CN116996276A

CN116996276A - Data sharing method and device based on conditional proxy re-encryption

Info

Publication number: CN116996276A
Application number: CN202310897584.6A
Authority: CN
Inventors: 童瑶; 戴永林; 彭家明; 温智轩; 曾立波; 梁友; 田新军
Original assignee: Guangzhou Fanghe Data Co ltd
Current assignee: Guangzhou Fanghe Data Co ltd
Priority date: 2023-07-20
Filing date: 2023-07-20
Publication date: 2023-11-03

Abstract

The invention relates to the technical field of data privacy sharing and discloses a data sharing method and device based on conditional proxy re-encryption. The method utilizes a first symmetric key to encrypt and decrypt private data, wherein the first symmetric key is formed by combining a first association key corresponding to an organization where a data owner is located and a second association key corresponding to the private data, and only the first association key is needed to be encrypted. When data sharing is carried out, whether a cross-domain problem exists or not is judged, a public-private key pair of a data receiver in a conditional proxy re-encryption scheme is generated according to a judging result, a third association key is decrypted by utilizing a private key of the data receiver in the conditional proxy re-encryption scheme, the third association key is combined with a second association key obtained by the data receiver to generate a second symmetric key, and shared private data is decrypted by using the second symmetric key. The invention realizes the cross-domain data privacy sharing, effectively reduces the calculation cost and improves the security and efficiency of the privacy data sharing.

Description

Data sharing method and device based on conditional proxy re-encryption

Technical Field

The invention relates to the technical field of data privacy sharing, in particular to a data sharing method and device based on conditional proxy re-encryption.

Background

In modern society, data has become an indispensable important resource for various industries. The sharing and communication of data can promote the development and progress of various industries, but the problem of data islanding has become a ubiquitous problem due to the distributed storage and management of data. In this case, the utilization of the data is extremely low, often resulting in decision errors and inefficiency for the enterprise or organization.

In order to better utilize the data, various industries need to realize sharing of the data under the premise of protecting the data security. However, there are many problems in the conventional data sharing manner, such as data leakage, abuse, tampering, etc., which all cause serious consequences, such as user privacy leakage, etc. In addition, the current re-encryption method also brings a great deal of asymmetric encryption and decryption calculation overhead, and further increases the system burden.

Disclosure of Invention

The invention provides a data sharing method and device based on conditional proxy re-encryption, which realize cross-domain data privacy sharing and improve the security and efficiency of privacy data sharing.

In order to solve the technical problem, the invention provides a data sharing method based on conditional proxy re-encryption, which comprises the following steps:

When an access request sent by a second mechanism is received, the access request is analyzed, and a second user accessing through the second mechanism and a first user needing to access are obtained;

searching a corresponding first privacy data ciphertext according to the privacy data identifier of the first user; the first privacy data ciphertext is formed by encrypting privacy data of a first user through a first symmetric key; the first symmetric key is formed by combining a first association key corresponding to a first institution where the first user is located and a second association key corresponding to the first user privacy data;

converting the first conditional proxy ciphertext into a second conditional proxy ciphertext using the conditional proxy re-encryption key; the first conditional proxy ciphertext is formed by encrypting a first association key corresponding to a first mechanism where a first user is located; the conditional proxy re-encryption key is generated by the first user according to the private key of the first user, the organization identifier of the first organization and the public key of the conditional proxy re-encryption scheme of the second user;

and sending the second conditional proxy ciphertext and the first privacy data ciphertext to a second user, so that the second user obtains a third association key by decrypting the second conditional proxy ciphertext to generate a second symmetric key, and decrypting the first privacy data ciphertext by using the second symmetric key to obtain plaintext data corresponding to the first privacy data ciphertext.

The method and the device utilize the first symmetric key to encrypt and decrypt the private data, and compared with the public key, the symmetric key is faster in encrypting and decrypting the private data, and can improve encrypting and decrypting efficiency in the face of massive data; the first symmetric key is formed by combining a first association key and a second association key, wherein the first association key is a constant part of the first symmetric key, and the second association key is a part of the first symmetric key which changes according to the difference of the privacy data. Therefore, only the first association key is encrypted, and only the ciphertext of the first association key can be converted once during data sharing, and the other part of the second association key can be shared in the plaintext, so that the calculation cost is effectively reduced, and the performance and the efficiency are improved.

Further, the first symmetric key is formed by combining a first association key corresponding to a first organization where the first user is located and a second association key corresponding to the first user privacy data, and specifically comprises:

acquiring any random seed, an organization identifier of a first organization and an identifier of private data of a first user;

generating a first association key corresponding to a first organization according to the random seed and an organization identifier of the first organization where the first user is located;

Generating a second association key corresponding to the privacy data of the first user according to the random seed and the privacy data identifier of the first user;

and combining the first association key and the second association key to form a first symmetric key.

The invention selects a random seed, a first association key corresponding to a first organization can be generated by combining an organization identifier of the first organization, a second association key can be generated by combining a privacy data identifier of a first user, and a first symmetric key can be obtained by combining the first association key and the second association key. Therefore, the first symmetric key can be composed of a first association key which is unchanged and a second association key which is changed due to different privacy data, and the first symmetric key can be partially encrypted in the data sharing process, so that the calculation cost is saved, and the encryption and decryption efficiency is improved.

Further, the private key of the first user is specifically:

acquiring public parameters of the conditional agent re-encryption in a first institution where a first user is located;

generating a public and private key pair of the first user according to the public parameters; the public and private key pair of the first user comprises a public key of the first user and a private key of the first user.

Further, the first conditional proxy ciphertext is formed by encrypting a first association key corresponding to a first mechanism where the first user is located, specifically:

acquiring a public key of a first user and an organization identifier of a first organization;

and encrypting the first association key corresponding to the first organization by using the public key of the first user and the organization identifier of the first organization to generate a first conditional proxy ciphertext.

Further, the conditional proxy re-encryption key is generated by the first user according to the private key of the first user, the organization identifier of the first organization and the public key of the conditional proxy re-encryption scheme of the second user, specifically:

judging whether a first mechanism and a second mechanism have a cross-domain problem or not;

if the first mechanism and the second mechanism have the cross-domain problem, generating a public-private key pair of the second user in the conditional proxy re-encryption scheme according to the public parameters, disclosing the public key of the second user in the conditional proxy re-encryption scheme, and encrypting the private key of the second user in the conditional proxy re-encryption scheme by utilizing the public key of the second user in the second mechanism cryptographic system to generate a private key encryption ciphertext;

the private key encryption ciphertext is sent to a second user, so that the second user decrypts the private key encryption ciphertext by using the private key of the second user under a second institution cryptosystem to obtain the private key of the second user in a conditional proxy re-encryption scheme;

If the first mechanism and the second mechanism do not have the cross-domain problem, the public key of the re-encryption scheme of the second user in the conditional proxy is acquired in the second mechanism;

the conditional proxy re-encryption key is generated using the private key of the first user, the institution identifier of the first institution, and the public key of the second user at the conditional proxy re-encryption scheme.

Because different mechanisms possibly use different conditional proxy re-encryption systems and standards, when an access data request of a second user is received, whether the mechanism where a first user and the second user are located has a cross-domain problem or not is judged first, if the cross-domain problem exists, the first user is required to generate a public and private key pair of the second user in a conditional proxy re-encryption scheme according to public parameters, and the private key of the second user in the conditional proxy re-encryption scheme is encrypted and then sent to the second user; if the cross-domain problem does not exist, the conditional proxy re-encryption systems used by the two institutions are consistent, and the second user can generate the public and private key pairs by only calling the corresponding algorithm by itself. The invention provides better technical support for cross-domain sharing of data and ensures the safety of data sharing.

Further, the sending the second condition agent ciphertext and the first privacy data ciphertext to the second user is specifically:

And sending the second conditional proxy ciphertext and the first privacy data ciphertext to a second mechanism, so that the second mechanism forwards the received second conditional proxy ciphertext and the received first privacy data ciphertext to a second user.

Further, the second user obtains a third association key by decrypting the second conditional proxy ciphertext, specifically:

after the second user obtains the second conditional proxy ciphertext, the private key of the second user in the conditional proxy re-encryption scheme is obtained;

and decrypting the second conditional proxy ciphertext by using a private key of the conditional proxy re-encryption scheme of the second user to obtain a third association key.

Further, the second user obtains a third association key by decrypting the second conditional proxy ciphertext to generate a second symmetric key, specifically:

the second user receives a second association key sent by the first user;

and combining the decrypted third association key with the second association key to generate a second symmetric key.

When the privacy data of the first user is shared with the second user, the second association key in the form of the second conditional proxy ciphertext and the plaintext is sequentially sent to the second user, so that the second user decrypts the second conditional proxy ciphertext to obtain the third association key, the second association key is combined to generate the second symmetric key, the second symmetric key is used for decrypting the privacy data of the first user, and the data sharing efficiency and safety are further improved by using the method of re-encrypting the first association key.

The invention provides a data sharing method based on conditional agent re-encryption, which utilizes a first symmetric key to encrypt and decrypt private data, wherein the first symmetric key is formed by combining a first association key corresponding to an organization where a data owner is positioned and a second association key corresponding to the private data, and only the first association key is needed to be encrypted. When data sharing is performed, whether a cross-domain problem exists or not is judged, a public-private key pair of a data receiver in a conditional proxy re-encryption scheme is generated according to a judging result, a third association key is decrypted by utilizing a private key of the data receiver in the conditional proxy re-encryption scheme, the third association key is combined with a second association key obtained by the data receiver to generate a second symmetric key, and shared private data can be decrypted by using the second symmetric key. The invention realizes the cross-domain data privacy sharing, effectively reduces the calculation cost and improves the security and efficiency of the privacy data sharing.

Correspondingly, the invention provides a data sharing device based on conditional agent re-encryption, which comprises: the device comprises an analysis module, a search module, a conversion module and a sending module;

the analysis module is used for analyzing the access request when receiving the access request sent by the second mechanism, and acquiring the private data identifiers of the second user accessed by the second mechanism and the first user needing to be accessed;

The searching module is used for searching a corresponding first privacy data ciphertext according to the privacy data identifier of the first user; the first privacy data ciphertext is formed by encrypting privacy data of a first user through a first symmetric key; the first symmetric key is formed by combining a first association key corresponding to a first institution where the first user is located and a second association key corresponding to the first user privacy data;

the conversion module is used for converting the first conditional proxy ciphertext into a second conditional proxy ciphertext by using the conditional proxy re-encryption key; the first conditional proxy ciphertext is formed by encrypting a first association key corresponding to a first mechanism where a first user is located; the conditional proxy re-encryption key is generated by the first user according to the private key of the first user, the organization identifier of the first organization and the public key of the conditional proxy re-encryption scheme of the second user;

the sending module is configured to send the second conditional proxy ciphertext and the first private data ciphertext to a second user, so that the second user obtains a third association key by decrypting the second conditional proxy ciphertext, generates a second symmetric key, and decrypts the first private data ciphertext by using the second symmetric key to obtain plaintext data corresponding to the first private data ciphertext.

Further, the conditional proxy re-encryption key is generated by the first user according to the private key of the first user, the organization identifier of the first organization and the public key of the conditional proxy re-encryption scheme of the second user, specifically;

The invention provides a data sharing device based on conditional proxy re-encryption, which realizes cross-domain data privacy sharing based on the organic combination among modules and improves the security and efficiency of privacy data sharing.

Drawings

FIG. 1 is a flow chart of an embodiment of a conditional proxy re-encryption based data sharing method provided by the present invention;

FIG. 2 is a flow chart of another embodiment of a data sharing method based on conditional agent re-encryption according to the present invention;

FIG. 3 is a schematic diagram illustrating an embodiment of a data sharing device based on conditional agent re-encryption according to the present invention;

fig. 4 is a flow chart of another embodiment of a data sharing method based on conditional agent re-encryption provided by the present invention.

Detailed Description

The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.

Example 1

Referring to fig. 1, a flow chart of an embodiment of a conditional proxy re-encryption based data sharing method provided by the present invention is shown, where the method includes steps 101 to 104, and the steps are specifically as follows:

step 101: when an access request sent by a second mechanism is received, the access request is analyzed, and the private data identifiers of the second user accessing through the second mechanism and the first user needing to access are obtained.

In the first embodiment of the present invention, the second user accesses the private data of the first user existing in the first organization, and sends an access request to the first organization through the second organization, so that the access request records the access data person (i.e. the second user) and the data identifier to be accessed (i.e. the private data identifier of the first user).

Step 102: searching a corresponding first privacy data ciphertext according to the privacy data identifier of the first user; the first privacy data ciphertext is formed by encrypting privacy data of a first user through a first symmetric key; the first symmetric key is formed by combining a first association key corresponding to a first institution where the first user is located and a second association key corresponding to the first user privacy data.

Further, in the first embodiment of the present invention, the first symmetric key is formed by combining a first association key corresponding to a first organization where the first user is located and a second association key corresponding to the first user privacy data, specifically:

In a first embodiment of the present invention, first user privacy data is encrypted using a first symmetric key, where the first symmetric key is formed by combining a first association key corresponding to a first organization in which the first user is located and a second association key corresponding to the first user privacy data.

The forming process of the first association key and the second association key is as follows: the first user selects a random seed, and a first association key uniquely corresponding to the first institution can be derived by using the seed and the institution identifier of the first institution in which the first user is located. The first user then derives a second associated key uniquely corresponding to the private data using the seed and the unique identifier of the private data. Combining the first associated key and the second associated key may then result in a first symmetric key.

As an example of the first embodiment of the invention, the first user may select a random seed K in combination with the identifier I of the first institution ₁ Deriving a first associated key uniquely corresponding to the first institution using a key derivation function func (), a key derivation functionWherein, the random seed K can be obtained by sampling from random software or hardware random sources; specifically, the func (·) may be a pseudo random number generator PRG, a pseudo random function PRF, a hash function, a key derivation function KDF. The first user uses the seed K and the privacy data { m } of the first user in the first institution ₁ ，m ₂ ，…，m _n Unique identifier of } Deriving a second association key { k ] uniquely corresponding to the private data ₁ ，k ₂ ，…，k _n ' will->And k _i Can be combined to obtain the data m for encrypting the privacy _i Is +.>And add these identifiers->Disclosed are methods and apparatus for controlling the flow of liquid. Wherein the unique identifier of the private data includes the generation time of the private data and digest information, for example, assume m ₁ For the private data of the first user in a certain service of the first institution, then m ₁ The identifier of (2) is +.> Privacy data m _i In the specific form of the second association key +.>

Step 103: converting the first conditional proxy ciphertext into a second conditional proxy ciphertext using the conditional proxy re-encryption key; the first conditional proxy ciphertext is formed by encrypting a first association key corresponding to a first mechanism where a first user is located; the conditional proxy re-encryption key is generated by the first user from the first user's private key, the first institution's institution identifier, and the second user's public key at the conditional proxy re-encryption scheme.

Further, in the first embodiment of the present invention, the private key of the first user is specifically:

In the first embodiment of the invention, the first user can acquire the public parameters in the conditional proxy re-encryption scheme in the first mechanism, and operate an algorithm to generate a public-private key pair according to the acquired public parameters, so that the public key is public, and the private key is secret and stored.

As an example of the first embodiment of the present invention, the first mechanism selects a security parameter λ as input, and runs the CPRE-Setup algorithm to obtain the public parameter pp in the conditional proxy re-encryption scheme. The first user takes the public parameter pp as input, runs the CPRE-Key Gen algorithm, and can obtain the public and private key pair (pk) _A ，sk _A ) And the public key pk _A Public, private key sk _A And (5) preserving secrets.

As an example of the first embodiment of the present invention, the first user may use a symmetric key to protect the privacy of data that is itself generated at the first institution And own private data m _i As input, a symmetric encryption algorithm Enc is run _sym Algorithm, obtaining privacy data m _i Corresponding ciphertext-> The step is repeated continuously to complete the encryption of all the privacy data, and the privacy data { m } is obtained ₁ ，m ₂ ，…，m _n Ciphertext corresponding to

In the first embodiment of the present invention, as shown in fig. 2, step 103 specifically includes steps 201 to 205, which are specifically as follows:

step 201: and judging whether the first mechanism and the second mechanism have a cross-domain problem or not.

Step 202: if the first mechanism and the second mechanism have the cross-domain problem, a public-private key pair of the second user in the conditional proxy re-encryption scheme is generated according to the public parameters, the public key of the second user in the conditional proxy re-encryption scheme is disclosed, and the private key of the second user in the conditional proxy re-encryption scheme is encrypted by utilizing the public key of the second user in the second mechanism cryptographic system to generate a private key encrypted ciphertext.

Step 203: and sending the private key encryption ciphertext to a second user, so that the second user decrypts the private key encryption ciphertext by using the private key of the second user under the second institution cryptosystem to obtain the private key of the second user in the conditional proxy re-encryption scheme.

Step 204: and if the first mechanism and the second mechanism do not have the cross-domain problem, acquiring a public key of the re-encryption scheme of the second user in the conditional proxy at the second mechanism.

Step 205: the conditional proxy re-encryption key is generated using the private key of the first user, the institution identifier of the first institution, and the public key of the second user at the conditional proxy re-encryption scheme.

In the first embodiment of the present invention, when the second user needs to access the private data of the first user in the first organization, it is necessary to determine whether the first organization and the second organization where the second user is located have a cross-domain problem. If the first mechanism and the second mechanism have the cross-domain problem, namely the cryptographic systems and standards used by the first mechanism and the second mechanism are different, the first user is required to generate a public-private key pair of the second user in the current conditional proxy re-encryption scheme, the public key is disclosed, and the private key is encrypted and then sent to the second user. If the first mechanism and the second mechanism have no cross-domain problem, namely the cryptographic systems used by the first mechanism and the second mechanism are the same as or compatible with the standards, the second user can generate a public-private key pair of the conditional proxy re-encryption scheme by himself and can disclose the generated public key. After the first user obtains the public key of the second user in the conditional proxy re-encryption scheme, the private key of the first user, the organization identifier of the first organization and the public key of the second user in the conditional proxy re-encryption scheme can be used for generating the conditional proxy re-encryption key.

As an example of the first embodiment of the present invention, if the first mechanism and the second mechanism have a cross-domain problem, the first mechanism needs to negotiate the asymmetric cipher suite Enc with the second mechanism _asym Algorithm and Dec _asym And the algorithm is used for secret distribution of the private key of the user in the conditional proxy re-encryption scheme in the cross-domain scene. Then, the first user needs to call CPRE-KeyGen algorithm by taking the public parameter pp as input to generate public and private key pair (sk) of the second user in the current conditional proxy re-encryption scheme _B ，pk _B ) Public key pk _B Public, private key sk _B And (5) preserving secrets. After this, the first user uses the public key pk of the second user under the cryptographic system of the second institution ^′ _B And the private key sk of the second user in the conditional proxy re-encryption scheme _B As input, call Enc _asym Algorithm for generating private key encryption ciphertextAnd the ciphertext->And sending the message to the second user. The second user receives the private key encryption ciphertext transmitted by the first user>Thereafter, dec is invoked _asym Algorithm, using private key sk of own under cipher system of second organization ^′ _B Decryption private key encryption ciphertext->Obtaining private key of the user in the conditional proxy re-encryption scheme

If the first mechanism and the second mechanism do not have the cross-domain problem, the second user generates a public-private key pair (sk) of the second user in the conditional proxy re-encryption scheme according to the public parameter pp by the second user _B ，pk _B ) And public key pk of second user in conditional proxy re-encryption scheme _B 。

A public key pk of a second user in a conditional proxy re-encryption scheme is generated _B After that, the first user uses the private key sk of the first user _A Mechanism identifier I of first mechanism ₁ And the public key pk of the second user in the conditional proxy re-encryption scheme _B As input, the CPRE-RKey Gen algorithm is run to generate a conditional proxy re-encryption key rk _A→B，I1 The key may be used to convert a first conditional proxy ciphertext that may be decrypted by a first user to a second conditional proxy ciphertext that may be decrypted by a second user.

Further, in the first embodiment of the present invention, the first conditional proxy ciphertext is formed by encrypting a first association key corresponding to a first institution where the first user is located, specifically:

In a first embodiment of the present invention, a first user invokes an algorithm to encrypt a first association key with its public key and an organization identifier of the first organization to obtain a first conditional proxy ciphertext that encrypts the first association key, in order that its data can be shared among the plurality of organizations. Wherein the institution identifier of the first institution is a condition for the conditional agent re-encryption. Then, the first user sends the first condition agency cryptogram and the privacy data cryptogram to the first institution, and the first user is subjected to storage management by the first institution.

As an example of the first embodiment of the present invention, the first user uses his own public key pk _A First associated keyAnd an institution identifier I of the first institution ₁ As input, running the CPRE-encryption algorithm to obtain a first conditional proxy ciphertext of the first association key +.>Then the first user takes the first conditional proxy ciphertext +.>And private data ciphertext of oneselfAnd the data is sent to the first institution and is stored and managed by the first institution.

As an example of the first embodiment of the present invention, after the first user receives the access request from the second user, the first mechanism proxies the first conditional proxy ciphertextAnd conditional proxy re-encryption key rk _A→B，I1 As input, running the CPRE-reincrypt algorithm to obtain a second conditional proxy ciphertext that the second user can decrypt>

Step 104: and sending the second conditional proxy ciphertext, the second association key and the first privacy data ciphertext to a second user so that the second user obtains a third association key by decrypting the second conditional proxy ciphertext to generate a second symmetric key, and decrypting the first privacy data ciphertext by using the second symmetric key to obtain plaintext data corresponding to the first privacy data ciphertext.

Further, in the first embodiment of the present invention, the second conditional proxy ciphertext and the first private data ciphertext are sent to a second user, specifically:

As an example of the first embodiment of the present invention, after the first conditional proxy ciphertext is converted into a second conditional proxy ciphertext that can be decrypted by the second user, the converted second conditional proxy ciphertext is then used to generate the second conditional proxy ciphertextAnd a specific first private data ciphertext +_>And the second conditional proxy ciphertext and the first privacy data ciphertext after conversion are forwarded to the second user by the second mechanism. Wherein (1)>Is the specific private data to be accessed by the second user and is { m } ₁ ，m ₂ ，…，m _n A subset of }.

Further, in the first embodiment of the present invention, the second user obtains the third association key by decrypting the second conditional proxy ciphertext, specifically:

As an example of the first embodiment of the present invention, the second mechanism proxies the second conditional proxy ciphertextAnd specific private data ciphertext->Forwarding to the second user, and after the second user receives the ciphertexts, transmitting the private key sk of the second user in the conditional proxy re-encryption scheme _B Second conditional proxy ciphertext->And an institution identifier I of the first institution ₁ As input, the CPRE-Decrypt algorithm is run, resulting in a third association key that is identical to the first association key.

Further, in the first embodiment of the present invention, the second user obtains the third association key by decrypting the second conditional proxy ciphertext to generate the second symmetric key, specifically:

the second user receives a second association key sent by the first user;

In the first embodiment of the present invention, the second user receives the second association key sent by the first user, combines it with the third association key to obtain a complete second symmetric key, and invokes the Dec _sym And the algorithm can decrypt the ciphertext of the private data by using the second symmetric key to obtain plaintext data.

In summary, the first embodiment of the present invention provides a data sharing method based on conditional proxy re-encryption, where private data is encrypted and decrypted by using a first symmetric key, where the first symmetric key is formed by combining a first association key corresponding to an organization where a data owner is located and a second association key corresponding to the private data, and only the first association key needs to be encrypted. When data sharing is carried out, whether a cross-domain problem exists or not is judged, a public-private key pair of a data receiver in a conditional proxy re-encryption scheme is generated according to a judging result, a third association key is decrypted by utilizing a private key of the data receiver in the conditional proxy re-encryption scheme, the third association key is combined with a second association key obtained by the data receiver to generate a second symmetric key, and shared private data is decrypted by using the second symmetric key. The invention realizes the cross-domain data privacy sharing, effectively reduces the calculation cost and improves the security and efficiency of the privacy data sharing.

Example 2

Referring to fig. 3, a schematic structural diagram of an embodiment of a conditional agent re-encryption based data sharing apparatus provided by the present invention includes an parsing module 301, a searching module 302, a converting module 303, and a sending module 304;

The parsing module 301 is configured to parse the access request when receiving the access request sent by the second mechanism, and obtain the private data identifiers of the second user accessing through the second mechanism and the first user needing to access;

the searching module 302 is configured to search for a corresponding first private data ciphertext according to the private data identifier of the first user; the first privacy data ciphertext is formed by encrypting privacy data of a first user through a first symmetric key; the first symmetric key is formed by combining a first association key corresponding to a first institution where the first user is located and a second association key corresponding to the first user privacy data;

the conversion module 303 is configured to convert the first conditional proxy ciphertext into a second conditional proxy ciphertext using the conditional proxy re-encryption key; the first conditional proxy ciphertext is formed by encrypting a first association key corresponding to a first mechanism where a first user is located; the conditional proxy re-encryption key is generated by the first user according to the private key of the first user, the organization identifier of the first organization and the public key of the conditional proxy re-encryption scheme of the second user;

the sending module 304 is configured to send the second conditional proxy ciphertext and the first private data ciphertext to a second user, so that the second user obtains a third association key by decrypting the second conditional proxy ciphertext, generates a second symmetric key, and decrypts the first private data ciphertext by using the second symmetric key to obtain plaintext data corresponding to the first private data ciphertext.

Further, in the second embodiment of the present invention, the first symmetric key is formed by combining a first association key corresponding to a first institution where the first user is located and a second association key corresponding to the first user privacy data, and specifically includes:

Further, in the second embodiment of the present invention, the private key of the first user is specifically:

Further, in the second embodiment of the present invention, the conditional proxy re-encryption key is generated by the first user according to the private key of the first user, the organization identifier of the first organization, and the public key of the conditional proxy re-encryption scheme of the second user, specifically;

Further, in the second embodiment of the present invention, the sending the second conditional proxy ciphertext and the first private data ciphertext to the second user is specifically:

Further, in the second embodiment of the present invention, the sending module 304 includes: a private key acquisition unit and a decryption unit;

the private key acquisition unit is used for acquiring a private key of the second user in the conditional proxy re-encryption scheme after the second user acquires the second conditional proxy ciphertext;

the decryption unit is used for decrypting the second conditional proxy ciphertext by using a private key of the conditional proxy re-encryption scheme of the second user to obtain a third association key.

Further, in the second embodiment of the present invention, the sending module 304 further includes: a receiving unit and a combining unit;

the receiving unit is used for receiving a second association key sent by the first user by the second user;

the combining unit is used for combining the decrypted third association key and the second association key to generate a second symmetric key.

In summary, the second embodiment of the present invention provides a data sharing device based on conditional proxy re-encryption, where private data is encrypted and decrypted by using a first symmetric key, where the first symmetric key is formed by combining a first association key corresponding to an organization where a data owner is located and a second association key corresponding to the private data, and only the first association key needs to be encrypted. When data sharing is performed, firstly judging whether a cross-domain problem exists, generating a public-private key pair of a data receiver in a conditional proxy re-encryption scheme according to a judging result, decrypting a third associated key by utilizing a private key of the data receiver in the conditional proxy re-encryption scheme, combining the third associated key with a second associated key obtained by the data receiver to generate a second symmetric key, and decrypting shared private data by using the second symmetric key; based on the organic combination among the modules, the cross-domain data privacy sharing is realized, the calculation cost is effectively reduced, and the security and the efficiency of the privacy data sharing are improved.

Example 3

The invention provides four participation roles of a data sharing method based on conditional agent re-encryption, which are a first user, a first mechanism, a second mechanism and a second user respectively, and specifically comprises the following steps:

the first user stores own privacy data in a first mechanism and has control right on the data;

the first mechanism is responsible for storing the privacy data ciphertext of the user, responding to access requests of other organizations to the privacy data of the user, and executing proxy re-encryption to complete ciphertext conversion;

the second mechanism is responsible for forwarding data access requests and response results for users in the second mechanism;

the second user is a user of the second organization and serves as a data visitor, and the private data ciphertext of the first user in the first organization can be decrypted under the authorization of the first user so as to utilize the private data of the first user.

The data sharing method based on conditional proxy re-Encryption provided by the invention mainly uses the following 6 algorithms, namely CPRE-Setup, CPRE-KeyGen, CPRE-Encrypt, CPRE-RKeGen, CPRE-Encrypt, CPRE-Decrypt (CPRE, conditonal Proxy Re-Encryption), and specifically comprises the following steps:

the CPRE-Setup algorithm is used for generating common parameters in the conditional proxy re-encryption scheme;

The CPRE-Key Gen algorithm is used for generating a public-private key pair, wherein the public key is used for encryption, and the private key is used for decryption and generation of a conditional proxy re-encryption key;

the CPRE-Encrypt algorithm is used for encrypting the message to generate a ciphertext;

the CPRE-RKey Gen algorithm is used for generating a conditional agent re-encryption key;

the CPRE-encrypt algorithm is used for converting the ciphertext meeting the condition into the ciphertext which can be decrypted by another user;

the CPRE-Decrypt algorithm is used for decrypting the encrypted ciphertext to obtain a plaintext message.

The third embodiment of the present invention is described taking a medical data sharing scenario as an example, where a patient in the medical data sharing scenario corresponds to a first user, hospital a corresponds to a first institution, hospital B corresponds to a second institution, and a doctor corresponds to a second user.

Referring to fig. 4, a flowchart of still another embodiment of a data sharing method based on conditional agent re-encryption provided by the present invention, when a doctor in a hospital B accesses medical data of a patient in a hospital a, specific steps to be executed include S1 to S15, which are specifically as follows:

s1, running a CPRE-Setup algorithm by a hospital A, generating common parameters in a conditional proxy re-encryption scheme, and selecting a symmetric cipher suite Enc _sym Algorithm and Dec _sym The algorithm is used for encrypting and decrypting the medical data and disclosing the symmetric cipher suite and the self mechanism identifier;

s2, the patient runs a CPRE-Key Gen algorithm to generate a public and private key pair, and the public key is disclosed and the private key is stored in a secret way;

s3, randomly selecting a seed by the patient, and using the seed and the institution identifier of the hospital A to derive an association key uniquely corresponding to the hospital A. Then, the patient derives an associated key uniquely corresponding to the medical data by using the seed and the unique identifier of the medical data, combines the two keys to obtain a symmetric key for encrypting the medical data, and discloses the identifier corresponding to the medical data;

s4, calling the Enc by the patient in order to protect the privacy of the medical data generated by the patient in the hospital A _sym An algorithm, which encrypts own medical data by using a symmetric key to obtain a ciphertext;

s5, calling Enc by the patient in order that the medical data of the patient can be shared among a plurality of hospitals _sym The algorithm encrypts the association key uniquely corresponding to the hospital A by using the public key of the algorithm and the organization identifier of the hospital A to obtain the conditional proxy ciphertext encrypted with the association key uniquely corresponding to the hospital A. Then, the patient sends the conditional proxy ciphertext and the medical data ciphertext which are encrypted with the association key uniquely corresponding to the hospital A, and the conditional proxy ciphertext and the medical data ciphertext are stored and managed by the hospital A;

S6, when the patient is referred to the hospital B when the patient needs to be referred to the hospital B, the doctor of the hospital B needs to access the medical data of the patient in the hospital A. At this time, if the hospitals a and B have a cross-domain problem, that is, the password systems and standards used by the hospitals a and B are different, steps S7 to S8 are required to be executed; if the hospital A and the hospital B have no cross-domain problem, namely the password systems used by the hospital A and the hospital B are the same as or compatible with the standards, directly jumping to the step S9;

s7, the hospital A needs to negotiate an asymmetric cipher suite Enc with the hospital B _asym Algorithm and Dec _asym And the algorithm is used for secret distribution of the private key of the user in the conditional proxy re-encryption scheme in the cross-domain scene. Then, the patient needs to call the CPRE-KeyGen algorithm, generate a public-private key pair of the doctor in the current conditional proxy re-encryption scheme, and disclose the public key. After this, the patient invokes Enc _asym Algorithm, using public key of doctor under cipher system of hospital B to encrypt private key of doctor in current conditional proxy re-encryption scheme, generating encrypted doctor private keyCiphertext of the key, and send the ciphertext to doctor;

s8, after receiving the encrypted private key ciphertext sent by the patient, the doctor calls the Dec _asym The algorithm uses the private key of the user under the cryptographic system of the hospital B to decrypt the ciphertext encrypted with the private key to obtain the private key of the user in the conditional proxy re-encryption scheme;

S9, in order to enable the patient to share the medical data in the hospital A to the referral hospital B, the patient calls a CPRE-RKey Gen algorithm, generates a conditional agent re-encryption key by using the private key of the patient, the institution identifier of the hospital A and the public key of a doctor of the hospital B in a conditional agent re-encryption scheme, sends the generated conditional agent re-encryption key to the hospital A, and gives the hospital A storage management;

s10, when a doctor in the hospital B requests specific medical data ciphertext of the patient from the hospital A through the hospital B and encrypts ciphertext with an associated key uniquely corresponding to the hospital A in order to acquire the specific medical data of the patient in the hospital A;

s11, after receiving a request of a hospital B, the hospital A calls a CPRE-encrypter algorithm, uses a conditional proxy re-encryption key to convert a conditional proxy ciphertext encrypted with a related key uniquely corresponding to the hospital A into a ciphertext which can be decrypted by a doctor of the hospital B, and sends the converted ciphertext and a specific medical data ciphertext I to the hospital B;

s12, the hospital B forwards the converted ciphertext and the specific medical data ciphertext to a doctor, and after receiving the ciphertext, the doctor calls a CPRE-Decrypt algorithm, decrypts the ciphertext encrypted with the association key uniquely corresponding to the hospital A by using the private key of the hospital B in the conditional proxy re-encryption scheme, and obtains the association key uniquely corresponding to the hospital A;

S13, the doctor sends the identifier corresponding to the specific medical data to the patient, and requests the association key uniquely corresponding to the specific medical data to the patient;

s14, the patient receives identifiers corresponding to the specific medical data sent by the doctor, derives an associated key uniquely corresponding to the medical data by utilizing the identifiers and the random seeds obtained by sampling in the S3, and sends the associated keys to the doctor;

s15, the doctor receives the association key uniquely corresponding to the medical data sent by the patient, combines the association key with the association key uniquely corresponding to the hospital A obtained in S12 to obtain a complete symmetric key, and calls the Dec _sym And (3) an algorithm, namely decrypting the medical data ciphertext by using the symmetric key to obtain plaintext data.

In a third embodiment of the present invention, step S1 includes:

s101, a hospital A selects a security parameter lambda as input, and runs a CPRE-Setup algorithm to obtain a public parameter pp in a conditional proxy re-encryption scheme;

s102, the CPRE-Setup algorithm calculates and obtains common parameters in the conditional proxy re-encryption scheme according to the used conditional proxy re-encryption scheme by using the input security parameter lambda and outputs the common parameters;

s103, selecting symmetrical password suite Enc by hospital A _sym Algorithm and Dec _sym And the algorithm is used for encrypting and decrypting the medical data and disclosing the symmetric cipher suite and the self organization identifier. Wherein the institution identifier I of hospital A _A Is a character string that uniquely identifies the identity of hospital a; the symmetric cipher suite may be arbitrary.

In a third embodiment of the present invention, step S2 includes:

s201, a patient takes a public parameter pp as input, and runs a CPRE-Key Gen algorithm to obtain a public-private key pair of the patient: (sk) _A ，pk _A ) Public key pk _A Public, private key sk _A Secret preservation;

s202, the CPRE-Key Gen algorithm calculates and obtains a public and private key pair of a user by using an input public parameter pp according to a used conditional proxy re-encryption scheme and outputs the public and private key pair.

In a third embodiment of the present invention, step S3 includes:

s301, randomly selecting a seed K by a patient, and using the seed K and a mechanism identifier I of a hospital A _A Deriving an association key uniquely corresponding to Hospital AWherein, the random seed K can be obtained by sampling from random software or hardware random sources; any technique can be used in deriving the key, such as a pseudo random number generator PRG, a pseudo random function PRF, a hash function, and a key derivation function KDF, which is taken as an example; k1_len is the association key uniquely corresponding to Hospital A +. >Is a length of (2);

s302, patient uses seed K and medical data { m } ₁ ，m ₂ ，…，m _n Unique identifier of } Deriving an association key { k ] uniquely corresponding to medical data ₁ ，k ₂ ，…，k _n ' will->And k _i Can be combined to obtain the encrypted medical data m _i Symmetric key +.> And to compare these identifiersDisclosed are methods and apparatus for controlling the flow of liquid. Wherein the unique identifier of the medical data contains the generation time of the medical data and summary information, for example, assume m ₁ For image data taken by the patient in the cardiac department, then m ₁ Is given by Medical data m ₁ In the specific form of an associated key of (a) k2_len is k _i Is a length of (c).

In a third embodiment of the present invention, step S4 includes:

s401 the patient will be symmetric keyAnd own medical data m _i As input, a symmetric encryption algorithm Enc is run _sym Algorithm, obtaining medical data m _i Corresponding ciphertext-> The step is repeated continuously to complete the encryption of all the medical data to obtain the medical data { m } ₁ ，m ₂ ，…，m _n Ciphertext corresponding to

In a third embodiment of the present invention, step S5 includes:

s501, the patient uses the public key pk of the patient _A Associated key to be encrypted uniquely corresponding to hospital aAnd institution identifier I for Hospital A _A As input, CPRE-encrypter algorithm is run to obtain conditional proxy ciphertext of the association key uniquely corresponding to hospital A >

S502, a CPRE-Encrypt algorithm calculates and obtains a conditional proxy ciphertext according to a used conditional proxy re-encryption scheme by using an incoming public key pk, a message m to be encrypted and a conversion condition w, and outputs the conditional proxy ciphertext;

s503, the patient encrypts a conditional proxy ciphertext with an association key uniquely corresponding to the hospital AAnd medical data ciphertext->And the data is sent to the hospital A and is stored and managed by the hospital A.

In a third embodiment of the present invention, step S7 includes:

s701, hospital A needs to negotiate an asymmetric cipher suite Enc with hospital B _asym Algorithm and Dec _asym The algorithm is used for secret distribution of a user private key in a conditional proxy re-encryption scheme under a cross-domain scene;

s702, a patient takes a public parameter pp as input, and runs a CPRE-Key Gen algorithm to obtain a public-private key pair of a doctor of a hospital B in a conditional proxy re-encryption scheme: (sk) _B ，pk _B ) Public key pk _B Public, private key sk _B Secret preservation;

s703, public key pk 'of doctor under hospital B cipher system by patient' _B And doctor's private key sk in conditional proxy re-encryption scheme _B As input, an asymmetric encryption algorithm Enc is run _asym Algorithm, obtaining encrypted doctor private key sk _B Ciphertext of (2)And the ciphertext->To the doctor. />

In a third embodiment of the present invention, step S8 includes:

S801, the doctor receives the encryption of the patient transmissionCiphertext of private keyThereafter, dec is invoked _asym Algorithm, using private key sk 'of oneself under the cryptographic system of hospital B' _B Decrypting ciphertext encrypted with private key>Obtain private key +.>

In a third embodiment of the present invention, step S9 includes:

s901, the patient uses the private key sk of the patient _A And institution identifier I for Hospital A _A Public key pk of doctor in conditional proxy re-encryption scheme _B As input, the CPRE-RKey Gen algorithm is run to generate a conditional proxy re-encryption keyAnd sending the generated conditional agent re-encryption key to the hospital A, and giving the hospital A storage management. The key->The medical data ciphertext which can be decrypted by the patient can be converted into the medical data ciphertext which can be decrypted by the doctor;

s902, using the CPRE-RKey Gen algorithm to utilize the incoming private key sk _A Conversion condition w and public key pk _B According to the used conditional proxy re-encryption scheme, a conditional proxy re-encryption key rk is calculated _A→B，w And output.

In a third embodiment of the present invention, step S11 includes:

s1101, conditional proxy ciphertext of association key uniquely corresponding to hospital A by hospital AAnd conditional proxy re-encryption key rk _A→B，IA As input, CPRE-Reencrypt algorithm is run to obtain ciphertext which can be decrypted by doctor >

S1102, CPRE-reincrypt algorithm utilizes the incoming ciphertext c _A And conditional proxy re-encryption key rk _A→B，w According to the used conditional proxy re-encryption scheme, the converted ciphertext c is calculated _R And output;

s1103, hospital A converts the converted ciphertextAnd specific medical data ciphertext-> And sent to hospital B. Wherein (1)>Is the specific medical data to be accessed by the doctor and is { m } ₁ ，m ₂ ，…，m _n A subset of }.

In a third embodiment of the present invention, step S12 includes:

s1201, after conversion, ciphertext is converted by hospital BAnd specific medical data ciphertext-> Transmitting to doctor, after receiving the ciphertexts, the doctor will use its private key sk in the conditional proxy re-encryption scheme _B Ciphertext after conversion->And institution identifier I for Hospital A _A As input, the CPRE-Decrypt algorithm is run, resulting in an association key corresponding uniquely to hospital a +.>

S1202, CPRE-Decrypt algorithm utilizes the incoming private key sk _B Converted ciphertext c _R And converting the condition w, decrypting to obtain a plaintext according to the used conditional proxy re-encryption scheme and outputting the plaintext.

In a third embodiment of the present invention, step S13 includes:

s1301, the doctor uses the specific medical dataCorresponding identifier-> Send to the patient, request the associated key uniquely corresponding to the specific medical data from the patient

In a third embodiment of the present invention, step S14 includes:

s1401, the patient receives an identifier corresponding to the specific medical data transmitted from the doctor Deriving an association key uniquely corresponding to the medical data from the random seed K obtained by sampling the identifier and S3>And sends these associated keys to the doctor. Wherein, medical data->The specific form of the associated key of (2) is +.> k2_len is k _i ^* Is a length of (c).

In a third embodiment of the present invention, step S15 includes:

s1501, doctor receives the related key uniquely corresponding to the medical data sent by patientAnd associate it with the associated key uniquely corresponding to hospital A +.>In combination, a complete symmetric key is obtained>And call Dec _sym Algorithm for decrypting ciphertext of medical data using symmetric keyObtain plaintext data->Wherein, medical data ciphertext->Corresponding symmetric key->Ciphertext->The decryption process of (2) is

The foregoing embodiments have been provided for the purpose of illustrating the general principles of the present invention, and are not to be construed as limiting the scope of the invention. It should be noted that any modifications, equivalent substitutions, improvements, etc. made by those skilled in the art without departing from the spirit and principles of the present invention are intended to be included in the scope of the present invention.

Claims

1. A conditional proxy re-encryption based data sharing method, comprising:

2. The data sharing method based on conditional proxy re-encryption according to claim 1, wherein the first symmetric key is formed by combining a first association key corresponding to a first organization where the first user is located and a second association key corresponding to the first user privacy data, specifically:

3. The conditional proxy re-encryption based data sharing method according to claim 1, wherein the private key of the first user is specifically:

4. The data sharing method based on conditional proxy re-encryption according to claim 3, wherein the first conditional proxy ciphertext is formed by encrypting a first association key corresponding to a first institution where the first user is located, specifically:

5. The conditional proxy re-encryption based data sharing method according to claim 3, wherein the conditional proxy re-encryption key is generated by the first user according to the private key of the first user, the organization identifier of the first organization, and the public key of the second user in the conditional proxy re-encryption scheme, specifically:

6. The conditional proxy re-encryption based data sharing method according to claim 1, wherein the sending the second conditional proxy ciphertext and the first private data ciphertext to the second user is specifically:

7. The conditional proxy re-encryption based data sharing method according to claim 1, wherein the second user obtains a third association key by decrypting the second conditional proxy ciphertext, specifically:

8. The conditional proxy re-encryption based data sharing method according to claim 1, wherein the second user obtains a third association key by decrypting the second conditional proxy ciphertext to generate a second symmetric key, specifically:

the second user receives a second association key sent by the first user;

9. A conditional proxy re-encryption based data sharing apparatus, comprising: the device comprises an analysis module, a search module, a conversion module and a sending module;

10. The conditional proxy re-encryption based data sharing apparatus according to claim 9, wherein the conditional proxy re-encryption key is generated by the first user from the first user's private key, the first institution's institution identifier and the second user's public key in the conditional proxy re-encryption scheme;