CN115412233A - Searchable encryption method and system with forward and backward privacy based on attributes on block chain - Google Patents
Searchable encryption method and system with forward and backward privacy based on attributes on block chain Download PDFInfo
- Publication number
- CN115412233A CN115412233A CN202210990925.XA CN202210990925A CN115412233A CN 115412233 A CN115412233 A CN 115412233A CN 202210990925 A CN202210990925 A CN 202210990925A CN 115412233 A CN115412233 A CN 115412233A
- Authority
- CN
- China
- Prior art keywords
- user
- data
- index
- retrieval
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/901—Indexing; Data structures therefor; Storage structures
- G06F16/9014—Indexing; Data structures therefor; Storage structures hash tables
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
- G06F16/90335—Query processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Abstract
The invention discloses a searchable encryption method and a system method based on attributes and having forward and backward privacy on a block chain, wherein the method comprises the following steps: s1, generating system parameters SPP and publishing the SPP to generate a private key dk 1 And dk 2 Generating a private key K for a user u (ii) a S2, generating an index ciphertext set EDB and an updated mapping sigma for the document, and deploying the EDB to a block chain; s3, when the data user DU carries out retrieval operation, the private key is usedK u Encrypting the keyword q to obtain a retrieval trapdoor Tra and sending the retrieval trapdoor Tra to a block chain network; s4 according to EDB [ H ] 2 (C)]Judging whether the user has corresponding access authority; after the authority check is passed, the authority is checked according to EDB [ H ] 2 (C)]Obtaining a corresponding state value; s5, after the data user receives the result set MEI, the private key K is used u And recovering the corresponding plaintext content. The invention can effectively set the access authority of the user; meanwhile, forward privacy and backward privacy of data are realized; and by using the block chain, the decentralization of the retrieval is realized.
Description
Technical Field
The invention belongs to the technical field of information retrieval and cryptography, and particularly relates to a searchable encryption method and system based on attributes and having forward and backward privacy on a block chain.
Background
With the rapid development of internet technology, the popularity of cloud computing technology, and the exponential growth in the amount of user data, more and more enterprise users and individuals choose to store their data in the cloud, which alleviates their own overhead of managing and storing data. The user can retrieve data in the cloud anytime and anywhere and can easily share the data to the licensee. However, cloud computing offers us convenience and also presents a serious security risk. When data is outsourced to a cloud server in clear text, it may be subject to illegal access by a cloud service provider or hacker. The conventional solution is to encrypt data and store the encrypted data in a cloud server in a form of ciphertext, but the conventional plaintext retrieval technology cannot be applied to the ciphertext.
In order to enable a user to perform keyword search on ciphertext data, a Searchable Encryption (SE) technique has been proposed as a solution. According to different Encryption methods, searchable Encryption can be divided into Searchable Symmetric Encryption (SSE) and Public Key Encryption with Keyword Search (PEKS). In public key based searchable encryption, data owners encrypt data using a public key of a given user before uploading the data to a cloud server, after which these users can search and decrypt the data using their private keys.
However, the two types of searchable encryption schemes mostly depend on a trusted authority in the aspect of private key generation and distribution, and the trusted authority becomes an attack target of most hackers on the aspect; on the other hand, the "trustfulness" of the trusted authority once disappeared, the security of the user data is flushed. Therefore, researchers have attempted to apply the block chain technique having the characteristics of decentralization and the like to the searchable encryption field, and have proposed many schemes. These are mainly performed by storing data separately from an index, storing the data in a server, storing the index on a blockchain, and performing encrypted retrieval using the blockchain. And uploading the data encryption to a server by a data owner, sending the generated retrieval trapdoor to a block chain for query when a user needs to query keywords, and acquiring corresponding data from the server according to a returned result. The searchable encryption based on the block chain realizes decentralization of a retrieval process, ensures the legality of returned results, and reduces the storage space and the searching cost of a cloud server.
Although existing workers provide solutions as blockchain-based searches, none of the existing solutions can simultaneously address three issues of recentering of retrieval, fine-grained access control to users, forward privacy and backward privacy of data, and the like.
The decentralized search can solve the problem of single point of failure, so that the stability of the system is improved, and most of the existing work is search operation through a single server; fine-grained access control on users plays a very important role in ensuring data security of data owners, and a multi-user mode of the users has many application scenes, and existing methods on some block chains do not support the characteristic; the forward privacy of the data ensures that a user cannot retrieve the data updated after the trapdoor is generated by using a previously generated retrieval trapdoor, while the backward privacy of the data ensures that the user cannot retrieve the data which is added before but deleted now by using the retrieval trapdoor.
In summary, even though some work has proposed excellent solutions to some of the above three problems, it is inevitable to make compromises in other aspects, and the three problems cannot be solved at the same time. Therefore, how to design a complete block chain attribute-based searchable encryption scheme method with forward and backward privacy on a block chain in the context of big data and cloud storage becomes a critical problem to be solved urgently.
Disclosure of Invention
The invention mainly aims to overcome the defects of the prior art and provide a searchable Encryption method and a searchable Encryption system with forward and backward privacy Based on attributes on a block chain, and a Ciphertext strategy is utilized to support fine-grained access control on a user Based on Attribute Encryption (CP-ABE for short), so that the access authority of the user can be effectively set; the forward privacy and the backward privacy of the data are realized at the same time; and by using the block chain, the decentralization of retrieval is realized, and single-point faults can be effectively avoided.
In order to achieve the purpose, the invention adopts the following technical scheme:
one aspect of the present invention provides a searchable encryption method with forward and backward privacy based on attributes on a blockchain, comprising the steps of:
s1, generating a system parameter SPP (shortest Path) by a data owner DO (data owner) according to a security parameter lambda, publishing the SPP, and then generating a private key dk according to the SPP 1 And dk 2 And using the public parameter SPP, private key dk 2 And attribute set S of data user u Generating a private key K for a user u And sends the data to user DU through safe channel;
s2, the data owner DO uses the private key dk 1 The method comprises the steps that a data set DB = { OP, ind, W, T }, public parameters SPP and a mapping sigma are generated for a document, an index dense text set EDB and an updated mapping sigma are generated for the document, the EDB is deployed on a block chain, wherein OP represents an operation mode of data, namely addition or deletion, ind represents a file index set, W represents a keyword set, and T represents an access tree set of keywords;
s3, when the data user DU carries out retrieval operation, the data user uses the private key K thereof u Encrypting the keyword q to obtain a retrieval trapdoor Tra and sending the retrieval trapdoor Tra to a block chain network;
s4, after the block chain network BP receives the retrieval trapdoor Tra sent by the data user DU, the BP firstly carries out the operation according to EDB [ T ] ind ]Obtaining a corresponding access tree T; followed by T in trapdoor q And calculating the attribute set of the user on the access tree to obtain C according to EDB [ H ] 2 (C)]Judging whether the user has corresponding access authority; after the permission check is passed, according to EDB [ H ] 2 (C)]Obtaining a corresponding state value, tracing back from the state forward, adding the encryption index which is updated each time before and is related to the keyword q into a result set MEI, and finally returning the MEI to the data user;
s5, after the data user receives the result set MEI, the private key K is used u And recovering the corresponding plaintext content.
As a preferred technical solution, in step S1, the data owner DO generates the system parameter SPP and the private key dk 1 And private key dk 2 Then, the system parameter SPP is published in the block chain network or broadcast to all users, and all users have the authority of accessing the system parameter SPP; private key dk 1 And private key dk 2 Stored in the data owner DO, only the data owner DO has the access private key dk 1 And private key dk 2 The right of (1).
As a preferred technical solution, step S1 specifically is:
s11, data owner DO group generatorExecuteGeneration (G) 1 ,G 2 E, G, q), where q is a prime number, G 1 And G 2 For multiplications with q, G is G 1 G of generator, e: G 1 ×G 1 →G 2 Is a bilinear map;
s12, the data owner DO randomly selects a plurality of safety hash functions and selects one safety hash functionPseudo-random sequence generating functions F, F -1 ,F:{0,1} λ *{0,1} λ →{0,1} λ ,F -1 Is the inverse permutation thereof; the above secure hash function, pseudo-random sequence generation function, and the parameters in step S11 are combined into the public parameter SPP = (G) 1 ,G 2 ,e,g,q,H 0 ,H 1 ,H 2 ,H 3 H 4 ,h 1 ,h 2 ,h 3 ,h 4 ,F,F -1 ) SPPs are distributed in a blockchain network or broadcast to all users in the system, where H 0 ,H 1 ,H 2 ,H 3 ,H 4 ,h 1 h, 2 ,h 3 ,h 4 All represent a secure hash function;
s13, the data owner DO initializes an empty mapping Σ, i.e., ∑ [ key ] = value, which is maintained by the data owner DO and used for storing the state of the key;
S15, randomly selecting alpha, beta E to Z by a data owner q * Calculate g α ,g β And e (g, g) α To obtain dk 1 =(e(g,g) α ,g β ),dk 2 =(β,g α );
S16, randomly selecting r to Z by the data owner q * CalculatingAnd k 3 =g r For a user' S attribute set S u Each attribute a in (1) i The following calculations were all made: random selectionThen calculateAndend user's private keyAnd sends it to the user DU over a secure channel.
Preferably, in step S2, the index dense text set EDB refers to data obtained by encrypting a keyword by a data owner, and in the search stage, the index T is an access tree index T submitted by a user ind Finding the corresponding access tree Is for the keyword w i The server calculates the result by using the access tree and the retrieval token sent by the user, and judges whether a corresponding encryption index exists by using the result, thereby continuing the retrieval.
As a preferred technical solution, step S2 specifically includes:
s21, randomly selecting version number v belonging to Z by data owner DO q * Calculating and disclosing version information EV = g v ;
S22, data owner to each keyword w in the data set DB i Performing the following calculation, judging whether the key word exists by using the mapping sigma, and judging the state value of the key word if the key word does not existInitialization is performed, and then a key is calculated using the state valueThen will beIs stored in the corresponding valueIn whichIs DB (w) i ) Size of (d), DB (w) i ) Is w i A set of corresponding file indices;
s23, for DB (w) i ) Each index in (1)The following calculation is performed, first encrypting the index, the formula is as follows:
then, another key is calculated by using the state valueStoring encryption indexes at corresponding valuesIn the process (a), wherein,
s24, then the data owner randomly selects a secret number S E Z q * And calculates is used as a secret value of the root of the attribute access tree; let t beRoot node of, pairIs calculated as follows, if x is t, d is randomly selected t =k t Polynomial q of degree 1 t And is provided with q t (0) = s, randomly set d t A plurality of polynomials q t To accomplish q by the coefficients of t The definition of (1); otherwise, randomly select d x =k x -polynomial of degree 1 q x And is provided with q x (0)=q parent(x) (index(x));
S25, making X be the set of all leaf nodes, and calculating each leaf node X as follows,
S26, finally calculating the value matched with the user trapdoorAnd an index T of the access tree ind
And calculates its hash value as a keyMake it anotherThe result of the XOR of the hash value and the state value is taken as the valueWherein the content of the first and second substances,
As a preferred technical solution, step S3 is specifically:
s32, then use k 1 And temp calculation to obtain T q ,
S33, finally, calculating to obtain the access tree index T with version information by using the version number EV ind ,
S34, the data user DU obtains the retrieval trapdoor according to the variable combination:
Tra=<T ind ,T q ,S u >
wherein the content of the first and second substances,
and S35, the data user DU sends the retrieval trapdoor Tra to a block chain network.
As a preferred technical solution, step S4 is specifically:
s41, acquiring index T of access tree from trapdoor by block chain network ind Resulting in an access tree T = EDB [ T [ ] ind ];
S42, enabling x to represent a node of T, and calculating each leaf node x in T as follows: let a denote the corresponding attribute of the leaf node x, i.e., a = attr (x), if a ∈ S u Then calculate F x ,
Otherwise F x = T; for each non-leaf node x in T, the following calculations are made: order S x Represents k x Size set of child nodes z belonging to x, if S x Absent, then F x = T, otherwise F is calculated using Lagrange interpolation x ,
Wherein the content of the first and second substances,
Let T denote the root node of T: if F t And = ×, then return 0, otherwise calculate C,
wherein the content of the first and second substances,
s43, then calculating the key according to CIf it is notThe user does not have corresponding access right; otherwise, obtaining the corresponding value
If it is notIf not, the corresponding value is obtainedOtherwise, ending the circulation and returning a result set MEI
As a preferred technical solution, step S5 specifically includes:
And S52, acquiring the file on the cloud storage server by using the file index to obtain the corresponding document.
In another aspect, the present invention provides a searchable encryption system with forward and backward privacy based on attributes in a blockchain, which is applied to a searchable encryption method with forward and backward privacy based on attributes in the blockchain, and the searchable encryption system includes: the system comprises a cloud storage subsystem running on a cloud server, an initialization and encryption subsystem running on a data owner end, a retrieval trapdoor generation and decryption subsystem running on a data user end and a retrieval subsystem running on a block chain network;
the cloud storage subsystem is used for storing the file ciphertext, returning the file ciphertext according to the corresponding file index and sending the file ciphertext to the data user;
the initialization and encryption subsystem comprises an initialization module, a private key storage module and an encryption module; the initialization module is used for generating system public parameters, private keys and user private keys, publishing the system public parameters to the block chain network, storing the two private keys to the private key storage module and sending the user private keys to the data user; the main private key storage module is used for storing a main private key and only allowing a data owner to access; the encryption module is responsible for encrypting the file and storing the file in the cloud storage subsystem, encrypting the index set and the access tree corresponding to each keyword by using a private key to obtain an index ciphertext, and sending the index ciphertext to the block chain network;
the retrieval trapdoor generation and decryption subsystem comprises a user trapdoor generation module and a data decryption module; the user trap door generation module is responsible for calculating by using a private key and a retrieval keyword of a user to obtain a legal retrieval trap door and sending the retrieval trap door to the block chain network; the data decryption module recovers a plaintext index from the encrypted index set obtained by retrieval by using a user private key, and the plaintext index is sent to the cloud server to obtain a corresponding file;
the retrieval subsystem comprises an encrypted data set storage module and a retrieval module; wherein the encrypted data set storage module takes the encryption index, access tree and associated key-value pair from the data owner and stores them in the blockchain network; the retrieval module is responsible for processing the retrieval trapdoor sent by the data user, judging whether the user has access authority or not according to the retrieval trapdoor and returning the encryption index set containing the retrieval key words to the user.
Yet another aspect of the present invention provides a computer readable storage medium storing a program which, when executed by a processor, implements the attribute-based searchable encryption method with forward and backward privacy on a blockchain.
Compared with the prior art, the invention has the following advantages and beneficial effects:
1. forward privacy and backward privacy are guaranteed; the invention allows the retrieval system to add a specific state value to each time of updating and retrieving the trapdoor so as to control the retrieval time span of the trapdoor, so that the previously generated retrieval trapdoor can not retrieve and obtain the later updated data content, namely forward privacy; each update, whether adding or deleting, is embodied by the operator op, which makes the adversary unable to get useful information on the index without the user's private key, thus achieving backward privacy.
2. Fine-grained access control; the invention supports the subdivision of the user attribute, controls the access of each keyword by using the access tree, and can search to obtain a corresponding result only if the user attribute meets the access tree.
3. Decentralized retrieval; the invention simultaneously supports the retrieval operation by using the intelligent contract deployed on the block chain, brings better system stability and retrieval credibility for the data user in the encrypted data search, reduces the possibility of single point failure, and can ensure the correctness of the retrieval result.
4. Practicability and safety; the invention adopts prime order group, bilinear mapping and ciphertext strategy attribute searchable encryption scheme (CP-ABSE) to construct, has the characteristics of flexible expressiveness of access control and access strategy, has stronger safety, balances the problems of forward privacy, backward privacy, decentralization of retrieval and the like of data retrieval, and has better practicability.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings required to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the description below are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings without creative efforts.
FIG. 1 is an exemplary diagram of a fine grain access control tree used by the present invention;
FIG. 2 is a flowchart of a method for attribute-based searchable encryption scheme with forward and backward privacy on a blockchain according to the present invention;
fig. 3 is a block diagram of a searchable encryption scheme method and system with forward and backward privacy based on attributes on a blockchain according to the present invention.
Detailed Description
In order to make the technical solutions better understood by those skilled in the art, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. It should be apparent that the described embodiments are only a few embodiments of the present application, and not all embodiments. All other embodiments obtained by a person skilled in the art based on the embodiments in the present application without making any creative effort belong to the protection scope of the present application.
Reference in the specification to "an embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the specification. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor are separate or alternative embodiments mutually exclusive of other embodiments. It is explicitly and implicitly understood by one skilled in the art that the embodiments described herein can be combined with other embodiments.
Before describing the technical solution of the present invention, the mathematical basis and definition related to the present invention will be explained as follows.
(1) Bilinear pairwise mapping:
let G 1 And G 2 Representing two cyclic multiplications with the same order q, G 1 And G 2 The mapping of (c) is defined as e: G 1 *G 1 →G 2 (ii) a E is a bilinear pair map if map e satisfies the following properties (1.1) - (1.3).
(1.1) bilinear: for all ofAnd x, y ∈ G 1 Having e (x) a ,y b )=e(x,y) ab (ii) a For all x 1 ,x 2 ,y∈G 1 Having e (x) 1 x 2 ,y)=e(x 1 ,y)e(x 2 Y); for all x, y 1 ,y 2 ∈G 1 ,e(x,y 1 y 2 )=e(x,y 1 )e(x,y 2 )。
(1.2) calculability: for any x, y ∈ G 1 There is a polynomial time algorithm to efficiently compute e (x, y) e G 2 。
(1.3) non-degradability: if G is G 1 Is then e (G, G) is G 2 The generator of (1).
(2) Access structure and access tree:
(2.1) access structure: let P = { P 1 ,P 2 ,…,P n Represents a set of participants; for a monotonic set If and only if setIf B is equal to A,then there is C.epsilon.A. That is, a is a subset of the power set of the participant set, which is a set of sets, B, C are subsets of the participant set, and when B is included in a, which is an element of a, then if B is a subset of C at the same time, so that C is also included in a, which is an element of a, then a is monotonic.
(2.2) access tree: let T denote a tree of access control policies; in T, each non-leaf node represents a threshold gate, described by its children and threshold, and each leaf node represents an attribute, in num x And k x Represents the number of children of node x and its threshold, here k for a non-leaf node x There are three cases: k is a radical of formula x =1 means node x is an or gate; k is a radical of x =num x Indicating that node x is an and gate; 1 < k x <num x Indicating that node x is a threshold gate. And we define k x =1, it means that node x is a leaf node.
Several symbols for the access tree are defined as follows: (x) represents the parent node of x; for leaf node x, attribute associated with the leaf node is represented using attr (x); index (x) represents the label of x; given a node y that contains c child nodes, the child nodes are numbered from 1 to c.
Judging whether the access tree is satisfied: let T x A subtree being T with node x as root node; if a set of attributes S satisfies T x Then it is denoted as T x (S) =1. Wherein T is x (S) is calculated as follows, if x is a non-leaf node, T is calculated for all children x' of node x x′ (S) if and only if at least k x When the child node returns 1, T x (S) returns 1 if x is a leaf node, T if and only if attr (x) e S x (S) returns to 1. Thus, according to the recursive computation above, if the set S satisfies T, T r (S) =1 where r is the root node of T.
The access tree structure is as shown in figure 1, starting from a root node, the threshold value is 2, the number of child nodes is 3, a polynomial is randomly generated, the highest frequency is less than 1 of the threshold value, so that the highest frequency of the root node is 1, and then a constant item is set as a secret number (the secret number is the number needing secret storage); thus the root node random polynomial is f (x) =5+3x, and the secret number is 5. In addition, the child nodes of the root node are marked as 1,2,3 \8230fromleft to right, the node marking values are substituted into an f (x) function, and the obtained values are transmitted to the marked child nodes for secret storage; therefore, the node "3/3" (the first node on the left) is marked as 1, the secret value f (1) =5+3 + 1=8 transmitted to the node "3/3", the node "teacher" (the middle node) is marked as 2, the secret value f (2) =5+3 + 2=11 transmitted to the node "teacher", the node "1/2" (the node on the right) is marked as 3, and the secret value transmitted to the node "1/2" is f (3) =5+ 3=14.
For decrypting the source data encrypted by the access tree, three attributes need to be satisfied by a data visitor: user attributes are ("computer academy" and "Master" and "two studies") and "teacher"; the user attributes are "teacher" and ("web lab" or "cloud lab"); the user attributes are ("computer academy" and "Master" and "Tuesday") and ("network lab" or "cloud lab"), otherwise inaccessible.
(2.3) pseudo-random permutation function, which implements a function that cannot be distinguished from random permutation, when the mapping F: {0,1} L *{0,1} λ →{0,1} L Is a pseudo-random permutation function, it satisfies the following properties: for any K ← {0,1} λ The mapping F is from {0,1} L To {0,1} L Double shot of (2); time adversary for any probabilistic polynomial Wherein K ← {0,1 }) λ F is a random permutation function on an L-bit string, ε is negligible; for any K ← {0,1 }) λ And x ← {0,1 }) L There is an efficient algorithm to calculate F K (x)。
As shown in fig. 2, the execution flow of the searchable encryption method with forward and backward privacy based on attributes in the blockchain of this embodiment is as follows: firstly, a data owner DO initializes a system public parameter SPP, and then publishes the system public parameter on a block chain network or broadcasts the system public parameter to all users of the system, wherein all the users in the system have the right to access the system public parameter. Then DO generates private key dk from SPP 1 And dk 2 And using the public parameter SPP, the private key dk 2 And a user' S attribute set S u Generating a user private key K for a user u And finally, sending the user private key to the user DU through a secure channel. When uploading files, a data owner uploads the encrypted files to the cloud storage server first, and after obtaining a file index returned by the cloud storage server, the data owner uses the private key dk 1 The data set DB = { OP, ind, W, T }, the system public parameter SPP and a mapping sigma, the index ciphertext set EDB and the updated mapping sigma are generated for the document, and the ciphertext set EDB is deployed to the block chain. When data user DU carries out searching operation, data user uses its private key K u Add to the keyword qAnd acquiring a retrieval trapdoor Tra and sending the retrieval trapdoor Tra to the block chain network.
After a block chain network BP receives a retrieval trapdoor Tra sent by a data user DU, the BP firstly follows EDB [ T ] ind ]Obtaining a corresponding access tree T; followed by T in trapdoor q And performing a series of calculations on the access tree by the attribute set of the user to obtain C according to EDB [ H ] 2 (C)]Whether the user has corresponding access authority can be judged; after the permission check is passed, the following EDB [ H ] is used 2 (C)]And obtaining a corresponding state value, tracing back from the state, adding the encryption index related to the key q updated each time before to the result set MEI, and finally returning the MEI to the data user. After the data user receives the result set MEI, the private key K is used u And recovering the corresponding plaintext index and acquiring the corresponding file from the cloud storage server.
Further, the steps of the searchable encryption method with forward and backward privacy based on attributes in this embodiment are specifically:
s1, system initialization: the data owner DO generates and publishes the system parameter SPP according to the security parameter lambda, and then generates a private key dk according to the SPP 1 And dk 2 Then using the public parameter SPP, the private key dk 2 And attribute set S of data user u Generating a private key K for a user u And sends it to the user DU through a secure channel.
It will be appreciated that the data owner DO may be a medical institution having a plurality of data, which is responsible for generating the system parameters SPP and the private key dk for file index encryption 1 And a private key dk for generating a private key of the user 2 Where the system public parameter SPP is a set of parameters, the private key dk 1 And private key dk 2 Are each a one-dimensional array of size 2.
Data owner DO generating system parameters SPP, private key dk 1 And private key dk 2 Then, the system public parameter SPP is published in a block chain network or broadcast to all users in the system, and all users in the system have the authority to access the system public parameter SPP; private key dk 1 And private key dk 2 Is properly stored in the data owner DO, only the data owner DO has the access private key dk 1 And private key dk 2 The right of (c).
Further, the step S1 specifically includes the following steps:
s11, group generator for data owner DOExecuteGeneration (G) 1 ,G 2 E, g, q). Wherein q is a prime number, G 1 And G 2 For multiplications with q, G is G 1 Generation of (e: G) 1 ×G 1 →G 2 Is a bilinear map.
S12, randomly selecting nine safety hash functions H by a data owner DO 0 :{0,1} * →Z q * ,H 1 :G 1 *0,1} * →{0,1} λ+1 ,H 2 ,H 3 :G 2 →{0,1} 2λ ,H 4 :{0,1} * →G 1 ,h 1 :{0,1} λ →{0,1} 2λ ,h 2 : h 3 :h 4 :Wherein N is max Refers to the maximum number of indices containing a key. Selecting a pseudo-random sequence generating function F/F -1 ,F:{0,1} λ *{0,1} λ →{0,1} λ ,F -1 Is the inverse permutation thereof. The above safety functions,Combining the pseudo-random sequence generation function and the parameters in the first step into a system public parameter SPP = (G) 1 ,G 2 ,e,g,q,H 0 ,H 1 ,H 2 ,H 3 ,H 4 ,h 1 ,h 2 ,h 3 ,h 4 ,F,F -1 ) It is distributed in a blockchain network or broadcast to all users in the system.
S13, the data owner DO initializes an empty mapping Σ, i.e., ∑ [ key ] = value, which is maintained by the data owner DO for storing the state of the key.
S15, randomly selecting alpha, beta E to Z by a data owner q * Calculate g α ,g β And e (g, g) α To obtain dk 1 =(e(g,g) α ,g β ),dk 2 =(β,g α )。
S16, the data owner randomly selects r E Z q * CalculatingAnd k 3 =g r For a user' S attribute set S u Each attribute a in (1) i The following calculations were all made: random selectionThen calculateAndend user's private keyAnd send over a secure channelTo the user DU.
S2, encryption: the data owner uses its private key dk 1 The data set DB = { OP, ind, W, T }, the system public parameter SPP and a mapping sigma, the index ciphertext set EDB and the updated mapping sigma are generated for the document, and the EDB is deployed on the block chain. Wherein, OP = { addition, deletion }, ind = { ind = 1 ,ind 2 ,…},W={w 1 ,w 2 …w D },
The index ciphertext set EDB refers to data obtained by encrypting a keyword by a data owner. During the search phase, the index T is indexed by the access tree submitted by the user ind Finding the corresponding access tree Is for the keyword w i The server calculates the result by using the access tree and the retrieval token sent by the user, and judges whether a corresponding encryption index exists by using the result, thereby continuing the retrieval.
Further, the specific content of step S2 is:
s21, randomly selecting version number v belonging to Z by data owner DO q * Calculating and disclosing version information EV = g v 。
S22, the data owner carries out processing on each keyword w in the data set DB i Performing the following calculation, judging whether the key word exists by using the mapping sigma, and if the key word does not exist, judging the state value of the key wordInitialization is performed, and then a key is calculated using the state valueThen will beIs stored in the corresponding valueIn whichIs DB (w) i ) Size of (d), DB (w) i ) Is w i A collection of corresponding file indices.
S23, for DB (w) i ) Each index in (1)The following calculation is performed, first encrypting the index, the formula is as follows:
then, another key is calculated by using the state valueStoring encryption indexes at corresponding valuesIn (1). Wherein the content of the first and second substances,
s24, then the data owner randomly selects a secret number S ∈ Z q * And calculates is used as a secret value for the root of the attribute access tree. Let t beRoot node of, pairIs calculated as follows, if x is t, d is randomly selected t =k t -polynomial of degree 1 q t And is provided with q t (0) = s, randomly set d t A plurality of polynomials q t To accomplish q by the coefficients of t The definition of (1); otherwise, randomly select d x =k x Polynomial q of degree 1 x And is provided with q x (0)= parent(x) (index(x))。
S25, making X be the set of all leaf nodes, and calculating each leaf node X as follows,
S26, finally calculating the value matched with the user trapdoorAnd an index T of the access tree ind
Parallel meterComputing using its hash value as a keyThe result of exclusive or of its further hash value with the state value is taken as the valueWherein, the first and the second end of the pipe are connected with each other,
S3, a step of generating a retrieval trap door: when data user DU carries out searching operation, data user uses its private key K u And encrypting the keyword q to obtain a retrieval trapdoor Tra and sending the retrieval trapdoor Tra to the block chain network.
Further, the step S3 specifically includes:
s32, then use k 1 And tempCalculating to obtain T q ,
S33, finally, calculating to obtain the access tree index T with version information by utilizing the version number EV ind ,
S34, the data user DU obtains the retrieval trapdoor according to the variable combination:
Tra=<T ind ,T q ,S u >
wherein the content of the first and second substances,
and S35, the data user DU sends the retrieval trapdoor Tra to a block chain network.
S4, ciphertext searching: after a block chain network BP receives a retrieval trapdoor Tra sent by a data user DU, the BP firstly carries out the extraction according to EDB [ T ] ind ]Obtaining a corresponding access tree T; followed by T in trapdoor q And performing a series of calculations on the access tree by the attribute set of the user to obtain C according to EDB [ H ] 2 (C)]Whether the user has corresponding access authority can be judged; after the authority check is passed, the authority is checked according to EDB [ H ] 2 (C)]Obtaining the corresponding state value, tracing back from the state, adding the encryption index related to the key q updated each time before to the result set MEI, and finallyFinally, the MEI is returned to the data user.
Further, the specific content of step S4 is:
s41, acquiring index T of access tree from trapdoor by block chain network ind Resulting in an access tree T = EDB [ T [ ] ind ]。
S42, enabling x to represent a node of T, and calculating each leaf node x in T as follows: let a denote the corresponding attribute of the leaf node x, i.e., a = attr (x), if a ∈ S u Then calculate F x ,
Otherwise F x = T; for each non-leaf node x in T, the following calculations are made: order S x Represents k x Size set of child nodes z belonging to x, if S x Absent, then F x = t, otherwise F is calculated using Lagrange interpolation x ,
Wherein, the first and the second end of the pipe are connected with each other,
Let T denote the root node of T: if F t And = ×, then return 0, otherwise calculate C,
wherein, the first and the second end of the pipe are connected with each other,
s43, then calculating the key according to CIf it is notThe user does not have corresponding access right; otherwise, obtaining the corresponding value
If it is notIf not, the corresponding value is obtainedOtherwise, ending the circulation and returning a result set MEI
S5, decryption: after the data user receives the result set MEI, the private key K is used u And recovering the corresponding plaintext content.
Further, the specific content of step S5 is:
s51, each of the MEIs in the data user pairThe following calculation is made, temp is calculated first,
And S52, acquiring the file on the cloud storage server by using the file index to obtain the corresponding document.
It should be noted that, for the sake of simplicity, the foregoing method embodiments are described as a series of acts or combinations, but those skilled in the art should understand that the present invention is not limited by the described order of acts, as some steps may be performed in other orders or simultaneously according to the present invention.
As shown in fig. 3, in another embodiment of the present application, there is also provided a searchable encryption system with forward and backward privacy based on attributes on a blockchain, including a cloud storage subsystem running on a cloud server, an initialization and encryption subsystem running on a data owner side, a retrieval trapdoor generation and decryption subsystem running on a data user side, and a retrieval subsystem running on a blockchain network;
the cloud storage subsystem is used for storing the file ciphertext, returning the file ciphertext according to the corresponding file index and sending the file ciphertext to the data user;
the initialization and encryption subsystem comprises an initialization module, a private key storage module and an encryption module; the initialization module is used for generating system public parameters, private keys and user private keys, publishing the system public parameters to the block chain network, storing the two private keys to the private key storage module and sending the user private keys to the data user; the main private key storage module is used for storing a main private key and only allowing a data owner to access; the encryption module is responsible for encrypting the file and storing the file in the cloud storage subsystem, encrypting the index set and the access tree corresponding to each keyword by using a private key to obtain an index ciphertext, and sending the index ciphertext to the block chain network;
the retrieval trapdoor generation and decryption subsystem comprises a user trapdoor generation module and a data decryption module; the user trap door generation module is responsible for calculating by using a private key and a retrieval keyword of a user to obtain a legal retrieval trap door and sending the retrieval trap door to the block chain network; the data decryption module recovers a plaintext index from the encrypted index set obtained by retrieval by using a user private key, and the plaintext index is sent to the cloud server to obtain a corresponding file;
the retrieval subsystem comprises an encrypted data set storage module and a retrieval module; wherein the encrypted data set storage module takes the encryption index, access tree and associated key-value pair from the data owner and stores them in the blockchain network; the retrieval module is responsible for processing a retrieval trapdoor sent by a data user, judging whether the user has access authority or not according to the retrieval trapdoor, and returning an encryption index set containing retrieval keywords to the user.
For ease of illustration, the schematic structural diagram of the embodiment of the searchable encryption system with forward and backward privacy based on attributes on a blockchain only shows the parts related to the embodiment of the present invention, and those skilled in the art will appreciate that the illustrated structure does not constitute a limitation on the apparatus, and may include more or less components than those illustrated, or combine some components, or arrange different components.
In addition, in the implementation of the searchable encryption system with forward and backward privacy based on attributes on the blockchain in the above embodiment, the logical division of each program module is only an example, and in practical applications, the above function allocation may be performed by different program modules according to needs, for example, due to configuration requirements of corresponding hardware or due to convenience of implementation of software, that is, the internal structure of the multiparty privacy protection machine learning system based on homomorphic encryption and trusted hardware is divided into different program modules to perform all or part of the functions described above.
In another embodiment, a computer-readable storage medium is provided, which stores a program, and when the program is executed by a processor, the program implements a searchable encryption method with forward and backward privacy based on attributes on a blockchain, specifically:
s1, generating a system parameter SPP by a data owner DO according to a security parameter lambda, publishing the SPP, and then generating a private key dk according to the SPP 1 And dk 2 And using the public parameter SPP, private key dk 2 And attribute set S of data user u Generating a private key K for a user u And sends the data to user DU through safe channel;
s2, the data owner DO uses the private key dk 1 The method comprises the steps that a data set DB = { OP, ind, W, T }, public parameters SPP and a mapping sigma are generated for a document, an index dense text set EDB and an updated mapping sigma are generated for the document, the EDB is deployed on a block chain, wherein OP represents an operation mode of data, namely addition or deletion, ind represents a file index set, W represents a keyword set, and T represents an access tree set of keywords;
s3, when the data user DU carries out retrieval operation, the data user uses the private key K thereof u Encrypting the keyword q to obtain a retrieval trapdoor Tra and sending the retrieval trapdoor Tra to a block chain network;
s4, after the block chain network BP receives the retrieval trapdoor Tra sent by the data user DU, the BP firstly follows EDB [ T ] ind ]Obtaining a corresponding access tree T; followed by T in trapdoor q And calculating the attribute set of the user on the access tree to obtain C according to EDB [ H ] 2 (C)]Judging whether the user has corresponding access authority; after the permission check is passed, the following EDB [ H ] is used 2 (C)]Obtaining a corresponding state value, tracing back from the state forward, adding the encryption index which is updated each time before and is related to the keyword q into a result set MEI, and finally returning the MEI to the data user;
s5, after the data user receives the result set MEI, the private key K is used u And recovering the corresponding plaintext content.
It will be understood by those skilled in the art that all or part of the processes of the methods of the embodiments described above may be implemented by a computer program, which may be stored in a non-volatile computer readable storage medium, and when executed, may include the processes of the embodiments of the methods described above. Any reference to memory, storage, database or other medium used in the embodiments provided herein can include non-volatile and/or volatile memory. Non-volatile memory can include read-only memory (ROM), programmable ROM (PROM), electrically Programmable ROM (EPROM), electrically Erasable Programmable ROM (EEPROM), or flash memory. Volatile memory can include Random Access Memory (RAM) or external cache memory. By way of illustration and not limitation, RAM is available in a variety of forms such as Static RAM (SRAM), dynamic RAM (DRAM), synchronous DRAM (SDRAM), double Data Rate SDRAM (DDRSDRAM), enhanced SDRAM (ESDRAM), synchronous Link DRAM (SLDRAM), rambus (Rambus) direct RAM (RDRAM), direct memory bus dynamic RAM (DRDRAM), and memory bus dynamic RAM (RDRAM).
The technical features of the above embodiments can be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the above embodiments are not described, but should be considered as the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above embodiments are preferred embodiments of the present invention, but the present invention is not limited to the above embodiments, and any other changes, modifications, substitutions, combinations, and simplifications which do not depart from the spirit and principle of the present invention should be construed as equivalents thereof, and all such changes, modifications, substitutions, combinations, and simplifications are intended to be included in the scope of the present invention.
Claims (10)
1. A searchable encryption method on a blockchain based on attributes with forward and backward privacy, comprising the steps of:
s1, generating a system parameter SPP by a data owner DO according to a security parameter lambda, publishing the SPP, and then generating a private key dk according to the SPP 1 And dk 2 And using the public parameter SPP, private key dk 2 And attribute set S of data user u Is a userGenerating a private key K u And sends the data to user DU through safe channel;
s2, the data owner DO uses the private key dk 1 The method comprises the steps that a data set DB = { OP, ind, W, T }, public parameters SPP and a mapping sigma are generated for a document, an index dense text set EDB and an updated mapping sigma are generated for the document, the EDB is deployed on a block chain, wherein OP represents an operation mode of data, namely addition or deletion, ind represents a file index set, W represents a keyword set, and T represents an access tree set of keywords;
s3, when the data user DU carries out retrieval operation, the data user uses the private key K thereof u Encrypting the keyword q to obtain a retrieval trapdoor Tra and sending the retrieval trapdoor Tra to a block chain network;
s4, after the block chain network BP receives the retrieval trapdoor Tra sent by the data user DU, the BP firstly carries out the operation according to EDB [ T ] ind ]Obtaining a corresponding access tree T; then using T in trapdoor q And calculating the attribute set of the user on the access tree to obtain C according to EDB [ H ] 2 (C)]Judging whether the user has corresponding access authority; after the permission check is passed, according to EDB [ H ] 2 (C)]Obtaining a corresponding state value, tracing back from the state forward, adding the encryption index which is updated each time before and is related to the keyword q into a result set MEI, and finally returning the MEI to a data user;
s5, after the data user receives the result set MEI, the private key K is used u And recovering the corresponding plaintext content.
2. The method of claim 1, wherein the data owner DO generates the system parameters SPP, the private key dk in step S1 1 And private key dk 2 Then, the system parameter SPP is published in the block chain network or broadcast to all users, and all users have the authority of accessing the system parameter SPP; private key dk 1 And private key dk 2 Stored in the data owner DO, only the data owner DO has the access private key dk 1 And private key dk 2 The right of (1).
3. The searchable encryption method based on attributes on a blockchain and having forward and backward privacy according to claim 1, wherein step S1 is specifically:
s11, group generator for data owner DOExecuteGeneration (G) 1 ,G 2 E, G, q), wherein q is a prime number, G 1 And G 2 For multiplications with q, G is G 1 The generator of (e): g 1 ×G 1 →G 2 Is a bilinear map;
s12, the data owner DO randomly selects a plurality of safety hash functions and selects one pseudo-random sequence generation function F, F -1 ,F:{0,1} λ *{0,1} λ →{0,1} λ ,F -1 Is the inverse permutation thereof; the above secure hash function, pseudo-random sequence generation function, and parameter in step S11 are combined into the public parameter SPP = (G) 1 ,G 2 ,e,g,q,H 0 ,H 1 ,H 2 ,H 3 ,H 4 ,h 1 ,h 2 ,h 3 ,h 4 ,F,F -1 ) SPPs are distributed in a blockchain network or broadcast to all users in the system, where H 0 ,H 1 ,H 2 ,H 3 ,H 4 ,h 1 ,h 2 ,h 3 ,h 4 All represent a secure hash function;
s13, the data owner DO initializes an empty mapping Σ, i.e., ∑ [ key ] = value, which is maintained by the data owner DO and used for storing the state of the key;
S15, randomly selecting alpha, beta E to Z by a data owner q * Calculate g α ,g β And e (g, g) α To obtain dk 1 =(e(g,g) α ,g β ),dk 2 =(β,g α );
4. The method of claim 1, wherein the EDB index set refers to data obtained by encrypting keywords by a data owner in step S2, and the index T is an access tree index submitted by a user during a search phase ind Finding the corresponding access tree Is for the keyword w i The server calculates the result by using the access tree and the retrieval token sent by the user, and judges whether a corresponding encryption index exists by using the result, thereby continuing the retrieval.
5. The searchable encryption method based on attributes on blockchains and having forward and backward privacy according to claim 1, wherein step S2 is specifically:
s21, randomly selecting a version number v E Z by a data owner DO q * Calculating and disclosing version information EV = g v ;
S22, the data owner carries out processing on each keyword w in the data set DB i Performing the following calculation, judging whether the key word exists by using the mapping sigma, and judging the state value of the key word if the key word does not existInitialization is performed, and then a key is calculated using the state valueThen willIs stored in the corresponding valueIn whichIs DB (w) i ) Size of (d), DB (w) i ) Is w i A set of corresponding file indices;
s23, for DB (w) i ) Each index in (1)The calculation is performed by first encrypting the index, the formula isThe following:
then, another key is calculated by using the state valueStoring encryption indexes at corresponding valuesIn the process (a), wherein,
s24, then the data owner randomly selects a secret number S ∈ Z q * And calculates is used as a secret value of the root of the attribute access tree; let t beRoot node of, pairIs calculated as follows, if x is t, d is randomly selected t =k t -polynomial of degree 1 q t And is provided with q t (0) = s, randomly set d t A plurality of polynomials q t To complete q t The definition of (1); otherwise, randomly select d x =k x Polynomial q of degree 1 x And is provided with q x (0)=q parent(x) (index(x));
S25, setting X as the set of all leaf nodes, performing the following calculation on each leaf node X,
S26, finally calculating the value matched with the user trapdoorAnd an index T of the access tree ind
And calculates its hash value as a keyThe result of exclusive or of its further hash value with the state value is taken as the valueWherein the content of the first and second substances,
6. The searchable encryption method with forward and backward privacy based on attributes on a blockchain according to claim 1, wherein step S3 is specifically:
s32, then use k 1 And temp calculation to obtain T q ,
S33, finally, calculating to obtain the access tree index T with version information by utilizing the version number EV ind ,
S34, the data user DU obtains the retrieval trapdoor according to the variable combination:
Tra=<T ind ,T q ,S u >
wherein the content of the first and second substances,
and S35, the data user DU sends the retrieval trapdoor Tra to a block chain network.
7. The searchable encryption method based on attributes on blockchains and having forward and backward privacy according to claim 1, wherein step S4 is specifically:
s41, acquiring index T of access tree from trapdoor by block chain network ind Resulting in an access tree of T = EDB [ T ind ];
S42, enabling x to represent a node of T, and calculating each leaf node x in T as follows: let a denote the corresponding attribute of the leaf node x, i.e., a = attr (x), if a ∈ S u Then calculate F x ,
Otherwise F x = ≠ T; for each non-leaf node x in T, the following calculations are made: order S x Represents k x Size set of child nodes z belonging to x, if S x Does not storeIn then F x = T, otherwise F is calculated using Lagrange interpolation x ,
Wherein the content of the first and second substances,
Let T denote the root node of T: if F t = ×, then return 0, otherwise calculate C,
wherein, the first and the second end of the pipe are connected with each other,
s43, then calculating the key according to CIf it is notThe user does not have corresponding access right; otherwise, obtaining the corresponding value
If it is notIf not null, the corresponding value is obtainedOtherwise, ending the circulation and returning a result set MEI
8. The searchable encryption method with forward and backward privacy based on attributes on a blockchain according to claim 1, wherein step S5 is specifically:
And S52, acquiring the file on the cloud storage server by using the file index to obtain the corresponding document.
9. A searchable encryption system with forward and backward privacy based on attributes on a blockchain, applied to the searchable encryption method with forward and backward privacy based on attributes on a blockchain according to any one of claims 1 to 8, the searchable encryption system comprising: the system comprises a cloud storage subsystem running on a cloud server, an initialization and encryption subsystem running on a data owner end, a retrieval trapdoor generation and decryption subsystem running on a data user end and a retrieval subsystem running on a block chain network;
the cloud storage subsystem is used for storing the file ciphertext, returning the file ciphertext according to the corresponding file index and sending the file ciphertext to the data user;
the initialization and encryption subsystem comprises an initialization module, a private key storage module and an encryption module; the initialization module is used for generating system public parameters, private keys and user private keys, publicly releasing the system public parameters in a block chain network, storing the two private keys in a private key storage module and sending the user private keys to a data user; the main private key storage module is used for storing a main private key and only allowing a data owner to access; the encryption module is responsible for encrypting the file and storing the encrypted file in the cloud storage subsystem, encrypting the index set and the access tree corresponding to each keyword by using a private key to obtain an index ciphertext, and sending the index ciphertext to the block chain network;
the retrieval trapdoor generation and decryption subsystem comprises a user trapdoor generation module and a data decryption module; the user trap door generation module is responsible for calculating by using a private key and a retrieval keyword of a user to obtain a legal retrieval trap door and sending the retrieval trap door to the block chain network; the data decryption module recovers a plaintext index from the encrypted index set obtained by retrieval by using a user private key, and the plaintext index is sent to the cloud server to obtain a corresponding file;
the retrieval subsystem comprises an encrypted data set storage module and a retrieval module; wherein the encrypted data set storage module takes the encryption index, the access tree, and the associated key-value pair from the data owner and stores them in the blockchain network; the retrieval module is responsible for processing a retrieval trapdoor sent by a data user, judging whether the user has access authority or not according to the retrieval trapdoor, and returning an encryption index set containing retrieval keywords to the user.
10. A computer-readable storage medium storing a program which, when executed by a processor, implements the attribute-based searchable encryption method with forward and backward privacy on a blockchain according to any of claims 1-8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210990925.XA CN115412233A (en) | 2022-08-18 | 2022-08-18 | Searchable encryption method and system with forward and backward privacy based on attributes on block chain |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210990925.XA CN115412233A (en) | 2022-08-18 | 2022-08-18 | Searchable encryption method and system with forward and backward privacy based on attributes on block chain |
Publications (1)
Publication Number | Publication Date |
---|---|
CN115412233A true CN115412233A (en) | 2022-11-29 |
Family
ID=84159966
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210990925.XA Pending CN115412233A (en) | 2022-08-18 | 2022-08-18 | Searchable encryption method and system with forward and backward privacy based on attributes on block chain |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115412233A (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117596085A (en) * | 2024-01-19 | 2024-02-23 | 华南理工大学 | Searchable encryption method with forward and backward privacy based on attribute set |
-
2022
- 2022-08-18 CN CN202210990925.XA patent/CN115412233A/en active Pending
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117596085A (en) * | 2024-01-19 | 2024-02-23 | 华南理工大学 | Searchable encryption method with forward and backward privacy based on attribute set |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN109660555B (en) | Content secure sharing method and system based on proxy re-encryption | |
Pasupuleti et al. | An efficient and secure privacy-preserving approach for outsourced data of resource constrained mobile devices in cloud computing | |
CN106815350B (en) | Dynamic ciphertext multi-keyword fuzzy search method in cloud environment | |
Sun et al. | Catch you if you lie to me: Efficient verifiable conjunctive keyword search over large dynamic encrypted cloud data | |
CN110334526B (en) | Forward security searchable encryption storage system and method supporting verification | |
WO2019165880A1 (en) | Efficient and verifiable multi-keyword sorting searchable encryption method supporting preference search and logical search | |
CN108055122B (en) | Verifiable memory leak prevention dynamic searchable encryption method and cloud server | |
WO2022099495A1 (en) | Ciphertext search method, system, and device in cloud computing environment | |
Liu et al. | Verifiable ranked search over dynamic encrypted data in cloud computing | |
CN108197499B (en) | Verifiable ciphertext data range query method | |
CN112800445B (en) | Boolean query method for forward and backward security and verifiability of ciphertext data | |
CN112332979B (en) | Ciphertext search method, system and equipment in cloud computing environment | |
CN112328606B (en) | Keyword searchable encryption method based on block chain | |
CN114826703B (en) | Block chain-based data search fine granularity access control method and system | |
CN114048448A (en) | Block chain based dynamic searchable encryption method and device | |
CN109088719A (en) | Outsourced database multi-key word can verify that cipher text searching method, data processing system | |
CN114531220A (en) | Efficient fault-tolerant dynamic phrase searching method based on forward privacy and backward privacy | |
CN115438230A (en) | Safe and efficient dynamic encrypted cloud data multidimensional range query method | |
CN110727951B (en) | Lightweight outsourcing file multi-keyword retrieval method and system with privacy protection function | |
CN115412233A (en) | Searchable encryption method and system with forward and backward privacy based on attributes on block chain | |
CN109783456B (en) | Duplication removing structure building method, duplication removing method, file retrieving method and duplication removing system | |
Jho et al. | Symmetric searchable encryption with efficient range query using multi-layered linked chains | |
Zhang et al. | KT-ORAM: A bandwidth-efficient ORAM built on k-ary tree of PIR nodes | |
CN107294701B (en) | Multidimensional ciphertext interval query device and method with efficient key management | |
Xu et al. | Dynamic chameleon authentication tree for verifiable data streaming in 5G networks |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |