CN117494159A - Dynamic searchable symmetric encryption method and system capable of realizing ciphertext batch sharing - Google Patents

Dynamic searchable symmetric encryption method and system capable of realizing ciphertext batch sharing Download PDF

Info

Publication number
CN117494159A
CN117494159A CN202311411377.1A CN202311411377A CN117494159A CN 117494159 A CN117494159 A CN 117494159A CN 202311411377 A CN202311411377 A CN 202311411377A CN 117494159 A CN117494159 A CN 117494159A
Authority
CN
China
Prior art keywords
ciphertext
key
sharing
bill
cnt
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202311411377.1A
Other languages
Chinese (zh)
Inventor
王蔚
葛文超
刘东立
王智兴
徐鹏
杨天若
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Huazhong University of Science and Technology
Original Assignee
Huazhong University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Huazhong University of Science and Technology filed Critical Huazhong University of Science and Technology
Priority to CN202311411377.1A priority Critical patent/CN117494159A/en
Publication of CN117494159A publication Critical patent/CN117494159A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/176Support for shared access to files; File sharing support
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Data Mining & Analysis (AREA)
  • Power Engineering (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a dynamic searchable symmetric encryption method and a system capable of realizing ciphertext batch sharing, belonging to the field of cloud storage security, wherein the method comprises the following steps: at the data owner side, encrypting a file id to be shared by the data owner by using a derivative secret key S generated by a master secret key K to obtain a set S, generating a batch sharing bill stk by using the set S, and sending the batch sharing bill stkA server for generating a data stream containing s and a counter maximum cnt max And sends the bill T to the data user; at the data user side, s and cnt extracted from the ticket T are utilized by the private key K max Generating a key conversion bill delta and sending the key conversion bill delta to a server; and at the server side, based on the stk matched ciphertext database, after obtaining the ciphertext to be shared, re-encrypting by using delta, and copying the ciphertext to the ciphertext database of the data user at the server side to complete ciphertext sharing. According to the method and the device, batch sharing of the files is achieved through the unique sharing bill, and efficiency of sharing the files is improved while long-term ciphertext sharing is provided.

Description

Dynamic searchable symmetric encryption method and system capable of realizing ciphertext batch sharing
Technical Field
The invention belongs to the field of cloud storage security, and particularly relates to a dynamic searchable symmetric encryption method and system capable of realizing ciphertext batch sharing.
Background
Along with the gradual maturation of cloud storage technology, the cost is gradually reduced, and users are more prone to storing data such as own files in the cloud for data outsourcing. Outsourcing storage allows a user to avoid the problem of data failure caused by local equipment damage or loss, and simultaneously releases the limited storage space of the local equipment of the user. For the privacy protection problem of how to protect secret data from being acquired by a server, the main coping method is that the user encrypts the data before uploading the data.
In order to ensure that the data uploaded by encryption has good usability and is convenient for users to search and take, the encryption technology can be searched. The searchable encryption technology is a cryptographic primitive supporting a user to search keywords on ciphertext, the user generates trapdoors for specified keywords and sends the trapdoors to a server, and the server matches the ciphertext according to the trapdoors and returns a search result. The searchable encryption techniques may be classified into searchable public key encryption techniques and searchable symmetric encryption techniques in terms of cryptology for different application scenarios. The searchable public key encryption technology is generally low in searching efficiency, and the searchable symmetric encryption technology is widely applied to the data outsourcing storage scene.
Ciphertext sharing refers to that a data owner allows a data user to share a designated file ciphertext stored in a server side, and a currently common ciphertext sharing method comprises secret key-based ciphertext sharing and bill-based ciphertext sharing. The conventional ciphertext sharing method based on the key cannot be used for long-term ciphertext sharing, and the ciphertext sharing method based on the bill can be used for realizing long-term ciphertext sharing, but only sharing according to single file granularity is supported, so that linear superposition of bandwidths is easy to cause when a large number of files are shared simultaneously, and the sharing efficiency is low. In general, the existing ciphertext sharing method cannot meet the actual requirements of long-term and efficient sharing of multiple files.
Disclosure of Invention
Aiming at the defects and improvement demands of the prior art, the invention provides a dynamic searchable symmetric encryption method and a system capable of realizing ciphertext batch sharing, and aims to realize batch sharing of a plurality of files through a unique sharing bill, and improve the efficiency of multi-file sharing while providing long-term ciphertext sharing.
In order to achieve the above object, according to an aspect of the present invention, there is provided a dynamic searchable symmetric encryption method capable of implementing ciphertext batch sharing, including: a ciphertext sharing step; the ciphertext sharing step comprises the following steps:
The following steps are performed at the data owner side:
the method comprises the steps of (S1) traversing an id set S of files which a data owner wants to share, for each currently traversed file id, searching a state table by taking the current id as an index, and if searching is successful, encrypting the current id by using a derivative key S generated by a master key K and adding the encrypted current id into the set S; if the search is unsuccessful, skipping the current id;
(S2) generating a batch sharing bill stk by using the set S and sending the batch sharing bill stk to the server to generate a message containing the derivative key S and the maximum value cnt of the counter max And sends the bill T to the data user;
the following steps are executed at the data user side: using private key KAnd derived key s and counter maximum cnt extracted from ticket T max Generating a key conversion bill delta and sending the key conversion bill delta to a server;
the following steps are executed at the server side: based on batch sharing bill stk matching ciphertext database EDB owner After obtaining the ciphertext to be shared, re-encrypting the ciphertext to be shared by using the key conversion bill delta, and copying the ciphertext to a ciphertext database EDB of a data user at a server side user Completing ciphertext sharing;
wherein the size |S| of the set S is more than or equal to 1; ciphertext database EDB owner The ciphertext stored in the storage unit contains a result of encrypting the file id by using the derivative secret key s; the state table takes the file id as an index and is used for storing an EDB (encryption data base) owner The state information of the stored ciphertext comprises a key word contained in the ciphertext and a connection value of a counter value during ciphertext generation.
Further, the dynamic searchable symmetric encryption method capable of realizing ciphertext batch sharing provided by the invention further comprises the following steps: updating ciphertext; the ciphertext updating step comprises the following steps:
the following steps are performed at the data owner side:
generating a derived key K from a master key K e And a derivative key s, and using derivative key k e Calculating an encryption key k with the current counter value cnt cnt
Using the derivative key s and the encryption key k cnt Generating a searchable ciphertext C to the keyword-file identifier pair (w, id) to be added w,id And sending to a server;
the connection value w||cnt of the key word w and the current counter value cnt is used as the current state to be stored in an entry taking the current id as an index in a state table, so that the update of the state table is completed;
the following steps are executed at the server side: ciphertext C to be received w,id Stored to ciphertext database EDB owner Is a kind of medium.
Further, k e ←F(r 1 ,K),s←F(r 2 ,K);
And, using the derived keys and encryption key k cnt Generating a searchable ciphertext C to the keyword-file identifier pair (w, id) to be added w,id Comprising:
four sub-ciphertexts are calculated as follows:
ct 4 ←E(k cnt ,id)
Utilizing four sub-ciphertexts ct 1 、ct 2 、ct 3 Sum ct 4 Construction of quaternion (ct) 1 ,ct 2 ,ct 3 ,ct 4 ) As searchable ciphertext C w,id And adds 1 to the counter value;
wherein r is 1 And r 2 For two random numbers in the integer domain, F (,) represents a pseudo-random function; "≡" means assigned value; h 1 (,) and H 2 (-) are two hash functions with random seeds whose output value range space is group G; e (d) is bilinear mapping operation, g is the generator of the bilinear mapping system; e (,) is a symmetric encryption algorithm.
Further, in the state table, each entry is a set, and, storing a connection value w||cnt of the key w and the current counter value cnt as a current state into an entry indexed by the current id in a state table, including:
updating the state table according to cW [ id ] ≡cW [ id ]. U (w||cnt);
where cW represents the state table and cW [ id ] represents an entry in the state table indexed by id.
Further, in step (S1), encrypting the current id using the derivative key S includes:
randomly selecting a parameter t in the integer domain and followingEncrypting the current id;
in step (S2), a batch sharing ticket stk is generated by using the set S, and the method includes:
according to E+.g s ||g t Generating encapsulation parameters E with a fixed length, then according to stk+ (E, S) * ) Generating batch sharing bill stk;
wherein g s Representing the form of the derived key s on the generator g of the bilinear mapping system, g t Representing the form of the parameter t on the generator g of the bilinear mapping system.
Further, based on batch sharing bill stk matching ciphertext database EDB owner Comprising:
splitting the batch sharing bill into (e) 1 ||e 2 ,S*);
Reading ciphertext database EDB owner Ciphertext C of (C) w,id Extracting the sub-ciphertext ct therefrom 1 Sum ct 2
For each file id in the set S, a cryptographic hash value ST is determined whether a matching operation is satisfied: e (ST, e) 2 )e(ct 1 ,e 1 )=ct 2
If the encryption hash value of any one of the file ids in the set S satisfies the matching operation, determining the ciphertext C w,id The ciphertext to be shared; if all the encryption hash values of the file ids in the set S do not meet the matching operation, judging the ciphertext C w,id Not the ciphertext to be shared;
wherein e 1 =g s ,e 2 =g t
Further, Δ≡k' ·cnt max ·s -1
In addition, in the ciphertext sharing step, the ciphertext to be shared is re-encrypted by using the key conversion ticket delta, which comprises the following steps:
from to be sharedExtracting the sub-ciphertext ct from the ciphertext 1 、ct 2 、ct 3 Sum ct 4 The key conversion bill delta is utilized to convert the extracted sub-ciphertext ct 3 Encrypting to obtain a sub ciphertext ct 3 'after,' along with other sub-ciphertext ct 1 、ct 2 Sum ct 4 Construction of a New quaternion (ct 1 ,ct 2 ,ct 3 ′,ct 4 ) As encrypted ciphertext C w,id '。
Further, in the step (S1), when the state table is successfully searched with the current id as an index, the method further includes:
the state information obtained by searching is inserted into a bloom filter BF s
In step (S2), the structured bill T further includes a bloom filter BF s
The dynamic searchable symmetric encryption method capable of realizing ciphertext batch sharing provided by the invention further comprises the following steps: a ciphertext searching step; the ciphertext searching step comprises the following steps:
the following steps are executed at the data user side:
according toCalculating a search trapdoor T for a keyword w w And sending to a server;
the following steps are performed in the server:
EDB from ciphertext database user Read ciphertext C w,id ' extracting the sub ciphertext ct therefrom 1 、ct 2 、ct 3 ' and ct 4 Determining whether a matching operation is satisfied:
e(T w ,ct 1 )=ct 3 ';
if yes, then determine ciphertext C w,id ' is ciphertext to be searched, and the sub ciphertext ct is calculated 4 Added to the search result set R s The method comprises the steps of carrying out a first treatment on the surface of the Otherwise, judge C w,id ' not ciphertext to search, continuing ciphertext database EDB user Matching the next ciphertext;
after the search is completedSearch set R s And returning to the data user.
Further, in step (S2), the constructed ticket T further includes a derivative key k e
And, the ciphertext searching step, further includes: at the data user end, the counter value is made to be from cnt max Decrementing to 1 for each counter value cnt i The key w and the counter value cnt are combined i Connected value w cnt of (c) i For input, a bloom filter BF extracted from ticket T is queried s If the search is successful, the derived key k extracted from the ticket T is used e And counter value cnt i Generating symmetric decryption keysAnd inserts the set T k In (a) and (b);
the dynamic searchable symmetric encryption method capable of realizing ciphertext batch sharing provided by the invention further comprises the following steps: a ciphertext decryption step; the ciphertext decrypting step comprises the following steps:
the following steps are executed at the data user side:
if the search result set R s If the cipher text is empty, ending the cipher text decryption step; otherwise, sequentially acquiring the set R s And uses set T k Key in (a)Decryption is carried out, thus obtaining the ciphertext database EDB user The ids of all files associated with the key w.
According to still another aspect of the present invention, there is provided a dynamic searchable symmetric encryption system that enables ciphertext batch sharing, comprising: the system comprises a first encryption module and a first bill generation module which are deployed at a data owner end, a second bill generation module which is deployed at a data user end, and a first matching module and a re-encryption module which are deployed at a server end;
The first encryption module is used for traversing an id set S of files which the data owner wants to share, for each currently traversed file id, searching a state table by taking the current id as an index, and if searching is successful, encrypting the current id by using a derivative key S generated by a master key K and adding the current id into the set S; if the search is unsuccessful, skipping the current id;
the first bill generating module is used for generating batch sharing bill stk by using the set S and sending the batch sharing bill stk to the server to generate a bill containing the derivative key S and the maximum value cnt of the counter max And sends the bill T to the data user;
a second ticket generating module for using the private key K' and the derived key s and the counter maximum cnt extracted from the ticket T max Generating a key conversion bill delta and sending the key conversion bill delta to a server;
the first matching module is used for matching the ciphertext database EDB based on batch sharing of the bill stk owner Obtaining a ciphertext to be shared;
the re-encryption module is used for re-encrypting the ciphertext to be shared by using the key conversion bill delta and copying the ciphertext to the ciphertext database EDB of the data user at the server side user Completing ciphertext sharing;
wherein the size |S| of the set S is more than or equal to 1; ciphertext database EDB owner The ciphertext stored in the storage unit contains a result of encrypting the file id by using the derivative secret key s; the state table takes the file id as an index and is used for storing an EDB (encryption data base) owner The state information of the stored ciphertext comprises a key word contained in the ciphertext and a connection value of a counter value during ciphertext generation.
In general, through the above technical solutions conceived by the present invention, the following beneficial effects can be obtained:
(1) According to the dynamic searchable symmetric encryption method and system capable of realizing ciphertext batch sharing, the server can complete batch sharing of a plurality of files at one time by generating the unique sharing bill and sending the unique sharing bill to the server, and the server can complete batch sharing of the files based on the sharing bill.
(2) According to the dynamic searchable symmetric encryption method and system capable of realizing ciphertext batch sharing, in the preferred scheme, the state table maintained at the data owner side stores state information of the ciphertext in a set mode, and compared with a traditional chained storage scheme, the query efficiency of the state information of the ciphertext can be effectively improved.
(3) In the preferred scheme, in the ciphertext updating step, the searchable ciphertext C is generated for the keyword-file identifier pair (w, id) to be added w,id When the bilinear mapping operation is used, two sub-ciphertexts ct are generated 2 Sum ct 3 Matching and re-encryption in the ciphertext sharing step are completed through the two sub ciphertexts, and in the matching process, the ciphertext is used for matching 2 The successful match modifies ct 3 I.e., from the data owner to the data user, thereby efficiently and safely completing the ciphertext batch sharing.
Drawings
FIG. 1 is a schematic diagram of a dynamic searchable symmetric encryption method capable of realizing ciphertext batch sharing according to an embodiment of the present invention;
FIG. 2 is a flowchart of a ciphertext updating step according to an embodiment of the present invention;
FIG. 3 is a flowchart of a ciphertext sharing step according to an embodiment of the present invention;
FIG. 4 is a flowchart of a ciphertext search step provided by an embodiment of the present invention;
fig. 5 is a flowchart of a ciphertext decrypting step according to an embodiment of the present invention.
Detailed Description
The present invention will be described in further detail with reference to the drawings and examples, in order to make the objects, technical solutions and advantages of the present invention more apparent. It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention. In addition, the technical features of the embodiments of the present invention described below may be combined with each other as long as they do not collide with each other.
In the present invention, the terms "first," "second," and the like in the description and in the drawings, if any, are used for distinguishing between similar objects and not necessarily for describing a particular sequential or chronological order.
In order to solve the technical problems that the conventional ciphertext sharing method based on secret keys cannot realize long-term ciphertext sharing and the conventional ciphertext sharing method based on notes cannot realize batch file sharing efficiently, the invention provides a dynamic searchable symmetric encryption method and a system capable of realizing ciphertext batch sharing.
Based on the technical conception of the invention, the generated sharing bill can be used for matching a plurality of files, in order to accurately realize the matching, the invention improves the matching mode based on the bill, and correspondingly, improves the mode of generating ciphertext in the ciphertext updating process and the searching mode in the ciphertext searching process based on the keyword.
Before explaining the technical scheme of the invention in detail, the architecture of the ciphertext batch sharing system related to the invention is briefly described. As shown in FIG. 1, the ciphertext sharing system, like the conventional ciphertext sharing system, includes three entities, a data owner, a data user and a server, in which the data owner is responsible for updating ciphertext indexes and generating batch sharing notes; the server is responsible for storing and maintaining a ciphertext database, sharing ciphertext and searching keywords in batches; the data user is responsible for keyword searching.
The functionality of the data owner includes three aspects: (1) The data owner locally initializes the system, generates a master key, maintains ciphertext state information, maintains a counter, and initializes the ciphertext database EDB of the data owner on the server owner The method comprises the steps of carrying out a first treatment on the surface of the (2) The data owner encrypts the appointed keyword-file identifier pair by utilizing the master key and the counter value, and uploads the encrypted ciphertext to a server for storage; (3) Data owners utilize master keys, local state, and to-be-sharedThe folder generates a batch of sharing notes and sends the batch of sharing notes to the server.
The functions of the server include the following three aspects: (1) After receiving the searchable ciphertext uploaded by the data owner, the server stores the searchable ciphertext in a ciphertext database EDB of the data owner owner In (a) and (b); (2) After receiving the batch sharing notes, the server matches the ciphertext database EDB according to the sharing notes owner To find the searchable ciphertext of the corresponding file, copying the ciphertext to the ciphertext database EDB of the data user after the completion of the re-encryption user In (a) and (b); (3) After receiving the search trapdoor submitted by the data user, the server stores the search trapdoor in the ciphertext database EDB of the data user user And matching the searchable ciphertext and returning the searched result.
The functions of the data user include the following four aspects: (1) The data user locally initializes the system, generates a private key, a local state, a counter and initializes the data, which is the ciphertext database EDB of the user on the server user The method comprises the steps of carrying out a first treatment on the surface of the (2) The data user combines the bill information transmitted by the data owner, generates a key conversion bill by using a private key, and transmits the key conversion bill to the server; (3) The data user uses the private key to generate a search trapdoor for the appointed keyword and submits the search trapdoor to the server; (4) The data user receives the search result returned by the server, decrypts the search result and acquires the file identifier therein.
In the invention, a security parameter lambda is predefined according to application requirements in an initialization stage, and a bilinear mapping system B, a pseudo-random function F and a hash function H with random seeds are determined according to the security parameter lambda 1 And H 2 Symmetric encryption and decryption algorithm SE and bloom filter BF s . Wherein:
the security parameter lambda is a non-zero natural number, the larger the value of the security parameter lambda is, the safer the searchable symmetric encryption system is, but the higher the corresponding calculation complexity is;
bilinear mapping system B++p, G T ,e:G×G→G T ,g,g T ) Wherein e is G.times.G.fwdarw.G T For bilinear mapping operation, group G is the input space of bilinear mapping operation, group G T In order to provide a space for the output,p is group G and group G T G and g T Group G and group G, respectively T Is a generator of (1);
pseudo-random function F: K F ×X F →Y F Wherein K is F ={0,1} * Key space, X, which is a pseudo-random function F ={0,1} * Is the data space in which the data is stored,is a value range space, i.e. F has no limitation on the data length in the key space and the data space, and requires that the output result is the integer group +.>Bit strings in (a);
hash functions with random seeds are respectivelyAnd->I.e. hash function H 1 Is an integer group +.>The data space is a key space W, the value domain space is a cyclic group G, and the hash function H with random seeds 2 Is an integer group +.>The data space is a file identifier space ID, and the value range space is a cyclic group G; the symmetric encryption and decryption algorithm SE is { E, D }, wherein the symmetric encryption algorithm E (,) and the symmetric decryption algorithm D (,) are contained, and an Advanced Encryption Standard (AES) series is generally selected in practical application;
bloom filter BF s (n, m, k, H), where H is the hash function with random seed used in the bloom filter, k is the random seed, n is the bloom filter length, and m is the number of bloom filter insertion positions.
EDB owner And EDB user Ciphertext databases corresponding to the data owners and the data users, respectively, are all located in the server and are used for storing corresponding ciphertexts.
Data owners from integer groupsA key K is randomly selected to form a master key.
The initialization work of the data user side can refer to the data owner.
In addition, at the data owner end, a counter value cnt and a state table cW are maintained, wherein the counter value cnt and the state table cW are stored in a secret way by the data owner and are inaccessible to the outside; the counter cnt is initialized to 1 and is between 1 and cnt max Is locally incremented at the data owner after each update of a key-file identifier pair (w, id); the state table cW is used for recording the connection value w||cnt of the key w and the counter cnt corresponding to the same file identifier id, and can also be used for determining the current ciphertext database EDB owner Which key-file identifier pairs (w, id) are stored.
The following are examples.
Example 1:
a dynamic searchable symmetric encryption method capable of realizing ciphertext batch sharing is shown in FIG. 1, and comprises the following steps: an initialization step, a ciphertext updating step, a ciphertext sharing step, a ciphertext searching step and a ciphertext decrypting step.
As shown in fig. 1, in this embodiment, the initialization step includes an initialization operation performed at the data owner side and an initialization operation performed at the data user side, and the description of the initialization step is specifically referred to above, and will not be repeated here.
As shown in fig. 1 and 2, in this embodiment, the ciphertext updating step specifically includes: the following steps are performed at the data owner side:
generating a derived key K from a master key K e And a derivative key s, and using derivative key k e Calculating an encryption key k with the current counter value cnt cnt
Using the derivative key s and the encryption key k cnt Generating a searchable ciphertext C to the keyword-file identifier pair (w, id) to be added w,id And sending to a server;
the connection value w||cnt of the key word w and the current counter value cnt is used as the current state to be stored in an entry taking the current id as an index in a state table, so that the update of the state table is completed;
the following steps are executed at the server side: ciphertext C to be received w,id Stored to ciphertext database EDB owner Is a kind of medium.
In this embodiment, the derivative key K is generated from the master key K e And deriving key s in the specific manner of k e ←F(r 1 ,K),s←F(r 2 ,K);
And, using the derivative key s and the encryption key k cnt Generating a searchable ciphertext C to the keyword-file identifier pair (w, id) to be added w,id Comprising:
four sub-ciphertexts are calculated as follows:
ct 4 ←E(k cnt ,id)
utilizing four sub-ciphertexts ct 1 、ct 2 、ct 3 Sum ct 4 Construction of quaternion (ct) 1 ,ct 2 ,ct 3 ,ct 4 ) As searchable ciphertext C w,id And adds 1 to the counter value;
wherein r is 1 And r 2 Is two follows in the integer domain Number of machines, F (,) represents a pseudo-random function; "≡" means assigned value; h 1 (,) and H 2 (-) are two hash functions with random seeds whose output value range space is group G; e (d) is bilinear mapping operation, g is the generator of the bilinear mapping system; e (,) is a symmetric encryption algorithm.
The embodiment utilizes the derivative key generated by the master key to complete the generation of the searchable ciphertext of the keyword-file identifier pair (w, id), so that the information of the master key can be protected from being revealed; among the four generated sub-ciphertexts, sub-ciphertext ct 1 Is that the file identifier is based on the encryption key k cnt The corresponding ciphertext form formed can be used for uniquely identifying the file id; sub ciphertext ct 2 Sum ct 3 Matching related information in batch sharing and searching processes of files, specifically, through sub ciphertext ct 2 If the matching is successful, the neutron ciphertext ct in the same ciphertext is modified 3 I.e. from the data owner to the data user; sub ciphertext ct 4 The ciphertext of the file id obtained by encrypting by using a symmetric encryption algorithm can be decrypted by using a corresponding symmetric decryption algorithm to obtain the original file id. Four sub-ciphertexts ct 1 、ct 2 、ct 3 Sum ct 4 In addition to the sub-ciphertext ct 4 In addition, the rest three sub-ciphertexts ct 1 、ct 2 、ct 3 Are all associated with the encryption key k cnt Corresponding ciphertext forms.
In a preferred embodiment, each entry in the state table cW is a set, and, storing a connection value w||cnt of the key w and the current counter value cnt as a current state into an entry indexed by the current id in a state table, including:
updating the state table according to cW [ id ] ≡cW [ id ]. U (w||cnt);
where cW represents the state table and cW [ id ] represents an entry in the state table indexed by id.
In the embodiment, ciphertext is added to the ciphertext database EDB owner At the same time, the state table cW is updated, so that the ciphertext number can be quickly determined by querying the state table cW locally for the data userDatabase EDB owner Whether a certain piece of ciphertext information is stored; according to the embodiment, through the structural design of the state table, the traditional chained state records are converted into the state records in the form of a set, so that the multi-strip state information under the same id can be obtained through one search, and the processing efficiency is improved.
As shown in fig. 1 and 3, in this embodiment, the ciphertext sharing step includes:
the following steps are performed at the data owner side:
(S1) traversing an id set S of files which the data owner wants to share, for each file id which is traversed currently, searching a state table by taking the current id as an index, and if searching is successful, explaining a ciphertext database EDB at a server side owner The ciphertext containing the current file id is stored, the current id is encrypted by utilizing a derivative secret key S generated by a master secret key K, and then the current id is added into the set S; if the search is unsuccessful, the ciphertext database EDB in the server is described owner The ciphertext containing the current file id is not stored, so that the file corresponding to the file id can not be shared, and the current id is skipped;
optionally, in this embodiment, encrypting the current id with the derivative key s includes:
randomly selecting a parameter t in the integer domain and followingEncrypting the current id to obtain an encrypted hash value ST; through the above operation, the sharable file id is stored in the set S;
(S2) generating a batch sharing bill stk by using the set S and sending the batch sharing bill stk to the server to generate a message containing the derivative key S and the maximum value cnt of the counter max And sends the bill T to the data user;
in step (S2) of this embodiment, generating a batch sharing ticket stk using the set S includes:
according to E+.g s ||g t Generating encapsulation parameters E with a fixed length, then according to stk+ (E, S) * ) Generating batch sharing bill stk;
wherein g s Representing the form of the derived key s on the generator g of the bilinear mapping system, g t Representing the form of the parameter t on the generator g of the bilinear mapping system; "|" indicates a join operation.
In order to facilitate rapid determination of whether the content to be searched is located in the ciphertext database at the server side in the subsequent ciphertext search process, so as to improve the search efficiency, as a preferred implementation manner, the embodiment records the state information of the file shared to the data user by the data owner by using the bloom filter while performing ciphertext sharing, specifically, in step (S1), when searching the state table with the current id as the index is successful, the method further includes:
the state information obtained by searching is inserted into a bloom filter BF s
In step (S2), the structured bill T further includes a bloom filter BF s
In this embodiment, the state table maintained locally by the data owner records the state information in the form of a set, which increases the state query efficiency and results in a large memory overhead, and in this embodiment, the bloom filter BF is used s The status information found from the status table is stored and sent to the data consumer, since the bloom filter enables data compression, in this way the relevant information can be sent to the data consumer with less transmission overhead.
In addition, in order to facilitate the data user to complete decryption after searching the related ciphertext, in this embodiment, the ticket T constructed and sent to the data user by the data owner further includes the derived key k e The method comprises the steps of carrying out a first treatment on the surface of the Finally, in step (S2) of the present embodiment, the ticket T generated and sent to the data user may be expressed as:
T←{s,k e ,cnt max ,BF S }
after receiving the bill T, the data user can extract various contents from the bill T.
The ciphertext sharing step further comprises the following steps executed at the data user side: derived key s and counter most extracted from ticket T using private key KLarge value cnt max Generating a key conversion bill delta and sending the key conversion bill delta to a server;
in this embodiment, the key conversion ticket Δ is specifically Δ+.k'. Cnt max ·s -1
The ciphertext sharing step further comprises: the following steps are executed at the server side: based on batch sharing bill stk matching ciphertext database EDB owner After obtaining the ciphertext to be shared, re-encrypting the ciphertext to be shared by using the key conversion bill delta, and copying the ciphertext to a ciphertext database EDB of a data user at a server side user Completing ciphertext sharing;
in this embodiment, the server-side shares the bill stk matching ciphertext database EDB in batches owner Comprising:
splitting the batch sharing bill into (e) 1 ||e 2 ,S*);
Reading ciphertext database EDB owner Ciphertext C of (C) w,id Extracting the sub-ciphertext ct therefrom 1 Sum ct 2
For each file id in the set S, a cryptographic hash value ST is determined whether a matching operation is satisfied:
If the encryption hash value of any one of the file ids in the set S satisfies the matching operation, determining the ciphertext C w,id The ciphertext to be shared; if all the encryption hash values of the file ids in the set S do not meet the matching operation, judging the ciphertext C w,id Not the ciphertext to be shared;
wherein e 1 =g s ,e 2 =g t
In this embodiment, the encrypting ciphertext to be shared by using the key conversion ticket Δ specifically includes:
sub-ciphertext ct is respectively extracted from ciphertext to be shared 1 、ct 2 、ct 3 Sum ct 4 The key conversion bill delta is utilized to convert the extracted sub-ciphertext ct 3 Encrypting to obtain a sub ciphertext ct 3 'after,' along with other sub-ciphertext ct 1 、ct 2 Sum ct 4 Construction of a New quaternion (ct 1 ,ct 2 ,ct 3 ′,ct 4 ) As encrypted ciphertext C w,id '。
The above ciphertext database matching and re-encrypting process makes the sub ciphertext ct pass through 2 If the matching is successful, the ct is modified 3 I.e. from the data owner to the data consumer.
Through the ciphertext sharing step, the ciphertext that the data owner wants to share and that is successfully matched by the server will be obtained from the ciphertext database EDB of the data owner owner Ciphertext database EDB copied to data consumer user Is a kind of medium.
In the embodiment, the size |S| of the set S is not less than or equal to 1, sharing of a single file can be achieved, batch sharing of a plurality of files can also be achieved, and in the sharing process, only one sharing bill is needed to be generated, so that when batch file sharing is conducted, excessive bandwidth cannot be occupied by sending of the sharing bill, the problem that linear superposition of bandwidth is caused when a large number of files are shared simultaneously in the conventional ciphertext sharing mode based on the bill is effectively avoided, and efficiency of multi-file sharing is effectively improved when long-term ciphertext sharing is achieved.
As shown in fig. 1 and 4, in the present embodiment, the ciphertext searching step includes:
the following steps are executed at the data user side:
according toCalculating a search trapdoor T for a keyword w w And sending to a server;
the following steps are performed in the server:
EDB from ciphertext database user Read ciphertext C w,id ' extracting the sub ciphertext ct therefrom 1 、ct 2 、ct 3 ' and ct 4 Determining whether a matching operation is satisfied:
e(T w ,ct 1 )=ct 3 ';
if yes, then determine ciphertext C w,id ' is ciphertext to be searched, and the sub ciphertext ct is calculated 4 Added to the search result set R s The method comprises the steps of carrying out a first treatment on the surface of the Otherwise, judge C w,id ' not ciphertext to search, continuing ciphertext database EDB user Matching the next ciphertext;
after the search is completed, the search set R s And returning to the data user.
Based on the ticket T sent to the data user by the data owner, the data user can decrypt the search result returned by the server, and since the counter value of the data encryption performed by the data owner is not disclosed externally, in this embodiment, in the ciphertext search step, the decryption key is further determined by:
at the data user end, the counter value is made to be from cnt max Decrementing to 1 for each counter value cnt i The key w and the counter value cnt are combined i Connected value w cnt of (c) i For input, a bloom filter BF extracted from ticket T is queried s If the search is successful, the derived key k extracted from the ticket T is used e And counter value cnt i Generating symmetric decryption keysAnd inserts the set T k In (a) and (b);
as shown in fig. 1 and 5, in this embodiment, the ciphertext decrypting step includes:
the following steps are executed at the data user side:
if the search result set R s If the cipher text is empty, ending the cipher text decryption step; otherwise, sequentially acquiring the set R s And uses set T k Key in (a)Decryption is performed as id≡d (k) cnt ,ct 4 ) After decryption is completed, the ciphertext database EDB can be obtained user Id of all files associated with the keyword w;
after obtaining the file id through decryption, accessing the related file according to the id to obtain the required file content;
where D (,) represents a symmetric decryption key.
The present embodiment determines the key for decrypting the ciphertext in the above mannerNormal progress of decryption is ensured while ensuring security of counter values of data owners.
In general, in the ciphertext sharing process, batch sharing of a plurality of files is achieved by generating a unique sharing bill, and under the condition of achieving long-term sharing, efficiency of multi-file sharing is improved, and transmission bandwidth and sharing time delay of file batch sharing are reduced. When ciphertext batch sharing or keyword searching is carried out each time, sharing notes or searching trapdoors are generated based on new state parameters or random values, so that batch sharing notes or searching trapdoors generated at a certain moment can only share or search the previous ciphertext and cannot produce effects on the subsequent ciphertext, and forward safety is guaranteed; ciphertext is shared in batches and then cannot be withdrawn, so that the sharing operation cannot influence backward safety. The server cannot obtain the file identifier stored in the deleted searchable secret, and the deletion operation ciphertext uploaded at the front cannot influence the addition operation ciphertext uploaded at the rear, so that the backward safety is ensured. The present embodiment thus satisfies the front-rear security. The data owner dynamically generates the updated ciphertext by updating the local counter, the server can support the user to dynamically add the new searchable ciphertext into the ciphertext database, and the deleting operation of the designated searchable ciphertext can be realized during searching, so that the method and the system have dynamics.
Example 2:
a dynamic searchable symmetric encryption system that enables ciphertext sharing in batches, comprising: the system comprises a first encryption module and a first bill generation module which are deployed at a data owner end, a second bill generation module which is deployed at a data user end, and a first matching module and a re-encryption module which are deployed at a server end;
the first encryption module is used for traversing an id set S of files which the data owner wants to share, for each currently traversed file id, searching a state table by taking the current id as an index, and if searching is successful, encrypting the current id by using a derivative key S generated by a master key K and adding the current id into the set S; if the search is unsuccessful, skipping the current id;
the first bill generating module is used for generating batch sharing bill stk by using the set S and sending the batch sharing bill stk to the server to generate a bill containing the derivative key S and the maximum value cnt of the counter max And sends the bill T to the data user;
a second ticket generating module for using the private key K' and the derived key s and the counter maximum cnt extracted from the ticket T max Generating a key conversion bill delta and sending the key conversion bill delta to a server;
the first matching module is used for matching the ciphertext database EDB based on batch sharing of the bill stk owner Obtaining a ciphertext to be shared;
the re-encryption module is used for re-encrypting the ciphertext to be shared by using the key conversion bill delta and copying the ciphertext to the ciphertext database EDB of the data user at the server side user Completing ciphertext sharing;
wherein the size |S| of the set S is more than or equal to 1; ciphertext database EDB owner The ciphertext stored in the storage unit contains a result of encrypting the file id by using the derivative secret key s; the state table takes the file id as an index and is used for storing an EDB (encryption data base) owner The state information of the stored ciphertext comprises a key word contained in the ciphertext and a connection value of a counter value during ciphertext generation.
The above-mentioned first encryption module, first ticket generation module, second ticket generation module, first matching module and re-encryption module are mutually matched, so that the ciphertext sharing step in the above-mentioned embodiment 1 can be implemented, and the specific implementation of each module may refer to the description in the above-mentioned embodiment 1, and will not be repeated here.
It is to be understood that, in this embodiment, corresponding modules for implementing the initializing step, the ciphertext updating step, the ciphertext searching step, and the ciphertext decrypting step are further disposed, and the specific embodiment, that is, the disposition location, may also refer to the description in the above embodiment 1, which will not be repeated here.
It will be readily appreciated by those skilled in the art that the foregoing description is merely a preferred embodiment of the invention and is not intended to limit the invention, but any modifications, equivalents, improvements or alternatives falling within the spirit and principles of the invention are intended to be included within the scope of the invention.

Claims (10)

1. A dynamic searchable symmetric encryption method capable of realizing ciphertext batch sharing is characterized by comprising the following steps: a ciphertext sharing step; the ciphertext sharing step comprises the following steps:
the following steps are performed at the data owner side:
the method comprises the steps of (S1) traversing an id set S of files which a data owner wants to share, for each currently traversed file id, searching a state table by taking the current id as an index, and if searching is successful, encrypting the current id by using a derivative key S generated by a master key K and adding the encrypted current id into the set S; if the search is unsuccessful, skipping the current id;
(S2) generating a batch sharing bill stk by using the set S and sending the batch sharing bill stk to the server to generate a message containing the derivative key S and the maximum value cnt of the counter max And sends the bill T to the data user;
the following steps are executed at the data user side: using private key K' and derived key s and counter maximum cnt extracted from ticket T max Generating a key conversion bill delta and sending the key conversion bill delta to the server;
the following steps are executed at the server side: matching the ciphertext database EDB based on the batch sharing bill stk owner After obtaining the ciphertext to be shared, re-encrypting the ciphertext to be shared by utilizing the key conversion bill delta, and copying the ciphertext to a ciphertext database EDB of a data user at the server side user Completing ciphertext sharing;
wherein the size |S| of the set S is more than or equal to 1; ciphertext database EDB owner The ciphertext stored in the storage device comprises a result of encrypting the file id by using the derivative secret key s; the state table uses the file id as an index for storing the ciphertext database EDB owner The state information of the stored ciphertext comprises a key word contained in the ciphertext and a connection value of a counter value during ciphertext generation.
2. The dynamic searchable symmetric encryption method that enables ciphertext bulk sharing as recited in claim 1, further comprising: updating ciphertext; the ciphertext updating step comprises the following steps:
the following steps are performed at the data owner side:
generating a derived key K from a master key K e And a derivative key s, and using derivative key k e Calculating an encryption key k with the current counter value cnt cnt
Using the derivative key s and the encryption key k cnt Generating a searchable ciphertext C to the keyword-file identifier pair (w, id) to be added w,id And sending to the server;
the connection value w||cnt of the key word w and the current counter value cnt is used as the current state to be stored in an entry taking the current id as an index in a state table, so that the update of the state table is completed;
the following steps are executed at the server side: ciphertext C to be received w,id Stored to ciphertext database EDB owner Is a kind of medium.
3. The dynamic searchable symmetric encryption method capable of implementing ciphertext batch sharing as recited in claim 2, wherein k is e ←F(r 1 ,K),s←F(r 2 ,K);
And, using the derivative key s and the encryption key k cnt Generating a searchable ciphertext C to the keyword-file identifier pair (w, id) to be added w,id Comprising:
four sub-ciphertexts are calculated as follows:
ct 4 ←E(k cnt ,id)
utilizing four sub-ciphertexts ct 1 、ct 2 、ct 3 Sum ct 4 Construction of quaternion (ct) 1 ,ct 2 ,ct 3 ,ct 4 ) As searchable ciphertext C w,id And adds 1 to the counter value;
wherein r is 1 And r 2 For two random numbers in the integer domain, F (,) represents a pseudo-random function; "≡" means assigned value; h 1 (,) and H 2 (-) are two hash functions with random seeds whose output value range space is group G; e (d) is bilinear mapping operation, g is the generator of the bilinear mapping system; e (,) is a symmetric encryption algorithm.
4. A dynamically searchable symmetric encryption method that enables ciphertext bulk sharing as claimed in claim 2 or 3, wherein each entry in the state table is a set, and wherein storing the connection value w||cnt of the key w and the current counter value cnt as the current state in the entry in the state table indexed by the current id comprises:
updating the state table according to cW [ id ] ≡cW [ id ]. U (w||cnt);
where cW represents the state table and cW [ id ] represents an entry in the state table indexed by id.
5. The method for dynamically searchable symmetric encryption that enables ciphertext batch sharing as recited in claim 3, wherein in step (S1), the current id is encrypted using the derivative key S, comprising:
randomly selecting a parameter t in the integer domain and followingEncrypting the current id;
in the step (S2), generating the batch sharing ticket stk by using the set S includes:
according to E+.g s ||g t Generating encapsulation parameters E with a fixed length, then according to stk+ (E, S) * ) Generating batch sharing bill stk;
wherein g s Representing the form of the derived key s on the generator g of the bilinear mapping system, g t Representing the form of the parameter t on the generator g of the bilinear mapping system.
6. The dynamic searchable symmetric encryption method as claimed in claim 5, wherein said ciphertext database EDB is matched based on said batch sharing ticket stk owner Comprising:
splitting the batch sharing bill into (e) 1 ||e 2 ,S*);
Reading the ciphertext database EDB owner Ciphertext C of (C) w,id Extracting the sub-ciphertext ct therefrom 1 Sum ct 2
For each file id in the set S, a cryptographic hash value ST is determined whether a matching operation is satisfied: e (ST, e) 2 )e(ct 1 ,e 1 )=ct 2
If the encryption hash value of any one of the file ids in the set S satisfies the matching operation, determining the ciphertext C w,id The ciphertext to be shared; if all the encryption hash values of the file ids in the set S do not meet the matching operation, judging the ciphertext C w,id Not the ciphertext to be shared;
wherein e 1 =g s ,e 2 =g t
7. The dynamic searchable symmetric encryption method that enables ciphertext bulk sharing as recited in claim 6, wherein ΔΣ≡k'. Cnt max ·s -1
And in the ciphertext sharing step, re-encrypting the ciphertext to be shared by using the key conversion ticket delta, including:
sub-ciphertext ct is respectively extracted from ciphertext to be shared 1 、ct 2 、ct 3 Sum ct 4 The key conversion bill delta is utilized to convert the extracted sub-ciphertext ct 3 Encrypting to obtain a sub ciphertext ct 3 'after,' along with other sub-ciphertext ct 1 、ct 2 Sum ct 4 Construction of a New quaternion (ct 1 ,ct 2 ,ct 3 ′,ct 4 ) As encrypted ciphertext C w,id '。
8. The method of dynamic searchable symmetric encryption capable of batch sharing of ciphertext according to claim 7, wherein in the step (S1), when searching the state table with the current id as the index is successful, further comprising:
the state information obtained by searching is inserted into a bloom filter BF s
In the step (S2), the structured bill T further includes a bloom filter BF s
In addition, the dynamic searchable symmetric encryption method capable of realizing ciphertext batch sharing further comprises the following steps: a ciphertext searching step; the ciphertext searching step comprises the following steps:
the following steps are executed at the data user side:
according toCalculating a search trapdoor T for a keyword w w And sending to the server;
the following steps are performed in the server:
EDB from ciphertext database user Read ciphertext C w,id ', from whichOutput ciphertext ct 1 、ct 2 、ct 3 ' and ct 4 Determining whether a matching operation is satisfied:
e(T w ,ct 1 )=ct 3 '
if yes, then determine ciphertext C w,id ' is ciphertext to be searched, and the sub ciphertext ct is calculated 4 Added to the search result set R s The method comprises the steps of carrying out a first treatment on the surface of the Otherwise, judge C w,id ' not ciphertext to search, continuing ciphertext database EDB user Matching the next ciphertext;
after the search is completed, the search set R s And returning to the data user.
9. The method of claim 8, wherein in the step (S2), the constructed ticket T further includes a derivative key k e
And, the ciphertext searching step further includes: at the data user end, the counter value is made to be from cnt max Decrementing to 1 for each counter value cnt i The key w and the counter value cnt are combined i Connected value w cnt of (c) i For input, a bloom filter BF extracted from ticket T is queried s If the search is successful, the derived key k extracted from the ticket T is used e And counter value cnt i Generating symmetric decryption keysAnd inserts the set T k In (a) and (b);
in addition, the dynamic searchable symmetric encryption method capable of realizing ciphertext batch sharing further comprises the following steps: a ciphertext decryption step; the ciphertext decrypting step comprises the following steps:
the following steps are executed at the data user side:
if the search result set R s If the cipher text is empty, ending the cipher text decryption step; otherwise, sequentially acquiring the set R s And uses set T k Key in (a)Decryption is carried out, thus obtaining the ciphertext database EDB user The ids of all files associated with the key w.
10. A dynamic searchable symmetric encryption system that enables ciphertext sharing in batches, comprising: the system comprises a first encryption module and a first bill generation module which are deployed at a data owner end, a second bill generation module which is deployed at a data user end, and a first matching module and a re-encryption module which are deployed at a server end;
the first encryption module is configured to traverse an id set S of files that the data owner wants to share, search a state table with a current id as an index for each currently traversed file id, and if the search is successful, encrypt the current id with a derivative key S generated by the master key K and then join in the set S; if the search is unsuccessful, skipping the current id;
the first ticket generating module is configured to generate a batch sharing ticket stk by using the set S and send the batch sharing ticket stk to the server to generate a ticket containing the derivative key S and the counter maximum cnt max And sends the bill T to the data user;
the second bill generating module is used for utilizing the private key K' and the derived key s and the counter maximum cnt extracted from the bill T max Generating a key conversion bill delta and sending the key conversion bill delta to the server;
The first matching module is configured to match the ciphertext database EDB based on the batch sharing ticket stk owner Obtaining a ciphertext to be shared;
the re-encryption module is used for re-encrypting the ciphertext to be shared by using the key conversion bill delta and copying the encrypted ciphertext to a ciphertext database EDB of the data user at the server user Completing ciphertext sharing;
wherein the size |S| of the set S is more than or equal to 1; ciphertext database EDB owner The ciphertext stored in the storage device comprises a result of encrypting the file id by using the derivative secret key s; the state table uses file id as index, usingEDB in storage ciphertext database owner The state information of the stored ciphertext comprises a key word contained in the ciphertext and a connection value of a counter value during ciphertext generation.
CN202311411377.1A 2023-10-25 2023-10-25 Dynamic searchable symmetric encryption method and system capable of realizing ciphertext batch sharing Pending CN117494159A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311411377.1A CN117494159A (en) 2023-10-25 2023-10-25 Dynamic searchable symmetric encryption method and system capable of realizing ciphertext batch sharing

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311411377.1A CN117494159A (en) 2023-10-25 2023-10-25 Dynamic searchable symmetric encryption method and system capable of realizing ciphertext batch sharing

Publications (1)

Publication Number Publication Date
CN117494159A true CN117494159A (en) 2024-02-02

Family

ID=89671816

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311411377.1A Pending CN117494159A (en) 2023-10-25 2023-10-25 Dynamic searchable symmetric encryption method and system capable of realizing ciphertext batch sharing

Country Status (1)

Country Link
CN (1) CN117494159A (en)

Similar Documents

Publication Publication Date Title
CN110337649B (en) Method and system for dynamic symmetric searchable encryption with imperceptible search patterns
CN106815350B (en) Dynamic ciphertext multi-keyword fuzzy search method in cloud environment
US9977918B2 (en) Method and system for verifiable searchable symmetric encryption
CN105681280B (en) Encryption method can search for based on Chinese in a kind of cloud environment
EP3058678B1 (en) System and method for dynamic, non-interactive, and parallelizable searchable symmetric encryption
US10664610B2 (en) Method and system for range search on encrypted data
CN112800445B (en) Boolean query method for forward and backward security and verifiability of ciphertext data
CN104780161A (en) Searchable encryption method supporting multiple users in cloud storage
CN110457915B (en) Efficient searchable symmetric encryption method and system with forward and backward security
CN109361644B (en) Fuzzy attribute based encryption method supporting rapid search and decryption
CN110765469B (en) Efficient and robust dynamic searchable symmetric encryption method and system
CN111192050B (en) Digital asset private key storage and extraction method and device
CN114417073B (en) Neighbor node query method and device of encryption graph and electronic equipment
CN109274659B (en) Certificateless online/offline searchable ciphertext method
CN107766739A (en) Towards the phrase retrieval method and its device of cipher text data
CN109672525B (en) Searchable public key encryption method and system with forward index
CN108920968B (en) File searchable encryption method based on connection keywords
CN117494159A (en) Dynamic searchable symmetric encryption method and system capable of realizing ciphertext batch sharing
US11451518B2 (en) Communication device, server device, concealed communication system, methods for the same, and program
JP6493402B2 (en) Addition device, deletion device, addition request device, data search system, data search method, and computer program
CN115102733B (en) Efficient packed image encryption retrieval method
CN116996281B (en) Dynamic searchable symmetric encryption method, system and medium supporting ciphertext sharing
JP7217836B1 (en) Data management device, confidential search system, confidential search method, and confidential search program
CN116383838A (en) Data encryption and decryption method and related device in distributed data storage system
CN117076406A (en) Document storage method, system, device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination