CN116886410A - Anonymous messaging method, system, message receiving device and storage medium - Google Patents

Anonymous messaging method, system, message receiving device and storage medium Download PDF

Info

Publication number
CN116886410A
CN116886410A CN202310990937.7A CN202310990937A CN116886410A CN 116886410 A CN116886410 A CN 116886410A CN 202310990937 A CN202310990937 A CN 202310990937A CN 116886410 A CN116886410 A CN 116886410A
Authority
CN
China
Prior art keywords
message
private key
received
verification
calculation data
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310990937.7A
Other languages
Chinese (zh)
Inventor
徐旸
谭江浩
陈湛
张程
孙鹏
刘璇
罗娟
张尧学
陈键博
薛宇航
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Changsha Shangliantong Information Technology Co ltd
Hunan University
Original Assignee
Changsha Shangliantong Information Technology Co ltd
Hunan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Changsha Shangliantong Information Technology Co ltd, Hunan University filed Critical Changsha Shangliantong Information Technology Co ltd
Priority to CN202310990937.7A priority Critical patent/CN116886410A/en
Publication of CN116886410A publication Critical patent/CN116886410A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/42Anonymization, e.g. involving pseudonyms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application relates to the technical field of information security, and provides an anonymous message transfer method, an anonymous message transfer system, a message receiving device and a storage medium, wherein the anonymous message transfer method, the anonymous message transfer system, the message receiving device and the storage medium are applied to the message receiving device and comprise the following steps: sending a detection private key to the cloud server, retrieving a corresponding message to be received by the cloud server based on the detection private key to obtain a message set and returning the message set; the method comprises the steps that a detection private key comprises at least one private key component of a private key of a message receiving device, and the number of the private key components determines the false positive rate of a message set; generating blind calculation data and verification calculation data of each message to be received respectively based on the private key, sending the blind calculation data and the verification calculation data to the cloud server, calculating the blind calculation data and the verification calculation data by the cloud server to obtain a blind calculation result and a verification calculation result, and returning the blind calculation result and the verification calculation result; when the verification calculation result is determined to be correct, false positive messages to be received are eliminated from the message set based on the blind calculation result, and real messages to be received are obtained, so that the communication overhead of the message receiving equipment can be reduced.

Description

Anonymous messaging method, system, message receiving device and storage medium
Technical Field
The application belongs to the technical field of information security, and particularly relates to an anonymous message transfer method, an anonymous message transfer system, message receiving equipment and a storage medium.
Background
Anonymous communication technology can achieve the aims of anonymous communication and privacy protection through complex cryptographic primitives or adding large-scale confusion traffic. Compared with the proposal of new cryptographic primitives to reduce computational overhead, the use of new schemes to reduce communication overhead is more feasible, and for the problem of relatively large communication overhead, a scheme called Fuzzy Message Detection (FMD) is proposed in (Beck G, len J, miers I, et al Fuzz Message Detection [ C ]// Computer and Communications Security. ACM, 2021.). This scheme allows the receiver to generate a specific detection key that can identify messages with a certain false positive rate. However, in the FMD scheme, the receiver only sends part of the content of the private key to the server for outsourcing search, so that the number of messages to be searched by the receiver is reduced to a certain extent, but the correctness of the false positive messages still needs to be verified by the receiver, and all the false positive messages still need to be acquired in the verification process of the receiver, so that the communication overhead is still large.
Disclosure of Invention
In view of the foregoing, it is desirable to provide an anonymous messaging method, system, message receiving device, and storage medium capable of reducing the overhead of a recipient communication t.
The application provides an anonymous message transfer method, which comprises the following steps:
sending a detection private key to a cloud server, retrieving a corresponding message to be received by the cloud server based on the detection private key to obtain a message set and returning the message set; wherein the detection private key comprises at least one private key component of the private key of the message receiving device, and the number of the private key components determines the false positive rate of the message set;
generating blind calculation data and verification calculation data of each message to be received respectively based on the private key, sending the blind calculation data and the verification calculation data to the cloud server, calculating the blind calculation data and the verification calculation data by the cloud server to obtain a blind calculation result and a verification calculation result, and returning the blind calculation result and the verification calculation result;
and when the verification calculation result is determined to be correct, eliminating false positive messages to be received from the message set based on the blinding calculation result, and obtaining real messages to be received.
In one embodiment, the generating the blinded calculation data and the verification calculation data of each message to be received based on the private key includes:
generating blinding calculation data by blinding the private key and the message to be received by using a blinding factor, and taking the r power of the blinding calculation data as corresponding verification calculation data;
the generation formula of the blinding calculation data is as follows:
wherein alpha is i (1.ltoreq.i.ltoreq.m) is m private key components of the private key corresponding to the message receiving apparatus, m=γ -n, γ beingThe total component length of the private key, n is the component length of the detected private key; u (u) i (1 is more than or equal to i is more than or equal to m) is a message zone bit of a message to be received returned by the cloud server; the right side is the expression of the base of the multiple exponentials after blinding and the exponent, g is the generator of the cyclic group to which each private key component of the private key belongs, and w i (1≤i≤m)、x i (1≤i≤m)、k 3 、h 1 、y 1 、t 1 Is a random number generated during the blinding process.
In one embodiment, the removing the false positive message to be received from the message set based on the blinding calculation result, to obtain the true message to be received includes:
comparing whether the blinded calculation result corresponding to the message to be received is equal to the verification bit;
if not, the message to be received is a false positive message to be received; and if the messages are equal, the messages to be received are real messages to be received.
In one embodiment, the verification bit of the message to be received is bound with the message to be received after being calculated by the message sending device based on the public key of the message receiving device; the calculation formula of the verification bit F is as follows:
F=pk 1 r1 pk 2 r1 …pk m r1
wherein pk is i (1.ltoreq.i.ltoreq.m) are m public key components of the public key corresponding to the message receiving apparatus, and r1 is a random number used by the message sending apparatus for encrypting the message to be received.
In one embodiment, the method further comprises: and when the verification calculation result is determined to be incorrect, regenerating blind calculation data and verification calculation data corresponding to the message to be received, and sending the blind calculation data and the verification calculation data to the cloud server for verifiable outsourcing calculation.
An anonymous messaging method applied to a cloud server, comprising the following steps:
receiving a detection private key sent by message receiving equipment; wherein the detected private key comprises at least one private key component of a private key corresponding to the message receiving device;
retrieving the message to be received corresponding to the message receiving equipment based on the detection private key to obtain a message set; the false positive rate of the message set is determined by the number of private key components in the detected private key;
returning the message set to the message receiving equipment, and respectively generating blind calculation data and verification calculation data of each message to be received by the message receiving equipment based on the private key;
calculating based on the blinding calculation data and the verification calculation data to obtain a blinding calculation result and a verification calculation result;
and sending the blinding calculation result and the verification calculation result to the message receiving device, and when the message receiving device determines that the verification calculation result is correct, removing false positive messages to be received from the message set by the message receiving device based on the blinding calculation result to obtain real messages to be received.
In one embodiment, the retrieving the message to be received corresponding to the message receiving device based on the detection private key to obtain the message set includes:
fuzzy message detection is carried out in the encrypted message broadcast by the message sending equipment based on the detection private key, so that a message to be received corresponding to the message receiving equipment is obtained to form a message set; wherein the encrypted message is encrypted by the message sending device using the public key of the message receiving device.
An anonymous messaging system, comprising: message sending equipment, message receiving equipment and cloud servers;
the message sending equipment broadcasts an encrypted message to be received to the cloud server;
the message receiving equipment sends a detection private key to a cloud server; wherein the detection private key comprises at least one private key component of the message receiving device private key;
the cloud server retrieves the message to be received corresponding to the message receiving device from all the messages to be received based on the detection private key to obtain a message set, and returns the message set to the message receiving device; the false positive rate of the message set is determined by the number of private key components;
the message receiving equipment respectively generates blind calculation data and verification calculation data of each message to be received based on the private key and sends the blind calculation data and the verification calculation data to the cloud server;
the cloud server calculates the blinding calculation data and the verification calculation data to obtain blinding calculation results and verification calculation results and returns the blinding calculation results and the verification calculation results to the message receiving equipment;
and when the message receiving equipment determines that the verification calculation result is correct, eliminating false positive messages to be received from the message set based on the blinding calculation result, and obtaining real messages to be received.
The application also provides a message receiving device comprising a processor and a memory storing a computer program, the processor implementing the steps of any of the anonymous messaging methods described above when executing the computer program.
The application also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor implements the steps of the anonymous messaging method of any of the above.
According to the anonymous message transfer method, the anonymous message transfer system, the message receiving device and the storage medium, the message receiving device outsources the real and false positive computing work of each message in the verification message set to the cloud server of the third party through the outsourcing computing scheme, and the message receiving device verifies and identifies the computing result of the cloud server and discards the false positive messages which cannot be distinguished by the cloud server, so that communication expenditure of the message receiving device is reduced by outsourcing a large amount of computing.
Drawings
FIG. 1 is a schematic diagram of an anonymous messaging system in one embodiment;
FIG. 2 is a flow diagram of a method of anonymous messaging in one embodiment;
FIG. 3 is a graph of receiver computation time for different message totals in a simulation experiment, in one embodiment;
FIG. 4 is a graph of receiver computation time at different false positive rates in a simulation experiment in one embodiment;
FIG. 5 is a graph of receiver computation time consumption for different message sizes versus the number of real messages in a simulation experiment, in one embodiment.
Detailed Description
The present application will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present application more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the application.
The embodiment of the application provides an anonymous message transfer method, which is applied to message receiving equipment. The method will be described below taking a message receiving apparatus as an example.
Specifically, the message receiving device sends a detection private key DSK to the cloud server, and the cloud server retrieves the corresponding message to be received based on the detection private key DSK to obtain a message set and returns the message set. Wherein the detection private key DSK includes at least one private key component of the private key sk of the message receiving device, and the number of the private key components determines a false positive rate of the message set. Then, the message receiving device generates blind calculation data and verification calculation data of each message to be received based on the private key sk respectively, sends the blind calculation data and the verification calculation data to the cloud server, and the cloud server calculates the blind calculation data and the verification calculation data to obtain a blind calculation result and a verification calculation result and returns the blind calculation result and the verification calculation result. And finally, when the message receiving equipment determines that the verification calculation result is correct, eliminating false positive messages to be received from the message set based on the blind calculation result, and obtaining the real messages to be received.
Therefore, the message receiving device in the embodiment of the application outsources the real and false positive computing work of each message in the verification message set to the cloud server of the third party through the outsourcing computing scheme, and the message receiving device verifies and identifies the computing result of the cloud server and discards the false positive messages which cannot be distinguished by the cloud server, so that the communication expense of the message receiving device is reduced by outsourcing a large amount of computation.
As shown in fig. 1, a schematic diagram of an anonymous messaging system is provided. The system includes a message sending device 101, a message receiving device 102, and a cloud server 103.
The message sending device 101 and the message receiving device 102 are communicated with the cloud server 103, so that information and data interaction is realized. The message sending device 101 is the sender S of the message, characterizing the party sending the message. Message receiving device 102 is the recipient R of the message and characterizes the party receiving the message.
It should be appreciated that the sender S and the receiver R may have their roles for the same message, for different messages, or any one of them.
As shown in fig. 2, a flow chart of an anonymous messaging method is provided. Hereinafter, the anonymous messaging method shown in fig. 2 will be described with reference to the anonymous messaging system shown in fig. 1, and the anonymous messaging method provided by the embodiment of the present application includes steps S201 to S207.
S201, the message sending device 101 encrypts the message to be sent to the message receiving device 102, and broadcasts the encrypted message to be received to the cloud server 103.
Wherein the message sending device 101 encrypts the message using an asymmetric encryption algorithm using the public key published by the message receiving device 102. Public key pk FMD The functional expression of (2) is:
pk FMD =(pk 1 ,……,pk γ )
wherein pk is 1 ~pk γ Is the total of the gamma components in the public key of the receiver R.
In some embodiments, in order to achieve the purpose that no party other than the intended message receiving device 102 can know which public key is used for encrypting the message, that is, who the receiver of the message is, the message receiving device 102 generates the public key and the private key by using the ElGamal public key encryption algorithm, and then the message sending device 101 encrypts the message to be encrypted by using the public key generated by the message receiving device 102 to generate the mark ciphertext, that is, the message to be received in the embodiment of the application, so that the purpose of anonymity of the receiver can be achieved.
In addition, the message sending device 101 may submit and store the unencrypted plaintext message in the storage server side SSP and obtain the address tag returned by the storage server side SSP. The address tag is cryptographically attached to the content broadcast to the cloud server 103. The storage service side SSP comprises a plurality of storage nodes, and each storage node is a storage position. Subsequently, after the message receiving device 102 obtains the actual message to be received, the corresponding plaintext message may be obtained from the storage server SSP through the decryption address tag.
S202, the message receiving apparatus 102 transmits the detection private key DSK to the cloud server 103.
The detection private key DSK is used to instruct the cloud server 103 to perform message retrieval, which can be understood as that the message receiving device 102 sends a retrieval request carrying the detection private key DSK to the cloud server 103. Wherein the detection private key DSK is generated by the message receiving device 102 based on its own private key. The functional expression for the detection key DSK is:
(sk 1 ,……,sk n )→DSK
in the above description, →represents the encryption process, sk 1 ~sk n For n components of all gamma components of the private key sk of the receiver R, i.e. 0.ltoreq.n.ltoreq.gamma, so that the detection key DSK is relative to the public key pk of the receiver R FMD A more weakened detection condition is included so that the cloud server 103 generates a message set including a true message to be received and a false positive message to be received when performing a message retrieval task based on the detection key DSK. That is, the false positive rate of messages in the message set is determined by the number of private key components included in the detected private key DSK. The expression of the calculation function of the false positive rate is as follows:
p=2 -n (0≤n≤γ)
in the above formula, p represents the false positive rate, n is the number of private key components of the detection key DSK, and γ is the number of components in the public key and the private key of the receiver R, i.e., the total number of components in the receiver key. The number of components of the detection key DSK and the number of components in the public and private keys of the receiver R may be determined according to the total number of messages, the number of users and the expected traffic of the receiver in the actual use process.
By calculating the false positive rate p as described above, a trade-off between privacy and efficiency can be achieved. Because the false positive rate directly influences the number of false positive messages required to be retrieved by the receiver R, but cannot be selected to be smaller, the privacy leakage is caused, and therefore, the high efficiency and the high privacy of the message detection can be ensured by selecting the proper false positive rate.
In some embodiments, the message receiving device 102 may send the matching condition of the message retrieval together while sending the detection private key DSK to the cloud server 103. The matching condition may include at least one constraint condition of a message retrieval range and a retrieval time, and the retrieval range or the retrieval time may be limited by the matching condition. In addition, the timestamp may be transmitted together with the signature of the receiver R along with the detection of the private key DSK.
S203, the cloud server 103 retrieves the message to be received corresponding to the message receiving device 102 from the messages to be received based on the detection private key DSK to obtain a message set, and returns the message set to the message receiving device 102.
Specifically, after receiving the detection private key DSK of the message receiving apparatus 102, the cloud server 103 performs a message retrieval task in response to the request. The cloud server 103 retrieves a message to be received, which may belong to the device to be received 102, from among messages to be received broadcast to the cloud server 103 by the respective message transmitting devices 101 based on the detection private key DSK, and constructs a message set to be returned to the message receiving device 102.
Since the detection private key DSK only includes the private key component of the private key part of the receiver R, the message set may include a true message to be received and a certain false positive message to be received. The false positive rate is determined by the number of private key components included in the detected private key DSK.
In some embodiments, the cloud server 103 may generate a message set composed of a true message to be received and a false positive message to be received based on the detection private key DSK retrieval by the fuzzy detection method FMD.
S204, the message receiving device 102 generates blinded calculation data and verification calculation data of each message to be received based on the private key, and sends them to the cloud server 103.
S205, the cloud server 103 calculates the blinded calculation data and the verification calculation data to obtain a blinded calculation result and a verification calculation result, and returns the blinded calculation result and the verification calculation result to the message receiving apparatus 102.
Specifically, after the message receiving device 102 receives the message set, based on the idea of verifiable outsourcing technology (Verifiable Outsourcing), the outsourcing calculation is performed by using a cloud server. Wherein verifiable outsourcing refers to the fact that in the process of outsourcing computing tasks or data to a third party service provider (Outsourcing Provider), a customer can verify the computing process or data operation performed by the service provider through a certain mechanism, so as to ensure that the behavior of the service provider meets the requirements and expectations of the customer. The core idea is to guarantee the correctness and safety of the computing process and the data operation by constructing some verification mechanisms. Through the verification mechanism, the client can verify the calculation process and the data operation executed by the service provider, so that the behavior of the service provider meets the requirements and the expectations of the client, and the data privacy and the security are ensured.
Based on this, the message receiving apparatus 102 generates corresponding blinded calculation data and verification calculation data for each message to be received in the message set based on its own private key, and transmits them to the cloud server 103.
The blinded calculation data is calculation data which is outsourced to the cloud server 103 for calculation after blinding. The verification calculation data is calculation data which is sent to the cloud server 103 after blinding to calculate and is used for verifying whether the outsourcing calculation of the cloud server 103 is accurate or not. The blind calculation data and the verification calculation data already comprise specific calculation tasks and calculation modes, so the cloud server 103 can directly calculate by receiving the blind calculation data and the verification calculation data. Therefore, the cloud server 103 directly performs calculation based on the received blinded calculation data and verification calculation data, and obtains a blinded calculation result and a verification calculation result, respectively. Then, the cloud server 103 returns the blinded calculation result and the verification calculation result to the message receiving apparatus 102.
In some embodiments, generating blind calculation data and verification calculation data for each message to be received based on the private key in S204 includes: and generating blinding calculation data by using the blinding factor to the blinding processing private key and the message to be received, and taking the r power of the blinding calculation data as corresponding verification calculation data.
Specifically, the data blinding process can be implemented by a blind factor pair, and the form of the blind factor pair is (k, g) k mod p). Where p is a large prime number, k is a random number within p, g is the generator of the cyclic group to which each component of the private key belongs, the blind factor pair is generated with the aim that g cannot be deduced from k, p and g k Results of mod p. The look-up table approach is currently available, i.e. a pair of randomly independent blind factors is calculated by a trusted server and then loaded into the memory of the message receiving device 102. Another approach is for the message receiving device 102 to calculate by an algorithm, which is currently more commonly used for blind factor pair generation using EBPV generation algorithms.
The generation formula of the blinding calculation data is as follows:
wherein alpha is i (1.ltoreq.i.ltoreq.m) is m private key components of the corresponding private key sk of the message receiving apparatus 102, m=γ -n, γ being the total component length of the private key, n being the component length of the detected private key; u (u) i (1 is less than or equal to i is less than or equal to m) is a message flag bit of a message to be received returned by the cloud server 103; the right side is the expression of the base of the multiple exponentials after blinding and the exponent, g is the generator of the cyclic group to which each private key component of the private key belongs, and w i (1≤i≤m)、x i (1≤i≤m)、k 3 、h 1 、y 1 、t 1 Is a random number generated during the blinding process. The subscript number of the random number k indicates the number of blind factor pairs, and 3 indicates that 3 blind factor pairs are generated.
The embodiment of the application is realized by the r power of the verification data of outsourcing calculation. That is, the specific numerical value of verification is the actual calculation value to the power r, that is, the r power of the blinded calculation data is taken as the corresponding verification calculation data. Taking the data before blinding as an example, the expression for verifying the calculated data is as follows:
the left side is a value to be calculated before blinding (calculation data before blinding), and the right side is a value to be used for verification before blinding (verification calculation data before blinding). It follows that the specific value verified is the actual calculated value to the power r.
The numerical values calculated on the left side and the right side of the method are all modulo results, the outsourcing calculation results on the two sides are equal according to the nature of modulo operation, and the conclusion is used for the message receiving equipment to verify the correctness of the calculation results of the cloud server. Furthermore, when the message receiving end verifies that the calculation result of the cloud server is correct through verifying the calculation data, false positive messages to be received can be removed from the message set based on the blind calculation result, and the true messages to be received can be obtained. When the message receiving end verifies that the calculation result of the cloud server is incorrect through the verification calculation data, the message receiving end regenerates the blind calculation data of the message to be received and sends the verification calculation data to the cloud server to perform verifiable outsourcing calculation on the message to be received again.
It can be seen that, since the calculation results in the outsourcing process are all the results after the modulo operation, the security relied on by the outsourcing calculation comes from the difficulty in deducing the original data by modulus, especially when the original data is split into several parts containing the random number which is only mastered by the user. Thus, in the case where the message receiving device 102 and the cloud server 103 properly execute the protocol, the computing task can be properly and securely outsourced.
S206, the message receiving apparatus 102 determines whether the verification calculation result is correct, and when the message receiving apparatus 102 determines that the verification calculation result is correct, it proceeds to S207. When the message receiving apparatus 102 determines that the verification calculation result is incorrect, it returns to S204.
S207, eliminating false positive messages to be received from the message set based on the blinding calculation result, and obtaining real messages to be received.
Specifically, after verifying that the outsourcing calculation of the cloud server 103 is correct, the message receiving device 102 can retrieve the true message to be received from the message set through the blind calculation result, thereby eliminating the false positive message to be received. Whether the verification calculation result is correct or not can be calculated by the message receiving device 102, that is, if the result calculated by the message receiving device 102 is equal to the verification calculation result returned by the cloud server 103, the verification calculation result is correct, otherwise, the verification calculation result is incorrect.
In some embodiments, verifying a true message to be received from the message set may be accomplished by verification bit F calculated by the messaging device 101. That is, S207 may include: the message receiving device 102 compares whether the blind calculation result corresponding to the message to be received is equal to the verification bit; if not, the message to be received is a false positive message to be received; if the messages are equal, the messages to be received are real messages to be received.
The calculation formula of the verification bit F is as follows:
F=pk 1 r1 pk 2 r1 …pk m r1
pk i (1. Ltoreq.i.ltoreq.m) is m public key components of the public key corresponding to the message receiving apparatus 102, r1 is a random number used by the message transmitting apparatus 101 to encrypt the message to be received, and the relation with the message flag bit u is g r1 =u。
The public key and private key calculation equation of the message receiving device 102 is pk=g ɑ Further, f=pk can be combined by a variant of the equation 1 r1 pk 2 r1 …pk m r1 Conversion intoThat is, the receiver R is according to +.>And verifying whether the message to be received belongs to the user or not, thereby obtaining the real message to be received. The verification bit F is a value that the sender S needs to calculate when sending the message, and is calculated using the public key of the receiver R to obtain the verification bit F, and then sent to the cloud server 103 together with the message binding. And when the receiving party R obtains the accurate blind calculation result of the outsourcing calculation of the cloud server 103, the receiving party R can verify whether the message belongs to the receiving party R or not through the verification bit F returned by the cloud server 103.
As can be seen, the cloud server 103 is an executor of message retrieval and outsourcing calculation, and when the cloud server 103 receives a retrieval request of a message from the message receiving device 102, it decrypts the flag ciphertext in all received message information using the detection private key DSK to find a conditional message to be received. The relevant information of these messages is packed into a set of messages, including both real and false positive messages, but the cloud server 103 cannot distinguish between real and false positive messages, since it performs a detection transaction based on the detection key DSK using the existing fuzzy message detection method FMD.
Furthermore, the application uses the outsourcing calculation scheme to outsource all the work of the receiver R detection calculation message to an untrusted third party, namely a cloud server. And the receiver R can verify and identify based on the calculation result of the receiving third party and discard the false positive message which cannot be distinguished by the third party. Thus, the communication overhead of the receiver is reduced by outsourcing a large amount of computation of the receiver.
Meanwhile, the application ensures that the calculation of the cloud server of the untrustworthy third party is correct through the verifiable outsourcing calculation technology, and privacy and safety can be effectively ensured without the trusted third party in the encryption, detection and verification processes of the whole message. The technique can help to significantly reduce the cost of outsourcing computing while solving trust issues between the client and the server. In addition, the efficiency of the whole calculation process can be improved, and the time required for completing tasks is reduced, so that the overall efficiency of the system is improved, and the maintenance cost is reduced.
In some embodiments, after verifying the ownership of the message to be received, if the plaintext message corresponding to the message to be received is stored in the storage service SSP, the message receiving apparatus 102 may go to the storage service SSP to decrypt the message to obtain the message. Based on this, the message receiving apparatus 102 extracts the plaintext message corresponding to the message to be received, including the following steps 1 to 4.
In step 1, the message receiving device 102 extracts an encrypted address tag from the actual message to be received.
In step 2, the message receiving device 102 decrypts the address tag to obtain the original address tag.
In step 3, the message receiving device 102 obtains the ciphertext message corresponding to the message to be received from the storage service SSP according to the original address tag.
In step 4, the message receiving device 102 decrypts the ciphertext message using the private key to obtain the original plaintext message.
Wherein the address tag is obtained when the message sending device 101 sends the plaintext message to the storage service SSP, and is attached to the broadcast content when the message to be encrypted is broadcast to the cloud server 103. Further, the message receiving device may acquire data step by step based on the address tag and decrypt the plaintext message.
In addition, in order to verify the anonymous message transfer method provided by the embodiment of the application, the embodiment of the application adopts a simulation experiment to verify, in particular to evaluate the performance of message detection based on a reference test tool of Python language, and simulate the interaction process of entities in an untrusted network by using the Python.
As shown in fig. 3, when the false positive rate is 3.125% and there are 5000 clients sending messages in the network, the anonymous messaging method provided by the embodiment of the present application requires about 62 seconds to retrieve one of 5000 mails sent by the true recipient, which is about 53% faster than retrieving the true message directly using the FMD scheme. This is because when the number of false positive messages is large, the FMD scheme requires user authentication to process the large number of false positive messages, and the calculation overhead is large compared to the outsourced calculation scheme. Figure 4 shows that the overhead required for detection by the method of the embodiment of the application increases gradually with increasing false positive rate, with a fixed number of messages. Furthermore, the impact of the actual number of messages and message size on time delay can be evaluated in fig. 5. With a more intuitive condition, such as a receiver actually receiving 5 messages, the time delay increases with the size of the message. Meanwhile, the larger the message size is, the more obvious the scheme advantage of using outsourcing calculation is reflected, and under the condition of the message with the size of more than 32KB, the time delay is compared with the FMD scheme to show the obvious advantage. The FMD scheme increases with the increase of the message size, and the computation time of the receiver increases, while the computation time consumption performance of the scheme using outsourcing computation under different message sizes tends to be smooth without excessively rapid growth. While changing the number of messages actually received by the receiver to 10, the real message number in the outsourcing calculation result of the user increases in proportion, namely the calculation overhead in retrieval increases, and the total time delay increases. It can be derived from this that, using the scheme of outsourcing computation, the computational overhead of the receiver is mainly related to the number of messages that actually need to be accepted. In the simulation experiment of the present application, the time delay of detecting and calculating messages under three false alarm rates was tested using the same remaining settings as in the existing fuzzy message detection method FMD, with the total number of messages set to 1000. When the false positive rate is 3.125%, a single message takes 1.047s. When false positive rate is 0.781%, a single message takes 0.957s. When the false positive rate is 0.098%, a single message takes 0.881s. In the scheme of the method of the embodiment of the application, the message detection task and the message calculation task are outsourced to the third-party cloud server, so that the cost of retrieving the message and verifying the message by a user is reduced. In summary, the method of the embodiment of the application can realize an anonymous message transfer method for outsourcing the message detection task and the message calculation task to the third party cloud server, and has the advantages of low communication overhead, safety, reliability and high throughput.
It should be understood that, although the steps in the flowchart of fig. 2 are shown in sequence as indicated by the arrows, the steps are not necessarily performed in sequence as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least a portion of the steps in fig. 2 may include a plurality of steps or stages, which are not necessarily performed at the same time, but may be performed at different times, and the order of the steps or stages is not necessarily sequential, but may be performed in rotation or alternatively with at least a portion of the steps or stages in other steps or other steps.
In one embodiment, a message receiving device, which may be a terminal or a server, is provided that includes a processor, a memory, and a network interface. Wherein the processor of the message receiving device is configured to provide computing and control capabilities. The memory of the message receiving device includes a non-volatile storage medium, an internal memory. The non-volatile storage medium stores an operating system and a computer program. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage media. The database of the message receiving device is used to store data. The network interface of the message receiving device is used for communicating with an external terminal through a network connection. The computer program is executed by a processor to implement a method of anonymously delivering messages. For example, a computer program may be split into one or more modules, one or more modules stored in memory and executed by a processor to perform the present application. One or more modules may be a series of computer program instruction segments capable of performing particular functions to describe the execution of a computer program in a computer device. The processor may be a central processing unit (Central Processing Unit, CPU), other general purpose processors, digital signal processors (Digital Signal Processor, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), off-the-shelf programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, or the like. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like that is a control center of the computer device, connecting various parts of the overall computer device using various interfaces and lines.
The memory may be used to store the computer program and/or modules, and the processor may implement various functions of the message receiving device by running or executing the computer program and/or modules stored in the memory and invoking data stored in the memory. The memory may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application program required for at least one function, and the like; the storage data area may store data created according to the use of the cellular phone, etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as a hard disk, memory, plug-in hard disk, smart Media Card (SMC), secure Digital (SD) Card, flash Card (Flash Card), at least one disk storage device, flash memory device, or other volatile solid-state storage device.
The technical features of the above embodiments may be arbitrarily combined, and all possible combinations of the technical features in the above embodiments are not described for brevity of description, however, as long as there is no contradiction between the combinations of the technical features, they should be considered as the scope of the description.
The above examples illustrate only a few embodiments of the application, which are described in detail and are not to be construed as limiting the scope of the application. It should be noted that it will be apparent to those skilled in the art that several variations and modifications can be made without departing from the spirit of the application, which are all within the scope of the application. Accordingly, the scope of protection of the present application is to be determined by the appended claims.

Claims (10)

1. An anonymous messaging method, applied to a message receiving device, comprising:
sending a detection private key to a cloud server, retrieving a corresponding message to be received by the cloud server based on the detection private key to obtain a message set and returning the message set; wherein the detection private key comprises at least one private key component of the private key of the message receiving device, and the number of the private key components determines the false positive rate of the message set;
generating blind calculation data and verification calculation data of each message to be received respectively based on the private key, sending the blind calculation data and the verification calculation data to the cloud server, calculating the blind calculation data and the verification calculation data by the cloud server to obtain a blind calculation result and a verification calculation result, and returning the blind calculation result and the verification calculation result;
and when the verification calculation result is determined to be correct, eliminating false positive messages to be received from the message set based on the blinding calculation result, and obtaining real messages to be received.
2. The method of claim 1, wherein the generating the blinded calculation data and the validated calculation data for each of the messages to be received based on the private key, respectively, comprises:
generating blinding calculation data by blinding the private key and the message to be received by using a blinding factor, and taking the r power of the blinding calculation data as corresponding verification calculation data;
the generation formula of the blinding calculation data is as follows:
wherein alpha is i (1.ltoreq.i.ltoreq.m) is m private key components of the private key corresponding to the message receiving device, m=γ -n, γ being the total component length of the private key, n being the component length of the detected private key; u (u) i (1 is more than or equal to i is more than or equal to m) is a message zone bit of a message to be received returned by the cloud server; the right side is the expression of the base of the multiple exponentials after blinding and the exponent, g is the generator of the cyclic group to which each private key component of the private key belongs, and w i (1≤i≤m)、x i (1≤i≤m)、k 3 、h 1 、y 1 、t 1 For the follow-up generated in the blinding processNumber of machines.
3. The method of claim 1, wherein the excluding false positive messages to be received from the message set based on the blinded calculation result, to obtain a true message to be received, comprises:
comparing whether the blinded calculation result corresponding to the message to be received is equal to the verification bit;
if not, the message to be received is a false positive message to be received; and if the messages are equal, the messages to be received are real messages to be received.
4. A method according to claim 3, wherein the verification bits of the message to be received are bound to the message to be received after calculation by a message sending device based on the public key of the message receiving device; the calculation formula of the verification bit F is as follows:
F=pk 1 r1 pk 2 r1 …pk m r1
wherein pk is i (1.ltoreq.i.ltoreq.m) are m public key components of the public key corresponding to the message receiving apparatus, and r1 is a random number used by the message sending apparatus for encrypting the message to be received.
5. The method according to claim 1, wherein the method further comprises: and when the verification calculation result is determined to be incorrect, regenerating blind calculation data and verification calculation data corresponding to the message to be received, and sending the blind calculation data and the verification calculation data to the cloud server for verifiable outsourcing calculation.
6. An anonymous messaging method, applied to a cloud server, comprising:
receiving a detection private key sent by message receiving equipment; wherein the detected private key comprises at least one private key component of a private key corresponding to the message receiving device;
retrieving the message to be received corresponding to the message receiving equipment based on the detection private key to obtain a message set; the false positive rate of the message set is determined by the number of private key components in the detected private key;
returning the message set to the message receiving equipment, and respectively generating blind calculation data and verification calculation data of each message to be received by the message receiving equipment based on the private key;
calculating based on the blinding calculation data and the verification calculation data to obtain a blinding calculation result and a verification calculation result;
and sending the blinding calculation result and the verification calculation result to the message receiving device, and when the message receiving device determines that the verification calculation result is correct, removing false positive messages to be received from the message set by the message receiving device based on the blinding calculation result to obtain real messages to be received.
7. The method of claim 6, wherein retrieving the message to be received corresponding to the message receiving device based on the detection private key results in a message set, comprising:
detecting fuzzy messages in the messages to be received, which are broadcast by the message sending equipment, based on the detection private key to obtain messages to be received corresponding to the message receiving equipment to form a message set; wherein the encrypted message is encrypted by the message sending device using the public key of the message receiving device.
8. An anonymous messaging system, comprising: message sending equipment, message receiving equipment and cloud servers;
the message sending equipment broadcasts an encrypted message to be received to the cloud server;
the message receiving equipment sends a detection private key to a cloud server; wherein the detection private key comprises at least one private key component of the message receiving device private key;
the cloud server retrieves the message to be received corresponding to the message receiving device from all the messages to be received based on the detection private key to obtain a message set, and returns the message set to the message receiving device; the false positive rate of the message set is determined by the number of private key components;
the message receiving equipment respectively generates blind calculation data and verification calculation data of each message to be received based on the private key and sends the blind calculation data and the verification calculation data to the cloud server;
the cloud server calculates the blinding calculation data and the verification calculation data to obtain blinding calculation results and verification calculation results and returns the blinding calculation results and the verification calculation results to the message receiving equipment;
and when the message receiving equipment determines that the verification calculation result is correct, eliminating false positive messages to be received from the message set based on the blinding calculation result, and obtaining real messages to be received.
9. A message receiving device comprising a processor and a memory, the memory storing a computer program, characterized in that the processor is adapted to implement the anonymous messaging method of any of claims 1-5 when executing the computer program.
10. A computer readable storage medium having stored thereon a computer program, which when executed by a processor implements the anonymous messaging method of any of claims 1-5.
CN202310990937.7A 2023-08-08 2023-08-08 Anonymous messaging method, system, message receiving device and storage medium Pending CN116886410A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310990937.7A CN116886410A (en) 2023-08-08 2023-08-08 Anonymous messaging method, system, message receiving device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310990937.7A CN116886410A (en) 2023-08-08 2023-08-08 Anonymous messaging method, system, message receiving device and storage medium

Publications (1)

Publication Number Publication Date
CN116886410A true CN116886410A (en) 2023-10-13

Family

ID=88258705

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310990937.7A Pending CN116886410A (en) 2023-08-08 2023-08-08 Anonymous messaging method, system, message receiving device and storage medium

Country Status (1)

Country Link
CN (1) CN116886410A (en)

Similar Documents

Publication Publication Date Title
Liu et al. Efficient and privacy-preserving outsourced calculation of rational numbers
Wang et al. Oruta: Privacy-preserving public auditing for shared data in the cloud
Wang et al. Privacy-preserving public auditing for data storage security in cloud computing
US11374975B2 (en) TLS integration of post quantum cryptographic algorithms
US9374222B2 (en) Secure communication of data between devices
US11463242B2 (en) Padding oracle elimination in RSA encryption
CN115580396B (en) Tight trace query system and method
US9230114B1 (en) Remote verification of file protections for cloud data storage
CN111404952B (en) Transformer substation data encryption transmission method and device, computer equipment and storage medium
WO2014030706A1 (en) Encrypted database system, client device and server, method and program for adding encrypted data
CN107852324B (en) Method for encrypting messages and encryption node
CN117155615A (en) Data encryption transmission method, system, electronic equipment and storage medium
Bay et al. Multi-party private set intersection protocols for practical applications
JP2019519176A (en) KEY MANAGEMENT SYSTEM AND METHOD
Takeshita et al. TERSE: tiny encryptions and really speedy execution for post-quantum private stream aggregation
JP6294882B2 (en) Key storage device, key storage method, and program thereof
US8862893B2 (en) Techniques for performing symmetric cryptography
Abo-Alian et al. Auditing-as-a-service for cloud storage
Wang et al. DPP: Data Privacy-Preserving for Cloud Computing based on Homomorphic Encryption
Kumar et al. Hash based approach for providing privacy and integrity in cloud data storage using digital signatures
CN112637233B (en) Safe averaging method based on multi-user data
CN116886410A (en) Anonymous messaging method, system, message receiving device and storage medium
US10797866B1 (en) System and method for enforcement of correctness of inputs of multi-party computations
Sedighi et al. T-pki for anonymous attestation in tpm
Kumar et al. Hash Function Based Keyword Searchable Encryption Framework in Cloud Server Using MD5 and MECC

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination