CN115941155A - Public key searchable encryption method based on fully homomorphic encryption - Google Patents
Public key searchable encryption method based on fully homomorphic encryption Download PDFInfo
- Publication number
- CN115941155A CN115941155A CN202211452008.2A CN202211452008A CN115941155A CN 115941155 A CN115941155 A CN 115941155A CN 202211452008 A CN202211452008 A CN 202211452008A CN 115941155 A CN115941155 A CN 115941155A
- Authority
- CN
- China
- Prior art keywords
- encryption
- search
- key
- cloud server
- index
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention designs a public key searchable encryption method based on fully homomorphic encryption, aiming at effectively resisting keyword guessing attack and solving the verifiable problem of the correctness and the integrity of a retrieval result. The data sender randomizes the key words by using an accidental pseudorandom function and then encrypts the key words so that the data sender can resist key word guessing attack; then generating an encryption keyword index, sending the encryption keyword index and a related encryption file to a cloud server, generating an encryption verification index and disclosing the encryption verification index; the receiving party generates a search trapdoor by using a private key and sends the search trapdoor to the cloud server to initiate a search request, the cloud server searches by using a security search algorithm based on the fully homomorphic encryption and returns a search result to the receiving party, and the receiving party verifies the result and then decrypts the result to obtain a plaintext result.
Description
The technical field is as follows:
the invention belongs to the field of cryptography, and relates to a public key searchable encryption technology.
Background art:
public-key Encryption with Keyword Search (PEKS) allows cloud service users to perform Keyword Search on ciphertext files on untrusted cloud storage servers, and ensures personal information security while sharing data, thus gaining wide attention. The method supports any data owner to encrypt files by using the public key of the data user and then send the files to the cloud server, and the data user can search the encrypted files by using the specific keyword trapdoor related to the files. However, since the Keyword space is much smaller than the key space, a Keyword guessing Attack problem (KGA) is easily generated. KGA can be divided into internal KGA and external KGA. The external KGA means that an attacker is a malicious party irrelevant to a cloud service provider, and the attacker acquires a trap gate through a public channel between a eavesdropping cloud server and a receiver and then carries out KGA. The attackers in the internal KGA are semi-trusted or malicious cloud servers that can obtain trapdoors directly from the receiver and can execute search algorithms that make the internal KGA more difficult to defend. In addition, to reduce management, storage, or computing stress, the cloud server may modify or discard portions of the file, returning incorrect, incomplete search results. Therefore, if one wants to verify that the internal cloud server is truly honest for searching, an efficient verification mechanism must be introduced in order to detect whether the cloud server is performing the search properly and honestly.
The currently proposed public key searchable encryption scheme still presents many challenges in terms of security. In order to protect search privacy of a user and guarantee correctness and integrity of a search result, random calculation can be performed on a ciphertext by utilizing homomorphic encryption, the property of calculation logic is protected, and a public key searchable encryption method which can resist keyword guessing attack and can be verified is provided based on the homomorphic encryption.
The invention content is as follows:
the invention aims to: the problem of keyword guessing attack in the prior public key searchable encryption is solved, the privacy of a user is protected, and meanwhile, the data user can verify the correctness and the integrity of a retrieval result. In order to achieve the purpose, the invention adopts the following technical scheme:
the method comprises the following steps: a data user runs a secret key generation algorithm to generate a public key PK and a private key SK;
step two: the data owner generates a searchable index and an encrypted verification index according to the data file, uploads the searchable index and the encrypted file to the cloud server, and discloses the encrypted verification index;
step three: the data user generates a search trapdoor by using a private key and transmits the search trapdoor to the cloud server;
step four: the cloud server executes a search algorithm according to the search trapdoor and the searchable index, and returns a search result to the data user;
step five: and the data user verifies the search result, and after the verification is passed, the clear text file is obtained by decryption.
Drawings
FIG. 1 is a block diagram of a public key searchable encryption system according to the present invention.
The specific implementation mode is as follows:
the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments.
The invention provides a public key searchable encryption method based on fully homomorphic encryption, which comprises the following specific steps:
the method comprises the following steps: inputting a security parameter lambda, operating a key generation algorithm by a data user to generate a public key pk and a private key sk, and setting the public key pk and the private key sk as OPRF F: {0,1} * →{0,1} κ A key k is sampled, the public key pk is public, and the private key sk and the key k are stored by the data receiver.
Step two: given a key word w and pk, the data owner first sends the encrypted key word fhe.enc (w) to the data receiver, which then generates the randomized key word using the key k and an inadvertent pseudorandom function and returns it to the data receiver. The generated randomized keyword is:
Bw=OPRF k (DecCFHE.Enc(w,pk),sk))
and then generating a searchable keyword ciphertext according to the randomized keyword:
CT i =FHE.Enc(Bw i ,pk)
and generating a searchable index CIndex with a reverse structure according to the searchable keyword ciphertext and the ciphertext corresponding to the searchable keyword ciphertext.
Finally, an encrypted authentication index is generated and disclosed. The verification index structure is a two-dimensional data table, rows represent keyword searchable ciphertexts, columns represent stored encrypted files, the last column is verification proof preproof of the keyword ciphertexts PEKS (w), and the searchable ciphertexts and the encrypted files correspond to each other in size and are stored in a one-to-one mode. If Enc (file) j ) Containing the keyword w i Then set VINdex [ i ]][j]=Enc(file j Length), otherwise, set VINdex [ i ]][j]=Enc(0)。preproof[i]=(preproof 1 ,preproof 2 ) Is composed of two parts, namely a keyword w i All the corresponding file identifiers and the file sizes are respectively homomorphic added, namely
Step three: the data user takes the private key sk, the query keyword w and the key k as input to generate a keyword trapdoor T w :
T w =FHE.Enc(OPRF k (w),sk)
Step four: cloud server
Step five: after receiving the retrieval result Rf, the data user completes the following verification steps:
(1) Generating a proof of verification proof:
(2) Proof + proof =0, and if the equation is established, the size Enc (binary (Rf)) = proof of the encryption result file is checked 2 If the equation is established, outputting 1; otherwise, 0 is output and the result is discarded.
And after the verification is passed, decrypting by using the private key sk to obtain a plaintext file.
Claims (1)
1. A public key searchable encryption method based on fully homomorphic encryption comprises the following specific steps:
the method comprises the following steps: the data user runs a key generation algorithm to generate a public key pk, a private key sk and a key k;
step two: the data owner generates a searchable index and an encrypted verification index according to the data file, uploads the searchable index and the encrypted file to the cloud server, and discloses the encrypted verification index;
step three: the data user generates a search trapdoor by using a private key and transmits the search trapdoor to the cloud server;
step four: the cloud server executes a search algorithm according to the search trapdoor and the searchable index, and returns a search result to the data user;
step five: and the data user verifies the search result, and after the verification is passed, the clear text file is obtained by decryption.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211452008.2A CN115941155A (en) | 2022-11-19 | 2022-11-19 | Public key searchable encryption method based on fully homomorphic encryption |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202211452008.2A CN115941155A (en) | 2022-11-19 | 2022-11-19 | Public key searchable encryption method based on fully homomorphic encryption |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115941155A true CN115941155A (en) | 2023-04-07 |
Family
ID=86556738
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202211452008.2A Pending CN115941155A (en) | 2022-11-19 | 2022-11-19 | Public key searchable encryption method based on fully homomorphic encryption |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115941155A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118133327A (en) * | 2024-05-08 | 2024-06-04 | 三未信安科技股份有限公司 | Searchable encryption method and system supporting privacy of search mode |
-
2022
- 2022-11-19 CN CN202211452008.2A patent/CN115941155A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN118133327A (en) * | 2024-05-08 | 2024-06-04 | 三未信安科技股份有限公司 | Searchable encryption method and system supporting privacy of search mode |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111835500B (en) | Searchable encryption data secure sharing method based on homomorphic encryption and block chain | |
| Byun et al. | Off-line keyword guessing attacks on recent keyword search schemes over encrypted data | |
| Hsu et al. | A Study of Public Key Encryption with Keyword Search. | |
| CN110891066B (en) | Proxy anonymous communication method based on homomorphic encryption scheme | |
| Sun et al. | Secure searchable public key encryption against insider keyword guessing attacks from indistinguishability obfuscation | |
| CN106803784A (en) | The multi-user based on lattice is fuzzy in secure multimedia cloud storage can search for encryption method | |
| CN112270006A (en) | Searchable encryption method for hiding search mode and access mode in e-commerce platform | |
| CN111786790A (en) | Privacy protection identity-based encryption method and system with keyword search function | |
| Byun et al. | On a security model of conjunctive keyword search over encrypted relational database | |
| KR101217491B1 (en) | A method for searching keyword based on public key | |
| Zhang et al. | Secdedup: Secure encrypted data deduplication with dynamic ownership updating | |
| CN115941155A (en) | Public key searchable encryption method based on fully homomorphic encryption | |
| CN112560075B (en) | Lightweight searchable encryption method and device based on elliptic curve | |
| Liu et al. | Time-controlled hierarchical multikeyword search over encrypted data in cloud-assisted IoT | |
| Deepa et al. | An extensive review and possible attack on the privacy preserving ranked multi-keyword search for multiple data owners in cloud computing | |
| CN113407966A (en) | Searchable public key encryption method and system with key updating and ciphertext sharing functions | |
| CN108920968B (en) | File searchable encryption method based on connection keywords | |
| CN112000985A (en) | Proxy re-encryption method and system with specified condition keyword search function | |
| Yan et al. | Secure and efficient big data deduplication in fog computing | |
| CN115174600A (en) | Ciphertext data encryption and safe retrieval method and device for cloud storage system | |
| Zhan et al. | Improved proxy re-encryption with delegatable verifiability | |
| Zhu et al. | A secure data sharing scheme with designated server | |
| Borodin et al. | Key generation schemes for channel authentication in quantum key distribution protocol | |
| CN115550007A (en) | Signcryption method and system with equivalence test function based on heterogeneous system | |
| KR102400260B1 (en) | In-vehicle communication system based on edge computing using attribute-based access control and method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |