CN108039944A - Sequence encryption frame algorithm is taken off with forward security - Google Patents

Sequence encryption frame algorithm is taken off with forward security Download PDF

Info

Publication number
CN108039944A
CN108039944A CN201711345342.7A CN201711345342A CN108039944A CN 108039944 A CN108039944 A CN 108039944A CN 201711345342 A CN201711345342 A CN 201711345342A CN 108039944 A CN108039944 A CN 108039944A
Authority
CN
China
Prior art keywords
algorithm
sequence
encryption
data
key
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201711345342.7A
Other languages
Chinese (zh)
Other versions
CN108039944B (en
Inventor
汪星辰
赵运磊
朱扬勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Fudan University
Original Assignee
Fudan University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Fudan University filed Critical Fudan University
Priority to CN201711345342.7A priority Critical patent/CN108039944B/en
Publication of CN108039944A publication Critical patent/CN108039944A/en
Application granted granted Critical
Publication of CN108039944B publication Critical patent/CN108039944B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

The invention belongs to art of cryptography, and sequence encryption frame algorithm is taken off specially with forward security.The present invention by former order-preserving encryption, take off sequence encryption be compiled as forward secrecy take off sequence encryption frame algorithm.Original order-preserving encryption takes off sequence and is encrypted as algorithmic notation and is, wherein three elements are respectivelyInitialization algorithm,Encryption Algorithm,Comparison algorithm;Compile form forward secrecy take off sequence encryption frame algorithm element group representation be, i.e.,Startup/initialization algorithm,Encryption Algorithm,

Description

Sequence encryption frame algorithm is taken off with forward security
Technical field
The invention belongs to art of cryptography, and in particular to take off sequence encryption side in forward secrecy technology and private key encryption Method.
Background technology
Pre-knowledge and symbology:
Hash function is used for a character string being converted into a numerical value or the string of a regular length etc..Typically, The input of hash function, i.e. any one character string (or connection of several character strings), are encoded as one { 0,1 } first* In 0-1 strings, it is then that 0-1 that hash function is acted on after conversion string input is upper so as to obtaining the 0-1 of a regular length String output.{ 0,1 } herein*What is represented is the set of all 0-1 strings.{0,1}1/ 0 expression is { 0,1 }1In member than 0 The set of element composition is (i.e.:Remove 01The set that the 0-1 strings that outer length is 1 are formed, here 01Represent that length is all 0 for 1 String).A basic function of the hash function in cryptography is to provide the conversion of one " unidirectional " and " impact resistant ", " single here To " refer to give a function the output generated at random obtain its input or it is preceding seem difficulty, " impact resistant (collision-resistant) " refer to that giving an input is difficult to find that another different input causes Hash letter The output phase of the number in the two difference inputs is same.Hash function returns can be very extensive:From a simple mixing (mixing) function to one have pseudo random output property function.Hash function with pseudo random output property is in password Often it is idealized as one " random oracle (random oracle) " in credit analysis.Common pseudo-random function is also for this. There are several hash functions to be widely used in cryptography:For example the data of random length are converted to one 128- by MD5 0-1 goes here and there, and the output of another common hash function SHA is the 0-1 strings of 160.Briefly, a hash function F is Target is unidirectional, if for the algorithm A of any probabilistic polynomial time, for randomly selected out from the function value one A element y, A can obtain x so that the probability of y=F (x) is negligible (relative to the length of y).More precisely say, The codomain of d is made to be denoted as, a hash function F be (relative toWith a function H) target is unidirectional, if for any general The algorithm A of rate polynomial time, for one fromIn the d that randomly selects, A (F, d) exports an information m ∈ { 0,1 } first*, Then for fromIn another d ' for randomly selecting, last A (F, d, m, d ') output m ' ∈ { 0,1 }*Meet dH (m)=d ' H The probability of (m ') is negligible.
Trapdoor displacement is a kind of special one-way permutation.Briefly it is defined as follows, when making a multinomial being defined on the D of domain Between algorithm tuple (Gen, Π, Inv) be a trapdoor permutation family (referred to as sometimes informal trapdoor displacement), it needs full Sufficient the following conditions:
Gen(1λ)→(I,td).A security parameter λ is inputted, parameter generation algorithm generates one group of parameter (I, td).So A pair of of set D of one group of parameter definitionI=Dtd, and meet that the length of I is more than or equal to λ.Sometimes we also not formally claim (I, Td) be respectively trapdoor displacement public key and private key.
Gen1(1λ)→I.Make Gen1It is one to perform Gen and only export I as the algorithm uniquely returned the result, then (Gen1, Π) and it is a single file permutation family.
Invtd(y)→x.Inv is a certainty converting algorithm, meets to be directed to per a pair by Gen (1λ) output (I, ) and any x ∈ D tdI=DtdAnd y=ΠI(x), Inv is ensuredtd(y)=x.To put it more simply, we are often InvtdIt is written as, while we by perform k >=1 time forward and reverse trapdoor displacement be expressed asWith
Forward secrecy retains encryption in attribute and attribute announcement field of encryption is used in dynamic symmetry and can search for adding first It is close, it is a very strong attribute.It is any on being newly inserted into data that forward secrecy means that past data manipulation will not cause Information leakage, and backward security means that past data manipulation will not cause any information leakage on new deletion data. We provide it for taking off the encrypted definition of sequence, as follows:
One leakage function is L, is forward secrecy for the sequence encryption of taking off that opponent's adaptive adversary is safety, its number According to the leakage L of insertion operationaddNeed to represent to become:
Ladd(add,Wadd)=L (add, INDadd)。
Wherein, WaddIt is the insertion of data into data collection for including the items such as its particular memory structure, pointer and constraint.INDaddOnly Represent to insert the tables of data of data in relevant database or take the data file that data are inserted in relevant database Set, and insertion data quantity.
It is that attribute retains the important encryption method encrypted and disclosed with attribute in encryption, and attribute that sequence encryption is encrypted and taken off in order-preserving It is the important member in private key encryption again to retain encryption and attribute to disclose encryption.Order-preserving encryption is to take off a kind of encrypted special form of sequence Formula, can trace back to the Order Preserving Encryption Method for being directed to numeric type data that Agrawal in 2004 et al. is delivered earliest.2009 Boldyreva et al. formally opens tide of the academia to order-preserving encryption research, has emerged in large numbers many securities with being weighed in efficiency The algorithm of weighing apparatus, generates the change of all multipair algorithm structures.Hereafter, Boneh et al. proposed to take off sequence encryption for the first time in 2015 A kind of algorithm.Since it uses multilinear pairing, inefficiency, just had many sequence Encryption Algorithm of taking off to weed out the old and bring forth the new in recent years. In addition the promotion of the first practical encrypting database system CryptDB delivered with Popa in 2013 et al., order-preserving are encrypted and taken off Sequence encryption is as its internal algorithm component in of great interest in recent years and exploitation.
Meet that a personal key algorithm is one and takes off sequence Encryption Algorithm, this algorithm can represent to be defined on perfection as one Algorithm tuple on the plaintext space of sequence:
ORE=(ORE.Setup, ORE.Encrypt, ORE.Compare);
And have the following properties that:
(1)ORE.Setup(1λ)→sk.A security parameter λ is inputted, which exports a private key and be used for subsequent algorithm Encryption;
(2)ORE.Encrypt(sk,m)→c.Using the private key previously produced, Encryption Algorithm encrypts the plaintext m of input As a ciphertext c that comparison algorithm can be utilized to disclose correct order.
(3)ORE.Compare(c1,c2)→n.Two ciphertexts are inputted, comparison function returns to a bit b ∈ { 0,1 } and discloses Both correct orders.
Perfect sequence above refers to that being similar to numeral, character string etc. must know that its is correct by normally comparing size The situation of order.In addition, it is not all take off sequence encryption all there is decipherment algorithm ORE.Decrypt, data owner can lead to Cross binary chop ciphertext data.
Order-preserving encryption is to take off a kind of encrypted special circumstances of sequence, it is only necessary to which it is equally perfect that the encrypted cryptogram space of sequence is taken off in order Sequence, be normal size comparative approach with season comparison algorithm.
At present, sequence encryption or order-preserving encryption are taken off not clearly with forward secrecy.Uniquely there is approach to realize preceding to peace That complete is the POPE (partial order-preserving encryption) that Roche et al. is delivered for 2016.The algorithm frame Structure uses tree structure, and is placed in inquiry phase execution since server is interacted the stage sorted by it with client, thus Realize order-preserving cryptographic security IND-FAPOCPA (indistinguishability under most strong so far Frequency-analyzing partial ordered chosen-plaintext attack), i.e. frequency analysis lower part Order-preserving chosen -plain attact undistinguishable.Server interacts whether sequence needs client certificate in the text with client in POPE Do not indicate, if it needs certification, it is with forward security, but for the consideration of most application scenarios in reality, The certification of a large amount of interaction phase sortings can substantially reduce efficiency, reduce ease for use, do not meet scene demand.It is therefore believed that Its algorithm interacts certification during sequence without server with client, therefore does not have forward security.So the present invention is First can construct forward secrecy and take off the encrypted frame algorithm of sequence.
The content of the invention
It is an object of the invention to provide a kind of sequence encryption frame algorithm is taken off with forward security.
The present invention is provided takes off sequence encryption frame algorithm with forward security, is by original order-preserving encryption, takes off sequence encryption It is compiled as forward secrecy and takes off the encrypted frame algorithm of sequence.Wherein, original order-preserving encryption or take off sequence and be encrypted as algorithm element group representation and be Γ=(ORESetup,OREEncrypt,ORECompare), wherein three elements are initialization algorithm (ORE respectivelySetup), Encryption Algorithm (OREEncrypt) and comparison algorithm (ORECompare);Compile form forward secrecy take off sequence encryption frame algorithm element group representation be
If e is intermediate ciphertext (encrypting or take off the encryption of sequence Encryption Algorithm by original order-preserving);S is Sorting space, It may refer to tables of data in relevant database, data file may refer in non-relational database;λ is security parameter;Trapdoor The private key and public key of displacement are (sk, pk);Algorithm master key is k0;Sequencing token figure OT is included most for different Sorting space s Last sequencing token OTi(counted with current pointer/counter i from 0);m∈{0,1}*For be-encrypted data;C is ciphertext;Add is behaviour Make a check mark;σ encrypts or takes off sequence Encryption Algorithm remaining parameter for original order-preserving;WithTo need the ciphertext that compares, wherein p and Q is respectively position indicator pointer (i.e. sequence number) in its database.Π and Π-1Respectively positive and reverse trapdoor permutation function;Trapdoor is put The key-function changed is KeyGen (1λ);H is keyed hash function;PRF is pseudo-random function.
The sequence of taking off proposed by the present invention for compiling the forward secrecy formed encrypts frame algorithm, and three elements therein are specifically retouched State as follows:
Setup(1λ) startup/initialization algorithm:Security parameter λ according to input is proceeded as follows:
I, initialization sequencing token figure OT;
II, (sk, pk) ← KeyGen (1λ), by the private key and public affairs of trapdoor displacement key-function generation trapdoor displacement Key;
III,Randomly select the master key that the 0-1 that length is security parameter goes here and there as whole algorithm.
Encrypt (add, σ, m, s) Encryption Algorithm:Sequence encryption is encrypted or taken off to operation mark, original order-preserving according to input Remaining parameter, plaintext and Sorting space, proceed as follows:
I,Client is using the pseudo-random function of master key calculation Sorting space as a result, acquisition pair Answer the key of Sorting space;
II, (OTi, i) and ← OT [s], current most end sequencing token and current pointer/counter are obtained by sequencing token figure;
III, if (OTi, i) and it is sky, i=-1 is made, and randomly select one from sequencing token space to become OTi+1;If not Sky, calculatesNewest sequencing token is calculated according to trapdoor displacement private key and most end sequencing token;
IV, OT [s] ← (OTi+1, i+1), newest sequencing token and pointer/counter are inserted into sequencing token figure;
V,Key, most according to Sorting space New sequencing token, operation mark, original order-preserving encryption take off sequence and encrypt remaining parameter and plaintext, encrypted by original order-preserving or The encrypted Encryption Algorithm of sequence and keyed hash function are taken off, exclusive or, which calculates, obtains ciphertext.
VI, by ciphertext ci+1And send to server, it is stored in encrypting database.
Comparison algorithm:According to original order-preserving encrypt or take off sequence encrypt remaining parameter, Sequence number is respectively the two comparison ciphertexts and Sorting space s in Sorting space s of p and q, is proceeded as follows:
I,Client is using the pseudo-random function of master key calculation Sorting space as a result, acquisition pair Answer the key of Sorting space;
II, (OTi, i) and ← OT [s], current most end sequencing token and current pointer/counter are obtained by sequencing token figure;
III, if (OTi, i) and it is sky, then it represents that and no data in Sorting space s, returns to empty set;If not empty, most end is sorted Token, token pointer/counter, Sorting space key and original order-preserving encrypt or take off remaining encrypted parameter of sequence and send to service Device;
IV,According to two A ciphertext, Sorting space key, trapdoor displacement public key, the sequencing token of most end, are replaced, keyed hash function by positive trapdoor With exclusive or algorithm, the corresponding intermediate ciphertext of two ciphertexts is calculated in server, i.e., original order-preserving is encrypted or taken off sequence encryption and calculates The ciphertext of method encryption;
V,Server is added by performing original order-preserving and encrypting or take off sequence Close comparison algorithm obtains the order of two intermediate ciphertexts as a result, final according to result returned data collection to client.
In order to further ensure the security of the above method and practicality, delete and calculate the invention also provides two kinds of data Method, is described in detail below:
The first deletion algorithm, is according to above-mentioned compiler framework algorithm, constructs mutually isostructural " deletion database ".Data Need whether extra check has been deleted during deletion, be also required to whether extra check has been deleted when data order compares, i.e., whether It is present in " deletion database ".This method equally ensures and realizes to take off the encrypted backward security of sequence, and first can be with Compiling generation meets that backward security takes off the encrypted frame of sequence.
Second of deletion algorithm, is to need to carry out some changes to above-mentioned compiler framework algorithm:Data insertion is carried out every time When, plaintext sequence number is together inserted into, to be shown to be the insertion of which time data.So data are deleted in normal tables of data After division operation, it still can know to need to carry out positive trapdoor displacement several times by sequence number difference, to obtain correctly corresponding row Sequence token, to make Hash obtain correct noise data, and obtains correct order comparative result after elimination.
For above-mentioned compiler framework algorithm, server end storage complexity encrypts or takes off sequence encryption relative to original order-preserving not It can increase, the increase of client storage complexityWherein | S | it is the number of Sorting space Amount,It is the size in sequencing token space, | Cs| it is the quantity of each Sorting space ciphertext.For some special screnes, drop Low client storage complexity, the present invention also propose following two schemes, above-mentioned compiler framework algorithm are improved:
ⅰ:For above-mentioned the 3rd step of Encryption Algorithm and the 4th step, if OT [s] is sky, by OT0Selection mode from sequence by making Board space randomly selects, and is changed toSequencing token figure also only stores pointer/counter, i.e. OT [s] every time ← (i+1), client's storage complexity can be so reduced to O (| S | log | Cs|).Under this approach, it is if choosing RSA Trapdoor replacement algorithm, calculates OT every timeiWhen time complexity it is still very low:(if n, r) and (u, v, w) is respectively what trapdoor was replaced Private key and public key,Following algorithm simple computation can be passed through:
Wherein, mod is modulo operation.
ⅱ:Based on the above method, we can be in each OTiBefore calculating, the statistical counting operation of data is encrypted, The data bulk of different Sorting spaces can so be obtained, it is ensured that client storage complexity incrementss are nothing, but such a Method is not suitable for second of deletion algorithm.
Inventor emphasizes that this compiler framework algorithm is suitable for the order-preserving encryption of all non-sorting tree structure storages or takes off sequence Encryption.Because the storage organization of sorting tree can be between direct display data order, operated with " the exclusive or noise " in the present invention It is inconsistent, it can not realize forward secrecy property.But due to tree structure storage order-preserving encryption and take off sequence encryption application range compared with Difference, current rare practical value, is mostly academic safe value, therefore relevance grade of the present invention and practical degree are wider.
The present invention gives it is a kind of by original order-preserving encryption, take off sequence encryption be compiled as forward secrecy take off sequence encryption frame calculate Method.The order-preserving in various non-tree structure storages can be used to encrypt and take off sequence encryption for the compiler framework algorithm.What compiling produced takes off Sequence is encrypted under the premise of the security for having ensured original algorithm, additionally with the addition of forward secrecy property, can perfectly resist text Part injection attacks, suitable for most Electronic Data Systems, especially having ensured has third party's data sharing and data exchange The electronic system of equipment.Especially, for security guarantee and expansion, two kinds of data deletion algorithms are further included;And it is directed to client The system for holding storage condition limitation, further includes two kinds of Optimized Measures, to adjust basic compiler framework algorithm meet demand.
Embodiment
Below with user end to server data base encryption, transmit and compare integer data " 123456 " and " 123457 " are Example, describes algorithm embodiment in detail.
In view of in practical application, key hashing and pseudo-random function and trapdoor permutation function have many schemes can It is exemplary using calculations of the HMAC-SHA256 as pseudo-random function and keyed hash function in statement later to use Method, using RSA as trapdoor replacement algorithm, order-preserving encryption of the sequence encryption using Boldyreva in 2009 is encrypted/taken off in original order-preserving Algorithm (Alexandra Boldyreva, Nathan Chenette, Younho Lee, and AdamO ' Neill.Order- preserving symmetric encryption.InEUROCRYPT 2009,pages 224–241,2009.).Data with 16 systems represent that security parameter λ takes 128, and RSA Algorithm is used as key length using 2048.And set two data and be stored in ten Senary is expressed as the same Sorting space of ABCDEF.
First, the algorithm initialization stage
1. sequencing token figure initializes, no related data
2. calling trapdoor displacement key schedule (RSA Algorithm is used in this example), modulus length (i.e. key length) is 2048, if r is 10001, generation public key is to (n, r) (8C9A4D654BEE959FD862E311DF75AB5C58ACDCD86ACC74BFEED8CD952853039D10F6AADFD0D6 D7D8DF6F11E4A6E7827288ECA051D0392C07B63759CF101DFF19B3D877466B92BD80D5BE35441 3138FCBBA0618DA1C7E2F085F0896CE783F3843EF3A1438E776201854E6943C08F106B08D6C7A 6B2DB97019B12769E7F329D9E8726AD0C0FAEF243F038120BE1A451D9A6717AAB4D90EC9070C7 9B42E91438D96E231F0C71A9A0B4D8455710EE1A1E15AFDBCF2B7DA94E2DAD1E1FB0CCF303D79 F4E00D702BD14E7F1BE01DCFCC08449D109D9C28E8D61BADD83FFAAB4ED97B3C701413CB59D8E 1FB483E3EAD07840A899CCF884D1A66600CBD7C681D80F5B3D9,10001), private key is to (u, v, w):
(FAA6BFFAFC7D0C6EF46EF324CC513D28650005C1E195AACA34E4F350E73A826E2E567D672CA6 7A0484C5AA2F223347CF495542E5DFAF27E5F75F52589FDB58B2EAEEAE6F3EEF9D73E14268A2C 012BEBD814E5C7ECBE406F5D43CA7242AF6C4D8C4E629C94A4ECDF3A35D0835BFE7F729A4642E 45BD2D9E3261F3C76CA1822215,
8F9A61E431B18E2ED73390A6644F66F030B8E66C56DFA48C41712276731138DD9759C51BC90D9 59123A094428AEC33ACB82C18E88C3B0B0490121F9FCA7E1FC5C6203B0BE3A8F2EDDC54406598 A60ACF3464C9FB50D374919836B1AC95833EB0B5679C6D967BFC7999C66EC9A67546903BD8D05 BBA9F366BF254B054EC1AEFB5,
833F263000895DB230535E93387CA6D1351567B1BD3FCD5BBCA134869F759E51E79BDA35C2C44 A086FC94672A23A495290EE11594D7D90D4420BB911C881B7B74E622A34DA05C84F9336529291 1C19869AC7463B938D566A020C0A7A0155423867FF5711273EE506D179CBB59EC31EF37F905B5 5E100D0DBAABA97E9A4DAD444EF42B9B49D64BD14790A9C874401FC4A6A1E7ECB3CEF06E107C5 87FFE117C47DC8C664DDC773C75D01386F8EBF8D597AA5091AFE1C07C8E40D18AF5D12244911B D3464D43F1F709809839836F634A333C92A43603FB9F6D4E69BC61A35FC77C7DE1496269A39C5 531A9A8CFA4F0BE0F3A99B4057AF189547237D10494506DF81)。
3. set random generation master key k0, length is that the 0-1 of security parameter goes here and there 10000010011011111011011110010100111111111001001001010000000100110010100101010 010010010000100010000101010101010011111010101111011,16 system is expressed as 826FB794FF925013295248442AA9F57B。
2nd, decimal integer data " 123456 " encrypting stage:
1. obtain the Sorting space of Sorting space ABCDEF as pseudo-random function using HMAC-SHA256 by the use of master key Key:
0FBA9F7E9D84C2E9E3EA266E87FD6195416CAB51A452BE06E92D1CC3481843D1。
2. the most end sequencing token and pointer/counter of Sorting space ABCDEF is obtained from sequencing token figure, because still There is not data deposit, the most end sequencing token and pointer/counter of Sorting space ABCDEF are sky.
3. randomly select sequencing token from sequencing token space:
F5DC4CA4F82691F885EFE921FF6A9E805D86A76A1533CA9830492009DA6F12F153176F39CBBC9 1D954E7637D801703EF288E689137A33B4ED67A66D0426C5A2592CBAF45B35D1C17FEB62F56F1 C2F94D0170087A31A96DA13CC9030F5F884252DAAB8188FD57A88D7368AA6368E7908CBA51362 8E617589194D841C229C7C7B227C5574FC79A0EA3A04C7799CAB78642B250DB7BD70F262FEB81 DADC4DE3F13B521905BC4838E67322B53B3048281ABA77503E9B33793E4D67D7ED456BEBD32B1 1775B7B54EC30260761BFE87964272080B8193F56270EE82DC010FCB19F4D822CDD4CADA784A0 93F0156380ED133F981C91815907A1A6D6BFB9BFDA28E001, and itself and pointer/counter 0 are inserted into sequence At correspondence Sorting space in token map.
4. setting by the encrypted integer data of primal algorithm " 123456 ", corresponding ciphertext is 0001E27BF057FF96, is led to Cross HMAC-SHA256 and seek sequencing token cryptographic Hash, key is Sorting space key, and cryptographic Hash result is:
597971622E7F416EF17CBCC6AC6452CEB747EEF095BB9B598A5563B4 4B66D7AF, take end 16 are calculated final ciphertext 8A5481CFBB312839 with intermediate ciphertext step-by-step exclusive or, and deposit toward server-side database. Wherein institute's fetch bit number is definite consistent based on encrypting/taking off the encrypted ciphertext length of sequence with original order-preserving.After completing xor operation Final ciphertext has forward secrecy property, can not encrypt/take off by original order-preserving the encrypted comparison algorithm of sequence obtain it is correctly suitable Sequence result.
3rd, decimal integer data " 123457 " encrypting stage:
1. obtain the Sorting space of Sorting space ABCDEF as pseudo-random function using HMAC-SHA256 by the use of master key Key:
0FBA9F7E9D84C2E9E3EA266E87FD6195416CAB51A452BE06E92D1CC3481843D1。
2. the most end sequencing token and pointer/counter of Sorting space ABCDEF is obtained from sequencing token figure.
3. calculate next sequencing token using positive trapdoor displacement, according to most end sequencing token and private key try to achieve for:
5980B0529598C2B95EB49559ADAACE25FD634CA667AF5ECE99E81AAE4480F5A13F26FCBB2EE2C E256D724E78EA86ECE2874F5C9DB6D6F01B5BF91FC4E05B30F78A3B307C388487B777DB3F946A 832C00131D239154158E4903C59DF3891E7DD0084E4D8A0B142FE8549CD48E2983F4DD7305EAC 5752E53050B906BBF1445A03E814BDA2F65BF6200EF5A59E67ABAAB0B28E4E73215FC15643DFC B7280FEBA0A126736DA617606762E3DF20A3EF70DC4B14FACB4AB0C5FD49AE8B2732BD1762441 1F33A1E8E443D7B5EAF8E9ED75AF9E7395D4777AAF529858F6B22AD3E37B48AC27943FA9F3EBF 2086D9D55657A819B1B1510C8C30ABB99379641CBCD99FCD11, and by its knot with pointer/counter+1 Fruit is inserted at the correspondence Sorting space in sequencing token figure.
4. setting by the encrypted integer data of primal algorithm " 123457 ", corresponding ciphertext is 0001E27BFBF5008C, is led to Cross HMAC-SHA256 and seek sequencing token cryptographic Hash, key is Sorting space key, and cryptographic Hash result is:
FE9226338791AAC85BD3006CF90A3CDB6D17816612DE586DABFE5BD9 0C2AD4AD, take end 16 are calculated final ciphertext ABFFB9A2F7DFD421 with intermediate ciphertext step-by-step exclusive or, and deposit toward server-side database.
4th, gained ciphertext data " 8A5481CFBB312839 " and ciphertext data " ABFFB9A2F7DFD421 " compare above Stage:
1. client obtains the row of Sorting space ABCDEF by the use of master key using HMAC-SHA256 as pseudo-random function Ordered spaces key:
0FBA9F7E9D84C2E9E3EA266E87FD6195416CAB51A452BE06E92D1CC3481843D1。
2. client obtains the most end sequencing token and pointer/counter of Sorting space ABCDEF from sequencing token figure. Because being stored in the ciphertext data of server, sequencing token is not sky, by most end sequencing token and pointer/counter, sequence The Sorting space key of space ABCDEF, the parameter of and original sort algorithm/take off sequence algorithm comparison function needs are sent to clothes Business device.
3. correspondence is inversely calculated using trapdoor displacement public key, most end sequencing token and pointer/counter in server end Sequencing token (as mentioned before), by HMAC-SHA256 ask its correspond to sequencing token cryptographic Hash, key for Sorting space it is close Key, cryptographic Hash result are respectively:
597971622E7F416EF17CBCC6AC6452CEB747EEF095BB9B598A5563B4 4B66D7AF,
FE9226338791AAC85BD3006CF90A3CDB6D17816612DE586DABFE5BD90C2AD4AD。
4. by 16 after cryptographic Hash with corresponding server ciphertext carry out exclusive or be calculated original order-preserving encrypt/take off sequence Encrypted ciphertext, i.e. 0001E27BF057FF96,0001E27BFBF5008C.Sequence encryption can be encrypted/taken off by original order-preserving Comparison algorithm obtain comparative result, according to ranking results and query statement, data result collection is returned into client.

Claims (3)

1. a kind of take off sequence encryption frame algorithm with forward security, it is characterised in that is by original order-preserving encryption, takes off sequence and add The close forward secrecy that is compiled as takes off the encrypted frame algorithm of sequence;Wherein, original order-preserving, which encrypts or takes off sequence, is encrypted as algorithm element group representation For Γ=(OREsetup,OREEncrypt,ORECompare), wherein three elements are ORE respectivelySetupInitialization algorithm, OREEncrypt Encryption Algorithm, ORECompareComparison algorithm;The sequence encryption frame algorithm element group representation of taking off for compiling the forward secrecy formed is Γfp= (Setup,Encrypt,Compare);
If e is intermediate ciphertext, the encryption of sequence Encryption Algorithm is encrypted or taken off by original order-preserving;S is Sorting space, in relationship type Database middle finger codes or data table, refers to codes or data file in non-relational database;λ is security parameter;The private key of trapdoor displacement It is (sk, pk) with public key;Algorithm master key is k0;Sequencing token figure OT includes most end sequencing token for different Sorting space s OTiCounted with current pointer/counter i, i from 0;m∈{0,1}*For be-encrypted data;C is ciphertext;Add is operation mark;σ is Sequence Encryption Algorithm remaining parameter is taken off in original order-preserving encryption;WithTo need the ciphertext compared, wherein p and q are respectively its number According to position indicator pointer in storehouse, i.e. sequence number;Π and Π-1Respectively positive and reverse trapdoor permutation function;The key generation of trapdoor displacement Function is KeyGen (1λ);H is keyed hash function;PRF is pseudo-random function;
Wherein, three elements are described in detail below:
Setup(1λ), startup/initialization algorithm:Security parameter λ according to input is proceeded as follows:
I, initialization sequencing token figure OT;
II, (sk, pk) ← KeyGen (1λ), by the private key and public key of trapdoor displacement key-function generation trapdoor displacement;
III,Randomly select the master key that the 0-1 that length is security parameter goes here and there as whole algorithm;
Encrypt (add, σ, m, s), Encryption Algorithm:Operation mark, original order-preserving according to input, which encrypt or take off sequence, encrypts remaining Parameter, plaintext and Sorting space, proceed as follows:
I,Client is using the pseudo-random function of master key calculation Sorting space as a result, obtaining corresponding row The key of ordered spaces;
II, (OTi, i) and ← OT [s], current most end sequencing token and current pointer/counter are obtained by sequencing token figure;
III, if (OTi, i) and it is sky, i=-1 is made, and randomly select one from sequencing token space to become OTi+1;If not empty, count CalculateNewest sequencing token is calculated according to trapdoor displacement private key and most end sequencing token;
IV, OT [s] ← (OTi+1, i+1), newest sequencing token and pointer/counter are inserted into sequencing token figure;
V,Key, newest row according to Sorting space Sequence token, operation mark, original order-preserving, which encrypt or take off sequence, encrypts remaining parameter and plaintext, encrypts or takes off sequence by original order-preserving and add Close Encryption Algorithm and keyed hash function, exclusive or, which calculates, obtains ciphertext;
VI, by ciphertext ci+1And send to server, it is stored in encrypting database;
Comparison algorithm:Encrypt according to original order-preserving or take off sequence and encrypt remaining parameter, sequence number The two comparison ciphertexts and Sorting space s in Sorting space s of respectively p and q, proceed as follows:
I,Client is using the pseudo-random function of master key calculation Sorting space as a result, obtaining corresponding row The key of ordered spaces;
II, (OTi, i) and ← OT [s], current most end sequencing token and current pointer/counter are obtained by sequencing token figure;
III, if (OTi, i) and it is sky, then it represents that and no data in Sorting space s, returns to empty set;If not empty, by most end sequencing token, Token pointer/counter, Sorting space key and original order-preserving encrypt or take off remaining encrypted parameter of sequence and send to server;
IV,It is close according to two Text, Sorting space key, trapdoor displacement public key, the sequencing token of most end, are replaced, keyed hash function and different by positive trapdoor Or the corresponding intermediate ciphertext of two ciphertexts is calculated in algorithm, server, i.e., original order-preserving, which encrypts or takes off sequence Encryption Algorithm, to be added Close and next ciphertext;
V,Server is compared by performing original order-preserving and encrypting or take off sequence and encrypt Algorithm obtains the order of two intermediate ciphertexts as a result, final according to result returned data collection to client.
2. according to claim 1 take off sequence encryption frame algorithm with forward security, it is characterised in that further includes two Kind data deletion algorithm, is described in detail below:
The first deletion algorithm, is according to above-mentioned compiler framework algorithm, constructs mutually isostructural " deletion database ";Data are deleted When need whether extra check has been deleted, be also required to whether extra check has been deleted when data order compares, that is, whether there is In " deletion database ";
Second of deletion algorithm, is to carry out some changes to above-mentioned compiler framework algorithm:, will in plain text when carrying out data insertion every time Sequence number is together inserted into, to be shown to be the insertion of which time data;So in normal tables of data after data delete operation, Still it can know to need to carry out positive trapdoor displacement several times by sequence number difference, to obtain correctly corresponding sequencing token, with Just Hash is obtained correct noise data, and correct order comparative result is obtained after elimination.
3. it is according to claim 1 with forward security take off sequence encryption frame algorithm, it is characterised in that further include with Lower two schemes, are improved above-mentioned compiler framework algorithm, so as to complicated in some special screnes, reduction client storage Degree:
ⅰ:For above-mentioned the 3rd step of Encryption Algorithm and the 4th step, if OT [s] is sky, by OT0Selection mode is by from sequencing token space Randomly select, be changed toSequencing token figure also only stores pointer/counter, i.e. OT [s] ← (i+ every time 1), so by client's storage complexity be reduced to O (| S | log | Cs|), wherein | S | it is the quantity of Sorting space, | Cs| it is each The quantity of Sorting space ciphertext;Under this approach, if selection RSA is trapdoor replacement algorithm, OT is calculated every timeiWhen the time it is complicated Degree is still very low:If (n, r) and (u, v, w) is respectively the private key and public key of trapdoor displacement,By with Lower algorithm calculates:
<mrow> <mi>f</mi> <mo>=</mo> <msup> <mi>w</mi> <mi>i</mi> </msup> <mi>mod</mi> <mrow> <mo>(</mo> <mi>u</mi> <mo>-</mo> <mn>1</mn> <mo>)</mo> </mrow> <mrow> <mo>(</mo> <mi>v</mi> <mo>-</mo> <mn>1</mn> <mo>)</mo> </mrow> <mo>,</mo> <msub> <mi>OT</mi> <mi>i</mi> </msub> <mo>=</mo> <msubsup> <mi>OT</mi> <mn>0</mn> <mi>f</mi> </msubsup> <mi>mod</mi> <mi> </mi> <mi>n</mi> <mo>,</mo> </mrow>
Wherein, mod is modulo operation;
ⅱ:Based on the above method, in each OTiBefore calculating, the statistical counting operation of data is encrypted, to obtain different rows The data bulk of ordered spaces, ensures that client storage complexity incrementss are nothing.
CN201711345342.7A 2017-12-15 2017-12-15 De-ordering encryption framework algorithm with forward security Expired - Fee Related CN108039944B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201711345342.7A CN108039944B (en) 2017-12-15 2017-12-15 De-ordering encryption framework algorithm with forward security

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201711345342.7A CN108039944B (en) 2017-12-15 2017-12-15 De-ordering encryption framework algorithm with forward security

Publications (2)

Publication Number Publication Date
CN108039944A true CN108039944A (en) 2018-05-15
CN108039944B CN108039944B (en) 2020-09-01

Family

ID=62103064

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201711345342.7A Expired - Fee Related CN108039944B (en) 2017-12-15 2017-12-15 De-ordering encryption framework algorithm with forward security

Country Status (1)

Country Link
CN (1) CN108039944B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768639A (en) * 2018-06-06 2018-11-06 电子科技大学 A kind of public key order-preserving encipherment scheme
CN113254971A (en) * 2021-06-09 2021-08-13 中国电子科技集团公司第三十研究所 Multi-data type ciphertext comparison method based on de-scrambling encryption

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102843372A (en) * 2012-08-28 2012-12-26 西安交通大学 Order-preserving encryption method based on random interval partition
US20150270958A1 (en) * 2014-03-18 2015-09-24 Electronics And Telecommunications Research Institute Decryptable index generation method for range search, search method, and decryption method
CN105592100A (en) * 2016-01-26 2016-05-18 西安电子科技大学 Government services cloud access control method based on attribute encryption
US20170046526A1 (en) * 2015-08-13 2017-02-16 TD Bank Group System and Method for Implementing Hybrid Public-Private Block-Chain Ledgers
CN106850652A (en) * 2017-02-21 2017-06-13 重庆邮电大学 One kind arbitration can search for encryption method

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102843372A (en) * 2012-08-28 2012-12-26 西安交通大学 Order-preserving encryption method based on random interval partition
US20150270958A1 (en) * 2014-03-18 2015-09-24 Electronics And Telecommunications Research Institute Decryptable index generation method for range search, search method, and decryption method
US20170046526A1 (en) * 2015-08-13 2017-02-16 TD Bank Group System and Method for Implementing Hybrid Public-Private Block-Chain Ledgers
CN105592100A (en) * 2016-01-26 2016-05-18 西安电子科技大学 Government services cloud access control method based on attribute encryption
CN106850652A (en) * 2017-02-21 2017-06-13 重庆邮电大学 One kind arbitration can search for encryption method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
DANIEL S.ROCHE: "POPE:Partial Order Preserving Encoding", 《ACM》 *
沈楠: "基于保序加密的网格化位置隐私保护方案", 《通信学报》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108768639A (en) * 2018-06-06 2018-11-06 电子科技大学 A kind of public key order-preserving encipherment scheme
CN108768639B (en) * 2018-06-06 2021-07-06 电子科技大学 Public key order-preserving encryption method
CN113254971A (en) * 2021-06-09 2021-08-13 中国电子科技集团公司第三十研究所 Multi-data type ciphertext comparison method based on de-scrambling encryption

Also Published As

Publication number Publication date
CN108039944B (en) 2020-09-01

Similar Documents

Publication Publication Date Title
Pinkas et al. Phasing: Private set intersection using permutation-based hashing
Joux Algorithmic cryptanalysis
Bogdanov et al. Pseudorandom functions: Three decades later
US5608801A (en) Efficient cryptographic hash functions and methods for amplifying the security of hash functions and pseudo-random functions
Azam et al. An Injective S‐Box Design Scheme over an Ordered Isomorphic Elliptic Curve and Its Characterization
Kanso et al. A fast and efficient chaos-based keyed hash function
CN104270247B (en) Suitable for the efficient general Hash functions authentication method of quantum cryptography system
WO1997018652A9 (en) Efficient cryptographic hash functions and methods for amplifying the security of hash functions and pseudo-random functions
JP2018504827A (en) Cryptographic key generation from physically non-replicatable functions
Chang et al. Short redactable signatures using random trees
Hong et al. A new dedicated 256-bit hash function: FORK-256
Kaidalov et al. A method for security estimation of the SPN-based block cipher against related-key attacks
Zhou et al. Continuous leakage-resilient identity-based encryption with tight security
CN108039944A (en) Sequence encryption frame algorithm is taken off with forward security
Agrawal et al. Explicit non-malleable codes resistant to permutations
Stallings Digital signature algorithms
CN113268762A (en) Unconditional security authentication method based on LFSR hash
CN109495446A (en) Order-preserving Encryption Algorithm based on balanced sorting tree storage organization
Barbero et al. Modifications of the Rao-Nam cryptosystem
Lim et al. A short redactable signature scheme using pairing
Qu et al. More efficient tightly-secure lattice-based IBE with equality test
Wang et al. Lattice-based strong designate verifier signature and its applications
Johansson A shift register construction of unconditionally secure authentication codes
Ghasemi et al. Efficient multisecret sharing scheme using new proposed computational security model
Ma et al. A CP‐ABE Scheme Supporting Arithmetic Span Programs

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20200901

CF01 Termination of patent right due to non-payment of annual fee