WO2020133032A1 - Multi-user ciphertext search method capable of preventing forgery - Google Patents

Multi-user ciphertext search method capable of preventing forgery Download PDF

Info

Publication number
WO2020133032A1
WO2020133032A1 PCT/CN2018/124205 CN2018124205W WO2020133032A1 WO 2020133032 A1 WO2020133032 A1 WO 2020133032A1 CN 2018124205 W CN2018124205 W CN 2018124205W WO 2020133032 A1 WO2020133032 A1 WO 2020133032A1
Authority
WO
WIPO (PCT)
Prior art keywords
ciphertext
index
key
user
search
Prior art date
Application number
PCT/CN2018/124205
Other languages
French (fr)
Chinese (zh)
Inventor
刘宏伟
吴楚欣
张鹏
Original Assignee
深圳技术大学(筹)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 深圳技术大学(筹) filed Critical 深圳技术大学(筹)
Priority to PCT/CN2018/124205 priority Critical patent/WO2020133032A1/en
Publication of WO2020133032A1 publication Critical patent/WO2020133032A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/40Network security protocols
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Definitions

  • the invention relates to the technical field of information security, in particular to a multi-user ciphertext search method capable of preventing forgery.
  • cloud computing technology has powerful computing and storage capabilities, and in order to reduce the cost of data storage and management, enterprises and individuals are increasingly inclined to upload data to cloud servers; however, such as health data , Financial statements, e-mail and other sensitive data uploaded to the cloud server will bring a series of privacy issues; using encryption technology to process data can ensure the confidentiality of the data, but the availability and flexibility of the encrypted data will be reduced, in a large number of files Searching for specific data or files can be extremely difficult.
  • the searchable encryption technology can solve the above-mentioned problems, and the searchable encryption technology can search for specific keywords in the encrypted data; at present, most searchable encryption methods are based on single-user search under a symmetric encryption system Mode, and data sharing under the single-user model requires the data owner to provide search keys or generate search traps for authorized users online at all times. It can be seen that the single-user search mode cannot meet the situation where a large amount of data needs to be shared; Controlling the implementation of the multi-user model can limit the user's search authority, without requiring the data owner to be online at all times, which solves the defect of the single-user model.
  • a first aspect of the present invention provides a multi-user ciphertext search method capable of preventing forgery, including: a data owner encrypts a file with a symmetric key to generate a first file ciphertext, and generates a first Key, and upload the first file ciphertext to the cloud server; the data owner generates the index set and index array of the first file ciphertext, encrypts the first key using the attribute-based encryption scheme to obtain the second ciphertext, and The encrypted index of the ciphertext of the first file is uploaded to the cloud server; the private key generator PKG generates a second key corresponding to the user according to the user attribute set and sends it to the user; the user selects the search keyword set; the user uses the attribute-based encryption scheme Use the second key to decrypt the second ciphertext to get the first key; the user generates a search trapdoor based on the search keyword set and sends it to the cloud server; the cloud server uses the search trapdoor to search
  • Different users have different attribute sets, which can generate different second keys for different users, so that each user's second key can only decrypt the encrypted index of the first ciphertext file that meets its strategy; the user is in When generating an encrypted index of the ciphertext of the first file, a pair of public and private keys is generated, and the private key is used as an element of the encrypted index, and the public key is shared with other users for search, so that other users cannot forge other users’ second keys
  • Data improves the security of data involved in cloud storage and cloud computing.
  • FIG. 1 is a schematic block diagram of a flow of a multi-user ciphertext search method that can prevent forgery according to the present invention
  • FIG. 2 is a schematic block diagram of the structure of the electronic device of the present invention.
  • a first aspect of the present invention provides a multi-user ciphertext search method capable of preventing forgery, including: a data owner encrypts a file with a symmetric key to generate a first file ciphertext, generates a first key for extracting the file, and The first file ciphertext is uploaded to the cloud server; the data owner generates the index set and index array of the first file ciphertext, uses the attribute-based encryption scheme to encrypt the first key to obtain the second ciphertext, and encrypts the first file ciphertext
  • the encrypted index is uploaded to the cloud server;
  • the private key generator PKG generates a second key corresponding to the user according to the user attribute set and sends it to the user;
  • the user selects the search keyword set;
  • the user uses the attribute-based encryption scheme to use the second key Decrypt the second ciphertext to obtain the first key;
  • the user generates a search trapdoor according to the search keyword set and sends it to the cloud server; the cloud server
  • the search method further includes: generating all keyword sets; generating a file set; and generating a symmetric key set of the first file ciphertext.
  • the generation of the search trapdoor includes: verifying the second key, if the second key satisfies the access strategy, it is successfully decrypted, and if the second key does not satisfy the access strategy, a null value is returned; After successful decryption, generate the ciphertext of the keyword sent to the cloud server; generate a third key based on the keyword; generate a counter and calculate the trapdoor element until the server stops, then stop calculating the trapdoor element.
  • the index set and index array for generating the ciphertext of the first file include: defining an anti-collision hash function; defining a pseudo-random function, and randomly selecting a first key according to the pseudo-random function; and generating a keyword set Indexed index array; generate the first empty set; generate the key set index ciphertext; fill the first empty set with the key set index ciphertext to form the index set; based on the first key, access policy, and the system-generated public key The key forms a second ciphertext; an encrypted index of the first file ciphertext is generated according to the index set, the index array, and the second ciphertext.
  • the filling of the first empty set to form an index set includes: defining security parameters; defining a bilinear group with prime order and generator; randomly selecting integers within the prime order and calculating keyword ciphertext; initialization The first key, and randomly select the security parameter as an integer within the prime order; initialize the counter according to a random order; calculate the index ciphertext, encrypt the initialized first key, and define the index number; define the index of the index set Elements, and calculate the index set elements according to the generator, the initialized first key, the random number, and the index elements; calculate all the index set elements according to the counter.
  • the index array for generating a key set index includes: generating an empty list; adding index elements and generators to the power of the index to the empty list in an array manner to generate an index array.
  • using the search trapdoor to search the search result set corresponding to the keyword set includes: generating a second empty set; defining a verification formula, and calculating the keyword ciphertext and generator as elements of the formula, If the result of the calculation is equal to the result of the trapdoor, the index set is assigned to the second empty set; the index elements and generator indexes are retrieved from the second empty set according to the current count of the counter An array formed by several powers; determine whether the index element belongs to the index set; if the index element belongs to the index set, merge the index element into the search result set.
  • the user extracting the first file ciphertext set corresponding to the search result set and decrypting using the corresponding symmetric key includes: decrypting the search results in the search result set according to the first key, obtaining the file identifier and Symmetric encryption key; send the file identifier to the cloud server to obtain the first file ciphertext returned by the cloud server, and use the corresponding symmetric key to extract the file corresponding to the first file ciphertext.
  • a second aspect of the present invention provides an electronic device, including: a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor executes the computer program When any of the above methods are implemented.
  • a third aspect of the present invention provides a computer-readable storage medium on which a computer program is stored, characterized in that, when the computer program is executed by a processor, any one of the methods described above is implemented.
  • FIG. 1 is a multi-user ciphertext search method capable of preventing forgery, including: S1, a data owner encrypts a file with a symmetric key to generate a first file ciphertext, and generates a first key for extracting a file, Upload the first file ciphertext to the cloud server; S2, the data owner generates the index set and index array of the first file ciphertext, encrypts the first key using the attribute-based encryption scheme to obtain the second ciphertext, and then An encrypted index of a file ciphertext is uploaded to the cloud server; S3, the private key generator PKG generates a second key corresponding to the user according to the user attribute set and sends it to the user; S4, the user selects the search keyword set; S5, the user Use the attribute-based encryption scheme to decrypt the second ciphertext using the second key to obtain the first key; S6, the user generates a search trapdoor based on the search keyword set and sends it to the cloud server; S7,
  • a pair of public and private keys are generated when the index is encrypted, the private key is used as an element of the encrypted index, and the public key is shared with other users for search.
  • the search method further includes: generating all keyword sets; generating a file set; generating a symmetric key set of the first file ciphertext.
  • the key Words, files, and symmetric keys are collected separately, so that when using the search method provided in this application, keywords, files, and symmetric keys can be quickly found in the corresponding set, thereby improving search efficiency.
  • Generating search trapdoors includes: verifying the second key, if the second key satisfies the access strategy, it will be successfully decrypted, if the second key does not meet the access strategy, it will return a null value; after successful decryption, generate and send to the cloud server The keyword ciphertext; generate the third key according to the keyword; generate a counter and calculate the trapdoor element until the server stops, then stop calculating the trapdoor element.
  • the message (stag, xtoken[1], xtoken[2],...) sent to the server is defined as: key generation
  • w 1 ), generate and run the counter c, and make c 1, 2, ...
  • Generating the encrypted index of the ciphertext of the first file includes: defining a collision-resistant hash function; defining a pseudo-random function, and randomly selecting the first key according to the pseudo-random function; generating an index array of key set indexes; generating a first empty set ; Generate the keyword set index ciphertext; fill the first empty set with the keyword set index ciphertext to form the index set; form the second ciphertext based on the first key, access strategy, and the public key generated by the system; according to the index set, index The array and the second ciphertext generate an encrypted index of the ciphertext of the first file.
  • Open g s initialize the first key k 1 ⁇ F(k,1
  • r i ), encrypt k 1 to get z ⁇ P(k 1 ,c) ⁇ -1 , and define y ⁇ rind ⁇ z -1 , convert (rind, g y ) Add to t, define xtag as XSet is an element, calculate Add xtag to XSet, c ⁇ c+1, T[stag w ] ⁇ t, where ⁇ is the access strategy; output EDB (XSet, T, C).
  • Filling the first empty set to form an index set includes: defining security parameters; defining a bilinear group with prime order and generator; randomly selecting integers within prime order and calculating key ciphertext; initializing the first key and randomizing Select the security parameter as an integer within the prime order; initialize the counter according to a random order; calculate the index ciphertext, encrypt the initial first key, and define the index number; define the index elements of the index set, and according to the generator, initialize the first The key, random number, and index elements are used to calculate the index set elements; all the index set elements are calculated according to the counter.
  • the index array for generating the keyword collection index includes: generating an empty list; adding the index power of the index element and generator to the empty list in an array manner to generate the index array.
  • Using search trapdoors to search the search result set corresponding to the keyword set includes: generating a second empty set; defining a verification formula, and calculating the keyword ciphertext and generator as elements of the formula. If the results of the gates are equal, the index set is assigned to the second empty set; according to the current count of the counter, the index element and the array of generator index powers are retrieved from the second empty set; determine whether the index element belongs to the index set, If the index element belongs to the index set, the index element is merged into the search result set.
  • the user extracts the first file ciphertext set corresponding to the search result set, and decrypts using the corresponding symmetric key includes: decrypting the search results in the search result set according to the first key, obtaining the file identifier and the symmetric encryption key Sending the file identifier to the cloud server to obtain the first file ciphertext returned by the cloud server, and extracting the file corresponding to the first file ciphertext with the corresponding symmetric key.
  • the user executes the extraction algorithm on the client, enters the search result l and the first key k, and returns the search result.
  • the extraction algorithm Retrieve (l, k) is described as follows: The user decrypts the search result l with the first key k, and obtains the document id i and the corresponding key r i , for rind ⁇ l: calculate (id i
  • An embodiment of the present application provides an electronic device. Please refer to 2.
  • the electronic device includes: a memory 601, a processor 602, and a computer program stored on the memory 601 and executable on the processor 602.
  • the processor 602 executes the computer program At this time, the anti-counterfeiting multi-user ciphertext search method described in the foregoing embodiments of FIG. 1 to FIG. 4 is implemented.
  • the electronic device further includes: at least one input device 603 and at least one output device 604.
  • the memory 601, the processor 602, the input device 603, and the output device 604 are connected via a bus 605.
  • the input device 603 may specifically be a camera, a touch panel, a physical button, a mouse, or the like.
  • the output device 604 may specifically be a display screen.
  • the memory 601 may be a high-speed random access memory (RAM, Random Access Memory) memory, or may be a non-volatile memory (non-volatile memory), such as a disk memory.
  • RAM Random Access Memory
  • non-volatile memory non-volatile memory
  • the memory 601 is used to store a set of executable program codes, and the processor 602 is coupled to the memory 601.
  • an embodiment of the present application further provides a computer-readable storage medium.
  • the computer-readable storage medium may be provided in the electronic device in each of the foregoing embodiments, and the computer-readable storage medium may be as shown in FIG. 2 described above.
  • the memory 601 in the embodiment is shown.
  • a computer program is stored on the computer-readable storage medium, and when the program is executed by the processor 602, the multi-user ciphertext search method that can be prevented from forgery described in the foregoing method embodiments is implemented.
  • the computer storable medium may also be various media that can store program codes, such as a U disk, a mobile hard disk, a read-only memory 601 (ROM, Read-Only Memory), RAM, a magnetic disk, or an optical disk.
  • program codes such as a U disk, a mobile hard disk, a read-only memory 601 (ROM, Read-Only Memory), RAM, a magnetic disk, or an optical disk.
  • the disclosed device and method may be implemented in other ways.
  • the device embodiments described above are only schematic.
  • the division of the modules is only a division of logical functions.
  • there may be other divisions for example, multiple modules or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented.
  • the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or modules, and may be in electrical, mechanical or other forms.
  • modules described as separate components may or may not be physically separated, and the components displayed as modules may or may not be physical modules, that is, they may be located in one place, or may be distributed on multiple network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
  • each functional module in each embodiment of the present invention may be integrated into one processing module, or each module may exist alone physically, or two or more modules may be integrated into one module.
  • the above integrated modules can be implemented in the form of hardware or software function modules.
  • the integrated module is implemented in the form of a software function module and sold or used as an independent product, it may be stored in a computer-readable storage medium.
  • the technical solution of the present invention essentially or part of the contribution to the existing technology or all or part of the technical solution can be embodied in the form of a software product, the computer software product is stored in a storage medium , Including several instructions to enable a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention.
  • the aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program code .

Abstract

Disclosed is a multi-user ciphertext search method capable of preventing forgery. The method is adopted to avoid a situation in which each user having a public key is disguised as a data owner to encrypt and upload data. The method comprises: using a symmetric key to encrypt a file so as to generate a first file ciphertext, generating a first key for file extraction, and uploading the first file ciphertext to a cloud server; generating an index set and an index array of the first file ciphertext, encrypting the first key to obtain a second ciphertext, and uploading the encrypted index of the first file ciphertext to the cloud server; generating a second key, and sending the second key to a user; the user selecting a search keyword set, and using the second key to decrypt the second ciphertext so as to obtain the first key, generating a search trapdoor according to the search keyword set, and sending the search trapdoor to the cloud server; the cloud server using the search trapdoor to search for a search result set, and returning the search result set to the user; and the user extracting a first file ciphertext set, and using a corresponding symmetric key to perform decryption. The method improves the security of data involved in cloud storage and cloud computing.

Description

一种可防伪造的多用户密文搜索方法Multi-user ciphertext search method capable of preventing forgery 技术领域Technical field
本发明涉及信息安全技术领域,尤其涉及一种可防伪造的多用户密文搜索方法。The invention relates to the technical field of information security, in particular to a multi-user ciphertext search method capable of preventing forgery.
背景技术Background technique
随着互联网技术的发展,现在的云计算技术具有强大的计算和存储能力,而为了减少数据存储和管理的开销,企业和个人越来越倾向于将数据上传至云服务器;然而,如健康数据、财务报表、电子邮件等敏感数据上传至云服务器会带来一系列的隐私问题;使用加密技术处理数据可以保证数据的机密性,但是加密后的数据可用性和灵活性会降低,在大量的文件中搜索特定数据或文件会极其困难。With the development of Internet technology, current cloud computing technology has powerful computing and storage capabilities, and in order to reduce the cost of data storage and management, enterprises and individuals are increasingly inclined to upload data to cloud servers; however, such as health data , Financial statements, e-mail and other sensitive data uploaded to the cloud server will bring a series of privacy issues; using encryption technology to process data can ensure the confidentiality of the data, but the availability and flexibility of the encrypted data will be reduced, in a large number of files Searching for specific data or files can be extremely difficult.
在现有技术中,可搜索加密技术能够解决上述提出的问题,可搜索加密技术能够实现在加密数据中搜索特定的关键字;目前大多数可搜索加密方法是基于对称加密体制下的单用户搜索模式,而在单用户模型下实现数据共享需要数据属主时刻在线为授权用户提供搜索密钥或生成搜索陷门,由此可见,单用户搜索模式不能满足大量数据需要共享的情况;在引入访问控制实现多用户模型可以对用户的搜索权限进行限制,不需要数据属主时刻在线,解决了单用户模型的缺陷。In the prior art, the searchable encryption technology can solve the above-mentioned problems, and the searchable encryption technology can search for specific keywords in the encrypted data; at present, most searchable encryption methods are based on single-user search under a symmetric encryption system Mode, and data sharing under the single-user model requires the data owner to provide search keys or generate search traps for authorized users online at all times. It can be seen that the single-user search mode cannot meet the situation where a large amount of data needs to be shared; Controlling the implementation of the multi-user model can limit the user's search authority, without requiring the data owner to be online at all times, which solves the defect of the single-user model.
技术问题technical problem
由于访问控制中具有公钥加密私钥解密的特点,使得每个拥有公钥的用户都具有伪造数据属主数据的可能,因此访问控制仍存在着数据安全性较低问题。Due to the characteristics of public key encryption and private key decryption in access control, each user with a public key has the possibility of forging data owner data, so access control still has the problem of low data security.
技术解决方案Technical solution
为实现上述目的,本发明第一方面提供一种可防伪造的多用户密文搜索方法,包括:数据属主用对称密钥加密文件生成第一文件密文,生成用于提取文件的第一密钥,并将第一文件密文上传至云服务器; 数据属主生成第一文件密文的索引集和索引数组,使用属性基加密方案对第一密钥加密得到第二密文,并将第一文件密文的加密索引上传至云服务器;私钥生成器PKG根据用户属性集合生成与用户相对应的第二密钥并发送至用户;用户选择搜索关键字集合;用户使用属性基加密方案使用第二密钥对第二密文进行解密得到第一密钥;用户根据搜索关键字集合生成搜索陷门并发送至云服务器;云服务器使用搜索陷门搜索与关键字集合相对应的搜索结果集并返回至用户;用户提取与搜索结果集相对应的第一文件密文集合,并使用对称密钥解密。In order to achieve the above object, a first aspect of the present invention provides a multi-user ciphertext search method capable of preventing forgery, including: a data owner encrypts a file with a symmetric key to generate a first file ciphertext, and generates a first Key, and upload the first file ciphertext to the cloud server; the data owner generates the index set and index array of the first file ciphertext, encrypts the first key using the attribute-based encryption scheme to obtain the second ciphertext, and The encrypted index of the ciphertext of the first file is uploaded to the cloud server; the private key generator PKG generates a second key corresponding to the user according to the user attribute set and sends it to the user; the user selects the search keyword set; the user uses the attribute-based encryption scheme Use the second key to decrypt the second ciphertext to get the first key; the user generates a search trapdoor based on the search keyword set and sends it to the cloud server; the cloud server uses the search trapdoor to search for the search results corresponding to the keyword set Set and return to the user; the user extracts the first file ciphertext set corresponding to the search result set, and decrypts using the symmetric key.
有益效果Beneficial effect
通过不同用户具有不同的属性集合,能够为不同的用户生成不同的第二密钥,从而使每个用户的第二密钥只能解密满足其策略的第一密文文件的加密索引;用户在生成第一文件密文的加密索引时,生成一对公私钥,用私钥作为加密索引的元素,公钥分享给其他用户用作搜索,从而使得其他用户不能通过第二密钥伪造其他用户的数据,提高了云存储及云计算涉及数据的安全性。Different users have different attribute sets, which can generate different second keys for different users, so that each user's second key can only decrypt the encrypted index of the first ciphertext file that meets its strategy; the user is in When generating an encrypted index of the ciphertext of the first file, a pair of public and private keys is generated, and the private key is used as an element of the encrypted index, and the public key is shared with other users for search, so that other users cannot forge other users’ second keys Data improves the security of data involved in cloud storage and cloud computing.
附图说明BRIEF DESCRIPTION
图1为本发明可防伪造的多用户密文搜索方法的流程示意框图;1 is a schematic block diagram of a flow of a multi-user ciphertext search method that can prevent forgery according to the present invention;
图2为本发明的电子装置的结构示意框图。2 is a schematic block diagram of the structure of the electronic device of the present invention.
本发明的最佳实施方式Best Mode of the Invention
本发明第一方面提供一种可防伪造的多用户密文搜索方法,包括:数据属主用对称密钥加密文件生成第一文件密文,生成用于提取文件的第一密钥,并将第一文件密文上传至云服务器;数据属主生成第一文件密文的索引集和索引数组,使用属性基加密方案对第一密钥加密得到第二密文,并将第一文件密文的加密索引上传至云服务器;私钥生成器PKG根据用户属性集合生成与用户相对应的第二密钥并发送至用户;用户选择搜索关键字集合;用户使用属性基加密方案使用第 二密钥对第二密文进行解密得到第一密钥;用户根据搜索关键字集合生成搜索陷门并发送至云服务器;云服务器使用搜索陷门搜索与关键字集合相对应的搜索结果集并返回至用户;用户提取与搜索结果集相对应的第一文件密文集合,并使用对称密钥解密。A first aspect of the present invention provides a multi-user ciphertext search method capable of preventing forgery, including: a data owner encrypts a file with a symmetric key to generate a first file ciphertext, generates a first key for extracting the file, and The first file ciphertext is uploaded to the cloud server; the data owner generates the index set and index array of the first file ciphertext, uses the attribute-based encryption scheme to encrypt the first key to obtain the second ciphertext, and encrypts the first file ciphertext The encrypted index is uploaded to the cloud server; the private key generator PKG generates a second key corresponding to the user according to the user attribute set and sends it to the user; the user selects the search keyword set; the user uses the attribute-based encryption scheme to use the second key Decrypt the second ciphertext to obtain the first key; the user generates a search trapdoor according to the search keyword set and sends it to the cloud server; the cloud server uses the search trapdoor to search for the search result set corresponding to the keyword set and returns it to the user ; The user extracts the first file ciphertext set corresponding to the search result set, and decrypts it using a symmetric key.
进一步地,所述搜索方法还包括:生成全部关键字集合;生成文件集合;生成第一文件密文的对称密钥集合。Further, the search method further includes: generating all keyword sets; generating a file set; and generating a symmetric key set of the first file ciphertext.
进一步地,所述生成搜索陷门包括:验证所述第二密钥,若第二密钥满足所述访问策略,则成功解密,若第二密钥不满足访问策略,则返回空值;在成功解密后,生成向云服务器发送的关键字密文;根据关键字生成第三密钥;生成计数器,并计算陷门元素,直至服务器停止,则停止计算陷门元素。Further, the generation of the search trapdoor includes: verifying the second key, if the second key satisfies the access strategy, it is successfully decrypted, and if the second key does not satisfy the access strategy, a null value is returned; After successful decryption, generate the ciphertext of the keyword sent to the cloud server; generate a third key based on the keyword; generate a counter and calculate the trapdoor element until the server stops, then stop calculating the trapdoor element.
进一步地,所述生成第一文件密文的索引集和索引数组包括:定义抗碰撞的哈希函数;定义伪随机函数,并根据所述伪随机函数随机选择第一密钥;生成关键字集合索引的索引数组;生成第一空集;生成关键字集合索引密文;用关键字集合索引密文填充所述第一空集形成索引集;根据第一密钥、访问策略及系统产生的公钥形成第二密文;根据所述索引集、所述索引数组及所述第二密文生成第一文件密文的加密索引。Further, the index set and index array for generating the ciphertext of the first file include: defining an anti-collision hash function; defining a pseudo-random function, and randomly selecting a first key according to the pseudo-random function; and generating a keyword set Indexed index array; generate the first empty set; generate the key set index ciphertext; fill the first empty set with the key set index ciphertext to form the index set; based on the first key, access policy, and the system-generated public key The key forms a second ciphertext; an encrypted index of the first file ciphertext is generated according to the index set, the index array, and the second ciphertext.
进一步地,所述填充所述第一空集形成索引集包括:定义安全参数;定义具有素数阶及生成元的双线性群;随机选择素数阶内的整数,并计算关键字密文;初始化第一密钥,并随机选择所述安全参数为素数阶内的整数;根据随机顺序初始化计数器;计算索引密文,加密初始化的第一密钥,并定义索引数;定义所述索引集的索引元素,并根据生成元、初始化的第一密钥、随机数及索引元素计算所述索引集元 素;根据计数器计算所有所述索引集元素。Further, the filling of the first empty set to form an index set includes: defining security parameters; defining a bilinear group with prime order and generator; randomly selecting integers within the prime order and calculating keyword ciphertext; initialization The first key, and randomly select the security parameter as an integer within the prime order; initialize the counter according to a random order; calculate the index ciphertext, encrypt the initialized first key, and define the index number; define the index of the index set Elements, and calculate the index set elements according to the generator, the initialized first key, the random number, and the index elements; calculate all the index set elements according to the counter.
进一步地,所述生成关键字集合索引的索引数组包括:生成空列表;将索引元素及生成元的索引数次方以数组的方式加入所述空列表,生成索引数组。Further, the index array for generating a key set index includes: generating an empty list; adding index elements and generators to the power of the index to the empty list in an array manner to generate an index array.
进一步地,所述使用搜索陷门搜索与关键字集合相对应的搜索结果集包括:生成第二空集;定义验证公式,并将所述关键字密文及生成元作为公式的元素进行计算,若所述进行计算的结果与所述陷门的结果相等,则将索引集赋值给所述第二空集;根据计数器当前的计数从所述第二空集内检索索引元素及生成元的索引数次方形成的数组;判断索引元素是否属于索引集,若索引元素属于索引集,则将索引元素并入搜索结果集。Further, using the search trapdoor to search the search result set corresponding to the keyword set includes: generating a second empty set; defining a verification formula, and calculating the keyword ciphertext and generator as elements of the formula, If the result of the calculation is equal to the result of the trapdoor, the index set is assigned to the second empty set; the index elements and generator indexes are retrieved from the second empty set according to the current count of the counter An array formed by several powers; determine whether the index element belongs to the index set; if the index element belongs to the index set, merge the index element into the search result set.
进一步地,所述用户提取与搜索结果集相对应的第一文件密文集合,并使用相应的对称密钥解密包括:根据第一密钥解密搜索结果集内的搜索结果,获取文件标识符以及对称的加密密钥;将文件标识符发送至云服务器,得到云服务器返回的第一文件密文,用对应的对称密钥提取第一文件密文对应的文件。Further, the user extracting the first file ciphertext set corresponding to the search result set and decrypting using the corresponding symmetric key includes: decrypting the search results in the search result set according to the first key, obtaining the file identifier and Symmetric encryption key; send the file identifier to the cloud server to obtain the first file ciphertext returned by the cloud server, and use the corresponding symmetric key to extract the file corresponding to the first file ciphertext.
本发明第二方面提供一种电子装置,包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时,实现上述中的任意一项所述方法。A second aspect of the present invention provides an electronic device, including: a memory, a processor, and a computer program stored on the memory and executable on the processor, wherein the processor executes the computer program When any of the above methods are implemented.
本发明第三方面提供一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时,实现上述中的任意一项所述方法。A third aspect of the present invention provides a computer-readable storage medium on which a computer program is stored, characterized in that, when the computer program is executed by a processor, any one of the methods described above is implemented.
本发明的实施方式Embodiments of the invention
为使得本发明的发明目的、特征、优点能够更加的明显和易懂, 下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅仅是本发明一部分实施例,而非全部实施例。基于本发明中的实施例,本领域技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本发明保护的范围。In order to make the purpose, features, and advantages of the present invention more obvious and understandable, the technical solutions in the embodiments of the present invention will be described clearly and completely in conjunction with the drawings in the embodiments of the present invention. Obviously, the description The embodiments are only a part of the embodiments of the present invention, but not all the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those skilled in the art without creative efforts fall within the protection scope of the present invention.
请参阅图1,为一种可防伪造的多用户密文搜索方法,包括:S1,数据属主用对称密钥加密文件生成第一文件密文,生成用于提取文件的第一密钥,并将第一文件密文上传至云服务器;S2,数据属主生成第一文件密文的索引集和索引数组,使用属性基加密方案对第一密钥加密得到第二密文,并将第一文件密文的加密索引上传至云服务器;S3,私钥生成器PKG根据用户属性集合生成与用户相对应的第二密钥并发送至用户;S4,用户选择搜索关键字集合;S5,用户使用属性基加密方案使用第二密钥对第二密文进行解密得到第一密钥;S6,用户根据搜索关键字集合生成搜索陷门并发送至云服务器;S7,云服务器使用搜索陷门搜索与关键字集合相对应的搜索结果集并返回至用户;S8,用户提取与搜索结果集相对应的第一文件密文集合,并使用对称密钥解密。Please refer to FIG. 1, which is a multi-user ciphertext search method capable of preventing forgery, including: S1, a data owner encrypts a file with a symmetric key to generate a first file ciphertext, and generates a first key for extracting a file, Upload the first file ciphertext to the cloud server; S2, the data owner generates the index set and index array of the first file ciphertext, encrypts the first key using the attribute-based encryption scheme to obtain the second ciphertext, and then An encrypted index of a file ciphertext is uploaded to the cloud server; S3, the private key generator PKG generates a second key corresponding to the user according to the user attribute set and sends it to the user; S4, the user selects the search keyword set; S5, the user Use the attribute-based encryption scheme to decrypt the second ciphertext using the second key to obtain the first key; S6, the user generates a search trapdoor based on the search keyword set and sends it to the cloud server; S7, the cloud server uses the search trapdoor search The search result set corresponding to the keyword set is returned to the user; S8, the user extracts the first file ciphertext set corresponding to the search result set and decrypts using the symmetric key.
在本实施例中,索引加密时生成一对公私钥,用私钥作为加密索引的元素,公钥分享给其他用户用作搜索。In this embodiment, a pair of public and private keys are generated when the index is encrypted, the private key is used as an element of the encrypted index, and the public key is shared with other users for search.
在本实施例中,搜索方法还包括:生成全部关键字集合;生成文件集合;生成第一文件密文的对称密钥集合,通过生成关键字集合、文件集合及对称密钥集合,能够将关键字、文件及对称密钥各自集中,从而在使用本申请提供的搜索方法时,能够快速在相应的集合内找出关键字、文件及对称密钥,从而提高了搜索效率。In this embodiment, the search method further includes: generating all keyword sets; generating a file set; generating a symmetric key set of the first file ciphertext. By generating a keyword set, a file set, and a symmetric key set, the key Words, files, and symmetric keys are collected separately, so that when using the search method provided in this application, keywords, files, and symmetric keys can be quickly found in the corresponding set, thereby improving search efficiency.
生成搜索陷门包括:验证第二密钥,若第二密钥满足访问策略,则成功解密,若第二密钥不满足访问策略,则返回空值;在成功解密后,生成向云服务器发送的关键字密文;根据关键字生成第三密钥;生成计数器,并计算陷门元素,直至服务器停止,则停止计算陷门元素。Generating search trapdoors includes: verifying the second key, if the second key satisfies the access strategy, it will be successfully decrypted, if the second key does not meet the access strategy, it will return a null value; after successful decryption, generate and send to the cloud server The keyword ciphertext; generate the third key according to the keyword; generate a counter and calculate the trapdoor element until the server stops, then stop calculating the trapdoor element.
设定属性集合为S的合法用户对关键字集合
Figure PCTCN2018124205-appb-000001
执行搜索,并假设w 1为搜索关键字集合中频率最小的关键字。然后,用户从云服务器请求第二密文C,并通过私钥生成器PKG生成第二密钥SK←ABE.KeyGen(MSK,S)。输入C,SK,
Figure PCTCN2018124205-appb-000002
输出stag,xtoken[1],xtoken[2],…,陷门生成算法
Figure PCTCN2018124205-appb-000003
具体描述如下:用户计算k←ABE.Decrypt(C,SK)。若用户的属性S满足该索引的访问策略Γ,则成功解密,返回k;否则,返回null;向服务器发送的消息(stag,xtoken[1],xtoken[2],…)定义为:生成关键字密文stag'←F(k,w 1),stag←e(g s,H 1(stag')),生成密钥k 1←F(k,1||w 1),生成并运行计数器c,并使c=1,2,……,直至服务器停止运行,并对i=2,…,n,计算陷门元素xtoken[c,i]←P(k 1,c)·(k,1||w i),从而有xtoken[c]←(xtoken[c,2],xtoken[c,3],…,xtoken[c,n]),上述搜索陷门算法生成了搜索陷门。 Set the attribute set to S for legitimate users to keyword sets
Figure PCTCN2018124205-appb-000001
Perform a search and assume that w 1 is the keyword with the lowest frequency in the search keyword set. Then, the user requests the second ciphertext C from the cloud server, and generates the second key SK←ABE.KeyGen(MSK,S) through the private key generator PKG. Enter C, SK,
Figure PCTCN2018124205-appb-000002
Output stag,xtoken[1],xtoken[2],…, trapdoor generation algorithm
Figure PCTCN2018124205-appb-000003
The specific description is as follows: The user calculates k←ABE.Decrypt(C,SK). If the user's attribute S satisfies the index's access strategy Γ, it is successfully decrypted and returns k; otherwise, it returns null; the message (stag, xtoken[1], xtoken[2],...) sent to the server is defined as: key generation The ciphertext stag'←F(k,w 1 ), stag←e(g s ,H 1 (stag')), generate the key k 1 ←F(k,1||w 1 ), generate and run the counter c, and make c=1, 2, ... until the server stops running, and for i=2,...,n, calculate the trapdoor element xtoken[c,i]←P(k 1 ,c)·(k, 1||w i ), so there is xtoken[c]←(xtoken[c,2],xtoken[c,3],…,xtoken[c,n]), the search trapdoor algorithm described above generates a search trapdoor.
生成第一文件密文的加密索引包括:定义抗碰撞的哈希函数;定义伪随机函数,并根据伪随机函数随机选择第一密钥;生成关键字集合索引的索引数组;生成第一空集;生成关键字集合索引密文;用关键字集合索引密文填充第一空集形成索引集;根据第一密钥、访问策略及系统产生的公钥形成第二密文;根据索引集、索引数组及第二密文生成第一文件密文的加密索引。Generating the encrypted index of the ciphertext of the first file includes: defining a collision-resistant hash function; defining a pseudo-random function, and randomly selecting the first key according to the pseudo-random function; generating an index array of key set indexes; generating a first empty set ; Generate the keyword set index ciphertext; fill the first empty set with the keyword set index ciphertext to form the index set; form the second ciphertext based on the first key, access strategy, and the public key generated by the system; according to the index set, index The array and the second ciphertext generate an encrypted index of the ciphertext of the first file.
为了保障外包文件的机密性,定义对称加密算法SE=(Enc,Dec),数据属主在构建索引之前先用r i将f i加密,得到密文ct i←SE.Enc(r i,f i)(i=1,2,L,d),并将密文上传到云服务器。为了实施访问控制,数据属主在上传数据之前需设定访问控制权限,定义所采用的密文访问控制方案为属性基加密方案ABE=(Setup,Encrypt,KeyGen,Decrypt)。输入系统安全参数λ和全局属性集N,PKG运行(PK,MSK)←ABE.Setup(1 λ,N)。定义伪随机函数PRF F:{0,1} λ×{0,1} λ→{0,1} λ,PRPP:{0,1} λ×{0,1} λ→{0,1} λ;使用密文数据库初始化算法EDBSetup(DB)输入数据库DB,输出密文的加密索引EDB,具体描述如下:为PRF F随机选择第一密钥k,并将DB表示为
Figure PCTCN2018124205-appb-000004
将T定义为关键字集合
Figure PCTCN2018124205-appb-000005
索引的空数组;将XSet定义为空集;对于每个
Figure PCTCN2018124205-appb-000006
将t定义为空列表,随机选择s∈Z p,并计算关键字密文,stag w'←F(k,w),stag w←H 1(stag' w) s。公开g s,初始化第一密钥k 1←F(k,1||w),随机选择γ∈Z p,对于所有id i∈DB(w),以随机顺序初始化计数器c←0,然后:计算索引密文rind←P(k,id i||r i),加密k 1得z←P(k 1,c)·γ -1,并定义y←rind·z -1,将(rind,g y)加到t,定义xtag为XSet是元素,计算
Figure PCTCN2018124205-appb-000007
并将xtag加到XSet,c←c+1,T[stag w]←t,其中Γ为访问策略;输出EDB=(XSet,T,C)。 In order to ensure the confidentiality of outsourced files, a symmetric encryption algorithm SE=(Enc, Dec) is defined. The data owner encrypts f i with r i before building the index, to obtain the ciphertext ct i ←SE.Enc(r i , f i ) (i=1, 2, L, d), and upload the ciphertext to the cloud server. In order to implement access control, the data owner needs to set the access control authority before uploading the data, and define the ciphertext access control scheme used as the attribute-based encryption scheme ABE=(Setup, Encrypt, KeyGen, Decrypt). Enter the system security parameter λ and the global attribute set N, PKG run (PK, MSK) ←ABE.Setup(1 λ ,N). Define the pseudo-random function PRF F:{0,1} λ ×{0,1} λ →{0,1} λ ,PRPP:{0,1} λ ×{0,1} λ →{0,1} λ ; Use the ciphertext database initialization algorithm EDBSetup(DB) to input the database DB and output the encrypted index EDB of the ciphertext. The specific description is as follows: randomly select the first key k for PRF F and express DB as
Figure PCTCN2018124205-appb-000004
Define T as a set of keywords
Figure PCTCN2018124205-appb-000005
Indexed empty array; defines XSet as an empty set; for each
Figure PCTCN2018124205-appb-000006
Define t as an empty list, randomly select s ∈ Z p , and calculate the keyword ciphertext, stag w '←F(k,w), stag w ←H 1 (stag' w ) s . Open g s , initialize the first key k 1 ←F(k,1||w), randomly choose γ∈Z p , for all id i ∈DB(w), initialize the counter c←0 in random order, then: Calculate the index cipher text rind←P(k,id i ||r i ), encrypt k 1 to get z←P(k 1 ,c)·γ -1 , and define y←rind·z -1 , convert (rind, g y ) Add to t, define xtag as XSet is an element, calculate
Figure PCTCN2018124205-appb-000007
Add xtag to XSet, c←c+1, T[stag w ]←t, where Γ is the access strategy; output EDB=(XSet, T, C).
填充第一空集形成索引集包括:定义安全参数;定义具有素数阶及生成元的双线性群;随机选择素数阶内的整数,并计算关键字密文;初始化第一密钥,并随机选择安全参数为素数阶内的整数;根据随机顺序初始化计数器;计算索引密文,加密初始化的第一密钥,并定义索引数;定义索引集的索引元素,并根据生成元、初始化的第一密钥、随机数及索引元素计算索引集元素;根据计数器计算所有索引集元素。Filling the first empty set to form an index set includes: defining security parameters; defining a bilinear group with prime order and generator; randomly selecting integers within prime order and calculating key ciphertext; initializing the first key and randomizing Select the security parameter as an integer within the prime order; initialize the counter according to a random order; calculate the index ciphertext, encrypt the initial first key, and define the index number; define the index elements of the index set, and according to the generator, initialize the first The key, random number, and index elements are used to calculate the index set elements; all the index set elements are calculated according to the counter.
生成关键字集合索引的索引数组包括:生成空列表;将索引元素及生成元的索引数次方以数组的方式加入空列表,生成索引数组。The index array for generating the keyword collection index includes: generating an empty list; adding the index power of the index element and generator to the empty list in an array manner to generate the index array.
使用搜索陷门搜索与关键字集合相对应的搜索结果集包括:生成第二空集;定义验证公式,并将关键字密文及生成元作为公式的元素进行计算,若进行计算的结果与陷门的结果相等,则将索引集赋值给第二空集;根据计数器当前的计数从第二空集内检索索引元素及生成元的索引数次方形成的数组;判断索引元素是否属于索引集,若索引元素属于索引集,则将索引元素并入搜索结果集。Using search trapdoors to search the search result set corresponding to the keyword set includes: generating a second empty set; defining a verification formula, and calculating the keyword ciphertext and generator as elements of the formula. If the results of the gates are equal, the index set is assigned to the second empty set; according to the current count of the counter, the index element and the array of generator index powers are retrieved from the second empty set; determine whether the index element belongs to the index set, If the index element belongs to the index set, the index element is merged into the search result set.
云服务器执行搜索算法,输入陷门(stag,xtoken[1],xtoken[2],…)和EDB,返回搜索结果l,搜索算法Search(stag,(xtoken[1],xtoken[2],…),EDB)具体描述如下:定义l,t为空集;验证等式e(stag w,g)=stag是否成立,若成立,则t=T[stag w];否则,返回null;对于c=1,2,…,|t|,从t中的第c个元组检索(rand,g y),若对于
Figure PCTCN2018124205-appb-000008
令l←l∪rind。 The cloud server executes the search algorithm, enters trapdoors (stag, xtoken[1], xtoken[2],...) and EDB, returns the search results l, and the search algorithm Search(stag,(xtoken[1],xtoken[2],... ), EDB) are described as follows: define l, t as an empty set; verify whether the equation e(stag w , g) = stag is true, if it is true, then t=T[stag w ]; otherwise, return null; for c =1,2,...,|t|, retrieve from the c-th tuple in t (rand,g y ), if for
Figure PCTCN2018124205-appb-000008
Let l←l∪rind.
用户提取与搜索结果集相对应的第一文件密文集合,并使用相应的对称密钥解密包括:根据第一密钥解密搜索结果集内的搜索结果,获取文件标识符以及对称的加密密钥;将文件标识符发送至云服务器,得到云服务器返回的第一文件密文,用对应的对称密钥提取第一文件密文对应的文件。The user extracts the first file ciphertext set corresponding to the search result set, and decrypts using the corresponding symmetric key includes: decrypting the search results in the search result set according to the first key, obtaining the file identifier and the symmetric encryption key Sending the file identifier to the cloud server to obtain the first file ciphertext returned by the cloud server, and extracting the file corresponding to the first file ciphertext with the corresponding symmetric key.
用户在客户端执行提取算法,输入搜索结果l和第一密钥k,返回搜索结果,提取算法Retrieve(l,k)具体描述如下:用户用第一密钥k解密搜索结果l,获取文档id i和相应的密钥r i,对rind∈l:计算(id i||r i)←SE.Dec(k,rind),返回(id i,r i);将id i发送给云服务器,得到云服务器返回的ct i=SE.Enc(r i,f i),用相应的密钥r i提取文件f i= SE.Dec(r i,ct i)。 The user executes the extraction algorithm on the client, enters the search result l and the first key k, and returns the search result. The extraction algorithm Retrieve (l, k) is described as follows: The user decrypts the search result l with the first key k, and obtains the document id i and the corresponding key r i , for rind ∈ l: calculate (id i ||r i )←SE.Dec(k,rind), return (id i ,r i ); send id i to the cloud server, Obtain the ct i =SE.Enc(r i ,f i ) returned by the cloud server, and extract the file f i =SE.Dec(r i ,ct i ) with the corresponding key r i .
本申请实施例提供一种电子装置,请参阅2,该电子装置包括:存储器601、处理器602及存储在存储器601上并可在处理器602上运行的计算机程序,处理器602执行该计算机程序时,实现前述附图1至附图4的实施例中描述的可防伪造的多用户密文搜索方法。An embodiment of the present application provides an electronic device. Please refer to 2. The electronic device includes: a memory 601, a processor 602, and a computer program stored on the memory 601 and executable on the processor 602. The processor 602 executes the computer program At this time, the anti-counterfeiting multi-user ciphertext search method described in the foregoing embodiments of FIG. 1 to FIG. 4 is implemented.
进一步的,该电子装置还包括:至少一个输入设备603以及至少一个输出设备604。Further, the electronic device further includes: at least one input device 603 and at least one output device 604.
上述存储器601、处理器602、输入设备603以及输出设备604,通过总线605连接。The memory 601, the processor 602, the input device 603, and the output device 604 are connected via a bus 605.
其中,输入设备603具体可为摄像头、触控面板、物理按键或者鼠标等等。输出设备604具体可为显示屏。The input device 603 may specifically be a camera, a touch panel, a physical button, a mouse, or the like. The output device 604 may specifically be a display screen.
存储器601可以是高速随机存取记忆体(RAM,Random Access Memory)存储器,也可为非不稳定的存储器(non-volatile memory),例如磁盘存储器。存储器601用于存储一组可执行程序代码,处理器602与存储器601耦合。The memory 601 may be a high-speed random access memory (RAM, Random Access Memory) memory, or may be a non-volatile memory (non-volatile memory), such as a disk memory. The memory 601 is used to store a set of executable program codes, and the processor 602 is coupled to the memory 601.
进一步的,本申请实施例还提供了一种计算机可读存储介质,该计算机可读存储介质可以是设置于上述各实施例中的电子装置中,该计算机可读存储介质可以是前述图2所示实施例中的存储器601。该计算机可读存储介质上存储有计算机程序,该程序被处理器602执行时实现前述方法实施例中描述的可防伪造的多用户密文搜索方法。Further, an embodiment of the present application further provides a computer-readable storage medium. The computer-readable storage medium may be provided in the electronic device in each of the foregoing embodiments, and the computer-readable storage medium may be as shown in FIG. 2 described above. The memory 601 in the embodiment is shown. A computer program is stored on the computer-readable storage medium, and when the program is executed by the processor 602, the multi-user ciphertext search method that can be prevented from forgery described in the foregoing method embodiments is implemented.
进一步的,该计算机可存储介质还可以是U盘、移动硬盘、只读存储器601(ROM,Read-Only Memory)、RAM、磁碟或者光盘等各种可以存储程序代码的介质。Further, the computer storable medium may also be various media that can store program codes, such as a U disk, a mobile hard disk, a read-only memory 601 (ROM, Read-Only Memory), RAM, a magnetic disk, or an optical disk.
在本申请所提供的几个实施例中,应该理解到,所揭露的装置和 方法,可以通过其它的方式实现。例如,以上所描述的装置实施例仅仅是示意性的,例如,所述模块的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个模块或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或模块的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed device and method may be implemented in other ways. For example, the device embodiments described above are only schematic. For example, the division of the modules is only a division of logical functions. In actual implementation, there may be other divisions, for example, multiple modules or components may be combined or Can be integrated into another system, or some features can be ignored, or not implemented. In addition, the displayed or discussed mutual coupling or direct coupling or communication connection may be indirect coupling or communication connection through some interfaces, devices or modules, and may be in electrical, mechanical or other forms.
所述作为分离部件说明的模块可以是或者也可以不是物理上分开的,作为模块显示的部件可以是或者也可以不是物理模块,即可以位于一个地方,或者也可以分布到多个网络模块上。可以根据实际的需要选择其中的部分或者全部模块来实现本实施例方案的目的。The modules described as separate components may or may not be physically separated, and the components displayed as modules may or may not be physical modules, that is, they may be located in one place, or may be distributed on multiple network modules. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
另外,在本发明各个实施例中的各功能模块可以集成在一个处理模块中,也可以是各个模块单独物理存在,也可以两个或两个以上模块集成在一个模块中。上述集成的模块既可以采用硬件的形式实现,也可以采用软件功能模块的形式实现。In addition, each functional module in each embodiment of the present invention may be integrated into one processing module, or each module may exist alone physically, or two or more modules may be integrated into one module. The above integrated modules can be implemented in the form of hardware or software function modules.
所述集成的模块如果以软件功能模块的形式实现并作为独立的产品销售或使用时,可以存储在一个计算机可读取存储介质中。基于这样的理解,本发明的技术方案本质上或者说对现有技术做出贡献的部分或者该技术方案的全部或部分可以以软件产品的形式体现出来,该计算机软件产品存储在一个存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)执行本发明各个实施例所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种 可以存储程序代码的介质。If the integrated module is implemented in the form of a software function module and sold or used as an independent product, it may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention essentially or part of the contribution to the existing technology or all or part of the technical solution can be embodied in the form of a software product, the computer software product is stored in a storage medium , Including several instructions to enable a computer device (which may be a personal computer, server, or network device, etc.) to perform all or part of the steps of the methods described in various embodiments of the present invention. The aforementioned storage media include: U disk, mobile hard disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), magnetic disk or optical disk and other media that can store program code .
需要说明的是,对于前述的各方法实施例,为了简便描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本发明并不受所描述的动作顺序的限制,因为依据本发明,某些步骤可以采用其它顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于优选实施例,所涉及的动作和模块并不一定都是本发明所必须的。It should be noted that, for the convenience of description, the foregoing method embodiments are all expressed as a series of action combinations, but those skilled in the art should know that the present invention is not limited by the sequence of actions described. Because according to the invention, certain steps can be performed in other orders or simultaneously. Secondly, those skilled in the art should also be aware that the embodiments described in the specification are all preferred embodiments, and the actions and modules involved are not necessarily required by the present invention.
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其它实施例的相关描述。In the above embodiments, the description of each embodiment has its own emphasis. For a part that is not detailed in an embodiment, you can refer to the related descriptions of other embodiments.
以上为对本发明所提供的一种可防伪造的多用户密文搜索方法的描述,对于本领域的技术人员,依据本发明实施例的思想,在具体实施方式及应用范围上均会有改变之处,综上,本说明书内容不应理解为对本发明的限制。The above is a description of a multi-user ciphertext search method that can be prevented from forgery provided by the present invention. For those skilled in the art, based on the ideas of the embodiments of the present invention, the specific implementation and application scope may change. In summary, the content of this specification should not be construed as limiting the invention.
工业实用性Industrial applicability
解决了现有技术中多用户模型的访问控制存在的数据安全性较低的技术问题。It solves the technical problem of low data security in the access control of the multi-user model in the prior art.

Claims (10)

  1. 一种可防伪造的多用户密文搜索方法,其特征在于,包括:A multi-user ciphertext search method with anti-counterfeiting features, including:
    数据属主用对称密钥加密文件生成第一文件密文,生成用于提取文件的第一密钥,并将第一文件密文上传至云服务器;The data owner encrypts the file with a symmetric key to generate the first file ciphertext, generates the first key for extracting the file, and uploads the first file ciphertext to the cloud server;
    数据属主生成第一文件密文的索引集和索引数组,使用属性基加密方案对第一密钥加密得到第二密文,并将第一文件密文的加密索引上传至云服务器;The data owner generates the index set and index array of the first file ciphertext, encrypts the first key using the attribute-based encryption scheme to obtain the second ciphertext, and uploads the encrypted index of the first file ciphertext to the cloud server;
    私钥生成器PKG根据用户属性集合生成与用户相对应的第二密钥并发送至用户;The private key generator PKG generates a second key corresponding to the user according to the user attribute set and sends it to the user;
    用户选择搜索关键字集合;The user selects a set of search keywords;
    用户使用属性基加密方案使用第二密钥对第二密文进行解密得到第一密钥;The user uses the attribute-based encryption scheme to decrypt the second ciphertext using the second key to obtain the first key;
    用户根据搜索关键字集合生成搜索陷门并发送至云服务器;The user generates a search trapdoor based on the search keyword set and sends it to the cloud server;
    云服务器使用搜索陷门搜索与关键字集合相对应的搜索结果集并返回至用户;The cloud server uses the search trapdoor to search the search result set corresponding to the keyword set and returns it to the user;
    用户提取与搜索结果集相对应的第一文件密文集合,并使用对称密钥解密。The user extracts the first file ciphertext set corresponding to the search result set and decrypts it using a symmetric key.
  2. 根据权利要求1所述的可防伪造的多用户密文搜索方法,其特征在于,The anti-counterfeiting multi-user ciphertext search method according to claim 1, wherein:
    所述搜索方法还包括:生成全部关键字集合;The search method further includes: generating all keyword sets;
    生成文件集合;生成第一文件密文的对称密钥集合。Generate a file set; generate a symmetric key set of the first file ciphertext.
  3. 根据权利要求1所述的可防伪造的多用户密文搜索方法,其特征在于,The anti-counterfeiting multi-user ciphertext search method according to claim 1, wherein:
    所述生成搜索陷门包括:The generating search trapdoors includes:
    验证所述第二密钥,若第二密钥满足所述访问策略,则成功解密, 若第二密钥不满足访问策略,则返回空值;Verify the second key, if the second key satisfies the access policy, then decrypt successfully, and if the second key does not satisfy the access policy, return a null value;
    在成功解密后,生成向云服务器发送的关键字密文;After successful decryption, generate the keyword ciphertext sent to the cloud server;
    根据关键字生成第三密钥;Generate a third key based on keywords;
    生成计数器,并计算陷门元素,直至服务器停止,则停止计算陷门元素。Generate a counter and calculate trapdoor elements until the server stops, then stop counting trapdoor elements.
  4. 根据权利要求3所述的可防伪造的多用户密文搜索方法,其特征在于,The anti-counterfeiting multi-user ciphertext search method according to claim 3, characterized in that
    所述生成第一文件密文的索引集和索引数组包括:The index set and index array for generating the ciphertext of the first file include:
    定义抗碰撞的哈希函数;Define the anti-collision hash function;
    定义伪随机函数,并根据所述伪随机函数随机选择第一密钥;Define a pseudo-random function, and randomly select the first key according to the pseudo-random function;
    生成关键字集合索引的索引数组;Generate an index array of key collection indexes;
    生成第一空集;Generate the first empty set;
    生成关键字集合索引密文;Generate the ciphertext of the keyword collection index;
    用关键字集合索引密文填充所述第一空集形成索引集;Filling the first empty set with a key set index ciphertext to form an index set;
    根据第一密钥、访问策略及系统产生的公钥形成第二密文;Form the second ciphertext according to the first key, the access strategy and the public key generated by the system;
    根据所述索引集、所述索引数组及所述第二密文生成第一文件密文的加密索引。An encrypted index of the first file ciphertext is generated according to the index set, the index array, and the second ciphertext.
  5. 根据权利要求4所述的可防伪造的多用户密文搜索方法,其特征在于,The anti-counterfeiting multi-user ciphertext search method according to claim 4, wherein:
    所述填充所述第一空集形成索引集包括:Said filling the first empty set to form an index set includes:
    定义安全参数;Define safety parameters;
    定义具有素数阶及生成元的双线性群;Define bilinear groups with prime order and generators;
    随机选择素数阶内的整数,并计算关键字密文;Randomly select integers within prime order and calculate keyword ciphertext;
    初始化第一密钥,并随机选择所述安全参数为素数阶内的整数;Initialize the first key, and randomly select the security parameter as an integer in prime order;
    根据随机顺序初始化计数器;Initialize the counter according to random order;
    计算索引密文,加密初始化的第一密钥,并定义索引数;Calculate the index ciphertext, encrypt the initial first key, and define the index number;
    定义所述索引集的索引元素,并根据生成元、初始化的第一密钥、随机数及索引元素计算所述索引集元素;Define the index elements of the index set, and calculate the index set elements according to the generator, the initialized first key, the random number, and the index elements;
    根据计数器计算所有所述索引集元素。Calculate all the index set elements according to the counter.
  6. 根据权利要求5所述的可防伪造的多用户密文搜索方法,其特征在于,The anti-counterfeiting multi-user ciphertext search method according to claim 5, characterized in that
    所述生成关键字集合索引的索引数组包括:The index array for generating the keyword collection index includes:
    生成空列表;Generate an empty list;
    将索引元素及生成元的索引数次方以数组的方式加入所述空列表,生成索引数组。Add the index elements and the index of the generator to the empty list as an array to generate an index array.
  7. 根据权利要求5所述的可防伪造的多用户密文搜索方法,其特征在于,The anti-counterfeiting multi-user ciphertext search method according to claim 5, characterized in that
    所述使用搜索陷门搜索与关键字集合相对应的搜索结果集包括:The search result set corresponding to the keyword set using the search trapdoor includes:
    生成第二空集;Generate the second empty set;
    定义验证公式,并将所述关键字密文及生成元作为公式的元素进行计算,若所述进行计算的结果与所述陷门的结果相等,则将索引集赋值给所述第二空集;Define a verification formula, and calculate the keyword ciphertext and generator as elements of the formula, and if the result of the calculation is equal to the result of the trapdoor, assign the index set to the second empty set ;
    根据计数器当前的计数从所述第二空集内检索索引元素及生成元的索引数次方形成的数组;Retrieving an array of index elements and generators to the power of the index from the second empty set according to the current count of the counter;
    判断索引元素是否属于索引集,若索引元素属于索引集,则将索引元素并入搜索结果集。Determine whether the index element belongs to the index set. If the index element belongs to the index set, merge the index element into the search result set.
  8. 根据权利要求1所述的可防伪造的多用户密文搜索方法,其特征在于,The anti-counterfeiting multi-user ciphertext search method according to claim 1, wherein:
    所述用户提取与搜索结果集相对应的第一文件密文集合,并使用相应的对称密钥解密包括:The user extracting the first file ciphertext set corresponding to the search result set and decrypting using the corresponding symmetric key includes:
    根据第一密钥解密搜索结果集内的搜索结果,获取文件标识符以及对称的加密密钥;Decrypt the search results in the search result set according to the first key, and obtain a file identifier and a symmetric encryption key;
    将文件标识符发送至云服务器,得到云服务器返回的第一文件密文,用对应的对称密钥提取第一文件密文对应的文件。Send the file identifier to the cloud server to obtain the first file ciphertext returned by the cloud server, and use the corresponding symmetric key to extract the file corresponding to the first file ciphertext.
  9. 一种电子装置,包括:存储器、处理器及存储在所述存储器上并可在所述处理器上运行的计算机程序,其特征在于,所述处理器执行所述计算机程序时,实现权利要求1至8中的任意一项所述方法。An electronic device comprising: a memory, a processor, and a computer program stored on the memory and capable of running on the processor, characterized in that when the processor executes the computer program, claim 1 is realized The method according to any one of 8.
  10. 一种计算机可读存储介质,其上存储有计算机程序,其特征在于,所述计算机程序被处理器执行时,实现权利要求1至8中的任意一项所述方法。A computer-readable storage medium on which a computer program is stored, characterized in that when the computer program is executed by a processor, the method according to any one of claims 1 to 8 is implemented.
PCT/CN2018/124205 2018-12-27 2018-12-27 Multi-user ciphertext search method capable of preventing forgery WO2020133032A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/124205 WO2020133032A1 (en) 2018-12-27 2018-12-27 Multi-user ciphertext search method capable of preventing forgery

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2018/124205 WO2020133032A1 (en) 2018-12-27 2018-12-27 Multi-user ciphertext search method capable of preventing forgery

Publications (1)

Publication Number Publication Date
WO2020133032A1 true WO2020133032A1 (en) 2020-07-02

Family

ID=71125871

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2018/124205 WO2020133032A1 (en) 2018-12-27 2018-12-27 Multi-user ciphertext search method capable of preventing forgery

Country Status (1)

Country Link
WO (1) WO2020133032A1 (en)

Cited By (20)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112417006A (en) * 2020-11-30 2021-02-26 齐鲁工业大学 Ciphertext keyword searching method, system, device and medium based on block chain
CN112765650A (en) * 2021-01-05 2021-05-07 西安电子科技大学 Attribute-based searchable encryption block chain medical data sharing method
CN113420175A (en) * 2021-06-15 2021-09-21 西安电子科技大学 Verifiable fine-grained encrypted image retrieval method and system
CN113609077A (en) * 2021-06-28 2021-11-05 山东云海国创云计算装备产业创新中心有限公司 File retrieval method, system, storage medium and equipment
CN113626645A (en) * 2021-07-07 2021-11-09 武汉大学 Hierarchical optimization efficient ciphertext fuzzy retrieval method and related equipment
CN113824703A (en) * 2021-09-06 2021-12-21 中国人民解放军国防科技大学 Energy system control method based on block chain and energy system
CN114021196A (en) * 2021-11-18 2022-02-08 贵州大学 Fair searchable encryption method and system
CN114095406A (en) * 2020-08-07 2022-02-25 中国科学院数据与通信保护研究教育中心 Ciphertext data confidentiality detection method and electronic device
CN114168802A (en) * 2021-12-09 2022-03-11 青岛大学 Data generation method and device, query method, device and system of node relationship
CN114244498A (en) * 2021-12-06 2022-03-25 国网河南省电力公司电力科学研究院 Dynamic searchable public key encryption method with forward security
CN114491613A (en) * 2021-11-11 2022-05-13 北京航空航天大学 Efficient searchable agent privacy set intersection method and device
CN114707012A (en) * 2022-04-08 2022-07-05 合肥工业大学 Graph encryption shortest path query method and system supporting k unordered nodes
CN114900318A (en) * 2022-06-02 2022-08-12 浙江工商大学 Key agreement protocol and verifiable round-of-communication searchable encryption method
CN115037538A (en) * 2022-06-07 2022-09-09 中国银行股份有限公司 Information processing method and device
CN115037556A (en) * 2022-08-09 2022-09-09 晨越建设项目管理集团股份有限公司 Authorized sharing method for encrypted data in smart city system
CN115150196A (en) * 2022-09-01 2022-10-04 北京金睛云华科技有限公司 Ciphertext data-based anomaly detection method, device and equipment under normal distribution
CN115834130A (en) * 2022-10-25 2023-03-21 西安电子科技大学 Attribute-based encryption method for realizing partial strategy hiding
CN116737704A (en) * 2023-06-02 2023-09-12 广州芳禾数据有限公司 System and method for reducing redundancy and redundancy of consumption data in ciphertext state
CN117077179A (en) * 2023-10-11 2023-11-17 中国移动紫金(江苏)创新研究院有限公司 Searchable encryption method, device, equipment and medium based on differential privacy ordering
CN117424897A (en) * 2023-09-22 2024-01-19 广州恒运储能科技有限公司 Method and system for remotely monitoring energy storage power station

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106961427A (en) * 2017-03-10 2017-07-18 北京科技大学 A kind of ciphertext data search method based on 5g communication standards
CN108062485A (en) * 2017-12-15 2018-05-22 北京工业大学 A kind of fuzzy keyword searching method of multi-service oriented device multi-user
CN108494768A (en) * 2018-03-22 2018-09-04 深圳大学 A kind of cipher text searching method and system for supporting access control
CN108628867A (en) * 2017-03-16 2018-10-09 北京科瑞云安信息技术有限公司 Multi-key word cipher text retrieval method towards cloud storage and system
CN108959478A (en) * 2018-06-21 2018-12-07 中南林业科技大学 Ciphertext image search method and system under a kind of cloud environment

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106961427A (en) * 2017-03-10 2017-07-18 北京科技大学 A kind of ciphertext data search method based on 5g communication standards
CN108628867A (en) * 2017-03-16 2018-10-09 北京科瑞云安信息技术有限公司 Multi-key word cipher text retrieval method towards cloud storage and system
CN108062485A (en) * 2017-12-15 2018-05-22 北京工业大学 A kind of fuzzy keyword searching method of multi-service oriented device multi-user
CN108494768A (en) * 2018-03-22 2018-09-04 深圳大学 A kind of cipher text searching method and system for supporting access control
CN108959478A (en) * 2018-06-21 2018-12-07 中南林业科技大学 Ciphertext image search method and system under a kind of cloud environment

Cited By (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114095406A (en) * 2020-08-07 2022-02-25 中国科学院数据与通信保护研究教育中心 Ciphertext data confidentiality detection method and electronic device
CN114095406B (en) * 2020-08-07 2023-04-21 中国科学院数据与通信保护研究教育中心 Ciphertext data confidentiality detection method and electronic device
CN112417006A (en) * 2020-11-30 2021-02-26 齐鲁工业大学 Ciphertext keyword searching method, system, device and medium based on block chain
CN112765650A (en) * 2021-01-05 2021-05-07 西安电子科技大学 Attribute-based searchable encryption block chain medical data sharing method
CN112765650B (en) * 2021-01-05 2023-11-10 西安电子科技大学 Attribute-based searchable encrypted blockchain medical data sharing method
CN113420175A (en) * 2021-06-15 2021-09-21 西安电子科技大学 Verifiable fine-grained encrypted image retrieval method and system
CN113420175B (en) * 2021-06-15 2022-12-09 西安电子科技大学 Verifiable fine-grained encrypted image retrieval method and system
CN113609077A (en) * 2021-06-28 2021-11-05 山东云海国创云计算装备产业创新中心有限公司 File retrieval method, system, storage medium and equipment
CN113626645A (en) * 2021-07-07 2021-11-09 武汉大学 Hierarchical optimization efficient ciphertext fuzzy retrieval method and related equipment
CN113626645B (en) * 2021-07-07 2023-09-29 武汉大学 Hierarchical optimization efficient ciphertext fuzzy retrieval method and related equipment
CN113824703A (en) * 2021-09-06 2021-12-21 中国人民解放军国防科技大学 Energy system control method based on block chain and energy system
CN114491613A (en) * 2021-11-11 2022-05-13 北京航空航天大学 Efficient searchable agent privacy set intersection method and device
CN114491613B (en) * 2021-11-11 2024-04-16 北京航空航天大学 Efficient searchable proxy privacy set intersection method and device
CN114021196A (en) * 2021-11-18 2022-02-08 贵州大学 Fair searchable encryption method and system
CN114244498A (en) * 2021-12-06 2022-03-25 国网河南省电力公司电力科学研究院 Dynamic searchable public key encryption method with forward security
CN114168802A (en) * 2021-12-09 2022-03-11 青岛大学 Data generation method and device, query method, device and system of node relationship
CN114707012A (en) * 2022-04-08 2022-07-05 合肥工业大学 Graph encryption shortest path query method and system supporting k unordered nodes
CN114707012B (en) * 2022-04-08 2024-02-13 合肥工业大学 Graph encryption shortest path query method and system supporting k unordered nodes
CN114900318A (en) * 2022-06-02 2022-08-12 浙江工商大学 Key agreement protocol and verifiable round-of-communication searchable encryption method
CN114900318B (en) * 2022-06-02 2024-04-19 浙江工商大学 One-round communication searchable encryption method based on key negotiation protocol and verifiable
CN115037538A (en) * 2022-06-07 2022-09-09 中国银行股份有限公司 Information processing method and device
CN115037538B (en) * 2022-06-07 2024-02-23 中国银行股份有限公司 Information processing method and device
CN115037556B (en) * 2022-08-09 2022-11-11 晨越建设项目管理集团股份有限公司 Authorized sharing method for encrypted data in smart city system
CN115037556A (en) * 2022-08-09 2022-09-09 晨越建设项目管理集团股份有限公司 Authorized sharing method for encrypted data in smart city system
CN115150196B (en) * 2022-09-01 2022-11-18 北京金睛云华科技有限公司 Ciphertext data-based anomaly detection method, device and equipment under normal distribution
CN115150196A (en) * 2022-09-01 2022-10-04 北京金睛云华科技有限公司 Ciphertext data-based anomaly detection method, device and equipment under normal distribution
CN115834130A (en) * 2022-10-25 2023-03-21 西安电子科技大学 Attribute-based encryption method for realizing partial strategy hiding
CN116737704A (en) * 2023-06-02 2023-09-12 广州芳禾数据有限公司 System and method for reducing redundancy and redundancy of consumption data in ciphertext state
CN116737704B (en) * 2023-06-02 2024-04-12 广州芳禾数据有限公司 System and method for reducing redundancy and redundancy of consumption data in ciphertext state
CN117424897A (en) * 2023-09-22 2024-01-19 广州恒运储能科技有限公司 Method and system for remotely monitoring energy storage power station
CN117424897B (en) * 2023-09-22 2024-04-12 广州恒运储能科技有限公司 Method and system for remotely monitoring energy storage power station
CN117077179A (en) * 2023-10-11 2023-11-17 中国移动紫金(江苏)创新研究院有限公司 Searchable encryption method, device, equipment and medium based on differential privacy ordering
CN117077179B (en) * 2023-10-11 2024-01-02 中国移动紫金(江苏)创新研究院有限公司 Searchable encryption method, device, equipment and medium based on differential privacy ordering

Similar Documents

Publication Publication Date Title
WO2020133032A1 (en) Multi-user ciphertext search method capable of preventing forgery
WO2022007889A1 (en) Searchable encrypted data sharing method and system based on blockchain and homomorphic encryption
CN108494768B (en) Ciphertext searching method and system supporting access control
CN104038349B (en) Effective and verifiable public key searching encryption method based on KP-ABE
Ma et al. A secure face-verification scheme based on homomorphic encryption and deep neural networks
CN105141574B (en) A kind of cloud storage ciphertext access control system and method based on form attributes
Pandiaraja et al. A novel data privacy-preserving protocol for multi-data users by using genetic algorithm
CN111130757A (en) Multi-cloud CP-ABE access control method based on block chain
CN111143471B (en) Ciphertext retrieval method based on blockchain
CN106850656B (en) Multi-user's file-sharing control method under a kind of cloud environment
CN109361644B (en) Fuzzy attribute based encryption method supporting rapid search and decryption
CN103780393B (en) Virtual-desktop security certification system and method facing multiple security levels
CN109740364B (en) Attribute-based ciphertext searching method capable of controlling searching authority
Cui et al. Harnessing encrypted data in cloud for secure and efficient mobile image sharing
Huang et al. FSSR: Fine-grained EHRs sharing via similarity-based recommendation in cloud-assisted eHealthcare system
Liang et al. VPAMS: Verifiable and practical attribute-based multi-keyword search over encrypted cloud data
Liu et al. EMK-ABSE: Efficient multikeyword attribute-based searchable encryption scheme through cloud-edge coordination
WO2021098152A1 (en) Blockchain-based data processing method, device, and computer apparatus
CN114142996B (en) Searchable encryption method based on SM9 cryptographic algorithm
Verma Secure client-side deduplication scheme for cloud with dual trusted execution environment
CN115412259B (en) Block chain-based cloud health system searchable proxy signcryption method and product
WO2019178792A1 (en) Ciphertext search method and system supporting access control
Kibiwott et al. Secure Cloudlet-based eHealth Big Data System with Fine-Grained Access Control and Outsourcing Decryption from ABE.
CN109740377A (en) It is a kind of can anti-counterfeiting multi-user's cipher text searching method
JP5931795B2 (en) KEY EXCHANGE SYSTEM, KEY GENERATION DEVICE, COMMUNICATION DEVICE, KEY EXCHANGE METHOD, AND PROGRAM

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 18945270

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 18945270

Country of ref document: EP

Kind code of ref document: A1