CN116112284B - Method and system for verifying validity of threshold proxy re-encryption cooperative network - Google Patents

Method and system for verifying validity of threshold proxy re-encryption cooperative network Download PDF

Info

Publication number
CN116112284B
CN116112284B CN202310206075.4A CN202310206075A CN116112284B CN 116112284 B CN116112284 B CN 116112284B CN 202310206075 A CN202310206075 A CN 202310206075A CN 116112284 B CN116112284 B CN 116112284B
Authority
CN
China
Prior art keywords
encryption
threshold
proxy
verification
validity
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202310206075.4A
Other languages
Chinese (zh)
Other versions
CN116112284A (en
Inventor
宋文鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Minyuxing Beijing Technology Co ltd
Original Assignee
Minyuxing Beijing Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Minyuxing Beijing Technology Co ltd filed Critical Minyuxing Beijing Technology Co ltd
Priority to CN202310206075.4A priority Critical patent/CN116112284B/en
Publication of CN116112284A publication Critical patent/CN116112284A/en
Application granted granted Critical
Publication of CN116112284B publication Critical patent/CN116112284B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0471Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying encryption by an intermediary, e.g. receiving clear information at the intermediary and encrypting the received information at the intermediary before forwarding
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/76Proxy, i.e. using intermediary entity to perform cryptographic operations
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The application discloses a method and a system for verifying validity of a threshold proxy re-encryption cooperative network. The method comprises the steps that firstly, a threshold encryption fragment generator and a threshold proxy re-encryption cooperation network are matched, the threshold encryption fragment generator generates a first public verification parameter and a second public verification parameter aiming at a fragmented encryption fragment data proxy, the activity of the data proxy is monitored through a threshold encryption fragment verification parameter recorder, then the public verification parameter is read from the threshold encryption fragment verification parameter recorder at one time by a validity verifier, and the validity verification of the threshold proxy re-encryption cooperation network is completed based on the two public verification parameters; when the validity of the threshold proxy re-encryption cooperative network is verified, the encryption fragment is not required to be exposed, the proxy re-encryption secret key is not required to be reconstructed, and the communication complexity is O (1), so that the high efficiency and safety of the verification process are ensured, and the execution efficiency is high. The method and the device solve the technical problems that the efficiency and the safety of the verification process are not high, and the execution efficiency is low.

Description

Method and system for verifying validity of threshold proxy re-encryption cooperative network
Technical Field
The application relates to the field of proxy re-encryption, in particular to a method and a system for verifying the validity of a threshold proxy re-encryption cooperative network.
Background
The proxy re-encryption technology is a method for realizing separation of data ownership and data use rights, wherein a data owner firstly grants the data use rights to a data proxy, and then the data proxy grants the data use rights to the data user again.
In order to avoid single data agent faults and the joint disfigurement of single data agent and data user, a threshold agent re-encryption technology is used to authorize the data use right to multiple data agents, then multiple data agents authorize the data user, when the authorized threshold reaches the appointed requirement, the data user can decrypt the ciphertext data by using own private key.
Meanwhile, the data proxy party can leave the threshold proxy re-encryption cooperative network at any time due to the problem of Bayesian error, so that the threshold fragments are reduced, and the number of effective encryption fragments in the threshold proxy re-encryption cooperative network is possibly smaller than the threshold, at the moment, the threshold proxy re-encryption cooperative network fails, the data use right cannot be authorized, and even if the data use right is authorized, the data use party cannot decrypt the data because the threshold cannot meet the stipulated requirement.
The method for detecting the failure of the threshold proxy re-encryption cooperative network generally adopts the method for acquiring the encryption fragments with the number greater than or equal to the threshold from the threshold proxy re-encryption cooperative network to see whether the reconstructed proxy re-encryption secret key can be reduced or not; the method has the security risk of revealing the encrypted fragment, the efficiency and the security of the verification process are not high, meanwhile, the network communication of O (t) is required, and the execution efficiency is low.
For the problems in the related art, no effective solution has been proposed at present.
Disclosure of Invention
The main purpose of the application is to provide a method and a system for verifying the validity of a threshold proxy re-encryption cooperative network, so as to solve the problems of low efficiency and safety in the verification process and low execution efficiency.
To achieve the above object, according to one aspect of the present application, there is provided a method for verifying validity of a threshold proxy re-encryption cooperative network.
The validity verification method of the threshold proxy re-encryption cooperative network comprises the following steps: the threshold encryption fragment generator segments the proxy re-encryption key into a plurality of encryption fragments; distributing a plurality of encryption fragments to a data agent in a threshold agent re-encryption cooperative network; the threshold encryption fragment generator generates a first public verification parameter; the data agent generates a corresponding second public verification parameter for each encrypted fragment held by the data agent; the threshold encryption fragment verification parameter recorder receives and stores the first public verification parameter sent by the threshold encryption fragment generator and the second public verification parameter sent by the data agency; when any data agent leaves the threshold agent re-encrypting cooperative network, deleting a second public verification parameter corresponding to any data agent; the validity verifier judges whether the number of the second public verification parameters is smaller than a preset threshold value or not; if yes, the threshold proxy re-encrypts the cooperative network to fail; and if not, carrying out validity verification of the threshold proxy re-encryption cooperative network according to the first public verification parameter and the second public verification parameter read from the threshold encryption fragment verification parameter recorder.
Further, after distributing the plurality of encrypted fragments to the data agent in the threshold proxy re-encryption cooperative network, the method further comprises: and reconstructing a proxy re-encryption key based on the obtained encryption fragments when the data proxy obtains the encryption fragments which are larger than or equal to the preset threshold value.
Further, the threshold encryption fragment generator may fragment the proxy re-encryption key into a number of encryption fragments including: the threshold encryption fragment generator fragments the proxy re-encryption key into several encryption fragments using a sharding algorithm shared by shamir secrets.
Further, when the data proxy obtains the encrypted fragments greater than or equal to the preset threshold value, reconstructing the proxy re-encryption key based on the obtained encrypted fragments includes: when the data proxy acquires more than or equal to a preset threshold value of encryption fragments, reconstructing a proxy re-encryption key based on the acquired encryption fragments by using a reconstruction algorithm of Shamir secret sharing.
Further, the verifying the validity of the threshold proxy re-encryption cooperative network according to the first public verification parameter and the second public verification parameter read from the threshold encryption fragment verification parameter recorder comprises: the first public verification parameters and the second public verification parameters read from the threshold encryption fragment verification parameter recorder, and verifying whether each second public verification parameter is valid; judging whether the number of the second public verification parameters for verification is more than a preset threshold value or not; if yes, the threshold proxy re-encrypts the cooperative network effectively; if not, the threshold proxy re-encrypts the cooperative network failure.
Further, the validity verifier determining whether the number of the second public verification parameters is smaller than a preset threshold value includes: when the validity verifier detects that the threshold encryption fragment verification parameter recorder deletes the second public verification parameter corresponding to the first data agent, judging whether the number of the second public verification parameters is smaller than a preset threshold value.
Further, the validity verifier determining whether the number of the second public verification parameters is smaller than a preset threshold value includes: and when the validity verifier detects the verification request or reaches a preset period threshold, judging whether the number of the second public verification parameters is smaller than the preset threshold.
To achieve the above object, according to another aspect of the present application, there is provided a validity verification system of a threshold proxy re-encryption cooperative network.
The validity verification system of the threshold proxy re-encryption cooperative network comprises the following steps: a threshold encryption fragment generator for fragmenting the proxy re-encryption key into a number of encryption fragments; distributing a plurality of encryption fragments to a data agent in a threshold agent re-encryption cooperative network; the threshold encryption fragment generator generates a first public verification parameter; the threshold proxy re-encryption cooperative network is used for generating a corresponding second public verification parameter for each encryption segment held by the data proxy; the threshold encryption fragment verification parameter recorder is used for receiving and storing the first public verification parameters sent by the threshold encryption fragment generator and the second public verification parameters sent by the data agency; when any data agent leaves the threshold agent re-encrypting cooperative network, deleting a second public verification parameter corresponding to any data agent; the validity verifier is used for judging whether the number of the second public verification parameters is smaller than a preset threshold value or not; if yes, the threshold proxy re-encrypts the cooperative network to fail; and if not, carrying out validity verification of the threshold proxy re-encryption cooperative network according to the first public verification parameter and the second public verification parameter read from the threshold encryption fragment verification parameter recorder.
Further, the validity verifier determining whether the number of the second public verification parameters is smaller than a preset threshold value includes: when the validity verifier detects that the threshold encryption fragment verification parameter recorder deletes the second public verification parameter corresponding to the first data agent, judging whether the number of the second public verification parameters is smaller than a preset threshold value.
Further, the validity verifier determining whether the number of the second public verification parameters is smaller than a preset threshold value includes: and when the validity verifier detects the verification request or reaches a preset period threshold, judging whether the number of the second public verification parameters is smaller than the preset threshold.
In the embodiment of the application, a mode of carrying out validity verification on a threshold-agent re-encryption cooperative network is adopted, a first public verification parameter is generated by a threshold encryption fragment generator and a second public verification parameter is generated by an encryption fragment data proxy for fragments through cooperation of the threshold-encryption fragment generator and the data proxy in the threshold-agent re-encryption cooperative network, the activity of the data proxy is monitored through a threshold encryption fragment verification parameter recorder, then the public verification parameter is read from the threshold encryption fragment verification parameter recorder at one time by a validity verifier, and the validity verification of the threshold-agent re-encryption cooperative network is completed based on the two public verification parameters; when the effectiveness verification of the threshold agent re-encryption cooperative network is achieved, the encryption fragments are not required to be exposed, the re-encryption secret key of the agent is not required to be reconstructed, and the communication complexity is O (1), so that the technical effects of high efficiency and safety in the verification process and high execution efficiency are achieved, and the technical problems of low efficiency and safety in the verification process and low execution efficiency are solved.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this application, are included to provide a further understanding of the application and to provide a further understanding of the application with regard to the other features, objects and advantages of the application. The drawings of the illustrative embodiments of the present application and their descriptions are for the purpose of illustrating the present application and are not to be construed as unduly limiting the present application. In the drawings:
FIG. 1 is a flow chart of a method of verifying the validity of a threshold proxy re-encrypted cooperative network in accordance with a preferred embodiment of the present application;
FIG. 2 is a block diagram of a validity verification system for a threshold proxy re-encryption cooperative network in accordance with a preferred embodiment of the present application;
fig. 3 is a schematic diagram of a method and system for verifying the validity of a threshold proxy re-encrypted cooperative network in accordance with a preferred embodiment of the present application.
Detailed Description
In order to make the present application solution better understood by those skilled in the art, the following description will be made in detail and with reference to the accompanying drawings in the embodiments of the present application, it is apparent that the described embodiments are only some embodiments of the present application, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, shall fall within the scope of the present application.
It should be noted that the terms "first," "second," and the like in the description and claims of the present application and the above figures are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order. It is to be understood that the data so used may be interchanged where appropriate in order to describe the embodiments of the present application described herein. Furthermore, the terms "comprises," "comprising," and "having," and any variations thereof, are intended to cover a non-exclusive inclusion, such that a process, method, system, article, or apparatus that comprises a list of steps or elements is not necessarily limited to those steps or elements expressly listed but may include other steps or elements not expressly listed or inherent to such process, method, article, or apparatus.
In the present application, the terms "upper", "lower", "left", "right", "front", "rear", "top", "bottom", "inner", "outer", "middle", "vertical", "horizontal", "lateral", "longitudinal" and the like indicate an azimuth or a positional relationship based on that shown in the drawings. These terms are only used to better describe the present invention and its embodiments and are not intended to limit the scope of the indicated devices, elements or components to the particular orientations or to configure and operate in the particular orientations.
Also, some of the terms described above may be used to indicate other meanings in addition to orientation or positional relationships, for example, the term "upper" may also be used to indicate some sort of attachment or connection in some cases. The specific meaning of these terms in the present invention will be understood by those of ordinary skill in the art according to the specific circumstances.
Furthermore, the terms "mounted," "configured," "provided," "connected," "coupled," and "sleeved" are to be construed broadly. For example, it may be a fixed connection, a removable connection, or a unitary construction; may be a mechanical connection, or an electrical connection; may be directly connected, or indirectly connected through intervening media, or may be in internal communication between two devices, elements, or components. The specific meaning of the above terms in the present invention can be understood by those of ordinary skill in the art according to the specific circumstances.
It should be noted that, in the case of no conflict, the embodiments and features in the embodiments may be combined with each other. The present application will be described in detail below with reference to the accompanying drawings in conjunction with embodiments.
As shown in FIG. 3, the method and system for verifying the validity of the threshold proxy re-encryption cooperative network provided by the application comprise a validity verifier, a threshold encryption fragment generator, a threshold encryption fragment verification parameter recorder and the threshold proxy re-encryption cooperative network. The validity verifier is used for verifying the validity of the threshold proxy re-encryption cooperative network, wherein the validity refers to that the number of valid encryption fragments in the network meets the threshold requirement, and the threshold proxy re-encryption operation can be normally carried out; the threshold encryption fragment generator generates a threshold encryption fragment according to the proxy re-encryption key and sends the encryption fragment to the data proxy; the threshold encryption segment verification parameter recorder is used for recording public verification parameters and public verification parameters generated by each data agent according to the encryption segments, and monitoring the activity of the data agent; the threshold proxy re-encryption collaboration network includes a plurality of data agents, each having one or more threshold encryption segments.
According to an embodiment of the present invention, there is provided a method for verifying validity of a threshold proxy re-encryption cooperative network, as shown in fig. 1, including the following steps S101 to S108:
s101, a threshold encryption fragment generator segments a proxy re-encryption key into a plurality of encryption fragments;
step S102, distributing a plurality of encryption fragments to a data agency in a threshold agency re-encryption cooperative network;
preferably, the threshold encryption fragment generator fragments the proxy re-encryption key into a number of encryption fragments comprises:
in step S1011, the threshold encrypted fragment generator segments the proxy re-encryption key into several encrypted fragments using a sharding algorithm shared by Shamir secrets. Wherein the proxy re-encryption key is denoted rk a→b The encrypted fragment is expressed as
Preferably, after distributing the plurality of encrypted fragments to the data agent in the threshold proxy re-encryption cooperative network, the method further comprises:
and step 2011, when the data proxy acquires the encrypted fragments which are larger than or equal to a preset threshold value, reconstructing a proxy re-encryption key based on the acquired encrypted fragments by using a reconstruction algorithm of Shamir secret sharing.
When this step is satisfied, the proxy re-encryption key rk can be reconstructed a→b Therefore, whether the threshold proxy re-encryption cooperative network is invalid can be detected by judging whether the threshold is larger than the threshold and judging whether the proxy re-encryption secret key can be reconstructed when the threshold is larger than the threshold. However, this method obviously has the security risk of revealing the encrypted segment, the efficiency and security of the verification process are not high, and meanwhile, the network communication of O (t) is required, so that the execution efficiency is low.
Step S103, a threshold encryption fragment generator generates a first public verification parameter;
let the polynomial be:
let G be the generator of group G, the threshold encrypted fragment generator generates the public verification parametersWherein, the liquid crystal display device comprises a liquid crystal display device,
the threshold encryption fragment generator generates a first public verification parameterAnd sending the data to a threshold encryption fragment verification parameter recorder and storing the data.
Step S104, the data agent generates a corresponding second public verification parameter for each encryption segment held by the data agent;
the data agent can also generate corresponding second public verification parameters T for each encryption segment held by the data agent according to the polynomial defined above i
The data agent party uses the second public verification parameter T i And sent to a threshold encrypted fragment verification parameter recorder and stored.
Step S105, a threshold encryption fragment verification parameter recorder receives and stores a first public verification parameter sent by a threshold encryption fragment generator and a second public verification parameter sent by a data agency; when any data agent leaves the threshold agent re-encrypting cooperative network, deleting a second public verification parameter corresponding to any data agent;
the threshold encrypted segment verification parameter recorder is capable of receiving and storing the first public verification parameter transmitted by the threshold encrypted segment generatorAnd a second public verification parameter T sent by the data proxy i . In addition, the threshold encryption fragment verification parameter recorder can also maintain heartbeat with the data agent party when certain dataWhen the agent leaves the threshold agent to re-encrypt the collaborative network, namely the corresponding heartbeat is lost, the threshold encrypted fragment verification parameter recorder deletes the second public verification parameter corresponding to the data agent.
Step S106, the validity verifier judges whether the number of the second public verification parameters is smaller than a preset threshold value;
step S107, if yes, the threshold proxy re-encrypts the cooperative network failure;
and S108, if not, carrying out validity verification of the threshold proxy re-encryption cooperative network according to the first public verification parameter and the second public verification parameter read from the threshold encryption fragment verification parameter recorder.
In order to detect whether the number of encrypted fragments held by a data agent in a threshold proxy re-encryption cooperative network meets the requirement of a threshold t, namely the effectiveness, x is set i ∈{x 1 ,…,x m M is the remaining second public verification parameterIs the number of (3);
if m < t, the threshold proxy re-encrypts the cooperative network to fail;
if t is less than or equal to m is less than or equal to N, the validity verifier reads all second public verification parameters from the threshold encrypted segment verification parameter recorderAnd a first public verification parameter->And for each common authentication parameter +.>And verifying whether the test is effective.
Preferably, the verifying the validity of the threshold proxy re-encryption cooperative network according to the first public verification parameter and the second public verification parameter read from the threshold encryption fragment verification parameter recorder includes:
step S1081, reading the first public verification parameters and the second public verification parameters from the threshold encryption fragment verification parameter recorder, and verifying whether each second public verification parameter is valid;
step S1082, judging whether the number of the second public verification parameters with valid verification exceeds a preset threshold value;
step S1083, if yes, the threshold proxy re-encrypts the cooperative network effectively;
step S1084, if not, the threshold proxy re-encrypts the collaborative network failure.
Whether each second public verification parameter is valid or not is verified as follows:
if it isThen->Effective, effective amount>At t, the threshold proxy re-encrypts the cooperative network effectively; otherwise, the threshold proxy re-encrypts the cooperative network failure.
According to the steps, when the validity of the threshold proxy re-encryption cooperative network is verified, the encryption fragments are not required to be exposed, the proxy re-encryption secret key is not required to be generated, and the verification process is safer; when the validity of the threshold proxy re-encryption cooperative network is verified, the high efficiency and safety of the verification process are ensured; when the validity of the threshold proxy re-encryption cooperative network is verified, the validity verifier reads the public verification parameters from the threshold encryption fragment verification parameter recorder at one time, the communication complexity is O (1), and the execution efficiency is high; when the validity of the cooperative network is verified by the threshold proxy re-encryption, the data owner, the data user and the data proxy do not need to participate in the verification process, so that non-interactive verification is realized.
From the above description, it can be seen that the following technical effects are achieved:
in the embodiment of the application, a mode of carrying out validity verification on a threshold-agent re-encryption cooperative network is adopted, a first public verification parameter is generated by a threshold encryption fragment generator and a second public verification parameter is generated by an encryption fragment data proxy for fragments through cooperation of the threshold-encryption fragment generator and the data proxy in the threshold-agent re-encryption cooperative network, the activity of the data proxy is monitored through a threshold encryption fragment verification parameter recorder, then the public verification parameter is read from the threshold encryption fragment verification parameter recorder at one time by a validity verifier, and the validity verification of the threshold-agent re-encryption cooperative network is completed based on the two public verification parameters; when the effectiveness verification of the threshold agent re-encryption cooperative network is achieved, the encryption fragments are not required to be exposed, the re-encryption secret key of the agent is not required to be reconstructed, and the communication complexity is O (1), so that the technical effects of high efficiency and safety in the verification process and high execution efficiency are achieved, and the technical problems of low efficiency and safety in the verification process and low execution efficiency are solved.
Preferably, the validity verifier determining whether the number of second public verification parameters is smaller than a preset threshold value includes:
when the validity verifier detects that the threshold encryption fragment verification parameter recorder deletes the second public verification parameter corresponding to the first data agent, judging whether the number of the second public verification parameters is smaller than a preset threshold value. To further improve the verification efficiency, the second common verification parameter of the threshold encrypted piece verification parameter recorder is executed each time the variation is reduced; and when the second public verification parameters of the threshold encryption fragment verification parameter recorder are reduced and changed each time, the verification operation is executed, the execution according to frequency periods is not needed, and the verification process is more efficient.
Optionally, the validity verifier determining whether the number of second public verification parameters is smaller than a preset threshold value includes:
and when the validity verifier detects the verification request or reaches a preset period threshold, judging whether the number of the second public verification parameters is smaller than the preset threshold. The validity verifier can perform validity verification on the validity verification opportunity of the threshold proxy re-encryption cooperative network at any time according to the requirement, and can also perform verification periodically.
It should be noted that the steps illustrated in the flowcharts of the figures may be performed in a computer system such as a set of computer executable instructions, and that although a logical order is illustrated in the flowcharts, in some cases the steps illustrated or described may be performed in an order other than that illustrated herein.
According to an embodiment of the present invention, there is also provided a system for implementing the above-mentioned method for verifying validity of a threshold proxy re-encryption cooperative network, as shown in fig. 2, where the system includes:
a threshold encryption fragment generator 100 for fragmenting the proxy re-encryption key into a number of encryption fragments; distributing a plurality of encryption fragments to a data agent in a threshold agent re-encryption cooperative network; the threshold encryption fragment generator generates a first public verification parameter;
the threshold proxy re-encryption cooperative network 200 is configured to generate a corresponding second public verification parameter for each encrypted segment held by the data proxy;
a threshold encryption segment verification parameter recorder 300 for receiving and storing the first public verification parameter transmitted by the threshold encryption segment generator and the second public verification parameter transmitted by the data agent; when any data agent leaves the threshold agent re-encrypting cooperative network, deleting a second public verification parameter corresponding to any data agent;
a validity verifier 400 for determining whether the number of second public verification parameters is smaller than a preset threshold value; if yes, the threshold proxy re-encrypts the cooperative network to fail; and if not, carrying out validity verification of the threshold proxy re-encryption cooperative network according to the first public verification parameter and the second public verification parameter read from the threshold encryption fragment verification parameter recorder.
Preferably, the threshold encryption fragment generator fragments the proxy re-encryption key into a number of encryption fragments comprises:
the threshold encryption fragment generator fragments the proxy re-encryption key into several encryption fragments using a sharding algorithm shared by shamir secrets. Wherein the proxy re-encryption key is denoted rk a→b Encryption fragment tableShown as
Preferably, after distributing the plurality of encrypted fragments to the data agent in the threshold proxy re-encryption cooperative network, the method further comprises:
when the data proxy acquires more than or equal to a preset threshold value of encryption fragments, reconstructing a proxy re-encryption key based on the acquired encryption fragments by using a reconstruction algorithm of Shamir secret sharing.
When this step is satisfied, the proxy re-encryption key rk can be reconstructed a→b Therefore, whether the threshold proxy re-encryption cooperative network is invalid can be detected by judging whether the threshold is larger than the threshold and judging whether the proxy re-encryption secret key can be reconstructed when the threshold is larger than the threshold. However, this method obviously has the security risk of revealing the encrypted segment, the efficiency and security of the verification process are not high, and meanwhile, the network communication of O (t) is required, so that the execution efficiency is low.
Let the polynomial be:
let G be the generator of group G, the threshold encrypted fragment generator generates the public verification parametersWherein, the liquid crystal display device comprises a liquid crystal display device,
the threshold encryption fragment generator generates a first public verification parameterAnd sending the data to a threshold encryption fragment verification parameter recorder and storing the data.
The data agent can also generate corresponding second public verification parameters T for each encryption segment held by the data agent according to the polynomial defined above i
The data agent party uses the second public verification parameter T i And sent to a threshold encrypted fragment verification parameter recorder and stored.
The threshold encrypted segment verification parameter recorder is capable of receiving and storing the first public verification parameter transmitted by the threshold encrypted segment generatorAnd a second public verification parameter T sent by the data proxy i . In addition, the threshold encrypted segment verification parameter recorder may also maintain a heartbeat with the data agent, and when some data agents leave the threshold agent to re-encrypt the cooperative network, i.e. the corresponding heartbeat is lost, the threshold encrypted segment verification parameter recorder deletes the second public verification parameter corresponding to the data agent.
In order to detect whether the number of encrypted fragments held by a data agent in a threshold proxy re-encryption cooperative network meets the requirement of a threshold t, namely the effectiveness, x is set i ∈{x 1 ,…,x m M is the remaining second public verification parameterIs the number of (3);
if m < t, the threshold proxy re-encrypts the cooperative network to fail;
if t is less than or equal to m is less than or equal to N, the validity verifier reads all second public verification parameters from the threshold encrypted segment verification parameter recorderAnd a first public verification parameter->And for each common authentication parameter +.>And verifying whether the test is effective.
Preferably, the verifying the validity of the threshold proxy re-encryption cooperative network according to the first public verification parameter and the second public verification parameter read from the threshold encryption fragment verification parameter recorder includes:
the first public verification parameters and the second public verification parameters read from the threshold encryption fragment verification parameter recorder, and verifying whether each second public verification parameter is valid;
judging whether the number of the second public verification parameters for verification is more than a preset threshold value or not;
if yes, the threshold proxy re-encrypts the cooperative network effectively;
if not, the threshold proxy re-encrypts the cooperative network failure.
Whether each second public verification parameter is valid or not is verified as follows:
if it isThen->Effective, effective amount>At t, the threshold proxy re-encrypts the cooperative network effectively; otherwise, the threshold proxy re-encrypts the cooperative network failure.
According to the steps, when the validity of the threshold proxy re-encryption cooperative network is verified, the encryption fragments are not required to be exposed, the proxy re-encryption secret key is not required to be generated, and the verification process is safer; when the validity of the threshold proxy re-encryption cooperative network is verified, the high efficiency and safety of the verification process are ensured; when the validity of the threshold proxy re-encryption cooperative network is verified, the validity verifier reads the public verification parameters from the threshold encryption fragment verification parameter recorder at one time, the communication complexity is O (1), and the execution efficiency is high; when the validity of the cooperative network is verified by the threshold proxy re-encryption, the data owner, the data user and the data proxy do not need to participate in the verification process, so that non-interactive verification is realized.
It will be apparent to those skilled in the art that the modules or steps of the invention described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, or they may alternatively be implemented in program code executable by computing devices, such that they may be stored in a memory device for execution by the computing devices, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps within them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
From the above description, it can be seen that the following technical effects are achieved:
in the embodiment of the application, a mode of carrying out validity verification on a threshold-agent re-encryption cooperative network is adopted, a first public verification parameter is generated by a threshold encryption fragment generator and a second public verification parameter is generated by an encryption fragment data proxy for fragments through cooperation of the threshold-encryption fragment generator and the data proxy in the threshold-agent re-encryption cooperative network, the activity of the data proxy is monitored through a threshold encryption fragment verification parameter recorder, then the public verification parameter is read from the threshold encryption fragment verification parameter recorder at one time by a validity verifier, and the validity verification of the threshold-agent re-encryption cooperative network is completed based on the two public verification parameters; when the effectiveness verification of the threshold agent re-encryption cooperative network is achieved, the encryption fragments are not required to be exposed, the re-encryption secret key of the agent is not required to be reconstructed, and the communication complexity is O (1), so that the technical effects of high efficiency and safety in the verification process and high execution efficiency are achieved, and the technical problems of low efficiency and safety in the verification process and low execution efficiency are solved.
The foregoing description is only of the preferred embodiments of the present application and is not intended to limit the same, but rather, various modifications and variations may be made by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principles of the present application should be included in the protection scope of the present application.

Claims (10)

1. A method for verifying the validity of a threshold proxy re-encryption cooperative network, comprising the steps of:
the threshold encryption fragment generator segments the proxy re-encryption key into a plurality of encryption fragments;
distributing a plurality of encryption fragments to a data agent in a threshold agent re-encryption cooperative network;
the threshold encryption fragment generator generates a first public verification parameter;
the data agent generates a corresponding second public verification parameter for each encrypted fragment held by the data agent;
the threshold encryption fragment verification parameter recorder receives and stores the first public verification parameter sent by the threshold encryption fragment generator and the second public verification parameter sent by the data agency; when any data agent leaves the threshold agent re-encrypting cooperative network, deleting a second public verification parameter corresponding to any data agent;
the validity verifier judges whether the number of the second public verification parameters is smaller than a preset threshold value or not;
if yes, the threshold proxy re-encrypts the cooperative network to fail;
and if not, carrying out validity verification of the threshold proxy re-encryption cooperative network according to the first public verification parameter and the second public verification parameter read from the threshold encryption fragment verification parameter recorder.
2. The method of claim 1, wherein distributing the encrypted fragments to the data agent in the threshold proxy re-encryption cooperative network further comprises:
and reconstructing a proxy re-encryption key based on the obtained encryption fragments when the data proxy obtains the encryption fragments which are larger than or equal to the preset threshold value.
3. The method of claim 1, wherein the threshold encryption fragment generator fragments the proxy re-encryption key into a number of encryption fragments comprises:
the threshold encryption fragment generator fragments the proxy re-encryption key into several encryption fragments using a sharding algorithm shared by Shamir secrets.
4. The validity verification method of claim 2, wherein when the data proxy obtains the encrypted pieces equal to or greater than the preset threshold value, reconstructing the proxy re-encryption key based on the obtained encrypted pieces includes:
when the data proxy acquires more than or equal to a preset threshold value of encryption fragments, reconstructing a proxy re-encryption key based on the acquired encryption fragments by using a reconstruction algorithm of Shamir secret sharing.
5. The method of claim 1, wherein verifying the validity of the threshold proxy re-encrypted cooperative network based on the first public verification parameter and the second public verification parameter read from the threshold encrypted segment verification parameter recorder comprises:
the first public verification parameters and the second public verification parameters read from the threshold encryption fragment verification parameter recorder, and verifying whether each second public verification parameter is valid;
judging whether the number of the second public verification parameters for verification is more than a preset threshold value or not;
if yes, the threshold proxy re-encrypts the cooperative network effectively;
if not, the threshold proxy re-encrypts the cooperative network failure.
6. The validity verification method of claim 1, wherein the validity verifier determining whether the number of second common verification parameters is less than a preset threshold value includes:
when the validity verifier detects that the threshold encryption fragment verification parameter recorder deletes the second public verification parameter corresponding to the first data agent, judging whether the number of the second public verification parameters is smaller than a preset threshold value.
7. The validity verification method of claim 1, wherein the validity verifier determining whether the number of second common verification parameters is less than a preset threshold value includes:
and when the validity verifier detects the verification request or reaches a preset period threshold, judging whether the number of the second public verification parameters is smaller than the preset threshold.
8. A validity verification system for a threshold proxy re-encryption cooperative network, comprising:
a threshold encryption fragment generator for fragmenting the proxy re-encryption key into a number of encryption fragments; distributing a plurality of encryption fragments to a data agent in a threshold agent re-encryption cooperative network; the threshold encryption fragment generator generates a first public verification parameter;
the threshold proxy re-encryption cooperative network is used for generating a corresponding second public verification parameter for each encryption segment held by the data proxy;
the threshold encryption fragment verification parameter recorder is used for receiving and storing the first public verification parameters sent by the threshold encryption fragment generator and the second public verification parameters sent by the data agency; when any data agent leaves the threshold agent re-encrypting cooperative network, deleting a second public verification parameter corresponding to any data agent;
the validity verifier is used for judging whether the number of the second public verification parameters is smaller than a preset threshold value or not; if yes, the threshold proxy re-encrypts the cooperative network to fail; and if not, carrying out validity verification of the threshold proxy re-encryption cooperative network according to the first public verification parameter and the second public verification parameter read from the threshold encryption fragment verification parameter recorder.
9. The validity verification system of claim 8 wherein the validity verifier determining if the number of second public verification parameters is less than a preset threshold value comprises:
when the validity verifier detects that the threshold encryption fragment verification parameter recorder deletes the second public verification parameter corresponding to the first data agent, judging whether the number of the second public verification parameters is smaller than a preset threshold value.
10. The validity verification system of claim 8 wherein the validity verifier determining if the number of second public verification parameters is less than a preset threshold value comprises:
and when the validity verifier detects the verification request or reaches a preset period threshold, judging whether the number of the second public verification parameters is smaller than the preset threshold.
CN202310206075.4A 2023-02-27 2023-02-27 Method and system for verifying validity of threshold proxy re-encryption cooperative network Active CN116112284B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310206075.4A CN116112284B (en) 2023-02-27 2023-02-27 Method and system for verifying validity of threshold proxy re-encryption cooperative network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310206075.4A CN116112284B (en) 2023-02-27 2023-02-27 Method and system for verifying validity of threshold proxy re-encryption cooperative network

Publications (2)

Publication Number Publication Date
CN116112284A CN116112284A (en) 2023-05-12
CN116112284B true CN116112284B (en) 2023-07-18

Family

ID=86261689

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310206075.4A Active CN116112284B (en) 2023-02-27 2023-02-27 Method and system for verifying validity of threshold proxy re-encryption cooperative network

Country Status (1)

Country Link
CN (1) CN116112284B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111342976A (en) * 2020-03-04 2020-06-26 中国人民武装警察部队工程大学 Verifiable ideal lattice upper threshold proxy re-encryption method and system
CN113569271A (en) * 2021-09-27 2021-10-29 深圳前海环融联易信息科技服务有限公司 Threshold proxy re-encryption method and system based on attribute condition
WO2022120886A1 (en) * 2020-12-10 2022-06-16 深圳技术大学 Commodity transaction method and apparatus, computer device, storage medium, and system
WO2022155811A1 (en) * 2021-01-20 2022-07-28 深圳技术大学 Multi-receiver proxy re-encryption method and system, and electronic apparatus and storage medium
CN114944915A (en) * 2022-06-10 2022-08-26 敏于行(北京)科技有限公司 Threshold proxy re-encryption method and related device for non-interactive dynamic proxy
CN115348054A (en) * 2022-06-30 2022-11-15 海南大学 Block chain data proxy re-encryption model based on IPFS

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10581812B2 (en) * 2015-12-01 2020-03-03 Duality Technologies, Inc. Device, system and method for fast and secure proxy re-encryption
US11171791B2 (en) * 2019-01-15 2021-11-09 0Chain, LLC Systems and methods of aggregate signing of digital signatures on multiple messages simultaneously using key splitting
JP7087965B2 (en) * 2018-11-29 2022-06-21 日本電信電話株式会社 Cryptographic system, cryptographic device, decryption device, encryption method, decryption method and program

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111342976A (en) * 2020-03-04 2020-06-26 中国人民武装警察部队工程大学 Verifiable ideal lattice upper threshold proxy re-encryption method and system
WO2022120886A1 (en) * 2020-12-10 2022-06-16 深圳技术大学 Commodity transaction method and apparatus, computer device, storage medium, and system
WO2022155811A1 (en) * 2021-01-20 2022-07-28 深圳技术大学 Multi-receiver proxy re-encryption method and system, and electronic apparatus and storage medium
CN113569271A (en) * 2021-09-27 2021-10-29 深圳前海环融联易信息科技服务有限公司 Threshold proxy re-encryption method and system based on attribute condition
CN114944915A (en) * 2022-06-10 2022-08-26 敏于行(北京)科技有限公司 Threshold proxy re-encryption method and related device for non-interactive dynamic proxy
CN115348054A (en) * 2022-06-30 2022-11-15 海南大学 Block chain data proxy re-encryption model based on IPFS

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
"Improved Proxy Re-encryption Scheme with Equality Test";Chih-Chen Yang等;《IEEE 2021 16th Asia Joint Conference on Information Security》;第37-44页 *
"新型的门限加密与签名方案的研究";杨丕一;《中国博士学位论文全文数据库》(第07期);第1-131页 *

Also Published As

Publication number Publication date
CN116112284A (en) 2023-05-12

Similar Documents

Publication Publication Date Title
CN111209334B (en) Power terminal data security management method based on block chain
CN102685093B (en) A kind of identity authorization system based on mobile terminal and method
US9852300B2 (en) Secure audit logging
JP6120895B2 (en) System and method for securing data in the cloud
US9608813B1 (en) Key rotation techniques
ES2581548T3 (en) Systems and procedures to ensure virtual machine computing environments
US20160337124A1 (en) Secure backup and recovery system for private sensitive data
Han et al. A data sharing protocol to minimize security and privacy risks of cloud storage in big data era
CN109361668A (en) A kind of data trusted transmission method
US9300639B1 (en) Device coordination
CN202795383U (en) Device and system for protecting data
CN103384196A (en) Secure data parser method and system
CN105553654B (en) Key information processing method and device, key information management system
CN103229450A (en) Systems and methods for secure multi-enant data storage
CN105191207A (en) Federated key management
JPH10508438A (en) System and method for key escrow and data escrow encryption
US9215070B2 (en) Method for the cryptographic protection of an application
CN105450650A (en) Safety mobile electronic health record access control system
CN111294203B (en) Information transmission method
EP3231182A1 (en) Secure media player
CN106127081B (en) The open data fault-tolerant method for secure storing that can verify that
CN107911567A (en) A kind of system and method for resisting printer physical attacks
CN112073422A (en) Intelligent home protection system and protection method thereof
CN108769036B (en) Data processing system and processing method based on cloud system
KR101033475B1 (en) Personal information protection apparatus and method for managing distribution channel of personal information efficiently and safely

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant