CN102843372A - Order-preserving encryption method based on random interval partition - Google Patents
Order-preserving encryption method based on random interval partition Download PDFInfo
- Publication number
- CN102843372A CN102843372A CN2012103109011A CN201210310901A CN102843372A CN 102843372 A CN102843372 A CN 102843372A CN 2012103109011 A CN2012103109011 A CN 2012103109011A CN 201210310901 A CN201210310901 A CN 201210310901A CN 102843372 A CN102843372 A CN 102843372A
- Authority
- CN
- China
- Prior art keywords
- tree
- character string
- weight
- node
- character
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 48
- 238000005192 partition Methods 0.000 title abstract description 5
- 230000008569 process Effects 0.000 claims description 12
- 101100217298 Mus musculus Aspm gene Proteins 0.000 claims description 6
- 238000010606 normalization Methods 0.000 claims description 4
- 230000002441 reversible effect Effects 0.000 claims description 3
- 238000004458 analytical method Methods 0.000 abstract description 3
- 238000012946 outsourcing Methods 0.000 abstract description 3
- 238000012360 testing method Methods 0.000 description 14
- 238000005516 engineering process Methods 0.000 description 3
- 230000008901 benefit Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 2
- 230000008878 coupling Effects 0.000 description 2
- 238000010168 coupling process Methods 0.000 description 2
- 238000005859 coupling reaction Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 239000006185 dispersion Substances 0.000 description 2
- 230000003068 static effect Effects 0.000 description 2
- 241000208340 Araliaceae Species 0.000 description 1
- 235000005035 Panax pseudoginseng ssp. pseudoginseng Nutrition 0.000 description 1
- 235000003140 Panax quinquefolius Nutrition 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000002507 cathodic stripping potentiometry Methods 0.000 description 1
- 239000004020 conductor Substances 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 235000008434 ginseng Nutrition 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 238000001583 randomness test Methods 0.000 description 1
- 238000011084 recovery Methods 0.000 description 1
- 238000000638 solvent extraction Methods 0.000 description 1
- 230000007480 spreading Effects 0.000 description 1
- 238000007619 statistical method Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
- 239000011800 void material Substances 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The invention relates to an order-preserving encryption method based on random interval partition. The method provides a weighted random interval partition algorithm and an order-preserving random interval tree according to the fact that an existing algorithm is generated by random numbers based on interval partition, and the safe problem existing in the fact that intervals are divided in fixed mode is resolved. The order-preserving encryption method can effectively resolves the problem of order-preserving and encryption of character string data, analysis and testament show that the order-preserving encryption method has linear encryption time and decryption time and constant level ciphertext expansion rate, and can effectively resist exhaustive attack and attack based on statistic analysis. The order-preserving encryption method is specially suitable for outsourcing storage of confidential data, can effectively resolve the problem of matching, scope inquiring, relational calculus and other operations of ciphertext data.
Description
[technical field]
The invention belongs to field of information security technology, be specifically related to a kind of order-preserving encipherment scheme of dividing based on the random interval (Order-Preserving Encryption Scheme based on Random Interval Division, RID-OPES).
[background technology]
Commercialization along with cloud computing; Increasing company has released the cloud storage products of oneself; No matter be enterprise-oriented Amazon S3, towards developer's Database.com, towards individual's DropBox; Still the iCloud on the portable terminal has appeared in our life.Yet; Survey institute CBIResearch related data shows: at present; Nearly about 80% enterprise is unwilling the interior business data are placed on the publicly-owned cloud, and reason mainly is from the consideration to data safety, simultaneously; More and more frequent privacy of user is revealed incident also makes the have nothing for it but fail safe of cloud storage of personal user produce worry, and the personal secrets problem has become and hinders one of principal element that the cloud storage uses.The personal secrets problem of cloud computing comes from the characteristics of its data outsourcing and service lease; The user has just lost the direct control to data, cloud service supplier (Cloud Service Providers from the data of oneself being given a moment of cloud computing platform trustship; CSPs) can be under the situation that does not receive access rights control constraint the data of calling party; Therefore, if the cloud service supplier itself is exactly incredible, the user's data privacy will inevitably be invaded so; On the other hand; Even the cloud service supplier is believable, the assailant also might walk around the authentication mechanism of cloud platform, gets access to user's data through direct mode of visiting lower floor's file or initial data.
The most directly method that solves above-mentioned privacy concern is encrypted exactly.The user encrypts private data in this locality, ciphertext is stored in the cloud platform carries out trustship, and when needs used data, user Xiang Yun platform application encrypt data remake use after decipher this locality.Yet the conventional cryptography algorithm is not supported the arithmetic operation to ciphertext mostly, and this can cause; On the one hand, the effective retrieval to enciphered data is difficult to realize through traditional information retrieval mode that this problem will be particularly outstanding after user data forms scale beyond the clouds than big or data; In order to retrieve the data that oneself need; The user has to big file, or the heap file in high in the clouds transmits go back to this locality, and deciphering is retrieved one by one again; This just requires the user to have the high network bandwidth; The terminal that has high operational capability simultaneously is to support the needs of mass data deciphering, and even so, the time waste that causes in file transfer and the decrypting process also can greatly reduce the enthusiasm that the user uses the cloud storage.On the other hand; The cloud service supplier carries out application extension and also can meet difficulty on the cloud platform; For example, the user need sort to the data in high in the clouds obtaining near the own result who requires, or inquires about the data whether oneself needs is arranged in certain scope; And the cloud computing supplier can feel simply helpless, and this has weakened the range of application and the advantage of cloud computing greatly.
The order-preserving AES (Order-Preserving Encryption, encryption function OPE) can keep the expressly magnitude relationship between the numerical value, that is, and and to p expressly arbitrarily
1<p
2, the ciphertext that obtains after the encryption satisfies c
1<c
2Utilize the order-preserving AES, the coupling of encrypt data, range query, operations such as ordering can effectively be resolved, however meanwhile, magnitude relationship between the order-preserving AES has exposed expressly is to have sacrificed certain fail safe as cost.How to utilize under the prerequisite of isotonicity, improving the fail safe and the operational efficiency of order-preserving AES as much as possible, and be applied under the cloud computing storage environment, solving the retrieval bottleneck of cloud platform, having important significance for theories and using value.
[summary of the invention]
The objective of the invention is to propose a kind of order-preserving encryption method (RID-OPES) of dividing, to solve the problems of the technologies described above based on the random interval.
In order to realize appealing purpose, the present invention adopts following technical scheme:
A kind of order-preserving encryption method of dividing based on the random interval, input expressly string assemble are that { pl}, encryption key are K
EncSaid order-preserving encryption method comprises encryption method: step 1: use pretreatment module to { each plaintext character string is carried out 16 scale codings among the pl}, obtains the numeric character set of strings { ns} of 16 systems; { occurrence number of each 16 system character among the ns}, the occurrence number of character λ equal character string number in the set to the pretreatment module statistics, obtain character frequency weights W=(w after the normalization
λ, w
0..., w
F); Step 2: hash algorithm SHA1 safe in utilization is by encryption key K
EncGenerate main seed sd
pStep 3: weights W is written to encryption key K
EncThe end obtains decruption key K
cStep 4: initialization ciphertext string assemble
Step 5: set up the weight tree according to W; Step 6: if { ns} disposes, so output { ci} and K
Dec, stop algorithm; Step 7: otherwise from { taking out a undressed numeric character string ns the ns}, use the OPRIT algorithm that ns is encrypted, obtain ciphertext character string ci, ci is added the ciphertext string assemble { among the ci}, return step 6.
The present invention further improves and is: pretreatment module is read in clear data with the form of character stream in the step 1, and the character in the character stream is encoded, and character stream is converted into value corresponding character string ns; Numeric character string after the coding keeps the dictionary order relation between the former character string; This coded system is reversible.
The present invention further improves and is: a kind of use of step was said UTF-16BE character set in first Unicode plane of adjustment as the basis of encoding, and adjusted character set still satisfies isotonicity and invertibity; UTF-16BE character set in adjusted first Unicode plane is:
The present invention further improves and is: for coding back numeric character string ns, and the occurrence number of each numeric character that occurs among the pretreatment module statistics ns, and divided by the sum of ns numeric character, the weights of each numeric character frequency of occurrences of represents.
The present invention further improves and is: the tree of weight described in the step 5 is a binary tree, and the weight of its father node is a left and right sides child node weight sum, and the root node weight is all leaf node weight sums; The weight tree is adopted the bottom-up progressively foundation of recursive mode, for given weights W and subinterval number n, at first sets up the S set that contains n tree, and every tree has only a node among the S, and wherein the value of i node is w
i, afterwards, adopt following mode that the tree among the S is merged: if having only one tree T among 5.1 S, to return T so, carry out and finish; 5.2 otherwise S is divided equally is two sub-set S
lAnd S
r, S
lAnd S
rBe respectively left-half and the right half part of S, and continue S
lAnd S
rMerge respectively and obtain two stalks tree T
lAnd T
rSet up a new tree T, T
lAnd T
rAs left subtree and the right subtree of T, the weights of the root node of T are T respectively
lAnd T
rRoot node weights sum is returned T.
The present invention further improves and is: the algorithm of OPRIT described in the step 7 is: input: 7.1, numeric character string ns; 7.2, main seed sd
pOutput: ciphertext character string ci; Step: 8.1, with domain of definition D=[min max) evenly is divided into N disjoint barrel of J (1) ..., J (N), the size of each barrel is (max-min)/N; 8.2, add terminal ns ← ns+ λ at last at the numeric character string, initialization ciphertext character string ci is a null character string; 8.3, the interval I ← D of the root node of initialization OPRIT, initialization seed sd ← sd
p8.4, take out undressed first numeric character m ∈ among the ns λ, 0 ... F} calls the wRID algorithm, calculates the interval I of the individual child node at random of m of I according to sd
m, make I ← I
mIf 8.5
I=1 wherein ..., N has so arrived the value node that can not divide, obtains ciphertext value r according to sd value in I, converts r into character string, joins the afterbody ci ← ci+r of ciphertext character string, returns step 8.3; Otherwise continue to carry out; 8.6 if m=λ has so arrived the character string end, obtain ciphertext value r according to sd value in I, convert r into character string, join the afterbody ci ← ci+r of ciphertext character string, output ci, algorithm finishes; Otherwise continue to carry out; 8.7, this node is non-leaf node, calculates the seed sd that next time divides ← (sd+m), return step 8.4 according to m.
The present invention further improves and is: the wRID algorithm that calls in the OPRIT algorithm is: input: 10.1, treat I between dividing regions; 10.2, initial seed sd; 10.3, subinterval numbering m; Output: m the Weighted random subinterval I of I
mStep: 11.1, initialization node n is the root node of weight tree, and the initialization interval [α, β) ← I, seed sd
l=nextLeft (sd), sd
r=nextRight (sd), wherein, nextLeft and nextRight are two randomizers; 11.2 if n is a leaf node, make I
m← [α β), returns I
m, finish algorithm; 11.3, for node n, have weight w, its left and right sides child nodes n
lAnd n
rHas weight w respectively
lAnd w
r, at first create two [0,1) separate even pseudo-random variable R in the scope
l(sd
l) and R
r(sd
r), use R respectively
l(sd
l) and R
r(sd
r) two pseudo random number r of generation
1And r
r, calculate
If 11.4 m the leaf node of weight tree in the left subtree of n, so, β=α+(the * x of β-α), n ← n
l, sd
l=nextLeft (sd
l), sd
r=nextLeft (sd
r), return step 11.2; 11.5 otherwise, if m the leaf node of weight tree in the right subtree of n, α=α+(the * x of β-α), n ← n so
r, sd
l=nextRight (sd
l), sd
r=nextRight (sd
r), return step 11.2.
The present invention further improves and is: said order-preserving encryption method also comprises decryption method, input ciphertext string assemble { ci}, decruption key K
Dec, decrypting process comprises the steps: steps A: from decruption key K
DecWeights W is extracted at the end; Step B: hash algorithm SHA1 safe in utilization is by decruption key K
DecGenerate main seed sd
pStep C: initialization is string assemble expressly
Step D: set up the weight tree according to W; Step e: if { ci} disposes, and { pl} stops algorithm in output so; Step F: otherwise from { taking out a undressed ciphertext character string ci the ci}, use the OPRIT algorithm that ci is deciphered, obtain expressly character string pl, pl is added the ciphertext string assemble { among the pl}, return step e.
The present invention further improves and is: decruption key K
DecComprise decryption key K
EncFull content outside, also comprise numeric character frequency weight W=(w
λ, w
0..., w
F).
The present invention further improves and is: the tree of weight described in the step D is a binary tree, and the weight of its father node is a left and right sides child node weight sum, and the root node weight is all leaf node weight sums; The weight tree is adopted the bottom-up progressively foundation of recursive mode, for given weights W and subinterval number n, at first sets up the S set that contains n tree, and every tree has only a node among the S, and wherein the value of i node is w
i, afterwards, adopt following mode that the tree among the S is merged: if having only one tree T among 6.1 S, to return T so, carry out and finish; 6.2 otherwise S is divided equally is two sub-set S
lAnd S
r, S
lAnd S
rBe respectively left-half and the right half part of S, and continue S
lAnd S
rMerge respectively and obtain two stalks tree T
lAnd T
rSet up a new tree T, T
lAnd T
rAs left subtree and the right subtree of T, the weights of the root node of T are T respectively
lAnd T
rRoot node weights sum is returned T.
With respect to prior art; The present invention has the following advantages: the present invention is on the basis of existing random number generating algorithm based on interval division; Random interval partitioning algorithm (the weighted Random Interval Division of weighting has been proposed; WRID) (Order-Preserving Random Interval Tree OPRIT), has overcome the safety problem of in a fixed manner interval being divided existence with order-preserving random interval tree; The inventive method can effectively solve the order-preserving cryptography issue of string data; Analysis and test shows; The inventive method has the linear encrypt and decrypt time, and the ciphertext spreading rate of constant level can effectively be resisted exhaustive attack and based on the attack of statistical analysis.The inventive method is particularly suitable for the outsourcing storage of confidential data, the operations such as coupling, range query and relational calculus that can effectively solve encrypt data.
[description of drawings]
Fig. 1 is that 6 work songs are divided gained random interval diagrammatic sketch interval preceding 100 times; Shown in the discreteness test process, be numbered 6 subinterval in preceding 100 partition process, the distribution situation of resulting subinterval at random in the domain of definition represented number of rounds of tests with reference to transverse axis among the figure, and the longitudinal axis is represented the domain of definition; The figure middle conductor is represented each resulting subinterval, back of dividing, and compares with table 1, and Fig. 1 has showed that more intuitively use wRID carries out the effect of random division to domain of definition interval.
Fig. 2 is the map of weights and the actual division ratio mean value of wRID; Fig. 2 repeats the domain of definition [0,10
10) carry out random division 1000 times; Divide each time and use different seeds; Each each the cross-talk interval, back of dividing of statistics accounts for the ratio of whole domain of definition length, and calculates and divide its average of back for all 1000 times, and compares with the weights of every section siding-to-siding block length; Represent numeric character with reference to transverse axis among the figure, the longitudinal axis is represented the probability that this character occurs; Presentation of results among the figure, every cross-talk interval of using the wRID weighting to obtain account for the given weights that equal that the expectation of whole domain of definition ratio can be similar to.
Fig. 3 is that time diagram on average encrypted in the single character of three kinds of algorithms; Shown that three kinds of single characters of algorithm encrypt the situation of change of time with string length; The domain of definition size of LazySample gets 256 among the figure; Transverse axis is represented the length of English character string among the reference figure, and the longitudinal axis is represented the encryption time of single character.As can be seen from the figure, when string length more in short-term, the influence of the initialization time of algorithm to total encryption time is bigger, RID-OPES is superior to all the other two kinds of algorithms to short character string encryption performance; When character length greater than 1000 the time, the character string encryption time becomes the key factor of total encryption time of influence, three kinds of algorithm for encryption time all levels off to stable, when string length is 10
4The time, the enciphering rate of OPES is the fastest, its T
ChBe 0.0016ms, RID-OPES takes second place, and be 0.0123ms, and LazySample is 0.0512ms.
Fig. 4 is that three kinds of algorithm for encryption times are with domain of definition size variation situation map; Shown that when domain of definition size variation three kinds of algorithms are that 100 character string is encrypted the required time situation to length, represent domain of definition size with reference to transverse axis among the figure, the longitudinal axis is represented the encryption time; As can be seen from the figure; The encryption time of RID-OPES and OPES does not receive the influence of domain of definition size basically; And the encryption time of LazySample can be exponential growth along with the increase of the domain of definition, and when the domain of definition was big, the encryption efficiency of LazySample will receive very big influence.
Fig. 5 a and Fig. 5 b encrypt the ciphertext comparison diagram that in the domain of definition, distributes for using degneracy and random value respectively; Using 1000 length is that 100 random string sample is tested; And use the input of numeric character frequency weight that statistics obtains and one group of numerical value that generates at random respectively as wRID; Shown in the distribution of weights and random value such as Fig. 5 a; Wherein transverse axis is represented numeric character, and the longitudinal axis is represented the frequency of occurrences.For the frequency distribution of ciphertext numerical value that encryption is obtained is added up; The domain of definition is divided into 20 equal-sized intervals, and statistics drops on counting of ciphertext value in each interval, shown in result such as Fig. 5 b; Wherein transverse axis is represented interval numbering, and the longitudinal axis is represented to count in the interval.
Fig. 6 a and Fig. 6 b be weight tree and with the corresponding relation exemplary plot of interval division; With an example description weight tree and with the corresponding relation of interval division; Wherein (Fig. 6 a) has provided a weight with 7 leaf nodes and has set example; Fig. 6 (b) shown (Fig. 6 a) in the corresponding relation of weight tree and interval division; Can find out that the leaf node number of weight tree equals the number in the subinterval of required division, the ratio of the value in the leaf node is actually the division proportion when with fixed form the interval being divided.
[embodiment]
Below in conjunction with description of drawings and embodiment the present invention is explained further details.
A kind of order-preserving encryption method (RID-OPES) of dividing based on the random interval of the present invention comprises encrypt and decrypt two sub-processes, establishes input plaintext string assemble for { pl}, encryption key are K
Enc, then ciphering process specifically comprises the steps:
Step 1: use pretreatment module to { each plaintext character string is carried out 16 scale codings among the pl}, obtains the numeric character set of strings { ns} of 16 systems; The pretreatment module statistics each 16 system character among the ns} (0 ..., occurrence number F), the occurrence number of character λ equal character string number in the set, obtain character frequency weights W=(w after the normalization
λ, w
0..., w
F);
Pretreatment module is read in clear data with the form of character stream, and the character in the character stream is encoded, and character stream is converted into value corresponding character string ns.Coding method need be satisfied 2 conditions: first condition is an isotonicity, and in order to satisfy the demand that follow-up order-preserving is encrypted, coded system must also be order-preserving, and the numeric character string after the coding must be able to keep the dictionary order relation between the former character string; Second condition is invertibity, and coded system must be reversible, uses the numeric character string, the necessary former character string of recovery that can be errorless, and prefix code can satisfy this requirement.The present invention has used first Unicode plane (BMP; Sign indicating number position is from U+0000 to U+FFFF) in the UTF-16BE character set as the basis of coding; It is adjusted, and as shown in table 3, adjusted character set still satisfies isotonicity and invertibity demand; Have better average code length simultaneously, the situation of periodically filling identical characters has also obtained solution.
UTF-16BE character set adjustment cross-reference among the table 1BMP
In order to satisfy the needs of follow-up encryption, for coding back numeric character string ns, the occurrence number of each numeric character that occurs among the pretreatment module statistics ns, and divided by the sum of ns numeric character, the weights of each numeric character frequency of occurrences of represents.
Step 2: hash algorithm SHA1 safe in utilization is by encryption key K
EncGenerate main seed sd
p
Encryption key comprises quantity three parts of encrypted ones, domain of definition size and target bucket J (i); Wherein the quantity of the size of the domain of definition and target bucket is optional; If the user does not clearly specify; Algorithm will Use Defaults (domain of definition size for [0,1E+18), the quantity of bucket is 1E+7) be provided with.
Step 3: weights W is written to encryption key K
EncThe end obtains decruption key K
Dec
Step 4: initialization ciphertext string assemble
Step 5: set up the weight tree based on W;
The weight tree is a binary tree, and the weight of its father node is a left and right sides child node weight sum, and the root node weight is all leaf node weight sums.The weight tree exists corresponding relation with interval division; Fig. 6 (a) has provided a weight tree example with 7 leaf nodes; Fig. 6 (b) has shown the corresponding relation of middle weight tree of Fig. 6 (a) and interval division; Can find out that the leaf node number of weight tree equals the number in the subinterval of required division, the ratio of the value in the leaf node is actually the division proportion when with fixed form the interval being divided.Value in the non-leaf node of weight tree, be actually merge between adjacent subarea after, proportion among input interval.
The weight tree can be adopted the bottom-up progressively foundation of recursive mode, for given weights W and subinterval number n, at first sets up the S set that contains n tree, and every tree has only a node among the S, and wherein the value of i node is w
i, afterwards, adopt following mode that the tree among the S is merged:
If have only one tree T among 1 S, return T so, carry out and finish;
2 otherwise S is divided equally is two sub-set S
lAnd S
r, S
lAnd S
rBe respectively left-half and the right half part of S, and continue S
lAnd S
rMerge respectively and obtain two stalks tree T
lAnd T
rSet up a new tree T, T
lAnd T
rAs left subtree and the right subtree of T, the weights of the root node of T are T respectively
lAnd T
rRoot node weights sum is returned T;
Step 6: if { ns} disposes, so output { ci} and K
Dec, stop algorithm;
Step 7: otherwise from { taking out a undressed numeric character string ns the ns}, use the OPRIT algorithm that ns is encrypted, obtain ciphertext character string ci, ci is added the ciphertext string assemble { among the ci}, return step 6;
The OPRIT arthmetic statement is following:
Input:
1, numeric character string ns;
2, main seed sd
p
Output: ciphertext character string ci;
Step:
1, with domain of definition D=[min max) evenly is divided into N disjoint barrel of J (1) ..., J (N), the size of each barrel is (max-min)/N;
2, add terminal ns ← ns+ λ at last at the numeric character string, initialization ciphertext character string ci is a null character string;
3, the interval I ← D of the root node of initialization OPRIT, initialization seed sd ← sd
p
4, take out undressed first numeric character m ∈ among the ns λ, 0 ... F} calls the wRID algorithm, calculates the interval I of the individual child node at random of m of I according to sd
m, make I ← I
m
If 5
i=1 wherein;, N has so arrived the value node that can not divide; Obtain ciphertext value r according to sd value in I; Convert r into character string, join the afterbody ci ← ci+r of ciphertext character string, return step 3; Otherwise continue to carry out;
If 6 m=λ have so arrived the character string end, obtain ciphertext value r based on sd value in I, convert r into character string, join the afterbody ci ← ci+r of ciphertext character string, output ci, algorithm finishes; Otherwise continue to carry out;
7, this node is non-leaf node, the seed sd that calculating is divided next time according to m ← (sd+m), return step 4.The wRID arthmetic statement is following:
Input:
1, treats I between dividing regions;
2, initial seed sd;
3, subinterval numbering m;
Output: m the Weighted random subinterval I of I
m
Step:
1, initialization node n is the root node of weight tree, and the initialization interval [α, β) ← I, seed sd
l=nextLeft (sd), sd
r=nextRight (sd), wherein, nextLeft and nextRight are two randomizers;
If 2 n are leaf nodes, make I
m← [α β), returns I
m, finish algorithm;
3, for node n, has weight w, its left and right sides child nodes n
lAnd n
rHas weight w respectively
lAnd w
r, at first create two [0,1) separate even pseudo-random variable R in the scope
l(sd
l) and R
r(sd
r), use R respectively
l(sd
l) and R
r(sd
r) two pseudo random number r of generation
lAnd r
r, calculate
If m the leaf node of 4 weights trees in the left subtree of n, so, β=α+(the * x of β-α), n ← n
l, sd
l=nextLeft (sd
l), sd
r=nextLeft (sd
r), return step 2;
5 otherwise, if m the leaf node of weight tree in the right subtree of n, α=α+(the * x of β-α), n ← n so
r, sd
l=nextRight (sd
l), sd
r=nextRight (sd
r), return step 2.
A kind of order-preserving encryption method of dividing based on the random interval of the present invention is a kind of AES of symmetry, and its decrypting process is similar to the inverse process of ciphering process, but processing procedure is different with encryption; Since can't add up weights information expressly through ciphertext, therefore, in the OPRIT algorithm; Weights W has been write in the encryption key; Generated the decruption key that comprises weights information, in the decryption step of RID-OPES, can be from decruption key; Weights information is recovered, to set up the weight tree.If input ciphertext string assemble { ci}, decruption key K
Dec, then decrypting process comprises the steps:
Step 1: from decruption key K
DecWeights W is extracted at the end;
The decruption key of RID-OPES also comprises numeric character frequency weight W=(w except the full content that comprises encryption key
λ, w
0..., w
F).
Step 2: hash algorithm SHA1 safe in utilization is by decruption key K
DecGenerate main seed sd
p
Step 3: initialization is string assemble
expressly
Step 4: set up the weight tree according to W, this step is identical with ciphering process;
Step 5: if { ci} disposes, and { pl} stops algorithm in output so;
Step 6: otherwise from { taking out a undressed ciphertext character string ci the ci}, use the OPRIT algorithm that ci is deciphered, obtain expressly character string pl, pl is added the ciphertext string assemble { among the pl}, return step 5;
In order to evaluate and test performance of the present invention, the inventor tests RID-OPES under stand-alone environment, and its hardware environment is as shown in the table.
The hardware test environment of table 2RID-OPES
The STE of table 3RID-OPES
The RID-OPES algorithm is the order-preserving AES to string data, and the present invention has used the random character set of strings as test sample book, uses following function to realize the generation of sample:
public?static?void?makeSample(int?sampleNum,int?len,String?path)
Wherein, shape ginseng sampleNum is the number of data centralization random string, and ln is the length of each character string; If ln is 0, the length of each character string produces at random so, and path is the store path of sample; Each character in the character string, from following set, choosing at random:
static?char[][]range=new?char[][]{{'0','9'},{'a','z'},{'\u4E00','\u9FA5'},{'A','Z'}};
This set has comprised whole Arabic numerals, English capital and small letter character and Chinese character.
The inventor uses the correlation between the random division that different seeds produce, and two aspects of the discreteness of random division, and the randomness of wRID is tested, and test index comprises coefficient R and coefficient of variation V
σ, coefficient R has reflected the correlation between two stochastic variables, if R approaches 1 more, the correlation between two stochastic variables is strong more so, and if | R|=0, uncorrelated between two stochastic variables so; The coefficient of variation is normalization tolerance of probability distribution dispersion degree, the coefficient of variation is less than one distribution, is called low difference, and the coefficient of variation is greater than one distribution, be called the discrepancy in elevation other.The inventor has observed wRID and a scale has been the test result on 1000 the random character set of strings, and is as shown in table 4, finds that wRID is low to interval random division correlation, and dispersion degree is high, has very strong randomness.
The randomness test result of table 4wRID
On the other hand, for the every cross-talk interval of checking wRID after dividing account for the expectation of whole domain of definition ratio approximate equal given weights, the inventor repeats the domain of definition [0,10
10) carry out random division 1000 times; Divide each time and use different seeds; Each each the cross-talk interval, back of dividing of statistics accounts for the ratio of whole domain of definition length, and calculates and divide its average of back for all 1000 times, and compares with the weights of every section siding-to-siding block length; Find that from experimental result wRID can realize the function of weighting.
The inventor tests the time efficiency of RID-OPES; And compare with OPES and LazySample algorithm; Because three kinds of algorithms all are symmetric encipherment algorithms, therefore only the encryption time is compared, in test process; All use the English character string as sample, do not receive the influence of character types with the string length behind the assurance coding.For the time performance of three kinds of algorithms is weighed, the average encryption time that defines single character is following:
Test result shows, when string length more in short-term, the influence of the initialization time of algorithm to total encryption time is bigger, RID-OPES is superior to all the other two kinds of algorithms to short character string encryption performance; When character length greater than 1000 the time, the character string encryption time becomes the key factor of total encryption time of influence, three kinds of algorithm for encryption time all levels off to stable, when string length is 10
4The time, the enciphering rate of OPES is the fastest, and RID-OPES takes second place, but its difference can be ignored.
Ability for the anti-exhaustive attack of test the present invention; The inventor is during to domain of definition size variation; Three kinds of algorithms are that 100 character string is encrypted required time and contrasted to length; The encryption time of RID-OPES and OPES does not receive the influence of domain of definition size basically, and the encryption time of LazySample can be exponential growth along with the increase of the domain of definition.
To the attack based on frequency, the inventor uses the input of weights as wRID, and the evenly distribution of satisfying that the ciphertext that obtains distributes and can be similar to uses random value then can't satisfy.Therefore, for string assemble arbitrarily, no matter its weights how, satisfying evenly that the distribution of using RID-OPES to encrypt the ciphertext value that obtains can both be similar to distributes, and RID-OPES can hide the weights information of plaintext effectively.Simultaneously, for the attack based on data length, the inventor generates the character string of 1000 length 20 at random, and the minimum length and the maximum length of the ciphertext character string that obtains of testing encryption, and is as shown in table 5:
The ciphertext character string corresponding plaintext string length situation of change of table 5 equal length
Can find out that for the fixing plaintext character string of length use RID-OPES to encrypt the ciphertext string length that obtains and have bigger excursion, therefore, RID-OPES can effectively resist the attack based on data length.
Claims (10)
1. an order-preserving encryption method of dividing based on the random interval is characterized in that, input expressly string assemble is that { pl}, encryption key are K
EncSaid order-preserving encryption method comprises encryption method:
Step 1: use pretreatment module to { each plaintext character string is carried out 16 scale codings among the pl}, obtains the numeric character set of strings { ns} of 16 systems; { occurrence number of each 16 system character among the ns}, the occurrence number of character λ equal character string number in the set to the pretreatment module statistics, obtain character frequency weights W=(w after the normalization
λ, w
0..., w
F);
Step 2: hash algorithm SHA1 safe in utilization is by encryption key K
EncGenerate main seed sd
p
Step 3: weights W is written to encryption key K
EncThe end obtains decruption key K
Dec
Step 4: initialization ciphertext string assemble
Step 5: set up the weight tree based on W;
Step 6: if { ns} disposes, so output { ci} and K
Dec, stop algorithm;
Step 7: otherwise from { taking out a undressed numeric character string ns the ns}, use the OPRIT algorithm that ns is encrypted, obtain ciphertext character string ci, ci is added the ciphertext string assemble { among the ci}, return step 6.
2. a kind of order-preserving encryption method of dividing according to claim 1 based on the random interval; It is characterized in that; Pretreatment module is read in clear data with the form of character stream in the step 1, and the character in the character stream is encoded, and character stream is converted into value corresponding character string ns; Numeric character string after the coding keeps the dictionary order relation between the former character string; This coded system is reversible.
3. a kind of order-preserving encryption method of dividing according to claim 2 based on the random interval; It is characterized in that; A kind of use of step was said UTF-16BE character set in first Unicode plane of adjustment as the basis of encoding, and adjusted character set still satisfies isotonicity and invertibity;
UTF-16BE character set in adjusted first Unicode plane is:
4. a kind of order-preserving encryption method of dividing according to claim 2 based on the random interval; It is characterized in that; For coding back numeric character string ns; The occurrence number of each numeric character that occurs among the pretreatment module statistics ns, and divided by the sum of ns numeric character, the weights of each numeric character frequency of occurrences of represents.
5. a kind of order-preserving encryption method of dividing according to claim 1 based on the random interval; It is characterized in that; The tree of weight described in the step 5 is a binary tree, and the weight of its father node is a left and right sides child node weight sum, and the root node weight is all leaf node weight sums; The weight tree is adopted the bottom-up progressively foundation of recursive mode, for given weights W and subinterval number n, at first sets up the S set that contains n tree, and every tree has only a node among the S, and wherein the value of i node is w
i, afterwards, adopt following mode that the tree among the S is merged: if having only one tree T among 5.1 S, to return T so, carry out and finish; 5.2 otherwise S is divided equally is two sub-set S
lAnd S
r, S
lAnd S
rBe respectively left-half and the right half part of S, and continue S
lAnd S
rMerge respectively and obtain two stalks tree T
lAnd T
rSet up a new tree T, T
lAnd T
rAs left subtree and the right subtree of T, the weights of the root node of T are T respectively
lAnd T
rRoot node weights sum is returned T.
6. a kind of order-preserving encryption method of dividing based on the random interval according to claim 1 is characterized in that the algorithm of OPRIT described in the step 7 is:
Input:
7.1, numeric character string ns;
7.2, main seed sd
p
Output: ciphertext character string ci;
Step:
8.1, with domain of definition D=[min max) evenly is divided into N disjoint barrel of J (1) ..., J (N), the size of each barrel is (max-min)/N;
8.2, add terminal ns ← ns+ λ at last at the numeric character string, initialization ciphertext character string ci is a null character string;
8.3, the interval I ← D of the root node of initialization OPRIT, initialization seed sd ← sd
p
8.4, take out undressed first numeric character m ∈ among the ns λ, 0 ... F} calls the wRID algorithm, calculates the interval I of the individual child node at random of m of I according to sd
m, make I ← I
m
8.5 if
i=1 wherein;, N has so arrived the value node that can not divide; Obtain ciphertext value r according to sd value in I; Convert r into character string, join the afterbody ci ← ci+r of ciphertext character string, return step 8.3; Otherwise continue to carry out;
8.6 if m=λ has so arrived the character string end, obtain ciphertext value r based on sd value in I, convert r into character string, join the afterbody ci ← ci+r of ciphertext character string, output ci, algorithm finishes; Otherwise continue to carry out;
8.7, this node is non-leaf node, calculates the seed sd that next time divides ← (sd+m), return step 8.4 according to m.
7. a kind of order-preserving encryption method of dividing based on the random interval according to claim 6 is characterized in that the wRID algorithm that calls in the OPRIT algorithm is:
Input:
10.1, treat I between dividing regions;
10.2, initial seed sd;
10.3, subinterval numbering m;
Output: m the Weighted random subinterval I of I
m
Step:
11.1, initialization node n is the root node of weight tree, initialization interval [α, β) ← I, seed sd
l=nextLeft (sd), sd
r=nextRight (sd), wherein, nextLeft and nextRight are two randomizers;
11.2 if n is a leaf node, make I
m← [α β), returns I
m, finish algorithm;
11.3, for node n, have weight w, its left and right sides child nodes n
lAnd n
rHas weight w respectively
lAnd w
r, at first create two [0,1) separate even pseudo-random variable R in the scope
l(sd
l) and R
r(sd
r), use R respectively
l(sd
l) and R
r(sd
r) two pseudo random number r of generation
lAnd r
r, calculate
If 11.4 m the leaf node of weight tree in the left subtree of n, so, β=α+(the * x of β-α), n ← n
l, sd
l=nextLeft (sd
l), sd
r=nextLeft (sd
r), return step 11.2;
11.5 otherwise, if m the leaf node of weight tree in the right subtree of n, α=α+(the * x of β-α), n ← n so
r, sd
l=nextRight (sd
l), sd
r=nextRight (sd
r), return step 11.2.
8. according to each described a kind of order-preserving encryption method of dividing in the claim 1 to 7, it is characterized in that said order-preserving encryption method also comprises decryption method, input ciphertext string assemble { ci}, decruption key K based on the random interval
Dec, decrypting process comprises the steps:
Steps A: from decruption key K
DecWeights W is extracted at the end;
Step B: hash algorithm SHA1 safe in utilization is by decruption key K
DecGenerate main seed sd
p
Step C: initialization is string assemble
expressly
Step D: set up the weight tree according to W;
Step e: if { ci} disposes, and { pl} stops algorithm in output so;
Step F: otherwise from { taking out a undressed ciphertext character string ci the ci}, use the OPRIT algorithm that ci is deciphered, obtain expressly character string pl, pl is added the ciphertext string assemble { among the pl}, return step e.
9. a kind of order-preserving encryption method of dividing based on the random interval according to claim 8 is characterized in that decruption key K
DecComprise decryption key K
EncFull content outside, also comprise numeric character frequency weight W=(w
λ, w
0..., w
F).
10. a kind of order-preserving encryption method of dividing according to claim 8 based on the random interval; It is characterized in that; The tree of weight described in the step D is a binary tree, and the weight of its father node is a left and right sides child node weight sum, and the root node weight is all leaf node weight sums; The weight tree is adopted the bottom-up progressively foundation of recursive mode, for given weights W and subinterval number n, at first sets up the S set that contains n tree, and every tree has only a node among the S, and wherein the value of i node is w
i, afterwards, adopt following mode that the tree among the S is merged: if having only one tree T among 6.1 S, to return T so, carry out and finish; 6.2 otherwise S is divided equally is two sub-set S
lAnd S
r, S
lAnd S
rBe respectively left-half and the right half part of S, and continue S
lAnd S
rMerge respectively and obtain two stalks tree T
lAnd T
rSet up a new tree T, T
lAnd T
rAs left subtree and the right subtree of T, the weights of the root node of T are T respectively
lAnd T
rRoot node weights sum is returned T.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210310901.1A CN102843372B (en) | 2012-08-28 | 2012-08-28 | Order-preserving encryption method based on random interval partition |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210310901.1A CN102843372B (en) | 2012-08-28 | 2012-08-28 | Order-preserving encryption method based on random interval partition |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102843372A true CN102843372A (en) | 2012-12-26 |
| CN102843372B CN102843372B (en) | 2014-12-10 |
Family
ID=47370432
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210310901.1A Expired - Fee Related CN102843372B (en) | 2012-08-28 | 2012-08-28 | Order-preserving encryption method based on random interval partition |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102843372B (en) |
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103414552A (en) * | 2013-07-31 | 2013-11-27 | 深圳信息职业技术学院 | Method and device for encrypting and decrypting by using binary tree traversal mode |
| CN104657673A (en) * | 2013-11-22 | 2015-05-27 | Sap欧洲公司 | Average-complexity ideal-security order-preserving encryption |
| CN105187192A (en) * | 2015-09-08 | 2015-12-23 | 广州六米网络科技有限公司 | Three-dimensional secret code encryption algorithm |
| CN107070847A (en) * | 2015-10-01 | 2017-08-18 | Sap欧洲公司 | Frequency hides order-preserving encryption |
| CN108039944A (en) * | 2017-12-15 | 2018-05-15 | 复旦大学 | Sequence encryption frame algorithm is taken off with forward security |
| CN109495430A (en) * | 2017-09-13 | 2019-03-19 | 杭州弗兰科信息安全科技有限公司 | It is a kind of based on let out sequence encryption decipherment algorithm |
| CN110188560A (en) * | 2019-05-29 | 2019-08-30 | 华南师范大学 | Information concealing method and robot system based on big data insertion and local behavior |
| CN112235111A (en) * | 2020-12-17 | 2021-01-15 | 腾讯科技(深圳)有限公司 | Key generation method, device, equipment and computer readable storage medium |
| CN113282910A (en) * | 2021-04-22 | 2021-08-20 | 中国科学院软件研究所 | Root key protection method for trusted computing trust root |
| CN113489699A (en) * | 2021-06-25 | 2021-10-08 | 北京电子科技学院 | Arithmetic coding-based order-preserving encryption system and method |
| CN113807530A (en) * | 2020-09-24 | 2021-12-17 | 京东科技控股股份有限公司 | Information processing system, method and device |
| CN115563634A (en) * | 2022-09-29 | 2023-01-03 | 北京海泰方圆科技股份有限公司 | Retrieval method, device, equipment and medium |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101115490B1 (en) * | 2011-11-07 | 2012-05-08 | 펜타시큐리티시스템 주식회사 | Order preserving encryption method |
-
2012
- 2012-08-28 CN CN201210310901.1A patent/CN102843372B/en not_active Expired - Fee Related
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| KR101115490B1 (en) * | 2011-11-07 | 2012-05-08 | 펜타시큐리티시스템 주식회사 | Order preserving encryption method |
Non-Patent Citations (3)
| Title |
|---|
| RUWEI HUANG、XIAOLIN GUI、SI YU、WEI ZHUANG: "《Research on Privacy-Preserving Cloud Storage Framework Supporting Ciphertext Retrieval 》", 《NETWORK COMPUTING AND INFORMATION SECURITY (NCIS), 2011 INTERNATIONAL CONFERENCE 》 * |
| YAN ZHAO、YONGCHENG LUO、JIAN WANG、JIAJIN LE: "《A novel privacy preserving approach for database security 》", 《TEST AND MEASUREMENT, 2009. ICTM "09. INTERNATIONAL CONFERENCE》 * |
| 黄汝维、桂小林、余思、庄威: "《云环境中支持隐私保护的可计算加密方法》", 《计算机学报》 * |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103414552B (en) * | 2013-07-31 | 2016-09-28 | 深圳信息职业技术学院 | One utilizes binary tree traversal mode to be encrypted, decryption method and device |
| CN103414552A (en) * | 2013-07-31 | 2013-11-27 | 深圳信息职业技术学院 | Method and device for encrypting and decrypting by using binary tree traversal mode |
| CN104657673B (en) * | 2013-11-22 | 2020-02-07 | Sap欧洲公司 | Computer-implemented method, computer system and computer-readable storage medium |
| CN104657673A (en) * | 2013-11-22 | 2015-05-27 | Sap欧洲公司 | Average-complexity ideal-security order-preserving encryption |
| CN105187192A (en) * | 2015-09-08 | 2015-12-23 | 广州六米网络科技有限公司 | Three-dimensional secret code encryption algorithm |
| CN105187192B (en) * | 2015-09-08 | 2018-11-13 | 广州六米网络科技有限公司 | The method for improving data transmission security in a computer network |
| CN107070847A (en) * | 2015-10-01 | 2017-08-18 | Sap欧洲公司 | Frequency hides order-preserving encryption |
| CN107070847B (en) * | 2015-10-01 | 2021-05-04 | Sap欧洲公司 | Frequency hidden order preserving encryption |
| CN109495430A (en) * | 2017-09-13 | 2019-03-19 | 杭州弗兰科信息安全科技有限公司 | It is a kind of based on let out sequence encryption decipherment algorithm |
| CN108039944B (en) * | 2017-12-15 | 2020-09-01 | 复旦大学 | De-ordering encryption framework algorithm with forward security |
| CN108039944A (en) * | 2017-12-15 | 2018-05-15 | 复旦大学 | Sequence encryption frame algorithm is taken off with forward security |
| CN110188560A (en) * | 2019-05-29 | 2019-08-30 | 华南师范大学 | Information concealing method and robot system based on big data insertion and local behavior |
| CN113807530A (en) * | 2020-09-24 | 2021-12-17 | 京东科技控股股份有限公司 | Information processing system, method and device |
| CN113807530B (en) * | 2020-09-24 | 2024-02-06 | 京东科技控股股份有限公司 | Information processing system, method and device |
| CN112235111A (en) * | 2020-12-17 | 2021-01-15 | 腾讯科技(深圳)有限公司 | Key generation method, device, equipment and computer readable storage medium |
| CN112235111B (en) * | 2020-12-17 | 2021-03-09 | 腾讯科技(深圳)有限公司 | Key generation method, device, equipment and computer readable storage medium |
| CN113282910A (en) * | 2021-04-22 | 2021-08-20 | 中国科学院软件研究所 | Root key protection method for trusted computing trust root |
| CN113489699A (en) * | 2021-06-25 | 2021-10-08 | 北京电子科技学院 | Arithmetic coding-based order-preserving encryption system and method |
| CN115563634A (en) * | 2022-09-29 | 2023-01-03 | 北京海泰方圆科技股份有限公司 | Retrieval method, device, equipment and medium |
| CN115563634B (en) * | 2022-09-29 | 2023-08-15 | 北京海泰方圆科技股份有限公司 | Retrieval method, device, equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102843372B (en) | 2014-12-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102843372B (en) | Order-preserving encryption method based on random interval partition | |
| Du et al. | Privacy-preserving indexing and query processing for secure dynamic cloud storage | |
| Yuan et al. | EncKV: An encrypted key-value store with rich queries | |
| US20130287210A1 (en) | Data processing apparatus and data storage apparatus | |
| US10341086B2 (en) | Method and system for providing encrypted data for searching of information therein and a method and system for searching of information on encrypted data | |
| US10733317B2 (en) | Searchable encryption processing system | |
| CN109740362A (en) | A kind of ciphertext index generation and search method and system based on entropy coding | |
| CN113037488B (en) | Format-preserving encryption method and decryption method based on cryptographic hash algorithm | |
| Cui et al. | A data masking scheme for sensitive big data based on format-preserving encryption | |
| Tosh et al. | Towards security of cyber-physical systems using quantum computing algorithms | |
| Günther et al. | {GPU-accelerated}{PIR} with {Client-Independent} Preprocessing for {Large-Scale} Applications | |
| Ha et al. | A secure deduplication scheme based on data popularity with fully random tags | |
| Yan et al. | High-speed privacy amplification scheme using GMP in quantum key distribution | |
| Zhu et al. | HCV: Practical Multi‐Keyword Conjunctive Query with Little Result Pattern Leakage | |
| Pervan et al. | Energy-efficient distributed password hash computation on heterogeneous embedded system | |
| Ye et al. | Intelligent encryption algorithm for cloud computing user behavior feature data | |
| Zhao et al. | Privacy-preserving ranked searchable encryption based on differential privacy | |
| Ding | Research on Big Data Encryption Algorithm Based on Data Redundancy Elimination Technology | |
| Du et al. | Database padding for dynamic symmetric searchable encryption | |
| Li et al. | Image Encryption for Wireless Sensor Networks with Modified Logistic Map and New Hash Algorithm | |
| Xiang et al. | Dynamic access control of encrypted data in cloud computing environment | |
| Geeta et al. | EAODBT: Efficient Auditing for Outsourced Database with Token Enforced Cloud Storage | |
| Blackledge et al. | On the Applications of Deterministic Chaos for Encrypting Data on the Cloud | |
| Beng et al. | An Optimization Approach Towards a Proof of Retrievability Scheme for Cloud Storage | |
| Zhang et al. | Research on Quantum Blockchain Domestic Cryptographic Algorithm Support Library |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20141210 |