CN114884650A - Searchable encryption method based on safe inverted index - Google Patents

Searchable encryption method based on safe inverted index Download PDF

Info

Publication number
CN114884650A
CN114884650A CN202210275024.2A CN202210275024A CN114884650A CN 114884650 A CN114884650 A CN 114884650A CN 202210275024 A CN202210275024 A CN 202210275024A CN 114884650 A CN114884650 A CN 114884650A
Authority
CN
China
Prior art keywords
search
key
data
index
node
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210275024.2A
Other languages
Chinese (zh)
Inventor
金华
杨涛
张伟逸
宋雪桦
王昌达
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Jiangsu University
Original Assignee
Jiangsu University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Jiangsu University filed Critical Jiangsu University
Priority to CN202210275024.2A priority Critical patent/CN114884650A/en
Publication of CN114884650A publication Critical patent/CN114884650A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/901Indexing; Data structures therefor; Storage structures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/903Querying
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • H04L63/123Applying verification of the received information received data contents, e.g. message integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • H04L9/0836Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0877Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Data Mining & Analysis (AREA)
  • General Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Health & Medical Sciences (AREA)
  • Computational Linguistics (AREA)
  • Storage Device Security (AREA)

Abstract

The invention relates to a searchable encryption method based on a safe inverted index, which realizes fine-grained access control by adopting a ciphertext strategy attribute encryption mechanism for a shared key. According to the cipher text retrieval scheme based on the reverse index and capable of verifying and updating, a data owner stores and encrypts data and uploads a cipher text and a secret key to a cloud storage server and a credible authorization mechanism respectively. And the data user registers in the trusted authority through the attribute set of the data user to obtain a corresponding key and search the trapdoor. And the data user carries out ciphertext retrieval or index updating to the cloud storage server through the obtained search trapdoor and the corresponding key with the access right. The invention realizes the functions of access control, index updating and result verification in the cloud outsourcing data environment, and improves the information security.

Description

Searchable encryption method based on safety reverse index
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a searchable encryption method based on a security inverted index.
Background
With the development of information technology, particularly internet technology, cheap computation and huge capacity in a cloud storage mode attract more and more users to outsource private data to a cloud server for saving local storage and maintenance cost. However, the user outsourcing the data to the cloud server to enable the data to be separated from physical control, and then the problem of data privacy disclosure is brought. In order to ensure the data privacy security of users, data is generally encrypted before outsourcing, but the usability of outsourcing data is limited, so that many widely used keyword-based plaintext information retrieval technologies cannot be directly applied to encrypted data. The advent of searchable encryption technology at this time enables searching for encrypted data to be accomplished without revealing the privacy of the user's data. In addition, in practical application of the cloud environment, the cloud server is a semi-honest and curious entity, and in order to save computing resources or store resources and return incorrect search results, a user is required to verify the correctness and integrity of the search results. And when the data stored in the cloud server changes, the index needs to be updated properly.
Disclosure of Invention
Aiming at the existing problems, the invention provides a searchable encryption method based on a safety inverted index, so as to improve the safety of information in a cloud outsourcing data environment.
In order to achieve the purpose, the specific technical scheme of the invention is as follows: a searchable encryption method based on a secure inverted index comprises the following steps:
1) initializing system parameters, wherein the system parameters comprise a system public parameter PK and a system main private key MK;
2) constructing an inverted index structure I, wherein the inverted index structure is recorded as I ═ T s ,A s }; wherein T is s The search table is used for storing a head pointer and an index mark of a search array; a. the s To search an array, all inclusive keywords w are represented i The linked list formed by the files consists of a plurality of nodes; these nodes are randomly stored at A s Each position of (a);
3) the outsourced data is encrypted and stored,
4) registering a user and obtaining a corresponding attribute key, wherein the user registers with a trusted authority by using an attribute set S and a keyword set W, and the trusted authority provides a corresponding search trapdoor for the registered user
Figure BDA0003555515820000011
Wherein
Figure BDA0003555515820000021
H 1 As a random polynomial function, w i Is a keyword;
5) searching data, wherein a user sends a search trapdoor TD obtained by registration of a trusted authority to a cloud server for data search, and the data search is carried out through a search table T s Locating search array A stored in a search table s Head pointer and search mark Y w
6) Decrypting the search results, including the Key K w Decryption and ciphertext set
Figure BDA0003555515820000022
Decrypting;
7) correctly decrypting to obtain an index updating key, and updating the index, including updating the index when a file is added and updating the index when the file is deleted;
8) validating obtained cloud storage data, including pair indexes
Figure BDA0003555515820000023
And verification of data integrity.
Further, the initialization system parameters in step 1) above include the following:
1.1) initializing a safety parameter k;
1.2) definition of G 0 ,G 1 ,G 0 ,G 1 Is that
Figure BDA0003555515820000024
The two multiplication loop groups of (a) above,
Figure BDA0003555515820000025
p is an integer of 1.. eta.p, and the order p is a large safety prime number;
1.3) let G be group G 0 Defines a bilinear map e: g 0 ×G 0 →G 1
1.4) selecting a Hash function H 1 :{0,1} * →{0,1} * Selecting a hash function H 2 :{0,1} * →G 0 As a random prediction machine, mapping the attribute described by any character string into a random group element;
1.5) generating a random number q ← {0, 1} k
1.6) defining a collision-free hash function
Figure BDA0003555515820000026
Figure BDA0003555515820000027
Figure BDA0003555515820000028
k 1 ,k 2 ,k 3 Is a randomly selected vector of three k bits;
1.7) randomly selecting two reversible matrixes (Q ', Q') with k multiplied by k dimensions;
1.8) random selection
Figure BDA0003555515820000029
1.9) construction of System common parameters
Figure BDA0003555515820000031
System master secret key MK ═ β, g α ,k 1 ,k 2 ,Q′,Q″,H 1 )。
Further, the constructing of the inverted index structure I in the step 2) includes the following steps:
2.1) construction of the search Table T s The method comprises the following steps:
2.1.1) creating a dictionary of size n, denoted T s
2.1.2) storing information into the search Table T s The information is as follows:
Figure BDA0003555515820000032
wherein, Y w Is composed of
Figure BDA0003555515820000033
Index flag bit of (1); i is w The system is used for identifying the position of the file stored in the linked list and is also an updating identification bit;
Figure BDA0003555515820000034
updating a key for the encrypted index; w is a i Is a keyword; i is w Is an identifier representing a file storage location; p i For searching array A s The head pointer of (1);
2.2) establishing a search array A s The method comprises the following steps:
2.2.1) define the next node position as
Figure BDA0003555515820000035
Wherein,
Figure BDA0003555515820000036
is a pseudo-random function;
2.2.2) define node format:
Figure BDA0003555515820000037
wherein id t Representing the tth file identifier in the file identifier set;
2.3) establishing I identifying the location of the file stored in the linked list w All initial values are 0 and the length is
Figure BDA0003555515820000038
#D i Representing the number of plaintext files when document set D i Corresponding file occurrence keyword w i When, I w [t]=1,t∈[1,L]. If I w [t]1 will correspond to id t Is stored to A i,j ,j∈[1,#w i ]In, # w i Indicating the number of files containing the keyword, id t Is a file identifier.
Further, the encrypting data in step 3) specifically includes the following steps:
3.1) encrypted search array A s Head pointer P of i The encryption formula is:
Figure BDA0003555515820000041
3.2) encrypted File identifier id t By a hash function H 1 The encryption formula is as follows:
Figure BDA0003555515820000042
3.3) encrypting the next node position in the linked list through a pseudo-random function phi, wherein the encryption formula is as follows:
Figure BDA0003555515820000043
3.4)generating an index marker Y w Selection vector S ← {0, 1 }) k Let us order
Figure BDA0003555515820000044
3.5) encryption using two invertible matrices (Q ', Q') of dimension k x k
Figure BDA0003555515820000045
Figure BDA0003555515820000046
3.6) set of encrypted plaintext files D i Selecting K f ←{0,1} k As a plaintext encryption key. Obtain a ciphertext set C i . Selection of K s ←{0,1} k As an update key for the index. Collecting ciphertext documents C i Sending the data to a cloud storage server;
3.7) encryption Key K w =(K f ,K s ) By accessing the tree structure
Figure BDA00035555158200000411
Public key PK, encryption key K w
Figure BDA0003555515820000047
C=h s
Figure BDA0003555515820000048
3.8) generating the verification authority sigma, and calculating a keyword set W ═ W 1 ,w 2 …w n Signature of each keyword in the set, generating a set
Figure BDA0003555515820000049
Wherein
Figure BDA00035555158200000410
The signature set sigma is sent to the data user.
Further, the user registration in step 4) above includes the following steps:
4.1) registering and obtaining an attribute private key SK U . The trusted authority selects a random number
Figure BDA0003555515820000051
For each attribute j ∈ S, randomly selecting
Figure BDA0003555515820000052
Calculating the corresponding attribute private key according to the following formula:
Figure BDA0003555515820000053
4.2) providing a trap door; after the user registers, the data user obtains the corresponding search trap door
Figure BDA0003555515820000054
Further, the step 5) search process includes the following steps:
5.1) query ciphertext set
Figure BDA0003555515820000055
After the cloud server receives the TD, positioning
Figure BDA0003555515820000056
Recovery of search table T s Search array A s Head pointer P of i (ii) a Obtaining file identifier id stored by node t Finding out a corresponding document;
5.1.1) positioning
Figure BDA0003555515820000057
If F (w) i ) Out of T s In, ending; otherwise, turning to the step 5.1.2) for query;
5.1.2) calculation
Figure BDA0003555515820000058
Recovery of search table T s Search array A s Head pointer P of i =Addrs(A i,1 ) And
Figure BDA0003555515820000059
by passing
Figure BDA00035555158200000510
Obtaining a file identifier stored in a node; after the first node position is obtained, the first node position is obtained by
Figure BDA00035555158200000511
Find the next node position until
Figure BDA00035555158200000512
The ciphertext file set can be obtained by correspondingly finding out the file identifier set
Figure BDA00035555158200000513
5.2) generating authentication information
Figure BDA00035555158200000514
The cloud server calculates a signature according to the file identifier of the file obtained by query
Figure BDA00035555158200000515
Wherein
Figure BDA00035555158200000516
And the number of the files is represented, and the calculation result is sent to a data user.
Further, the decryption method in the step 6) includes the following steps:
6.1) decryption Key K w I ═ att (x) denotes the user attribute, if x is a non-leaf node, go to step 6.2); if x is a leaf node, i ∈ S, go to step 6.3), e.g.
Figure BDA0003555515820000061
Go to step 6.4);
6.2) for all child nodes z that are not leaf nodes, a function is called
Figure BDA0003555515820000062
And storing the result as F z Let S x Is an arbitrary size of k x And satisfies F z (ii) present;
calculating F x
Figure BDA0003555515820000063
Wherein
Figure BDA0003555515820000064
Wherein
Figure BDA0003555515820000065
In order to be a lagrange coefficient,
Figure BDA0003555515820000066
q x for accessing tree structures
Figure BDA0003555515820000067
The polynomial selected by each node x of (a); q. q.s parent(x) Denotes q x A parent node of (a);
6.3) definition of
Figure BDA0003555515820000068
6.4) the decryption is terminated;
6.5) judging the attribute set S, if the attribute set S can only meet the accessStructure of the product
Figure BDA0003555515820000069
Go to step 6.6) if the property set S can only satisfy the access structure
Figure BDA00035555158200000610
Go to step 6.7), if the attribute set S cannot satisfy any access structure, the decryption is terminated;
6.6) order
Figure BDA00035555158200000611
Recovering a secret key
Figure BDA0003555515820000071
Obtaining a ciphertext decryption key K f
6.7) order
Figure BDA0003555515820000072
Recovering a secret key
Figure BDA0003555515820000073
Obtaining an index update key K s
6.8) Using the secret Key K f Decrypting a set of ciphertext documents
Figure BDA0003555515820000074
Get the inclusion keyword w i Plaintext document D i
Further, the index updating method of the step 7) includes the following steps:
7,1) randomly selecting k' s ←{0,1} k To do so by
Figure BDA0003555515820000075
Formal delivery of update content identifier U m To search table T s In
Figure BDA0003555515820000076
7.2) calculating updated I 'for identifying the position of the file stored in the linked list' w
Figure BDA0003555515820000077
Namely, it is
Figure BDA0003555515820000078
Updated I w Containing new ciphertext storage information;
7.3) obtaining a new search array A s (ii) a Computing
Figure BDA0003555515820000079
If I new [t]Is equal to 0 and I' w [t]If 0, go to step 7.4),
if I new [t]0 and I' w [t]Step 7.5) is carried out;
7.4) calculation of I w The number of 1 in the first t-1 is Count (t-1); if t-1 is 0, then A i,1 File identifier id stored in a node t Becomes Null; otherwise A i,Count(t-1)+1 File identifier id stored in a node t Becomes Null;
7.5) calculation of I new The number Count0(t-1) of 0 out of the top t-1 numbers; if t-1 is equal to 0,
Figure BDA0003555515820000081
storing file identifier id in node t (ii) a Otherwise, A i,Count0(t-1)+1 Storing file identifier id in node t
Further, the data verification in the step 8) includes the following steps:
8.1) order
Figure BDA0003555515820000082
The S vector is used to segment the beta,
S j when 1, β must satisfy β' + β ″ ═ β;
if S j 0, dividing the vector into two subvectors which are the same as the original vector, namely beta '═ beta' (. beta.); using Q ', Q' to encrypt the two vectors
Figure BDA0003555515820000083
8.2) calculation formula
Figure BDA0003555515820000084
Judging whether the equation is established, if so, turning to the step 8.3), otherwise, turning to prompt that the verification fails;
8.3) verifying the integrity of the data, calculating
Figure BDA0003555515820000085
If the formula is established, the server is not malicious, the data integrity is guaranteed, and the verification is passed; otherwise, the verification is failed.
The invention has the following beneficial effects:
the index is established in an inverted index mode through the encrypted search table and the encrypted search array, and the safety of the index is enhanced. By encrypting the key based on the attribute, multi-user multi-time decryption can be realized through one-time encryption, the operation of multi-time encryption of the ciphertext is avoided, and fine-grained access control is also realized. The index is safely and efficiently updated by adding the file storage position identification and providing the index updating key by the trusted authority center in the search table. The invention also adds index marks and data verification information to realize a data correctness verification strategy, verifies the correctness of the information by calculating the mark information of the original data and the searched data, improves the index updating and retrieving efficiency and increases the data verification function.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Fig. 2 is a flowchart illustrating an attribute key decryption process according to the present invention.
Detailed Description
The present invention will be further described with reference to the accompanying drawings and specific embodiments, it should be noted that the technical solutions and design principles of the present invention are described in detail below only with one optimized technical solution, but the scope of the present invention is not limited thereto.
The examples are preferred embodiments of the present invention, but the present invention is not limited to the above embodiments, and any obvious modifications, substitutions or variations can be made by those skilled in the art without departing from the spirit of the present invention.
As shown in fig. 1, the method of the present invention is a searchable encryption method based on a secure inverted index, and includes the following steps:
1) system parameters are initialized, wherein the system parameters include a system public parameter PK and a system master private key MK. As a preferred embodiment of the present invention, initializing system parameters comprises the steps of:
1.1) initializing a safety parameter k; in a specific embodiment of the present invention, the security parameter k is 16.
1.2) definition of G 0 ,G 1 ,G 0 ,G 1 Is that
Figure BDA0003555515820000091
The two multiplication loop groups of (a) above,
Figure BDA0003555515820000092
is an integer of 1 … … p, and the order p is a large security prime number;
1.3) let G be the group G 0 Defines a bilinear map e: g 0 ×G 0 →G 1
1.4) Selecting a hash function H 1 :{0,1} * →{0,1} * Selecting a hash function H 2 :{0,1} * →G 0 As a random prediction machine, mapping the attribute described by any character string into a random group element;
1.5) generating a random number q ← {0, 1} k
1.6) defining a collision-free hash function
Figure BDA0003555515820000093
Figure BDA0003555515820000094
Figure BDA0003555515820000101
k 1 ,k 2 ,k 3 Is a randomly selected vector of three k bits;
1.7) randomly selecting two reversible matrixes (Q ', Q') with k multiplied by k dimensions;
1.8) random selection
Figure BDA0003555515820000102
Wherein α … …, β … …; r
1.9) construction of System common parameters
Figure BDA0003555515820000103
System master secret key MK ═ β, g α ,k 1 ,k 2 ,Q′,Q″,H 1 )。
2) Constructing a safe inverted index structure I, wherein the inverted index structure is recorded as I ═ T s ,A s }; wherein T is s The search table is used for storing a head pointer and an index mark of a search array; a. the s To search an array, all inclusive keywords w are represented i A linked list formed by a plurality of nodes(ii) a These nodes are randomly stored at A s Each position of (a);
as a preferred embodiment of the present invention, constructing the secure inverted index structure I comprises the following steps:
2.1) construction of the search Table T s The method comprises the following steps:
2.1.1) creating a dictionary of size n, denoted T s
In a specific embodiment of the present invention, n is 20.
2.1.2) storing information to T s In the table, the information is:
Figure BDA0003555515820000104
wherein, Y w Is composed of
Figure BDA0003555515820000105
Index flag bit of (1); i is w The system is used for identifying the position of the file stored in the linked list and is also an updating identification bit;
Figure BDA0003555515820000106
updating a key for the encrypted index; w is a i Are keywords. I is w Is an identifier representing a file storage location; p 1 For searching array A s The head pointer of (1).
2.2) establishing search array A s The method comprises the following steps:
2.2.1) define the next node position as
Figure BDA0003555515820000107
Wherein,
Figure BDA0003555515820000108
is a pseudo-random function.
2.2.2) define node format:
Figure BDA0003555515820000111
wherein id t Representing the tth file identifier in the file identifier set;
2.3) establishing I identifying the location of the file stored in the linked list w All initial values are 0 and the length is
Figure BDA0003555515820000112
#D i Indicating the number of plaintext files, # D in an embodiment of the invention i 600. When the document set D i Corresponding file occurrence keyword w i When, I w [t]=1,t∈[1,L]. If I w [t]1 will correspond to id t Is stored to A i,j ,j∈[1,#w i ]In, # w i Indicating the number of files containing the keyword, id t Is a file identifier.
As a preferred embodiment of the invention, id is stored t The method comprises the following steps:
2.3.1) input I w ,ID t ,P i
2.3.2) define variable j ═ 0;
2.3.3) traversal File identifier set ID t
2.3.4) judgment of I w [t]If equal to 1, go to step 2.3.5), otherwise go to step 2.3.6)
2.3.5) saving File identifier id t To node A i,j And j plus 1;
2.3.6) end storage file identifier;
3) the outsourced data is encrypted and stored,
the specific method for encrypting and storing the data is as follows:
3.1) encrypted search array A s Head pointer P of i The encryption formula is:
Figure BDA0003555515820000113
3.2) encrypted File identifier id t By a hash function H 1 The process is carried out by the following steps,the encryption formula is:
Figure BDA0003555515820000114
3.3) encrypting the next node position in the chain table by a pseudo-random function
Figure BDA0003555515820000115
The encryption formula is as follows:
Figure BDA0003555515820000116
3.4) generating index tag Y w Selection vector S ← {0, 1 }) k Let us order
Figure BDA0003555515820000121
3.5) encryption using two invertible matrices (Q ', Q') of dimension k x k
Figure BDA0003555515820000122
Figure BDA0003555515820000123
3.6) set of encrypted plaintext files D i Selecting K f ←{0,1} k As a plaintext encryption key. Obtain a ciphertext set C i . Selection of K s ←{0,1} k As an update key for the index. Collecting ciphertext documents C i And sending the data to a cloud storage server.
3.7) encryption Key K w =(K f ,K s ) By accessing the tree structure
Figure BDA00035555158200001210
Public key PK, encryption key K w
Figure BDA0003555515820000124
3.8) generating the verification authority sigma, and calculating a keyword set W ═ W 1 ,w 2 …w n Sign of each keyword in } generating a set
Figure BDA0003555515820000125
Wherein
Figure BDA0003555515820000126
The signature set sigma is sent to the data user.
4) Registering a user and obtaining a corresponding attribute key, wherein the user registers with a trusted authority by using an attribute set S and a keyword set W, and the trusted authority provides a corresponding search trapdoor for the registered user
Figure BDA0003555515820000127
In an embodiment of the present invention, the attribute set S ═ research institute, computer institute, research three. The specific method for user registration is as follows:
4.1) registering and obtaining an attribute private key SK U . The trusted authority selects a random number
Figure BDA0003555515820000128
For each attribute j ∈ S, randomly selecting
Figure BDA0003555515820000129
The corresponding attribute private key is calculated according to the following formula:
Figure BDA0003555515820000131
4.2) issuing trapdoors. After the user registers, the data user obtains the corresponding search trap door
Figure BDA0003555515820000132
5) Searching data, wherein a data user sends a search trapdoor TD obtained by registering from a trusted authority to a cloud server for data search, and the search trapdoor TD searches data through a search table T s Locating search array A stored in a search table s Head pointer and search mark Y w
As a preferred embodiment of the present invention, the search process comprises the steps of:
5.1) query ciphertext set
Figure BDA0003555515820000133
After the cloud server receives the TD, positioning
Figure BDA0003555515820000134
Recovery of search table T s Search array A s Head pointer P of i (ii) a Obtaining file identifier id stored by node t And finding the corresponding document.
As a preferred embodiment of the present invention, a specific query method is as follows:
5.1.1) positioning
Figure BDA0003555515820000135
If F (w) i ) Out of T s If yes, ending, otherwise, turning to the step 5.1.2) to query;
5.1.2) calculation
Figure BDA0003555515820000136
Recovery of search table T s Search array A s Head pointer P of i =Addrs(A i,1 ) And
Figure BDA0003555515820000137
by passing
Figure BDA0003555515820000138
A file identifier stored in the node is obtained. After obtaining the first node position, by
Figure BDA0003555515820000139
Find the next node position until
Figure BDA00035555158200001310
The ciphertext file set can be obtained by correspondingly finding out the file identifier set
Figure BDA00035555158200001311
5.2) generating authentication information
Figure BDA00035555158200001312
The cloud server calculates a signature according to the file identifier of the file obtained by query
Figure BDA00035555158200001313
Wherein
Figure BDA00035555158200001314
And (5) setting the number of the files and sending the calculation result to a data user.
6) Decrypting search results, including the pair Key K w Decryption and collection of ciphertext
Figure BDA00035555158200001315
Decryption of (3).
As shown in fig. 2, the attribute key decryption process is specifically as follows, as a preferred embodiment of the present invention:
6.1) decryption Key K w I ═ att (x) denotes the user attribute, if x is a non-leaf node, go to step 6.2); if x is a leaf node, i ∈ S, go to step 6.3), e.g.
Figure BDA0003555515820000141
Go to step 6.4).
6.2) for non-leaf nodes
Figure BDA0003555515820000142
All child nodes z, calling functions
Figure BDA0003555515820000143
And storing the result as F z Let S x Is an arbitrary size of k x And satisfies F z Are present. Calculating F x
Figure BDA0003555515820000144
Wherein
Figure BDA0003555515820000145
Wherein
Figure BDA0003555515820000146
In order to be a lagrange coefficient,
Figure BDA0003555515820000147
q x for accessing tree structures
Figure BDA0003555515820000148
The polynomial selected by each node x of (a); q. q.s parent(x) Denotes q x The parent node of (2).
6.3) definition of
Figure BDA0003555515820000149
6.4) the decryption is terminated;
6.5) judging the attribute set S, if the attribute set S can only satisfy the access structure
Figure BDA00035555158200001410
Go to step 6.6) if the property set S can only satisfy the access structure
Figure BDA00035555158200001411
Go to step 6.7), if the attribute set S cannot satisfy any access structure, the decryption is terminated;
6.6) order
Figure BDA00035555158200001412
Recovering a secret key
Figure BDA0003555515820000151
Obtaining a ciphertext decryption key K f
6.7) order
Figure BDA0003555515820000152
Recovering a secret key
Figure BDA0003555515820000153
Obtaining an index update key K s
6.8) Using the secret Key K f Decrypting a set of ciphertext documents
Figure BDA0003555515820000154
Get the inclusion keyword w i Plaintext document D i
7) And the data user who correctly decrypts to obtain the corresponding index updating key updates the index, including updating the index when a file is added and updating the index when the file is deleted.
As a preferred embodiment of the present invention, the index updating method is as follows:
7,1) randomly selecting k' s ←{0,1} k To do so by
Figure BDA0003555515820000155
Formal delivery of update content identifier U m To search table T s In
Figure BDA0003555515820000156
7.2) calculating updated I 'for identifying the position of the file stored in the linked list' w
Figure BDA0003555515820000157
Namely, it is
Figure BDA0003555515820000158
Updated I w Containing the new ciphertext storage information.
7.3) obtaining a new search array A s . Computing
Figure BDA0003555515820000159
If I new [t]0 and I' w [t]Go to step 7.4) if I is 0 new [t]0 and I' w [t]Step 7.5 as 1)
7.4) calculation of I w The number Count (t-1) of 1 in the first t-1; if t-1 is 0, then A i,1 File identifier id stored in a node t Becomes Null; otherwise A i,Count(t-1)+1 File identifier id stored in a node t Becomes Null;
7.5) calculation of I new The number Count0(t-1) of 0 out of the top t-1 numbers; if t-1 is equal to 0,
Figure BDA0003555515820000161
storing file identifier id in node t (ii) a Otherwise, A i,Count0(t-1)+1 Storing file identifier id in node t
8) Verifying the obtained data, including indexing
Figure BDA0003555515820000162
And verification of data integrity.
As a preferred embodiment of the present invention, the data verification method is as follows:
8.1) order
Figure BDA0003555515820000163
Segmenting beta by S vector, S j In the case of 1, β must satisfy β' + β ″, β. If S j And (0), dividing the vector into two subvectors which are the same as the original vector, namely beta. Using Q ', Q' to encrypt the two vectors
Figure BDA0003555515820000164
8.2) calculation formula
Figure BDA0003555515820000165
And judging whether the equation is established or not, if so, turning to the step 8.3), and otherwise, turning to prompt that the verification fails.
8.3) verifying the integrity of the data, calculating
Figure BDA0003555515820000166
If the formula is established, the server is not malicious, the data integrity is guaranteed, and the verification is passed. Otherwise, the verification is failed.

Claims (9)

1. A searchable encryption method based on a secure inverted index is characterized by comprising the following steps:
1) initializing system parameters, wherein the system parameters comprise a system public parameter PK and a system main private key MK;
2) constructing an inverted index structure I, wherein the inverted index structure is recorded as I ═ T s ,A s }; wherein T is s The search table is used for storing a head pointer and an index mark of a search array; a. the s To search an array, all inclusive keywords w are represented i The linked list formed by the files consists of a plurality of nodes; these nodes randomly secureIn the presence of A s Each position of (a);
3) the outsourced data is encrypted and stored,
4) registering a user and obtaining a corresponding attribute key, wherein the user registers with a trusted authority by using an attribute set S and a keyword set W, and the trusted authority provides a corresponding search trapdoor for the registered user
Figure FDA0003555515810000011
Wherein
Figure FDA0003555515810000012
H 1 As a random polynomial function, w i Is a keyword;
5) searching data, wherein a user sends a search trapdoor TD obtained by registration of a trusted authority to a cloud server for data search, and the data search is carried out through a search table T s Locating search array A stored in a search table s Head pointer and search mark Y w
6) Decrypting the search results, including the Key K w Decryption and collection of ciphertext
Figure FDA0003555515810000013
Decrypting;
7) correctly decrypting to obtain an index updating key, and updating the index, including updating the index when a file is added and updating the index when the file is deleted;
8) validating obtained cloud storage data, including pair indexes
Figure FDA0003555515810000014
And verification of data integrity.
2. The searchable encryption method based on the secure inverted index according to claim 1, wherein the initialized system parameters in step 1) include the following:
1.1) initializing a safety parameter k;
1.2) definition of G 0 ,G 1 ,G 0 ,G 1 Is that
Figure FDA0003555515810000015
The two groups of multiplication cycles of (a) above,
Figure FDA0003555515810000016
is an integer of 1 … … p, and the order p is a large security prime number;
1.3) let G be the group G 0 Defines a bilinear map e: g 0 ×G 0 →G 1
1.4) selecting a Hash function H 1 :{0,1} * →{0,1} * Selecting a hash function H 2 :{0,1} * →G 0 As a random prediction machine, mapping the attribute described by any character string into a random group element;
1.5) generating a random number q ← {0, 1} k
1.6) defining a collision-free hash function
Figure FDA0003555515810000021
Figure FDA0003555515810000022
Figure FDA0003555515810000023
k 1 ,k 2 ,k 3 Is a randomly selected vector of three k bits;
1.7) randomly selecting two reversible matrixes (Q ', Q') with k multiplied by k dimensions;
1.8) random selection
Figure FDA0003555515810000024
1.9) construction of System common parameters
Figure FDA0003555515810000025
System master secret key MK ═ β, g α ,k 1 ,k 2 ,Q′,Q″,H 1 )。
3. The method for searchable encryption based on secure inverted indexes as claimed in claim 1, wherein the constructing of the inverted index structure I in step 2) comprises the following steps:
2.1) construction of the search Table T s The method comprises the following steps:
2.1.1) creating a dictionary with the size of n, and recording the dictionary as T s
2.1.2) storing information into the search Table T s The information is as follows:
Figure FDA0003555515810000026
wherein, Y w Is composed of
Figure FDA0003555515810000027
Index flag bit of (1); i is w The system is used for identifying the position of the file stored in the linked list and is also an updating identification bit;
Figure FDA0003555515810000028
updating a key for the encrypted index; w is a i Is a keyword; i is w Is an identifier representing a file storage location; p i For searching array A s The head pointer of (1);
2.2) establishing search array A s The method comprises the following steps:
2.2.1) define the next node position as
Figure FDA0003555515810000029
Wherein,
Figure FDA00035555158100000210
is a pseudo-random function;
2.2.2) define node format:
Figure FDA00035555158100000211
wherein id t Representing the tth file identifier in the file identifier set;
2.3) establishing I identifying the location of the file stored in the linked list w All initial values are 0 and the length is
Figure FDA0003555515810000031
#D i Representing the number of plaintext files when document set D i Corresponding file occurrence keyword w i When, I w [t]=1,t∈[1,L](ii) a If I w [t]1 will correspond to id t Is stored to A i,j ,j∈[1,#w i ]In, # w i Indicating the number of files containing the keyword, id t Is a file identifier.
4. The searchable encryption method based on the secure inverted index according to claim 1, wherein the encrypted data of step 3) specifically includes the following steps:
3.1) encrypted search array A s Head pointer P of i The encryption formula is:
Figure FDA0003555515810000032
3.2) encrypted File identifier id t By a hash function H 1 The encryption formula is as follows:
Figure FDA0003555515810000033
3.3) encrypting the next node position in the linked list through a pseudo-random function phi, wherein the encryption formula is as follows:
Figure FDA0003555515810000034
3.4) generating index tag Y w Selection vector S ← {0, 1 }) k Let us order
Figure FDA0003555515810000035
3.5) encryption using two invertible matrices of dimension k × k (Q' Q ″)
Figure FDA0003555515810000036
Figure FDA0003555515810000037
Figure FDA0003555515810000038
3.6) set of encrypted plaintext files D i Selecting K f ←{0,1} k As plaintext encryption key, ciphertext set C is obtained i Selecting K s ←{0,1} k As an index updating key, collecting the ciphertext documents C i Sending the data to a cloud storage server;
3.7) encryption Key K w =(K f ,K ε ) By accessing the tree structure
Figure FDA0003555515810000039
Public key PK, encryption key K w
Figure FDA0003555515810000041
3.8) generating the verification authority sigma, calculating the relationshipSet of keywords W ═ W 1 ,w 2 …w n Sign of each keyword in } generating a set
Figure FDA0003555515810000042
Wherein
Figure FDA0003555515810000043
The signature set sigma is sent to the data user.
5. The searchable encryption method based on the secure inverted index according to claim 1, wherein the user registration in step 4) includes the following steps:
4.1) registering and obtaining an attribute private key SK U The trusted authority selecting a random number
Figure FDA0003555515810000044
For each attribute j ∈ S, randomly selecting
Figure FDA0003555515810000045
Calculating the corresponding attribute private key according to the following formula:
Figure FDA0003555515810000046
4.2) providing a trap door; after the user registers, the data user obtains the corresponding search trap door
Figure FDA0003555515810000047
6. The searchable encryption method based on the secure inverted index according to claim 1, wherein the step 5) search process comprises the following steps:
5.1) query ciphertext set
Figure FDA0003555515810000048
After the cloud server receives the TD, positioning
Figure FDA0003555515810000049
Recovery of search table T s Middle search array A s Head pointer P of i (ii) a Obtaining file identifier id stored by node t Finding out a corresponding document;
5.1.1) positioning
Figure FDA00035555158100000410
If F (w) i ) Out of T s In, ending; otherwise, turning to the step 5.1.2) for query;
5.1.2) calculation
Figure FDA00035555158100000411
Recovery of the search table r s Middle search array A s Head pointer P of i =Addrs(A i,1 ) And
Figure FDA00035555158100000412
by passing
Figure FDA00035555158100000413
Obtaining a file identifier stored in a node; after the first node position is obtained, the first node position is obtained by
Figure FDA0003555515810000051
Find the next node position until
Figure FDA0003555515810000052
The ciphertext file set can be obtained by correspondingly finding out the file identifier set
Figure FDA0003555515810000053
5.2) generating authentication information
Figure FDA0003555515810000054
The cloud server calculates a signature according to the file identifier of the file obtained by query
Figure FDA0003555515810000055
Wherein
Figure FDA0003555515810000056
Figure FDA0003555515810000057
And the number of the files is represented, and the calculation result is sent to a data user.
7. The searchable encryption method based on the secure inverted index according to claim 1, wherein the decryption method in step 6) comprises the following steps:
6.1) decryption Key K w I ═ att (x) denotes the user attribute, if x is a non-leaf node, go to step 6.2); if x is a leaf node, i ∈ S, go to step 6.3), e.g.
Figure FDA0003555515810000058
Go to step 6.4);
6.2) for all child nodes z that are not leaf nodes, a function is called
Figure FDA0003555515810000059
And storing the result as F z Let S stand out x Is an arbitrary size of k x And satisfies F z (ii) present;
calculating F x :
Figure FDA00035555158100000510
Wherein
Figure FDA00035555158100000511
Wherein
Figure FDA00035555158100000512
In order to be a lagrange coefficient,
Figure FDA00035555158100000513
q x for accessing tree structures
Figure FDA00035555158100000514
The polynomial selected by each node x of (a); q. q.s parent(x) Denotes q x A parent node of (a);
6.3) definition of
Figure FDA0003555515810000061
6.4) the decryption is terminated;
6.5) judging the attribute set S, if the attribute set S can only satisfy the access structure
Figure FDA0003555515810000062
Go to step 6.6) if the property set S can only satisfy the access structure
Figure FDA0003555515810000063
Go to step 6.7), if the attribute set S cannot satisfy any access structure, the decryption is terminated;
6.6) order
Figure FDA0003555515810000064
Recovering a secret key
Figure FDA0003555515810000065
Obtaining a ciphertext decryption key K f
6.7) order
Figure FDA0003555515810000066
Recovering a secret key
Figure FDA0003555515810000067
Obtaining an index update key K s
6.8) Using the secret Key K f Decrypting a set of ciphertext documents
Figure FDA0003555515810000068
Get the inclusion keyword w i Plaintext document D i
8. The searchable encryption method based on the secure inverted index according to claim 1, wherein the index updating method of step 7) comprises the following steps:
7,1) randomly selecting k' s ←{0,1} k To do so by
Figure FDA0003555515810000069
Formal delivery of update content identifier U m To search table T s In
Figure FDA00035555158100000610
7.2) calculating updated I 'for identifying the position of the file stored in the linked list' w
Figure FDA0003555515810000071
Namely, it is
Figure FDA0003555515810000072
Updated I w Containing new ciphertext storage information;
7.3) obtaining a new search array A s (ii) a Computing
Figure FDA0003555515810000073
If I new [t]0 and I' w [t]If 0, go to step 7.4),
if I new [t]0 and I' w [t]Step 7.5) is carried out;
7.4) calculation of I w The number Count (t-1) of 1 in the first t-1; if t-1 is 0, then A i,1 File identifier id stored in a node t Becomes Null; otherwise A i,Count(t-1)+1 File identifier id stored in a node t Becomes Null;
7.5) calculation of I new The number Count0(t-1) of 0 out of the top t-1 numbers; if t-1 is equal to 0,
Figure FDA0003555515810000074
storing file identifier id in node t (ii) a Otherwise, A i,Count0(t-1)+1 Storing file identifier id in node t
9. The searchable encryption method based on the secure inverted index according to claim 1, wherein the data verification in the step 8) includes the steps of:
8.1) order
Figure FDA0003555515810000075
The S vector is used to segment the beta,
S j when 1, β must satisfy β' + β ″ ═ β;
if S j 0, is divided into two partsA subvector with the same vector, i.e. β' ═ β; using Q ', Q' to encrypt the two vectors
Figure FDA0003555515810000076
8.2) calculation formula
Figure FDA0003555515810000077
Judging whether the equation is established, if so, turning to the step 8.3), otherwise, turning to prompt that the verification fails;
8.3) verifying the integrity of the data, calculating
Figure FDA0003555515810000081
If the formula is established, the server is not malicious, the data integrity is guaranteed, and the verification is passed; otherwise, the verification is failed.
CN202210275024.2A 2022-03-21 2022-03-21 Searchable encryption method based on safe inverted index Pending CN114884650A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210275024.2A CN114884650A (en) 2022-03-21 2022-03-21 Searchable encryption method based on safe inverted index

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210275024.2A CN114884650A (en) 2022-03-21 2022-03-21 Searchable encryption method based on safe inverted index

Publications (1)

Publication Number Publication Date
CN114884650A true CN114884650A (en) 2022-08-09

Family

ID=82668466

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210275024.2A Pending CN114884650A (en) 2022-03-21 2022-03-21 Searchable encryption method based on safe inverted index

Country Status (1)

Country Link
CN (1) CN114884650A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116127498A (en) * 2022-11-28 2023-05-16 中国民用航空总局第二研究所 Multi-keyword searchable encryption method capable of verifying ciphertext search result
CN117131209A (en) * 2023-10-26 2023-11-28 中国传媒大学 Phrase searching and verifying method and system for encrypted data based on blockchain
CN117828673A (en) * 2024-03-05 2024-04-05 北京全景智联科技有限公司 Block chain-based data circulation and privacy protection method and device

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116127498A (en) * 2022-11-28 2023-05-16 中国民用航空总局第二研究所 Multi-keyword searchable encryption method capable of verifying ciphertext search result
CN116127498B (en) * 2022-11-28 2024-06-07 中国民用航空总局第二研究所 Multi-keyword searchable encryption method capable of verifying ciphertext search result
CN117131209A (en) * 2023-10-26 2023-11-28 中国传媒大学 Phrase searching and verifying method and system for encrypted data based on blockchain
CN117131209B (en) * 2023-10-26 2024-02-13 中国传媒大学 Phrase searching and verifying method and system for encrypted data based on blockchain
CN117828673A (en) * 2024-03-05 2024-04-05 北京全景智联科技有限公司 Block chain-based data circulation and privacy protection method and device
CN117828673B (en) * 2024-03-05 2024-06-21 北京全景智联科技有限公司 Block chain-based data circulation and privacy protection method and device

Similar Documents

Publication Publication Date Title
Ge et al. Towards achieving keyword search over dynamic encrypted cloud data with symmetric-key based verification
US9977918B2 (en) Method and system for verifiable searchable symmetric encryption
CN114884650A (en) Searchable encryption method based on safe inverted index
CN106776904B (en) The fuzzy query encryption method of dynamic authentication is supported in a kind of insincere cloud computing environment
CN110138561B (en) Efficient ciphertext retrieval method based on CP-ABE automatic correction and cloud computing service system
US10554385B2 (en) Method for providing encrypted data in a database and method for searching on encrypted data
US7519835B2 (en) Encrypted table indexes and searching encrypted tables
WO2020172898A1 (en) Suffix tree-based searchable encryption system and method
CN108400970A (en) Set of metadata of similar data message locking encryption De-weight method, cloud storage system in cloud environment
Hozhabr et al. Dynamic secure multi-keyword ranked search over encrypted cloud data
CN109492410B (en) Data searchable encryption and keyword search method, system, terminal and equipment
CN109088719A (en) Outsourced database multi-key word can verify that cipher text searching method, data processing system
CN108881261B (en) Service authentication method and system based on block chain technology in container environment
CN114417073A (en) Neighbor node query method and device of encryption graph and electronic equipment
CN115438230A (en) Safe and efficient dynamic encrypted cloud data multidimensional range query method
CN108650268B (en) Searchable encryption method and system for realizing multi-level access
Zhang et al. A verifiable and dynamic multi-keyword ranked search scheme over encrypted cloud data with accuracy improvement
CN113904823B (en) Attribute-based searchable encryption method and system for constant-level authorization computation complexity
CN115766136A (en) Multi-keyword searchable encryption method for energy source block chain supervision data
CN114528370B (en) Dynamic multi-keyword fuzzy ordering searching method and system
CN108319670A (en) The dynamic ranking searching method that can verify that based on cloud computing
CN109582818B (en) Music library cloud retrieval method based on searchable encryption
Xue et al. Cuckoo-filter based privacy-aware search over encrypted cloud data
Tian et al. BPPIR: Blockchain-assisted privacy-preserving similarity image retrieval over multiple clouds
CN113626485B (en) Searchable encryption method and system suitable for database management system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination