CN109740364A - The cipher text searching method based on attribute of controllable search permission - Google Patents
The cipher text searching method based on attribute of controllable search permission Download PDFInfo
- Publication number
- CN109740364A CN109740364A CN201910009193.XA CN201910009193A CN109740364A CN 109740364 A CN109740364 A CN 109740364A CN 201910009193 A CN201910009193 A CN 201910009193A CN 109740364 A CN109740364 A CN 109740364A
- Authority
- CN
- China
- Prior art keywords
- ciphertext
- private key
- cipher text
- attribute
- text searching
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The cipher text searching method based on attribute of controllable search permission, belongs to and can search for field of encryption, and solution must not carry out sharing problem to search permission, and S5. re-encrypted private key generates: input common parameter, private key, access structure obtain re-encrypted private key;S6. re-encryption ciphertext generates: input common parameter, initial ciphertext and re-encrypted private key, Cloud Server export re-encryption ciphertext;S7. cipher text searching: former ciphertext and data owner's token are inputted, cipher text searching algorithm is executed;S8. re-encryption cipher text searching: input re-encryption ciphertext and data consumer's token execute cipher text searching algorithm, and effect is that retrieval and decryption distinguish so that designing more flexible easy to operate.
Description
Technical field
The invention belongs to can search for field of encryption, it is related to a kind of cipher text searching side based on attribute of controllable search permission
Method.
Background technique
With the rapid development of cloud computing technology and big data, cloud storage mode significantly reduce local datastore and
Management cost realizes the application service of high quality, therefore more and more by the favor of enterprises and individuals user.Because cloud takes
Data on business device are not perfectly safe, usually need to be to ciphertext data are stored in Cloud Server again after data encryption, this
Although way solves the safety problem of data, but encrypted data searching ciphertext and search access control become a difficulty
Topic.
For that can limit user's decryption capabilities while guaranteeing data confidentiality again, attribute base encrypts (Attribute-Based
Encryption, ABE) method be suggested.Communication pattern based on encryption attribute scheme is one-to-many, guarantee data secret
Property while, it is flexible, convenient to have the characteristics that, can effectively reduce the expense in data encryption process, well protect user it is hidden
It is private.With going deep into for research, two kinds can be divided into according to ciphertext or the difference of cipher key associated attribute based on the encipherment scheme of attribute
Form: the attribute base encryption of key strategy and the attribute base of Ciphertext policy encrypt.On the basis of encryption attribute, document is proposed
Ciphertext policy based on attribute can search for encryption (Ciphertext-Policy Atrribute based Searchable
Encryption, CP-ABSE) scheme, but the research achievement of document shows that key is in no any processing in CP-ABS scheme
In the case of be directly uploaded to Cloud Server and can cause the unsafe problems such as Key Exposure, and using tree-like access structure efficiency compared with
It is low.
1998, BLAZE M et al. proposed the concept of proxy re-encryption (ProxyRe-encryption, PRE),
In PRE, authorized person generates a proxy re-encrypted private key to succedaneum based on the private key of oneself, and succedaneum utilizes re-encrypted private key
The ciphertext of donor is converted into the ciphertext for licensee, and succedaneum can not obtain in plain text, also can not according to again plus
The private key of key acquisition donor.2014, document will can search for encipherment scheme and proxy re-encryption technology phase based on attribute
In conjunction with proposing a kind of proxy re-encryption for supporting to can search for function, in the case where meeting condition, the program can be by itself
Search capability is assigned to succedaneum, executes searching ciphertext by succedaneum and operates.2015, Liang et al. proposed a kind of based on KP-
ABE's can search for encipherment scheme.The program supports keyword to update, and recall precision with higher, and in random oracle mould
The safety of scheme is demonstrated under type.But the encryption attribute of key strategy is used, the setting of access strategy can only rely on authorization
Center.
Summary of the invention
In view of the above-mentioned problems, the present invention proposes a kind of cipher text searching method based on attribute of controllable search permission, including
Following steps:
S1. system is established, and obtains common parameter and main private key;
S2. key generates: inputting the attribute set and main private key of user, obtains the private key for user of corresponding attribute set;
S3. ciphertext generates: input access structure, common parameter, main private key and keyword, data owner execute algorithm and produce
Raw original ciphertext;
S4. threshold generation: input common parameter, private key and keyword to be checked, data owner generate the order of keyword
Board;
S5. re-encrypted private key generates: input common parameter, private key, access structure obtain re-encrypted private key;
S6. re-encryption ciphertext generates: input common parameter, initial ciphertext and re-encrypted private key, and Cloud Server output adds again
Ciphertext;
S7. cipher text searching: former ciphertext and data owner's token are inputted, cipher text searching algorithm is executed;
S8. re-encryption cipher text searching: input re-encryption ciphertext and data consumer's token execute cipher text searching algorithm.
Further, the step of system is established, and obtains common parameter and main private key is as follows:
System is established setup (N, n): the maximum number of column n of the attribute total number N and access control matrix M of input system, raw
At a 4- multilinear pairing: { ei:G0×Gi→Gi+1| i=0,1,2 }, wherein (G0,...,G3) it is that the plain rank that rank is p recycles
Group, enables g0∈G0, g0It is G0Generation member, and for i=0,1,2, gi+1=ei(g0,g1) it is Gi+1Generation member, take h1,1,
h1,2,...,hn,N∈G0, define hash function H:{ 0,1 } and * → G0, randomly select Expression integer set 0,
1 ..., p-1 }, then common parameter is and main private key are as follows:
Msk=(a, b) (2).
Further, the step of key generates is as follows:
Key generates keyGen (msk, S): inputting the attribute set S and main private key msk of user, randomly selects index
t1,...tn←ZP, ZPIndicate the set of integer { 0,1 ..., p-1 }, ifX ∈ S is taken,The raw private key of the user of corresponding attribute set S are as follows:
Sk=(D, { Lj}j∈[1,n],{Dx}x∈S) (3)。
Further, the step of ciphertext generates is as follows:
Ciphertext generate Enc (kw, pp, msk, (M, ρ)): input access structure (M, ρ), common parameter pp, main private key msk and
Keyword kw ∈ { 0,1 }*, data owner executes the algorithm and generates former ciphertext, and the line number and column of matrix M are respectively indicated with l and n
Number, is associated with attribute for the every a line of access structure, and defining the mapping function is ρ, and calculating randomly selects n-1 random element and choosing
Select s ← ZPVector is formed as shared secretFor i ∈ { 1,2 ..., l }, takeWith
J ∈ { 1 ..., n } is calculated
And obtain ciphertext:
Cph=((M, ρ), Ai,j,B,Ci,C1,C2)i∈[1,l],j∈[1,n] (4)。
Further, threshold generation TokenGen (pp, sk, kw): input common parameter pp, private key sk and key to be checked
Word kw calculates separately T for i ∈ { 1,2 ..., l }1=e0(H (kw), D), Tj=e0(H(kw),Lj), Tx=e0(H(kw),Dx)x
∈ S, then data owner generates the token of keyword kw are as follows:
Token=(S, T1,{Tj}j∈[1,n],{Tx}∈S) (5)。
Further, re-encrypted private key generate ReKeyGen (pp, sk, (M ', ρ ')): input common parameter pp, private key sk,
Access structure (M ', ρ ') respectively indicates the line number and columns of matrix M ' with l and n, and the every a line of access structure is associated with attribute,
Defining the mapping function is ρ ', randomly selects n-1 element and composition vectors immediatelyFor i ' ∈
{ 1,2 ..., l }, takesWith j ' ∈ { 1 ..., n }, calculate
Export re-encrypted private key are as follows:
rk(M′,ρ′)=(B ', { A 'i,j}i∈[1,l],j∈[1,n]) (6)。
Further, re-encryption ciphertext generates ReEnc (cph, pp, rk(M′,ρ′)): input common parameter pp, initial ciphertext
Cph=(C1,C2) and re-encrypted private key rk(M′,ρ′), calculateCloud Server exports re-encryption ciphertext are as follows:
cphR=((M ', ρ '), C '1,C′2,B′,{Ai,j}i∈[1,l],j∈[1,n]) (7)。
Further, cipher text searching Search (token, cph): input original ciphertext cph and data owner's token
Token executes cipher text searching algorithm, and whether verifying user property collection S meets access structure P=(M, ρ), if it is satisfied, then one
Surely set c can be obtained in polynomial timei, which meets ∑ρ(i)∈Sci·λi=(1,0 ..., 0), then it calculates
IfIt then proves to search for successfully, otherwise search failure.
Further, re-encryption cipher text searching SearchR(tokenR,cphR): input re-encryption ciphertext cphRAnd data
User token token executes cipher text searching algorithm, and whether verifying user property collection S meets access structure P=(M ', ρ '), such as
Fruit meets, then set c ' can be centainly obtained in polynomial timei, which meets ∑ρ′(i)∈Sc′i·λ′i=(1,
0 ..., 0), then calculate
If e2(K′,C′1)=C '2, then prove to search for successfully, otherwise search failure.
The utility model has the advantages that controllable search is realized using the encryption attribute mode that can search for based on Ciphertext policy, in conjunction with agency's weight
The mode of encryption shares search permission.Extract the keyword fragment in ciphertext to form search token in scheme, retrieval and
Decryption distinguishes so that designing more flexible easy to operate.The mode used for the linear sharing matrix of LSSS, visit by fine granularity control
Search efficiency is improved while asking.New departure can carry out fine-grained control to search permission while guaranteeing data security
System.
Detailed description of the invention
Fig. 1 system model figure.
Specific embodiment
1 basic conception explanation
1.1 bilinear map
Define 1 bilinear map.G and GTIt is the multiplicative cyclic group that two ranks are p.Bilinear map e:G × G → GT, g, gT
Respectively G, GTGeneration member, while meet with following property:
Bilinearity: there are e (ga,gb)=e (g, g)ab, wherein
Non-degeneracy: there are g ∈ G, so that e (g, g) ≠ 1.
Computability: rightE (u, v) can be calculated effectively.
1.2 difficulty problems are assumed
The definition of n- multilinear pairing: the prime number p of given security parameter l and a l bit, n- multilinear pairing is by n
A p rank group (G0,G1,...,Gn-1) and n-1 mapping ei:G0×Gi→Gi+1(i=0 ... n-2) composition.N- multilinear pairing is answered
Property under the satisfaction, for (i=0 ... n-2):
If g ∈ G0For G0Generation member, then gi+1=ei(g0,gi) it is Gi+1Generation member.
·Meet
·eiIt can effectively calculate.
N- polyteny Decisional Diffie-Hellman assumption (n-Mut-ilinear Decisional Diffie-
Hellman Assumption, n-MDDH) selectionG is the generation member of G.Given ga,gb,gs,gz, do not deposit
Z=e (g, g) can be distinguished in probabilistic polynomial time algorithm with the advantage that can not ignoreabsWith Z=e (g, g)z, wherein algorithm
Advantage be defined as | Pr [Α (ga,gb,gs,e(g,g)abs)=1]-Pr [Α (ga,gb,gs,e(g,g)z)=1] |.
2 scheme models
2.1 system model
The system model that the present invention uses by taking medical cloud scene as an example as shown in Figure 1, illustrate: model includes four realities
Body is authorization center, Cloud Server, data owner Alice and search user Bob respectively.Of the data owner Alice oneself
It is uploaded to cloud after people's medical data and data key words encryption, subsequent search operaqtion can be divided into two kinds of situations, first is that working as her
Attending physician Bob when needing to check case, condition can be set to C1The access conditions of={ attending physician }, and retrieval is enabled
Board and Cloud Server is sent it to, commission Cloud Server completes searching ciphertext;Second is that attending physician needs to check her disease
When example inquires into the state of an illness with other doctor Carol, Alice, which can need to formulate according to oneself access strategy such as doctor, need to meet C2=
The condition of { attending physician Bob, doctor Carol } generates re-encrypted private key and is sent to Cloud Server, and commission Cloud Server will
The permission of search key is shared with the data consumer for meeting access conditions.In this model, authorization center is responsible for management and is belonged to
Property collection, and be generated for user according to property set and distribution is corresponding private key.Cloud Server is responsible for the data of storage encryption, is to use
Family provides cipher text searching service and uses re-encrypted private key, and grantee is allowed to carry out keyword to the ciphertext of re-encryption
Retrieval.In whole process, data grant person completes not online and in the case where not interacting with authorized user, and search is weighed
Limit is shared with other users.
3 algorithms are realized
The specific implementation of 3.1 schemes
System is established setup (N, n): the maximum number of column n of the attribute total number N and access control matrix M of input system, raw
At a 4- multilinear pairing: { ei:G0×Gi→Gi+1| i=0,1,2 }, wherein (G0,...,G3) it is that the plain rank that rank is p recycles
Group.Enable g0∈G0It is G0Generation member, and for i=0,1,2, gi+1=ei(g0,g1) it is Gi+1Generation member.Take h1,1,
h1,2,...,hn,N∈G0, define hash function H:{ 0,1 }*→G0.It randomly selectsExpression integer set 0,
1 ..., p-1 } all subsets, choose element a, b, c uniformly randomly from set, then common parameter is and main private key are as follows:
Msk=(a, b) (11)
Key generates keyGen (msk, S): inputting the attribute set S and main private key msk of user.Randomly select index
t1,...tn←ZP, indicate that the set of integer { 0,1 ..., p-1 }, the meaning of this formula are that n are randomly selected in set at random
Number, ifX ∈ S is taken,The raw private of the user of corresponding attribute set S
Key are as follows:
Sk=(D, { Lj}j∈[1,n],{Dx}x∈S) (12)
Ciphertext generate Enc (kw, pp, msk, (M, ρ)): input access structure (M, ρ), common parameter pp, main private key msk and
Keyword kw ∈ { 0,1 }*, data owner executes the algorithm and generates former ciphertext.The line number and column of matrix M are respectively indicated with l and n
Number, is associated with attribute for the every a line of access structure, and defining the mapping function is ρ.Calculating randomly selects n-1 random element and choosing
Select s ← ZPVector is formed as shared secretFor i ∈ { 1,2 ..., l }, takeAnd j
∈ { 1 ..., n } is calculated
Need specification: H indicates hash function, is a kind of operation.H (kw) indicates to carry out Hash operation to kw.
By above-mentioned, ciphertext is obtained:
Cph=((M, ρ), Ai,j,B,Ci,C1,C2)i∈[1,l],j∈[1,n] (13)。
Threshold generation TokenGen (pp, sk, kw): input common parameter pp, private key sk and keyword kw to be checked, for
I ∈ 1,2 ..., and l } calculate separately T1=e0(H (kw), D), Tj=e0(H(kw),Lj), Tx=e0(H(kw),Dx) x ∈ S, then it counts
The token of keyword kw is generated according to owner are as follows:
Token=(S, T1,{Tj}j∈[1,n],{Tx}∈S) (14)
Re-encrypted private key generates ReKeyGen (pp, sk, (M ', ρ ')): input common parameter pp, private key sk, access structure
(M′,ρ′).The every a line of access structure is associated with attribute, defines this and reflect by the line number and columns that matrix M ' is respectively indicated with l and n
Penetrating function is ρ '.Randomly select n-1 element and composition vectors immediatelyFor i ' ∈ 1,
2 ..., l }, it takesWith j ' ∈ { 1 ..., n }, calculate Export re-encrypted private key are as follows:
rk(M′,ρ′)=(B ', { A 'i,j}i∈[1,l],j∈[1,n]) (15)
Re-encryption ciphertext generates ReEnc (cph, pp, rk(M′,ρ′)): input common parameter pp, initial ciphertext cph=(C1,
C2) and re-encrypted private key rk(M′,ρ′).It calculatesCloud Server exports re-encryption ciphertext are as follows:
cphR=((M ', ρ '), C '1,C′2,B′,{Ai,j}i∈[1,l],j∈[1,n]) (16)
Cipher text searching Search (token, cph): input original ciphertext cph and data owner token token executes close
Literary searching algorithm.Whether verifying user property collection S meets access structure P=(M, ρ), if it is satisfied, then centainly can be multinomial
Set c is obtained in the formula timei, which meets ∑ρ(i)∈Sci·λi=(1,0 ..., 0), then it calculates
IfIt then proves to search for successfully, output 1, otherwise search failure, output 0.
Re-encryption cipher text searching SearchR(tokenR,cphR): input re-encryption ciphertext cphRAnd data consumer's token
Token executes cipher text searching algorithm.
Whether verifying user property collection S meets access structure P=(M ', ρ '), if it is satisfied, then centainly can be in multinomial
Set c ' is obtained in timei, which meets ∑ρ′(i)∈Sc′i·λ′i=(1,0 ..., 0), then calculate
If e2(K′,C′1)=C '2, then prove to search for successfully, output 1, otherwise search failure, output 0.
3.2 correctness
Search key verification of correctness:
If property set S meets access structure (M, ρ), and re-encryption ciphertext is corresponding crucial identical, then
Therefore available:
Search key verification of correctness after re-encryption:
Therefore available:
4 Security Proofs
4.1 data confidentiality
If 1 4-MDDH problem of theorem is difficult to resolve, CP-ABRKS scheme is under random oracle model can not area
Divide property selection keyword attack safety.
Prove that assuming that there are a probabilistic polynomial time opponent A breaks through the random of CP-ABRK with the advantage ε that can not ignore
Indistinguishability selection keyword attacks safe game under oracle model, then a challenger can be constructed can not neglect
Probability slightlySolve the problems, such as 4-MDDH, wherein qTIt is the maximum times of opponent's inquiry response devices.
The example that challenger C gives a 4-MDDH problemWhereinW is from setIn random number, simulation as follows:
Initialization: opponent A selects a challenge access structure (M*,ρ*) wherein M*For l*×k*Matrix, l*For line number, k*
For columns, and send them to challenger.Assuming that attribute total number is N, access control matrix M in system*Maximum number of column
For nmax, challenger generates common parameter and main private key as follows:
(1) access structure (M is given*,ρ*), for every a pair of (j, x), wherein 1≤x≤N, 1≤j≤nmax, selectionMake ρ if there is an i*(i)=x and i≤k*, then enable It is the i row j column of matrix;
Otherwise it enablesIf common parameter are as follows:
Main private key is mk=(a, b).
(2) challenger analog answer device H as follows
OH(kw): a keyword kw is given, simulator works as follows:
If kw was not queried, takeAnd with probability P r [ci=0]=1/ (qT+ 1) a bit c is selectedi∈
{0,1}.If ci=0, it calculatesOtherwise it calculates(kw, ai,H(kw),ci) be added
Table LHIn and return to H (kw).Otherwise, from LHIn retrieve H (kw) corresponding with kw and return H (kw).
Stage 1:A can carry out the inquiry of multinomial time or less transponder:
(a)OkeyGen(S) given attribute collection S, challenger work as follows:
If S meets access structure, return ⊥ (end mark).
Otherwise, if S is unsatisfactory for access structure (M*,ρ*), then there is a vector
The set for indicating n times vector operation in integer { 0,1 ..., p-1 }, so that w1=-1 and For k*
≤ j≤n is setIt calculatesRandom selectionAnd impliedly define tj=rj+wjB, then for each x ∈ S, setting makes if there is iOtherwise it sets
(b)Ork(S, P): one property set S of input and an access structure P=(M, ρ), wherein M is the matrix of l × k, is chosen
War person works as follows:
LrkIt is re-encryption list, if LrkRecord is not present in table, returns to ⊥.Else if record exists, then random choosing
Take n index and composition vectorIf
Otherwise, vector is formed IfWherein define s=cs '.
(c)OReEnc(S, cph): a given property set S and former ciphertext cph, challenger work as follows:
If LrkIn table it is existing record or when P ≠ P*, O is inquired with (S, P)rkObtain re-encrypted private key rkuid→P, and count
Calculate cphR←Re Enc(cph,pp,rkP).It can be regarded as the combination that property set and access structure are constituted.
Otherwise, if in such as middle LHThere are kwi, so that ci=1 andSelect d ∈
ZPIf And for every a pair of i=1 ... N, and j=1 ... nReturn to cphR=(C1,C′2,B,{Ri,j}i∈[1,l],j∈[1,n])。
Otherwise, mistake occurs and stops.
(d)Otoken(S, kw): a given property set S and a keyword kw, challenger work as follows:
O is inquired with kwHObtain (ai,H(kw),ci)。
If ci=1, selectionIt calculatesL′j=e0(H(kw),Lj)j∈[1,
n];And for each x ∈ S,
If ci=0 and access structure is not met, inquires O with SkeyGenSk is obtained for j=1 ... n calculates D ', L 'j、Mode is same as above.
Otherwise, it generates mistake and stops.
Challenge: A two isometric keyword (kw0,kw1).If c0=1 and c1=0, if η=1;Work as c0=0 and c1=1,
So set η=0;If c0=1 ∧ c1=1, challenger generates mistake and stops;Otherwise, it randomly chooses
Challenger will use kwηInquiry obtains ciphertextReturn to A.
Stage 2: increase limitation (kw0, kw1) O cannot be inquiredtoken, the other similar stage 1.If S meets access knot
Structure, then (S, kw0) and ((S, kw1) cannot inquire
Conjecture: A exports a conjecture μ '.If μ=μ ', challenger's outputOtherwise, it exports
So far the simulation of game is completed.Now game probability is won to challenger under conditions of working properly to analyze.
If outputSo cph*Actually kwμAn effective ciphertext, so A output μ=μ ' probability be 1/2+
ε.If Z is from G3In it is randomly selected, then A output μ=μ ' probability be 1/2.Therefore, challenger correctly guessesProbability be 1/2 ε/2 (1/2+ ε)+1/21/2=1/2+.
That is, it is (1/e+1/q that challenger, which has the advantage for solving the problems, such as 4-MDDH,T)ε/2。
5 functional analyses
In this section, the present invention is proposed a plan and is compared with the method for document [1], document [2] from aspect of performance, is seen
Table 1.The scheme support of document [1] can search for encrypting but not support re-encryption, and disadvantageous inhabitant shares data retrieval permissions, searches
The flexibility of rope reduces;And tree-like access structure efficiency is lower, this is not accounted in the data forwarding of cloud computing and search mechanisms
Advantage.Document [16] uses the encryption attribute side based on key strategy though keyword search and proxy re-encryption may be implemented
Case pole is unfavorable for control of the data owner for access authority.And the present invention program is due to using the higher LSSS knot of access efficiency
Structure, can be realized simultaneously the function of keyword search and proxy re-encryption, therefore be more suitable for cloud computing and practical application.
[1]Zheng Q,Xu S,Ateniese G.VABKS:Verifiable attribute-based keyword
search over outsourced encrypted data[C]//Proc of IEEE INFOCOM.2014:522-530.
[2]Liang K,Susilo W.Searchable Attribute-based mechanism with
efficient data sharing for secure cloud storage[J].IEEE Trans on Information
Forensics&Security,2015,10(9):1981-1992.
1 scheme performance of table compares
6 efficiency analysis
This section will compare in terms of efficiency with document [1], document [2], and comparison result is shown in Table 2.Wherein s indicates attribute
Attribute number is concentrated, l indicates the number of attribute in access structure, and E is used to indicate that an index operation exponent arithmetic on G, P
It is to indicate that Bilinear map matches operation.Since hash algorithm, the non-index operation calculation amount generated on first group element are smaller, therefore neglect
Slightly disregard the calculation amount of two kinds of algorithms.
2 computing cost of table compares
The solution of the present invention is generated in key as can be seen from Table 2 and ciphertext generation phase is substantially better than document [1].Surely belong to
Property concentrate attribute number it is close with access structure number when, the present invention program will be much higher than document in the efficiency of key generation phase
[2], in threshold generation and search phase, simultaneously above both schemes.Added this is because the present invention is used based on Ciphertext policy
Close mode and document [2] calculate access structure key strategy using key generation phase, therefore efficiency reduces.Even if raw in ciphertext
After the computations of access control are added at the stage, the efficiency of the present invention program is still higher than document [2].Comprehensive analysis can obtain,
This programme has more practicability compared to the search plan based on attribute in same stage.
7 effects
For searching ciphertext existing under cloud environment, retrieval permissions are shared and access control problem, the present invention use crucial
The mode of word and ciphertext segmentation operation, in conjunction with the property broker re-encryption scheme based on key strategy, proposing a kind of cloud can
Control the cipher text searching scheme based on attribute of search permission.Scheme under the conditions of ciphertext, can carry out the data of condition setting beyond the clouds
Retrieval and search permission it is shared.Meanwhile in conjunction with cloud computing ability, saves and be locally stored and the cost of management service, mention
High retrieval rate, so that user still is able to shared search permission in the case where online.Although scheme realizes access control
It makes, improve retrieval rate, but functionally, can only realize the search of single keyword, still can not achieve multiple key or key
The functions such as fuzzy query, sequence, the relational calculus of word, therefore how to solve the above problems, and following research direction.
Under cloud storage environment, the searching ciphertext scheme of keyword search is supported to cannot achieve fine-granularity access control, it cannot
Search permission is shared.For this purpose, the present invention mutually ties the encipherment scheme that can search for based on attribute with proxy re-encryption technology
Close the cipher text searching scheme based on attribute for proposing a kind of controllable search permission in cloud.In the present solution, using keyword and ciphertext
Divide the mode of operation, the access structure and keyword of multiple attribute compositions realize search access control;Pass through proxy re-encryption
In the case that technology can realize that user is not online, search permission is shared with to the other users for meeting access conditions.Safety analysis
Show that this programme can be with the safety of valid certificates this programme under polyteny Decisional Diffie-Hellman assumption.
The preferable specific embodiment of the above, only the invention, but the protection scope of the invention is not
It is confined to this, anyone skilled in the art is in the technical scope that the invention discloses, according to the present invention
The technical solution of creation and its inventive concept are subject to equivalent substitution or change, should all cover the invention protection scope it
It is interior.
Claims (9)
1. a kind of cipher text searching method based on attribute of controllable search permission, which comprises the steps of:
S1. system is established, and obtains common parameter and main private key;
S2. key generates: inputting the attribute set and main private key of user, obtains the private key for user of corresponding attribute set;
S3. ciphertext generates: input access structure, common parameter, main private key and keyword, data owner execute algorithm and generate original
Ciphertext;
S4. threshold generation: input common parameter, private key and keyword to be checked, data owner generate the token of keyword;
S5. re-encrypted private key generates: input common parameter, private key, access structure obtain re-encrypted private key;
S6. re-encryption ciphertext generates: input common parameter, initial ciphertext and re-encrypted private key, it is close that Cloud Server exports re-encryption
Text;
S7. cipher text searching: former ciphertext and data owner's token are inputted, cipher text searching algorithm is executed;
S8. re-encryption cipher text searching: input re-encryption ciphertext and data consumer's token execute cipher text searching algorithm.
2. the cipher text searching method based on attribute of controllable search permission as described in claim 1, which is characterized in that
The step of system is established, and common parameter and main private key are obtained is as follows:
System is established setup (N, n): the maximum number of column n of the attribute total number N and access control matrix M of input system, generates one
A 4- multilinear pairing: { ei:G0×Gi→Gi+1| i=0,1,2 }, wherein (G0,...,G3) it is the plain rank cyclic group that rank is p, it enables
g0∈G0, g0It is G0Generation member, and for i=0,1,2, gi+1=ei(g0,g1) it is Gi+1Generation member, take h1,1,h1,2,...,
hn,N∈G0, define hash function H:{ 0,1 }*→G0, randomly select Expression integer set 0,1 ..., p-
1 }, then common parameter is and main private key are as follows:
Msk=(a, b) (2).
3. the cipher text searching method based on attribute of controllable search permission as claimed in claim 2, which is characterized in that
The step of key generates is as follows:
Key generates keyGen (msk, S): inputting the attribute set S and main private key msk of user, randomly selects index t1,
...tn←ZP, ZPIndicate the set of integer { 0,1 ..., p-1 }, ifX ∈ S is taken,The raw private key of the user of corresponding attribute set S are as follows:
Sk=(D, { Lj}j∈[1,n],{Dx}x∈S) (3)。
4. the cipher text searching method based on attribute of controllable search permission as claimed in claim 3, which is characterized in that ciphertext is raw
At the step of it is as follows:
Ciphertext generates Enc (kw, pp, msk, (M, ρ)): input access structure (M, ρ), common parameter pp, main private key msk and key
Word kw ∈ { 0,1 }*, data owner executes the algorithm and generates former ciphertext, the line number and columns of matrix M are respectively indicated with l and n,
The every a line of access structure is associated with attribute, defining the mapping function is ρ, and calculating randomly selects n-1 random element and selection s
←ZPVector is formed as shared secretFor i ∈ { 1,2 ..., l }, takeWith j ∈
{ 1 ..., n } is calculated
And obtain ciphertext:
Cph=((M, ρ), Ai,j,B,Ci,C1,C2)i∈[1,l],j∈[1,n] (4)。
5. the cipher text searching method based on attribute of controllable search permission as claimed in claim 4, which is characterized in that thresholding is raw
At the step of it is as follows:
TokenGen (pp, sk, kw): input common parameter pp, private key sk and keyword kw to be checked, for i ∈ 1,2 ...,
L } calculate separately T1=e0(H (kw), D), Tj=e0(H(kw),Lj), Tx=e0(H(kw),Dx) x ∈ S, then data owner generates
The token of keyword kw are as follows:
Token=(S, T1,{Tj}j∈[1,n],{Tx}∈S) (5)。
6. the cipher text searching method based on attribute of controllable search permission as claimed in claim 5, which is characterized in that re-encryption
The step of key generates is as follows:
Re-encrypted private key generate ReKeyGen (pp, sk, (M ', ρ ')): input common parameter pp, private key sk, access structure (M ',
ρ '), the line number and columns of matrix M ' are respectively indicated with l and n, and the every a line of access structure is associated with attribute, defines the mapping letter
Number is ρ ', randomly selects n-1 element and composition vectors immediatelyFor i ' ∈ { 1,2 ..., l },
It takesWith j ' ∈ { 1 ..., n }, calculate
Export re-encrypted private key are as follows:
rk(M′,ρ′)=(B ', { A 'i,j}i∈[1,l],j∈[1,n]) (6)。
7. the cipher text searching method based on attribute of controllable search permission as claimed in claim 6, which is characterized in that re-encryption
The step of ciphertext generates is as follows:
Re-encryption ciphertext generates ReEnc (cph, pp, rk(M′,ρ′)): input common parameter pp, initial ciphertext cph=(C1,C2) and
Re-encrypted private key rk(M′,ρ′), calculateCloud Server exports re-encryption ciphertext are as follows:
cphR=((M ', ρ '), C '1,C′2,B′,{Ai,j}i∈[1,l],j∈[1,n]) (7)。
8. the cipher text searching method based on attribute of controllable search permission as claimed in claim 7, which is characterized in that ciphertext is searched
The step of rope, is as follows:
Cipher text searching Search (token, cph): input original ciphertext cph and data owner token token executes cipher text searching
Algorithm, whether verifying user property collection S meets access structure P=(M, ρ), if it is satisfied, then centainly can be in polynomial time
Inside obtain set ci, which meets ∑ρ(i)∈Sci·λi=(1,0 ..., 0), then it calculates
IfIt then proves to search for successfully, otherwise search failure.
9. the cipher text searching method based on attribute of controllable search permission as claimed in claim 8, which is characterized in that re-encryption
The step of cipher text searching, is as follows:
Re-encryption cipher text searching SearchR(tokenR,cphR): input re-encryption ciphertext cphRAnd data consumer's token
Token executes cipher text searching algorithm, and whether verifying user property collection S meets access structure P=(M ', ρ '), if it is satisfied, then
Set c ' can be centainly obtained in polynomial timei, which meets ∑ρ′(i)∈Sc′i·λ′i=(1,0 ..., 0), then
It calculates
If e2(K′,C′1)=C '2, then prove to search for successfully, otherwise search failure.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910009193.XA CN109740364B (en) | 2019-01-04 | 2019-01-04 | Attribute-based ciphertext searching method capable of controlling searching authority |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910009193.XA CN109740364B (en) | 2019-01-04 | 2019-01-04 | Attribute-based ciphertext searching method capable of controlling searching authority |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN109740364A true CN109740364A (en) | 2019-05-10 |
| CN109740364B CN109740364B (en) | 2020-12-15 |
Family
ID=66363521
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910009193.XA Active CN109740364B (en) | 2019-01-04 | 2019-01-04 | Attribute-based ciphertext searching method capable of controlling searching authority |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109740364B (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110602099A (en) * | 2019-09-16 | 2019-12-20 | 广西师范大学 | Privacy protection method based on verifiable symmetric searchable encryption |
| CN110933026A (en) * | 2019-10-22 | 2020-03-27 | 东北大学 | Lightweight privacy protection equivalent query method |
| CN113343258A (en) * | 2021-06-09 | 2021-09-03 | 哈尔滨学院 | Attribute-based agent re-encryption method applicable to lattice-based ciphertext strategy shared by body test result cloud |
| CN113569271A (en) * | 2021-09-27 | 2021-10-29 | 深圳前海环融联易信息科技服务有限公司 | Threshold proxy re-encryption method and system based on attribute condition |
| CN113904818A (en) * | 2021-09-27 | 2022-01-07 | 九江学院 | Lightweight fine-grained access control method supporting ciphertext sharing and aggregation |
| CN114257446A (en) * | 2021-12-20 | 2022-03-29 | 湖北工业大学 | Data access control method based on searchable encryption and computer equipment |
| CN114615050A (en) * | 2022-03-08 | 2022-06-10 | 中山大学 | Verifiable searchable symmetric encryption method based on block chain storage |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103701833A (en) * | 2014-01-20 | 2014-04-02 | 深圳大学 | Ciphertext access control method and system based on cloud computing platform |
| WO2014112048A1 (en) * | 2013-01-16 | 2014-07-24 | 三菱電機株式会社 | Encryption system, re-encryption key generation device, re-encryption device, encryption method and encryption program |
| CN105743888A (en) * | 2016-01-22 | 2016-07-06 | 河南理工大学 | Agent re-encryption scheme based on keyword research |
| CN106850652A (en) * | 2017-02-21 | 2017-06-13 | 重庆邮电大学 | One kind arbitration can search for encryption method |
| CN108092766A (en) * | 2017-11-30 | 2018-05-29 | 深圳大学 | A kind of cipher text searching method for verifying authority and its system |
| CN108400871A (en) * | 2018-01-25 | 2018-08-14 | 南京邮电大学 | In conjunction with the searching ciphertext system and method for identity and the support proxy re-encryption of attribute |
| CN108418681A (en) * | 2018-01-22 | 2018-08-17 | 南京邮电大学 | A kind of searching ciphertext system and method based on attribute for supporting proxy re-encryption |
| CN108512662A (en) * | 2018-04-12 | 2018-09-07 | 上海海事大学 | The hiding multimachine structure encryption method of support policy on a kind of lattice |
-
2019
- 2019-01-04 CN CN201910009193.XA patent/CN109740364B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2014112048A1 (en) * | 2013-01-16 | 2014-07-24 | 三菱電機株式会社 | Encryption system, re-encryption key generation device, re-encryption device, encryption method and encryption program |
| CN103701833A (en) * | 2014-01-20 | 2014-04-02 | 深圳大学 | Ciphertext access control method and system based on cloud computing platform |
| CN105743888A (en) * | 2016-01-22 | 2016-07-06 | 河南理工大学 | Agent re-encryption scheme based on keyword research |
| CN106850652A (en) * | 2017-02-21 | 2017-06-13 | 重庆邮电大学 | One kind arbitration can search for encryption method |
| CN108092766A (en) * | 2017-11-30 | 2018-05-29 | 深圳大学 | A kind of cipher text searching method for verifying authority and its system |
| CN108418681A (en) * | 2018-01-22 | 2018-08-17 | 南京邮电大学 | A kind of searching ciphertext system and method based on attribute for supporting proxy re-encryption |
| CN108400871A (en) * | 2018-01-25 | 2018-08-14 | 南京邮电大学 | In conjunction with the searching ciphertext system and method for identity and the support proxy re-encryption of attribute |
| CN108512662A (en) * | 2018-04-12 | 2018-09-07 | 上海海事大学 | The hiding multimachine structure encryption method of support policy on a kind of lattice |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110602099A (en) * | 2019-09-16 | 2019-12-20 | 广西师范大学 | Privacy protection method based on verifiable symmetric searchable encryption |
| CN110933026A (en) * | 2019-10-22 | 2020-03-27 | 东北大学 | Lightweight privacy protection equivalent query method |
| CN110933026B (en) * | 2019-10-22 | 2021-06-04 | 东北大学 | Lightweight privacy protection equivalent query method |
| CN113343258A (en) * | 2021-06-09 | 2021-09-03 | 哈尔滨学院 | Attribute-based agent re-encryption method applicable to lattice-based ciphertext strategy shared by body test result cloud |
| CN113569271A (en) * | 2021-09-27 | 2021-10-29 | 深圳前海环融联易信息科技服务有限公司 | Threshold proxy re-encryption method and system based on attribute condition |
| CN113904818A (en) * | 2021-09-27 | 2022-01-07 | 九江学院 | Lightweight fine-grained access control method supporting ciphertext sharing and aggregation |
| CN113569271B (en) * | 2021-09-27 | 2022-01-25 | 深圳前海环融联易信息科技服务有限公司 | Threshold proxy re-encryption method based on attribute condition |
| CN113904818B (en) * | 2021-09-27 | 2023-04-18 | 九江学院 | Lightweight fine-grained access control method supporting ciphertext sharing and aggregation |
| CN114257446A (en) * | 2021-12-20 | 2022-03-29 | 湖北工业大学 | Data access control method based on searchable encryption and computer equipment |
| CN114257446B (en) * | 2021-12-20 | 2023-05-23 | 湖北工业大学 | Data access control method based on searchable encryption and computer equipment |
| CN114615050A (en) * | 2022-03-08 | 2022-06-10 | 中山大学 | Verifiable searchable symmetric encryption method based on block chain storage |
| CN114615050B (en) * | 2022-03-08 | 2023-03-28 | 中山大学 | Verifiable searchable symmetric encryption method based on block chain storage |
Also Published As
| Publication number | Publication date |
|---|---|
| CN109740364B (en) | 2020-12-15 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Sun et al. | Blockchain-based secure storage and access scheme for electronic medical records in IPFS | |
| CN112765650B (en) | Attribute-based searchable encrypted blockchain medical data sharing method | |
| Zhang et al. | Searchable encryption for healthcare clouds: A survey | |
| CN109740364A (en) | The cipher text searching method based on attribute of controllable search permission | |
| CN107682353B (en) | A kind of health account access control method in electron medical treatment cloud | |
| Ying et al. | A lightweight policy preserving EHR sharing scheme in the cloud | |
| CN104021157B (en) | Keyword in cloud storage based on Bilinear map can search for encryption method | |
| Zaghloul et al. | P-MOD: Secure privilege-based multilevel organizational data-sharing in cloud computing | |
| Yao et al. | Privacy-preserving search over encrypted personal health record in multi-source cloud | |
| Chaudhari et al. | Keysea: Keyword-based search with receiver anonymity in attribute-based searchable encryption | |
| CN105024802B (en) | Multi-user's multi-key word based on Bilinear map can search for encryption method in cloud storage | |
| CN106921674A (en) | The re-encryption semanteme of acting on behalf of that quantum is attacked after anti-can search for encryption method | |
| Pham et al. | Survey on secure search over encrypted data on the cloud | |
| CN112989375B (en) | Hierarchical optimization encryption lossless privacy protection method | |
| Huang et al. | FSSR: Fine-grained EHRs sharing via similarity-based recommendation in cloud-assisted eHealthcare system | |
| CN106850656A (en) | Multi-user's file-sharing control method under a kind of cloud environment | |
| CN108092972A (en) | A kind of more authorization centers can search for encryption method based on attribute | |
| CN109981643A (en) | A kind of inquiry authorization of fine granularity can search for encryption method and system | |
| CN108632385A (en) | Multiway tree data directory structure cloud storage method for secret protection based on time series | |
| CN109451077A (en) | The model that medical cloud search permission is shared | |
| Du et al. | A Lightweight Blockchain‐based Public‐Key Authenticated Encryption with Multi‐Keyword Search for Cloud Computing | |
| Verma | Secure client-side deduplication scheme for cloud with dual trusted execution environment | |
| Chen et al. | Multi-user boolean searchable encryption supporting fast ranking in mobile clouds | |
| Liu et al. | Verifiable attribute-based keyword search encryption with attribute revocation for electronic health record system | |
| Almarwani et al. | Flexible Access Control and Confidentiality over Encrypted Data for Document-based Database. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |