[go: up one dir, main page]

CN106534092B - A message-dependent key-based encryption method for private data - Google Patents

A message-dependent key-based encryption method for private data Download PDF

Info

Publication number
CN106534092B
CN106534092B CN201610948549.2A CN201610948549A CN106534092B CN 106534092 B CN106534092 B CN 106534092B CN 201610948549 A CN201610948549 A CN 201610948549A CN 106534092 B CN106534092 B CN 106534092B
Authority
CN
China
Prior art keywords
user
key
plaintext
file
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201610948549.2A
Other languages
Chinese (zh)
Other versions
CN106534092A (en
Inventor
高军涛
王笠燕
李雪莲
王丹妮
王誉晓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201610948549.2A priority Critical patent/CN106534092B/en
Publication of CN106534092A publication Critical patent/CN106534092A/en
Application granted granted Critical
Publication of CN106534092B publication Critical patent/CN106534092B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种基于消息依赖于密钥的隐私数据加密方法,主要解决现有技术中未考虑明文和密钥的相关性和用电子邮件分发群组公钥带来的密钥相关攻击和密钥泄露问题。其实现步骤为:1.授权中心初始化系统参数;2.用户向授权中心进行身份验证;3.授权中心为通过身份验证的用户分发密钥;4.用户根据获得的密钥处理明文文件得到密文;5.用户将密文上传至云服务器;6.用户使用时,再向云服务器请求下载密文,请求通过后获得密文进行解密。本发明采用单用户模式下基于消息依赖于密钥的加密方法实现了对区块链钱包文件的安全加密,能够避免密钥泄漏,减轻密钥相关攻击,提高钱包文件的安全性。

The invention discloses a privacy data encryption method based on message dependence on key, mainly solves the key-related attack and key-related attack caused by not considering the correlation between plaintext and key in the prior art and distributing group public key by e-mail. Key compromise problem. The implementation steps are: 1. The authorization center initializes the system parameters; 2. The user authenticates the user to the authorization center; 3. The authorization center distributes the key to the user who has passed the authentication; 5. The user uploads the ciphertext to the cloud server; 6. When the user uses it, he requests the cloud server to download the ciphertext, and after the request is passed, the ciphertext is obtained for decryption. The invention adopts the encryption method based on the message relying on the key in the single-user mode to realize the secure encryption of the blockchain wallet file, which can avoid key leakage, reduce key-related attacks, and improve the security of the wallet file.

Description

基于消息依赖于密钥的隐私数据加密方法A message-dependent key-based encryption method for private data

技术领域technical field

本发明属于数据处理技术领域,特别涉及一种隐私数据加密方法,可以用于区块链中对钱包文件的加密、备份以及将其上传至云服务器的过程。The invention belongs to the technical field of data processing, and in particular relates to a privacy data encryption method, which can be used in the process of encrypting and backing up wallet files in a blockchain and uploading them to a cloud server.

背景技术Background technique

区块链是在网络上的一个去中心化的分布式共享账簿或者数据库,通过高冗余的方式来构建极高的安全性。有人将其称为“信任的机器”,也即在没有中央权威的情况下,对彼此的协作创造信任。区块链技术适用于一切缺乏信任的领域,因而其应用范围会越来越广。在未来的区块链中,随着用户交易量的增加,大量的公私钥对需要用户产生和存储。而这些密钥通常是由用户生成并存储在一个文件或简单的数据库中,可将其称为钱包。钱包是多个地址和解密密钥的简单集合。拥有私钥是使用比特币的唯一条件,因此私钥必须保密且必须进行备份,将备份上传至云服务器,以防意外丢失。因此,对钱包的加密安全问题就显得格外重要。在用户向授权中心注册成功后,授权中心向用户分发加密时的对称密钥。由于密钥管理漏洞或者安全性意识不强,用户有可能会将用于加密钱包的对称密钥直接作为生成交易所用公私钥对的初始私钥。若此时加密钱包,钱包里的明文和密钥有依赖作用,传统的安全定义不足以维护该方案的安全性。随后,在将密文备份上传至云服务器后,若用户因本地文件丢失等问题,需要从云服务器上对某文件进行下载时,为了不泄漏个人隐私信息以及明文信息,用户可能需要从云服务器上下载所有的密文,在本地解密之后才能得到自己想要的文件。这种情况下用户需要进行大量的解密操作,降低用户工作效率,并且损耗大量计算资源和存储资源。Blockchain is a decentralized distributed shared ledger or database on the network, which builds extremely high security through high redundancy. Some refer to this as a "trust machine," the collaboration that creates trust in each other without a central authority. Blockchain technology is applicable to all areas that lack trust, so its application scope will become wider and wider. In the future blockchain, with the increase of user transaction volume, a large number of public and private key pairs need to be generated and stored by users. And these keys are usually generated by the user and stored in a file or simple database, which can be called a wallet. A wallet is a simple collection of multiple addresses and decryption keys. Owning the private key is the only condition for using Bitcoin, so the private key must be kept secret and must be backed up, and the backup must be uploaded to the cloud server in case of accidental loss. Therefore, the encryption security of wallets is particularly important. After the user successfully registers with the authorization center, the authorization center distributes the encrypted symmetric key to the user. Due to key management loopholes or poor security awareness, users may directly use the symmetric key used to encrypt the wallet as the initial private key for generating the public-private key pair used in the transaction. If the wallet is encrypted at this time, the plaintext and keys in the wallet are dependent, and the traditional security definition is not enough to maintain the security of the scheme. Then, after uploading the ciphertext backup to the cloud server, if the user needs to download a file from the cloud server due to problems such as loss of local files, in order not to leak personal privacy information and plaintext information, the user may need to download a file from the cloud server. Download all the ciphertexts on the Internet, and decrypt them locally to get the files you want. In this case, the user needs to perform a large number of decryption operations, which reduces the user's work efficiency and consumes a large amount of computing resources and storage resources.

武汉科技大学在其申请的专利“一种有权限时间控制的云存储数据安全共享方法”(公开号:105072180A,申请号:201510475566.4,申请日:2015年08月06日)中公开了一种有权限时间控制的云存储数据安全共享方法。在该方法中,数据拥有者创建群组后,自动用公钥加密算法生成一对密钥,数据拥有者共享文件时,采用对称密码机制对文件加密,再用待分享群组的私钥对对称密钥加密,并将文件密文及密钥密文发送到云端,把该群组的公钥用电子邮箱发给待分享群组的所有用户,用户若有访问权限,则可以获得公钥,解密文件。该方法存在的不足之处是:首先该专利在用分享群组的私钥加密对称密钥时没有考虑“明文和密钥可能相关”的安全问题,可能会产生密钥相关攻击;其次,该专利中数据拥有者将群组公钥用电子邮件发给群组用户时,没有考虑电子邮件的安全问题,电子邮件一旦被恶意截取,就会泄漏密钥。Wuhan University of Science and Technology in its patent application "A method for secure sharing of cloud storage data with authority and time control" (publication number: 105072180A, application number: 201510475566.4, application date: August 6, 2015) discloses a method with A method for secure sharing of cloud storage data with permission and time control. In this method, after the data owner creates a group, a pair of keys is automatically generated by a public key encryption algorithm. When the data owner shares a file, a symmetric cryptographic mechanism is used to encrypt the file, and then the private key pair of the group to be shared is used to encrypt the file. Symmetric key encryption, send the file ciphertext and key ciphertext to the cloud, and send the public key of the group to all users of the group to be shared by email. If the user has access rights, they can obtain the public key , decrypt the file. The shortcomings of this method are: first, the patent does not consider the security issue of "the plaintext and the key may be related" when encrypting the symmetric key with the private key of the shared group, which may cause key related attacks; In the patent, when the data owner emails the group public key to the group users, it does not consider the security of the email. Once the email is maliciously intercepted, the key will be leaked.

发明内容SUMMARY OF THE INVENTION

本发明的目的在于针对上述现有的不足,提出一种基于消息依赖于密钥的隐私数据加密方法,以避免密钥泄漏,提高钱包文件的安全性。The purpose of the present invention is to propose a private data encryption method based on a message that depends on a key to avoid the leakage of the key and improve the security of the wallet file.

本发明的技术方案是,首先由授权中心完成对用户的身份认证过程,然后用户获得对称加密的密钥,采用消息依赖于密钥KDM对称加密方案对明文进行加密生成密文,以抵抗密钥相关攻击,与此同时,采用可搜索加密对明文生成索引,以进行对密文的可搜索,其实现步骤包括如下:The technical scheme of the present invention is that, firstly, the authorization center completes the user's identity authentication process, and then the user obtains a symmetric encryption key, and uses the message-dependent key KDM symmetric encryption scheme to encrypt the plaintext to generate ciphertext, so as to resist the key Related attacks, at the same time, use searchable encryption to generate an index for the plaintext to make the ciphertext searchable. The implementation steps include the following:

(1)初始化:(1) Initialization:

(1a)授权中心确定第一安全参数λ、第二安全参数k、第三安全参数γ、关键字个数的参量τ和伯努利分布的参量θ=2,定义明文矩阵的消息长度l、维数N、分组长度m,分别为l=l(λ)、N=N(λ)、m=m(λ);(1a) The authorization center determines the first security parameter λ, the second security parameter k, the third security parameter γ, the parameter τ of the number of keywords, and the parameter θ=2- λ of the Bernoulli distribution, and defines the message length of the plaintext matrix l, dimension N, grouping length m, respectively l=l(λ), N=N(λ), m=m(λ);

(1b)授权中心定义纠错码的生成矩阵为G=Gm×l,设置解纠错码的个数为d=(θ+σ)·m,根据生成矩阵G和解纠错码个数d选取一组二进制线性纠错码D,其中,Gm×l表示生成矩阵为m×l阶,σ是(0,1)区间上选取的固定值;(1b) The authorization center defines the generation matrix of error correction codes as G=G m×l , and sets the number of error correction codes as d=(θ+σ)·m. According to the generation matrix G and the number of error correction codes d Select a set of binary linear error correction codes D, where G m×l indicates that the generator matrix is of order m×l, and σ is a fixed value selected in the (0,1) interval;

(1c)对于任意比特串K∈{0,1}γ,授权中心定义PK(x)是{0,1}τ区间上的伪随机置换函数族,定义FK(x)是定义域为{0,1}τ、值域为{0,1}γ的第一伪随机函数族,定义GK(x)是定义域为[1,n]、值域为{0,1}的第二伪随机函数族;(1c) For any bit string K∈{0,1} γ , the authority defines P K (x) as a pseudo-random permutation function family on the interval {0,1} τ , and defines F K (x) as the domain of {0,1} τ , the first pseudorandom function family whose value range is {0,1} γ , G K (x) is defined as the first pseudorandom function family whose definition domain is [1,n] and whose value range is {0,1} Two pseudorandom function families;

(1d)授权中心公开纠错码D、生成矩阵G、伪随机置换函数族PK(x)、第一伪随机函数族FK(x)、第二伪随机函数族GK(x)和公共参数{l,m,N,θ};(1d) The authorization center publishes the error correction code D, the generator matrix G, the pseudo-random permutation function family P K (x), the first pseudo-random function family F K (x), the second pseudo-random function family G K (x) and public parameters {l,m,N,θ};

(2)身份注册:(2) Identity registration:

(2a)用户将个人身份信息提交给授权中心;(2a) The user submits personally identifiable information to the authorization center;

(2b)授权中心审核该用户提交的身份信息是否真实,若真实,则执行步骤(3),否则,拒绝注册;(2b) The authorization center examines whether the identity information submitted by the user is true, if true, execute step (3), otherwise, refuse to register;

(3)密钥分发:(3) Key distribution:

(3a)授权中心定义有限域选取矩阵作为用户加密明文的对称密钥,其中,是整数环,2是素数;(3a) Authorization center defines a finite field selection matrix As the symmetric key for the user to encrypt plaintext, where, is a ring of integers, and 2 is a prime number;

(3b)授权中心为用户生成消息认证码HMAC操作所需的密钥kmac(3b) the authorization center generates the key k mac required for the HMAC operation of the message authentication code for the user;

(3c)授权中心通过安全信道将消息{S||kmac||γ||τ}发送给用户;(3c) The authorization center sends the message {S||k mac ||γ||τ} to the user through a secure channel;

其中,S是用户加密明文的对称密钥,γ是第三安全参数,τ是关键字个数的参量,||表示级联符号;Among them, S is the symmetric key for the user to encrypt the plaintext, γ is the third security parameter, τ is the parameter of the number of keywords, and || represents the concatenation symbol;

(3d)用户将对称密钥S、消息认证码HMAC密钥kmac、第三安全参数γ和关键字个数的参量τ秘密保存;(3d) The user secretly stores the symmetric key S, the message authentication code HMAC key k mac , the third security parameter γ and the parameter τ of the number of keywords;

(4)处理明文文件:(4) Processing plaintext files:

(4a)用户加密明文文件εj时,对其明文矩阵进行分块,定义每个明文矩阵块为其中,1≤j≤n,n为明文文件总数;(4a) When the user encrypts the plaintext file εj , the plaintext matrix is divided into blocks, and each plaintext matrix block is defined as Among them, 1≤j≤n, n is the total number of plaintext files;

(4b)用户根据对称密钥S加密每个明文矩阵块M,获得对应的密文矩阵块W:(4b) The user encrypts each plaintext matrix block M according to the symmetric key S, and obtains the corresponding ciphertext matrix block W:

W=(A,C),W = (A, C),

其中,A是从中随机选取的系数矩阵,C=A·S+E+G·M,S是对称密钥,G是纠错码D的生成矩阵,E是从Berθ m×N中随机选取的噪声矩阵,Berθ表示{0,1}上的伯努利分布,1的概率为θ,0的概率为1-θ;where A is from Randomly selected coefficient matrix in , C=A·S+E+G·M, S is the symmetric key, G is the generator matrix of the error correction code D, E is the noise matrix randomly selected from Ber θ m×N , Ber θ represents the Bernoulli distribution on {0,1}, the probability of 1 is θ, and the probability of 0 is 1-θ;

(4c)将该明文文件εj所有的密文矩阵块W级联起来,得到该明文文件εj对应的密文文件ψj(4c) concatenate all the ciphertext matrix blocks W of the plaintext file εj to obtain the ciphertext file ψj corresponding to the plaintext file εj ;

(4d)用户根据消息认证码HMAC密钥kmac和密文文件ψj计算密文文件ψj的消息认证标签Tj(4d) The user calculates the message authentication label T j of the cipher text file ψ j according to the message authentication code HMAC key k mac and the cipher text file ψ j :

Tj=HMAC(kmacj),T j =HMAC(k macj ),

其中,HMAC()表示消息认证标签生成算法;Wherein, HMAC() represents the message authentication label generation algorithm;

(4e)用户随机均匀选取第一秘密值s∈{0,1}γ、第二秘密值r∈{0,1}γ,生成一个可记录2τ个关键字(i,wi)的索引字典,将索引字典和两个秘密值s、r秘密保存;(4e) The user randomly and uniformly selects the first secret value s∈{0,1} γ and the second secret value r∈{0,1} γ to generate an index that can record 2 τ keywords (i, wi ) Dictionary, keep the index dictionary and two secret values s, r secretly;

其中,i为标号,i∈[1,2τ],wi为关键字,wi∈{0,1}*,*表示任意长度;Among them, i is a label, i∈[1,2 τ ], wi is a keyword, wi ∈{0,1} * , * represents any length;

(4f)用户生成明文文件εj的索引比特串Ij(4f) the user generates the index bit string I j of the plaintext file ε j ;

(5)数据上传:(5) Data upload:

(5a)用户通过安全的信道,将消息认证码密钥kmac发送给云服务器,并将消息{Ij||ψj||Tj}上传至云服务器,其中,1≤j≤n,n为明文文件总数,||表示级联符号;(5a) The user sends the message authentication code key k mac to the cloud server through a secure channel, and uploads the message {I j ||ψ j ||T j } to the cloud server, where 1≤j≤n, n is the total number of plaintext files, || represents concatenated symbols;

(5b)云服务器按照下式对每个密文文件进行完整性验证,验证结果用vj表示:(5b) The cloud server verifies the integrity of each ciphertext file according to the following formula, and the verification result is represented by v j :

vj=Verify(kmacj,Tj),v j =Verify(k macj ,T j ),

其中,1≤j≤n,n为明文文件总数,Verify()表示消息认证码HMAC的验证算法;Among them, 1≤j≤n, n is the total number of plaintext files, Verify() indicates the verification algorithm of the message authentication code HMAC;

若vj=1,表明ψj在上传过程中未被篡改,则云服务器接收该消息,并将索引字符串Ij保存到索引字符串集合I中,同时向用户返回“ψj上传成功”的通知;If v j = 1, it indicates that ψ j has not been tampered with during the uploading process, the cloud server receives the message, saves the index string I j into the index string set I, and returns "ψ j upload successfully" to the user at the same time announcement of;

若vj=0,表明ψj在上传过程中被篡改,则云服务器拒绝接收该消息,并向用户返回“ψj上传错误”的通知;If v j = 0, indicating that ψ j has been tampered with during the uploading process, the cloud server refuses to receive the message, and returns a notification of "ψ j upload error" to the user;

(5c)用户根据收到的通知内容确定是否上传成功:(5c) The user determines whether the upload is successful according to the content of the notification received:

若用户接收到“ψj上传成功”的通知,表明ψj已经成功上传至云服务器;If the user receives a notification of "ψ j uploading successfully", it indicates that ψ j has been successfully uploaded to the cloud server;

若用户接收到“ψj上传错误”的通知,则返回步骤(5a);If the user receives the notification of " ψj upload error", then return to step (5a);

(6)下载密文并解密:(6) Download the ciphertext and decrypt it:

(6a)用户生成需下载文件中的关键字wμ的陷门并上传至云服务器;(6a) The user generates a trapdoor for the keyword w μ in the file to be downloaded And upload to cloud server;

(6b)云服务器根据陷门对已存储的文件索引比特串集合I进行匹配检索,若匹配成功,云服务器给用户返回相应的密文ψ,继续步骤(6c);若匹配失败,则云服务器给用户返回“检索失败”的通知;(6b) Cloud server according to trapdoor The stored file index bit string set I is matched and retrieved, and if the match is successful, the cloud server returns the corresponding ciphertext ψ to the user, and proceeds to step (6c); if the match fails, the cloud server returns "retrieval failure" to the user. Notice;

(6c)用户解密密文ψ获得对应的明文文件ε。(6c) The user decrypts the ciphertext ψ to obtain the corresponding plaintext file ε.

本发明与现有技术相比,具有以下优点:Compared with the prior art, the present invention has the following advantages:

第一,本发明由于考虑到明文和密钥的相关的情况,采用消息依赖于密钥KDM对称加密方案对明文进行加密,在出现密钥管理漏洞时,可以抵抗密钥相关攻击,提高了钱包文件的安全性。First, the present invention adopts the KDM symmetric encryption scheme that depends on the key to encrypt the plaintext due to the consideration of the correlation between the plaintext and the key. When a key management loophole occurs, the key-related attack can be resisted, and the wallet is improved. file security.

第二,本发明由于采用单用户对文件进行加密、上传及下载,所以避免了与其他用户共享密钥时存在的密钥泄露问题。Second, since the present invention uses a single user to encrypt, upload and download files, the problem of key leakage when sharing keys with other users is avoided.

附图说明Description of drawings

图1为本发明的实现流程图;Fig. 1 is the realization flow chart of the present invention;

图2为本发明中处理明文文件的示意图;Fig. 2 is the schematic diagram of processing plaintext file in the present invention;

图3为本发明中下载并解密密文的示意图。FIG. 3 is a schematic diagram of downloading and decrypting ciphertext in the present invention.

具体实施方式Detailed ways

下面结合附图对本发明做进一步的描述。The present invention will be further described below with reference to the accompanying drawings.

参照图1,本发明的具体步骤如下。1, the specific steps of the present invention are as follows.

步骤1,初始化。Step 1, initialization.

授权中心确定第一安全参数λ、第二安全参数k、第三安全参数γ、关键字个数的参量τ和伯努利分布的参量θ=2;定义明文矩阵的消息长度l、维数N、分组长度m,分别为l=l(λ)、N=N(λ)、m=m(λ);授权中心定义纠错码的生成矩阵为G=Gm×l,设置解纠错码的个数为d=(θ+σ)·m,根据生成矩阵G和解纠错码个数d选取一组二进制线性纠错码D,其中,Gm×l表示生成矩阵为m×l阶,σ是(0,1)区间上选取的固定值;The authorization center determines the first security parameter λ, the second security parameter k, the third security parameter γ, the parameter τ of the number of keywords and the parameter θ=2- λ of the Bernoulli distribution; the message length 1 of the definition plaintext matrix, the dimension The number N and the packet length m are respectively l=l(λ), N=N(λ), m=m(λ); the authorization center defines the generation matrix of the error correction code as G=G m×l , and set the de-correction code The number of error codes is d=(θ+σ) m, and a set of binary linear error correction codes D is selected according to the generator matrix G and the number of error correction codes d, where G m×l indicates that the generator matrix is m×l order, σ is a fixed value selected on the (0,1) interval;

对于任意比特串K∈{0,1}γ,授权中心定义PK(x)是{0,1}τ区间上的伪随机置换函数族,定义FK(x)是定义域为{0,1}τ、值域为{0,1}γ的第一伪随机函数族,定义GK(x)是定义域为[1,n]、值域为{0,1}的第二伪随机函数族;For any bit string K∈{0,1} γ , the authority defines P K (x) as a pseudo-random permutation function family on the interval {0,1} τ , and defines F K (x) as a domain of {0, 1} τ , the first pseudo-random function family whose value domain is {0,1} γ , define G K (x) as the second pseudo-random function family whose definition domain is [1,n] and value domain is {0,1} family of functions;

授权中心公开纠错码D、生成矩阵G、伪随机置换函数族PK(x)、第一伪随机函数族FK(x)、第二伪随机函数族GK(x)和公共参数{l,m,N,θ}。The authorization center publishes the error correction code D, the generator matrix G, the pseudorandom permutation function family P K (x), the first pseudo random function family F K (x), the second pseudo random function family G K (x) and the public parameters { l,m,N,θ}.

步骤2,身份注册。Step 2, identity registration.

用户将个人身份信息提交给授权中心,授权中心审核该用户提交的身份信息是否真实,若真实,则执行步骤(3),否则,拒绝注册。The user submits the personal identity information to the authorization center, and the authorization center examines whether the identity information submitted by the user is true. If it is true, step (3) is performed, otherwise, the registration is refused.

步骤3,密钥分发。Step 3, key distribution.

(3a)授权中心定义有限域选取矩阵作为用户加密明文的对称密钥,其中,是整数环,2是素数;(3a) Authorization center defines a finite field selection matrix As the symmetric key for the user to encrypt plaintext, where, is a ring of integers, and 2 is a prime number;

(3b)授权中心利用消息认证码的密钥生成算法HMAC-KeyGen(1k)为用户生成消息认证码HMAC操作所需的密钥kmac(3b) The authorization center uses the message authentication code key generation algorithm HMAC-KeyGen(1 k ) to generate the key k mac required for the message authentication code HMAC operation for the user:

kmac=HMAC-KeyGen(1k),k mac =HMAC-KeyGen(1 k ),

其中,k是授权中心选取的第二安全参数;Wherein, k is the second security parameter selected by the authorization center;

(3c)授权中心通过安全信道将消息{S||kmac||γ||τ}发送给用户;(3c) The authorization center sends the message {S||k mac ||γ||τ} to the user through a secure channel;

(3d)用户将对称密钥S、消息认证码HMAC的密钥kmac、第三安全参数γ和关键字个数的参量τ秘密保存。(3d) The user secretly stores the symmetric key S, the key k mac of the message authentication code HMAC, the third security parameter γ and the parameter τ of the number of keywords.

步骤4,处理明文文件。Step 4, process the plaintext file.

设定用户需要加密的明文文件总数为n,每个明文文件用εj表示,1≤j≤n,Set the total number of plaintext files to be encrypted by the user as n, each plaintext file is represented by ε j , 1≤j≤n,

参照图2,用户处理明文文件εj的步骤如下:Referring to Figure 2, the steps for the user to process the plaintext file εj are as follows:

(4a)用户对明文文件εj中的明文矩阵进行分块,定义每个明文矩阵块为根据对称密钥S加密每个明文矩阵块M,获得对应的密文矩阵块W=(A,C),将明文文件εj所有的密文矩阵块W级联起来,得到明文文件εj对应的密文文件ψj(4a) The user blocks the plaintext matrix in the plaintext file εj , and defines each plaintext matrix block as Encrypt each plaintext matrix block M according to the symmetric key S to obtain the corresponding ciphertext matrix block W = (A, C), and concatenate all the ciphertext matrix blocks W of the plaintext file εj to obtain the corresponding plaintext file εj ciphertext file ψ j ;

其中,A是从中随机选取的系数矩阵,C=A·S+E+G·M,S是对称密钥,G是纠错码D的生成矩阵,E是从Berθ m×N中随机选取的噪声矩阵,Berθ表示{0,1}上的伯努利分布,1的概率为θ,0的概率为1-θ;where A is from Randomly selected coefficient matrix in , C=A·S+E+G·M, S is the symmetric key, G is the generator matrix of the error correction code D, E is the noise matrix randomly selected from Ber θ m×N , Ber θ represents the Bernoulli distribution on {0,1}, the probability of 1 is θ, and the probability of 0 is 1-θ;

(4b)用户根据消息认证码HMAC密钥kmac和密文文件ψj,利用下式计算密文文件ψj的消息认证标签Tj(4b) According to the message authentication code HMAC key k mac and the ciphertext file ψ j , the user uses the following formula to calculate the message authentication label T j of the ciphertext file ψ j :

Tj=HMAC(kmacj);T j =HMAC(k macj );

(4c)用户按如下步骤为明文文件εj生成索引比特串Ij(4c) The user generates the index bit string I j for the plaintext file ε j as follows:

(4c1)用户随机均匀选取第一秘密值s∈{0,1}γ、第二秘密值r∈{0,1}γ,生成一个可记录2τ个关键字(i,wi)的索引字典,其中,i为标号,i∈[1,2τ],wi为关键字,wi∈{0,1}*,*表示任意长度,将索引字典和两个秘密值s、r秘密保存;(4c1) The user randomly and uniformly selects the first secret value s∈{0,1} γ and the second secret value r∈{0,1} γ to generate an index that can record 2 τ keywords (i, wi ) dictionary, where i is the label, i∈[1,2 τ ], wi is the keyword, wi ∈{0,1} * , * denotes any length, the index dictionary and the two secret values s, r are secret save;

(4c2)用户根据第一秘密值s选取伪随机置换函数族PK(x)中的伪随机置换函数Ps(x),根据第二秘密值r选取第一伪随机函数族FK(x)中的函数Fr(x);(4c2) The user selects the pseudo-random permutation function P s (x) in the pseudo-random permutation function family P K (x) according to the first secret value s, and selects the first pseudo-random function family F K (x) according to the second secret value r ) in the function F r (x);

(4c3)用户计算下标值ri=Fr(i),i∈[1,2τ],根据ri的值选取第二伪随机函数族GK(x)中的函数Gri(x);(4c3) The user calculates the subscript value ri =F r ( i ), i∈[1,2 τ ], and selects the function G ri (x ) in the second pseudo-random function family G K (x) according to the value of ri );

(4c4)用户根据εj中是否包含关键字wi,为明文文件εj生成一个2τ长的初始比特串Ij′:(4c4) The user generates an initial bit string I j ′ with a length of 2 τ for the plaintext file ε j according to whether the keyword wi is contained in ε j :

若明文文件εj包含关键字wi,则置初始比特串Ij′的第Ps(i)位为1,即Ij′[Ps(i)]=1;If the plaintext file ε j contains the keyword wi , set the P s (i)th bit of the initial bit string I j ′ to 1, that is, I j ′[P s (i)]=1;

若明文文件εj不包含关键字wi,则置初始比特串Ij′的第Ps(i)位为0,即Ij′[Ps(i)]=0;If the plaintext file ε j does not contain the keyword wi , set the P s (i)th bit of the initial bit string I j ′ to 0, that is, I j ′[P s (i)]=0;

遍历i的所有值,得到初始比特串Ij′;Traverse all the values of i to obtain the initial bit string I j ';

(4c5)用户将初始比特串Ij′第i位的值与函数值Gri(j)进行异或操作,即得到索引比特串Ij的第i位的值,遍历i的所有值,得到索引比特串Ij(4c5) The user performs an exclusive OR operation on the value of the ith bit of the initial bit string I j ' and the function value G ri (j), that is, Obtain the value of the ith bit of the index bit string I j , and traverse all the values of i to obtain the index bit string I j .

步骤5,数据上传。Step 5, data upload.

(5a)用户通过安全的信道,将消息认证码密钥kmac发送给云服务器,并将消息{Ij||ψj||Tj}上传至云服务器,其中,1≤j≤n,n为明文文件总数,||表示级联符号;(5a) The user sends the message authentication code key k mac to the cloud server through a secure channel, and uploads the message {I j ||ψ j ||T j } to the cloud server, where 1≤j≤n, n is the total number of plaintext files, || represents concatenated symbols;

(5b)云服务器利用消息认证码HMAC的验证算法Verify(),对每个密文文件进行完整性验证,验证结果用vj表示,即vj=Verify(kmacj,Tj),其中,1≤j≤n,n为明文文件总数;(5b) The cloud server uses the verification algorithm Verify() of the message authentication code HMAC to verify the integrity of each ciphertext file, and the verification result is represented by v j , that is, v j =Verify(k macj ,T j ) , where 1≤j≤n, n is the total number of plaintext files;

若vj=1,表明ψj在上传过程中未被篡改,则云服务器接收该消息,并将索引字符串Ij保存到索引字符串集合I中,同时向用户返回“ψj上传成功”的通知;If v j = 1, it indicates that ψ j has not been tampered with during the uploading process, the cloud server receives the message, saves the index string I j into the index string set I, and returns "ψ j upload successfully" to the user at the same time announcement of;

若vj=0,表明ψj在上传过程中被篡改,则云服务器拒绝接收该消息,并向用户返回“ψj上传错误”的通知;If v j = 0, indicating that ψ j has been tampered with during the uploading process, the cloud server refuses to receive the message, and returns a notification of "ψ j upload error" to the user;

(5c)用户根据收到的通知内容确定是否上传成功:(5c) The user determines whether the upload is successful according to the content of the notification received:

若用户接收到“ψj上传成功”的通知,表明ψj已经成功上传至云服务器;If the user receives a notification of "ψ j uploading successfully", it indicates that ψ j has been successfully uploaded to the cloud server;

若用户接收到“ψj上传错误”的通知,则返回步骤(5a)。If the user receives the notification of " ψj uploading error", go back to step (5a).

步骤6,下载密文并解密。Step 6, download the ciphertext and decrypt it.

参照图3,本步骤的具体实现如下:Referring to Fig. 3, the concrete realization of this step is as follows:

(6a)用户生成需下载文件中的关键字wμ的陷门并上传至云服务器:(6a) The user generates a trapdoor for the keyword w μ in the file to be downloaded And upload to cloud server:

(6a1)用户从索引字典中找到与关键字wμ对应的标号μ;(6a1) The user finds the label μ corresponding to the keyword w μ from the index dictionary;

(6a2)用户根据第一秘密值s选取伪随机置换函数族PK(x)中的伪随机置换函数Ps(x),根据第二秘密值r选取第一伪随机函数族FK(x)中的函数Fr(x);(6a2) The user selects the pseudo-random permutation function P s (x) in the pseudo-random permutation function family P K (x) according to the first secret value s, and selects the first pseudo-random function family F K (x) according to the second secret value r ) in the function F r (x);

(6a3)用户根据标号μ计算置换标号p=Ps(μ);(6a3) The user calculates the replacement label p=P s (μ) according to the label μ;

(6a4)用户根据置换标号p计算函数索引值f=Fr(p);(6a4) The user calculates the function index value f=F r (p) according to the replacement label p;

(6a5)用置换标号p和函数索引值f,构成陷门 (6a5) Use the permutation label p and the function index value f to form a trapdoor

(6b)云服务器根据陷门对已存储的文件索引比特串集合I进行匹配检索:(6b) Cloud server according to trapdoor Perform matching retrieval on the stored file index bit string set I:

(6b1)云服务器将索引比特串Ij中置换标号p对应的位值与函数值Gf(j)进行异或操作,即得到初始比特串Ij′中置换标号p对应的位值,其中,p是陷门中的置换标号,f是陷门中的函数索引值,Gf(x)是根据f的值从第二伪随机函数族GK(x)中选取的伪随机函数,Ij′[p]表示初始比特串Ij′中置换标号p对应的位值,Ij[p]表示索引比特串Ij中置换标号p对应的位值,表示异或操作;(6b1) The cloud server performs an exclusive OR operation on the bit value corresponding to the replacement label p in the index bit string I j and the function value G f (j), that is, Obtain the bit value corresponding to the permutation label p in the initial bit string I j ', where p is the trapdoor permutation label in , f is a trapdoor The function index value in , G f (x) is a pseudo-random function selected from the second pseudo-random function family G K (x) according to the value of f, I j '[p] represents the permutation in the initial bit string I j ' The bit value corresponding to the label p, I j [p] represents the bit value corresponding to the replacement label p in the index bit string I j , Represents an XOR operation;

(6b2)云服务器遍历j的所有值,若存在j∈[1,n],使得初始比特串Ij′中置换标号p对应的位值为1,即Ij′[p]=1,则匹配成功,云服务器给用户返回相应的密文ψ,继续步骤(6c);若不存在,则匹配失败,云服务器给用户返回“检索失败”的通知;(6b2) The cloud server traverses all the values of j. If j∈[1,n] exists, so that the bit value corresponding to the replacement label p in the initial bit string I j ′ is 1, that is, I j ′[p]=1, then If the matching is successful, the cloud server returns the corresponding ciphertext ψ to the user, and proceeds to step (6c); if it does not exist, the matching fails, and the cloud server returns a notification of "retrieval failure" to the user;

(6c)用户解密密文ψ获得对应的明文文件ε:(6c) The user decrypts the ciphertext ψ to obtain the corresponding plaintext file ε:

(6c1)用户根据对称密钥S和密文文件ψ中的每一个密文矩阵块W=(A,C),计算中间矩阵Q:(6c1) The user calculates the intermediate matrix Q according to the symmetric key S and each ciphertext matrix block W=(A, C) in the ciphertext file ψ:

Q=C-A·S;Q=C-A·S;

(6c2)用户对中间矩阵Q的每一列调用纠错码D进行解码,得到相应的明文矩阵块M;(6c2) the user calls the error correction code D to decode each column of the intermediate matrix Q, and obtains the corresponding plaintext matrix block M;

(6c3)用户将所有的明文矩阵块M级联起来,得到对应的明文文件ε。(6c3) The user concatenates all the plaintext matrix blocks M to obtain the corresponding plaintext file ε.

以上描述仅是本发明的一个具体实例,不构成对本发明的任何限制,显然对于本领域的专业人员来说,在了解了本发明内容和原理后,都可能在不背离本发明原理、结构的情况下,进行形式和细节上的各种修正和改变,但是这些基于本发明思想的修正和改变仍在本发明的权利要求保护范围之内。The above description is only a specific example of the present invention, and does not constitute any limitation to the present invention. Obviously, for those skilled in the art, after understanding the content and principle of the present invention, they may not deviate from the principle and structure of the present invention. Under certain circumstances, various corrections and changes in form and details are made, but these corrections and changes based on the idea of the present invention are still within the scope of protection of the claims of the present invention.

Claims (6)

1.基于消息依赖于密钥的隐私数据加密方法,其特征在于,包括如下步骤:1. based on the privacy data encryption method that message depends on key, it is characterized in that, comprise the steps: (1)初始化:(1) Initialization: (1a)授权中心确定第一安全参数λ、第二安全参数k、第三安全参数γ、关键字个数的参量τ和伯努利分布的参量θ=2,定义明文矩阵的消息长度l、维数N、分组长度m,分别为l=l(λ)、N=N(λ)、m=m(λ);(1a) The authorization center determines the first security parameter λ, the second security parameter k, the third security parameter γ, the parameter τ of the number of keywords, and the parameter θ=2- λ of the Bernoulli distribution, and defines the message length of the plaintext matrix l, dimension N, grouping length m, respectively l=l(λ), N=N(λ), m=m(λ); (1b)授权中心定义纠错码的生成矩阵为G=Gm×l,设置解纠错码的个数为d=(θ+σ)·m,根据生成矩阵G和解纠错码个数d选取一组二进制线性纠错码D,其中,Gm×l表示生成矩阵为m×l阶,σ是(0,1)区间上选取的固定值;(1b) The authorization center defines the generation matrix of error correction codes as G=G m×l , and sets the number of error correction codes as d=(θ+σ)·m. According to the generation matrix G and the number of error correction codes d Select a set of binary linear error correction codes D, where G m×l indicates that the generator matrix is of order m×l, and σ is a fixed value selected in the (0,1) interval; (1c)对于任意比特串K∈{0,1}γ,授权中心定义PK(x)是{0,1}τ区间上的伪随机置换函数族,定义FK(x)是定义域为{0,1}τ、值域为{0,1}γ的第一伪随机函数族,定义GK(x)是定义域为[1,n]、值域为{0,1}的第二伪随机函数族;(1c) For any bit string K∈{0,1} γ , the authority defines P K (x) as a pseudo-random permutation function family on the interval {0,1} τ , and defines F K (x) as the domain of {0,1} τ , the first pseudorandom function family whose value range is {0,1} γ , G K (x) is defined as the first pseudorandom function family whose definition domain is [1,n] and whose value range is {0,1} Two pseudorandom function families; (1d)授权中心公开二进制线性纠错码D、纠错码的生成矩阵G、伪随机置换函数族PK(x)、第一伪随机函数族FK(x)、第二伪随机函数族GK(x)和公共参数{l,m,N,θ};(1d) The authorization center discloses the binary linear error correction code D, the generator matrix G of the error correction code, the pseudo-random permutation function family P K (x), the first pseudo-random function family F K (x), the second pseudo-random function family G K (x) and public parameters {l,m,N,θ}; (2)身份注册:(2) Identity registration: (2a)用户将个人身份信息提交给授权中心;(2a) The user submits personally identifiable information to the authorization center; (2b)授权中心审核该用户提交的身份信息是否真实,若真实,则执行步骤(3),否则,拒绝注册;(2b) The authorization center examines whether the identity information submitted by the user is true, if true, execute step (3), otherwise, refuse to register; (3)密钥分发:(3) Key distribution: (3a)授权中心定义有限域选取矩阵作为用户加密明文的对称密钥,其中,是整数环,2是素数;(3a) Authorization center defines a finite field selection matrix As the symmetric key for the user to encrypt plaintext, where, is a ring of integers, and 2 is a prime number; (3b)授权中心为用户生成消息认证码HMAC操作所需的密钥kmac(3b) the authorization center generates the key k mac required for the HMAC operation of the message authentication code for the user; (3c)授权中心通过安全信道将消息{SPkmac PγPτ}发送给用户;(3c) The authorization center sends the message {SPk mac PγPτ} to the user through the secure channel; 其中,S是用户加密明文的对称密钥,γ是第三安全参数,τ是关键字个数的参量,P表示级联符号;Among them, S is the symmetric key of the encrypted plaintext of the user, γ is the third security parameter, τ is the parameter of the number of keywords, and P represents the concatenated symbol; (3d)用户将对称密钥S、消息认证码HMAC密钥kmac、第三安全参数γ和关键字个数的参量τ秘密保存;(3d) The user secretly stores the symmetric key S, the message authentication code HMAC key k mac , the third security parameter γ and the parameter τ of the number of keywords; (4)处理明文文件:(4) Processing plaintext files: (4a)用户加密明文文件εj时,对其明文矩阵进行分块,定义每个明文矩阵块为其中,1≤j≤n,n为明文文件总数;(4a) When the user encrypts the plaintext file εj , the plaintext matrix is divided into blocks, and each plaintext matrix block is defined as Among them, 1≤j≤n, n is the total number of plaintext files; (4b)用户根据对称密钥S加密每个明文矩阵块M,获得对应的密文矩阵块W:(4b) The user encrypts each plaintext matrix block M according to the symmetric key S, and obtains the corresponding ciphertext matrix block W: W=(A,C),W = (A, C), 其中,A是从中随机选取的系数矩阵,C=A·S+E+G·M,S是对称密钥,G是纠错码D的生成矩阵,E是从Berθ m×N中随机选取的噪声矩阵,Berθ表示{0,1}上的伯努利分布,1的概率为θ,0的概率为1-θ;where A is from Randomly selected coefficient matrix in , C=A·S+E+G·M, S is the symmetric key, G is the generator matrix of the error correction code D, E is the noise matrix randomly selected from Ber θ m×N , Ber θ represents the Bernoulli distribution on {0,1}, the probability of 1 is θ, and the probability of 0 is 1-θ; (4c)将该明文文件εj所有的密文矩阵块W级联起来,得到该明文文件εj对应的密文文件ψj(4c) concatenate all the ciphertext matrix blocks W of the plaintext file εj to obtain the ciphertext file ψj corresponding to the plaintext file εj ; (4d)用户根据消息认证码HMAC密钥kmac和密文文件ψj计算密文文件ψj的消息认证标签Tj(4d) The user calculates the message authentication label T j of the cipher text file ψ j according to the message authentication code HMAC key k mac and the cipher text file ψ j : Tj=HMAC(kmacj),T j =HMAC(k macj ), 其中,HMAC()表示消息认证标签生成算法;Wherein, HMAC() represents the message authentication label generation algorithm; (4e)用户随机均匀选取第一秘密值s∈{0,1}γ、第二秘密值r∈{0,1}γ,生成一个可记录2τ个关键字(i,wi)的索引字典,将索引字典和两个秘密值s、r秘密保存;(4e) The user randomly and uniformly selects the first secret value s∈{0,1} γ and the second secret value r∈{0,1} γ to generate an index that can record 2 τ keywords (i, wi ) Dictionary, keep the index dictionary and two secret values s, r secretly; 其中,i为标号,i∈[1,2τ],wi为关键字,wi∈{0,1}*,*表示任意长度;Among them, i is a label, i∈[1,2 τ ], wi is a keyword, wi ∈{0,1} * , * represents any length; (4f)用户生成明文文件εj的索引比特串Ij(4f) the user generates the index bit string I j of the plaintext file ε j ; (5)数据上传:(5) Data upload: (5a)用户通过安全的信道,将消息认证码密钥kmac发送给云服务器,并将消息{IjjPTj}上传至云服务器,其中,1≤j≤n,n为明文文件总数,P表示级联符号;(5a) The user sends the message authentication code key k mac to the cloud server through a secure channel, and uploads the message {I jj PT j } to the cloud server, where 1≤j≤n, n is a plaintext file The total number, P represents the concatenated symbol; (5b)云服务器按照下式对每个密文文件进行完整性验证,验证结果用vj表示:(5b) The cloud server verifies the integrity of each ciphertext file according to the following formula, and the verification result is represented by v j : vj=Verify(kmacj,Tj),v j =Verify(k macj ,T j ), 其中,1≤j≤n,n为明文文件总数,Verify()表示消息认证码HMAC的验证算法;Among them, 1≤j≤n, n is the total number of plaintext files, Verify() indicates the verification algorithm of the message authentication code HMAC; 若vj=1,表明ψj在上传过程中未被篡改,则云服务器接收该消息,并将索引字符串Ij保存到索引字符串集合I中,同时向用户返回“ψj上传成功”的通知;If v j = 1, it indicates that ψ j has not been tampered with during the uploading process, the cloud server receives the message, saves the index string I j into the index string set I, and returns "ψ j upload successfully" to the user at the same time announcement of; 若vj=0,表明ψj在上传过程中被篡改,则云服务器拒绝接收该消息,并向用户返回“ψj上传错误”的通知;If v j = 0, indicating that ψ j has been tampered with during the uploading process, the cloud server refuses to receive the message, and returns a notification of "ψ j upload error" to the user; (5c)用户根据收到的通知内容确定是否上传成功:(5c) The user determines whether the upload is successful according to the content of the notification received: 若用户接收到“ψj上传成功”的通知,表明ψj已经成功上传至云服务器;If the user receives a notification of "ψ j uploading successfully", it indicates that ψ j has been successfully uploaded to the cloud server; 若用户接收到“ψj上传错误”的通知,则返回步骤(5a);If the user receives the notification of " ψj upload error", then return to step (5a); (6)下载密文并解密:(6) Download the ciphertext and decrypt it: (6a)用户生成需下载文件中的关键字wμ的陷门并上传至云服务器;(6a) The user generates a trapdoor for the keyword w μ in the file to be downloaded And upload to cloud server; (6b)云服务器根据陷门对已存储的文件索引比特串集合I进行匹配检索,若匹配成功,云服务器给用户返回相应的密文ψ,继续步骤(6c);若匹配失败,则云服务器给用户返回“检索失败”的通知;(6b) Cloud server according to trapdoor The stored file index bit string set I is matched and retrieved, and if the match is successful, the cloud server returns the corresponding ciphertext ψ to the user, and proceeds to step (6c); if the match fails, the cloud server returns "retrieval failure" to the user. Notice; (6c)用户解密密文ψ获得对应的明文文件ε。(6c) The user decrypts the ciphertext ψ to obtain the corresponding plaintext file ε. 2.根据权利要求1所述的方法,其特征在于,步骤(3b)中授权中心为用户生成消息认证码HMAC操作所需的密钥kmac,按照下式计算:2. method according to claim 1, is characterized in that, in step (3b), authorization center generates the required key k mac of message authentication code HMAC operation for the user, calculates according to following formula: kmac=HMAC-KeyGen(1k),k mac =HMAC-KeyGen(1 k ), 其中,k是授权中心选取的第二安全参数,HMAC-KeyGen(1k)表示消息认证码的密钥生成算法,kmac是生成的消息认证码密钥。Among them, k is the second security parameter selected by the authorization center, HMAC-KeyGen(1 k ) represents the key generation algorithm of the message authentication code, and k mac is the generated message authentication code key. 3.根据权利要求1所述的方法,其特征在于,步骤(4f)中用户生成明文文件εj的索引字符串Ij,按如下步骤进行:3. method according to claim 1, is characterized in that, in step (4f), user generates the index string I j of plaintext file ε j , carries out as follows: (4f1)用户根据第一秘密值s选取伪随机置换函数族PK(x)中的伪随机置换函数Ps(x),根据第二秘密值r选取第一伪随机函数族FK(x)中的函数Fr(x);(4f1) The user selects the pseudo-random permutation function P s (x) in the pseudo-random permutation function family P K (x) according to the first secret value s, and selects the first pseudo-random function family F K (x) according to the second secret value r ) in the function F r (x); (4f2)计算下标值ri=Fr(i),i∈[1,2τ],根据ri的值选取第二伪随机函数族GK(x)中的函数 (4f2) Calculate the subscript value ri =F r ( i ), i∈[1,2 τ ], and select the function in the second pseudo-random function family G K (x) according to the value of ri (4f3)用户根据εj中是否包含关键字wi,为明文文件εj生成一个2τ长的初始比特串I′j(4f3) The user generates an initial bit string I′ j with a length of 2 τ for the plaintext file ε j according to whether ε j contains the keyword wi : 若明文文件εj包含关键字wi,则置初始比特串I′j的第Ps(i)位为1,即I′j[Ps(i)]=1;If the plaintext file ε j contains the keyword w i , set the P s (i)th bit of the initial bit string I′ j to 1, that is, I′ j [P s (i)]=1; 若明文文件εj不包含关键字wi,则置初始比特串I′j的第Ps(i)位为0,即I′j[Ps(i)]=0;If the plaintext file ε j does not contain the keyword w i , set the P s (i)th bit of the initial bit string I′ j to 0, that is, I′ j [P s (i)]=0; 遍历i的所有值,得到初始比特串I′jTraverse all the values of i to obtain the initial bit string I′ j ; (4f4)用户将初始比特串I′j第i位的值与函数值进行异或操作,即得到索引比特串Ij的第i位的值,i∈[1,2τ],表示异或操作;(4f4) The user compares the value of the i -th bit of the initial bit string I′j with the function value perform an exclusive OR operation, i.e. Obtain the value of the ith bit of the index bit string I j , i∈[1,2 τ ], Represents an XOR operation; 遍历i的所有值,得到索引比特串IjAll values of i are traversed to obtain the index bit string I j . 4.根据权利要求1所述的方法,其特征在于,步骤(6a)中用户生成需下载文件中的关键字wμ的陷门按如下步骤进行:4. method according to claim 1 is characterized in that, in step (6a), user generates the trapdoor of keyword w μ in the file that needs to be downloaded Proceed as follows: (6a1)用户从索引字典中找到与关键字wμ对应的标号μ;(6a1) The user finds the label μ corresponding to the keyword w μ from the index dictionary; (6a2)用户根据第一秘密值s选取伪随机置换函数族PK(x)中的伪随机置换函数Ps(x),根据第二秘密值r选取第一伪随机函数族FK(x)中的函数Fr(x);(6a2) The user selects the pseudo-random permutation function P s (x) in the pseudo-random permutation function family P K (x) according to the first secret value s, and selects the first pseudo-random function family F K (x) according to the second secret value r ) in the function F r (x); (6a3)用户根据标号μ计算置换标号p=Ps(μ);(6a3) The user calculates the replacement label p=P s (μ) according to the label μ; (6a4)用户根据置换标号p计算函数索引值f=Fr(p);(6a4) The user calculates the function index value f=F r (p) according to the replacement label p; (6a5)用置换标号p和函数索引值f,构成陷门 (6a5) Use the permutation label p and the function index value f to form a trapdoor 5.根据权利要求1所述的方法,其特征在于,步骤(6b)中云服务器根据陷门对已存储的文件索引比特串集合I进行匹配检索,按如下步骤进行:5. method according to claim 1, is characterized in that, in step (6b), cloud server according to trapdoor The matching retrieval is performed on the stored file index bit string set I, and the steps are as follows: (6b1)云服务器将索引比特串Ij中置换标号p对应的位值与函数值Gf(j)进行异或操作,即得到初始比特串I′j中置换标号p对应的位值,其中,p是陷门中的置换标号,f是陷门中的函数索引值,Gf(x)是根据f的值从第二伪随机函数族GK(x)中选取的伪随机函数,I′j[p]表示初始比特串I′j中置换标号p对应的位值,Ij[p]表示索引比特串Ij中置换标号p对应的位值,表示异或操作;(6b1) The cloud server performs an exclusive OR operation on the bit value corresponding to the replacement label p in the index bit string I j and the function value G f (j), that is, Obtain the bit value corresponding to the permutation label p in the initial bit string I'j , where p is the trapdoor permutation label in , f is a trapdoor The function index value in , G f (x) is a pseudo-random function selected from the second pseudo-random function family G K (x) according to the value of f, I′ j [p] represents the permutation in the initial bit string I′ j The bit value corresponding to the label p, I j [p] represents the bit value corresponding to the replacement label p in the index bit string I j , Represents an XOR operation; (6b2)云服务器遍历j的所有值,若存在j∈[1,n],使得初始比特串I′j中置换标号p对应的位值为1,即I′j[p]=1,则匹配成功;若不存在,则匹配失败。(6b2) The cloud server traverses all the values of j. If j∈[1,n] exists, so that the bit value corresponding to the replacement label p in the initial bit string I′j is 1, that is, I′j [p]=1, then The match succeeds; if it does not exist, the match fails. 6.根据权利要求1所述的方法,其特征在于,步骤(6c)中所述的用户解密密文ψ获得对应的明文文件ε,按如下步骤进行:6. method according to claim 1, is characterized in that, user described in step (6c) decrypts ciphertext ψ to obtain corresponding plaintext file ε, carry out according to the following steps: (6c1)用户根据对称密钥S和密文文件ψ中的每一个密文矩阵块W=(A,C),计算中间矩阵Q:(6c1) The user calculates the intermediate matrix Q according to the symmetric key S and each ciphertext matrix block W=(A, C) in the ciphertext file ψ: Q=C-A·S;Q=C-A·S; (6c2)用户对中间矩阵Q的每一列调用二进制线性纠错码D进行解码,得到相应的明文矩阵块M;(6c2) the user calls the binary linear error correction code D to decode each column of the intermediate matrix Q, and obtains the corresponding plaintext matrix block M; (6c3)用户将所有的明文矩阵块M级联起来,得到对应的明文文件ε。(6c3) The user concatenates all the plaintext matrix blocks M to obtain the corresponding plaintext file ε.
CN201610948549.2A 2016-11-02 2016-11-02 A message-dependent key-based encryption method for private data Active CN106534092B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610948549.2A CN106534092B (en) 2016-11-02 2016-11-02 A message-dependent key-based encryption method for private data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610948549.2A CN106534092B (en) 2016-11-02 2016-11-02 A message-dependent key-based encryption method for private data

Publications (2)

Publication Number Publication Date
CN106534092A CN106534092A (en) 2017-03-22
CN106534092B true CN106534092B (en) 2019-07-02

Family

ID=58292868

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610948549.2A Active CN106534092B (en) 2016-11-02 2016-11-02 A message-dependent key-based encryption method for private data

Country Status (1)

Country Link
CN (1) CN106534092B (en)

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI622949B (en) * 2017-05-26 2018-05-01 富邦金融控股股份有限公司 Know your customer (kyc) data marking dispute relief system with multiple secret key and method thereof
CN109104392A (en) * 2017-06-21 2018-12-28 杨树桃 A kind of safe Wallet System of block chain
CN107301544A (en) * 2017-06-26 2017-10-27 北京泛融科技有限公司 A kind of safe Wallet System of block chain
CN107395349A (en) * 2017-08-16 2017-11-24 深圳国微技术有限公司 A kind of block chain network cryptographic key distribution method based on self-certified public key system
CN107634989A (en) * 2017-08-25 2018-01-26 中积有限公司 A kind of cloud wallet construction method and server
CN108011885B (en) * 2017-12-07 2020-12-15 北京科技大学 An email encryption method and system based on group cryptography
CN108322451B (en) * 2018-01-12 2020-09-22 深圳壹账通智能科技有限公司 Data processing method, data processing device, computer equipment and storage medium
CN108846297B (en) * 2018-07-16 2019-11-01 广州追溯信息科技有限公司 A method of distributing and retrieve data in the block chain network with peer node
CN109104270B (en) * 2018-09-21 2021-05-14 华南理工大学 An untrusted cloud center resource sharing method based on Hill operation and chaos
CN109361663B (en) * 2018-10-10 2021-05-28 中航信托股份有限公司 Method, system and device for accessing encrypted data
CN109586894A (en) * 2018-11-16 2019-04-05 重庆邮电大学 The encryption method of data in OPC UA edge calculations is realized based on pseudo-random permutation
CN109951453A (en) * 2019-02-26 2019-06-28 符安文 A kind of safe encryption method based on block chain
CN110012007B (en) * 2019-04-02 2021-02-26 国网新疆电力有限公司营销服务中心(资金集约中心、计量中心) Annular shuttle vehicle scheduling method and system based on position data encryption
CN110138749B (en) * 2019-04-23 2021-12-21 华为技术有限公司 Data security protection method and related equipment
CN110276684B (en) * 2019-05-20 2021-04-23 创新先进技术有限公司 Receipt storage method and node combining transaction type and event function type
CN110232080B (en) * 2019-05-23 2021-06-29 智慧谷(厦门)物联科技有限公司 Rapid retrieval method based on block chain
CN110610105B (en) * 2019-09-25 2020-07-24 郑州轻工业学院 Secret sharing-based authentication method for three-dimensional model file in cloud environment
CN111600948B (en) * 2020-05-14 2022-11-18 北京安御道合科技有限公司 Cloud platform application and data security processing method, system, storage medium and program based on identification password
CN112134939A (en) * 2020-09-16 2020-12-25 许永宾 Block city cloud platform based on smart city
CN112311781B (en) * 2020-10-23 2021-11-12 西安电子科技大学 A forward-backward secure encryption method with recoverable keyword masking
CN114884700B (en) * 2022-04-18 2023-04-28 华中科技大学 Searchable public key encryption batch processing method and system for resisting key guessing attack
CN115801403B (en) * 2022-11-16 2025-09-23 杭州电子科技大学 Lightweight authentication, encryption and decryption method and device for resource-constrained device communication
CN115996120B (en) * 2023-03-22 2023-09-29 江西经济管理干部学院 A computer data encryption and decryption method and system based on mobile storage devices
CN118368062B (en) * 2024-06-19 2024-09-06 江西曼荼罗软件有限公司 Data transmission method, system, storage medium and equipment based on shared secret key
CN119766425A (en) * 2024-12-03 2025-04-04 西安电子科技大学 A verifiable cloud outsourcing inner product function encryption method
CN119249462A (en) * 2024-12-04 2025-01-03 浙江蚂蚁密算科技有限公司 A method, device and storage medium for judging tampering of ciphertext data

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104320262A (en) * 2014-11-05 2015-01-28 中国科学院合肥物质科学研究院 User public key address binding, searching and verifying method and system based on crypto currency open account book technology
CN104618366A (en) * 2015-01-27 2015-05-13 西安电子科技大学 System and method for security management of Internet archives based on attributes
CN104836790A (en) * 2015-03-30 2015-08-12 西安电子科技大学 Linked storage fine-grained access control model based on attribute encryption and timestamp

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104320262A (en) * 2014-11-05 2015-01-28 中国科学院合肥物质科学研究院 User public key address binding, searching and verifying method and system based on crypto currency open account book technology
CN104618366A (en) * 2015-01-27 2015-05-13 西安电子科技大学 System and method for security management of Internet archives based on attributes
CN104836790A (en) * 2015-03-30 2015-08-12 西安电子科技大学 Linked storage fine-grained access control model based on attribute encryption and timestamp

Also Published As

Publication number Publication date
CN106534092A (en) 2017-03-22

Similar Documents

Publication Publication Date Title
CN106534092B (en) A message-dependent key-based encryption method for private data
US6959394B1 (en) Splitting knowledge of a password
JP5562687B2 (en) Securing communications sent by a first user to a second user
CN112989375B (en) A Hierarchical Optimization Encryption Lossless Privacy Protection Method
CA2747891C (en) Method for generating an encryption/decryption key
EP3694143B1 (en) Enabling access to data
JP2023500570A (en) Digital signature generation using cold wallet
CN112737764B (en) Lightweight multi-user multi-data all-homomorphic data encryption packaging method
CN112740615A (en) Multi-party computed key management
Bhandari et al. A framework for data security and storage in Cloud Computing
Chidambaram et al. Enhancing the security of customer data in cloud environments using a novel digital fingerprinting technique
Suveetha et al. Ensuring confidentiality of cloud data using homomorphic encryption
Kumar et al. Privacy preserving data sharing in cloud using EAE technique
US20150205970A1 (en) Data encryption using an external arguments encryption algorithm
Jeyaselvi et al. Cyber security-based multikey management system in cloud environment
CN117254927A (en) Public key encryption method and system for preventing leakage and hiding attribute based on edge calculation
Pavani et al. Data security and privacy issues in cloud environment
Mahalakshmi et al. Effectuation of secure authorized deduplication in hybrid cloud
Salim et al. Applying geo-encryption and attribute based encryption to implement secure access control in the cloud
CN114900288B (en) Industrial environment authentication method based on edge service
Jabbar et al. Design and implementation of hybrid EC-RSA security algorithm based on TPA for cloud storage
Rabin Provably unbreakable hyper-encryption in the limited access model
CN115412236A (en) Method for key management and password calculation, encryption method and device
Reddy et al. Data Storage on Cloud using Split-Merge and Hybrid Cryptographic Techniques
Kaur et al. Cryptography in cloud computing

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant