CN116566644A - Searchable encryption method based on pseudo-random function and blockchain intelligent contract - Google Patents
Searchable encryption method based on pseudo-random function and blockchain intelligent contract Download PDFInfo
- Publication number
- CN116566644A CN116566644A CN202310305454.9A CN202310305454A CN116566644A CN 116566644 A CN116566644 A CN 116566644A CN 202310305454 A CN202310305454 A CN 202310305454A CN 116566644 A CN116566644 A CN 116566644A
- Authority
- CN
- China
- Prior art keywords
- data
- file
- search
- token
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 38
- 238000007781 pre-processing Methods 0.000 claims abstract description 6
- 238000012360 testing method Methods 0.000 claims description 39
- 238000012795 verification Methods 0.000 claims description 15
- 238000010276 construction Methods 0.000 claims description 3
- 239000000284 extract Substances 0.000 claims description 3
- 238000000605 extraction Methods 0.000 claims description 3
- 238000012545 processing Methods 0.000 abstract description 3
- 238000005516 engineering process Methods 0.000 description 3
- 238000012163 sequencing technique Methods 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000035945 sensitivity Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013500 data storage Methods 0.000 description 1
- 238000012217 deletion Methods 0.000 description 1
- 230000037430 deletion Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000001960 triggered effect Effects 0.000 description 1
- 238000011144 upstream manufacturing Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/321—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority
- H04L9/3213—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving a third party or a trusted authority using tickets or tokens, e.g. Kerberos
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides a searchable encryption method based on a pseudo-random function and an intelligent contract, which relates to the technical field of network information security, and mainly comprises two parts, namely a data owner: preprocessing a file to be stored, generating encrypted file data and sending the encrypted file data to a blockchain intelligent contract; blockchain intelligence contracts: and receiving the preprocessed data sent by the data holder, processing the data according to the scheme described in the specification, and storing the encrypted file index data in the blockchain so as to facilitate subsequent query and other operations. The invention encrypts the key words and the file indexes in the file and stores the encrypted key words and the file indexes in the blockchain, and the data user subjected to identity authentication can search the required file position by adopting the scheme. The malicious cloud server problem which is difficult to solve by the traditional scheme is solved, and the safety of the searching process and the correctness of the ciphertext searching result are ensured.
Description
Technical Field
The invention belongs to the technical field of network information security, and particularly relates to a searchable encryption method based on a pseudo-random function and a blockchain intelligent contract.
Background
In the information age today, cloud technology is widely focused and developed as an important technology, and cloud storage service is also valued and researched as a core application technology. Cloud storage services may be widely used to provide convenient and flexible additional storage space for individuals or businesses. However, under the condition of big data tide, the disclosure of data privacy brings great trouble to people, and the data privacy and security requirements cannot be met obviously in a plaintext storage mode. In fact, in recent years, due to hacking, an event layer in which an internal person leaks or privately buys and sells a user database comes out, and ensuring the data privacy security of a cloud storage service is an urgent need. On the other hand, if the user uploads the stored file to the cloud server in a conventionally encrypted form, there is a problem: for safety, only the data user has the key, if the user wants to search the file containing a certain key, the user can only download all the files from the server, and the efficiency is extremely low. Therefore, in order to realize the retrieval function of the encrypted file, a searchable encryption technique has been developed.
Existing searchable encryption techniques have achieved a number of research efforts, such as: public key searchable encryption techniques, searchable encryption techniques that support multiple keys, and the like. After the appearance of blockchains, it follows how conventional data storage and sharing is migrated to a decentralized storage system. The prior art can lead to expansion of blockchain along with mass storage of data, cannot realize fine-grained access control on the data, and does not provide an updating function of an index, and the generation of a new keyword set or the deletion of an existing keyword in searchable encryption are necessary. In addition, the access rights of the data requesters are not considered at the same time when the search function is performed, and the degree of sensitivity of the files is different. Therefore, in addition to the authentication of the data requester in the initial stage of the system, the authority of the requester needs to be considered in the searching stage.
Disclosure of Invention
In view of the above-mentioned drawbacks of the prior art, an object of the present invention is to provide a searchable encryption method and system based on a pseudo-random function and a blockchain intelligent contract, which preprocesses a file to be stored and generates an encrypted file to be sent to the blockchain intelligent contract, and simultaneously stores the encrypted file index data in the blockchain for subsequent operations such as query.
In order to achieve the above object, the present invention provides a searchable encryption method based on a pseudo-random function and an intelligent contract, which is characterized in that the method comprises:
s101, initializing a system, wherein a data owner randomly selects a security parameter p, simultaneously selects two pseudo-random functions, then generates a key group by the data owner, shares a part of keys as a first key group to a data user, and shares the rest keys as a second key group to a data searcher;
s102, keyword extraction and encryption sorting, wherein a data owner extracts a keyword set W based on a plaintext document, adopts an inverted sorting index data structure to realize multi-keyword sorting search, marks a file containing the keyword set W as F (W), andand weights the files in the file F (W) of the keyword set W>Sequencing;
s103, constructing an encryption index, wherein the data owner constructs the encryption index containing verification data based on the second key group K2 according to the index ordering mode of the S102;
s104, generating a search token, and generating a search token token= ((G) by the data user based on the search keyword 1 (W)),(G 1 (W||0)),(G 1 (W1)) the data user uploads the search token to a blockchain for searching by the data searcher;
s105, matching search, the data searcher searches ciphertext based on the second key group K2 and the search token, and executes search (EnIndex, token) to (EnW, F) k (W)) after the data searcher receives the search token, firstly verifying whether the data user is an authorized user, and if the data user is authorized, issuing an Ethernet event by the data searcher to inform the cloud platform to execute search operation;
s106, verifying the search result, the data searcher executes Verify (T (G) 1 (W)).test,token,F k (W))→1/0;
S107, decrypt the ciphertext, and based on the first key set K1 and the retrieved ciphertext EnW, decrypt to obtain a plaintext file c=w.dec (K1, enW).
Further, the two pseudo-random functions are G 1 :{0,1} P ×{0,1} * →{0,1} d And G 2 :{0,1} P ×{0,1} * →{0,1} 1 Where d is the length of the document markup and 1 is the output of the G2 function.
Further, the encryption index includes a search table T and encrypted file tags.
Further, the search table T is a key-value pair < key, value > structure, where the key field key includes the output of the pseudo-random function G1, the value field includes a binary group < value, test >, where the value stores the encrypted address of the file tag array, and the test field stores the verification result based on the multi-key search result, for verifying the integrity and correctness of the data.
Further, the encryption index construction of step S103 specifically includes:
first, the data owner is G of each keyword set W after being ordered 1 (W) setting values of its tuples;
second, set the value field toRepresented as
Third, the test field is set to G 2 (G 1 (W)||F 1 (W)...F K (W)), denoted as T (G) 1 (W)).test=G 2 (G 1 (W)||F 1 (W)...F K (W)). Wherein F is K (W) represents the top k tags of the file with the highest weight, where address (F (W)) is represented as pointing to the file tag setAddress of (a); if the number of files containing the keyword set W is beta < k, setting the test field of G1 to G 2 (G 1 (W)||F 1 (W)||F 2 (W)...||F β (W)), and F k (W)=(F 1 (W),...,F β (W)), while setting F K (W);
Fourth step, F K The file mark in (W) is encrypted asThe data owner uses a first key group K1 and a symmetric encryption algorithm w= (w.enc, w.Dec) to carry out symmetric encryption on a plaintext document C to generate a ciphertext EnW;
fifth, the data owner sets the encryption index to enindex= (T, enf), and finally outsources (EnIndex, enW) to the cloud platform.
Further, the matching search of step S105 specifically includes:
the method comprises the steps that firstly, a cloud platform captures an event issued by a data searcher, and analyzes the event into tuples (G1 (W), G1 (W|0) and G1 (W|1)) to execute a search operation;
second, in the search table, the third party cloud platform uses G 1 (W) find T (G) 1 (W)). Value and T (G) 1 (W)). TestThen for each Fj (W) ∈Fk (W);
third step, cloud platform computingRestoring the file mark F encrypted via the second key set j (W) thereafter decrypting the file mark using a symmetric key algorithm;
fourth step, the cloud platform sends F K (W) and T (G) 1 (W)) test to authenticate to the data searcher.
Further, the verification search result of step S106 specifically includes:
the data of the certification received by the cloud platform is T (G) 1 (W)). Test, data searcher recalculates (T (G) 1 (W)).test)`=G 2 (G 1 (W)||F 1 (W)||F 2 (W),......,F k (W)) verification (T (G) 1 (W)).test)=(T(G 1 (W)). Test)' if so, then the data searcher is informed that the correct result is searched by matching, and then the correct file mark F is used j (W) retrieving the encrypted file EnW and returning to the data user.
Further, the data owner is used for preprocessing the file to be stored and generating encrypted file data to be sent to the blockchain intelligent contract.
Further, the blockchain smart contract is configured to receive the preprocessed data sent by the data holder, process the data according to a scheme described in the specification, and store the encrypted file index data in the blockchain.
It is another object of the present invention to provide a searchable encryption system of a searchable encryption method based on a pseudo-random function and a smart contract, the searchable encryption system comprising:
the data owner is used for randomly selecting the security parameter p and selecting two pseudo-random functions, generating a key group, sharing a part of keys as a first key group to a data user, and sharing the rest keys as a second key group to a data searcher;
a data searcher for extracting the keyword set W and collectingMultiple keyword ranking search using an inverted ranking index data structure, a file containing a set of keywords W is labeled F (W), andand weights the files in the file F (W) of the keyword set W>Ordering, and constructing an encryption index containing verification data;
data user for generating search token= ((G) 1 (W)),(G 1 (W||0)),(G 1 (w||1)), uploading the search token to a blockchain, searching by the data searcher, and decrypting based on the first key set K1 and the retrieved ciphertext EnW to obtain a plaintext file c=w.dec (K1, enW);
a data searcher for searching ciphertext and executing search (EnIndex, token) → (EnW, F) k (W)) and after receiving the search token, verifies whether the data user is an authorized user, and executes Verify (T (G) 1 (W)).test,token,F k (W)). Fwdarw.1/0, and the search result is verified.
The beneficial technical effects of the invention are at least as follows:
(1) And the data resource is efficiently protected: the invention can protect the data file which the data holder wants to protect, the real data file is stored under the chain, the encrypted data file related to the real data is stored on the blockchain, and the user authenticated by the blockchain authentication system can execute the corresponding searching function only to find the file position, the storage of the data is separated from the authentication of the visitor identity and the searching of the encrypted data, thereby greatly protecting the safety of the data resource.
(2) Fine granularity access control of data access and search is realized: when the data user executes the searching function, the identity information of the data visitor is verified by the pre-designed access control system, after the authentication is passed, the searching contract is triggered, namely the data searcher in the scheme is used for assisting in searching, the data user only provides the searching token and does not need to know other more information, the data user finishes the under-body searching function, the data access safety is protected to a great extent, and the finer-granularity access control on the data resource is realized.
Drawings
FIG. 1 is a schematic diagram of a searchable encryption methodology in accordance with the present invention based on a pseudo-random function and blockchain intelligence contract;
FIG. 2 is a schematic diagram of an embodiment of a blockchain-based data controlled access method of the present invention.
Detailed Description
The following examples of the present invention are described in detail, and are given by way of illustration of the present invention, but the scope of the present invention is not limited to the following examples.
The invention discloses a searchable encryption method based on a pseudo-random function and a blockchain intelligent contract keyword set, which comprises the following steps of: preprocessing a file to be stored, generating encrypted file data and sending the encrypted file data to a blockchain intelligent contract; blockchain intelligence contracts: and receiving the preprocessed data sent by the data holder, processing the data, and storing the encrypted file index data in the blockchain so as to facilitate subsequent inquiry and other operations. The invention can encrypt the key words and the file indexes in the file and store the encrypted key words and the encrypted file indexes in the block chain.
The searchable encryption method based on the pseudo-random function and the blockchain intelligent contract keyword set is specifically introduced as follows, and the scheme mainly comprises two parts, namely a data owner: preprocessing a file to be stored, generating encrypted file data and sending the encrypted file data to a blockchain intelligent contract; blockchain intelligence contracts: and receiving the preprocessed data sent by the data holder, processing the data according to the scheme described in the specification, and storing the encrypted file index data in the blockchain so as to facilitate subsequent query and other operations.
The principle of application of the invention is described in detail below with reference to the accompanying drawings.
Example 1
As shown in fig. 1, the invention discloses a searchable encryption method based on a pseudo-random function and a blockchain intelligent contract keyword set, which comprises the following specific steps:
(1) System initialization phase: the data owner randomly selects the security parameter p, and simultaneously selects two pseudo-random functions as G respectively 1 :{0,1} P ×{0,1} * →{0,1} d And G 2 :{0,1} P ×{0,1} * →{0,1} 1 Where d is the length of the document markup and 1 is the output of the G2 function. Generating a key group by a data owner, sharing a part of keys as a first key group to a data user, and sharing the rest keys as a second key group to a data searcher;
(2) Keyword extraction and encryption sequencing: the data owner extracts a keyword set W based on a plaintext document, adopts an inverted sequence index data structure to realize multi-keyword sequence search, and marks files containing the keyword set W as filesAnd weighting the files in F (W)>Sequencing;
(3) Encryption index construction: according to the above index ordering scheme, the data owner constructs an encrypted index containing authentication data based on the second key set K2. Wherein the composition of the encryption index comprises a search table T and related encryption file marks, and the search table T is a key value pair < key, value>The key field key contains the output of the pseudo-random function G1, and the value field contains a binary group < value, test>Wherein value stores the encryption address of the file tag array; the test field stores verification results based on multi-keyword search results for verifying the integrity and correctness of the data. The data owner is G of each keyword set W after sorting 1 (W) setting the value of its tuple, setting the value field toRepresented asSetting the test field to G 2 (G 1 (W)||F 1 (W)...F K (W)), denoted as T (G) 1 (W)).test=G 2 (G 1 (W)||F 1 (W)...F K (W)). Wherein F is K (W) represents the top k tags of the file with the highest weight, where address (F (W)) is represented as pointing to the file tag setAddress of (a); if the number of files containing the keyword set W is beta < k, setting the test field of G1 to G 2 (G 1 (W)||F 1 (W)||F 2 (W)...||F β (W)), and F k (W)=(F 1 (W),...,F β (W)), while setting F K (W)。F K The file mark in (W) is encrypted asThe data owner symmetrically encrypts the plaintext document C using the first key set K1 and a symmetric encryption algorithm w= (w, enc, w.dec) to generate the ciphertext EnW. The data owner sets the encryption index to EnIndex= (T, enf), and finally outsources (EnIndex, enW) to the cloud platform;
(4) Generating a search token (building trapdoors): data user generates search token token= ((G) based on search keyword 1 (W)),(G 1 (W||0)),(G 1 (W1)) the data user uploads the search token to the blockchain, and searches by designating a data searcher;
(5) Match search, the data searcher searches ciphertext based on the second key group K2 and the search token, and performs search (EnIndex, token) → (EnW, F) k (W)); after receiving the search token, the data searcher firstly verifies whether the data user is an authorized user; if the data user is authorized, the data searcher issues an Ethernet event to inform the cloud platform to execute searching operation. The cloud platform captures the event issued by the data searcher, parses the event into tuples (G1 (W),g1 (w||0), G1 (w||1)) to perform a search operation. In the search table, the third party cloud platform uses G 1 (W) find T (G) 1 (W)). Value and T (G) 1 (W)). Test, then for each Fj (W) ∈Fk (W), the cloud platform calculatesRestoring the file mark F encrypted via the second key set j (W) then decrypting the file mark using a symmetric key algorithm. Finally, the cloud platform sends F K (W) and T (G) 1 (W)) test to authenticate to the data searcher;
(6) Verifying search results: the data searcher executes Verify (T (G) 1 (W)).test,token,F k (W)). Fwdarw.1/0, at this time, it is assumed that the certification data received by the cloud platform is T (G) 1 (W)). Test, data searcher recalculates (T (G) 1 (W)).test)`=G 2 (G 1 (W)||F 1 (W)||F 2 (W),......,F k (W)) verification (T (G) 1 (W)).test)=(T(G 1 (W)). Test)' if so, then the data searcher is informed that the correct result is searched by matching, and then the correct file mark F is used j (W) retrieving the encrypted file EnW for return to the data user;
(7) And decrypting the ciphertext, wherein the data user decrypts the ciphertext to obtain a plaintext file C=w.Dec (K1, enW) based on the first key group K1 and the retrieved ciphertext EnW, and finally realizes the secure search positioning and decryption of the encrypted file.
The searchable encryption system of the searchable encryption method based on the pseudo-random function and the intelligent contract in the embodiment of the invention mainly comprises:
the data owner is used for randomly selecting the security parameter p and selecting two pseudo-random functions, generating a key group, sharing a part of keys as a first key group to a data user, and sharing the rest keys as a second key group to a data searcher;
a data searcher for extracting the keyword set W, implementing multi-keyword ordered search by using the inverted ordered index data structure, marking the file containing the keyword set W as F (W), andand weights the files in the file F (W) of the keyword set W>Ordering, and constructing an encryption index containing verification data;
data user for generating search token= ((G) 1 (W)),(G 1 (W||0)),(G 1 (w||1)), uploading the search token to a blockchain, searching by the data searcher, and decrypting based on the first key set K1 and the retrieved ciphertext EnW to obtain a plaintext file c=w.dec (K1, enW);
a data searcher for searching ciphertext and executing search (EnIndex, token) → (EnW, F) k (W)) and after receiving the search token, verifies whether the data user is an authorized user, and executes Verify (T (G) 1 (W)).test,token,F k (W)). Fwdarw.1/0, and the search result is verified.
Example two
As shown in FIG. 2, an embodiment of a blockchain-based data controlled access method is provided. In the data access scene, a data visitor can access data resources which are stored by other users and are interested by the visitor according to own identity information, and the implementation process is as follows:
(1) Enterprise a on the supply chain wants to access the last year's internal financial statement of upstream enterprise B;
(2) The enterprise A sends a registration request to the enterprise B, and the enterprise B generates a corresponding decryption key K for the enterprise B, and simultaneously encrypts the enterprise A by using a shared key and then embeds the encrypted enterprise A into an intelligent contract of a blockchain;
(3) Transmitting the shared secret key to the enterprise A through a trusted channel;
(4) The data which the enterprise A wants to access is uploaded to the IPFS file system after being encrypted by the enterprise B by using the master key, the position of the data is recorded by the enterprise B, and the position of the file is encrypted by using the master key and uploaded to the intelligent contract;
(5) When an enterprise A sends an access request to an enterprise B, the enterprise B adds a related transaction ID in the request according to the description information of the access request, and forwards the request to a blockchain for identity verification;
(6) Triggering intelligent contract execution conditions after the access control system on the chain successfully verifies the identity of the A, generating a search token and an attached search authority, then calling the search contract, and returning an encrypted secret key K and a file address to the enterprise A;
(7) The enterprise A decrypts the K according to the shared key received in advance, and decrypts the file address through the key K;
(8) And the enterprise A retrieves the encrypted file on the IPFS distributed file system according to the file address, and then decrypts the encrypted file by using the key K to obtain plaintext data.
In summary, the encryption data searching method based on the intelligent block chain contract, which is designed by the invention, realizes the search of encryption data based on the block chain, and realizes the search on the chain and the access under the chain. The method supports updating of data including adding and deleting, and in addition, the authority of the search request is considered in the searching stage of the blockchain, so that the data file with high sensitivity is protected to a certain extent. Preprocessing a file to be stored, generating an encrypted file, sending the encrypted file to the blockchain intelligent contract, and simultaneously storing the encrypted file index data in the blockchain so as to facilitate subsequent query and other operations. The invention can encrypt the key words and the file indexes in the file and store the encrypted key words and the file indexes in the blockchain, and the data user subjected to identity authentication can search the required file position by adopting the scheme. The malicious cloud server problem which is difficult to solve by the traditional scheme is solved, and the safety of the searching process and the correctness of the ciphertext searching result are ensured.
The foregoing describes in detail preferred embodiments of the present invention. It should be understood that numerous modifications and variations can be made in accordance with the concepts of the invention without requiring creative effort by one of ordinary skill in the art. Therefore, all technical solutions which can be obtained by logic analysis, reasoning or limited experiments based on the prior art by a person skilled in the art according to the inventive concept shall be within the scope of protection defined by the claims.
Claims (10)
1. A searchable encryption method based on a pseudo-random function and an intelligent contract is characterized in that the method comprises the following steps:
s101, initializing a system, wherein a data owner randomly selects a security parameter p, simultaneously selects two pseudo-random functions, then generates a key group by the data owner, shares a part of keys as a first key group to a data user, and shares the rest keys as a second key group to a data searcher;
s102, keyword extraction and encryption sorting, wherein a data owner extracts a keyword set W based on a plaintext document, adopts an inverted sorting index data structure to realize multi-keyword sorting search, marks a file containing the keyword set W as F (W), andand weights the files in the file F (W) of the keyword set W>Ordering, wherein the sum symbols +.>The upper mark 5 and the lower mark 1 represent that the number of the selected keywords of the file F (W) is 5;
s103, constructing an encryption index, wherein the data owner constructs the encryption index containing verification data based on the second key group K2 according to the index ordering mode of the S102;
s104, generating a search token, and generating a search token token= ((G) by the data user based on the search keyword 1 (W)),(G 1 (W||0)),(G 1 (W1)), wherein token is represented as three parameters, G 1 Is a pseudo-random function, W represents a file containing a key, I represents a symbol connection symbol, the file W is respectively connected with 0,1,uploading the search token to a blockchain by a data user, and searching by the data searcher;
s105, matching search, wherein the data searcher is based on a second key group K2, the second key group K2 is generated by the data owner and is used by the data searcher, and the search token searches ciphertext to execute search (EnIndex, token) to (EnW, F) k (W)) after the data searcher receives the search token, firstly verifying whether the data user is an authorized user, and if the data user is authorized, issuing an Ethernet event by the data searcher to inform the cloud platform to execute search operation;
s106, verifying the search result, the data searcher executes Verify (T (G) 1 (W)).test,token,F k (W)). Fwdarw.1/0, wherein the verification function Verify contains three parameters, the first is the test field of the search table for storing the verification result of the keyword search result, the second parameter token is the same as above, and the third is the file W containing the keyword;
and S107, decrypting the ciphertext, wherein the data user decrypts the ciphertext to obtain a plaintext file C=w.Dec (K1, enW) based on the first key group K1 and the retrieved ciphertext EnW, wherein K1 is generated by a data owner and shared to the data user for use, and EnW represents the encrypted file.
2. The method of claim 1, wherein the two pseudo-random functions are G 1 :{0,1} P ×{0,1} * →{0,1} d And G 2 :{0,1} P ×{0,1} * →{0,1} 1 Wherein, the first upper corner mark P is a parameter selected by a data owner in the system initialization stage, d is the length of a document mark, and 1 is G 2 And (3) outputting a function.
3. A searchable encryption method based on a pseudo-random function and a smart contract according to claim 1, wherein said encryption index includes a look-up table T and encrypted file tags.
4. A searchable encryption method according to claim 3, wherein said search table T is a key-value pair < key, value > structure, wherein the key field key contains the output of the pseudo-random function G1, the value field contains a tuple < value, test >, wherein the value stores the encryption address of the file tag array, and the test field stores the verification result based on the multi-key search result for verifying the integrity and correctness of the data.
5. The method according to claim 4, wherein the encryption index construction of step S103 specifically comprises:
first, the data owner is G of each keyword set W after being ordered 1 (W) setting values of its tuples;
second, set the value field toRepresented asWherein Address (F (W)) represents the Address of the file and the latter G 1 (W||0) performing bitwise exclusive OR operation;
third, the test field is set to G 2 (G 1 (W)||F 1 (W)...F K (W)), denoted as T (G) 1 (W)).test=G 2 (G 1 (W)||F 1 (W)...F K (W)), where F K (W) represents the top k tags of the file with the highest weight, and address (F (W)) is represented as pointing to the set of file tagsAddress of (a); if the number of files containing the keyword set W is beta < k, setting the test field of G1 to G 2 (G 1 (W)||F 1 (W)||F 2 (W)...||F β (W)), and F k (W)=(F 1 (W),...,F β (W)), while setting F K (W);
Fourth step, F K (W) The file mark in (a) is encrypted asUsing a first key set K by the data owner 1 And symmetric encryption algorithm omega= (omega. Enc, omega. Dec) symmetrically encrypts plaintext document C to generate ciphertext EnW;
fifth, the data owner sets the encryption index to EnIndex= (T, enf), where Enf is the encrypted file tag, and finally outsources (EnIndex, enW) to the cloud platform.
6. The method according to claim 5, wherein the matching search of step S105 specifically comprises:
first, the cloud platform captures events issued by data seekers, and parses the events into tuples (G 1 (W), G1 (w||0), G1 (w||1)) to perform a search operation;
second, in the search table, the third party cloud platform uses G 1 (W) find T (G) 1 (W)). Value and T (G) 1 (W)). Test, then for each Fj (W) ∈Fk (W);
third step, cloud platform computing Enf j (W)⊕G 1 (W1) wherein the encrypted file tag Enf is equal to G 1 (W1) performing a bitwise exclusive OR operation to recover the file flag F encrypted via the second key group j (W) thereafter decrypting the file mark using a symmetric key algorithm;
fourth step, the cloud platform sends F K (W) and T (G) 1 (W)) test to authenticate to the data searcher.
7. The method of claim 6, wherein the verifying search result in step S106 specifically comprises:
attestation data received by cloud platformIs T (G) 1 (W)). Test, data searcher recalculates (T (G) 1 (W)).test)`=G 2 (G 1 (W)||F 1 (W)||F 2 (W),......,F k (W)) verification (T (G) 1 (W)).test)=(T(G 1 (W)). Test)' if so, then the data searcher is informed that the correct result is searched by matching, and then the correct file mark F is used j (W) retrieving the encrypted file EnW and returning to the data user.
8. The method of claim 1, wherein the data owner is configured to perform preprocessing on files to be stored and generate encrypted file data to send to the blockchain smart contract.
9. The method of claim 8, wherein the blockchain smart contract is configured to receive the preprocessed data sent by the data holder, process the data according to a scheme described in the specification, and store the encrypted file index data in the blockchain.
10. A searchable encryption system of a searchable encryption method based on a pseudo-random function and a smart contract as defined in claim 1, wherein said searchable encryption system comprises:
the data owner is used for randomly selecting the security parameter p and selecting two pseudo-random functions, generating a key group, sharing a part of keys as a first key group to a data user, and sharing the rest keys as a second key group to a data searcher;
a data searcher for extracting the keyword set W, implementing multi-keyword ordered search by using the inverted ordered index data structure, marking the file containing the keyword set W as F (W), andand for the file F (W) of the keyword set WThe files in (1) are weighted->Ordering, and constructing an encryption index containing verification data;
data user for generating search token= ((G) 1 (W)),(G 1 (W||0)),(G 1 (w||1)), uploading the search token to a blockchain, searching by the data searcher, and decrypting based on the first key set K1 and the retrieved ciphertext EnW to obtain a plaintext file c=w.dec (K1, enW);
a data searcher for searching ciphertext and executing search (EnIndex, token) → (EnW, F) k (W)) and after receiving the search token, verifies whether the data user is an authorized user, and executes Verify (T (G) 1 (W)).test,token,F k (W)). Fwdarw.1/0, and the search result is verified.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310305454.9A CN116566644A (en) | 2023-03-24 | 2023-03-24 | Searchable encryption method based on pseudo-random function and blockchain intelligent contract |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310305454.9A CN116566644A (en) | 2023-03-24 | 2023-03-24 | Searchable encryption method based on pseudo-random function and blockchain intelligent contract |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116566644A true CN116566644A (en) | 2023-08-08 |
Family
ID=87490551
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310305454.9A Pending CN116566644A (en) | 2023-03-24 | 2023-03-24 | Searchable encryption method based on pseudo-random function and blockchain intelligent contract |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116566644A (en) |
-
2023
- 2023-03-24 CN CN202310305454.9A patent/CN116566644A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106127075B (en) | Encryption method can search for based on secret protection under a kind of cloud storage environment | |
| Salam et al. | Implementation of searchable symmetric encryption for privacy-preserving keyword search on cloud storage | |
| Li et al. | Achieving authorized and ranked multi-keyword search over encrypted cloud data | |
| CN108062485A (en) | A kind of fuzzy keyword searching method of multi-service oriented device multi-user | |
| KR100839220B1 (en) | Method for searching encrypted database and System thereof | |
| CN103955537A (en) | Method and system for designing searchable encrypted cloud disc with fuzzy semantics | |
| CN112000632B (en) | Ciphertext sharing method, medium, sharing client and system | |
| JP2009510616A (en) | System and method for protecting sensitive data in a database | |
| Sun et al. | Research on logistics information blockchain data query algorithm based on searchable encryption | |
| CN111651779B (en) | Privacy protection method for encrypted image retrieval in block chain | |
| CN112543099A (en) | Certificateless searchable encryption method based on edge calculation | |
| CN111339539A (en) | Efficient encrypted image retrieval method under multi-user environment | |
| CN116662827A (en) | Decentralised fine-granularity privacy protection crowdsourcing task matching method and matching system | |
| Abduljabbar et al. | EEIRI: Efficient encrypted image retrieval in IoT-cloud | |
| Meharwade et al. | Efficient keyword search over encrypted cloud data | |
| Li et al. | BEIR: A blockchain-based encrypted image retrieval scheme | |
| CN116663046A (en) | Private data sharing and retrieving method, system and equipment based on blockchain | |
| CN116248289A (en) | Industrial Internet identification analysis access control method based on ciphertext attribute encryption | |
| Wang et al. | An effective verifiable symmetric searchable encryption scheme in cloud computing | |
| CN116566644A (en) | Searchable encryption method based on pseudo-random function and blockchain intelligent contract | |
| CN109582818B (en) | Music library cloud retrieval method based on searchable encryption | |
| Raghavendra et al. | DRSIG: Domain and Range Specific Index Generation for Encrypted Cloud Data | |
| Sude et al. | Authenticated CRF based improved ranked multi-keyword search for multi-owner model in cloud computing | |
| Kapse et al. | Secure and Efficient Search Technique in Cloud Computing | |
| Bhavya et al. | EFUMS: Efficient File Upload and Mutli-Keyword Search over Encrypted Cloud Data |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |