CN116992464A - Wild card searchable encryption method and system supporting dynamic update - Google Patents

Wild card searchable encryption method and system supporting dynamic update Download PDF

Info

Publication number
CN116992464A
CN116992464A CN202310864133.2A CN202310864133A CN116992464A CN 116992464 A CN116992464 A CN 116992464A CN 202310864133 A CN202310864133 A CN 202310864133A CN 116992464 A CN116992464 A CN 116992464A
Authority
CN
China
Prior art keywords
attribute
keyword
search
value
public key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202310864133.2A
Other languages
Chinese (zh)
Inventor
陈礼青
许士国
陈晓兵
邱军林
王文豪
张萌
黎嘉怡
郭瑶
董霞
陈诗雨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huaiyin Institute of Technology
Original Assignee
Huaiyin Institute of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huaiyin Institute of Technology filed Critical Huaiyin Institute of Technology
Priority to CN202310864133.2A priority Critical patent/CN116992464A/en
Publication of CN116992464A publication Critical patent/CN116992464A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • H04L9/3033Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters details relating to pseudo-prime or prime number generation, e.g. primality test
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3066Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
    • H04L9/3073Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves involving pairings, e.g. identity based encryption [IBE], bilinear mappings or bilinear pairings, e.g. Weil or Tate pairing

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Health & Medical Sciences (AREA)
  • Pure & Applied Mathematics (AREA)
  • Algebra (AREA)
  • Power Engineering (AREA)
  • Mathematical Analysis (AREA)
  • Mathematical Physics (AREA)
  • Mathematical Optimization (AREA)
  • Databases & Information Systems (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a wildcard character searchable encryption method and a system supporting dynamic update, which convert wildcard character search into range search and fuzzy search by encoding keywords and encrypting the sequences in a preserving manner; a verifiable database VDB containing ciphertext files and file indexes is constructed and stored in the CSS, and a data owner can interact with the CSS to complete dynamic updating of user attributes, keywords and ciphertext; the data user performs interactive verification with the CSS, and the data user who obtains attribute authentication can obtain a plaintext file by uploading a search trapdoor and returning the plaintext file from the CSS. The invention not only supports the data user to search the keywords in a wild card mode, but also supports the data owner to dynamically update the keywords, the user attributes and the ciphertext.

Description

Wild card searchable encryption method and system supporting dynamic update
Technical Field
The invention relates to a wildcard searchable encryption scheme, in particular to a wildcard searchable encryption method and system supporting dynamic update.
Background
In order to protect the privacy of user data, plaintext is generally encrypted and then is packaged to a cloud server, and the problem of difficulty in searching encrypted data is caused. To this problem, searchable encryption (Searchable Encryption, SE) is proposed. The SE is a cryptography primitive supporting the keyword retrieval of the user on the ciphertext, the user encrypts plaintext data by using the SE technology, and other users can realize the keyword retrieval of the ciphertext.
Conventional SE schemes require the user to enter a complete keyword, however in practical applications, the user may not be able to enter a complete keyword. The further proposed wildcard searchable encryption scheme allows the user to use the wildcard to replace characters in the keywords that cannot be specified, thereby achieving partial matching of the keywords.
Zhao et al in 2022 proposed a verifiable wild card searchable encryption scheme that ensured consistency of plaintext dictionary order and ciphertext numerical order by encoding keywords and using order preserving encryption. The data user can search for any keyword more efficiently because the plaintext dictionary sections included in the keywords including any single character wild card have a certain ciphertext value range. However, this scheme does not support dynamic updates to keywords and ciphertext.
Disclosure of Invention
The invention aims to: the first object of the present invention is to provide a wildcard searchable encryption method that supports a data user to search for keywords in a wildcard manner, while supporting the data owner to dynamically update keywords, user attributes, and ciphertext; it is a second object of the present invention to provide a wild card searchable encryption system that supports dynamic updates.
The technical scheme is as follows: the invention relates to a wild card and wild card searchable encryption method supporting dynamic update, which comprises the following steps:
(1) Configuring a security parameter lambda, and generating a public key set sk, a public parameter PP and an attribute list AttributeList of a data user;
(2) Database DB composed of public key set sk, public parameter PP, all files, private key k of data owner do And an attribute list AttributeList of the data user, generating a verifiable database VDB, a master public key MPK and additional information S;
(3) Extracting keyword dictionary W from document set D D ={kw 1 ,kw 2 ,…kw n A keyword dictionary W D Search keywords having band-pass ligands in the list; using keyword dictionary W D Constructing OBBT; encrypting the constructed OBBT through a public key set sk to generate an encrypted OBBT index I;
(4) Generating a ciphertext file set CT according to the public key set sk and the file set D;
(5) Generating a search trapdoor T according to the public key set sk, the attribute UA of the data user and the query keyword Q P
(6) Verifying the attribute UA of the data user, and if the user has the search authority, determining the user to search trapdoor T according to the search trapdoor T P Performing search on the OBBT under the attribute matched with the data user, and returning all verification tags of the leaf nodes according to a layer-by-layer matching algorithm;
(7) According to the verification tag set, the attribute UA of the data user and the public key set sk, the data user interacts with the CSS to verify the correctness of the attribute, the integrity and the correctness of the search result;
(8) Keyword update, attribute update and file update; the index, the master public key MPK or the database is updated accordingly according to the update category.
Further, step (1) includes:
(1.1) selecting a large prime number p, p factorial cyclic groupAnd->Bilinear mapping->
(1.2) selection groupIs selected randomly p elements +.>Calculate->Wherein i is equal to or less than 1 and j is equal to or less than p; />Representation->Is composed of all pairs of modular multiplication reversible elements, ">The remaining class ring Z/pZ taking p as a module is represented, Z represents a set of all integer components;
selecting four hash functions {0,1} * A bit string representing an arbitrary length; {0,1} λ A bit string representing a length of λ, λ being a security parameter; t represents the number of ciphertext matched with subsequent searching; {0,1} 1 A bit string representing a length of 1;
(1.3) public Key set sk= { sk d ,sk op ,sk lab ,sk f ,sk ua }, where sk d ∈{0,1} λ Is a file encryption key sk op ∈{0,1} λ Is a sequence-preserving encryption key sk lab ∈{0,1} λ Is an encryption tag key sk f ∈{0,1} λ Is a pseudo-random permutation key sk ua ∈{0,1} λ Is an encryption attribute key;
public parameters
(1.4) assuming that the number of given keywords is n and the number of attributes is a; dividing the data users according to the attributes to obtain an attribute set UAttribute= { UA 1 ,UA 2 ,…,UA a ' Property UA i In keyword kw j Condition searchable file list D i,j ={d 1 ,d 2 ,…,d ξ "where ζ represents attribute UA i In keyword kw j The number of files can be searched under the condition;
attribute UA i Searchable keywords and files corresponding to the keywords form an attribute list AttributeList = { [ UA ] of the data user i ,(kw 1 ,D i,1 ),…(kw n ,D i,n )|1≤i≤a]};W D ={kw 1 ,kw 2 ,…kw n And a keyword dictionary.
Further, step (2) includes:
(2.1) random selectionPrivate key k of data owner do Calculation of y=g y
Update counter initial t=0, original database vector is
v x A ciphertext representing an index x;all the document identifiers which are used for representing that the attribute of the document identifiers with the keyword of kw can be searched for by UA;
constructing root commitments
Obtaining the current database vector promise C through T times of updating (T) Definition C (0) =C R ,C -1 =C R
Computing a hash 0 =H 1 (C -1 ,C (0) ,0) y And sent to the CSS, which verifies the hash at the first time 0 After the availability of (C) 0 =hash 0 C (0) And (hash) 0 ,C -1 ,C (0) 0) into the auxiliary information aux of the authentication promise;
(2.2) master public key mpk= (PP, Y, C R ,C 0 ,BF UA ,AttributeList),BF UA Representing a bloom filter used to store all attribute tags; additional information s= (PP, aux, DB);
The database DB includes correspondence of user attributes, document identifiers, and ciphertext, and the VDB includes ciphertext files and file indexes.
Further, step (3) includes:
(3.1) building a plaintext OBBT index; the root node is an empty node, does not store data, and is only used as a search entry; the node with depth of 1 stores attributes for matching user attributes during searching, and the next layer is connected with OBBT corresponding to each attribute; dictionary W for a given keyword D ={kw 1 ,kw 2 …kw n Firstly, encoding each keyword kw by using twenty-six system, respectively corresponding English characters a-z and 0-25 one by one, and cascading all numbers into an integer; the code value sequence obtained by the key words according to the rule is consistent with the dictionary sequence of the key words; store all keyword encoding values in one array for arbitrary bands "? "search keyword Q of wildcard"? "replace with a and z respectively, the corresponding code value is marked as value respectively min And value max
(3.2) given keyword dictionary W D ={kw 1 ,kw 2 …kw n Assuming that the lengths of the keywords are all l, the height of the binary tree is l, the root node of the binary tree is a bitmap bm with 26 bits, the rest node structures are bitmaps with 13 bits, and the leaf nodes are cascaded with an array; in the initialization stage, all bm is set to 0 to obtain a binary bitmap number;
(3.3) establishing a 1-1 mapping relation between characters and numbers, mapping English letters a-z to 1-26 respectively, and wildcards "? "map to"? "; keyword kw is mapped by using 1-1 mapping rule i Conversion to a corresponding feature array
(3.4) the keyword dictionary W is processed through the step (3.3) D Conversion to a corresponding feature array setFilling each element in the feature array set T into the OBBT one by one according to rules; for any array in the feature array set T +.>Firstly filling a root node, setting the position of a bitmap of the root node as 1, then filling nodes of other layers, and judging an array +.>Is the j-th bit value beta j If beta j Less than or equal to 13, the left node beta of the j-th layer j The position is set to 1; if beta is j >13, beta of the j th layer j -13 right node position is set to 1; filling layer by layer until the last layer is completed, and keyword kw i Filling into an array of leaf nodes; filling all the feature array sets T into the OBBT;
(3.5) filling all keywords into the OBBT according to the above rule, each leaf node concatenating all possible keywords; secondly, coding and sequencing all keywords of the leaf nodes, obtaining a coding value-keyword pair group by utilizing a coding rule of the step (3.1) and all keywords cascaded by the leaf nodes according to the rule, and cascading the coding value-keyword pair group on the OBBT leaf nodes; finally, ordering the elements of each group according to the size of the coding value to obtain an ordered binary ordering tree;
(3.6) encrypting the constructed plaintext OBBT using the public key set sk, first encrypting each layer of nodes, if the node is at the i-th layer, bm' =h 3 (sk i Bm), whereinThe method comprises the steps of carrying out a first treatment on the surface of the Secondly, encrypting the code-key word of each element in the array of the leaf layer cascade, and encrypting the code-key word into lab= { lab first ,lab second }, in which lab first =opEnc(sk op ,value kw ) For order-preserving ciphertext value, opEnc is a symmetric order-preserving encryption algorithm, value kw A code value representing the keyword kw;wherein labEnc is a symmetric encryption algorithm, UA is a user attribute, kw is a keyword, and ++>All document identifiers which can be searched for by UA in the document identifiers representing the keyword kw, H 2 (ct 1 ,ct 2 ,…,ct t ) Representing a ciphertext hash value, t representing the number of ciphertext matches;
(3.7) inputting the public key set sk, the file set D, and the id= { ID corresponding to the ciphertext file 1 ,id 2 ,…,id m -wherein m represents the number of files contained in the set D of files; extracting keyword dictionary W from document set D D ={kw 1 ,kw 2 ,…kw n And (3) constructing the OBBT according to the methods of the steps (3.1) - (3.5), encrypting the constructed OBBT by using the method of the step (3.6), and outputting an encrypted OBBT index I.
Further, step (4) includes:
using a file encryption key sk d Encrypted file set d= { D 1 ,d 2 ,…,d m Each document d in } i Obtaining a ciphertext file set CT= { CT 1 ,ct 2 ,…,ct m }(m≥t)。
Further, step (5) includes:
(5.1) the data user inputs a query keyword Q and a public key set sk; firstly, keyword kw is processed according to the step (3.3) i Mapping and converting into corresponding feature array T Q =[β 1 ,…,?,…,β l ]And permuting beta for each digit in the array i ′=H 4 (sk ii ) WhereinThe method comprises the steps of carrying out a first treatment on the surface of the Obtaining an array T Q ′=[β 1 ′,…,?,…,β l ′]Wherein "? "represents a single character wildcard; second, will wild card "? "replace with a and z, calculate the value of the code value by the code algorithm separately min And value max And encrypts the encoded value tr value =Enc(value,sk op ) Wherein Enc is the symmetrical addition of semantic securitySecret algorithm, value= (value min ,value max );
(5.2) data user inputs its own attribute UA to generate attribute trapdoor STAG UA =uaEnc(UA,sk ua );
(5.3) to search trapdoor T P =(T Q ′,tr value ,STAG UA ) To the CSS.
Further, step (6) includes:
(6.1) CSS first according to search trapdoor T P Verifying whether the attribute UA of the data consumer is within the authority of the search, i.e. checking STAG UA Whether or not to be in BF UA If the result exists, executing the step (6.2), otherwise outputting a termination symbol T, and ending the search request;
(6.2) CSS based on search trapdoor T P Tr of medium keyword value Searching is carried out through the index I, and all verification tags lab of the leaf nodes under the corresponding attribute are returned second
(6.3) the CSS receives the promised index of the query result as x and calculates Will prove thatTo the data user, wherein v x Ciphertext with index x, pi x Index x promises for search results, T represents the T-th update.
Further, step (7) includes:
(7.1) inputting public Key set sk and authentication Label set LAB second By sk lab Decryption verification tagObtaining corresponding attribute UA, keyword kw, attribute UA including document identifier of keyword kw +.>Ciphertext hash value H 2 (ct 1 ,ct 2 ,…,ct t );
(7.2) the data user compares the obtained attribute identifier with the attribute identifier of the user, and checks the correctness of the attribute;
(7.3) the data user judges whether kw is matched with the keyword Q; if so, sending all ids to the CSS; if not, ending the verification;
(7.4) the data user parses the certificate ψ to see if the current database is the latest updated database, e (hash T ,g)=e(H 1 (C T-1 ,C (T) ,T),Y),If the verification is passed, continuing the step (7.5), otherwise outputting a termination symbol T;
(7.5) CSS returns all id-ciphertext pairsThe returned ciphertext is subjected to hash value verification, and verification H 2 (ct 1 ,ct 2 ,…,ct t ) And->If the two are equal, the correctness and the integrity of the ciphertext returned by the CSS are indicated, otherwise, a termination symbol T is output.
Further, step (8) includes:
(8.1) updating the keywords, wherein the updating comprises adding and deleting operations; firstly, filling a feature array of a keyword to be added into a plaintext OBBT under a corresponding attribute by using the method of the step (3), then encoding and sequencing a new keyword, and updating an index I of the encrypted OBBT; when deleting the key words, (I, utype, tr) value ) The method comprises the steps of sending to a CSS, wherein Utype is set as a corresponding operation identifier, deleting a corresponding coding value-keyword pair after a data owner passes identity verification, updating an index structure I, and updating an attribute list AttributeList in a database;
(8.2) storing the data user attributes in an index structure, the addition and deletion operations of the attributes being substantially similar to the update method of keywords, except that STAG using new attributes UA Updating or regenerating BF UA Will (I, utype, BF UA ) Sending to CSS, updating by CSS, and updating information in database;
(8.3) for the index ciphertext v to be updated x The data owner first obtains the corresponding index x, and the CSS records the latest data v x And the corresponding certificate ψ is sent to the data owner; when Verify (MPK, x, ψ) =v x When not equal to T, the data owner adds one to T and calculates t′ x =hash T =H 1 (C T-1 ,C (T) ,T) y The method comprises the steps of carrying out a first treatment on the surface of the Finally, will (t' x ,v′ x ) Sent to CSS; if t' x Effectively, CSS generates C T =hash T C (T) Update master public key mpk= (PP, Y, C R ,C 0 ,BF UA AttributeList); finally CSS will v at x position x Replaced by v' x And t 'is inserted in aux' x =(hash T ,C T-1 ,C (T) ,T)。
The invention relates to a wild card searchable encryption system supporting dynamic update, comprising:
the system parameter generation module is used for configuring a security parameter lambda and generating a public key set sk, a public parameter PP and an attribute list AttributeList of a data user; the public key set sk is sent to an index generation module, a file encryption module, a trapdoor generation module, a verification module and an initialization module;
an initialization module for initializing the database DB composed of the public key set sk, the public parameter PP and all files and the private key k of the data owner do And an attribute list AttributeList of the data user, generating a verifiable database VDB, a master public key MPK and additional information S;
index generation module for the slave textKeyword dictionary W is extracted from file set D D ={kw 1 ,kw 2 ,…kw n A keyword dictionary W D Search keywords having band-pass ligands in the list; using keyword dictionary W D Constructing OBBT; encrypting the constructed OBBT through a public key set sk to generate an encrypted OBBT index I;
The file encryption module is used for generating a ciphertext file set CT according to the public key set sk and the file set D;
a trapdoor generation module for generating a search trapdoor T according to the public key set sk, the attribute UA of the data user and the query keyword Q P The method comprises the steps of carrying out a first treatment on the surface of the In the generation process, an index generation module is called; search trapdoor T to be generated P Sending the search result to a search module;
the searching module is used for verifying the attribute UA of the data user, and if the user has the searching authority, the user can search trapdoor T according to the searching authority P Performing search on the OBBT under the attribute matched with the data user, and returning all verification tags of the leaf nodes according to a layer-by-layer matching algorithm; transmitting the verification tag to a verification module;
the verification module is used for interacting the data user with the CSS according to the verification tag set, the attribute UA of the data user and the public key set sk, and verifying the correctness of the attribute, the completeness and the correctness of the search result;
the updating module is used for updating keywords, attributes and files; the index, the master public key MPK or the database is updated accordingly according to the update category.
The beneficial effects are that: compared with the prior art, the invention has the following remarkable advantages:
(1) Through encoding the keywords and encrypting the order preservation, converting the wild card search into range search and fuzzy search;
(2) The attribute is associated with an ordered binary bitmap tree, so that fine-grained data sharing and access control are realized;
(3) A verifiable database (Verifiable Database, VDB) is built that can support dynamic updating of keywords, user attributes, and ciphertext.
Drawings
FIG. 1 is a schematic diagram of a wild card searchable encryption system supporting dynamic updates in accordance with an embodiment of the present application;
FIG. 2 is a schematic diagram of OBBT index generation according to an embodiment of the present application;
FIG. 3 is a schematic diagram of a user usage status of a wild card searchable encryption system supporting dynamic updates in accordance with an embodiment of the present application.
Detailed Description
The application is further described below with reference to the accompanying drawings.
The embodiment of the application provides a wild card and wild card searchable encryption method supporting dynamic updating, which comprises the following steps.
(1) Configuring a security parameter lambda, and generating a public key set sk, a public parameter PP and an attribute list AttributeList of a data user;
the step (1) specifically comprises:
(1.1) inputting a security parameter λ at a key generation center (Key Generating Center, KGC);
Selecting a large prime number p, p-factorial cyclic groupAnd->Bilinear mapping->
(1.2) selection groupIs selected randomly p elements +.>Calculate->Wherein i is equal to or less than 1 and j is equal to or less than p; />Representation->Is composed of all pairs of modular multiplication reversible elements, ">The remaining class ring Z/pZ taking p as a module is represented, Z represents a set of all integer components;
selecting four hash functions H 3 :{0,1} λ ×{0,1} 1 →{0,1} 1 ,/>{0,1} λ A bit string representing a length of λ, λ being a security parameter; {0,1} * Bit character strings with any length are represented, and t represents the number of ciphertext matched with subsequent searching; {0,1} 1 A bit string representing a length of 1;
(1.3) outputting the public key set sk= { sk d ,sk op ,sk lab ,sk f ,sk ua }, where sk d ∈{0,1} λ Is a file encryption key sk op ∈{0,1} λ Is a sequence-preserving encryption key sk lab ∈{0,1} λ Is an encryption tag key sk f ∈{0,1} λ Is a pseudo-random permutation key sk ua ∈{0,1} λ Is an encryption attribute key;
public parameters
(1.4) assuming that the number of given keywords is n and the number of attributes is a; data owner and data usageDividing according to the attributes to obtain an attribute set UAttribute= { UA 1 ,UA 2 ,…,UA a ' Property UA i In keyword kw j Condition searchable file list D i,j ={d 1 ,d 2 ,…,d ξ "where ζ represents attribute UA i In keyword kw j The number of files can be searched under the condition;
attribute UA i Searchable keywords and files corresponding to the keywords form an attribute list AttributeList = { [ UA ] of the data user i ,(kw 1 ,D i,1 ),…(kw n ,D i,n )|1≤i≤a]-a }; the attribute list is initialized by KGC;W D ={kw 1 ,kw 2 ,…kw n And a keyword dictionary.
(2) Database DB composed of public key set sk, public parameter PP, all files, private key k of data owner do And an attribute list AttributeList of the data user, generating a verifiable database VDB, a master public key MPK and additional information S;
the step (2) specifically comprises:
(2.1) random selection of data ownersPrivate key k of data owner do Calculation of y=g y
Update counter initial t=0, original database vector is
v x A ciphertext representing an index x;all the document identifiers which are used for representing that the attribute of the document identifiers with the keyword of kw can be searched for by UA;
on the basis, constructing root commitments
Obtaining the current database vector promise C through T times of updating (T) Definition C (0) =C R ,C -1 =C R
Data owner computing hash 0 =H 1 (C -1 ,C (0) ,0) y And sent to CSS (Cloud Storage Service, cloud storage server), where the CSS verifies the hash for the first time 0 After the availability of (C) 0 =hash 0 C (0) And (hash) 0 ,C -1 ,C (0) 0) into the auxiliary information aux of the authentication promise;
(2.2) private key k according to public key set sk, public parameter PP, database DB, data owner do And the attribute list AttributeList of the data user, the data owner outputs the verifiable database VDB, the master public key MPK and the additional information S;
Master public key mpk= (PP, Y, C R ,C 0 ,BF UA ,AttributeList),BF UA Representing a bloom filter used to store all attribute tags; additional information s= (PP, aux, DB);
the database DB includes correspondence of user attributes, document identifiers, and ciphertext, and the VDB includes ciphertext files and file indexes.
(3) Extracting keyword dictionary W from document set D D ={kw 1 ,kw 2 ,…kw n A keyword dictionary W D Search keywords having band-pass ligands in the list; using keyword dictionary W D Building an OBBT (Ordered Binary Bitmap Tree), ordered binary bitmap tree; encrypting the constructed OBBT through a public key set sk to generate an encrypted OBBT index I;
referring to fig. 2, step (3) specifically includes:
(3.1) this step involves the construction process of the plaintext OBBT index. The root node is an empty node, does not store data, and is only used as a search entry; node memory with depth of 1The storage attribute is used for matching the user attribute during searching, and the next layer is connected with the OBBT corresponding to each attribute; dictionary W for a given keyword D ={kw 1 ,kw 2 …kw n Firstly, encoding each keyword kw by using twenty-six system, respectively corresponding English characters a-z and 0-25 one by one, and cascading all numbers into an integer; the code value sequence obtained by the key words according to the rule is consistent with the dictionary sequence of the key words; store all keyword encoding values in one array for arbitrary bands "? "search keyword Q of wildcard"? "replace with a and z respectively, the corresponding code value is marked as value respectively min And value max
(3.2) given keyword dictionary W D ={kw 1 ,kw 2 …kw n Assuming that the lengths of the keywords are all l, the height of the binary tree is l, the root node of the binary tree is a bitmap (bm) with 26 bits, the rest node structures are bitmaps with 13 bits, and the leaf nodes are cascaded with an array; in the initialization stage, all bm is set to 0 to obtain a binary bitmap number;
(3.3) establishing a 1-1 mapping relation between characters and numbers, mapping English letters a-z to 1-26 respectively, and wildcards "? "map to"? "; keyword kw is mapped by using 1-1 mapping rule i Conversion to a corresponding feature array
(3.4) the keyword dictionary W is processed through the step (3.3) D Conversion to a corresponding feature array setFilling each element in the feature array set T into the OBBT one by one according to rules; for any array in the feature array set T +.>Firstly filling a root node, setting the position of a bitmap of the root node as 1, then filling nodes of other layers, and judgingArray->Is the j-th bit value beta j If beta j Less than or equal to 13, the left node beta of the j-th layer j The position is set to 1; if beta is j >13, beta of the j th layer j -13 right node position is set to 1; filling layer by layer until the last layer is completed, and keyword kw i Filling into an array of leaf nodes; filling all the feature array sets T into the OBBT;
(3.5) filling all keywords into the OBBT according to the above rule, each leaf node concatenating all possible keywords; secondly, coding and sequencing all keywords of the leaf nodes, obtaining a coding value-keyword pair group by utilizing a coding rule of the step (3.1) and all keywords cascaded by the leaf nodes according to the rule, and cascading the coding value-keyword pair group on the OBBT leaf nodes; finally, ordering the elements of each group according to the size of the coding value to obtain an ordered binary ordering tree;
(3.6) encrypting the constructed plaintext OBBT using the public key set sk; firstly, encrypting each layer of nodes, if the node is positioned at the ith layer, bm' =h 3 (sk i Bm), whereinThe method comprises the steps of carrying out a first treatment on the surface of the Secondly, encrypting the code-key word of each element in the array of the leaf layer cascade, and encrypting the code-key word into lab= { lab first ,lab second }, in which lab first =opEnc(sk op ,value kw ) For order-preserving ciphertext value, opEnc is a symmetric order-preserving encryption algorithm, value kw A code value representing the keyword kw;wherein labEnc is a symmetric encryption algorithm, UA is a user attribute, kw is a keyword, and ++>All document identifiers which can be searched for by UA in the document identifiers representing the keyword kw, H 2 (ct 1 ,ct 2 ,…,ct t ) Representing a ciphertext hash value, t representing the number of ciphertext matches;
(3.7) inputting the public key set sk, the file set D, and the id= { ID corresponding to the ciphertext file 1 ,id 2 ,…,id m -wherein m represents the number of files contained in the set D of files; extracting keyword dictionary W from document set D D ={kw 1 ,kw 2 ,…kw n And (3) constructing the OBBT according to the methods of the steps (3.1) - (3.5), encrypting the constructed OBBT according to the method of the step (3.6), and outputting an encrypted OBBT index I.
(4) Generating a ciphertext file set CT according to the public key set sk and the file set D;
the step (4) specifically comprises:
using a file encryption key sk d Encrypted file set d= { D 1 ,d 2 ,…,d m Each document d in } i Obtaining a ciphertext file set CT= { CT 1 ,ct 2 ,…,ct m }(m≥t)。
(5) Generating a search trapdoor T according to the public key set sk, the attribute UA of the data user and the query keyword Q P
The step (5) specifically comprises:
(5.1) the data user inputs a query keyword Q and a public key set sk; firstly, keyword kw is processed according to the step (3.3) i Mapping and converting into corresponding feature array T Q =[β 1 ,…,?,…,β l ]And permuting beta for each digit in the array i ′=H 4 (sk ii ) WhereinThe method comprises the steps of carrying out a first treatment on the surface of the Obtaining an array T Q ′=[β 1 ′,…,?,…,β l ′]Wherein "? "represents a single character wildcard; second, will wild card "? "replace with a and z, calculate the value of the code value by the code algorithm separately min And value max And encrypts the encoded value tr value =Enc(value,sk op ) Wherein E isnc is a semantically secure symmetric encryption algorithm, value= (value) min ,value max );
(5.2) data user inputs its own attribute UA to generate attribute trapdoor STAG UA =uaEnc(UA,sk ua );
(5.3) to search trapdoor T P =(T Q ′,tr value ,STAG UA ) To the CSS.
(6) The data user will generate a search trapdoor T P And its attribute UA are sent to CSS, and CSS verifies attribute UA of data user, if it has search authority, according to the search trapdoor T P Performing search on the OBBT under the attribute matched with the data user, and returning all verification tags of the leaf nodes according to a layer-by-layer matching algorithm;
the step (6) specifically comprises:
(6.1) CSS first according to search trapdoor T P Verifying whether the attribute UA of the data user is within the scope of the rights searched (attribute rights list), i.e. checking STAG UA Whether or not to be in BF UA If the result exists, executing the step (6.2), otherwise outputting a termination symbol T, and ending the search request;
(6.2) CSS based on search trapdoor T P Tr of medium keyword value Searching is carried out through the index I, and all verification tags lab of the leaf nodes under the corresponding attribute are returned second
(6.3) the CSS receives the promised index of the query result as x and calculatesWill prove thatTo the data user, wherein v x Indicating ciphertext with index x, pi x Representing commitment of index x search results, T represents the T-th update.
(7) According to the verification tag set, the attribute UA of the data user and the public key set sk, the data user interacts with the CSS to verify the correctness of the attribute, the integrity and the correctness of the search result;
The step (7) specifically comprises:
(7.1) inputting public Key set sk and authentication Label set LAB second By sk lab Decryption verification tagObtaining corresponding attribute UA, keyword kw, attribute UA including document identifier of keyword kw +.>Ciphertext hash value H 2 (ct 1 ,ct 2 ,…,ct t );
(7.2) the data user compares the obtained attribute identifier with the attribute identifier of the user, and checks the correctness of the attribute;
(7.3) the data user judges whether kw is matched with the keyword Q; if so, sending all ids to the CSS; if not, ending the verification;
(7.4) the data user parses the certificate ψ to see if the current database is the latest updated database, e (hash T ,g)=e(H 1 (C T-1 ,C (T) ,T),Y),If the verification is passed, continuing the step (7.5), otherwise outputting a termination symbol T;
(7.5) CSS returns all id-ciphertext pairsThe returned ciphertext is subjected to hash value verification, and verification H 2 (ct 1 ,ct 2 ,…,ct t ) And->If the two are equal, the correctness and the integrity of the ciphertext returned by the CSS are indicated, otherwise, a termination symbol T is output.
(8) Keyword update, attribute update and file update; according to the update category, the index, the master public key MPK or the database is updated correspondingly;
the step (8) specifically comprises:
(8.1) updating the keywords, wherein the updating comprises adding and deleting operations; firstly, filling a feature array of a keyword to be added into a plaintext OBBT under a corresponding attribute by using the method of the step (3), then encoding and sequencing a new keyword, and updating an index I of the encrypted OBBT; when deleting the key words, (I, utype, tr) value ) The method comprises the steps of sending to a CSS, wherein Utype is set as a corresponding operation identifier, deleting a corresponding coding value-keyword pair after a data owner passes identity verification, updating an index structure I, and updating an attribute list AttributeList in a database;
(8.2) storing the data user attributes in an index structure so that the addition and deletion operations of the attributes are substantially similar to the update method of keywords, except that STAG using new attributes UA Updating or regenerating BF UA Will (I, utype, BF UA ) Sending to CSS, updating by CSS, and updating information in database;
(8.3) for the index ciphertext v to be updated x The data owner first obtains the corresponding index x, and the CSS records the latest data v x And the corresponding certificate ψ is sent to the data owner; when Verify (MPK, x, ψ) =v x When not equal to T, the data owner adds one to T and calculatest′ x =hash T =H 1 (C T-1 ,C (T) ,T) y The method comprises the steps of carrying out a first treatment on the surface of the Finally, will (t' x ,v′ x ) Sent to CSS; if t' x Effectively, CSS generates C T =hash T C (T) Update master public key mpk= (PP, Y, C R ,C 0 ,BF UA AttributeList); finally CSS will v at x position x Replaced by v' x And t 'is inserted in aux' x =(hash T ,C T-1 ,C (T) ,T)。
The embodiment of the application also provides a wild card and wild card searchable encryption system supporting dynamic update, which comprises a plurality of functional modules for realizing the corresponding steps in the wild card and wild card searchable encryption method supporting dynamic update.
Referring to fig. 1, the wild card searchable encryption system supporting dynamic update specifically includes:
the system parameter generation module is used for configuring a security parameter lambda and generating a public key set sk, a public parameter PP and an attribute list AttributeList of a data user; the public key set sk is sent to an index generation module, a file encryption module, a trapdoor generation module, a verification module and an initialization module;
an initialization module for initializing the database DB composed of the public key set sk, the public parameter PP and all files and the private key k of the data owner do And the attribute list AttributeList of the data user, generating a verifiable database VDB, a main public key MPK and additional information S;
an index generation module for extracting the keyword dictionary W from the document set D D ={kw 1 ,kw 2 ,…kw n A keyword dictionary W D Search keywords having band-pass ligands in the list; using keyword dictionary W D Constructing OBBT; encrypting the constructed OBBT through a public key set sk to generate an encrypted OBBT index I;
the file encryption module is used for generating a ciphertext file set CT according to the public key set sk and the file set D;
a trapdoor generation module for generating a search trapdoor T according to the public key set sk, the attribute UA of the data user and the query keyword Q P The method comprises the steps of carrying out a first treatment on the surface of the In the generation process, an index generation module is called; search trapdoor T to be generated P Sending the search result to a search module;
the searching module is used for verifying the attribute UA of the data user, and if the user has the searching authority, the user can search trapdoor T according to the searching authority P Performing search on the OBBT under the attribute matched with the data user, and returning all verification tags of the leaf nodes according to a layer-by-layer matching algorithm; transmitting the verification tag to the verificationA module;
the verification module is used for interacting the data user with the CSS according to the verification tag set, the attribute UA of the data user and the public key set sk, and verifying the correctness of the attribute, the completeness and the correctness of the search result;
the updating module is used for updating keywords, attributes and files; the index, the master public key MPK or the database is updated accordingly according to the update category.
As shown in fig. 3, a schematic diagram of a user usage state of a wild card searchable encryption system supporting dynamic updating is shown, wherein four entities are involved, including a key generating center, a cloud storage server, a data owner (client), and a data user (client).
Key generation center: the system is responsible for building a system, generating public parameters and generating a private key for a user;
Cloud storage server: storing a verifiable database VDB containing a ciphertext file set and a file index; returning a verification tag and a verification of the query result of the data user, and performing interaction with the data user for verification; the user attribute, the key word and the ciphertext are updated through interaction with the data owner;
data owner: uploading files which can be searched, and generating keywords corresponding to each file in advance by using a keyword segmentation technology;
the data user: the data user who obtains the attribute authentication can return a plaintext file from the CSS by uploading a search trapdoor.
The following describes an example scenario of a wild card searchable encryption method and system supporting dynamic update applied to cloud computing.
It is assumed that a company encrypts data before wrapping the data, and uploads the encrypted data to a cloud server for cost and security. If the company employee wants to search the cloud server for a file stored on the day of 3 months 2023, but forgets a specific date, he/she does not need to search for files stored on each day of 3 months, and can use "\3\2023" to search for all files in 3 months, so as to screen out the target file. If a company manager wants to update the searched keywords or file contents, and if the manager wants to update the confidential files which can be searched by staff specifying which departments, the manager needs to interact with the cloud server to complete the updating.
And (II) suppose that a company encrypts and outsources the file to a cloud server for cost and security. If the staff member wants to search all pdf files on the cloud server, the file name may be represented by ". Times.pdf" so as to search all pdf type files, thereby screening and obtaining the target file. If a company manager wants to update the searched keywords or file contents, and for example, an employee who wants to specify a department can search for the file, the company manager needs to interact with the cloud server to complete updating.

Claims (10)

1. A wild card searchable encryption method that supports dynamic updates, comprising:
(1) Configuring a security parameter lambda, and generating a public key set sk, a public parameter PP and an attribute list AttributeList of a data user;
(2) Database DB composed of public key set sk, public parameter PP, all files, private key k of data owner do And an attribute list AttributeList of the data user, generating a verifiable database VDB, a master public key MPK and additional information S;
(3) Extracting keyword dictionary W from document set D D ={kw 1 ,kw 2 ,…kw n A keyword dictionary W D Search keywords having band-pass ligands in the list; using keyword dictionary W D Constructing OBBT; encrypting the constructed OBBT through a public key set sk to generate an encrypted OBBT index I;
(4) Generating a ciphertext file set CT according to the public key set sk and the file set D;
(5) Generating a search trapdoor T according to the public key set sk, the attribute UA of the data user and the query keyword Q P
(6) Verifying the attribute UA of the data user, and if the user has the searching authority, trapping according to the searchingDoor T P Performing search on the OBBT under the attribute matched with the data user, and returning all verification tags of the leaf nodes according to a layer-by-layer matching algorithm;
(7) According to the verification tag set, the attribute UA of the data user and the public key set sk, the data user interacts with the CSS to verify the correctness of the attribute, the integrity and the correctness of the search result;
(8) Keyword update, attribute update and file update; the index, the master public key MPK or the database is updated accordingly according to the update category.
2. The wild card searchable encryption method of claim 1, wherein step (1) comprises:
(1.1) selecting a large prime number p, p factorial cyclic groupAnd->Bilinear map e:>
(1.2) selection groupIs selected randomly p elements +.>Calculate- >Wherein i is equal to or less than 1 and j is equal to or less than p; />Representation->Is composed of all pairs of modular multiplication reversible elements, ">The remaining class ring Z/pZ taking p as a module is represented, Z represents a set of all integer components;
selecting four hash functions H 1 H 2 :/>H 3 :{0,1} λ ×{0,1} 1 →{0,1} 1 ,H 4 :/>{0,1} * A bit string representing an arbitrary length; {0,1} λ A bit string representing a length of λ, λ being a security parameter; t represents the number of ciphertext matched with subsequent searching; {0,1} 1 A bit string representing a length of 1;
(1.3) public Key set sk= { sk d ,sk op ,sk lab ,sk f ,sk ua }, where sk d ∈{0,1} λ Is a file encryption key sk op ∈{0,1} λ Is a sequence-preserving encryption key sk lab ∈{0,1} λ Is an encryption tag key sk f ∈{0,1} λ Is a pseudo-random permutation key sk ua ∈{0,1} λ Is an encryption attribute key;
public parameters
(1.4) assuming that the number of given keywords is n and the number of attributes is a; dividing the data users according to the attributes to obtain an attribute set UAttribute= { UA 1 ,UA 2 ,…,UA a ' Property UA i In keyword kw j Condition searchable file list D i,j ={d 1 ,d 2 ,…,d ξ "where ζ represents attribute UA i In keyword kw j The number of files can be searched under the condition;
attribute UA i Searchable keywords and files corresponding to the keywords form an attribute list AttributeList = { [ UA ] of the data user i ,(kw 1 ,D i,1 ),…(kw n ,D i,n )|1≤i≤a]};W D ={kw 1 ,kw 2 ,…kw n And a keyword dictionary.
3. The wild card searchable encryption method of claim 2, wherein step (2) comprises:
(2.1) random selectionPrivate key k of data owner do Calculation of y=g y
Update counter initial t=0, original database vector is
v x A ciphertext representing an index x; />All the document identifiers which are used for representing that the attribute of the document identifiers with the keyword of kw can be searched for by UA;
constructing root commitments
Obtaining the current database vector promise C through T times of updating (T) Definition C (0) =C R ,C -1 =C R
Computing a hash 0 =H 1 (C- 1 ,C (0) ,0) y And sent to the CSS, which verifies the hash at the first time 0 After the availability of (C) 0 =hash 0 C (0) And (hash) 0 ,C -1 ,C (0) 0) into the auxiliary information aux of the authentication promise;
(2.2) master public key mpk= (PP, Y, C R ,C 0 ,BF UA ,AttributeList),BF UA Representing a bloom filter used to store all attribute tags; additional information s= (PP, aux, DB);
the database DB includes correspondence of user attributes, document identifiers, and ciphertext, and the VDB includes ciphertext files and file indexes.
4. The wild card searchable encryption method of claim 3 wherein step (3) comprises:
(3.1) building a plaintext OBBT index; the root node is an empty node, does not store data, and is only used as a search entry; the node with depth of 1 stores attributes for matching user attributes during searching, and the next layer is connected with OBBT corresponding to each attribute; dictionary W for a given keyword D ={kw 1 ,kw 2 …kw n Firstly, encoding each keyword kw by using twenty-six system, respectively corresponding English characters a-z and 0-25 one by one, and cascading all numbers into an integer; the code value sequence obtained by the key words according to the rule is consistent with the dictionary sequence of the key words; store all keyword encoding values in one array for arbitrary bands "? "search keyword Q of wildcard"? "replace with a and z respectively, the corresponding code value is marked as value respectively min And value max
(3.2) given keyword dictionary W D ={kw 1 ,kw 2 …kw n Assuming that the lengths of the keywords are all l, the height of the binary tree is l, the root node of the binary tree is a bitmap bm with 26 bits, the rest node structures are bitmaps with 13 bits, and the leaf nodes are cascaded with an array; in the initialization stage, all bm are set to 0 to obtain a binary bitmapA number;
(3.3) establishing a 1-1 mapping relation between characters and numbers, mapping English letters a-z to 1-26 respectively, and wildcards "? "map to"? "; keyword kw is mapped by using 1-1 mapping rule i Conversion to a corresponding feature array
(3.4) the keyword dictionary W is processed through the step (3.3) D Conversion to a corresponding feature array setFilling each element in the feature array set T into the OBBT one by one according to rules; for any array in the feature array set T Firstly filling a root node, setting the position of a bitmap of the root node as 1, then filling nodes of other layers, and judging an array +.>Is the j-th bit value beta j If beta j Less than or equal to 13, the left node beta of the j-th layer j The position is set to 1; if beta is j >13, beta of the j th layer j -13 right node position is set to 1; filling layer by layer until the last layer is completed, and keyword kw i Filling into an array of leaf nodes; filling all the feature array sets T into the OBBT;
(3.5) filling all keywords into the OBBT according to the above rule, each leaf node concatenating all possible keywords; secondly, coding and sequencing all keywords of the leaf nodes, obtaining a coding value-keyword pair group by utilizing a coding rule of the step (3.1) and all keywords cascaded by the leaf nodes according to the rule, and cascading the coding value-keyword pair group on the OBBT leaf nodes; finally, ordering the elements of each group according to the size of the coding value to obtain an ordered binary ordering tree;
(3.6) pairing Using the public Key set skThe built plaintext OBBT is encrypted, firstly, each layer of nodes is encrypted, if the nodes are positioned at the ith layer, bm' =H 3 (sk i Bm), whereinSecondly, encrypting the code-key word of each element in the array of the leaf layer cascade, and encrypting the code-key word into lab= { lab first ,lab second }, in which lab first =opEnc(sk op ,value kw ) For order-preserving ciphertext value, opEnc is a symmetric order-preserving encryption algorithm, value kw A code value representing the keyword kw;wherein labEnc is a symmetric encryption algorithm, UA is a user attribute, kw is a keyword, and ++>All document identifiers which can be searched for by UA in the document identifiers representing the keyword kw, H 2 (ct 1 ,ct 2 ,…,ct t ) Representing a ciphertext hash value, t representing the number of ciphertext matches;
(3.7) inputting the public key set sk, the file set D, and the id= { ID corresponding to the ciphertext file 1 ,id 2 ,…,id m -wherein m represents the number of files contained in the set D of files; extracting keyword dictionary W from document set D D ={kw 1 ,kw 2 ,…kw n And (3) constructing the OBBT according to the methods of the steps (3.1) - (3.5), encrypting the constructed OBBT by using the method of the step (3.6), and outputting an encrypted OBBT index I.
5. The wild card searchable encryption method of claim 4, wherein step (4) comprises:
using a file encryption key sk d Encrypted file set d= { D 1 ,d 2 ,…,d m Each document d in } i Obtaining a ciphertext file set CT= { CT 1 ,ct 2 ,…,ct m }(m≥t)。
6. The wild card searchable encryption method of claim 5, wherein step (5) comprises:
(5.1) the data user inputs a query keyword Q and a public key set sk; firstly, keyword kw is processed according to the step (3.3) i Mapping and converting into corresponding feature array T Q =[β 1 ,…,?,…,β l ]And permuting beta 'for each digit in the array' i =H 4 (sk ii ) WhereinObtaining an array T Q ′=[β 1 ′,…,?,…,β l ′]Wherein "? "represents a single character wildcard; second, will wild card "? "replace with a and z, calculate the value of the code value by the code algorithm separately min And value max And encrypts the encoded value tr value =Enc(value,sk op ) Where Enc is a semantically secure symmetric encryption algorithm, value= (value min ,value max );
(5.2) data user inputs its own attribute UA to generate attribute trapdoor STAG UA =uaEnc(UA,sk ua );
(5.3) to search trapdoor T P =(T Q ′,tr value ,STAG UA ) To the CSS.
7. The wild card searchable encryption method of claim 6, wherein step (6) comprises:
(6.1) CSS first according to search trapdoor T P Verifying whether the attribute UA of the data consumer is within the authority of the search, i.e. checking STAG UA Whether or not to be in BF UA If the result exists, executing the step (6.2), otherwise outputting a termination symbol T, and ending the search request;
(6.2) CSS based on search trapdoor T P Tr of medium keyword value Through cableLeading I to execute search and returning all verification tags lab of leaf nodes under corresponding attributes second
(6.3) the CSS receives the promised index of the query result as x and calculatesWill prove thatTo the data user, wherein v x Ciphertext with index x, pi x Index x promises for search results, T represents the T-th update.
8. The wild card searchable encryption method of claim 7, wherein step (7) comprises:
(7.1) inputting public Key set sk and authentication Label set LAB second By sk lab Decryption verification tagObtaining corresponding attribute UA, keyword kw, attribute UA including document identifier of keyword kw +.>Ciphertext hash value H 2 (ct 1 ,ct 2 ,…,ct t );
(7.2) the data user compares the obtained attribute identifier with the attribute identifier of the user, and checks the correctness of the attribute;
(7.3) the data user judges whether kw is matched with the keyword Q; if so, sending all ids to the CSS; if not, ending the verification;
(7.4) the data user parses the certificate ψ to see if the current database is the latest updated database, e (hash T ,g)=e(H 1 (C T-1 ,C (T) ,T),Y),If the verification is passed, continuing the step (7.5), otherwise outputting a termination symbol T;
(7.5) CSS returns all id-ciphertext pairsThe returned ciphertext is subjected to hash value verification, and verification H 2 (ct 1 ,ct 2 ,…,ct t ) And->If the two are equal, the correctness and the integrity of the ciphertext returned by the CSS are indicated, otherwise, a termination symbol T is output.
9. The wild card searchable encryption method of claim 8, wherein step (8) comprises:
(8.1) updating the keywords, wherein the updating comprises adding and deleting operations; firstly, filling a feature array of a keyword to be added into a plaintext OBBT under a corresponding attribute by using the method of the step (3), then encoding and sequencing a new keyword, and updating an index I of the encrypted OBBT; when deleting the key words, (I, utype, tr) value ) The method comprises the steps of sending to a CSS, wherein Utype is set as a corresponding operation identifier, deleting a corresponding coding value-keyword pair after a data owner passes identity verification, updating an index structure I, and updating an attribute list AttributeList in a database;
(8.2) storing the data user attributes in an index structure, the addition and deletion operations of the attributes being substantially similar to the update method of keywords, except that STAG using new attributes UA Updating or regenerating BF UA Will (I, utype, BF UA ) Sending to CSS, updating by CSS, and updating information in database;
(8.3) for the index ciphertext v to be updated x The data owner first obtains the corresponding index x, and the CSS records the latest data v x And the corresponding certificate ψ is sent to the data ownerThe method comprises the steps of carrying out a first treatment on the surface of the When Verify (MPK, x, ψ) =v x When not equal to T, the data owner adds one to T and calculates t′ x =hash T =H 1 (C T-1 ,C (T) ,T) y The method comprises the steps of carrying out a first treatment on the surface of the Finally, will (t' x ,v′ x ) Sent to CSS; if t' x Effectively, CSS generates C T =hash T C (T) Update master public key mpk= (PP, Y, C R ,C 0 ,BF UA AttributeList); finally CSS will v at x position x Replaced by v' x And t 'is inserted in aux' x =(hash T ,C T-1 ,C (T) ,T)。
10. A wild card searchable encryption system that supports dynamic updates, comprising:
the system parameter generation module is used for configuring a security parameter lambda and generating a public key set sk, a public parameter PP and an attribute list AttributeList of a data user; the public key set sk is sent to an index generation module, a file encryption module, a trapdoor generation module, a verification module and an initialization module;
an initialization module for initializing the database DB composed of the public key set sk, the public parameter PP and all files and the private key k of the data owner do And an attribute list AttributeList of the data user, generating a verifiable database VDB, a master public key MPK and additional information S;
an index generation module for extracting the keyword dictionary W from the document set D D ={kw 1 ,kw 2 ,…kw n A keyword dictionary W D Search keywords having band-pass ligands in the list; using keyword dictionary W D Constructing OBBT; encrypting the constructed OBBT through a public key set sk to generate an encrypted OBBT index I;
The file encryption module is used for generating a ciphertext file set CT according to the public key set sk and the file set D;
trapdoor generation mouldA block for generating a search trapdoor T based on the public key set sk, the attribute UA of the data user, and the query keyword Q P The method comprises the steps of carrying out a first treatment on the surface of the In the generation process, an index generation module is called; search trapdoor T to be generated P Sending the search result to a search module;
the searching module is used for verifying the attribute UA of the data user, and if the user has the searching authority, the user can search trapdoor T according to the searching authority P Performing search on the OBBT under the attribute matched with the data user, and returning all verification tags of the leaf nodes according to a layer-by-layer matching algorithm; transmitting the verification tag to a verification module;
the verification module is used for interacting the data user with the CSS according to the verification tag set, the attribute UA of the data user and the public key set sk, and verifying the correctness of the attribute, the completeness and the correctness of the search result;
the updating module is used for updating keywords, attributes and files; the index, the master public key MPK or the database is updated accordingly according to the update category.
CN202310864133.2A 2023-07-14 2023-07-14 Wild card searchable encryption method and system supporting dynamic update Pending CN116992464A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310864133.2A CN116992464A (en) 2023-07-14 2023-07-14 Wild card searchable encryption method and system supporting dynamic update

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310864133.2A CN116992464A (en) 2023-07-14 2023-07-14 Wild card searchable encryption method and system supporting dynamic update

Publications (1)

Publication Number Publication Date
CN116992464A true CN116992464A (en) 2023-11-03

Family

ID=88520585

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310864133.2A Pending CN116992464A (en) 2023-07-14 2023-07-14 Wild card searchable encryption method and system supporting dynamic update

Country Status (1)

Country Link
CN (1) CN116992464A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117540408A (en) * 2023-12-20 2024-02-09 成都赛美特科技有限公司 Attribute-based wildcard searchable encryption method and system

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117540408A (en) * 2023-12-20 2024-02-09 成都赛美特科技有限公司 Attribute-based wildcard searchable encryption method and system

Similar Documents

Publication Publication Date Title
US8533489B2 (en) Searchable symmetric encryption with dynamic updating
Salam et al. Implementation of searchable symmetric encryption for privacy-preserving keyword search on cloud storage
Cong et al. Sortinghat: Efficient private decision tree evaluation via homomorphic encryption and transciphering
CN109670331A (en) It is a kind of that encryption method symmetrically can search for based on block chain
Persiano et al. Lower bounds for differentially private RAMs
Asharov et al. Tight tradeoffs in searchable symmetric encryption
US6167392A (en) Method and apparatus for private information retrieval from a single electronic storage device
CN113014563A (en) Method and system for guaranteeing integrity of searchable public key encryption retrieval
CN113742764B (en) Trusted data secure storage method, retrieval method and equipment based on block chain
CN112000632B (en) Ciphertext sharing method, medium, sharing client and system
Abadi et al. Feather: Lightweight multi-party updatable delegated private set intersection
CN116992464A (en) Wild card searchable encryption method and system supporting dynamic update
de Castro et al. Functional commitments for all functions, with transparent setup and from SIS
WO2018070932A1 (en) System and method for querying an encrypted database for documents satisfying an expressive keyword access structure
Asharov et al. Tight tradeoffs in searchable symmetric encryption
CN114531220A (en) Efficient fault-tolerant dynamic phrase searching method based on forward privacy and backward privacy
CN115603934A (en) Multi-user searchable encryption method and device based on block chain
CN115310125A (en) Encrypted data retrieval system, method, computer equipment and storage medium
CN114003744A (en) Image retrieval method and system based on convolutional neural network and vector homomorphic encryption
Lisin et al. Order-preserving encryption as a tool for privacy-preserving machine learning
CN115269585A (en) Searching method and device
Dilshad et al. Yosida approximation iterative methods for split monotone variational inclusion problems
CN111027084A (en) Fine-grained authorized keyword security query method based on attribute-based encryption
CN113904823B (en) Attribute-based searchable encryption method and system for constant-level authorization computation complexity
CN116028947A (en) Verifiable query index and device based on encryption key words

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination