CN104023051A

CN104023051A - Multi-user multi-keyword searchable encryption method in cloud storage

Info

Publication number: CN104023051A
Application number: CN201410219689.7A
Authority: CN
Inventors: 王尚平; 张亚玲; 邹又姣
Original assignee: Xian University of Technology
Current assignee: Xian University of Technology
Priority date: 2014-05-22
Filing date: 2014-05-22
Publication date: 2014-09-03

Abstract

The invention discloses a multi-user multi-keyword searchable encryption method in cloud storage, comprising the following steps: Step 1, system parameter initialization; Step 2, addition of users; Step 3, file encryption by a file owner and generation of security index; Step 4, generation of keyword search token by users; Step 5, search of ciphertext keyword by a cloud storage server; Step 6, decryption of ciphertext by users; and Step 7, cancellation of users. According to the method, an authorized user can search an encrypted file by the utilization of a trap door linked with a keyword; a data user encrypts his/her own data and stores the data into the cloud storage server; and the required encrypted data can be searched through a keyword search token when the data is needed, and download and decryption are carried out. Meanwhile, the cloud storage server doesn't know about the user's search keyword, thus guaranteeing data information privacy for the user. The method is suitable for a multi-user environment.

Description

Multi-user and multi-keyword searchable encryption method in cloud storage

技术领域technical field

本发明属于信息安全技术领域，应用于云计算中数据安全存储服务过程中，具体涉及一种云存储中多用户多个关键词可搜索的加密方法。The invention belongs to the technical field of information security, is applied in the process of data security storage service in cloud computing, and specifically relates to an encryption method in which multiple users and multiple keywords can be searched in cloud storage.

背景技术Background technique

云计算作为一种新的计算模型，能够提供成本较低、可扩展的各种先进的计算服务，为了节省存储及管理数据的代价，企业和个人可以将数据外包到云存储服务器。云存储服务提供的数据具有可用性和可靠性等优势，但是其也有一个很明显的缺点，即数据不在用户的管理及控制之下，那么如何维护数据的机密性和完整性便成为用户迫切关注的问题。As a new computing model, cloud computing can provide various advanced computing services with low cost and scalability. In order to save the cost of storing and managing data, enterprises and individuals can outsource data to cloud storage servers. The data provided by the cloud storage service has the advantages of availability and reliability, but it also has an obvious disadvantage, that is, the data is not under the management and control of the user, so how to maintain the confidentiality and integrity of the data becomes an urgent concern of the user. question.

虽然企业相信云存储服务提供商(Cloud Storage Service Provider,CSSP)的可靠性、可用性、容错性等，但是人们无法确信CSSP不将托管的数据用于其他目的；同样对于个人用户而言，他们希望自己的数据只能由自己或指定的人访问而不能被CSSP访问。这将导致两方面的问题：一方面，从用户的角度看，他们无法找到让他们完全可信的CSSP来存储和管理他们的数据；另一方面从CSSP的角度看，在没有解决上述问题的情况下将会丢失大量的客户。因此，数据的机密性及完整性将阻碍云存储的推广及使用。Although enterprises believe in the reliability, availability, fault tolerance, etc. of Cloud Storage Service Providers (Cloud Storage Service Providers, CSSPs), people cannot be sure that CSSPs will not use hosted data for other purposes; Your own data can only be accessed by yourself or designated people and cannot be accessed by CSSP. This will lead to two problems: on the one hand, from the user's point of view, they cannot find a fully trusted CSSP to store and manage their data; on the other hand, from the point of view of CSSP, without solving the above problems In this case, a large number of customers will be lost. Therefore, the confidentiality and integrity of data will hinder the promotion and use of cloud storage.

鉴于以上的实际问题，云存储中数据必须在传输到CSSP之前，由用户自己加密，并且也只能由用户自己进行解密，这样将会减轻用户数据泄漏的危险。但这将引入一个新的问题，如用户需要包含某个关键字的文档，那么用户是否能很快的获得他们想要的数据并保证数据对CSSP的机密性？In view of the above practical problems, the data in cloud storage must be encrypted by the user before being transmitted to CSSP, and can only be decrypted by the user himself, which will reduce the risk of user data leakage. But this will introduce a new problem, if the user needs a document containing a certain keyword, can the user quickly obtain the data they want and ensure the confidentiality of the data to CSSP?

可搜索加密作为一种新的密码学技术，能够在加密的数据集合上进行搜索查询，具体方法是，先为文件集合生成索引集合，再使用可搜索加密对这些索引进行加密以隐藏索引内容，并且加密要满足如下性质：1)给定一个关键字(即索引)的令牌，可以获得包含该关键字的所有文件的指针；2)没有令牌，索引的内容是隐藏的；3)只有具有相关密钥的用户才能生成令牌；4)检索过程除了暴露了哪些文件共享某个关键字外，不会暴露任何有关文件和关键字的具体信息。可搜索加密的核心作用是为云存储服务提供：一是用户自己控制其数据；二是数据的安全性质可以通过密码学原理验证，而不是通过法律、物理设备来确定安全性。As a new cryptography technology, searchable encryption can perform search queries on encrypted data collections. The specific method is to generate index collections for file collections, and then use searchable encryption to encrypt these indexes to hide the index content. And the encryption must meet the following properties: 1) Given a token of a keyword (ie index), pointers to all files containing the keyword can be obtained; 2) Without tokens, the content of the index is hidden; 3) Only Only users with relevant keys can generate tokens; 4) The retrieval process will not reveal any specific information about files and keywords except which files share a certain keyword. The core role of searchable encryption is to provide cloud storage services: first, users themselves control their data; second, the security nature of data can be verified through cryptography principles, rather than legal and physical devices to determine security.

发明内容Contents of the invention

本发明的目的是提供一种云存储中多用户多个关键词可搜索的加密方法，解决了现有技术中的云存储数据加密后不能实现关键词检索的问题。The purpose of the present invention is to provide an encryption method in which multiple users and multiple keywords can be searched in cloud storage, which solves the problem in the prior art that keyword retrieval cannot be realized after cloud storage data is encrypted.

本发明采用的技术方案是，一种云存储中多用户多个关键词可搜索的加密方法，The technical solution adopted by the present invention is an encryption method in which multiple users and multiple keywords can be searched in cloud storage,

文件加密者为Ent，文档集合D＝(D₁,…,D_n)，存储服务器为Serv，设文档D_i的关键词列表为W_i＝(w_i,1,…,w_i,m)，1≤i≤n，n是即将存储的文件个数，m是文档D_i中的关键词个数，w_i,j为D_i的第j个关键词字段的关键词，1≤j≤m，按照以下步骤实施：The file encryptor is Ent, the document set D=(D ₁ ,…,D _n ), the storage server is Serv, and the keyword list of document D _i is W _i =(w _i,1 ,…,w _i,m ) , 1≤i≤n, n is the number of files to be stored, m is the number of keywords in document D _i , w _i,j is the keyword of the jth keyword field of D _i , 1≤j≤ m, follow the steps below:

步骤1、系统参数初始化Step 1. System parameter initialization

由用户管理机构UM输入安全参数k，输出阶为素数q的循环群G，g为G的生成元，并且G中的DDHP是困难的；The user management organization UM inputs the security parameter k, outputs a cyclic group G whose order is a prime number q, g is the generator of G, and DDHP in G is difficult;

随机选择作为UM的主密钥，记为k_UM＝x，计算h＝g^x；UM选择两个伪随机函数 $f^{'} : {0,1}^{k} \times {0,1}^{*} &RightArrow; Z_{q}^{*}$ 和 $f^{''} : {0,1}^{k} \times Z_{q}^{*} &RightArrow; Z_{q}^{*}$ 及其随机种子分别为s′,s″∈_R{0,1}^k，并为语义安全的对称加密算法Enc(·)选择加密密钥ek，发布params＝(G，g，q，f′,f″,h，Enc)作为系统参数，保密用户管理机构UM的私钥为msk_Ent＝x及文件加密密钥ek；random selection As the master key of UM, denoted as k _UM =x, calculate h=g ^x ; UM chooses two pseudo-random functions $f^{'} : {0,1}^{k} \times {0,1}^{*} &Right Arrow; Z_{q}^{*}$ and $f^{''} : {0,1}^{k} \times Z_{q}^{*} &Right Arrow; Z_{q}^{*}$ and their random seeds are s′, s″∈ _R {0,1} ^k respectively, and select the encryption key ek for the semantically secure symmetric encryption algorithm Enc( ), and issue params=(G, g, q, f′ , f", h, Enc) as system parameters, the private key of the confidential user management organization UM is msk _Ent =x and file encryption key ek;

步骤2、添加用户Step 2. Add users

由用户管理机构UM输入UM的主密钥k_UM＝x和用户身份u_ID∈U，输出u_ID的密钥和辅助密钥 $({sk}_{u_{ID}}, com k_{u_{ID}}) = (x_{u_{ID}} {&Element;}_{R} Z_{q}^{*}, g^{k_{UM} / x_{u_{ID}}}) = (x_{u_{ID}}, g^{x / x_{u_{ID}}});$ 将,安全)地发送给用户u_ID；将 $(u_{ID} . com k_{u_{ID}}) = (u_{ID}, g^{k_{UM} / x_{u_{ID}}})$ 安全地发送给云存储服务器Serv，云存储服务器Serv在其用户列表U-ComK中加入用户信息The user management organization UM inputs UM's master key k _UM = x and user identity u _ID ∈ U, and outputs the key and auxiliary key of u _ID $({sk}_{u_{ID}}, com k_{u_{ID}}) = (x_{u_{ID}} {&Element;}_{R} Z_{q}^{*}, g^{k_{UM} / x_{u_{ID}}}) = (x_{u_{ID}}, g^{x / x_{u_{ID}}});$ Will , securely) sent to the user u _ID ; will $(u_{ID} . com k_{u_{ID}}) = (u_{ID}, g^{k_{UM} / x_{u_{ID}}})$ Securely send to cloud storage server Serv, cloud storage server Serv adds user information in its user list U-ComK

$(({u u}_{ID ID} . . com com {k k}_{{u u}_{ID ID}})) = = (({u u}_{ID ID},, {g g}^{{k k}_{UM UM} / / {x x}_{{u u}_{ID ID}}}));;$

步骤3、文件拥有者对文件加密和安全索引生成Step 3. The file owner encrypts the file and generates a security index

用户u_ID输入用户密钥加密密钥ek、随机种子s′、文档D_i及其关键词列表W_i＝(w_i,1,…,w_i,m),1≤i≤n，随机选择r_i∈_RZ_q，计算和E_i＝Enc_ek(D_i)，对1≤j≤m,计算σ_i,j＝f′(s′,w_i,j)， $I_{i, j} = {(gh)}^{r_{i} σ_{i, j}},$ User u _ID Enter user key Encryption key ek, random seed s′, document D _i and its keyword list W _i =(w _i,1 ,…,w _i,m ), 1≤i≤n, randomly select r _i ∈ _R Z _q , calculate and E _i =Enc _ek (D _i ), for 1≤j≤m, calculate σ _i,j =f'(s',w _i,j ), $I_{i, j} = {(gh)}^{r_{i} σ_{i, j}},$

令文件索引为I_i,1,…,I_i,m)，记C_i＝(E_i,I_i)，将(uI_D,C_i)发送给云存贮服务器Serv进行存储；Let the file index be I _i,1 ,...,I _i,m ), record C _i =(E _i ,I _i ), send (uI _D ,C _i ) to the cloud storage server Serv for storage;

步骤4、用户关于关键词搜索令牌的生成Step 4. Generation of user search tokens for keywords

用户u_ID输入s′、s″和要检索的关键词位置1≤l₁,…,l_d≤m及对应的关键词w₁′,…,w′_d，d是用户搜索的关键词个数，User u _ID input s′, s″ and the keyword position to be retrieved 1≤l ₁ ,…,l _d ≤m and the corresponding keywords w ₁ ′,…,w′ _d , where d is the number of keywords searched by the user,

随机选择随机数按照下式计算：random number Calculate according to the following formula:

${T T}_{11} = = (({t t}_{11} + + {f f}^{' '' '} (({s the s}^{' '' '},, {t t}_{22})) {Σ Σ}_{j j = = 11}^{d d} {f f}^{' '} (({s the s}^{' '},, {w w}_{j j}^{' '})))) s the s {k k}_{{u u}_{ID ID}} = = (({t t}_{11} + + {f f}^{' '' '} (({s the s}^{' '' '},, {t t}_{22})) {Σ Σ}_{j j = = 11}^{d d} {f f}^{' '} (({s the s}^{' '},, {w w}_{j j}^{' '})))) {x x}_{{u u}_{ID ID}},,$

T₂＝t₁，T₃＝f″(s″,t₂)，T ₂ =t ₁ , T ₃ =f"(s",t ₂ ),

将搜索令牌T＝(u_ID,T₁,T₂,T₃,l₁,…,l_d)发送给云存贮服务器Serv；Send the search token T=(u _ID , T ₁ , T ₂ , T ₃ , l ₁ ,..., l _d ) to the cloud storage server Serv;

步骤5、云存储服务器关于密文关键词的搜索Step 5, cloud storage server searches for ciphertext keywords

云存贮服务器Serv执行用于搜索加密文档，输入陷门T＝(u_ID,T₁,T₂,T₃,l₁,…,l_d)及密文C_i＝(E_i,I_i)，Serv初始化空集Ω，对每一个密文C_i＝(E_i,I_i),1≤i≤n,中的I_i，判断下式是否成立：The cloud storage server Serv executes to search encrypted documents, input trapdoor T=(u _ID ,T ₁ ,T ₂ ,T ₃ ,l ₁ ,…,l _d ) and ciphertext C _i =(E _i ,I _i ), Serv initializes the empty set Ω, and for each ciphertext C _i ＝(E _i ,I _i ), 1≤i≤n, I _i in it, judge whether the following formula holds true:

$\begin{matrix} {(({(({g g}^{11 / / {x x}_{{u u}_{ID ID}}}))}^{{r r}_{i i}} {(({h h}^{11 / / {x x}_{{u u}_{ID ID}}}))}^{{r r}_{i i}}))}^{{T T}_{11}} / / {(({g g}^{{r r}_{i i}} {h h}^{{r r}_{i i}}))}^{{T T}_{22}} \\ = = {((gh gh))}^{{r r}_{i i} (({Σ Σ}_{j j = = 11}^{d d} {f f}^{' '} (({s the s}^{' '},, {w w}_{j j}^{' '})))) {f f}^{' '' '} (({s the s}^{' '' '},, {t t}_{22})) ? ?} = = {(({Π Π}_{j j = = 11}^{d d} {((gh gh))}^{{r r}_{i i} {σ σ}_{i i,, {l l}_{j j}}}))}^{{T T}_{33}} \end{matrix},,$

其中的 $I_{i} = {((g^{1 / x_{u_{ID}}})}^{r_{i}}, g^{r_{i}}, {(h^{1 / x_{u_{ID}}})}^{r_{i}}, h^{r_{i}}, I_{i . 1}, \cdot \cdot \cdot, I_{i, m}), I_{i, j} = {(gh)}^{r_{i} σ_{i, j}},$ one of them $I_{i} = {((g^{1 / x_{u_{ID}}})}^{r_{i}}, g^{r_{i}}, {(h^{1 / x_{u_{ID}}})}^{r_{i}}, h^{r_{i}}, I_{i . 1}, \cdot \cdot \cdot, I_{i, m}), I_{i, j} = {(gh)}^{r_{i} σ_{i, j}},$

等号上的问号表示是否相等的意思，The question mark on the equal sign means whether they are equal or not.

若成立，则Ω＝Ω∪{E_i}；If established, then Ω=Ω∪{E _i };

否则，该密文与关键词不匹配，继续搜索下一个关键词索引I_i+1，最后将搜索结果Ω发送给用户u_ID；Otherwise, the ciphertext does not match the keyword, continue to search for the next keyword index I _i+1 , and finally send the search result Ω to user u _ID ;

步骤6、用户关于密文的解密Step 6. The user decrypts the ciphertext

用户u_ID执行用来解密密文，输入对称密钥ek及接收到的Ω，对计算D_i＝Dec_ek(E_i)；The user u _ID is used to decrypt the ciphertext, input the symmetric key ek and the received Ω, for Calculate D _i = Dec _ek (E _i );

步骤7、撤销用户Step 7. Cancel user

用户管理机构UM执行用来撤销用户，输入用户身份u_ID，UM向云存贮服务器Serv发送撤销用户u_ID的命令，Serv执行操作即云存储服务器CSS删除用户u_ID注册项目即成。The user management agency UM executes to revoke the user, input the user identity u _ID , UM sends a command to revoke the user u _ID to the cloud storage server Serv, and the Serv executes the operation That is, the cloud storage server CSS deletes the user u _ID registration item Serve.

本发明的有益效果是：The beneficial effects of the present invention are:

1)本发明采用授权用户和存储服务器先后对关键词加密的方式提出了一种可搜索多个关键词的加密方法，使得授权用户能够利用连接关键词的陷门搜索加密文档。通过本发明的方法，数据用户可以将自己的数据加密后，存放到云存储服务器，需要时候，可以通过关键词检索令牌检索到需要的密文数据，然后下载解密。同时，云存储服务器并不知道用户检索的关键词，确保用户的数据信息隐私性。通过与现有方案相比较，本发明方法在通信和计算代价，即搜索陷门大小、关键词加密和搜索的速度等方面的综合效率得到提高。1) The present invention proposes an encryption method that can search for multiple keywords by adopting the method of encrypting keywords successively by the authorized user and the storage server, so that the authorized user can use the trapdoor connecting the keywords to search for encrypted documents. Through the method of the present invention, data users can encrypt their data and store it in the cloud storage server. When necessary, they can retrieve the required ciphertext data through the keyword search token, and then download and decrypt it. At the same time, the cloud storage server does not know the keywords retrieved by the user, ensuring the privacy of the user's data information. Compared with the existing schemes, the comprehensive efficiency of the method in the present invention is improved in terms of communication and calculation cost, that is, search trapdoor size, keyword encryption and search speed.

2)本发明方案是适合多用户环境的，这里的多用户是指可以增加和撤销用户，用户增加可以通过算法Enroll(k_UM,u_ID)实现，用户的撤销可以通过算法RevokeUser(u_ID)实现。2) The scheme of the present invention is suitable for a multi-user environment. The multi-user here refers to users that can be added and revoked. The increase of users can be realized through the algorithm Enroll(k _UM , u _ID ), and the revocation of users can be achieved through the algorithm RevokeUser(u _ID ) accomplish.

具体实施方式Detailed ways

下面结合具体实施方式对本发明进行详细说明。The present invention will be described in detail below in combination with specific embodiments.

本发明云存储中多用户多个关键词可搜索的加密方法，按照以下步骤实施：The encryption method that multi-users and multiple keywords can search in the cloud storage of the present invention is implemented according to the following steps:

假设文件加密者Ent欲将文档集合D＝(D₁,…,D_n)加密后存储到存储服务器Serv中，设文档D_i的关键词列表为W_i＝(w_i,1,…,w_i,m)，1≤i≤n，n是即将存储的文件个数，m是文档D_i中的关键词个数，w_i,j为D_i的第j个关键词字段的关键词，1≤j≤m，构造的方案希望文档加密后可以实现关键词可搜索，实现安全保密的目标，算法包括七个多项式时间的算法，详细描述如下：Assume that the file encryptor Ent wants to encrypt the document collection D=(D ₁ ,…,D _n ) and store it in the storage server Serv. Let the keyword list of the document D _i be W _i =(w _i,1 ,…,w _{i, m} ), 1≤i≤n, n is the number of files to be stored, m is the number of keywords in the document D _i , w _i,j is the keyword of the jth keyword field of D _i , 1≤j≤m, the constructed scheme hopes that after the document is encrypted, keywords can be searched to achieve the goal of security and confidentiality. The algorithm includes seven polynomial time algorithms, which are described in detail as follows:

步骤1、系统参数初始化，即步骤Init(1^k)Step 1. System parameter initialization, that is, step Init(1 ^k )

该算法由用户管理机构UM执行用来初始化系统，输入安全参数k，输出阶为素数q的循环群G，g为G的生成元，并且G中的DDHP(判定性Diffie-Hellmen假设)是困难的；The algorithm is executed by the user management organization UM to initialize the system, input the security parameter k, output the cyclic group G whose order is a prime number q, g is the generator of G, and the DDHP (deterministic Diffie-Hellmen hypothesis) in G is difficult of;

随机选择作为UM的主密钥，记为k_UM＝x，计算h＝g^x；UM选择两个伪随机函数 $f^{'} : {0,1}^{k} \times {0,1}^{*} &RightArrow; Z_{q}^{*}$ 和 $f^{''} : {0,1}^{k} \times Z_{q}^{*} &RightArrow; Z_{q}^{*}$ 及其随机种子分别为s′,s″∈_R{0,1}^k，并为语义安全的对称加密算法Enc(·)选择加密密钥ek，发布params＝(G，g，q，f′,f″,h，Enc)作为系统参数，保密用户管理机构UM的私钥为msk_Ent＝x及文件加密密钥ek。random selection As the master key of UM, denoted as k _UM =x, calculate h=g ^x ; UM chooses two pseudo-random functions $f^{'} : {0,1}^{k} \times {0,1}^{*} &Right Arrow; Z_{q}^{*}$ and $f^{''} : {0,1}^{k} \times Z_{q}^{*} &Right Arrow; Z_{q}^{*}$ and their random seeds are s′, s″∈ _R {0,1} ^k respectively, and select the encryption key ek for the semantically secure symmetric encryption algorithm Enc( ), and issue params=(G, g, q, f′ , f", h, Enc) as system parameters, the private key of the confidential user management organization UM is msk _Ent = x and the file encryption key ek.

步骤2、添加用户，即步骤Enroll(k_UM,u_ID)Step 2. Add users, that is, step Enroll(k _UM , u _ID )

该算法由用户管理机构UM执行用来添加用户，输入UM的主密钥k_UM＝x和用户身份u_ID∈U(用户身份是唯一的，如用户的电子邮件地址)，输出u_ID的密钥和辅助密钥 $({sk}_{u_{ID}}, com k_{u_{ID}}) = (x_{u_{ID}} {&Element;}_{R} Z_{q}^{*}, g^{k_{UM} / x_{u_{ID}}}) = (x_{u_{ID}}, g^{x / x_{u_{ID}}});$ 将安全地发送给用户u_ID；将安全地发送给云存储服务器Serv，云存储服务器Serv在其用户列表U-ComK中加入用户信息This algorithm is executed by the user management agency UM to add users, input UM’s master key k _UM = x and user identity u _ID ∈ U (user identity is unique, such as the user’s email address), and output the password of u _ID key and auxiliary key $({sk}_{u_{ID}}, com k_{u_{ID}}) = (x_{u_{ID}} {&Element;}_{R} Z_{q}^{*}, g^{k_{UM} / x_{u_{ID}}}) = (x_{u_{ID}}, g^{x / x_{u_{ID}}});$ Will securely sent to the user u _ID ; the Securely send to cloud storage server Serv, cloud storage server Serv adds user information in its user list U-ComK

$(({u u}_{ID ID} . . com com {k k}_{{u u}_{ID ID}})) = = (({u u}_{ID ID},, {g g}^{{k k}_{UM UM} / / {x x}_{{u u}_{ID ID}}})) . .$

步骤3、文件拥有者对文件加密和安全索引生成，即步骤 $Enc ({s k_{u}}_{ID}, ek, s^{'}, D_{i}, W_{i}) .$ Step 3. The file owner encrypts the file and generates a security index, that is, the step $Enc ({the s k_{u}}_{ID}, ek, {the s}^{'}, {D.}_{i}, W_{i}) .$

用户u_ID执行的加密算法，输入用户密钥加密密钥ek、随机种子s′、文档D_i及其关键词列表W_i＝(w_i,1,…,w_i,m),1≤i≤n，随机选择r_i∈_RZ_q，计算 $g^{r_{i} / {sk}_{u_{ID}}} = {(g^{1 / x_{u_{ID}}})}^{r_{i}}, h^{r_{i}}, h^{r_{i} / {sk}_{u_{ID}}} = {(g^{x / x_{u_{ID}}})}^{r_{i}}$ 和E_i＝Enc_ek(D_i)，对1≤j≤m,计算σ_i,j＝f′(s′,w_i,j)， $I_{i, j} = {(gh)}^{r_{i} σ_{i, j}},$ Encryption algorithm executed by user u _ID , input user key Encryption key ek, random seed s′, document D _i and its keyword list W _i =(w _i,1 ,…,w _i,m ), 1≤i≤n, randomly select r _i ∈ _R Z _q , calculate $g^{r_{i} / {sk}_{u_{ID}}} = {(g^{1 / x_{u_{ID}}})}^{r_{i}}, h^{r_{i}}, h^{r_{i} / {sk}_{u_{ID}}} = {(g^{x / x_{u_{ID}}})}^{r_{i}}$ and E _i =Enc _ek (D _i ), for 1≤j≤m, calculate σ _i,j =f'(s',w _i,j ), $I_{i, j} = {(gh)}^{r_{i} σ_{i, j}},$

令文件索引为I_i，1，…I_i，m），记C_i＝(E_i,I_i)，将(u_ID,C_i)发送给云存贮服务器Serv进行存储。Let the file index be I _{i, 1} ,...I _{i, m} ), write C _i = (E _i , I _i ), and send (u _ID , C _i ) to the cloud storage server Serv for storage.

步骤4、用户关于关键词搜索令牌的生成，即步骤Step 4, the generation of the user's keyword search token, that is, the step

$Trapdoor Trapdoor ((s the s {k k}_{{u u}_{ID ID}},, {s the s}^{' '},, {s the s}^{' '' '},, {l l}_{11},, \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot;,, {l l}_{d d},, {w w}_{11}^{' '},, \cdot &Center Dot; \cdot &Center Dot; \cdot &Center Dot;,, {w w}_{d d}^{' '})) . .$

用户u_ID执行用来生成连接关键词的搜索令牌(搜索陷门)，输入s′、s″和要检索的关键词位置1≤l₁,…,l_d≤m及对应的关键词w₁′,…,w′_d，d是用户搜The user u _ID executes the search token (search trapdoor) used to generate the connection keyword, enter s′, s″ and the keyword positions to be retrieved 1≤l ₁ ,…,l _d ≤m and the corresponding keywords w ₁ ′,…,w′ _d , where d is the user search

索的关键词个数，随机选择随机数按照下式计算：The number of searched keywords, randomly select the random number Calculate according to the following formula:

${T T}_{11} = = (({t t}_{11} + + {f f}^{' '' '} (({s the s}^{' '' '},, {t t}_{22})) {Σ Σ}_{j j = = 11}^{d d} {f f}^{' '} (({s the s}^{' '},, {w w}_{j j}^{' '})))) s the s {k k}_{{u u}_{ID ID}} = = (({t t}_{11} + + {f f}^{' '' '} (({s the s}^{' '' '},, {t t}_{22})) {Σ Σ}_{j j = = 11}^{d d} {f f}^{' '} (({s the s}^{' '},, {w w}_{j j}^{' '})))) {x x}_{{u u}_{ID ID}}$

T₂＝t₁，T₃＝f″(s″,t₂)，T ₂ =t ₁ , T ₃ =f"(s",t ₂ ),

将搜索令牌(搜索陷门)T＝(u_ID,T₁,T₂,T₃,l₁,…,l_d)发送给云存贮服务器Serv。Send the search token (search trapdoor) T=(u _ID , T ₁ , T ₂ , T ₃ , l ₁ , . . . , l _d ) to the cloud storage server Serv.

步骤5、云存储服务器关于密文关键词的搜索，即步骤Search(T,C_i)Step 5, the cloud storage server searches for ciphertext keywords, that is, the step Search(T,C _i )

其中的 $I_{i} = {((g^{1 / x_{u_{ID}}})}^{r_{i}}, g^{r_{i}}, {(h^{1 / x_{u_{ID}}})}^{r_{i}}, h^{r_{i}}, I_{i . 1}, \cdot \cdot \cdot, I_{i, m}), I_{i, j} = {(gh)}^{r_{i} σ_{i, j}},$ one of them $I_{i} = {((g^{1 / x_{u_{ID}}})}^{r_{i}}, g^{r_{i}}, {(h^{1 / x_{u_{ID}}})}^{r_{i}}, h^{r_{i}}, I_{i . 1}, &Center Dot; &Center Dot; &Center Dot;, I_{i, m}), I_{i, j} = {(gh)}^{r_{i} σ_{i, j}},$

若成立，则Ω＝Ω∪{E_i}；If established, then Ω=Ω∪{E _i };

否则，该密文与关键词不匹配，继续搜索下一个关键词索引I_i+1，最后将搜索结果Ω发送给用户u_ID。Otherwise, the ciphertext does not match the keyword, continue to search the next keyword index I _i+1 , and finally send the search result Ω to the user u _ID .

步骤6、用户关于密文的解密，即步骤Dec(ek,Ω)Step 6. The user decrypts the ciphertext, that is, step Dec(ek,Ω)

用户u_ID执行用来解密密文，输入对称密钥ek及接收到的Ω，对计算D_i＝Dec_ek(E_i)。The user u _ID is used to decrypt the ciphertext, input the symmetric key ek and the received Ω, for Calculate D _i = Dec _ek (E _i ).

步骤7、撤销用户，即步骤RevokeUser(u_ID)Step 7. Revoke the user, that is, the step RevokeUser(u _ID )

用户管理机构UM执行用来撤销用户，输入用户身份u_ID，UM向云存贮服务器Ser发v送撤销用户u_ID的命令，Serv执行操作 $U - ComK = U - ComK \ {(u_{ID}, com k_{u_{ID}})} .$ 即云存储服务器CSS删除用户u_ID注册项目 $(u_{ID} . com k_{u_{ID}}) = (u_{ID}, g^{k_{UM} / x_{u_{ID}}}),$ 即成。The user management organization UM executes to revoke the user, input the user identity u _ID , UM sends a command to the cloud storage server Ser to revoke the user u _ID , and Serv executes the operation $u - K = u - K \ {(u_{ID}, com k_{u_{ID}})} .$ That is, the cloud storage server CSS deletes the user u _ID registration item $(u_{ID} . com k_{u_{ID}}) = (u_{ID}, g^{k_{UM} / x_{u_{ID}}}),$ Serve.

本发明方法的安全性分析Safety analysis of the inventive method

结论1：本发明的技术方案满足正确性。Conclusion 1: The technical solution of the present invention satisfies correctness.

证明：若所有数据都是按照方案中描述生成的，并且如果其中1≤i≤m，1≤j≤d，则有：Proof: If all data are generated as described in the scheme, and if Where 1≤i≤m, 1≤j≤d, then:

$\begin{matrix} {(({(({g g}^{11 / / {x x}_{{u u}_{ID ID}}}))}^{{r r}_{i i}} {(({h h}^{11 / / {x x}_{{u u}_{ID ID}}}))}^{{r r}_{i i}}))}^{{T T}_{11}} / / {(({g g}^{{r r}_{i i}} {h h}^{{r r}_{i i}}))}^{{T T}_{22}} \\ = = {((gh gh))}^{{r r}_{i i} (({Σ Σ}_{j j = = 11}^{d d} {f f}^{' '} (({s the s}^{' '},, {w w}_{j j}^{' '})))) {f f}^{' '' '} (({s the s}^{' '' '},, {t t}_{22})) ? ?} = = {(({Π Π}_{j j = = 11}^{d d} {((gh gh))}^{{r r}_{i i} {σ σ}_{i i,, {l l}_{j j}}}))}^{{T T}_{33}} \end{matrix}$

实施例1Example 1

假设文件加密者Ent欲将文档集合D＝(D₁,…,D_n)加密后存储到存储服务器Serv中，设文档D_i的关键词列表为W_i＝(w_i,1,…,w_i,m)，1≤i≤n，n是即将存储的文件个数，m是文档D_i中的关键词个数，w_i,j，1≤j≤m，为D_i的第j个关键词字段的关键词，构造的方案希望文档加密后可以实现关键词可搜索，实现安全保密的目标，算法包括七个多项式时间的算法，详细描述如下：Assume that the file encryptor Ent wants to encrypt the document collection D=(D ₁ ,…,D _n ) and store it in the storage server Serv. Let the keyword list of the document D _i be W _i =(w _i,1 ,…,w _{i, m} ), 1≤i≤n, n is the number of files to be stored, m is the number of keywords in document D _i , w _i,j , 1≤j≤m, is the jth of D _i The keyword in the keyword field, the construction scheme hopes that after the document is encrypted, the keyword can be searched, and the goal of security and confidentiality is achieved. The algorithm includes seven polynomial time algorithms, which are described in detail as follows:

该算法由用户管理机构UM执行用来初始化系统，输入安全参数k，一般可以取k＝160或者更大，k越大安全性越高。输出阶为素数q的循环群G，g为G的生成元，并且G中的DDHP(判定性Diffie-Hellmen假设)是困难的；The algorithm is executed by the user management organization UM to initialize the system, and the security parameter k is input. Generally, k=160 or larger can be set, and the larger the k, the higher the security. The output order is the cyclic group G of prime number q, g is the generator of G, and the DDHP (deterministic Diffie-Hellmen hypothesis) in G is difficult;

随机选择作为UM的主密钥，记为k_UM＝x，计算h＝g^x；UM选择两个伪随机函数和及其随机种子分别为s′,s″∈_R{0,1}^k，并为语义安全的对称加密算法Enc(·)选择加密密钥ek，这里的两个伪随机函数一般可以通过Sha-1的适当调整来实现。对称加密算法Enc(·)可以采用AES算法等安全加密算法。发布params＝(G,g,q,f′,f″,h,Enc)作为系统参数。random selection As the master key of UM, denoted as k _UM =x, calculate h=g ^x ; UM chooses two pseudo-random functions and and their random seeds are s′, s″∈ _R {0,1} ^k respectively, and the encryption key ek is selected for the semantically secure symmetric encryption algorithm Enc( ), where the two pseudo-random functions can generally be passed through Sha- 1 is realized by proper adjustment. The symmetric encryption algorithm Enc(·) can adopt a secure encryption algorithm such as the AES algorithm. Issue params=(G, g, q, f′, f″, h, Enc) as a system parameter.

该算法由用户管理机构UM执行以添加用户，输入UM的主密钥k_UM和用户身份u_ID∈U(用户身份是唯一的，如用户的电子邮件地址)，输出u_ID的密钥和辅助密钥 $({sk}_{u_{ID}}, com k_{u_{ID}}) = (x_{u_{ID}} {&Element;}_{R} Z_{q}^{*}, g^{k_{UM} / x_{u_{ID}}}) = (x_{u_{ID}}, g^{x / x_{u_{ID}}}) .$ 将安全地发送给用户u_ID，安全地发送给Serv，Serv在其用户列表U-ComK中加入 The algorithm is executed by the user management agency UM to add users, input UM’s master key k _UM and user identity u _ID ∈ U (user identity is unique, such as the user’s email address), output the key and auxiliary of u _ID key $({sk}_{u_{ID}}, com k_{u_{ID}}) = (x_{u_{ID}} {&Element;}_{R} Z_{q}^{*}, g^{k_{UM} / x_{u_{ID}}}) = (x_{u_{ID}}, g^{x / x_{u_{ID}}}) .$ Will Securely sent to user _uID , Securely sent to Serv, Serv added in its user list U-ComK

该算法由用户管理机构UM执行用来添加用户，输入UM的主密钥k_UM＝x和用户身份u_ID∈U(用户身份是唯一的，如用户的电子邮件地址)，输出u_ID的密钥和辅助密钥；将安,全地发,送给用)户u_ID；将 $(u_{ID} . com k_{u_{ID}}) = (u_{ID}, g^{k_{UM} / x_{u_{ID}}})$ 安全地发送给云存储服务器Serv，云存储服务器Serv在其用户列表U-ComK中加入用户信息This algorithm is executed by the user management agency UM to add users, input UM’s master key k _UM = x and user identity u _ID ∈ U (user identity is unique, such as the user’s email address), and output the password of u _ID key and auxiliary key ;Will Securely send to the user u _ID ; will $(u_{ID} . com k_{u_{ID}}) = (u_{ID}, g^{k_{UM} / x_{u_{ID}}})$ Securely send to cloud storage server Serv, cloud storage server Serv adds user information in its user list U-ComK

步骤3、文件拥有者对文件加密和安全索引生成，即步骤Step 3. The file owner encrypts the file and generates a security index, that is, the step

$Enc Enc (({s the s {k k}_{u u}}_{ID ID},, ek ek,, {s the s}^{' '},, {D D.}_{i i},, {W W}_{i i})) . .$

用户u_ID执行的加密算法，输入用户密钥加密密钥ek、随机种子s′、文档D_i及其关键词列表W_i＝(w_i,1,…,w_i,m),1≤i≤n，随机选择r_i∈_RZ_q，计算 $g^{r_{i} / {sk}_{u_{ID}}} = {(g^{1 / x_{u_{ID}}})}^{r_{i}}, h^{r_{i}}, h^{r_{i} / {sk}_{u_{ID}}} = {(g^{x / x_{u_{ID}}})}^{r_{i}}$ 和E_i=Enc_ek(D_i)，对1≤j≤m，计算σ_i,j＝f′(s′,w_i,j)， $I_{i, j} = {(gh)}^{r_{i} σ_{i, j}} .$ Encryption algorithm executed by user u _ID , input user key Encryption key ek, random seed s′, document D _i and its keyword list W _i =(w _i,1 ,…,w _i,m ), 1≤i≤n, randomly select r _i ∈ _R Z _q , calculate $g^{r_{i} / {sk}_{u_{ID}}} = {(g^{1 / x_{u_{ID}}})}^{r_{i}}, h^{r_{i}}, h^{r_{i} / {sk}_{u_{ID}}} = {(g^{x / x_{u_{ID}}})}^{r_{i}}$ and E _i =Enc _ek (D _i ), for 1≤j≤m, calculate σ _i,j = f′(s′,w _i,j ), $I_{i, j} = {(gh)}^{r_{i} σ_{i, j}} .$

文件索引为I_i,1,…,I_i,m)，记C_i＝(E_i,I_i)，将(u_ID,C_i)发送给云存贮服务器Serv进行存储。The file index is I _i,1 ,...,I _i,m ), record C _i =(E _i ,I _i ), and send (u _ID ,C _i ) to the cloud storage server Serv for storage.

步骤4、用户关于关键词搜索令牌生成，即步骤Step 4, the user searches for the token with regard to keywords, that is, the step

$Trapdoor Trapdoor ((s the s {k k}_{{u u}_{ID ID}},, {s the s}^{' '},, {s the s}^{' '' '},, {l l}_{11},, \cdot \cdot \cdot \cdot \cdot &Center Dot;,, {l l}_{d d},, {w w}_{11}^{' '},, \cdot \cdot \cdot \cdot \cdot \cdot,, {w w}_{d d}^{' '})) . .$

索的关键词个数，随机选择随机数t₁,按照下式计算：The number of keywords searched, randomly select the random number t ₁ , Calculate according to the following formula:

T₂＝t₁，T₃＝f″(s″,t₂)，T ₂ =t ₁ , T ₃ =f"(s",t ₂ ),

若成立，则Ω＝Ω∪{E_i}；If established, then Ω=Ω∪{E _i };

用户管理机构UM执行用来撤销用户，输入用户身份u_ID，UM向云存贮服务器Ser发v送撤销用户u_ID的命令，Serv执行操作即云存储服务器CSS删除用户u_ID注册项目 $(u_{ID} . com k_{u_{ID}}) = (u_{ID}, g^{k_{UM} / x_{u_{ID}}})$ 即可。The user management organization UM executes to revoke the user, input the user identity u _ID , UM sends a command to the cloud storage server Ser to revoke the user u _ID , and Serv executes the operation That is, the cloud storage server CSS deletes the user u _ID registration item $(u_{ID} . com k_{u_{ID}}) = (u_{ID}, g^{k_{UM} / x_{u_{ID}}})$ That's it.

在云存储服务中，用户可以使用可搜索的加密方案对数据加密后，外包到云存储服务器。可搜索加密方案使得用户能够有选择的访问其密文数据，同时还能确保用户搜索数据的机密性，基于连接关键词(即多个关键词的布尔组合)的可搜索加密方案因其更高的搜索精度在安全存储服务中有着重要的应用价值。本发明采用授权用户和存储服务器先后对关键词加密的方式提出了一种可搜索多个关键词的加密方法，使得授权用户能够利用连接关键词的陷门搜索加密文档。通过与现有方案相比较，提出的方案在通信和计算代价，即搜索陷门大小、关键词加密和搜索的速度，等方面的综合效率得到提高。此外，提出的方案支持多用户，即能够动态的增加和撤销用户，使得用户能够直接在存储服务器上进行数据共享。In cloud storage services, users can use searchable encryption schemes to encrypt data and outsource it to cloud storage servers. The searchable encryption scheme enables users to selectively access their ciphertext data, and at the same time ensures the confidentiality of the user's search data. The searchable encryption scheme based on connection keywords (that is, the Boolean combination of multiple keywords) has higher The search accuracy has important application value in secure storage services. The invention proposes an encryption method capable of searching multiple keywords by adopting the method that the authorized user and the storage server successively encrypt the keywords, so that the authorized user can use the trapdoor connecting the keywords to search for encrypted documents. Compared with the existing schemes, the overall efficiency of the proposed scheme is improved in terms of communication and computation costs, namely the size of the search trapdoor, keyword encryption and search speed. In addition, the proposed scheme supports multiple users, that is, users can be dynamically added and revoked, so that users can directly share data on the storage server.

Claims

1. the encryption method that in cloud storage, the multiple keywords of multi-user can be searched for, is characterized in that,

If file encryption person is Ent, collection of document D=(D ₁..., D _n), storage server is Serv, establishes document D _ilists of keywords be W _i=(w _{i, 1}..., w _i,m), 1≤i≤n, n is the file number that is about to storage, m is document D _iin keyword number, w _i,jfor D _ithe keyword of j keyword field, 1≤j≤m, implement according to following steps:

Step 1, system parameters initialization

By the UM of user management mechanism input security parameter k, the cyclic group G that output rank are prime number q, the generator that g is G, and DDHP in G is difficult;

Random selection as the master key of UM, be designated as k _uM=x, calculates h=g ^x; UM selects two pseudo-random function

f^{'} : {0,1}^{k} \times {0,1}^{*} &RightArrow; Z_{q}^{*}

With

f^{''} : {0,1}^{k} \times Z_{q}^{*} &RightArrow; Z_{q}^{*}

And random seed is respectively s ', s " ∈ _r{ 0,1} ^k, and be symmetric encipherment algorithm Enc () the selection encryption key ek of Semantic Security, issue params=(G, g, q, f ', f ", h, Enc) as system parameters, the private key of the secret user management UM of mechanism is msk _ent=x and file encryption key ek;

Step 2, interpolation user

By the master key k of the UM of user management mechanism input UM _uM=x and user identity u _iD∈ U, output u _iDkey and auxiliary key

({sk}_{u_{ID}}, com k_{u_{ID}}) = (x_{u_{ID}} {&Element;}_{R} Z_{q}^{*}, g^{k_{UM} / x_{u_{ID}}}) = (x_{u_{ID}}, g^{x / x_{u_{ID}}});

Will , safety) send to user u _iD; Will

(u_{ID} . com k_{u_{ID}}) = (u_{ID}, g^{k_{UM} / x_{u_{ID}}})

Send to safely cloud storage server Serv, cloud storage server Serv adds user profile in its user list U-ComK

(u_{ID} . com k_{u_{ID}}) = (u_{ID}, g^{k_{UM} / x_{u_{ID}}});

Step 3, file owner generate file encryption and Security Index

User u _iDinput user key encryption key ek, random seed s ', document D _iand lists of keywords W _i=(w _{i, 1}..., w _i,m), 1≤i≤n, selects r at random _i∈ _rz _q, calculate and E _i=Enc _ek(D _i), right 1≤j≤m, calculates σ _i,j=f ' (s ', w _i,j),

I_{i, j} = {(gh)}^{r_{i} σ_{i, j}},

Make file index be i _{i, 1}... I _{i, m}), note C _i=(E _i, I _i), by (u _iD, C _i) send to cloud storage server S erv to store;

Step 4, user are about the generation of keyword search token

User u _iDinput s ', s " and the keyword position 1≤l that will retrieve ₁..., l _d≤ m and corresponding keyword w ₁' ..., w ' _d, d is the keyword number of user search,

The random random number of selecting calculate according to the following formula:

T_{1} = (t_{1} + f^{''} (s^{''}, t_{2}) Σ_{j = 1}^{d} f^{'} (s^{'}, w_{j}^{'})) s k_{u_{ID}} = (t_{1} + f^{''} (s^{''}, t_{2}) Σ_{j = 1}^{d} f^{'} (s^{'}, w_{j}^{'})) x_{u_{ID}},

T ₂＝t ₁，T ₃＝f″(s″,t ₂)，

To search for token T=(u _iD, T ₁, T ₂, T ₃, l ₁..., l _d) send to cloud to store server S erv;

Step 5, cloud storage server are about the search of ciphertext keyword

Cloud storage server S erv carries out and is used for searching for encrypted document, input trapdoor T=(u _iD, ₁t, ₂t, ₃t ..., ₁l, _dand l is close) civilian C _i=(E _i, I _i), Serv initialization empty set Ω, to each ciphertext C _i=(E _i, I _i), 1≤i≤n, in I _i, judge whether following formula is set up:

\begin{matrix} {({(g^{1 / x_{u_{ID}}})}^{r_{i}} {(h^{1 / x_{u_{ID}}})}^{r_{i}})}^{T_{1}} / {(g^{r_{i}} h^{r_{i}})}^{T_{2}} \\ = {(gh)}^{r_{i} (Σ_{j = 1}^{d} f^{'} (s^{'}, w_{j}^{'})) f^{''} (s^{''}, t_{2}) ?} = {(Π_{j = 1}^{d} {(gh)}^{r_{i} σ_{i, l_{j}}})}^{T_{3}} \end{matrix},

Wherein

I_{i} = {((g^{1 / x_{u_{ID}}})}^{r_{i}}, g^{r_{i}}, {(h^{1 / x_{u_{ID}}})}^{r_{i}}, h^{r_{i}}, I_{i . 1}, \cdot \cdot \cdot, I_{i, m}), I_{i, j} = {(gh)}^{r_{i} σ_{i, j}},

If set up Ω=Ω ∪ { E _i;

Otherwise this ciphertext and crucial word mismatch, continue the next keyword index I of search _i+1, finally Search Results Ω is sent to user u _iD;

Step 6, user are about the deciphering of ciphertext

User u _iDexecution is used for decrypting ciphertext, and input symmetric key ek and the Ω receiving are right calculate D _i=Dec _ek(E _i);

Step 7, cancel user

The UM of user management mechanism carries out and is used for cancelling user, input user identity u _iD, UM sends and cancels user u to cloud storage server S erv _iDorder, Serv executable operations be that cloud storage server CSS deletes user u _iDregistration project

(u_{ID} . com k_{u_{ID}}) = (u_{ID}, g^{k_{UM} / x_{u_{ID}}}),

.

2. the encryption method that in cloud storage according to claim 1, the multiple keywords of multi-user can be searched for, its feature is: in described step 1, symmetric encipherment algorithm Enc () adopts aes algorithm.