WO2019178958A1 - Data encryption method, data query method, data encryption apparatus, data query apparatus, device and storage medium - Google Patents

Data encryption method, data query method, data encryption apparatus, data query apparatus, device and storage medium Download PDF

Info

Publication number
WO2019178958A1
WO2019178958A1 PCT/CN2018/091912 CN2018091912W WO2019178958A1 WO 2019178958 A1 WO2019178958 A1 WO 2019178958A1 CN 2018091912 W CN2018091912 W CN 2018091912W WO 2019178958 A1 WO2019178958 A1 WO 2019178958A1
Authority
WO
WIPO (PCT)
Prior art keywords
file
query
index
encrypted
key
Prior art date
Application number
PCT/CN2018/091912
Other languages
French (fr)
Chinese (zh)
Inventor
王翼
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2019178958A1 publication Critical patent/WO2019178958A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0478Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload applying multiple layers of encryption, e.g. nested tunnels or encrypting the content with a first key and then with at least a second key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0625Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/065Encryption by serially and continuously modifying data stream elements, e.g. stream cipher systems, RC4, SEAL or A5/3
    • H04L9/0656Pseudorandom key sequence combined element-for-element with data sequence, e.g. one-time-pad [OTP] or Vernam's cipher
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/009Security arrangements; Authentication; Protecting privacy or anonymity specially adapted for networks, e.g. wireless sensor networks, ad-hoc networks, RFID networks or cloud networks
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Definitions

  • the present application relates to the field of data processing, and in particular, to a data encryption method, a data query method, an apparatus, a device, and a storage medium.
  • the cloud server mainly uses a fuzzy search algorithm to query data stored on the cloud server.
  • the fuzzy search algorithm mainly relies on establishing an expandable keyword set as an index, which includes all users who may be misspelled. Keywords, this inevitably makes the size of the file index very large, increasing the storage overhead of the system.
  • the embodiment of the present application provides a data encryption method, device, device, and storage medium to solve the problem of occupying too much system storage space in data encryption.
  • the embodiment of the present application provides a data query method, device, device, and storage medium to solve the problem that the data query efficiency is not high.
  • the embodiment of the present application provides a data encryption method, including the following steps performed by the data owner:
  • the first random user secret key is associated with the first random server-side secret key.
  • the embodiment of the present application provides a data encryption apparatus, including:
  • a file index establishing module configured to obtain a plaintext keyword of the plaintext file, and establish a file index of the plaintext file by using a local sensitive hash function based on the plaintext keyword;
  • a first random user key obtaining module configured to acquire a first random user key sent by the key management center
  • the encrypted file and the encrypted index obtaining module are configured to respectively encrypt the plaintext file and the file index by using a first random user key to obtain an encrypted file and an encrypted index;
  • an encrypted file sending module configured to send the encrypted file and the encrypted index to the server, to instruct the server to use the first random server-side key sent by the key management center to perform the encrypted file Encrypted to form a ciphertext file, wherein the first random user key is associated with the first random server-side key.
  • An embodiment of the present application provides a data query method, including the following steps performed by a server:
  • the second random user secret key is associated with the second random server end key.
  • An embodiment of the present application provides a data query apparatus, including:
  • Querying a trapdoor obtaining module configured to obtain a query keyword, and processing the query keyword by using a local sensitive hash function to form a query trapdoor;
  • a target encryption index obtaining module configured to use, as the target encryption index, an encrypted index that successfully matches the query trapdoor based on the query keyword and the query trapdoor;
  • a target ciphertext file obtaining module configured to determine, according to the target encrypted index, a ciphertext file corresponding to the target encrypted index as a target ciphertext file; wherein the ciphertext file is sent by using a key management center a random server-side secret key is formed by encrypting an encrypted file sent by the data owner;
  • a second random server-side key acquisition module configured to acquire a second random server-side key sent by the key management center
  • the target encrypted file obtaining module is configured to decrypt the target ciphertext file based on the second random server-side key to obtain the target encrypted file;
  • a target encrypted file sending module configured to send the target encrypted file to an authorized user end, to instruct the authorized user end to decrypt the target encrypted file by using a second random user key sent by the key management center, Obtaining a corresponding plaintext file, wherein the second random user secret key is associated with the second random server end key.
  • An embodiment of the present application provides a computer device including a memory, a processor, and computer readable instructions stored in the memory and executable on the processor, the processor implementing the computer readable instructions The following steps:
  • the first random user secret key is associated with the first random server-side secret key.
  • An embodiment of the present application provides a computer device including a memory, a processor, and computer readable instructions stored in the memory and executable on the processor, the processor implementing the computer readable instructions The following steps:
  • the second random user secret key is associated with the second random server end key.
  • Embodiments of the present application provide one or more non-volatile readable storage media storing computer readable instructions, when executed by one or more processors, causing the one or more processors Perform the following steps:
  • the first random user secret key is associated with the first random server-side secret key.
  • Embodiments of the present application provide one or more non-volatile readable storage media storing computer readable instructions, when executed by one or more processors, causing the one or more processors Perform the following steps:
  • the second random user secret key is associated with the second random server end key.
  • FIG. 1 is a schematic diagram of an application scenario in an embodiment of the present application.
  • FIG. 3 is a flow chart of a specific embodiment of step S11 of Figure 2;
  • step S13 in FIG. 2 is a flow chart of a specific embodiment of step S13 in FIG. 2;
  • FIG. 5 is a schematic diagram of a data encryption apparatus in Embodiment 2 of the present application.
  • FIG. 6 is a flowchart of a data query method in Embodiment 3 of the present application.
  • Figure 7 is a flow chart of a specific embodiment of step S21 of Figure 6;
  • Figure 8 is a flow chart of a specific embodiment of step S22 of Figure 6;
  • FIG. 9 is a schematic diagram of a data query device in Embodiment 4 of the present application.
  • Figure 10 is a schematic diagram of a computer device in Embodiment 6 of the present application.
  • the application example 1 to the embodiment 6 are applied to the application scenario shown in FIG. 1 , where the application scenario includes four terminals: a data ownership end, a secret key management center, a server end, and an authorized user end.
  • the data owner refers to the terminal that owns the plaintext file.
  • Authorized client refers to a terminal that is authorized to perform data query in the server.
  • the Key Management Center (KMC) is an important part of the public key infrastructure. It is responsible for providing key generation, storage, backup, update, recovery, or query for the Certification Authority (CA) system. Key services to address key management issues associated with large-scale cryptographic applications in distributed enterprise applications.
  • the server is mainly used for storing data and encrypting and decrypting data to interact with the client, so that the client can obtain corresponding data from the server, and the client includes but is not limited to the server-side communication. Terminals such as PCs and smartphones.
  • Data interaction can be performed between the data owner, the key management center, the server, and the authorized client.
  • the data possession end, the secret key management center, the server end, and the data authorization end can perform data interaction by means of Bluetooth, a network, or a local connection.
  • Fig. 2 is a flow chart showing the data encryption method in this embodiment.
  • the data encryption method is applied to various terminals to solve the problem of occupying too much system storage space in the data encryption process.
  • the data encryption method includes the following steps performed by the data owner:
  • S11 Obtain a plaintext keyword of the plaintext file, and use a local sensitive hash function to establish a file index of the plaintext file based on the plaintext keyword.
  • the plaintext file refers to the original file that is not encrypted.
  • the Locality Sensitive Hashing (LSH) function is one of the Approximate Nearest Neighbor (ANN) searches to measure text similarity.
  • LSH Locality Sensitive Hashing
  • ANN Approximate Nearest Neighbor
  • the plaintext file that needs to be uploaded to the server is pre-stored in the data owner.
  • the plaintext keyword is obtained from the plaintext file, and the local sensitive hash function is used based on the plaintext keyword. Create a file index of the plaintext file.
  • the plaintext keyword of the plaintext file is obtained, and the file index of the plaintext file is established by using the local sensitive hash function based on the plaintext keyword, as shown in FIG. 3, which specifically includes the following steps:
  • S111 Extract plaintext keywords from the plaintext file, and convert the plaintext keywords into plaintext keyword vectors.
  • Extracting plaintext keywords from plaintext files can be implemented using textrank algorithm, rake algorithm, topic-model algorithm or TF-IDF algorithm.
  • the plaintext keyword is converted into a binary set consisting of two adjacent characters in the keyword, for example, the binary set of the keyword "network" is ⁇ ne, et, tw, wo, or, rk ⁇ .
  • the binary set of the keyword "network” is ⁇ ne, et, tw, wo, or, rk ⁇ .
  • This vector-based keyword representation reduces the sensitivity of misspellings and misspellings.
  • the vector corresponding to the spelling method "netword”, “nedwork” or “netwosk” is different from the original "network” vector by only 2 elements.
  • this representation even if a keyword may be mistakenly spelled into many forms, their vector representation will be close to the correct one, and this similarity can be measured using Euclidean distance.
  • a 3 or 4 letter combination may also be used to represent the keyword vector, depending mainly on the actual degree of blur.
  • S112 Perform a hash conversion on each plaintext keyword vector by using a p-stable local sensitive hash function to obtain a corresponding plaintext hash value.
  • the p-stable local sensitive hash function refers to a locally sensitive hash function applied to the p-stable distribution.
  • select one independent p-stable local sensitivity from the p-stable local sensitive hash function group H ⁇ h: ⁇ 0,1 ⁇ 26*26 —> ⁇ 0,1 ⁇ m ⁇
  • the Greek function h i , l is a random number.
  • Each plaintext keyword vector is hash-converted using the p-stable local-sensitive hash function h i ⁇ H to obtain a corresponding plaintext hash value.
  • the Bloom Filter consists of a long binary vector and a series of random mapping functions.
  • the Bloom filter can be used to retrieve whether an element is in a collection. Specifically, an n-bit Bloom filter is constructed for each plaintext file and each bit in the Bloom filter is initialized to zero. The file index is obtained by inserting the plaintext hash value obtained in step S112 into the corresponding Bloom filter.
  • the plaintext keyword is first converted into a plaintext keyword vector, and then the plaintext keyword vector is hash-transformed by a p-stable local sensitive hash function and then filtered by a Bloom filter to directly form a file index.
  • a fuzzy keyword set is no need to expand the size of the index file, and it is not necessary to construct a fuzzy keyword set in advance, which reduces the storage pressure of the system and the complexity of subsequent query based on the file index, so as to improve the efficiency of data query.
  • S12 Acquire a first random user key sent by the key management center.
  • the data owner acquires the first random user key that is sent from the key management center for subsequent encryption of the related data (plain file and file index).
  • the first random user secret key is a key generated by the key management center based on the private key and sent to the data owner.
  • the first random user key sent by the key management center is generated during the initialization process of the key management center.
  • the initialization of the key management center includes the following steps:
  • the data owner sends the security parameter k to the key management center, and the key management center takes the security parameter k as an input, and outputs a cyclic group G, a prime number q, and a hash mapping function f, wherein the cyclic group G includes A generator element g.
  • Z represents a set of all remaining classes of all prime numbers q, and this set constitutes an exchange group of order q under the addition of prime numbers q.
  • the security parameter k belongs to a positive integer. Based on the security parameter k, the key management center selects a k-bit prime number q. In addition, the key management center also selects a hash mapping function f, which takes an arbitrarily long bit string as an input and outputs the elements on the cyclic group G as f: ⁇ 0, 1 ⁇ * ⁇ G.
  • SK (M 1 , M 2 , S), where M 1 , M 2 ⁇ R m*m are invertible matrices, and S ⁇ 0,1 ⁇ m is a vector.
  • the key is generated by the key management center to generate a corresponding key, which improves the convenience of key generation and ensures the security of the key.
  • the data owner After obtaining the first random user key K ui , the data owner encrypts the plaintext file and the file index respectively by using the first random user key K ui to obtain the corresponding encrypted file and the encrypted index.
  • step S13 specifically includes the following steps:
  • S131 Encrypt the plaintext file by using the ElGamal algorithm to obtain the encrypted file, based on the first random user key.
  • ElGamal algorithm is an asymmetric encryption algorithm. It is based on the public key cryptosystem and elliptic curve cryptosystem proposed in 1985. The ElGamal algorithm can be used for both data encryption and digital signature.
  • the first random user key is processed by using a hash mapping function based on the first random user secret key to generate a key K I .
  • SK (M 1 , M 2 , S) in the key management center.
  • One of the elements i j ⁇ I D first obtains the corresponding vector S j from S. If S j is equal to 1, the divided element i j is ⁇ i j ', i j ′′ ⁇ . If S j is not equal to 1, the dividing element i j is ⁇ 1/2 ⁇ i j +r, 1/2 ⁇ i j -r ⁇ , where r is a random number, S ⁇ ⁇ 0, 1 ⁇ m .
  • Enc SK (I D ) ⁇ M 1 T ⁇ I ', M 2 T ⁇ I", Enc (K I , fid i ) ⁇ .
  • Enc can be implemented by AES or DES.
  • AES refers to the Advanced Encryption Standard (English: Advanced Encryption Standard, abbreviation: AES), also known as Rijndael encryption in cryptography, is a block encryption standard adopted by the US federal government.
  • DES is a symmetric cryptosystem in the cryptosystem, also known as the US data encryption standard. It is a symmetric cryptosystem encryption algorithm developed by IBM in 1972.
  • the first random user key is used to encrypt the plaintext file and the file index respectively, and the step of obtaining the encrypted file and the encrypted index (step S13) may also be performed on the server side, that is, the data owner sends the index file to Service-Terminal.
  • the plaintext file and the file index are encrypted by the first random user key, which improves the security of the data.
  • S14 Send the encrypted file and the encrypted index to the server, to instruct the server to encrypt the encrypted file by using the first random server-side key sent by the key management center to form a ciphertext file, where the first random user secret The key is associated with the first random server-side key.
  • the step further includes sending the index file to the server.
  • the plaintext keyword of the plaintext file is first converted into a plaintext keyword vector, and then the plaintext keyword vector is hash-transformed by a local sensitive hash to form a file index, and the index file does not need to be extended.
  • the size does not require pre-built fuzzy keyword sets, which reduces the system storage pressure and the complexity of subsequent queries.
  • the plaintext file is encrypted in advance when it is sent to the server, which improves the security of the data.
  • Fig. 5 is a block diagram showing the principle of the data encryption apparatus corresponding to the data encryption method in the first embodiment.
  • the data encryption apparatus includes a file index establishing module 11, a first random user key obtaining module 12, an encrypted file and encrypted index obtaining module 13, and an encrypted file and encrypted index transmitting module 14.
  • the file index establishing module 11, the first random user key obtaining module 12, the encrypted file and the encrypted index obtaining module 13, and the implementation function of the encrypted file and the encrypted index sending module 14 are the same as the data encryption method in the first embodiment. In order to avoid redundancy, the present embodiment is not described in detail.
  • the file index establishing module 11 is configured to obtain a plaintext keyword of the plaintext file, and use a local sensitive hash algorithm to establish a file index of the plaintext file based on the plaintext keyword.
  • the first random user key obtaining module 12 is configured to acquire a first random user key sent by the key management center.
  • the encrypted file and encryption index obtaining module 13 is configured to separately encrypt the plaintext file and the file index by using the first random user key to obtain the encrypted file and the encrypted index.
  • the encrypted file and the encrypted index sending module 14 is configured to send the encrypted file and the encrypted index to the server, to instruct the server to encrypt the encrypted file by using the first random server-side key sent by the key management center to form a ciphertext.
  • the file index establishing module 11 includes a plaintext keyword acquiring unit 111, a hash converting unit 112, and a file index acquiring unit 113.
  • the plaintext keyword obtaining unit 111 is configured to extract a plaintext keyword from the plaintext file, and convert the plaintext keyword into a plaintext keyword vector.
  • the hash conversion unit 112 is configured to perform hash conversion on each plaintext keyword vector by using a p-stable local sensitive hash function to obtain a corresponding plaintext hash value.
  • the file index obtaining unit 113 is configured to insert each plaintext hash value into the Bloom filter for filtering to obtain a file index.
  • the encrypted file and encryption index acquisition module 13 includes an encrypted file acquisition unit 131, a key K I generation unit 132, an index vector division unit 133, and an encryption index acquisition unit 134.
  • the encrypted file obtaining unit 131 is configured to encrypt the plaintext file by using the ElGamal algorithm based on the first random user secret key to obtain the encrypted file.
  • the key K I generating unit 132 is configured to process the first random user key by using a hash mapping function based on the first random user key to generate a key K I .
  • Fig. 6 is a flow chart showing the data query method in this embodiment.
  • the data query method is applied to various terminals to solve the problem that the data query efficiency is not high.
  • the data query method includes the following steps performed by the server:
  • S21 Acquire a query keyword, and use a local sensitive hash function to process the query keyword to form a query trapdoor.
  • the query keyword refers to a keyword used to query a plaintext file.
  • the query keyword is sent by the authorized client to the server.
  • the server obtains the query keyword from the authorized user, and uses the local sensitive hash function to process the query keyword to form a query trap.
  • the trapdoor is an "organ" set in a system or a file, which allows a violation of the security policy when providing specific input data.
  • a login processing subsystem allows processing of a particular user ID to bypass normal password checking.
  • the query keyword is obtained, and the query keyword is processed by using a local sensitive hash function to form a query trapdoor.
  • the method includes the following steps:
  • S211 Acquire a query keyword, and convert the query keyword into a query keyword vector.
  • the server After the server obtains the query keyword from the authorized user terminal j, the query keyword is converted into the query keyword vector, and the specific conversion process is similar to step S111, and details are not described herein again.
  • the specific hash conversion process is similar to step S112, and details are not described herein again.
  • an n-bit Bloom filter is constructed for each plaintext file and each bit in the Bloom filter is initialized to zero.
  • the corresponding query hash value obtained in step S211 is inserted into the corresponding Bloom filter to obtain the query key value Q.
  • the secret key management center SK (M 1, M 2 , S) query key value is divided into two queries Q vectors ⁇ Q ', Q " ⁇ .
  • the key value for the query Q One of the elements q j ⁇ Q first obtains the corresponding vector S j from S. If S j is equal to 1, the partition element q j is ⁇ q j ', q j ′′ ⁇ . If S j is not equal to 1, the dividing element q j is ⁇ 1/2 ⁇ q j +r', 1/2 ⁇ q j -r' ⁇ , where r' is a random number, S ⁇ 0,1 ⁇ m .
  • Enc can be implemented by AES or DES.
  • AES refers to the Advanced Encryption Standard (English: Advanced Encryption Standard, abbreviation: AES), also known as Rijndael encryption in cryptography, is a block encryption standard adopted by the US federal government.
  • the DES algorithm is a symmetric cryptosystem in the cryptosystem, also known as the US data encryption standard. It is a symmetric cryptosystem encryption algorithm developed by IBM in 1972.
  • the local sensitive hash function is used to process the query keywords, and the query trapdoor is obtained to improve the efficiency of the data query and reduce the complexity in the data query.
  • step S21 the step of acquiring the query keyword and processing the query keyword by using the local sensitive hash function to form the query trapdoor (ie, step S21) may also be completed at the authorized user end, that is, the authorized user end obtains After the query trapdoor, the query trapdoor is sent to the server to reduce the query load on the server side and improve query efficiency.
  • the server After obtaining the query trapdoor, the server queries the encrypted index based on the query trapdoor, and uses the encrypted index that matches the query trapdoor as the target encrypted index.
  • the encrypted index matching the query trapdoor is used as the target encryption index based on the query keyword and the query trapdoor.
  • the method includes the following steps:
  • S221 Acquire an inner product value of the query trapdoor and each encrypted index as a query inner product value.
  • inner product is a binary operation that accepts two vectors on a real number R and returns a real-valued scalar.
  • the inner product value is the result value obtained by the inner product operation.
  • the inner product value of the query is obtained: M 1 T I' ⁇ M 1 -1 Q '+M 2 T I′′ ⁇ M 2 -1 Q′′.
  • S222 Acquire an inner product value of the query keyword and each file index as the inner product value of the data.
  • S223 Obtain a difference between the inner product value of the query and the inner product value of the data. If the difference between the inner product value and the inner product value of the query is within a preset range, the query trapdoor and the encrypted index match successfully, and the encrypted index is targeted. Encrypt the index.
  • the preset range may be a preset interval, which is set by actual needs.
  • the preset range may also be 0, that is, when the difference between the product value in the query query and the product value in the data is 0, the query trapdoor and the corresponding encrypted index match successfully.
  • the server side obtains the difference between the inner product value of the query and the inner product value of the data based on the query keyword and the query trapdoor. If the difference between the inner product value and the inner product value of the query is within a preset range, Then the corresponding encrypted index is used as the target encryption index. In this way, the target encrypted index can be quickly located in the data query, which further improves the data query efficiency.
  • S23 Determine, according to the target encryption index, the ciphertext file corresponding to the target encrypted index as the target ciphertext file; wherein the ciphertext file is sent by the first random server-side key sent by the key management center to the data owner
  • the encrypted file is formed after encryption.
  • the target ciphertext file is located according to the target encrypted index, and the ciphertext file is determined as the target ciphertext file.
  • the target encrypted index can be decrypted to obtain the file ID of the plaintext file: fid i .
  • the file ID of the plaintext file can be used to locate the corresponding ciphertext file.
  • the ciphertext file is formed by encrypting the encrypted file sent by the data owner by using the first random server-side secret key sent by the key management center.
  • the server obtains the second random server-side key sent from the key management center for subsequent encryption of related data (plain file and file index).
  • the second random server-side key sent by the key management center is generated during the initialization process of the key management center.
  • the initialization of the key management center includes the following steps:
  • the data owner sends the security parameter k to the key management center, and the key management center takes the security parameter k as an input, and outputs a cyclic group G, a prime number q, and a hash mapping function f, wherein the cyclic group G includes A generator element g.
  • Z represents a set of all remaining classes of all prime numbers q, and this set constitutes an exchange group of order q under the addition of prime numbers q.
  • the security parameter k belongs to a positive integer. Based on the security parameter k, the key management center selects a k-bit prime number q.
  • the key management center also selects a hash mapping function f, which takes an arbitrarily long bit string as an input, and uses the elements on the cyclic group G as the output hash function f, ie f: ⁇ 0,1 ⁇ * ⁇ G.
  • the initialization of the key management center in this embodiment may be performed simultaneously with the initialization of the key management center in Embodiment 1.
  • the key management center completes the initialization in Embodiment 1
  • steps (1) and (2) have been completed in Embodiment 1.
  • an authorized client ID is also generated, and the authorized client ID is in one-to-one correspondence with the second random user key of the authorized client.
  • the server selects the corresponding second random server-side key according to the authorized client ID for decryption.
  • the password corresponding to the authorized client ID is also configured and authorized for the authorized client.
  • the security of the data can be better ensured, even if the second random user key of the authorized client is stolen, if the authorized client ID and password corresponding to the authorized client are not available, the first hand cannot be successfully utilized. Two random user keys get data from the server.
  • the second random server-side key and the second random user key corresponding to the authorized client are generated and allocated, so that the security of the file can be increased at the same time. Achieve the purpose of sharing files with multiple authorized clients.
  • S25 Decrypt the target ciphertext file based on the second random server-side key to obtain the target encrypted file.
  • the target encrypted file C'(file i ) is:
  • S26 Send the target encrypted file to the authorized client to instruct the authorized client to decrypt the target encrypted file by using the second random user key sent by the key management center to obtain the corresponding plaintext file.
  • the server sends the obtained target encrypted file to the corresponding authorized user terminal j to instruct the authorized user terminal j to decrypt the target encrypted file by using the second random user key sent by the key management center to obtain the corresponding plaintext file. .
  • the second random user secret key and the second random server side secret key are associated.
  • the local key sensitive hash function is used to process the query keywords to form a query trapdoor. And based on the query keyword and the query trapdoor, the corresponding target encrypted index is obtained to locate the corresponding target ciphertext file, thereby improving the efficiency of the data query and reducing the complexity of the data query.
  • the second plaintext file of the target ciphertext file can be obtained by the server and the authorized user to obtain the corresponding plaintext file, thereby improving the security of the data.
  • FIG. 9 is a block diagram showing the principle of the data query device corresponding to the data query method in the first embodiment.
  • the data query device includes a query trapdoor acquisition module 21, a target encryption index acquisition module 22, a target ciphertext file acquisition module 23, a second random server-side key acquisition module 24, and a target encrypted file acquisition module 25.
  • the target encrypted file sending module 26 The implementation of the query trapdoor acquisition module 21, the target encryption index acquisition module 22, the target ciphertext file acquisition module 23, the second random server-side key acquisition module 24, the target encrypted file acquisition module 25, and the target encrypted file transmission module 26
  • the functions are in one-to-one correspondence with the steps corresponding to the data query method in the third embodiment. To avoid redundancy, the present embodiment is not described in detail.
  • the query trapdoor obtaining module 21 is configured to obtain a query keyword, and process the query keyword by using a local sensitive hash function to form a query trapdoor.
  • the target encryption index obtaining module 22 is configured to use the encrypted index that successfully matches the query trapdoor as the target encryption index based on the query keyword and the query trapdoor.
  • the target ciphertext file obtaining module 23 is configured to determine, according to the target encrypted index, the ciphertext file corresponding to the target encrypted index as the target ciphertext file; wherein the ciphertext file is the first random server sent by the key management center.
  • the secret key is formed by encrypting the encrypted file sent by the data owner.
  • the second random server-side key acquisition module 24 is configured to acquire a second random server-side key sent by the key management center.
  • the target encrypted file obtaining module 25 is configured to decrypt the target ciphertext file based on the second random server-side key to obtain the target encrypted file.
  • the target encrypted file sending module 26 is configured to send the target encrypted file to the authorized user end, to indicate that the authorized user end decrypts the target encrypted file by using the second random user key sent by the key management center, and obtains the corresponding plaintext file.
  • the second random user secret key is associated with the second random server side secret key.
  • the query trapdoor acquisition module 21 includes a query keyword vector conversion unit 211, a query hash value acquisition unit 212, a query key value Q acquisition unit 213, a query vector division unit 214, and a query trapdoor acquisition unit 215.
  • the query keyword vector conversion unit 211 is configured to obtain a query keyword and convert the query keyword into a query keyword vector.
  • the query hash value obtaining unit 212 is configured to convert each query keyword vector by using a p-stable local sensitive hash function to obtain a corresponding query hash value.
  • the query key value Q obtaining unit 213 is configured to insert each query hash value into the Bloom filter for filtering, and obtain the query key value Q.
  • the target encryption index acquisition module 22 includes a query inner product value acquisition unit 221, a data inner product value acquisition unit 222, and a target encryption index acquisition unit 223.
  • the query inner product value obtaining unit 221 is configured to obtain an inner product value of the query trapdoor and each encrypted index as the inner product value of the query.
  • the data inner product value obtaining unit 222 is configured to obtain an inner product value of the query keyword and each file index as the data inner product value.
  • the target encryption index obtaining unit 223 is configured to obtain a difference between the inner product value of the query and the inner product value of the data. If the difference between the inner product value and the inner product value of the query is within a preset range, the query trapdoor and the encrypted index match. Successfully, the encrypted index is used as the target encryption index.
  • the embodiment provides one or more non-volatile readable storage media having computer readable instructions that, when executed by one or more processors, cause the one or more processors to execute The data encryption method in Embodiment 1 or the data query method in Embodiment 3 is omitted.
  • the computer readable instructions are executed by one or more processors such that when executed by the one or more processors, the functions of the modules/units in the data encryption apparatus of Embodiment 2 are implemented, or Embodiment 4 is implemented.
  • the function of each module/unit in the data query device is not repeated here to avoid repetition.
  • the computer readable storage medium may include any entity or device capable of carrying the computer readable instruction code, a recording medium, a USB flash drive, a removable hard drive, a magnetic disk, an optical disk, a computer memory, a read only memory (ROM, Read-Only Memory), Random Access Memory (RAM), electrical carrier signals, and telecommunications signals.
  • FIG. 10 is a schematic diagram of a computer device according to an embodiment of the present application.
  • computer device 60 of this embodiment includes a processor 61, a memory 62, and computer readable instructions 63 stored in memory 62 and executable on processor 61.
  • the processor 61 executes the steps of the data encryption method in the first embodiment, such as steps S11 to S14 shown in FIG. 2, when the computer readable instructions 63 are executed.
  • the processor 61 executes the computer readable instructions 63
  • the functions of the modules/units in the data encryption apparatus in Embodiment 2 are implemented, such as the file index establishing module 11, the first random user key obtaining module 12, and the encryption shown in FIG. 5.
  • the processor 61 implements the steps of the data query method in the above-described Embodiment 3 when the computer readable instructions 63 are executed, such as steps S21 to S26 shown in FIG.
  • the processor 61 executes the computer readable instructions 63, the functions of the modules/units in the data query device in Embodiment 4 are implemented.
  • the query trapdoor acquisition module 21, the target encrypted index acquisition module 22, and the target secret are included.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Databases & Information Systems (AREA)
  • Power Engineering (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

Disclosed are a data encryption method, a data query method, a data encryption apparatus, a data query apparatus, a device and a storage medium. The data encryption method comprises: acquiring a plaintext keyword of a plaintext file, and creating, based on the plaintext keyword, a file index of the plaintext file using a locality sensitive hashing function; acquiring a first random user key sent by a key management center; using the first random user key to respectively encrypt the plaintext file and the file index to acquire an encrypted file and an encrypted index; and sending the encrypted file and the encrypted index to a server side to instruct the server side to encrypt the encrypted file using a first random server side key sent by the key management center, so as to form a ciphertext file, wherein the first random user key is associated with the first random server side key. The data encryption method reduces the storage pressure of a system and improves the data security.

Description

数据加密方法、数据查询方法、装置、设备及存储介质Data encryption method, data query method, device, device and storage medium
本申请以2018年03月22日提交的申请号为201810239555.X,名称为“数据加密方法、数据查询方法、装置、设备及存储介质”的中国发明专利申请为基础,并要求其优先权。This application is based on the Chinese Patent Application No. 201 810 239 555.X filed on Mar. 22, 2018, entitled "Data Encryption Method, Data Query Method, Apparatus, Apparatus, and Storage Medium", and claims priority.
技术领域Technical field
本申请涉及数据处理领域,尤其涉及一种数据加密方法、数据查询方法、装置、设备及存储介质。The present application relates to the field of data processing, and in particular, to a data encryption method, a data query method, an apparatus, a device, and a storage medium.
背景技术Background technique
随着云计算技术的发展,越来越多的企业和个人选择将数据借助云服务器端进行存储和管理。基于安全考虑,在上传到云服务器端之前,用户会选择对数据进行加密处理。然而,加密后的数据会给数据的检索带来困难,使得数据查询过程效率不高。当前云服务器端主要采用模糊搜索算法对存储在云服务器端的数据进行查询,这种模糊搜索算法主要依赖于建立一个可以扩展的关键词集作为索引,该关键词集包含了所有用户可能拼写错误的关键词,这就不可避免地使文件索引的大小变得非常巨大,增加了系统的存储开销。With the development of cloud computing technology, more and more enterprises and individuals choose to store and manage data through the cloud server. For security reasons, users will choose to encrypt the data before uploading it to the cloud server. However, the encrypted data will bring difficulties to the retrieval of data, making the data query process inefficient. Currently, the cloud server mainly uses a fuzzy search algorithm to query data stored on the cloud server. The fuzzy search algorithm mainly relies on establishing an expandable keyword set as an index, which includes all users who may be misspelled. Keywords, this inevitably makes the size of the file index very large, increasing the storage overhead of the system.
发明内容Summary of the invention
本申请实施例提供一种数据加密方法、装置、设备及储存介质,以解决在数据加密中占据过多系统存储空间的问题。The embodiment of the present application provides a data encryption method, device, device, and storage medium to solve the problem of occupying too much system storage space in data encryption.
本申请实施例提供一种数据查询方法、装置、设备及储存介质,以解决数据查询效率不高的问题。The embodiment of the present application provides a data query method, device, device, and storage medium to solve the problem that the data query efficiency is not high.
本申请实施例提供一种数据加密方法,包括数据拥有端执行的如下步骤:The embodiment of the present application provides a data encryption method, including the following steps performed by the data owner:
获取明文文件的明文关键词,基于所述明文关键词采用局部敏感哈希函数建立所述明文文件的文件索引;Obtaining a plaintext keyword of the plaintext file, and establishing a file index of the plaintext file by using a local sensitive hash function based on the plaintext keyword;
获取秘钥管理中心发送的第一随机用户秘钥;Obtaining a first random user key sent by the key management center;
采用第一随机用户秘钥分别加密所述明文文件和所述文件索引,获取加密文件和加密索引;Encrypting the plaintext file and the file index by using a first random user key to obtain an encrypted file and an encrypted index;
将所述加密文件和所述加密索引发送至服务器端,以指示服务器端采用由秘钥管理中心发送的第一随机服务器端秘钥对所述加密文件进行加密,形成密文文件;And sending the encrypted file and the encrypted index to the server, to instruct the server to encrypt the encrypted file by using a first random server-side key sent by the key management center to form a ciphertext file;
其中,所述第一随机用户秘钥和所述第一随机服务器端秘钥相关联。The first random user secret key is associated with the first random server-side secret key.
本申请实施例提供一种数据加密装置,包括:The embodiment of the present application provides a data encryption apparatus, including:
文件索引建立模块,用于获取明文文件的明文关键词,基于所述明文关键词采用局部敏感哈希函数建立所述明文文件的文件索引;a file index establishing module, configured to obtain a plaintext keyword of the plaintext file, and establish a file index of the plaintext file by using a local sensitive hash function based on the plaintext keyword;
第一随机用户秘钥获取模块,用于获取秘钥管理中心发送的第一随机用户秘钥;a first random user key obtaining module, configured to acquire a first random user key sent by the key management center;
加密文件和加密索引获取模块,用于采用第一随机用户秘钥分别加密所述明文文件和所述文件索引,获取加密文件和加密索引;The encrypted file and the encrypted index obtaining module are configured to respectively encrypt the plaintext file and the file index by using a first random user key to obtain an encrypted file and an encrypted index;
加密文件和加密索引发送模块,用于将所述加密文件和所述加密索引发送至服务器端,以指示服务器端采用由秘钥管理中心发送的第一随机服务器端秘钥对所述加密文件进行加密,形成密文文件,其中第一随机用户秘钥和第一随机服务器端秘钥相关联。And an encrypted file sending module, configured to send the encrypted file and the encrypted index to the server, to instruct the server to use the first random server-side key sent by the key management center to perform the encrypted file Encrypted to form a ciphertext file, wherein the first random user key is associated with the first random server-side key.
本申请实施例提供一种数据查询方法,包括服务器端执行的如下步骤:An embodiment of the present application provides a data query method, including the following steps performed by a server:
获取查询关键词,采用局部敏感哈希函数对所述查询关键词进行处理,以形成查询陷门;Obtaining a query keyword, and processing the query keyword by using a local sensitive hash function to form a query trapdoor;
基于所述查询关键词和所述查询陷门,将与查询陷门匹配成功的加密索引作为目标加密索引;Determining, by the query keyword and the query trapdoor, an encrypted index that successfully matches the query trapdoor as a target encryption index;
基于目标加密索引,将与所述目标加密索引相对应的密文文件确定为目标密文文件;其中,所述密文文件是采用秘钥管理中心发送的第一随机服务器端秘钥对数据拥有端发送 的加密文件进行加密后形成的;Determining, according to the target encryption index, a ciphertext file corresponding to the target encrypted index as a target ciphertext file; wherein the ciphertext file is owned by the first random server-side key sent by the key management center The encrypted file sent by the terminal is encrypted and formed;
获取秘钥管理中心发送的第二随机服务器端秘钥;Obtaining a second random server-side key sent by the key management center;
基于所述第二随机服务器端秘钥,对目标密文文件进行解密,获取目标加密文件;Decrypting the target ciphertext file based on the second random server-side key to obtain the target encrypted file;
将所述目标加密文件发送至授权用户端,以指示所述授权用户端采用由秘钥管理中心发送的第二随机用户秘钥对所述目标加密文件进行解密,获取对应的明文文件;And sending the target encrypted file to the authorized client, to instruct the authorized client to decrypt the target encrypted file by using a second random user key sent by the key management center, to obtain a corresponding plaintext file;
其中,所述第二随机用户秘钥和所述第二随机服务器端秘钥相关联。The second random user secret key is associated with the second random server end key.
本申请实施例提供一种数据查询装置,包括:An embodiment of the present application provides a data query apparatus, including:
查询陷门获取模块,用于获取查询关键词,采用局部敏感哈希函数对所述查询关键词进行处理,以形成查询陷门;Querying a trapdoor obtaining module, configured to obtain a query keyword, and processing the query keyword by using a local sensitive hash function to form a query trapdoor;
目标加密索引获取模块,用于基于所述查询关键词和所述查询陷门,将与查询陷门匹配成功的加密索引作为目标加密索引;a target encryption index obtaining module, configured to use, as the target encryption index, an encrypted index that successfully matches the query trapdoor based on the query keyword and the query trapdoor;
目标密文文件获取模块,用于基于目标加密索引,将与所述目标加密索引相对应的密文文件确定为目标密文文件;其中,所述密文文件是采用秘钥管理中心发送的第一随机服务器端秘钥对数据拥有端发送的加密文件进行加密后形成的;a target ciphertext file obtaining module, configured to determine, according to the target encrypted index, a ciphertext file corresponding to the target encrypted index as a target ciphertext file; wherein the ciphertext file is sent by using a key management center a random server-side secret key is formed by encrypting an encrypted file sent by the data owner;
第二随机服务器端秘钥获取模块,用于获取秘钥管理中心发送的第二随机服务器端秘钥;a second random server-side key acquisition module, configured to acquire a second random server-side key sent by the key management center;
目标加密文件获取模块,用于基于所述第二随机服务器端秘钥,对目标密文文件进行解密,获取目标加密文件;The target encrypted file obtaining module is configured to decrypt the target ciphertext file based on the second random server-side key to obtain the target encrypted file;
目标加密文件发送模块,用于将所述目标加密文件发送至授权用户端,以指示所述授权用户端采用由秘钥管理中心发送的第二随机用户秘钥对所述目标加密文件进行解密,获取对应的明文文件,其中,所述第二随机用户秘钥和所述第二随机服务器端秘钥相关联。a target encrypted file sending module, configured to send the target encrypted file to an authorized user end, to instruct the authorized user end to decrypt the target encrypted file by using a second random user key sent by the key management center, Obtaining a corresponding plaintext file, wherein the second random user secret key is associated with the second random server end key.
本申请实施例提供一种计算机设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,所述处理器执行所述计算机可读指令时实现如下步骤:An embodiment of the present application provides a computer device including a memory, a processor, and computer readable instructions stored in the memory and executable on the processor, the processor implementing the computer readable instructions The following steps:
获取明文文件的明文关键词,基于所述明文关键词采用局部敏感哈希函数建立所述明文文件的文件索引;Obtaining a plaintext keyword of the plaintext file, and establishing a file index of the plaintext file by using a local sensitive hash function based on the plaintext keyword;
获取秘钥管理中心发送的第一随机用户秘钥;Obtaining a first random user key sent by the key management center;
采用第一随机用户秘钥分别加密所述明文文件和所述文件索引,获取加密文件和加密索引;Encrypting the plaintext file and the file index by using a first random user key to obtain an encrypted file and an encrypted index;
将所述加密文件和所述加密索引发送至服务器端,以指示服务器端采用由秘钥管理中心发送的第一随机服务器端秘钥对所述加密文件进行加密,形成密文文件;And sending the encrypted file and the encrypted index to the server, to instruct the server to encrypt the encrypted file by using a first random server-side key sent by the key management center to form a ciphertext file;
其中,所述第一随机用户秘钥和所述第一随机服务器端秘钥相关联。The first random user secret key is associated with the first random server-side secret key.
本申请实施例提供一种计算机设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,所述处理器执行所述计算机可读指令时实现如下步骤:An embodiment of the present application provides a computer device including a memory, a processor, and computer readable instructions stored in the memory and executable on the processor, the processor implementing the computer readable instructions The following steps:
获取查询关键词,采用局部敏感哈希函数对所述查询关键词进行处理,以形成查询陷门;Obtaining a query keyword, and processing the query keyword by using a local sensitive hash function to form a query trapdoor;
基于所述查询关键词和所述查询陷门,将与查询陷门匹配成功的加密索引作为目标加密索引;Determining, by the query keyword and the query trapdoor, an encrypted index that successfully matches the query trapdoor as a target encryption index;
基于目标加密索引,将与所述目标加密索引相对应的密文文件确定为目标密文文件;其中,所述密文文件是采用秘钥管理中心发送的第一随机服务器端秘钥对数据拥有端发送的加密文件进行加密后形成的;Determining, according to the target encryption index, a ciphertext file corresponding to the target encrypted index as a target ciphertext file; wherein the ciphertext file is owned by the first random server-side key sent by the key management center The encrypted file sent by the terminal is encrypted and formed;
获取秘钥管理中心发送的第二随机服务器端秘钥;Obtaining a second random server-side key sent by the key management center;
基于所述第二随机服务器端秘钥,对目标密文文件进行解密,获取目标加密文件;Decrypting the target ciphertext file based on the second random server-side key to obtain the target encrypted file;
将所述目标加密文件发送至授权用户端,以指示所述授权用户端采用由秘钥管理中心 发送的第二随机用户秘钥对所述目标加密文件进行解密,获取对应的明文文件;And sending the target encrypted file to the authorized client, to instruct the authorized user to decrypt the target encrypted file by using a second random user key sent by the key management center, to obtain a corresponding plaintext file;
其中,所述第二随机用户秘钥和所述第二随机服务器端秘钥相关联。The second random user secret key is associated with the second random server end key.
本申请实施例提供一个或多个存储有计算机可读指令的非易失性可读存储介质,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行如下步骤:Embodiments of the present application provide one or more non-volatile readable storage media storing computer readable instructions, when executed by one or more processors, causing the one or more processors Perform the following steps:
获取明文文件的明文关键词,基于所述明文关键词采用局部敏感哈希函数建立所述明文文件的文件索引;Obtaining a plaintext keyword of the plaintext file, and establishing a file index of the plaintext file by using a local sensitive hash function based on the plaintext keyword;
获取秘钥管理中心发送的第一随机用户秘钥;Obtaining a first random user key sent by the key management center;
采用第一随机用户秘钥分别加密所述明文文件和所述文件索引,获取加密文件和加密索引;Encrypting the plaintext file and the file index by using a first random user key to obtain an encrypted file and an encrypted index;
将所述加密文件和所述加密索引发送至服务器端,以指示服务器端采用由秘钥管理中心发送的第一随机服务器端秘钥对所述加密文件进行加密,形成密文文件;And sending the encrypted file and the encrypted index to the server, to instruct the server to encrypt the encrypted file by using a first random server-side key sent by the key management center to form a ciphertext file;
其中,所述第一随机用户秘钥和所述第一随机服务器端秘钥相关联。The first random user secret key is associated with the first random server-side secret key.
本申请实施例提供一个或多个存储有计算机可读指令的非易失性可读存储介质,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行如下步骤:Embodiments of the present application provide one or more non-volatile readable storage media storing computer readable instructions, when executed by one or more processors, causing the one or more processors Perform the following steps:
获取查询关键词,采用局部敏感哈希函数对所述查询关键词进行处理,以形成查询陷门;Obtaining a query keyword, and processing the query keyword by using a local sensitive hash function to form a query trapdoor;
基于所述查询关键词和所述查询陷门,将与查询陷门匹配成功的加密索引作为目标加密索引;Determining, by the query keyword and the query trapdoor, an encrypted index that successfully matches the query trapdoor as a target encryption index;
基于目标加密索引,将与所述目标加密索引相对应的密文文件确定为目标密文文件;其中,所述密文文件是采用秘钥管理中心发送的第一随机服务器端秘钥对数据拥有端发送的加密文件进行加密后形成的;Determining, according to the target encryption index, a ciphertext file corresponding to the target encrypted index as a target ciphertext file; wherein the ciphertext file is owned by the first random server-side key sent by the key management center The encrypted file sent by the terminal is encrypted and formed;
获取秘钥管理中心发送的第二随机服务器端秘钥;Obtaining a second random server-side key sent by the key management center;
基于所述第二随机服务器端秘钥,对目标密文文件进行解密,获取目标加密文件;Decrypting the target ciphertext file based on the second random server-side key to obtain the target encrypted file;
将所述目标加密文件发送至授权用户端,以指示所述授权用户端采用由秘钥管理中心发送的第二随机用户秘钥对所述目标加密文件进行解密,获取对应的明文文件;And sending the target encrypted file to the authorized client, to instruct the authorized client to decrypt the target encrypted file by using a second random user key sent by the key management center, to obtain a corresponding plaintext file;
其中,所述第二随机用户秘钥和所述第二随机服务器端秘钥相关联。The second random user secret key is associated with the second random server end key.
本申请的一个或多个实施例的细节在下面的附图和描述中提出,本申请的其他特征和优点将从说明书、附图以及权利要求变得明显。The details of one or more embodiments of the present invention are set forth in the accompanying drawings and the description of the claims.
附图说明DRAWINGS
为了更清楚地说明本申请实施例的技术方案,下面将对本申请实施例的描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本申请的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动性的前提下,还可以根据这些附图获得其他的附图。In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings used in the description of the embodiments of the present application will be briefly described below. It is obvious that the drawings in the following description are only some embodiments of the present application. Other drawings may also be obtained from those of ordinary skill in the art based on these drawings without the inventive labor.
图1是本申请实施例中应用场景的一示意图;1 is a schematic diagram of an application scenario in an embodiment of the present application;
图2是本申请实施例1中的数据加密方法的一流程图;2 is a flowchart of a data encryption method in Embodiment 1 of the present application;
图3是图2中步骤S11的一具体实施方式的一流程图;Figure 3 is a flow chart of a specific embodiment of step S11 of Figure 2;
图4是图2中步骤S13的一具体实施方式的一流程图;4 is a flow chart of a specific embodiment of step S13 in FIG. 2;
图5是本申请实施例2中的数据加密装置的一示意图;5 is a schematic diagram of a data encryption apparatus in Embodiment 2 of the present application;
图6是本申请实施例3中的数据查询方法的一流程图;6 is a flowchart of a data query method in Embodiment 3 of the present application;
图7是图6中步骤S21的一具体实施方式的一流程图;Figure 7 is a flow chart of a specific embodiment of step S21 of Figure 6;
图8是图6中步骤S22的一具体实施方式的一流程图;Figure 8 is a flow chart of a specific embodiment of step S22 of Figure 6;
图9是本申请实施例4中的数据查询装置的一示意图;9 is a schematic diagram of a data query device in Embodiment 4 of the present application;
图10是本申请实施例6中的计算机设备的示意图。Figure 10 is a schematic diagram of a computer device in Embodiment 6 of the present application.
具体实施方式detailed description
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地 描述,显然,所描述的实施例是本申请一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application are clearly and completely described in the following with reference to the drawings in the embodiments of the present application. It is obvious that the described embodiments are a part of the embodiments of the present application, and not all of the embodiments. All other embodiments obtained by a person of ordinary skill in the art based on the embodiments of the present application without departing from the inventive scope are the scope of the present application.
本申请实施例1-实施例6应用在图1所示的应用场景中,该应用场景包括数据拥有端、秘钥管理中心、服务器端和授权用户端四个终端。其中数据拥有端是指拥有明文文件的终端。授权用户端是指获得授权可以在服务器端中进行数据查询的终端。密钥管理中心(KMC,Key Management Center)是公钥基础设施中的一个重要组成部分,负责为认证中心(CA,Certification Authority)系统提供密钥的生成、保存、备份、更新、恢复或查询等密钥服务,以解决分布式企业应用环境中大规模密码技术应用所带来的密钥管理问题。服务器端主要用于存储数据以及对数据进行加密和解密操作,以便与客户端进行信息交互,以使客户端可从服务器端获取相应的数据,该客户端包括但不限于与服务器端通信相连的PC机、智能手机等终端。The application example 1 to the embodiment 6 are applied to the application scenario shown in FIG. 1 , where the application scenario includes four terminals: a data ownership end, a secret key management center, a server end, and an authorized user end. The data owner refers to the terminal that owns the plaintext file. Authorized client refers to a terminal that is authorized to perform data query in the server. The Key Management Center (KMC) is an important part of the public key infrastructure. It is responsible for providing key generation, storage, backup, update, recovery, or query for the Certification Authority (CA) system. Key services to address key management issues associated with large-scale cryptographic applications in distributed enterprise applications. The server is mainly used for storing data and encrypting and decrypting data to interact with the client, so that the client can obtain corresponding data from the server, and the client includes but is not limited to the server-side communication. Terminals such as PCs and smartphones.
其中,数据拥有端、秘钥管理中心、服务器端和授权用户端间均可以进行数据交互。具体地,数据拥有端、秘钥管理中心、服务器端和数据授权端可以通过蓝牙、网络或本地连接的方式进行数据交互。Data interaction can be performed between the data owner, the key management center, the server, and the authorized client. Specifically, the data possession end, the secret key management center, the server end, and the data authorization end can perform data interaction by means of Bluetooth, a network, or a local connection.
实施例1Example 1
图2示出本实施例中数据加密方法的流程图。该数据加密方法应用在各种终端中,以解决数据加密过程中占据过多系统存储空间的问题。如图2所示,该数据加密方法包括数据拥有端执行的如下步骤:Fig. 2 is a flow chart showing the data encryption method in this embodiment. The data encryption method is applied to various terminals to solve the problem of occupying too much system storage space in the data encryption process. As shown in FIG. 2, the data encryption method includes the following steps performed by the data owner:
S11:获取明文文件的明文关键词,基于明文关键词采用局部敏感哈希函数建立明文文件的文件索引。S11: Obtain a plaintext keyword of the plaintext file, and use a local sensitive hash function to establish a file index of the plaintext file based on the plaintext keyword.
其中,明文文件是指未经加密的原始文件。局部敏感哈希(LSH,Locality Sensitive Hashing)函数是近似最近邻(ANN,Approximate Nearest Neighbor)搜索中的一种,用于衡量文本相似度。局部敏感哈希函数可以从海量的数据中挖掘出相似的数据,具体可以应用到文本相似度检测、网页搜索等领域。Among them, the plaintext file refers to the original file that is not encrypted. The Locality Sensitive Hashing (LSH) function is one of the Approximate Nearest Neighbor (ANN) searches to measure text similarity. Locally sensitive hash functions can mine similar data from massive data, which can be applied to text similarity detection, web search and other fields.
数据拥有端中预先存储有需要上传给服务器端的明文文件,在数据拥有端将该明文文件上传给服务器端之前,需从明文文件中获取明文关键词,再基于明文关键词采用局部敏感哈希函数建立明文文件的文件索引。The plaintext file that needs to be uploaded to the server is pre-stored in the data owner. Before the plaintext file is uploaded to the server by the data owner, the plaintext keyword is obtained from the plaintext file, and the local sensitive hash function is used based on the plaintext keyword. Create a file index of the plaintext file.
在一个具体实施方式中,获取明文文件的明文关键词,基于明文关键词采用局部敏感哈希函数建立明文文件的文件索引,如图3所示,具体包括以下步骤:In a specific implementation manner, the plaintext keyword of the plaintext file is obtained, and the file index of the plaintext file is established by using the local sensitive hash function based on the plaintext keyword, as shown in FIG. 3, which specifically includes the following steps:
S111:从明文文件中提取明文关键词,将明文关键词转化成明文关键词向量。S111: Extract plaintext keywords from the plaintext file, and convert the plaintext keywords into plaintext keyword vectors.
从明文文件中提取明文关键词可以采用textrank算法、rake算法、topic-model算法或TF-IDF算法来实现。具体地,数据拥有端从明文文件File={file 1,file 2,…,file n}中提取出明文关键词,并将明文关键词转化成明文关键词向量W D={w 1,w 2,…,w n},其中,File是指明文文件集合,file n是指明文文件集合中的每一明文文件元素,W D是明文关键词向量集合,w n是明文关键词向量集合中的每一明文关键词向量元素,而且,w i∈{0,1} 26*26。具体地,将明文关键词转换成一个二元集合,由关键词中相邻的2个字符组成,例如关键词“network”的二元集合为{ne,et,tw,wo,or,rk}。我们使用一个长为26*26位的向量w i∈{0,1} 26*26来表示所有可能的二元集合。每一个向量元素表示26*26个可能的2个字母组合中的一个。如果对应的元素值设置为1,表示相应的字母组合存在给定的关键词中。这种基于向量的关键词表示降低了拼写错位和字母拼错的敏感度。例如,采用“netword”、“nedwork”或者“netwosk”这些拼写方式对应的向量表示与原来“network”的向量只有2个元素的不同。使用这种表示,即使一个关键词可能会被误拼成很多形式,但是它们的向量表示都会很接近正确的那个,这个相似性可以使用欧氏距离来度量。可选地,也可以采用3或4个字母组合来表示关键词向量,主要取决于实际的模糊程度。 Extracting plaintext keywords from plaintext files can be implemented using textrank algorithm, rake algorithm, topic-model algorithm or TF-IDF algorithm. Specifically, the data from the end of the plaintext file has File = {file 1, file 2 , ..., file n} plaintext extracted keywords and the keyword converted to a plaintext vector plaintext keyword W D = {w 1, w 2 ,...,w n }, where File is a set of specified file files, file n is a specified plaintext file element in the set of file files, W D is a set of plaintext keyword vectors, and w n is a set of plaintext keyword vectors Each plaintext keyword vector element, and, w i ∈{0,1} 26*26 . Specifically, the plaintext keyword is converted into a binary set consisting of two adjacent characters in the keyword, for example, the binary set of the keyword "network" is {ne, et, tw, wo, or, rk} . We use a vector of length 26*26 bits w i ∈{0,1} 26*26 to represent all possible binary sets. Each vector element represents one of 26*26 possible 2 letter combinations. If the corresponding element value is set to 1, it means that the corresponding letter combination exists in the given keyword. This vector-based keyword representation reduces the sensitivity of misspellings and misspellings. For example, the vector corresponding to the spelling method "netword", "nedwork" or "netwosk" is different from the original "network" vector by only 2 elements. Using this representation, even if a keyword may be mistakenly spelled into many forms, their vector representation will be close to the correct one, and this similarity can be measured using Euclidean distance. Alternatively, a 3 or 4 letter combination may also be used to represent the keyword vector, depending mainly on the actual degree of blur.
S112:采用p-stable局部敏感哈希函数将每一明文关键词向量进行哈希转换,获取对应的明文哈希值。S112: Perform a hash conversion on each plaintext keyword vector by using a p-stable local sensitive hash function to obtain a corresponding plaintext hash value.
其中,p-stable局部敏感哈希函数是指应用到p-稳定分布(p-stable distribution)中的局部敏感哈希函数。在这个步骤中,从p-stable局部敏感哈希函数群H={h:{0,1} 26*26—>{0,1} m}}中选取l个独立的p-stable局部敏感哈希函数h i,l为一随机数。使用p-stable局部敏感哈希函数h i∈H将每一个明文关键词向量进行哈希转换,得到对应的明文哈希值。具体地,p-stable局部敏感哈希函数h i可以为:
Figure PCTCN2018091912-appb-000001
其中a是一个m维的向量,b∈[0,c]是一个实数,c是一个固定值,并且l与c的取值可以根据实际的m而确定。例如,当m=8000时,可以取l=30,c=4,通过该p-stable局部敏感哈希函数h i将每一明文关键词向量w i进行哈希转换,得到对应的明文哈希值。 Among them, the p-stable local sensitive hash function refers to a locally sensitive hash function applied to the p-stable distribution. In this step, select one independent p-stable local sensitivity from the p-stable local sensitive hash function group H={h:{0,1} 26*26 —>{0,1} m }} The Greek function h i , l is a random number. Each plaintext keyword vector is hash-converted using the p-stable local-sensitive hash function h i ∈H to obtain a corresponding plaintext hash value. Specifically, the p-stable locally sensitive hash function h i can be:
Figure PCTCN2018091912-appb-000001
Where a is an m-dimensional vector, b ∈ [0, c] is a real number, c is a fixed value, and the values of l and c can be determined according to the actual m. For example, when m=8000, l=30 and c=4 may be taken, and each plaintext keyword vector w i is hash-converted by the p-stable local sensitive hash function h i to obtain a corresponding plaintext hash. value.
S113:将每一明文哈希值插入到布隆过滤器进行过滤,得到文件索引。S113: Insert each plaintext hash value into the Bloom filter for filtering to obtain a file index.
其中,布隆过滤器(Bloom Filter)是由一个很长的二进制向量和一系列随机映射函数组成,布隆过滤器可以用于检索一个元素是否在一个集合中。具体地,为每一明文文件构造一个n位的布隆过滤器,并将布隆过滤器中的每一位初始化为0。将步骤S112中得到的明文哈希值插入到对应的布隆过滤器中,即可得到文件索引。Among them, the Bloom Filter consists of a long binary vector and a series of random mapping functions. The Bloom filter can be used to retrieve whether an element is in a collection. Specifically, an n-bit Bloom filter is constructed for each plaintext file and each bit in the Bloom filter is initialized to zero. The file index is obtained by inserting the plaintext hash value obtained in step S112 into the corresponding Bloom filter.
在这个实施方式中,先将明文关键词转换为明文关键词向量,再通过p-stable局部敏感哈希函数对明文关键词向量进行哈希转换再经布隆过滤器进行过滤,直接形成文件索引,不需要扩展索引文件的大小,也不需要预先构建模糊关键词集,降低了系统存储压力以及后续基于文件索引进行查询的复杂性,以提高数据查询的效率。In this embodiment, the plaintext keyword is first converted into a plaintext keyword vector, and then the plaintext keyword vector is hash-transformed by a p-stable local sensitive hash function and then filtered by a Bloom filter to directly form a file index. There is no need to expand the size of the index file, and it is not necessary to construct a fuzzy keyword set in advance, which reduces the storage pressure of the system and the complexity of subsequent query based on the file index, so as to improve the efficiency of data query.
S12:获取秘钥管理中心发送的第一随机用户秘钥。S12: Acquire a first random user key sent by the key management center.
在该步骤中,数据拥有端获取从秘钥管理中心获取其发送的第一随机用户秘钥,以供后续对相关数据(明文文件和文件索引)进行加密。其中,第一随机用户秘钥是由密钥管理中心基于私钥生成并发送给数据拥有端的密钥。In this step, the data owner acquires the first random user key that is sent from the key management center for subsequent encryption of the related data (plain file and file index). The first random user secret key is a key generated by the key management center based on the private key and sent to the data owner.
在一个具体实施方式中,秘钥管理中心发送的第一随机用户秘钥在秘钥管理中心的初始化过程中生成。其中,秘钥管理中心的初始化包括以下步骤:In a specific embodiment, the first random user key sent by the key management center is generated during the initialization process of the key management center. The initialization of the key management center includes the following steps:
(1)数据拥有端发送安全参数k到秘钥管理中心,秘钥管理中心将安全参数k作为输入,输出一个循环群G、一个素数q和一个哈希映射函数f,其中,循环群G包括一个生成元g。(1) The data owner sends the security parameter k to the key management center, and the key management center takes the security parameter k as an input, and outputs a cyclic group G, a prime number q, and a hash mapping function f, wherein the cyclic group G includes A generator element g.
其中,循环群G是指:如果一个群G可以由元素g生成,即对任意b∈G,都存在a∈Z,使得b=g a,则称G=<g>是一个循环群,而g是循环群G的一个生成元。其中,Z表示全体素数q的所有剩余类构成的集合,该集合在素数q的加法下构成阶为q的交换群。安全参数k属于正整数,基于安全参数k,秘钥管理中心会选择一个k比特的素数q。此外,秘钥管理中心还会选择一个哈希映射函数f,该哈希映射函数f以任意长的比特串为输入,以循环群G上的元素为输出,即f:{0,1} *→G。 Wherein, the cyclic group G means that if a group G can be generated by the element g, that is, for any b∈G, a ∈ Z exists, so that b=g a , then G=<g> is a cyclic group, and g is a generator of the cyclic group G. Where Z represents a set of all remaining classes of all prime numbers q, and this set constitutes an exchange group of order q under the addition of prime numbers q. The security parameter k belongs to a positive integer. Based on the security parameter k, the key management center selects a k-bit prime number q. In addition, the key management center also selects a hash mapping function f, which takes an arbitrarily long bit string as an input and outputs the elements on the cyclic group G as f: {0, 1} * →G.
(2)从Zq *中选取一个随机数x,并计算h=g x,获取公钥PK=(G,g,q,h,f),私钥MSK=x。 (2) Select a random number x from Zq * and calculate h = g x , obtain the public key PK = (G, g, q, h, f), and the private key MSK = x.
其中,Z q *表示Z q中与q互素的剩余类构成的集合,即Z q *中的元素在同余意义下都是小于q且与q互素的正整数,因此,Z q *可以写作集合Z q *={1,2,…,q-1}。 Wherein, Z q * q represents a collection of the Z configuration of the remaining class q prime, i.e., the elements of Z q * I under the same sense and q are smaller than the prime q positive integers, and therefore, Z q * You can write the set Z q * ={1,2,...,q-1}.
该步骤中,通过从Z q *中选取一个随机数x作为私钥MSK=x,并在计算出h=g x之后,形成对应的公钥PK=(G,g,q,h,f)。 In this step, by selecting a random number x from Z q * as the private key MSK=x, and after calculating h=g x , the corresponding public key PK=(G, g, q, h, f) is formed. .
(3)对于数据拥有端i,秘钥管理中心从Z q *中随机选择一个数x i1,并计算x i2=x-x i1(3) For the data possession i, the key management center randomly selects a number x i1 from Z q * and calculates x i2 = xx i1 .
(4)将x i1作为输入参数,获取SK=(M 1,M 2,S),其中M 1,M 2∈R m*m为可逆矩阵,S∈{0,1} m为一个向量,其中x i1=m;由此得到第一随机用户秘钥K ui=(x i1,SK)和第一随机服务器端秘钥K si=(i,x i2)。 (4) Using x i1 as an input parameter, obtain SK=(M 1 , M 2 , S), where M 1 , M 2 ∈R m*m are invertible matrices, and S∈{0,1} m is a vector. Where x i1 =m; thus obtaining the first random user secret key K ui =(x i1 , SK) and the first random server side key K si =(i, x i2 ).
(5)秘钥管理中心将第一随机用户秘钥K ui=(x i1,SK)发送给数据拥有端i,将第一随 机服务器端秘钥K si=(i,x i2)发送给服务器端。服务器端接收到K si=(i,x i2)后,就更新存储在服务器端中的第一随机用户-密钥映射关系K s=K s∪(i,x i2)。 (5) The key management center sends the first random user key K ui = (x i1 , SK) to the data owner i, and sends the first random server key K si = (i, x i2 ) to the server. end. After receiving the K si =(i, x i2 ), the server updates the first random user-key mapping relationship K s =K s ∪(i, x i2 ) stored in the server.
在这个实施方式中,通过密钥管理中心初始化生成对应的密钥,提高了密钥生成的便利性,也保证了密钥的安全。In this embodiment, the key is generated by the key management center to generate a corresponding key, which improves the convenience of key generation and ensures the security of the key.
S13:采用第一随机用户秘钥分别加密明文文件和文件索引,获取加密文件和加密索引。S13: encrypting the plaintext file and the file index by using the first random user key to obtain the encrypted file and the encrypted index.
数据拥有端在获取到第一随机用户秘钥K ui之后,采用该第一随机用户秘钥K ui分别加密明文文件和文件索引,获取对应的加密文件和加密索引。 After obtaining the first random user key K ui , the data owner encrypts the plaintext file and the file index respectively by using the first random user key K ui to obtain the corresponding encrypted file and the encrypted index.
在一个具体实施方式中,采用第一随机用户秘钥分别加密明文文件和文件索引,获取加密文件和加密索引,如图4所示,步骤S13具体包括以下步骤:In a specific implementation, the first random user key is used to encrypt the plaintext file and the file index respectively, and the encrypted file and the encrypted index are obtained. As shown in FIG. 4, step S13 specifically includes the following steps:
S131:基于第一随机用户秘钥,采用ElGamal算法加密明文文件,获取加密文件。S131: Encrypt the plaintext file by using the ElGamal algorithm to obtain the encrypted file, based on the first random user key.
其中,ElGamal算法是一种非对称加密算法,它是基于1985年提出的公钥密码体制和椭圆曲线加密体系,ElGamal算法既能用于数据加密,也能用于数字签名。Among them, ElGamal algorithm is an asymmetric encryption algorithm. It is based on the public key cryptosystem and elliptic curve cryptosystem proposed in 1985. The ElGamal algorithm can be used for both data encryption and digital signature.
在该步骤中,数据拥有端基于第一随机用户秘钥K ui=(x i1,SK),采用ElGamal代理加密算法加密明文文件,获取加密文件:C(file i)=(g x,g rxi1file i),其中,file i为数据拥有端i的明文文件。 In this step, the data owner encrypts the plaintext file by using the ElGamal proxy encryption algorithm based on the first random user key K ui = (x i1 , SK), and obtains the encrypted file: C(file i )=(g x , g rxi1 File i ), where file i is the plaintext file of data owner i.
S132:基于第一随机用户秘钥,采用哈希映射函数对第一随机用户秘钥进行处理,产生密钥K IS132: The first random user key is processed by using a hash mapping function based on the first random user secret key to generate a key K I .
其中,哈希映射函数是秘钥管理中心生成的公钥中的哈希映射函数f,基于第一随机用户秘钥,采用哈希映射函数f产生密钥K I=f(x i1)。 The hash mapping function is a hash mapping function f in the public key generated by the key management center. Based on the first random user key, the hash mapping function f is used to generate the key K I =f(x i1 ).
S133:将文件索引I D按如下规则划分为两个索引向量{I′,I″}:对于每个元素i j∈I D,如果S j∈S且S j等于1,则设置i j′=i j″=i j;否则,i j′=1/2·i j+r,i j″=1/2·i j-r,其中,r为一随机数,S∈{0,1} mS133: Divide the file index I D into two index vectors {I', I′′} as follows: For each element i j ∈I D , if S j ∈S and S j is equal to 1, set i j ′ =i j ′′=i j ; otherwise, i j '=1/2·i j +r,i j ′′=1/2·i j −r, where r is a random number, S∈{0,1 } m .
在该步骤中,通过秘钥管理中心中的SK=(M 1,M 2,S)将文件索引I D划分为两个索引向量{I′,I″}。具体地,对于文件索引I D中的一个元素i j∈I D,先从S中获取对应的向量S j,若S j等于1,则划分元素i j为{i j′,i j″}。若S j不等于1,则划分元素i j为{1/2·i j+r,1/2·i j-r},其中,r为一随机数,S∈{0,1} mIn this step, the file index I D is divided into two index vectors {I', I"} by SK = (M 1 , M 2 , S) in the key management center. Specifically, for the file index I D One of the elements i j ∈I D first obtains the corresponding vector S j from S. If S j is equal to 1, the divided element i j is {i j ', i j ′′}. If S j is not equal to 1, the dividing element i j is {1/2·i j +r, 1/2·i j -r}, where r is a random number, S ∈ {0, 1} m .
S134:基于密钥K I和两个索引向量{I′,I″}加密文件索引,获取加密索引:Enc SK(I D)={M 1 T·I′,M 2 T·I″,Enc(K I,fid i)},其中,fid i为明文文件的文件ID,M 1,M 2∈R m*m为可逆矩阵。 S134: Encrypt the file index based on the key K I and the two index vectors {I', I′′}, and obtain an encrypted index: Enc SK (I D )={M 1 T ·I′, M 2 T ·I′′, Enc (K I , fid i )}, where fid i is the file ID of the plaintext file, and M 1 , M 2 ∈R m*m are invertible matrices.
在将索引文件划分为两个索引向量之后,基于密钥K I和两个索引向量{I′,I″}加密文件索引,得到加密索引:Enc SK(I D)={M 1 T·I′,M 2 T·I″,Enc(K I,fid i)}。 After dividing the index file into two index vectors, the file index is encrypted based on the key K I and the two index vectors {I', I''}, and the encrypted index is obtained: Enc SK (I D )={M 1 T ·I ', M 2 T · I", Enc (K I , fid i )}.
在一个实施方式中,Enc可以通过AES或者DES实现。其中,AES是指高级加密标准(英语:Advanced Encryption Standard,缩写:AES),在密码学中又称Rijndael加密法,是美国联邦政府采用的一种区块加密标准。而DES为密码体制中的对称密码体制,又被称为美国数据加密标准,是1972年美国IBM公司研制的对称密码体制加密算法。In one embodiment, Enc can be implemented by AES or DES. Among them, AES refers to the Advanced Encryption Standard (English: Advanced Encryption Standard, abbreviation: AES), also known as Rijndael encryption in cryptography, is a block encryption standard adopted by the US federal government. DES is a symmetric cryptosystem in the cryptosystem, also known as the US data encryption standard. It is a symmetric cryptosystem encryption algorithm developed by IBM in 1972.
在一个具体实施方式中,采用第一随机用户秘钥分别加密明文文件和文件索引,获取加密文件和加密索引(步骤S13)的步骤也可以在服务器端执行,即数据拥有端将索引文件发送至服务器端。此时,服务器从秘钥管理中心获取的第一随机服务器端秘钥为K si=(i,x i2,SK)。服务器端将文件索引I D按如下规则划分为两个索引向量{I′,I″}:对于每个元素i j∈I D,如果S j∈S且S j等于1,则设置i j′=i j″=i j;否则i j′=1/2·i j+r,i j″=1/2·i j-r,其中,r为一随机数,S∈{0,1} m。再对索引向量进行加密,获取加密索引:Enc SK(I D)={M 1 T·I′,M 2 T·I″}。 In a specific implementation, the first random user key is used to encrypt the plaintext file and the file index respectively, and the step of obtaining the encrypted file and the encrypted index (step S13) may also be performed on the server side, that is, the data owner sends the index file to Service-Terminal. At this time, the first random server-side key obtained by the server from the key management center is K si = (i, x i2 , SK). The server side divides the file index I D into two index vectors {I', I′′} as follows: For each element i j ∈I D , if S j ∈S and S j is equal to 1, then i j ′ is set =i j ′′=i j ; otherwise i j ′=1/2·i j +r,i j ′′=1/2·i j −r, where r is a random number, S∈{0,1} m . Encrypt the index vector to obtain the encrypted index: Enc SK (I D )={M 1 T ·I', M 2 T ·I′′}.
在这个实施方式中,通过第一随机用户秘钥对明文文件和文件索引进行加密,提高了数据的安全性。In this embodiment, the plaintext file and the file index are encrypted by the first random user key, which improves the security of the data.
S14:将加密文件和加密索引发送至服务器端,以指示服务器端采用由秘钥管理中心发送的第一随机服务器端秘钥对加密文件进行加密,形成密文文件,其中,第一随机用户秘钥和第一随机服务器端秘钥相关联。S14: Send the encrypted file and the encrypted index to the server, to instruct the server to encrypt the encrypted file by using the first random server-side key sent by the key management center to form a ciphertext file, where the first random user secret The key is associated with the first random server-side key.
数据拥有端在获取到加密文件和加密索引后,将加密文件和加密索引发送至服务器端。如此,即使服务器端中的数据遭到窃取,由于服务器端缺少加密文件对应的解密秘钥,因此是没办法对该加密文件进行解密以得到对应的明文文件的,充分保证了数据的安全。在一个具体实施方式中,该步骤还包括将索引文件发送至服务器端。After obtaining the encrypted file and the encrypted index, the data owner sends the encrypted file and the encrypted index to the server. In this way, even if the data in the server side is stolen, since the server side lacks the decryption key corresponding to the encrypted file, there is no way to decrypt the encrypted file to obtain the corresponding plaintext file, which fully ensures the security of the data. In a specific embodiment, the step further includes sending the index file to the server.
服务器端在接收到数据拥有端发送的加密文件之后,会采用由秘钥管理中心发送的第一随机服务器端秘钥K si=(i,x i2)对加密文件进行加密,形成密文文件。具体地,服务器端先找到与数据拥有端i对应的第一随机服务器端密钥K si=(i,x i2),再基于x i2采用ElGamal算法对加密文件进行加密: After receiving the encrypted file sent by the data owner, the server encrypts the encrypted file by using the first random server-side key K si = (i, x i2 ) sent by the key management center to form a ciphertext file. Specifically, the server first finds the first random server-side key K si =(i, x i2 ) corresponding to the data owner i, and then encrypts the encrypted file by using the ElGamal algorithm based on x i2 :
C*(file i)=(g x,(g r) xi2·g rxi1·file i)=(g x,(g r) xi2+xi1·file i)=(g x,g rx·file i); C*(file i )=(g x ,(g r ) xi2 ·g rxi1 ·file i )=(g x ,(g r ) xi2+xi1 ·file i )=(g x ,g rx ·file i ) ;
因此,最终获得密文文件C*(file i)=(g x,g rxfile i),其中,file i∈File。 Therefore, the ciphertext file C*(file i )=(g x , g rx file i ) is finally obtained, where file i ∈ File.
在这个实施方式中,第一随机用户秘钥和第一随机服务器端秘钥是相关联的。具体地,第一随机用户秘钥K ui=(x i1,SK)中的x i1和第一随机服务器端秘钥K si=(i,x i2)中的x i2是通过私钥MSK=x相关联的:x i2=x-x i1In this embodiment, the first random user secret key and the first random server side secret key are associated. Specifically, x i1 user first random secret key K ui = (x i1, SK ) and the first random server-side secret key K si = (i, x i2 ) by the private key x i2 MSK = x Associated: x i2 = xx i1 .
本实施例提供的数据加密方法中,先将明文文件的明文关键词转换成明文关键词向量,再通过局部敏感哈希对明文关键词向量进行哈希转换,形成文件索引,不需要扩展索引文件的大小,也不需要预先构建模糊关键词集,降低了系统存储压力以及后续的查询的复杂性。而且,明文文件在发送至服务器端时预先进行了加密,提高了数据的安全性。In the data encryption method provided in this embodiment, the plaintext keyword of the plaintext file is first converted into a plaintext keyword vector, and then the plaintext keyword vector is hash-transformed by a local sensitive hash to form a file index, and the index file does not need to be extended. The size does not require pre-built fuzzy keyword sets, which reduces the system storage pressure and the complexity of subsequent queries. Moreover, the plaintext file is encrypted in advance when it is sent to the server, which improves the security of the data.
应理解,上述实施例中各步骤的序号的大小并不意味着执行顺序的先后,各过程的执行顺序应以其功能和内在逻辑确定,而不应对本申请实施例的实施过程构成任何限定。It should be understood that the size of the sequence of the steps in the above embodiments does not mean that the order of execution is performed. The order of execution of each process should be determined by its function and internal logic, and should not be construed as limiting the implementation process of the embodiments of the present application.
实施例2Example 2
图5示出与实施例1中数据加密方法一一对应的数据加密装置的原理框图。如图2所示,该数据加密装置包括文件索引建立模块11、第一随机用户秘钥获取模块12、加密文件和加密索引获取模块13和加密文件和加密索引发送模块14。其中,文件索引建立模块11、第一随机用户秘钥获取模块12、加密文件和加密索引获取模块13和加密文件和加密索引发送模块14的实现功能与实施例1中数据加密方法对应的步骤一一对应,为避免赘述,本实施例不一一详述。Fig. 5 is a block diagram showing the principle of the data encryption apparatus corresponding to the data encryption method in the first embodiment. As shown in FIG. 2, the data encryption apparatus includes a file index establishing module 11, a first random user key obtaining module 12, an encrypted file and encrypted index obtaining module 13, and an encrypted file and encrypted index transmitting module 14. The file index establishing module 11, the first random user key obtaining module 12, the encrypted file and the encrypted index obtaining module 13, and the implementation function of the encrypted file and the encrypted index sending module 14 are the same as the data encryption method in the first embodiment. In order to avoid redundancy, the present embodiment is not described in detail.
文件索引建立模块11,用于获取明文文件的明文关键词,基于明文关键词采用局部敏感哈希算法建立明文文件的文件索引。The file index establishing module 11 is configured to obtain a plaintext keyword of the plaintext file, and use a local sensitive hash algorithm to establish a file index of the plaintext file based on the plaintext keyword.
第一随机用户秘钥获取模块12,用于获取秘钥管理中心发送的第一随机用户秘钥。The first random user key obtaining module 12 is configured to acquire a first random user key sent by the key management center.
加密文件和加密索引获取模块13,用于采用第一随机用户秘钥分别加密明文文件和文件索引,获取加密文件和加密索引。The encrypted file and encryption index obtaining module 13 is configured to separately encrypt the plaintext file and the file index by using the first random user key to obtain the encrypted file and the encrypted index.
加密文件和加密索引发送模块14,用于将加密文件和加密索引发送至服务器端,以指示服务器端采用由秘钥管理中心发送的第一随机服务器端秘钥对加密文件进行加密,形成密文文件,其中第一随机用户秘钥和第一随机服务器端秘钥相关联。The encrypted file and the encrypted index sending module 14 is configured to send the encrypted file and the encrypted index to the server, to instruct the server to encrypt the encrypted file by using the first random server-side key sent by the key management center to form a ciphertext. A file, wherein the first random user key is associated with the first random server-side key.
优选地,文件索引建立模块11包括明文关键词获取单元111、哈希转换单元112和文件索引获取单元113。Preferably, the file index establishing module 11 includes a plaintext keyword acquiring unit 111, a hash converting unit 112, and a file index acquiring unit 113.
明文关键词获取单元111,用于从明文文件中提取明文关键词,将明文关键词转化成明文关键词向量。The plaintext keyword obtaining unit 111 is configured to extract a plaintext keyword from the plaintext file, and convert the plaintext keyword into a plaintext keyword vector.
哈希转换单元112,用于采用p-stable局部敏感哈希函数将每一明文关键词向量进行哈希转换,获取对应的明文哈希值。The hash conversion unit 112 is configured to perform hash conversion on each plaintext keyword vector by using a p-stable local sensitive hash function to obtain a corresponding plaintext hash value.
文件索引获取单元113,用于将每一明文哈希值插入到布隆过滤器进行过滤,得到文件索引。The file index obtaining unit 113 is configured to insert each plaintext hash value into the Bloom filter for filtering to obtain a file index.
优选地,加密文件和加密索引获取模块13包括加密文件获取单元131、密钥K I产生单元132、索引向量划分单元133和加密索引获取单元134。 Preferably, the encrypted file and encryption index acquisition module 13 includes an encrypted file acquisition unit 131, a key K I generation unit 132, an index vector division unit 133, and an encryption index acquisition unit 134.
加密文件获取单元131,用于基于第一随机用户秘钥,采用ElGamal算法加密明文文件,获取加密文件。The encrypted file obtaining unit 131 is configured to encrypt the plaintext file by using the ElGamal algorithm based on the first random user secret key to obtain the encrypted file.
密钥K I产生单元132,用于基于第一随机用户秘钥,采用哈希映射函数对第一随机用户秘钥进行处理,产生密钥K IThe key K I generating unit 132 is configured to process the first random user key by using a hash mapping function based on the first random user key to generate a key K I .
索引向量划分单元133,用于将文件索引I D按如下规则划分为两个索引向量{I′,I″}:对于每个元素i j∈I D,如果S j∈S且S j等于1,则设置i j′=i j″=i j;否则,i j′=1/2·i j+r,i j″=1/2·i j-r,其中,r为一随机数,S∈{0,1} mThe index vector dividing unit 133 is configured to divide the file index I D into two index vectors {I', I′′} as follows: for each element i j ∈I D , if S j ∈S and S j is equal to 1 , then i j '=i j ′′=i j ; otherwise, i j ′=1/2·i j +r, i j ′′=1/2·i j −r, where r is a random number, S∈{0,1} m .
加密索引获取单元134,用于基于密钥K I和两个索引向量{I′,I″}加密文件索引,获取加密索引:Enc SK(I D)={M 1 T·I′,M 2 T·I″,Enc(K I,fid i)},其中,fid i为明文文件的文件ID,M 1,M 2∈R m*m为可逆矩阵。 The encrypted index obtaining unit 134 is configured to encrypt the file index based on the key K I and the two index vectors {I', I"} to obtain an encrypted index: Enc SK (I D )={M 1 T ·I', M 2 T · I′′, Enc(K I , fid i )}, where fid i is the file ID of the plaintext file, and M 1 , M 2 ∈R m*m are reversible matrices.
实施例3Example 3
图6示出本实施例中数据查询方法的流程图。该数据查询方法应用在各种终端中,以解决数据查询效率不高的问题。如图6所示,该数据查询方法包括服务器端执行的如下步骤:Fig. 6 is a flow chart showing the data query method in this embodiment. The data query method is applied to various terminals to solve the problem that the data query efficiency is not high. As shown in FIG. 6, the data query method includes the following steps performed by the server:
S21:获取查询关键词,采用局部敏感哈希函数对查询关键词进行处理,以形成查询陷门。S21: Acquire a query keyword, and use a local sensitive hash function to process the query keyword to form a query trapdoor.
其中,查询关键词是指用于对明文文件进行查询的关键词。查询关键词由授权用户端发送到服务器端中。服务器端从授权用户端获取查询关键词,采用局部敏感哈希函数对查询关键词进行处理,以形成查询陷门。其中,陷门是在某个系统或某个文件中设置的"机关",使得在提供特定的输入数据时,允许违反安全策略。例如,一个登录处理子系统允许处理一个特定的用户识别码,以绕过通常的口令检查。The query keyword refers to a keyword used to query a plaintext file. The query keyword is sent by the authorized client to the server. The server obtains the query keyword from the authorized user, and uses the local sensitive hash function to process the query keyword to form a query trap. Among them, the trapdoor is an "organ" set in a system or a file, which allows a violation of the security policy when providing specific input data. For example, a login processing subsystem allows processing of a particular user ID to bypass normal password checking.
在一个具体实施方式中,获取查询关键词,采用局部敏感哈希函数对查询关键词进行处理,以形成查询陷门,如图7所示,包括以下步骤:In a specific implementation manner, the query keyword is obtained, and the query keyword is processed by using a local sensitive hash function to form a query trapdoor. As shown in FIG. 7, the method includes the following steps:
S211:获取查询关键词,将查询关键词转换成查询关键词向量。S211: Acquire a query keyword, and convert the query keyword into a query keyword vector.
服务器端从授权用户端j获取查询关键词之后,将查询关键词转换成查询关键词向量,具体的转换过程和步骤S111相似,在此不再赘述。After the server obtains the query keyword from the authorized user terminal j, the query keyword is converted into the query keyword vector, and the specific conversion process is similar to step S111, and details are not described herein again.
S212:采用p-stable局部敏感哈希函数将每一查询关键词向量进行转换,获取对应的查询哈希值。S212: Convert each query keyword vector by using a p-stable local sensitive hash function to obtain a corresponding query hash value.
服务器端获取授权用户端j发送的查询关键词。从p-stable局部敏感哈希函数群H={h:{0,1} 26*26—>{0,1} m}}中选取l个独立的p-stable局部敏感哈希函数h j,l为一随机数。对于每一查询关键词,使用p-stable局部敏感哈希函数h j∈H将每一个查询关键词向量进行哈希转换,得到对应的查询哈希值。具体的哈希转换过程和步骤S112相似,在此不再赘述。 The server obtains the query keyword sent by the authorized client j. Selecting one independent p-stable locally sensitive hash function h j from the p-stable local sensitive hash function group H={h:{0,1} 26*26 —>{0,1} m }} l is a random number. For each query keyword, each query keyword vector is hash-converted using the p-stable local-sensitive hash function h j ∈H to obtain a corresponding query hash value. The specific hash conversion process is similar to step S112, and details are not described herein again.
S213:将每一查询哈希值插入到布隆过滤器进行过滤,获取查询关键值Q。S213: Insert each query hash value into the Bloom filter for filtering to obtain the query key value Q.
具体地,为每一明文文件构造一n位的布隆过滤器,并将布隆过滤器中的每一位初始化为0。将步骤S211中得到的对应的查询哈希值插入到对应的布隆过滤器中,得到查询关键值Q。Specifically, an n-bit Bloom filter is constructed for each plaintext file and each bit in the Bloom filter is initialized to zero. The corresponding query hash value obtained in step S211 is inserted into the corresponding Bloom filter to obtain the query key value Q.
S214:将查询关键值Q按照以下规则划分为两个查询向量{Q′,Q″},对于查询关键值Q中的一个元素q j∈Q,如果S j∈S且S j等于1,则设置q j′=q j″=q j;否则,q j′=1/2·q j+r′,q j″=1/2·q j-r′,其中,r′为一随机数,S∈{0,1} mS214: Divide the query key value Q into two query vectors {Q', Q"} according to the following rules. For an element q j ∈Q in the query key value Q, if S j ∈S and S j is equal to 1, then Set q j '=q j ′′=q j ; otherwise, q j ′=1/2·q j +r′,q j ′′=1/2·q j −r′, where r′ is a random number , S∈{0,1} m .
在该步骤中,通过秘钥管理中心中的SK=(M 1,M 2,S)将查询关键值Q划分为两个查询向量{Q′,Q″}。具体地,对于查询关键值Q中的一个元素q j∈Q,先从S中获取对应的向量S j,若S j等于1,则划分元素q j为{q j',q j″}。若S j不等于1,则划分元素q j为{1/2·q j+r′, 1/2·q j-r′},其中,r′为一随机数,S∈{0,1} mIn this step, the secret key management center SK = (M 1, M 2 , S) query key value is divided into two queries Q vectors {Q ', Q "}. In particular, the key value for the query Q One of the elements q j ∈Q first obtains the corresponding vector S j from S. If S j is equal to 1, the partition element q j is {q j ', q j ′′}. If S j is not equal to 1, the dividing element q j is {1/2·q j +r', 1/2·q j -r'}, where r' is a random number, S∈{0,1 } m .
S215:基于两个查询向量{Q′,Q″}加密查询关键值Q,获取查询陷门:Enc SK(Q)={M 1 -1·Q′,M 2 -1·Q″},其中,M 1,M 2∈R m*m为可逆矩阵。 S215: Encrypt the query key value Q based on two query vectors {Q', Q"} to obtain a query trapdoor: Enc SK (Q)={M 1 -1 ·Q', M 2 -1 ·Q"}, wherein , M 1 , M 2 ∈R m*m is an invertible matrix.
在将查询关键值Q划分为两个查询向量{Q′,Q″}之后,基于两个查询向量{Q′,Q″}加密查询关键值Q,得到查询陷门:Enc SK(Q)={M 1 -1·Q′,M 2 -1·Q″}。 After dividing the query key value Q into two query vectors {Q', Q"}, the query key value Q is encrypted based on the two query vectors {Q', Q"}, and the query trapdoor is obtained: Enc SK (Q)= {M 1 -1 ·Q', M 2 -1 ·Q"}.
在一个实施方式中,Enc可以通过AES或者DES实现。其中,AES是指高级加密标准(英语:Advanced Encryption Standard,缩写:AES),在密码学中又称Rijndael加密法,是美国联邦政府采用的一种区块加密标准。而DES算法为密码体制中的对称密码体制,又被称为美国数据加密标准,是1972年美国IBM公司研制的对称密码体制加密算法。In one embodiment, Enc can be implemented by AES or DES. Among them, AES refers to the Advanced Encryption Standard (English: Advanced Encryption Standard, abbreviation: AES), also known as Rijndael encryption in cryptography, is a block encryption standard adopted by the US federal government. The DES algorithm is a symmetric cryptosystem in the cryptosystem, also known as the US data encryption standard. It is a symmetric cryptosystem encryption algorithm developed by IBM in 1972.
在这个实施方式中,采用局部敏感哈希函数对查询关键词进行处理,得到查询陷门,以提高数据查询的效率,降低数据查询中的复杂度。In this embodiment, the local sensitive hash function is used to process the query keywords, and the query trapdoor is obtained to improve the efficiency of the data query and reduce the complexity in the data query.
在一个具体实施方式中,获取查询关键词,采用局部敏感哈希函数对查询关键词进行处理,以形成查询陷门的步骤(即步骤S21)也可以在授权用户端完成,即授权用户端获取到查询陷门之后,再将查询陷门发送到服务器端,以减轻服务器端的查询负担,提高查询效率。In a specific implementation manner, the step of acquiring the query keyword and processing the query keyword by using the local sensitive hash function to form the query trapdoor (ie, step S21) may also be completed at the authorized user end, that is, the authorized user end obtains After the query trapdoor, the query trapdoor is sent to the server to reduce the query load on the server side and improve query efficiency.
S22:基于查询关键词和查询陷门,将与查询陷门匹配成功的加密索引作为目标加密索引。S22: Based on the query keyword and the query trapdoor, the encrypted index that successfully matches the query trapdoor is used as the target encrypted index.
服务器端获取到查询陷门后,基于查询陷门查询加密索引,将与查询陷门匹配成功的加密索引作为目标加密索引。After obtaining the query trapdoor, the server queries the encrypted index based on the query trapdoor, and uses the encrypted index that matches the query trapdoor as the target encrypted index.
在一个具体实施方式中,基于查询关键词和查询陷门,将与查询陷门匹配成功的加密索引作为目标加密索引,如图8所示,具体包括以下步骤:In a specific implementation, the encrypted index matching the query trapdoor is used as the target encryption index based on the query keyword and the query trapdoor. As shown in FIG. 8, the method includes the following steps:
S221:获取查询陷门与每一加密索引的内积值,作为查询内积值。S221: Acquire an inner product value of the query trapdoor and each encrypted index as a query inner product value.
其中,内积是指接受在实数R上的两个向量并返回一个实数值标量的二元运算。而内积值则是通过内积运算得到的结果值。具体地,两个向量a=[a 1,a 2,…,a n]和b=[b 1,b 2,…,b n]的内积值的计算方式为:a·b=a 1b 1+a 2b 2+……+a nb nWhere inner product is a binary operation that accepts two vectors on a real number R and returns a real-valued scalar. The inner product value is the result value obtained by the inner product operation. Specifically, the inner product value of the two vectors a=[a 1 , a 2 , . . . , a n ] and b=[ b 1 , b 2 , . . . , b n ] is calculated as: a·b=a 1 b 1 + a 2 b 2 + ... + a n b n .
在这个实施方式中,通过计算查询陷门Enc SK(Q)与每一加密索引Enc SK(I D)的内积值,即得到查询内积值:M 1 TI′·M 1 -1Q′+M 2 TI″·M 2 -1Q″。 In this embodiment, by calculating the inner product value of the query trapdoor Enc SK (Q) and each encryption index Enc SK (I D ), the inner product value of the query is obtained: M 1 T I'·M 1 -1 Q '+M 2 T I′′·M 2 -1 Q′′.
S222:获取查询关键词与每一文件索引的内积值,作为数据内积值。S222: Acquire an inner product value of the query keyword and each file index as the inner product value of the data.
通过计算查询关键词与每一文件索引的内积值,得到数据内积值:I T·Q=I′ T·Q′+I″ T·Q″。 The inner product value of the data is obtained by calculating the inner product value of the query keyword and each file index: I T · Q = I' T · Q' + I" T · Q".
S223:获取查询内积值和数据内积值的差值,若查询内积值和数据内积值的差值在预设范围内,则查询陷门和加密索引匹配成功,将加密索引作为目标加密索引。S223: Obtain a difference between the inner product value of the query and the inner product value of the data. If the difference between the inner product value and the inner product value of the query is within a preset range, the query trapdoor and the encrypted index match successfully, and the encrypted index is targeted. Encrypt the index.
在获取到查询内积值和数据内积值之后,计算查询内积值和数据内积值的差值,若查询查询内积值和数据内积值的差值在预设范围内,则查询陷门和对应的加密索引匹配成功,将该加密索引作为目标加密索引。其中,预设范围可以是一个预设区间,通过实际需要设置。优选地,该预设范围也可为0,即当查询查询内积值和数据内积值的差值为0时,则查询陷门和对应的加密索引匹配成功。After obtaining the inner product value of the query and the inner product value of the data, calculating the difference between the inner product value of the query and the inner product value of the data, if the difference between the inner product value of the query and the inner product value of the query is within a preset range, the query The trapdoor and the corresponding encrypted index match successfully, and the encrypted index is used as the target encrypted index. The preset range may be a preset interval, which is set by actual needs. Preferably, the preset range may also be 0, that is, when the difference between the product value in the query query and the product value in the data is 0, the query trapdoor and the corresponding encrypted index match successfully.
在这个实施方式中,服务器端基于查询关键词和查询陷门,获取查询内积值和数据内积值的差值,若查询内积值和数据内积值的差值在预设范围内,则将对应的加密索引作为目标加密索引。通过这个方式可以在数据查询中快速定位到目标加密索引,进一步地提高了数据查询效率。In this embodiment, the server side obtains the difference between the inner product value of the query and the inner product value of the data based on the query keyword and the query trapdoor. If the difference between the inner product value and the inner product value of the query is within a preset range, Then the corresponding encrypted index is used as the target encryption index. In this way, the target encrypted index can be quickly located in the data query, which further improves the data query efficiency.
S23:基于目标加密索引,将与目标加密索引相对应的密文文件确定为目标密文文件;其中,密文文件是采用秘钥管理中心发送的第一随机服务器端秘钥对数据拥有端发送的加密文件进行加密后形成的。S23: Determine, according to the target encryption index, the ciphertext file corresponding to the target encrypted index as the target ciphertext file; wherein the ciphertext file is sent by the first random server-side key sent by the key management center to the data owner The encrypted file is formed after encryption.
确定目标加密索引之后,根据该目标加密索引定位到对应的密文文件,将该密文文件确定为目标密文文件。具体地,可以对目标加密索引进行解密,以得到明文文件的文件ID: fid i。基于明文文件的文件ID即可定位到对应的密文文件。其中,密文文件是采用秘钥管理中心发送的第一随机服务器端秘钥对数据拥有端发送的加密文件进行加密后形成的。服务器端在接收到数据拥有端发送的加密文件之后,会采用由秘钥管理中心发送的第一随机服务器端秘钥K si=(i,x i2)对加密文件进行加密,形成密文文件。具体地,服务器端先找到与数据拥有端对应的第一服务器端密钥K si=(i,x i2),再基于x i2采用ElGamal算法对加密文件进行加密: After the target encrypted index is determined, the target ciphertext file is located according to the target encrypted index, and the ciphertext file is determined as the target ciphertext file. Specifically, the target encrypted index can be decrypted to obtain the file ID of the plaintext file: fid i . The file ID of the plaintext file can be used to locate the corresponding ciphertext file. The ciphertext file is formed by encrypting the encrypted file sent by the data owner by using the first random server-side secret key sent by the key management center. After receiving the encrypted file sent by the data owner, the server encrypts the encrypted file by using the first random server-side key K si = (i, x i2 ) sent by the key management center to form a ciphertext file. Specifically, the server first finds the first server-side key K si =(i, x i2 ) corresponding to the data owner, and then encrypts the encrypted file by using the ElGamal algorithm based on x i2 :
C*(file i)=(g x,(g r) xi2·g rxi1·file i)=(g x,(g r) xi2+xi1·file i)=(g x,g rx·file i); C*(file i )=(g x ,(g r ) xi2 ·g rxi1 ·file i )=(g x ,(g r ) xi2+xi1 ·file i )=(g x ,g rx ·file i ) ;
因此,最终获得密文文件C*(file i)=(g x,g rxfile i),file i∈File。 Therefore, the ciphertext file C*(file i )=(g x , g rx file i ), file i ∈File is finally obtained.
S24:获取秘钥管理中心发送的第二随机服务器端秘钥。S24: Acquire a second random server-side key sent by the key management center.
在该步骤中,服务器端获取从秘钥管理中心发送的第二随机服务器端秘钥,以供后续对相关数据(明文文件和文件索引)进行加密。In this step, the server obtains the second random server-side key sent from the key management center for subsequent encryption of related data (plain file and file index).
在一个具体实施方式中,秘钥管理中心发送的第二随机服务器端秘钥在秘钥管理中心的初始化过程中生成。其中,秘钥管理中心的初始化包括以下步骤:In a specific embodiment, the second random server-side key sent by the key management center is generated during the initialization process of the key management center. The initialization of the key management center includes the following steps:
(1)数据拥有端发送安全参数k到秘钥管理中心,秘钥管理中心将安全参数k作为输入,输出一个循环群G、一个素数q和一个哈希映射函数f,其中,循环群G包括一个生成元g。(1) The data owner sends the security parameter k to the key management center, and the key management center takes the security parameter k as an input, and outputs a cyclic group G, a prime number q, and a hash mapping function f, wherein the cyclic group G includes A generator element g.
其中,循环群G是指:如果一个群G可以由元素g生成,即对任意b∈G,都存在a∈Z,使得b=g a,则称G=<g>是一个循环群,g是循环群G的一个生成元。其中,Z表示全体素数q的所有剩余类构成的集合,该集合在素数q的加法下构成阶为q的交换群。安全参数k属于正整数,基于安全参数k,秘钥管理中心会选择一个k比特的素数q。此外,秘钥管理中心还会选择一个哈希映射函数f,该哈希映射函数f以任意长的比特串为输入,以循环群G上的元素为输出的哈希函数f,即f:{0,1}*→G。 Wherein, the cyclic group G means that if a group G can be generated by the element g, that is, for any b∈G, a ∈ Z exists, so that b=g a , then G=<g> is a cyclic group, g Is a generator of the loop group G. Where Z represents a set of all remaining classes of all prime numbers q, and this set constitutes an exchange group of order q under the addition of prime numbers q. The security parameter k belongs to a positive integer. Based on the security parameter k, the key management center selects a k-bit prime number q. In addition, the key management center also selects a hash mapping function f, which takes an arbitrarily long bit string as an input, and uses the elements on the cyclic group G as the output hash function f, ie f:{ 0,1}*→G.
(2)从Zq *中选取一个随机数x,计算出h=g x,获取公钥PK=(G,g,q,h,f),私钥MSK=x。 (2) Select a random number x from Zq * , calculate h = g x , obtain the public key PK = (G, g, q, h, f), and the private key MSK = x.
其中,Z q *表示Z q中与q互素的剩余类构成的集合,即Z q *中的元素在同余意义下都是小于q且与q互素的正整数,因此,Z q *可以写作集合Z q *={1,2,…,q-1}。 Wherein, Z q * q represents a collection of the Z configuration of the remaining class q prime, i.e., the elements of Z q * I under the same sense and q are smaller than the prime q positive integers, and therefore, Z q * You can write the set Z q * ={1,2,...,q-1}.
该步骤中,通过从Z q *中选取一个随机数x作为私钥MSK=x,并在计算出h=g x之后,形成对应的公钥PK=(G,g,q,h,f)。 In this step, by selecting a random number x from Z q * as the private key MSK=x, and after calculating h=g x , the corresponding public key PK=(G, g, q, h, f) is formed. .
(3)对于授权用户端j,秘钥管理中心从Z q *中随机选择一个数x j1,并计算x j2=x-x j1。形成授权用户端j对应的服务器端秘钥Ks j=x j2和用户秘钥Ku j=x j1。密钥管理中心将第二随机用户密钥K uj=(x j1,SK)发送给授权用户端j,将第二随机服务器端密钥K sj=(j,x j2)发送给服务器端。服务器端接收到K sj后,就更新存储在它上面的第二随机用户-密钥映射关系K s=K s∪(j,x j2)。 (3) For the authorized user terminal j, the key management center randomly selects a number x j1 from Z q * and calculates x j2 = xx j1 . The server-side key Ks j = x j2 and the user secret key Ku j = x j1 corresponding to the authorized client j are formed. The key management center sends the second random user key K uj = (x j1 , SK) to the authorized client j, and sends the second random server key K sj = (j, x j2 ) to the server. After receiving the K sj , the server updates the second random user-key mapping relationship K s =K s K(j, x j2 ) stored thereon .
可选地,这个实施方式中秘钥管理中心的初始化可以和实施例1中的秘钥管理中心的初始化同时进行。在另一个实施方式中,密钥管理中心在实施例1中完成初始化之后,在本实施方式中仅执行上述步骤(3),步骤(1)和(2)已在实施例1中完成。Alternatively, the initialization of the key management center in this embodiment may be performed simultaneously with the initialization of the key management center in Embodiment 1. In another embodiment, after the key management center completes the initialization in Embodiment 1, only the above step (3) is performed in the present embodiment, and steps (1) and (2) have been completed in Embodiment 1.
进一步地,为每一授权用户端分配第二随机用户密钥时,还生成一授权用户端ID,该授权用户端ID和该授权用户端的第二随机用户密钥一一对应。在授权用户端进行数据查询时,服务器端根据授权用户端ID选择对应的第二随机服务器端密钥进行解密。Further, when the second random user key is assigned to each authorized user, an authorized client ID is also generated, and the authorized client ID is in one-to-one correspondence with the second random user key of the authorized client. When the authorized client performs data query, the server selects the corresponding second random server-side key according to the authorized client ID for decryption.
优选地,还可以为授权用户端配置和授权用户端ID对应的密码。如此,可以更好地保证数据的安全性,即使该授权用户端的第二随机用户密钥被盗取,如果没有该授权用户端对应的授权用户端ID和密码,也无法成功地利用手中的第二随机用户密钥从服务器端获取到数据。Preferably, the password corresponding to the authorized client ID is also configured and authorized for the authorized client. In this way, the security of the data can be better ensured, even if the second random user key of the authorized client is stolen, if the authorized client ID and password corresponding to the authorized client are not available, the first hand cannot be successfully utilized. Two random user keys get data from the server.
在这个实施方式中,针对不同授权用户端,生成和分配和该授权用户端对应的第二随机服务器端密钥和第二随机用户密钥,如此可以在增加了文件的安全性的同时也可实现多个授权用户端共享文件的目的。In this embodiment, for the different authorized clients, the second random server-side key and the second random user key corresponding to the authorized client are generated and allocated, so that the security of the file can be increased at the same time. Achieve the purpose of sharing files with multiple authorized clients.
S25:基于第二随机服务器端秘钥,对目标密文文件进行解密,获取目标加密文件。S25: Decrypt the target ciphertext file based on the second random server-side key to obtain the target encrypted file.
服务器端获取存储在其上的授权用户端对应的第二随机服务器端秘钥K sj=x j2,利用x j2对目标密文文件C*(file i)进行解密,得到目标加密文件。具体地,目标加密文件C’(file i)为: The server obtains the second random server-side key K sj =x j2 corresponding to the authorized client stored thereon, and decrypts the target ciphertext file C*(file i ) by using x j2 to obtain the target encrypted file. Specifically, the target encrypted file C'(file i ) is:
C’(file i)=(g r,g rxfile i·(g r) -xj2)=(g r,g (x-xj2)rfile i)=g rxj1file iC'(file i )=(g r , g rx file i ·(g r ) -xj2 )=(g r ,g (x-xj2)r file i )=g rxj1 file i .
S26:将目标加密文件发送至授权用户端,以指示授权用户端采用由秘钥管理中心发送的第二随机用户秘钥对目标加密文件进行解密,获取对应的明文文件。S26: Send the target encrypted file to the authorized client to instruct the authorized client to decrypt the target encrypted file by using the second random user key sent by the key management center to obtain the corresponding plaintext file.
服务器端将获取到的目标加密文件发送至对应的授权用户端j,以指示授权用户端j采用由秘钥管理中心发送的第二随机用户秘钥对目标加密文件进行解密,获取对应的明文文件。具体地,授权用户端j收到服务器端发送的目标加密文件后,利用第二随机用户秘钥x j1对目标加密文件进行解密,获取对应的明文文件:g rxj1file i·(g r) -xj1=file i,以解密该加密文件,得到最终的明文文件。 The server sends the obtained target encrypted file to the corresponding authorized user terminal j to instruct the authorized user terminal j to decrypt the target encrypted file by using the second random user key sent by the key management center to obtain the corresponding plaintext file. . Specifically, after receiving the target encrypted file sent by the server, the authorized user terminal j decrypts the target encrypted file by using the second random user key x j1 to obtain a corresponding plaintext file: g rxj1 file i ·(g r ) - Xj1 =file i to decrypt the encrypted file to get the final plaintext file.
在这个实施方式中,第二随机用户秘钥和第二随机服务器端秘钥是相关联的。具体地,第二随机用户秘钥x j1和第二随机服务器端秘钥x j2是通过私钥MSK=x相关联的:x j2=x-x j1In this embodiment, the second random user secret key and the second random server side secret key are associated. Specifically, the second random user secret key x j1 and the second random server side secret key x j2 are associated by the private key MSK=x: x j2 = xx j1 .
本实施例提供的数据查询方法中,采用局部敏感哈希函数对查询关键词进行处理,以形成查询陷门。并基于查询关键词和查询陷门得到对应的目标加密索引以定位到对应的目标密文文件,提高了数据查询的效率,降低了数据查询的复杂度。而且,通过服务器端和授权用户端对目标密文文件二次解密才可以获得对应的明文文件,提高了数据的安全性。In the data query method provided in this embodiment, the local key sensitive hash function is used to process the query keywords to form a query trapdoor. And based on the query keyword and the query trapdoor, the corresponding target encrypted index is obtained to locate the corresponding target ciphertext file, thereby improving the efficiency of the data query and reducing the complexity of the data query. Moreover, the second plaintext file of the target ciphertext file can be obtained by the server and the authorized user to obtain the corresponding plaintext file, thereby improving the security of the data.
实施例4Example 4
图9示出与实施例1中数据查询方法一一对应的数据查询装置的原理框图。如图9所示,该数据查询装置包括查询陷门获取模块21、目标加密索引获取模块22、目标密文文件获取模块23、第二随机服务器端秘钥获取模块24、目标加密文件获取模块25和目标加密文件发送模块26。其中,查询陷门获取模块21、目标加密索引获取模块22、目标密文文件获取模块23、第二随机服务器端秘钥获取模块24、目标加密文件获取模块25和目标加密文件发送模块26的实现功能与实施例3中数据查询方法对应的步骤一一对应,为避免赘述,本实施例不一一详述。FIG. 9 is a block diagram showing the principle of the data query device corresponding to the data query method in the first embodiment. As shown in FIG. 9, the data query device includes a query trapdoor acquisition module 21, a target encryption index acquisition module 22, a target ciphertext file acquisition module 23, a second random server-side key acquisition module 24, and a target encrypted file acquisition module 25. And the target encrypted file sending module 26. The implementation of the query trapdoor acquisition module 21, the target encryption index acquisition module 22, the target ciphertext file acquisition module 23, the second random server-side key acquisition module 24, the target encrypted file acquisition module 25, and the target encrypted file transmission module 26 The functions are in one-to-one correspondence with the steps corresponding to the data query method in the third embodiment. To avoid redundancy, the present embodiment is not described in detail.
查询陷门获取模块21,用于获取查询关键词,采用局部敏感哈希函数对查询关键词进行处理,以形成查询陷门。The query trapdoor obtaining module 21 is configured to obtain a query keyword, and process the query keyword by using a local sensitive hash function to form a query trapdoor.
目标加密索引获取模块22,用于基于查询关键词和查询陷门,将与查询陷门匹配成功的加密索引作为目标加密索引。The target encryption index obtaining module 22 is configured to use the encrypted index that successfully matches the query trapdoor as the target encryption index based on the query keyword and the query trapdoor.
目标密文文件获取模块23,用于基于目标加密索引,将与目标加密索引相对应的密文文件确定为目标密文文件;其中,密文文件是采用秘钥管理中心发送的第一随机服务器端秘钥对数据拥有端发送的加密文件进行加密后形成的。The target ciphertext file obtaining module 23 is configured to determine, according to the target encrypted index, the ciphertext file corresponding to the target encrypted index as the target ciphertext file; wherein the ciphertext file is the first random server sent by the key management center. The secret key is formed by encrypting the encrypted file sent by the data owner.
第二随机服务器端秘钥获取模块24,用于获取秘钥管理中心发送的第二随机服务器端秘钥。The second random server-side key acquisition module 24 is configured to acquire a second random server-side key sent by the key management center.
目标加密文件获取模块25,用于基于第二随机服务器端秘钥,对目标密文文件进行解密,获取目标加密文件。The target encrypted file obtaining module 25 is configured to decrypt the target ciphertext file based on the second random server-side key to obtain the target encrypted file.
目标加密文件发送模块26,用于将目标加密文件发送至授权用户端,以指示授权用户端采用由秘钥管理中心发送的第二随机用户秘钥对目标加密文件进行解密,获取对应的明文文件,其中,第二随机用户秘钥和第二随机服务器端秘钥相关联。The target encrypted file sending module 26 is configured to send the target encrypted file to the authorized user end, to indicate that the authorized user end decrypts the target encrypted file by using the second random user key sent by the key management center, and obtains the corresponding plaintext file. Wherein the second random user secret key is associated with the second random server side secret key.
优选地,查询陷门获取模块21包括查询关键词向量转换单元211、查询哈希值获取单元212、查询关键值Q获取单元213、查询向量划分单元214和查询陷门获取单元215。Preferably, the query trapdoor acquisition module 21 includes a query keyword vector conversion unit 211, a query hash value acquisition unit 212, a query key value Q acquisition unit 213, a query vector division unit 214, and a query trapdoor acquisition unit 215.
查询关键词向量转换单元211,用于获取查询关键词,将查询关键词转换成查询关键词向量。The query keyword vector conversion unit 211 is configured to obtain a query keyword and convert the query keyword into a query keyword vector.
查询哈希值获取单元212,用于采用p-stable局部敏感哈希函数将每一查询关键词向量进行转换,获取对应的查询哈希值。The query hash value obtaining unit 212 is configured to convert each query keyword vector by using a p-stable local sensitive hash function to obtain a corresponding query hash value.
查询关键值Q获取单元213,用于将每一查询哈希值插入到布隆过滤器进行过滤,获取查询关键值Q。The query key value Q obtaining unit 213 is configured to insert each query hash value into the Bloom filter for filtering, and obtain the query key value Q.
查询向量划分单元214,用于将查询关键值Q按照以下规则划分为两个查询向量{Q′,Q″},对于查询关键值Q中的一个元素q j∈Q,如果S j∈S且S j等于1,则设置q j′=q j″=q j;否则,q j′=1/2·q j+r′,q j″=1/2·q j-r′,其中,r′为一随机数,S∈{0,1} mThe query vector dividing unit 214 is configured to divide the query key value Q into two query vectors {Q′, Q′′} according to the following rules, for an element q j ∈Q in the query key value Q, if S j ∈S and S j is equal to 1, the set q j '= q j "= q j; otherwise, q j' = 1/2 · q j + r ', q j" = 1/2 · q j -r', wherein r' is a random number, S∈{0,1} m .
查询陷门获取单元215,用于基于两个查询向量{Q′,Q″}加密查询关键值Q,获取查询陷门:Enc SK(Q)={M 1 -1·Q′,M 2 -1·Q″},其中,M 1,M 2∈R m*m为可逆矩阵。 The query trapdoor obtaining unit 215 is configured to encrypt the query key value Q based on the two query vectors {Q', Q"} to obtain the query trapdoor: Enc SK (Q)={M 1 -1 ·Q', M 2 - 1 · Q"}, wherein M 1 , M 2 ∈R m*m are invertible matrices.
优选地,目标加密索引获取模块22包括查询内积值获取单元221、数据内积值获取单元222和目标加密索引获取单元223。Preferably, the target encryption index acquisition module 22 includes a query inner product value acquisition unit 221, a data inner product value acquisition unit 222, and a target encryption index acquisition unit 223.
查询内积值获取单元221,用于获取查询陷门与每一加密索引的内积值,作为查询内积值。The query inner product value obtaining unit 221 is configured to obtain an inner product value of the query trapdoor and each encrypted index as the inner product value of the query.
数据内积值获取单元222,用于获取查询关键词与每一文件索引的内积值,作为数据内积值。The data inner product value obtaining unit 222 is configured to obtain an inner product value of the query keyword and each file index as the data inner product value.
目标加密索引获取单元223,用于获取查询内积值和数据内积值的差值,若查询内积值和数据内积值的差值在预设范围内,则查询陷门和加密索引匹配成功,将加密索引作为目标加密索引。The target encryption index obtaining unit 223 is configured to obtain a difference between the inner product value of the query and the inner product value of the data. If the difference between the inner product value and the inner product value of the query is within a preset range, the query trapdoor and the encrypted index match. Successfully, the encrypted index is used as the target encryption index.
实施例5Example 5
本实施例提供一个或多个存储有计算机可读指令的非易失性可读存储介质,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行实施例1中数据加密方法,或者实现实施例3中数据查询方法,为避免重复,这里不再赘述。或者,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行时实现实施例2中数据加密装置中各模块/单元的功能,或者实现实施例4中数据查询装置中各模块/单元的功能,为避免重复,这里不再赘述。可以理解地,所述计算机可读存储介质可以包括:能够携带所述计算机可读指令代码的任何实体或装置、记录介质、U盘、移动硬盘、磁碟、光盘、计算机存储器、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、电载波信号和电信信号等。The embodiment provides one or more non-volatile readable storage media having computer readable instructions that, when executed by one or more processors, cause the one or more processors to execute The data encryption method in Embodiment 1 or the data query method in Embodiment 3 is omitted. Alternatively, the computer readable instructions are executed by one or more processors such that when executed by the one or more processors, the functions of the modules/units in the data encryption apparatus of Embodiment 2 are implemented, or Embodiment 4 is implemented. The function of each module/unit in the data query device is not repeated here to avoid repetition. It will be understood that the computer readable storage medium may include any entity or device capable of carrying the computer readable instruction code, a recording medium, a USB flash drive, a removable hard drive, a magnetic disk, an optical disk, a computer memory, a read only memory ( ROM, Read-Only Memory), Random Access Memory (RAM), electrical carrier signals, and telecommunications signals.
实施例6Example 6
图10是本申请一实施例提供的计算机设备的示意图。如图10所示,该实施例的计算机设备60包括:处理器61、存储器62以及存储在存储器62中并可在处理器61上运行的计算机可读指令63。处理器61执行计算机可读指令63时实现上述实施例1中数据加密方法的步骤,例如图2所示的步骤S11至S14。或者,处理器61执行计算机可读指令63时实现实施例2中数据加密装置中各模块/单元的功能,例如图5所示文件索引建立模块11、第一随机用户秘钥获取模块12、加密文件和加密索引获取模块13和加密文件和加密索引发送模块14的功能。或者,处理器61执行计算机可读指令63时实现上述实施例3中数据查询方法的步骤,例如图6所示的步骤S21至S26。或者,处理器61执行计算机可读指令63时实现实施例4中数据查询装置中各模块/单元的功能,例如图9所示包括查询陷门获取模块21、目标加密索引获取模块22、目标密文文件获取模块23、第二随机服务器端秘钥获取模块24、目标加密文件获取模块25和目标加密文件发送模块26的功能。FIG. 10 is a schematic diagram of a computer device according to an embodiment of the present application. As shown in FIG. 10, computer device 60 of this embodiment includes a processor 61, a memory 62, and computer readable instructions 63 stored in memory 62 and executable on processor 61. The processor 61 executes the steps of the data encryption method in the first embodiment, such as steps S11 to S14 shown in FIG. 2, when the computer readable instructions 63 are executed. Alternatively, when the processor 61 executes the computer readable instructions 63, the functions of the modules/units in the data encryption apparatus in Embodiment 2 are implemented, such as the file index establishing module 11, the first random user key obtaining module 12, and the encryption shown in FIG. 5. The functions of the file and encryption index acquisition module 13 and the encrypted file and encryption index transmission module 14. Alternatively, the processor 61 implements the steps of the data query method in the above-described Embodiment 3 when the computer readable instructions 63 are executed, such as steps S21 to S26 shown in FIG. Alternatively, when the processor 61 executes the computer readable instructions 63, the functions of the modules/units in the data query device in Embodiment 4 are implemented. For example, as shown in FIG. 9, the query trapdoor acquisition module 21, the target encrypted index acquisition module 22, and the target secret are included. The functions of the file acquisition module 23, the second random server-side key acquisition module 24, the target encrypted file acquisition module 25, and the target encrypted file transmission module 26.
所属领域的技术人员可以清楚地了解到,为了描述的方便和简洁,仅以上述各功能单元、模块的划分进行举例说明,实际应用中,可以根据需要而将上述功能分配由不同的功能单元、模块完成,即将所述装置的内部结构划分成不同的功能单元或模块,以完成以上描述的全部或者部分功能。以上所述实施例仅用以说明本申请的技术方案,而非对其限制;尽管参照前述实施例对本申请进行了详细的说明,本领域的普通技术人员应当理解:其依然可以对前述各实施例所记载的技术方案进行修改,或者对其中部分技术特征进行等同替换;而这些修改或者替换,并不使相应技术方案的本质脱离本申请各实施例技术方案的精 神和范围,均应包含在本申请的保护范围之内。It will be apparent to those skilled in the art that, for convenience and brevity of description, only the division of each functional unit and module described above is exemplified. In practical applications, the above functions may be assigned to different functional units as needed. The module is completed by dividing the internal structure of the device into different functional units or modules to perform all or part of the functions described above. The above-mentioned embodiments are only used to explain the technical solutions of the present application, and are not limited thereto; although the present application has been described in detail with reference to the foregoing embodiments, those skilled in the art should understand that they can still implement the foregoing embodiments. The technical solutions described in the examples are modified or equivalently replaced with some of the technical features; and the modifications or substitutions do not deviate from the spirit and scope of the technical solutions of the embodiments of the present application, and should be included in Within the scope of protection of this application.

Claims (20)

  1. 一种数据加密方法,其特征在于,包括数据拥有端执行的如下步骤:A data encryption method, comprising the following steps performed by a data owner:
    获取明文文件的明文关键词,基于所述明文关键词采用局部敏感哈希函数建立所述明文文件的文件索引;Obtaining a plaintext keyword of the plaintext file, and establishing a file index of the plaintext file by using a local sensitive hash function based on the plaintext keyword;
    获取秘钥管理中心发送的第一随机用户秘钥;Obtaining a first random user key sent by the key management center;
    采用第一随机用户秘钥分别加密所述明文文件和所述文件索引,获取加密文件和加密索引;Encrypting the plaintext file and the file index by using a first random user key to obtain an encrypted file and an encrypted index;
    将所述加密文件和所述加密索引发送至服务器端,以指示服务器端采用由秘钥管理中心发送的第一随机服务器端秘钥对所述加密文件进行加密,形成密文文件;And sending the encrypted file and the encrypted index to the server, to instruct the server to encrypt the encrypted file by using a first random server-side key sent by the key management center to form a ciphertext file;
    其中,所述第一随机用户秘钥和所述第一随机服务器端秘钥相关联。The first random user secret key is associated with the first random server-side secret key.
  2. 如权利要求1所述的数据加密方法,其特征在于,所述获取明文文件的明文关键词,基于所述明文关键词采用局部敏感哈希函数建立所述明文文件的文件索引,包括:The data encryption method according to claim 1, wherein the obtaining a plaintext keyword of the plaintext file, and establishing a file index of the plaintext file by using a local sensitive hash function based on the plaintext keyword, comprises:
    从明文文件中提取明文关键词,将所述明文关键词转化成明文关键词向量;Extracting the plaintext keyword from the plaintext file, and converting the plaintext keyword into a plaintext keyword vector;
    采用p-stable局部敏感哈希函数将每一明文关键词向量进行转换,获取对应的明文哈希值;Each plaintext keyword vector is converted by using a p-stable local sensitive hash function to obtain a corresponding plaintext hash value;
    将每一所述明文哈希值插入到布隆过滤器进行过滤,得到文件索引。Each of the plaintext hash values is inserted into the Bloom filter for filtering to obtain a file index.
  3. 如权利要求1所述的数据加密方法,其特征在于,所述采用第一随机用户秘钥分别加密所述明文文件和所述文件索引,获取加密文件和加密索引,包括:The data encryption method according to claim 1, wherein the encrypting the plaintext file and the file index by using the first random user key to obtain an encrypted file and an encrypted index, respectively, comprising:
    基于第一随机用户秘钥,采用ElGamal算法加密所述明文文件,获取加密文件;Encrypting the plaintext file by using an ElGamal algorithm to obtain an encrypted file, based on the first random user key;
    基于第一随机用户秘钥,采用哈希映射函数对所述第一随机用户秘钥进行处理,产生密钥K IThe first random user key is processed by using a hash mapping function to generate a key K I based on the first random user key;
    将文件索引I D按如下规则划分为两个索引向量{I′,I″}:对于每个元素i j∈I D,如果S j∈S且S j等于1,则设置i j′=i j″=i j;否则,i j′=1/2·i j+r,i j″=1/2·i j-r,其中,r为一随机数,S∈{0,1} mThe file index I D is divided into two index vectors {I', I"} as follows: For each element i j ∈ I D , if S j ∈ S and S j is equal to 1, then i j '= i is set j ′′=i j ; otherwise, i j ′=1/2·i j +r, i j ′′=1/2·i j −r, where r is a random number, S∈{0,1} m ;
    基于密钥K I和两个索引向量{I′,I″}加密文件索引,获取加密索引:Enc SK(I D)={M 1 T·I′,M 2 T·I″,Enc(K I,fid i)},其中,fid i为明文文件的文件ID,M 1,M 2∈R m*m为可逆矩阵。 Encrypted file index based on key K I and two index vectors {I', I''}, Enc SK (I D )={M 1 T ·I', M 2 T ·I′′, Enc(K I , fid i )}, where fid i is the file ID of the plaintext file, and M 1 , M 2 ∈R m*m is an invertible matrix.
  4. 一种数据查询方法,其特征在于,包括服务器端执行的如下步骤:A data query method, comprising the following steps performed by a server:
    获取查询关键词,采用局部敏感哈希函数对所述查询关键词进行处理,以形成查询陷门;Obtaining a query keyword, and processing the query keyword by using a local sensitive hash function to form a query trapdoor;
    基于所述查询关键词和所述查询陷门,将与查询陷门匹配成功的加密索引作为目标加密索引;Determining, by the query keyword and the query trapdoor, an encrypted index that successfully matches the query trapdoor as a target encryption index;
    基于目标加密索引,将与所述目标加密索引相对应的密文文件确定为目标密文文件;其中,所述密文文件是采用秘钥管理中心发送的第一随机服务器端秘钥对数据拥有端发送的加密文件进行加密后形成的;Determining, according to the target encryption index, a ciphertext file corresponding to the target encrypted index as a target ciphertext file; wherein the ciphertext file is owned by the first random server-side key sent by the key management center The encrypted file sent by the terminal is encrypted and formed;
    获取秘钥管理中心发送的第二随机服务器端秘钥;Obtaining a second random server-side key sent by the key management center;
    基于所述第二随机服务器端秘钥,对目标密文文件进行解密,获取目标加密文件;Decrypting the target ciphertext file based on the second random server-side key to obtain the target encrypted file;
    将所述目标加密文件发送至授权用户端,以指示所述授权用户端采用由秘钥管理中心发送的第二随机用户秘钥对所述目标加密文件进行解密,获取对应的明文文件;And sending the target encrypted file to the authorized client, to instruct the authorized client to decrypt the target encrypted file by using a second random user key sent by the key management center, to obtain a corresponding plaintext file;
    其中,所述第二随机用户秘钥和所述第二随机服务器端秘钥相关联。The second random user secret key is associated with the second random server end key.
  5. 如权利要求4所述的数据查询方法,其特征在于,所述获取查询关键词,采用局部敏感哈希函数对所述查询关键词进行处理,以形成查询陷门,具体包括:The data query method according to claim 4, wherein the obtaining the query keyword, and processing the query keyword by using a local sensitive hash function to form a query trapdoor includes:
    获取查询关键词,将查询关键词转换为查询关键词向量;Obtain query keywords and convert query keywords into query keyword vectors;
    采用p-stable局部敏感哈希函数将每一查询关键词向量进行转换,获取对应的查询哈希值;Each query keyword vector is converted by using a p-stable local sensitive hash function to obtain a corresponding query hash value;
    将每一所述查询哈希值插入到布隆过滤器进行过滤,获取查询关键值Q;Inserting each of the query hash values into a Bloom filter for filtering to obtain a query key value Q;
    将查询关键值Q按照以下规则划分为两个查询向量{Q′,Q″},对于查询关键值Q中的一个元素q j∈Q,如果S j∈S且S j等于1,则设置q j′=q j″=q j;否则,q j′=1/2·q j+r′,q j″=1/2·q j-r′,其中,r′为一随机数,S∈{0,1} mThe query key value Q is divided into two query vectors {Q', Q"} according to the following rules. For an element q j ∈Q in the query key value Q, if S j ∈S and S j is equal to 1, then q is set. j ′=q j ′′=q j ; otherwise, q j ′=1/2·q j +r′,q j ′′=1/2·q j —r′, where r′ is a random number, S ∈{0,1} m ;
    基于两个查询向量{Q′,Q″}加密查询关键值Q,获取查询陷门:Enc SK(Q)={M 1 -1·Q′,M 2 -1·Q″},其中,M 1,M 2∈R m*m为可逆矩阵。 The query key value Q is encrypted based on two query vectors {Q', Q"}, and the query trapdoor is obtained: Enc SK (Q)={M 1 -1 ·Q', M 2 -1 ·Q"}, where M 1 , M 2 ∈R m*m is an invertible matrix.
  6. 如权利要求4所述的数据查询方法,其特征在于,所述基于所述查询关键词和所述查询陷门,将与查询陷门匹配成功的加密索引作为目标加密索引,具体包括:The data query method according to claim 4, wherein the encrypted index matching the query trapdoor is used as the target encryption index based on the query keyword and the query trapdoor, and specifically includes:
    获取所述查询陷门与每一所述加密索引的内积值,作为查询内积值;Obtaining an inner product value of the query trapdoor and each of the encrypted indexes as a query inner product value;
    获取所述查询关键词与每一文件索引的内积值,作为数据内积值;Obtaining an inner product value of the query keyword and each file index as an inner product value of the data;
    获取查询内积值和数据内积值的差值,若查询内积值和数据内积值的差值在预设范围内,则查询陷门和所述加密索引匹配成功,将所述加密索引作为目标加密索引。Obtaining a difference between the inner product value of the query and the inner product value of the data. If the difference between the inner product value and the inner product value of the query is within a preset range, the query trapdoor and the encrypted index match successfully, and the encrypted index is used. Encrypt the index as a target.
  7. 一种数据加密装置,其特征在于,包括:A data encryption device, comprising:
    文件索引建立模块,用于获取明文文件的明文关键词,基于所述明文关键词采用局部敏感哈希函数建立所述明文文件的文件索引;a file index establishing module, configured to obtain a plaintext keyword of the plaintext file, and establish a file index of the plaintext file by using a local sensitive hash function based on the plaintext keyword;
    第一随机用户秘钥获取模块,用于获取秘钥管理中心发送的第一随机用户秘钥;a first random user key obtaining module, configured to acquire a first random user key sent by the key management center;
    加密文件和加密索引获取模块,用于采用第一随机用户秘钥分别加密所述明文文件和所述文件索引,获取加密文件和加密索引;The encrypted file and the encrypted index obtaining module are configured to respectively encrypt the plaintext file and the file index by using a first random user key to obtain an encrypted file and an encrypted index;
    加密文件和加密索引发送模块,用于将所述加密文件和所述加密索引发送至服务器端,以指示服务器端采用由秘钥管理中心发送的第一随机服务器端秘钥对所述加密文件进行加密,形成密文文件,其中第一随机用户秘钥和第一随机服务器端秘钥相关联。And an encrypted file sending module, configured to send the encrypted file and the encrypted index to the server, to instruct the server to use the first random server-side key sent by the key management center to perform the encrypted file Encrypted to form a ciphertext file, wherein the first random user key is associated with the first random server-side key.
  8. 一种数据查询装置,其特征在于,包括:A data query device, comprising:
    查询陷门获取模块,用于获取查询关键词,采用局部敏感哈希函数对所述查询关键词进行处理,以形成查询陷门;Querying a trapdoor obtaining module, configured to obtain a query keyword, and processing the query keyword by using a local sensitive hash function to form a query trapdoor;
    目标加密索引获取模块,用于基于所述查询关键词和所述查询陷门,将与查询陷门匹配成功的加密索引作为目标加密索引;a target encryption index obtaining module, configured to use, as the target encryption index, an encrypted index that successfully matches the query trapdoor based on the query keyword and the query trapdoor;
    目标密文文件获取模块,用于基于目标加密索引,将与所述目标加密索引相对应的密文文件确定为目标密文文件;其中,所述密文文件是采用秘钥管理中心发送的第一随机服务器端秘钥对数据拥有端发送的加密文件进行加密后形成的;a target ciphertext file obtaining module, configured to determine, according to the target encrypted index, a ciphertext file corresponding to the target encrypted index as a target ciphertext file; wherein the ciphertext file is sent by using a key management center a random server-side secret key is formed by encrypting an encrypted file sent by the data owner;
    第二随机服务器端秘钥获取模块,用于获取秘钥管理中心发送的第二随机服务器端秘钥;a second random server-side key acquisition module, configured to acquire a second random server-side key sent by the key management center;
    目标加密文件获取模块,用于基于所述第二随机服务器端秘钥,对目标密文文件进行解密,获取目标加密文件;The target encrypted file obtaining module is configured to decrypt the target ciphertext file based on the second random server-side key to obtain the target encrypted file;
    目标加密文件发送模块,用于将所述目标加密文件发送至授权用户端,以指示所述授权用户端采用由秘钥管理中心发送的第二随机用户秘钥对所述目标加密文件进行解密,获取对应的明文文件,其中,所述第二随机用户秘钥和所述第二随机服务器端秘钥相关联。a target encrypted file sending module, configured to send the target encrypted file to an authorized user end, to instruct the authorized user end to decrypt the target encrypted file by using a second random user key sent by the key management center, Obtaining a corresponding plaintext file, wherein the second random user secret key is associated with the second random server end key.
  9. 一种计算机设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,其特征在于,所述处理器执行所述计算机可读指令时实现如下步骤:A computer device comprising a memory, a processor, and computer readable instructions stored in the memory and operative on the processor, wherein the processor executes the computer readable instructions as follows step:
    获取明文文件的明文关键词,基于所述明文关键词采用局部敏感哈希函数建立所述明文文件的文件索引;Obtaining a plaintext keyword of the plaintext file, and establishing a file index of the plaintext file by using a local sensitive hash function based on the plaintext keyword;
    获取秘钥管理中心发送的第一随机用户秘钥;Obtaining a first random user key sent by the key management center;
    采用第一随机用户秘钥分别加密所述明文文件和所述文件索引,获取加密文件和加密索引;Encrypting the plaintext file and the file index by using a first random user key to obtain an encrypted file and an encrypted index;
    将所述加密文件和所述加密索引发送至服务器端,以指示服务器端采用由秘钥管理中 心发送的第一随机服务器端秘钥对所述加密文件进行加密,形成密文文件;And sending the encrypted file and the encrypted index to the server, to instruct the server to encrypt the encrypted file by using a first random server-side key sent by the key management center to form a ciphertext file;
    其中,所述第一随机用户秘钥和所述第一随机服务器端秘钥相关联。The first random user secret key is associated with the first random server-side secret key.
  10. 如权利要求9所述的计算机设备,其特征在于,所述获取明文文件的明文关键词,基于所述明文关键词采用局部敏感哈希函数建立所述明文文件的文件索引,包括:The computer device according to claim 9, wherein the obtaining a plaintext keyword of the plaintext file, and establishing a file index of the plaintext file by using a local sensitive hash function based on the plaintext keyword, comprises:
    从明文文件中提取明文关键词,将所述明文关键词转化成明文关键词向量;Extracting the plaintext keyword from the plaintext file, and converting the plaintext keyword into a plaintext keyword vector;
    采用p-stable局部敏感哈希函数将每一明文关键词向量进行转换,获取对应的明文哈希值;Each plaintext keyword vector is converted by using a p-stable local sensitive hash function to obtain a corresponding plaintext hash value;
    将每一所述明文哈希值插入到布隆过滤器进行过滤,得到文件索引。Each of the plaintext hash values is inserted into the Bloom filter for filtering to obtain a file index.
  11. 如权利要求9所述的计算机设备,其特征在于,所述采用第一随机用户秘钥分别加密所述明文文件和所述文件索引,获取加密文件和加密索引,包括:The computer device according to claim 9, wherein the encrypting the plaintext file and the file index by using a first random user key to obtain an encrypted file and an encrypted index, respectively, comprising:
    基于第一随机用户秘钥,采用ElGamal算法加密所述明文文件,获取加密文件;Encrypting the plaintext file by using an ElGamal algorithm to obtain an encrypted file, based on the first random user key;
    基于第一随机用户秘钥,采用哈希映射函数对所述第一随机用户秘钥进行处理,产生密钥K IThe first random user key is processed by using a hash mapping function to generate a key K I based on the first random user key;
    将文件索引I D按如下规则划分为两个索引向量{I′,I″}:对于每个元素i j∈I D,如果S j∈S且S j等于1,则设置i j′=i j″=i j;否则,i j′=1/2·i j+r,i j″=1/2·i j-r,其中,r为一随机数,S∈{0,1} mThe file index I D is divided into two index vectors {I', I"} as follows: For each element i j ∈ I D , if S j ∈ S and S j is equal to 1, then i j '= i is set j ′′=i j ; otherwise, i j ′=1/2·i j +r, i j ′′=1/2·i j −r, where r is a random number, S∈{0,1} m ;
    基于密钥K I和两个索引向量{I′,I″}加密文件索引,获取加密索引:Enc SK(I D)={M 1 T·I′,M 2 T·I″,Enc(K I,fid i)},其中,fid i为明文文件的文件ID,M 1,M 2∈R m*m为可逆矩阵。 Encrypted file index based on key K I and two index vectors {I', I''}, Enc SK (I D )={M 1 T ·I', M 2 T ·I′′, Enc(K I , fid i )}, where fid i is the file ID of the plaintext file, and M 1 , M 2 ∈R m*m is an invertible matrix.
  12. 一种计算机设备,包括存储器、处理器以及存储在所述存储器中并可在所述处理器上运行的计算机可读指令,其特征在于,所述处理器执行所述计算机可读指令时实现如下步骤:A computer device comprising a memory, a processor, and computer readable instructions stored in the memory and operative on the processor, wherein the processor executes the computer readable instructions as follows step:
    获取查询关键词,采用局部敏感哈希函数对所述查询关键词进行处理,以形成查询陷门;Obtaining a query keyword, and processing the query keyword by using a local sensitive hash function to form a query trapdoor;
    基于所述查询关键词和所述查询陷门,将与查询陷门匹配成功的加密索引作为目标加密索引;Determining, by the query keyword and the query trapdoor, an encrypted index that successfully matches the query trapdoor as a target encryption index;
    基于目标加密索引,将与所述目标加密索引相对应的密文文件确定为目标密文文件;其中,所述密文文件是采用秘钥管理中心发送的第一随机服务器端秘钥对数据拥有端发送的加密文件进行加密后形成的;Determining, according to the target encryption index, a ciphertext file corresponding to the target encrypted index as a target ciphertext file; wherein the ciphertext file is owned by the first random server-side key sent by the key management center The encrypted file sent by the terminal is encrypted and formed;
    获取秘钥管理中心发送的第二随机服务器端秘钥;Obtaining a second random server-side key sent by the key management center;
    基于所述第二随机服务器端秘钥,对目标密文文件进行解密,获取目标加密文件;Decrypting the target ciphertext file based on the second random server-side key to obtain the target encrypted file;
    将所述目标加密文件发送至授权用户端,以指示所述授权用户端采用由秘钥管理中心发送的第二随机用户秘钥对所述目标加密文件进行解密,获取对应的明文文件;And sending the target encrypted file to the authorized client, to instruct the authorized client to decrypt the target encrypted file by using a second random user key sent by the key management center, to obtain a corresponding plaintext file;
    其中,所述第二随机用户秘钥和所述第二随机服务器端秘钥相关联。The second random user secret key is associated with the second random server end key.
  13. 如权利要求12所述的计算机设备,其特征在于,所述获取查询关键词,采用局部敏感哈希函数对所述查询关键词进行处理,以形成查询陷门,具体包括:The computer device according to claim 12, wherein the obtaining a query keyword, and processing the query keyword by using a local sensitive hash function to form a query trapdoor comprises:
    获取查询关键词,将查询关键词转换为查询关键词向量;Obtain query keywords and convert query keywords into query keyword vectors;
    采用p-stable局部敏感哈希函数将每一查询关键词向量进行转换,获取对应的查询哈希值;Each query keyword vector is converted by using a p-stable local sensitive hash function to obtain a corresponding query hash value;
    将每一所述查询哈希值插入到布隆过滤器进行过滤,获取查询关键值Q;Inserting each of the query hash values into a Bloom filter for filtering to obtain a query key value Q;
    将查询关键值Q按照以下规则划分为两个查询向量{Q′,Q″},对于查询关键值Q中的一个元素q j∈Q,如果S j∈S且S j等于1,则设置q j′=q j″=q j;否则,q j′=1/2·q j+r′,q j″=1/2·q j-r′,其中,r′为一随机数,S∈{0,1} mThe query key value Q is divided into two query vectors {Q', Q"} according to the following rules. For an element q j ∈Q in the query key value Q, if S j ∈S and S j is equal to 1, then q is set. j ′=q j ′′=q j ; otherwise, q j ′=1/2·q j +r′,q j ′′=1/2·q j —r′, where r′ is a random number, S ∈{0,1} m ;
    基于两个查询向量{Q′,Q″}加密查询关键值Q,获取查询陷门:Enc SK(Q)={M 1 -1·Q′,M 2 -1·Q″},其中,M 1,M 2∈R m*m为可逆矩阵。 The query key value Q is encrypted based on two query vectors {Q', Q"}, and the query trapdoor is obtained: Enc SK (Q)={M 1 -1 ·Q', M 2 -1 ·Q"}, where M 1 , M 2 ∈R m*m is an invertible matrix.
  14. 如权利要求12所述的计算机设备,其特征在于,所述基于所述查询关键词和所述 查询陷门,将与查询陷门匹配成功的加密索引作为目标加密索引,具体包括:The computer device according to claim 12, wherein the encrypted index that successfully matches the query trapdoor is used as the target encryption index based on the query keyword and the query trapdoor, and specifically includes:
    获取所述查询陷门与每一所述加密索引的内积值,作为查询内积值;Obtaining an inner product value of the query trapdoor and each of the encrypted indexes as a query inner product value;
    获取所述查询关键词与每一文件索引的内积值,作为数据内积值;Obtaining an inner product value of the query keyword and each file index as an inner product value of the data;
    获取查询内积值和数据内积值的差值,若查询内积值和数据内积值的差值在预设范围内,则查询陷门和所述加密索引匹配成功,将所述加密索引作为目标加密索引。Obtaining a difference between the inner product value of the query and the inner product value of the data. If the difference between the inner product value and the inner product value of the query is within a preset range, the query trapdoor and the encrypted index match successfully, and the encrypted index is used. Encrypt the index as a target.
  15. 一个或多个存储有计算机可读指令的非易失性可读存储介质,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行如下步骤:One or more non-transitory readable storage mediums storing computer readable instructions, when executed by one or more processors, cause the one or more processors to perform the following steps:
    获取明文文件的明文关键词,基于所述明文关键词采用局部敏感哈希函数建立所述明文文件的文件索引;Obtaining a plaintext keyword of the plaintext file, and establishing a file index of the plaintext file by using a local sensitive hash function based on the plaintext keyword;
    获取秘钥管理中心发送的第一随机用户秘钥;Obtaining a first random user key sent by the key management center;
    采用第一随机用户秘钥分别加密所述明文文件和所述文件索引,获取加密文件和加密索引;Encrypting the plaintext file and the file index by using a first random user key to obtain an encrypted file and an encrypted index;
    将所述加密文件和所述加密索引发送至服务器端,以指示服务器端采用由秘钥管理中心发送的第一随机服务器端秘钥对所述加密文件进行加密,形成密文文件;And sending the encrypted file and the encrypted index to the server, to instruct the server to encrypt the encrypted file by using a first random server-side key sent by the key management center to form a ciphertext file;
    其中,所述第一随机用户秘钥和所述第一随机服务器端秘钥相关联。The first random user secret key is associated with the first random server-side secret key.
  16. 如权利要求15所述的非易失性可读存储介质,其特征在于,所述获取明文文件的明文关键词,基于所述明文关键词采用局部敏感哈希函数建立所述明文文件的文件索引,包括:The non-volatile readable storage medium according to claim 15, wherein the obtaining a plaintext keyword of the plaintext file, and establishing a file index of the plaintext file by using a local sensitive hash function based on the plaintext keyword ,include:
    从明文文件中提取明文关键词,将所述明文关键词转化成明文关键词向量;Extracting the plaintext keyword from the plaintext file, and converting the plaintext keyword into a plaintext keyword vector;
    采用p-stable局部敏感哈希函数将每一明文关键词向量进行转换,获取对应的明文哈希值;Each plaintext keyword vector is converted by using a p-stable local sensitive hash function to obtain a corresponding plaintext hash value;
    将每一所述明文哈希值插入到布隆过滤器进行过滤,得到文件索引。Each of the plaintext hash values is inserted into the Bloom filter for filtering to obtain a file index.
  17. 如权利要求15所述的非易失性可读存储介质,其特征在于,所述采用第一随机用户秘钥分别加密所述明文文件和所述文件索引,获取加密文件和加密索引,包括:The non-volatile readable storage medium according to claim 15, wherein the encrypting the plaintext file and the file index by using a first random user key to obtain an encrypted file and an encrypted index, respectively:
    基于第一随机用户秘钥,采用ElGamal算法加密所述明文文件,获取加密文件;Encrypting the plaintext file by using an ElGamal algorithm to obtain an encrypted file, based on the first random user key;
    基于第一随机用户秘钥,采用哈希映射函数对所述第一随机用户秘钥进行处理,产生密钥K IThe first random user key is processed by using a hash mapping function to generate a key K I based on the first random user key;
    将文件索引I D按如下规则划分为两个索引向量{I′,I″}:对于每个元素i j∈I D,如果S j∈S且S j等于1,则设置i j′=i j″=i j;否则,i j′=1/2·i j+r,i j″=1/2·i j-r,其中,r为一随机数,S∈{0,1} mThe file index I D is divided into two index vectors {I', I"} as follows: For each element i j ∈ I D , if S j ∈ S and S j is equal to 1, then i j '= i is set j ′′=i j ; otherwise, i j ′=1/2·i j +r, i j ′′=1/2·i j −r, where r is a random number, S∈{0,1} m ;
    基于密钥K I和两个索引向量{I′,I″}加密文件索引,获取加密索引:Enc SK(I D)={M 1 T·I′,M 2 T·I″,Enc(K I,fid i)},其中,fid i为明文文件的文件ID,M 1,M 2∈R m*m为可逆矩阵。 Encrypted file index based on key K I and two index vectors {I', I''}, Enc SK (I D )={M 1 T ·I', M 2 T ·I′′, Enc(K I , fid i )}, where fid i is the file ID of the plaintext file, and M 1 , M 2 ∈R m*m is an invertible matrix.
  18. 一个或多个存储有计算机可读指令的非易失性可读存储介质,所述计算机可读指令被一个或多个处理器执行时,使得所述一个或多个处理器执行如下步骤:One or more non-transitory readable storage mediums storing computer readable instructions, when executed by one or more processors, cause the one or more processors to perform the following steps:
    获取查询关键词,采用局部敏感哈希函数对所述查询关键词进行处理,以形成查询陷门;Obtaining a query keyword, and processing the query keyword by using a local sensitive hash function to form a query trapdoor;
    基于所述查询关键词和所述查询陷门,将与查询陷门匹配成功的加密索引作为目标加密索引;Determining, by the query keyword and the query trapdoor, an encrypted index that successfully matches the query trapdoor as a target encryption index;
    基于目标加密索引,将与所述目标加密索引相对应的密文文件确定为目标密文文件;其中,所述密文文件是采用秘钥管理中心发送的第一随机服务器端秘钥对数据拥有端发送的加密文件进行加密后形成的;Determining, according to the target encryption index, a ciphertext file corresponding to the target encrypted index as a target ciphertext file; wherein the ciphertext file is owned by the first random server-side key sent by the key management center The encrypted file sent by the terminal is encrypted and formed;
    获取秘钥管理中心发送的第二随机服务器端秘钥;Obtaining a second random server-side key sent by the key management center;
    基于所述第二随机服务器端秘钥,对目标密文文件进行解密,获取目标加密文件;Decrypting the target ciphertext file based on the second random server-side key to obtain the target encrypted file;
    将所述目标加密文件发送至授权用户端,以指示所述授权用户端采用由秘钥管理中心发送的第二随机用户秘钥对所述目标加密文件进行解密,获取对应的明文文件;And sending the target encrypted file to the authorized client, to instruct the authorized client to decrypt the target encrypted file by using a second random user key sent by the key management center, to obtain a corresponding plaintext file;
    其中,所述第二随机用户秘钥和所述第二随机服务器端秘钥相关联。The second random user secret key is associated with the second random server end key.
  19. 如权利要求18所述的非易失性可读存储介质,其特征在于,所述获取查询关键词,采用局部敏感哈希函数对所述查询关键词进行处理,以形成查询陷门,具体包括:The non-volatile readable storage medium according to claim 18, wherein the obtaining a query keyword, the local query-sensitive hash function is used to process the query keyword to form a query trapdoor, specifically including :
    获取查询关键词,将查询关键词转换为查询关键词向量;Obtain query keywords and convert query keywords into query keyword vectors;
    采用p-stable局部敏感哈希函数将每一查询关键词向量进行转换,获取对应的查询哈希值;Each query keyword vector is converted by using a p-stable local sensitive hash function to obtain a corresponding query hash value;
    将每一所述查询哈希值插入到布隆过滤器进行过滤,获取查询关键值Q;Inserting each of the query hash values into a Bloom filter for filtering to obtain a query key value Q;
    将查询关键值Q按照以下规则划分为两个查询向量{Q′,Q″},对于查询关键值Q中的一个元素q j∈Q,如果S j∈S且S j等于1,则设置q j′=q j″=q j;否则,q j′=1/2·q j+r′,q j″=1/2·q j-r′,其中,r′为一随机数,S∈{0,1} mThe query key value Q is divided into two query vectors {Q', Q"} according to the following rules. For an element q j ∈Q in the query key value Q, if S j ∈S and S j is equal to 1, then q is set. j ′=q j ′′=q j ; otherwise, q j ′=1/2·q j +r′,q j ′′=1/2·q j —r′, where r′ is a random number, S ∈{0,1} m ;
    基于两个查询向量{Q′,Q″}加密查询关键值Q,获取查询陷门:Enc SK(Q)={M 1 -1·Q′,M 2 -1·Q″},其中,M 1,M 2∈R m*m为可逆矩阵。 The query key value Q is encrypted based on two query vectors {Q', Q"}, and the query trapdoor is obtained: Enc SK (Q)={M 1 -1 ·Q', M 2 -1 ·Q"}, where M 1 , M 2 ∈R m*m is an invertible matrix.
  20. 如权利要求18所述的非易失性可读存储介质,其特征在于,所述基于所述查询关键词和所述查询陷门,将与查询陷门匹配成功的加密索引作为目标加密索引,具体包括:The non-volatile readable storage medium according to claim 18, wherein the encrypted index matching the query trapdoor is used as a target encrypted index based on the query keyword and the query trapdoor. Specifically include:
    获取所述查询陷门与每一所述加密索引的内积值,作为查询内积值;Obtaining an inner product value of the query trapdoor and each of the encrypted indexes as a query inner product value;
    获取所述查询关键词与每一文件索引的内积值,作为数据内积值;Obtaining an inner product value of the query keyword and each file index as an inner product value of the data;
    获取查询内积值和数据内积值的差值,若查询内积值和数据内积值的差值在预设范围内,则查询陷门和所述加密索引匹配成功,将所述加密索引作为目标加密索引。Obtaining a difference between the inner product value of the query and the inner product value of the data. If the difference between the inner product value and the inner product value of the query is within a preset range, the query trapdoor and the encrypted index match successfully, and the encrypted index is used. Encrypt the index as a target.
PCT/CN2018/091912 2018-03-22 2018-06-20 Data encryption method, data query method, data encryption apparatus, data query apparatus, device and storage medium WO2019178958A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201810239555.XA CN108632248B (en) 2018-03-22 2018-03-22 Data ciphering method, data query method, apparatus, equipment and storage medium
CN201810239555.X 2018-03-22

Publications (1)

Publication Number Publication Date
WO2019178958A1 true WO2019178958A1 (en) 2019-09-26

Family

ID=63696270

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/091912 WO2019178958A1 (en) 2018-03-22 2018-06-20 Data encryption method, data query method, data encryption apparatus, data query apparatus, device and storage medium

Country Status (2)

Country Link
CN (1) CN108632248B (en)
WO (1) WO2019178958A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112233666A (en) * 2020-10-22 2021-01-15 中国科学院信息工程研究所 Method and system for storing and retrieving Chinese voice ciphertext in cloud storage environment

Families Citing this family (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109857385B (en) * 2018-12-24 2022-01-28 四川长虹电器股份有限公司 Application program file packaging method, installation method and starting method
CN109656600B (en) * 2019-01-02 2022-03-22 延锋伟世通电子科技(上海)有限公司 Vehicle-mounted software upgrading method, system, device and medium
CN110351079B (en) * 2019-07-09 2022-03-01 政采云有限公司 Three-party decryption method based on parent-child relationship verification
CN110489998B (en) * 2019-08-21 2021-02-26 青岛大学 Searchable encryption method, device, equipment and readable storage medium
CN113094573A (en) * 2020-01-09 2021-07-09 中移(上海)信息通信科技有限公司 Multi-keyword sequencing searchable encryption method, device, equipment and storage medium
CN111859421B (en) * 2020-07-08 2024-08-13 中国软件与技术服务股份有限公司 Word vector-based multi-keyword ciphertext storage and retrieval method and system
US11550949B2 (en) * 2020-07-21 2023-01-10 Constella Intelligence, Inc. Secure exchange of password presence data
CN111988133B (en) * 2020-08-18 2023-05-16 浪潮商用机器有限公司 System SM4 encryption and decryption verification method, device, equipment and storage medium
CN112668042B (en) * 2020-12-16 2022-12-02 西安电子科技大学 File encryption method
CN114978560B (en) * 2021-02-24 2023-07-18 中国联合网络通信集团有限公司 Plaintext cipher encryption and decryption method, device, equipment and medium
CN113225318B (en) * 2021-04-14 2022-09-20 山东省计算中心(国家超级计算济南中心) Method and system for government affair big data encryption transmission and safe storage
CN113779597B (en) * 2021-08-19 2023-08-18 深圳技术大学 Method, device, equipment and medium for storing and similar searching of encrypted document
CN113987557A (en) * 2021-12-24 2022-01-28 亿次网联(杭州)科技有限公司 File encryption processing method and system, electronic equipment and storage medium
CN115391642B (en) * 2022-07-28 2023-03-10 京信数据科技有限公司 Privacy query method and system based on secret sharing
CN115310132B (en) * 2022-08-25 2023-04-25 北京华宜信科技有限公司 Data identity identification and data fragmentation method and device
CN115292737B (en) * 2022-10-08 2022-12-09 成都泛联智存科技有限公司 Multi-keyword fuzzy search encryption method and system and electronic equipment
CN115935429B (en) * 2022-12-30 2023-08-22 上海零数众合信息科技有限公司 Data processing method, device, medium and electronic equipment

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100138399A1 (en) * 2008-12-01 2010-06-03 Electronics And Telecommunications Research Institute Method for data encryption and method for data search using conjunctive keyword
CN106326360A (en) * 2016-08-10 2017-01-11 武汉科技大学 Fuzzy multi-keyword retrieval method of encrypted data in cloud environment
CN106330865A (en) * 2016-08-12 2017-01-11 安徽大学 Attribute-Based Keyword Search Method Supporting Efficient Revocation in Cloud Environment
CN107220343A (en) * 2017-05-26 2017-09-29 福州大学 Chinese multi-key word Fuzzy Sorting cipher text searching method based on local sensitivity Hash
CN107359986A (en) * 2017-07-03 2017-11-17 暨南大学 The outsourcing encryption and decryption CP ABE methods of user revocation

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070258586A1 (en) * 2006-04-28 2007-11-08 Chien-Chung Huang Personal video recorder having dynamic security functions and method thereof
FR2975550B1 (en) * 2011-05-18 2013-07-12 Morpho ACCESS PROTECTED BY BIOMETRY TO ELECTRONIC DEVICES
CN105262843B (en) * 2015-11-12 2019-06-21 武汉理工大学 A kind of anti-data-leakage guard method for cloud storage environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20100138399A1 (en) * 2008-12-01 2010-06-03 Electronics And Telecommunications Research Institute Method for data encryption and method for data search using conjunctive keyword
CN106326360A (en) * 2016-08-10 2017-01-11 武汉科技大学 Fuzzy multi-keyword retrieval method of encrypted data in cloud environment
CN106330865A (en) * 2016-08-12 2017-01-11 安徽大学 Attribute-Based Keyword Search Method Supporting Efficient Revocation in Cloud Environment
CN107220343A (en) * 2017-05-26 2017-09-29 福州大学 Chinese multi-key word Fuzzy Sorting cipher text searching method based on local sensitivity Hash
CN107359986A (en) * 2017-07-03 2017-11-17 暨南大学 The outsourcing encryption and decryption CP ABE methods of user revocation

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112233666A (en) * 2020-10-22 2021-01-15 中国科学院信息工程研究所 Method and system for storing and retrieving Chinese voice ciphertext in cloud storage environment

Also Published As

Publication number Publication date
CN108632248A (en) 2018-10-09
CN108632248B (en) 2019-10-29

Similar Documents

Publication Publication Date Title
WO2019178958A1 (en) Data encryption method, data query method, data encryption apparatus, data query apparatus, device and storage medium
CN110224986B (en) Efficient searchable access control method based on hidden policy CP-ABE
WO2021208690A1 (en) Method and apparatus for data encryption and decryption, device, and storage medium
US10984052B2 (en) System and method for multiple-character wildcard search over encrypted data
CN109660555B (en) Content secure sharing method and system based on proxy re-encryption
CN107256248B (en) Wildcard-based searchable encryption method in cloud storage security
JP6180177B2 (en) Encrypted data inquiry method and system capable of protecting privacy
CN109361644B (en) Fuzzy attribute based encryption method supporting rapid search and decryption
CN106875325B (en) Searchable image encryption algorithm
CN108400970B (en) Similar data message locking, encrypting and de-duplicating method in cloud environment and cloud storage system
WO2019090841A1 (en) Encrypted file retrieval method and system, terminal device and storage medium
CN112332979B (en) Ciphertext search method, system and equipment in cloud computing environment
CN114417073B (en) Neighbor node query method and device of encryption graph and electronic equipment
AU2017440029B2 (en) Cryptographic key generation for logically sharded data stores
CN111556048B (en) Attribute-based secure communication method and system supporting ciphertext mode matching
Zhu et al. Privacy-preserving search for a similar genomic makeup in the cloud
CN109783456B (en) Duplication removing structure building method, duplication removing method, file retrieving method and duplication removing system
CN114900301A (en) Public key searchable encryption method meeting MCI (Multi-core identity) security and specifying server
CN118094636A (en) Data retrieval method and system with multi-level authority access control
CN114567639A (en) Lightweight access control system and method based on block chain
CN108920968B (en) File searchable encryption method based on connection keywords
Shen et al. Multi-Keywords Searchable Attribute-Based Encryption With Verification and Attribute Revocation Over Cloud Data
CN115935426A (en) Remote image feature extraction and retrieval method based on SGX
Zhou et al. An efficient encrypted deduplication scheme with security-enhanced proof of ownership in edge computing
CN113065146A (en) Homomorphic encryption method for block chain data protection

Legal Events

Date Code Title Description
NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC (EPO FORM 1205A DATED 25.01.2021)

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18910336

Country of ref document: EP

Kind code of ref document: A1

122 Ep: pct application non-entry in european phase

Ref document number: 18910336

Country of ref document: EP

Kind code of ref document: A1