CN114884650A - Searchable encryption method based on safe inverted index - Google Patents
Searchable encryption method based on safe inverted index Download PDFInfo
- Publication number
- CN114884650A CN114884650A CN202210275024.2A CN202210275024A CN114884650A CN 114884650 A CN114884650 A CN 114884650A CN 202210275024 A CN202210275024 A CN 202210275024A CN 114884650 A CN114884650 A CN 114884650A
- Authority
- CN
- China
- Prior art keywords
- search
- key
- data
- index
- node
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 40
- 238000012795 verification Methods 0.000 claims abstract description 14
- 230000002441 reversible effect Effects 0.000 claims abstract description 5
- 239000013598 vector Substances 0.000 claims description 17
- 238000004364 calculation method Methods 0.000 claims description 15
- 238000013524 data verification Methods 0.000 claims description 8
- 238000010276 construction Methods 0.000 claims description 6
- 238000011084 recovery Methods 0.000 claims description 6
- 238000013507 mapping Methods 0.000 claims description 3
- 238000012946 outsourcing Methods 0.000 abstract description 5
- 238000013475 authorization Methods 0.000 abstract 1
- 238000005516 engineering process Methods 0.000 description 4
- 238000011160 research Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 239000003550 marker Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/901—Indexing; Data structures therefor; Storage structures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/903—Querying
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
- H04L9/0836—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0877—Generation of secret information including derivation or calculation of cryptographic keys or passwords using additional device, e.g. trusted platform module [TPM], smartcard, USB or hardware security module [HSM]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Computer Hardware Design (AREA)
- General Physics & Mathematics (AREA)
- Computing Systems (AREA)
- Physics & Mathematics (AREA)
- Software Systems (AREA)
- Data Mining & Analysis (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Health & Medical Sciences (AREA)
- Computational Linguistics (AREA)
- Storage Device Security (AREA)
Abstract
The invention relates to a searchable encryption method based on a safe inverted index, which realizes fine-grained access control by adopting a ciphertext strategy attribute encryption mechanism for a shared key. According to the cipher text retrieval scheme based on the reverse index and capable of verifying and updating, a data owner stores and encrypts data and uploads a cipher text and a secret key to a cloud storage server and a credible authorization mechanism respectively. And the data user registers in the trusted authority through the attribute set of the data user to obtain a corresponding key and search the trapdoor. And the data user carries out ciphertext retrieval or index updating to the cloud storage server through the obtained search trapdoor and the corresponding key with the access right. The invention realizes the functions of access control, index updating and result verification in the cloud outsourcing data environment, and improves the information security.
Description
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a searchable encryption method based on a security inverted index.
Background
With the development of information technology, particularly internet technology, cheap computation and huge capacity in a cloud storage mode attract more and more users to outsource private data to a cloud server for saving local storage and maintenance cost. However, the user outsourcing the data to the cloud server to enable the data to be separated from physical control, and then the problem of data privacy disclosure is brought. In order to ensure the data privacy security of users, data is generally encrypted before outsourcing, but the usability of outsourcing data is limited, so that many widely used keyword-based plaintext information retrieval technologies cannot be directly applied to encrypted data. The advent of searchable encryption technology at this time enables searching for encrypted data to be accomplished without revealing the privacy of the user's data. In addition, in practical application of the cloud environment, the cloud server is a semi-honest and curious entity, and in order to save computing resources or store resources and return incorrect search results, a user is required to verify the correctness and integrity of the search results. And when the data stored in the cloud server changes, the index needs to be updated properly.
Disclosure of Invention
Aiming at the existing problems, the invention provides a searchable encryption method based on a safety inverted index, so as to improve the safety of information in a cloud outsourcing data environment.
In order to achieve the purpose, the specific technical scheme of the invention is as follows: a searchable encryption method based on a secure inverted index comprises the following steps:
1) initializing system parameters, wherein the system parameters comprise a system public parameter PK and a system main private key MK;
2) constructing an inverted index structure I, wherein the inverted index structure is recorded as I ═ T s ,A s }; wherein T is s The search table is used for storing a head pointer and an index mark of a search array; a. the s To search an array, all inclusive keywords w are represented i The linked list formed by the files consists of a plurality of nodes; these nodes are randomly stored at A s Each position of (a);
3) the outsourced data is encrypted and stored,
4) registering a user and obtaining a corresponding attribute key, wherein the user registers with a trusted authority by using an attribute set S and a keyword set W, and the trusted authority provides a corresponding search trapdoor for the registered userWhereinH 1 As a random polynomial function, w i Is a keyword;
5) searching data, wherein a user sends a search trapdoor TD obtained by registration of a trusted authority to a cloud server for data search, and the data search is carried out through a search table T s Locating search array A stored in a search table s Head pointer and search mark Y w ;
7) correctly decrypting to obtain an index updating key, and updating the index, including updating the index when a file is added and updating the index when the file is deleted;
8) validating obtained cloud storage data, including pair indexesAnd verification of data integrity.
Further, the initialization system parameters in step 1) above include the following:
1.1) initializing a safety parameter k;
1.2) definition of G 0 ,G 1 ,G 0 ,G 1 Is thatThe two multiplication loop groups of (a) above,p is an integer of 1.. eta.p, and the order p is a large safety prime number;
1.3) let G be group G 0 Defines a bilinear map e: g 0 ×G 0 →G 1 ;
1.4) selecting a Hash function H 1 :{0,1} * →{0,1} * Selecting a hash function H 2 :{0,1} * →G 0 As a random prediction machine, mapping the attribute described by any character string into a random group element;
1.5) generating a random number q ← {0, 1} k ;
1.6) defining a collision-free hash function
k 1 ,k 2 ,k 3 Is a randomly selected vector of three k bits;
1.7) randomly selecting two reversible matrixes (Q ', Q') with k multiplied by k dimensions;
1.9) construction of System common parametersSystem master secret key MK ═ β, g α ,k 1 ,k 2 ,Q′,Q″,H 1 )。
Further, the constructing of the inverted index structure I in the step 2) includes the following steps:
2.1) construction of the search Table T s The method comprises the following steps:
2.1.1) creating a dictionary of size n, denoted T s ;
2.1.2) storing information into the search Table T s The information is as follows:
wherein, Y w Is composed ofIndex flag bit of (1); i is w The system is used for identifying the position of the file stored in the linked list and is also an updating identification bit;updating a key for the encrypted index; w is a i Is a keyword; i is w Is an identifier representing a file storage location; p i For searching array A s The head pointer of (1);
2.2) establishing a search array A s The method comprises the following steps:
2.2.2) define node format:
wherein id t Representing the tth file identifier in the file identifier set;
2.3) establishing I identifying the location of the file stored in the linked list w All initial values are 0 and the length is#D i Representing the number of plaintext files when document set D i Corresponding file occurrence keyword w i When, I w [t]=1,t∈[1,L]. If I w [t]1 will correspond to id t Is stored to A i,j ,j∈[1,#w i ]In, # w i Indicating the number of files containing the keyword, id t Is a file identifier.
Further, the encrypting data in step 3) specifically includes the following steps:
3.1) encrypted search array A s Head pointer P of i The encryption formula is:
3.2) encrypted File identifier id t By a hash function H 1 The encryption formula is as follows:
3.3) encrypting the next node position in the linked list through a pseudo-random function phi, wherein the encryption formula is as follows:
3.4)generating an index marker Y w Selection vector S ← {0, 1 }) k Let us order
3.6) set of encrypted plaintext files D i Selecting K f ←{0,1} k As a plaintext encryption key. Obtain a ciphertext set C i . Selection of K s ←{0,1} k As an update key for the index. Collecting ciphertext documents C i Sending the data to a cloud storage server;
3.7) encryption Key K w =(K f ,K s ) By accessing the tree structurePublic key PK, encryption key K w :C=h s ,
3.8) generating the verification authority sigma, and calculating a keyword set W ═ W 1 ,w 2 …w n Signature of each keyword in the set, generating a setWherein
The signature set sigma is sent to the data user.
Further, the user registration in step 4) above includes the following steps:
4.1) registering and obtaining an attribute private key SK U . The trusted authority selects a random numberFor each attribute j ∈ S, randomly selectingCalculating the corresponding attribute private key according to the following formula:
4.2) providing a trap door; after the user registers, the data user obtains the corresponding search trap door
Further, the step 5) search process includes the following steps:
5.1) query ciphertext setAfter the cloud server receives the TD, positioningRecovery of search table T s Search array A s Head pointer P of i (ii) a Obtaining file identifier id stored by node t Finding out a corresponding document;
5.1.1) positioningIf F (w) i ) Out of T s In, ending; otherwise, turning to the step 5.1.2) for query;
5.1.2) calculationRecovery of search table T s Search array A s Head pointer P of i =Addrs(A i,1 ) Andby passingObtaining a file identifier stored in a node; after the first node position is obtained, the first node position is obtained byFind the next node position untilThe ciphertext file set can be obtained by correspondingly finding out the file identifier set
5.2) generating authentication informationThe cloud server calculates a signature according to the file identifier of the file obtained by queryWhereinAnd the number of the files is represented, and the calculation result is sent to a data user.
Further, the decryption method in the step 6) includes the following steps:
6.1) decryption Key K w I ═ att (x) denotes the user attribute, if x is a non-leaf node, go to step 6.2); if x is a leaf node, i ∈ S, go to step 6.3), e.g.Go to step 6.4);
6.2) for all child nodes z that are not leaf nodes, a function is called
And storing the result as F z Let S x Is an arbitrary size of k x And satisfies F z (ii) present;
calculating F x :
Wherein
WhereinIn order to be a lagrange coefficient,q x for accessing tree structuresThe polynomial selected by each node x of (a); q. q.s parent(x) Denotes q x A parent node of (a);
6.3) definition of
6.4) the decryption is terminated;
6.5) judging the attribute set S, if the attribute set S can only meet the accessStructure of the productGo to step 6.6) if the property set S can only satisfy the access structureGo to step 6.7), if the attribute set S cannot satisfy any access structure, the decryption is terminated;
Obtaining a ciphertext decryption key K f ;
Obtaining an index update key K s ;
6.8) Using the secret Key K f Decrypting a set of ciphertext documentsGet the inclusion keyword w i Plaintext document D i 。
Further, the index updating method of the step 7) includes the following steps:
7,1) randomly selecting k' s ←{0,1} k To do so byFormal delivery of update content identifier U m To search table T s In
7.2) calculating updated I 'for identifying the position of the file stored in the linked list' w
If I new [t]Is equal to 0 and I' w [t]If 0, go to step 7.4),
if I new [t]0 and I' w [t]Step 7.5) is carried out;
7.4) calculation of I w The number of 1 in the first t-1 is Count (t-1); if t-1 is 0, then A i,1 File identifier id stored in a node t Becomes Null; otherwise A i,Count(t-1)+1 File identifier id stored in a node t Becomes Null;
7.5) calculation of I new The number Count0(t-1) of 0 out of the top t-1 numbers; if t-1 is equal to 0,storing file identifier id in node t (ii) a Otherwise, A i,Count0(t-1)+1 Storing file identifier id in node t 。
Further, the data verification in the step 8) includes the following steps:
S j when 1, β must satisfy β' + β ″ ═ β;
if S j 0, dividing the vector into two subvectors which are the same as the original vector, namely beta '═ beta' (. beta.); using Q ', Q' to encrypt the two vectors
8.2) calculation formula
Judging whether the equation is established, if so, turning to the step 8.3), otherwise, turning to prompt that the verification fails;
8.3) verifying the integrity of the data, calculating
If the formula is established, the server is not malicious, the data integrity is guaranteed, and the verification is passed; otherwise, the verification is failed.
The invention has the following beneficial effects:
the index is established in an inverted index mode through the encrypted search table and the encrypted search array, and the safety of the index is enhanced. By encrypting the key based on the attribute, multi-user multi-time decryption can be realized through one-time encryption, the operation of multi-time encryption of the ciphertext is avoided, and fine-grained access control is also realized. The index is safely and efficiently updated by adding the file storage position identification and providing the index updating key by the trusted authority center in the search table. The invention also adds index marks and data verification information to realize a data correctness verification strategy, verifies the correctness of the information by calculating the mark information of the original data and the searched data, improves the index updating and retrieving efficiency and increases the data verification function.
Drawings
FIG. 1 is a flow chart of the method of the present invention.
Fig. 2 is a flowchart illustrating an attribute key decryption process according to the present invention.
Detailed Description
The present invention will be further described with reference to the accompanying drawings and specific embodiments, it should be noted that the technical solutions and design principles of the present invention are described in detail below only with one optimized technical solution, but the scope of the present invention is not limited thereto.
The examples are preferred embodiments of the present invention, but the present invention is not limited to the above embodiments, and any obvious modifications, substitutions or variations can be made by those skilled in the art without departing from the spirit of the present invention.
As shown in fig. 1, the method of the present invention is a searchable encryption method based on a secure inverted index, and includes the following steps:
1) system parameters are initialized, wherein the system parameters include a system public parameter PK and a system master private key MK. As a preferred embodiment of the present invention, initializing system parameters comprises the steps of:
1.1) initializing a safety parameter k; in a specific embodiment of the present invention, the security parameter k is 16.
1.2) definition of G 0 ,G 1 ,G 0 ,G 1 Is thatThe two multiplication loop groups of (a) above,is an integer of 1 … … p, and the order p is a large security prime number;
1.3) let G be the group G 0 Defines a bilinear map e: g 0 ×G 0 →G 1 ;
1.4) Selecting a hash function H 1 :{0,1} * →{0,1} * Selecting a hash function H 2 :{0,1} * →G 0 As a random prediction machine, mapping the attribute described by any character string into a random group element;
1.5) generating a random number q ← {0, 1} k ;
1.6) defining a collision-free hash function
k 1 ,k 2 ,k 3 Is a randomly selected vector of three k bits;
1.7) randomly selecting two reversible matrixes (Q ', Q') with k multiplied by k dimensions;
1.9) construction of System common parametersSystem master secret key MK ═ β, g α ,k 1 ,k 2 ,Q′,Q″,H 1 )。
2) Constructing a safe inverted index structure I, wherein the inverted index structure is recorded as I ═ T s ,A s }; wherein T is s The search table is used for storing a head pointer and an index mark of a search array; a. the s To search an array, all inclusive keywords w are represented i A linked list formed by a plurality of nodes(ii) a These nodes are randomly stored at A s Each position of (a);
as a preferred embodiment of the present invention, constructing the secure inverted index structure I comprises the following steps:
2.1) construction of the search Table T s The method comprises the following steps:
2.1.1) creating a dictionary of size n, denoted T s ;
In a specific embodiment of the present invention, n is 20.
2.1.2) storing information to T s In the table, the information is:
wherein, Y w Is composed ofIndex flag bit of (1); i is w The system is used for identifying the position of the file stored in the linked list and is also an updating identification bit;updating a key for the encrypted index; w is a i Are keywords. I is w Is an identifier representing a file storage location; p 1 For searching array A s The head pointer of (1).
2.2) establishing search array A s The method comprises the following steps:
2.2.2) define node format:
wherein id t Representing the tth file identifier in the file identifier set;
2.3) establishing I identifying the location of the file stored in the linked list w All initial values are 0 and the length is#D i Indicating the number of plaintext files, # D in an embodiment of the invention i 600. When the document set D i Corresponding file occurrence keyword w i When, I w [t]=1,t∈[1,L]. If I w [t]1 will correspond to id t Is stored to A i,j ,j∈[1,#w i ]In, # w i Indicating the number of files containing the keyword, id t Is a file identifier.
As a preferred embodiment of the invention, id is stored t The method comprises the following steps:
2.3.1) input I w ,ID t ,P i ;
2.3.2) define variable j ═ 0;
2.3.3) traversal File identifier set ID t ;
2.3.4) judgment of I w [t]If equal to 1, go to step 2.3.5), otherwise go to step 2.3.6)
2.3.5) saving File identifier id t To node A i,j And j plus 1;
2.3.6) end storage file identifier;
3) the outsourced data is encrypted and stored,
the specific method for encrypting and storing the data is as follows:
3.1) encrypted search array A s Head pointer P of i The encryption formula is:
3.2) encrypted File identifier id t By a hash function H 1 The process is carried out by the following steps,the encryption formula is:
3.3) encrypting the next node position in the chain table by a pseudo-random functionThe encryption formula is as follows:
3.4) generating index tag Y w Selection vector S ← {0, 1 }) k Let us order
3.6) set of encrypted plaintext files D i Selecting K f ←{0,1} k As a plaintext encryption key. Obtain a ciphertext set C i . Selection of K s ←{0,1} k As an update key for the index. Collecting ciphertext documents C i And sending the data to a cloud storage server.
3.7) encryption Key K w =(K f ,K s ) By accessing the tree structurePublic key PK, encryption key K w :
3.8) generating the verification authority sigma, and calculating a keyword set W ═ W 1 ,w 2 …w n Sign of each keyword in } generating a setWherein
The signature set sigma is sent to the data user.
4) Registering a user and obtaining a corresponding attribute key, wherein the user registers with a trusted authority by using an attribute set S and a keyword set W, and the trusted authority provides a corresponding search trapdoor for the registered user
In an embodiment of the present invention, the attribute set S ═ research institute, computer institute, research three. The specific method for user registration is as follows:
4.1) registering and obtaining an attribute private key SK U . The trusted authority selects a random numberFor each attribute j ∈ S, randomly selectingThe corresponding attribute private key is calculated according to the following formula:
4.2) issuing trapdoors. After the user registers, the data user obtains the corresponding search trap door
5) Searching data, wherein a data user sends a search trapdoor TD obtained by registering from a trusted authority to a cloud server for data search, and the search trapdoor TD searches data through a search table T s Locating search array A stored in a search table s Head pointer and search mark Y w 。
As a preferred embodiment of the present invention, the search process comprises the steps of:
5.1) query ciphertext setAfter the cloud server receives the TD, positioningRecovery of search table T s Search array A s Head pointer P of i (ii) a Obtaining file identifier id stored by node t And finding the corresponding document.
As a preferred embodiment of the present invention, a specific query method is as follows:
5.1.1) positioningIf F (w) i ) Out of T s If yes, ending, otherwise, turning to the step 5.1.2) to query;
5.1.2) calculationRecovery of search table T s Search array A s Head pointer P of i =Addrs(A i,1 ) Andby passingA file identifier stored in the node is obtained. After obtaining the first node position, byFind the next node position untilThe ciphertext file set can be obtained by correspondingly finding out the file identifier set
5.2) generating authentication informationThe cloud server calculates a signature according to the file identifier of the file obtained by queryWhereinAnd (5) setting the number of the files and sending the calculation result to a data user.
6) Decrypting search results, including the pair Key K w Decryption and collection of ciphertextDecryption of (3).
As shown in fig. 2, the attribute key decryption process is specifically as follows, as a preferred embodiment of the present invention:
6.1) decryption Key K w I ═ att (x) denotes the user attribute, if x is a non-leaf node, go to step 6.2); if x is a leaf node, i ∈ S, go to step 6.3), e.g.Go to step 6.4).
And storing the result as F z Let S x Is an arbitrary size of k x And satisfies F z Are present. Calculating F x :
Wherein
WhereinIn order to be a lagrange coefficient,q x for accessing tree structuresThe polynomial selected by each node x of (a); q. q.s parent(x) Denotes q x The parent node of (2).
6.3) definition of
6.4) the decryption is terminated;
6.5) judging the attribute set S, if the attribute set S can only satisfy the access structureGo to step 6.6) if the property set S can only satisfy the access structureGo to step 6.7), if the attribute set S cannot satisfy any access structure, the decryption is terminated;
Obtaining a ciphertext decryption key K f 。
Obtaining an index update key K s 。
6.8) Using the secret Key K f Decrypting a set of ciphertext documentsGet the inclusion keyword w i Plaintext document D i 。
7) And the data user who correctly decrypts to obtain the corresponding index updating key updates the index, including updating the index when a file is added and updating the index when the file is deleted.
As a preferred embodiment of the present invention, the index updating method is as follows:
7,1) randomly selecting k' s ←{0,1} k To do so byFormal delivery of update content identifier U m To search table T s In
7.2) calculating updated I 'for identifying the position of the file stored in the linked list' w
7.3) obtaining a new search array A s . ComputingIf I new [t]0 and I' w [t]Go to step 7.4) if I is 0 new [t]0 and I' w [t]Step 7.5 as 1)
7.4) calculation of I w The number Count (t-1) of 1 in the first t-1; if t-1 is 0, then A i,1 File identifier id stored in a node t Becomes Null; otherwise A i,Count(t-1)+1 File identifier id stored in a node t Becomes Null;
7.5) calculation of I new The number Count0(t-1) of 0 out of the top t-1 numbers; if t-1 is equal to 0,storing file identifier id in node t (ii) a Otherwise, A i,Count0(t-1)+1 Storing file identifier id in node t ;
As a preferred embodiment of the present invention, the data verification method is as follows:
8.1) orderSegmenting beta by S vector, S j In the case of 1, β must satisfy β' + β ″, β. If S j And (0), dividing the vector into two subvectors which are the same as the original vector, namely beta. Using Q ', Q' to encrypt the two vectors
8.2) calculation formula
And judging whether the equation is established or not, if so, turning to the step 8.3), and otherwise, turning to prompt that the verification fails.
8.3) verifying the integrity of the data, calculating
If the formula is established, the server is not malicious, the data integrity is guaranteed, and the verification is passed. Otherwise, the verification is failed.
Claims (9)
1. A searchable encryption method based on a secure inverted index is characterized by comprising the following steps:
1) initializing system parameters, wherein the system parameters comprise a system public parameter PK and a system main private key MK;
2) constructing an inverted index structure I, wherein the inverted index structure is recorded as I ═ T s ,A s }; wherein T is s The search table is used for storing a head pointer and an index mark of a search array; a. the s To search an array, all inclusive keywords w are represented i The linked list formed by the files consists of a plurality of nodes; these nodes randomly secureIn the presence of A s Each position of (a);
3) the outsourced data is encrypted and stored,
4) registering a user and obtaining a corresponding attribute key, wherein the user registers with a trusted authority by using an attribute set S and a keyword set W, and the trusted authority provides a corresponding search trapdoor for the registered userWhereinH 1 As a random polynomial function, w i Is a keyword;
5) searching data, wherein a user sends a search trapdoor TD obtained by registration of a trusted authority to a cloud server for data search, and the data search is carried out through a search table T s Locating search array A stored in a search table s Head pointer and search mark Y w ;
6) Decrypting the search results, including the Key K w Decryption and collection of ciphertextDecrypting;
7) correctly decrypting to obtain an index updating key, and updating the index, including updating the index when a file is added and updating the index when the file is deleted;
2. The searchable encryption method based on the secure inverted index according to claim 1, wherein the initialized system parameters in step 1) include the following:
1.1) initializing a safety parameter k;
1.2) definition of G 0 ,G 1 ,G 0 ,G 1 Is thatThe two groups of multiplication cycles of (a) above,is an integer of 1 … … p, and the order p is a large security prime number;
1.3) let G be the group G 0 Defines a bilinear map e: g 0 ×G 0 →G 1 ;
1.4) selecting a Hash function H 1 :{0,1} * →{0,1} * Selecting a hash function H 2 :{0,1} * →G 0 As a random prediction machine, mapping the attribute described by any character string into a random group element;
1.5) generating a random number q ← {0, 1} k ;
1.6) defining a collision-free hash function
k 1 ,k 2 ,k 3 Is a randomly selected vector of three k bits;
1.7) randomly selecting two reversible matrixes (Q ', Q') with k multiplied by k dimensions;
3. The method for searchable encryption based on secure inverted indexes as claimed in claim 1, wherein the constructing of the inverted index structure I in step 2) comprises the following steps:
2.1) construction of the search Table T s The method comprises the following steps:
2.1.1) creating a dictionary with the size of n, and recording the dictionary as T s ;
2.1.2) storing information into the search Table T s The information is as follows:
wherein, Y w Is composed ofIndex flag bit of (1); i is w The system is used for identifying the position of the file stored in the linked list and is also an updating identification bit;updating a key for the encrypted index; w is a i Is a keyword; i is w Is an identifier representing a file storage location; p i For searching array A s The head pointer of (1);
2.2) establishing search array A s The method comprises the following steps:
2.2.2) define node format:
wherein id t Representing the tth file identifier in the file identifier set;
2.3) establishing I identifying the location of the file stored in the linked list w All initial values are 0 and the length is#D i Representing the number of plaintext files when document set D i Corresponding file occurrence keyword w i When, I w [t]=1,t∈[1,L](ii) a If I w [t]1 will correspond to id t Is stored to A i,j ,j∈[1,#w i ]In, # w i Indicating the number of files containing the keyword, id t Is a file identifier.
4. The searchable encryption method based on the secure inverted index according to claim 1, wherein the encrypted data of step 3) specifically includes the following steps:
3.1) encrypted search array A s Head pointer P of i The encryption formula is:
3.2) encrypted File identifier id t By a hash function H 1 The encryption formula is as follows:
3.3) encrypting the next node position in the linked list through a pseudo-random function phi, wherein the encryption formula is as follows:
3.4) generating index tag Y w Selection vector S ← {0, 1 }) k Let us order
3.6) set of encrypted plaintext files D i Selecting K f ←{0,1} k As plaintext encryption key, ciphertext set C is obtained i Selecting K s ←{0,1} k As an index updating key, collecting the ciphertext documents C i Sending the data to a cloud storage server;
3.7) encryption Key K w =(K f ,K ε ) By accessing the tree structurePublic key PK, encryption key K w :
3.8) generating the verification authority sigma, calculating the relationshipSet of keywords W ═ W 1 ,w 2 …w n Sign of each keyword in } generating a setWherein
The signature set sigma is sent to the data user.
5. The searchable encryption method based on the secure inverted index according to claim 1, wherein the user registration in step 4) includes the following steps:
4.1) registering and obtaining an attribute private key SK U The trusted authority selecting a random numberFor each attribute j ∈ S, randomly selectingCalculating the corresponding attribute private key according to the following formula:
4.2) providing a trap door; after the user registers, the data user obtains the corresponding search trap door
6. The searchable encryption method based on the secure inverted index according to claim 1, wherein the step 5) search process comprises the following steps:
5.1) query ciphertext setAfter the cloud server receives the TD, positioningRecovery of search table T s Middle search array A s Head pointer P of i (ii) a Obtaining file identifier id stored by node t Finding out a corresponding document;
5.1.1) positioningIf F (w) i ) Out of T s In, ending; otherwise, turning to the step 5.1.2) for query;
5.1.2) calculationRecovery of the search table r s Middle search array A s Head pointer P of i =Addrs(A i,1 ) Andby passingObtaining a file identifier stored in a node; after the first node position is obtained, the first node position is obtained byFind the next node position untilThe ciphertext file set can be obtained by correspondingly finding out the file identifier set
7. The searchable encryption method based on the secure inverted index according to claim 1, wherein the decryption method in step 6) comprises the following steps:
6.1) decryption Key K w I ═ att (x) denotes the user attribute, if x is a non-leaf node, go to step 6.2); if x is a leaf node, i ∈ S, go to step 6.3), e.g.Go to step 6.4);
6.2) for all child nodes z that are not leaf nodes, a function is called
And storing the result as F z Let S stand out x Is an arbitrary size of k x And satisfies F z (ii) present;
calculating F x :
Wherein
WhereinIn order to be a lagrange coefficient,q x for accessing tree structuresThe polynomial selected by each node x of (a); q. q.s parent(x) Denotes q x A parent node of (a);
6.3) definition of
6.4) the decryption is terminated;
6.5) judging the attribute set S, if the attribute set S can only satisfy the access structureGo to step 6.6) if the property set S can only satisfy the access structureGo to step 6.7), if the attribute set S cannot satisfy any access structure, the decryption is terminated;
Obtaining a ciphertext decryption key K f ;
Obtaining an index update key K s ;
8. The searchable encryption method based on the secure inverted index according to claim 1, wherein the index updating method of step 7) comprises the following steps:
7,1) randomly selecting k' s ←{0,1} k To do so byFormal delivery of update content identifier U m To search table T s In
7.2) calculating updated I 'for identifying the position of the file stored in the linked list' w
If I new [t]0 and I' w [t]If 0, go to step 7.4),
if I new [t]0 and I' w [t]Step 7.5) is carried out;
7.4) calculation of I w The number Count (t-1) of 1 in the first t-1; if t-1 is 0, then A i,1 File identifier id stored in a node t Becomes Null; otherwise A i,Count(t-1)+1 File identifier id stored in a node t Becomes Null;
9. The searchable encryption method based on the secure inverted index according to claim 1, wherein the data verification in the step 8) includes the steps of:
S j when 1, β must satisfy β' + β ″ ═ β;
if S j 0, is divided into two partsA subvector with the same vector, i.e. β' ═ β; using Q ', Q' to encrypt the two vectors
8.2) calculation formula
Judging whether the equation is established, if so, turning to the step 8.3), otherwise, turning to prompt that the verification fails;
8.3) verifying the integrity of the data, calculating
If the formula is established, the server is not malicious, the data integrity is guaranteed, and the verification is passed; otherwise, the verification is failed.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210275024.2A CN114884650A (en) | 2022-03-21 | 2022-03-21 | Searchable encryption method based on safe inverted index |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210275024.2A CN114884650A (en) | 2022-03-21 | 2022-03-21 | Searchable encryption method based on safe inverted index |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114884650A true CN114884650A (en) | 2022-08-09 |
Family
ID=82668466
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210275024.2A Pending CN114884650A (en) | 2022-03-21 | 2022-03-21 | Searchable encryption method based on safe inverted index |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114884650A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116127498A (en) * | 2022-11-28 | 2023-05-16 | 中国民用航空总局第二研究所 | Multi-keyword searchable encryption method capable of verifying ciphertext search result |
CN117131209A (en) * | 2023-10-26 | 2023-11-28 | 中国传媒大学 | Phrase searching and verifying method and system for encrypted data based on blockchain |
CN117828673A (en) * | 2024-03-05 | 2024-04-05 | 北京全景智联科技有限公司 | Block chain-based data circulation and privacy protection method and device |
-
2022
- 2022-03-21 CN CN202210275024.2A patent/CN114884650A/en active Pending
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN116127498A (en) * | 2022-11-28 | 2023-05-16 | 中国民用航空总局第二研究所 | Multi-keyword searchable encryption method capable of verifying ciphertext search result |
CN116127498B (en) * | 2022-11-28 | 2024-06-07 | 中国民用航空总局第二研究所 | Multi-keyword searchable encryption method capable of verifying ciphertext search result |
CN117131209A (en) * | 2023-10-26 | 2023-11-28 | 中国传媒大学 | Phrase searching and verifying method and system for encrypted data based on blockchain |
CN117131209B (en) * | 2023-10-26 | 2024-02-13 | 中国传媒大学 | Phrase searching and verifying method and system for encrypted data based on blockchain |
CN117828673A (en) * | 2024-03-05 | 2024-04-05 | 北京全景智联科技有限公司 | Block chain-based data circulation and privacy protection method and device |
CN117828673B (en) * | 2024-03-05 | 2024-06-21 | 北京全景智联科技有限公司 | Block chain-based data circulation and privacy protection method and device |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Ge et al. | Towards achieving keyword search over dynamic encrypted cloud data with symmetric-key based verification | |
US9977918B2 (en) | Method and system for verifiable searchable symmetric encryption | |
CN114884650A (en) | Searchable encryption method based on safe inverted index | |
CN106776904B (en) | The fuzzy query encryption method of dynamic authentication is supported in a kind of insincere cloud computing environment | |
CN110138561B (en) | Efficient ciphertext retrieval method based on CP-ABE automatic correction and cloud computing service system | |
US10554385B2 (en) | Method for providing encrypted data in a database and method for searching on encrypted data | |
US7519835B2 (en) | Encrypted table indexes and searching encrypted tables | |
WO2020172898A1 (en) | Suffix tree-based searchable encryption system and method | |
CN108400970A (en) | Set of metadata of similar data message locking encryption De-weight method, cloud storage system in cloud environment | |
Hozhabr et al. | Dynamic secure multi-keyword ranked search over encrypted cloud data | |
CN109492410B (en) | Data searchable encryption and keyword search method, system, terminal and equipment | |
CN109088719A (en) | Outsourced database multi-key word can verify that cipher text searching method, data processing system | |
CN108881261B (en) | Service authentication method and system based on block chain technology in container environment | |
CN114417073A (en) | Neighbor node query method and device of encryption graph and electronic equipment | |
CN115438230A (en) | Safe and efficient dynamic encrypted cloud data multidimensional range query method | |
CN108650268B (en) | Searchable encryption method and system for realizing multi-level access | |
Zhang et al. | A verifiable and dynamic multi-keyword ranked search scheme over encrypted cloud data with accuracy improvement | |
CN113904823B (en) | Attribute-based searchable encryption method and system for constant-level authorization computation complexity | |
CN115766136A (en) | Multi-keyword searchable encryption method for energy source block chain supervision data | |
CN114528370B (en) | Dynamic multi-keyword fuzzy ordering searching method and system | |
CN108319670A (en) | The dynamic ranking searching method that can verify that based on cloud computing | |
CN109582818B (en) | Music library cloud retrieval method based on searchable encryption | |
Xue et al. | Cuckoo-filter based privacy-aware search over encrypted cloud data | |
Tian et al. | BPPIR: Blockchain-assisted privacy-preserving similarity image retrieval over multiple clouds | |
CN113626485B (en) | Searchable encryption method and system suitable for database management system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |