CN117424702A - Traitor tracing revocation method for preventing instrument test data malicious encryptor attack - Google Patents
Traitor tracing revocation method for preventing instrument test data malicious encryptor attack Download PDFInfo
- Publication number
- CN117424702A CN117424702A CN202311489119.5A CN202311489119A CN117424702A CN 117424702 A CN117424702 A CN 117424702A CN 202311489119 A CN202311489119 A CN 202311489119A CN 117424702 A CN117424702 A CN 117424702A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- message
- revocation
- malicious
- encryptor
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 54
- 238000012360 testing method Methods 0.000 title claims abstract description 9
- 238000004422 calculation algorithm Methods 0.000 claims abstract description 32
- 230000008901 benefit Effects 0.000 claims abstract description 10
- 230000006870 function Effects 0.000 claims description 31
- 238000004364 calculation method Methods 0.000 claims description 9
- 238000004590 computer program Methods 0.000 claims description 6
- 230000008569 process Effects 0.000 claims description 6
- SLXKOJJOQWFEFD-UHFFFAOYSA-N 6-aminohexanoic acid Chemical compound NCCCCCC(O)=O SLXKOJJOQWFEFD-UHFFFAOYSA-N 0.000 claims description 3
- 150000001875 compounds Chemical class 0.000 claims description 3
- 230000002452 interceptive effect Effects 0.000 claims description 3
- 230000001483 mobilizing effect Effects 0.000 claims description 3
- 238000012545 processing Methods 0.000 claims description 3
- 230000001939 inductive effect Effects 0.000 claims 1
- 238000009827 uniform distribution Methods 0.000 abstract description 5
- 238000003491 array Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 239000003814 drug Substances 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 238000011160 research Methods 0.000 description 2
- 206010000117 Abnormal behaviour Diseases 0.000 description 1
- 230000005856 abnormality Effects 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000001010 compromised effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000009826 distribution Methods 0.000 description 1
- 229940079593 drug Drugs 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000002474 experimental method Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000036541 health Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008092 positive effect Effects 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
- 238000012795 verification Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0825—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/50—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using hash chains, e.g. blockchains or hash trees
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/08—Randomization, e.g. dummy operations or using noise
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/603—Digital right managament [DRM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/60—Digital content management, e.g. content distribution
- H04L2209/606—Traitor tracing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
The invention belongs to the technical field of information security, and particularly relates to a traitor tracing revocation method and system for preventing a malicious encryptor of instrument test data from attacking. The message is then encrypted into a row ciphertext and a column ciphertext using an encryption algorithm. The hash value after hash has the characteristic of uniform distribution, so that random number trapdoor cannot appear after hash, and trapdoor attack cannot exist. The invention is a tracking revocation scheme for preventing malicious encryptors by utilizing the uniformly distributed characteristic of hash function output. The method has the advantages that the storage cost of the user is a fixed value, and the ciphertext is decrypted only by four bilinear operations, so that the authorized user can decrypt quickly, and whether the ciphertext is subjected to replay attack can be verified by using the result of the two decrypting. The hash on the important random number can also ensure that it is not subject to malicious trapdoor attacks.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a traitor tracing and revocation method for preventing a malicious encryptor of instrument test data from attacking.
Background
Under the rapid development of multimedia technology, the information is spread with a network as a medium at a remarkable speed, and a large amount of data is shared on the Internet, so that criminals make use of the characteristic that digital products are easy to copy to make pirates and gain benefits. The former Traitor Tracing (TT) technique was introduced by Chor, fiat and Naor to identify traitors aiming at maintaining the interests of the content provider. Existing traitor tracing schemes are very widely used, for example in the environment of CD/DVD distribution, pay tv, multimedia protection, secure email, internet tv, digital rights protection, etc. Traitor tracing is also intrinsically privacy preserving and thus is closely tied to Differential Privacy (DP), which can interact to preserve privacy security, and thus a combination of both can also be considered for medical use. Clinical study queue data in medical treatment and clinical test data of medical instruments are harmful in many aspects once leaked. Not only is the privacy of a patient revealed, but also the revealed data can damage the research result, and lawbreakers can be used for illegal activities, so that intellectual property rights are threatened due to the fact that the research data contains business sensitive information such as new medicine development, treatment methods and the like. The release of pirate drugs can present health risks to the patient, and can also break medical trust, making the patient suspect for medical treatment. There are at least four roles in the TT system based on cloud medical data: an encryptor of medical data, a cloud server, a data receiver, and a tracker. The roles of the four roles are respectively as follows: the encryptor of the medical data can be a medical institution of a large medical database or the like which undertakes the work of encrypting the data, and the encrypted ciphertext is uploaded to a cloud server; when the community hospital wants to access the medical data of the general hospital, the cloud server distributes the medical data correspondingly; the data content can be received by the data receiver of the salon by decrypting the ciphertext by using the key provided by the authority; the salon can periodically monitor the classification to see if there is abnormal behavior, such as an abnormality, and can request the tracker to track. In order to obtain the benefit, the data receiver will construct a pirate decoder by selling its own key or using its own key, and sell it to unauthorized receivers, which are called malicious users, i.e. traitors, among the legal users. However, a precondition for these studies is that there is a trusted third party, i.e. the setting algorithm that distributes the user's private key is trusted. At this time, if an untrusted data encryptor also wants to make a profit from it, a random number trapdoor is embedded, and the profit can be obtained by selling this trapdoor to an unauthorized recipient. Currently, no traitor tracing scheme considers such a problem. DP may help reduce the risk of traitor tracing, thereby improving privacy protection of medical data. In the existing scheme, the combination of differential privacy and traitor tracing ensures the privacy security of a receiver, and no scheme is provided for preventing malicious attacks of an encryptor, but the attack model is established and needs to be prevented.
Through the above analysis, the problems and defects existing in the prior art are as follows:
(1) Traitor tracing has been focused on tracing malicious authorized users without consideration of malicious encryptors. When a malicious encryptor encrypts medical sensitive data, there is no way to prevent embedding a random number trapdoor to gain advantage.
(2) The combination of TT and DP ensures the privacy security of the receiver, but in the existing scheme, the role of a malicious encryptor is not considered, the role is equal to that of a malicious user, and the existence of an attack model stronger than the malicious user is assumed, so that no method is considered, thereby ensuring the security of the receiver and preventing the malicious encryptor.
Disclosure of Invention
Aiming at the problems existing in the prior art, the invention provides a traitor tracing revocation method for preventing the attack of a malicious encryptor of instrument test data.
The invention is realized in such a way that a tracking revocation method for preventing a malicious encryptor comprises the steps of selecting a random number and two hash functions, and carrying out hash generation on a result after the random number and a serial number are cascaded; then encrypting the message into a row ciphertext and a column ciphertext by using an encryption algorithm; the system setting algorithm generates a public key and a private key, encrypts a message and sends the message to an authorized user set, after receiving a ciphertext, a user performs decryption operation to recover the message and random parameters, and a tracker judges the probability of correct decryption by interacting with a suspicious piracy decoder to add a traitor to a revocation set.
Further, the method comprises the steps of: selecting a random number R E G, two hash functions H 1 、H 2 For a random number R and a user identifier ID L Hash generation of blinding factor eta from cascade results L =H 1 (R||ID L ) (1 < L < m), where m is half of the total users of the system, i.e. n=m 2 The method comprises the steps of carrying out a first treatment on the surface of the By means of blinding factors eta L Encrypting message M into ciphertextSum column ciphertextI.e. ciphertext ++>
Further, the method for preventing the tracking revocation of the malicious encryptor specifically includes the steps of:
s1, calling a system setting algorithm, inputting a security parameter lambda and the number N of system users, and selecting two hash functions H 1 ,H 2 A random number R epsilon G, calculating eta L =H 1 (R||ID L ) Wherein, L is more than 1 and less than m, generating a public key PK and private keys of all users;
s2, calling an encryption algorithm to encrypt the message, and sending the message to all authorized user sets; encrypting M to be not only that the row value is larger than i or that the row value is equal to i and the column value is larger than j, but also that the M belongs to an S set, wherein i is larger than or equal to 1 and M is smaller than or equal to j; generating ciphertextBroadcasting it to authorized users;
s3, userAfter receiving the ciphertext, the decryption operation is performed, and a decryption private key K 'is calculated first' x,y By calculatingRecovering the message M and finally calculating the formulaRecovering a random parameter R;
s4, the tracker calls encryption algorithm and a suspicious pirate decoderInteraction, ->Representation->Probability of correctly decrypting ciphertext, e represents the advantage of decryption, when +.>I is then the traitor, adding i to the set revocation set T.
Further, S1 specifically includes: and calling a setting algorithm to input a security parameter lambda and the number N of system users. First an integer n=pq is generated, where p, q is a random prime number, the size of which depends on the security parameters. Generating bilinear group G of compound n-order, selecting random generator G p ,h p ∈G p And g q ,h q ∈G q Let g=g p g q ,h=h p h q E G, random element u p,1 ,...u p,m ∈G p ,u q,1 ,...u q,m ∈G q Definition u i =u p,i u q,i Where i=1, 2,..m. Second, two hash functions H are selected 1 ,H 2 A random number R epsilon G, a random element delta, R 1 ,...,r m ,c 1 ,...,c m ∈Z n ,α 1 ,...,α m ∈Z n ,β∈Z q ,γ∈Z p Finally, calculating eta L =H 1 (R||ID L ) Wherein 1 < L < m, generating a public key PK in the first step:
user private key:
further, S2 specifically includes: the encryption algorithm is that the encrypted message is distributed to all authorized receivers, and M is encrypted until the row value is greater than i or the row value is equal to i and the column value is greater than j, and the encrypted message belongs to an S set; first, four random elements t, k, omega are selected i ,s i Reusing Hash function H 2 Hash the random number as H 2 (t),H 2 (k),H 2 (ω 1 ),...,H 2 (ω m ),H 2 (s 1 ),...,H 2 (s m )∈Z n Then select random b 1 ,...,b j-1 ∈Z n ,(v 1,1 ,v 1,2 ,v 1,3 ,v 1,4 ),...,(v i-1,1 ,v i-1,2 ,v i-1,3 ,v i-1,4 )∈Z n The method comprises the steps of carrying out a first treatment on the surface of the For each row, calculate the row ciphertext:
if x > i X=i +.> If x < i-> For each column, calculate column ciphertext: if y is greater than or equal to j>If y < j, thenThe ciphertext comprises the following components:wherein T is x For broadcasting, the remaining ciphertext components are used for tracking and revocation.
Further, S3 specifically includes: after receiving ciphertext, the user (x, y) epsilon S performs decryption operation, and calculates a decryption private keyThen calculate the formulaCan recover the message M and finally calculate the formulaThe random number R is recovered.
Further, S4 specifically includes: when a suspicious device is found, a third party authority is allowed to trace, and the key is revoked after a traitor is traced; an empty set T is initialized, and the following steps are included from i=1 to N: selecting a sample M from a limited message set, and then mobilizing an encryption algorithm to generate a tracing ciphertextAnd pirate decoder->Interactive (I)>Representation->Probability of correct decryption, when->When i is a traitor, add i to set T. Briefly, after traversing N users with a binary search, adding traitors to set T, and dropping set T;
only the private key sk that the user needs to store (x,y) =(d′ (x,y) ,d″ (x,y) ,d 1 ,...,d y-1 ,,d y+1 ,…d m ) Thus the storage cost isAfter the ciphertext is received, the intermediate key is calculated three times and once in decryptionThe message M and the random number R are recovered respectively for the other two times, the whole calculation process is mainly bilinear operation, and the bilinear operation is the same when the message M and the random number R are recovered, so the calculation cost is 4|e I.
Another object of the present invention is to provide a tracking revocation system for preventing a malicious encryptor, comprising:
the system setting module is used for generating various parameters of the system, inputting the number N of users and a security parameter lambda, and outputting a public key and a private key corresponding to the users;
the encryption module is used for encrypting the message, encrypting the random number by utilizing a hash function, so that the output is uniformly distributed, and then transmitting the encrypted message to the authorized user set;
the decryption module is used for decrypting the ciphertext received by the user (x, y) and recovering the message M and the random parameter R;
and the tracing revocation module enables a tracing authority (such as police) to trace when the suspicious equipment is found, and revokes the key after traitors are traced, so that the revealing hazard is reduced.
Another object of the present invention is to provide a computer device, which includes a memory and a processor, wherein the memory stores a computer program, and the computer program when executed by the processor causes the processor to execute the steps of the tracking revocation method for preventing a malicious encryptor.
Another object of the present invention is to provide a computer readable storage medium storing a computer program, which when executed by a processor, causes the processor to perform the steps of the tracking revocation method for preventing a malicious encryptor.
Another object of the present invention is to provide an information data processing terminal for implementing the tracking revocation system for preventing malicious encryptors.
In combination with the technical scheme and the technical problems to be solved, the technical scheme to be protected has the following advantages and positive effects:
first, the security of the present invention depends on the characteristics of the hash function, and the hashed value after hashing has the characteristic of uniform distribution, so that no random number trapdoor will appear after hashing, and thus no trapdoor attack will exist. After decryption, the user can also utilize the hash function to hash the received message and the random number to see if the user is under replay attack. This is the first anti-rogue encryptor's trace revocation scheme using the hash function feature.
Second, the present invention is the first to use the hash function to output a uniformly distributed characteristic to prevent the tracking revocation scheme of a malicious encryptor. The method has the advantages that the storage cost of the user is a fixed value, and the ciphertext is decrypted only by four bilinear operations, so that the authorized user can decrypt quickly, and whether the ciphertext is subjected to replay attack can be verified by using the result of the two decrypting. The hash on the important random number can also ensure that it is not subject to malicious trapdoor attacks.
The technical scheme of the invention fills the technical blank in the domestic and foreign industries: the technology at home and abroad does not consider that malicious encryptors use random numbers to make a profit, and the invention considers that the hash function output uniform distribution characteristic is also used for preventing the trapdoor attack of the malicious encryptors, and the user self-verification prevents replay attack.
Third, the remarkable technical progress of this method mainly includes the following points:
1. use of random numbers and hash functions: by selecting a random number and applying a hash function, the security and unpredictability of the system may be increased. The introduction of random numbers increases the randomness of the system, so that an attacker cannot guess the next operation, and the use of the hash function can ensure the integrity and irreversibility of data.
2. Encryption mode of row ciphertext and column ciphertext: the conventional encryption method generally encrypts the whole message, and the method adopts an encryption method of a row ciphertext and a column ciphertext. By the method, the data security can be improved, and even if part of ciphertext is obtained by an attacker, the whole message content cannot be restored.
3. The ability to trace and revoke traitors: the method introduces the concept of a tracker, and judges the probability of correct decryption by interacting with a suspicious pirate decoder. This mechanism allows the system to track and revoke the rights of traitors, thereby protecting the security and integrity of the data.
In summary, the method has significant technical progress in randomness, encryption mode and capability of tracing the revocation traitor, enhances the protection capability of the system against attacks by malicious encryptors, and improves the security and traceability of data.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments of the present invention will be briefly described below, and it is obvious that the drawings described below are only some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a method for preventing a malicious encryptor from tracking revocation provided in an embodiment of the present invention;
fig. 2 is a schematic diagram of a tracking revocation system for preventing malicious encryptors according to an embodiment of the present invention;
FIG. 3 is a flowchart of a method for tracking revocation against malicious encryptor attacks according to an embodiment of the present invention;
fig. 4 is a model diagram provided by an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the following examples in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
In view of the problems with the prior art, the present invention provides a traitor trace revocation method that prevents a malicious encryptor attack on instrumentation test data, the present invention being described in detail below with reference to the accompanying drawings.
The tracking revocation method for preventing malicious encryptors provided by the embodiment of the invention comprises the following steps: selecting a random number R E G, two hash functions H 1 、H 2 Hash generation of eta for the result after concatenation of the random number R and the user identifier L L =H 1 (R||ID L ) Where 1 < L < M, encrypting the line ciphertext to the message M using ηiHe Ling ciphertext->I.e. ciphertext ++>
As shown in fig. 1, the tracking revocation method for preventing a malicious encryptor specifically includes the steps of:
s1, calling a system setting algorithm, inputting a security parameter lambda and the number N of system users, and selecting two hashesFunction H 1 ,H 2 A random number R epsilon G, a set of user identities Fu L Calculating eta L =H 1 (R||ID L ) Wherein L is more than 1 and less than m, generating a public key PK and private keys of all users;
s2, calling an encryption algorithm to encrypt the message, and sending the message to all authorized user setsEncrypting M to be not only that the row value is larger than i or that the row value is equal to i and the column value is larger than j, but also that the M belongs to an S set, wherein i is larger than or equal to 1 and M is smaller than or equal to j; generating ciphertextBroadcasting it to authorized users;
s3, after receiving the ciphertext, the user performs decryption operation, and a decryption private key K 'is calculated first' x,y Then calculate the formulaRecovering the message M and finally calculating the formulaRecovering a random parameter R;
s4, the tracker calls encryption algorithm to interact with a suspected pirate decoder D,representing the probability of a D-correct decryption, when +.>I is then the traitor, adding i to the set revocation set T.
S1 specifically comprises: and calling a setting algorithm to input a security parameter lambda and the number N of system users. First an integer n=pq is generated, where p, q is a random prime number, the size of which depends on the security parameters. Generating bilinear group G of compound n-order, selecting random generator G p ,h p ∈G p And g q ,h q ∈G q Let g=g p g q ,h=h p h q E G, random element u p,1 ,...u p,m ∈G p ,u q,1 ,...u q,m ∈G q Definition u i =u p,i u q,i Where i=1, 2,..m. Second, two hash functions H are selected 1 ,H 2 A random number R epsilon G, a random element delta, R 1 ,...,r m ,c 1 ,...,c m ∈Z n ,α 1 ,...,α m ∈Z n ,β∈Z q ,γ∈Z p Finally, calculating eta L =H 1 (R||ID L ) Wherein 1 < L < m, generating a public key PK in the first step:
user private key:
s2 specifically comprises: the encryption algorithm is that the encrypted message is distributed to all authorized receivers, and M is encrypted until the row value is greater than i or the row value is equal to i and the column value is greater than j, and the encrypted message belongs to an S set; first, four random elements t, k, omega are selected i ,s i Reusing Hash function H 2 Hash the random number as H 2 (t),H 2 (k),H 2 (ω 1 ),...,H 2 (ω m ),H 2 (s 1 ),...,H 2 (s m )∈Z n Then select random b 1 ,...,b j-1 ∈Z n ,(v 1,1 ,v 1,2 ,v 1,3 ,v 1,4 ),...(v i-1,1 ,v i-1,2 ,v i-1,3 ,v i-1,4 )∈Z n The method comprises the steps of carrying out a first treatment on the surface of the For each row, calculate the row ciphertext: if x > i X=i +.> If x < i-> For each column, calculate column ciphertext: if y is greater than or equal to j>If y < j, thenThe ciphertext comprises the following components:
s3 specifically comprises: after receiving ciphertext, the user (x, y) epsilon S performs decryption operation, and calculates a decryption private keyThen calculate formula +.>Restoring the message M and finally calculating the formula +.>Recovering the random number R.
S4 specifically comprises the following steps: when a suspicious device is found, a third party authority is allowed to trace, and the key is revoked after a traitor is traced; first initialize an empty setT, from i=1 to N, has the following steps: selecting a sample M from a limited message set, and then mobilizing an encryption algorithm to generate a tracing ciphertextAnd pirate decoder->Interactive (I)>Representation->Probability of correct decryption, when->When i is a traitor, add i to set T. Briefly, after traversing N users with a binary search, adding traitors to set T, and dropping set T;
only the private key sk that the user needs to store (x,y) =(d′ (x,y) ,d″ (x,y) ,d 1 ,…,d y-1 ,,d y+1 ,...d m ) Therefore, the storage cost is O (1), after the ciphertext is received, the decryption needs to be calculated three times, and the key is calculated onceThe message M and the random number R are recovered respectively for the other two times, the whole calculation process is mainly bilinear operation, and the bilinear operation is the same when the message M and the random number R are recovered, so the calculation cost is 4|e I.
As shown in fig. 2, the tracking revocation system for preventing malicious encryptors provided by the embodiment of the present invention includes:
the system setting module is used for generating various parameters of the system, inputting the number N of users and a security parameter lambda, and outputting a public key and a private key corresponding to the users;
the encryption module is used for encrypting the message, encrypting the random number by utilizing a hash function, so that the output is uniformly distributed, and then transmitting the encrypted message to the authorized user set;
the decryption module is used for decrypting the ciphertext received by the user (x, y) and recovering the message M and the random parameter R;
and the tracing revocation module enables a tracing authority (such as police) to trace when the suspicious equipment is found, and revokes the key after traitors are traced, so that the revealing hazard is reduced.
As shown in fig. 3, the present invention provides a tracking revocation method for combating malicious encryptors, comprising the following steps:
s101, the encryptor selects a random number with a fixed size.
S102, the encryptor generates a new random number by using the random number and a secure hash function.
S103, the encryptor encrypts the ciphertext by using the random number, generates six rows of ciphertext for each row, and generates two columns of ciphertext for each column.
Example 1:
the tracking revocation scheme for preventing malicious encryptors provided by the embodiment of the invention comprises the following steps of:
the number of users N and the security parameter lambda are input, and two hash functions H are selected 1 、H 2 A series of random elements, calculated value eta L =H 1 (R||ID L ) A public key and private keys of all users are generated.
Utilizing eta L =H 1 (R||ID L ) Encrypting the message M and the random number R, respectively, and encrypting the ciphertextHe Ling ciphertext->
After receiving the ciphertext, the user passes through the deviceAnd formula (VI)Recovering the message M and the random number R.
When tracking is needed, an encryption algorithm is called to generate ciphertextAnd pirate decoder->And performing interaction, finding out traitors, adding the traitors into the set T, and finally withdrawing the set T.
As shown in fig. 4, the model of the present invention involves three parties: content provider, authorized user, tracker. The content provider, namely the general hospital, provides broadcast content to the community hospital, and the encrypted data can be data which cannot be compromised, such as clinical study queue data, medical instrument clinical test data and the like. The community hospital decrypts the received ciphertext by using the private key and extracts the required medical data. The authorized user can be a researcher who needs medical data for medical experiments in a hospital, and when traitors want to sell private keys or make benefit of pirate decoders by using the private keys in the authorized user, the authorized tracker can call an encryption algorithm to track the pirate decoders so as to find traitors. When a malicious encryptor appears, i.e. a researcher wants to gain a profit by setting a random number trapdoor, the important random number can be hashed by utilizing the characteristic that a hash function is uniformly distributed, so that the behavior of the malicious encryptor is restrained from the source. When the user wants to verify whether the received content is correct, the user can cascade the received random number R with the user identifier L hash and the published eta by using the disclosed hash function L A comparison is made to see if a replay attack is suffered. The following scheme was devised and the model is shown in fig. 3.
As a preferred embodiment, the method for tracking revocation of an anti-malicious encryptor provided by the embodiment of the present invention specifically includes the following steps:
1. the system setting algorithm inputs the number of users N and the security parameter lambda and selects two hash functions H 1 、H 2 A series of random elements, calculated value eta L =H 1 (R||ID L ) This value is used for encryption and decryption, generating a public key PK and private keys sk for all users i 。
2. And the encryption algorithm is used for encrypting the message and broadcasting the encrypted message to all authorized users, namely, the user set encryption message M with the row sequence number being greater than or equal to i and the column sequence number being greater than j is satisfied. The process mainly uses eta L Encrypting the message M and the random number R, respectively, to encrypt the ciphertext in linesHe Ling ciphertext->
3. The decryption algorithm, after receiving ciphertext, the authorized user has three steps of operation, firstly calculates the private keyRecalculating equation->Restoring the message M and finally calculating the formula +.>The random number R is recovered. In the process, the user can hash the message at any time to verify the correctness of the message.
4. Tracking revocation algorithm, when a suspicious user is found, the tracker may invoke an encryption algorithm to generate ciphertextAnd pirate decoder->Interactions are performed to find traitors, which are placed in a set T, and finally the set T is revoked.
The security of the scheme depends on the characteristic of uniform distribution of the hash function, so that the security of random numbers is ensured, and the scheme is a tracking revocation algorithm of a first anti-malicious encryptor.
Only the private key sk that the user needs to store (x,y) =(d′ (x,y) ,d″ (x,y) ,d 1 ,...,d y-1 ,,d y+1 ,...d m ) Thus the storage cost isAfter the ciphertext is received, the key is calculated three times and one time when decryption is performedThe message M and the random number R are recovered respectively for the other two times, the whole calculation process is mainly bilinear operation, and the bilinear operation is the same when the message M and the random number R are recovered, so the calculation cost is 4|e I.
An application embodiment of the present invention provides a computer device including a memory and a processor, the memory storing a computer program that, when executed by the processor, causes the processor to perform the steps of a tracking revocation method that prevents a malicious encryptor.
An application embodiment of the present invention provides a computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of a tracking revocation method that prevents a malicious encryptor.
The embodiment of the invention provides an information data processing terminal which is used for realizing a tracking revocation system for preventing malicious encryptors.
It should be noted that the embodiments of the present invention can be realized in hardware, software, or a combination of software and hardware. The hardware portion may be implemented using dedicated logic; the software portions may be stored in a memory and executed by a suitable instruction execution system, such as a microprocessor or special purpose design hardware. Those of ordinary skill in the art will appreciate that the apparatus and methods described above may be implemented using computer executable instructions and/or embodied in processor control code, such as provided on a carrier medium such as a magnetic disk, CD or DVD-ROM, a programmable memory such as read only memory (firmware), or a data carrier such as an optical or electronic signal carrier. The device of the present invention and its modules may be implemented by hardware circuitry, such as very large scale integrated circuits or gate arrays, semiconductors such as logic chips, transistors, etc., or programmable hardware devices such as field programmable gate arrays, programmable logic devices, etc., as well as software executed by various types of processors, or by a combination of the above hardware circuitry and software, such as firmware.
The random numbers are generated by a pseudo-random generator, after a hash function, the random numbers with different bit values can be generated into equal-length hash values, and the random numbers cannot be embedded into a trapdoor due to the characteristics of uniform distribution and unidirectionality, so that malicious persons cannot recover plaintext from ciphertext. Even if a malicious encryptor exists, trapdoors cannot be set to make a profit. After decrypting the plaintext, the user concatenates the identity information of himself with the decrypted random number and then hashes the result with eta L And (3) comparing the values of the two values to obtain whether the message is subject to replay attack or not, and judging the correctness of the message. In theory, this approach is feasible.
The foregoing is merely illustrative of specific embodiments of the present invention, and the scope of the invention is not limited thereto, but any modifications, equivalents, improvements and alternatives falling within the spirit and principles of the present invention will be apparent to those skilled in the art within the scope of the present invention.
Claims (10)
1. A traitor tracing revocation method for preventing attack of a malicious encryptor of instrument test data, comprising selecting a random number, two hash functions, and performing hash generation on a result after concatenation of the random number and a serial number; then encrypting the message into a row ciphertext and a column ciphertext by using an encryption algorithm; the system setting algorithm generates a public key and a private key, encrypts a message and sends the message to an authorized user set, after receiving a ciphertext, a user performs decryption operation to recover the message and random parameters, and a tracker judges the probability of correct decryption by interacting with a suspicious piracy decoder to add a traitor to a revocation set.
2. A traitor tracing revocation method for preventing a malicious encryptor attack of instrumented data as claimed in claim 1, comprising: selecting a random number R E G, two hash functions H 1 、H 2 For a random number R and a user identifier ID L Hash generation of blinding factor eta from cascade results L =H 1 (R||ID L ) (1 < L < m), where m is half of the total users of the system, i.e. n=m 2 The method comprises the steps of carrying out a first treatment on the surface of the By means of blinding factors eta L Encrypting message M into ciphertextHe Ling ciphertext->I.e. ciphertext ++>
3. The traitor tracing revocation method for preventing instrumental data malicious encryptor attacks according to claim 2, wherein the traitor tracing revocation method for preventing instrumental data malicious encryptor attacks comprises the specific steps of:
s1, calling a system setting algorithm, inputting a security parameter lambda and the number N of system users, and selecting two hash functions H 1 ,H 2 A random number R epsilon G, calculating eta L =H 1 (R||ID L ) Wherein L is more than 1 and less than m, generating a public key PK and private keys of all users;
s2, calling an encryption algorithm to encrypt the message, and sending the message to all authorized user sets; encrypting M to be not only that the row value is larger than i or that the row value is equal to i and the column value is larger than j, but also that the M belongs to an S set, wherein i is larger than or equal to 1 and M is smaller than or equal to j; generating ciphertextBroadcasting it to authorized users;
s3, after receiving the ciphertext, the user performs decryption operation, and a decryption private key K 'is calculated first' x,y The method comprises the steps of carrying out a first treatment on the surface of the By calculationRecovering the message M and finally calculatingRecovering a random parameter R;
s4, the tracker calls encryption algorithm and a suspicious pirate decoderInteraction, ->Representation->Probability of correctly decrypting ciphertext, e represents the advantage of decryption, when +.>I is then the traitor, adding i to the set revocation set T.
4. The method for preventing a tracking revocation of a malicious encryptor as claimed in claim 3, wherein S1 specifically comprises: invoking a setting algorithm to input a safety parameter lambda and the number N of system users, and firstly generating an integer n=pq, wherein p and q are random prime numbers, and the size depends on the safety parameter; generating bilinear group G of compound n-order, selecting random generator G p ,h p ∈G p And g q ,h q ∈G q Let g=g p g q ,h=h p h q E G, randomElement u of (2) p,1 ,...u p,m ∈G p ,u q,1 ,...u q,m ∈G q Definition u i =u p,i u q,i Wherein i is more than or equal to 1 and less than or equal to m; second, two hash functions H are selected 1 ,H 2 A random number R epsilon G, a blind-inducing random element delta, R 1 ,...,r m ,c 1 ,...,c m ∈Z n ,α 1 ,...,α m ∈Z n ,β∈Z q ,γ∈Z p Finally, calculating eta L =H 1 (R||ID L ) Wherein 1 < L < m, generating the common parameter PK in the first step:
user private key:
5. a traitor tracing revocation method against instrumental data malicious encryptor attacks as claimed in claim 3, wherein S2 comprises in particular: the encryption algorithm is that the encrypted message is distributed to all authorized receivers, and M is encrypted until the row value is greater than i or the row value is equal to i and the column value is greater than j, and the encrypted message belongs to an S set; first, four random elements t, k, omega are selected i ,s i Reusing Hash function H 2 Hash the random number as H 2 (t),H 2 (k),H 2 (ω 1 ),...,H 2 (ω m ),H 2 (s 1 ),...,H 2 (s m )∈Z n Then select the random element b 1 ,...,b j-1 ∈Z n ,(υ 1,1 ,υ 1,2 ,υ 1,3 ,υ 1,4 ),...(υ i-1,1 ,υ i-1,2 ,υ i-1,3 ,υ i-1,4 )∈Z n The method comprises the steps of carrying out a first treatment on the surface of the For each row, calculate the row ciphertext:
if x > i X=i +.> If x < i-> For each column, calculate column ciphertext: if y is greater than or equal to j> If y < j, thenThe ciphertext comprises the following components:wherein T is x For broadcasting, the remaining ciphertext components are used for tracking and revocation.
6. The method for preventing trace revocation of a malicious encryptor as claimed in claim 3, wherein S3 specifically comprises: after receiving ciphertext, the user (x, y) epsilon S performs decryption operation, and calculates a decryption private partKey(s)Then calculate formula +.>Recovering the message M and finally calculating the formulaThe random parameter R is recovered.
7. A traitor tracing revocation method against instrumental data malicious encryptor attacks as claimed in claim 3, wherein S4 comprises in particular: when a suspicious device is found, a third party authority is allowed to trace, and the key is revoked after a traitor is traced; an empty set T is initialized, and the following steps are included from i=1 to N: selecting a sample M from a limited message set, and then mobilizing an encryption algorithm to generate a tracing ciphertextAnd pirate decoder->Interactive (I)>Representation->Probability of correctly decrypting ciphertext encrypted by user i, when +.>When i is a traitor, add i to set T; briefly, after traversing N users with a binary search, traitors are added to set T and set T is revoked.
The user needs to storeOnly private keysTherefore, the storage cost is O (1), after the ciphertext is received, the decryption needs to be calculated three times, and the intermediate key is calculated once +.>The message M and the random number R are recovered respectively for the other two times, the whole calculation process is mainly bilinear operation, and the bilinear operation is the same when the message M and the random number R are recovered, so the calculation cost is 4|e I.
8. A tracking revocation system for preventing a malicious encryptor based on the method of any of claims 1 to 7, comprising:
the system setting module is used for generating various parameters of the system, inputting the number N of users and a security parameter lambda, and outputting a public key and a private key corresponding to the users;
the encryption module is used for encrypting the message, encrypting the random number by utilizing a hash function, so that the output is uniformly distributed, and then transmitting the encrypted message to the authorized user set;
the decryption module is used for decrypting the ciphertext received by the user (x, y) and recovering the message M and the random parameter R;
and the tracing revocation module enables a tracing authority to trace when the suspicious equipment is found, and revokes the key after tracing the traitor, thereby reducing the leakage hazard.
9. A computer-readable storage medium storing a computer program which, when executed by a processor, causes the processor to perform the steps of the method of preventing a rogue encryptor from tracking revocation as recited in any of claims 1-7.
10. An information data processing terminal for implementing the tracking revocation system against malicious encryptors as set forth in claim 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311489119.5A CN117424702A (en) | 2023-11-09 | 2023-11-09 | Traitor tracing revocation method for preventing instrument test data malicious encryptor attack |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311489119.5A CN117424702A (en) | 2023-11-09 | 2023-11-09 | Traitor tracing revocation method for preventing instrument test data malicious encryptor attack |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117424702A true CN117424702A (en) | 2024-01-19 |
Family
ID=89528239
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311489119.5A Pending CN117424702A (en) | 2023-11-09 | 2023-11-09 | Traitor tracing revocation method for preventing instrument test data malicious encryptor attack |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117424702A (en) |
-
2023
- 2023-11-09 CN CN202311489119.5A patent/CN117424702A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11233659B2 (en) | Method of RSA signature or decryption protected using a homomorphic encryption | |
| US8681975B2 (en) | Encryption method and apparatus using composition of ciphers | |
| EP3035585B1 (en) | S-box selection in white-box cryptographic implementation | |
| US10686764B2 (en) | Executable coded cipher keys | |
| US10158613B1 (en) | Combined hidden dynamic random-access devices utilizing selectable keys and key locators for communicating randomized data together with sub-channels and coded encryption keys | |
| US20190362054A1 (en) | User-protected license | |
| Rao et al. | A hybrid elliptic curve cryptography (HECC) technique for fast encryption of data for public cloud security | |
| US9025765B2 (en) | Data security | |
| US10623384B2 (en) | Combined hidden dynamic random-access devices utilizing selectable keys and key locators for communicating randomized data together with sub-channels and coded encryption keys | |
| CN117424702A (en) | Traitor tracing revocation method for preventing instrument test data malicious encryptor attack | |
| Dutta et al. | Hybrid Encryption Technique to Enhance Security of Health Data in Cloud Environment | |
| CN117834121A (en) | Traitor tracing method and system for preventing malicious attack in medical data follow-up | |
| Parekh et al. | Mitigating cloud security threats using public-key infrastructure | |
| George et al. | Improved multi‐party verification protocol with reduced computational overhead in cloud storage system | |
| US12101415B2 (en) | Method of RSA signature or decryption protected using a homomorphic encryption | |
| CN114095148B (en) | White box password encryption method based on local differential privacy protection | |
| KR20110064458A (en) | Apparatus and method for secure software execution with an encrypted dynamic library | |
| WO2022133923A1 (en) | License authentication method and apparatus, electronic device, system, and storage medium | |
| Kumari et al. | Integrity service application model with prevention of cryptanalytic attacks | |
| Amalarethinam et al. | GLObfus Mechanism to Protect Public Cloud Storage | |
| Mantoro et al. | Preventing Cyber Crime in Electronic Medical Records Using Encryption Data | |
| Rafi et al. | A First Look at Digital Rights Management Systems for Secure Mobile Content Delivery | |
| Shriram et al. | File Encryption Using AES and XOR Algorithm for Data Security | |
| Oduyiga | Security in Cloud Storage: A Suitable Security Algorithm for Data Protection | |
| Basha et al. | Fortifying Healthcare Data Security in the Cloud: A Comprehensive Examination of the EPM-KEA Encryption Protocol |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |