CN116361842A - Method for searching encrypted data and storage controller - Google Patents
Method for searching encrypted data and storage controller Download PDFInfo
- Publication number
- CN116361842A CN116361842A CN202111617147.1A CN202111617147A CN116361842A CN 116361842 A CN116361842 A CN 116361842A CN 202111617147 A CN202111617147 A CN 202111617147A CN 116361842 A CN116361842 A CN 116361842A
- Authority
- CN
- China
- Prior art keywords
- encryption
- ciphertext
- encrypted
- key
- keyword
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 109
- 230000004044 response Effects 0.000 claims abstract description 20
- 230000008569 process Effects 0.000 claims description 28
- 238000012545 processing Methods 0.000 claims description 16
- 238000004422 calculation algorithm Methods 0.000 claims description 12
- 230000006870 function Effects 0.000 description 14
- 238000010586 diagram Methods 0.000 description 12
- 239000007787 solid Substances 0.000 description 7
- 230000005540 biological transmission Effects 0.000 description 5
- 238000004364 calculation method Methods 0.000 description 4
- 238000012795 verification Methods 0.000 description 4
- 238000001514 detection method Methods 0.000 description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000013507 mapping Methods 0.000 description 3
- 239000000835 fiber Substances 0.000 description 2
- 238000007726 management method Methods 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 238000013459 approach Methods 0.000 description 1
- 230000001413 cellular effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- CXOXHMZGEKVPMT-UHFFFAOYSA-N clobazam Chemical compound O=C1CC(=O)N(C)C2=CC=C(Cl)C=C2N1C1=CC=CC=C1 CXOXHMZGEKVPMT-UHFFFAOYSA-N 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000004590 computer program Methods 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 230000003111 delayed effect Effects 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000010365 information processing Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 229940044442 onfi Drugs 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 238000010845 search algorithm Methods 0.000 description 1
- 239000000758 substrate Substances 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
Abstract
The application relates to a method for searching encrypted data and a storage controller, wherein the method is applied to a solid-state memory and comprises the following steps: in response to receiving a first trapdoor, searching for a first ciphertext that matches the first trapdoor, wherein the first trapdoor includes a first encryption key; the first ciphertext is used for indexing a first encrypted file corresponding to the first encrypted keyword; and determining a first encrypted file corresponding to the first trapdoor according to the first ciphertext, and providing the first encrypted file for a host. The method can realize the search of the encrypted data in the solid-state memory, thereby reducing the burden of a host and improving the searching efficiency and the searching safety.
Description
Technical Field
The present application relates generally to the field of solid state memory technology. More particularly, the present application relates to a method, memory controller and related products for encrypted data searching.
Background
FIG. 1 illustrates a block diagram of a solid state storage device. The solid state storage device 102 is coupled to a host for providing storage capability for the host. The host and solid state storage device 102 may be coupled by a variety of means including, but not limited to, connecting the host to the solid state storage device 102 via, for example, SATA (Serial Advanced Technology Attachment ), SCSI (Small Computer System Interface, small computer system interface), SAS (Serial Attached SCSI ), IDE (Integrated Drive Electronics, integrated drive electronics), USB (Universal Serial Bus ), PCIE (Peripheral Component Interconnect Express, PCIE, peripheral component interconnect Express), NVMe (NVM Express), ethernet, fibre channel, wireless communications network, and the like. The host may be an information processing device capable of communicating with the storage device in the manner described above, such as a personal computer, tablet, server, portable computer, network switch, router, cellular telephone, personal digital assistant, or the like. The storage device 102 (hereinafter, solid-state storage device will be simply referred to as storage device) includes an interface 103, a control section 104, one or more NVM chips 105, and a DRAM (Dynamic Random Access Memory ) 110.
The NVM chip 105 described above includes NAND flash memory, phase change memory, feRAM (Ferroelectric RAM, ferroelectric memory), MRAM (Magnetic Random Access Memory, magnetoresistive memory), RRAM (Resistive Random Access Memory, resistive memory), and the like, which are common storage media.
The interface 103 may be adapted to exchange data with a host by way of, for example, SATA, IDE, USB, PCIE, NVMe, SAS, ethernet, fibre channel, etc.
The control unit 104 is used for controlling data transmission among the interface 103, the NVM chip 105 and the DRAM 110, and also for memory management, host logical address to flash physical address mapping, erase balancing, bad block management, etc. The control component 104 can be implemented in a variety of ways, such as software, hardware, firmware, or a combination thereof, for example, the control component 104 can be in the form of an FPGA (Field-programmable gate array, field programmable gate array), an ASIC (Application Specific Integrated Circuit, application-specific integrated circuit), or a combination thereof. The control component 104 may also include a processor or controller in which software is executed to manipulate the hardware of the control component 104 to process IO (Input/Output) commands. Control unit 104 may also be coupled to DRAM 110 and may access data of DRAM 110. FTL tables and/or cached data of IO commands may be stored in the DRAM.
The control section 104 issues a command to the NVM chip 105 in a manner conforming to the interface protocol of the NVM chip 105 to operate the NVM chip 105, and receives a command execution result output from the NVM chip 105. Known NVM chip interface protocols include "Toggle", "ONFI", and the like.
In storage technology, the above-described solid state storage devices are often used in servers for storing data. The user terminal can be interconnected with the server through a network so as to realize data interaction with the server. For example, a user may store a personal file on a storage device of a trusted server through trusted computing storage transport, where a trusted server refers to a user knowing the identity of the server and trusting it; the user may also store the personal file in an untrusted server through a zero trust computing storage transmission, where an untrusted server means that the user may or may not know it, but the user is not trusted with the server, whether or not it is known. For example, an untrusted edge device in an edge computing network. In order to protect the security of the user file, the user file needs to be stored after being encrypted in some way. Since the user file is stored in the storage device of the server in an encrypted manner, only the key owner has decryption capability in order to ensure the security of the user file, and the server does not have decryption capability. Therefore, when a user performs a search, in order to ensure the security of the user file, the search needs to be performed by adopting an encryption search mode, that is, the search is performed in a server based on ciphertext. Solutions for search queries based on ciphertext have been proposed, such as the paper "research reviews on searchable encryption techniques" ("software journal; li Jingwei, gu Chunfu, etc.; month 8 of 2014) summarize searchable encryption techniques. It is noted that the searchable encryption technique includes a symmetric searchable encryption scheme and an asymmetric searchable encryption scheme. The symmetrical searchable encryption scheme is further divided into SWP scheme, Z-IDX scheme and SSE-1 scheme.
Disclosure of Invention
Currently, the searchable encryption scheme mainly consists of two parts: part is user file encryption and storage; the other part is the user file encryption search. For encryption and storage of user files, the process is as follows: the client firstly encrypts keywords in the user file and the file to obtain an encrypted keyword and an encrypted file, then sends the encrypted keyword and the encrypted file to the server, and the server receives the encrypted keyword and the encrypted file and stores the encrypted keyword and the encrypted file in a storage medium of the memory. For the user file encryption search, the procedure is as follows: the client sends the index (such as trapdoor) of the keyword to be queried to the server, the server receives the index and reads all or part of the encryption keywords from the storage medium of the storage device, then the processor of the server searches the encryption keywords matched with the index from part or all of the encryption keywords according to the index, searches the corresponding encryption files according to the matched encryption keywords, for example, the mapping relation between the encryption keywords and the encryption files is also stored in the storage device, and the server can search the encryption files corresponding to the matched encryption keywords according to the mapping relation. In addition, after the server inquires the encrypted file, the encrypted file is sent to the client, and the client decrypts the encrypted file according to the secret key to obtain a plaintext. The current searchable encryption scheme is deployed at a server, for example, in a cloud computing or an edge computing system, and the searchable encryption scheme is deployed at a cloud or an edge device. However, performing a searchable encryption scheme by the server may increase the burden on the server on the one hand; on the other hand, when the server executes the searchable encryption process, the stored encryption keywords need to be read from the storage device or the search result needs to be written into the storage device, and when the data size of the encryption keywords stored in the storage device is large, the storage device can consume a long time for reading the encryption keywords, so that the searching efficiency is affected.
According to the encryption method and the encryption device, the searchable encryption technical scheme is deployed in the storage device (for example, SSD), and the encryption searching process is carried out by the storage device, so that on one hand, the server can be released from the encryption searching work, and the pressure of the server is relieved. On the other hand, the search process is executed by the inside of the storage device, and only the encryption keyword is read out from the storage medium, namely, the encryption keyword is transmitted only through the data transmission link in the storage device, and the data transmission link in the storage device is obviously shorter than the data transmission link between the storage device and the server, so that the time for reading the encryption keyword is reduced, and the search efficiency is improved; in yet another aspect, the storage device in the present application is a KV storage device, where the searched encrypted keyword and the ciphertext corresponding to the encrypted keyword are stored (for example, stored in a query history) by the KV storage device, when searching is performed, the storage device first queries whether the current encrypted keyword to be searched has been previously queried from the KV storage device, and if the current encrypted keyword has been queried, directly reads the ciphertext corresponding to the encrypted keyword, determines an encrypted file corresponding to the encrypted keyword according to the ciphertext, and sends the encrypted file to the server, and then the server sends the encrypted file to the client for decryption. Namely, the encryption keywords which are queried in the history do not need to be repeatedly compared with the encryption keywords stored in the storage device, so that the searching efficiency is improved. On the other hand, since the storage device controller (such as the SSD controller) has its own "physical fingerprint", and an unauthorized party cannot obtain this fingerprint information without damaging the storage device controller, the security of the searchable encryption scheme is improved.
According to a first aspect of the present application, there is provided a first method for encrypted data search according to the first aspect of the present application, applied to a storage device, in response to receiving a first trapdoor (T W ) Searching for a first ciphertext (C) that matches the first trapdoor, wherein the first trapdoor (T W ) Including a first encryption key (E (W)); the first ciphertext is used for indexing a first encrypted file corresponding to the first encrypted keyword (E (W)); determining the first trapdoor (T) based on the first ciphertext W ) And providing the corresponding first encrypted file for the host.
According to a first method for searching encrypted data of the first aspect of the present application, there is provided a second method for searching encrypted data according to the first aspect of the present application, searching for a first ciphertext matching the first trapdoor, including: searching a query history according to the first trapdoor in response to the stored query history, wherein the query history comprises searched encryption keywords and corresponding ciphertext; in response to querying the first ciphertext in the query history, determining the first ciphertext from the query history.
According to a second method for searching encrypted data in the first aspect of the application, there is provided a third method for searching encrypted data in the first aspect of the application, wherein the storage device is a KV storage device; according to the first trapdoor search query history, comprising: and responding to the query history, storing the query history in the KV storage device in the form of < key words, key values > and querying a first ciphertext corresponding to the first encryption key words from the KV storage device.
According to a third method for searching encrypted data in the first aspect of the present application, there is provided a fourth method for searching encrypted data in the first aspect of the present application, wherein the query history is stored in a KV storage device in the form of < key, key value >, wherein the first encrypted key is used as a key, and the first ciphertext is used as a key value.
According to a second method for searching encrypted data of the first aspect of the present application, there is provided a fifth method for searching encrypted data according to the first aspect of the present application, searching for a first ciphertext matching the first trapdoor, comprising: and in response to the fact that the query history is not stored or the first ciphertext is not queried in the query history, respectively processing the stored one or more ciphertexts (C0-Cn) according to the first encryption keyword (E (W)) to obtain an encryption character string (S||T) corresponding to each ciphertext, and verifying each encryption character string to obtain the first ciphertext (C).
According to a fifth method for searching encrypted data in a first aspect of the present application, there is provided a sixth method for searching encrypted data in a first aspect of the present application, wherein the processing, according to the first encryption keyword (E (W)), the stored one or more ciphertexts (C0 to Cn) to obtain an encrypted string corresponding to each ciphertext includes: and performing exclusive or operation on the first encryption keyword (E (W)) and one or more stored ciphertexts (C0-Cn) respectively to obtain an encryption character string corresponding to each ciphertexts, wherein the ciphertexts are obtained by exclusive or operation on the encryption keyword and the encryption character string.
According to a sixth method for encrypted data search according to the first aspect of the present application, there is provided a seventh method for encrypted data search according to the first aspect of the present application, performing an exclusive-or operation on the first encryption key and the stored one or more ciphertexts (C0 to Cn) to verify an encrypted string, including: reading each ciphertext in a plurality of ciphers from a memory one by one, and performing exclusive-or operation on each read ciphertext and a first encryption keyword to obtain a corresponding encryption character string; or reading all the stored ciphertexts from the memory, and performing exclusive-or operation on the first encryption key word and each ciphertext to obtain the corresponding encryption character string.
According to a fifth method for encrypted data search of the first aspect of the present application, there is provided an eighth method for encrypted data search according to the first aspect of the present application, each encrypted string comprising a left portion (S) and a right portion (T), wherein the left portion (S) of the encrypted string is a random number; in the encryption storage process, an encryption keyword E (Wi) corresponding to each encryption character string is divided into a left part (Li) and a right part (Ri), the left part Li of the encryption keyword is encrypted to obtain a first key (Kp), and the first key (Kp) and the random number are encrypted to obtain a right part (T) of the encryption character string.
According to an eighth method for encrypted data search according to the first aspect of the present application, there is provided a ninth method for encrypted data search according to the first aspect of the present application, verifying each encrypted string to obtain the first ciphertext (Ci), comprising: encrypting a second key (Kq) with a left part (S) of the encrypted character string to obtain a second encrypted value (F (K, S)), wherein the second key (Kq) is the character string obtained by encrypting a left part (L) of the first encrypted keyword; wherein the second key (Kq) is calculated by the client according to the first encryption keyword; or pre-storing an algorithm (f) for encrypting the left part (L) of the first encryption keyword, and calculating the second key (Kq) according to the algorithm; and matching the second encryption value F (K, S) with the right part (T) of the corresponding encryption character string, determining that the encryption character string passes verification if the matching is successful, and taking the ciphertext corresponding to the encryption character string as the first ciphertext.
According to a ninth method for encrypted data search according to the first aspect of the present application, there is provided a method for encrypted data search according to the tenth aspect of the present application, matching the second encrypted value (F (K, S)) with a right portion (T) of its corresponding encrypted string, comprising: determining whether the second encryption value (F (K, S)) and the right portion (T) of the encrypted string match successfully, based on whether the second encryption value (F (K, S)) and the right portion (T) of the encrypted string are identical.
According to a ninth or tenth method for encrypted data search according to the first aspect of the present application, there is provided the eleventh method for encrypted data search according to the first aspect of the present application, wherein the random number is a pseudo random number or a constant.
According to one of the eighth to eleventh methods for searching encrypted data of the first aspect of the present application, there is provided the twelfth method for searching encrypted data of the first aspect of the present application, wherein the first key (Kp) is obtained by performing encryption processing on the left part (S) of the encrypted string using a first encryption algorithm (f); -encrypting the first key (Kp) and the left part (S) of the encrypted string with a second encryption algorithm (F) to obtain the second encrypted value (F (K, S)).
According to a twelfth method for encrypted data search according to the first aspect of the present application, there is provided a thirteenth method for encrypted data search according to the first aspect of the present application, further comprising: -pre-storing said second encryption algorithm (F); or receiving the second encryption algorithm (F) from the host for encryption processing.
According to one of the fifth to thirteenth methods for encrypted data search according to the first aspect of the present application, there is provided the fourteenth method for encrypted data search according to the first aspect of the present application, further comprising: responding to the ciphertext corresponding to the encrypted character string as the first ciphertext; and storing the first ciphertext and the first encryption keyword corresponding to the first ciphertext in the query history.
According to one of the first to fourteenth methods for encrypted data searching according to the first aspect of the present application, there is provided the fifteenth method for encrypted data searching according to the first aspect of the present application, further comprising: the first encrypted file is one or more encrypted files containing a first encryption key.
According to one of the first to fifteenth methods for encrypted data searching according to the first aspect of the present application, there is provided a sixteenth method for encrypted data searching according to the first aspect of the present application, further comprising: in response to receiving a second trapdoor, searching for a second ciphertext that matches the second trapdoor, wherein the second trapdoor includes a second encryption key; the second ciphertext is used for indexing second encrypted data corresponding to the second encrypted keyword; and determining a second encrypted file corresponding to the second trapdoor according to the second ciphertext, and providing the second encrypted file for the host.
A sixteenth method for encrypted data searching according to the first aspect of the present application provides the seventeenth method for encrypted data searching according to the first aspect of the present application, further comprising: the second encrypted file is identical or partially identical to the first encrypted file.
A sixteenth or seventeenth method for searching encrypted data according to the first aspect of the present application provides the eighteenth method for searching encrypted data according to the first aspect of the present application, further comprising: a plurality of different trapdoors are received and processed in parallel and a search operation is performed.
According to a second aspect of the present application, there is provided a first storage controller according to the second aspect of the present application, for implementing one of the methods for encrypted data searching described in the first to eighteenth aspects of the present application.
According to a first storage controller of a second aspect of the present application, there is provided a second storage controller according to the second aspect of the present application, the storage controller including a host command processing unit, a storage command processing unit, and an accelerator for implementing the method of encrypted data searching.
According to a third aspect of the present application, there is provided an accelerator according to the third aspect of the present application for use in a storage controller, the accelerator being for implementing one of the methods for encrypted data searching described in the first to eighteenth aspects of the present application.
According to a fourth aspect of the present application there is provided a first storage device according to the fourth aspect of the present application comprising a storage medium and one of the storage controllers of the second aspect of the present application.
According to a first storage device of a fourth aspect of the present application, there is provided a second storage device according to the fourth aspect of the present application, the storage device being a KV storage device.
Drawings
The above, as well as additional purposes, features, and advantages of exemplary embodiments of the present application will become readily apparent from the following detailed description when read in conjunction with the accompanying drawings. In the accompanying drawings, several embodiments of the present application are shown by way of example and not limitation, and identical or corresponding reference numerals indicate identical or corresponding parts (in the figures involving the steps, S indicates the steps), in which:
FIG. 1 is a block diagram of a prior art solid state storage device;
FIG. 2 is a schematic diagram of a searchable encryption method according to an embodiment of the present application;
FIG. 3 is a schematic diagram of an encryption storage method according to an embodiment of the present application;
FIG. 4 is a flow chart of a keyword encryption method according to an embodiment of the present application;
FIG. 5 is a flow chart of a method for encrypted data searching according to an embodiment of the present application;
FIG. 6 is a schematic diagram of trapdoor generation method according to an embodiment of the present application;
FIG. 7 is a schematic diagram of an encryption search method according to an embodiment of the present application;
fig. 8 is a schematic structural diagram of an encrypted string according to an embodiment of the present application;
FIG. 9 is a schematic diagram of a method of retrieving encrypted keywords according to an embodiment of the present application;
fig. 10 is a schematic diagram of a parallel processing manner according to an embodiment of the present application.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are some, but not all, of the embodiments of the present application. All other embodiments, which can be made by those skilled in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
Fig. 2 shows a schematic diagram of a searchable encryption method according to an embodiment of the present application. The storage device may be the storage device 102 shown in fig. 1 herein; steps 1 to 5 are main steps for realizing a searchable encryption method. Wherein steps 1, 3 and 5 are completed by the client. Step 2 and step 4 are accomplished by a storage device. The client and the storage device can be directly connected, for example, the client is deployed on a host, and the host is connected with the interface 103 of the storage device through a corresponding interface; the client and the storage device may also be connected via a network, for example, the client may be disposed on a network terminal, the network terminal may be communicatively connected to a server, and the server may be connected to the interface 103 of the storage device via a corresponding interface.
Step 1, a client encrypts keywords in a user file and the file to obtain an encrypted keyword and an encrypted file, and then provides the encrypted keyword and the encrypted file to a storage device.
And 2, the storage device receives the encryption key words and the encryption files and stores the encryption key words and the encryption files in a storage medium.
Step 3, the user queries by using the keywords, including: using secret keysTrapdoor T for generating query keywords W The client will trapdoor T W To the storage device.
The user in this step is a user with search capability, i.e. the user has mastered the key. The user uses the key to generate trapdoors, which contain the encryption key. Thus, trapdoors are encrypted; that is, in one case, the client is directly connected to the storage device, and the host cannot obtain the keyword information in the trapdoor; in another case, the client connects to the server through the network, the server stores data using the storage device, and the network and the server cannot acquire the keyword information in the trapdoor.
And 4, the storage device takes trapdoor as input, executes a search algorithm and returns an encrypted file containing keywords corresponding to the trapdoor. And the trapdoor contains the information of the encryption key words, and the corresponding encryption file can be obtained after search calculation.
And 5, the client acquires the returned encrypted file, decrypts the encrypted file by using the key to obtain a plaintext file, and then obtains a query result.
According to the method shown in fig. 2, the search computation is deployed inside the storage device, and the host (the server with the network interface is also regarded as the host) merely serves as a path between the user and the storage device, so that even if the user does not trust the host, the user can still use the host to achieve the intercommunication between the user and the storage device.
Since the existing symmetrical searchable encryption schemes are further classified into SWP scheme, Z-IDX scheme, SSE-1 scheme, etc., the method and operation procedure of performing encryption search by the storage device are different for different symmetrical searchable encryption schemes. The present application is primarily directed to symmetric searchable encryption schemes based on SWP schemes. For ease of understanding, the identification employed will be described first, prior to explaining the implementation of a searchable encryption scheme based on the SWP scheme. By way of example, the plaintext files include D1, D2, D3 … … Dn, the encrypted files obtained by encryption include File-1, file-2, file-3 … … File-n, the keywords include W1, W2, W3 … … Wn, the keywords of each File may be the same or different, and a File may have multiple keywords.
Di (i=1, 2,3 … … n) represents any one plaintext File, file-i (i=1, 2,3 … … n) represents a corresponding encrypted File, and Wi (i=1, 2,3 … … n) represents a corresponding keyword; e (K ', wi) (i=1, 2,3 … … n) represents a corresponding encryption key, where K' represents a password used for the encryption key, which is also abbreviated as E (Wi) hereinafter for the sake of clarity; ci (i=1, 2,3 … … n) represents ciphertext corresponding to an encryption key.
In the encryption storage process, since a plurality of files may exist, and a plurality of keywords may exist in each file, keywords related in the encryption storage process below are expressed by Wi with subscripts, encryption keywords are expressed by E (Wi) with serial numbers, the left part of the encryption keywords E (Wi) is Li, and the right part of the encryption keywords E (Wi) is Ri. For the searching process, since the keyword to be searched is uncertain, the keywords mentioned in the searching process are represented by W without serial numbers, and E (W) represents the corresponding encrypted keyword (such as the following first encrypted keyword), C represents the corresponding ciphertext (such as the following first ciphertext), and T W Representing a corresponding trapdoor (e.g., the first trapdoor below). The left part of the encryption key E (W) is L, and the right part is R.
Fig. 3 illustrates a schematic diagram of an encryption storage method based on SWP scheme according to an embodiment of the present application. Referring to fig. 3, first, the client extracts one or more keywords Wi in the plaintext file Di. At the client, for the plaintext file Di, the corresponding keyword Wi may be extracted. A plaintext file Di may have one keyword or a plurality of keywords. An example is given in table 1.
TABLE 1
| W1 | D1 |
| W3 | D1 |
| W4 | D1 |
| W5 | D1 |
| W2 | D2 |
| W100 | D2 |
| W150 | D2 |
| W200 | D3 |
As shown in table 1, table 1 includes two columns, the first column is a keyword, and the second column is a plaintext file. Wherein the first 4 lines represent that the keywords of the plaintext file D1 include W1, W3, W4 and W5; lines 5 to 7 show that the keywords of the plaintext file D2 include W2, W100, and W150; line 8 shows that the keywords of the plaintext file D3 include W200. That is, the plaintext file D1 and the plaintext file D2 have a plurality of keywords, and the plaintext file D3 has one keyword.
TABLE 2
| W6 | D4 |
| W7 | D4 |
| W8 | D4 |
| W8 | D5 |
| W9 | D5 |
Table 2 gives another example. As shown in table 2, wherein the first 3 lines represent keywords of the plaintext file D4 including W6, W7, and W8, and the second two lines represent keywords of the plaintext file D5 including W8 and W9. The plaintext file D4 and the plaintext file D5 have the same keyword W8, that is, the keywords corresponding to different plaintext files may be different, the same, or partially the same.
Further, after extracting the keyword Wi, the client encrypts the extracted keyword Wi; the encryption of the keyword Wi based on the SWP scheme employs a two-layer encryption scheme (first-layer encryption and second-layer encryption). Fig. 4 illustrates a flow chart of a keyword encryption method provided in the implementation of the present application. In fig. 4, for the first-layer encryption, each keyword Wi in the plaintext file Di is encrypted one by using a group key to obtain an encrypted keyword E (Wi) corresponding to each keyword Wi. As an example, the algorithm for encrypting the keyword Wi may be a hash encryption algorithm, and the encrypted keyword obtained by the hash encryption algorithm may be represented by E (K ', wi) in fig. 3, where K' is a corresponding hash password.
In fig. 4, the encryption key E (K ', wi) outputted by the first layer encryption is divided into a left portion Li and a right portion Ri, for example, the left portion Li occupies m consecutive bits, the right portion Ri occupies n-m consecutive bits, and the number of bits of the left portion Li and the right portion Ri may be unequal or equal, where m is a positive integer not less than 1, and n represents the total number of bits occupied by the key E (K', wi). In addition, for each keyword Wi, the client generates or acquires a corresponding random number Si, for example, si may be a pseudo random number (or may be a constant value). The number of bits of Si is equal to the number of bits of the left part Li of the encryption key, i.e., the number of bits of Si is m bits. Then, the left part Li is encrypted to obtain a key Ki, for example, li may be encrypted by a first pseudo-random function f, where the key corresponding to the first pseudo-random function f is K ", that is, ki=f (K", li), or may be abbreviated as ki=f (Li). And then encrypting the Ki and the Si to obtain F (Ki, si), wherein the number of bits of F (Ki, si) is equal to the number of bits of the right Ri of the encryption key word. That is, the encryption key E (Wi) is obtained by the first-layer encryption, and the encrypted character string < Si, F (Ki, si) > (denoted as si||f (Ki, si) in fig. 4, where "||" denotes that strings are connected together), the encrypted string < Si, F (Ki, si) >, is the second layer encryption result. In the second layer encryption process, F is a first pseudo-random function, and F is a second pseudo-random function; the process of encrypting Li to obtain Ki is referred to as a first encryption operation (corresponding to a first pseudo-random function F), and the process of encrypting Ki and Si to obtain F (Ki, si) is referred to as a second encryption operation (corresponding to a second pseudo-random function F). Thus, two strings are obtained: the encryption key < Li, ri > and its corresponding encryption string < Si, F (Ki, si) >. Wherein the number of bits of Li and Si are equal, the number of bits of Ri and F (Ki, si) are equal, and the number of bits of the encryption key < Li, ri > and the encryption string < Si, F (Ki, si) >. And carrying out exclusive OR on the encryption keyword and the encryption character string to obtain the ciphertext Ci corresponding to the keyword Wi.
In addition, in the process of encrypting and storing the plaintext File Di, the keyword Wi is encrypted to obtain the ciphertext Ci, and the plaintext File Di is also required to be encrypted to obtain the encrypted File-i. Referring to fig. 3, the client provides the obtained ciphertext Ci, and an encrypted File-i associated with the ciphertext Ci, to the server. The server stores the obtained ciphertext Ci and the encrypted File File-i in a storage device. For example, the ciphertext Ci and the encrypted File File-i may be stored in block storage.
For example, when storing an encrypted File, ciphertext Ci and File-i are stored in a memory (such as NVM chip or DRAM) of a storage device in a block storage manner, and since the ciphertext is obtained by xoring an encryption keyword and an encryption character string, the encrypted File-i corresponding to the encryption keyword E (Wi) can be indexed by the ciphertext Ci. That is, the ciphertext Ci is associated with the encryption keyword E (Wi), and the corresponding encryption keyword E (Wi) can be restored by the ciphertext Ci through a corresponding algorithm, and in addition, the corresponding encryption string can also be restored by the ciphertext Ci.
Fig. 5 shows a flowchart of a method for encrypted data search according to an embodiment of the present application, where the method includes step 41 and step 42, and step 41 and step 42 can be understood as specific steps of step 4 in fig. 2.
Step 41, in response to receiving the first trapdoor T W Searching for the first trapdoor T W A matched first ciphertext C, wherein the first trapdoor T W Includes a first encryption key E (K', W); the first ciphertext C is used for indexing a first encrypted file corresponding to the first encrypted keyword E (K', W);
and 42, determining a first encrypted file corresponding to the first trapdoor according to the first ciphertext, and providing the first encrypted file to a host.
By way of example, during a search, a client sends a first trapdoor T to a server W Wherein T is W = (E (K', W), k=f (K ", li), i.e. first trapdoor T W The first encryption key E (K', W) and the key k=f (K ", li) corresponding to the encryption key are included.
Fig. 6 illustrates a method of trapdoor generation. As shown in fig. 6, for example, if the user needs to search for the first keyword W, the first keyword W is input at the client, and then the first keyword W is encrypted (e.g., the first layer encryption shown in fig. 4) to obtain a first encrypted keyword E (K', W), where the left part of the encrypted keyword is L and the right part is R; the first encryption operation is performed on the left part L of the first encryption key to obtain a key k=f (K ", L), which is also abbreviated as k=f (L) hereinafter for the sake of simplicity. Closing the first encryption The key word E (K', W) and the key K form a first trapdoor T W 。
As shown in fig. 7, the server receives a first trapdoor T sent by the client W After that, the first trapdoor T W Forward to the storage device. The storage device performs some or all of steps 71 through 78 in accordance with the trapdoor. As an example, in the encryption search process, the storage device in the present application may store the search result (ciphertext C and encryption keyword E (W)) in the storage device after each search is completed, for example, the storage device is a KV storage device, so that the search result may be stored in the storage device in the form of a key value KV; the search results may not be stored.
For the case of storing the search results in the storage device, when performing the search, first performs step 71, using the first trapdoor T W If the first encrypted keyword E (W) is queried for the query history in the storage device, and if the first ciphertext C corresponding to the first encrypted keyword E (W) is queried from the query history, step 72 is executed, and the first encrypted File associated with the first ciphertext C is sent to the server. The server receives the first encrypted File and forwards it to the client.
In step 71, if the storage device stores the query history, during the searching process, the first trapdoor T is used for searching W Searching a query history, wherein the query history comprises searched encryption keywords and corresponding ciphertext thereof; and responding to the first ciphertext C queried in the query history, directly determining the first ciphertext C from the query history, and then finding a first encrypted File corresponding to the first encryption keyword E (W) according to the first ciphertext C.
By way of example, the query history described in step 71 may be<Key, key value>In KV storage, wherein the encryption key E (Wi) is used as a key and the ciphertext Ci is used as a key. In this embodiment, since the query history is stored in the storage device by the KV storage device, when the storage device receives the first trapdoor T W The storage device may then directly transfer the first trapdoor T W First encryption in (a)The keyword E (W) is used as a keyword to search a corresponding key value in the KV storage device, namely, the ciphertext corresponding to the encrypted keyword is searched in a key-value form, so that repeated comparison with the keyword ciphertext stored in the storage device is not needed, and the searching efficiency is improved. In other embodiments, the query history may also be stored in the form of a block store.
If the first ciphertext C is not queried in the query history, steps 73 to 76 are executed, the stored one or more ciphertexts Ci are read out from the memory, the stored one or more ciphertexts Ci are respectively processed according to the first encryption keyword E (W) to obtain an encryption string s||t corresponding to each ciphertext, and each encryption string s||t is verified to obtain the first ciphertext C.
By way of example, all ciphertext may be read in step 73; then, in step 74, each ciphertext Ci is separately associated with a first trapdoor T W Exclusive or is performed on the first encryption key E (W) in (b), thus, the encrypted character string S I T corresponding to each ciphertext Ci is obtained.
Since E (Wi) XOR si|f (Ki, si) =ci (see fig. 4), ci XOR E (Wi) can restore si|f (Ki, si) according to the nature of exclusive or. Thus, after retrieving the stored ciphertext(s) Ci from the storage device, the first trapdoors T are each opened W The first encryption key E (W) of (a) is xored with each ciphertext Ci, and obtaining an encryption character string S I T corresponding to each ciphertext Ci. From the above, it can be seen that the encryption string s||t corresponding to each encryption keyword E (Wi) is related to each encryption keyword itself, and the exclusive or result corresponding to the first ciphertext C matched with the first encryption keyword E (W) can necessarily recover the corresponding second-layer encryption result s||f (K, S) generated during encryption storage. That is, among the encrypted strings s||t corresponding to each ciphertext Ci obtained in the above steps, only the encrypted string s||t obtained by the exclusive or result corresponding to the first ciphertext C that is matched with the first encryption keyword E (W) can be identical to the second-layer encryption result s|f (K, S) corresponding to the first encryption keyword E (W).
In step 75, to verify each encrypted string S T, each encryption string s||t is calculated. Specifically, each encryption string includes a left portion S and a right portion T. Fig. 8 illustrates a schematic structure of an encrypted string according to an embodiment of the present application. In fig. 8, the left part S of the encrypted string s||t is a random number Si, and in the process of encryption storage, the encryption key E (Wi) corresponding to each encrypted string is divided into a left part Li and a right part Ri, the left part Li is encrypted to obtain a first key Kp, and the first key Kp and the random number are encrypted to obtain the right part T. It should be understood that, since the key corresponding to each encryption keyword is obtained by encrypting according to the left portion Li of each encryption keyword, the key corresponding to each encryption keyword is different, and for convenience of explanation, the key generated when the keyword is encrypted in the second layer in the encryption storage process is referred to as a first key Kp, and the key generated in the search process is referred to as a second key Kq.
In step 76, for each encrypted string s||t, the right portion T is encrypted according to the first key Kp and the random number during the encryption storage process, and the left portion S of the encrypted string is further represented as the random number, so during the search process, the second key Kq may be generated according to the first encryption key E (W), the second key Kq and the left portion S of the encrypted string may be subjected to the encryption operation to generate the second encryption value F (K, S), and when the second key Kq is identical to the first key Kp for generating the right portion T of the encrypted string, that is, the first encryption key E (W) is identical to the encryption key for generating the encrypted string s||t, the second encryption value F (K, S) is matched with the right portion T of the encrypted string s||t.
Specifically, for each encrypted string s||t, the right portion T thereof is matched with the calculated second encrypted value F (K, S) in such a manner that: for each encryption character string S I T, judging whether the right part T of the encryption character string is identical to the second encryption value F (K, S), if so, determining that the matching is successful; if the two types of the substrates are not identical, the encrypted string s||t corresponding to the next ciphertext Ci is continuously detected.
Fig. 9 shows a schematic diagram of a search method according to an embodiment of the present application. As shown in fig. 9, for each ciphertext Ci, the encryption string s|t is subjected to encryption calculation (k=f (S)) on the right portion S thereof to obtain a second encryption value F (K, S), then the second encryption value F (K, S) is compared with the right portion T of the encryption string s|t, and if the two encryption values F (K, S) calculated from the left portion S of the encryption string s|t are equal to the right portion T thereof, according to the SWP scheme, it is explained that the ciphertext Ci corresponding to the encryption string s|t is the first ciphertext C to be searched.
In response to the first ciphertext C being searched, step 77 is performed, wherein the searched first ciphertext C is provided to the server and forwarded by the server to the client. In other embodiments, the first ciphertext C and the corresponding first encrypted File may be provided directly to the server, and then forwarded to the client by the server. It should be noted that, since one keyword may correspond to a plurality of plaintext files, the first encrypted File corresponding to the first ciphertext C may be one encrypted File associated with the keyword, or may be a plurality of encrypted files associated with the keyword.
Finally, step 78 is executed, where the first ciphertext C obtained by the current search and the corresponding first encryption keyword E (W) are stored in the query history, for example, may be stored in a KV storage device. In the next search, if the encrypted keyword E (W) is still searched, the query history is searched according to step 71, and the corresponding first ciphertext can be directly obtained, so that the processes from step 73 to step 77 do not need to be executed again.
In addition, as an example, when the memory does not store the search result, the storage device does not perform steps 71 and 72, directly performs steps 73 to 76 to search for the first ciphertext C corresponding to the first encryption keyword E (W), determines the first encrypted File according to the first ciphertext C, and directly transmits the first encrypted File to the server after finding the first encrypted File, without performing steps 77 and 78. Specifically, steps 73 to 76 are referred to above, and are not described herein.
In step 73, all the ciphertexts Ci stored can be read out all at once, and Ci XOR E (W) is calculated one by one. Considering that the number of stored ciphertexts Ci may be large, the ciphertexts Ci may also be read in batches, each time by a predetermined number, for example, 100 ciphertexts Ci each time, and then the corresponding encryption string is calculated; further, the operations of steps 75 to 77 are performed on a predetermined number of encrypted character strings to verify whether or not there is the first ciphertext C to be searched among the ciphertext Ci read this time. If the ciphertext Ci data is stored in a large size, this approach is generally effective to reduce the overhead of data reading and the computational effort of step 74.
Further, to reduce overhead, the scope of the search may also be determined according to the user. For example, user 1 uses disk 1 and disk 2 (e.g., disks may be divided in a namespace manner) divided by a storage device to store data, with corresponding ciphertext including C1-C1000, and user 2 uses disk 3 and disk 4 data divided by a storage device, with corresponding ciphertext including C2000-C3000. Therefore, after receiving the trapdoor of the user 1, the user can search only among the ciphertext C1 to C1000 associated with the data stored in the disk 1 and the disk 2; after receiving the trapdoor of the user 2, the user can only search in the ciphertext C2000-C3000 associated with the data stored in the disk 3 and the disk 4, thereby improving the searching efficiency.
In the above embodiment, the trapdoor transmitted by the user contains the second key Kq. Where the second key kq=f (L), and L is the left part of the first encryption key E (W). Thus, in other embodiments, the storage device may also be caused to store in advance a first pseudo-random function f for calculating the second key Kq, and the storage device may calculate the second key Kq using the first pseudo-random function f.
Further, each user may have its own first pseudo-random function f, and the storage device may store the first pseudo-random function f for each user for use in step 75. For example, user 1 uses a first pseudo-random function f1, and user 2 uses a first pseudo-random function f2; when the user 1 searches, the storage device calculates a corresponding second key by using the corresponding first pseudo-random function f1, and when the user 2 searches, the storage device calculates a corresponding second key by using the corresponding first pseudo-random function f 2.
In one embodiment, the storage device may also receive a second trapdoor associated with the second search request after processing the first search request associated with the first trapdoor, where the storage device may respond to the second trapdoor in a manner such as steps 71 through 78 of fig. 7. In another embodiment, if the storage device also receives a second trapdoor or even a third trapdoor in response to the first trapdoor, then multiple different trapdoors need to be received and processed in parallel and a search operation performed.
In the above embodiments, the storage device stores the query history, and in other embodiments, the storage device may not store the query history. In the case where the query history is not stored, step 71 and step 72 in fig. 7 may be omitted.
It should be noted that, the application scenarios described above are: the client is connected with the server through a network, and the server stores data by using the storage device. In another application scenario, for example, in the case that the host is directly connected to the storage device, the trapdoor generated by the client may be directly sent to the storage device, and the storage device directly returns the ciphertext and the encrypted file to the client, which is equivalent to omitting the server, and the encryption storage and encryption search methods in the storage device are unchanged, so that the description is omitted.
According to another aspect of the present application, there is also provided a memory controller which may employ the control unit shown in fig. 1. In a preferred embodiment, the memory controller comprises, in addition to the host command processing unit and the memory command processing unit, an accelerator for implementing the method steps 71 to 78 described in fig. 7.
FIG. 10 illustrates a parallel processing of various components in a memory controller. Wherein a first memory for storing data in the form of key KV, a second memory for storing data in the form of block memory, an accelerator and a host interface are involved in the storage device; the first memory is used for storing inquiry history, and the inquiry history comprises inquired encryption keywords and corresponding ciphertext; the second memory is used for storing all ciphertext and encrypted files; the accelerator is used for reading the inquiry history from the first memory, reading the ciphertext from the second memory, and calculating and verifying the ciphertext; the host interface is used for acquiring trapdoors from the host and returning ciphertext and encrypted files corresponding to the trapdoors. Wherein T0 to T5 represent a plurality of duty cycles in succession.
As shown in fig. 10, in the T0 working period, the first memory and the second memory have no task to process, and are in a waiting state; the accelerator is also free of tasks to process and is in an idle state. The host interface receives the first trapdoor, which is denoted herein as T for ease of resolution W1 。
In response to receiving the first trapdoor T during the T1 duty cycle W1 The first memory is based on a first trapdoor T W1 Search query history. At this time, the second memory has no task to be processed yet, and is in a waiting state. The accelerator is also free of tasks to process and is in an idle state. The host interface then receives the second trapdoor and the third trapdoor again, the second trapdoor being denoted herein as T for ease of distinction W2 The third trapdoor is marked as T W3 . During the working period T1, for the first trapdoor T W1 And a new trapdoor is received, so that different trapdoors are processed in parallel.
In the T2 working period, the first memory is used for storing the first trap door T W1 The operation of searching the history of queries has ended and begins according to the second trapdoor T W2 And a third trapdoor T W3 Search query history. Meanwhile, since the first trapdoor T is not searched in the query history W1 Requesting to access a second memory, and reading ciphertext by the second memory; the accelerator calculates the read ciphertext, calculates an encrypted character string, and verifies the encrypted character string to find a first trapdoor T W1 Corresponding ciphertext C1. The host interface has no task to process and is in a waiting state.
In the T3 working period, the first memory is controlled according to the second trapdoor T W2 And a third trapdoor T W3 The operation of searching the history of queries has ended and the first memory is in a waiting state. By way of example, the results of the search are: inquiring the third trapdoor T W3 Corresponding ciphertext C3 without querying the second trapdoor T W2 The corresponding ciphertext C2. At this time request for accessA second memory for reading the ciphertext, and an accelerator for starting calculation and verification of the read ciphertext to find the second trapdoor T W2 The corresponding ciphertext C2. By way of example, the accelerator has found a first trapdoor T based on the calculation and verification of the accelerator's operation at the T2 duty cycle W1 The ciphertext C1 that matches, and therefore, the host interface may return the ciphertext C1 to the host. In addition, according to the search result of the KV storage device, a third trapdoor T W3 The corresponding ciphertext C3 has also been found, so that the ciphertext C3 is also waiting to be returned to the host, and since the host interface is processing the ciphertext C1, the processing of the ciphertext C3 is delayed and will be processed in the subsequent duty cycle.
In the T4 working period, the first memory has no task to process and is in a waiting state. Meanwhile, the second memory is in a waiting state after the task of reading the ciphertext has been completed. By way of example, the accelerator calculates and validates to find a second trapdoor T W2 The operation of the corresponding ciphertext C2 is still continued. The host interface returns to the first trapdoor T after completion of W1 After the corresponding task of ciphertext C1, the third trapdoor T starts to return W3 Corresponding ciphertext C3.
In the T5 working period, the first memory and the second memory have no task to be processed, and are in a waiting state. By way of example, the accelerator has been completed for the second trapdoor T W2 And find the second trapdoor T W2 The corresponding ciphertext C2 is therefore in an idle state. The host interface returns to the third trapdoor T after completion of W3 After the corresponding ciphertext C3 is subjected to the task, a second trapdoor T W2 The corresponding ciphertext C2 is returned to the host.
As can be appreciated from the example shown in FIG. 10, the first memory, the second memory, the accelerator, and the host interface can operate in parallel in response to a search task from the host. It should be noted that, the accelerator in the embodiments of the present application may be implemented by hardware, for example, the accelerator is a hardware circuit that implements related computing and verification operations; it may also be implemented in software, for example, the accelerator being a processing chip running a computer program.
According to yet another aspect of the present application, there is also provided an accelerator for implementing the method steps 71 to 78 described in fig. 7. The accelerator has been described in detail above, and thus will not be described in detail.
According to yet another aspect of the present application, there is also provided a storage device, the structure of which can be seen in fig. 1. In one embodiment, a storage device includes an interface, a storage medium, and a storage controller, which may include a memory to store data in block storage. In another embodiment, the storage device is a KV storage device, that is, the storage device has a memory for storing data in a block storage manner, and also has a memory for storing data in a key value KV manner, where the KV storage device is configured to store the query history described in the foregoing method embodiment, and store the encrypted keyword and the corresponding ciphertext in a form of < key, key value (value) >, for example, store the encrypted keyword E (Wi) as a keyword, and store the ciphertext Ci as a key value, so that the characteristics of fast query speed, large data storage amount, and support for high concurrence of the KV storage device are utilized, and the searching efficiency is improved.
It should be understood that when the terms "first," "second," "third," and "fourth," etc. are used in the claims, the specification and the drawings of this application, they are used merely to distinguish between different objects and not to describe a particular sequence. The terms "comprises" and "comprising," when used in the specification and claims of this application, specify the presence of stated features, integers, steps, operations, elements, and/or components, but do not preclude the presence or addition of one or more other features, integers, steps, operations, elements, components, and/or groups thereof.
It is also to be understood that the terminology used in the description of the present application is for the purpose of describing particular embodiments only, and is not intended to be limiting of the application. As used in the specification and claims of this application, the singular forms "a", "an" and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should be further understood that the term "and/or" as used in the present specification and claims refers to any and all possible combinations of one or more of the associated listed items, and includes such combinations.
As used in this specification and the claims, the term "if" may be interpreted as "when..once" or "in response to a determination" or "in response to detection" depending on the context. Similarly, the phrase "if a determination" or "if a [ described condition or event ] is detected" may be interpreted in the context of meaning "upon determination" or "in response to determination" or "upon detection of a [ described condition or event ]" or "in response to detection of a [ described condition or event ]".
Although the embodiments of the present application are described above, the content is only an example adopted for understanding the present application, and is not intended to limit the scope and application scenario of the present application. Any person skilled in the art can make any modifications and variations in form and detail without departing from the spirit and scope of the disclosure, but the scope of the disclosure is still subject to the scope of the claims.
Claims (10)
1. A method for searching encrypted data, applied to a storage device, characterized in that,
in response to receiving the first trapdoor (T W ) Searching for a first ciphertext (C) that matches the first trapdoor, wherein the first trapdoor (T W ) Including a first encryption key (E (W)); the first ciphertext is used for indexing a first encrypted file corresponding to the first encrypted keyword (E (W));
determining the first trapdoor (T) based on the first ciphertext W ) And providing the corresponding first encrypted file for the host.
2. The method of claim 1, wherein searching for a first ciphertext that matches the first trapdoor comprises:
searching a query history according to the first trapdoor in response to the stored query history, wherein the query history comprises searched encryption keywords and corresponding ciphertext;
in response to querying the first ciphertext in the query history, determining the first ciphertext from the query history.
3. The method of claim 2, wherein the storage device is a KV storage device;
according to the first trapdoor search query history, comprising:
And responding to the query history, storing the query history in the KV storage device in the form of < key words, key values > and querying a first ciphertext corresponding to the first encryption key words from the KV storage device.
4. The method of claim 2, wherein searching for a first ciphertext that matches the first trapdoor comprises:
and in response to the fact that the query history is not stored or the first ciphertext is not queried in the query history, respectively processing the stored one or more ciphertexts (C0-Cn) according to the first encryption keyword (E (W)) to obtain an encryption character string (S||T) corresponding to each ciphertext, and verifying each encryption character string to obtain the first ciphertext (C).
5. The method according to claim 4, wherein processing the stored one or more ciphertexts (C0 to Cn) according to the first encryption key (E (W)) to obtain an encryption string corresponding to each ciphertext, respectively, comprises:
and performing exclusive or operation on the first encryption keyword (E (W)) and one or more stored ciphertexts (C0-Cn) respectively to obtain an encryption character string corresponding to each ciphertexts, wherein the ciphertexts are obtained by exclusive or operation on the encryption keyword and the encryption character string.
6. The method of claim 4, wherein the step of determining the position of the first electrode is performed,
each encryption character string comprises a left part (S) and a right part (T), wherein the left part (S) of the encryption character string is a random number; in the encryption storage process, an encryption keyword E (Wi) corresponding to each encryption character string is divided into a left part (Li) and a right part (Ri), the left part (Li) of the encryption keyword is encrypted to obtain a first key (Kp), and the first key (Kp) and the random number are encrypted to obtain a right part (T) of the encryption character string.
7. The method according to claim 6, wherein verifying each encrypted string to obtain the first ciphertext (Ci) comprises:
encrypting a second key (Kq) with a left part (S) of the encrypted character string to obtain a second encrypted value (F (K, S)), wherein the second key (Kq) is the character string obtained by encrypting a left part (L) of the first encrypted keyword; wherein the second key (Kq) is calculated by the client according to the first encryption keyword; or alternatively
-pre-storing an algorithm (f) for encrypting the left part (L) of the first encryption key, calculating the second key (Kq) according to said algorithm;
Matching the second encrypted value F (K, S) with the right portion (T) of its corresponding encrypted string, determining that the encrypted string is verified as passing in response to a successful match, and
and taking the ciphertext corresponding to the encrypted character string as the first ciphertext.
8. The method according to any one of claims 4 to 7, further comprising:
responding to the ciphertext corresponding to the encrypted character string as the first ciphertext;
and storing the first ciphertext and the first encryption keyword corresponding to the first ciphertext in the query history.
9. The method as recited in claim 8, further comprising: a plurality of different trapdoors are received and processed in parallel and a search operation is performed.
10. A storage controller for implementing the method for encrypted data searching of any one of claims 1 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111617147.1A CN116361842A (en) | 2021-12-27 | 2021-12-27 | Method for searching encrypted data and storage controller |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111617147.1A CN116361842A (en) | 2021-12-27 | 2021-12-27 | Method for searching encrypted data and storage controller |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116361842A true CN116361842A (en) | 2023-06-30 |
Family
ID=86922241
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111617147.1A Pending CN116361842A (en) | 2021-12-27 | 2021-12-27 | Method for searching encrypted data and storage controller |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116361842A (en) |
-
2021
- 2021-12-27 CN CN202111617147.1A patent/CN116361842A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11153094B2 (en) | Secure data deduplication with smaller hash values | |
| US9438412B2 (en) | Computer-implemented system and method for multi-party data function computing using discriminative dimensionality-reducing mappings | |
| US9904793B2 (en) | Systems, methods, and apparatus to provide private information retrieval | |
| US8898536B2 (en) | Multi-core engine for detecting bit errors | |
| WO2021068726A1 (en) | Method and device for storing and searching for transaction hash value in blockchain | |
| CN109522328B (en) | Data processing method and device, medium and terminal thereof | |
| US8826023B1 (en) | System and method for securing access to hash-based storage systems | |
| CN111131130B (en) | Key management method and system | |
| CN112887077B (en) | SSD main control chip random cache confidentiality method and circuit | |
| CN112685753B (en) | Method and equipment for storing encrypted data | |
| CN113157778B (en) | Proxiable query method, system, device and medium for distributed data warehouse | |
| US20220247731A1 (en) | Secure communication between an intermediary device and a network | |
| US9218296B2 (en) | Low-latency, low-overhead hybrid encryption scheme | |
| US10642786B2 (en) | Security via data concealment using integrated circuits | |
| CN116361842A (en) | Method for searching encrypted data and storage controller | |
| CN113721838B (en) | Write, read data method for memory device, memory controller, and DMA engine | |
| CN116192395A (en) | Trusted system for distributed data storage | |
| JP6672451B2 (en) | Encrypted search index merge server, encrypted search index merge system, and encrypted search index merge method | |
| US11595190B2 (en) | Encrypted data storage system | |
| CN113839773A (en) | LUKS key offline extraction method, terminal equipment and storage medium | |
| CN116415287A (en) | Method for searching encrypted data and storage controller | |
| CN116415311A (en) | Method for storing and searching encrypted data and storage controller | |
| CN111190844A (en) | Protocol conversion method and electronic equipment | |
| US10936757B2 (en) | Registration destination determination device, searchable encryption system, destination determination method, and computer readable medium | |
| CN110659472A (en) | Password card and data storage system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |