CN117896066B - Double-chain architecture-based searchable encryption method capable of verifying multi-user authorization cross-domain - Google Patents

Double-chain architecture-based searchable encryption method capable of verifying multi-user authorization cross-domain Download PDF

Info

Publication number
CN117896066B
CN117896066B CN202410303232.8A CN202410303232A CN117896066B CN 117896066 B CN117896066 B CN 117896066B CN 202410303232 A CN202410303232 A CN 202410303232A CN 117896066 B CN117896066 B CN 117896066B
Authority
CN
China
Prior art keywords
user
domain
search
search request
administrator
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202410303232.8A
Other languages
Chinese (zh)
Other versions
CN117896066A (en
Inventor
周让
杨可
陈文进
唐小川
李冬芬
刘明哲
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Univeristy of Technology
Original Assignee
Chengdu Univeristy of Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Univeristy of Technology filed Critical Chengdu Univeristy of Technology
Priority to CN202410303232.8A priority Critical patent/CN117896066B/en
Publication of CN117896066A publication Critical patent/CN117896066A/en
Application granted granted Critical
Publication of CN117896066B publication Critical patent/CN117896066B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Storage Device Security (AREA)

Abstract

The invention discloses a double-chain architecture-based verifiable multi-user authorization cross-domain searchable encryption method, which relates to the technical field of searchable encryption. The domain manager designates the search authority of the data when updating the data, and generates a shared key using the public key of the user having the search authority and the self private key so that the shared key and the self private key are embedded in the search ticket. The validity of the user search request is judged by using the intelligent contract on the demand chain in the double-chain architecture, the authorized search information is generated by using the domain administrator to the user search request, and the validity of the authorized search request is judged by using the intelligent contract on the response chain in the double-chain architecture. The invention ensures the non-falsification of the search information in the multi-data domain cross-domain search and provides higher flexibility for the data storage and the data search of the user.

Description

Double-chain architecture-based searchable encryption method capable of verifying multi-user authorization cross-domain
Technical Field
The invention relates to the technical field of searchable encryption, in particular to a searchable encryption method capable of verifying multi-user authorization cross-domain based on a double-chain architecture.
Background
The cloud, being a provider of outsourcing services, provides convenient storage services and lower storage costs for ever-increasing user data, and therefore, more and more organizations and individuals choose to outsource their own data to a third cloud service provider. But data outsourcing also raises user concerns about data confidentiality. In order to better protect privacy security of personal data and facilitate data searching, related researchers have proposed searchable encryption techniques.
Searchable encryption is a secure computing technique that allows users to perform efficient search operations on encrypted data in a short period of time without exposing the plaintext data. In the conventional searchable encryption scheme, the user is often regarded as an honest entity and can honest perform the search operation, but the assumption is often unable to meet the requirements of the actual production and living environment, and a malicious adversary often plays a role of threatening the data security of the system. Therefore, verification of the legitimacy of the user identity appears and is important. User authentication is a process of ensuring that a system only allows legal users to access resources and execute operations, and by verifying the legality of the user identity, the system can ensure that only authorized users can access specific information and resources. At the same time, conventional searchable encryption schemes are also at risk for search token management. Management of a search token refers to the process by which the system verifies a series of creations, issues, and validates the search token. Typically, the search token contains the user's search rights information, which helps the cloud service provider to achieve fine-grained access control using the search token. Leakage and misuse of tokens can lead to serious threats to the security of the user's data.
Today, existing medical or geological systems often have multiple data owners, and the presence of multiple data sources makes the demand for data sharing and user cross-domain searching more acute. Data sharing and cross-domain searching refers to user entities under a domain accessing and using data content of other domains. In order to protect the privacy security of data, fine-granularity access control is realized, only authorized users can access the data, the data needs to be processed before the data is shared among all entities, and a specific key is set to encrypt the data. However, at present, research on cross-domain searching of multiple data sources is still rare, and management of key information and access tokens of shared data is also a problem to be solved in the cross-domain searching.
Blockchains are increasingly coming into the line of sight of researchers due to their distributed and non-tamperable nature and the internal fairness of smart contracts. Essentially, as a distributed database, the blockchain maintains an ever-expanding data record in blocks, each containing all of the transaction information for each entity of the system over a time period, and the list of records is recorded and verified by all nodes in the network. Aiming at the problems, how to deploy a searchable encryption scheme of cross-domain search on a blockchain is studied, the identity verification of a user and the fine granularity access control based on the identity of the user are realized, the management of a search token is realized, and the reliability of a transaction result is very necessary.
Disclosure of Invention
The invention provides a double-chain architecture-based verifiable multi-user authorization cross-domain searchable encryption system and a double-chain architecture-based verifiable multi-user authorization cross-domain searchable encryption method, which realize authorization management, cross-domain search and fine-granularity access control based on user identity of users under the condition of ensuring data privacy safety and search reliability.
The technical scheme adopted by the invention is as follows:
the node related to the method comprises a cloud server, a system administrator, a DA (data acquisition) and a user group, wherein the user group is positioned in the domain administrator;
The initialization stage comprises the following specific steps:
step 1: generating a public parameter PG by a system administrator aiming at a target system;
Further, in step 1, the public parameter pg= (λ, G T, G, H, e, H) generated by the target system. Wherein λ is a security parameter set by a system administrator for the target system; g is a multiplication loop group of order P, and G T is a multiplication loop group of order Q; e is a bilinear pair defined on group G and group G T, e is G G≡G T; p and Q are two big prime numbers selected by a system administrator; g, h is an arbitrary generator of group G; h refers to a standard hash function specified by the system administrator.
Step 2: for a target system, a system administrator generates a system double-chain architecture comprising a demand chain, a response chain, intelligent contracts on the demand chain, and intelligent contracts on the response chain, and publishes an identity identifier ID S of a cloud server.
The system node authority control stage specifically comprises domain manager registration, user registration and cancellation, and user authority change;
The domain manager registration phase specifically comprises the following steps:
Step 3: for a registration request sent by a domain administrator, the system administrator generates an identity identifier ID DA of the domain administrator using the public parameter PG, a public-private key pair (DPK, DSK) of the domain administrator, the public domain administrator identity identifier ID DA, the public key DPK, and distributes the private key DSK to the domain administrator using a secure channel.
Further, in step 3, the domain administrator public key dpk=g α, and the private key dsk=α. Wherein g is a generator g in a public parameter PG published by a system administrator, and alpha is a random number selected from an integer domain Z by the system administrator;
Step 4: recording an identity identifier ID DA of a domain administrator and public key information DPK in response to an intelligent contract on a chain;
the specific steps of user registration are as follows:
Step 5: for a registration request sent by a user, a system administrator uses the public parameter PG to generate an identity identifier ID U of the user, a public-private key pair (UPK, USK) of the user, the public user identity identifier ID U, the public key UPK, and the private key USK distributed to the user using a secure channel.
Further, in step 5, the user public key upk=g r, and the private key usk=r. Wherein g is a generator g in a public parameter PG published by a system administrator, and r is a random number selected from an integer domain Z by the system administrator;
Step 6: the intelligent contract on the demand chain records the identity identifier ID U and the public key information UPK after the user sends a registration request.
The user logout request comprises the following specific steps:
Step 7: for a logout request sent by a user, a system administrator sets the user public key UPK to 0, disclosing a user identity identifier ID U, the public key UPK.
Step 8: the intelligent contracts on the demand chain record the identity identifier ID U and public key information UPK after the user sent the logout request.
The user permission change request comprises the following specific steps:
Step 9: for a search permission change request sent by a user, a system administrator informs a domain administrator of a corresponding search domain, and the domain administrator generates a new search tag (SW, ind) corresponding to the search permission for the user.
And a data updating stage:
step 10: for the data DB on the domain administrator, the domain administrator generates an inverted index database DB (w).
Further, the domain administrator generates the reverse index database DB (w) in the format of (keyword w, document index ind), which means that the file corresponding to the document index ind contains the keyword w.
Step 11: the domain administrator generates a shared key K using its own private key DSK and a user public key UPK having a search authority.
Further, the domain administrator generates a shared key k=e (H (ID DA)α,gr), where α is the private key DSK of the domain administrator, g r is the user public key UPK with search authority, ID DA is the identity identifier of the domain administrator, e, H is the bilinear pair e and hash function H in the public parameter PG published by the system administrator.
Step 12: for the document entries (w, ind) in its reverse index database DB (w), the domain administrator generates a search tag (SW, ind) using the shared key K, the own private key DSK, and sends it to the cloud server.
Further, the specific steps of the domain administrator generating the search tag (SW, ind) = (SW 1,sw2,sw3, ind) are as follows:
Step 12a: the domain manager calculates a hash value H (w) by using a hash function H in a public parameter PG published by the system manager and a keyword w in a document entry (w, ind), and calculates a tag by using a shared key K generated by the domain manager and randomly selecting a random number s 3 from an integer domain Z The domain administrator calculates the tag/>, using the generator g in the public parameters PG published by the system administratorThe domain administrator calculates the tag/>, using the generator h in the public parameter PG published by the system administrator
And (3) a data searching stage:
step 13: the user constructs a user search request and sends the user search request to the intelligent contracts on the demand chain.
Further, the step of constructing the user search request is as follows:
Step 13a: the user generates a key k=e (H (ID DA)r,gα) shared with the target search domain administrator, where r is the user's private key USK, g α is the target search domain's domain administrator public DPK, and e is bilinear pair e in the public parameter PG published by the system administrator.
Step 13b: the user calculates a hash value H (w) by using a hash function H in a public parameter PG published by a system administrator and a keyword w to be searched, and calculates a search token by using a shared key K generated by the user and randomly selecting a random number s 1 from an integer domain ZThe user calculates search token/>, using the generator g in the public parameters PG published by the system administratorThe user uses a hash function H in a public parameter PG published by a system administrator to share a secret key K, and a tag UST 1,UST2 calculates a search token UST 3=H(K||UST1||UST2);
Step 13c: constructing a user search request by a user, filling an identity identifier ID U of the user at a sender in the user search request, filling an identity identifier ID DA of a target search domain administrator by a receiver in the user search request, and filling the latest time T for receiving the search result which can be accepted by the user in the survival time of the user search request;
Step 13d: the user uses the hash function H in the public parameter PG published by the system administrator, the user searches for the sender's identity ID U in the request, the receiver's identity ID DA, and the time-to-live T computes the hash value. And performing an ECDSA signature algorithm on the hash value, generating a signature σ U using the self-private key USK, and filling the signature into a signature part in the user search request.
Step 13e: the user fills the user search token ust= (UST 1,UST2,UST3) into the data field in the user search request.
Step 14: aiming at a user search request sent by a user, judging the validity of the user search request by an intelligent contract on a demand chain, and if the judgment is passed, forwarding the user search request to a domain manager of a corresponding search domain by the intelligent contract on the demand chain. If the determination is not passed, the intelligent contract on the demand chain discards the user search request.
Further, the steps of the intelligent contract on the demand chain verifying the user search request are as follows:
Step 14a: firstly, judging whether the time of receiving the search request of the user is within the survival time of the search request or not by the intelligent contract on the demand chain, and if so, executing the step 14b by the intelligent contract on the demand chain;
step 14b: judging whether the user public key message UPK recorded on the demand chain is 0 by using the ID U of the user in the user search request, if so, discarding the search request of the user by the intelligent contract on the demand chain, otherwise, executing the step 14c by the intelligent contract on the demand chain;
step 14c: the smart contracts on the demand chain use a hash function H, and after the sender's ID U and the receiver's ID DA in the user's search request are hashed, the ECDSA signature verification algorithm is used to verify the validity of the signature in the user's search request. If the verification is passed, the intelligent contract on the demand chain forwards the user search request to a domain administrator of the corresponding search domain; otherwise, the intelligent contract on the demand chain discards the search request of the user and sends an error report to the system administrator;
Step 15: the target search domain manager firstly generates a shared secret key K, then judges the validity of the user identity, if the judgment is passed, the domain manager generates an authorized search token ST, constructs an authorized search request, sends the authorized search request to an intelligent contract on a response chain, and if the judgment is not passed, the domain manager discards the authorized search request and sends an error report to a system manager.
Further, the step of generating the shared key K by the target search domain administrator is as follows:
Step 15a: the key shared by the users in the domain administrator and user search request k=e (H (ID DA)α,gr), where α is the private key DSK of the domain administrator, g r the public key UPK of the user in the user search request, e is bilinear pair e in the public parameter PG published by the system administrator.
Further, the step of generating an authorized search token by the target search domain administrator is as follows:
step 15b: using the shared key K generated in step 15a, the domain administrator uses the random number s 2 selected from the integer domain Z, the system administrator publishes the generator g, h in the public parameter PG, and the user search token UST 1,UST2 in the user search request calculates the authorized search token
Further, the step of generating an authorized search request by the target search domain administrator is as follows:
Step 15c: the domain administrator uses the hash function H in the public parameter PG published by the system administrator, the user searches for the sender's identity ID U in the request, the receiver's identity ID DA, and the time-to-live T computes the hash value. And for this hash value, performing the ECDSA signature algorithm using the self private key dsk=α to generate signature σ DA.
Step 15d: the domain administrator modifies the user search request, and modifies the signature sigma U in the user request to the signature sigma DA generated in step 15 c; modifying the user search token UST in the data domain in the user search request to the authorization search token ST generated in step 15 b;
Step 16: and judging the validity of the authorized search request by the intelligent contracts on the response chain, and if the judgment is passed, forwarding the authorized search to the cloud server by the intelligent contracts on the response chain. If the determination is not passed, discarding the authorized search request.
Further, the steps of verifying an authorized search request in response to an intelligent contract on the chain are as follows:
Step 16a: the intelligent contract on the response chain firstly judges whether the time of receiving the authorized search request is within the survival time of the search request, if so, the intelligent contract on the response chain executes the step 16b;
Step 16c: the smart contract on the response chain uses a hash function H, the identity identifier ID U of the sender in the user search request, the identity identifier ID DA of the receiver, and after hash operation is performed on the survival time T, the validity of the signature in the authorized search request is verified using the ECDSA signature verification algorithm. If the verification is passed, the intelligent contract on the response chain forwards the authorized search request to the cloud server; otherwise, discarding the authorized search request in response to the intelligent contract on the chain, and sending an error report to a system administrator;
Step 17: the cloud server initializes an empty result set R, traverses all search labels of the receiver, namely the target domain, in the authorized search request, executes search matching operation, and returns the searched result to the sender in the authorized search request.
Further, the cloud server performs the step of authorizing the search request as follows:
step 17a: the cloud server traverses all data tag entries (SW, ind) of the target search domain in the authorization search request, wherein
Step 17b: the cloud server calculates target value 1 and target value 2 using the authorization search token ST in the authorization search request and SW in the data tag label. If the target value 1 and the target value 2 are equal, the corresponding document index ind in the encryption tag of the cloud server is put into the result set R.
Wherein,
Target value
Target value
Step 17c: the cloud server returns a result set R to the user sending the search request based on the sender's identity ID U in the authorized search request.
In a preferred embodiment of the present invention, the key pair between the domain administrator and the user is calculated according to the system public parameter pg= (λ, G T, G, H, e, H) after the system administrator draws up the system public parameter PG.
In a preferred embodiment of the present invention, the user information recorded by the intelligent contract on the demand chain includes an identifier of the user, public key information, and a user search request; the user information recorded on the response chain includes an identity identifier of the domain administrator, public key information, and the domain administrator authorizes the search request.
In a preferred embodiment of the present invention, both the demand chain and the response chain are federation chains.
In a preferred embodiment of the present invention, after the system administrator approves the registration request of each domain administrator and user, the system administrator distributes the identity identifiers of each domain administrator and user in public, and distributes the private keys of each domain administrator and user through the secure channel.
In a preferred embodiment of the present invention, after a system administrator approves a logoff request of a certain user, the public key of the user is set to 0 to identify that the user has been logged off, and the identity identifier and public key of the user are disclosed.
In a preferred embodiment of the present invention, in the user search request and the domain management authority search request, the signature uses a hash function among the sender, the receiver, the survival time and the system public parameter PG to obtain a hash value and signs using the ECDSA algorithm.
In a preferred embodiment of the present invention, the domain administrator calculates the shared key k=e (H (ID DA)α,gr) using the private key dsk=α, the public key upk=g r of the user with the search authority, the self-identity ID DA, and the system public parameter PG.
In a preferred embodiment of the invention, the user with the search rights uses his own private key usk=r,
Public key dpk=g α of the target search domain administrator, identity identifier ID DA of the target search domain administrator, and system public parameter PG calculates shared key k=e (H (ID DA)r,gα).
In a preferred embodiment of the present invention, for the same user, the domain administrator uses its own private key DSK, the public key UPK of the user with the search authority, its own identity identifier ID DA, the system public parameter PG calculates the shared key K, and the user uses its own private key USK, the public key DPK of the target search domain administrator, the identity identifier ID DA of the target search domain administrator, and the system public parameter PG calculates the shared key K to be the same value.
In a preferred embodiment of the present invention, the domain administrator generates a search tag using the shared key K generated by the public key of the user having the search authority, the private key DSK itself, the document entries (w, ind) in the reverse index database, the random number s 3 generated for each document entry, and the system public parameter PG
It is ensured that only entities having this shared key K and having authorized search requests generated using the domain administrator private key DSK can be matched with the search tag.
In a preferred embodiment of the present invention, the user generates a search token using the shared key K with the target search domainThe domain administrator is guaranteed to use the shared key K for authentication.
In a preferred embodiment of the present invention, the domain administrator generates an authorized search token using the user search token and its own private keyIt is ensured that only authorized search tokens can be matched with search tags.
Compared with the prior art, the invention has the beneficial effects that:
the data searching operation of users with different identities on different domains is realized by using the traditional public key encryption technology, so that the privacy security of the stored data of the users is ensured;
The dual verification operation of the user identity is realized by using the intelligent contract and the shared key of the domain manager and the user, and the legality and the effectiveness of the user searching behavior and the cloud server searching behavior are ensured by using the related searching information, the file verification information and the intrinsic fairness of the intelligent contract which are recorded by the public of the blockchain;
The use of a dual-chain architecture to manage multiple data domains provides greater flexibility for data storage and data searching for users.
In order to make the above objects, features and advantages of the present invention more comprehensible, embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a diagram of an overall architecture of a searchable encryption system based on a double-chain architecture that can verify multi-user authorization cross-domain in an embodiment of the present invention;
FIG. 2 is a format diagram of a user search request and an authorized search request based on a double-chain architecture in an embodiment of the present invention;
FIG. 3 is a flow chart of a domain administrator registration protocol and a user registration protocol based on a dual-chain architecture in an embodiment of the present invention;
FIG. 4 is a flowchart of a user logout protocol and a user search permission change protocol based on a double-chain architecture in an embodiment of the present invention;
fig. 5 is a flow chart of a data update protocol and a data search protocol based on a dual-chain architecture in an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention.
Referring to fig. 1, fig. 2 and fig. 5, an embodiment of the present invention provides a double-chain architecture-based verifiable multi-user authorization cross-domain searchable encryption method, where nodes involved in the method include a cloud server, a system administrator, a domain administrator, a user group, and a target system with a double-chain architecture, where the target system includes the above entities, the searchable encryption method includes an initialization stage, a system node authority control stage, a data update stage, and a data search stage, and details of the stages are described below.
1. An initialization stage:
1) For the target system, a system administrator formulates a public parameter PG, and an identifier ID S of the cloud server.
Public parameter pg= (λ, G T, G, H, e, H);
Wherein λ is a security parameter set by a system administrator for the target system; g is a multiplication loop group of order P, and G T is a multiplication loop group of order Q; e is a bilinear pair defined on group G and group G T, e is G G≡G T; p and Q are two big prime numbers selected by a system administrator; g, h is an arbitrary generator of group G; h refers to a standard hash function specified by the system administrator.
2) The system administrator deploys a target system with a double-chain architecture, including a demand chain, a response chain, intelligent contracts on the demand chain, and intelligent contracts on the response chain.
2. And a system node authority control stage:
The system node authority control stage comprises a domain manager registration stage, a user logout stage and a user search authority change stage, wherein the domain manager registration protocol and user registration protocol flow are shown in fig. 3, and the user logout protocol and user search authority change protocol flow are shown in fig. 4.
Further, the domain administrator registration phase is introduced as follows:
1) The domain manager sends a registration request, the system manager generates an identity identifier ID DA of the domain manager using the public parameter PG, a public-private key pair (DPK, DSK) = (g α, α) of the domain manager, the public domain manager identity identifier ID DA, the public key DPK, and the private key DSK is distributed to the domain manager using the secure channel.
Wherein g is a generator g in a public parameter PG published by a system administrator, and alpha is a random number selected by the system administrator from an integer domain Z.
2) The intelligent contract on the response chain records the domain administrator's identity identifier ID DA, public key information DPK.
Further, the user registration phase is introduced as follows:
3) The user sends a registration request, a system administrator uses the public parameter PG to generate an identity identifier ID U of the user, and a public-private key pair (UPK, USK) = (g r, r) of the user; the system administrator discloses a user identity identifier ID U, a public key UPK, and distributes a private key USK to the user using a secure channel.
Wherein g is a generator g in a public parameter PG published by a system administrator, and r is a random number selected from an integer domain Z by the system administrator.
4) Intelligent contracts on demand chain record user identification ID U after sending registration request, public key information UPK
Further, the user logout phase is introduced as follows:
5) The user sends a logout request and the system administrator sets the user public key UPK to 0, disclosing the user identity identifier ID U, public key upk=0.
6) The smart contract on the demand chain records the user identity identifier ID U, public key information upk=0.
Further, the user right change phase is introduced as follows:
7) The user sends a search permission changing request to a system administrator, the system administrator informs a domain administrator of the corresponding search domain, and the domain administrator generates a new search tag (SW, ind) corresponding to the search permission for the user.
3. And a data updating stage:
1) The domain administrator generates an inverted index database DB (w) for the local domain data DB, wherein the processed inverted index database DB (w) is composed of document entries (keywords w, document index ind).
2) The domain administrator generates a shared key k=e (H (ID DA)α,gr).
Where α is the private key DSK of the domain administrator, g r is the public key UPK of the user with the search authority, and e is bilinear pair e in the public parameter PG published by the system administrator.
3) Domain administrator calculates search tags using reverse index database DB (w)
Wherein s 3 is a random number selected by the domain administrator from the integer domain Z; alpha is a private key DSK which is secret-stored by a domain manager, K is a shared key generated by the domain manager, and H, g and H are hash functions and generator elements in public parameters PG published by a system manager;
4) The domain administrator will search for tags Sending the cloud server to a cloud server;
4. and (3) a data searching stage:
1) The user selects the target search domain, calculates a key k=e (H (ID DA)r,gα) shared with the target search domain administrator.
Where r is the user's private key USK, g α is the domain administrator public DPK of the target search domain, and e is the bilinear pair e in the public parameter PG published by the system administrator.
2) The user randomly selects a random number s 1 from the integer domain Z, generates a meta g by using a keyword w to be searched and a hash function H in a public parameter PG published by a system administrator, and calculates a shared key K obtained by user calculation and a user search token
3) The user specifies the time-to-live T of the user search request, the sender as self-identity ID U, and the receiver as the identity ID DA of the target search domain administrator.
4) The user computes a hash value using the hash function H in the public parameter PG published by the system administrator, the sender's identity ID U in the user search request, the receiver's identity ID DA, the time-to-live T, and uses the ECDSA algorithm to sign the hash value with the private key USK itself and the address on the demand chain σ U.
5) The user constructs a user search request, fills in the sender ID U, the receiver ID DA, the time to live T, the user signature σ U, the user search token ust= (UST 1,UST2,UST3).
6) The user sends a search request to the smart contracts on the demand chain.
7) The intelligent contracts on the demand chain firstly judge whether the time of receiving the search request of the user is within the survival time of the search request or not, if the time is not judged to be passed, the intelligent contracts on the demand chain discard the search request of the user; if the judgment is passed, the intelligent contract on the demand chain judges whether the user public key UPK recorded on the demand chain is 0 by using the identity identifier ID U of the sender in the user search request, if so, the intelligent contract on the demand chain discards the search request of the user, otherwise, the intelligent contract on the demand chain uses a hash function H, the identity identifier ID U of the sender in the user search request, the identity identifier ID DA of the receiver and the survival time T calculate hash values, and the validity of the signature in the user search request is verified by using an ECDSA signature verification algorithm on the obtained hash values, the user address information and the user public key information on the demand chain; if the verification is passed, the intelligent contract on the demand chain forwards the user search request to the target search domain.
8) The target search domain administrator calculates the shared key k=e (H (ID DA)α,gr).
Where α is the domain administrator's private key DSK, g r the user's public key UPK in the user search request, and e is the bilinear pair e in the public parameter PG published by the system administrator.
9) The target search domain administrator uses a hash function H in public parameters PG published by a system administrator, a search token UST 1,UST2 in a user search request calculates a hash value H (K||UST 1||UST2), and compares the hash value H with a search token UST 3, and if the values of the hash value H and the search token UST 1||UST2 are equal, the user is a legal user; otherwise, the domain administrator discards the user's search request and sends an error report to the system administrator.
10 Randomly selecting a random number s 2 from the integer domain Z by the target search domain administrator, generating elements g and H, a private key DSK of the target search domain administrator, a search token UST 1,UST2 in a user search request by using a hash function H in a public parameter PG published by a system administrator, and calculating an authorized search token
11 The target search domain administrator signs the hash value with its own private key DSK and the on-demand chain address σ DA using the hash function H in the sender's ID U, the receiver's ID DA, the time-to-live T, and the public parameter PG published by the system administrator in the search request.
12 The target search domain management constructs an authorized search request, populates the sender ID U, the receiver ID DA, the time-to-live T, the domain administrator signature σ DA, the user search token st= (ST 1,ST2,ST3).
13 A domain administrator sends an authorized search request to the smart contracts on the response chain.
14 Firstly judging whether the time of receiving the authorized search request by the intelligent contract on the response chain is within the survival time T of the search request, if the time is not passed, discarding the authorized search request by the intelligent contract on the response chain; if the judgment is passed, the intelligent contract on the response chain uses a hash function H to authorize an ID U of a sender in the search request, an ID DA of a receiver and a survival time T to calculate a hash value, and an ECDSA signature verification algorithm is used for authorizing the validity of a signature in the user search request for the obtained hash value, domain manager address information and domain manager public key information on the response chain; and if the verification is passed, forwarding an authorized search request to the cloud server by the intelligent contract on the response chain.
15 Cloud server initializes an empty result set R, traverses the encrypted labels (sw 1,sw2,sw3, ind) on the target domain, calculates using the authorization search token ST 1,ST2,ST3 in the authorization search request
Target value
Target value
16 If the target value 1 and the target value 2 are equal, the cloud server puts the document index value in the tag into the result set R.
17 The cloud server returns the result set R to the searching user.
The above is only a preferred embodiment of the present invention, and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (10)

1. The utility model provides a but double-chain architecture based verifiable multiuser authorizes searchable encryption method of cross-domain, the node that this method involves includes cloud server, system manager, domain manager, and the user of different identities, characterized by that, this method includes the following steps:
step 1: generating a public parameter PG by a system administrator aiming at a target system;
Step 2: aiming at a target system, a system administrator generates a system double-chain architecture which comprises a demand chain, a response chain, intelligent contracts on the demand chain, and intelligent contracts on the response chain, and publishes an identity identifier ID S of a cloud server;
Step 3: for a registration request sent by a domain administrator, the system administrator generates an identity identifier ID DA of the domain administrator by using a public parameter PG, public-private key pairs (DPK, DSK) of the domain administrator, discloses the domain administrator identity identifier ID DA, public key DPK, and distributes private key DSK to the domain administrator by using a secure channel;
step 4: recording an identity identifier ID DA of a domain administrator and a public key DPK in response to the intelligent contract on the chain;
Step 5: for a registration request sent by a user, a system administrator uses a public parameter PG to generate an identity identifier ID U of the user, a public-private key pair (UPK, USK) of the user, the identity identifier ID U of the user is disclosed, the public key UPK is used for distributing a private key USK to the user by using a secure channel;
step 6: the intelligent contract on the demand chain records an identity identifier ID U and a public key UPK after a user sends a registration request;
Step 7: aiming at a logout request sent by a user, a system administrator sets a user public key UPK to 0 and discloses a user identity identifier ID U and the public key UPK;
step 8: aiming at a search permission changing request sent by a user, a system administrator informs a domain administrator of a corresponding search domain, and the domain administrator generates a search tag (SW, ind) corresponding to the search permission for the user;
step 9: the intelligent contract on the demand chain records the identity identifier ID U of the user and public key information UPK;
Step 10: for the data DB on the domain manager, the domain manager generates an inverted index database DB (w), wherein the composition structure of the inverted index database DB (w) is (keyword w, document index ind);
step 11: the domain manager generates a shared secret key K based on a private key DSK and a public key UPK of a user with search authority;
step 12: for the document items (keywords w, document indexes ind) in the reverse index database DB (w), the domain administrator generates a search tag (SW, ind) by using the shared key K and the private key DSK thereof, and sends the search tag to the cloud server;
step 13: constructing a user search request by a user and sending the user search request to an intelligent contract on a demand chain;
Step 14: aiming at a user search request sent by a user, judging the validity of the user search request by an intelligent contract on a demand chain, if the judgment is passed, forwarding the user search request to a domain manager of a corresponding search domain by the intelligent contract on the demand chain, and if the judgment is not passed, discarding the user search request by the intelligent contract on the demand chain;
Step 15: the target search domain manager firstly uses the shared key K calculated by the domain manager to judge the legitimacy of the user identity, if the judgment is passed, the domain manager generates an authorized search request and sends the authorized search request to the intelligent contract on the response chain, if the judgment is not passed, the domain manager discards the authorized search request and sends an error report to the system manager;
Step 16: aiming at an authorized search request sent by a domain manager, judging the legitimacy of the authorized search request by an intelligent contract on a response chain, if the judgment is passed, forwarding the authorized search to a cloud server by the intelligent contract on the response chain, and if the judgment is not passed, discarding the authorized search request;
Step 17: aiming at an authorized search request sent by a domain administrator, the cloud server executes search matching operation and returns the searched result to a sender in the authorized search request.
2. The method of double-chain architecture-based verifiable multi-user authorization cross-domain searchable encryption according to claim 1, wherein in step 1, the public parameter pg= (λ, G T, G, H, e, H), where λ refers to a security parameter set by a system administrator for a target system; g is a multiplication loop group of order P, and G T is a multiplication loop group of order Q; e is a bilinear pair defined on group G and group G T, e is G G≡G T; p and Q are two big prime numbers selected by a system administrator; g, h is an arbitrary generator of group G; h refers to a standard hash function specified by a system administrator;
In step 3, the public-private key pair (DPK, DSK) = (g α, α) of the domain administrator, where α is a random number selected by the system administrator from the integer domain Z;
In step 5, the public-private key pair (UPK, USK) = (g r, r), where r is a random number selected by the system administrator from the integer domain Z;
In step 11, the domain manager shared key K is calculated from the private key DSK of the domain manager, the public key UPK of the user having the search authority and the ID DA of the domain manager, and the shared key k=e (H (ID DA)α,gr).
3. The verifiable multi-user authorized cross-domain searchable encryption method based on a double-chain architecture according to claim 2, wherein in step 12, the generation method of the search tag (SW, ind) comprises:
Step 12a: the domain administrator calculates a keyword w and a hash value H (w) in a document entry (keyword w, document index ind) using the hash function H in the public parameter PG;
Step 12b: the domain manager randomly selects an integer s 3 from the integer domain, calculates a search tag using the shared key K, the self private key DSK and the generator g, h in the public parameter PG
Wherein sw 1、sw2 and sw 3 are both tags.
4. A verifiable multi-user authorized cross-domain searchable encryption method based on a double-chain architecture according to claim 3, wherein in step 13, the user search request comprises the sender, the receiver, the time-to-live, the signature, the data domain, and the user's search token UST;
The sender is a user identity identifier ID U that sends a search request; the recipient is an identity identifier ID DA of a domain administrator in the target search domain; the survival time is the latest time T of user search request execution; the signature is a signature value sigma u obtained by a user through an ECDSA signature algorithm according to a hash function H in parameters PG issued by a sender, a receiver, survival time and a system administrator and a private key USK of the user.
5. The double-chain architecture-based verifiable multi-user authorization cross-domain searchable encryption method according to claim 4, wherein the method for generating the search token UST of the user comprises:
Step 13a: the user uses the self private key USK to search the public key DPK of the target domain administrator, the identity identifier ID DA of the target domain administrator to be searched, and the hash function H and the bilinear pair e in the public parameter PG calculate the shared key K=e (H (ID DA)r,gα);
step 13b: the user uses the shared secret key K, the random number s 1, the generation element g and the hash function H in the public parameter PG, and the keyword w to be searched calculates the search token of the user:
wherein, UST 1、UST2 and UST 3 are both tokens.
6. The double-chain architecture-based verifiable multi-user authorized cross-domain searchable encryption method according to claim 5, wherein in step 14, the method for determining the validity of the user search request by the intelligent contract on the demand chain comprises:
Step 14a: firstly, judging whether a user search request is within the survival time T of the user search request or not by an intelligent contract on a demand chain, if so, executing a step 14b, otherwise, discarding the user search request;
Step 14b: judging whether a user public key in the user search request is 0 or not by the intelligent contract on the demand chain, if so, discarding the user search request, otherwise, executing the step 14c;
step 14c: the intelligent contract on the demand chain uses a hash function H in a public parameter PG to carry out hash operation on the identity identifier of a sender and the identity identifier of a receiver in a user search request and the survival time, and then uses an ECDSA signature verification algorithm and a public key corresponding to the sender in the user search request to verify the validity of the signature in the user search request; if the signature verification is passed, the intelligent contract on the demand chain forwards the user search request to a receiver of the user search request, if the signature verification is not passed, the intelligent contract on the demand chain reports relevant error information to a system administrator, and the user search request is discarded.
7. The method of double-chain architecture based verifiable multi-user authorized cross-domain searchable encryption according to claim 6, wherein in step 15, the domain administrator determines the validity of the user identity in the user search request and generates the shared key K as follows:
step 15a: using the private key DSK of the domain administrator, searching the public key UPK of the user, the self identity identifier ID DA in the request, disclosing the hash function H and bilinear pair e in the parameter PG, calculating the shared key k=e (H (ID DA)α,gr);
Step 15b: the domain administrator uses the self-calculated shared secret key K, a hash function H in public parameters PG issued by the system administrator and UST 1,UST2 in a user search token are used for calculating a hash value H (K||UST 1||UST2), if the hash value is equal to the search token UST 3 in the user search request, the user is a legal user, and otherwise, the user is illegal.
8. The double-chain architecture based verifiable multi-user authorized cross-domain searchable encryption method according to claim 7, wherein in step 15, the method for domain administrators to generate authorized search requests comprises:
Step 15c: the domain administrator generates an authorized search token using its own private key DSK, a random number s 2 selected from the integer domain, the generator g, h in the public key parameter PG, and the search token (UST 1,UST2) in the user search request:
Step 15d: the domain administrator uses ECDSA algorithm to sign the sender's identity identifier, receiver's identity identifier, survival time and private key of the domain administrator into DSK in the user search request to obtain signature value sigma DA;
Step 15e: the domain administrator generates an authorized search request using the identity of the sender in the user search request, the identity of the recipient in the user search request, the time-to-live in the user search request, the identity of the target search domain administrator, and the self-generated authorized search token ST, signature σ DA.
9. The double-chain architecture-based verifiable multi-user authorized cross-domain searchable encryption method according to claim 8, wherein in step 16, the specific step of verifying the validity of the authorized search request in response to the intelligent contract on the chain is as follows:
Step 16a: the intelligent contract on the response chain firstly judges whether the authorized search request is within the survival time of the user search request, if so, the step 16b is executed, otherwise, the authorized search request is discarded;
step 16b: the intelligent contract on the response chain uses a hash function H in a public parameter PG to carry out hash operation on the identity identifier of a sender and the identity identifier of a receiver in the authorized search request, and then uses an ECDSA signature verification algorithm and a public key corresponding to the receiver in the authorized search request to verify the validity of the signature in the authorized search request; if the signature verification is passed, the intelligent contract on the response forwards the authorized search request to the cloud server, if the signature verification is not passed, the intelligent contract on the demand chain reports relevant error information to a system administrator, and the authorized search request is discarded.
10. The method of double-chain architecture-based verifiable multi-user authorized cross-domain searchable encryption according to claim 9, wherein in step 17, the specific operation of the cloud server performing search matching comprises:
The cloud server initializes an empty result set R, traverses all encryption tags (SW, ind) of the target search domain in the receiver in the authorized search request, namely (SW 1,sw2,sw3, ind), and calculates a target value 1 and a target value 2 by using the authorized search token ST= (ST 1,ST2,ST3) and a bilinear pair e in the public parameter PG; if the target value 1 is equal to the target value 2, the cloud server puts the corresponding document index ind in the encryption tag into a result set R;
Wherein,
Target value
Target value
CN202410303232.8A 2024-03-18 2024-03-18 Double-chain architecture-based searchable encryption method capable of verifying multi-user authorization cross-domain Active CN117896066B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202410303232.8A CN117896066B (en) 2024-03-18 2024-03-18 Double-chain architecture-based searchable encryption method capable of verifying multi-user authorization cross-domain

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202410303232.8A CN117896066B (en) 2024-03-18 2024-03-18 Double-chain architecture-based searchable encryption method capable of verifying multi-user authorization cross-domain

Publications (2)

Publication Number Publication Date
CN117896066A CN117896066A (en) 2024-04-16
CN117896066B true CN117896066B (en) 2024-05-28

Family

ID=90641675

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202410303232.8A Active CN117896066B (en) 2024-03-18 2024-03-18 Double-chain architecture-based searchable encryption method capable of verifying multi-user authorization cross-domain

Country Status (1)

Country Link
CN (1) CN117896066B (en)

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110474893A (en) * 2019-07-30 2019-11-19 同济大学 A kind of isomery is across the close state data safety sharing method of trust domain and system
CN113067857A (en) * 2021-03-15 2021-07-02 新疆大学 Electronic medical record cross-hospital sharing method based on double-chain structure
CN115174126A (en) * 2022-09-08 2022-10-11 山东省计算中心(国家超级计算济南中心) Outsourcing data ciphertext searching method and system based on block chain and SGX
CN115603934A (en) * 2022-05-06 2023-01-13 中国人民解放军国防科技大学(Cn) Multi-user searchable encryption method and device based on block chain
CN116579001A (en) * 2023-04-07 2023-08-11 北京航空航天大学 Multi-keyword searchable encryption method based on blockchain
CN117592101A (en) * 2023-11-20 2024-02-23 南京邮电大学 Medical data fine granularity safe sharing method based on novel block chain structure

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11170114B2 (en) * 2017-06-06 2021-11-09 City University Of Hong Kong Electronic storage system and a method of data management

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110474893A (en) * 2019-07-30 2019-11-19 同济大学 A kind of isomery is across the close state data safety sharing method of trust domain and system
CN113067857A (en) * 2021-03-15 2021-07-02 新疆大学 Electronic medical record cross-hospital sharing method based on double-chain structure
CN115603934A (en) * 2022-05-06 2023-01-13 中国人民解放军国防科技大学(Cn) Multi-user searchable encryption method and device based on block chain
CN115174126A (en) * 2022-09-08 2022-10-11 山东省计算中心(国家超级计算济南中心) Outsourcing data ciphertext searching method and system based on block chain and SGX
CN116579001A (en) * 2023-04-07 2023-08-11 北京航空航天大学 Multi-keyword searchable encryption method based on blockchain
CN117592101A (en) * 2023-11-20 2024-02-23 南京邮电大学 Medical data fine granularity safe sharing method based on novel block chain structure

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
Device-Oriented Keyword-Searchable Encryption Scheme for Cloud-Assisted Industrial IoT;Rang Zhou等;《IEEE Internet of Things Journal》;20211102;全文 *
MagikCube: Securing Cross-Domain Publish/Subscribe Systems with Enclave;Shuran Wang等;《2021 IEEE 20th International Conference on Trust, Security and Privacy in Computing and Communications》;20220309;全文 *
支持多用户场景的区块链可搜索加密新方案;周让等;《 密码学报》;20231015;全文 *

Also Published As

Publication number Publication date
CN117896066A (en) 2024-04-16

Similar Documents

Publication Publication Date Title
US11496310B2 (en) Methods and systems for universal storage and access to user-owned credentials for trans-institutional digital authentication
CN113489733B (en) Content center network privacy protection method based on block chain
Luo et al. Proving your location without giving up your privacy
Xue et al. A secure, efficient, and accountable edge-based access control framework for information centric networks
KR100807926B1 (en) Efficient management of cryptographic key generations
CN109922039A (en) A kind of identity management method of half centralization based on block chain technology
RU2512139C2 (en) Method and apparatus for pseudonym generation and authentication
CN111464503B (en) Network dynamic defense method, device and system based on random multidimensional transformation
CN114826703B (en) Block chain-based data search fine granularity access control method and system
CN109617692A (en) A kind of anonymous login method and system based on block chain
CN108632385B (en) Time sequence-based cloud storage privacy protection method for multi-branch tree data index structure
Luo et al. An effective integrity verification scheme of cloud data based on BLS signature
RuWei et al. Study of privacy-preserving framework for cloud storage
CN110737915A (en) Anti-quantum-computation anonymous identity recognition method and system based on alliance chain and implicit certificate
Jiang et al. FVC-dedup: A secure report deduplication scheme in a fog-assisted vehicular crowdsensing system
WO2022242572A1 (en) Personal digital identity management system and method
Deng et al. Policy-based broadcast access authorization for flexible data sharing in clouds
Guo et al. Using blockchain to control access to cloud data
CN110188545B (en) Data encryption method and device based on chained database
CN110012024A (en) A kind of data sharing method, system, equipment and computer readable storage medium
Rukavitsyn et al. The method of ensuring confidentiality and integrity data in cloud computing
CN117240452A (en) Plateau data safe sharing method based on block chain
CN116318663A (en) Multi-strategy safe ciphertext data sharing method based on privacy protection
CN117896066B (en) Double-chain architecture-based searchable encryption method capable of verifying multi-user authorization cross-domain
Wang et al. Fine‐Grained Task Access Control System for Mobile Crowdsensing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant