[go: up one dir, main page]

CN117134993A - Detectable method and device for retrieving ciphertext based on cumulative commitment verification - Google Patents

Detectable method and device for retrieving ciphertext based on cumulative commitment verification Download PDF

Info

Publication number
CN117134993A
CN117134993A CN202311376651.6A CN202311376651A CN117134993A CN 117134993 A CN117134993 A CN 117134993A CN 202311376651 A CN202311376651 A CN 202311376651A CN 117134993 A CN117134993 A CN 117134993A
Authority
CN
China
Prior art keywords
data
vector
verification
ciphertext
commitment
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202311376651.6A
Other languages
Chinese (zh)
Other versions
CN117134993B (en
Inventor
陈晶
赵陈斌
何琨
杜瑞颖
周显敬
刘虎
周伟
戴博涛
熊壮
何振兴
高鹏
匡衡
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Wuhan University WHU
Original Assignee
Wuhan University WHU
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Wuhan University WHU filed Critical Wuhan University WHU
Priority to CN202311376651.6A priority Critical patent/CN117134993B/en
Publication of CN117134993A publication Critical patent/CN117134993A/en
Application granted granted Critical
Publication of CN117134993B publication Critical patent/CN117134993B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/13File access structures, e.g. distributed indices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/14Details of searching files based on file metadata
    • G06F16/148File search processing
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6227Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database where protection concerns the structure of data, e.g. records, types, queries
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/1097Protocols in which an application is distributed across nodes in the network for distributed storage of data in networks, e.g. transport arrangements for network file system [NFS], storage area networks [SAN] or network attached storage [NAS]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Databases & Information Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Medical Informatics (AREA)
  • Automation & Control Theory (AREA)
  • Library & Information Science (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention discloses a search ciphertext detectable method and equipment based on accumulated promise verification, wherein the method comprises an accumulated vector promise verification method and a full-dynamic safe ciphertext search and detection method; the verification method capable of accumulating vector promises solves the problem that ciphertext is difficult to update due to fixed vector size, and the invention realizes a data verifiable structure supporting full-dynamic operation, supports concurrent processing of verification operation and promises spending of fixed constant size, so that system efficiency is remarkably improved. The full-dynamic safe ciphertext retrieval and detection method solves the problems of leakage safety caused by dynamic operation and difficult detection of malicious behaviors of a malicious server, achieves forward and backward safety by recording different updating states and other operations, and remarkably improves the system safety by detecting retrieval results returned by the server through an additively vector promised verifiable structure.

Description

基于可累加承诺验证的检索密文可检测方法及设备Detectable method and device for retrieving ciphertext based on cumulative commitment verification

技术领域Technical field

本发明属于应用密码学中完整性检测密文检索技术领域,涉及一种动态检测验证结构、安全检索方法及设备,具体设计一种基于可累加向量承诺验证的检索密文可检测的方法及设备。The invention belongs to the technical field of integrity detection ciphertext retrieval in applied cryptography, and relates to a dynamic detection verification structure, a safe retrieval method and equipment, and specifically designs a detectable method and equipment for retrieving ciphertext based on accumulable vector commitment verification. .

背景技术Background technique

随着云存储和云计算的发展,云存储为用户带来便利的同时也引发了许多外包数据的安全性问题。由于服务器的不完全可信,明文数据存储在服务器上存在着很大的安全隐患,例如被泄露或篡改。通常采用的是加密存储敏感数据的方法,将用户需要存储的明文数据用密钥在本地进行加密,再上传至服务器存储,但这样加密存储方式又会牺牲数据的可用性,用户难以访问和检索所需数据。With the development of cloud storage and cloud computing, cloud storage brings convenience to users but also raises many security issues for outsourced data. Due to the incomplete trust of the server, plain text data stored on the server has great security risks, such as being leaked or tampered with. The method usually adopted is to encrypt and store sensitive data. The plaintext data that the user needs to store is encrypted locally with a key and then uploaded to the server for storage. However, this encrypted storage method will sacrifice the usability of the data, making it difficult for users to access and retrieve all data. Data required.

为了实现加密云数据的搜索,密文检索技术被提出,保证了用户数据的安全和隐私的同时又保证了可用性。最开始提出的密文检索方案都是静态的,对于加密上传到服务器的数据无法实现动态添加、更新或删除等操作,这在现实场景需求中很明显不适用。后续也有动态的方案被提出支持添加、删除和修改数据。但是上述解决方案多是假设服务器是半可信的,服务器诚实地遵循协议规范,但对私有信息感到好奇和试图获取额外隐私信息。在实际情况下,由于节约成本或者其他因素,服务器可能返回不正确的结果等恶意行为,例如只返回满足关键字的第一个结果。为了防御服务器上述的恶意行为,保障搜索结果的正确性,搜索结果的可验证被提出。In order to realize the search of encrypted cloud data, ciphertext retrieval technology is proposed, which ensures the security and privacy of user data while ensuring availability. The initially proposed ciphertext retrieval solutions were all static and could not implement operations such as dynamic addition, update, or deletion of encrypted data uploaded to the server, which was obviously not applicable in real-life scenario requirements. Later, dynamic solutions were proposed to support adding, deleting and modifying data. But most of the above solutions assume that the server is semi-trusted, and the server honestly follows the protocol specifications, but is curious about private information and tries to obtain additional private information. In actual situations, due to cost savings or other factors, the server may return incorrect results and other malicious behaviors, such as only returning the first result that satisfies the keyword. In order to prevent the above-mentioned malicious behavior of the server and ensure the correctness of the search results, the verifiability of the search results is proposed.

现有的一些可验证方案使用累积认证标签或增量哈希来设计验证结构,然而这些结构的存储成本随着关键字的数量呈线性增长,效率不高。支持验证的密文检索方案中为了更实用支持动态操作,但是没有全面考虑动态操作所引发的前后向安全问题,使得服务器可能会分析更新索引和搜索令牌之间的关联性,从而会泄露更多关键字的信息给服务器。目前的设计不管在效率,还是安全性上都还有更大的进步空间。因此,该如何实现高效安全检索,并且保证检索结果可检测,这也是本领域迫切需要解决的问题。Some existing verifiable schemes use cumulative authentication tags or incremental hashes to design verification structures. However, the storage cost of these structures increases linearly with the number of keywords, making them inefficient. In order to be more practical, the ciphertext retrieval scheme that supports verification supports dynamic operations, but does not fully consider the forward and backward security issues caused by dynamic operations, so that the server may analyze the correlation between the updated index and the search token, thereby leaking more information. Multi-keyword information is sent to the server. The current design still has more room for improvement in terms of efficiency and safety. Therefore, how to achieve efficient and safe retrieval and ensure that the retrieval results are detectable is also an urgent problem that needs to be solved in this field.

发明内容Contents of the invention

鉴于以上对于数据安全需求,效率可用性,密文检测等需求以及上述传统方案的弊端,本发明提供了一种基于可累加承诺验证的检索密文可检测方法及设备。In view of the above requirements for data security, efficiency availability, ciphertext detection, etc., as well as the drawbacks of the above-mentioned traditional solutions, the present invention provides a retrieval ciphertext detectable method and device based on cumulative commitment verification.

本发明的方法所采用的技术方案是:一种基于可累加承诺验证的检索密文可检测方法,应用于基于可累加承诺验证的检索密文可检测系统中;所述系统参与实体包括数据拥有者、数据用户和云存储服务器;The technical solution adopted by the method of the present invention is: a retrieval ciphertext detectable method based on cumulative commitment verification, applied in a retrieval ciphertext detectable system based on cumulative commitment verification; the system participating entities include data owners authors, data users and cloud storage servers;

所述可累加承诺验证的具体实现包括以下阶段:The specific implementation of the cumulative commitment verification includes the following stages:

在系统初始化阶段,输入安全参数,初始化生成累加器和向量承诺相关参数信息,包括生成元/>,向量维度,随机数/>,向量参数/>,初始累加值acc,哈希函数H,双线性映射e和公共参数par,并将公开参数提供给系统参与实体;During the system initialization phase, enter security parameters , initialize the generated accumulator and vector commitment related parameter information, including the generator/> , vector dimension, random number/> , vector parameters/> , the initial accumulated value acc , the hash function H, the bilinear mapping e and the public parameter par , and the public parameters are provided to the system participating entities;

在可验证结构更新阶段,数据拥有者将原始数据流上传至服务器之后,服务器首先将数据集合中的元素生成新的累加值/>,然后将所有的累加值插入到向量对应索引位置中,最后对向量元素生成固定常量开销大小的承诺值C并返回给数据拥有者;In the verifiable structure update phase, after the data owner uploads the original data stream to the server, the server first collects the data The elements in generate a new accumulated value/> , then insert all the accumulated values into the corresponding index position of the vector, and finally generate a fixed constant cost commitment value C for the vector element and return it to the data owner;

在证明信息生成及检测阶段,数据用户发起数据查询和验证请求之后,云服务器返回相应的证明信息proof给数据用户,最后数据用户执行验证过程。In the certification information generation and detection stage, after the data user initiates a data query and verification request, the cloud server returns the corresponding certification information. and proof to the data user, and finally the data user performs the verification process.

作为优选,在系统初始化阶段,安全参数,/>为群G的生成元,/>为群G1的生成元,/>为群G2的生成元,群G为RSA商群,G1、G2、GT分别为三个乘法群;向量维度大小为整数n,随机数/>,向量参数/>,初始化空向量,/>表示向量中的元素;初始累加值/>;哈希函数/>,双线性映射/>;公共参数/>As a preference, during the system initialization phase, the security parameters ,/> is the generator of group G ,/> is the generator of group G 1 ,/> is the generator of group G 2 , group G is the RSA quotient group, G 1 , G 2 , and G T are three multiplicative groups respectively; the vector dimension size is an integer n and a random number/> , vector parameters/> , initialize the empty vector ,/> Represents the elements in the vector; initial accumulated value/> ;Hash function/> , bilinear mapping/> ;Public parameters/> .

作为优选,在可验证结构更新阶段,数据拥有者上传元素y之后,服务器根据接收到的数据信息生成新的累加值,并将新的累加值/>不断更新插入到向量/>中,针对向量/>生成向量承诺/>;当后续数据拥有者执行更新时,进一步生成更新承诺/>并返回给数据拥有者进行保存,其中,/>表示新更新的向量。Preferably, during the verifiable structure update phase, after the data owner uploads element y , the server generates a new cumulative value based on the received data information. , and add the new accumulated value/> Continuously update the insert into the vector/> in, for vector/> Generate vector promises/> ;When subsequent data owners perform updates, further generate update promises/> and returned to the data owner for saving, where,/> A vector representing the new update.

作为优选,在证明信息生成及检测阶段,数据用户发起数据查询与验证请求之后,云服务器返回相应的证明信息和/>给数据拥有者;其中,/>表示向量位置的索引集合,X表示所有累加元素的集合,哈希值/>;数据拥有者首先执行验证操作/>,判断该等式是否成立;若等式不成立,则返回0表示验证不通过;若等式成立,则表示该验证通过;数据拥有者继续执行向量承诺中验证算法/>,如果返回结果为1,则表示最终验证通过,如果返回0,则表示验证不通过。Preferably, during the certification information generation and detection stages, after the data user initiates a data query and verification request, the cloud server returns the corresponding certification information. and/> to the data owner; where,/> Represents the index set of vector positions, X represents the set of all accumulated elements, hash value/> , ;The data owner first performs the verification operation/> , determine whether the equation is established; if the equation is not established, 0 is returned to indicate that the verification fails; if the equation is established, it indicates that the verification is passed; the data owner continues to execute the verification algorithm in the vector commitment/> , if the return result is 1, it means the final verification passed, if it returns 0, it means the verification failed.

作为优选,所述方法具体实现包括以下阶段:Preferably, the specific implementation of the method includes the following stages:

在系统初始化阶段,输入安全参数λ,定义向量维度大小n,对称加密密钥k,向量,公共参数par和初始状态信息σ,生成系统所需要的伪随机函数F、哈希函数H1,H2In the system initialization phase, enter the security parameter λ , define the vector dimension size n , the symmetric encryption key k , and the vector , the public parameter par and the initial state information σ , generate the pseudo-random function F and hash functions H 1 and H 2 required by the system;

在密文索引更新阶段,数据拥有者对所有数据进行加密保护,并且使用伪随机函数F对关键词-文档对(w,ind)进行处理,生成并上传索引密文数据addrvalue,云服务器根据接收到的数据信息执行更新过程,并对产生相应的数据承诺值C返回给用户;In the ciphertext index update phase, the data owner encrypts and protects all data, and uses the pseudo-random function F to process the keyword-document pair ( w , ind ), generate and upload the index ciphertext data addr and value to the cloud server Execute the update process according to the received data information, and generate the corresponding data commitment value C and return it to the user;

在令牌检索及密文检测阶段,数据用户根据自身需要检测的关键词信息生成检索令牌token,并发送给云存储服务器;云存储服务器执行检索过程,并返回检索结果以及验证信息给数据用户;数据用户为了检测云服务器是否有恶意行为,因此对接收到的密文信息执行可累加承诺验证算法Verify,在验证通过后执行解密过程。In the token retrieval and ciphertext detection phase, data users generate retrieval tokens based on the keyword information they need to detect and send them to the cloud storage server; the cloud storage server executes the retrieval process and returns the retrieval results and verification information to the data users. ; In order to detect whether the cloud server has malicious behavior, the data user executes the cumulative commitment verification algorithm Verify on the received ciphertext information, and executes the decryption process after passing the verification.

作为优选,输入安全参数,初始化向量大小/>,生成对称加密密钥;定义伪随机函数/>;哈希函数/>;初始化更新关键词的计数器/>和空向量/>,定义最初状态信息/>,并且分别执行向量承诺的初始化算法/>以及动态累加器的初始化算法/>;定义公开参数/>As a preference, enter security parameters , initialization vector size/> , generate a symmetric encryption key ;Define pseudo-random function/> ;Hash function/> , ;Initialize the counter of updated keywords/> and empty vector/> , define the initial status information/> , and execute the initialization algorithm of vector commitments/> And the initialization algorithm of the dynamic accumulator/> ;Define public parameters/> .

作为优选,在密文索引更新阶段,数据拥有者输入关键词-文档(w,ind)对,执行索引加密操作;加密关键词w的新文档时,计算伪随机函数的值,并定义;计数器/>同步递增1以此实现更新索引与之前搜索令牌不关联,实现前向安全;加密ind时将操作记录op进行绑定,计算,其中op包含了增加或删除操作,用以区分对ind的更新操作,最终解密时候由数据用户自行操作,保证了后向安全;数据拥有者将密文对(addrvalue)发送给服务器;Preferably, during the ciphertext index update phase, the data owner enters the keyword-document ( w , ind ) pair to perform the index encryption operation; when encrypting a new document with keyword w , a pseudo-random function is calculated value, and define ;Counter/> Synchronously increment by 1 to achieve that the updated index is not associated with the previous search token to achieve forward security; when encrypting ind , the operation record op is bound and calculated , where op includes add or delete operations to distinguish update operations on ind . The final decryption is performed by the data user, ensuring backward security; the data owner sends the ciphertext pair ( addr , value ) to the server;

服务器接收到密文对后,添加到密文数据库EDB中:,并进一步对接收到的密文数据执行承诺操作;首先映射addr到向量索引i中,插入对应的value值到文件集合/>中,生成集合/>的累加值/>并添加到向量/>中;最后服务器生成向量/>的恒定大小承诺C并发送给数据用户进行本地保存。After the server receives the ciphertext pair, it adds it to the ciphertext database EDB: , and further perform a commitment operation on the received ciphertext data; first map addr to vector index i , and insert the corresponding value into the file collection/> in, generate a collection/> The accumulated value/> and add to vector/> Medium; the last server generated vector/> A constant size of C is committed and sent to the data user for local saving.

作为优选,在令牌检索及密文检测阶段,数据用户首先需要对检索关键词w生成搜索令牌token的列表,其中j表示计算器DC[w]中的值,/>表示搜索令牌的值;然后将搜索令牌列表TL发送给服务器;服务器接收后执行搜索,最终返回检索结果列表RL给数据用户,其中/>,/>;为了实现验证,服务器向数据用户返回成员证明信息/>,其中;当数据用户接收到搜索结果RL和证明信息proof后执行检测过程;数据用户首先判断/>,如果检测失败,则输出0并终止后续过程;否则,数据用户将进一步检测/>,如果检测失败,则输出0并终止;如果上述检测均通过,则表明云服务器诚实执行上述操作流程;最后数据用户解密计算/>;若op为增加操作,则数据用户将ind添加到最终结果列表中;若op为删除操作,则数据用户将ind从最终结果列表中删除。Preferably, in the token retrieval and ciphertext detection stages, the data user first needs to generate a list of search token tokens for the search keyword w , where j represents the value in calculator DC[ w ],/> Represents the value of the search token; then the search token list TL is sent to the server; the server performs the search after receiving it, and finally returns the retrieval result list RL to the data user, where/> ,/> ;In order to achieve verification, the server returns member certification information to the data user/> ,in ;When the data user receives the search result RL and the proof information proof , the detection process is executed; the data user first determines/> , if the detection fails, output 0 and terminate the subsequent process; otherwise, the data user will further detect/> , if the detection fails, output 0 and terminate; if all the above detections pass, it means that the cloud server honestly performs the above operation process; finally the data user decrypts the calculation/> ; If op is an add operation, the data user will add ind to the final result list; if op is a delete operation, the data user will delete ind from the final result list.

本发明的设备所采用的技术方案是:一种基于可累加承诺验证的检索密文可检测设备,包括:The technical solution adopted by the device of the present invention is: a retrieval ciphertext detectable device based on cumulative commitment verification, including:

一个或多个处理器;one or more processors;

存储装置,用于存储一个或多个程序,当所述一个或多个程序被所述一个或多个处理器执行时,使得所述一个或多个处理器实现所述的基于可累加承诺验证的检索密文可检测方法。A storage device configured to store one or more programs, which when the one or more programs are executed by the one or more processors, enable the one or more processors to implement the accumulative commitment-based verification A detectable method for retrieving ciphertext.

本发明相比现有技术,其优点和积极效果主要体现在一下几个方面:Compared with the existing technology, the advantages and positive effects of the present invention are mainly reflected in the following aspects:

(1)本发明提出了一种可累加向量承诺的验证方法,该方法避免了因关键词数目增加而引发递增的客户端存储,实现了固定常量大小开销;在验证信息生成过程中通过并发处理累加器算法,进一步提高了密文数据搜索返回效率。(1) The present invention proposes a verification method that can accumulate vector commitments. This method avoids incremental client storage caused by an increase in the number of keywords and achieves a fixed constant size overhead; through concurrent processing during the verification information generation process The accumulator algorithm further improves the efficiency of ciphertext data search and return.

(2)本发明提供的一种全动态安全密文检索及检测方法,该方法通过引入动态累加向量的结构,实现动态数据可更新和服务器恶意行为可检测;绑定文件更新计数器和操作日志记录,实现了检索过程的前后向安全,提高了系统安全性。(2) A fully dynamic security ciphertext retrieval and detection method provided by the present invention. By introducing the structure of a dynamic accumulation vector, the method realizes that dynamic data can be updated and server malicious behaviors can be detected; it binds file update counters and operation log records , realizes the forward and backward security of the retrieval process, and improves the system security.

附图说明Description of the drawings

下面使用实施例,以及具体实施方式作进一步说明本文的技术方案。另外,在说明技术方案的过程中,也使用了一些附图。对于本领域技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图以及本发明的意图。Examples and specific implementations are used below to further illustrate the technical solutions herein. In addition, in the process of explaining the technical solution, some drawings are also used. For those skilled in the art, other drawings and the intention of the present invention can also be obtained based on these drawings without exerting creative efforts.

图1为本发明实施例中系统框架图;Figure 1 is a system framework diagram in an embodiment of the present invention;

图2为本发明实施例中可累加向量承诺结构图;Figure 2 is a structural diagram of an accumulable vector commitment in an embodiment of the present invention;

图3为本发明实施例中全动态安全密文检索方法原理图;Figure 3 is a schematic diagram of a fully dynamic secure ciphertext retrieval method in an embodiment of the present invention;

图4为本发明实施例中全动态安全密文验证方法原理图。Figure 4 is a schematic diagram of a fully dynamic security ciphertext verification method in an embodiment of the present invention.

具体实施方式Detailed ways

为了便于本领域普遍技术人员的理解和实施本发明,下面结合附图及实施例对本发明作为进一步的详细描述,应当理解,此处所描述的实施示例仅用于说明和解释本发明,并不用于限定本发明。In order to facilitate those skilled in the art to understand and implement the present invention, the present invention is described in further detail below in conjunction with the accompanying drawings and examples. It should be understood that the implementation examples described here are only used to illustrate and explain the present invention, and are not used for define the invention.

请见图1和图2,本实施例提供的一种基于可累加承诺验证的检索密文可检测方法,应用于基于可累加承诺验证的检索密文可检测系统中;系统参与实体包括数据拥有者、数据用户和云存储服务器;Please see Figure 1 and Figure 2. This embodiment provides a detectable ciphertext retrieval method based on accumulative commitment verification, which is applied in a detectable ciphertext retrieval system based on accumulative commitment verification; system participating entities include data owners authors, data users and cloud storage servers;

请见图2,本实施例的可累加承诺验证的具体实现包括以下阶段:Please see Figure 2. The specific implementation of cumulative commitment verification in this embodiment includes the following stages:

在系统初始化阶段,输入安全参数,初始化生成累加器和向量承诺相关参数信息,包括生成元/>,向量维度,随机数/>,向量参数/>,初始累加值acc,哈希函数H,双线性映射e和公共参数par,并将公开参数提供给系统参与实体;During the system initialization phase, enter security parameters , initialize the generated accumulator and vector commitment related parameter information, including the generator/> , vector dimension, random number/> , vector parameters/> , the initial accumulated value acc , the hash function H, the bilinear mapping e and the public parameter par , and the public parameters are provided to the system participating entities;

在一种实施方式中,安全参数,/>为群G的生成元,/>为群G1的生成元,/>为群G2的生成元,群G为RSA商群,G1、G2、GT分别为三个乘法群;向量维度大小为整数n,随机数/>,向量参数/>,初始化空向量/>表示向量中的元素;初始累加值/>;哈希函数/>,双线性映射;公共参数/>In one embodiment, the security parameters ,/> is the generator of group G ,/> is the generator of group G 1 ,/> is the generator of group G 2 , group G is the RSA quotient group, G 1 , G 2 , and G T are three multiplicative groups respectively; the vector dimension size is an integer n and a random number/> , vector parameters/> , initialize empty vector/> , Represents the elements in the vector; initial accumulated value/> ;Hash function/> , bilinear mapping ;Public parameters/> .

在可验证结构更新阶段,数据拥有者将原始数据流上传至服务器之后,服务器首先将数据集合中的元素生成新的累加值/>,然后将所有的累加值插入到向量对应索引位置中,最后对向量元素生成固定常量开销大小的承诺值C并返回给数据拥有者。In the verifiable structure update phase, after the data owner uploads the original data stream to the server, the server first collects the data The elements in generate a new accumulated value/> , then insert all the accumulated values into the corresponding index positions of the vector, and finally generate a fixed constant cost commitment value C for the vector element and return it to the data owner.

在一种实施方式中,数据拥有者上传元素y之后,服务器根据接收到的数据信息生成新的累加值,并将新的累加值/>不断更新插入到向量/>中,针对向量生成向量承诺/>;当后续数据拥有者执行更新时,进一步生成更新承诺并返回给数据拥有者进行保存,其中,/>表示新更新的向量。在该过程中,服务器生成了固定常量大小的承诺值以用来验证。因此在交互过程中产生的通信开销和客户端存储都是常量级,这也大大提升了该发明系统的效率。In one implementation, after the data owner uploads element y , the server generates a new cumulative value based on the received data information. , and add the new accumulated value/> Continuously update the insert into the vector/> , for vector Generate vector promises/> ;When subsequent data owners perform updates, further generate update commitments and returned to the data owner for saving, where,/> A vector representing the new update. During this process, the server generates a fixed constant size promise value for verification. Therefore, the communication overhead and client storage generated during the interaction process are constant level, which also greatly improves the efficiency of the invented system.

在证明信息生成及检测阶段,数据用户发起数据查询和验证请求之后,云服务器返回相应的证明信息proof给数据用户,最后数据用户执行验证过程。In the certification information generation and detection stage, after the data user initiates a data query and verification request, the cloud server returns the corresponding certification information. and proof to the data user, and finally the data user performs the verification process.

在一种实施方式中,在证明信息生成及检测阶段,数据用户发起数据查询与验证请求之后,云服务器返回相应的证明信息和/>给数据拥有者;其中,/>表示向量位置的索引集合,X表示所有累加元素的集合,哈希值/>;数据拥有者首先执行验证操作/>,判断该等式是否成立;若等式不成立,则返回0表示验证不通过;若等式成立,则表示该验证通过;数据拥有者继续执行向量承诺中验证算法/>,如果返回结果为1,则表示最终验证通过,如果返回0,则表示验证不通过。In one implementation, during the certification information generation and detection stages, after the data user initiates a data query and verification request, the cloud server returns the corresponding certification information and/> to the data owner; where,/> Represents the index set of vector positions, X represents the set of all accumulated elements, hash value/> , ;The data owner first performs the verification operation/> , determine whether the equation is established; if the equation is not established, 0 is returned to indicate that the verification fails; if the equation is established, it indicates that the verification is passed; the data owner continues to execute the verification algorithm in the vector commitment/> , if the return result is 1, it means the final verification passed, if it returns 0, it means the verification failed.

请见图3和图4,本发明提供的一种基于可累加承诺验证的检索密文可检测方法,具体实现包括以下阶段:Please see Figure 3 and Figure 4. The present invention provides a detectable method for retrieving ciphertext based on cumulative commitment verification. The specific implementation includes the following stages:

在系统初始化阶段,输入安全参数λ,定义向量维度大小n,对称加密密钥k,向量,公共参数par和初始状态信息σ,生成系统所需要的伪随机函数F、哈希函数H1,H2等信息;In the system initialization phase, enter the security parameter λ , define the vector dimension size n , the symmetric encryption key k , and the vector , the public parameter par and the initial state information σ , generate the pseudo-random function F , hash function H 1 , H 2 and other information required by the system;

在一种实施方式中,输入安全参数,初始化向量大小/>,生成对称加密密钥/>;定义伪随机函数/>;哈希函数/>;初始化更新关键词的计数器/>和空向量/>,定义最初状态信息/>,并且分别执行向量承诺的初始化算法/>以及动态累加器的初始化算法/>;定义公开参数/>In one embodiment, entering security parameters , initialization vector size/> , generate a symmetric encryption key/> ;Define pseudo-random function/> ;Hash function/> , ;Initialize the counter of updated keywords/> and empty vector/> , define the initial status information/> , and execute the initialization algorithm of vector commitments/> And the initialization algorithm of the dynamic accumulator/> ;Define public parameters/> .

在密文索引更新阶段,数据拥有者对所有数据进行加密保护,并且使用伪随机函数F对关键词-文档对(w,ind)进行处理,生成并上传索引密文数据addrvalue,云服务器根据接收到的数据信息执行更新过程,并对产生相应的数据承诺值C返回给用户;In the ciphertext index update phase, the data owner encrypts and protects all data, and uses the pseudo-random function F to process the keyword-document pair ( w , ind ), generate and upload the index ciphertext data addr and value to the cloud server Execute the update process according to the received data information, and generate the corresponding data commitment value C and return it to the user;

在一种实施方式中,数据拥有者输入关键词-文档(w,ind)对,执行索引加密操作;加密关键词w的新文档时,计算伪随机函数的值,并定义;计数器/>同步递增1以此实现更新索引与之前搜索令牌不关联,实现前向安全;加密ind时将操作记录op进行绑定,计算,其中op包含了增加或删除操作,用以区分对ind的更新操作,最终解密时候由数据用户自行操作,保证了后向安全;数据拥有者将密文对(addrvalue)发送给服务器;In one implementation, the data owner enters a keyword-document ( w , ind ) pair and performs an index encryption operation; when encrypting a new document with keyword w , a pseudo-random function is calculated value, and define ;Counter/> Synchronously increment by 1 to achieve that the updated index is not associated with the previous search token to achieve forward security; when encrypting ind , the operation record op is bound and calculated , where op includes add or delete operations to distinguish update operations on ind . The final decryption is performed by the data user, ensuring backward security; the data owner sends the ciphertext pair ( addr , value ) to the server;

服务器接收到密文对后,添加到密文数据库EDB中:,并进一步对接收到的密文数据执行承诺操作;首先映射addr到向量索引i中,插入对应的value值到文件集合/>中,生成集合/>的累加值/>并添加到向量/>中;最后服务器生成向量/>的恒定大小承诺C并发送给数据用户进行本地保存。After the server receives the ciphertext pair, it adds it to the ciphertext database EDB: , and further perform a commitment operation on the received ciphertext data; first map addr to vector index i , and insert the corresponding value into the file collection/> in, generate a collection/> The accumulated value/> and add to vector/> Medium; the last server generated vector/> A constant size of C is committed and sent to the data user for local saving.

在令牌检索及密文检测阶段,数据用户根据自身需要检测的关键词信息生成检索令牌token,并发送给云存储服务器;云存储服务器执行检索过程,并返回检索结果以及验证信息给数据用户;数据用户为了检测云服务器是否有恶意行为,因此对接收到的密文信息执行可累加承诺验证算法Verify,在验证通过后执行解密过程。In the token retrieval and ciphertext detection phase, data users generate retrieval tokens based on the keyword information they need to detect and send them to the cloud storage server; the cloud storage server executes the retrieval process and returns the retrieval results and verification information to the data users. ; In order to detect whether the cloud server has malicious behavior, the data user executes the cumulative commitment verification algorithm Verify on the received ciphertext information, and executes the decryption process after passing the verification.

在一种实施方式中,数据用户首先需要对检索关键词w生成搜索令牌token的列表,其中j表示计算器DC[w]中的值,/>表示搜索令牌的值;然后将搜索令牌列表TL发送给服务器;服务器接收后执行搜索,最终返回检索结果列表RL给数据用户,其中/>,/>;为了实现验证,服务器向数据用户返回成员证明信息/>,其中/>;当数据用户接收到搜索结果RL和证明信息proof后执行检测过程;数据用户首先判断,如果检测失败,则输出0并终止后续过程;否则,数据用户将进一步检测/>,如果检测失败,则输出0并终止;如果上述检测均通过,则表明云服务器诚实执行上述操作流程;最后数据用户解密计算;若op为增加操作,则数据用户将ind添加到最终结果列表中;若op为删除操作,则数据用户将ind从最终结果列表中删除。In one implementation, the data user first needs to generate a list of search token tokens for the search keyword w , where j represents the value in calculator DC[ w ],/> Represents the value of the search token; then the search token list TL is sent to the server; the server performs the search after receiving it, and finally returns the retrieval result list RL to the data user, where/> ,/> ;In order to achieve verification, the server returns member certification information to the data user/> , of which/> ;When the data user receives the search result RL and the proof information proof , the detection process is executed; the data user first determines , if the detection fails, output 0 and terminate the subsequent process; otherwise, the data user will further detect/> , if the detection fails, output 0 and terminate; if all the above detections pass, it means that the cloud server honestly performs the above operation process; finally the data user decrypts the calculation ; If op is an add operation, the data user will add ind to the final result list; if op is a delete operation, the data user will delete ind from the final result list.

本实施例还提供了一种基于可累加承诺验证的检索密文可检测设备,包括:This embodiment also provides a detectable device for retrieving ciphertext based on cumulative commitment verification, including:

一个或多个处理器;one or more processors;

存储装置,用于存储一个或多个程序,当所述一个或多个程序被所述一个或多个处理器执行时,使得所述一个或多个处理器实现所述的基于可累加承诺验证的检索密文可检测方法。A storage device configured to store one or more programs, which when the one or more programs are executed by the one or more processors, enable the one or more processors to implement the accumulative commitment-based verification A detectable method for retrieving ciphertext.

本发明解决了原始向量承诺无法实现动态操作的不足,设计了可累加向量承诺的动态可验证结构,并且实现了常量大小的客户端存储以及高效的检索效率;此结构在密文检索领域的应用,可实现检索过程的前后向安全以及服务器恶意行为检测,进一步提高系统的安全性。The present invention solves the problem that original vector commitment cannot realize dynamic operation, designs a dynamic verifiable structure that can accumulate vector commitment, and realizes constant-size client storage and efficient retrieval efficiency; the application of this structure in the field of ciphertext retrieval , which can realize forward and backward security of the retrieval process and detect malicious behavior of the server, further improving the security of the system.

本发明能够在云存储,数据安全、区块链等更多领域,为使用者提供可靠、安全的搜索密文检测方法。The invention can provide users with a reliable and safe search ciphertext detection method in cloud storage, data security, blockchain and other fields.

本发明进行了广泛的实验分析,并对原始安然数据集进行随机提取成不同大小的子数据集,用以评估可累加承诺验证的检索密文可检测系统中验证结构在客户端的存储开销,搜索阶段的计算开销和验证阶段的计算开销。The present invention conducts extensive experimental analysis and randomly extracts the original Enron data set into sub-data sets of different sizes to evaluate the client-side storage overhead of the verification structure in the retrieval ciphertext detectable system that can accumulate commitment verification, search The computational overhead of the phase and the computational overhead of the verification phase.

本实验使用GNU MP库6.2.1版本和PBC库0.5.14版本,Linux Ubuntu 20.04,以及C++语言实现了所有技术方案。其中伪随机函数PRF和哈希函数是用SHA-256哈希函数和ZUC祖冲之算法进行实例化。所有测试实验在Windows 10 Enterprise系统,Inter(R)Core(TM)i5-11400 CPU@2.6GHz和16.0 GB RAM配置的台式电脑上运行。This experiment uses GNU MP library version 6.2.1 and PBC library version 0.5.14, Linux Ubuntu 20.04, and C++ language to implement all technical solutions. The pseudo-random function PRF and the hash function are instantiated using the SHA-256 hash function and the ZUC algorithm. All test experiments were run on a Windows 10 Enterprise system, a desktop computer configured with Inter(R) Core(TM) i5-11400 CPU@2.6GHz and 16.0 GB RAM.

(1)该实验分析基于常用的安然邮件数据集进行测试。根据不同的关键词文档对数目情况,首先提取不同大小的子数据集,如下表1所示:(1) This experimental analysis is tested based on the commonly used Enron email data set. According to the number of different keyword document pairs, sub-datasets of different sizes are first extracted, as shown in Table 1 below:

表1:子数据集提取情况表Table 1: Sub-dataset extraction status table

(2)针对上述提取的不同子数据集,分析本发明的验证数据结构在客户端的存储开销大小,并进一步与现存技术进行比对分析,相关测试数据见表2。(2) For the different sub-data sets extracted above, analyze the storage overhead of the verification data structure of the present invention on the client, and further compare and analyze it with existing technologies. The relevant test data is shown in Table 2.

从表2中可以看出,本发明技术路线中验证结构在客户端的存储开销最低,仅仅需要0.31KB,基于累积认证标签技术的存储开销随着数据集的增大而不断增加,当达到完整的安然数据集时,需要230.5MB的存储开销,基于增量哈希技术的存储开销虽然也是常量级,但是需要0.65KB的存储开销。显而易见,本发明技术路线的存储效率更有优势。As can be seen from Table 2, the storage overhead of the verification structure on the client side in the technical route of the present invention is the lowest, requiring only 0.31KB. The storage overhead based on the cumulative authentication label technology continues to increase with the increase of the data set. When the complete Enron data set requires 230.5MB of storage overhead. Although the storage overhead based on incremental hashing technology is also constant level, it requires 0.65KB of storage overhead. Obviously, the storage efficiency of the technical route of the present invention is more advantageous.

表2:不同验证结构在客户端的存储开销对比情况表Table 2: Comparison of storage overhead of different verification structures on the client

(3)针对本发明技术的检索过程中时间开销,进行测试分析,并与现存技术进行对比。当检索到的文档数目从1000-10000时候,可以发现现存的基于增量哈希技术方案中检索时间开销从0.0463秒增长到0.3486秒,基于累积认证标签技术方案检索操作时间开销从0.0178秒增长到0.0931秒,本发明检索时间0.0087秒增长到0.0857秒,明显效率最优。相关的实验测试数据见表3。(3) Conduct test analysis on the time overhead in the retrieval process of the technology of the present invention, and compare it with existing technology. When the number of retrieved documents is from 1000 to 10000, it can be found that the retrieval time overhead of the existing incremental hashing technology solution increases from 0.0463 seconds to 0.3486 seconds, and the retrieval operation time overhead of the cumulative authentication tag technology solution increases from 0.0178 seconds to From 0.0931 seconds, the retrieval time of the present invention increases from 0.0087 seconds to 0.0857 seconds, which is obviously the most efficient. The relevant experimental test data are shown in Table 3.

表3:检索过程时间开销情况表Table 3: Retrieval process time overhead table

(4)针对本发明技术的验证过程所需的时间开销进行测试分析,并与现存技术进行对比分析。当需要验证的文档数目从1000-10000时,可以发现现存的基于增量哈希技术方案中验证时间从1.3795秒递增到5.6937秒,基于累计认证标签技术方案验证操作时间开销从0.0493增长到0.0769,本发明技术的验证时间在可接受合理实验误差范围内基本稳定在0.0341秒左右,可见本发明的验证开销最低。相关的实验测试数据见表4。(4) Conduct a test and analysis on the time overhead required for the verification process of the technology of the present invention, and conduct a comparative analysis with the existing technology. When the number of documents that need to be verified increases from 1000 to 10000, it can be found that the verification time of the existing incremental hashing technology solution increases from 1.3795 seconds to 5.6937 seconds, and the verification operation time overhead of the cumulative authentication label technology solution increases from 0.0493 to 0.0769. The verification time of the technology of the present invention is basically stable at about 0.0341 seconds within the acceptable range of reasonable experimental errors. It can be seen that the verification overhead of the present invention is the lowest. The relevant experimental test data are shown in Table 4.

表4:验证过程时间开销情况表Table 4: Verification process time overhead table

应当理解的是,上述针对较佳实施例的描述较为详细,并不能因此而认为是对本发明专利保护范围的限制,本领域的普通技术人员在本发明的启示下,在不脱离本发明权利要求所保护的范围情况下,还可以做出替换或变形,均落入本发明的保护范围之内,本发明的请求保护范围应以所附权利要求为准。It should be understood that the above description of the preferred embodiments is relatively detailed and cannot therefore be considered to limit the scope of patent protection of the present invention. Those of ordinary skill in the art, under the inspiration of the present invention, may not deviate from the claims of the present invention. Within the scope of protection, substitutions or modifications can be made, all of which fall within the scope of protection of the present invention. The scope of protection claimed by the present invention shall be determined by the appended claims.

Claims (9)

1.一种基于可累加承诺验证的检索密文可检测方法,应用于基于可累加承诺验证的检索密文可检测系统中;所述系统参与实体包括数据拥有者、数据用户和云存储服务器;1. A retrieval ciphertext detectable method based on cumulative commitment verification, applied in a retrieval ciphertext detectable system based on cumulative commitment verification; the system participating entities include data owners, data users and cloud storage servers; 其特征在于,所述可累加承诺验证的具体实现包括以下阶段:It is characterized in that the specific implementation of the cumulative commitment verification includes the following stages: 在系统初始化阶段,输入安全参数,初始化生成累加器和向量承诺相关参数信息,包括生成元/>,向量维度,随机数/>,向量参数/>,初始累加值acc,哈希函数H,双线性映射e和公共参数par,并将公开参数提供给系统参与实体;During the system initialization phase, enter security parameters , initialize the generated accumulator and vector commitment related parameter information, including the generator/> , vector dimension, random number/> , vector parameters/> , the initial accumulated value acc , the hash function H, the bilinear mapping e and the public parameter par , and the public parameters are provided to the system participating entities; 在可验证结构更新阶段,数据拥有者将原始数据流上传至服务器之后,服务器首先将数据集合中的元素生成新的累加值/>,然后将所有的累加值插入到向量对应索引位置中,最后对向量元素生成固定常量开销大小的承诺值C并返回给数据拥有者;In the verifiable structure update phase, after the data owner uploads the original data stream to the server, the server first collects the data The elements in generate a new accumulated value/> , then insert all the accumulated values into the corresponding index position of the vector, and finally generate a fixed constant cost commitment value C for the vector element and return it to the data owner; 在证明信息生成及检测阶段,数据用户发起数据查询和验证请求之后,云服务器返回相应的证明信息proof给数据用户,最后数据用户执行验证过程。In the certification information generation and detection stage, after the data user initiates a data query and verification request, the cloud server returns the corresponding certification information. and proof to the data user, and finally the data user performs the verification process. 2.根据权利要求1所述的基于可累加承诺验证的检索密文可检测方法,其特征在于:在系统初始化阶段,安全参数,/>为群G的生成元,/>为群G1的生成元,/>为群G2的生成元,群G为RSA商群,G1、G2、GT分别为三个乘法群;向量维度大小为整数n,随机数,向量参数/>,初始化空向量/>表示向量中的元素;初始累加值/>;哈希函数/>,双线性映射;公共参数/>2. The detectable ciphertext retrieval method based on cumulative commitment verification according to claim 1, characterized in that: in the system initialization phase, the security parameters ,/> is the generator of group G ,/> is the generator of group G 1 ,/> is the generator of group G 2 , group G is the RSA quotient group, G 1 , G 2 , and G T are three multiplicative groups respectively; the vector dimension size is an integer n , and the random number , vector parameters/> , initialize empty vector/> , Represents the elements in the vector; initial accumulated value/> ;Hash function/> , bilinear mapping ;Public parameters/> . 3.根据权利要求2所述的基于可累加承诺验证的检索密文可检测方法,其特征在于:在可验证结构更新阶段,数据拥有者上传元素y之后,服务器根据接收到的数据信息生成新的累加值,并将新的累加值/>不断更新插入到向量/>中,针对向量/>生成向量承诺/>;当后续数据拥有者执行更新时,进一步生成更新承诺并返回给数据拥有者进行保存,其中,/>表示新更新的向量。3. The retrieval ciphertext detectable method based on cumulative commitment verification according to claim 2, characterized in that: in the verifiable structure update stage, after the data owner uploads element y , the server generates a new element according to the received data information. The accumulated value of , and add the new accumulated value/> Continuously update the insert into the vector/> in, for vector/> Generate vector promises/> ;When subsequent data owners perform updates, further generate update commitments and returned to the data owner for saving, where,/> A vector representing the new update. 4.根据权利要求3所述的基于可累加承诺验证的检索密文可检测方法,其特征在于:在证明信息生成及检测阶段,数据用户发起数据查询与验证请求之后,云服务器返回相应的证明信息和/>给数据拥有者;其中,/>表示向量位置的索引集合,X表示所有累加元素的集合,哈希值/>,/>;数据拥有者首先执行验证操作/>,判断该等式是否成立;若等式不成立,则返回0表示验证不通过;若等式成立,则表示该验证通过;数据拥有者继续执行向量承诺中验证算法,如果返回结果为1,则表示最终验证通过,如果返回0,则表示验证不通过。4. The detectable ciphertext retrieval method based on cumulative commitment verification according to claim 3, characterized in that: in the certification information generation and detection stage, after the data user initiates a data query and verification request, the cloud server returns the corresponding certification information and/> to the data owner; where,/> Represents the index set of vector positions, X represents the set of all accumulated elements, hash value/> ,/> ;The data owner first performs the verification operation/> , determine whether the equation is established; if the equation is not established, 0 is returned to indicate that the verification fails; if the equation is established, it indicates that the verification is passed; the data owner continues to execute the verification algorithm in the vector commitment , if the return result is 1, it means the final verification passed, if it returns 0, it means the verification failed. 5.根据权利要求1所述的基于可累加承诺验证的检索密文可检测方法,其特征在于,具体实现包括以下阶段:5. The retrieval ciphertext detectable method based on cumulative commitment verification according to claim 1, characterized in that the specific implementation includes the following stages: 在系统初始化阶段,输入安全参数λ,定义向量维度大小n,对称加密密钥k,向量,公共参数par和初始状态信息σ,生成系统所需要的伪随机函数F、哈希函数H1,H2In the system initialization phase, enter the security parameter λ , define the vector dimension size n , the symmetric encryption key k , and the vector , the public parameter par and the initial state information σ , generate the pseudo-random function F and hash functions H 1 and H 2 required by the system; 在密文索引更新阶段,数据拥有者对所有数据进行加密保护,并且使用伪随机函数F对关键词-文档对(w,ind)进行处理,生成并上传索引密文数据addrvalue,云服务器根据接收到的数据信息执行更新过程,并对产生相应的数据承诺值C返回给用户;In the ciphertext index update phase, the data owner encrypts and protects all data, and uses the pseudo-random function F to process the keyword-document pair ( w , ind ), generate and upload the index ciphertext data addr and value to the cloud server Execute the update process according to the received data information, and generate the corresponding data commitment value C and return it to the user; 在令牌检索及密文检测阶段,数据用户根据自身需要检测的关键词信息生成检索令牌token,并发送给云存储服务器;云存储服务器执行检索过程,并返回检索结果以及验证信息给数据用户;数据用户为了检测云服务器是否有恶意行为,因此对接收到的密文信息执行可累加承诺验证算法Verify,在验证通过后执行解密过程。In the token retrieval and ciphertext detection phase, data users generate retrieval tokens based on the keyword information they need to detect and send them to the cloud storage server; the cloud storage server executes the retrieval process and returns the retrieval results and verification information to the data users. ; In order to detect whether the cloud server has malicious behavior, the data user executes the cumulative commitment verification algorithm Verify on the received ciphertext information, and executes the decryption process after passing the verification. 6.根据权利要求5所述的基于可累加承诺验证的检索密文可检测方法,其特征在于,输入安全参数,初始化向量大小/>,生成对称加密密钥/>;定义伪随机函数;哈希函数/>,/>;初始化更新关键词的计数器/>和空向量/>,定义最初状态信息/>,并且分别执行向量承诺的初始化算法/>以及动态累加器的初始化算法;定义公开参数/>6. The detectable method for retrieving ciphertext based on cumulative commitment verification according to claim 5, characterized in that, input security parameters , initialization vector size/> , generate a symmetric encryption key/> ;Define pseudo-random function ;Hash function/> ,/> ;Initialize the counter of updated keywords/> and empty vector/> , define the initial status information/> , and execute the initialization algorithm of vector commitments/> And the initialization algorithm of the dynamic accumulator ;Define public parameters/> . 7.根据权利要求6所述的基于可累加承诺验证的检索密文可检测方法,其特征在于:在密文索引更新阶段,数据拥有者输入关键词-文档(w,ind)对,执行索引加密操作;加密关键词w的新文档时,计算伪随机函数的值,并定义/>;计数器/>同步递增1以此实现更新索引与之前搜索令牌不关联,实现前向安全;加密ind时将操作记录op进行绑定,计算/>,其中op包含了增加或删除操作,用以区分对ind的更新操作,最终解密时候由数据用户自行操作,保证了后向安全;数据拥有者将密文对(addrvalue)发送给服务器;7. The detectable method for retrieving ciphertext based on accumulative commitment verification according to claim 6, characterized in that: in the ciphertext index update stage, the data owner enters a keyword-document ( w , ind ) pair and performs indexing Encryption operation; when encrypting a new document of keyword w , calculate a pseudo-random function value, and define/> ;Counter/> Synchronously increment by 1 to achieve that the updated index is not associated with the previous search token, achieving forward security; when encrypting ind , the operation record op is bound and calculated/> , where op includes add or delete operations to distinguish update operations on ind . The final decryption is performed by the data user, ensuring backward security; the data owner sends the ciphertext pair ( addr , value ) to the server; 服务器接收到密文对后,添加到密文数据库EDB中:,并进一步对接收到的密文数据执行承诺操作;首先映射addr到向量索引i中,插入对应的value值到文件集合/>中,生成集合/>的累加值/>并添加到向量/>中;最后服务器生成向量/>的恒定大小承诺C并发送给数据用户进行本地保存。After the server receives the ciphertext pair, it adds it to the ciphertext database EDB: , and further perform a commitment operation on the received ciphertext data; first map addr to vector index i , and insert the corresponding value into the file collection/> in, generate a collection/> The accumulated value/> and add to vector/> Medium; the last server generated vector/> A constant size of C is committed and sent to the data user for local saving. 8.根据权利要求7所述的基于可累加承诺验证的检索密文可检测方法,其特征在于:在令牌检索及密文检测阶段,数据用户首先需要对检索关键词w生成搜索令牌token的列表,其中j表示计算器DC[w]中的值,/>表示搜索令牌的值;然后将搜索令牌列表TL发送给服务器;服务器接收后执行搜索,最终返回检索结果列表RL给数据用户,其中/>,/>;为了实现验证,服务器向数据用户返回成员证明信息/>,其中/>;当数据用户接收到搜索结果RL和证明信息proof后执行检测过程;数据用户首先判断,如果检测失败,则输出0并终止后续过程;否则,数据用户将进一步检测/>,如果检测失败,则输出0并终止;如果上述检测均通过,则表明云服务器诚实执行上述操作流程;最后数据用户解密计算;若op为增加操作,则数据用户将ind添加到最终结果列表中;若op为删除操作,则数据用户将ind从最终结果列表中删除。8. The retrieval ciphertext detectable method based on cumulative commitment verification according to claim 7, characterized in that: in the token retrieval and ciphertext detection stages, the data user first needs to generate a search token token for the retrieval keyword w . list of , where j represents the value in calculator DC[ w ],/> Represents the value of the search token; then the search token list TL is sent to the server; the server performs the search after receiving it, and finally returns the retrieval result list RL to the data user, where/> ,/> ;In order to achieve verification, the server returns member certification information to the data user/> , of which/> ;When the data user receives the search result RL and the proof information proof , the detection process is executed; the data user first determines , if the detection fails, output 0 and terminate the subsequent process; otherwise, the data user will further detect/> , if the detection fails, output 0 and terminate; if all the above detections pass, it means that the cloud server honestly performs the above operation process; finally the data user decrypts the calculation ; If op is an add operation, the data user will add ind to the final result list; if op is a delete operation, the data user will delete ind from the final result list. 9.一种基于可累加承诺验证的检索密文可检测设备,其特征在于,包括:9. A detectable device for retrieving ciphertext based on cumulative commitment verification, which is characterized by including: 一个或多个处理器;one or more processors; 存储装置,用于存储一个或多个程序,当所述一个或多个程序被所述一个或多个处理器执行时,使得所述一个或多个处理器实现如权利要求1至8中任一项所述的基于可累加承诺验证的检索密文可检测方法。A storage device configured to store one or more programs, which when executed by the one or more processors, causes the one or more processors to implement any of claims 1 to 8 A detectable method for retrieving ciphertext based on cumulative commitment verification.
CN202311376651.6A 2023-10-24 2023-10-24 Detectable method and device for retrieving ciphertext based on cumulative commitment verification Active CN117134993B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202311376651.6A CN117134993B (en) 2023-10-24 2023-10-24 Detectable method and device for retrieving ciphertext based on cumulative commitment verification

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202311376651.6A CN117134993B (en) 2023-10-24 2023-10-24 Detectable method and device for retrieving ciphertext based on cumulative commitment verification

Publications (2)

Publication Number Publication Date
CN117134993A true CN117134993A (en) 2023-11-28
CN117134993B CN117134993B (en) 2024-01-05

Family

ID=88861308

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202311376651.6A Active CN117134993B (en) 2023-10-24 2023-10-24 Detectable method and device for retrieving ciphertext based on cumulative commitment verification

Country Status (1)

Country Link
CN (1) CN117134993B (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117932125A (en) * 2024-03-22 2024-04-26 山东省计算中心(国家超级计算济南中心) Verifiable space keyword query method and device supporting privacy protection
CN119293778A (en) * 2024-12-13 2025-01-10 浙江大学 An inalienable method of identity authentication

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2790349A1 (en) * 2013-04-08 2014-10-15 Thomson Licensing Cryptographic devices and methods for generating and verifying commitments from linearly homomorphic signatures
US20150067340A1 (en) * 2013-09-05 2015-03-05 Thomson Licensing Cryptographic group signature methods and devices
CN106991148A (en) * 2017-03-27 2017-07-28 西安电子科技大学 It is a kind of to support the full database authentication system and method for updating operation
US20200007318A1 (en) * 2018-06-29 2020-01-02 International Business Machines Corporation Leakage-deterring encryption for message communication
CN112800445A (en) * 2021-01-21 2021-05-14 西安电子科技大学 Boolean query method for forward and backward security and verifiability of ciphertext data
CN113254955A (en) * 2021-05-01 2021-08-13 西安电子科技大学 Forward security connection keyword symmetric searchable encryption method, system and application
CN114584286A (en) * 2022-05-06 2022-06-03 武汉大学 Dynamic ciphertext retrieval and verification method and system supporting omnidirectional operation
JP2022121846A (en) * 2021-02-09 2022-08-22 株式会社日立製作所 Information processing system and information processing method
CN116028947A (en) * 2022-12-15 2023-04-28 长沙理工大学 Verifiable query index and device based on encryption key words

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2790349A1 (en) * 2013-04-08 2014-10-15 Thomson Licensing Cryptographic devices and methods for generating and verifying commitments from linearly homomorphic signatures
US20150067340A1 (en) * 2013-09-05 2015-03-05 Thomson Licensing Cryptographic group signature methods and devices
CN106991148A (en) * 2017-03-27 2017-07-28 西安电子科技大学 It is a kind of to support the full database authentication system and method for updating operation
US20200007318A1 (en) * 2018-06-29 2020-01-02 International Business Machines Corporation Leakage-deterring encryption for message communication
CN112800445A (en) * 2021-01-21 2021-05-14 西安电子科技大学 Boolean query method for forward and backward security and verifiability of ciphertext data
JP2022121846A (en) * 2021-02-09 2022-08-22 株式会社日立製作所 Information processing system and information processing method
CN113254955A (en) * 2021-05-01 2021-08-13 西安电子科技大学 Forward security connection keyword symmetric searchable encryption method, system and application
CN114584286A (en) * 2022-05-06 2022-06-03 武汉大学 Dynamic ciphertext retrieval and verification method and system supporting omnidirectional operation
CN116028947A (en) * 2022-12-15 2023-04-28 长沙理工大学 Verifiable query index and device based on encryption key words

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
KUN HE: "Secure Dynamic Searchable Symmetric Encryption With Constant Client Storage Cost", 《IEEE TRANSACTIONS ON INFORMATION FORENSICS AND SECURITY 》 *
ZHANG CE: "Authenticated Keyword Search in Scalable Hybrid-Storage Blockchains", 《2021 IEEE 37TH INTERNATIONAL CONFERENCE ON DATA ENGINEERING (ICDE 2021)》 *
严新成;陈越;贾洪勇;陈彦如;张馨月;: "支持高效密文密钥同步演化的安全数据共享方案", 通信学报, no. 05 *
吴兴华;张爱新;李建华;: "基于向量承诺与代理重加密的数据外包及分享方案", 计算机工程, no. 10 *
许盛伟;王荣荣;陈诚;: "支持关键字更新的基于属性可搜索加密方案", 计算机应用与软件, no. 03 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN117932125A (en) * 2024-03-22 2024-04-26 山东省计算中心(国家超级计算济南中心) Verifiable space keyword query method and device supporting privacy protection
CN119293778A (en) * 2024-12-13 2025-01-10 浙江大学 An inalienable method of identity authentication
CN119293778B (en) * 2024-12-13 2025-05-06 浙江大学 Identity authentication method without deprivation

Also Published As

Publication number Publication date
CN117134993B (en) 2024-01-05

Similar Documents

Publication Publication Date Title
CN111355705B (en) A blockchain-based data auditing and security deduplication cloud storage system and method
US10785033B2 (en) Method for storing an object on a plurality of storage nodes
US8199911B1 (en) Secure encryption algorithm for data deduplication on untrusted storage
US10348756B2 (en) System and method for assessing vulnerability of a mobile device
CN117134993B (en) Detectable method and device for retrieving ciphertext based on cumulative commitment verification
WO2019205380A1 (en) Electronic device, blockchain-based data processing method and program, and computer storage medium
US20170270293A1 (en) Systems and methods for generating tripwire files
US9338012B1 (en) Systems and methods for identifying code signing certificate misuse
US9886448B2 (en) Managing downloads of large data sets
US20160048703A1 (en) Securing integrity and consistency of a cloud storage service with efficient client operations
Goodrich et al. Athos: Efficient authentication of outsourced file systems
CN116192395B (en) A trusted system for decentralized data storage
CN114625756A (en) Data query method and device and server
US8474038B1 (en) Software inventory derivation
US8655844B1 (en) File version tracking via signature indices
Gao et al. Similarity-based secure deduplication for IIoT cloud management system
CN107094075A (en) A kind of data block dynamic operation method based on convergent encryption
US9860230B1 (en) Systems and methods for digitally signing executables with reputation information
CN102882933A (en) Encrypted cloud storage system
Baligodugula et al. A comparative study of secure and efficient data duplication mechanisms for cloud-based iot applications
US10389743B1 (en) Tracking of software executables that come from untrusted locations
US11435907B2 (en) Ensuring data authenticity using notary as a service
CN112559484A (en) Method, apparatus and computer program product for managing data objects
Jones et al. Tracking emigrant data via transient provenance
US8364705B1 (en) Methods and systems for determining a file set

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant