CN117134993B - Search ciphertext detectable method and equipment based on accumulated promise verification - Google Patents
Search ciphertext detectable method and equipment based on accumulated promise verification Download PDFInfo
- Publication number
- CN117134993B CN117134993B CN202311376651.6A CN202311376651A CN117134993B CN 117134993 B CN117134993 B CN 117134993B CN 202311376651 A CN202311376651 A CN 202311376651A CN 117134993 B CN117134993 B CN 117134993B
- Authority
- CN
- China
- Prior art keywords
- data
- vector
- verification
- ciphertext
- accumulated
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 93
- 238000012795 verification Methods 0.000 title claims abstract description 79
- 239000013598 vector Substances 0.000 claims abstract description 68
- 238000001514 detection method Methods 0.000 claims abstract description 24
- 238000012545 processing Methods 0.000 claims abstract description 4
- 230000008569 process Effects 0.000 claims description 26
- 230000006870 function Effects 0.000 claims description 13
- 238000004364 calculation method Methods 0.000 claims description 5
- 238000012217 deletion Methods 0.000 claims description 5
- 230000037430 deletion Effects 0.000 claims description 5
- 239000004744 fabric Substances 0.000 claims description 5
- 238000009825 accumulation Methods 0.000 claims description 3
- 238000013507 mapping Methods 0.000 claims description 3
- 230000001360 synchronised effect Effects 0.000 claims description 3
- 238000010200 validation analysis Methods 0.000 claims description 3
- 230000000694 effects Effects 0.000 claims description 2
- 230000006399 behavior Effects 0.000 abstract description 6
- 238000005516 engineering process Methods 0.000 description 11
- 238000012360 testing method Methods 0.000 description 5
- 238000004458 analytical method Methods 0.000 description 4
- 238000010586 diagram Methods 0.000 description 4
- 230000001186 cumulative effect Effects 0.000 description 3
- 238000013461 design Methods 0.000 description 2
- 238000002474 experimental method Methods 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000007792 addition Methods 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000012942 design verification Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000008092 positive effect Effects 0.000 description 1
- 230000003068 static effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/13—File access structures, e.g. distributed indices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/14—Details of searching files based on file metadata
- G06F16/148—File search processing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6227—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0435—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
- H04L67/1097—Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Abstract
The invention discloses a search ciphertext detectable method and equipment based on accumulated promise verification, wherein the method comprises an accumulated vector promise verification method and a full-dynamic safe ciphertext search and detection method; the verification method capable of accumulating vector promises solves the problem that ciphertext is difficult to update due to fixed vector size, and the invention realizes a data verifiable structure supporting full-dynamic operation, supports concurrent processing of verification operation and promises spending of fixed constant size, so that system efficiency is remarkably improved. The full-dynamic safe ciphertext retrieval and detection method solves the problems of leakage safety caused by dynamic operation and difficult detection of malicious behaviors of a malicious server, achieves forward and backward safety by recording different updating states and other operations, and remarkably improves the system safety by detecting retrieval results returned by the server through an additively vector promised verifiable structure.
Description
Technical Field
The invention belongs to the technical field of integrity detection ciphertext retrieval in application cryptography, relates to a dynamic detection verification structure, a safety retrieval method and equipment, and particularly relates to a method and equipment for detecting retrieval ciphertext based on accumulated vector promise verification.
Background
With the development of cloud storage and cloud computing, the cloud storage brings convenience to users and simultaneously causes a plurality of security problems of outsourced data. Because of the incomplete trustworthiness of the server, the storage of plaintext data on the server presents a significant security risk, such as being compromised or tampered with. The method of encrypting and storing sensitive data is generally adopted, the plaintext data which is needed to be stored by a user is locally encrypted by a key and then uploaded to a server for storage, but the encrypting and storing mode can sacrifice the usability of the data, and the user is difficult to access and retrieve the needed data.
In order to realize the search of the encrypted cloud data, a ciphertext retrieval technology is provided, so that the safety and privacy of the user data are ensured, and meanwhile, the usability is ensured. The ciphertext retrieval schemes proposed at the beginning are all static, and the operations of dynamic addition, update or deletion and the like can not be realized for the data uploaded to the server by encryption, which is obviously not applicable in the actual scene requirement. Dynamic schemes have also been proposed to support the addition, deletion and modification of data. The above solution is however mostly assumed that the server is semi-trusted, that the server faithfully follows the protocol specifications, but that it is curious about the private information and tries to obtain additional private information. In practical situations, due to cost savings or other factors, the server may return incorrect results or other malicious actions, such as returning only the first result satisfying the key. In order to protect the server from the malicious behavior, the correctness of the search result is ensured, and the verifiable search result is proposed.
Some of the available verifiable schemes use cumulative authentication tags or incremental hashes to design verification structures, however the storage cost of these structures grows linearly with the number of keys, which is inefficient. In order to support dynamic operation more practically in the ciphertext retrieval scheme supporting verification, but the forward and backward security problems caused by dynamic operation are not fully considered, so that the server may analyze the relevance between the update index and the search token, and thus more keyword information may be revealed to the server. There is still much room for improvement in both efficiency and safety in current designs. Therefore, how to realize efficient and safe search and ensure that the search result is detectable is also a problem that the art is urgent to solve.
Disclosure of Invention
In view of the above requirements for data security, efficiency availability, ciphertext detection and the like, and the drawbacks of the conventional schemes, the invention provides a search ciphertext detectable method and device based on accumulated promise verification.
The technical scheme adopted by the method is as follows: the search ciphertext detectable method based on the accumulated promise verification is applied to a search ciphertext detectable system based on the accumulated promise verification; the system participation entity comprises a data owner, a data user and a cloud storage server;
the specific implementation of the accumulated promise verification comprises the following stages:
in the system initialization stage, security parameters are inputInitializing generation accumulator and vector commitment related parameter information including generation element +.>Vector dimension, random number->Vector parameters->Initial accumulated valueaccHash function H, bilinear mappingeAnd common parametersparProviding the public parameters to the system participant;
after the data owner uploads the original data stream to the server in the verifiable fabric update phase, the server first aggregates the dataThe elements in (a) generate a new accumulated value +.>Then, inserting all accumulated values into corresponding index positions of the vectors, and finally generating a promise value C with fixed constant overhead size for vector elements and returning the promise value C to a data owner;
after the data user initiates the data query and verification request in the stage of generating and detecting the certification information, the cloud server returns the corresponding certification informationAndproofand (5) giving the data user, and finally, executing the verification process for the data user.
Preferably, the security parameters are at the system initialization stage,/>Is a groupGIs the root of (1),>is group G 1 Is the root of (1),>is group G 2 Is a generator, group of (1)GG is RSA business group 1 、G 2 、G T Three multiplication groups respectively; vector dimension is an integernRandom number->Vector parameters->Initializing a null vector +.>,/>Representing elements in the vector; initial accumulated valueThe method comprises the steps of carrying out a first treatment on the surface of the Hash function->Bilinear map->The method comprises the steps of carrying out a first treatment on the surface of the Public parameters。
Preferably, during the verifiable fabric update phase, the data owner uploads the elementyThen, the server generates a new accumulated value according to the received data informationAnd new accumulated value +.>Continuously updating the inserted vector +.>In (1) for vector->Generating vector commitment->The method comprises the steps of carrying out a first treatment on the surface of the When the subsequent data owner performs the update, an update commitment is further generated>And returned to the data owner for storage, wherein +.>Representing the newly updated vector.
Preferably, after the data user initiates the data query and verification request in the stage of generating and detecting the certification information, the cloud server returns the corresponding certification informationAnd->Giving the data owner; wherein (1)>An index set representing the position of the vector,Xrepresenting the set of all accumulated elements, hash values,/>The method comprises the steps of carrying out a first treatment on the surface of the The data owner first performs a verification operation +.>Judging whether the equation is satisfied; if the equation is not satisfied, returning 0 indicates that the verification is not passed; if the equation is true, it indicates that the verification is passed; data owners continue to execute vector commitment in-validation algorithmsIf the return result is 1, it indicates that the final verification is passed, and if 0 is returned, it indicates that the verification is not passed.
Preferably, the method comprises the following steps:
in the system initialization stage, security parameters are inputλDefining vector dimension sizenSymmetric encryption keykVector quantityPublic parametersparAnd initial state informationσGenerating pseudo-random functions required by the systemFHash function H 1 ,H 2 ;
During ciphertext index update phase, the data owner cryptographically protects all data and uses a pseudo-random functionFKeyword-document pairw,ind) Processing to generate and upload index ciphertext dataaddrAndvaluethe cloud server executes the updating process according to the received data information and generates corresponding data promise valuesCReturning to the user;
in the token searching and ciphertext detecting stage, the data user generates a searching token according to the keyword information required to be detected by the data usertokenAnd sending the data to a cloud storage server; the cloud storage server executes the search process and returns the search result and verification information to the data user; to detect whether cloud server has malicious behavior, data users execute accumulated promise verification algorithm on received ciphertext informationVerifyAfter the verification is passed, a decryption process is performed.
Preferably, the security parameters are enteredInitializing vector size +.>Generating a symmetric encryption key->The method comprises the steps of carrying out a first treatment on the surface of the Defining a pseudo-random function->The method comprises the steps of carrying out a first treatment on the surface of the Hash function,/>The method comprises the steps of carrying out a first treatment on the surface of the Initializing a counter for updating keywords>And null vector->Define initial status information->And respectively executing an initialization algorithm of vector commitment +.>And an initialization algorithm for a dynamic accumulator +.>The method comprises the steps of carrying out a first treatment on the surface of the Definition of public parameters->。
Preferably, in the ciphertext index updating stage, the data owner inputs a keyword-document #w,ind) Performing index encryption operation on the object; encryption keywWhen a new document is to be used,calculating a pseudo-random functionAnd define the value of (2)The method comprises the steps of carrying out a first treatment on the surface of the Counter->The synchronous increment is 1 so as to realize that the update index is not associated with the previous search token and realize forward security; encryptionindRecord the operationopBinding and calculatingWhereinopInvolving addition or deletion operations to distinguish pairsindThe updating operation of the system is automatically operated by a data user during final decryption, so that the backward safety is ensured; the data owner couples the ciphertextaddr,value) Sending the data to a server;
after receiving the ciphertext pair, the server adds the ciphertext pair into the ciphertext database EDB:and further performing a commitment operation on the received ciphertext data; first mapaddrVector indexiIn (c) inserting correspondingvalueValue to File set +.>In, generate set->Is +.>And added to vector->In (a) and (b); finally the server generates a vector->Constant size commitment of (a)CAnd send to the data user for local storage。
Preferably, in the token retrieval and ciphertext detection stage, the data user first needs to search for the keywordwGenerating search tokenstokenList of (2)WhereinjRepresenting calculator DCw]Value of>A value representing a search token; then list the search tokensTLSending the data to a server; after receiving, the server executes the search and finally returns a search result list RL to the data user, wherein,/>The method comprises the steps of carrying out a first treatment on the surface of the For authentication, the server returns membership information +.>WhereinThe method comprises the steps of carrying out a first treatment on the surface of the When the data user receives the search result RL and the certification informationproofThen executing a detection process; the data user first judgesOutputting 0 and terminating the subsequent process if the detection fails; otherwise, the data user will further detect +>Outputting 0 and terminating if the detection fails; if the detection passes, indicating that the cloud server executes the operation flow in honest; finally, data user decrypting calculationThe method comprises the steps of carrying out a first treatment on the surface of the If it isopTo increase the operation, the data user willindAdding the result to a final result list; if it isopTo deleteOperation, the data user willindAnd deleting from the final result list.
The technical scheme adopted by the equipment is as follows: a search ciphertext detectable device based on an additizable commitment verification, comprising:
one or more processors;
and a storage device for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the search ciphertext detectable method based on accumulated promise verification.
Compared with the prior art, the invention has the advantages and positive effects that:
(1) The invention provides a verification method capable of accumulating vector promises, which avoids incremental client storage caused by the increase of the number of keywords and realizes fixed constant size expenditure; and in the verification information generation process, the accumulator algorithm is processed concurrently, so that the ciphertext data searching and returning efficiency is further improved.
(2) The invention provides a full-dynamic safe ciphertext retrieval and detection method, which realizes that dynamic data can be updated and server malicious behaviors can be detected by introducing a structure of dynamic accumulation vectors; the counter and the operation log record are updated by binding the file, so that the forward and backward safety of the retrieval process is realized, and the system safety is improved.
Drawings
The following examples, as well as specific embodiments, are used to further illustrate the technical solutions herein. In addition, in the course of describing the technical solutions, some drawings are also used. Other figures and the intent of the present invention can be derived from these figures without inventive effort for a person skilled in the art.
FIG. 1 is a diagram of a system frame in an embodiment of the present invention;
FIG. 2 is a diagram of an accumulated vector commitment structure in an embodiment of the invention;
FIG. 3 is a schematic diagram of a full-dynamic secure ciphertext retrieval method in an embodiment of the invention;
fig. 4 is a schematic diagram of a full-dynamic secure ciphertext verification method according to an embodiment of the present invention.
Detailed Description
For the purpose of facilitating understanding and practicing the invention by those of ordinary skill in the art, reference will now be made in detail to the present invention, examples of which are illustrated in the accompanying drawings and examples, it being understood that the examples described herein are for the purpose of illustration and explanation only and are not intended to be limiting.
Referring to fig. 1 and 2, the method for detecting a search ciphertext based on accumulated promise verification provided in the present embodiment is applied to a search ciphertext detectable system based on accumulated promise verification; the system participation entity comprises a data owner, a data user and a cloud storage server;
referring to fig. 2, the implementation of the accumulated promise verification of the present embodiment includes the following stages:
in the system initialization stage, security parameters are inputInitializing generation accumulator and vector commitment related parameter information including generation element +.>Vector dimension, random number->Vector parameters->Initial accumulated valueaccHash function H, bilinear mappingeAnd common parametersparProviding the public parameters to the system participant;
in one embodiment, the security parameters,/>Is a groupGIs the root of (1),>is group G 1 Is used for generating the generation element of (a),is group G 2 Is a generator, group of (1)GG is RSA business group 1 、G 2 、G T Three multiplication groups respectively; vector dimension is an integernRandom number->Vector parameters->Initializing a null vector +.>,/>Representing elements in the vector; initial accumulated value +.>The method comprises the steps of carrying out a first treatment on the surface of the Hash function->Bilinear map->The method comprises the steps of carrying out a first treatment on the surface of the Public parameters。
After the data owner uploads the original data stream to the server in the verifiable fabric update phase, the server first aggregates the dataThe elements in (a) generate a new accumulated value +.>Then all accumulated values are inserted into the corresponding index positions of the vectors, and finally the vector is opposite to the accumulated valuesThe quantum element generates a commitment value C of fixed constant overhead size and returns to the data owner.
In one embodiment, the data owner uploads the elementyThen, the server generates a new accumulated value according to the received data informationAnd new accumulated value +.>Continuously updating the inserted vector +.>In (1) for vector->Generating vector commitment->The method comprises the steps of carrying out a first treatment on the surface of the When the subsequent data owner performs the update, an update commitment is further generated>And returned to the data owner for storage, wherein +.>Representing the newly updated vector. In this process, the server generates a commitment value of a fixed constant size for verification. Therefore, the communication overhead and the client storage generated in the interaction process are both of a constant magnitude, and the efficiency of the system is greatly improved.
After the data user initiates the data query and verification request in the stage of generating and detecting the certification information, the cloud server returns the corresponding certification informationAndproofand (5) giving the data user, and finally, executing the verification process for the data user.
In one embodiment, after the data user initiates the data query and verification request during the attestation information generation and detection phaseThe cloud server returns corresponding proving informationAndgiving the data owner; wherein (1)>An index set representing the position of the vector,Xrepresenting the set of all accumulation elements, hash value +.>,/>The method comprises the steps of carrying out a first treatment on the surface of the The data owner first performs a verification operation +.>Judging whether the equation is satisfied; if the equation is not satisfied, returning 0 indicates that the verification is not passed; if the equation is true, it indicates that the verification is passed; data owners continue to execute vector commitment in-validation algorithmsIf the return result is 1, it indicates that the final verification is passed, and if 0 is returned, it indicates that the verification is not passed.
Referring to fig. 3 and fig. 4, the invention provides a search ciphertext detectable method based on accumulated promise verification, which specifically comprises the following steps:
in the system initialization stage, security parameters are inputλDefining vector dimension sizenSymmetric encryption keykVector quantityPublic parametersparAnd initial state informationσGenerating pseudo-random functions required by the systemFHash function H 1 ,H 2 Information such as the like;
in one embodiment, security parameters are enteredInitializing vector size +.>Generating a symmetric encryption key->The method comprises the steps of carrying out a first treatment on the surface of the Defining a pseudo-random function->The method comprises the steps of carrying out a first treatment on the surface of the Hash function->,/>The method comprises the steps of carrying out a first treatment on the surface of the Initializing a counter for updating keywords>And null vector->Define initial status information->And respectively executing an initialization algorithm of vector commitment +.>And an initialization algorithm for a dynamic accumulator +.>The method comprises the steps of carrying out a first treatment on the surface of the Definition of public parameters->。
During ciphertext index update phase, the data owner cryptographically protects all data and uses a pseudo-random functionFKeyword-document pairw,ind) Processing to generate and upload index ciphertext dataaddrAndvaluethe cloud server performs updating according to the received data informationProcedure and corresponding data promise value is generatedCReturning to the user;
in one embodiment, the data owner enters a keyword-document #w,ind) Performing index encryption operation on the object; encryption keywWhen new document of (2) is calculated pseudo-random functionAnd define the value of (2)The method comprises the steps of carrying out a first treatment on the surface of the Counter->The synchronous increment is 1 so as to realize that the update index is not associated with the previous search token and realize forward security; encryptionindRecord the operationopBinding and calculatingWhereinopInvolving addition or deletion operations to distinguish pairsindThe updating operation of the system is automatically operated by a data user during final decryption, so that the backward safety is ensured; the data owner couples the ciphertextaddr,value) Sending the data to a server;
after receiving the ciphertext pair, the server adds the ciphertext pair into the ciphertext database EDB:and further performing a commitment operation on the received ciphertext data; first mapaddrVector indexiIn (c) inserting correspondingvalueValue to File set +.>In, generate set->Is +.>And added to vector->In (a) and (b); finally the server generates a vector->Constant size commitment of (a)CAnd sending the data to a data user for local storage.
In the token searching and ciphertext detecting stage, the data user generates a searching token according to the keyword information required to be detected by the data usertokenAnd sending the data to a cloud storage server; the cloud storage server executes the search process and returns the search result and verification information to the data user; to detect whether cloud server has malicious behavior, data users execute accumulated promise verification algorithm on received ciphertext informationVerifyAfter the verification is passed, a decryption process is performed.
In one embodiment, the data user first needs to search for keywordswGenerating search tokenstokenList of (2)WhereinjRepresenting calculator DCw]Value of>A value representing a search token; then list the search tokensTLSending the data to a server; after receiving the search, the server finally returns a search result list RL to the data user, wherein +.>,The method comprises the steps of carrying out a first treatment on the surface of the To effect authentication, the server returns membership information to the data userWherein->The method comprises the steps of carrying out a first treatment on the surface of the When the data user receives the search result RL and the certification informationproofThen executing a detection process; data user firstJudgingOutputting 0 and terminating the subsequent process if the detection fails; otherwise, the data user will further detect +>Outputting 0 and terminating if the detection fails; if the detection passes, indicating that the cloud server executes the operation flow in honest; finally, data user decrypting calculationThe method comprises the steps of carrying out a first treatment on the surface of the If it isopTo increase the operation, the data user willindAdding the result to a final result list; if it isopTo delete the operation, the data user willindAnd deleting from the final result list.
The embodiment also provides a search ciphertext detectable device based on accumulated promise verification, which comprises:
one or more processors;
and a storage device for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to implement the search ciphertext detectable method based on accumulated promise verification.
The invention solves the defect that the original vector promise cannot realize dynamic operation, designs a dynamic verifiable structure capable of accumulating vector promise, and realizes constant-size client storage and high-efficiency retrieval efficiency; the structure is applied to the field of ciphertext retrieval, and can realize forward and backward security in the retrieval process and malicious behavior detection of a server, so that the security of the system is further improved.
The invention can provide a reliable and safe ciphertext searching detection method for users in more fields of cloud storage, data security, blockchain and the like.
The invention carries out extensive experimental analysis, and randomly extracts the original safe data set into sub-data sets with different sizes, which are used for evaluating the storage cost of the verification structure in the client in the search ciphertext detectable system capable of accumulating promise verification, the calculation cost of the search stage and the calculation cost of the verification stage.
The experiment uses the GNU MP library 6.2.1 version and the PBC library 0.5.14 version, linux Ubuntu 20.04, and C++ language to realize all the technical schemes. Wherein the pseudo random function PRF and the hash function are instantiated using an algorithm of SHA-256 hash function and ZUC ancestor. All test experiments were run on desktop computers of Windows 10 Enterprise system, inter (R) Core (TM) i5-11400 CPU@2.6GHz and 16.0 GB RAM configuration.
(1) The experimental analysis was tested based on the usual safety mail data set. According to the logarithmic condition of different keyword documents, first, sub-data sets with different sizes are extracted as shown in the following table 1:
table 1: sub-dataset extraction case table
(2) For the extracted different sub-data sets, the storage overhead of the verification data structure of the invention at the client is analyzed, and further compared with the existing technology for analysis, and relevant test data are shown in table 2.
As can be seen from table 2, the storage overhead of the verification structure at the client in the technical route of the present invention is the lowest, only 0.31KB is needed, the storage overhead based on the cumulative authentication tag technology is increased with the increase of the data set, and when the complete secure data set is reached, the storage overhead of 230.5MB is needed, and the storage overhead based on the incremental hash technology is also a constant level, but the storage overhead of 0.65KB is needed. It is apparent that the storage efficiency of the technical route of the present invention is more advantageous.
Table 2: storage overhead comparison condition table of different verification structures at client
(3) Aiming at the time cost in the retrieval process of the technology, the test analysis is carried out and the technology is compared with the existing technology. When the number of the retrieved documents is from 1000 to 10000, the retrieval time cost in the existing incremental hash-based technical scheme can be found to be increased from 0.0463 seconds to 0.3486 seconds, the retrieval operation time cost in the cumulative authentication tag-based technical scheme is increased from 0.0178 seconds to 0.0931 seconds, the retrieval time is increased from 0.0087 seconds to 0.0857 seconds, and the obvious efficiency is optimal. The relevant experimental test data are shown in table 3.
Table 3: time overhead condition table for retrieval process
(4) The time overhead required for the verification process of the present technology is tested and analyzed against existing technologies. When the number of documents to be verified is from 1000 to 10000, the verification time in the existing incremental hash-based technical scheme is increased from 1.3795 seconds to 5.6937 seconds, the verification operation time cost of the accumulated authentication tag-based technical scheme is increased from 0.0493 to 0.0769, the verification time of the technology is basically stabilized to about 0.0341 seconds within the range of acceptable reasonable experimental errors, and the verification cost of the technology is the lowest. The relevant experimental test data are shown in table 4.
Table 4: verification process time overhead situation table
It should be understood that the foregoing description of the preferred embodiments is not intended to limit the scope of the invention, but rather to limit the scope of the claims, and that those skilled in the art can make substitutions or modifications without departing from the scope of the invention as set forth in the appended claims.
Claims (7)
1. The search ciphertext detectable method based on the accumulated promise verification is applied to a search ciphertext detectable system based on the accumulated promise verification; the system participation entity comprises a data owner, a data user and a cloud storage server;
the method is characterized in that the specific implementation of the accumulated promise verification comprises the following steps:
in the system initialization stage, security parameters are inputInitializing generation accumulator and vector commitment related parameter information including generation element +.>Vector dimensionnRandom number->Vector parameters->Empty vector->Initial accumulated valueaccHash function H, bilinear mappingeAnd common parametersparProviding the public parameters to the system participant;
after the data owner uploads the original data stream to the server in the verifiable fabric update phase, the server first aggregates the dataThe elements in (a) generate a new accumulated value +.>Then, inserting all accumulated values into corresponding index positions of the vectors, and finally generating a promise value C with fixed constant overhead size for vector elements and returning the promise value C to a data owner;
during the verifiable fabric update phase, data congestionSomeone uploads elementsyThen, the server generates a new accumulated value according to the received data informationAnd new accumulated value +.>Continuously updating the inserted vector +.>In (1) for vector->Generating vector commitment->The method comprises the steps of carrying out a first treatment on the surface of the When the subsequent data owner performs the update, an update commitment is further generated>And returned to the data owner for storage, wherein +.>A vector representing a new update;
after the data user initiates the data query and verification request in the stage of generating and detecting the certification information, the cloud server returns the corresponding certification informationAndproofgiving the data user, and finally executing a verification process by the data user;
after the data user initiates the data query and verification request in the stage of generating and detecting the certification information, the cloud server returns the corresponding certification informationAnd->Giving the data owner; wherein (1)>An index set representing the position of the vector,Xrepresenting the set of all accumulation elements, hash value +.>,,iIs a vector index; the data owner first performs a verification operationJudging whether the equation is satisfied; if the equation is not satisfied, returning 0 indicates that the verification is not passed; if the equation is true, it indicates that the verification is passed; data owners continue to execute vector commitment in-validation algorithmsIf the return result is 1, it indicates that the final verification is passed, and if 0 is returned, it indicates that the verification is not passed.
2. The method for detecting the retrieval ciphertext based on the accumulated promise verification of claim 1, wherein the method comprises the following steps: during system initialization phase, security parameters,/>Is a groupGIs the root of (1),>is group G 1 Is the root of (1),>is group G 2 Is a generator of (1)Group (a) of groupsGG is RSA business group 1 、G 2 、G T Three multiplication groups respectively; vector dimension is an integernRandom numberVector parameters->Initializing null vectors,/>Representing elements in the vector; initial accumulated value +.>The method comprises the steps of carrying out a first treatment on the surface of the Hash functionBilinear map->The method comprises the steps of carrying out a first treatment on the surface of the Public parameters。
3. The method for detecting the retrieval ciphertext based on the accumulated promise verification of claim 1, wherein the specific implementation comprises the following steps:
in the system initialization stage, security parameters are inputλDefining vector dimension sizenSymmetric encryption keykVector quantityPublic parametersparAnd initial state informationσGenerating pseudo-random functions required by the systemFHash function H 1 ,H 2 ;
During ciphertext index update phase, the data owner cryptographically protects all data and uses a pseudo-random functionFKeyword-document pairw,ind) Processing to generate and upload index ciphertext dataaddrAndvaluethe cloud server executes the updating process according to the received data information and generates corresponding data promise valuesCReturning to the user;
in the token searching and ciphertext detecting stage, the data user generates a searching token according to the keyword information required to be detected by the data usertokenAnd sending the data to a cloud storage server; the cloud storage server executes the search process and returns the search result and verification information to the data user; to detect whether cloud server has malicious behavior, data users execute accumulated promise verification algorithm on received ciphertext informationVerifyAfter the verification is passed, a decryption process is performed.
4. The method for detecting ciphertext according to claim 3, wherein the security parameters are inputInitializing vector size +.>Generating a symmetric encryption key->The method comprises the steps of carrying out a first treatment on the surface of the Defining a pseudo-random function->The method comprises the steps of carrying out a first treatment on the surface of the Hash function->,/>The method comprises the steps of carrying out a first treatment on the surface of the Initializing a counter for updating keywords>And null vector->Define initial status information->And respectively executing initialization algorithm of vector commitmentInitialization algorithm for dynamic accumulatorThe method comprises the steps of carrying out a first treatment on the surface of the Definition of public parameters->。
5. The method for detecting the retrieval ciphertext based on the accumulated promise verification of claim 4, wherein the method comprises the following steps: in the cryptograph index updating stage, a data owner inputs keywords-documents @, andw,ind) Performing index encryption operation on the object; encryption keywWhen new document of (2) is calculated pseudo-random functionAnd define the value of (2)The method comprises the steps of carrying out a first treatment on the surface of the Counter->The synchronous increment is 1 so as to realize that the update index is not associated with the previous search token and realize forward security; encryptionindRecord the operationopBinding and calculatingWhereinopInvolving addition or deletion operationsFor distinguishing pairs ofindThe updating operation of the system is automatically operated by a data user during final decryption, so that the backward safety is ensured; the data owner couples the ciphertextaddr,value) Sending the data to a server;
after receiving the ciphertext pair, the server adds the ciphertext pair into the ciphertext database EDB:and further performing a commitment operation on the received ciphertext data; first mapaddrVector indexiIn (c) inserting correspondingvalueValue to File set +.>In, generate set->Is +.>And added to vector->In (a) and (b); finally the server generates a vector->Constant size commitment of (a)CAnd sending the data to a data user for local storage.
6. The method for detecting the retrieval ciphertext based on the accumulated promise verification of claim 5, wherein the method comprises the following steps: in the token retrieval and ciphertext detection stage, a data user firstly needs to search keywordswGenerating search tokenstokenList of (2)WhereinjRepresenting calculator DCw]Value of>A value representing a search token; then list the search tokensTLSending the data to a server; after receiving the search, the server finally returns a search result list RL to the data user, wherein +.>,The method comprises the steps of carrying out a first treatment on the surface of the To effect authentication, the server returns membership information to the data userWherein->The method comprises the steps of carrying out a first treatment on the surface of the When the data user receives the search result RL and the certification informationproofThen executing a detection process; the data user first judgesOutputting 0 and terminating the subsequent process if the detection fails; otherwise, the data user will further detect +>Outputting 0 and terminating if the detection fails; if the detection passes, indicating that the cloud server executes the operation flow in honest; finally, data user decrypting calculationThe method comprises the steps of carrying out a first treatment on the surface of the If it isopTo increase the operation, the data user willindAdding the result to a final result list; if it isopTo delete the operation, the data user willindAnd deleting from the final result list.
7. A search ciphertext detectable device based on accumulated commitment verification, comprising:
one or more processors;
storage means for storing one or more programs that, when executed by the one or more processors, cause the one or more processors to implement the method of accumulated promise verification-based retrieval ciphertext detectable method of any one of claims 1 to 6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311376651.6A CN117134993B (en) | 2023-10-24 | 2023-10-24 | Search ciphertext detectable method and equipment based on accumulated promise verification |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311376651.6A CN117134993B (en) | 2023-10-24 | 2023-10-24 | Search ciphertext detectable method and equipment based on accumulated promise verification |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN117134993A CN117134993A (en) | 2023-11-28 |
| CN117134993B true CN117134993B (en) | 2024-01-05 |
Family
ID=88861308
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311376651.6A Active CN117134993B (en) | 2023-10-24 | 2023-10-24 | Search ciphertext detectable method and equipment based on accumulated promise verification |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117134993B (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2790349A1 (en) * | 2013-04-08 | 2014-10-15 | Thomson Licensing | Cryptographic devices and methods for generating and verifying commitments from linearly homomorphic signatures |
| CN106991148A (en) * | 2017-03-27 | 2017-07-28 | 西安电子科技大学 | It is a kind of to support the full database authentication system and method for updating operation |
| CN112800445A (en) * | 2021-01-21 | 2021-05-14 | 西安电子科技大学 | Boolean query method for forward and backward security and verifiability of ciphertext data |
| CN113254955A (en) * | 2021-05-01 | 2021-08-13 | 西安电子科技大学 | Forward security connection keyword symmetric searchable encryption method, system and application |
| CN114584286A (en) * | 2022-05-06 | 2022-06-03 | 武汉大学 | Dynamic ciphertext retrieval and verification method and system supporting omnidirectional operation |
| JP2022121846A (en) * | 2021-02-09 | 2022-08-22 | 株式会社日立製作所 | Information processing system and information processing method |
| CN116028947A (en) * | 2022-12-15 | 2023-04-28 | 长沙理工大学 | Verifiable query index and device based on encryption key words |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2846492A1 (en) * | 2013-09-05 | 2015-03-11 | Thomson Licensing | Cryptographic group signature methods and devices |
| US11032068B2 (en) * | 2018-06-29 | 2021-06-08 | International Business Machines Corporation | Leakage-deterring encryption for message communication |
-
2023
- 2023-10-24 CN CN202311376651.6A patent/CN117134993B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2790349A1 (en) * | 2013-04-08 | 2014-10-15 | Thomson Licensing | Cryptographic devices and methods for generating and verifying commitments from linearly homomorphic signatures |
| CN106991148A (en) * | 2017-03-27 | 2017-07-28 | 西安电子科技大学 | It is a kind of to support the full database authentication system and method for updating operation |
| CN112800445A (en) * | 2021-01-21 | 2021-05-14 | 西安电子科技大学 | Boolean query method for forward and backward security and verifiability of ciphertext data |
| JP2022121846A (en) * | 2021-02-09 | 2022-08-22 | 株式会社日立製作所 | Information processing system and information processing method |
| CN113254955A (en) * | 2021-05-01 | 2021-08-13 | 西安电子科技大学 | Forward security connection keyword symmetric searchable encryption method, system and application |
| CN114584286A (en) * | 2022-05-06 | 2022-06-03 | 武汉大学 | Dynamic ciphertext retrieval and verification method and system supporting omnidirectional operation |
| CN116028947A (en) * | 2022-12-15 | 2023-04-28 | 长沙理工大学 | Verifiable query index and device based on encryption key words |
Non-Patent Citations (5)
| Title |
|---|
| Authenticated Keyword Search in Scalable Hybrid-Storage Blockchains;Zhang Ce;《2021 IEEE 37TH INTERNATIONAL CONFERENCE ON DATA ENGINEERING (ICDE 2021)》;全文 * |
| Secure Dynamic Searchable Symmetric Encryption With Constant Client Storage Cost;Kun He;《IEEE Transactions on Information Forensics and Security 》;全文 * |
| 基于向量承诺与代理重加密的数据外包及分享方案;吴兴华;张爱新;李建华;;计算机工程(第10期);全文 * |
| 支持关键字更新的基于属性可搜索加密方案;许盛伟;王荣荣;陈诚;;计算机应用与软件(第03期);全文 * |
| 支持高效密文密钥同步演化的安全数据共享方案;严新成;陈越;贾洪勇;陈彦如;张馨月;;通信学报(第05期);全文 * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN117134993A (en) | 2023-11-28 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Volety et al. | Cracking Bitcoin wallets: I want what you have in the wallets | |
| US9275250B2 (en) | Searchable encryption processing system | |
| US20160379013A1 (en) | Cryptographic assurances of data integrity for data crossing trust boundaries | |
| US8234283B2 (en) | Search reporting apparatus, method and system | |
| CN109074452A (en) | System and method for generating trip wire file | |
| CN106776904A (en) | The fuzzy query encryption method of dynamic authentication is supported in a kind of insincere cloud computing environment | |
| Hasan et al. | Cloud data provenance using IPFS and blockchain technology | |
| CN110826091B (en) | File signature method and device, electronic equipment and readable storage medium | |
| CN114021164B (en) | Credit system privacy protection method based on block chain | |
| CN105260653A (en) | Safe loading method and system of program on the basis of Linux | |
| Liu et al. | Towards fully verifiable forward secure privacy preserving keyword search for IoT outsourced data | |
| Cui et al. | Towards privacy-preserving malware detection systems for android | |
| Holmes et al. | A framework for live host-based Bitcoin wallet forensics and triage | |
| US8499357B1 (en) | Signing a library file to verify a callback function | |
| US11502856B2 (en) | Method for providing information to be stored and method for providing a proof of retrievability | |
| Kumar et al. | SIGNIFICANCE of hash value generation in digital forensic: A case study | |
| CN117134993B (en) | Search ciphertext detectable method and equipment based on accumulated promise verification | |
| KR101422759B1 (en) | Secure method for data store and share in data outsourcing | |
| CN115473703A (en) | Identity-based ciphertext equivalence testing method, device, system and medium for authentication | |
| US11455404B2 (en) | Deduplication in a trusted execution environment | |
| Gao et al. | Similarity-based deduplication and secure auditing in IoT decentralized storage | |
| Huang et al. | A verifiable encryption scheme supporting fuzzy search | |
| Chen et al. | Memory leakage-resilient dynamic and verifiable multi-keyword ranked search on encrypted smart body sensor network data | |
| Sun et al. | An active android application repacking detection approach | |
| CN112559484A (en) | Method, apparatus and computer program product for managing data objects |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |