the inverted index, that is, the total number cnt of keyword-file identifier pairs in the DB (w); the total number S of segments of DB (w) can be obtained by calculationWherein->Representing an upward rounding.
For the position information of (w, f), including its order c in DB (w), the segment p to which it belongs in DB (w), the order i in segment p of (w, f), in some embodiments, the order c in DB (w) may be obtained by looking up (w, f) for it in the inverted index of w, the segment p to which it belongs may be obtained by calculationThe order i in the segment p can be calculated to obtain i=c% p,% being the remainder operation.
Cnt and S are stored in the local table Tc (w) in preparation for retrieval at the data query step 300 to construct a data query trapdoor.
Step 102: client side encrypts (w, f) and generates data addition trapdoorsWill tau add And sending the message to the server.
Specifically, e 1 First query ciphertext as (w, f), e 2 A second query ciphertext of (w, f),e is 1 And e 2 At T S Order of e 3 Deletion ciphertext of (w, f), ++>E is 3 At T D In order of (3)
Step 103: server receives tau add Post-update EDB, letAnd->
The key in the data addition step 100 is how the data addition trapdoor τ is generated in step 102 add Is provided, and its storage location.
Generating e in step 102 1 And e 2 The method specifically comprises the following steps:
step A1: for w and p, encryption is performed by HMAC algorithm H using msk, generating forward chain root key K of segment p w,p And a reverse link root key K' w,p I.e. (K) w,p ,K′ w,p )←H(msk,w||p)。
Step A2: generating (w, f) a corresponding file identifier key
For generating the file identifier key, there are several sets of forward and reverse links for segments p and (w, f), the number of which is determined by the system parameter d, i.e. the maximum number of keyword-file identifier pairs that can be deleted in each segment.
B in formula 1 k The kth double-stranded key of (w, f),k∈[1,d],Representing exclusive OR operation, sk w,f From d b k Obtained after the successive exclusive OR operation, so d b's need to be obtained k The value of b k The specific calculation method of (a) is as follows:
b k =2K w,p,k,i -K′ w,p,k,i (equation 2);
K w,p,k,i =X(d w,p,k ,i),K′ w,p,k,i =X(d′ w,p,k t+1-i) (formula 3);
d w,p,k ←H(K w,p ,k),d′ w,p,k ←H(K′ w,p,k ) (equation 4);
wherein K is w,p,k,i K 'is the kth forward chain key of (w, f)' w,p,k,i The kth reverse link key, d, is (w, f) w,p,k The kth forward chain key, d 'for segment p' w,p,k Is the kth reverse link key for segment p.
X is a key cycle generation algorithm, and the first input is a seed key seed The second input is the iteration number n and the output pair key seed Iterating the numerical value after n times of hash functions.
In some embodiments, the pseudo code of the algorithm is as follows:
from the key cycle generation algorithm and equation 3, it can be seen that:
K w,p,k,i+1 =X(K w,p,k,i ,1),K′ w,p,k,i-1 =X(K′ w,p,k,i 1) (equation 5);
thus, performing the (w, f) kth forward chain key once again by the X algorithm may obtain the (k) th forward chain key forward to the next sequence position, and performing the (w, f) kth reverse chain key once by the X algorithm may obtain the (k) th reverse chain key reverse to the next sequence position.
Step A3: use sk w,f Generating a first query ciphertext from the encrypted file identifier fAccording to a unitary linear function F k (x)=(K′ w,p,k,i -K w,p,k,i )x+b k Generating a second query ciphertext->
As will be appreciated by those skilled in the art, if one were to rely on ciphertext e 1 Decrypting the plaintext f, then obtaining sk is needed w,f I.e. each b needs to be calculated k Value of k.epsilon.1, d]。
On the one hand, it can be known from equations 3 and 4 that if the forward link key K of the segment p is obtained w,p And a reverse link root key K' w,p And i, each b can be calculated k Thereby obtaining the plaintext f for position i on segment p.
On the other hand, it can be known from equation 2 that the unitary linear function F k (x) Essentially based on two coordinate points (1, K) w,p,k,i ) And (2,K)' w,p,k,i ) Definite, b k Is F k (x) The intercept of e 2 Another point (3, F) storing the function k (3) A) is provided; thus, if corresponding to each F k (x) The forward chain key K of (w, f) can be obtained w,p,k,i And reverse link key K' w,p,k,i Either one of them can be selected from (1, K) w,p,k,i ) And (3, F) k (3) Either according to (2,K' w,p,k,i ) And (3, F) k (3) Two points, each F is calculated by Lagrange interpolation k (x) The intercept b of (2) k Thereby obtaining the plaintext f for position i on segment p.
Step 102 generatesAnd->The method specifically comprises the following steps:
step B1: encryption of w by a pseudo-random function F using msk to generate a position calculation key PK w ←F(msk,w);
Step B2: use of PK w Encrypting the position information of (w, f) to generate
The encryption can hide the position information of (w, f) in the DB from the server, and the ciphertext information of (w, f) can be stored in the encrypted position in the EDB.
Generating e in step 102 3 The method specifically comprises the following steps:
step C1: using k e P and i are encrypted through an encryption process SE.Enc of a symmetric encryption algorithm to generate a deleted ciphertext e 3 ←SE.Enc(k e ,p||i)。
Among them, the encryption algorithm includes various algorithms such as DES algorithm, 3DES algorithm, etc., and in some embodiments, the encryption algorithm uses AES algorithm.
In the data deletion step 200, for the keyword-file identifier pair to be operated (w, f), i.e., (w, f), corresponding ciphertext information in the EDB needs to be deleted, the steps of:
step 201: the client encrypts (w, f) and generates a data deletion trapdoor τ del ←H(PK w W f), will tau del And sending the message to the server.
Step 202: server receives tau del After that, obtain T Ddel ]The corresponding deleted ciphertext e 3 Send e 3 To the client.
From step 201 and step B2, τ del Andis consistent in the generation mode, and the content isH(PK w W f), thus T is Ddel ]Namely +.>The deleted ciphertext e corresponding to (w, f) can be obtained 3
Step 203: client receives e 3 Thereafter, use k e Decryption process se.dec versus e by symmetric encryption algorithm 3 Decryption is performed to generate (w, f) segments and sequences in segments (p, i) ≡SE. Dec (k) e ,e 3 ) Record (p, i) to the local table T c (w);
Due to e 3 Is encrypted by a symmetric encryption algorithm, and the client obtains e 3 Then, according to k corresponding to the client e I.e. the location information (p, i) of (w, f) can be obtained by decryption and recorded to the local table Tc (w), the data deletion step 200 has already been performed at (w, f) of the location, and the ciphertext information in the EDB should be deleted.
It will be appreciated by those skilled in the art that, due to the different data management mechanisms of the server side such as different cloud platforms, even if the client side sends a deletion command to the server side, the server side does not necessarily substantially clear the corresponding data.
In some embodiments, the server sends e 3 After the client is given, e corresponding to (w, f) in EDB 1 、e 2 、e 3 Is not cleared. For example, the server simply marks e 1 、e 2 、e 3 Is in a "deleted" state.
Then, when a query is made thereafter, data e which should have been deleted 1 、e 2 、e 3 May again be acquired by the server, which may thus obtain the plaintext of the data, creating a backward security risk, which is generally undesirable to the data owner.
The invention is used for generating the data query trapdoor containing the deletion information based on the double-chain key structure in the data query step 300 by locally recording the deletion information, so that the backward security risk can be avoided, the server can query the plaintext corresponding to all undeleted data ciphertext when executing the query step, and meanwhile, the plaintext information of the data ciphertext in the deleted state (whether the server has cleared the data ciphertext or not) can not be obtained.
In the data query step 300, the client needs to return the plaintext information of all the file identifiers f corresponding to the keywords w in the EDB, which is usually used to retrieve the files containing the keywords w stored in the server. Corresponding to the keyword w to be operated, comprising the steps of:
step 301: the client obtains cnt, S, and history deletion information from the information in Tc (w), and divides DB (w) into segment sets R and Q according to whether deletion has been performed.
Wherein cnt and S in Tc (w) are updated each time the data adding step 100 is performed, the history deletion information includes information recorded in Tc (w) after each execution of the data deleting step 200, that is, the deleted keyword-file identifier pair belongs to the segment and the order in the segment.
From the above information, it is possible to determine the segment set R in which the data deletion step is performed in DB (w), the segment set Q in which the data deletion step is not performed in DB (w), and the number of times each segment in the set R performs the data deletion step 200.
Step 302: client generates data query trapdoor tau srh ←(cnt,PK w12 ) Will tau srh And sending the message to the server.
Wherein the first query information τ 1 ←(K w,q ,K′ w,q ) q∈Q ,K w,q For the forward link key of segment Q in set Q, K' w,q A reverse link root key for segment Q in set Q;
second query information τ 2 ←((K w,r,h,j+1 ,K′ w,r,h,j-1 ) h∈[1,z] ,(d w,r,g ,d′ w,r,g ) g∈[z+1,d] ) r∈R Z is the number of times a data deletion step has been performed on segment R in set R, z.ltoreq.d, keyword-file identifier pair (w, f) at the j-th position on segment R r,j ) Is the object of the data deletion step performed the h time on segment r, K w,r,h,j+1 For the j+1th position keyword-file identifier pair (w, f) on segment r r,j+1 ) The h forward chain key, K' w,r,h,j-1 For the j-1 th location keyword-file identifier pair (w, f r,j-1 ) Is the h reverse link key, d w,r,g G ' forward chain key, d ' for segment r ' w,r,g An h reverse link key for segment r;
step 303: server receives tau srh Thereafter, according to τ srh Obtaining a file identifier Fu Mingwen corresponding to w and not subjected to the data deletion step, and obtaining the file identifier Fu Mingwen corresponding to w and not subjected to the data deletion step according to tau srh The file identifier Fu Mingwen of w corresponding to the data deletion step is not obtained.
Due to the requirement of backward security, the data query trapdoor τ srh The client cannot be made to acquire the ability to decrypt the ciphertext information from which the data deletion step has been performed, i.e., the client cannot be made to acquire the file identifier key of the ciphertext information. The object corresponding to the data deletion step performed the h time on segment r in step 302 is (w, f r,j ) Thus, the data query trapdoor τ srh Cannot be included to decrypt f ,j Is a complete information of (a).
Obviously from τ 1 From the content of (a), τ 1 Decryption information for each segment in set Q cannot be used for segment R in set R, so that the server cannot respond to τ 1 Recovery f r,j
And, from τ 2 The content of (1) indicates that the server cannot tau 2 Information decryption recovery f of (2) r,j
Specifically, as can be seen from the foregoing description of step A3, if f is to be recovered r,j Must obtain (w, f r,j ) B of (2) k Value of k.epsilon.1, d]. And calculate b k The minimum requirement of the value of (a) is to obtain the kth forward link key K w,r,k,j Or the kth reverse link key K' w,r,k,j
In one aspect, τ 2 The g (d) of the segment r is given w,r,g ,d′ w,r,g ),g∈[z+1,d]From equation 3, it can be seen that only (w, f) can be calculated r,j ) G-th forward chain key K of (c) w,r,g,j Or the g-th reverse link key K' w,r,g,j Thereby obtaining (w, f r,j ) B of (2) g But cannot calculate (w, f r,j ) Is the h forward chain key K w,r,h,j And an h-th reverse link key K' w,r,h,j ,h∈[1,z]Thus failing to obtain (w, f ,j ) B of (2) h
On the other hand, τ 2 (w, f) r,j+1 ) Is the h forward chain key K w,r,h,j+1 And (w, f) r,j-1 ) The h reverse link key K' w,r,h,j-1 Only (w, f) can be obtained according to equation 5 r,j+1 ) Each keyword-file identifier pair (w, f r,j+2 )、……、(w,f r,d ) An h forward chain key of (c), and (w, f) r,j-1 ) Each keyword-file identifier pair (w, f r,j-2 )、……、(w,f r,1 ) The h-th reverse link key of (b), and thus (w, f) cannot be calculated either r,j ) Is the h forward chain key K w,r,h,j And an h-th reverse link key K' w,r,h,j Thus failing to obtain (w, f r,j ) B of (2) h
Therefore, in step 303, the server side determines τ srh Only the file identifier Fu Mingwen corresponding to w, on which the data deletion step is not performed, can be obtained, and the file identifier Fu Mingwen corresponding to w, on which the data deletion step is performed, cannot be obtained.
Step 304: and the server returns the obtained plaintext of all the file identifiers to the client as a query result.
In some embodiments, step 303 specifically includes the steps of:
step 3031: according to cnt and PK w Acquisition of T S The first query ciphertext and the second query ciphertext of all keyword-file identifier pairs corresponding to w.
Specifically, in step 3031, the position is calculated by calculating the positionc∈[1,cnt]The first query ciphertext and the second query ciphertext of all keyword-file identifier pairs can be obtained>And, each keyword-file identifier pair belonging to the segment p can be obtained by calculation +.>The order i in the segment p can be calculated to obtain i=c% p.
Step 3032: according to τ 1 The key-file identifier pair corresponding to the key of the key-file identifier pair in the set Q is obtained, and the corresponding first query ciphertext is decrypted to obtain the file identifier Fu Mingwen in the set Q.
Specifically, in step 3032, the server uses τ for segments Q, q∈q in DB (w) where the data deletion step has not been performed 1 K in (B) w,q And K' w,q The forward and reverse chain keys of all the keyword-file identifier pairs on the segment are calculated according to equations 3, 4 and 5, and each double-chain key b of the keyword-file identifier pairs is further obtained according to equation 2 k ,k∈[1,d]Then, the file identifier keys of all keyword-file identifier pairs on the segment are calculated according to the formula 1, and the corresponding first query ciphertext is decrypted by the file identifier keys, so that all file identifiers Fu Mingwen on the segment are calculated.
Optionally, a double-chain key b is calculated k In the process, the double-chain key b is obtained by utilizing any one of the forward chain key and the reverse chain key of the keyword-file identifier pair and combining the second query ciphertext through Lagrange interpolation k
Step 3033: according to τ 2 Obtaining a key of a corresponding file identifier of the keyword-file identifier pair in the set R, which has not executed the data deleting step, and decrypting the corresponding first query ciphertext to obtain a file identifier Fu Mingwen in the set Q.
Specifically, in step 3033, a data deletion step is performed for DB (w)Segment R, R e R, server side utilizes τ 2 G-th forward and reverse link keys (d) w,r,g ,d′ w,r,g ),g∈[z+1,d]The g-th forward and reverse chain keys of all keyword-file identifier pairs on the segment are calculated according to equations 3, 4, and the g-th double-chain key b of the keyword-file identifier pairs is further obtained according to equation 2 g
Optionally, a double-chain key b is calculated g In the time, the double-chain key b is obtained by utilizing any one of the g forward chain key and the reverse chain key of the keyword-file identifier pair and combining the second query ciphertext through Lagrange interpolation g
On the segment r, the object of the h-th execution of the data deletion step is (w, f) r,j ) The server side utilizes tau 2 Middle K w,r,h,j+1 And K w,r,h,j-1 Obtaining (w, f) according to equation 5 r,j+1 ) An h-th forward chain key of each key-file identifier pair forward and backward, and (w, f) r,j-1 ) The h reverse chain key of each keyword-file identifier pair in the backward direction is combined with the second query ciphertext to obtain the division (w, f) of the segment r by Lagrange interpolation r,j ) The h double-stranded key b of each keyword-file identifier pair h
For all keyword-file identifier pairs on segment r for which the data deletion step has not been performed, combine b g And b h The file identifier key may be obtained according to equation 1, and the corresponding first query ciphertext is decrypted using the file identifier key, thereby calculating all file identifications Fu Mingwen on the segment for which the data deletion step has not been performed.
In some embodiments, the client is generating τ srh After that, empty T C [w]Is a content of (3). Thus enabling T C [w]The content of (c) does not increase all the time. Empty T C [w]The basis of (2) is: according to the access mode, once the server queries the related file of w, the file information contained in the keyword is actually exposed to the server. For inquiring the file added later, we can use the existing forward security technologyThe server can be ensured to be unable to obtain the corresponding information of the newly added data.
Based on the same inventive concept, the present invention provides an embodiment of a dynamic searchable encryption method, as shown in fig. 2.
The client runs an initialization algorithm to generate a main private key msk and a symmetric encryption key k required by the system e And system parameters params≡ (t, d); in order to add a file to a server (for example, a cloud server), a data adding step is performed, and a client forms a data adding trapdoor τ locally add And send to cloud server, cloud server receives τ add Post-updating the EDB; in order to delete files already outsourced to the cloud server, a data deletion step is performed, the client generates a data deletion trapdoor τ del And send to cloud server, cloud server updates EDB after receiving and returns the corresponding segmentation information to the client, the client updates T locally according to the returned result C The method comprises the steps of carrying out a first treatment on the surface of the In order to query a file containing the keyword w, a data query step is performed, and the client generates a data query trapdoor τ locally srh Then the cloud server receives tau srh And querying the undeleted files on the EDB, and returning the result IND to the client.
In this embodiment, as shown in fig. 3, the client preprocesses the local data set to form DB, where DB (w 1 ) W in 1 The corresponding file is { f 1 ,f 2 ,f 3 ,f 4 ,f 5 ,f 6 ,f 7 ,f 8 Client side initializing and generating a main private key msk and a symmetric encryption key k e The system parameter params≡ (t=4, d=2) is set.
Executing the data adding step, and generating tau by the client add And sending the cloud server. The method comprises the following specific steps:
(a) According to the system parameters, the client transmits DB (w 1 ) Divided into two sections, p 1 And p 2 At the same time w 1 Writing the total number of the corresponding files and the number of the segments into T C [w 1 ]And (8, 2). As shown in FIG. 3, p 1 The file corresponding to the segment is { f 1 ,f 2 ,f 3 ,f 4 },p 2 The file corresponding to the segment is { f 5 ,f 6 ,f 7 ,f 8 }。
(b) The client calculates the position calculation key by using the pseudo-random functionGenerating forward and reverse link keys for different segments using HMAC algorithm, where p 1 Section corresponds to-> p 2 Section corresponds to->Further calculation of forward and reverse link keys for different segments, as shown in FIG. 3, at p 1 Segment is exemplified by p, since d=2 1 The segment has 2 sets of forward and reverse chain keys, set 1 is +.>Group 2 is
(c) For each keyword-file identifier pair, the client computes a corresponding file identifier key to encrypt the file identifier. As shown in fig. 3, at (w 1 ,f 1 ) For example, it is at p 1 The forward ordering of segments is 1, the reverse ordering is 4, since d=2, (w 1 ,f 1 ) There are 2 sets of forward and reverse link keys, with set 1 beingGroup 2->Further, calculate (w 1 ,f 1 ) Corresponding 2 double-chain keys b 1 And b 2Then calculate (w 1 ,f 1 ) Corresponding file identifier key->Client side generation->
(d) Corresponds to (w) 1 ,f 1 ) The client side is according toAnd->Generating a unitary primary function->According to->Andgenerating a unitary primary function->Further, calculate +.>
(e) Corresponds to (w) 1 ,f 1 ) Client computingAnd->w 1 ||f 1 ) Finally produce->As (w) 1 ,f 1 ) τ of (V) add And sent to the cloud server. />
After receiving τ by cloud server add ExecuteAnd->
Executing the data adding step, and generating tau by the client del Sending the data to a cloud server, wherein the cloud server is used for sending the data according to tau del Ciphertext e to be deleted after EDB access 3 And returning to the client. The method comprises the following specific steps:
(f) In case the user wishes to delete (w 1 ,f 1 ) Corresponding ciphertext is taken as an example, and is calculated at a clientAnd sending the cloud server to a cloud server;
(g) Cloud server receives tau del From T Ddel ]Find the corresponding ciphertextAnd sending the message to the client.
(h) Cloud server receives tau del The client receivesPost execution->Obtaining (w) 1 ,f 1 ) Located at segment p 1 And store the information to T C [w 1 ]。
Notably, from the user's wish, cloud servicesThe receiver receives tau del Should be deleted afterwards (w 1 ,f 1 ) All ciphertext corresponding, but the cloud server does not necessarily clear the ciphertext data completely.
Executing a data query step, and generating tau by the client srh And returning the query result IND to the client after the cloud server executes the query.
(i) Querying keyword w with client 1 As an example. The client first depends on the local T C [w 1 ]Obtain w 1 P corresponding to 1 File f of 1 st position of segment 1 After the data deletion step has been performed, and is p 1 First deletion on segment while acquiring w 1 The corresponding total number of files cnt=8.
(j) For p 1 Segmentation, client will generateAnd->Generate->And->For p 2 Segmentation, since the data deletion step is not performed, generates +.>And->GeneratingWill tau srh Sending to cloud server
(k) When cloud server receives tau srh According to the firstc∈[1,8]Find w 1 First query ciphertext of all corresponding keyword-file identifier pairs>
It should be noted that, for the data deletion step (w 1 ,f 1 ) If the cloud server has not been purged (w) before (h) 1 ,f 1 ) Corresponding query ciphertext, the cloud server can still perform the following stepsFind ciphertext->However, since the cloud server is according to +>Failure to obtain->And->Either one, b cannot be obtained by Lagrange interpolation 1 Further, it is impossible to obtain->For decrypting->So even if the cloud server retains ciphertext ++>The query result IND will not include the plaintext f 1 Thereby ensuring the backward safety.
For the followingc∈[2,8]Cloud server according to tau srh Content acquisition->For->Decryption can obtain f c The cloud server inquires the result IND= { f 2 ,f 3 ,f 4 ,f 5 ,f 6 ,f 7 ,f 8 And returns to the client.
Other embodiments of the invention will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This application is intended to cover any variations, uses, or adaptations of the invention following, in general, the principles of the invention and including such departures from the present disclosure as come within known or customary practice within the art to which the invention pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the invention being indicated by the following claims.
It is to be understood that the invention is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be effected without departing from the scope thereof. The scope of the invention is limited only by the appended claims.

Claims (6)

1. A dynamically searchable encryption method comprising: a data adding step, a data deleting step and a data inquiring step;
the client includes a plaintext index tableMain private Key->Symmetric encryption key->Wherein->Storing keyword-file identifier pairs, +.>Is +.>Are all corresponding to a sub data set +.>The sub-data set comprises all keyword-file identifier pairs corresponding to the keywords, the sub-data set is divided into one or more segments, system parameters->The maximum number of keyword-file identifier pairs which can be accommodated by each segment is indicated, the system parameter +.>Representing the maximum number of keyword-file identifier pairs that can be deleted in each segment;
the server side comprises a ciphertext index table,/>Includes inquiring cipher text index table->And delete ciphertext index table->Storing ciphertext data generated by the data adding step;
the data adding step comprises the following steps:
step 101: the client determines a keyword-file identifier pair to be operated onAt->Order of->At->The segment to which (a) belongs->And->In section->Order of->Local form->RecordingTotal number of keyword-file identifier pairs +.>And total number of segments->
Step 102: the client pairEncrypting and generating data addition trapdoorsWherein->Is->First query ciphertext, ">Is->Second query ciphertext, ">Is->And->At->Order of (a),>is->Ciphertext (S) deletion->Is->At->In the order of (3) toSending the data to the server;
step 103: the server receives the dataPost-update->Let->And
the generation in the step 102And->The method specifically comprises the following steps:
step A1: for the followingAnd->Use +.>By HMAC algorithm->Encryption is performed to generate a segment->Is +.>And reverse Link Key->,/>Wherein->Performing connection operation for the character strings;
step A2: generatingCorresponding file identifier key->,/>,/>,/>Wherein->,/>Representing exclusive OR operation, ++>Is->Is>Double-stranded key->Is->Is>A forward chain key,>is->Is>Reverse link key>For section->Is>A forward chain key,>for section->Is>Inverse of each otherA chaining key;
wherein,for the key round generation algorithm, the first input is the seed key +.>The second input is the iteration number n, outputting p +.>Iterating the numerical value after n times of hash functions are executed;
step A3: usingEncrypted file identifier +.>Generating a first query ciphertext->According to a unitary linear function->Generating a second query ciphertext->
The generation in the step 102And->The method specifically comprises the following steps:
step B1: usingBy pseudo-random function->For->Encryption is performed to generate a position calculation key
Step B2: usingFor->Encryption of the location information of (1) to generate +.>
The generation in the step 102The method specifically comprises the following steps:
step C1: usingEncryption process by means of a symmetric encryption algorithm>For->And->Encrypting to generate a deleted ciphertext
The data deleting step comprises the following steps:
step 201: the client side treats the key word-file identifier pair of the operationEncryption and generation of data deletion trapdoor->Will->Sending the data to the server;
step 202: the server receives the dataAfter that, get->Is to delete ciphertext->Send->Giving the client;
step 203: the client receivesAfter that, use +.>Decryption process by symmetric encryption algorithm>For->Decryption is performed to generate->At->Is +.>Will->Record to local form->
The data query step comprises the following steps:
step 301: the client corresponds to the keyword to be operatedAccording to->Is->、/>And determining +_f for the segment to which the keyword-file identifier pair of the deletion step has been performed and the order in the segment to which it belongs>Segment set in which the data deletion step is performed +.>、/>The set of segments for which said data deletion step has not been performed +.>Set->The number of times the data deletion step is performed for each segment;
step 302: the client generates keywords corresponding to the operation to be performedData query trapdoor of (a)Wherein the first query information +.>,/>For the collection->Middle section->Is a forward link key of->For the collection->Middle section->Reverse link root key of (2), second query information,/>Is a set->Middle section->The number of times said data deletion step was performed,/-up>Sectional->Go up to->keyword-File identifier pair of location +.>Is in the section->Go up to->An object performing the data deletion step a second time,/->For section->Go up to->Position keyword-file identifier pair +.>Is>A forward chain key,>is->Location keyword-file identifier pairIs>Reverse link key>For section->Is>A forward chain key,>for section->Is>A reverse link key; the client sends->Giving the server side;
step 303: the server receives the dataAfter that, according to->Obtain->Corresponding file identifier Fu Mingwen, which has not been subjected to the data deletion step, according to +.>Failure to obtain->Corresponding file identifiers Fu Mingwen after the data deletion step is executed;
step 304: and the server returns the obtained plaintext of all the file identifiers to the client as a query result.
2. The dynamic searchable encryption method according to claim 1, wherein said data deletion step further comprises:
the server sendsAfter giving the client, the user is left with the right>Middle->Corresponding->、/>、/>Is not cleared.
3. The dynamic searchable encryption method according to claim 1, wherein said step 302 further comprises:
the client sideGeneratingAfter that, empty->Is a content of (3).
4. The dynamic searchable encryption method according to claim 1, wherein said step 303 comprises:
step 3031: according toAnd->Acquisition->Middle->A first query ciphertext and a second query ciphertext of all corresponding keyword-file identifier pairs;
step 3032: according toGet collection->The key word-file identifier pair corresponding to the file identifier key, and decrypting the corresponding first query ciphertext to obtain the set +.>A file identifier Fu Mingwen in (a);
step 3033: according toGet collection->Keyword-file identifier pair corresponding to the file identifier key for which the data deletion step is not executed, decrypting the corresponding first query ciphertext to obtain a set +.>Is identified Fu Mingwen by a file in the file system.
5. A computer device, comprising:
a memory for storing instructions; and
a processor for invoking the instructions stored in the memory to perform the dynamically searchable encryption method as recited in any of claims 1-4.
6. A computer readable storage medium storing instructions which, when executed by a processor, perform the dynamically searchable encryption method of any of claims 1-4.
CN202210549179.0A 2022-05-20 2022-05-20 Dynamic searchable encryption method Active CN115225260B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210549179.0A CN115225260B (en) 2022-05-20 2022-05-20 Dynamic searchable encryption method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210549179.0A CN115225260B (en) 2022-05-20 2022-05-20 Dynamic searchable encryption method

Publications (2)

Publication Number Publication Date
CN115225260A CN115225260A (en) 2022-10-21
CN115225260B true CN115225260B (en) 2024-04-12

Family

ID=83608229

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210549179.0A Active CN115225260B (en) 2022-05-20 2022-05-20 Dynamic searchable encryption method

Country Status (1)

Country Link
CN (1) CN115225260B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105681280A (en) * 2015-12-29 2016-06-15 西安电子科技大学 Searchable encryption method based on Chinese in cloud environment
CN108319670A (en) * 2018-01-23 2018-07-24 湖南大学 The dynamic ranking searching method that can verify that based on cloud computing
CN110166466A (en) * 2019-05-28 2019-08-23 湖南大学 It is a kind of efficiently the multi-user of renewal authority to can search for encryption method and system
CN110457915A (en) * 2019-07-17 2019-11-15 华中科技大学 Efficiently and there is front and back can search for symmetric encryption method and system to safety
CN112734572A (en) * 2021-01-07 2021-04-30 华南农业大学 Fine-grained access control method and system based on double block chains

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105681280A (en) * 2015-12-29 2016-06-15 西安电子科技大学 Searchable encryption method based on Chinese in cloud environment
CN108319670A (en) * 2018-01-23 2018-07-24 湖南大学 The dynamic ranking searching method that can verify that based on cloud computing
CN110166466A (en) * 2019-05-28 2019-08-23 湖南大学 It is a kind of efficiently the multi-user of renewal authority to can search for encryption method and system
CN110457915A (en) * 2019-07-17 2019-11-15 华中科技大学 Efficiently and there is front and back can search for symmetric encryption method and system to safety
CN112734572A (en) * 2021-01-07 2021-04-30 华南农业大学 Fine-grained access control method and system based on double block chains

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
Dynamic multi-client searchable symmetric encryption with support for boolean queries;Leilei Du et al.;Information Sciences;20200131;全文 *
Dynamic searchable symmetric encryption with forward and backward privacy;Yu peng et al.;TrustCom;20220331;全文 *
Enabling verfiable and dynamic rankedseearch over outsourced data;Qin Liu et al.;TSC;20190611;全文 *
云存储中一种支持可验证的模糊查询加密方案;朱小玉;刘琴;王国军;;电子与信息学报;20170413(07);全文 *
基于错误学习的自适应等级可搜索加密方案;张恩;侯缨盈;李功丽;李会敏;李钰;;计算机应用;20190927(01);全文 *

Also Published As

Publication number Publication date
CN115225260A (en) 2022-10-21

Similar Documents

Publication Publication Date Title
CN106815350B (en) Dynamic ciphertext multi-keyword fuzzy search method in cloud environment
Mayberry et al. Efficient private file retrieval by combining ORAM and PIR
Moataz et al. Constant communication ORAM with small blocksize
US10075288B1 (en) Systems, devices, and processes for homomorphic encryption
CN110689349B (en) Transaction hash value storage and searching method and device in blockchain
CN112800445B (en) Boolean query method for forward and backward security and verifiability of ciphertext data
CN112270006A (en) Searchable encryption method for hiding search mode and access mode in e-commerce platform
CN110166466B (en) Multi-user searchable encryption method and system capable of efficiently updating permissions
WO2017036547A1 (en) Method for providing encrypted data in a database and method for searching on encrypted data
CN110457915B (en) Efficient searchable symmetric encryption method and system with forward and backward security
CN111026788A (en) Homomorphic encryption-based multi-keyword ciphertext sorting and retrieving method in hybrid cloud
CN107094075B (en) Data block dynamic operation method based on convergence encryption
CN109213731B (en) Multi-keyword ciphertext retrieval method based on iterative encryption in cloud environment
CN108595554B (en) Multi-attribute range query method based on cloud environment
CN113434739B (en) Forward-safe multi-user dynamic symmetric encryption retrieval method in cloud environment
CN110427771B (en) Searchable encryption method with hidden retrieval mode and cloud server
CN114142996A (en) Searchable encryption method based on SM9 cryptographic algorithm
CN106874379B (en) Ciphertext cloud storage-oriented multi-dimensional interval retrieval method and system
CN109672525B (en) Searchable public key encryption method and system with forward index
CN115225260B (en) Dynamic searchable encryption method
CN109409111B (en) Encrypted image-oriented fuzzy search method
CN116821056A (en) Trusted third party-based hidden query method, system, device and storage medium
Al-Sakran et al. Efficient Cryptographic Technique for Securing and Accessing Outsourced Data
Zhang et al. Dual-Server Boolean Data Retrieval for Highly-Scalable Secure File Sharing Services
CN109165226B (en) Searchable encryption method for ciphertext large data set

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant