CN117714211B - Attribute encryption method, system and device supporting data integrity audit - Google Patents

Attribute encryption method, system and device supporting data integrity audit Download PDF

Info

Publication number
CN117714211B
CN117714211B CN202410160171.4A CN202410160171A CN117714211B CN 117714211 B CN117714211 B CN 117714211B CN 202410160171 A CN202410160171 A CN 202410160171A CN 117714211 B CN117714211 B CN 117714211B
Authority
CN
China
Prior art keywords
terminal
kgc
data
token
attribute
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410160171.4A
Other languages
Chinese (zh)
Other versions
CN117714211A (en
Inventor
王滨
沈剑
张涛
周天祺
陈加栋
王国云
谢瀛辉
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Hikvision Digital Technology Co Ltd
Original Assignee
Hangzhou Hikvision Digital Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Hikvision Digital Technology Co Ltd filed Critical Hangzhou Hikvision Digital Technology Co Ltd
Priority to CN202410160171.4A priority Critical patent/CN117714211B/en
Publication of CN117714211A publication Critical patent/CN117714211A/en
Application granted granted Critical
Publication of CN117714211B publication Critical patent/CN117714211B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The embodiment of the application provides an attribute encryption method, an attribute encryption system and an attribute encryption device for supporting data integrity audit. In this embodiment, the first terminal negotiates with the KGC in the registration stage to obtain a decryption key of the first terminal generated by the KGC based on the attribute set of the first terminal, and determines whether to allow the first terminal to obtain the data of the second terminal by means of whether the attribute set of the first terminal is matched with the second access policy of the second terminal uploaded by the second terminal when the first terminal requests the data of the second terminal, decrypts the second target data from the second ciphertext by using the decryption key obtained by negotiating with the KGC when the first terminal has permission to access the second data information of the second terminal, and downloads the second token from the blockchain to perform the data integrity audit of the second target data based on the second token, thereby realizing attribute encryption supporting data integrity audit.

Description

Attribute encryption method, system and device supporting data integrity audit
Technical Field
The application relates to the field of data security, in particular to an attribute encryption method, an attribute encryption system and an attribute encryption device for supporting data integrity audit.
Background
In the field of data security, data to be encrypted is often encrypted by conventional asymmetric encryption techniques. For example, for the data to be encrypted, the encryption end encrypts the data to be encrypted by using the public key to obtain the ciphertext and sends the ciphertext to the decryption end, and the decryption end decrypts the ciphertext by using the private key matched with the public key to obtain the data. However, in the application of the asymmetric encryption technology, once the private key is compromised, an attacker can decrypt all the data decrypted by the public key, which is harmful.
Disclosure of Invention
In view of this, the embodiments of the present application provide a method, a system, and a device for attribute encryption supporting data integrity audit, so as to implement attribute encryption supporting data integrity audit, and avoid problems caused by applying a conventional encryption technology, such as attack damage caused by leakage of a private key under an asymmetric encryption technology.
According to a first aspect of an embodiment of the present application, there is provided an attribute encryption method for supporting data integrity audit, the method being applied to a first terminal, the method including:
In the stage of registering to the key generation center KGC, negotiating with the KGC to obtain a decryption key of the first terminal, which is generated by the KGC based on the attribute set of the first terminal;
Generating a first token based on the first secret value, the first target data and the public safety element broadcasted by KGC, encrypting the first target data based on the first secret value and the public safety element to obtain a first ciphertext, uploading first data information to a cloud server and uploading the first token to a blockchain; wherein the first data information includes at least: a first access policy, a first ciphertext, and a first variable parameter of the first terminal; the first access policy indicates access rights of the first terminal; the first variable parameter is used for the decryption terminal to obtain a first secret value based on the decryption key and the first variable parameter, and the first token is used for the decryption terminal to audit the data integrity;
Transmitting a data request to a cloud server when the first terminal requests the data of the second terminal, so that the cloud server verifies whether the attribute set of the first terminal is matched with a second access policy of the second terminal uploaded by the second terminal; acquiring second data information sent by the cloud server when the cloud server verifies matching; the second data information is generated by the second terminal in a manner that the first terminal generates the first data information, and the second data information includes: the second access policy, the second ciphertext and the second variable parameter; utilizing the decryption key and combining the second variable parameter to parse a second secret value, and decrypting second target data from a second ciphertext according to the second secret value; downloading a second token from the blockchain to conduct a data integrity audit based on the second token; the second token is generated by the second terminal in a manner that the first terminal generates the first token and uploaded to the blockchain.
According to a second aspect of an embodiment of the present application, there is provided an attribute encryption system supporting data integrity audit, including:
A key generation center KGC for broadcasting public security elements and negotiating with the terminal to generate a decryption key of the terminal based on the attribute set of the terminal at a stage when any terminal is registered to the key generation center KGC; the attributes in the attribute set of any terminal are used for describing the terminal;
Any terminal, executing according to the steps in the method as described in the first aspect above;
the cloud server is used for storing the data information uploaded by any terminal, verifying whether the attribute set of the first terminal is matched with the second access policy of the second terminal uploaded by the second terminal based on the data request of the first terminal, and sending the second data information uploaded by the second terminal to the first terminal when verifying that the attribute set of the first terminal is matched with the second data information sent when the attribute set of the first terminal is matched with the second access policy;
and the blockchain is used for storing the token uploaded by any terminal through the node in the blockchain.
According to a third aspect of an embodiment of the present application, there is provided an attribute encryption apparatus supporting data integrity audit, the apparatus being applied to a first terminal, the apparatus comprising:
A registration module, configured to, in a stage in which the first terminal registers to a key generation center KGC, negotiate with the KGC to obtain a decryption key of the first terminal that is generated by the KGC based on the attribute set of the first terminal;
The encryption module is used for generating a first token based on the first secret value, the first target data and the public security element broadcasted by KGC at the stage of encrypting the first target data by the first terminal, encrypting the first target data based on the first secret value and the public security element to obtain a first ciphertext, uploading the first data information to the cloud server and uploading the first token to the blockchain; wherein the first data information includes at least: a first access policy, a first ciphertext, and a first variable parameter of the first terminal; the first access policy indicates access rights of the first terminal; the first variable parameter is used for the decryption terminal to obtain a first secret value based on the decryption key and the first variable parameter, and the first token is used for the decryption terminal to audit the data integrity;
The decryption module is used for sending a data request to the cloud server when the first terminal requests the data of the second terminal so as to verify whether the attribute set of the first terminal is matched with the second access policy of the second terminal uploaded by the second terminal or not by the cloud server; acquiring second data information sent by the cloud server when the cloud server verifies matching; the second data information is generated by the second terminal in a manner that the first terminal generates the first data information, and the second data information includes: the second access policy, the second ciphertext and the second variable parameter; utilizing the decryption key and combining the second variable parameter to parse a second secret value, and decrypting second target data from a second ciphertext according to the second secret value; downloading a second token from the blockchain to conduct a data integrity audit based on the second token; the second token is generated by the second terminal in a manner that the first terminal generates the first token and uploaded to the blockchain.
According to a fourth aspect of an embodiment of the present application, there is provided an electronic device including: a processor and a memory;
Wherein the memory is configured to store machine-executable instructions;
The processor is configured to read and execute the machine executable instructions stored in the memory, so as to implement the method according to the first aspect.
According to a fifth aspect of embodiments of the present application, there is provided a computer program product having a computer program stored therein, which, when being executed by a processor, implements the method according to the first aspect.
The technical scheme provided by the embodiment of the application can have the following beneficial effects:
As can be seen from the above technical solution, in the embodiment of the present application, a first terminal negotiates with a KGC in a registration stage to obtain a decryption key of the first terminal generated by the KGC based on an attribute set of the first terminal, and when the first terminal requests data of a second terminal, determines whether to allow the first terminal to obtain the data of the second terminal by means of whether the attribute set of the first terminal matches with a second access policy of the second terminal uploaded by the second terminal, and when it is determined that the first terminal has permission to access second data information of the second terminal, decrypts second target data from second ciphertext by using a decryption key obtained by negotiating with the KGC in the registration stage, and downloads a second token from a blockchain to perform data integrity audit of the second target data based on the second token, thereby realizing attribute encryption supporting data integrity audit, and avoiding problems caused by applying a traditional encryption technology such as attack hazard caused by leakage of a private key under asymmetric encryption technology;
Further, in the embodiment, the token for data integrity audit is stored in the blockchain, and the token sent by any terminal is stored by means of the non-tamperable chained structure of the blockchain, so that the token is not tampered, the data sharing safety is improved, and meanwhile, the embodiment can be expanded to a distributed scene, and the user decentralization requirement is met.
Further, in this embodiment, by means of whether the attribute set of the first terminal is matched with the second access policy of the second terminal uploaded by the second terminal to determine whether the first terminal is allowed to obtain the data of the second terminal, fine-grained access right control of the data in cloud storage can be achieved, and data privacy security is protected. Fine-grained control, as used herein, refers to implementing a technique in a system or application that enables precise control of access rights or resource usage, which allows an administrator or user to define and control the manner in which access to the system or resource is made in accordance with specific needs.
Further, in this embodiment, the first target data is encrypted based on the first secret value and the public security element broadcasted by the KGC in the initialization stage to obtain the first ciphertext, which is equivalent to completing the encryption by means of the KGC itself through the bilinear pairing operation (corresponding to the public security element broadcasted by the KGC in the initialization stage), without additional cost.
Drawings
FIG. 1 is a diagram of an exemplary system according to an embodiment of the present application.
Fig. 2 is a flow chart of a method according to an embodiment of the application.
Fig. 3 is a diagram showing a specific example of an embodiment of the present application.
Fig. 4 is a block diagram of an apparatus according to an embodiment of the present application.
Fig. 5 is a block diagram of an electronic device according to an embodiment of the present application.
Detailed Description
Reference will now be made in detail to exemplary embodiments, examples of which are illustrated in the accompanying drawings. When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the application. Rather, they are merely examples of apparatus and methods consistent with aspects of the application as detailed in the accompanying claims.
The terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of the application. As used in this specification and the appended claims, the singular forms "a," "an," and "the" are intended to include the plural forms as well, unless the context clearly indicates otherwise. It should also be understood that the term "and/or" as used herein refers to and encompasses any or all possible combinations of one or more of the associated listed items.
It should be understood that although the terms first, second, third, etc. may be used herein to describe various information, these information should not be limited by these terms. These terms are only used to distinguish one type of information from another. For example, first information may also be referred to as second information, and similarly, second information may also be referred to as first information, without departing from the scope of the application. The word "if" as used herein may be interpreted as "at … …" or "at … …" or "in response to a determination" depending on the context.
Next, embodiments of the present specification will be described in detail.
As shown in fig. 1, fig. 1 is a system configuration diagram according to an embodiment of the present application. In this embodiment, the system may include: a key generation center (Key Generation Center, KGC), a cloud server, nodes on the blockchain, and a plurality of terminals (fig. 1 illustrates two data users, namely data user a and data user B).
As an embodiment, KGC is responsible for registration of a terminal, and generates a decryption key based on an attribute set of the terminal for a legitimate terminal at a stage of registration of the terminal to the KGC.
As an embodiment, the cloud server is rich in storage resources, and is configured to store data information uploaded by a terminal (hereinafter, first data information is taken as an example to illustrate how to upload the data information), and provide a data sharing function, that is, when a data request sent by another terminal is received, return corresponding data information (such as second data information below) based on the data request.
Blockchain, a decentralised digital ledger technique, is maintained by a network of nodes, each storing a complete copy on the network. Transactions on a blockchain are encapsulated in a block, each block containing the hash value of the previous block, forming a tamper-proof chain. The security of this technique comes from encryption techniques and consensus mechanisms where all nodes must agree to update the blockchain. The embodiment stores the token (Tag) sent by any terminal by means of the non-tamperable chained structure of the blockchain, so that the token is ensured not to be tampered.
Any terminal, in cooperation with KGC, cloud server and nodes on blockchain, implements an attribute encryption manner supporting data integrity audit, and fig. 2 below illustrates an attribute encryption manner supporting data integrity audit.
It can be seen that in this embodiment, the terminal cooperates with KGC, the cloud server and each node on the blockchain to jointly implement an attribute encryption manner supporting data integrity audit. By means of the characteristics of non-falsification of the block chain and the like, the data sharing safety is improved, meanwhile, the embodiment is expanded to a distributed scene, and the user decentralization requirement is met. The flow shown in fig. 2 is described below:
Referring to fig. 2, fig. 2 is a flow chart of a method according to an embodiment of the present application. The method is applied to any terminal, as shown in fig. 2, and the process may include the following steps:
S210: and in the stage of registering the first terminal to the KGC, negotiating with the KGC to obtain a decryption key of the first terminal, which is generated by the KGC based on the attribute set of the first terminal.
In this embodiment, the attribute in the attribute set of the first terminal is used to describe the first terminal. For example, in an application scenario of corporate data sharing, the attribute set of the first terminal may include a plurality of attributes as follows: the terminal identifier of the first terminal, the department, the position, the age, etc. of the terminal user of the first terminal are not particularly limited.
As to how KGC generates the decryption key of the first terminal based on the attribute set of the first terminal, the following description will be given by way of example, which is not repeated here.
S220: and in the stage of encrypting the first target data to be encrypted by the first terminal, obtaining a first access strategy of the first terminal, generating a first token based on the randomly selected first secret value, the first target data and the public security element broadcasted by the KGC in the initialization stage, encrypting the first target data based on the first secret value and the public security element broadcasted by the KGC in the initialization stage to obtain a first ciphertext, uploading the first ciphertext to a cloud server with the first data information, and uploading the first token to a blockchain.
As an embodiment, the first access policy is used to indicate access rights of the first terminal, such as access rights to the first data information.
Optionally, the first access policy includes: attribute descriptive information matrix and attribute mapping function
Wherein each object description information in the attribute description information matrix is used for describing a corresponding attribute, the object description information is data in any row or column, and the attribute mapping functionFor mapping each object description information in the attribute description information matrix to a corresponding attribute. For example, if a certain row in the attribute description information matrix describes a name, then the attribute mapping function/>For mapping the organization of elements on that row in the attribute description information matrix to the attribute of the name.
As an embodiment, in the step S220, generating the first token based on the randomly selected first secret value, the first target data and the public security element broadcasted by the KGC in the initializing phase may include:
The first token is calculated according to the following equation: ; wherein/> Representing the first token,/>Representing the first secret value, H () represents the hash function of the KGC as a public-safety element that has been broadcast during the initialization phase,/>Representing first target data,/>A third public safety element indicating that KGC has been broadcast. Hereinafter, the KGC will be described as broadcasting public safety elements in the initialization stage, which is not described herein.
In this embodiment, the first token is used for data integrity audit by the decryption end. Step S230 exemplifies how data integrity audits by means of tokens, such as a second token, which is not described in detail herein. It should be noted that in this embodiment, the first token is uploaded to the blockchain, specifically, the first token is uploaded to any node in the blockchain.
As an embodiment, in the step S220, encrypting the first target data based on the first secret value and the public security element broadcasted by the KGC in the initialization stage to obtain the first ciphertext may include:
encrypting the first target data according to the following formula: ; wherein/> Represents a first ciphertext, m represents a first target data,/>A seventh public safety element indicating that KGC has been broadcasted in the initialization phase, s1 indicating the first secret value.
In this embodiment, the first data information includes at least: the first access strategy, the first ciphertext and the first variable parameter; the first variable parameter is used for a decryption terminal to obtain a first secret value based on a decryption key and the first variable parameter, and the decryption terminal refers to a terminal for requesting first data information. The decryption terminal obtains the first secret value based on the decryption key and the first variable parameter, which will be described below by way of example and will not be described in detail.
S230: when the first terminal needs to request the data of the second terminal, a data request is sent to a cloud server, so that the cloud server verifies whether the attribute set of the first terminal is matched with a second access policy of the second terminal uploaded by the second terminal; obtaining second data information sent by the cloud server when verifying that the attribute set of the first terminal is matched with a second access policy; the second data information includes at least: the second access policy, the second ciphertext and the second variable parameter; decrypting the second target data from the second ciphertext according to the second secret value by utilizing a decryption key obtained by negotiating with the KGC when registering to the KGC stage and resolving the second secret value by combining the second variable parameter; and downloading the second token from the blockchain for data integrity auditing based on the second token.
As an embodiment, the cloud server verifying whether the attribute set of the first terminal matches the second access policy of the second terminal that the second terminal has uploaded may include: obtaining an attribute set of the second terminal based on a second access policy of the second terminal uploaded by the second terminal; if the attribute set of the first terminal is a subset of the attribute set of the second terminal or the attribute set of the first terminal is consistent with the attribute set of the second terminal, determining that the attribute set of the first terminal is matched with the second access policy, otherwise, determining that the attribute set of the first terminal is not matched with the second access policy.
Here, the description of the attribute of the second terminal in combination with the specific visible first access policy is obtained based on the second access policy of the second terminal that has been uploaded by the second terminal, for example, by an attribute mapping function in the second access policyAnd mapping each piece of target description information (data in any row or column) in the attribute description information matrix to a corresponding attribute to obtain an attribute set of the second terminal.
In this embodiment, the second data information is generated by the second terminal in such a manner that the first terminal generates the first data information as in step S220. The second variable parameter will be described below by way of example.
Also in this embodiment, the second token is generated by the second terminal and uploaded to the blockchain in such a way that the first terminal generates the first token as in step S220.
Illustratively, in this embodiment, downloading the second token from the blockchain may include: and sending a token query request to the blockchain, wherein the token query request carries a token identification, and receiving a token fed back by the blockchain based on the token query request. Finally, the downloading of the second token from the blockchain is achieved.
Alternatively, the token identifier may be determined according to the decrypted second target data, for example, after hashing the decrypted second target data to obtain the token identifier, which is not limited in particular by the embodiment of the present application.
Optionally, when any node in the blockchain receives a token query request, it traverses each block to find a second token that matches the token identification carried by the token query request.
For one embodiment, the data integrity audit based on the second token may include: and generating a third token based on the second secret value, the second target data and the public security element broadcasted by the KGC in the initialization stage by the first terminal, and performing data integrity audit based on the second token and the third token.
Here, the third token may be calculated as follows: ; wherein/> A third token is represented and is used to indicate a third token,Representing the second secret value, H () represents the hash function of KGC as a public safety element that has been broadcast during the initialization phase,/>2 Represents second target data,/>A third public safety element indicating that KGC has been broadcast.
As one embodiment, data integrity auditing based on the second token and the third token includes:
and checking whether the second token and the third token meet set matching requirements (such as the same), if so, determining that the second target data passes the data integrity audit, otherwise, determining that the second target data does not pass the data integrity audit. Finally, attribute encryption supporting data integrity audit is realized.
The description of the method shown in fig. 2 is thus completed. Fig. 3 shows the entire flow as a whole, corresponding to the flow shown in fig. 2.
As can be seen from the flow shown in fig. 2, in the embodiment of the present application, the first terminal negotiates with the KGC during the registration stage to obtain the decryption key of the first terminal generated by the KGC based on the attribute set of the first terminal, and when the first terminal requests the data of the second terminal, determines whether to allow the first terminal to obtain the data of the second terminal by means of whether the attribute set of the first terminal matches with the second access policy of the second terminal uploaded by the second terminal, and when it is determined that the first terminal has permission to access the second data information of the second terminal, decrypts the second target data from the second ciphertext by using the decryption key obtained by negotiating with the KGC during the registration stage, and downloads the second token from the blockchain to perform the data integrity audit of the second target data based on the second token, thereby realizing attribute encryption supporting the data integrity audit, and avoiding the problems caused by the application of the conventional encryption technology such as attack hazard caused by the leakage of the private key under the asymmetric encryption technology;
Further, in the embodiment, the token for data integrity audit is stored in the blockchain, and the token sent by any terminal is stored by means of the non-tamperable chained structure of the blockchain, so that the token is not tampered, the data sharing safety is improved, and meanwhile, the embodiment can be expanded to a distributed scene, and the user decentralization requirement is met.
Further, in this embodiment, by means of whether the attribute set of the first terminal is matched with the second access policy of the second terminal uploaded by the second terminal to determine whether the first terminal is allowed to obtain the data of the second terminal, fine-grained access right control of the data in cloud storage can be achieved, and data privacy security is protected. Fine-grained control, as used herein, refers to implementing a technique in a system or application that enables precise control of access rights or resource usage, which allows an administrator or user to define and control the manner in which access to the system or resource is made in accordance with specific needs.
Further, in this embodiment, the first target data is encrypted based on the first secret value and the public security element broadcasted by the KGC in the initialization stage to obtain the first ciphertext, which is equivalent to completing the encryption by means of the KGC itself through the bilinear pairing operation (corresponding to the public security element broadcasted by the KGC in the initialization stage), without additional cost.
As an embodiment, if the second variable parameter isN is the number of columns in the attribute description information matrix in the second access policy. The second variable parameter is carried in second data information uploaded to the cloud server by the second terminal. In addition, if the decryption key of the first terminal is/>S represents the total number of attributes in the set of attributes. In step S230, a second secret value/>, is finally obtained by the following equation; Wherein/>A second public safety element that has been broadcasted for KGC. That is, it is finally achieved that the second secret s2 is resolved in combination with the second variable parameter by means of a decryption key obtained by negotiating with KGC when registering to the KGC stage.
How KGC broadcasts public safety elements is described as follows:
As an example, in the initial stage, KGC may select system security parameters And secure bilinear mapping. Wherein G1 and G2 are data fields, e is a data field mapping function for mapping from G1 to G2 or from G2 to G1, and p is a selected large prime number. In addition, KGC is also found in/>Five elements/>And generates random number/>As the master private key. The KGC then generates public safety parameters (the public safety parameters include the following public safety elements:/>) And broadcast to other entities such as all terminals in the same lan as the KGC. H represents a hash function. To ensure security, the master private key/>Is reserved locally and individually, and is not broadcasted by KGC.
KGC broadcast public safety elements are described above.
The decryption key of the first terminal is described below:
the decryption key based on the first terminal as described above is S represents the total number of attributes in the set of attributes, then as an embodiment, the/>, aboveAccording to the KGC generated target random number r, the KGC broadcasted first public safety element w and the KGC broadcasted second public safety element, performing a first appointed operation to obtain; second public Security element pass/>Obtaining; e denotes a mapping function from the first data field G1 to the second data field G2, G being a third public safety element randomly chosen by KGC,/>Representing the primary private key of KGC. For example,/>
And performing a second specified operation according to the KGC generated target random number r and the KGC broadcasted third public security element g. For example,/>
The method comprises the steps of carrying out second specified operation on a first keyword corresponding to each attribute in the attribute set, wherein the first keyword corresponding to any attribute is obtained according to a random number generated by KGC for the attribute and a third public security element g broadcasted by KGC. For example,/>. Where j represents any attribute,/>Indicating the random number generated by KGC for this attribute j.
The method comprises the steps that a second keyword corresponding to each attribute in the attribute set is obtained by carrying out third specified operation on a random number generated by any attribute according to KGC for the attribute, a numerical value corresponding to the attribute, a fourth public safety element u, a fifth public safety element h, a sixth public safety element v and a target random number r which are broadcasted by KGC. For example,. Where j represents any attribute,/>Representing the random number generated by KGC for this attribute j,/>The value corresponding to the attribute j is indicated.
It should be noted that the decryption key is merely an example for easy understanding, and is not limited thereto.
The second variable parameter is described below
As an embodiment, the attribute description information matrix in the second access policy includes m rows and n columns. To calculate the second variable parameter, a second secret value s2 is obtained first, and a vector is formed based on the second secret value s1 and n-1 random numbers selected randomlyAnd calculates the attribute description information matrix and vector/>Is multiplied by (1) to obtain/>
Under the premise, the second variable parameter isAnd performing a second specified operation according to the second secret value s2 and the third public security element g broadcasted by the KGC. For example,/>
And performing a second specified operation according to the first secret value s2 and the first public safety element w broadcasted by the KGC. For example,/>
Including vector/>A first parameter corresponding to each element. Wherein, the first parameter corresponding to any element i is determined by the following formula: /(I); W represents a first public safety element,/>Representation/>I-th value of/>Representing the ith value in the random number matrix t and v representing the sixth public safety element.
Including vector/>The second parameter corresponding to each element i is determined by the following formula: /(I); U represents a fourth public safety element,/>Representation/>I-th value of/>Representing the ith value in the random number matrix t, h representing the fifth public safety element.
Including vector/>The third parameter corresponding to each element i is determined by the following formula: /(I). G represents a second public safety element,/>Representing the ith value in the random number matrix t.
It should be noted that the second variable parameter is merely an example for understanding, and is not limited thereto. Correspondingly, the manner in which the first terminal generates the first variable parameter is similar to the manner in which the second variable parameter is generated, which is not described herein.
The method provided by the embodiment of the application is described above, and the system and the device provided by the embodiment of the application are described below:
The system provided by the embodiment of the application can comprise:
A key generation center KGC for broadcasting public security elements and negotiating with the terminal to generate a decryption key of the terminal based on the attribute set of the terminal at a stage when any terminal is registered to the key generation center KGC; the attributes in the attribute set of any terminal are used for describing the terminal;
Any terminal, executing according to the steps in the method;
the cloud server is used for storing the data information uploaded by any terminal, verifying whether the attribute set of the first terminal is matched with the second access policy of the second terminal uploaded by the second terminal based on the data request of the first terminal, and sending the second data information uploaded by the second terminal to the first terminal when verifying that the attribute set of the first terminal is matched with the second data information sent when the attribute set of the first terminal is matched with the second access policy;
And the blockchain is used for storing tokens uploaded by any terminal through nodes in the blockchain.
Correspondingly, the embodiment of the application also provides a structure diagram of the device shown in fig. 4. Referring to fig. 4, fig. 4 is a block diagram of an apparatus provided by an embodiment of the present application, where the apparatus is applied to a first terminal, and may include:
A registration module, configured to, in a stage in which a first terminal registers to a key generation center KGC, negotiate with the KGC to obtain a decryption key of the first terminal generated by the KGC based on a set of attributes of the first terminal; the attributes in the attribute set are used for describing the first terminal;
The encryption module is used for obtaining a first access strategy of the first terminal at the stage of encrypting first target data to be encrypted by the first terminal, generating a first token based on a randomly selected first secret value, the first target data and a public security element broadcasted by the KGC at the initialization stage, encrypting the first target data based on the first secret value and the public security element broadcasted by the KGC at the initialization stage to obtain a first ciphertext, uploading the first ciphertext to a cloud server with the first data information, and uploading the first token to a block chain; the first access policy of the first terminal indicates the access authority of the first terminal; the first data information includes at least: the first access strategy, the first ciphertext and the first variable parameter; the first variable parameter is used for the decryption terminal to obtain a first secret value based on the decryption key and the first variable parameter, the first token is used for the decryption terminal to carry out data integrity audit, and the decryption terminal refers to a terminal for requesting first data information;
the decryption module is used for sending a data request to the cloud server when the first terminal needs to request the data of the second terminal, so that the cloud server verifies whether the attribute set of the first terminal is matched with the second access policy of the second terminal uploaded by the second terminal; obtaining second data information sent by the cloud server when verifying that the attribute set of the first terminal is matched with a second access policy; the second data information includes at least: the second access policy, the second ciphertext and the second variable parameter; decrypting the second target data from the second ciphertext according to the second secret value by utilizing a decryption key obtained by negotiating with the KGC when registering to the KGC stage and resolving the second secret value by combining the second variable parameter; and downloading the second token from the blockchain for data integrity auditing based on the second token.
Optionally, the negotiating with the KGC to obtain the decryption key generated by the KGC based on the set of attributes comprises:
submitting the attribute set of the first terminal to KGC to generate a decryption Key Key by the KGC;
wherein, key includes at least: S represents the total number of attributes in the attribute set;
According to the KGC generated target random number r, the KGC broadcasted first public safety element w and the KGC broadcasted second public safety element, performing a first appointed operation to obtain; second public Security element pass/> Obtaining; e denotes a mapping function from the first data field G1 to the second data field G2, G being a third public safety element randomly chosen by KGC,/>A primary private key representing KGC;
performing a second specified operation according to the KGC generated target random number r and the KGC broadcasted third public security element g;
The method comprises the steps that first keywords corresponding to each attribute in the attribute set are included, and the first keywords corresponding to any attribute are obtained by performing second specified operation according to a random number generated by KGC for the attribute and a third public security element g broadcasted by KGC;
The method comprises the steps that a second keyword corresponding to each attribute in the attribute set is obtained by carrying out third specified operation on a random number generated by any attribute according to KGC for the attribute, a numerical value corresponding to the attribute, a fourth public safety element u, a fifth public safety element h, a sixth public safety element v and a target random number r which are broadcasted by KGC.
Optionally, the first access policy includes: attribute descriptive information matrix and attribute mapping function
Wherein each target description information in the attribute description information matrix is used for describing the corresponding attribute, the target description information is data in any row or column, and the attribute mapping functionFor mapping each object description information in the attribute description information matrix to a corresponding attribute.
Optionally, the generating the first token based on the randomly selected first secret value, the first target data and the public safety element broadcasted by the KGC in the initializing phase comprises:
The first token is calculated according to the following equation: ; wherein/> Representing the first token,/>Representing the first secret value, H () represents the hash function of the KGC as a public-safety element that has been broadcast during the initialization phase,/>Representing first target data,/>A third public safety element indicating that KGC has been broadcast;
The data integrity audit based on the second token includes: generating a third token based on the second secret value, the second target data and the KGC broadcasted public security element; performing data integrity audit based on the second token and the third token; wherein the third token is calculated according to the following formula: ; wherein/> Representing a third token,/>Representing the second secret value, H () represents the hash function of KGC as a public safety element that has been broadcast during the initialization phase,/>2 Represents second target data,/>A third public safety element indicating that KGC has been broadcast.
Optionally, encrypting the first target data based on the first secret value and the public security element broadcasted by the KGC in the initializing stage to obtain the first ciphertext includes:
encrypting the first target data according to the following formula: ; wherein/> Represents a first ciphertext, m represents a first target data,/>A seventh public safety element indicating that KGC has been broadcasted in the initialization phase, s1 indicating the first secret value.
Optionally, the auditing the data integrity based on the second token and the third token includes: and checking whether the second token and the third token meet the set matching requirement, if so, determining that the second target data passes the data integrity audit, otherwise, determining that the second target data does not pass the data integrity audit.
Correspondingly, the embodiment of the application also provides a hardware structure diagram of the device shown in fig. 4, and in particular, as shown in fig. 5, the electronic device may be a device for implementing the method. As shown in fig. 5, the hardware structure includes: a processor and a memory.
Wherein the memory is configured to store machine-executable instructions;
The processor is configured to read and execute the machine executable instructions stored in the memory to implement the method embodiments as described above.
Correspondingly, the embodiment of the application also provides a computer program product, wherein a computer program is stored, and when being executed by a processor, the computer program realizes the embodiment of the method.
The memory may be any electronic, magnetic, optical, or other physical storage device that may contain or store information, such as executable instructions, data, or the like, for one embodiment. For example, the memory may be: volatile memory, nonvolatile memory, or similar storage medium. In particular, the memory may be RAM (Radom Access Memory, random access memory), flash memory, a storage drive (e.g., hard drive), a solid state disk, any type of storage disk (e.g., optical disk, DVD, etc.), or a similar storage medium, or a combination thereof.
Thus, the description of the electronic device shown in fig. 5 is completed.
The foregoing describes specific embodiments of the present disclosure. Other embodiments are within the scope of the following claims. In some cases, the actions or steps recited in the claims can be performed in a different order than in the embodiments and still achieve desirable results. In addition, the processes depicted in the accompanying figures do not necessarily require the particular order shown, or sequential order, to achieve desirable results. In some embodiments, multitasking and parallel processing are also possible or may be advantageous.
Other embodiments of the present description will be apparent to those skilled in the art from consideration of the specification and practice of the invention disclosed herein. This specification is intended to cover any variations, uses, or adaptations of the specification following, in general, the principles of the specification and including such departures from the present disclosure as come within known or customary practice within the art to which the specification pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the specification being indicated by the following claims.
It is to be understood that the present description is not limited to the precise arrangements and instrumentalities shown in the drawings, which have been described above, and that various modifications and changes may be made without departing from the scope thereof. The scope of the present description is limited only by the appended claims.
The foregoing description of the preferred embodiments is provided for the purpose of illustration only, and is not intended to limit the scope of the disclosure, since any modifications, equivalents, improvements, etc. that fall within the spirit and principles of the disclosure are intended to be included within the scope of the disclosure.

Claims (10)

1. An attribute encryption method supporting data integrity audit, wherein the method is applied to a first terminal, and the method comprises:
In the stage of registering to the key generation center KGC, negotiating with the KGC to obtain a decryption key of the first terminal, which is generated by the KGC based on the attribute set of the first terminal;
Generating a first token based on the first secret value, the first target data and the public safety element broadcasted by KGC, encrypting the first target data based on the first secret value and the public safety element to obtain a first ciphertext, uploading first data information to a cloud server and uploading the first token to a blockchain; wherein the first data information includes at least: a first access policy, a first ciphertext, and a first variable parameter of the first terminal; the first access policy indicates access rights of the first terminal; the first variable parameter is used for the decryption terminal to obtain a first secret value based on the decryption key and the first variable parameter, and the first token is used for the decryption terminal to audit the data integrity;
Transmitting a data request to a cloud server when the first terminal requests the data of the second terminal, so that the cloud server verifies whether the attribute set of the first terminal is matched with a second access policy of the second terminal uploaded by the second terminal; acquiring second data information sent by the cloud server when the cloud server verifies matching; the second data information is generated by the second terminal in a manner that the first terminal generates the first data information, and the second data information includes: the second access policy, the second ciphertext and the second variable parameter; utilizing the decryption key and combining the second variable parameter to parse a second secret value, and decrypting second target data from a second ciphertext according to the second secret value; downloading a second token from the blockchain to conduct a data integrity audit based on the second token; the second token is generated by the second terminal in a manner that the first terminal generates the first token and uploaded to the blockchain.
2. The method of claim 1, wherein negotiating with KGC to obtain the decryption key generated by the KGC based on the set of attributes comprises:
submitting the attribute set of the first terminal to KGC to generate a decryption Key Key by the KGC;
wherein, key includes at least: S represents the total number of attributes in the attribute set;
According to the KGC generated target random number r, the KGC broadcasted first public safety element w and the KGC broadcasted second public safety element, performing a first appointed operation to obtain; second public Security element pass/> Obtaining; e denotes a mapping function from the first data field G1 to the second data field G2, G being a third public safety element randomly chosen by KGC,/>A primary private key representing KGC;
performing a second specified operation according to the KGC generated target random number r and the KGC broadcasted third public security element g;
The method comprises the steps that first keywords corresponding to each attribute in the attribute set are included, and the first keywords corresponding to any attribute are obtained by performing second specified operation according to a random number generated by KGC for the attribute and a third public security element g broadcasted by KGC;
The method comprises the steps that a second keyword corresponding to each attribute in the attribute set is obtained by carrying out third specified operation on a random number generated by any attribute according to KGC for the attribute, a numerical value corresponding to the attribute, a fourth public safety element u, a fifth public safety element h, a sixth public safety element v and a target random number r which are broadcasted by KGC.
3. The method of claim 1, wherein the first access policy comprises: attribute descriptive information matrix and attribute mapping function
Wherein each target description information in the attribute description information matrix is used for describing the corresponding attribute, the target description information is data in any row or column, and the attribute mapping functionFor mapping each object description information in the attribute description information matrix to a corresponding attribute.
4. The method of claim 1, wherein the generating the first token based on the first secret, the first target data, and the KGC broadcasted public safety element comprises:
The first token is calculated according to the following equation: ; wherein/> Representing the first token,/>Representing a first secret value, H () representing a hash function broadcasted by KGC as a public safety element,/>Representing first target data,/>A third public safety element indicating that KGC has been broadcast;
The data integrity audit based on the second token includes: generating a third token based on the second secret value, the second target data and the KGC broadcasted public security element; performing data integrity audit based on the second token and the third token; wherein the third token is calculated according to the following formula: ; wherein/> Representing a third token,/>Representing the second secret value, H () represents the hash function of KGC as a public safety element that has been broadcast during the initialization phase,/>2 Represents second target data,/>A third public safety element indicating that KGC has been broadcast.
5. The method of claim 1, wherein encrypting the first target data based on the first secret and the public safety element to obtain a first ciphertext comprises:
encrypting the first target data according to the following formula: ; wherein/> Represents a first ciphertext, m1 represents first target data,/>A seventh public safety element indicating that KGC has been broadcasted in the initialization phase, s1 indicating the first secret value.
6. The method of claim 4, wherein the data integrity auditing based on the second token and the third token comprises:
And checking whether the second token and the third token meet the set matching requirement, if so, determining that the second target data passes the data integrity audit, otherwise, determining that the second target data does not pass the data integrity audit.
7. An attribute encryption system supporting data integrity auditing, comprising:
A key generation center KGC for broadcasting public security elements and negotiating with the terminal to generate a decryption key of the terminal based on the attribute set of the terminal at a stage when any terminal is registered to the key generation center KGC; the attributes in the attribute set of any terminal are used for describing the terminal;
Any terminal, which performs the steps of the method according to any of claims 1 to 6;
the cloud server is used for storing the data information uploaded by any terminal, verifying whether the attribute set of the first terminal is matched with the second access policy of the second terminal uploaded by the second terminal based on the data request of the first terminal, and sending the second data information uploaded by the second terminal to the first terminal when verifying that the attribute set of the first terminal is matched with the second data information sent when the attribute set of the first terminal is matched with the second access policy;
And the blockchain is used for storing tokens uploaded by any terminal through nodes in the blockchain.
8. An attribute encryption apparatus supporting data integrity auditing, the apparatus being applied to a first terminal, the apparatus comprising:
A registration module, configured to, in a stage in which the first terminal registers to a key generation center KGC, negotiate with the KGC to obtain a decryption key of the first terminal that is generated by the KGC based on the attribute set of the first terminal;
The encryption module is used for generating a first token based on the first secret value, the first target data and the public security element broadcasted by KGC at the stage of encrypting the first target data by the first terminal, encrypting the first target data based on the first secret value and the public security element to obtain a first ciphertext, uploading the first data information to the cloud server and uploading the first token to the blockchain; wherein the first data information includes at least: a first access policy, a first ciphertext, and a first variable parameter of the first terminal; the first access policy indicates access rights of the first terminal; the first variable parameter is used for the decryption terminal to obtain a first secret value based on the decryption key and the first variable parameter, and the first token is used for the decryption terminal to audit the data integrity;
The decryption module is used for sending a data request to the cloud server when the first terminal requests the data of the second terminal so as to verify whether the attribute set of the first terminal is matched with the second access policy of the second terminal uploaded by the second terminal or not by the cloud server; acquiring second data information sent by the cloud server when the cloud server verifies matching; the second data information is generated by the second terminal in a manner that the first terminal generates the first data information, and the second data information includes: the second access policy, the second ciphertext and the second variable parameter; utilizing the decryption key and combining the second variable parameter to parse a second secret value, and decrypting second target data from a second ciphertext according to the second secret value; downloading a second token from the blockchain to conduct a data integrity audit based on the second token; the second token is generated by the second terminal in a manner that the first terminal generates the first token and uploaded to the blockchain.
9. An electronic device, characterized in that the electronic device comprises: a processor and a memory;
Wherein the memory is configured to store machine-executable instructions;
The processor is configured to read and execute the machine executable instructions stored in the memory to implement the method according to any one of claims 1 to 6.
10. A computer program product, characterized in that the computer program product has stored therein a computer program which, when executed by a processor, implements the method of any of claims 1-6.
CN202410160171.4A 2024-02-04 2024-02-04 Attribute encryption method, system and device supporting data integrity audit Active CN117714211B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410160171.4A CN117714211B (en) 2024-02-04 2024-02-04 Attribute encryption method, system and device supporting data integrity audit

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410160171.4A CN117714211B (en) 2024-02-04 2024-02-04 Attribute encryption method, system and device supporting data integrity audit

Publications (2)

Publication Number Publication Date
CN117714211A CN117714211A (en) 2024-03-15
CN117714211B true CN117714211B (en) 2024-04-30

Family

ID=90148207

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410160171.4A Active CN117714211B (en) 2024-02-04 2024-02-04 Attribute encryption method, system and device supporting data integrity audit

Country Status (1)

Country Link
CN (1) CN117714211B (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104022868A (en) * 2014-02-18 2014-09-03 杭州师范大学 Outsourcing decryption method of attribute-based encryption based on ciphertext policy
CN112804064A (en) * 2021-01-26 2021-05-14 西安邮电大学 Attribute encryption access control system and method based on block chain
CN114036539A (en) * 2021-10-14 2022-02-11 国家电网有限公司 Safety auditable Internet of things data sharing system and method based on block chain
WO2023109056A1 (en) * 2021-12-14 2023-06-22 苏州浪潮智能科技有限公司 Attribute-based encryption method and system
WO2023226641A1 (en) * 2022-05-25 2023-11-30 南京理工大学 Blockchain privacy data access control method and system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9425960B2 (en) * 2008-10-17 2016-08-23 Sap Se Searchable encryption for outsourcing data analytics
US11507676B2 (en) * 2018-06-26 2022-11-22 Sri International Selectively sharing data in unstructured data containers

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104022868A (en) * 2014-02-18 2014-09-03 杭州师范大学 Outsourcing decryption method of attribute-based encryption based on ciphertext policy
CN112804064A (en) * 2021-01-26 2021-05-14 西安邮电大学 Attribute encryption access control system and method based on block chain
CN114036539A (en) * 2021-10-14 2022-02-11 国家电网有限公司 Safety auditable Internet of things data sharing system and method based on block chain
WO2023109056A1 (en) * 2021-12-14 2023-06-22 苏州浪潮智能科技有限公司 Attribute-based encryption method and system
WO2023226641A1 (en) * 2022-05-25 2023-11-30 南京理工大学 Blockchain privacy data access control method and system

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
云计算中属性基加密机制研究;霍成义;;信息安全研究;20200805(第08期);全文 *
电子医疗环境中支持用户隐私保护的访问控制方案;苗田田;杨惠杰;沈剑;;网络空间安全;20191025(第10期);全文 *

Also Published As

Publication number Publication date
CN117714211A (en) 2024-03-15

Similar Documents

Publication Publication Date Title
Ge et al. Secure keyword search and data sharing mechanism for cloud computing
Tang et al. Ensuring security and privacy preservation for cloud data services
CN110474893B (en) Heterogeneous cross-trust domain secret data secure sharing method and system
Michalas The lord of the shares: Combining attribute-based encryption and searchable encryption for flexible data sharing
KR102034449B1 (en) Method for managing and distributing content cryptographic keys in blockchain
EP2721765B1 (en) Key generation using multiple sets of secret shares
JP4672317B2 (en) Digital rights management system
KR101985179B1 (en) Blockchain based id as a service
CN113364600B (en) Certificateless public auditing method for integrity of cloud storage data
US20180295115A1 (en) Management of and persistent storage for nodes in a secure cluster
CN115834200A (en) Attribute-based searchable encryption data sharing method based on block chain
Miao et al. VKSE-MO: Verifiable keyword search over encrypted data in multi-owner settings
CN114021164B (en) Credit system privacy protection method based on block chain
CN112787818A (en) User authentication system and method based on anonymous protocol, and recording medium
Michalas et al. MicroSCOPE: enabling access control in searchable encryption with the use of attribute-based encryption and SGX
CN109565440B (en) Key exchange method and key exchange system
CN114095214B (en) Encryption and decryption method, device, equipment and medium based on block chain NFT technology
Onica et al. Efficient key updates through subscription re-encryption for privacy-preserving publish/subscribe
KR101140576B1 (en) Multi?user search system and method of encrypted document
Yu et al. Decentralized, revocable and verifiable attribute-based encryption in hybrid cloud system
CN117714211B (en) Attribute encryption method, system and device supporting data integrity audit
WO2023134576A1 (en) Data encryption method, attribute authorization center, and storage medium
CN111314059B (en) Processing method, device and equipment for account authority proxy and readable storage medium
CN115361126B (en) Partial strategy hidden attribute encryption method and system capable of verifying outsourcing
CN116910739A (en) Device data access control method, system, device and medium based on block chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant