CN114745160B - Double-server multi-user searchable encryption method and device for resisting keyword guessing attack - Google Patents
Double-server multi-user searchable encryption method and device for resisting keyword guessing attack Download PDFInfo
- Publication number
- CN114745160B CN114745160B CN202210284356.7A CN202210284356A CN114745160B CN 114745160 B CN114745160 B CN 114745160B CN 202210284356 A CN202210284356 A CN 202210284356A CN 114745160 B CN114745160 B CN 114745160B
- Authority
- CN
- China
- Prior art keywords
- user
- server
- data
- public
- storage server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 59
- 238000013475 authorization Methods 0.000 claims abstract description 94
- 125000004122 cyclic group Chemical group 0.000 claims description 20
- 230000005540 biological transmission Effects 0.000 claims description 14
- 238000004364 calculation method Methods 0.000 claims description 3
- 238000013507 mapping Methods 0.000 claims description 3
- 238000010845 search algorithm Methods 0.000 claims description 3
- 230000009977 dual effect Effects 0.000 claims description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000008569 process Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/10—Protocols in which an application is distributed across nodes in the network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a double-server multiuser searchable encryption method and device for resisting keyword guessing attack, and relates to the technical field of information security; after the data owner determines the keywords, encrypting the data, generating an encryption index, and storing the encryption index in a storage server; after the user purchases the data, the data owner generates authorization information and sends the authorization information to the storage server and the front-end server; the user generates a user search trapdoor and sends the user search trapdoor to the front-end server for inquiry, and the front-end server generates a server search trapdoor and sends the server search trapdoor to the storage server; and the storage server performs searching after receiving and interacts with the user. According to the invention, a user does not need to interact with the data owner after buying the data from the data owner through a secure channel and a trusted third party, so that the burden of the data owner is reduced; the double servers are used for storing and searching the encrypted data, and inverted indexes are adopted, so that the complexity of searching time is reduced, the searching efficiency is improved, and the keyword guessing attack is effectively resisted.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a double-server multi-user searchable encryption method and device for resisting keyword guessing attack.
Background
The cloud storage system can upload private data of the user to the remote cloud server, and the cost is far lower than that of a traditional local storage scheme. In recent years, more and more users select cloud storage services such as Onedrive, hundred degree cloud, ali cloud and the like of microsoft to store and manage own private data. However, honest but curious cloud storage servers always let users worry about their data privacy issues. To address data privacy concerns, uploading encrypted data is considered a secure solution. For example, AES symmetric encryption schemes may protect the privacy of data from being stolen by the spy of the cloud server, but may also result in the user not being able to delegate keyword searches to the cloud storage server. Search encryption technology combines privacy protection with keyword searching has become a popular technology. For example, in the following scenario, a user purchases encrypted data stored on a remote cloud server from a small business. The service must delegate the server to allow users who purchase the data to access the encrypted data and to prohibit access by illegitimate users, referred to as a multi-user search scenario. The searchable encryption technology integrates privacy protection and search functions, and a user can search on encrypted data. In 2000, song et al put forward the concept of searchable encryption for the first time, and realized a set of searchable encryption schemes under a symmetric system that allowed the data owner to generate a search trapdoor of the corresponding keyword. Symmetric searchable encryption may search for encrypted data while protecting data and querying confidentiality. In particular, symmetric searchable encryption works by generating an encryption index that is outsourced to a server along with encrypted data. The user generates a search trapdoor by encrypting the keyword at the time of retrieval, and the server performs a search on the search trapdoor and the encryption index and returns the result to the user. In a multi-user searchable encryption scenario, a searcher needs to obtain trapdoors for searching and decrypting keys from a data owner through a secure channel, and with this secure channel, an efficient searchable symmetric encryption scheme can conveniently extend the multi-user search scenario. Or through a trusted third party, the trusted third party plays different roles in different schemes. The burden of the data owner is increased due to the need of a secure channel or a trusted third party system model; moreover, the access control and search functions are unsafe, the guessing attack of the keywords cannot be resisted, the related ciphertext information is obtained from the keywords, and the requirements of big data age cannot be met.
The prior art discloses a multi-keyword search supporting public key encryption method for resisting keyword guessing attack, which comprises the following steps: the data owner and the data receiver are registered in a trusted third party to become legal authorized users; the trusted third party operates a global parameter generation algorithm, outputs a global parameter set and sends the global parameter set to the cloud server, the authorized data owner and the authorized data receiver; the data owner receives the global parameter set and sends the encrypted document set and the keyword ciphertext to the cloud server; the data receiver receives the global parameter set, constructs a keyword trapdoor according to the query statement, and sends the keyword trapdoor to the cloud server; the cloud server receives the global parameter set, the encrypted ciphertext document, the keyword ciphertext and the keyword trapdoor, verifies through the operation test algorithm, and returns the ciphertext document meeting the conditions to the authorized data receiver. The method needs to rely on a trusted third party when data interaction is performed, and the burden of a data owner is large; the search function is unsafe and can not effectively resist the guessing attack of the keywords.
Disclosure of Invention
The invention provides a double-server multi-user searchable encryption method and device for resisting keyword guessing attacks, which overcome the defects that the existing searchable encryption method is low in safety and cannot resist keywords, and a safety channel and a trusted third party are not needed, so that the burden of a data owner is reduced; and the search efficiency is improved, and meanwhile, the keyword guessing attack can be effectively resisted.
In order to solve the technical problems, the technical scheme of the invention is as follows:
the invention provides a double-server multi-user searchable encryption method for resisting keyword guessing attack, which comprises the following steps:
s1: the dual-server multi-user system comprises a user, a data owner, a storage server and a front-end server; the system generates public parameters based on the input safety parameters and the keyword set space; generating a public and private key pair of the data owner, a public and private key pair of the user, a public and private key pair of the storage server and a public and private key pair of the front-end server respectively based on public parameters;
s2: the data owner determines the private part of the data according to the keyword set space, encrypts the data by utilizing the private key of the data owner, the public key of the storage server, the private part of the data and the corresponding keywords, and generates a data ciphertext and an encryption index thereof; the decryption key for decrypting the data ciphertext and the encryption index of the data ciphertext are sent to a storage server for storage;
s3: after a user purchases data from a data owner, the data owner generates authorization information and sends the authorization information to a storage server; the storage server receives the authorization information and then sends the authorization information to the front-end server;
s4: the user generates a user search trapdoor according to the user private key, the storage server public key, the front-end server public key and the corresponding keywords, and sends the user search trapdoor as a query request to the front-end server;
s5: after receiving the query request, the front-end server generates a server search trapdoor by utilizing the private key of the front-end server, the authorization information and the user search trapdoor, and sends the server search trapdoor to the storage server; after the transmission is finished, the current authorization information is updated;
s6: after receiving the search trapdoor of the server, the storage server searches the trapdoor by utilizing the private key of the storage server, the authorization information and the server, searches in the encryption index, and sends the data ciphertext and the decryption key corresponding to the encryption index to the user; after the transmission is finished, the current authorization information is updated;
s7: and the user decrypts the data ciphertext according to the received decryption key to obtain complete data.
The method comprises the steps of establishing a dual-server multi-user system, generating public parameters according to the safety parameters and keyword set space, and generating respective public and private key pairs by users, data owners, storage servers and front-end servers in a model based on the public parameters; after the data owner determines the keyword, encrypting data by using the private key of the data owner, generating an encryption index and sending the encryption index to a storage server; after the user purchases the data, the data owner generates authorization information according to the public key of the user, and sends the authorization information to the storage server, and the storage server sends the authorization information to the front-end server; a user initiates a query request, and a user private key is utilized to generate a user search trapdoor and send the user search trapdoor to a front-end server; after receiving the user search trapdoor, the front-end server generates a server search trapdoor by utilizing the private key of the front-end server and sends the server search trapdoor to the storage server; after receiving the search trapdoor of the server, the storage server interacts with the user; and the end user decrypts the data ciphertext according to the received decryption key to obtain complete data.
Preferably, in the step S1, the specific method for generating the public parameter by the system based on the input security parameter and the keyword set space is as follows:
system input-based security parameter 1 λ And keyword vocabulary spaceGenerating common parameters, noted as wherein ,/>Respectively representing a first, a second and a third multiplication cyclic groups, wherein the order numbers are q; d, d 1 ,g 2 Respectively representing first and second method cyclic group generator; e denotes bilinear mapping:H 1 ,H 2 ,H 3 representing a first, a second and a third hash function respectively,id represents the data identifier. />
Preferably, in the step S1, based on the public parameter, the specific method for respectively generating the public and private key pairs of the data owner, the user, the storage server and the front-end server, the public and private key pairs of the user, the public and private key pairs of the storage server and the public and private key pairs of the front-end server is as follows:
the data owner randomly selects the first parameterGenerating element g based on second-order cyclic group in common parameters 2 Generating a public and private key pair of a data owner> wherein ,PKo Representing data owner public key, SK o Representing a data owner private key;
user u i Randomly selecting the second parameterBased on a second method in common parametersCyclic group generator g 2 Generating a user public and private key pair +.> wherein ,PKi Representing the user public key, SK i Representing a user private key, wherein i is a positive integer;
the storage server randomly selects a third parameterGenerating element g based on first multiplicative cyclic group in common parameter 1 And a second-order cyclic group generator g 2 Generating a public and private key pair of a storage server> wherein ,PKSS Representing the storage server public key,/->Representing the first component of the storage server public key, < >>Representing a storage server public key second component, SK SS Representing a storage server private key;
the front-end server randomly selects the fourth parameterGenerating element g based on first multiplicative cyclic group in common parameter 1 Generating a front-end server public-private key pair +.> wherein ,PKFS Representing front-end server public key, SK FS Representing a front-end server private key;
Preferably, the step S2 specifically includes:
s2.1: data owners in keyword vocabulary spaceDetermining the keyword w, randomly selecting a fifth parameterPrivate part of the generated data->Pri is a variable list, and the initialization value is Pri= (p); pt [ w ]]A record representing a keyword w;
s2.2: the data owner randomly selects the encryption key sk for the data identifier id id ∈{0,1} λ Encrypting the data based on a symmetric encryption algorithm to obtain a data ciphertext;
s2.3: the data owner based on the IndexEnc algorithm, based on the data owner private key SK o Public key PK of storage server SS A data private part Pri, a keyword w, a data identifier id and an encryption key sk id Randomly selecting a sixth parameterVector L epsilon {0,1} logq Generates an encryption index c= [ C ] 1 ,C 2 ,C 3]; wherein ,C1 Representing the first component of the encryption index, C 2 Representing the second component of the encryption index, C 3 Representing an encryption index third component;
s2.4: will encrypt the key sk id As a decryption key, the data ciphertext and the encryption index C thereof are sent to a storage server for storage.
Preferably, the specific method of S2.3 is as follows:
Preferably, in the step S3, the specific method for generating the authorization information is as follows:
user u i After purchasing data from the data owner, the data owner obtains the user public key PK of the user i The method comprises the steps of carrying out a first treatment on the surface of the The data owner based on the data owner private key SK o User public key PK of the user i And private part Pri calculation authorization information in the formula ,AIo,i Representing a data owner to user u i Is provided with an authorization information of (a).
Preferably, in the step S4, the specific method for generating the user search trapdoor according to the user private key, the storage server public key, the front-end server public key and the corresponding keyword by the user is as follows:
based on TrapGen algorithm, user u i According to the private key SK of the user i Public key PK of storage server SS Front-end server public key PK FS And keyword w, and randomly selecting seventh and eighth parametersGenerating a user search trapdoor wherein ,Ti,w Representing user u i Search trapdoor for keyword w, +.>Representing the first component of the user search notch, +.>Representing the user searching for the trapdoor second component, +.>Representing the user searching for the third component of the trap,PK SS,1 representing the first component of the storage server public key, i.e.>
Preferably, in the step S5, after receiving the query request, the front-end server generates the server search trapdoor by using the private key of the front-end server, the authorization information and the user search trapdoor as follows:
based on the front trap algorithm, the front-end server generates a private key SK according to the front-end server FS Authorization information AI o,i And the user searches trapdoor T i,w Generating server search trapdoors wherein ,TFS,w Search trapdoor representing front-end server FS about keyword w ++>Representing a first search trap for a serverComponent (F)>Representing the server searching for the trapdoor second component, < >>
Preferably, in step S6, after receiving the server search trapdoor, the storage server searches the trapdoor by using the storage server private key, the authorization information and the server, searches in the encryption index, and sends the data ciphertext and the decryption key corresponding to the encryption index to the user in the specific method that:
s6.1: based on the Search algorithm, the storage server stores the private key SK according to the storage server SS Authorization information AI o,i And server search trapdoor T FS,w Calculating a first component of a keyword
S6.2: the storage server searches all the encryption indexes for the first component C of the encryption index 1 =l' corresponds to the encryption index c= [ C ] 1 ,C 2 ,C 3 ]The method comprises the steps of carrying out a first treatment on the surface of the If the search is not completed, stopping; otherwise, calculate the ninth parameterTenth parameter U 2 =C 3 U is set up 1 ,U 2 To user u i ;
S6.3: user u i Receiving U 1 ,U 2 After that, calculateSolving Pt [ w ]]Then sending the data to a storage server; />
S6.4: the storage server receives Pt [ w ]]After that, let L' =pt [ w]Data ciphertext corresponding to encryption index C and decryption key sk id To user u i 。
Preferably, in S5 and S6, the specific method for updating the current authorization information is as follows:
based on Revuser algorithm, the front-end server sends the server search trapdoor to the storage server, and then the user u is sent to the storage server i Corresponding authorization information AI o,i Deleting; after the data ciphertext and decryption key of the storage server are sent to the user, user u i Corresponding authorization information AI o,i And deleting.
The invention also provides a double-server multiuser searchable encryption device for resisting the keyword guessing attack, which is based on the searchable encryption method and comprises the following steps:
the public and private key pair generating module comprises a user, a data owner, a storage server and a front-end server; the system generates public parameters based on the input safety parameters and the keyword set space; generating a public and private key pair of the data owner, a public and private key pair of the user, a public and private key pair of the storage server and a public and private key pair of the front-end server respectively based on public parameters;
the encryption module is used for determining the private part of the data according to the keyword set space, and encrypting the data by utilizing the private key of the data owner, the public key of the storage server, the private part of the data and the corresponding keywords to generate a data ciphertext and an encryption index thereof; the decryption key for decrypting the data ciphertext and the encryption index of the data ciphertext are sent to a storage server for storage;
the authorization module generates authorization information after a user purchases data from a data owner, and sends the authorization information to the storage server; the storage server receives the authorization information and then sends the authorization information to the front-end server;
the first trapdoor module is used for generating a user search trapdoor according to the user private key, the storage server public key, the front-end server public key and the corresponding keywords by a user and sending the user search trapdoor to the front-end server as a query request;
the second trapdoor module is used for generating a server search trapdoor by utilizing the private key of the front end server, the authorization information and the user search trapdoor after the front end server receives the query request, and sending the server search trapdoor to the storage server; after the transmission is finished, the current authorization information is updated;
the storage server searches the trapdoor by utilizing the private key of the storage server, the authorization information and the server after receiving the search trapdoor of the server, searches in the encryption index, and sends the data ciphertext and the decryption key corresponding to the encryption index to the user; after the transmission is finished, the current authorization information is updated;
and the decryption module decrypts the data ciphertext according to the received decryption key to obtain complete data.
Compared with the prior art, the technical scheme of the invention has the beneficial effects that:
the method comprises the steps of establishing a dual-server multi-user system, generating public parameters according to the safety parameters and keyword set space, and generating respective public and private key pairs for users, data owners, storage servers and front-end servers; after the data owner determines the keyword, encrypting data by utilizing a private key of the data owner, generating an encryption index, and sending the encryption index to a storage server; after the user purchases the data, the data owner generates authorization information according to the public key of the user, and sends the authorization information to the storage server, and the storage server sends the authorization information to the front-end server; a user initiates a query request, and a user private key is utilized to generate a user search trapdoor and send the user search trapdoor to a front-end server; after the front-end server receives the data, the front-end server private key is utilized to generate a server search trapdoor, and the trapdoor is sent to a storage server; after receiving, the storage server interacts with the user; and the end user decrypts the data ciphertext according to the received decryption key to obtain complete data. According to the invention, a user does not need to interact with the data owner after buying the data from the data owner through a secure channel and a trusted third party, so that the burden of the data owner is reduced; the double servers are used for storing and searching the encrypted data, and inverted indexes are adopted, so that the complexity of searching time is reduced, the searching efficiency is improved, and meanwhile, the keyword guessing attack can be effectively resisted.
Drawings
Fig. 1 is a flowchart of a dual server multi-user searchable encryption method that is resistant to keyword guessing attacks according to embodiment 1.
Fig. 2 is a schematic structural diagram of a dual-server multi-user system in embodiment 1.
Fig. 3 is a flowchart for generating a data ciphertext and an encryption index thereof according to embodiment 3.
Detailed Description
The drawings are for illustrative purposes only and are not to be construed as limiting the present patent;
for the purpose of better illustrating the embodiments, certain elements of the drawings may be omitted, enlarged or reduced and do not represent the actual product dimensions;
it will be appreciated by those skilled in the art that certain well-known structures in the drawings and descriptions thereof may be omitted.
The technical scheme of the invention is further described below with reference to the accompanying drawings and examples.
Example 1
The embodiment provides a dual-server multi-user searchable encryption method for resisting keyword guessing attack, as shown in fig. 1, comprising the following steps:
s1: the dual-server multi-user system comprises a user, a data owner, a storage server and a front-end server; the system generates public parameters based on the input safety parameters and the keyword set space; generating a public and private key pair of the data owner, a public and private key pair of the user, a public and private key pair of the storage server and a public and private key pair of the front-end server respectively based on public parameters;
s2: the data owner determines the private part of the data according to the keyword set space, encrypts the data by utilizing the private key of the data owner, the public key of the storage server, the private part of the data and the corresponding keywords, and generates a data ciphertext and an encryption index thereof; the decryption key for decrypting the data ciphertext and the encryption index of the data ciphertext are sent to a storage server for storage;
s3: after a user purchases data from a data owner, the data owner generates authorization information and sends the authorization information to a storage server; the storage server receives the authorization information and then sends the authorization information to the front-end server;
s4: the user generates a user search trapdoor according to the user private key, the storage server public key, the front-end server public key and the corresponding keywords, and sends the user search trapdoor as a query request to the front-end server;
s5: after receiving the query request, the front-end server generates a server search trapdoor by utilizing the private key of the front-end server, the authorization information and the user search trapdoor, and sends the server search trapdoor to the storage server; after the transmission is finished, the current authorization information is updated;
s6: after receiving the search trapdoor of the server, the storage server searches the trapdoor by utilizing the private key of the storage server, the authorization information and the server, searches in the encryption index, and sends the data ciphertext and the decryption key corresponding to the encryption index to the user; after the transmission is finished, the current authorization information is updated;
s7: and the user decrypts the data ciphertext according to the received decryption key to obtain complete data.
In a specific implementation process, as shown in fig. 2, the embodiment establishes a dual-server multi-user system, generates public parameters according to the security parameters and the keyword set space, and generates respective public and private key pairs based on the public parameters by users, data owners, storage servers and front-end servers in the model; after the data owner determines the keyword, encrypting data by using the private key of the data owner, generating an encryption index and sending the encryption index to a storage server; after the user purchases the data, the data owner generates authorization information according to the public key of the user, and sends the authorization information to the storage server, and the storage server sends the authorization information to the front-end server; a user initiates a query request, and a user private key is utilized to generate a user search trapdoor and send the user search trapdoor to a front-end server; after receiving the user search trapdoor, the front-end server generates a server search trapdoor by utilizing the private key of the front-end server and sends the server search trapdoor to the storage server; after receiving the search trapdoor of the server, the storage server interacts with the user; and the end user decrypts the data ciphertext according to the received decryption key to obtain complete data. According to the invention, a user does not need to interact with the data owner after buying the data from the data owner through a secure channel and a trusted third party, so that the burden of the data owner is reduced; the double servers are used for storing and searching the encrypted data, and inverted indexes are adopted, so that the complexity of searching time is reduced, the searching efficiency is improved, and meanwhile, the keyword guessing attack can be effectively resisted.
Example 2
The embodiment provides a dual-server multi-user searchable encryption method for resisting keyword guessing attack, which comprises the following steps:
s1: the dual-server multi-user system comprises a user, a data owner, a storage server and a front-end server; the system generates public parameters based on the input safety parameters and the keyword set space; generating a public and private key pair of the data owner, a public and private key pair of the user, a public and private key pair of the storage server and a public and private key pair of the front-end server respectively based on public parameters; the method comprises the following steps:
system input-based security parameter 1 λ And keyword vocabulary spaceGenerating common parameters, noted as wherein ,/>Respectively representing a first, a second and a third multiplication cyclic groups, wherein the order numbers are q; g 1 ,g 2 Respectively representing first and second method cyclic group generator; e denotes bilinear mapping:H 1 ,H 2 ,H 3 representing a first, a second and a third hash function respectively,id represents a data identifier;
the data owner randomly selects the first parameterGenerating element g based on second-order cyclic group in common parameters 2 Generating a public and private key pair of a data owner> wherein ,PKo Representing data owner public key, SK o Representing a data owner private key;
user u i Randomly selecting the second parameterGenerating element g based on second-order cyclic group in common parameters 2 Generating a user public and private key pair +.> wherein ,PKi Representing the user public key, SK i Representing a user private key, wherein i is a positive integer;
the storage server randomly selects a third parameterGenerating element g based on first multiplicative cyclic group in common parameter 1 And a second-order cyclic group generator g 2 Generating a public and private key pair of a storage server> wherein ,PKSS Representing the storage server public key,/->Representing the first component of the storage server public key, < >>Representing a storage server public key second component, SK SS Representing a storage server private key;
the front-end server randomly selects the fourth parameterNumber of digitsGenerating element g based on first multiplicative cyclic group in common parameter 1 Generating a front-end server public-private key pair +.> wherein ,PKFS Representing front-end server public key, SK FS Representing a front-end server private key;
s2: the data owner determines the private part of the data according to the keyword set space, encrypts the data by utilizing the private key of the data owner, the public key of the storage server, the private part of the data and the corresponding keywords, and generates a data ciphertext and an encryption index thereof; the decryption key for decrypting the data ciphertext and the encryption index of the data ciphertext are sent to a storage server for storage; the method comprises the following steps:
s2.1: the data owner determines a keyword w in the keyword set space w, randomly selects a fifth parameterPrivate part of the generated data->Pri is a variable list, and the initialization value is Pri= (p); pt [ w ]]A record representing a keyword w;
s2.2: the data owner randomly selects the encryption key sk for the data identifier id id ∈{0,1} λ Encrypting the data based on a symmetric encryption algorithm to obtain a data ciphertext;
encrypting the data using a symmetric encryption method such as AES;
s2.3: the data owner based on the IndexEnc algorithm, based on the data owner private key SK o Store and holdStore server public key PK SS A data private part Pri, a keyword w, a data identifier id and an encryption key sk id Randomly selecting a sixth parameterVector L epsilon {0,1} logq Generates an encryption index c= [ C ] 1 ,C 2 ,C 3]; wherein ,C1 Representing the first component of the encryption index, C 2 Representing the second component of the encryption index, C 2 Representing an encryption index third component; the method comprises the following steps:
S2.4: will encrypt the key sk id As decryption key, sending the decryption key, the data ciphertext and the encryption index C thereof to a storage server for storage;
s3: after a user purchases data from a data owner, the data owner generates authorization information and sends the authorization information to a storage server; the storage server receives the authorization information and then sends the authorization information to the front-end server;
the specific method for generating the authorization information comprises the following steps:
user u i After purchasing data from the data owner, the data owner obtains the user public key PK of the user i The method comprises the steps of carrying out a first treatment on the surface of the The data owner based on the data owner private key SK o User public key PK of the user i And private part Pri calculation authorization information in the formula ,AIo,i Representing a data owner to user u i Is a key to the authentication;
s4: the user generates a user search trapdoor according to the user private key, the storage server public key, the front-end server public key and the corresponding keywords, and sends the user search trapdoor as a query request to the front-end server;
the specific method for generating the user search trapdoor comprises the following steps:
based on TrapGen algorithm, user u i According to the private key SK of the user i Public key PK of storage server SS Front-end server public key PK FS And keyword w, and randomly selecting seventh and eighth parametersGenerating a user search trapdoor wherein ,Ti,w Representing user u i Search trapdoor for keyword w, +.>Representing the first component of the user search notch, +.>Representing the user searching for the trapdoor second component, +.>Representing the user searching for the third component of the trap,PK SS,1 representing the first component of the storage server public key, i.e.>
S5: after receiving the query request, the front-end server generates a server search trapdoor by utilizing the private key of the front-end server, the authorization information and the user search trapdoor, and sends the server search trapdoor to the storage server; after the transmission is finished, the current authorization information is updated;
the specific method for generating the server search trapdoor comprises the following steps:
based on the front trap algorithm, the front-end server generates a private key SK according to the front-end server FS Authorization information AI o,i And the user searches trapdoor T i,w Generating server search trapdoors wherein ,TFS,w Search trapdoor representing front-end server FS about keyword w ++>Representing the first component of the server search trap, < >>Representing the server searching for the trapdoor second component, < >>
S6: after receiving the search trapdoor of the server, the storage server searches the trapdoor by utilizing the private key of the storage server, the authorization information and the server, searches in the encryption index, and sends the data ciphertext and the decryption key corresponding to the encryption index to the user; after the transmission is finished, the current authorization information is updated; the method comprises the following steps:
s6.1: based on the Search algorithm, the storage server stores the private key SK according to the storage server SS Authorization information AI o,i And server search trapdoor T FS,w Calculate key wordOne component of
S6.2: the storage server searches all the encryption indexes for the first component C of the encryption index 1 =l' corresponds to the encryption index c= [ C ] 1 ,C 2 ,C 3 ]The method comprises the steps of carrying out a first treatment on the surface of the If the search is not completed, stopping; otherwise, calculate the ninth parameterTenth parameter U 2 =C 3 U is set up 1 ,U 2 To user u i ;
S6.3: user u i Receiving U 1 ,U 2 After that, calculateSolving Pt [ w ]]Then sending the data to a storage server;
s6.4: the storage server receives Pt [ w ]]After that, let L' =pt [ w]Data ciphertext corresponding to encryption index C and decryption key sk id To user u i 。
S7: and the user decrypts the data ciphertext according to the received decryption key to obtain complete data.
In the S5 and S6, the specific method for updating the current authorization information is as follows:
based on Revuser algorithm, the front-end server sends the server search trapdoor to the storage server, and then the user u is sent to the storage server i Corresponding authorization information AI o,i Deleting; after the data ciphertext and decryption key of the storage server are sent to the user, user u i Corresponding authorization information AI o,i And deleting.
Example 3
The present embodiment provides a dual-server multi-user searchable encryption apparatus that resists a keyword guess attack, and based on the searchable encryption method described in embodiment 1 or 2, as shown in fig. 3, the apparatus includes:
the public and private key pair generating module comprises a user, a data owner, a storage server and a front-end server; the system generates public parameters based on the input safety parameters and the keyword set space; generating a public and private key pair of the data owner, a public and private key pair of the user, a public and private key pair of the storage server and a public and private key pair of the front-end server respectively based on public parameters;
the encryption module is used for determining the private part of the data according to the keyword set space, and encrypting the data by utilizing the private key of the data owner, the public key of the storage server, the private part of the data and the corresponding keywords to generate a data ciphertext and an encryption index thereof; the decryption key for decrypting the data ciphertext and the encryption index of the data ciphertext are sent to a storage server for storage;
the authorization module generates authorization information after a user purchases data from a data owner, and sends the authorization information to the storage server; the storage server receives the authorization information and then sends the authorization information to the front-end server;
the first trapdoor module is used for generating a user search trapdoor according to the user private key, the storage server public key, the front-end server public key and the corresponding keywords by a user and sending the user search trapdoor to the front-end server as a query request;
the second trapdoor module is used for generating a server search trapdoor by utilizing the private key of the front end server, the authorization information and the user search trapdoor after the front end server receives the query request, and sending the server search trapdoor to the storage server; after the transmission is finished, the current authorization information is updated;
the storage server searches the trapdoor by utilizing the private key of the storage server, the authorization information and the server after receiving the search trapdoor of the server, searches in the encryption index, and sends the data ciphertext and the decryption key corresponding to the encryption index to the user; after the transmission is finished, the current authorization information is updated;
and the decryption module decrypts the data ciphertext according to the received decryption key to obtain complete data.
The same or similar reference numerals correspond to the same or similar components;
the terms describing the positional relationship in the drawings are merely illustrative, and are not to be construed as limiting the present patent;
it is to be understood that the above examples of the present invention are provided by way of illustration only and not by way of limitation of the embodiments of the present invention. Other variations or modifications of the above teachings will be apparent to those of ordinary skill in the art. It is not necessary here nor is it exhaustive of all embodiments. Any modification, equivalent replacement, improvement, etc. which come within the spirit and principles of the invention are desired to be protected by the following claims.
Claims (10)
1. A double-server multi-user searchable encryption method for resisting keyword guessing attack is characterized by comprising the following steps:
s1: the dual-server multi-user system comprises a user, a data owner, a storage server and a front-end server; the system generates public parameters based on the input safety parameters and the keyword set space; generating a public and private key pair of the data owner, a public and private key pair of the user, a public and private key pair of the storage server and a public and private key pair of the front-end server respectively based on public parameters;
s2: the data owner determines the private part of the data according to the keyword set space, encrypts the data by utilizing the private key of the data owner, the public key of the storage server, the private part of the data and the corresponding keywords, and generates a data ciphertext and an encryption index thereof; the decryption key for decrypting the data ciphertext and the encryption index of the data ciphertext are sent to a storage server for storage;
s3: after a user purchases data from a data owner, the data owner generates authorization information and sends the authorization information to a storage server; the storage server receives the authorization information and then sends the authorization information to the front-end server;
s4: the user generates a user search trapdoor according to the user private key, the storage server public key, the front-end server public key and the corresponding keywords, and sends the user search trapdoor as a query request to the front-end server;
s5: after receiving the query request, the front-end server generates a server search trapdoor by utilizing the private key of the front-end server, the authorization information and the user search trapdoor, and sends the server search trapdoor to the storage server; after the transmission is finished, the current authorization information is updated;
s6: after receiving the search trapdoor of the server, the storage server searches the trapdoor by utilizing the private key of the storage server, the authorization information and the server, searches in the encryption index, and sends the data ciphertext and the decryption key corresponding to the encryption index to the user; after the transmission is finished, the current authorization information is updated;
s7: and the user decrypts the data ciphertext according to the received decryption key to obtain complete data.
2. The method for dual-server multiuser searchable encryption against keyword guessing attacks according to claim 1, wherein in the step S1, the specific method for generating the public parameters based on the input security parameters and the keyword set space by the system is as follows:
system input-based security parameter 1 λ And keyword vocabulary spaceGenerating common parameters, noted as wherein ,/>Respectively representing a first, a second and a third multiplication cyclic groups, wherein the order numbers are q; g 1 ,g 2 Respectively representing first and second method cyclic group generator; e denotes bilinear mapping:H 1 ,H 2 ,H 3 respectively represent a first, a second and a third hash functions, H 1 :/>H 2 :/>H 3 :/>id represents the data identifier.
3. The method of claim 2, wherein in step S1, the specific method for generating the public and private key pairs of the data owner, the public and private key pairs of the user, the public and private key pairs of the storage server and the public and private key pairs of the front end server based on the public parameters respectively comprises:
the data owner randomly selects the first parameterGenerating element g based on second-order cyclic group in common parameters 2 Generating a public and private key pair of a data owner> wherein ,PKo Representing data owner public key, SK o Representing a data owner private key;
user u i Randomly selecting the second parameterGenerating element g based on second-order cyclic group in common parameters 2 Generating a user public and private key pair +.> wherein ,PKi Representing the user public key, SK i Representing a user private key, wherein i is a positive integer;
the storage server randomly selects a third parameterGenerating element g based on first multiplicative cyclic group in common parameter 1 And a second-order cyclic group generator g 2 Generating a public and private key pair of a storage server> wherein ,PKSS Representing the storage server public key,/->Representing the first component of the storage server public key, < >>Representing a storage server public key second component, SK SS Representing a storage server private key;
the front-end server randomly selects the fourth parameterGenerating element g based on first multiplicative cyclic group in common parameter 1 Generating a front-end server public-private key pair +.> wherein ,PKFS Representing front-end server public key, SK FS Representing a front-end server private key;
4. The method for dual-server multiuser searchable encryption resistant to keyword guessing attacks according to claim 3, wherein the step S2 specifically comprises:
s2.1: data owners in keyword vocabulary spaceThe keyword w is determined, and a fifth parameter +.>Private part of the generated data->Pri is a variable list, and the initialization value is Pri= (p); pt [ w ]]A record representing a keyword w;
s2.2: the data owner randomly selects the encryption key sk for the data identifier id id ∈{0,1} λ Encrypting the data based on a symmetric encryption algorithm to obtain a data ciphertext;
s2.3: the data owner based on the IndexEnc algorithm, based on the data owner private key SK o Public key PK of storage server SS A data private part Pri, a keyword w, a data identifier id and an encryption key sk id Randomly selecting a sixth parameterVector L epsilon {0,1} logq Generates an encryption index c= [ C ] 1 ,C 2 ,C 3]; wherein ,C1 Representing the first component of the encryption index, C 2 Representing the second component of the encryption index, C 3 Representing an encryption index third component;
s2.4: will encrypt the key sk id As a decryption key, the data ciphertext and the encryption index C thereof are sent to a storage server for storage.
5. The method for dual-server multiuser searchable encryption resistant to keyword guessing attacks according to claim 4, wherein the specific method of S2.3 is as follows:
If (w, pt [ w ]]) Does not exist, make sure thatw,Pt[w]=l) is added to the private part Pri at this time
6. The method for dual-server multi-user searchable encryption resistant to a keyword guess attack according to claim 4, wherein in step S3, the specific method for generating the authorization information is as follows:
user u i After purchasing data from the data owner, the data owner obtains the user public key PK of the user i The method comprises the steps of carrying out a first treatment on the surface of the The data owner based on the data owner private key SK o User public key PK of the user i And private part Pri calculation authorization information in the formula ,AIo,i Representing a data owner to user u i Is provided with an authorization information of (a).
7. The method for generating the user search trapdoor according to the user private key, the storage server public key, the front-end server public key and the corresponding keywords in the step S4 is characterized in that the specific method for generating the user search trapdoor according to the user private key, the storage server public key and the corresponding keywords comprises the following steps:
based on TrapGen algorithm, user u i According to the private key SK of the user i Public key PK of storage server SS Front-end server public key PK FS And keyword w, and randomly selecting seventh and eighth parameters r 1 ,Generating user search trapdoor-> wherein ,Ti,w Representing user u i Search trapdoor for keyword w, +.>Representing the first component of the user search notch, +.>Representing the user searching for the trapdoor second component, +.>Representing the user searching for the third component of the trap,PK SS,1 representing the first component of the storage server public key, i.e.>
8. The method for dual-server multiuser searchable encryption against keyword guessing attacks according to claim 7, wherein in step S5, after the front-end server receives the query request, the specific method for generating the server search trapdoor by using the front-end server private key, the authorization information and the user search trapdoor is as follows:
based on the front trap algorithm, the front-end server generates a private key SK according to the front-end server FS Authorization information AI o,i And the user searches trapdoor T i,w Generating server search trapdoors wherein ,TFS,w Search trapdoor representing front-end server FS about keyword w ++>Representing the first component of the server search trap, < >>Representing the server searching for the trapdoor second component,
9. the method of claim 8, wherein in step S6, after the storage server receives the server search trapdoor, the storage server private key, the authorization information and the server search trapdoor are used to search in the encryption index, and the specific method for sending the data ciphertext and the decryption key corresponding to the encryption index to the user is as follows:
s6.1: based on the Search algorithm, the storage server stores the private key SK according to the storage server SS Authorization information AI o,i And server search trapdoor T FS,w Calculating a first component of a keyword
S6.2: the storage server searches all the encryption indexes for the first component C of the encryption index 1 =l' corresponds to the encryption index c= [ C ] 1 ,C 2 ,C 3 ]The method comprises the steps of carrying out a first treatment on the surface of the If the search is not completed, stopping; otherwise, calculate the ninth parameterTenth parameter U 2 =C 3 U is set up 1 ,U 2 To user u i ;
S6.3: user u i Receiving U 1 ,U 2 After that, calculateSolving Pt [ w ]]Then sending the data to a storage server;
s6.4: the storage server receives Pt [ w ]]After that, let L' =pt [ w]Data ciphertext corresponding to encryption index C and decryption key sk id To user u i 。
10. A dual server multi-user searchable encryption apparatus that is resistant to keyword guessing attacks, comprising:
the public and private key pair generating module comprises a user, a data owner, a storage server and a front-end server; the system generates public parameters based on the input safety parameters and the keyword set space; generating a public and private key pair of the data owner, a public and private key pair of the user, a public and private key pair of the storage server and a public and private key pair of the front-end server respectively based on public parameters;
the encryption module is used for determining the private part of the data according to the keyword set space, and encrypting the data by utilizing the private key of the data owner, the public key of the storage server, the private part of the data and the corresponding keywords to generate a data ciphertext and an encryption index thereof; the decryption key for decrypting the data ciphertext and the encryption index of the data ciphertext are sent to a storage server for storage;
the authorization module generates authorization information after a user purchases data from a data owner, and sends the authorization information to the storage server; the storage server receives the authorization information and then sends the authorization information to the front-end server;
the first trapdoor module is used for generating a user search trapdoor according to the user private key, the storage server public key, the front-end server public key and the corresponding keywords by a user and sending the user search trapdoor to the front-end server as a query request;
the second trapdoor module is used for generating a server search trapdoor by utilizing the private key of the front end server, the authorization information and the user search trapdoor after the front end server receives the query request, and sending the server search trapdoor to the storage server; after the transmission is finished, the current authorization information is updated;
the storage server searches the trapdoor by utilizing the private key of the storage server, the authorization information and the server after receiving the search trapdoor of the server, searches in the encryption index, and sends the data ciphertext and the decryption key corresponding to the encryption index to the user; after the transmission is finished, the current authorization information is updated;
and the decryption module decrypts the data ciphertext according to the received decryption key to obtain complete data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210284356.7A CN114745160B (en) | 2022-03-22 | 2022-03-22 | Double-server multi-user searchable encryption method and device for resisting keyword guessing attack |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210284356.7A CN114745160B (en) | 2022-03-22 | 2022-03-22 | Double-server multi-user searchable encryption method and device for resisting keyword guessing attack |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114745160A CN114745160A (en) | 2022-07-12 |
CN114745160B true CN114745160B (en) | 2023-05-30 |
Family
ID=82277728
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210284356.7A Active CN114745160B (en) | 2022-03-22 | 2022-03-22 | Double-server multi-user searchable encryption method and device for resisting keyword guessing attack |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114745160B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109086615A (en) * | 2018-08-03 | 2018-12-25 | 上海海事大学 | A kind of support multiple key search public key encryption method of anti-keyword guessing attack |
CN112037870A (en) * | 2020-07-20 | 2020-12-04 | 北京航空航天大学 | Double-server light searchable encryption method and system supporting data partitioning |
CN113779593A (en) * | 2021-08-13 | 2021-12-10 | 桂林电子科技大学 | Identity-based dual-server authorization ciphertext equivalence determination method |
-
2022
- 2022-03-22 CN CN202210284356.7A patent/CN114745160B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109086615A (en) * | 2018-08-03 | 2018-12-25 | 上海海事大学 | A kind of support multiple key search public key encryption method of anti-keyword guessing attack |
CN112037870A (en) * | 2020-07-20 | 2020-12-04 | 北京航空航天大学 | Double-server light searchable encryption method and system supporting data partitioning |
CN113779593A (en) * | 2021-08-13 | 2021-12-10 | 桂林电子科技大学 | Identity-based dual-server authorization ciphertext equivalence determination method |
Non-Patent Citations (2)
Title |
---|
基于双服务器的抗关键词猜测攻击的公钥可搜索加密方案;郭轲鑫等;《计算机应用研究》;第238-241页 * |
抗关键词猜测的授权可搜索加密方案;曹素珍等;《电子与信息学报》;第2180-2185页 * |
Also Published As
Publication number | Publication date |
---|---|
CN114745160A (en) | 2022-07-12 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN111835500B (en) | Searchable encryption data secure sharing method based on homomorphic encryption and block chain | |
CN107491497B (en) | Multi-user multi-keyword sequencing searchable encryption system supporting query in any language | |
CN107256248B (en) | Wildcard-based searchable encryption method in cloud storage security | |
CN109450935B (en) | Verifiable semantic security multi-keyword search method in cloud storage | |
Wang et al. | Secure ranked keyword search over encrypted cloud data | |
CN109493017B (en) | Trusted outsourcing storage method based on block chain | |
CN110392038B (en) | Multi-key searchable encryption method capable of being verified in multi-user scene | |
CN106330865A (en) | Property base keyword searching method supporting efficient revocation in cloud environment | |
CN112989375B (en) | Hierarchical optimization encryption lossless privacy protection method | |
CN110120873B (en) | Frequent item set mining method based on cloud outsourcing transaction data | |
US20090138698A1 (en) | Method of searching encrypted data using inner product operation and terminal and server therefor | |
CN108632385B (en) | Time sequence-based cloud storage privacy protection method for multi-branch tree data index structure | |
Jiang et al. | Verifiable search meets blockchain: A privacy-preserving framework for outsourced encrypted data | |
CN104993931A (en) | Multi-user encrypted search method in cloud storage | |
CN114338025A (en) | Ciphertext equivalence testing method in cloud environment | |
CN107294701B (en) | Multidimensional ciphertext interval query device and method with efficient key management | |
CN115459967A (en) | Ciphertext database query method and system based on searchable encryption | |
CN114021006A (en) | Multi-dimensional data security query method and device | |
CN109783456A (en) | Go weight structure building method, De-weight method, file retrieval methods, machining system | |
CN107454059B (en) | Search encryption method based on sequence cipher in cloud storage environment | |
CN112804052A (en) | User identity encryption method based on composite order group | |
CN114745160B (en) | Double-server multi-user searchable encryption method and device for resisting keyword guessing attack | |
CN108920968B (en) | File searchable encryption method based on connection keywords | |
Yan et al. | Secure and efficient big data deduplication in fog computing | |
CN108259172B (en) | Ciphertext searching method in cloud storage system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |