CN116074013A - Public key searchable encryption method for resisting back door attack - Google Patents

Public key searchable encryption method for resisting back door attack Download PDF

Info

Publication number
CN116074013A
CN116074013A CN202211444171.4A CN202211444171A CN116074013A CN 116074013 A CN116074013 A CN 116074013A CN 202211444171 A CN202211444171 A CN 202211444171A CN 116074013 A CN116074013 A CN 116074013A
Authority
CN
China
Prior art keywords
server
key
random number
derived
keyword
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211444171.4A
Other languages
Chinese (zh)
Inventor
蒋昌松
许春香
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN202211444171.4A priority Critical patent/CN116074013A/en
Publication of CN116074013A publication Critical patent/CN116074013A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3255Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using group based signatures, e.g. ring or threshold signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • H04L9/3257Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using blind signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention provides a public key searchable encryption method for resisting back door attacks, which is used for effectively resisting the back door attacks by subverting two latent channels in the realization by introducing a public key searchable encryption method assisted by a password reverse firewall removal server. Firstly, when generating a server derived keyword, the password reverse firewall processes messages sent and received by a user computer, and confidentiality of the keyword is ensured while protocol functions and security are maintained. And secondly, the password reverse firewall and the user execute a cooperative random number generation protocol to ensure that random numbers used by the encryption algorithm follow the random number generation algorithm specification, so that a latent channel in the subversion realization of the encryption algorithm is invalid, and the plaintext information is prevented from being revealed. In addition, the invention uses a plurality of key servers to assist the user in generating the server derived keywords, and can avoid the problem of single-point failure while resisting the guessing attack of the offline keywords.

Description

Public key searchable encryption method for resisting back door attack
Technical Field
The invention belongs to the technical field of information security, and particularly relates to a public key searchable encryption method for resisting back door attacks.
Background
The cloud storage service enables users to outsource data to a cloud server and efficiently retrieve target data using keywords. In real life, because data may be sensitive, users often need to encrypt the data before outsourcing to protect personal privacy. However, the conventional encryption method may prevent the keyword search function in the cloud storage service from operating normally. In order to ensure confidentiality of data while maintaining a keyword search function, a public key searchable encryption PEKS has been developed. In PEKS, the sender encrypts data and keywords using the public key of the receiver and outsources the ciphertext to the cloud server. To retrieve the target data, the recipient uses the private key to generate a trapdoor corresponding to the particular key, and the cloud server performs the data retrieval by testing whether the trapdoor matches the server derived key ciphertext (referred to as PEKS ciphertext). However, PEKS is vulnerable to offline keyword guessing attacks: given a trapdoor, an attacker (e.g., a malicious cloud server) may exhaust the key space, generate PEKS ciphertext using the recipient's public key, and identify ciphertext that matches the trapdoor. In this way, the adversary may reveal keywords contained in trapdoors, thereby violating user privacy.
To combat off-line keyword guess attacks, a method called Server-assisted PEKS (Server-assisted PEKS) is proposed. In this method, the key to be encrypted is derived from a key server based on the original key. To obtain such server-derived keywords without revealing any information of the original keywords, the key server and the user together perform a blind signature protocol. More specifically, the user blinds the key using a random number and sends the blinded value to a key server, which signs the blinded value. The user may blinde the signature to obtain the server derived key. Because the key Server is introduced to enable an attacker to generate the PEKS ciphertext offline, the Server-aided PEKS can effectively resist the offline keyword guessing attack. Although Server-assisted PEKS has many benefits, the security of this approach relies on the reliability of the key Server, with a single point of failure problem. Once the key server is breached by or colluded with the adversary, the method will be immediately compromised by an offline key guessing attack. To address this problem, the generation of server derived keys may be distributed to multiple key servers using a threshold blind signature protocol. In such Server-assisted PEKS, each key Server has a share of the signature private key, and less than a threshold number of key servers are breached by or colluded with adversaries without compromising the security of the method.
In order to access the secure cloud storage services provided by the Server-enabled PEKS, users need to use a software system with the method implemented correctly. However, this faces a great challenge in the real world. An adversary (e.g., a malicious manufacturer) may be privately embedded in the implementation of the back door to the method to break the security of the method. An adversary with a back door can obtain secret information from the output of such a subversion, which is imperceptible and undetectable to the user. Such back door attacks (also known as subversion attacks) are extremely destructive. As disclosed by the snooker event, the national security agency has launched the attack for many years to illegally collect a large number of confidential messages from microsoft, ***, apple, yahoo, etc. companies to monitor personal information of citizens.
Subversion attacks against randomization algorithms (such as encryption algorithms and blind signatures) have been proposed since the snoden event. The core idea of the attack is to introduce a latent channel into the subversion implementation of the randomization algorithm: the subversion implementation may carefully pick the random number to produce a biased output (e.g., PEKS ciphertext or blinded value) to implicitly reveal the secret information. Since Server-aided PEKS contains both encryption algorithms and blind signature randomization algorithms, this approach is inherently subject to this potential threat, where subversion implementations of encryption algorithms may reveal plaintext information and subversion implementations of blind signatures may reveal keyword information. In order to remove the latent channel in the randomization algorithm to resist back door attacks, the invention introduces a cryptographic reverse firewall in the Server-aided PEKS. A cryptographic reverse firewall is deployed between the user's computer and the outside world, which participates in both parts of the Server-secured PEKS to provide security protection. First, when the user and the key server execute the blind signature protocol generation server to derive the key, the cryptographic reverse firewall modifies the messages received and sent by the user computer, preventing adversaries from obtaining any key related information while preserving the protocol function and security. Second, it and the user computer provide a random number for the encryption algorithm by executing a cooperative random number generation protocol. The protocol can ensure that the password reverse firewall cannot obtain any information of the random number, and the generated random number accords with the specification of a random number generation algorithm. The integration of the collaborative random number generation protocol into the Server-proposed PEKS can effectively remove the latent channel in the subversion implementation of the encryption algorithm, and prevent the leakage of plaintext information. In addition, the invention uses a plurality of key servers to assist the user in generating the server derived keywords, and can avoid the problem of single-point failure while resisting the guessing attack of the offline keywords.
Disclosure of Invention
The problem to be solved by the invention is how to prevent adversaries, such as malicious manufacturers, from obtaining secret information from subversion implementations of server-assisted public-key searchable encryption methods.
The invention adopts a technical method for solving the problems, namely, a public key searchable encryption method for resisting back door attacks, which is characterized in that a password reverse firewall is utilized to remove a latent channel in subversion realization of the server-assisted public key searchable encryption method so as to resist back door attacks; the method specifically comprises the following steps:
initializing: initializing a system according to the security parameters, and determining common parameters of the system; the receiver generates a public-private key; a plurality of key servers collectively generating master secrets shared in a threshold manner;
generating a server derived keyword:
1) The user blindly sends the keywords to the password reverse firewall; the user is a sender or a receiver;
2) The password reverse firewall re-randomizes the blinded keywords and sends the blinded keywords to each key server;
3) The key server signs the re-randomized blind keywords by using own master secret sharing and returns the re-randomized blind keywords to the password reverse firewall;
4) The password reverse firewall processes the received signature to obtain a signature of the key server on the blinded keyword, and sends the signature to the user;
5) The user verifies the correctness of each signature, if the signatures with the number larger than the threshold value pass the verification, the signature of the key server on the key word is obtained by the calculation of the verified signatures, and the correctness of the signature is verified; if the key word is correct, calculating a server derived key word, otherwise, terminating operation;
PEKS ciphertext generation:
1) The sender and the password reverse firewall execute a cooperative random number generation protocol to generate a random number;
2) The sender obtains a PEKS ciphertext by utilizing the generated random number and a derivative keyword of a public key encryption server of the receiver, and sends the ciphertext to a password reverse firewall;
3) The password reverse firewall verifies the legitimacy of the PEKS ciphertext; if the verification is passed, forwarding the PEKS ciphertext to the cloud server, otherwise, terminating the operation;
trapdoor generation:
the receiver calculates trapdoors corresponding to the server derived keywords and sends the trapdoors to the cloud server;
the testing steps are as follows:
the cloud server verifies whether the PEKS ciphertext is matched with a given trapdoor, if so, the PEKS ciphertext passes the test, and if not, the test fails.
The invention provides a public key searchable encryption method for resisting back door attacks, which removes a server-assisted public key searchable encryption method by introducing a password reverse firewall to subvert a latent channel in realization, thereby resisting the back door attacks; when a user generates a server derived keyword, the password reverse firewall processes messages sent and received by a user computer, and ensures confidentiality of the keyword while maintaining protocol functions and safety; in addition, the password reverse firewall and the user execute a cooperative random number generation protocol to ensure that random numbers used by the encryption algorithm follow the random number generation algorithm specification, so that a latent channel in the subversion realization of the encryption algorithm is invalid, and the plaintext information is effectively prevented from being leaked; the plurality of key servers assist the user in generating server derived keywords, and can avoid single point failure problems while resisting off-line keyword guessing attacks.
The beneficial effects of the invention are as follows:
(1) The public key searchable encryption method for resisting the back door attack is provided based on the password reverse firewall, and the server-assisted public key searchable encryption method can be effectively removed to subvert the latent channel in the realization, so that the back door attack is resisted;
(2) The key servers are used for assisting the user in generating server derived keywords, and the single-point fault problem can be avoided while the offline keyword guessing attack is resisted.
Detailed Description
Initialization step (one)
Determining a set of system common parameters from security parameters
Figure BDA00039491847100000413
Where q is a prime number, G is an addition cyclic group of order q, P is a generator of G, G T Is a cyclic group of order q, e: G x G → G T Is a bilinear map, Z q Is an integer remainder class ring of modulo q, +.>
Figure BDA0003949184710000041
Multiplication cycle group of reversible integer when modulo q,>
Figure BDA0003949184710000042
Figure BDA0003949184710000043
is a secure hash function, F is a pseudo-random function, t (0<t.ltoreq.n) is a threshold in the threshold secret sharing method, n is the number of key servers;
receiver(s)
Figure BDA0003949184710000044
Randomly select->
Figure BDA0003949184710000045
As private key and calculates the corresponding public key +.>
Figure BDA0003949184710000046
Key server
Figure BDA0003949184710000047
Generating a master secret shared in a threshold manner as follows>
Figure BDA0003949184710000048
1) Ith key server
Figure BDA0003949184710000049
Random selection->
Figure BDA00039491847100000410
And Z q Polynomial f of degree t-1 above i (x)=a i,0 +a i,1 x+…+a i,t-1 x t-1
2)
Figure BDA00039491847100000411
Calculate and send a i,k P to other key servers, where k=0, …, t-1; />
Figure BDA00039491847100000412
Polynomial value f through secure channel i (j) Send to key server->
Figure BDA0003949184710000051
Where j=1, …, n, j+.i;
3)
Figure BDA0003949184710000052
verify equation->
Figure BDA0003949184710000053
If true, reject f if verification fails j (i);
4)
Figure BDA0003949184710000054
Calculate master secret +.>
Figure BDA00039491847100000526
Is->
Figure BDA0003949184710000055
And master secret->
Figure BDA00039491847100000527
Is to share the corresponding public key Q i =s i P;
5)
Figure BDA00039491847100000528
Calculate->
Figure BDA00039491847100000529
Corresponding public key->
Figure BDA0003949184710000056
Secret storage s i Save { Q, Q 1 ,…,Q n And delete other values.
(II) Server derived keyword Generation step
1) User' s
Figure BDA00039491847100000532
Selecting random number +.>
Figure BDA0003949184710000057
Calculate the blinded value w=rh (W) of the key W and send it to the cryptographic reverse firewall +.>
Figure BDA00039491847100000533
2)
Figure BDA00039491847100000531
Selecting random number +.>
Figure BDA0003949184710000058
Re-randomizing the blind keyword W to obtain a re-randomized blind keyword W '=αw, and transmitting W' to the key server +.>
Figure BDA0003949184710000059
3)
Figure BDA00039491847100000510
(i=1, …, n) signing W ' to obtain the signature σ ' of the re-randomized blinded key ' i =s i W ', send sigma' i Give->
Figure BDA00039491847100000539
4)
Figure BDA00039491847100000534
Calculating signature sigma i =α -1 σ i And sends it to +.>
Figure BDA00039491847100000535
Wherein alpha is -1 Is alpha is +>
Figure BDA00039491847100000511
The inverse of (a) is used;
5)
Figure BDA00039491847100000512
receipt of sigma i After that, verify equation e (σ i ,P)=e(W,Q i ) Check if it is true i Accuracy of (3); if t sigma i By verification we express it as +.>
Figure BDA00039491847100000513
Calculate intermediate value +.>
Figure BDA00039491847100000514
Signature
Figure BDA00039491847100000515
If sigma w Satisfy equation e (σ w P) =e (H (w), Q), then +.>
Figure BDA00039491847100000536
Believes sigma w Is the correct signature generated by the key server, otherwise the operation is terminated;
6)
Figure BDA00039491847100000516
computing server derived keywords sdk w =F(h(σ w ),w)。
(III) PEKS ciphertext generation step
1) Sender(s)
Figure BDA00039491847100000537
Firewall reverse to password->
Figure BDA00039491847100000538
Executing a cooperative random number generation protocol to generate a random number η:
Figure BDA00039491847100000517
select random number +.>
Figure BDA00039491847100000518
Calculating a pair random number a 1 Commitment c=h' (a) 1 B) and sends c to +.>
Figure BDA00039491847100000519
Figure BDA00039491847100000520
Select random number +.>
Figure BDA00039491847100000521
Calculating element d=a in G 2 P and send to->
Figure BDA00039491847100000522
Figure BDA00039491847100000523
Transmitting (a) 1 B) giving->
Figure BDA00039491847100000530
To open the commitment c and calculate the verification value v=d+a 1 P;
Figure BDA00039491847100000524
Validating equation h' (a 1 Whether b) =c is true, if so, +.>
Figure BDA00039491847100000525
Accept a 1 Calculate and output a random number η=a 1 +a 2 Otherwise, the verification fails to terminate the operation;
2)
Figure BDA0003949184710000064
calculate the intermediate value τ=e (H 1 (sdk w ),/>
Figure BDA0003949184710000061
And server derived keywords sdk w PEKS ciphertext c of (c) w =(ηP,H 2 (τ)) and then sends c w Give->
Figure BDA0003949184710000065
3)
Figure BDA0003949184710000066
Received ciphertext c w After= (a, B), checking if a is equal to V, if yes, verifying successfully and forwarding c w And giving the cloud server, otherwise, stopping running after verification failure.
(IV) trapdoor generation step
Given a server derived key sdk w′ The receiver
Figure BDA0003949184710000062
Calculation sdk w′ Corresponding trapdoor
Figure BDA0003949184710000063
And sends it to the cloud server.
(fifth) test step
Given a PEKS ciphertext c w = (a, B) and a trapdoor
Figure BDA0003949184710000067
Cloud server verification equation
Figure BDA0003949184710000068
Whether or not to establish; if the equation is satisfied, the test is passed, otherwise the test fails.
In real life, server-assisted public key searchable encryption methods are threatened by back door attacks. An attacker may surreptitiously embed a backdoor into the implementation of the method to establish a latent channel and reveal the user's secret information through the latent channel in an imperceptible manner. In order to remove the latent channel to resist the back door attack, the invention provides a public key searchable encryption method for resisting the back door attack and describes the method in detail. The principles and embodiments of the present invention have been described herein with reference to specific examples, the description of which is intended only to facilitate an understanding of the method of the present invention and its core ideas. It should be noted that it will be apparent to those skilled in the art that various modifications and adaptations of the invention can be made without departing from the principles of the invention and these modifications and adaptations are intended to be within the scope of the invention as defined in the following claims.

Claims (6)

1. A public key searchable encryption method for resisting back door attack is characterized by comprising the following steps:
initializing: initializing a system according to the security parameters, and determining common parameters of the system; the receiver generates a public-private key; a plurality of key servers collectively generating master secrets shared in a threshold manner;
generating a server derived keyword:
1) The user blindly sends the keywords to the password reverse firewall; the user is a sender or a receiver;
2) The password reverse firewall re-randomizes the blinded keywords and sends the blinded keywords to each key server;
3) The key server signs the re-randomized blind keywords by using own master secret sharing and returns the re-randomized blind keywords to the password reverse firewall;
4) The password reverse firewall processes the received signature to obtain a signature of the key server on the blinded keyword, and sends the signature to the user;
5) The user verifies the correctness of each signature, if the signatures with the number larger than the threshold value pass the verification, the signature of the key server on the key words is obtained through the calculation of the signatures passing the verification, and the correctness is verified;
if the key word is correct, calculating a server derived key word, otherwise, terminating operation;
generating a server derived keyword ciphertext:
1) The sender and the password reverse firewall execute a cooperative random number generation protocol to generate a random number;
2) The sender encrypts a server derived keyword by using the generated random number and the public key of the receiver to obtain a server derived keyword ciphertext, and sends the ciphertext to the password reverse firewall;
3) The password reverse firewall verifies the legality of the keyword ciphertext derived by the server; if the verification is passed, the server derives the keyword ciphertext to the cloud server, otherwise, the operation is terminated;
trapdoor generation:
the receiver calculates trapdoors corresponding to the server derived keywords and sends the trapdoors to the cloud server;
the testing steps are as follows:
the cloud server verifies whether the derived keyword ciphertext of the server is matched with a given trapdoor, if so, the cloud server passes the test, and if not, the test fails.
2. The method of claim 1, wherein the initializing step is specifically:
determining a set of system common parameters from security parameters
Figure FDA0003949184700000021
Where q is a prime number, G is an addition cyclic group of order q, P is a generator of G, G T Is a cyclic group of order q, e: G x G → G T Is a bilinear map, Z q Is an integer remainder class ring of modulo q, +.>
Figure FDA0003949184700000022
Is a multiplication cyclic group of reversible integers when the modulus is q, and h is G-Z q ,
Figure FDA0003949184700000023
H,H 1 :{0,1} * →G,/>
Figure FDA0003949184700000024
Is a secure hash function, F is a pseudo-random function, t is a threshold in a threshold secret sharing method, n is the number of key servers, 0<t≤n;
Receiver(s)
Figure FDA0003949184700000025
Randomly select->
Figure FDA0003949184700000026
As private key and calculates the corresponding public key +.>
Figure FDA0003949184700000027
Key server
Figure FDA0003949184700000028
Generating a master secret shared in a threshold manner as follows>
Figure FDA0003949184700000029
1) Ith key server
Figure FDA00039491847000000210
Random selection->
Figure FDA00039491847000000211
And Z q Polynomial of degree t-1 above
f i (x)=a i,0 +a i,1 x+…+a i,t-1 x t-1 ,i=1,…,n;
2)
Figure FDA00039491847000000212
Calculate and send a i,k P to other key servers, where k=0, …, t-1; />
Figure FDA00039491847000000213
Polynomial value f through secure channel i (j) Send to key server->
Figure FDA00039491847000000214
Where j=1, …, n, j+.i; />
3)
Figure FDA00039491847000000215
Verify equation->
Figure FDA00039491847000000216
If true, reject f if verification fails j (i);
4)
Figure FDA00039491847000000217
Calculate master secret +.>
Figure FDA00039491847000000218
Is->
Figure FDA00039491847000000219
And master secret->
Figure FDA00039491847000000220
Is to share the corresponding public key Q i =s i P;
5)
Figure FDA00039491847000000221
Calculate->
Figure FDA00039491847000000222
Corresponding public key->
Figure FDA00039491847000000223
Secret storage s i Save { Q, Q 1 ,…,Q n And delete other values.
3. The method of claim 2, wherein the server derived key generating step is specifically as follows:
1) User' s
Figure FDA00039491847000000224
Selecting random number +.>
Figure FDA00039491847000000225
Calculate the blinded value w=rh (W) of the key W and send it to the cryptographic reverse firewall +.>
Figure FDA00039491847000000226
2)
Figure FDA00039491847000000227
Selecting random number +.>
Figure FDA00039491847000000228
Re-randomizing blind keyword W to obtain re-followingThe motorized blind keyword W '=αw and sends W' to the key server +.>
Figure FDA00039491847000000229
3)
Figure FDA00039491847000000230
Signing the W ' to obtain signature sigma ' of the blind keyword after re-randomization ' i =s i W ', send sigma' i Give->
Figure FDA00039491847000000231
4)
Figure FDA0003949184700000031
Calculating signature sigma i =α -1 σ′ i And sends it to +.>
Figure FDA0003949184700000032
Wherein alpha is -1 Is alpha is +>
Figure FDA0003949184700000033
The inverse of (a) is used;
5)
Figure FDA0003949184700000034
receipt of sigma i After that, verify equation e (σ i ,P)=e(W,Q i ) Check if it is true i Accuracy of (3);
if t sigma i By verification we represent it as
Figure FDA0003949184700000035
Figure FDA0003949184700000036
Calculate intermediate value +.>
Figure FDA0003949184700000037
And signature->
Figure FDA0003949184700000038
If sigma w Satisfy equation e (σ w P) =e (H (w), Q), then +.>
Figure FDA0003949184700000039
Believes sigma w Is the correct signature generated by the key server, otherwise the operation is terminated;
6)
Figure FDA00039491847000000310
computing server derived keywords sdk w =F(h(σ w ),w)。
4. The method of claim 3, wherein the server-derived keyword ciphertext generating step is specifically as follows:
1) Sender(s)
Figure FDA00039491847000000311
Firewall reverse to password->
Figure FDA00039491847000000312
Executing a cooperative random number generation protocol to generate a random number η:
Figure FDA00039491847000000313
selecting a random number a 1 ,/>
Figure FDA00039491847000000314
Calculating a pair random number a 1 Commitment c=h' (a) 1 B) and sends c to +.>
Figure FDA00039491847000000315
Figure FDA00039491847000000316
Select random number +.>
Figure FDA00039491847000000317
Calculating element d=a in G 2 P and send to->
Figure FDA00039491847000000318
Figure FDA00039491847000000319
Transmitting (a) 1 B) giving->
Figure FDA00039491847000000320
To open the commitment c and calculate the verification value v=d+a 1 P;
Figure FDA00039491847000000321
Validating equation h' (a 1 Whether b) =c is true, if so, +.>
Figure FDA00039491847000000322
Accept a 1 Calculate and output a random number η=a 1 +a 2 Otherwise, the verification fails to terminate the operation;
2)
Figure FDA00039491847000000323
calculate intermediate value +.>
Figure FDA00039491847000000324
And server derived keywords sdk w Server derived key ciphertext c w =(ηP,H 2 (τ)) and then sends c w Give->
Figure FDA00039491847000000325
3)
Figure FDA00039491847000000326
Received ciphertext c w After= (a, B), checking if a is equal to V, if yes, verifying successfully and forwarding c w And giving the cloud server, otherwise, stopping running after verification failure.
5. The method of claim 4, wherein the trapdoor generating step is specifically as follows:
given a server derived key sdk w′ The receiver
Figure FDA00039491847000000327
Calculation sdk w′ Corresponding trapdoor
Figure FDA00039491847000000328
And sends it to the cloud server.
6. The method of claim 5, wherein the testing step is specifically as follows:
given a server derived key ciphertext c w = (a, B) and a trapdoor
Figure FDA00039491847000000329
Cloud server verification equation
Figure FDA00039491847000000330
Whether or not to establish; if the equation is satisfied, the test is passed, otherwise the test fails. />
CN202211444171.4A 2022-11-18 2022-11-18 Public key searchable encryption method for resisting back door attack Pending CN116074013A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211444171.4A CN116074013A (en) 2022-11-18 2022-11-18 Public key searchable encryption method for resisting back door attack

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211444171.4A CN116074013A (en) 2022-11-18 2022-11-18 Public key searchable encryption method for resisting back door attack

Publications (1)

Publication Number Publication Date
CN116074013A true CN116074013A (en) 2023-05-05

Family

ID=86182873

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211444171.4A Pending CN116074013A (en) 2022-11-18 2022-11-18 Public key searchable encryption method for resisting back door attack

Country Status (1)

Country Link
CN (1) CN116074013A (en)

Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090100092A1 (en) * 2005-12-24 2009-04-16 Phil Seiflein Multimedia platform synchronizer
CN105007161A (en) * 2015-06-12 2015-10-28 电子科技大学 Fuzzy keyword public key searchable encryption scheme achieving unrecognizable trap door
WO2018019815A1 (en) * 2016-07-25 2018-02-01 Robert Bosch Gmbh Method and system for dynamic searchable symmetric encryption with forward privacy and delegated verifiability
CN108599937A (en) * 2018-04-20 2018-09-28 西安电子科技大学 A kind of public key encryption method that multiple key can search for
CN109086615A (en) * 2018-08-03 2018-12-25 上海海事大学 A kind of support multiple key search public key encryption method of anti-keyword guessing attack
CN111277413A (en) * 2020-03-06 2020-06-12 电子科技大学 Reverse password firewall method suitable for proxy re-encryption
CN111431705A (en) * 2020-03-06 2020-07-17 电子科技大学 Reverse password firewall method suitable for searchable encryption
CN113852613A (en) * 2021-09-14 2021-12-28 电子科技大学 Signature method capable of constructing reverse firewall for resisting backdoor attack
CN114666050A (en) * 2022-03-30 2022-06-24 浙江科技学院 Data transmission method for resisting online and offline keyword guessing attacks
CN114884700A (en) * 2022-04-18 2022-08-09 华中科技大学 Searchable public key encryption batch processing method and system for resisting keyword guessing attack
CN114900301A (en) * 2022-06-23 2022-08-12 杭州师范大学 Public key searchable encryption method meeting MCI (Multi-core identity) security and specifying server

Patent Citations (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20090100092A1 (en) * 2005-12-24 2009-04-16 Phil Seiflein Multimedia platform synchronizer
CN105007161A (en) * 2015-06-12 2015-10-28 电子科技大学 Fuzzy keyword public key searchable encryption scheme achieving unrecognizable trap door
WO2018019815A1 (en) * 2016-07-25 2018-02-01 Robert Bosch Gmbh Method and system for dynamic searchable symmetric encryption with forward privacy and delegated verifiability
CN108599937A (en) * 2018-04-20 2018-09-28 西安电子科技大学 A kind of public key encryption method that multiple key can search for
CN109086615A (en) * 2018-08-03 2018-12-25 上海海事大学 A kind of support multiple key search public key encryption method of anti-keyword guessing attack
CN111277413A (en) * 2020-03-06 2020-06-12 电子科技大学 Reverse password firewall method suitable for proxy re-encryption
CN111431705A (en) * 2020-03-06 2020-07-17 电子科技大学 Reverse password firewall method suitable for searchable encryption
CN113852613A (en) * 2021-09-14 2021-12-28 电子科技大学 Signature method capable of constructing reverse firewall for resisting backdoor attack
CN114666050A (en) * 2022-03-30 2022-06-24 浙江科技学院 Data transmission method for resisting online and offline keyword guessing attacks
CN114884700A (en) * 2022-04-18 2022-08-09 华中科技大学 Searchable public key encryption batch processing method and system for resisting keyword guessing attack
CN114900301A (en) * 2022-06-23 2022-08-12 杭州师范大学 Public key searchable encryption method meeting MCI (Multi-core identity) security and specifying server

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
RTS/TSGR-0536523-1VA10: "Technical Specification LTE; Evolved Universal Terrestrial Radio Access (E-UTRA) and Evolved Packet Core (EPC); User Equipment (UE) conformance specification; Part 1: Protocol conformance specification (3GPP TS 36.523-1 ver", ETSI TS 136 523-1, no. 10, 31 August 2012 (2012-08-31) *
张克君;张国亮;姜琛;杨云松;: "云环境下基于可搜索加密技术的密文全文检索研究", 计算机应用与软件, no. 04, 15 April 2017 (2017-04-15) *
胡哲彬: "适用于可搜索加密和代理重加密的密码逆向防火墙研究", 硕士电子期刊, 15 January 2022 (2022-01-15) *

Similar Documents

Publication Publication Date Title
Wang et al. Preserving privacy for free: Efficient and provably secure two-factor authentication scheme with user anonymity
CN108418691B (en) Dynamic network identity authentication method based on SGX
Mironov Hash functions: Theory, attacks, and applications
US20080037791A1 (en) Method and apparatus for evaluating actions performed on a client device
US11063941B2 (en) Authentication system, authentication method, and program
KR100702499B1 (en) System and method for guaranteeing software integrity
Mavroudis et al. A touch of evil: High-assurance cryptographic hardware from untrusted components
US10826694B2 (en) Method for leakage-resilient distributed function evaluation with CPU-enclaves
Li et al. Towards smart card based mutual authentication schemes in cloud computing
US20160182230A1 (en) Secure token-based signature schemes using look-up tables
US11153074B1 (en) Trust framework against systematic cryptographic
Chen et al. Security analysis and improvement of user authentication framework for cloud computing
Agarwal et al. A survey on cloud computing security issues and cryptographic techniques
CN109635593B (en) Data integrity storage protection method based on electric power payment terminal in electric power system
Ra et al. A key recovery system based on password-protected secret sharing in a permissioned blockchain
CN110855667A (en) Block chain encryption method, device and system
CN110837634B (en) Electronic signature method based on hardware encryption machine
Peng et al. SecDedup: Secure data deduplication with dynamic auditing in the cloud
Wang et al. Using amnesia to detect credential database breaches
US8954728B1 (en) Generation of exfiltration-resilient cryptographic keys
Bruseghini et al. Victory by KO: Attacking OpenPGP using key overwriting
Makriyannis et al. Practical key-extraction attacks in leading mpc wallets
Yang et al. Provable Ownership of Encrypted Files in De-duplication Cloud Storage.
CN116074013A (en) Public key searchable encryption method for resisting back door attack
CN114553557A (en) Key calling method, key calling device, computer equipment and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination