+

CN113794561A - Public key searchable encryption method and system - Google Patents

Public key searchable encryption method and system Download PDF

Info

Publication number
CN113794561A
CN113794561A CN202111074903.0A CN202111074903A CN113794561A CN 113794561 A CN113794561 A CN 113794561A CN 202111074903 A CN202111074903 A CN 202111074903A CN 113794561 A CN113794561 A CN 113794561A
Authority
CN
China
Prior art keywords
searchable
ciphertext
public key
trapdoor
calculate
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202111074903.0A
Other languages
Chinese (zh)
Other versions
CN113794561B (en
Inventor
戚丽君
庄金成
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shandong University
Original Assignee
Shandong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shandong University filed Critical Shandong University
Priority to CN202111074903.0A priority Critical patent/CN113794561B/en
Publication of CN113794561A publication Critical patent/CN113794561A/en
Application granted granted Critical
Publication of CN113794561B publication Critical patent/CN113794561B/en
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/30Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
    • H04L9/3006Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Power Engineering (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Storage Device Security (AREA)

Abstract

本发明属于公钥可搜索加密领域,提供一种公钥可搜索加密方法及系统。其中该方法包括接收方用于生成检索陷门并提交给云服务器;发送方用于将生成的可搜索密文和密文文件一起上传到云服务器;云服务器用于返回所有匹配的可搜索密文的密文文件,将其发送给接收方;生成可搜索密文的过程为计算每个加密文件附加的关键字的哈希值;根据关键字的哈希值计算可搜索密文的中间参量;均匀随机选取多项式,结合可搜索密文的中间参量,计算生成可搜索密文的直接参量,生成可搜索密文。本发明可在不牺牲效率的情况下,通过基于标准模型和格问题的Ring‑SIS/LWE困难性假设来保证更好的安全性,使方案既能保证各个算法的效率又能提供长期安全性。

Figure 202111074903

The invention belongs to the field of public key searchable encryption, and provides a public key searchable encryption method and system. The method includes that the receiver is used to generate a retrieval trapdoor and submit it to the cloud server; the sender is used to upload the generated searchable ciphertext and the ciphertext file to the cloud server; the cloud server is used to return all matching searchable secrets The ciphertext file of the encrypted file is sent to the receiver; the process of generating the searchable ciphertext is to calculate the hash value of the keyword attached to each encrypted file; calculate the intermediate parameter of the searchable ciphertext according to the hash value of the keyword ; Uniform random selection of polynomials, combined with the intermediate parameters of the searchable ciphertext, calculate the direct parameters of the searchable ciphertext, and generate the searchable ciphertext. The present invention can ensure better security through Ring-SIS/LWE difficulty assumption based on standard model and lattice problem without sacrificing efficiency, so that the scheme can not only ensure the efficiency of each algorithm but also provide long-term security .

Figure 202111074903

Description

一种公钥可搜索加密方法及系统A kind of public key searchable encryption method and system

技术领域technical field

本发明属于公钥可搜索加密领域,尤其涉及一种公钥可搜索加密方法及系统。The invention belongs to the field of public key searchable encryption, and in particular relates to a public key searchable encryption method and system.

背景技术Background technique

本部分的陈述仅仅是提供了与本发明相关的背景技术信息,不必然构成在先技术。The statements in this section merely provide background information related to the present invention and do not necessarily constitute prior art.

公钥可搜索加密(Public Key Encryption with Keyword Search,PEKS)旨在实现加密文件的检索。PEKS允许系统中的任何用户向服务器发送加密文件,并提供与这些文件相对应的关键字。接收者可以使用它的私钥生成并发送他想要的关键词的陷门,并使服务器能够搜索加密数据以检索与该关键词相关联的文件。Public Key Encryption with Keyword Search (PEKS) is designed to enable retrieval of encrypted files. PEKS allows any user on the system to send encrypted files to the server, providing keywords corresponding to those files. The recipient can use his private key to generate and send a trapdoor for the keyword he wants and enable the server to search the encrypted data to retrieve the file associated with that keyword.

自PEKS方案引入以来,人们已经提出了几种具有各种特征的PEKS方案。然而,由于一些障碍(例如高端到端延迟和缺乏长期安全性等),PEKS方案在实践中的广泛采用受到了阻碍。Abdalla等人提出了一种通用的由匿名的IBE到PEKS变换的框架,Behnia等人通过利用现有的基于格的IBE方案,结合Abdalla等人的通用变换,提出了一个在随机预言模型(ROM)下的基于NTRU的PEKS方案。虽然这个方案在Test算法和PEKS算法的效率上都有非常明显的优势,但该方案的KeyGen算法和Trapdoor算法却仍然不能保证较高的效率。Since the introduction of the PEKS scheme, several PEKS schemes with various characteristics have been proposed. However, the widespread adoption of PEKS schemes in practice is hindered by several obstacles (such as high end-to-end latency and lack of long-term security, etc.). Abdalla et al. proposed a general framework for an anonymous IBE-to-PEKS transformation, and Behnia et al. proposed a general transformation in the random oracle model (ROM ) under the NTRU-based PEKS scheme. Although this scheme has obvious advantages in the efficiency of Test algorithm and PEKS algorithm, the KeyGen algorithm and Trapdoor algorithm of this scheme still cannot guarantee high efficiency.

发明人发现,目前基于Abdalla等人的通用匿名的IBE到PEKS变换的公钥可搜索加密方法在同时保障搜索效率和加密的长期安全性方面还有待提高。The inventor found that the current public key searchable encryption method based on Abdalla et al.'s universal anonymous IBE to PEKS transformation still needs to be improved in terms of simultaneously ensuring search efficiency and long-term security of encryption.

发明内容SUMMARY OF THE INVENTION

为了解决上述背景技术中存在的技术问题,本发明提供一种公钥可搜索加密方法及系统,其能够同时保障搜索效率和加密的长期安全性。In order to solve the technical problems existing in the above-mentioned background art, the present invention provides a public key searchable encryption method and system, which can simultaneously ensure search efficiency and long-term security of encryption.

为了实现上述目的,本发明采用如下技术方案:In order to achieve the above object, the present invention adopts the following technical solutions:

本发明的第一个方面提供一种公钥可搜索加密方法,其包括:A first aspect of the present invention provides a public key searchable encryption method, comprising:

所述接收方用于根据预设的安全参数,计算公钥可搜索加密过程中所使用的公钥及其对应私钥,以及基于预先设定搜索的关键字,生成检索陷门并提交给云服务器;所述发送方用于根据公钥为每个加密文件附加的关键字生成可搜索密文,并将生成的可搜索密文和密文文件一起上传到云服务器;The receiver is used to calculate the public key and its corresponding private key used in the public key searchable encryption process according to the preset security parameters, and based on the preset search keyword, generate a retrieval trapdoor and submit it to the cloud server; the sender is used to generate a searchable ciphertext for the keyword attached to each encrypted file according to the public key, and upload the generated searchable ciphertext and the ciphertext file to the cloud server together;

所述云服务器用于根据检索陷门来检索所有可搜索密文,并返回所有匹配的可搜索密文的密文文件,并将这些匹配的可搜索密文的密文文件发送给接收方;The cloud server is used for retrieving all searchable ciphertexts according to the retrieval trapdoor, returning all matching searchable ciphertext ciphertext files, and sending these matching searchable ciphertext ciphertext files to the receiver;

其中,根据公钥为每个加密文件附加的关键字生成可搜索密文的过程为:Among them, the process of generating searchable ciphertext for keywords attached to each encrypted file according to the public key is as follows:

计算每个加密文件附加的关键字的哈希值;Calculate the hash value of the keyword attached to each encrypted file;

根据相应关键字的哈希值计算可搜索密文的中间参量;Calculate the intermediate parameter of the searchable ciphertext according to the hash value of the corresponding keyword;

均匀随机选取多项式,再结合可搜索密文的中间参量,计算出生成可搜索密文的直接参量,生成可搜索密文。Uniform and random selection of polynomials, combined with the intermediate parameters of the searchable ciphertext, calculate the direct parameters for generating the searchable ciphertext, and generate the searchable ciphertext.

进一步地,所述公钥可搜索加密方法还包括:发送方、接收方和云服务器分别初始化运行环境。Further, the public key searchable encryption method further includes: the sender, the receiver and the cloud server respectively initialize the operating environment.

进一步地,公钥及其对应私钥是由接收方密钥生成算法KeyGen(1k)生成的。Further, the public key and its corresponding private key are generated by the receiver's key generation algorithm KeyGen(1 k ).

进一步地,公钥及其对应私钥是根据预设安全参数而生成多项式及与其关联的陷门计算出的,所述陷门由陷门生成算法根据预设安全参数而生成;所述与陷门相关联的多项式是随机生成的。Further, the public key and its corresponding private key are calculated by generating polynomials and trapdoors associated with them according to preset security parameters, and the trapdoors are generated by a trapdoor generating algorithm according to preset security parameters; The polynomials associated with the gates are randomly generated.

进一步地,所述生成检索陷门的过程为:Further, the described process of generating and retrieving trapdoors is:

计算预先设定搜索的关键字的哈希值;Calculate the hash value of the pre-set search keyword;

根据相应关键字的哈希值计算检索陷门的中间参量;Calculate the intermediate parameter of the retrieval trapdoor according to the hash value of the corresponding keyword;

基于检索陷门的中间参量及原像采样算法,生成多项式,该多项式作为生成检索陷门;其中,检索陷门的中间参量的转置与所述多项式的乘积等于生成可搜索密文的过程中随机选取的多项式。Based on the intermediate parameters of the retrieval trapdoor and the preimage sampling algorithm, a polynomial is generated, and the polynomial is used as the generation retrieval trapdoor; wherein, the product of the transposition of the intermediate parameter of the retrieval trapdoor and the polynomial is equal to the process of generating the searchable ciphertext A randomly chosen polynomial.

进一步地,所述云服务器根据检索陷门来检索所有可搜索密文的过程为:Further, the process that the cloud server retrieves all searchable ciphertexts according to the retrieval trapdoor is:

根据检索陷门tw和可搜索密文s=(b,c2,c1),计算判断参量y=c2-bTtwAccording to the search trapdoor tw and the searchable ciphertext s=(b, c 2 , c 1 ), calculate the judgment parameter y=c 2 -b T tw ;

其中,b,c2,c1为可搜索密文的直接参量,c1←{0,1};Among them, b, c 2 , c 1 are direct parameters of searchable ciphertext, c 1 ←{0, 1};

如果判断参量y更接近

Figure BDA0003261746500000031
而不是0,则y=1,否则y=0;其中
Figure BDA0003261746500000032
表示对q/2的下取整函数;q是整数环的模数,为已知参数;If the judgment parameter y is closer
Figure BDA0003261746500000031
instead of 0, then y=1, otherwise y=0; where
Figure BDA0003261746500000032
Represents the rounding function of q/2; q is the modulus of the integer ring, which is a known parameter;

如果y=c1,则说明检索陷门与可搜索密文互相匹配,否则不匹配。If y=c 1 , it means that the retrieval trapdoor and the searchable ciphertext match each other, otherwise they do not match.

本发明的第二个方面提供一种公钥可搜索加密系统,其包括发送方、接收方和云服务器;A second aspect of the present invention provides a public key searchable encryption system, which includes a sender, a receiver, and a cloud server;

所述接收方用于根据预设的安全参数,计算公钥可搜索加密过程中所使用到的公钥及其对应私钥,以及基于预先设定搜索的关键字,生成检索陷门并提交给云服务器;The receiver is used to calculate the public key and the corresponding private key used in the public key searchable encryption process according to the preset security parameters, and based on the preset search keyword, generate a retrieval trapdoor and submit it to Cloud Server;

所述发送方用于根据公钥为每个加密文件附加的关键字生成可搜索密文,并将生成的可搜索密文和密文文件一起上传到云服务器;The sender is used to generate a searchable ciphertext for the keyword attached to each encrypted file according to the public key, and upload the generated searchable ciphertext and the ciphertext file to the cloud server together;

所述云服务器用于根据检索陷门来检索所有可搜索密文,并返回所有匹配的可搜索密文的密文文件,并将这些匹配的可搜索密文的密文文件发送给接收方;The cloud server is used for retrieving all searchable ciphertexts according to the retrieval trapdoor, returning all matching searchable ciphertext ciphertext files, and sending these matching searchable ciphertext ciphertext files to the receiver;

其中,所述发送方根据公钥为每个加密文件附加的关键字生成可搜索密文的过程为:Wherein, the process that the sender generates a searchable ciphertext for the keyword attached to each encrypted file according to the public key is as follows:

计算每个加密文件附加的关键字的哈希值;Calculate the hash value of the keyword attached to each encrypted file;

根据相应关键字的哈希值计算可搜索密文的中间参量;Calculate the intermediate parameter of the searchable ciphertext according to the hash value of the corresponding keyword;

均匀随机选取多项式,再结合可搜索密文的中间参量,计算出生成可搜索密文的直接参量,生成可搜索密文。Uniform and random selection of polynomials, combined with the intermediate parameters of the searchable ciphertext, calculate the direct parameters for generating the searchable ciphertext, and generate the searchable ciphertext.

其中,所述接收方基于预先设定搜索的关键字,生成检索陷门的过程为:Wherein, the process of generating a retrieval trapdoor by the receiver based on a preset search keyword is as follows:

计算预先设定搜索的关键字的哈希值;Calculate the hash value of the pre-set search keyword;

根据相应关键字的哈希值计算检索陷门的中间参量;Calculate the intermediate parameter of the retrieval trapdoor according to the hash value of the corresponding keyword;

基于检索陷门的中间参量及原像采样算法,生成多项式,该多项式作为生成检索陷门;其中,检索陷门的中间参量的转置与所述多项式的乘积等于生成可搜索密文的过程中随机选取的多项式。Based on the intermediate parameters of the retrieval trapdoor and the preimage sampling algorithm, a polynomial is generated, and the polynomial is used as the generation retrieval trapdoor; wherein, the product of the transposition of the intermediate parameter of the retrieval trapdoor and the polynomial is equal to the process of generating the searchable ciphertext A randomly chosen polynomial.

与现有技术相比,本发明的有益效果是:Compared with the prior art, the beneficial effects of the present invention are:

本发明的发送方根据公钥为每个加密文件附加的关键字生成可搜索密文的过程为计算每个加密文件附加的关键字的哈希值;根据相应关键字的哈希值计算可搜索密文的中间参量;均匀随机选取多项式,再结合可搜索密文的中间参量,计算出生成可搜索密文的直接参量,生成可搜索密文,本发明基于格上的Ring-SIS/LWE困难性假设,这提供了长期安全性,并且目前被认为可抵抗量子计算机的攻击,在标准模型下完成的,是IND-CPA安全且计算一致的;本发明与Behnia等人的PEKS方案进行比较,不但提供了更为显著的计算效率优势,而且基于标准模型和格问题的经典假设保证了更好的安全性。The process of generating a searchable ciphertext by the sender according to the public key for the keywords attached to each encrypted file is to calculate the hash value of the keywords attached to each encrypted file; calculate the searchable ciphertext according to the hash value of the corresponding keyword The intermediate parameter of the ciphertext; the polynomial is uniformly and randomly selected, and then combined with the intermediate parameters of the searchable ciphertext, the direct parameters for generating the searchable ciphertext are calculated, and the searchable ciphertext is generated. The present invention is based on the Ring-SIS/LWE difficulty on the lattice assuming that this provides long-term security and is currently considered resistant to attacks by quantum computers, done under the standard model, is IND-CPA secure and computationally consistent; the present invention is compared with the PEKS scheme of Behnia et al., Not only provides a more significant computational efficiency advantage, but also guarantees better security based on the classical assumptions of the Standard Model and lattice problems.

本发明附加方面的优点将在下面的描述中部分给出,部分将从下面的描述中变得明显,或通过本发明的实践了解到。Advantages of additional aspects of the invention will be set forth in part in the description which follows, and in part will become apparent from the description which follows, or may be learned by practice of the invention.

附图说明Description of drawings

构成本发明的一部分的说明书附图用来提供对本发明的进一步理解,本发明的示意性实施例及其说明用于解释本发明,并不构成对本发明的不当限定。The accompanying drawings forming a part of the present invention are used to provide further understanding of the present invention, and the exemplary embodiments of the present invention and their descriptions are used to explain the present invention, and do not constitute an improper limitation of the present invention.

图1是本发明实施例的公钥可搜索加密方法流程图。FIG. 1 is a flowchart of a public key searchable encryption method according to an embodiment of the present invention.

具体实施方式Detailed ways

下面结合附图与实施例对本发明作进一步说明。The present invention will be further described below with reference to the accompanying drawings and embodiments.

应该指出,以下详细说明都是例示性的,旨在对本发明提供进一步的说明。除非另有指明,本文使用的所有技术和科学术语具有与本发明所属技术领域的普通技术人员通常理解的相同含义。It should be noted that the following detailed description is exemplary and intended to provide further explanation of the invention. Unless otherwise defined, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this invention belongs.

需要注意的是,这里所使用的术语仅是为了描述具体实施方式,而非意图限制根据本发明的示例性实施方式。如在这里所使用的,除非上下文另外明确指出,否则单数形式也意图包括复数形式,此外,还应当理解的是,当在本说明书中使用术语“包含”和/或“包括”时,其指明存在特征、步骤、操作、器件、组件和/或它们的组合。It should be noted that the terminology used herein is for the purpose of describing specific embodiments only, and is not intended to limit the exemplary embodiments according to the present invention. As used herein, unless the context clearly dictates otherwise, the singular is intended to include the plural as well, furthermore, it is to be understood that when the terms "comprising" and/or "including" are used in this specification, it indicates that There are features, steps, operations, devices, components and/or combinations thereof.

PEKS=(KeyGen,Trapdoor,PEKS,Test)加密方案主要包括四个算法:PEKS=(KeyGen, Trapdoor, PEKS, Test) encryption scheme mainly includes four algorithms:

(1)KeyGen(1k)→(pk,sk):密钥生成算法。假设方案安全参数为k,算法通过输入k,输出公钥pk和私钥sk;(1) KeyGen(1 k )→(pk, sk): Key generation algorithm. Assuming that the security parameter of the scheme is k, the algorithm outputs the public key pk and the private key sk by inputting k;

(2)Trapdoor(w,pk,sk)→tw:陷门生成算法。输入用户想要检索的关键字w,公钥pk和私钥sk,算法输出陷门tw(2) Trapdoor(w, pk, sk)→t w : Trapdoor generation algorithm. Input the keyword w that the user wants to retrieve, the public key pk and the private key sk, and the algorithm outputs the trapdoor tw ;

(3)PEKS(w,pk)→sw:PEKS算法。输入关键字w和公钥pk,算法输出一个可搜索的密文sw(3) PEKS(w, pk)→s w : PEKS algorithm. Input the keyword w and the public key pk, the algorithm outputs a searchable ciphertext sw;

(4)Test(sw,t′w)→d:测试算法。输入可搜索的密文sw和陷门t′w,算法输出d,如果w=w′,d=1,否则d=0。(4) Test(s w , t′ w )→d: test algorithm. Input the searchable ciphertext sw and trapdoor t'w , the algorithm outputs d, if w =w', d=1, otherwise d=0.

基于身份的加密(Identity Based Encryption,IBE)是一种公钥加密机制,以用户的身份(如用户的电子邮件地址)作为公钥,用户将其身份发送给可信第三方,由可信第三方生成与用户身份相对应的私钥。我们称可信第三方为私钥生成器(Private-KeyGenerator,PKG)。IBE=(Setup,Extract,Enc,Dec)加密方案主要包括4个算法:Identity Based Encryption (IBE) is a public key encryption mechanism. Using the user's identity (such as the user's email address) as the public key, the user sends his identity to a trusted third party, and the trusted third party The three parties generate the private key corresponding to the user's identity. We call the trusted third party a private key generator (Private-KeyGenerator, PKG). The IBE=(Setup, Extract, Enc, Dec) encryption scheme mainly includes 4 algorithms:

Setup(1k)→(mpk,msk):密钥生成算法。假设方案安全参数为k,算法通过输入k,输出主公钥mpk和主私钥msk;Setup( 1k )→(mpk, msk): Key generation algorithm. Assuming that the security parameter of the scheme is k, the algorithm outputs the master public key mpk and the master private key msk by inputting k;

Extract(id,msk,mpk)→sk:提取算法。输入用户的身份id∈{0,1}k,主公钥mpk和主私钥msk,算法输出用户的私钥sk;Extract(id, msk, mpk) → sk: Extraction algorithm. Input the user's identity id∈{0, 1} k , the master public key mpk and the master private key msk, and the algorithm outputs the user's private key sk;

Enc(m,id,mpk)→c:加密算法。输入用户的身份id和消息m∈{0,1}*,算法输出密文c;Enc(m, id, mpk) → c: encryption algorithm. Input the user's identity id and message m∈{0, 1} * , the algorithm outputs the ciphertext c;

Dec(c,sk)→m:解密算法。输入密文c和用户私钥sk,算法输出从密文c恢复的明文消息m。Dec(c,sk)→m: Decryption algorithm. Enter the ciphertext c and the user's private key sk, and the algorithm outputs the plaintext message m recovered from the ciphertext c.

Abdalla等人提出了将IBE方案转化为PEKS方案的技术。即如果存在IND-CPA(选择明文攻击下的不可区分性)安全的匿名IBE方案,我们可以将其转化为IND-CPA安全且计算一致的PEKS方案。该转换方法输入一个IBE方案IBE=(Setup,Extract,Enc,Dec),并返回一个PEKS方案PEKS=(KeyGen,Trapdoor,PEKS,Test),转换方法中IBE方案与PEKS方案各算法的对应如下所示:Abdalla et al. proposed a technique for converting an IBE protocol to a PEKS protocol. That is, if there is an IND-CPA (indistinguishability under chosen plaintext attack) secure anonymous IBE scheme, we can transform it into an IND-CPA secure and computationally consistent PEKS scheme. The conversion method inputs an IBE scheme IBE=(Setup, Extract, Enc, Dec), and returns a PEKS scheme PEKS=(KeyGen, Trapdoor, PEKS, Test). The correspondence between the IBE scheme and the PEKS scheme in the conversion method is as follows Show:

Figure BDA0003261746500000071
方案中的公钥pk和私钥sk分别是IBE方案的主公钥mpk和主私钥msk;
Figure BDA0003261746500000071
The public key pk and the private key sk in the scheme are the main public key mpk and the main private key msk of the IBE scheme, respectively;

Figure BDA0003261746500000072
方案中的关键字w对应于IBE方案的身份id,PEKS方案中与关键字相关联的陷门tw是IBE方案中分配给身份的私钥sk;
Figure BDA0003261746500000072
The keyword w in the scheme corresponds to the identity id of the IBE scheme, and the trapdoor tw associated with the keyword in the PEKS scheme is the private key sk assigned to the identity in the IBE scheme;

Figure BDA0003261746500000073
PEKS方案的PEKS算法对应于IBE方案的加密算法:
Figure BDA0003261746500000073
The PEKS algorithm of the PEKS scheme corresponds to the encryption algorithm of the IBE scheme:

PEKS(w,pk)选取C2∈{0,1}k,令Enc(C2,w,pk)→C1,返回(C1,C2).PEKS(w, pk) selects C 2 ∈ {0, 1} k , let Enc(C 2 , w, pk)→C 1 , return (C 1 , C 2 ).

Figure BDA0003261746500000081
如果Dec(tw,C1)=C2,Test(C1,C2)返回1,否则返回0。
Figure BDA0003261746500000081
Test(C 1 , C 2 ) returns 1 if Dec(t w , C 1 )=C 2 , and 0 otherwise.

基于该通用方法,Behnia等人提出了一个在随机预言模型(ROM)下的基于NTRU的PEKS方案。虽然该方案在Test算法和PEKS算法的效率上都有非常明显的优势,但该方案的KeyGen算法和Trapdoor算法却仍然不能保证较高的效率,本发明为了解决上述问题,提供了一种公钥可搜索加密方法及系统,其能够同时保障搜索效率和加密的长期安全性。Based on this general approach, Behnia et al. propose an NTRU-based PEKS scheme under the random oracle model (ROM). Although this scheme has obvious advantages in the efficiency of Test algorithm and PEKS algorithm, the KeyGen algorithm and Trapdoor algorithm of this scheme still cannot guarantee high efficiency. In order to solve the above problem, the present invention provides a public key A searchable encryption method and system can simultaneously ensure search efficiency and long-term security of encryption.

为了使方案既能保证各个算法的效率又能提供长期安全性,本发明构造了一个基于Ring-SIS/LWE困难性假设的标准模型下的PEKS方案,证明了PEKS方案可以在不牺牲效率的情况下,通过基于标准模型和格问题的经典假设来保证更好的安全性。In order to make the scheme not only ensure the efficiency of each algorithm but also provide long-term security, the present invention constructs a PEKS scheme based on the Ring-SIS/LWE difficulty assumption under the standard model, which proves that the PEKS scheme can be used without sacrificing efficiency. , which guarantees better security by the classical assumptions based on the standard model and lattice problems.

实施例一Example 1

参照图1,本实施例提供了一种公钥可搜索加密方法,其具体包括如下步骤:Referring to FIG. 1, this embodiment provides a public key searchable encryption method, which specifically includes the following steps:

步骤1:所述接收方用于根据预设的安全参数,计算公钥可搜索加密过程中所使用的公钥及其对应私钥,以及基于预先设定搜索的关键字,生成检索陷门并提交给云服务器。Step 1: The receiver is used to calculate the public key and its corresponding private key used in the public key searchable encryption process according to the preset security parameters, and based on the preset search keywords, generate a retrieval trapdoor and Submit to the cloud server.

在具体实施中,发送方、接收方和云服务器分别初始化运行环境;其中,在运行过程中所使用到的接收方的公钥及其对应私钥是由接收方密钥生成算法生成;In a specific implementation, the sender, the receiver and the cloud server respectively initialize the operating environment; wherein, the receiver's public key and its corresponding private key used in the running process are generated by the receiver's key generation algorithm;

其中,所述密钥生成算法为KeyGen(1k)算法,其中k为系统预设的安全参数,具体为:Wherein, the key generation algorithm is the KeyGen(1 k ) algorithm, where k is a security parameter preset by the system, specifically:

接收方根据系统预设的安全参数k,运行TrapGen(q,σ,h=0)算法,其中q是环的模数,σ是高斯参数,h∈Rq

Figure BDA0003261746500000091
是给定的参数。如果a′没有在输入给定,则表示算法在
Figure BDA0003261746500000092
中均匀选取a′。生成多项式
Figure BDA0003261746500000093
和与之关联的陷门
Figure BDA0003261746500000094
以此计算出公钥pk和私钥sk。其中,上标m和k均为已知设定参数。具体包含以下子步骤:The receiver runs the TrapGen(q, σ, h=0) algorithm according to the security parameter k preset by the system, where q is the modulus of the ring, σ is the Gaussian parameter, h∈R q and
Figure BDA0003261746500000091
is the given parameter. If a' is not given at the input, it means that the algorithm is
Figure BDA0003261746500000092
A' is uniformly selected from among them. generator polynomial
Figure BDA0003261746500000093
and the trapdoor associated with it
Figure BDA0003261746500000094
Based on this, the public key pk and the private key sk are calculated. Among them, the superscripts m and k are known setting parameters. Specifically, it includes the following sub-steps:

运行TrapGen(q,σ,h=0)算法,其中q是环的模数,σ是高斯参数,h∈Rq

Figure BDA0003261746500000095
是给定的参数。如果a′没有在输入给定,则表示算法在
Figure BDA0003261746500000096
中均匀选取a′。该算法生成多项式
Figure BDA0003261746500000097
和与之关联的陷门
Figure BDA0003261746500000098
满足a=(a′T,-a′T)T Run the TrapGen(q, σ, h = 0) algorithm, where q is the modulus of the ring, σ is the Gaussian parameter, h ∈ R q and
Figure BDA0003261746500000095
is the given parameter. If a' is not given at the input, it means that the algorithm is
Figure BDA0003261746500000096
A' is uniformly selected from among them. The algorithm generates polynomials
Figure BDA0003261746500000097
and the trapdoor associated with it
Figure BDA0003261746500000098
Satisfy a=(a' T , -a' T ) T

均匀随机选取多项式u←RqUniform random selection of polynomial u←R q ;

根据上述步骤的结果生成公钥pk和私钥sk:

Figure BDA0003261746500000099
Figure BDA00032617465000000910
Generate the public key pk and private key sk according to the results of the above steps:
Figure BDA0003261746500000099
Figure BDA00032617465000000910

步骤2:发送方根据公钥为每个加密文件附加的关键字生成可搜索密文,并将生成的可搜索密文和密文文件一起上传到云服务器;Step 2: The sender generates a searchable ciphertext for the keywords attached to each encrypted file according to the public key, and uploads the generated searchable ciphertext and the ciphertext file to the cloud server together;

其中,利用陷门生成算法根据预设安全参数生成陷门。与陷门相关联的多项式是随机生成的。The trapdoor is generated according to preset security parameters by using a trapdoor generation algorithm. The polynomial associated with the trapdoor is randomly generated.

其中,根据公钥为每个加密文件附加的关键字生成可搜索密文的过程为:Among them, the process of generating searchable ciphertext for keywords attached to each encrypted file according to the public key is as follows:

计算每个加密文件附加的关键字的哈希值;Calculate the hash value of the keyword attached to each encrypted file;

根据相应关键字的哈希值计算可搜索密文的中间参量;Calculate the intermediate parameter of the searchable ciphertext according to the hash value of the corresponding keyword;

均匀随机选取多项式,再结合可搜索密文的中间参量,计算出生成可搜索密文的直接参量,生成可搜索密文。Uniform and random selection of polynomials, combined with the intermediate parameters of the searchable ciphertext, calculate the direct parameters for generating the searchable ciphertext, and generate the searchable ciphertext.

发送方根据公钥pk为每个加密文件附加的关键字生成可搜索密文s,并将生成的可搜索密文和密文文件一起上传到云服务器。具体包括以下子步骤:The sender generates a searchable ciphertext s for the keywords attached to each encrypted file according to the public key pk, and uploads the generated searchable ciphertext together with the ciphertext file to the cloud server. Specifically, it includes the following sub-steps:

对关键字W,计算hw=H(w),其中函数

Figure BDA0003261746500000101
是一个满秩差分编码(encodingwith Full-Rank Differences,FRD)函数,它可以将
Figure BDA0003261746500000102
中的元素映射到Rq中的可逆元素;For keyword W, compute h w = H(w), where the function
Figure BDA0003261746500000101
is an encoding with Full-Rank Differences (FRD) function, which can convert
Figure BDA0003261746500000102
Elements in map to reversible elements in R q ;

计算aw=aT+(0,hwgT)T=(a′T,hwgT-a′TT)T其中

Figure BDA0003261746500000103
Calculate a w = a T + (0, h w g T ) T = (a' T , h w g T - a' T T) T where
Figure BDA0003261746500000103

均匀随机选取多项式

Figure BDA0003261746500000104
其中
Figure BDA0003261746500000105
表示Rm-k(Rk、R)上方差为τ(γ、τ)的高斯分布;Uniform random selection of polynomials
Figure BDA0003261746500000104
in
Figure BDA0003261746500000105
Represents a Gaussian distribution with variance τ(γ, τ) over R mk (R k , R);

计算

Figure BDA0003261746500000106
Figure BDA0003261746500000107
其中
Figure BDA0003261746500000108
表示对q/2的下取整函数;calculate
Figure BDA0003261746500000106
and
Figure BDA0003261746500000107
in
Figure BDA0003261746500000108
Represents the rounding down function of q/2;

根据上述步骤的结果生成可搜索密文s=(b,c2,c1)。A searchable ciphertext s=(b, c 2 , c 1 ) is generated according to the results of the above steps.

步骤3:接收方基于预先设定搜索的关键字,生成检索陷门并提交给云服务器。Step 3: The receiver generates a search trapdoor based on the preset search keywords and submits it to the cloud server.

其中,所述生成检索陷门的过程为:Wherein, the described process of generating retrieval trapdoor is:

计算预先设定搜索的关键字的哈希值;Calculate the hash value of the pre-set search keyword;

根据相应关键字的哈希值计算检索陷门的中间参量;Calculate the intermediate parameter of the retrieval trapdoor according to the hash value of the corresponding keyword;

基于检索陷门的中间参量及原像采样算法,生成多项式,该多项式作为生成检索陷门;其中,检索陷门的中间参量的转置与所述多项式的乘积等于生成可搜索密文的过程中随机选取的多项式。Based on the intermediate parameters of the retrieval trapdoor and the preimage sampling algorithm, a polynomial is generated, and the polynomial is used as the generation retrieval trapdoor; wherein, the product of the transposition of the intermediate parameter of the retrieval trapdoor and the polynomial is equal to the process of generating the searchable ciphertext A randomly chosen polynomial.

具体地,接收方输入想要搜索的关键字w,生成检索陷门tw∈Rm并提交给云服务器。具体包括以下子步骤:Specifically, the receiver inputs the keyword w to be searched, generates a retrieval trapdoor tw ∈ R m and submits it to the cloud server. Specifically, it includes the following sub-steps:

对关键字w,计算hw=H(w),其中函数H为如上所述的FRD函数;For the keyword w, calculate h w =H(w), where the function H is the FRD function as described above;

计算aw=aT+(0,hwgT)T=(a′T,hwgT-a′TT)TCalculate a w =a T +(0, hw g T ) T =(a' T , h w g T -a' T T) T ;

运行原像采样SamplePre(T,aw,hw,ζ,σ,α,u)算法[8],生成多项式x∈Rm,满足

Figure BDA0003261746500000111
其中T,aw,hw,u如上所述,ζ,σ,α为给定的高斯参数;Run the preimage sampling SamplePre(T, a w , hw, ζ, σ, α, u) algorithm [8] to generate polynomial x∈R m , satisfying
Figure BDA0003261746500000111
where T, a w , h w , u are as described above, ζ, σ, α are given Gaussian parameters;

根据上述步骤的结果生成检索陷门tw=x。其中,上标T均表示转置的意思。The search trapdoor tw =x is generated according to the result of the above steps. Among them, the superscript T all means transposition.

步骤4:云服务器根据检索陷门来检索所有可搜索密文,返回所有匹配的可搜索密文的密文文件并将其发送给接收方。Step 4: The cloud server retrieves all searchable ciphertexts according to the retrieval trapdoor, returns all matching searchable ciphertext ciphertext files and sends them to the receiver.

其中,所述云服务器根据检索陷门来检索所有可搜索密文的过程为:Wherein, the process that the cloud server retrieves all searchable ciphertexts according to the retrieval trapdoor is:

根据检索陷门tw和可搜索密文s=(b,c2,c1),计算判断参量y=c2-bTtwAccording to the search trapdoor tw and the searchable ciphertext s=(b, c 2 , c 1 ), calculate the judgment parameter y=c 2 -b T tw ;

其中,b,c2,c1为可搜索密文的直接参量,c1←{0,1};Among them, b, c 2 , c 1 are direct parameters of searchable ciphertext, c 1 ←{0, 1};

如果判断参量y更接近

Figure BDA0003261746500000121
而不是0,则y=1,否则y=0;其中
Figure BDA0003261746500000122
表示对q/2的下取整函数;q是整数环的模数,为已知参数;If the judgment parameter y is closer
Figure BDA0003261746500000121
instead of 0, then y=1, otherwise y=0; where
Figure BDA0003261746500000122
Represents the rounding function of q/2; q is the modulus of the integer ring, which is a known parameter;

如果y=c1,则说明检索陷门与可搜索密文互相匹配,否则不匹配。If y=c 1 , it means that the retrieval trapdoor and the searchable ciphertext match each other, otherwise they do not match.

根据上述步骤的结果,云服务器返回所有符合陷门检索条件的密文文件。According to the results of the above steps, the cloud server returns all ciphertext files that meet the trapdoor retrieval conditions.

表1是安全参数为80,格维数为512时的PEKS方案的不同操作时间:KeyGen,Trapdoor,PEKS和Test。Table 1 shows the different operation times of PEKS schemes when the security parameter is 80 and the grid dimension is 512: KeyGen, Trapdoor, PEKS and Test.

表1Table 1

Figure BDA0003261746500000123
Figure BDA0003261746500000123

表2是安全参数为80,格维数为1024时的PEKS方案的不同操作时间:KeyGen,Trapdoor,PEKS和Test。Table 2 shows the different operation times of PEKS schemes when the security parameter is 80 and the grid dimension is 1024: KeyGen, Trapdoor, PEKS and Test.

表2Table 2

Figure BDA0003261746500000124
Figure BDA0003261746500000124

实施例二Embodiment 2

本实施例提供了一种公钥可搜索加密系统,其具体包括发送方、接收方和云服务器;This embodiment provides a public key searchable encryption system, which specifically includes a sender, a receiver, and a cloud server;

所述接收方用于根据预设的安全参数,计算公钥可搜索加密过程中所使用的公钥及其对应私钥,以及基于预先设定搜索的关键字,生成检索陷门并提交给云服务器;所述发送方用于根据公钥为每个加密文件附加的关键字生成可搜索密文,并将生成的可搜索密文和密文文件一起上传到云服务器;The receiver is used to calculate the public key and its corresponding private key used in the public key searchable encryption process according to the preset security parameters, and based on the preset search keyword, generate a retrieval trapdoor and submit it to the cloud server; the sender is used to generate a searchable ciphertext for the keyword attached to each encrypted file according to the public key, and upload the generated searchable ciphertext and the ciphertext file to the cloud server together;

所述云服务器用于根据检索陷门来检索所有可搜索密文,并返回所有匹配的可搜索密文的密文文件,并将这些匹配的可搜索密文的密文文件发送给接收方;The cloud server is used for retrieving all searchable ciphertexts according to the retrieval trapdoor, returning all matching searchable ciphertext ciphertext files, and sending these matching searchable ciphertext ciphertext files to the receiver;

其中,所述发送方根据公钥为每个加密文件附加的关键字生成可搜索密文的过程为:Wherein, the process that the sender generates a searchable ciphertext for the keyword attached to each encrypted file according to the public key is as follows:

计算每个加密文件附加的关键字的哈希值;Calculate the hash value of the keyword attached to each encrypted file;

根据相应关键字的哈希值计算可搜索密文的中间参量;Calculate the intermediate parameter of the searchable ciphertext according to the hash value of the corresponding keyword;

均匀随机选取多项式,再结合可搜索密文的中间参量,计算出生成可搜索密文的直接参量,生成可搜索密文。Uniform and random selection of polynomials, combined with the intermediate parameters of the searchable ciphertext, calculate the direct parameters for generating the searchable ciphertext, and generate the searchable ciphertext.

其中,所述接收方基于预先设定搜索的关键字,生成检索陷门的过程为:Wherein, the process of generating a retrieval trapdoor by the receiver based on a preset search keyword is as follows:

计算预先设定搜索的关键字的哈希值;Calculate the hash value of the pre-set search keyword;

根据相应关键字的哈希值计算检索陷门的中间参量;Calculate the intermediate parameter of the retrieval trapdoor according to the hash value of the corresponding keyword;

基于检索陷门的中间参量及原像采样算法,生成多项式,该多项式作为生成检索陷门;其中,检索陷门的中间参量的转置与所述多项式的乘积等于生成可搜索密文的过程中随机选取的多项式。Based on the intermediate parameters of the retrieval trapdoor and the preimage sampling algorithm, a polynomial is generated, and the polynomial is used as the generation retrieval trapdoor; wherein, the product of the transposition of the intermediate parameter of the retrieval trapdoor and the polynomial is equal to the process of generating the searchable ciphertext A randomly chosen polynomial.

在具体实施中,所述云服务器根据检索陷门来检索所有可搜索密文的过程为:In a specific implementation, the process that the cloud server retrieves all searchable ciphertexts according to the retrieval trapdoor is:

根据检索陷门tw和可搜索密文s=(b,c2,c1),计算判断参量y=c2-bTtwAccording to the search trapdoor tw and the searchable ciphertext s=(b, c 2 , c 1 ), calculate the judgment parameter y=c 2 -b T tw ;

其中,b,c2,c1为可搜索密文的直接参量,c1←{0,1};Among them, b, c 2 , c 1 are direct parameters of searchable ciphertext, c 1 ←{0, 1};

如果判断参量y更接近

Figure BDA0003261746500000141
而不是0,则y=1,否则y=0;其中
Figure BDA0003261746500000142
表示对q/2的下取整函数;q是整数环的模数,为已知参数;If the judgment parameter y is closer
Figure BDA0003261746500000141
instead of 0, then y=1, otherwise y=0; where
Figure BDA0003261746500000142
Represents the rounding function of q/2; q is the modulus of the integer ring, which is a known parameter;

如果y=c1,则说明检索陷门与可搜索密文互相匹配,否则不匹配。If y=c 1 , it means that the retrieval trapdoor and the searchable ciphertext match each other, otherwise they do not match.

以上所述仅为本发明的优选实施例而已,并不用于限制本发明,对于本领域的技术人员来说,本发明可以有各种更改和变化。凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的保护范围之内。The above descriptions are only preferred embodiments of the present invention, and are not intended to limit the present invention. For those skilled in the art, the present invention may have various modifications and changes. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention shall be included within the protection scope of the present invention.

Claims (10)

1.一种公钥可搜索加密方法,其特征在于,包括:1. a public key searchable encryption method, is characterized in that, comprises: 所述接收方用于根据预设的安全参数,计算公钥可搜索加密过程中所使用的公钥及其对应私钥,以及基于预先设定搜索的关键字,生成检索陷门并提交给云服务器;所述发送方用于根据公钥为每个加密文件附加的关键字生成可搜索密文,并将生成的可搜索密文和密文文件一起上传到云服务器;The receiver is used to calculate the public key and its corresponding private key used in the public key searchable encryption process according to the preset security parameters, and based on the preset search keyword, generate a retrieval trapdoor and submit it to the cloud server; the sender is used to generate a searchable ciphertext for the keyword attached to each encrypted file according to the public key, and upload the generated searchable ciphertext and the ciphertext file to the cloud server together; 所述云服务器用于根据检索陷门来检索所有可搜索密文,并返回所有匹配的可搜索密文的密文文件,并将这些匹配的可搜索密文的密文文件发送给接收方;The cloud server is used for retrieving all searchable ciphertexts according to the retrieval trapdoor, returning all matching searchable ciphertext ciphertext files, and sending these matching searchable ciphertext ciphertext files to the receiver; 其中,根据公钥为每个加密文件附加的关键字生成可搜索密文的过程为:Among them, the process of generating searchable ciphertext for keywords attached to each encrypted file according to the public key is as follows: 计算每个加密文件附加的关键字的哈希值;Calculate the hash value of the keyword attached to each encrypted file; 根据相应关键字的哈希值计算可搜索密文的中间参量;Calculate the intermediate parameter of the searchable ciphertext according to the hash value of the corresponding keyword; 均匀随机选取多项式,再结合可搜索密文的中间参量,计算出生成可搜索密文的直接参量,生成可搜索密文。Uniform and random selection of polynomials, combined with the intermediate parameters of the searchable ciphertext, calculate the direct parameters for generating the searchable ciphertext, and generate the searchable ciphertext. 2.如权利要求1所述的公钥可搜索加密方法,其特征在于,所述公钥可搜索加密方法还包括:发送方、接收方和云服务器分别初始化运行环境。2 . The public key searchable encryption method according to claim 1 , wherein the public key searchable encryption method further comprises: the sender, the receiver and the cloud server respectively initialize operating environments. 3 . 3.如权利要求1所述的公钥可搜索加密方法,其特征在于,公钥及其对应私钥是由接收方密钥生成算法KeyGen(1k)生成的。3. The public key searchable encryption method according to claim 1, wherein the public key and its corresponding private key are generated by the receiver's key generation algorithm KeyGen( 1k ). 4.如权利要求1所述的公钥可搜索加密方法,其特征在于,根据预设安全参数而生成多项式及与其关联的陷门计算出的,所述陷门由陷门生成算法根据预设安全参数而生成;所述与陷门相关联的多项式是随机生成的。4. public key searchable encryption method as claimed in claim 1, is characterized in that, generating polynomial and its associated trapdoor are calculated according to preset security parameters, and described trapdoor is calculated by trapdoor generation algorithm according to preset security parameters; the polynomial associated with the trapdoor is randomly generated. 5.如权利要求1所述的公钥可搜索加密方法,其特征在于,所述生成检索陷门的过程为:5. public key searchable encryption method as claimed in claim 1 is characterized in that, the process of described generation retrieval trapdoor is: 计算预先设定搜索的关键字的哈希值;Calculate the hash value of the pre-set search keyword; 根据相应关键字的哈希值计算检索陷门的中间参量;Calculate the intermediate parameter of the retrieval trapdoor according to the hash value of the corresponding keyword; 基于检索陷门的中间参量及原像采样算法,生成多项式,该多项式作为生成检索陷门;其中,检索陷门的中间参量的转置与所述多项式的乘积等于生成可搜索密文的过程中随机选取的多项式。Based on the intermediate parameters of the retrieval trapdoor and the preimage sampling algorithm, a polynomial is generated, and the polynomial is used as the generation retrieval trapdoor; wherein, the product of the transposition of the intermediate parameter of the retrieval trapdoor and the polynomial is equal to the process of generating the searchable ciphertext A randomly chosen polynomial. 6.如权利要求1所述的公钥可搜索加密方法,其特征在于,所述云服务器根据检索陷门来检索所有可搜索密文的过程为:6. The public key searchable encryption method as claimed in claim 1, wherein the process that the cloud server retrieves all searchable ciphertexts according to the retrieval trapdoor is: 根据检索陷门tw和可搜索密文s=(b,c2,c1),计算判断参量y=c2-bTtwAccording to the search trapdoor tw and the searchable ciphertext s=(b, c 2 , c 1 ), calculate the judgment parameter y=c 2 -b T tw ; 其中,b,c2,c1为可搜索密文的直接参量,c1←{0,1};Among them, b, c 2 , c 1 are direct parameters of searchable ciphertext, c 1 ←{0, 1}; 如果判断参量y更接近
Figure FDA0003261746490000021
而不是0,则y=1,否则y=0;其中
Figure FDA0003261746490000022
表示对q/2的下取整函数;q是整数环的模数,为已知参数;If the judgment parameter y is closer
Figure FDA0003261746490000021
instead of 0, then y=1, otherwise y=0; where
Figure FDA0003261746490000022
Represents the rounding function of q/2; q is the modulus of the integer ring, which is a known parameter; 如果y=c1,则说明检索陷门与可搜索密文互相匹配,否则不匹配。If y=c 1 , it means that the retrieval trapdoor and the searchable ciphertext match each other, otherwise they do not match. 7.一种公钥可搜索加密系统,其特征在于,包括发送方、接收方和云服务器;7. A public key searchable encryption system, comprising a sender, a receiver and a cloud server; 所述接收方用于根据预设的安全参数,计算公钥可搜索加密过程中所使用的公钥及其对应私钥,以及基于预先设定搜索的关键字,生成检索陷门并提交给云服务器;所述发送方用于根据公钥为每个加密文件附加的关键字生成可搜索密文,并将生成的可搜索密文和密文文件一起上传到云服务器;The receiver is used to calculate the public key and its corresponding private key used in the public key searchable encryption process according to the preset security parameters, and based on the preset search keyword, generate a retrieval trapdoor and submit it to the cloud server; the sender is used to generate a searchable ciphertext for the keyword attached to each encrypted file according to the public key, and upload the generated searchable ciphertext and the ciphertext file to the cloud server together; 所述云服务器用于根据检索陷门来检索所有可搜索密文,并返回所有匹配的可搜索密文的密文文件,并将这些匹配的可搜索密文的密文文件发送给接收万;The cloud server is used for retrieving all searchable ciphertexts according to the retrieval trapdoor, returning all matching searchable ciphertext ciphertext files, and sending these matching searchable ciphertext ciphertext files to the receiver; 其中,所述发送方根据公钥为每个加密文件附加的关键字生成可搜索密文的过程为:Wherein, the process that the sender generates a searchable ciphertext for the keyword attached to each encrypted file according to the public key is as follows: 计算每个加密文件附加的关键字的哈希值;Calculate the hash value of the keyword attached to each encrypted file; 根据相应关键字的哈希值计算可搜索密文的中间参量;Calculate the intermediate parameter of the searchable ciphertext according to the hash value of the corresponding keyword; 均匀随机选取多项式,再结合可搜索密文的中间参量,计算出生成可搜索密文的直接参量,生成可搜索密文。Uniform and random selection of polynomials, combined with the intermediate parameters of the searchable ciphertext, calculate the direct parameters for generating the searchable ciphertext, and generate the searchable ciphertext. 8.如权利要求7所述的公钥可搜索加密系统,其特征在于,公钥及其对应私钥是根据预设安全参数而生成多项式及与其关联的陷门计算出的;所述陷门由陷门生成算法根据预设安全参数而生成;所述与陷门相关联的多项式是随机生成的。8. The public key searchable encryption system according to claim 7, wherein the public key and its corresponding private key are calculated according to a preset security parameter to generate a polynomial and a trapdoor associated therewith; the trapdoor Generated by a trapdoor generation algorithm according to preset security parameters; the polynomial associated with the trapdoor is randomly generated. 9.如权利要求7所述的公钥可搜索加密系统,其特征在于,所述生成检索陷门的过程为:9. public key searchable encryption system as claimed in claim 7, is characterized in that, the process of described generation retrieval trapdoor is: 计算预先设定搜索的关键字的哈希值;Calculate the hash value of the pre-set search keyword; 根据相应关键字的哈希值计算检索陷门的中间参量;Calculate the intermediate parameter of the retrieval trapdoor according to the hash value of the corresponding keyword; 基于检索陷门的中间参量及原像采样算法,生成多项式,该多项式作为生成检索陷门;其中,检索陷门的中间参量的转置与所述多项式的乘积等于生成可搜索密文的过程中随机选取的多项式。Based on the intermediate parameters of the retrieval trapdoor and the preimage sampling algorithm, a polynomial is generated, and the polynomial is used as the generation retrieval trapdoor; wherein, the product of the transposition of the intermediate parameter of the retrieval trapdoor and the polynomial is equal to the process of generating the searchable ciphertext A randomly chosen polynomial. 10.如权利要求7所述的公钥可搜索加密系统,其特征在于,所述云服务器根据检索陷门来检索所有可搜索密文的过程为:10. The public key searchable encryption system according to claim 7, wherein the process that the cloud server retrieves all searchable ciphertexts according to the retrieval trapdoor is: 根据检索陷门tw和可搜索密文s=(b,c2,c1),计算判断参量y=c2-bTtwAccording to the search trapdoor tw and the searchable ciphertext s=(b, c 2 , c 1 ), calculate the judgment parameter y=c 2 -b T tw ; 其中,b,c2,c1为可搜索密文的直接参量,c1←{0,1};Among them, b, c 2 , c 1 are direct parameters of searchable ciphertext, c 1 ←{0, 1}; 如果判断参量y更接近
Figure FDA0003261746490000041
而不是0,则y=1,否则y=0;其中
Figure FDA0003261746490000042
表示对q/2的下取整函数;q是整数环的模数,为已知参数;If the judgment parameter y is closer
Figure FDA0003261746490000041
instead of 0, then y=1, otherwise y=0; where
Figure FDA0003261746490000042
Represents the rounding function of q/2; q is the modulus of the integer ring, which is a known parameter; 如果y=c1,则说明检索陷门与可搜索密文互相匹配,否则不匹配。If y=c 1 , it means that the retrieval trapdoor and the searchable ciphertext match each other, otherwise they do not match.
CN202111074903.0A 2021-09-14 2021-09-14 Public key searchable encryption method and system Expired - Fee Related CN113794561B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111074903.0A CN113794561B (en) 2021-09-14 2021-09-14 Public key searchable encryption method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111074903.0A CN113794561B (en) 2021-09-14 2021-09-14 Public key searchable encryption method and system

Publications (2)

Publication Number Publication Date
CN113794561A true CN113794561A (en) 2021-12-14
CN113794561B CN113794561B (en) 2023-06-06

Family

ID=78880285

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111074903.0A Expired - Fee Related CN113794561B (en) 2021-09-14 2021-09-14 Public key searchable encryption method and system

Country Status (1)

Country Link
CN (1) CN113794561B (en)

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115021993A (en) * 2022-05-27 2022-09-06 山东大学 A verifiable public key searchable encryption system and method
CN115276984A (en) * 2022-07-29 2022-11-01 山东大学 A key exchange method and system based on GR-LWE problem
CN115442130A (en) * 2022-09-01 2022-12-06 山东大学 Lattice-based public key authentication searchable encryption method, system and terminal
CN118300772A (en) * 2024-05-09 2024-07-05 泉城省实验室 Compact public key searchable encryption method, device, system, equipment and medium
CN119449314A (en) * 2024-10-30 2025-02-14 华中科技大学 A file encryption method, retrieval method and deletion method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105323061A (en) * 2015-12-02 2016-02-10 河海大学 Outsourced key generation and decryption property-based system capable of realizing keyword search and decryption method
CN106921674A (en) * 2017-03-30 2017-07-04 福州大学 The re-encryption semanteme of acting on behalf of that quantum is attacked after anti-can search for encryption method
CN109451077A (en) * 2019-01-04 2019-03-08 大连大学 The model that medical cloud search permission is shared
US20190394038A1 (en) * 2016-11-28 2019-12-26 Orange Searchable encryption method
CN113014563A (en) * 2021-02-10 2021-06-22 华中科技大学 Method and system for guaranteeing integrity of searchable public key encryption retrieval

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105323061A (en) * 2015-12-02 2016-02-10 河海大学 Outsourced key generation and decryption property-based system capable of realizing keyword search and decryption method
US20190394038A1 (en) * 2016-11-28 2019-12-26 Orange Searchable encryption method
CN106921674A (en) * 2017-03-30 2017-07-04 福州大学 The re-encryption semanteme of acting on behalf of that quantum is attacked after anti-can search for encryption method
CN109451077A (en) * 2019-01-04 2019-03-08 大连大学 The model that medical cloud search permission is shared
CN113014563A (en) * 2021-02-10 2021-06-22 华中科技大学 Method and system for guaranteeing integrity of searchable public key encryption retrieval

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李昊星 等: "支持多关键字的可搜索公钥加密方案", 《西安电子科技大学学报》 *

Cited By (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115021993A (en) * 2022-05-27 2022-09-06 山东大学 A verifiable public key searchable encryption system and method
CN115021993B (en) * 2022-05-27 2023-02-28 山东大学 Verifiable public key searchable encryption system and method
CN115276984A (en) * 2022-07-29 2022-11-01 山东大学 A key exchange method and system based on GR-LWE problem
CN115276984B (en) * 2022-07-29 2024-03-29 山东大学 A key exchange method and system based on GR-LWE problem
CN115442130A (en) * 2022-09-01 2022-12-06 山东大学 Lattice-based public key authentication searchable encryption method, system and terminal
CN118300772A (en) * 2024-05-09 2024-07-05 泉城省实验室 Compact public key searchable encryption method, device, system, equipment and medium
CN119449314A (en) * 2024-10-30 2025-02-14 华中科技大学 A file encryption method, retrieval method and deletion method

Also Published As

Publication number Publication date
CN113794561B (en) 2023-06-06

Similar Documents

Publication Publication Date Title
CN113794561B (en) Public key searchable encryption method and system
CN109246096B (en) A Versatile Fine-Grained Access Control Approach for Cloud Storage
CN105323061B (en) It is a kind of can keyword search outsourcing key generate and decryption attribute based system and decryption method
CN106375346B (en) A data protection method based on conditional broadcast proxy re-encryption in cloud environment
CN103647642B (en) A kind of based on certification agency re-encryption method and system
CN106549753B (en) A kind of encryption method that the support ciphertext of identity-based compares
CN106789044B (en) Searchable encryption method for cipher text data public key stored in cloud on grid under standard model
CN104320393B (en) The controllable efficient attribute base proxy re-encryption method of re-encryption
CN110113155B (en) An efficient certificateless public key encryption method
CN106161428B (en) A kind of ciphertext can comparison of equalization encryption attribute method
CN105933345B (en) A Verifiable Outsourcing Attribute-Based Encryption Method Based on Linear Secret Sharing
CN105025024B (en) One kind is based on no certificate conditions proxy re-encryption System and method for
CN105553660B (en) A kind of dynamic can search for public key encryption method
CN108880796B (en) Efficient outsourcing decryption method for server based on attribute encryption algorithm
CN107154845B (en) An Attribute-Based Outsourcing Scheme for BGN-Type Ciphertext Decryption
CN105871543A (en) Attribute-based multi-keyword ciphertext retrieval method under background of multiple data owners
CN114142996B (en) A Searchable Encryption Method Based on SM9 Cryptographic Algorithm
CN115021993B (en) Verifiable public key searchable encryption system and method
CN109981265B (en) An identity-based ciphertext equivalence determination method without using bilinear pairing
CN104158880A (en) User-end cloud data sharing solution
CN108989049A (en) A kind of the proxy re-encryption system and encryption method of no Bilinear Pairing
CN113067702A (en) Identity-based encryption method supporting ciphertext equivalence testing
CN104753947A (en) Attribute-based verifiable outsourcing decryption system and method with fixed ciphertext length
CN105007258A (en) Rapid keyword searchable public key encryption method
CN104144057B (en) A kind of CP ABE methods for generating secure decryption key

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20230606

CF01 Termination of patent right due to non-payment of annual fee
点击 这是indexloc提供的php浏览器服务,不要输入任何密码和下载