CN116996281A - Dynamic searchable symmetric encryption method, system and medium supporting cipher text sharing - Google Patents

Dynamic searchable symmetric encryption method, system and medium supporting cipher text sharing Download PDF

Info

Publication number
CN116996281A
CN116996281A CN202310905749.XA CN202310905749A CN116996281A CN 116996281 A CN116996281 A CN 116996281A CN 202310905749 A CN202310905749 A CN 202310905749A CN 116996281 A CN116996281 A CN 116996281A
Authority
CN
China
Prior art keywords
ciphertext
shared
file identifier
server
keyword
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202310905749.XA
Other languages
Chinese (zh)
Other versions
CN116996281B (en
Inventor
王蔚
刘东立
葛文超
王智兴
徐鹏
杨天若
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN202310905749.XA priority Critical patent/CN116996281B/en
Publication of CN116996281A publication Critical patent/CN116996281A/en
Application granted granted Critical
Publication of CN116996281B publication Critical patent/CN116996281B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Health & Medical Sciences (AREA)
  • Computing Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a dynamic searchable symmetric encryption method, a system and a medium supporting ciphertext sharing, belonging to the field of cloud storage security, wherein the method comprises the following steps: the data owner calculates a linked list pointer corresponding to the file identifier to be shared, generates a sharing bill containing the file identifier to be shared, the linked list pointer and the decryption key, and sends the sharing bill to the data user; the data user acquires a corresponding ciphertext to be shared from the server by using the sharing bill, encrypts the ciphertext to be shared again and stores the encrypted ciphertext to a user ciphertext database of the server package; the data user calculates a search trapdoor by using the private key of the user and the keyword to be searched and sends the search trapdoor to the server; the server searches ciphertext corresponding to the trapdoor from the user ciphertext database and returns the ciphertext to the data user, and plaintext content corresponding to the ciphertext is a file identifier corresponding to the keyword to be searched. And generating a sharing bill according to the sharing file identifier, so that safe and efficient sharing of the searchable ciphertext among different users is realized and efficient searching is supported.

Description

支持密文分享的动态可搜索对称加密方法、系统及介质Dynamic searchable symmetric encryption method, system and medium supporting ciphertext sharing

技术领域Technical field

本发明属于云存储安全领域,更具体地,涉及一种支持密文分享的动态可搜索对称加密方法、系统及介质。The invention belongs to the field of cloud storage security, and more specifically, relates to a dynamic searchable symmetric encryption method, system and medium that support ciphertext sharing.

背景技术Background technique

信息时代本地数据规模大量膨胀,越来越多的用户选择将数据上传到云端,以减轻本地存储负担。大部分企业或用户会选择对原始明文数据加密后上传到云服务器进行存储,以此来保护数据的隐私性。对于存储在云端的加密数据,除了满足自身使用的需求外,数据拥有者通常需要将这些密文分享给其他用户进行搜索。In the information age, the scale of local data has greatly expanded, and more and more users choose to upload data to the cloud to reduce the burden of local storage. Most enterprises or users will choose to encrypt the original plaintext data and then upload it to the cloud server for storage to protect the privacy of the data. For encrypted data stored in the cloud, in addition to meeting their own needs, data owners usually need to share these ciphertexts with other users for search.

可搜索加密技术实现了对密文数据的关键字搜索功能。用户对指定关键字生成陷门并发送给服务器,服务器根据陷门与密文进行匹配并返回搜索结果。可搜索加密技术在方便了用户使用密文数据的同时,进一步保护了加密文件的隐私和安全。针对不同的应用场景,可搜索加密技术在密码体制上可以分为可搜索公钥加密技术和可搜索对称加密技术,其中,后者在数据外包存储场景中应用更为广泛。Searchable encryption technology enables keyword search functions for ciphertext data. The user generates a trapdoor for the specified keyword and sends it to the server. The server matches the trapdoor with the ciphertext and returns the search results. Searchable encryption technology not only facilitates users to use ciphertext data, but also further protects the privacy and security of encrypted files. For different application scenarios, searchable encryption technology can be divided into searchable public key encryption technology and searchable symmetric encryption technology in terms of cryptography system. Among them, the latter is more widely used in data outsourcing storage scenarios.

传统的密文分享方法中,通常使用分享密钥的方式进行密文分享。这类分享模式下,可搜索密文本身不会进行复制与分享,数据使用者分享到的实际上是对密文进行关键字搜索的短期能力。当分享链接超时或失效时,数据使用者无法继续使用密文数据。现有密文分享方法无法对密文本身进行分享,同时数据使用者无法保有对分享密文的长期关键字搜索能力。In the traditional ciphertext sharing method, ciphertext is usually shared by sharing a key. In this type of sharing mode, the searchable ciphertext itself will not be copied and shared. What data users share is actually the short-term ability to perform keyword searches on the ciphertext. When the sharing link times out or becomes invalid, data users cannot continue to use the ciphertext data. Existing ciphertext sharing methods cannot share the ciphertext itself, and data users cannot maintain long-term keyword search capabilities for shared ciphertexts.

发明内容Contents of the invention

针对现有技术的缺陷和改进需求,本发明提供了一种支持密文分享的动态可搜索对称加密方法、系统及介质,其目的在于通过分享票据实现可搜索密文的长期分享,使数据使用者长期具有对分享文件的关键字搜索能力。In view of the shortcomings and improvement needs of the existing technology, the present invention provides a dynamic searchable symmetric encryption method, system and medium that supports ciphertext sharing. The purpose is to achieve long-term sharing of searchable ciphertext by sharing tickets, so that data usage The user has long-term keyword search capabilities for shared files.

为实现上述目的,按照本发明的一个方面,提供了一种支持密文分享的动态可搜索对称加密方法,用于包括数据拥有者、服务器和数据使用者的系统,方法包括:密文分享阶段S1-S3以及关键字搜索阶段S4-S5;S1,数据拥有者计算待分享文件标识符对应的链表指针,生成包含待分享文件标识符、链表指针和解密密钥的分享票据并发送至数据使用者;S2,数据使用者利用分享票据从服务器获取待分享文件标识符对应的待分享密文,利用使用者私钥对待分享密文重加密后存储至服务器;S3,服务器将重加密后的待分享密文存储到使用者密文数据库,其中,待分享密文由数据拥有者上传至服务器的拥有者密文数据库;S4,数据使用者利用待搜索关键字以及使用者私钥,计算搜索陷门并发送至服务器;S5,服务器从使用者密文数据库中查找搜索陷门对应的密文并返回给数据使用者,其中,密文对应的明文内容为待搜索关键字对应的文件标识符。In order to achieve the above object, according to one aspect of the present invention, a dynamic searchable symmetric encryption method that supports ciphertext sharing is provided for a system including a data owner, a server and a data user. The method includes: a ciphertext sharing stage S1-S3 and keyword search stage S4-S5; S1, the data owner calculates the linked list pointer corresponding to the file identifier to be shared, generates a sharing ticket including the file identifier to be shared, the linked list pointer and the decryption key and sends it to the data user S2, the data user uses the sharing ticket to obtain the ciphertext to be shared corresponding to the file identifier to be shared from the server, uses the user's private key to re-encrypt the shared ciphertext and stores it in the server; S3, the server re-encrypts the ciphertext to be shared. The shared ciphertext is stored in the user ciphertext database, in which the ciphertext to be shared is uploaded to the owner ciphertext database of the server by the data owner; S4, the data user uses the keywords to be searched and the user's private key to calculate the search trap. door and sent to the server; S5, the server searches for the ciphertext corresponding to the trapdoor from the user's ciphertext database and returns it to the data user, where the plaintext content corresponding to the ciphertext is the file identifier corresponding to the keyword to be searched.

更进一步地,服务器采用双向索引链表结构将数据拥有者上传的密文存储到拥有者密文数据库;链表指针包括:待分享文件标识符对应的链表尾结点指针L1、以及L1对应的辅助定位参数Jid 1,Jid 1用于辅助定位文件标识符维度链表的前一结点:Furthermore, the server uses a bidirectional index linked list structure to store the ciphertext uploaded by the data owner into the owner's ciphertext database; the linked list pointers include: the linked list tail node pointer L 1 corresponding to the file identifier to be shared, and the linked list corresponding to L 1 Auxiliary positioning parameter J id 1 , J id 1 is used to assist in locating the previous node of the file identifier dimension linked list:

L1←F(Kσ,1,w1||id1)L 1 ←F(K σ,1 ,w 1 ||id 1 )

Jid 1←F(Kσ,2,id1||w1)J id 1 ←F(K σ,2 ,id 1 ||w 1 )

其中,F()为伪随机函数,Kσ,1、Kσ,2为构成数据拥有者主密钥的两个密钥,w1为id1对应的关键字,id1为待分享文件标识符。Among them, F() is a pseudo-random function, K σ,1 and K σ,2 are the two keys that constitute the data owner’s master key, w 1 is the keyword corresponding to id 1 , and id 1 is the file identification to be shared. symbol.

更进一步地,服务器获取待分享文件标识符对应的待分享密文,包括:S21,服务器提取拥有者密文数据库中L1位置处的可搜索密文,可搜索密文包括文件标识符维度链表Iid 1、文件标识符随机字符串Rid 1和关键字密文Cid 1;S22,服务器将Cid 1添加到分享集合中,根据Iid 1、Rid 1和Jid 1计算文件标识符维度链表的前一结点指针L1'和相应的辅助定位参数Jid 1',将L1、Jid 1分别对应更新为L1'、Jid 1':Furthermore, the server obtains the ciphertext to be shared corresponding to the file identifier to be shared, including: S21. The server extracts the searchable ciphertext at position L 1 in the owner's ciphertext database. The searchable ciphertext includes the file identifier dimension linked list. I id 1 , the file identifier random string R id 1 and the keyword ciphertext C id 1 ; S22, the server adds C id 1 to the shared collection and calculates the file identification based on I id 1 , R id 1 and J id 1 The previous node pointer L 1 ' of the character dimension linked list and the corresponding auxiliary positioning parameter J id 1 ' are updated to L 1 ' and J id 1 ' respectively:

其中,H()为哈希函数;S23,重复执行S21-S22直至遍历完待分享文件标识符对应链表,最终得到的分享集合为待分享密文。Among them, H() is the hash function; S23, repeat S21-S22 until the linked list corresponding to the file identifier to be shared is traversed, and the final shared set is the ciphertext to be shared.

更进一步地,利用使用者私钥对待分享密文重加密后存储至服务器,包括:S25,解密待分享密文得到关键字w1的关键字集合,对于关键字集合中的每个w1,分别执行S26-S28;S26,在ID状态表中查找w1对应最新更新的文件标识符id1';S27,利用Kσ',1生成对应于(w1,id1)对的密文索引L1,利用Kσ',2、w1、id1计算文件标识符密文Cw 1,Kσ',1、Kσ',2为构成使用者主密钥的两个私钥,id1为待分享文件标识符,将ID状态表更新为w1与id1对应;S28,根据id1'是否为空,分情况计算w1对应的关键字维度链表Iw 1,得到w1对应的密文(L1,Iw 1,Rw 1,Cw 1),L1为待分享文件标识符对应的链表尾结点指针,Rw 1为关键字随机字符串;S29,将各w1对应密文(L1,Iw 1,Rw 1,Cw 1)组成的集合存储至服务器。Furthermore, the user's private key is used to re-encrypt the ciphertext to be shared and then store it in the server, including: S25, decrypting the ciphertext to be shared to obtain a keyword set of keyword w 1 , for each w 1 in the keyword set, Execute S26-S28 respectively; S26, search the latest updated file identifier id 1 ' corresponding to w 1 in the ID status table; S27, use K σ', 1 to generate a ciphertext index corresponding to the (w 1 , id 1 ) pair L 1 , use K σ', 2 , w 1 , id 1 to calculate the file identifier ciphertext C w 1 , K σ', 1 , K σ', 2 are the two private keys that constitute the user's master key, id 1 is the identifier of the file to be shared, and the ID status table is updated to correspond to w 1 and id 1 ; S28, according to whether id 1 ' is empty, calculate the keyword dimension linked list I w 1 corresponding to w 1 according to the situation, and obtain the correspondence of w 1 ciphertext (L 1 , I w 1 , R w 1 , C w 1 ), L 1 is the end node pointer of the linked list corresponding to the file identifier to be shared, R w 1 is a random string of keywords; S29, add each The set composed of w 1 corresponding ciphertext (L 1 , I w 1 , R w 1 , C w 1 ) is stored in the server.

更进一步地,id1'为空时,Iw 1为:Furthermore, when id 1 ' is empty, I w 1 is:

id1'不为空时,Iw 1为:When id 1 'is not empty, I w 1 is:

L1'←F(Kσ',1,w1||id1')L 1 '←F(K σ',1 ,w 1 ||id 1 ')

Jw 1'←F(Kσ',2,w1||id1')J w 1 '←F(K σ',2 ,w 1 ||id 1 ')

其中,H()为哈希函数,F()为伪随机函数,L1'为文件标识符维度链表的前一结点指针,Jw 1'为上一个更新密文的值。Among them, H() is the hash function, F() is the pseudo-random function, L 1 ' is the previous node pointer of the file identifier dimension linked list, and J w 1 ' is the value of the last updated ciphertext.

更进一步地,服务器采用双向索引链表结构将重加密后的待分享密文复制到使用者密文数据库,S5包括:S51,服务器提取使用者密文数据库中L2位置处的密文,密文包括关键字维度链表Iw 2、关键字随机字符串Rw 2和文件标识符密文Cw 2,L2为待搜索关键字所对应链表尾结点指针;S52,服务器将Cw 2添加到搜索结果集合中,根据Iw 2、Rw 2和Jw 2计算文件标识符维度链表的前一结点指针L2'和相应的辅助定位参数Jw 2',将L2、Jw 2分别更新为L2'、Jw 2':Furthermore, the server uses a bidirectional index linked list structure to copy the re-encrypted ciphertext to be shared to the user ciphertext database. S5 includes: S51. The server extracts the ciphertext at position L 2 in the user ciphertext database. The ciphertext Including keyword dimension linked list I w 2 , keyword random string R w 2 and file identifier ciphertext C w 2 , L 2 is the end node pointer of the linked list corresponding to the keyword to be searched; S52, the server adds C w 2 into the search result set, calculate the previous node pointer L 2 ' of the file identifier dimension linked list and the corresponding auxiliary positioning parameter J w 2 ' based on I w 2 , R w 2 and J w 2 , and add L 2 and J w 2 are updated to L 2 ' and J w 2 ' respectively:

其中,H()为哈希函数,Jw 2为L2相应的辅助定位参数;S53,重复执行S51-S52直至遍历完关键字对应链表,最终得到的搜索结果集合为搜索陷门对应的密文。Among them, H() is the hash function, J w 2 is the corresponding auxiliary positioning parameter of L 2 ; S53, repeat S51-S52 until the keyword corresponding linked list is traversed, and the final set of search results is the keyword corresponding to the search trapdoor. arts.

更进一步地,方法还包括密文更新阶段:数据拥有者根据待更新的关键字w3-文件标识符id3对(w3,id3),查找w3对应最新更新的文件标识符id3',以及查找id3对应最新更新的关键字w3';利用Kσ,1生成对应于(w3,id3)对的密文索引L3,利用Kσ,2、w3、id3计算文件标识符密文Cw 3和关键字密文Cid 3;Kσ,1、Kσ,2为构成数据拥有者主密钥的两个密钥;根据w3'是否为空,分情况计算更新id3对应的文件标识符维度链表Iid 3;根据id3'是否为空,分情况计算更新w3对应的关键字维度链表Iw 3;将密文(L3,Iw 3,Rw 3,Cw 3,Iid 3,Rid 3,Cid 3)发送给服务器,使得服务器将密文存储在拥有者密文数据库中,Rw 3、Rid 3分别为长度为λ的关键字随机值、文件标识符随机值。Furthermore, the method also includes a ciphertext update stage: the data owner searches for the latest updated file identifier id 3 corresponding to w 3 based on the pair of keyword w 3 - file identifier id 3 to be updated (w 3 , id 3 ). ', and find the latest updated keyword w 3 ' corresponding to id 3 ; use K σ,1 to generate the ciphertext index L 3 corresponding to the (w 3 , id 3 ) pair, and use K σ, 2 , w 3 , id 3 Calculate the file identifier ciphertext C w 3 and the keyword ciphertext C id 3 ; K σ,1 and K σ,2 are the two keys that constitute the data owner's master key; according to whether w 3 ' is empty, divide Calculate and update the file identifier dimension linked list I id 3 corresponding to id 3 ; according to whether id 3 ' is empty, calculate and update the keyword dimension linked list I w 3 corresponding to w 3 according to the situation; convert the ciphertext (L 3 , I w 3 ,R w 3 ,C w 3 ,I id 3 ,R id 3 ,C id 3 ) are sent to the server, causing the server to store the ciphertext in the owner ciphertext database. R w 3 and R id 3 are respectively of length The keyword random value of λ and the file identifier random value.

更进一步地,w3'为空时,Iid 3为:Furthermore, when w 3 ' is empty, I id 3 is:

w3'不为空时,Iid 3为:When w 3 ' is not empty, I id 3 is:

L3'←F(Kσ,1,w3'||id3)L 3 '←F(K σ,1 ,w 3 '||id 3 )

Jid 3'←F(Kσ,2,id3||w3')J id 3 '←F(K σ,2 ,id 3 ||w 3 ')

id3'为空时,Iw 3为:When id 3 ' is empty, I w 3 is:

id3'不为空时,Iw 3为:When id 3 'is not empty, I w 3 is:

L3'←F(Kσ',1,w3||id3')L 3 '←F(K σ',1 ,w 3 ||id 3 ')

Jw 3'←F(Kσ',2,w3||id3')J w 3 '←F(K σ',2 ,w 3 ||id 3 ')

其中,H()为哈希函数,F()为伪随机函数,L3'为待更新的关键字对应的文件标识符维度链表的前一结点指针,Jw 3'为上一个更新密文的值。Among them, H() is the hash function, F() is the pseudo-random function, L 3 ' is the previous node pointer of the file identifier dimension linked list corresponding to the keyword to be updated, J w 3 ' is the previous update key value of text.

按照本发明的另一个方面,提供了一种支持密文分享的动态可搜索对称加密系统,包括数据拥有者、服务器和数据使用者;密文分享阶段:数据拥有者计算待分享文件标识符对应的链表指针,生成包含待分享文件标识符、链表指针和解密密钥的分享票据并发送至数据使用者;数据使用者利用分享票据从服务器获取待分享文件标识符对应的待分享密文,利用使用者私钥对待分享密文重加密后存储至服务器;服务器将重加密后的待分享密文存储到使用者密文数据库,其中,待分享密文由数据拥有者上传至服务器的拥有者密文数据库;关键字搜索阶段:数据使用者利用待搜索关键字以及使用者私钥,计算搜索陷门并发送至服务器;服务器从使用者密文数据库中查找搜索陷门对应的密文并返回给数据使用者,其中,密文对应的明文内容为待搜索关键字对应的文件标识符。According to another aspect of the present invention, a dynamic searchable symmetric encryption system that supports ciphertext sharing is provided, including a data owner, a server and a data user; the ciphertext sharing stage: the data owner calculates the identifier corresponding to the file to be shared The linked list pointer generates a sharing ticket containing the file identifier to be shared, the linked list pointer and the decryption key and sends it to the data user; the data user uses the sharing ticket to obtain the ciphertext to be shared corresponding to the file identifier to be shared from the server, using The user's private key re-encrypts the ciphertext to be shared and stores it in the server; the server stores the re-encrypted ciphertext to be shared in the user's ciphertext database, where the ciphertext to be shared is uploaded to the server's owner's secret key by the data owner. text database; keyword search stage: the data user uses the keyword to be searched and the user's private key to calculate the search trapdoor and sends it to the server; the server searches for the ciphertext corresponding to the search trapdoor from the user's ciphertext database and returns it to Data user, where the plaintext content corresponding to the ciphertext is the file identifier corresponding to the keyword to be searched.

按照本发明的另一个方面,提供了一种计算机可读存储介质,其上存储有计算机程序,所述程序被处理器执行时实现如上所述的支持密文分享的动态可搜索对称加密方法。According to another aspect of the present invention, a computer-readable storage medium is provided, on which a computer program is stored. When the program is executed by a processor, the dynamic searchable symmetric encryption method supporting ciphertext sharing is implemented as described above.

总体而言,通过本发明所构思的以上技术方案,能够取得以下有益效果:Generally speaking, through the above technical solutions conceived by the present invention, the following beneficial effects can be achieved:

(1)提供了一种支持密文分享的动态可搜索对称加密方法,数据拥有者根据需要分享的文件标识符生成分享票据,服务器根据分享票据找到分享密文,数据使用者对分享密文进行重加密后更新到使用者密文数据库,并能够使用私钥生成陷门进行长期搜索,从而可以实现对可搜索密文的分享,同时使数据使用者保有长期搜索能力;(1) Provides a dynamic searchable symmetric encryption method that supports ciphertext sharing. The data owner generates a sharing ticket based on the file identifier that needs to be shared. The server finds the shared ciphertext based on the sharing ticket, and the data user performs the sharing on the shared ciphertext. After re-encryption, it is updated to the user's ciphertext database, and the private key can be used to generate a trapdoor for long-term search, thereby enabling the sharing of searchable ciphertext while allowing data users to retain long-term search capabilities;

(2)服务器基于双向链表构造密文索引结构,在进行密文分享或关键字搜索时,服务器可以根据分享票据或搜索陷门中的密文索引定位到链尾结点,并计算出所在链表前一结点的密文索引,从而将与同一个文件标识符或关键字相关联的所有可搜索密文连接起来,由此,将密文的搜索时间复杂度降至亚线性级别,实现了高效分享与搜索;(2) The server constructs a ciphertext index structure based on a two-way linked list. When sharing ciphertext or searching for keywords, the server can locate the node at the end of the chain based on the ciphertext index in the shared ticket or search trapdoor, and calculate the linked list. The ciphertext index of the previous node, thereby connecting all searchable ciphertexts associated with the same file identifier or keyword, thereby reducing the ciphertext search time complexity to a sub-linear level, achieving Efficient sharing and searching;

(3)每次进行密文分享或关键字搜索时,都会重新生成并更新其对应的密钥信息,使得某时刻生成的分享票据或搜索陷门只能对其之前的密文进行分享或搜索,而无法对其之后的密文产生效果,由此保证了前向安全性;密文分享不涉及删除操作,不会对后向安全造成影响,而密文中的文件标识符都经过加密处理,服务器无法获得已经删除的可搜索密文中保存的文件标识符,并且前面上传的删除操作密文不会影响后面上传的添加操作密文,由此保证了后向安全,因此,方法具有前后向安全性;(3) Every time a ciphertext is shared or a keyword search is performed, the corresponding key information will be regenerated and updated, so that the sharing ticket or search trapdoor generated at a certain time can only share or search the previous ciphertext. , and cannot have an effect on the subsequent ciphertext, thus ensuring forward security; ciphertext sharing does not involve deletion operations and will not affect backward security, and the file identifiers in the ciphertext are encrypted. The server cannot obtain the file identifier saved in the deleted searchable ciphertext, and the deletion operation ciphertext uploaded earlier will not affect the add operation ciphertext uploaded later, thus ensuring backward security. Therefore, the method has forward and backward security. sex;

(4)服务器能够支持用户添加新的可搜索密文到密文数据库中,并且在搜索时可实现对指定可搜索密文的删除操作,使得方法具有动态性。(4) The server can support users to add new searchable ciphertexts to the ciphertext database, and can delete specified searchable ciphertexts during search, making the method dynamic.

附图说明Description of the drawings

图1为本发明实施例提供的支持密文分享的动态可搜索对称加密方法的流程图;Figure 1 is a flow chart of a dynamic searchable symmetric encryption method that supports ciphertext sharing provided by an embodiment of the present invention;

图2为本发明实施例提供的密文分享系统的架构示意图;Figure 2 is a schematic architectural diagram of a ciphertext sharing system provided by an embodiment of the present invention;

图3为本发明实施例提供的双向索引链表的示意图。Figure 3 is a schematic diagram of a bidirectional index linked list provided by an embodiment of the present invention.

具体实施方式Detailed ways

为了使本发明的目的、技术方案及优点更加清楚明白,以下结合附图及实施例,对本发明进行进一步详细说明。应当理解,此处所描述的具体实施例仅仅用以解释本发明,并不用于限定本发明。此外,下面所描述的本发明各个实施方式中所涉及到的技术特征只要彼此之间未构成冲突就可以相互组合。In order to make the purpose, technical solutions and advantages of the present invention more clear, the present invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described here are only used to explain the present invention and are not intended to limit the present invention. In addition, the technical features involved in the various embodiments of the present invention described below can be combined with each other as long as they do not conflict with each other.

在本发明中,本发明及附图中的术语“第一”、“第二”等(如果存在)是用于区别类似的对象,而不必用于描述特定的顺序或先后次序。In the present invention, the terms "first", "second", etc. (if present) in the present invention and the accompanying drawings are used to distinguish similar objects and are not necessarily used to describe a specific order or sequence.

图1为本发明实施例提供的支持密文分享的动态可搜索对称加密方法的流程图。参阅图1,结合图2-图3,对本实施例中支持密文分享的动态可搜索对称加密方法进行详细说明。方法用于包括数据拥有者、服务器和数据使用者的系统,包括密文分享阶段(包括操作S1-操作S3)以及关键字搜索阶段(包括操作S4-操作S5)。Figure 1 is a flow chart of a dynamic searchable symmetric encryption method that supports ciphertext sharing provided by an embodiment of the present invention. Referring to Figure 1, combined with Figures 2 and 3, the dynamic searchable symmetric encryption method supporting ciphertext sharing in this embodiment will be described in detail. The method is used in a system including a data owner, a server and a data user, and includes a ciphertext sharing stage (including operations S1-operation S3) and a keyword search stage (including operations S4-operation S5).

本实施例所用于的密文分享系统的架构如图2所示。参阅图2,密文分享系统包括三个实体:数据拥有者、服务器和数据使用者。数据拥有者负责更新密文索引、生成分享票据;服务器负责存储和维护密文数据库、分享密文、搜索关键字;数据使用者负责密文重加密、关键字搜索。The architecture of the ciphertext sharing system used in this embodiment is shown in Figure 2. Referring to Figure 2, the ciphertext sharing system includes three entities: data owner, server and data user. The data owner is responsible for updating the ciphertext index and generating sharing tickets; the server is responsible for storing and maintaining the ciphertext database, sharing ciphertext, and searching for keywords; the data user is responsible for re-encrypting the ciphertext and searching for keywords.

数据拥有者的功能包括以下三个方面:(1)在本地对系统进行初始化,生成对称密钥、本地状态并初始化服务器上的拥有者密文数据库;(2)利用对称密钥和本地状态对指定的关键字-文件标识符对以及操作类型进行加密,并将加密后的密文上传到服务器保存;(3)利用对称密钥、本地状态和待分享的文件标识符生成分享票据,并发送给服务器和数据使用者。The functions of the data owner include the following three aspects: (1) Initialize the system locally, generate symmetric keys, local states, and initialize the owner ciphertext database on the server; (2) Use symmetric keys and local states to pair Encrypt the specified keyword-file identifier pair and operation type, and upload the encrypted ciphertext to the server for storage; (3) Use the symmetric key, local status and file identifier to be shared to generate a sharing ticket and send it To servers and data consumers.

服务器的功能包括以下三个方面:(1)接收到提交的可搜索密文后,将其保存在拥有者密文数据库中;(2)接收到分享票据后,根据分享票据找到对应文件的可搜索密文并返回给数据使用者;(3)接收到数据使用者提交的搜索陷门后,在使用者密文数据库中对可搜索密文进行匹配,并返回搜索后的结果。The functions of the server include the following three aspects: (1) After receiving the submitted searchable ciphertext, it saves it in the owner's ciphertext database; (2) After receiving the sharing ticket, it finds the searchable ciphertext of the corresponding file based on the sharing ticket. Search the ciphertext and return it to the data user; (3) After receiving the search trapdoor submitted by the data user, match the searchable ciphertext in the user's ciphertext database and return the search results.

数据使用者的功能包括以下四个方面:(1)在本地对系统进行初始化,生成对称密钥、本地状态并初始化服务器上的使用者密文数据库;(2)使用私钥对服务器返回的分享密文进行重加密,并更新到使用者密文数据库中;(3)利用私钥和本地状态对指定关键字生成搜索陷门,并提交给服务器;(4)接收到服务器返回的搜索结果,对搜索结果进行解密并获取其中的文件标识符。The functions of the data user include the following four aspects: (1) Initialize the system locally, generate symmetric keys, local status and initialize the user ciphertext database on the server; (2) Use the private key to share the data returned by the server. The ciphertext is re-encrypted and updated to the user ciphertext database; (3) Use the private key and local status to generate a search trapdoor for the specified keyword and submit it to the server; (4) Receive the search results returned by the server, Decrypt the search results and obtain the file identifiers within them.

初始化阶段,需要根据应用需求预定义安全参数λ,并根据安全参数λ确定伪随机函数F、带随机种子的哈希函数H、对称加密算法SE。其中,λ是非零自然数,其数值越大,可搜索对称加密系统越安全,但相应的计算复杂度越高。伪随机函数F:KF×XF→YF,其中,KF={0,1}λ是伪随机函数的密钥空间,XF={0,1}*是数据空间,YF={0,1}λ是值域空间,即F要求密钥空间中的密钥是二进制长度为λ的比特串,对数据空间中的数据长度没有限制,同时要求输出结果是二进制长度为λ的比特串。带随机种子的哈希函数H:{0,1}λ×{0,1}λ→{0,1},即H的随机种子和输入都是二进制长度为λ的比特串,输出是二进制长度为2λ的比特串。对称加密算法SE:{E,D},其包含加密算法E()和解密算法D(),其密钥空间中密钥的二进制长度至少为λ,实施中一般选择高级加密标准(Advanced Encryption Standard,AES)系列。数据拥有者从F的密钥空间KF={0,1}λ中随机选取两个密钥Kσ,1和Kσ,2,构成数据拥有者的主密钥KσIn the initialization phase, it is necessary to predefine the security parameter λ according to the application requirements, and determine the pseudo-random function F, the hash function H with random seeds, and the symmetric encryption algorithm SE based on the security parameter λ. Among them, λ is a non-zero natural number. The larger the value, the more secure the searchable symmetric encryption system will be, but the corresponding computational complexity will be higher. Pseudo-random function F:K F ×X F →Y F , where K F ={0,1} λ is the key space of the pseudo-random function, X F ={0,1} * is the data space, Y F = {0,1} λ is the value range space, that is, F requires that the key in the key space is a bit string with a binary length of λ. There is no limit on the data length in the data space, and the output result is required to be a binary length of λ. bit string. Hash function H with random seed: {0,1} λ ×{0,1} λ →{0,1} , that is, the random seed and input of H are both bit strings with binary length λ, and the output is binary A bit string of length 2λ. Symmetric encryption algorithm SE: {E, D}, which includes encryption algorithm E() and decryption algorithm D(). The binary length of the key in its key space is at least λ. The Advanced Encryption Standard is generally selected for implementation. ,AES) series. The data owner randomly selects two keys K σ,1 and K σ,2 from F's key space K F ={0,1} λ to form the data owner's master key K σ .

EDBσ和EDBσ'分别对应拥有者密文数据库和使用者密文数据库,均位于服务器,用于根据密文索引存储密文。关键字状态表lastWσ和ID状态表lastIDσ位于数据拥有者端,由数据拥有者秘密保存,且均对外不可访问;lastWσ用于记录对应于相同文件标识符id最近一次更新的关键字w',lastIDσ用于记录对应于相同关键字w最近一次更新的文件标识符id'。EDB σ and EDB σ' correspond to the owner ciphertext database and the user ciphertext database respectively. They are both located on the server and are used to store ciphertext according to the ciphertext index. The keyword status table lastW σ and the ID status table lastID σ are located at the data owner end, are kept secretly by the data owner, and are both inaccessible to the outside world; lastW σ is used to record the most recently updated keyword w corresponding to the same file identifier id. ', lastID σ is used to record the file identifier id corresponding to the latest update of the same keyword w'.

数据使用者的初始化过程参照数据拥有者,此处不再赘述。The initialization process of the data user refers to the data owner and will not be repeated here.

操作S1,数据拥有者计算待分享文件标识符对应的链表指针,生成包含待分享文件标识符、链表指针和解密密钥的分享票据并发送至数据使用者。In operation S1, the data owner calculates the linked list pointer corresponding to the file identifier to be shared, generates a sharing ticket including the file identifier to be shared, the linked list pointer and the decryption key, and sends it to the data user.

具体地,数据拥有者根据待分享文件标识符id1查找当前状态信息w1←lastWσ[id1],若状态信息为空,则返回⊥,否则,根据Kσ,1、Kσ,2、id1、w1计算分享票据并发送给数据使用者。Specifically, the data owner searches for the current status information w 1 ← lastW σ [id 1 ] based on the file identifier id 1 to be shared. If the status information is empty, return ⊥, otherwise, based on K σ,1 , K σ,2 , id 1 , w 1 calculates the sharing ticket and sends it to the data user.

根据本发明实施例,服务器采用双向索引链表结构将数据拥有者上传的密文存储到拥有者密文数据库。双向索引链表结构中,链表指针包括:待分享文件标识符对应的链表尾结点指针L1、以及L1对应的辅助定位参数Jid 1,Jid 1用于辅助定位文件标识符维度链表的前一结点。分享票据Pid可以表示为:According to the embodiment of the present invention, the server uses a bidirectional index linked list structure to store the ciphertext uploaded by the data owner into the owner ciphertext database. In the bidirectional index linked list structure, the linked list pointer includes: the linked list tail node pointer L 1 corresponding to the file identifier to be shared, and the auxiliary positioning parameter J id 1 corresponding to L 1. J id 1 is used to assist in locating the file identifier dimension linked list. previous node. The sharing ticket P id can be expressed as:

Pid←(L1,Jid 1,id1,Kid)P id ←(L 1 ,J id 1 ,id 1 ,K id )

L1←F(Kσ,1,w1||id1)L 1 ←F(K σ,1 ,w 1 ||id 1 )

Jid 1←F(Kσ,2,id1||w1)J id 1 ←F(K σ,2 ,id 1 ||w 1 )

Kid←F(Kσ,2,id1)K id ←F (K σ, 2 , id 1 )

其中,F()为伪随机函数,Kσ,1、Kσ,2为构成数据拥有者主密钥的两个密钥,w1为id1对应的关键字,id1为待分享文件标识符,Kid为解密密钥。Among them, F() is a pseudo-random function, K σ,1 and K σ,2 are the two keys that constitute the data owner’s master key, w 1 is the keyword corresponding to id 1 , and id 1 is the file identification to be shared. symbol, K id is the decryption key.

操作S2,数据使用者利用分享票据从服务器获取待分享文件标识符对应的待分享密文,利用使用者私钥对待分享密文重加密后存储至服务器。In operation S2, the data user uses the sharing ticket to obtain the ciphertext to be shared corresponding to the file identifier to be shared from the server, re-encrypts the ciphertext to be shared using the user's private key, and then stores it in the server.

本实施例中,操作S2包括子操作S20-子操作S29。子操作S21-子操作S23为服务器获取待分享文件标识符对应的待分享密文的过程;子操作S25-子操作S29为利用使用者私钥对待分享密文重加密后存储至服务器的过程。In this embodiment, operation S2 includes sub-operations S20-S29. Sub-operations S21 to S23 are the process of the server obtaining the ciphertext to be shared corresponding to the file identifier to be shared; sub-operations S25 to S29 are the process of re-encrypting the ciphertext to be shared using the user's private key and then storing it in the server.

在子操作S20中,数据使用者从分享票据Pid中提取出部分信息Did←(L,Jid)并发送给服务器,其余信息在本地存储保留。In sub-operation S20, the data user extracts part of the information D id ← (L, J id ) from the shared ticket P id and sends it to the server, while the remaining information is stored locally.

在子操作S21中,服务器提取拥有者密文数据库中L1位置处(EDBσ[L1])的可搜索密文(Iid 1,Rid 1,Cid 1)。可搜索密文包括文件标识符维度链表Iid 1、文件标识符随机字符串Rid 1和关键字密文Cid 1In sub-operation S21, the server extracts the searchable ciphertext (I id 1 , R id 1 , C id 1 ) at the L 1 position (EDB σ [L 1 ]) in the owner ciphertext database. The searchable ciphertext includes the file identifier dimension linked list I id 1 , the file identifier random string R id 1 and the keyword ciphertext C id 1 .

在子操作S22中,服务器将Cid 1添加到分享集合中,根据Iid 1、Rid 1和Jid 1计算文件标识符维度链表的前一结点指针L1'和相应的辅助定位参数Jid 1',将L1、Jid 1分别对应更新为L1'、Jid 1':In sub-operation S22, the server adds C id 1 to the shared set, and calculates the previous node pointer L 1 ' of the file identifier dimension linked list and the corresponding auxiliary positioning parameters based on I id 1 , R id 1 and J id 1 J id 1 ', update L 1 and J id 1 to L 1 ' and J id 1 ' respectively:

L1←L1'L 1 ← L 1 '

Jid 1←Jid 1'J id 1 ←J id 1 '

其中,H()为哈希函数。Among them, H() is the hash function.

在子操作S23中,重复执行子操作S21-子操作S22直至遍历完待分享文件标识符对应链表,最终得到的分享集合为待分享密文。In sub-operation S23, sub-operation S21-sub-operation S22 are repeatedly executed until the linked list corresponding to the file identifier to be shared is traversed, and the final shared set is the ciphertext to be shared.

在子操作S24中,服务器将最终得到的分享集合发送给数据使用者。In sub-operation S24, the server sends the finally obtained sharing set to the data user.

在子操作S25中,解密分享集合得到关键字w1的关键字集合,对于关键字集合中的每个w1,分别执行子操作S26-子操作S28。In sub-operation S25, the shared set is decrypted to obtain a keyword set of keyword w 1. For each w 1 in the keyword set, sub-operations S26 to S28 are executed respectively.

在子操作S26中,在ID状态表中查找w1对应最新更新的文件标识符id1'。In sub-operation S26, the latest updated file identifier id 1 ' corresponding to w 1 is searched in the ID status table.

对于分享集合中的每个关键字密文Cid 1,数据使用者使用对应的解密密钥Kid执行计算w1←D(Kid,Cid 1),从而恢复出关键字w1,根据待分享文件标识符id1'和解密得到的关键字w1,得到全部关键字-文件标识符对(w1,id1)。For each keyword ciphertext C id 1 in the shared set, the data user uses the corresponding decryption key K id to perform calculation w 1 ←D(K id ,C id 1 ), thereby recovering the keyword w 1 , according to The file identifier id 1 ' to be shared and the decrypted keyword w 1 are used to obtain all keyword-file identifier pairs (w 1 , id 1 ).

对于每一个关键字w1,找到对应于关键字w1的最近一次更新的文件标识符id1'←lastIDσ'[w1]。生成二进制长度为λ的键字随机字符串Rw 1For each keyword w 1 , find the most recently updated file identifier id 1 '←lastID σ' [w 1 ] corresponding to the keyword w 1 . Generate a random string of keys R w 1 with binary length λ.

在子操作S27中,利用Kσ',1生成对应于(w1,id1)对的密文索引L1,利用Kσ',2、w1、id1计算文件标识符密文Cw 1,将ID状态表更新为w1与id1对应,lastIDσ'[w1]←id1。L1和Cw 1可表示为:In sub-operation S27, K σ',1 is used to generate the ciphertext index L 1 corresponding to the (w 1 , id 1 ) pair, and K σ', 2 , w 1 , and id 1 are used to calculate the file identifier ciphertext C w 1 , update the ID status table to w 1 corresponding to id 1 , lastID σ' [w 1 ]←id 1 . L 1 and C w 1 can be expressed as:

L1←F(Kσ',1,w1||id1)L 1 ←F(K σ',1 ,w 1 ||id 1 )

Cw 1←E(F(Kσ',2,w1),id1)C w 1 ←E(F(K σ',2 ,w 1 ),id 1 )

其中,Kσ',1、Kσ',2为构成使用者主密钥的两个私钥,id1为待分享文件标识符。Among them, K σ',1 and K σ',2 are the two private keys that constitute the user's master key, and id 1 is the identifier of the file to be shared.

在子操作S28中,根据id1'是否为空,分情况计算w1对应的关键字维度链表Iw 1,得到w1对应的密文(L1,Iw 1,Rw 1,Cw 1),L1为待分享文件标识符对应的链表尾结点指针,Rw 1为关键字随机字符串。In sub-operation S28, depending on whether id 1 ' is empty, the keyword dimension linked list I w 1 corresponding to w 1 is calculated in each case, and the ciphertext (L 1 , I w 1 , R w 1 , C w ) corresponding to w 1 is obtained. 1 ), L 1 is the end node pointer of the linked list corresponding to the file identifier to be shared, and R w 1 is a random string of keywords.

具体地,id1'为空时,Iw 1为:Specifically, when id 1 ' is empty, I w 1 is:

id1'不为空时,Iw 1为:When id 1 'is not empty, I w 1 is:

L1'←F(Kσ',1,w1||id1')L 1 '←F(K σ',1 ,w 1 ||id 1 ')

Jw 1'←F(Kσ',2,w1||id1')J w 1 '←F(K σ',2 ,w 1 ||id 1 ')

其中,H()为哈希函数,F()为伪随机函数,L1'为文件标识符维度链表的前一结点指针,Jw 1'为上一个更新密文的值。Among them, H() is the hash function, F() is the pseudo-random function, L 1 ' is the previous node pointer of the file identifier dimension linked list, and J w 1 ' is the value of the last updated ciphertext.

在子操作S29中,将各w1对应密文(L1,Iw 1,Rw 1,Cw 1)组成的集合存储至服务器。In sub-operation S29, the set composed of the ciphertext (L 1 , I w 1 , R w 1 , C w 1 ) corresponding to each w 1 is stored in the server.

操作S3,服务器将重加密后的待分享密文存储到使用者密文数据库,其中,待分享密文由数据拥有者上传至服务器的拥有者密文数据库。In operation S3, the server stores the re-encrypted ciphertext to be shared in the user ciphertext database, where the ciphertext to be shared is uploaded by the data owner to the owner ciphertext database of the server.

服务器将密文(L1,Iw 1,Rw 1,Cw 1)存储在使用者密文数据库的EDBσ'[L]位置处,自此完成对待分享文件标识符对应文件的分享。The server stores the ciphertext (L 1 , I w 1 , R w 1 , C w 1 ) in the EDB σ' [L] location of the user's ciphertext database, and then completes the sharing of the file corresponding to the file identifier to be shared.

操作S4,数据使用者利用待搜索关键字以及使用者私钥,计算搜索陷门并发送至服务器。In operation S4, the data user uses the keyword to be searched and the user's private key to calculate the search trapdoor and sends it to the server.

数据使用者根据待搜索关键字w2查找状态表id2←lastIDσ'[w2],若状态信息值id2为空,则返回⊥;否则,根据w2、id2、Kσ',1生成搜索陷门Tw并发送给服务器。搜索陷门Tw的构成方式为:The data user searches the status table id 2 ←lastID σ' [w 2 ] based on the keyword w 2 to be searched. If the status information value id 2 is empty, return ⊥; otherwise, based on w 2 , id 2 , K σ', 1 Generate the search trapdoor T w and send it to the server. The search trapdoor T w is composed of:

Tw←(L2,Jw 2)T w ←(L 2 ,J w 2 )

L2←F(Kσ',1,w2||id2)L 2 ←F(K σ',1 ,w 2 ||id 2 )

Jw 2←F(Kσ',2,w2||id2)J w 2 ←F(K σ',2 ,w 2 ||id 2 )

其中,L2为待搜索关键字所对应链表尾结点指针,Jw 2为L2相应的辅助定位参数,用于辅助计算前一结点指针。Among them, L 2 is the end node pointer of the linked list corresponding to the keyword to be searched, and J w 2 is the corresponding auxiliary positioning parameter of L 2 , which is used to assist in calculating the previous node pointer.

操作S5,服务器从使用者密文数据库中查找搜索陷门对应的密文并返回给数据使用者,其中,密文对应的明文内容为待搜索关键字对应的文件标识符。In operation S5, the server searches for the ciphertext corresponding to the search trapdoor from the user's ciphertext database and returns it to the data user, where the plaintext content corresponding to the ciphertext is the file identifier corresponding to the keyword to be searched.

根据本发明的实施例,服务器采用双向索引链表结构将重加密后的待分享密文复制到使用者密文数据库。操作S5包括子操作S51-子操作S53。According to an embodiment of the present invention, the server uses a bidirectional index linked list structure to copy the re-encrypted ciphertext to be shared to the user ciphertext database. Operation S5 includes sub-operations S51-S53.

在子操作S51中,服务器提取使用者密文数据库中L2位置处(EDBσ'[L2])的密文(Iw 2,Rw 2,Cw 2),密文包括关键字维度链表Iw 2、关键字随机字符串Rw 2和文件标识符密文Cw 2,L2为待搜索关键字所对应链表尾结点指针。In sub-operation S51, the server extracts the ciphertext (I w 2 , R w 2 , C w 2 ) at the L 2 position (EDB σ' [L 2 ]) in the user ciphertext database. The ciphertext includes the keyword dimension. Linked list I w 2 , keyword random string R w 2 and file identifier ciphertext C w 2 , L 2 is the end node pointer of the linked list corresponding to the keyword to be searched.

在子操作S52中,服务器将Cw 2添加到搜索结果集合中,根据Iw 2、Rw 2和Jw 2计算文件标识符维度链表的前一结点指针L2'和相应的辅助定位参数Jw 2',将L2、Jw 2分别更新为L2'、Jw 2':In sub-operation S52, the server adds C w 2 to the search result set, and calculates the previous node pointer L 2 ' of the file identifier dimension linked list and the corresponding auxiliary positioning based on I w 2 , R w 2 and J w 2 Parameter J w 2 ', update L 2 and J w 2 to L 2 ' and J w 2 ' respectively:

L2←L2'L 2 ← L 2 '

Jw 2←Jw 2'J w 2 ←J w 2 '

其中,H()为哈希函数,Jw 2为L2相应的辅助定位参数。Among them, H() is the hash function, and J w 2 is the corresponding auxiliary positioning parameter of L 2 .

在子操作S53中,重复执行子操作S51-子操作S52直至遍历完关键字对应链表,最终得到的搜索结果集合为搜索陷门对应的密文,将其返回给数据使用者。In sub-operation S53, sub-operation S51 - sub-operation S52 are repeatedly executed until the keyword corresponding linked list is traversed. The finally obtained set of search results is the ciphertext corresponding to the search trapdoor, which is returned to the data user.

进一步地,子操作S53之后,还可以包括在数据使用者端执行的解密操作。解密操作包括:若搜索结果集合为空,表示没有匹配关键字w2的文件,操作结束;否则,依次获取搜索结果集合中的元素并解密,解密操作为id2←D(Kw 2,Cw 2),最终获得当前使用者密文数据库EDBσ'中与关键字w2相关联的所有文件标识符。Further, after sub-operation S53, a decryption operation performed on the data user end may also be included. The decryption operation includes: if the search result set is empty, it means that there is no file matching the keyword w 2 , and the operation ends; otherwise, the elements in the search result set are obtained in sequence and decrypted. The decryption operation is id 2 ←D(K w 2 ,C w 2 ), and finally obtain all the file identifiers associated with the keyword w 2 in the current user ciphertext database EDB σ' .

根据本发明实施例,方法还包括密文更新阶段,用于对拥有者密文数据库中的密文进行更新,包括子操作S01-子操作S05。According to the embodiment of the present invention, the method also includes a ciphertext update stage, which is used to update the ciphertext in the owner's ciphertext database, including sub-operation S01 to sub-operation S05.

在子操作S01中,数据拥有者根据待更新的关键字w3-文件标识符id3对(w3,id3),查找w3对应最新更新的文件标识符id3',以及查找id3对应最新更新的关键字w3'。w3'←lastWσ[id3],id3'←lastIDσ[w3]。In sub-operation S01, the data owner searches for the latest updated file identifier id 3' corresponding to w 3 based on the pair of keyword w 3 - file identifier id 3 to be updated (w 3 , id 3 ), and searches for id 3 Corresponding to the latest updated keyword w 3 '. w 3 '←lastW σ [id 3 ], id 3 '←lastID σ [w 3 ].

在子操作S02中,利用Kσ,1生成对应于(w3,id3)对的密文索引L3,利用Kσ,2、w3、id3计算文件标识符密文Cw 3和关键字密文Cid 3;Kσ,1、Kσ,2为构成数据拥有者主密钥的两个密钥。In sub-operation S02, use Kσ , 1 to generate the ciphertext index L 3 corresponding to the (w 3 , id 3 ) pair, and use K σ, 2 , w 3 , id 3 to calculate the file identifier ciphertext C w 3 and key The word ciphertext C id 3 ; K σ,1 and K σ,2 are the two keys that constitute the master key of the data owner.

生成的密文索引L3为:The generated ciphertext index L 3 is:

L3←F(Kσ,1,w3||id3)L 3 ←F(Kσ ,1 ,w 3 ||id 3 )

其中,w3||id3表示w3和id3的比特串连接值。Among them, w 3 ||id 3 represents the bit string connection value of w 3 and id 3 .

计算的文件标识符密文Cw 3为:The calculated file identifier ciphertext C w 3 is:

Cw 3←E(Kw 3,id3)C w 3 ←E(K w 3 ,id 3 )

Kw 3←F(Kσ,2,w3)K w 3 ←F (K σ, 2 , w 3 )

计算的关键字密文Cid 3为:The calculated keyword ciphertext C id 3 is:

Cid 3←E(Kid 3,w3)C id 3 ←E(K id 3 ,w 3 )

Kid 3←F(Kσ,2,id3)K id 3 ←F (K σ, 2 , id 3 )

在子操作S03中,根据w3'是否为空,分情况计算更新id3对应的文件标识符维度链表Iid 3。以构造双向索引链表中文件标识符维度的链表。In sub-operation S03, depending on whether w 3 ' is empty, the file identifier dimension linked list I id 3 corresponding to id 3 is calculated and updated on a case-by-case basis. To construct a linked list of file identifier dimensions in a bidirectional index linked list.

具体地,w3'为空时,Iid 3为:Specifically, when w 3 ' is empty, I id 3 is:

w3'不为空时,Iid 3为:When w 3 ' is not empty, I id 3 is:

L3'←F(Kσ,1,w3'||id3)L 3 '←F(K σ,1 ,w 3 '||id 3 )

Jid 3'←F(Kσ,2,id3||w3')J id 3 '←F(K σ,2 ,id 3 ||w 3 ')

在子操作S04中,根据id3'是否为空,分情况计算更新w3对应的关键字维度链表Iw 3。以构造双向索引链表中关键字维度的链表。In sub-operation S04, depending on whether id 3 ' is empty, the key dimension linked list I w 3 corresponding to w 3 is calculated and updated in each case. To construct a linked list of key dimensions in a bidirectional index linked list.

具体地,id3'为空时,Iw 3为:Specifically, when id 3 ' is empty, I w 3 is:

id3'不为空时,Iw 3为:When id 3 'is not empty, I w 3 is:

L3'←F(Kσ',1,w3||id3')L 3 '←F(K σ',1 ,w 3 ||id 3 ')

Jw 3'←F(Kσ',2,w3||id3')J w 3 '←F(K σ',2 ,w 3 ||id 3 ')

其中,H()为哈希函数,F()为伪随机函数,L3'为待更新的关键字对应的文件标识符维度链表的前一结点指针,Jw 3'为上一个更新密文的值。⊥||⊥表示两个二进制长度为λ的全0字符串的连接值,目的是与哈希函数长度为2λ的输出值作运算。Among them, H() is the hash function, F() is the pseudo-random function, L 3 ' is the previous node pointer of the file identifier dimension linked list corresponding to the keyword to be updated, J w 3 ' is the previous update key value of text. ⊥||⊥ represents the connection value of two all-0 strings with binary length λ, and is intended to be operated with the output value of the hash function length 2λ.

在子操作S05中,将密文(L3,Iw 3,Rw 3,Cw 3,Iid 3,Rid 3,Cid 3)发送给服务器,使得服务器将密文存储在拥有者密文数据库中EDBσ[L3]位置处,Rw 3、Rid 3分别为长度为λ的关键字随机值、文件标识符随机值。In sub-operation S05, the ciphertext (L 3 , I w 3 , R w 3 , C w 3 , I id 3 , R id 3 , C id 3 ) is sent to the server, causing the server to store the ciphertext in the owner At the position of EDB σ [L 3 ] in the ciphertext database, R w 3 and R id 3 are respectively the keyword random value and the file identifier random value of length λ.

进一步地,将关键字w3更新到状态表lastWσ,将相应的文件标识符id3更新到状态表lastIDσ,具体更新操作为lastWσ[id3]←w3、lastIDσ[w3]←id3Further, the keyword w 3 is updated to the status table lastW σ , and the corresponding file identifier id 3 is updated to the status table lastID σ . The specific update operations are lastW σ [id 3 ]←w 3 , lastID σ [w 3 ] ←id 3 .

参阅图3,根据本发明的实施例,执行密文分享步骤和关键字搜索步骤,实际上是从双向索引链表的两个不同维度进行链式查找。在执行密文分享步骤时,通过分享票据中的密文索引L1定位到文件标识符维度链表的尾结点,通过异或运算计算该条链上前一结点的指针并进行前续查找,前后两个结点通过状态信息lastW相关联;在执行关键字搜索步骤时,通过搜索陷门中的密文索引L2定位到关键字维度链表的尾结点,通过异或运算计算该条链上前一结点的指针并进行前续查找,前后两个结点通过状态信息lastID相关联。Referring to Figure 3, according to an embodiment of the present invention, performing the ciphertext sharing step and the keyword search step actually performs a chain search from two different dimensions of the bidirectional index linked list. When executing the ciphertext sharing step, the end node of the file identifier dimension linked list is located through the ciphertext index L 1 in the sharing ticket, and the pointer of the previous node on the chain is calculated through the XOR operation and the previous search is performed. , the two nodes before and after are related through the status information lastW; when executing the keyword search step, the tail node of the keyword dimension linked list is located by searching the ciphertext index L 2 in the trapdoor, and the item is calculated through the XOR operation The pointer of the previous node on the chain is searched, and the two nodes before and after are related through the status information lastID.

本发明实施例还提供了一种支持密文分享的动态可搜索对称加密系统,包括数据拥有者、服务器和数据使用者。密文分享阶段:数据拥有者计算待分享文件标识符对应的链表指针,生成包含待分享文件标识符、链表指针和解密密钥的分享票据并发送至数据使用者;数据使用者利用分享票据从服务器获取待分享文件标识符对应的待分享密文,利用使用者私钥对待分享密文重加密后存储至服务器;服务器将重加密后的待分享密文存储到使用者密文数据库,其中,待分享密文由数据拥有者上传至服务器的拥有者密文数据库。关键字搜索阶段:数据使用者利用待搜索关键字以及使用者私钥,计算搜索陷门并发送至服务器;服务器从使用者密文数据库中查找搜索陷门对应的密文并返回给数据使用者,其中,密文对应的明文内容为待搜索关键字对应的文件标识符。Embodiments of the present invention also provide a dynamic searchable symmetric encryption system that supports ciphertext sharing, including a data owner, a server, and a data user. Ciphertext sharing stage: The data owner calculates the linked list pointer corresponding to the file identifier to be shared, generates a sharing ticket including the file identifier to be shared, the linked list pointer and the decryption key and sends it to the data user; the data user uses the sharing ticket to The server obtains the ciphertext to be shared corresponding to the file identifier to be shared, uses the user's private key to re-encrypt the ciphertext to be shared, and then stores it in the server; the server stores the re-encrypted ciphertext to be shared in the user ciphertext database, where, The ciphertext to be shared is uploaded by the data owner to the owner ciphertext database of the server. Keyword search stage: The data user uses the keyword to be searched and the user's private key to calculate the search trapdoor and sends it to the server; the server searches for the ciphertext corresponding to the search trapdoor from the user's ciphertext database and returns it to the data user , where the plaintext content corresponding to the ciphertext is the file identifier corresponding to the keyword to be searched.

本实施例中,数据拥有者、服务器和数据使用者与图1-图3所示实施例中支持密文分享的动态可搜索对称加密方法中数据拥有者、服务器和数据使用者相同,此处不再赘述。In this embodiment, the data owner, server and data user are the same as the data owner, server and data user in the dynamic searchable symmetric encryption method that supports ciphertext sharing in the embodiment shown in Figures 1 to 3. Here No longer.

本发明实施例还提供了一种计算机可读存储介质,其上存储有计算机程序。程序被处理器执行时实现如图1-图3所示实施例中的支持密文分享的动态可搜索对称加密方法,此处不再赘述。Embodiments of the present invention also provide a computer-readable storage medium on which a computer program is stored. When the program is executed by the processor, the dynamic searchable symmetric encryption method supporting ciphertext sharing in the embodiment shown in Figures 1 to 3 is implemented, which will not be described again here.

本领域的技术人员容易理解,以上所述仅为本发明的较佳实施例而已,并不用以限制本发明,凡在本发明的精神和原则之内所作的任何修改、等同替换和改进等,均应包含在本发明的保护范围之内。It is easy for those skilled in the art to understand that the above descriptions are only preferred embodiments of the present invention and are not intended to limit the present invention. Any modifications, equivalent substitutions and improvements, etc., made within the spirit and principles of the present invention, All should be included in the protection scope of the present invention.

Claims (10)

1.一种支持密文分享的动态可搜索对称加密方法,用于包括数据拥有者、服务器和数据使用者的系统,其特征在于,方法包括:密文分享阶段S1-S3以及关键字搜索阶段S4-S5;1. A dynamic searchable symmetric encryption method that supports ciphertext sharing and is used in systems including data owners, servers and data users. It is characterized in that the method includes: ciphertext sharing stages S1-S3 and keyword search stages. S4-S5; S1,数据拥有者计算待分享文件标识符对应的链表指针,生成包含待分享文件标识符、链表指针和解密密钥的分享票据并发送至数据使用者;S1, the data owner calculates the linked list pointer corresponding to the file identifier to be shared, generates a sharing ticket including the file identifier to be shared, the linked list pointer and the decryption key and sends it to the data user; S2,数据使用者利用分享票据从服务器获取待分享文件标识符对应的待分享密文,利用使用者私钥对待分享密文重加密后存储至服务器;S2, the data user uses the sharing ticket to obtain the ciphertext to be shared corresponding to the file identifier to be shared from the server, uses the user's private key to re-encrypt the ciphertext to be shared and then stores it in the server; S3,服务器将重加密后的待分享密文存储到使用者密文数据库,其中,待分享密文由数据拥有者上传至服务器的拥有者密文数据库;S3, the server stores the re-encrypted ciphertext to be shared in the user ciphertext database, where the ciphertext to be shared is uploaded by the data owner to the owner ciphertext database of the server; S4,数据使用者利用待搜索关键字以及使用者私钥,计算搜索陷门并发送至服务器;S4, the data user uses the keyword to be searched and the user's private key to calculate the search trapdoor and sends it to the server; S5,服务器从使用者密文数据库中查找搜索陷门对应的密文并返回给数据使用者,其中,密文对应的明文内容为待搜索关键字对应的文件标识符。S5, the server searches for the ciphertext corresponding to the search trapdoor from the user's ciphertext database and returns it to the data user, where the plaintext content corresponding to the ciphertext is the file identifier corresponding to the keyword to be searched. 2.如权利要求1所述的方法,其特征在于,服务器采用双向索引链表结构将数据拥有者上传的密文存储到拥有者密文数据库;链表指针包括:待分享文件标识符对应的链表尾结点指针L1、以及L1对应的辅助定位参数Jid 1,Jid 1用于辅助定位文件标识符维度链表的前一结点:2. The method of claim 1, wherein the server uses a bidirectional index linked list structure to store the ciphertext uploaded by the data owner into the owner ciphertext database; the linked list pointer includes: the end of the linked list corresponding to the identifier of the file to be shared. The node pointer L 1 and the auxiliary positioning parameter J id 1 corresponding to L 1 are used to assist in locating the previous node of the file identifier dimension linked list: L1←F(Kσ,1,w1||id1)L 1 ←F(K σ,1 ,w 1 ||id 1 ) Jid 1←F(Kσ,2,id1||w1)J id 1 ←F(K σ,2 ,id 1 ||w 1 ) 其中,F()为伪随机函数,Kσ,1、Kσ,2为构成数据拥有者主密钥的两个密钥,w1为id1对应的关键字,id1为待分享文件标识符。Among them, F() is a pseudo-random function, K σ, 1 and K σ , 2 are the two keys that constitute the data owner’s master key, w 1 is the keyword corresponding to id 1 , and id 1 is the file identifier to be shared . 3.如权利要求2所述的方法,其特征在于,服务器获取待分享文件标识符对应的待分享密文,包括:3. The method of claim 2, wherein the server obtains the ciphertext to be shared corresponding to the file identifier to be shared, including: S21,服务器提取拥有者密文数据库中L1位置处的可搜索密文,可搜索密文包括文件标识符维度链表Iid 1、文件标识符随机字符串Rid 1和关键字密文Cid 1S21, the server extracts the searchable ciphertext at position L 1 in the owner's ciphertext database. The searchable ciphertext includes the file identifier dimension linked list I id 1 , the file identifier random string R id 1 and the keyword ciphertext C id 1 ; S22,服务器将Cid 1添加到分享集合中,根据Iid 1、Rid 1和Jid 1计算文件标识符维度链表的前一结点指针L1'和相应的辅助定位参数Jid 1',将L1、Jid 1分别对应更新为L1'、Jid 1':S22, the server adds C id 1 to the shared set, and calculates the previous node pointer L 1 ' of the file identifier dimension linked list and the corresponding auxiliary positioning parameter J id 1 ' based on I id 1 , R id 1 and J id 1 , update L 1 and J id 1 to L 1 ' and J id 1 ' respectively: 其中,H()为哈希函数;Among them, H() is the hash function; S23,重复执行S21-S22直至遍历完待分享文件标识符对应链表,最终得到的分享集合为待分享密文。S23: Repeat S21-S22 until the linked list corresponding to the file identifier to be shared is traversed, and the final shared set is the ciphertext to be shared. 4.如权利要求1所述的方法,其特征在于,利用使用者私钥对待分享密文重加密后存储至服务器,包括:4. The method of claim 1, wherein the ciphertext to be shared is re-encrypted using the user's private key and then stored in the server, including: S25,解密待分享密文得到关键字w1的关键字集合,对于关键字集合中的每个w1,分别执行S26-S28;S25, decrypt the ciphertext to be shared to obtain the keyword set of keyword w 1. For each w 1 in the keyword set, perform S26-S28 respectively; S26,在ID状态表中查找w1对应最新更新的文件标识符id1';S26, find the latest updated file identifier id 1 ' corresponding to w 1 in the ID status table; S27,利用Kσ',1生成对应于(w1,id1)对的密文索引L1,利用Kσ',2、w1、id1计算文件标识符密文Cw 1,Kσ',1、Kσ',2为构成使用者主密钥的两个私钥、主密钥,id1为待分享文件标识符,将ID状态表更新为w1与id1对应;S27, use K σ',1 to generate the ciphertext index L 1 corresponding to the (w 1 , id 1 ) pair, and use K σ', 2 , w 1 , and id 1 to calculate the file identifier ciphertext C w 1 , K σ ', 1 , K σ', 2 are the two private keys and master keys that constitute the user's master key, id 1 is the identifier of the file to be shared, and the ID status table is updated to correspond to w 1 and id 1 ; S28,根据id1'是否为空,分情况计算w1对应的关键字维度链表Iw 1,得到w1对应的密文(L1,Iw 1,Rw 1,Cw 1),L1为待分享文件标识符对应的链表尾结点指针,Rw 1为关键字随机字符串;S28, depending on whether id 1 ' is empty, calculate the keyword dimension linked list I w 1 corresponding to w 1 in each case, and obtain the ciphertext (L 1 , I w 1 , R w 1 , C w 1 ) corresponding to w 1, L 1 is the end node pointer of the linked list corresponding to the file identifier to be shared, R w 1 is a random string of keywords; S29,将各w1对应密文(L1,Iw 1,Rw 1,Cw 1)组成的集合存储至服务器。S29: Store the set of ciphertexts (L 1 , I w 1 , R w 1 , C w 1 ) corresponding to each w 1 in the server. 5.如权利要求4所述的方法,其特征在于,id1'为空时,Iw 1为:5. The method according to claim 4, characterized in that when id 1 ' is empty, I w 1 is: id1'不为空时,Iw 1为:When id 1 'is not empty, I w 1 is: L1'←F(Kσ',1,w1||id1')L 1 '←F(K σ',1 ,w 1 ||id 1 ') Jw 1'←F(Kσ',2,w1||id1')J w 1 '←F(K σ',2 ,w 1 ||id 1 ') 其中,H()为哈希函数,F()为伪随机函数,L1'为文件标识符维度链表的前一结点指针,Jw 1'为上一个更新密文的值。Among them, H() is the hash function, F() is the pseudo-random function, L 1 ' is the previous node pointer of the file identifier dimension linked list, and J w 1 ' is the value of the last updated ciphertext. 6.如权利要求1所述的方法,其特征在于,服务器采用双向索引链表结构将重加密后的待分享密文复制到使用者密文数据库,S5包括:6. The method of claim 1, wherein the server uses a bidirectional index linked list structure to copy the re-encrypted ciphertext to be shared to the user ciphertext database. S5 includes: S51,服务器提取使用者密文数据库中L2位置处的密文,密文包括关键字维度链表Iw 2、关键字随机字符串Rw 2和文件标识符密文Cw 2,L2为待搜索关键字所对应链表尾结点指针;S51, the server extracts the ciphertext at position L 2 in the user ciphertext database. The ciphertext includes the keyword dimension linked list I w 2 , the keyword random string R w 2 and the file identifier ciphertext C w 2 . L 2 is Pointer to the end node of the linked list corresponding to the keyword to be searched; S52,服务器将Cw 2添加到搜索结果集合中,根据Iw 2、Rw 2和Jw 2计算文件标识符维度链表的前一结点指针L2'和相应的辅助定位参数Jw 2',将L2、Jw 2分别更新为L2'、Jw 2':S52, the server adds C w 2 to the search result set, and calculates the previous node pointer L 2 ' of the file identifier dimension linked list and the corresponding auxiliary positioning parameter J w 2 based on I w 2 , R w 2 and J w 2 ', update L 2 and J w 2 to L 2 ' and J w 2 ' respectively: 其中,H()为哈希函数,Jw 2为L2相应的辅助定位参数;Among them, H() is the hash function, J w 2 is the corresponding auxiliary positioning parameter of L 2 ; S53,重复执行S51-S52直至遍历完关键字对应链表,最终得到的搜索结果集合为搜索陷门对应的密文。S53: Repeat S51-S52 until the keyword corresponding linked list is traversed, and the final set of search results is the ciphertext corresponding to the search trapdoor. 7.如权利要求1-6任一项所述的方法,其特征在于,方法还包括密文更新阶段:7. The method according to any one of claims 1-6, characterized in that the method also includes a ciphertext update stage: 数据拥有者根据待更新的关键字w3-文件标识符id3对(w3,id3),查找w3对应最新更新的文件标识符id3',以及查找id3对应最新更新的关键字w3';Based on the pair of keyword w 3 - file identifier id 3 to be updated (w 3 , id 3 ), the data owner searches for the latest updated file identifier id 3 ' corresponding to w 3 and finds the latest updated keyword corresponding to id 3 w 3 '; 利用Kσ,1生成对应于(w3,id3)对的密文索引L3,利用Kσ,2、w3、id3计算文件标识符密文Cw 3和关键字密文Cid 3;Kσ,1、Kσ,2为构成数据拥有者主密钥的两个密钥;Use K σ,1 to generate the ciphertext index L 3 corresponding to the (w 3 , id 3 ) pair, and use K σ, 2 , w 3 , id 3 to calculate the file identifier ciphertext C w 3 and keyword ciphertext C id 3 ; K σ,1 and K σ,2 are the two keys that constitute the data owner’s master key; 根据w3'是否为空,分情况计算更新id3对应的文件标识符维度链表Iid 3Depending on whether w 3 ' is empty, calculate and update the file identifier dimension linked list I id 3 corresponding to id 3 in each case; 根据id3'是否为空,分情况计算更新w3对应的关键字维度链表Iw 3According to whether id 3 ' is empty, calculate and update the keyword dimension linked list I w 3 corresponding to w 3 in each case; 将密文(L3,Iw 3,Rw 3,Cw 3,Iid 3,Rid 3,Cid 3)发送给服务器,使得服务器将密文存储在拥有者密文数据库中,Rw 3、Rid 3分别为长度为λ的关键字随机值、文件标识符随机值。Send the ciphertext (L 3 , I w 3 , R w 3 , C w 3 , I id 3 , R id 3 , C id 3 ) to the server, causing the server to store the ciphertext in the owner ciphertext database, R w 3 and R id 3 are respectively the keyword random value and the file identifier random value of length λ. 8.如权利要求7所述的方法,其特征在于,w3'为空时,Iid 3为:8. The method according to claim 7, characterized in that when w 3 ' is empty, I id 3 is: w3'不为空时,Iid 3为:When w 3 ' is not empty, I id 3 is: L3'←F(Kσ,1,w3'||id3)L 3 '←F(K σ,1 ,w 3 '||id 3 ) Jid 3'←F(Kσ,2,id3||w3')J id 3 '←F(K σ,2 ,id 3 ||w 3 ') id3'为空时,Iw 3为:When id 3 ' is empty, I w 3 is: id3'不为空时,Iw 3为:When id 3 'is not empty, I w 3 is: L3'←F(Kσ',1,w3||id3')L 3 '←F(K σ',1 ,w 3 ||id 3 ') Jw 3'←F(Kσ',2,w3||id3')J w 3 '←F(K σ',2 ,w 3 ||id 3 ') 其中,H()为哈希函数,F()为伪随机函数,L3'为待更新的关键字对应的文件标识符维度链表的前一结点指针,Jw 3'为上一个更新密文的值。Among them, H() is the hash function, F() is the pseudo-random function, L 3 ' is the previous node pointer of the file identifier dimension linked list corresponding to the keyword to be updated, J w 3 ' is the previous update key value of text. 9.一种支持密文分享的动态可搜索对称加密系统,其特征在于,包括数据拥有者、服务器和数据使用者;9. A dynamic searchable symmetric encryption system that supports ciphertext sharing, which is characterized by including data owners, servers and data users; 密文分享阶段:数据拥有者计算待分享文件标识符对应的链表指针,生成包含待分享文件标识符、链表指针和解密密钥的分享票据并发送至数据使用者;数据使用者利用分享票据从服务器获取待分享文件标识符对应的待分享密文,利用使用者私钥对待分享密文重加密后存储至服务器;服务器将重加密后的待分享密文存储到使用者密文数据库,其中,待分享密文由数据拥有者上传至服务器的拥有者密文数据库;Ciphertext sharing stage: The data owner calculates the linked list pointer corresponding to the file identifier to be shared, generates a sharing ticket including the file identifier to be shared, the linked list pointer and the decryption key and sends it to the data user; the data user uses the sharing ticket to The server obtains the ciphertext to be shared corresponding to the file identifier to be shared, uses the user's private key to re-encrypt the ciphertext to be shared, and then stores it in the server; the server stores the re-encrypted ciphertext to be shared in the user ciphertext database, where, The ciphertext to be shared is uploaded by the data owner to the owner ciphertext database of the server; 关键字搜索阶段:数据使用者利用待搜索关键字以及使用者私钥,计算搜索陷门并发送至服务器;服务器从使用者密文数据库中查找搜索陷门对应的密文并返回给数据使用者,其中,密文对应的明文内容为待搜索关键字对应的文件标识符。Keyword search stage: The data user uses the keyword to be searched and the user's private key to calculate the search trapdoor and sends it to the server; the server searches for the ciphertext corresponding to the search trapdoor from the user's ciphertext database and returns it to the data user , where the plaintext content corresponding to the ciphertext is the file identifier corresponding to the keyword to be searched. 10.一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述程序被处理器执行时实现如权利要求1-8中任一项所述的支持密文分享的动态可搜索对称加密方法。10. A computer-readable storage medium with a computer program stored thereon, characterized in that when the program is executed by a processor, it implements the dynamically programmable method of supporting ciphertext sharing as described in any one of claims 1-8. Search for symmetric encryption methods.
CN202310905749.XA 2023-07-21 2023-07-21 Dynamic searchable symmetric encryption method, system and medium supporting ciphertext sharing Active CN116996281B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202310905749.XA CN116996281B (en) 2023-07-21 2023-07-21 Dynamic searchable symmetric encryption method, system and medium supporting ciphertext sharing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202310905749.XA CN116996281B (en) 2023-07-21 2023-07-21 Dynamic searchable symmetric encryption method, system and medium supporting ciphertext sharing

Publications (2)

Publication Number Publication Date
CN116996281A true CN116996281A (en) 2023-11-03
CN116996281B CN116996281B (en) 2024-02-06

Family

ID=88522523

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202310905749.XA Active CN116996281B (en) 2023-07-21 2023-07-21 Dynamic searchable symmetric encryption method, system and medium supporting ciphertext sharing

Country Status (1)

Country Link
CN (1) CN116996281B (en)

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090300351A1 (en) * 2008-05-30 2009-12-03 Nec (China) Co., Ltd. Fast searchable encryption method
US20110145594A1 (en) * 2009-12-16 2011-06-16 Electronics And Telecommunications Research Institute Method for performing searchable symmetric encryption
US20120078914A1 (en) * 2010-09-29 2012-03-29 Microsoft Corporation Searchable symmetric encryption with dynamic updating
KR20120108121A (en) * 2011-03-23 2012-10-05 순천향대학교 산학협력단 Searchable symmetric encryption method and system
WO2014141802A1 (en) * 2013-03-12 2014-09-18 ソニー株式会社 Information processing device, information processing system, information processing method, and program
WO2017036547A1 (en) * 2015-09-04 2017-03-09 Nec Europe Ltd. Method for providing encrypted data in a database and method for searching on encrypted data
CN112199698A (en) * 2020-09-30 2021-01-08 华中科技大学 Robust searchable symmetric encryption method and system
GB202102242D0 (en) * 2021-02-17 2021-03-31 Intelligent Voice Ltd A private search service
CN112800445A (en) * 2021-01-21 2021-05-14 西安电子科技大学 Boolean query method for forward and backward security and verifiability of ciphertext data
CN113434739A (en) * 2021-06-08 2021-09-24 暨南大学 Forward-safe multi-user dynamic symmetric encryption retrieval method in cloud environment
CN113626484A (en) * 2021-07-03 2021-11-09 西安电子科技大学 Searchable encryption method and system capable of flexibly replacing ciphertext and computer equipment
CN115102699A (en) * 2022-06-21 2022-09-23 西安邮电大学 Data security deduplication and data recovery method, system, medium, device and terminal

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090300351A1 (en) * 2008-05-30 2009-12-03 Nec (China) Co., Ltd. Fast searchable encryption method
US20110145594A1 (en) * 2009-12-16 2011-06-16 Electronics And Telecommunications Research Institute Method for performing searchable symmetric encryption
US20120078914A1 (en) * 2010-09-29 2012-03-29 Microsoft Corporation Searchable symmetric encryption with dynamic updating
KR20120108121A (en) * 2011-03-23 2012-10-05 순천향대학교 산학협력단 Searchable symmetric encryption method and system
WO2014141802A1 (en) * 2013-03-12 2014-09-18 ソニー株式会社 Information processing device, information processing system, information processing method, and program
WO2017036547A1 (en) * 2015-09-04 2017-03-09 Nec Europe Ltd. Method for providing encrypted data in a database and method for searching on encrypted data
CN112199698A (en) * 2020-09-30 2021-01-08 华中科技大学 Robust searchable symmetric encryption method and system
CN112800445A (en) * 2021-01-21 2021-05-14 西安电子科技大学 Boolean query method for forward and backward security and verifiability of ciphertext data
GB202102242D0 (en) * 2021-02-17 2021-03-31 Intelligent Voice Ltd A private search service
CN113434739A (en) * 2021-06-08 2021-09-24 暨南大学 Forward-safe multi-user dynamic symmetric encryption retrieval method in cloud environment
CN113626484A (en) * 2021-07-03 2021-11-09 西安电子科技大学 Searchable encryption method and system capable of flexibly replacing ciphertext and computer equipment
CN115102699A (en) * 2022-06-21 2022-09-23 西安邮电大学 Data security deduplication and data recovery method, system, medium, device and terminal

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
IEEE TRANSACTIONS ON INFORMATIOWEI WANG; DONGLI LIU; PENG XU; LAURENCE TIANRUO YANG; KAITAI LIANG: "Keyword Search Shareable Encryption for Fast and Secure Data Replication", 《IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY》 *
QIN LIU; XIAOHONG NIE; XUHUI LIU; TAO PENG; JIE WU: "Verifiable Ranked Search over dynamic encrypted data in cloud computing", 《2017 IEEE/ACM 25TH INTERNATIONAL SYMPOSIUM ON QUALITY OF SERVICE (IWQOS)》 *
徐鹏;金海: "可搜索加密的研究进展", 《网络与信息安全学报》 *
王国峰;刘川意;韩培义;潘鹤中;方滨兴: "基于访问代理的数据加密及搜索技术研究", 《通信学报》 *
许盛伟;王荣荣;李新玉;: "支持文件动态更新的基于属性可搜索加密方案", 计算机应用研究, no. 11 *
许盛伟;王荣荣;陈诚;: "支持关键字更新的基于属性可搜索加密方案", 计算机应用与软件, no. 03 *

Also Published As

Publication number Publication date
CN116996281B (en) 2024-02-06

Similar Documents

Publication Publication Date Title
CN106815350B (en) Dynamic ciphertext multi-keyword fuzzy search method in cloud environment
CN106127075B (en) A searchable encryption method based on privacy protection in cloud storage environment
CN110337649B (en) Method and system for dynamic symmetric searchable encryption with imperceptible search patterns
US10554385B2 (en) Method for providing encrypted data in a database and method for searching on encrypted data
US9355271B2 (en) System and method for dynamic, non-interactive, and parallelizable searchable symmetric encryption
CN112800445B (en) Boolean query method for forward and backward security and verifiability of ciphertext data
US9275250B2 (en) Searchable encryption processing system
CN105681280A (en) Searchable encryption method based on Chinese in cloud environment
CN110765469B (en) An efficient and robust dynamic searchable symmetric encryption method and system
CN110457915B (en) Efficient and searchable symmetric encryption method and system with forward and backward security
Dowsley et al. A survey on design and implementation of protected searchable data in the cloud
CN113221155B (en) A multi-level and multi-level encryption cloud storage system
CN106874516A (en) Efficient cipher text retrieval method based on KCB trees and Bloom filter in a kind of cloud storage
CN111641641A (en) Block chain data sharing method based on searchable proxy re-encryption
CN113742362A (en) Ciphertext query calculation method oriented to secret database
CN104794243B (en) Third party's cipher text retrieval method based on filename
CN110222520B (en) Keyword query method for supporting graph encrypted data in cloud environment
CN114021163A (en) Dynamic Symmetric Searchable Encryption Method and System for Hiding Addition and Deletion Associations
CN116996281B (en) Dynamic searchable symmetric encryption method, system and medium supporting ciphertext sharing
EP4154147A1 (en) Data storage server and client devices for securely storing data
CN117786751A (en) Symmetrical searchable encryption method, device, equipment and medium
CN115361165B (en) Verifiable dynamic searchable encryption method based on blockchain and updatable encryption
CN113626485B (en) Searchable encryption method and system suitable for database management system
CN115913725A (en) Forward secure dynamic searchable encryption method and system based on XOR encryption chain
CN116107967A (en) Multi-keyword ciphertext search method and system based on homomorphic encryption and tree structure

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant