CN117763592A - Ciphertext retrieval method and system supporting hierarchical access control and user revocation - Google Patents
Ciphertext retrieval method and system supporting hierarchical access control and user revocation Download PDFInfo
- Publication number
- CN117763592A CN117763592A CN202410038657.0A CN202410038657A CN117763592A CN 117763592 A CN117763592 A CN 117763592A CN 202410038657 A CN202410038657 A CN 202410038657A CN 117763592 A CN117763592 A CN 117763592A
- Authority
- CN
- China
- Prior art keywords
- key
- ciphertext
- user
- encrypted
- encryption key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 43
- 238000006243 chemical reaction Methods 0.000 claims abstract description 30
- 238000012795 verification Methods 0.000 claims description 16
- 230000001172 regenerating effect Effects 0.000 claims description 5
- 238000012946 outsourcing Methods 0.000 abstract description 7
- 238000002591 computed tomography Methods 0.000 description 38
- 230000006870 function Effects 0.000 description 11
- 238000010586 diagram Methods 0.000 description 6
- 238000013507 mapping Methods 0.000 description 4
- 238000013461 design Methods 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000012986 modification Methods 0.000 description 3
- 230000004048 modification Effects 0.000 description 3
- 238000013459 approach Methods 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 239000000284 extract Substances 0.000 description 1
- 230000005055 memory storage Effects 0.000 description 1
- 238000013508 migration Methods 0.000 description 1
- 230000005012 migration Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 229920001296 polysiloxane Polymers 0.000 description 1
- 238000012545 processing Methods 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Storage Device Security (AREA)
Abstract
The invention discloses a ciphertext retrieval method and a ciphertext retrieval system supporting hierarchical access control and user revocation, which relate to the technical field of information security and solve the problems that data cost is high and flexible management of user attributes is difficult to realize when data retrieval is carried out at the same level in the prior art; the method comprises the following steps: establishing an inverted index related to the file set by utilizing the keywords, determining a KEK tree by utilizing the user set and the attribute set, and constructing a hierarchical access tree by utilizing the attribute set; encrypting the file set, the inverted index, the symmetric encryption key and the re-encryption key respectively to correspondingly obtain encrypted data; generating a conversion key and a decryption key by using the user attribute set and the master key; sending the encrypted data, the hierarchical access tree and the KEK tree to a cloud server side, and sending the conversion key and the decryption key to a user side; the method realizes layered access according to the user attribute, and reduces the expenditure of the user terminal computer and improves the query speed by using the outsourcing decryption method.
Description
Technical Field
The invention relates to the technical field of information security, in particular to a ciphertext retrieval method and a ciphertext retrieval system supporting hierarchical access control and user revocation.
Background
With the increase of the number of terminal devices and the development of new technologies, more and more data are generated, and due to the economic and flexible advantages of the cloud server, the data are often outsourced to a cloud server for storage. However, since cloud service providers are not necessarily secure and trusted, there is a great deal of insecurity in the data if stored in plain text. Therefore, how to directly implement the search on the ciphertext is an important issue. In addition, the importance of different file data may be different, and some files with high confidentiality cannot be accessed by general users, so that hierarchical access control on the importance of different files is also important. Since data is valuable, when a user leaves a data owner entity, access rights to the user are revoked in order to secure the rights of the data owner entity. Meanwhile, considering the calculation cost required by ciphertext retrieval, how to enable a user to efficiently retrieve on equipment with general calculation capability is also a problem to be solved. In the face of the current complex file data use scene, how to safely and efficiently complete the tasks becomes important, and no scheme capable of simultaneously solving all the problems exists at present.
There are two main approaches to the present invention. Xiao et al designed a hierarchical access tree that supported extensions, enabling hierarchical access to files. However, the scheme does not realize the functions of text keyword retrieval and user revocation, and has certain limitations. Miao et al realized the retrieval of text single keywords and multiple keywords on a file hierarchical basis, mainly using the inverted index data structure. Meanwhile, the scheme designs a version number for each user, and user revocation is achieved through the version number. However, this approach does not adequately account for the computational overhead required by the user to decrypt the ciphertext.
The disadvantages of the prior art are mainly as follows: efficient keyword retrieval cannot be achieved in a document layering scenario: most of the traditional ciphertext keyword retrieval schemes are carried out at the same level, and the effect of complex scenes aiming at file layering is poor; it is difficult to achieve flexible management of user attributes in a hierarchical situation: the existing attribute revocation scheme is mainly aimed at a single-level scene, management of user attributes in a layered scene is more complex, and the existing scheme cannot achieve a good effect; the local calculation cost is high; the current scheme requires a lot of computation locally when decrypting, and is not suitable for most devices with low computing power.
Disclosure of Invention
The invention solves the problems that the data cost is high and flexible management of user attributes is difficult to realize when the data retrieval is carried out at the same level in the prior art by providing the ciphertext retrieval method and the ciphertext retrieval system supporting hierarchical access control and user revocation, realizes hierarchical access according to the user attributes, reduces the cost of a user side computer by using an outsourcing decryption method, and improves the query speed.
In a first aspect, the present invention provides a ciphertext retrieval method supporting hierarchical access control and user revocation, applied to a data owner, the method comprising:
establishing an inverted index related to a file set by utilizing keywords, determining a KEK tree by utilizing a user set and an attribute set, and constructing a hierarchical access tree by utilizing the attribute set;
for the file set, the inverted index, the symmetric key and the re-encryption key K respectively i Encrypting to obtain file ciphertext CT 1 Ciphertext CT index 2 Symmetric key ciphertext CT 3 And the encrypted re-encryption key; wherein the symmetric key is a key when encrypting the file set, and the re-encryption key K i A key to encrypt leaf nodes of the hierarchical access tree;
generating a conversion key and a decryption key by using the user attribute set and the master key;
CT of the file ciphertext 1 The index ciphertext CT 2 Said symmetric key ciphertext CT 3 And sending the encrypted re-encryption key, the hierarchical access tree and the KEK tree to a cloud server side, and sending the conversion key and the decryption key to a user side.
With reference to the first aspect, in one possible implementation manner, the file set, the inverted index, the symmetric key and the re-encryption key are encrypted respectively, so as to correspondingly obtain a file ciphertext CT 1 Ciphertext CT index 2 Symmetric key ciphertext CT 3 And before the encrypted re-encryption key, further comprising:
initializing is carried out, and a master key and a public key are generated;
using random elements K on groups of multiplication loops x Generating a symmetric key K SE ;
To the instituteThe random element K x Generating a random label by utilizing a hash function;
the random tag and the file ciphertext utilize the hash function to obtain a verification key;
and generating a minimum coverage set corresponding to the user attribute by using the KEK tree.
With reference to the first aspect, in one possible implementation manner, the encrypting the file set, the inverted index, the symmetric key and the re-encryption key respectively corresponds to obtaining a file ciphertext CT 1 Ciphertext CT index 2 Symmetric key ciphertext CT 3 And an encrypted re-encryption key comprising:
encrypting each file in the file set by utilizing different symmetric keys to obtain the file ciphertext CT 1 ;
Encrypting the inverted index by utilizing parameters in the public key to obtain the index ciphertext CT 2 ;
Using the hierarchical access tree and the re-encryption key K i And parameters in said public key for said random element K associated with said symmetric key x Encrypting the attribute set in the hierarchical access tree to obtain the symmetric key ciphertext CT 3 ;
The re-encryption key K is encrypted by the minimum coverage set i And encrypting to obtain the encrypted re-encryption key.
With reference to the first aspect, in one possible implementation manner, the method further includes:
acquiring the attribute of user revocation and re-acquiring the re-encryption key to obtain a first re-encryption key;
encrypting the leaf nodes of the hierarchical access tree to obtain a re-encrypted symmetric key ciphertext CT 3 ;
Updating the KEK tree, and regenerating a first minimum coverage set corresponding to the user attribute;
encrypting the first re-encryption key by using the first minimum coverage set to obtain a re-encrypted re-encryption key;
separately updating the encrypted symmetric key ciphertext CT 3 The re-encrypted encryption key and the re-encrypted key are the re-encrypted symmetric key ciphertext CT 3 The re-encrypted re-encryption key and the first re-encryption key.
In a second aspect, the present invention provides a ciphertext retrieval method supporting hierarchical access control and user revocation, applied to a user terminal, the method comprising:
sending a query request to a cloud server to obtain a path key, a plurality of attribute group coverage sets and an encrypted re-encryption key corresponding to the query request in a KEK tree; wherein the query request includes: user identity and user attributes;
performing intersection operation by using the path key and the attribute group coverage sets to obtain a plurality of corresponding sub KEK keys;
decrypting the encrypted re-encryption key by using the plurality of sub KEK keys to obtain a plurality of corresponding re-encryption keys;
updating the conversion key by using the re-encryption key to obtain an updated conversion key;
generating trapdoors by using the keywords, the random numbers, the public keys and the user attributes, and sending the trapdoors and the updated conversion keys to a cloud server;
acquiring a query result returned by the cloud server; wherein, the query result includes: partial decryption ciphertext, symmetric key ciphertext and file ciphertext;
and decrypting the part of the decrypted ciphertext by using the decryption key and the symmetric key ciphertext to obtain an unencrypted file.
With reference to the second aspect, in one possible implementation manner, the decrypting the part of the decrypted ciphertext by using the decryption key and the symmetric key ciphertext to obtain an unencrypted file includes:
decrypting the partial decrypted ciphertext by using the decrypted key and the symmetric key ciphertext to obtain a random element K x ;
Using a hash function on the random element K x Performing hash operation to obtain a random label;
carrying out hash operation on the random tag and the file ciphertext to obtain a calculation verification key;
judging whether the calculated verification key is the same as the verification key, if so, then for the random element K x Calculating to obtain a symmetric key;
and decrypting the file ciphertext by using the symmetric key to obtain an unencrypted file.
In a third aspect, the present invention provides a ciphertext retrieval method supporting hierarchical access control and user revocation, applied to a cloud server, the method comprising:
acquiring user attributes and keywords, judging whether the user attributes are in a hierarchical access tree, if so, executing the following steps, and if not, returning to an empty set;
matching is carried out on the encryption index by using the trapdoor, and if the matching is carried out, a symmetric key ciphertext is returned;
the symmetric key ciphertext is partially decrypted by using the updated conversion key, so that a partially decrypted ciphertext is obtained;
and sending the partial decryption ciphertext, the symmetric key ciphertext and the file ciphertext to a user side.
With reference to the third aspect, in one possible implementation manner, the method further includes:
acquiring a user revocation attribute request and re-acquiring a re-encryption key to obtain a first re-encryption key;
encrypting the leaf nodes of the hierarchical access tree to obtain a re-encrypted symmetric key ciphertext CT 3 ;
Updating the KEK tree, and regenerating a first minimum coverage set corresponding to the user attribute and the updated KEK tree;
encrypting the first re-encryption key by using the first minimum coverage set to obtain a re-encrypted re-encryption key;
updating the encrypted pairs separatelyCipher text CT called key 3 The KEK tree, the encrypted re-encryption key and the re-encryption key are the re-encrypted symmetric key ciphertext CT 3 The updated KEK tree, the re-encrypted re-encryption key, and the first re-encryption key.
In a fourth aspect, the present invention provides a ciphertext retrieval system that supports hierarchical access control and user revocation, the system comprising: the cloud server comprises a data owner, a user and a cloud server;
the data owner is used for encrypting data and sending the encrypted data to the cloud server;
the user side is used for sending a query request, obtaining a query result and obtaining decrypted data according to the query result;
the cloud server is used for acquiring the query request of the user side, and performing query decryption to obtain a query result.
In a fifth aspect, the present invention provides a computer readable storage medium having executable instructions that when executed by a computer enable a ciphertext retrieval method that supports hierarchical access control and user revocation.
One or more technical schemes provided by the invention have at least the following technical effects or advantages:
(1) The invention designs verifiable outsourcing decryption, complex decryption operation on bilinear mapping is carried out on a server, partial decryption results are sent to a user side, and the user side only needs to carry out one-time simple exponential operation, so that the problem of low decryption efficiency of low-computing-capacity equipment is solved, and the query efficiency is improved;
(2) The hierarchical access tree is constructed, so that a user only needs to inquire in a relevant access layer when inquiring, the whole data is not inquired, the operation speed is improved, and the computer overhead caused by inquiry is reduced.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings that are needed in the embodiments of the present invention or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart illustrating steps of a ciphertext retrieval method supporting hierarchical access control and user revocation according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of an inverted index according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of a hierarchical access tree according to an embodiment of the present invention;
FIG. 4 is a line graph of the change of the time of generating a query request with the number of user attributes according to an embodiment of the present invention;
FIG. 5 is a line diagram of the outsourcing decryption time and the local decryption time according to the number of users according to the embodiment of the present invention;
fig. 6 is a schematic diagram of a ciphertext retrieval system supporting hierarchical access control and user revocation according to an embodiment of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. It will be apparent that the described embodiments are some, but not all, embodiments of the invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The invention provides a ciphertext retrieval method supporting hierarchical access control and user revocation, which is applied to a data owner, as shown in fig. 1, and comprises the following steps S101 to S104.
S101, establishing an inverted index related to a file set by utilizing a keyword, determining a key encryption key tree (KEK tree for short, english holonomic name: key Encryption Key) by utilizing a user set and an attribute set, and constructing a hierarchical access tree by utilizing the attribute set.
Illustratively, the present invention uses an inverted index to construct a mapping relationship of a keyword set to a file set. In the inverted index, each keyword maps to a file number containing the keyword. Thus, keywords can be conveniently used to obtain files containing the keywords by using the inverted index. As shown in fig. 2, representing the relationship between the document ID and the document content and the keywords, an inverted index including the document ID and the keywords is established from the document ID and the document content.
The hierarchical access tree is provided for realizing the hierarchical control access of the file. In a hierarchical access tree, each subtree rooted at a non-leaf node represents an access policy, and the entire access tree is a tree structure that aggregates multiple access policies. Non-leaf nodes of the hierarchical access tree represent threshold gates, such as: AND-gate, OR-gate, OR OUTOF-gate, leaf nodes represent attributes. A specific hierarchical access tree form is shown in fig. 3.
For nodes on the hierarchical access tree, the degree on each node is set, the degree d=k-1 is set, k represents a threshold, the threshold of the leaf node is 1, and the hierarchical access tree is constructed from top to bottom.
Assuming the root node of the hierarchical access tree is A, a random number s on a prime group is randomly selected first A Then randomly select d A Residual value ofThe polynomials of root node a are then generated together, specifically expressed as:
for all other non-leaf nodes, let X be a set of non-leaf nodes, for each X ε X, calculate the secret value from the polynomial of the parent node:
s x =q x (0)=q parent (index(x))
where index (x) represents the position of node x among all children nodes of the parent node, and parent (x) represents the parent node of x.
Then randomly selecting d x Residual value ofThen together generate a polynomial of x
The polynomial of each node on the hierarchical access tree is effectively the access policy on each node.
Illustratively, to enable dynamic user revocation, the present scheme uses a Key Encryption Key (KEK) tree. The key encryption key tree is a binary tree based on users, each leaf node representing a user, all nodes storing a different key KEK.
Let U= { U 1 ,u 2 ,…u n The } is the set of all users in the system, G i Representing the set of users having attribute i. Attribute group G i Is the smallest coverage set cover (G) i ) Indicating that G can be covered i The minimum KEK set for all users in (1), G i Is a descendant node of an element in the overlay set. Path key PK i Representing a set of all KEKs from the root node to a leaf node. Therefore, for G i With and with only one kek=pk for each user in (a) i ∩cover(G i ) For other than G i Such KEKs are not present for the users in (a), and flexible user revocation may be achieved by this property.
Prior to step S102, further comprising: (1) performing initialization to generate a master key and a public key. Specifically, the master key MSK and the public key PK are specifically expressed as:
PK={g,g a ,g b ,g c ,g β ,e(g,g) α }
MSK={a,b,c,α,β}
wherein e (g, g) represents bilinear mapping: g is G.fwdarw.G T G represents generation of multiplication loop group GThe elements, a, b, c, α, β represent random elements over the finite field, respectively.
(2) Using random elements K on group G x Generating a symmetric key K SE . Specifically, for each file pair, a random element K is used x Each random element K x Corresponds to a symmetric key K SE 。
(3) For random element K x Generating random Tag by utilizing hash function 0 。
(4) Random Tag 0 Sum file ciphertext CT 1 And obtaining a verification key VK by utilizing a hash function, wherein the obtained verification key VK is used for verification during outsourcing decryption.
(5) And generating a minimum coverage set corresponding to the user attribute by using the KEK tree.
S102, respectively for a file set, an inverted index, a symmetric key and a re-encryption key K i Encrypting to obtain file ciphertext CT 1 Ciphertext CT index 2 Symmetric key ciphertext CT 3 And the encrypted re-encryption key; wherein the symmetric key is the key used for encrypting the file set, and the key K is re-encrypted i A key encrypted for a leaf node of the hierarchical access tree.
Specifically, in step S102, the file set, the inverted index, the symmetric key and the re-encryption key are encrypted respectively to obtain the file ciphertext CT correspondingly 1 Ciphertext CT index 2 Symmetric key ciphertext CT 3 And an encrypted re-encryption key including the following steps S1021 to S1024.
S1021, encrypting each file in the file set by using different symmetric keys to obtain a file ciphertext CT 1 File ciphertext CT 1 The concrete steps are as follows: CT (computed tomography) 1 =Enc(K SE ,M x )。
S1022, encrypting the inverted index by using the parameters in the public key to obtain an index ciphertext CT 2 . Specifically, given parameters a, b, c and the inverted index constructed before are input, μ is randomly selected for a certain determined keyword w, and μ is a random number on the group G. Calculation ofAt the same time if w belongs to file M x And (3) calculating: />
Wherein H is 0 For the hash function H set in advance 0 :s x Corresponding secret values in the hierarchical access tree defined for the preceding. If w does not belong to M x Setting z x =1,z' x =1, then the final index ciphertext is:
CT 2 ={z x ,z' x },x∈X
s1023, using hierarchical access tree and re-encryption key K i And parameters in the public key for the random element K associated with the symmetric key x Encrypting the attribute set in the hierarchical access tree to obtain a symmetric key ciphertext CT 3 . In particular, for efficiency reasons, only the hierarchical access tree is used to encrypt the random element K associated with the symmetric key used in encrypting the file x Files in the file set are not directly encrypted. The specific process is as follows: first, a hierarchical access tree is entered, K is selected when generating a key x And (3) respectively calculating:
for all leaf nodes, calculate:
wherein att (y) represents the corresponding relation between leaf nodes and attributes in the hierarchical access tree, H 1 :{0,1} * The element can be mapped to group G, then the final ciphertext is:
s1024, re-encrypting the key K with the minimum coverage set i And encrypting to obtain the encrypted re-encryption key. Specifically, in order to achieve dynamic revocation of user attributes, the ciphertext needs to be re-encrypted by using a key generated by a key encryption key tree. For each attribute group G i Selecting a re-encryption key K i Re-encryption key K i Is a random number and then re-encrypts ciphertext associated with the leaf node:
after re-encrypting ciphertext associated with a leaf node, K is paired with a KEK in an attribute-group overlay set i And (5) carrying out symmetric encryption, storing the encrypted ciphertext and sending the encrypted ciphertext to the user.
S103, a conversion key TK and a decryption key DK are generated by using the user attribute set and the master key. In particular, in order to achieve outsourced decryption, a conversion key TK and a decryption key DK need to be generated. The conversion key TK is calculated by using the user attribute set and the master key, then the keys (TK and DK) are sent to the user, and the attribute group relation G of each attribute is sent to the cloud server.
The conversion key is expressed as:
where r denotes a randomly selected random number, and the decryption key is denoted dk=α'.
S104, the file is processedCiphertext CT 1 Ciphertext CT index 2 Symmetric key ciphertext CT 3 The encrypted re-encryption key, the layered access tree and the KEK tree are sent to the cloud server side, and the conversion key TK and the decryption key DK are sent to the user side.
At the data owner side, the attribute of the user can be revoked, which comprises the following steps.
(1) And acquiring the attribute of user revocation, and re-acquiring the re-encryption key to obtain a first re-encryption key.
(2) Encrypting the leaf nodes of the hierarchical access tree to obtain a re-encrypted symmetric key ciphertext CT 3 。
(3) The KEK tree is updated to regenerate the first minimum coverage set corresponding to the user attribute.
(4) And encrypting the first re-encryption key by using the first minimum coverage set to obtain a re-encrypted re-encryption key.
(5) Separately updating the encrypted symmetric key ciphertext CT 3 The encrypted re-encryption key and the re-encryption key are the re-encrypted symmetric key ciphertext CT 3 The re-encrypted re-encryption key and the first re-encryption key.
Illustratively, when a user leaves a data owner entity, the original access authority of the user needs to be revoked, and the method is realized by changing the membership of the attribute group. Assuming that attribute i is revoked for the user, the data owner side needs to reselect a K' i Then for ciphertext C y ,C' y Modification is performed, and the ciphertext for attribute i is modified as follows:
ciphertext for other attributes remains unchanged. Finally, the attribute group is redetermined, the smallest coverage set of the new attribute group is selected, and the KEK pair K 'is redetected' i Encryption is performed. This achieves that a certain attribute is revoked for a given user without affecting other users.
The invention provides a ciphertext retrieval method supporting hierarchical access control and user revocation, which is applied to a user terminal and comprises the following steps S201 to S207.
S201, obtaining a path key and a plurality of attribute group coverage sets corresponding to the user attributes in the KEK tree by utilizing the user attributes.
S202, performing intersection operation by using the path key and the plurality of attribute group coverage sets to obtain a plurality of corresponding sub KEK keys.
S203, decrypting the encrypted re-encryption key by using the plurality of sub KEK keys to obtain a plurality of corresponding re-encryption keys.
S204, obtaining a conversion key sent by a data owner, and updating the conversion key by utilizing the re-encryption key to obtain an updated conversion key TK'. Specifically, for example, when a user wants to perform a search, the user needs to use the path key of the user in the KEK tree and the attribute group overlay set to obtain a corresponding plurality of KEKs according to the attribute of the user, and then use the KEKs to decrypt to obtain the key K used in re-encryption i The conversion key is then updated:
s205, generating trapdoors by using the keywords, the random numbers, the public key and the user attributes, and sending the trapdoors and the updated conversion key TK' to the cloud server. Specifically, if the user wants to search for a file containing the keyword w', a search trapdoor is first generated according to the keyword and the attribute set of the user.
Calculating trapdoors by using a random number s, a user query keyword and a user attribute set selected randomly by a user:
wherein,T 2 =g cs ,T 3 =(D w ) s and finally, the generated trapdoor and the updated conversion key TK' are sent to the cloud server.
S206, acquiring a query result returned by the cloud server; wherein, the query result includes: partially decrypted ciphertext CT', file ciphertext CT 1 Symmetric key ciphertext CT 3 In (a) and (b)
S207, utilizing decryption key DK and symmetric key ciphertext CT 3 And decrypting the partial decrypted ciphertext CT' to obtain an unencrypted file.
Specifically, in step S207, the decryption key DK and the symmetric key ciphertext CT are used 3 The partial decryption ciphertext CT' is decrypted to obtain an unencrypted file, comprising the following steps S2071 to S2075.
S2071, using decryption key DK and symmetric key ciphertext CT 3 Decrypting the partial decrypted ciphertext CT' to obtain a random element K x . Specifically, K is obtained by decryption using decryption key DK x :
S2072, using hash function, for random element K x And carrying out hash operation to obtain the random label.
S2073, carrying out hash operation on the random tag and the file ciphertext to obtain a calculation verification key VK'.
S2074, judging whether the verification key VK' and the verification key VK are the same, if so, for the random element K x Calculating to obtain a symmetric key K SE 。
Decryption to obtain K x After that, integrity verification is required, and the prior hash function is used for K x Hash to Tag 0 Then Tag is put into 0 CT with file ciphertext 1 Then hashed together to generate a calculated verification key VK',verify if VK is equal to the previous one.
S2075, using symmetric key K SE And decrypting the file ciphertext to obtain an unencrypted file. If equal, then to K x Calculating to obtain a key K for encrypting the file x . Finally using this key K x And decrypting to obtain the original file.
The invention provides a ciphertext retrieval method supporting hierarchical access control and user revocation, which is applied to a cloud server side and comprises the following steps S301 to S304.
S301, acquiring user attributes and keywords, judging whether the user attributes are in a hierarchical access tree, if so, executing the following steps, and if not, returning to the empty set. Specifically, after obtaining the query request, the cloud server first checks whether the attribute of the user meets a certain layer in the hierarchical access structure, and if so, matches the attribute on the encryption index according to the trapdoor.
Specifically, in the attribute determination, if the attribute of the user is in the set attribute set, the leaf node performs calculation according to the following formula, where θ=e (g, g):
for all non-leaf nodes, the calculation is performed using Lagrangian interpolation from all its child nodes:
wherein S is x Child node set representing node x, j=index (x ') and S' x ={index(x′):x′∈S x }。
S302, matching is carried out on the encryption index by using the trapdoor, and if the matching is carried out, the symmetric key ciphertext is returned. In particular, using indexed ciphertext CT 2 And the generated trapdoor T w′ Verifying whether there is a match is by the following equation:
if the two ciphertexts are matched, returning the corresponding ciphertext, otherwise returning to the null state.
S303, the symmetric key ciphertext is partially decrypted by using the updated conversion key, and the partially decrypted ciphertext is obtained. Specifically, the ciphertext needs to be partially decrypted by using the conversion key TK', and the partially decrypted ciphertext is generated:
s304, the partial decrypted ciphertext, the symmetric key ciphertext and the file ciphertext are sent to the user side, namely, the partial decrypted ciphertext CT' and the file ciphertext CT are sent to the user side 1 Symmetric key ciphertext CT 3 In (a) and (b)And sending the message to a user terminal.
And the complex query part is outsourced to the cloud server, so that the problem of low decryption efficiency of the equipment with low computing capacity is solved.
At the cloud server side, the method further comprises the step of performing the operation of cancelling the user attribute, and specifically comprises the following steps:
(1) And acquiring the user revocation attribute request and re-acquiring the re-encryption key to obtain a first re-encryption key.
(2) Encrypting the leaf nodes of the hierarchical access tree to obtain a re-encrypted symmetric key ciphertext CT 3 。
(3) Updating the KEK tree, and regenerating a first minimum coverage set corresponding to the user attribute and the updated KEK tree.
(4) And encrypting the first re-encryption key by using the first minimum coverage set to obtain a re-encrypted re-encryption key.
(5) Separately updating the encrypted symmetric key ciphertext CT 3 KEK tree, encrypted re-encryption key and re-encryption keySymmetric key ciphertext CT with re-encrypted key 3 An updated KEK tree, a re-encrypted re-encryption key, and a first re-encryption key.
Illustratively, when a user leaves a data owner entity, the original access authority of the user needs to be revoked, and the method is realized by changing the membership of the attribute group. Assuming that attribute i is revoked for the user, the cloud server needs to reselect one and K' i Then for ciphertext C y ,C' y Modification is performed, and the ciphertext for attribute i is modified as follows:
ciphertext for other attributes remains unchanged. Finally, the attribute group is redetermined, the smallest coverage set of the new attribute group is selected, and the KEK pair K 'is redetected' i Encryption is performed. This achieves that a certain attribute is revoked for a given user without affecting other users.
The invention provides a ciphertext retrieval system supporting hierarchical access control and user revocation, which comprises the following components as shown in figure 6: data owner, user side and cloud server.
The data owner is used for encrypting the data and sending the encrypted data to the cloud server. Specifically, the data includes: file set, inverted index, symmetric key and re-encryption key K i . The data owner processes the file set, extracts keywords, constructs an inverted index, encrypts the data and encrypts the file ciphertext CT 1 Ciphertext CT index 2 Symmetric key ciphertext CT 3 The encrypted re-encryption key, the layered access tree and the KEK tree are sent to the cloud server side, and the conversion key TK and the decryption key DK are sent to the user side.
The user side is used for sending the query request, obtaining the query result and obtaining decrypted data according to the query result. Specifically, a query request is sent to a cloud server, wherein the query request comprises a user attribute set and a user identity, and a path key, a plurality of attribute group coverage sets and an encrypted re-encryption key corresponding to the request in a KEK tree are obtained.
Calculating to obtain an updated conversion key by using the obtained information;
then, query keywords are utilized to obtain trapdoors, and finally, partial decryption ciphertext, symmetric key ciphertext and file ciphertext are obtained by utilizing the trapdoors and updating the conversion key;
and decrypting part of the decrypted ciphertext by using the decryption key DK and the symmetric key ciphertext CT' to obtain an unencrypted file.
The cloud server is used for acquiring a query request of the user side, and performing query decryption to obtain a query result. Specifically, the cloud server stores the encrypted data sent by the data owner, queries the encrypted data by using a query request of the user side, and returns a query result to the user side.
The invention not only can realize the ciphertext keyword retrieval on the basis of file layering, but also has the following advantages:
functionality: the dynamic user attribute revocation is realized, and compared with the original hierarchical attribute base encryption scheme, the dynamic user attribute revocation method is more suitable for a real scene and has more practicability.
Efficiency is as follows: compared with the prior art, the scheme greatly reduces the calculation overhead of the user side. The invention designs verifiable outsourcing decryption, complex decryption operation on bilinear mapping is carried out on a server, partial decryption results are sent to the user side, and the user side only needs to carry out one simple exponential operation, so that the problem of low decryption efficiency of equipment with low operation capability is solved. Fig. 4 is a diagram showing the variation of the query request time with the number of user attributes, and fig. 5 is a diagram showing the variation of the outsource decryption time and the local decryption time with the number of users.
As can be seen from fig. 4, the trapdoor generation time of the present invention varies sub-linearly with the user attribute, and when the number of user attributes is 50, the trapdoor generation time is only 0.596 seconds. As can be seen from fig. 5, the time of outsourcing decryption is much longer than the time of local decryption, and when the number of user attributes is 10-50, the time required for local decryption is only 10 milliseconds. Therefore, compared with the scheme in the prior art, the method and the device can greatly reduce the calculation cost of the user side and can be widely applied to actual scenes.
The methods, systems or modules described in this invention may be implemented in computer readable program code means and the controller may be implemented in any suitable way, for example, the controller may take the form of a microprocessor or processor and a computer readable medium storing computer readable program code (e.g. software or firmware) executable by the (micro) processor, logic gates, switches, application specific integrated circuits (english: application Specific Integrated Circuit; abbreviated: ASIC), programmable logic controller and embedded microcontroller, examples of the controller including but not limited to the following microcontrollers: ARC 625D, atmel AT91SAM, microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic of the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller in a pure computer readable program code, it is well possible to implement the same functionality by logically programming the method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers, etc. Such a controller can be regarded as a hardware component, and means for implementing various functions included therein can also be regarded as a structure within the hardware component. Or even means for achieving the various functions may be regarded as either software modules implementing the methods or structures within hardware components.
Each end of the system of the present invention may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, classes, etc. that perform particular tasks or implement particular abstract data types. The invention may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
From the above description of embodiments, it will be apparent to those skilled in the art that the present invention may be implemented in software plus necessary hardware. Based on such understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art in the form of a software product or may be embodied in the implementation of data migration.
The invention provides a computer readable storage medium, which is provided with executable instructions, and the computer can realize a ciphertext retrieval method supporting hierarchical access control and user revocation when executing the executable instructions. The computer software product may be stored on a storage medium, such as ROM/RAM, magnetic disk, optical disk, etc., comprising instructions for causing a computer device (which may be a personal computer, mobile terminal, server, or network device, etc.) to perform the methods described in the various embodiments or portions of the embodiments of the invention.
In this specification, each embodiment is described in a progressive manner, and the same or similar parts of each embodiment are referred to each other, and each embodiment is mainly described as a difference from other embodiments. All or portions of the present invention are operational with numerous general purpose or special purpose computer system environments or configurations. For example: personal computers, server computers, hand-held or portable devices, tablet devices, mobile communication terminals, multiprocessor systems, microprocessor-based systems, programmable electronic devices, network PCs, minicomputers, mainframe computers, distributed computing environments that include any of the above systems or devices, and the like.
The above embodiments are only for illustrating the technical solution of the present invention, and not for limiting the present invention; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some or all of the technical features thereof can be replaced with equivalents; such modifications and substitutions do not depart from the spirit of the invention.
Claims (10)
1. A ciphertext retrieval method supporting hierarchical access control and user revocation, applied to a data owner, comprising:
establishing an inverted index related to a file set by utilizing keywords, determining a KEK tree by utilizing a user set and an attribute set, and constructing a hierarchical access tree by utilizing the attribute set;
for the file set, the inverted index, the symmetric key and the re-encryption key K respectively i Encrypting to obtain file ciphertext CT 1 Ciphertext CT index 2 Symmetric key ciphertext CT 3 And the encrypted re-encryption key; wherein the symmetric key is a key when encrypting the file set, and the re-encryption key K i A key to encrypt leaf nodes of the hierarchical access tree;
generating a conversion key and a decryption key by using the user attribute set and the master key;
CT of the file ciphertext 1 The index ciphertext CT 2 Said symmetric key ciphertext CT 3 And sending the encrypted re-encryption key, the hierarchical access tree and the KEK tree to a cloud server side, and sending the conversion key and the decryption key to a user side.
2. The ciphertext retrieval method for supporting hierarchical access control and user revocation as recited in claim 1, applied to a data owner, wherein the file ciphertext CT is obtained by encrypting the file set, the inverted index, the symmetric key, and the re-encryption key, respectively 1 Ciphertext CT index 2 Symmetric key ciphertext CT 3 And before the encrypted re-encryption key, further comprising:
initializing is carried out, and a master key and a public key are generated;
using random elements K on groups of multiplication loops x Generating a symmetric key K SE ;
For the random element K x Generating a random label by utilizing a hash function;
the random tag and the file ciphertext utilize the hash function to obtain a verification key;
and generating a minimum coverage set corresponding to the user attribute by using the KEK tree.
3. The ciphertext retrieval method for supporting hierarchical access control and user revocation as recited in claim 2, applied to a data owner, wherein the encrypting the file set, the inverted index, the symmetric key and the re-encryption key respectively corresponds to a file ciphertext CT 1 Ciphertext CT index 2 Symmetric key ciphertext CT 3 And an encrypted re-encryption key comprising:
respectively using different said symmetric keys K SE Encrypting each file in the file set to obtain the file ciphertext CT 1 ;
Encrypting the inverted index by utilizing parameters in the public key to obtain the index ciphertext CT 2 ;
Using the hierarchical access tree and the re-encryption key K i And parameters in said public key for said random element K associated with said symmetric key x Encrypting the attribute set in the hierarchical access tree to obtain the symmetric key ciphertext CT 3 ;
The re-encryption key K is encrypted by the minimum coverage set i And encrypting to obtain the encrypted re-encryption key.
4. The ciphertext retrieval method of claim 2, applied to a data owner, further comprising:
acquiring the attribute of user revocation and re-acquiring the re-encryption key to obtain a first re-encryption key;
encrypting the leaf nodes of the hierarchical access tree to obtain a re-encrypted symmetric key ciphertext CT 3 ;
Updating the KEK tree, and regenerating a first minimum coverage set corresponding to the user attribute;
encrypting the first re-encryption key by using the first minimum coverage set to obtain a re-encrypted re-encryption key;
separately updating the encrypted symmetric key ciphertext CT 3 The re-encrypted encryption key and the re-encrypted key are the re-encrypted symmetric key ciphertext CT 3 The re-encrypted re-encryption key and the first re-encryption key.
5. A ciphertext retrieval method supporting hierarchical access control and user revocation is applied to a user terminal, and is characterized by comprising the following steps:
sending a query request to a cloud server to obtain a path key, a plurality of attribute group coverage sets and an encrypted re-encryption key corresponding to the query request in a KEK tree; wherein the query request includes: user identity and user attributes;
performing intersection operation by using the path key and the attribute group coverage sets to obtain a plurality of corresponding sub KEK keys;
decrypting the encrypted re-encryption key by using the plurality of sub KEK keys to obtain a plurality of corresponding re-encryption keys;
updating the conversion key by using the re-encryption key to obtain an updated conversion key;
generating trapdoors by using the keywords, the random numbers, the public keys and the user attributes, and sending the trapdoors and the updated conversion keys to a cloud server;
acquiring a query result returned by the cloud server; wherein, the query result includes: partial decryption ciphertext, symmetric key ciphertext and file ciphertext;
and decrypting the part of the decrypted ciphertext by using the decryption key and the symmetric key ciphertext to obtain an unencrypted file.
6. The ciphertext retrieval method for supporting hierarchical access control and user revocation as recited in claim 5, applied to a user terminal, wherein decrypting the portion of the decrypted ciphertext using a decryption key and the symmetric key ciphertext to obtain an unencrypted file comprises:
decrypting the partial decrypted ciphertext by using the decrypted key and the symmetric key ciphertext to obtain a random element K x ;
Using a hash function on the random element K x Performing hash operation to obtain a random label;
carrying out hash operation on the random tag and the file ciphertext to obtain a calculation verification key;
judging whether the calculated verification key is the same as the verification key, if so, then for the random element K x Calculating to obtain a symmetric key;
and decrypting the file ciphertext by using the symmetric key to obtain an unencrypted file.
7. A ciphertext retrieval method supporting hierarchical access control and user revocation is applied to a cloud server side, and is characterized by comprising the following steps:
acquiring user attributes and keywords, judging whether the user attributes are in a hierarchical access tree, if so, executing the following steps, and if not, returning to an empty set;
matching is carried out on the encryption index by using the trapdoor, and if the matching is carried out, a symmetric key ciphertext is returned;
the symmetric key ciphertext is partially decrypted by using the updated conversion key, so that a partially decrypted ciphertext is obtained;
and sending the partial decryption ciphertext, the symmetric key ciphertext and the file ciphertext to a user side.
8. The ciphertext retrieval method for supporting hierarchical access control and user revocation as recited in claim 7, applied to a cloud server, further comprising:
acquiring a user revocation attribute request and re-acquiring a re-encryption key to obtain a first re-encryption key;
encrypting the leaf nodes of the hierarchical access tree to obtain a re-encrypted symmetric key ciphertext CT 3 ;
Updating the KEK tree, and regenerating a first minimum coverage set corresponding to the user attribute and the updated KEK tree;
encrypting the first re-encryption key by using the first minimum coverage set to obtain a re-encrypted re-encryption key;
separately updating the encrypted symmetric key ciphertext CT 3 The KEK tree, the encrypted re-encryption key and the re-encryption key are the re-encrypted symmetric key ciphertext CT 3 The updated KEK tree, the re-encrypted re-encryption key, and the first re-encryption key.
9. A ciphertext retrieval system that supports hierarchical access control and user revocation, comprising: the cloud server comprises a data owner, a user and a cloud server;
the data owner is used for encrypting data and sending the encrypted data to the cloud server;
the user side is used for sending a query request, obtaining a query result and obtaining decrypted data according to the query result;
the cloud server is used for acquiring the query request of the user side, and performing query decryption to obtain a query result.
10. A computer readable storage medium having executable instructions that when executed by a computer enable the ciphertext retrieval method of any one of claims 1 to 8 that supports hierarchical access control and user revocation.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410038657.0A CN117763592A (en) | 2024-01-10 | 2024-01-10 | Ciphertext retrieval method and system supporting hierarchical access control and user revocation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202410038657.0A CN117763592A (en) | 2024-01-10 | 2024-01-10 | Ciphertext retrieval method and system supporting hierarchical access control and user revocation |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN117763592A true CN117763592A (en) | 2024-03-26 |
Family
ID=90310877
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202410038657.0A Pending CN117763592A (en) | 2024-01-10 | 2024-01-10 | Ciphertext retrieval method and system supporting hierarchical access control and user revocation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN117763592A (en) |
-
2024
- 2024-01-10 CN CN202410038657.0A patent/CN117763592A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Narayanan et al. | A novel system architecture for secure authentication and data sharing in cloud enabled Big Data Environment | |
| CN110224986B (en) | Efficient searchable access control method based on hidden policy CP-ABE | |
| CN114065265B (en) | Fine-grained cloud storage access control method, system and equipment based on blockchain technology | |
| Huang et al. | Survey on securing data storage in the cloud | |
| EP2293490A1 (en) | Information processing device, encryption key management method, computer program and integrated circuit | |
| CN110611662B (en) | Attribute-based encryption-based fog collaborative cloud data sharing method | |
| WO2018010791A1 (en) | Apparatus and method for certificate enrollment | |
| US20140052985A1 (en) | Methods for providing requested data from a storage device to a data consumer and storage devices | |
| CN113434875A (en) | Lightweight access method and system based on block chain | |
| Deng et al. | Tracing and revoking leaked credentials: accountability in leaking sensitive outsourced data | |
| CN113194089A (en) | Attribute-based encryption method for ciphertext strategy supporting attribute revocation | |
| Aruna et al. | Medical healthcare system with hybrid block based predictive models for quality preserving in medical images using machine learning techniques | |
| Sandhia et al. | Secure sharing of data in cloud using MA-CPABE with elliptic curve cryptography | |
| CN116611083A (en) | Medical data sharing method and system | |
| Chen et al. | How to implement secure cloud file sharing using optimized attribute-based access control with small policy matrix and minimized cumulative errors | |
| CN110011963A (en) | The information processing method with the more authorization CP-ABE effectively cancelled based on OBDD | |
| Merdassi et al. | A new LTMA-ABE location and time access security control scheme for mobile cloud | |
| Kanimozhi et al. | Secure sharing of IOT data in cloud environment using attribute-based encryption | |
| CN114143072A (en) | CP-ABE-based attribute revocation optimization method and system | |
| Bouchaala et al. | Revocable sliced ciphertext policy attribute based encryption scheme in cloud computing | |
| Shen et al. | Ensuring query completeness in outsourced database using order-preserving encryption | |
| CN117763592A (en) | Ciphertext retrieval method and system supporting hierarchical access control and user revocation | |
| Zhang et al. | Secure deduplication based on Rabin fingerprinting over wireless sensing data in cloud computing | |
| CN116996870A (en) | Traceable and revocable decentralised CP-ABE privacy protection method and system | |
| Ma et al. | Secure and Efficient Cloud Data Deduplication Supporting Dynamic Data Public Auditing. |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |