CN116707798A - Ciphertext examination method, device and system based on equivalence test - Google Patents

Ciphertext examination method, device and system based on equivalence test Download PDF

Info

Publication number
CN116707798A
CN116707798A CN202310845033.5A CN202310845033A CN116707798A CN 116707798 A CN116707798 A CN 116707798A CN 202310845033 A CN202310845033 A CN 202310845033A CN 116707798 A CN116707798 A CN 116707798A
Authority
CN
China
Prior art keywords
ciphertext
encrypted
packet
sender
central server
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310845033.5A
Other languages
Chinese (zh)
Inventor
陈俊淞
曾晟珂
唐泽辉
王蒙
周洁
熊玲
钱嘉乐
吴嘉乐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xihua University
Original Assignee
Xihua University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xihua University filed Critical Xihua University
Priority to CN202310845033.5A priority Critical patent/CN116707798A/en
Publication of CN116707798A publication Critical patent/CN116707798A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The invention provides a ciphertext examination method, device and system based on equivalence test. The method comprises the following steps: acquiring a first encrypted ciphertext packet C1=m formulated by a sender for plaintext information m thereof k h r2 Second encrypted ciphertext package c=m formulated by the acquisition authority for its violation information blacklist M k h r1 The method comprises the steps of carrying out a first treatment on the surface of the Decrypting the first encrypted ciphertext packet to obtain a first decrypted ciphertext (m k ) q1 The method comprises the steps of carrying out a first treatment on the surface of the Decrypting the second encrypted ciphertext packet to obtain a second decrypted ciphertext (M k ) q1 The method comprises the steps of carrying out a first treatment on the surface of the Judging the first decrypted ciphertext (m k ) q1 Whether or not it belongs to the second decrypted ciphertext (M k ) q1 And if so, intercepting the first encrypted ciphertext packet. The examination method provided by the invention not only improves the accuracy of ciphertext examination, but also improves the examinationEfficiency is improved.

Description

Ciphertext examination method, device and system based on equivalence test
Technical Field
The invention relates to the technical field of End-to-End encrypted (E2 EE for short), in particular to a ciphertext examination method, device and system based on equivalence test.
Background
End-to-End communication encryption technology (End-to-End encryption) has become a trend, and instant messaging APP such as WhatsApp, telegram, etc. which are popular abroad have all adopted E2EE technology. The most basic E2EE model is shown in fig. 1, assuming Alice and Bob are in end-to-end communication through a third party platform (e.g., facebook, whatsApp), alice and Bob have previously established a shared key through key agreement. Alice sends a message "Hello" to Bob, the message is firstly encrypted on the client of Alice and then forwarded to Bob through the third-party platform, and after Bob receives the encrypted message, the message is decrypted through the client, and finally the message "Hello" is presented. From the E2EE model, the E2EE ensures confidentiality and integrity of the message, and only two parties with a secret key can decrypt the message, even a third party platform cannot know the specific content of the message.
Obviously, the correct use of the E2EE technology can better protect the privacy security and the data security of users. This is mainly because, prior to the E2EE technology, many manufacturers providing instant messaging services have introduced applications in which messages sent by users are transparent to the central server. This is in part contrary to the personal privacy security protection proposed in recent years. Therefore, the E2EE technology is used to encrypt the information sent by the user, so that the central server cannot know the specific content sent by the user. However, if the E2EE technology is adopted, it will cause a hindrance to the content audit. It is very challenging to check if the ciphertext contains offending information without decrypting the user ciphertext. So far, the content auditing technology under the E2EE environment adopted by manufacturers mainly comprises the following steps: user reporting, traceable technology, metadata analysis.
The user reporting function depends on the strength of groups on one hand, for example, in some social media applications (such as Xinlang microblogs), the user can report some messages violating community regulations, so that the content auditing participation of the user is improved; on the other hand, depending on the positive response or the right of the message receiver (e.g., weChat), in some instant messaging applications, the receiver initiates reporting of the message. After the platform receives the report, the message can be further processed. Thus, the user reporting is relatively dependent on the strength of the community, however, in the E2EE environment, only the sender and receiver can know the plaintext information, which results in the strength of the community being ineffective in the E2EE environment.
Tracking technology: the method is mainly used for meeting the tracing requirement of the illegal message, and a source sender of the message needs to be traced in order to hit a criminal or punish a user issuing illegal contents. However, in the E2EE environment the message may be sent anonymously, and it cannot be traced directly to the source sender. There are currently two alternatives: (A) Adding the encrypted identification information of the source sender in the metadata aspect of each message; (B) the vendor maintaining a database of message digests. Once the digest of the offending message is determined, the source sender of the message can be found through the message digest database. Therefore, the tracking technology can only be used as a post-hoc traceability, and cannot prevent the sending of illegal information. It can only be used as a post-hoc analysis means to pursue the responsibility of offending users. Therefore, the technology can only play a certain role in warning before the illegal information is sent, but cannot directly prevent illegal operation.
Metadata analysis: metadata analysis in the content auditing range generally refers to metadata analysis of a transmitted message, and mainly comprises analysis of related data such as message transmission time, transmission objects, transmitters, transmission frequency and the like, and artificial intelligent models such as machine learning and the like are combined in the analysis process. Metadata analysis is typically performed on the client of the user device, and typically occurs on the user device and does not store, use and send unencrypted messages during analysis, then personal privacy of the user is considered to be guaranteed. However, this technology based on analysis of the user client greatly consumes the computing resources of the client, and the content analyzed by the technology is also clear text before the user is not encrypted, so that the pseudo privacy protection technology is difficult to be applied in the actual living environment.
In summary, at present, in an E2EE communication environment, most of effective auditing performed on ciphertext sent by a user is probability analysis or post-hoc traceability, and effective auditing cannot be performed on ciphertext content.
Disclosure of Invention
The invention aims to solve the defects in the prior art and provides a ciphertext examination method, device and system based on equivalence test.
A ciphertext examination method based on equivalence test comprises the following steps:
acquiring a first encrypted ciphertext packet C1, c1=m formulated by a sender for plaintext information m thereof k h r2 Obtaining a second encrypted ciphertext package C, c=m formulated by the authority for its blacklist of violation information M k h r1 The method comprises the steps of carrying out a first treatment on the surface of the The violation information set m= { M1, M2, M3..the first place; wherein k is a public parameter set by an authority, and h is one parameter of a public key of a central server; r1 is a random number selected by an authority and is used for encrypting the blacklist M together with a public key parameter h of a central server; r2 is a random number selected by a sender and is used for encrypting the plaintext message m together with the public key parameter h of the central server;
decrypting the first encrypted ciphertext packet using the central server private key q1 to obtain a first decrypted ciphertext (m k ) q1 The method comprises the steps of carrying out a first treatment on the surface of the Decrypting the second encrypted ciphertext packet using the central server private key q1 to obtain a second decrypted ciphertext (M k ) q1
Judging the first decrypted ciphertext (m k ) q1 Whether or not it belongs to the second decrypted ciphertext (M k ) q1 If so, intercepting the first encrypted ciphertext packet; and if the first encrypted ciphertext packet does not belong to the encrypted ciphertext packet, transmitting the first encrypted ciphertext packet to a receiver.
Further, in the ciphertext inspection method based on the equivalence test, the formulating of the first encrypted ciphertext packet includes:
acquiring the public parameter k, and encrypting the plaintext information m according to the public parameter k to obtain a first ciphertext segment m k
Obtaining public keys PK, PK= (n, G, G1, e, G, h) of a central server;
selecting a random number r2, and aiming at the first ciphertext segment m according to the random number r2 and a parameter h k Encrypting to obtain the first encrypted ciphertext packet C1, c1=m k h r2
Further, in the ciphertext inspection method based on the equivalence test, the formulating of the second encrypted ciphertext packet includes:
the public parameter k is obtained, and the blacklist M of the violation information is encrypted according to the public parameter k to obtain a second ciphertext segment M k
Obtaining public keys PK, PK= (n, G, G1, e, G, h) of a central server; the method comprises the steps of carrying out a first treatment on the surface of the
Selecting a random number r1, and aiming at the second ciphertext segment M according to the random number r1 and a parameter h k Encrypting to obtain the second encrypted ciphertext packet C, wherein C=M k h r1
Further, in the ciphertext inspection method based on the equivalence test, the obtaining the public key PK of the central server includes:
acquiring security parameters tau, tau e Z +
Operating G (τ) according to said security parameter τ to obtain tuples (q 1, q2, G1, e);
outputting a public key pk= (n, G1, e, G, h), a private key sk=q1 of the central server according to the tuple (q 1, q2, G1, e); wherein n=q1×q2; a number g is randomly generated and is used for generating a plurality of data,h=u q2
further, in the ciphertext inspection method based on the equivalence test, the decrypting the first encrypted ciphertext packet to obtain a first decrypted ciphertext includes:
acquiring a private key SK of a central server, wherein SK=q1;
decrypting the first encrypted ciphertext package C1 according to the private key SK to obtain a first decrypted ciphertext C1 q1
C1 q1 =(m k h r2 ) q1 =(m k ) q1
Further, in the ciphertext inspection method based on the equivalence test, the decrypting the second encrypted ciphertext packet to obtain a second decrypted ciphertext includes:
acquiring a private key SK of a central server, wherein SK=q1;
for the second encrypted ciphertext package c=m according to the private key SK k h r1 Decrypting to obtain a second decrypted ciphertext C q1
C q1 =(M k h r1 ) q1 =(M k ) q1 ={(m1 k ) q1 ,(m2 k ) q1 ,(m3 k ) q1 ,......} 1
Further, in the ciphertext inspection method based on the equivalence test, the determining whether the first decrypted ciphertext belongs to the second decrypted ciphertext, if so, intercepting the first encrypted ciphertext packet includes:
if the plaintext information M belongs to the blacklist M of the offending information, there is (M k ) q1 ∈(M k ) q1 I.e. (m) k ) q1 And (M) k ) q1 If the values of the information are equal, m is the violation information, and the information is intercepted.
Ciphertext examination apparatus based on equivalence test, comprising:
an acquisition unit for acquiring plaintext information m formulated by the senderIs a first encrypted ciphertext packet C1, c1=m k h r2 Obtaining a second encrypted ciphertext package C, c=m formulated by the authority for its blacklist of violation information M k h r1 The method comprises the steps of carrying out a first treatment on the surface of the The violation information set m= { M1, M2, M3..the first place; wherein k is a public parameter set by an authority, and h is one parameter of a public key of a central server; r1 is a random number selected by an authority and is used for encrypting the blacklist M together with a public key parameter h of a central server; r2 is a random number selected by a sender and is used for encrypting the plaintext message m together with the public key parameter h of the central server;
a decryption unit that decrypts the first encrypted ciphertext packet using a center server private key q1 to obtain a first decrypted ciphertext (m k ) q1 The method comprises the steps of carrying out a first treatment on the surface of the Decrypting the second encrypted ciphertext packet using the central server private key q1 to obtain a second decrypted ciphertext (M k ) q1
A judging unit for judging whether the first decrypted ciphertext (m k ) q1 Whether or not it belongs to the second decrypted ciphertext (M k ) q1 If so, intercepting the first encrypted ciphertext packet; and if the first encrypted ciphertext packet does not belong to the encrypted ciphertext packet, transmitting the first encrypted ciphertext packet to a receiver.
A ciphertext transmission system based on equivalence testing, comprising:
the sender is used for encrypting plaintext information m according to public key PK= (n, G, G1, e, G and h) of the central server, public parameter k generated by the authority mechanism and public key PK=g2 of the receiver to obtain a sender ciphertext packet; the sender ciphertext packet comprises: the first encrypted ciphertext package C1, the second encrypted ciphertext package C2, the third encrypted ciphertext package C3, the fourth encrypted ciphertext package C4, and the fifth encrypted ciphertext package C5;
C1=m k h r2
C2=g” r2’ ;r2’=H1(r2)
C3=g2 r2’ *r2
C4=H 2 (C1||C2||C3||m||r2)
C5=(s1,s2);s1=g” x modp,s2=(C4-α*s1)x -1 mod(p-1)
wherein r2 and x are random numbers selected by a sender, p is a system parameter output by the sender, alpha is an integer randomly selected by the sender, g 'is a system parameter output by a receiver, g2 is a public key of the receiver, and g2=g'; β
a central server for receiving the second encrypted ciphertext packet C of the authority, c=m k h r1 Receiving a sender ciphertext packet of the sender;
the method is also used for decrypting the first encrypted ciphertext package C1 in the sender ciphertext package to obtain a first decrypted ciphertext; decrypting the second encrypted ciphertext package C to obtain a second decrypted ciphertext;
the method is also used for judging whether the first decryption ciphertext belongs to the second decryption ciphertext, and if so, intercepting the sender ciphertext packet; if not, the sender ciphertext packet is sent to a receiver;
the receiver is used for carrying out signature verification on the fourth encrypted ciphertext package C4 and the fifth encrypted ciphertext package C5 according to the public key of the sender;
the method is further used for decrypting the third encrypted ciphertext package C3 by using a private key beta according to the second encrypted ciphertext package C2 after the signature verification is passed, so as to obtain a random number r2 of a receiver;
and is further configured to decrypt the first encrypted ciphertext packet C1 according to the public parameter k, the parameter h in the public key of the central server, and the random number r2, where there isAnd finally obtains the plaintext message m of the sender.
According to the ciphertext examination method based on the equivalence test, on one hand, a center server decrypts a first encrypted ciphertext packet of a sender by using a private key q1 of the center server to obtain a first decrypted ciphertext (m) k ) q1 The method comprises the steps of carrying out a first treatment on the surface of the And decrypting the blacklist of offending information by using the private key q1 of the center server to obtain a second decrypted ciphertext (M k ) q1 The method comprises the steps of carrying out a first treatment on the surface of the And by determining if the first decrypted ciphertext(m k ) q1 Is of the second decrypted ciphertext (M k ) q1 The method ensures that the central server can judge whether the ciphertext contains illegal information or not on the premise of not decrypting the ciphertext of the sender, achieves the aim of auditing the ciphertext message while protecting the communication privacy of the user, and prevents the propagation of the illegal message; on the other hand, on the premise that the message sent by the sender is in the form of ciphertext, the invention verifies the first decrypted ciphertext (m k ) q1 Is of the second decrypted ciphertext (M k ) q1 Can accurately and uniquely decrypt the transmitted decrypted ciphertext m k Checking is carried out, so that the loopholes that counterfeit ciphertext passes the checking are avoided, and the accuracy of ciphertext checking is improved; in still another aspect, the invention can effectively intercept the offending ciphertext before the receiving party receives the message, thereby improving the efficiency of ciphertext auditing. In addition, the method provided by the invention can also carry out batch verification on the passed ciphertext.
Drawings
FIG. 1 is a schematic diagram of an E2EE model in the prior art;
FIG. 2 is a block diagram of a ciphertext auditing system in the prior art;
FIG. 3 is a flowchart of a ciphertext examination method based on an equivalence test provided by the invention;
FIG. 4 is a block diagram of a ciphertext examination device based on an equivalence test provided by the invention;
fig. 5 is a flowchart of a ciphertext transmission method based on an equivalence test according to the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the present invention more apparent, the technical solutions in the present invention will be clearly and completely described below, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
Fig. 2 is a block diagram of a ciphertext auditing system in the prior art, as shown in fig. 2, the auditing system includes:
a Central Server (CS), the main functions of which include:
1. generating a public and private key pair, disclosing the public key and reserving the private key;
2. matching the ciphertext package sent by the sender with a blacklist of the violation information deployed on the ciphertext package by the authority mechanism, and judging whether the ciphertext package contains the violation information.
Sender (Sender), the main functions include:
1. generating a public and private key pair, disclosing a public key on the system, and reserving a private key;
2. and encrypting the plaintext information to be transmitted according to a specified mode and then transmitting the encrypted plaintext information.
The Receiver (Receiver), its main functions include:
1. generating a public and private key pair, disclosing a public key on the system, and reserving a private key;
2. and obtaining the ciphertext packet forwarded from the central server, and obtaining plaintext information after local decryption.
An Authority (Authority), whose main functions include:
and counting and collecting the violation information, formulating a blacklist of the violation information of the ciphertext version, and disposing the blacklist of the violation information of the ciphertext on the central server as a basis for intercepting the violation information by the central server.
Wherein, rule (Rule): rules, i.e., blacklists of offending information, include, but are not limited to, viruses, trojans, or confidential information, as well as bad information, etc.
Fig. 3 is a flowchart of a ciphertext examination method based on an equivalence test, as shown in fig. 3, and the method includes the following steps:
step 101: acquiring a first encrypted ciphertext packet C1, c1=m formulated by a sender for plaintext information m thereof k h r2 Obtaining a second encrypted ciphertext package C, c=m formulated by the authority for its blacklist of violation information M k h r1 The method comprises the steps of carrying out a first treatment on the surface of the The violation information set m= { M1, M2, M3..the first place; wherein k is a public parameter set by an authority, and h is one parameter of a public key of a central server; r1 is a random number selected by an authority and is used for encrypting the blacklist M together with a public key parameter h of a central server; r2 is a random number selected by a sender and is used for encrypting the plaintext message m together with the public key parameter h of the central server;
step 102: decrypting according to the first encrypted ciphertext packet to obtain a first decrypted ciphertext (m k ) q1 The method comprises the steps of carrying out a first treatment on the surface of the Decrypting the second encrypted ciphertext packet to obtain a second decrypted ciphertext (M k ) q1
Step 103: judging the first decrypted ciphertext (m k ) q1 Whether or not it belongs to the second decrypted ciphertext (M k ) q1 If so, intercepting the first encrypted ciphertext packet; and if the first encrypted ciphertext packet does not belong to the encrypted ciphertext packet, transmitting the first encrypted ciphertext packet to a receiver.
Specifically, before obtaining the encrypted ciphertext packet, a key is first generated, then the ciphertext or the blacklist of illegal information is encrypted according to the key, and the key generation methods of the central server, the sender and the receiver are respectively described below.
The central server:
given security parameter τ e Z + G (τ) is run to obtain tuples (q 1, q2, G1, e). Let n=q1×q2. Two randomly generated numbers g are selected and used for generating a plurality of data,and set h=u q2 . H is a random generator of the q1 order subgroup of G. The public key is pk= (n, G1, e, G, h) and the private key is sk=q1. The central server discloses a public key pk= (n, G1, e, G, h) in the system for partial encryption of the transmitted messages by the sender and the authority, and the central server itself reserves a private key sk=q1 for partial decryption of the messages transmitted by the sender and the authority.
The sender:
the system parameter generation algorithm takes a safety parameter lambda 1 as an inputOne cyclic group pg= (G, p, G ') is selected, and the system parameter sp= (G, p, G') is output. With system parameter SP as input, randomly select alpha E Z p G1=g 'was calculated' α The public key pk=g1, private key sk=α of the sender is output. The sender public key PK is disclosed in the system, and the private key SK is reserved.
The receiving side:
the system parameter generation algorithm takes the safety parameter λ2 as an input, selects one cycle group pg= (G, p, G "), and outputs the system parameter sp= (G, p, G"). With SP as input, randomly select beta ε Z p Calculate g2=g' β Public key pk=g2, private key sk=β of the output receiver. The public key PK of the receiver is disclosed in the system, and the private key SK is reserved.
The encryption method of the authority and the sending sender is introduced as follows:
authority:
a set of violation information M, i.e. a blacklist m= { M1, M2, M3, the first and second parameters are chosen, the common parameter k and the random number r1, encrypting the violation information set M according to the public parameter k and the random number r1 to obtain a second encrypted ciphertext packet C, wherein C=M k h r1 Ciphertext package c=m k h r1 To the central server. Wherein the random number k is used for encrypting the blacklist M to obtain M k So that the central server cannot obtain the information of the blacklist M; random number r1 is used for M k Encryption is performed so that M can be partially decrypted only by the central server using its own private key k The common parameter k will be stored as a common parameter in the clients of the respective users so that the communication parties other than the central server are commonly aware.
The sender:
the sender encrypts m by using one parameter h, a public parameter k and a random number r2 in the public key of the central server to obtain a first encrypted ciphertext packet C1, c1=m k h r2 The method comprises the steps of carrying out a first treatment on the surface of the The sender encrypts the random number r2 by using the public key of the receiver to obtain a second encrypted ciphertext packet C2 and a third encrypted ciphertext packet C3, and the sender signs the message by using the private key of the sender to obtain a fourth encrypted ciphertext packet C4 and a fifth encrypted ciphertextThe sender combines the first encrypted ciphertext package C1, the second encrypted ciphertext package C2, the third encrypted ciphertext package C3, the fourth encrypted ciphertext package C4 and the fifth encrypted ciphertext package C5 into a sender ciphertext package and sends the sender ciphertext package to the central server.
The making of the first encrypted ciphertext packet C1 includes:
inputting a random number r2 and a public parameter k at a client, and encrypting the plaintext information m according to the random number r2 and the public parameter k to obtain a first encrypted ciphertext packet C1, wherein c1=m k h r2 . Wherein, the random number r2 is used for m k Encryption is performed so that m can be partially decrypted only by the central server using its own private key k M is plaintext information that the sender wants to transmit to the receiver.
C2=g” r2’ ,C3=g2 r2’ * r2, r2' =h1 (r 2), H1 is a public hash function, and the receiver can decrypt the random number r2 from C3 using its own private key β and C2;
C4=H 2 (c1|c2|c3|m|r2); c4 is a hash value obtained by connecting C1, C2, C3, m and r2 and carrying out hash operation on the hash values for subsequent message signature;
C5=(s1,s2);s1=g' x modp,s2=(C4-α*s1)x -1 mod (p-1), and subsequently in the decryption phase the receiver can verify if the message is from the sender using s1 and s 2; x is a random number selected by the sender for signing the ciphertext C4.
The center server decrypts how to implement the first encrypted ciphertext packet to obtain a first decrypted ciphertext (m k ) q1 The method comprises the steps of carrying out a first treatment on the surface of the Decrypting the second encrypted ciphertext packet to obtain a second decrypted ciphertext (M k ) q1 The detailed process of (1) is introduced:
the central server decrypts the second encrypted ciphertext packet C from the authority using its own private key SK:
then there is C q1 =(M k h r1 ) q1 =(M k ) q1 ={(m1 k ) q1 ,(m2 k ) q1 ,(m3 k ) q1 ,......}Because h=u q2 H is a random generator of the q 1-order subgroup of G, and n=q1×q2, so there is h r1q1 =u q2r1q1 Wherein u is q1q1 =u n The unit element of group G is 1, so 1 r1 =1, i.e. h in the secret can be eliminated r1 Obtain a partially decrypted ciphertext (M k ) q1
The central server decrypts the first encrypted ciphertext packet C1 from the sender using its own private key SK:
then there is C1 q1 =(m k h r2 ) q1 =(m k ) q1 Because h=u q2 H is a random generator of the q 1-order subgroup of G, and n=q1×q2, so there is h r2q1 =u q2r2q1 Wherein u is q1q1 =u n The unit element of group G is 1, so 1 r2 =1, i.e. h in the secret can be eliminated r2 Obtain a partially decrypted ciphertext (m k ) q1
The following is how to implement the determination of the first decrypted ciphertext (m k ) q1 Whether or not it belongs to the second decrypted ciphertext (M k ) q1 If so, intercepting the first encrypted ciphertext packet; if not, introducing a scheme of transmitting the first encrypted ciphertext packet to a receiver:
the method comprises the following steps: c1 is ciphertext of a transmission plaintext m, and m is obtained by encrypting m by using k k The central server can be enabled to use m without decrypting m k And M is as follows k For comparison, if M is equal to M1 or M2 in M, M3 k =m1 k Or m2 k 、m3 k ... Encryption m using public key h and random number r2 of a central server k Obtaining m k h r2 So that only the central server can use its own private key from m k h r2 Decrypted out m k . The first decrypted ciphertext (m k ) q1 And a second decrypted ciphertext (M k ) By comparison, if m.epsilon.M, there is (M) k ) q1 ∈(M k ) q1 I.e. (m) k ) q1 And (M) k ) q1 Is equal to a certain value ofM is the violation information and the message is intercepted, otherwiseThe message is released.
The decryption process of the receiving side is described as follows:
the ciphertext packet passing the audit is sent to the client of the receiver, and after the receiver receives the ciphertext packet sent by the sender, the receiver firstly uses the public key g1=g 'of the sender' α Signature verification with C4, C5 in ciphertext package (g 1 s1 s1 s2 ≡g' C4 And mod p, if the verification is not passed, indicating that the message is incomplete, the communication is invalid, and performing next decryption.
The receiver uses its own private key SK to decrypt C3, with C3/C2 β R2 is given by =r2; then uses the public parameter k, the public key h of the central server and the r2 obtained by decryption to decrypt C1, and has the following steps ofAnd finally obtaining the plaintext message m sent by the sender, and completing communication.
The meaning of the characters involved in encryption, auditing and decryption of the scheme of the invention is explained in the following whole:
safety parameters τ, λ1, λ2: the security parameters are used in the key generation phase, and the entered security parameters determine the security and performance of the cryptographic system.
q1, q2: q1, q2 are large prime numbers, all used to generate part of the parameters of the public-private key pair of the central server, where q1 is reserved at the central server and is the private key of the central server (q 1 is the private key of the central server, q2 is the parameters used only to generate the public-private key).
G. G1, PG: three distinct cyclic groups.
e: the unit cells of the group (the unit cells of the cyclic group refer to elements in the cyclic group multiplied by any element to obtain a unit element, and for one cyclic group G, the unit element is e, so that for any a e G, a=e=a=a).
n: n is a parameter constituting a public key of the central server.
g. u: g. u is 2 generation elements selected randomly in the group G, and the two generation elements are used as parameters to generate a public and private key pair of the central server.
h: the random generator of the q1 order subgroup of G, h is part of the parameters of the central server public key.
System parameters SP: system parameters are a set of parameters required to define cryptographic algorithms and protocols that play an important role in the security, performance and functionality of the system.
Alpha, beta: the sender randomly selects an integer alpha, wherein alpha is a private key of the sender; the receiver randomly selects an integer beta, and beta is taken as a private key of the receiver.
g1, g2: wherein g1=g' α 、g2=g”g β G1 is a sender public key, and is used for verifying a message signature after a receiver receives the message; g2 is the public key of the receiver, which is used by the sender to encrypt the random number r2 (r 2 is used by the receiver to decrypt C1).
k: k is a public parameter set by the authority, and all users except the central server can obtain k. (the central server does not know k and all the remaining users know k).
r1, r2: r1 is a random number selected by an authority and is used for encrypting the blacklist M together with a public key h of a central server; r2 is a random number selected by the sender and is used together with the public key h of the central server to encrypt the plaintext information m.
M: m is a blacklist (i.e. a set of violation information M1, M2, M3.. mi..), the encrypted data are deployed on a central server after being encrypted by an authority. If a subset mi of M is the same as M in the ciphertext packet transmitted by the sender, the central server determines that M transmitted by the sender is an offending message.
m: is a clear text message that the sender wants to forward to the receiver through the central server.
x: the sender selects a random number, and the sender signs the message on C4 by using x and the private key alpha of the sender.
Sender ciphertext packet: c1, C2, C3, C4, C5.
C1: c1 is the ciphertext after the sender encrypts m. The sender transmits a message m by using C1; the central server partially decrypts C1 for detection of m-validity.
C2, C3: the sender transmits the encrypted random number r2 to the receiver using C2, C3.
And C4: c4 is a hash value obtained by performing hash operation after C1, C2, C3, m and r2 are cascaded.
C5: the sender signs C4 with its own private key to obtain C5. C5 is used by the receiver to verify whether the message is from the sender.
H1, H2: h1 and H2 are one-way hash functions, and a sender carries out hash operation on r2 by using H1 to obtain r2'; the sender hashes the results after cascade of C1, C2, C3, m and r2 by H2 to obtain C4.
r2': the sender encrypts r2 with r2' and the public key g2 of the receiver.
For ciphertext verification, the conventional ciphertext equivalent test technology can judge the validity of ciphertext content in a white list verification-based mode. Under the white list condition, when the ciphertext content of the user is consistent with the white list, the ciphertext message can pass the verification. In this case, the privacy of the user is in fact semi-public, since the ciphertext message, if it is able to pass, indicates that the ciphertext message content is the same as the content in the whitelist. Meanwhile, in general, the number of legal messages is far greater than the number of illegal messages, so that the content of the white list is quite huge, which not only increases the storage burden of the central server, but also prolongs the auditing time, and reduces the communication efficiency. According to the method provided by the invention, after the ciphertext is partially decrypted, the central server can carry out batch test on the ciphertext from the sender and the blacklist of the illegal information deployed by the authority, and judges whether to intercept the ciphertext message, so that the efficiency of ciphertext auditing is improved.
According to the ciphertext examination method based on the equivalence test, on one hand, a center server decrypts a first encrypted ciphertext packet of a sender by using a private key q1 of the center server to obtain a first decrypted ciphertext (m) k ) q1 The method comprises the steps of carrying out a first treatment on the surface of the And decrypting the blacklist of offending information by using the private key q1 of the center server to obtain a second decrypted ciphertext (M k ) q1 The method comprises the steps of carrying out a first treatment on the surface of the And by determining if the first decrypted ciphertext (m k ) q1 Is of the second decrypted ciphertext (M k ) q1 The method ensures that the central server can judge whether the ciphertext contains illegal information or not on the premise of not decrypting the ciphertext of the sender, achieves the aim of auditing the ciphertext message while protecting the communication privacy of the user, and prevents the propagation of the illegal message; on the other hand, on the premise that the message sent by the sender is in the form of ciphertext, the invention verifies the first decrypted ciphertext (m k ) q1 Is of the second decrypted ciphertext (M k ) q1 Can accurately and uniquely decrypt the transmitted decrypted ciphertext m k Checking is carried out, so that the loopholes that counterfeit ciphertext passes the checking are avoided, and the accuracy of ciphertext checking is improved; in still another aspect, the invention can effectively intercept the offending ciphertext before the receiving party receives the message, thereby improving the efficiency of ciphertext auditing. In addition, the method provided by the invention can also carry out batch verification on the passed ciphertext.
Fig. 4 is a structural block diagram of a ciphertext examination device based on an equivalence test, as shown in fig. 4, the device includes:
an acquisition unit 401 for acquiring a first encrypted ciphertext packet C1, c1=m formulated by the sender for its plaintext information m k h r2 Obtaining a second encrypted ciphertext package C, c=m formulated by the authority for its blacklist of violation information M k h r1 The method comprises the steps of carrying out a first treatment on the surface of the The violation information set m= { M1, M2, M3..the first place; wherein k is a public parameter set by an authority, and h is one parameter of a public key of a central server; r1 is a random number selected by an authority and is used for encrypting the blacklist M together with a public key parameter h of a central server; r2 is a random number selected by a sender and is used for encrypting the plaintext message m together with the public key parameter h of the central server;
decryption unit 402, using a central server private keyq1 decrypts the first encrypted ciphertext packet to obtain a first decrypted ciphertext (m k ) q1 The method comprises the steps of carrying out a first treatment on the surface of the Decrypting the second encrypted ciphertext packet using the central server private key q1 to obtain a second decrypted ciphertext (M k ) q1
A judging unit 403 for judging whether the first decrypted ciphertext (m k ) q1 Whether or not it belongs to the second decrypted ciphertext (M k ) q1 If so, intercepting the first encrypted ciphertext packet; and if the first encrypted ciphertext packet does not belong to the encrypted ciphertext packet, transmitting the first encrypted ciphertext packet to a receiver.
Fig. 5 is a flowchart of a ciphertext transmission method based on equivalence test, as shown in fig. 5, where the method includes:
step 501: the authority encrypts M by using a public key of the central server and a public parameter k to obtain a ciphertext packet C, and sends the ciphertext packet C to the central server;
step 502: after the center service receives C, the C is decrypted by using the private key of the center service to obtain M k
Step 503: the sender encrypts m by using a public key of a central server and a random number r2 to obtain C1, encrypts the random number r2 by using a public key of a receiver to obtain C2 and C3, signs a message by using a private key of the sender to obtain C4 and C5, and combines the C1, C2, C3, C4 and C5 into a ciphertext packet to be sent to the central server by the sender;
step 504: after receiving the ciphertext packet of the sender, the central server decrypts C1 in the ciphertext packet to obtain m k Will m k And M is as follows k Comparing and judging M k Whether or not to contain m k
Step 505: judging the first decrypted ciphertext (m k ) q1 Whether or not it belongs to the second decrypted ciphertext (M k ) q1
Step 506: first decrypted ciphertext (m) k ) q1 Belonging to said second decrypted ciphertext (M k ) q1 Intercepting the first encrypted ciphertext packet;
step 507: forwarding the ciphertext packet of the sender to the receiver;
step 508: after receiving the ciphertext packet of the sender, the receiver first verifies the message signature by using the public key of the sender and C4 and C5 in the ciphertext packet, and judges whether the ciphertext packet is from the receiver. If the ciphertext packet comes from the sender, the receiver decrypts C3 by using the private key and C2 to obtain r2, and then decrypts C1 by using r2, the public parameter k and the public key h of the central server to obtain m.
The method provided by the invention also has the following advantages:
(1) Batch equivalence test: at present, most ciphertext equivalent test algorithms perform equivalent test on two ciphertexts under the condition of being agreed in advance, and cannot perform batch equivalent test on one ciphertext and any other ciphertext. According to the invention, the ciphertext message is audited by using the ciphertext equivalent test method, and on the premise of ensuring the privacy of a user, the central server can audit whether the ciphertext message contains illegal information in batches, judge whether the ciphertext message contains illegal information or not, and can directly carry out related processing on the ciphertext message through a judgment result.
(2) Consistency equivalence test: the consistency between the ciphertext of the test part and the ciphertext of the transmission information part is not considered in the conventional ciphertext equivalent test technology, so that an adversary can obtain the authority passing the verification by forging the test part ciphertext, and the violation information is transmitted. The ciphertext equivalent test crime adopted by the invention considers the consistency of the test ciphertext and the transmission ciphertext, so that an adversary cannot deceptively deceive the central server through forging the test part, thereby achieving the purpose of transmitting the violation information.
The invention also provides a ciphertext transmission system based on the equivalence test, which comprises the following steps:
the sender is used for encrypting plaintext information m according to public key PK= (n, G, G1, e, G and h) of the central server, public parameter k generated by the authority mechanism and public key PK=g2 of the receiver to obtain a sender ciphertext packet; the sender ciphertext packet comprises: the first encrypted ciphertext package C1, the second encrypted ciphertext package C2, the third encrypted ciphertext package C3, the fourth encrypted ciphertext package C4, and the fifth encrypted ciphertext package C5;
C1=m k h r2
C2=g” r2’ ;r2’=H1(r2)
C3=g2 r2’ *r2
C4=H 2 (C1||C2||C3||m||r2)
C5=(s1,s2);s1=g” x modp,s2=(C4-α*s1)x -1 mod(p-1)
wherein r2 and x are random numbers selected by a sender, p is a system parameter output by the sender, alpha is an integer randomly selected by the sender, g 'is a system parameter output by a receiver, g2 is a public key of the receiver, and g2=g'; β
a central server for receiving the second encrypted ciphertext packet C of the authority, c=m k h r1 Receiving a sender ciphertext packet of the sender;
the method is also used for decrypting the first encrypted ciphertext package C1 in the sender ciphertext package to obtain a first decrypted ciphertext; decrypting the second encrypted ciphertext package C to obtain a second decrypted ciphertext;
the method is also used for judging whether the first decryption ciphertext belongs to the second decryption ciphertext, and if so, intercepting the sender ciphertext packet; if not, the sender ciphertext packet is sent to a receiver;
the receiver is used for carrying out signature verification on the fourth encrypted ciphertext package C4 and the fifth encrypted ciphertext package C5 according to the public key of the sender;
the method is further used for decrypting the third encrypted ciphertext package C3 by using a private key beta according to the second encrypted ciphertext package C2 after the signature verification is passed, so as to obtain a random number r2 of a receiver;
and is further configured to decrypt the first encrypted ciphertext packet C1 according to the public parameter k, the parameter h in the public key of the central server, and the random number r2, where there isAnd finally obtains the plaintext message m of the sender.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.

Claims (9)

1. The ciphertext examination method based on the equivalence test is characterized by comprising the following steps of:
acquiring a first encrypted ciphertext packet C1, c1=m formulated by a sender for plaintext information m thereof k h r2 Obtaining a second encrypted ciphertext package C, c=m formulated by the authority for its blacklist of violation information M k h r1 The method comprises the steps of carrying out a first treatment on the surface of the The violation information set m= { M1, M2, M3..the first place; wherein k is a public parameter set by an authority, and h is one parameter of a public key of a central server; r1 is a random number selected by an authority and is used for encrypting the blacklist M together with a public key parameter h of a central server; r2 is a random number selected by a sender and is used for encrypting the plaintext message m together with the public key parameter h of the central server;
decrypting the first encrypted ciphertext packet using the central server private key q1 to obtain a first decrypted ciphertext (m k ) q1 The method comprises the steps of carrying out a first treatment on the surface of the Decrypting the second encrypted ciphertext packet using the central server private key q1 to obtain a second decrypted ciphertext (M k ) q1
Judging the first decrypted ciphertext (m k ) q1 Whether or not it belongs to the second decrypted ciphertext (M k ) q1 If so, intercepting the first encrypted ciphertext packet; and if the first encrypted ciphertext packet does not belong to the encrypted ciphertext packet, transmitting the first encrypted ciphertext packet to a receiver.
2. The ciphertext inspection method of claim 1, wherein the formulating the first encrypted ciphertext packet comprises:
acquiring the public parameter k, and encrypting the plaintext information m according to the public parameter k to obtain a first ciphertext segment m k
Obtaining public keys PK, PK= (n, G, G1, e, G, h) of a central server;
selecting a random number r2, and aiming at the first ciphertext segment m according to the random number r2 and a parameter h k Encrypting to obtain the first encrypted ciphertext packet C1, c1=m k h r2
3. The ciphertext inspection method based on the equivalence test of claim 1 or 2, wherein the formulating of the second encrypted ciphertext packet comprises:
the public parameter k is obtained, and the blacklist M of the violation information is encrypted according to the public parameter k to obtain a second ciphertext segment M k
Obtaining public keys PK, PK= (n, G, G1, e, G, h) of a central server; the method comprises the steps of carrying out a first treatment on the surface of the
Selecting a random number r1, and aiming at the second ciphertext segment M according to the random number r1 and a parameter h k Encrypting to obtain the second encrypted ciphertext packet C, wherein C=M k h r1
4. The ciphertext inspection method based on an equivalence test of claim 3, wherein the obtaining the public key PK of the center server comprises:
acquiring security parameters tau, tau e Z +
Operating G (τ) according to said security parameter τ to obtain tuples (q 1, q2, G1, e);
outputting a public key pk= (n, G1, e, G, h), a private key sk=q1 of the central server according to the tuple (q 1, q2, G1, e); wherein n=q1×q2; a number g is randomly generated and is used for generating a plurality of data,h=u q2
5. the ciphertext inspection method of claim 4, wherein decrypting the first encrypted ciphertext packet to obtain a first decrypted ciphertext comprises:
acquiring a private key SK of a central server, wherein SK=q1;
decrypting the first encrypted ciphertext package C1 according to the private key SK to obtain a first decrypted ciphertext C1 q1
C1 q1 =(m k h r2 ) q1 =(m k ) q1
6. The ciphertext inspection method of claim 5, wherein decrypting the second encrypted ciphertext packet to obtain a second decrypted ciphertext comprises:
acquiring a private key SK of a central server, wherein SK=q1;
for the second encrypted ciphertext package c=m according to the private key SK k h r1 Decrypting to obtain a second decrypted ciphertext C q1
C q1 =(M k h r1 ) q1 =(M k ) q1 ={(m1 k ) q1 ,(m2 k ) q1 ,(m3 k ) q1 ,......} 1
7. The ciphertext inspection method of claim 6, wherein the determining whether the first decrypted ciphertext belongs to the second decrypted ciphertext, and if so, intercepting the first encrypted ciphertext packet comprises:
if the plaintext information M belongs to the blacklist M of the offending information, there is (M k ) q1 ∈(M k ) q1 I.e. (m) k ) q1 And (M) k ) q1 If the values of the information are equal, m is the violation information, and the information is intercepted.
8. Ciphertext examination device based on equivalence test, characterized by comprising:
an acquisition unit for acquiring a first encrypted ciphertext packet C1, c1=m formulated by a sender for its plaintext information m k h r2 Obtaining a second encrypted ciphertext package C, c=m formulated by the authority for its blacklist of violation information M k h r1 The method comprises the steps of carrying out a first treatment on the surface of the The violation information set m= { M1, M2, M3..the first place; wherein k is a public parameter set by an authority, and h is one parameter of a public key of a central server; r1 is a random number selected by an authority and is used for encrypting the blacklist M together with a public key parameter h of a central server; r2 is a random number selected by a sender and is used for encrypting the plaintext message m together with the public key parameter h of the central server;
a decryption unit that decrypts the first encrypted ciphertext packet using a center server private key q1 to obtain a first decrypted ciphertext (m k ) q1 The method comprises the steps of carrying out a first treatment on the surface of the Decrypting the second encrypted ciphertext packet using the central server private key q1 to obtain a second decrypted ciphertext (M k ) q1
A judging unit for judging whether the first decrypted ciphertext (m k ) q1 Whether or not it belongs to the second decrypted ciphertext (M k ) q1 If so, intercepting the first encrypted ciphertext packet; and if the first encrypted ciphertext packet does not belong to the encrypted ciphertext packet, transmitting the first encrypted ciphertext packet to a receiver.
9. A ciphertext transmission system based on equivalence testing, comprising:
the sender is used for encrypting plaintext information m according to public key PK= (n, G, G1, e, G and h) of the central server, public parameter k generated by the authority mechanism and public key PK=g2 of the receiver to obtain a sender ciphertext packet; the sender ciphertext packet comprises: the first encrypted ciphertext package C1, the second encrypted ciphertext package C2, the third encrypted ciphertext package C3, the fourth encrypted ciphertext package C4, and the fifth encrypted ciphertext package C5;
C1=m k h r2
C2=g” r2’ ;r2’=H1(r2)
C3=g2 r2’ *r2
C4=H 2 (C1||C2||C3||m||r2)
C5=(s1,s2);s1=g” x modp,s2=(C4-α*s1)x -1 mod(p-1)
wherein r2 and x are random numbers selected by a sender, p is a system parameter output by the sender, alpha is an integer randomly selected by the sender, g 'is a system parameter output by a receiver, g2 is a public key of the receiver, and g2=g'; β
a central server for receiving the second encrypted ciphertext packet C of the authority, c=m k h r1 Receiving a sender ciphertext packet of the sender;
the method is also used for decrypting the first encrypted ciphertext package C1 in the sender ciphertext package to obtain a first decrypted ciphertext; decrypting the second encrypted ciphertext package C to obtain a second decrypted ciphertext;
the method is also used for judging whether the first decryption ciphertext belongs to the second decryption ciphertext, and if so, intercepting the sender ciphertext packet; if not, the sender ciphertext packet is sent to a receiver;
the receiver is used for carrying out signature verification on the fourth encrypted ciphertext package C4 and the fifth encrypted ciphertext package C5 according to the public key of the sender;
the method is further used for decrypting the third encrypted ciphertext package C3 by using a private key beta according to the second encrypted ciphertext package C2 after the signature verification is passed, so as to obtain a random number r2 of a receiver;
and is further configured to decrypt the first encrypted ciphertext packet C1 according to the public parameter k, the parameter h in the public key of the central server, and the random number r2, where there isAnd finally obtains the plaintext message m of the sender.
CN202310845033.5A 2023-07-11 2023-07-11 Ciphertext examination method, device and system based on equivalence test Pending CN116707798A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310845033.5A CN116707798A (en) 2023-07-11 2023-07-11 Ciphertext examination method, device and system based on equivalence test

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310845033.5A CN116707798A (en) 2023-07-11 2023-07-11 Ciphertext examination method, device and system based on equivalence test

Publications (1)

Publication Number Publication Date
CN116707798A true CN116707798A (en) 2023-09-05

Family

ID=87845193

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310845033.5A Pending CN116707798A (en) 2023-07-11 2023-07-11 Ciphertext examination method, device and system based on equivalence test

Country Status (1)

Country Link
CN (1) CN116707798A (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170019261A1 (en) * 2015-07-13 2017-01-19 Fujitsu Limited Relational encryption for password verification
CN107733870A (en) * 2017-09-14 2018-02-23 北京航空航天大学 Can be audited accountable anonymity message sink system and method
CN109902501A (en) * 2019-03-19 2019-06-18 中国海洋大学 A kind of structuring encryption method and system carrying out equality test based on cloud service platform
CN111786786A (en) * 2020-07-27 2020-10-16 国网河南省电力公司郑州供电公司 Agent re-encryption method and system supporting equation judgment in cloud computing environment
CN115473703A (en) * 2022-08-24 2022-12-13 华南农业大学 Identity-based ciphertext equivalence testing method, device, system and medium for authentication
CN115473715A (en) * 2022-09-05 2022-12-13 华南农业大学 Forward security ciphertext equivalence test public key encryption method, device, system and medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20170019261A1 (en) * 2015-07-13 2017-01-19 Fujitsu Limited Relational encryption for password verification
CN107733870A (en) * 2017-09-14 2018-02-23 北京航空航天大学 Can be audited accountable anonymity message sink system and method
CN109902501A (en) * 2019-03-19 2019-06-18 中国海洋大学 A kind of structuring encryption method and system carrying out equality test based on cloud service platform
CN111786786A (en) * 2020-07-27 2020-10-16 国网河南省电力公司郑州供电公司 Agent re-encryption method and system supporting equation judgment in cloud computing environment
CN115473703A (en) * 2022-08-24 2022-12-13 华南农业大学 Identity-based ciphertext equivalence testing method, device, system and medium for authentication
CN115473715A (en) * 2022-09-05 2022-12-13 华南农业大学 Forward security ciphertext equivalence test public key encryption method, device, system and medium

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
WILLY SUSILO ET AL.: "PKE-MET: Public-Key Encryption With Multi-Ciphertext Equality Test in Cloud Computing", IEEE TRANSACTIONS ON CLOUD COMPUTING, vol. 10, no. 2, 27 April 2020 (2020-04-27) *
姚莉沙等: "物联网中基于属性加密与相等性测试", 微电子学与计算机, no. 06, 5 June 2019 (2019-06-05) *
张琦等: "云计算中支持授权相等测试的基于身份加密方案", 信息网络安全, no. 06, 10 June 2018 (2018-06-10) *

Similar Documents

Publication Publication Date Title
US10728028B2 (en) Transmitter for encoding information with randomly flipped bits and transmitting that information through a communications channel
JP4550736B2 (en) Secure communication
JP4639084B2 (en) Encryption method and encryption apparatus for secure authentication
US11914754B2 (en) Cryptographic method for verifying data
Alomair et al. Efficient authentication for mobile and pervasive computing
CN107306181B (en) Authentication system and encryption and verification method and device of authentication information thereof
CN107094108A (en) The method for being connected to the part of data/address bus and encryption function being realized in the part
WO2018085771A1 (en) Transmitter for encoding information with randomly flipped bits and transmitting that information through a communications channel
Kolesnikov et al. On the limits of privacy provided by order-preserving encryption
US11956367B2 (en) Cryptographic method for verifying data
CN115348006B (en) Post-quantum security access control encryption and decryption method, device and system
Diovu et al. Enhancing the security of a cloud‐based smart grid AMI network by leveraging on the features of quantum key distribution
JP2003188874A (en) System for secure data transmission
CN115396115A (en) Block chain data privacy protection method, device, equipment and readable storage medium
CN1241353C (en) Auto-recoverable auto-certifiable cryptosystems
CN116707798A (en) Ciphertext examination method, device and system based on equivalence test
Rasmussen et al. Weak and strong deniable authenticated encryption: on their relationship and applications
CN110572257B (en) Identity-based data source identification method and system
Libed et al. Enhancing MD5 Collision Susceptibility
CN117454437B (en) Transaction processing method, storage medium and electronic device
Albrecht et al. Device-oriented group messaging: a formal cryptographic analysis of matrix’core
CN115277171B (en) Data circulation control method based on cleanable attribute encryption in cloud environment
Rasmussen On the Relationship Between Weak and Strong Deniable Authenticated Encryption
Wang et al. CPPABK: conditional privacy-preserving authentication scheme for VANETs based on the key derivation algorithm
Khaleel et al. A Framework for QKD-based Electronic Voting

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination