[go: up one dir, main page]

CN106534092A - Message-based and key-dependent privacy data encryption method - Google Patents

Message-based and key-dependent privacy data encryption method Download PDF

Info

Publication number
CN106534092A
CN106534092A CN201610948549.2A CN201610948549A CN106534092A CN 106534092 A CN106534092 A CN 106534092A CN 201610948549 A CN201610948549 A CN 201610948549A CN 106534092 A CN106534092 A CN 106534092A
Authority
CN
China
Prior art keywords
user
key
cloud server
pseudo
value
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201610948549.2A
Other languages
Chinese (zh)
Other versions
CN106534092B (en
Inventor
高军涛
王笠燕
李雪莲
王丹妮
王誉晓
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xidian University
Original Assignee
Xidian University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xidian University filed Critical Xidian University
Priority to CN201610948549.2A priority Critical patent/CN106534092B/en
Publication of CN106534092A publication Critical patent/CN106534092A/en
Application granted granted Critical
Publication of CN106534092B publication Critical patent/CN106534092B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Storage Device Security (AREA)

Abstract

本发明公开了一种基于消息依赖于密钥的隐私数据加密方法,主要解决现有技术中未考虑明文和密钥的相关性和用电子邮件分发群组公钥带来的密钥相关攻击和密钥泄露问题。其实现步骤为:1.授权中心初始化系统参数;2.用户向授权中心进行身份验证;3.授权中心为通过身份验证的用户分发密钥;4.用户根据获得的密钥处理明文文件得到密文;5.用户将密文上传至云服务器;6.用户使用时,再向云服务器请求下载密文,请求通过后获得密文进行解密。本发明采用单用户模式下基于消息依赖于密钥的加密方法实现了对区块链钱包文件的安全加密,能够避免密钥泄漏,减轻密钥相关攻击,提高钱包文件的安全性。

The invention discloses a method for encrypting private data based on a message depending on a key, which mainly solves key-related attacks and key-related attacks caused by distributing group public keys by e-mail without considering the correlation between plaintext and keys in the prior art. Key disclosure issue. The implementation steps are: 1. The authorization center initializes system parameters; 2. The user authenticates to the authorization center; 3. The authorization center distributes the key to the authenticated user; 4. The user processes the plaintext file according to the obtained key to obtain the encrypted key. 5. The user uploads the ciphertext to the cloud server; 6. When the user uses it, he requests the cloud server to download the ciphertext, and obtains the ciphertext for decryption after the request is passed. The invention adopts an encryption method based on a message depending on a key in a single-user mode to realize secure encryption of a blockchain wallet file, which can avoid key leakage, alleviate key-related attacks, and improve the security of the wallet file.

Description

基于消息依赖于密钥的隐私数据加密方法Private data encryption method based on message-dependent key

技术领域technical field

本发明属于数据处理技术领域,特别涉及一种隐私数据加密方法,可以用于区块链中对钱包文件的加密、备份以及将其上传至云服务器的过程。The invention belongs to the technical field of data processing, and in particular relates to a method for encrypting private data, which can be used in the process of encrypting, backing up and uploading wallet files to a cloud server in a block chain.

背景技术Background technique

区块链是在网络上的一个去中心化的分布式共享账簿或者数据库,通过高冗余的方式来构建极高的安全性。有人将其称为“信任的机器”,也即在没有中央权威的情况下,对彼此的协作创造信任。区块链技术适用于一切缺乏信任的领域,因而其应用范围会越来越广。在未来的区块链中,随着用户交易量的增加,大量的公私钥对需要用户产生和存储。而这些密钥通常是由用户生成并存储在一个文件或简单的数据库中,可将其称为钱包。钱包是多个地址和解密密钥的简单集合。拥有私钥是使用比特币的唯一条件,因此私钥必须保密且必须进行备份,将备份上传至云服务器,以防意外丢失。因此,对钱包的加密安全问题就显得格外重要。在用户向授权中心注册成功后,授权中心向用户分发加密时的对称密钥。由于密钥管理漏洞或者安全性意识不强,用户有可能会将用于加密钱包的对称密钥直接作为生成交易所用公私钥对的初始私钥。若此时加密钱包,钱包里的明文和密钥有依赖作用,传统的安全定义不足以维护该方案的安全性。随后,在将密文备份上传至云服务器后,若用户因本地文件丢失等问题,需要从云服务器上对某文件进行下载时,为了不泄漏个人隐私信息以及明文信息,用户可能需要从云服务器上下载所有的密文,在本地解密之后才能得到自己想要的文件。这种情况下用户需要进行大量的解密操作,降低用户工作效率,并且损耗大量计算资源和存储资源。Blockchain is a decentralized distributed shared account book or database on the network, which builds extremely high security through high redundancy. Some have dubbed it a "trust machine," or the ability to collaborate with one another to create trust without a central authority. Blockchain technology is applicable to all fields that lack trust, so its application scope will become wider and wider. In the future blockchain, with the increase of user transaction volume, a large number of public-private key pairs need to be generated and stored by users. These keys are usually generated by the user and stored in a file or simple database, which can be called a wallet. A wallet is simply a collection of addresses and decryption keys. Having a private key is the only condition for using Bitcoin, so the private key must be kept secret and must be backed up, and the backup must be uploaded to the cloud server to prevent accidental loss. Therefore, the encryption security of the wallet is particularly important. After the user successfully registers with the authorization center, the authorization center distributes the encrypted symmetric key to the user. Due to key management loopholes or weak security awareness, users may directly use the symmetric key used to encrypt the wallet as the initial private key for generating a public-private key pair for transactions. If the wallet is encrypted at this time, the plaintext and key in the wallet are dependent, and the traditional security definition is not enough to maintain the security of the scheme. Subsequently, after uploading the ciphertext backup to the cloud server, if the user needs to download a file from the cloud server due to problems such as loss of local files, the user may need to download a file from the cloud server in order not to leak personal privacy information and plaintext information. Upload and download all ciphertexts, and only after local decryption can you get the files you want. In this case, the user needs to perform a large number of decryption operations, which reduces the user's work efficiency and consumes a large amount of computing resources and storage resources.

武汉科技大学在其申请的专利“一种有权限时间控制的云存储数据安全共享方法”(公开号:105072180A,申请号:201510475566.4,申请日:2015年08月06日)中公开了一种有权限时间控制的云存储数据安全共享方法。在该方法中,数据拥有者创建群组后,自动用公钥加密算法生成一对密钥,数据拥有者共享文件时,采用对称密码机制对文件加密,再用待分享群组的私钥对对称密钥加密,并将文件密文及密钥密文发送到云端,把该群组的公钥用电子邮箱发给待分享群组的所有用户,用户若有访问权限,则可以获得公钥,解密文件。该方法存在的不足之处是:首先该专利在用分享群组的私钥加密对称密钥时没有考虑“明文和密钥可能相关”的安全问题,可能会产生密钥相关攻击;其次,该专利中数据拥有者将群组公钥用电子邮件发给群组用户时,没有考虑电子邮件的安全问题,电子邮件一旦被恶意截取,就会泄漏密钥。Wuhan University of Science and Technology disclosed a patent in its patent "A cloud storage data security sharing method with authority time control" (publication number: 105072180A, application number: 201510475566.4, application date: August 06, 2015). A cloud storage data security sharing method controlled by permission time. In this method, after the data owner creates a group, a pair of keys is automatically generated using a public key encryption algorithm. When the data owner shares a file, the file is encrypted using a symmetric encryption mechanism, and then the private key of the group to be shared is used to pair the key. Symmetric key encryption, and file ciphertext and key ciphertext are sent to the cloud, and the public key of the group is emailed to all users in the group to be shared. If the user has access rights, the public key can be obtained , to decrypt the file. The shortcomings of this method are: firstly, the patent does not consider the security issue of "the plaintext and the key may be related" when encrypting the symmetric key with the private key of the sharing group, which may cause key-related attacks; secondly, the In the patent, when the data owner sends the group public key to the group users by e-mail, the security of the e-mail is not considered. Once the e-mail is maliciously intercepted, the key will be leaked.

发明内容Contents of the invention

本发明的目的在于针对上述现有的不足,提出一种基于消息依赖于密钥的隐私数据加密方法,以避免密钥泄漏,提高钱包文件的安全性。The object of the present invention is to address the above-mentioned existing deficiencies, and propose a private data encryption method based on a message that depends on a key, so as to avoid key leakage and improve the security of wallet files.

本发明的技术方案是,首先由授权中心完成对用户的身份认证过程,然后用户获得对称加密的密钥,采用消息依赖于密钥KDM对称加密方案对明文进行加密生成密文,以抵抗密钥相关攻击,与此同时,采用可搜索加密对明文生成索引,以进行对密文的可搜索,其实现步骤包括如下:The technical solution of the present invention is that first, the authorization center completes the identity authentication process for the user, and then the user obtains the key for symmetric encryption, and uses the message-dependent key KDM symmetric encryption scheme to encrypt the plaintext to generate ciphertext to resist the encryption of the key. Related attacks. At the same time, searchable encryption is used to generate an index for plaintext to search for ciphertext. The implementation steps include the following:

(1)初始化:(1) Initialization:

(1a)授权中心确定第一安全参数λ、第二安全参数k、第三安全参数γ、关键字个数的参量τ和伯努利分布的参量θ=2,定义明文矩阵的消息长度l、维数N、分组长度m,分别为l=l(λ)、N=N(λ)、m=m(λ);(1a) The authorization center determines the first security parameter λ, the second security parameter k, the third security parameter γ, the parameter τ of the number of keywords and the parameter θ=2- λ of the Bernoulli distribution, and defines the message length of the plaintext matrix 1, dimension N, packet length m, are respectively l=l(λ), N=N(λ), m=m(λ);

(1b)授权中心定义纠错码的生成矩阵为G=Gm×l,设置解纠错码的个数为d=(θ+σ)·m,根据生成矩阵G和解纠错码个数d选取一组二进制线性纠错码D,其中,Gm×l表示生成矩阵为m×l阶,σ是(0,1)区间上选取的固定值;(1b) The authorization center defines the generation matrix of the error correction code as G=G m×l , and sets the number of de-error correction codes as d=(θ+σ) m, according to the generation matrix G and the number of de-error correction codes d Select a set of binary linear error correction codes D, where G m×l means that the generator matrix is of order m×l, and σ is a fixed value selected on the (0,1) interval;

(1c)对于任意比特串K∈{0,1}γ,授权中心定义PK(x)是{0,1}τ区间上的伪随机置换函数族,定义FK(x)是定义域为{0,1}τ、值域为{0,1}γ的第一伪随机函数族,定义GK(x)是定义域为[1,n]、值域为{0,1}的第二伪随机函数族;(1c) For any bit string K∈{0,1} γ , the authorization center defines P K (x) as a family of pseudorandom permutation functions on the interval {0,1} τ , and defines F K (x) as the domain of {0,1} τ , the first family of pseudorandom functions with a range of {0,1} γ , define G K (x) as the first family of pseudorandom functions with a domain of [1,n] and a range of {0,1} Two families of pseudorandom functions;

(1d)授权中心公开纠错码D、生成矩阵G、伪随机置换函数族PK(x)、第一伪随机函数族FK(x)、第二伪随机函数族GK(x)和公共参数{l,m,N,θ};(1d) The authorization center discloses the error correction code D, the generation matrix G, the family of pseudo-random permutation functions P K (x), the first family of pseudo-random functions F K (x), the second family of pseudo-random functions G K (x) and public parameters {l,m,N,θ};

(2)身份注册:(2) Identity registration:

(2a)用户将个人身份信息提交给授权中心;(2a) The user submits personally identifiable information to the authorization center;

(2b)授权中心审核该用户提交的身份信息是否真实,若真实,则执行步骤(3),否则,拒绝注册;(2b) The authorization center checks whether the identity information submitted by the user is true, if true, execute step (3), otherwise, refuse to register;

(3)密钥分发:(3) Key distribution:

(3a)授权中心定义有限域选取矩阵作为用户加密明文的对称密钥,其中,是整数环,2是素数;(3a) Authorization center defines limited fields selection matrix As the symmetric key for the user to encrypt the plaintext, where, is an integer ring, 2 is a prime number;

(3b)授权中心为用户生成消息认证码HMAC操作所需的密钥kmac(3b) The authorization center generates the key k mac required for the operation of the message authentication code HMAC for the user;

(3c)授权中心通过安全信道将消息{S||kmac||γ||τ}发送给用户;(3c) The authorization center sends the message {S||k mac ||γ||τ} to the user through a secure channel;

其中,S是用户加密明文的对称密钥,γ是第三安全参数,τ是关键字个数的参量,||表示级联符号;Among them, S is the symmetric key for the user to encrypt the plaintext, γ is the third security parameter, τ is the parameter of the number of keywords, and || represents the concatenation symbol;

(3d)用户将对称密钥S、消息认证码HMAC密钥kmac、第三安全参数γ和关键字个数的参量τ秘密保存;(3d) The user keeps the symmetric key S, the message authentication code HMAC key k mac , the third security parameter γ and the parameter τ of the number of keywords in secret;

(4)处理明文文件:(4) Processing plaintext files:

(4a)用户加密明文文件εj时,对其明文矩阵进行分块,定义每个明文矩阵块为其中,1≤j≤n,n为明文文件总数;(4a) When the user encrypts the plaintext file ε j , the plaintext matrix is divided into blocks, and each plaintext matrix block is defined as Among them, 1≤j≤n, n is the total number of plaintext files;

(4b)用户根据对称密钥S加密每个明文矩阵块M,获得对应的密文矩阵块W:(4b) The user encrypts each plaintext matrix block M according to the symmetric key S to obtain the corresponding ciphertext matrix block W:

W=(A,C),W=(A,C),

其中,A是从中随机选取的系数矩阵,C=A·S+E+G·M,S是对称密钥,G是纠错码D的生成矩阵,E是从Berθ m×N中随机选取的噪声矩阵,Berθ表示{0,1}上的伯努利分布,1的概率为θ,0的概率为1-θ;where A is from The coefficient matrix randomly selected in , C=A S+E+G M, S is the symmetric key, G is the generation matrix of the error correction code D, E is the noise matrix randomly selected from Ber θ m×N , Ber θ represents the Bernoulli distribution on {0,1}, the probability of 1 is θ, and the probability of 0 is 1-θ;

(4c)将该明文文件εj所有的密文矩阵块W级联起来,得到该明文文件εj对应的密文文件ψj(4c) Concatenate all the ciphertext matrix blocks W of the plaintext file ε j to obtain the ciphertext file ψ j corresponding to the plaintext file ε j ;

(4d)用户根据消息认证码HMAC密钥kmac和密文文件ψj计算密文文件ψj的消息认证标签Tj(4d) The user calculates the message authentication label T j of the ciphertext file ψ j according to the message authentication code HMAC key k mac and the ciphertext file ψ j :

Tj=HMAC(kmacj),T j = HMAC(k macj ),

其中,HMAC()表示消息认证标签生成算法;Among them, HMAC () represents the message authentication label generation algorithm;

(4e)用户随机均匀选取第一秘密值s∈{0,1}γ、第二秘密值r∈{0,1}γ,生成一个可记录2τ个关键字(i,wi)的索引字典,将索引字典和两个秘密值s、r秘密保存;(4e) The user randomly and uniformly selects the first secret value s∈{0,1} γ and the second secret value r∈{0,1} γ to generate an index that can record 2 τ keywords (i,w i ) Dictionary, which stores the index dictionary and two secret values s and r secretly;

其中,i为标号,i∈[1,2τ],wi为关键字,wi∈{0,1}*,*表示任意长度;Among them, i is a label, i∈[1,2 τ ], w i is a keyword, w i ∈{0,1} * , * means any length;

(4f)用户生成明文文件εj的索引比特串Ij(4f) The user generates the index bit string I j of the plaintext file ε j ;

(5)数据上传:(5) Data upload:

(5a)用户通过安全的信道,将消息认证码密钥kmac发送给云服务器,并将消息{Ij||ψj||Tj}上传至云服务器,其中,1≤j≤n,n为明文文件总数,||表示级联符号;(5a) The user sends the message authentication code key k mac to the cloud server through a secure channel, and uploads the message {I j ||ψ j ||T j } to the cloud server, where 1≤j≤n, n is the total number of plaintext files, || represents the concatenation symbol;

(5b)云服务器按照下式对每个密文文件进行完整性验证,验证结果用vj表示:(5b) The cloud server performs integrity verification on each ciphertext file according to the following formula, and the verification result is represented by vj :

vj=Verify(kmacj,Tj),v j = Verify(k macj ,T j ),

其中,1≤j≤n,n为明文文件总数,Verify()表示消息认证码HMAC的验证算法;Among them, 1≤j≤n, n is the total number of plaintext files, and Verify() indicates the verification algorithm of the message authentication code HMAC;

若vj=1,表明ψj在上传过程中未被篡改,则云服务器接收该消息,并将索引字符串Ij保存到索引字符串集合I中,同时向用户返回“ψj上传成功”的通知;If v j = 1, it means that ψ j has not been tampered with during the upload process, then the cloud server receives the message, saves the index string I j in the index string set I, and returns "ψ j uploaded successfully" to the user announcement of;

若vj=0,表明ψj在上传过程中被篡改,则云服务器拒绝接收该消息,并向用户返回“ψj上传错误”的通知;If v j = 0, it indicates that ψ j has been tampered with during the upload process, then the cloud server refuses to receive the message, and returns a notification of "ψ j upload error" to the user;

(5c)用户根据收到的通知内容确定是否上传成功:(5c) The user determines whether the upload is successful according to the content of the notification received:

若用户接收到“ψj上传成功”的通知,表明ψj已经成功上传至云服务器;If the user receives the notification "ψ j uploaded successfully", it means that ψ j has been successfully uploaded to the cloud server;

若用户接收到“ψj上传错误”的通知,则返回步骤(5a);If the user receives the "ψ j upload error" notification, return to step (5a);

(6)下载密文并解密:(6) Download the ciphertext and decrypt it:

(6a)用户生成需下载文件中的关键字wμ的陷门并上传至云服务器;(6a) The user generates a trapdoor for the keyword w μ in the file to be downloaded And upload to the cloud server;

(6b)云服务器根据陷门对已存储的文件索引比特串集合I进行匹配检索,若匹配成功,云服务器给用户返回相应的密文ψ,继续步骤(6c);若匹配失败,则云服务器给用户返回“检索失败”的通知;(6b) The cloud server according to the trapdoor Perform matching search on the stored file index bit string set I, if the matching is successful, the cloud server returns the corresponding ciphertext ψ to the user, and continue to step (6c); if the matching fails, the cloud server returns the "retrieval failed" message to the user Notice;

(6c)用户解密密文ψ获得对应的明文文件ε。(6c) The user decrypts the ciphertext ψ to obtain the corresponding plaintext file ε.

本发明与现有技术相比,具有以下优点:Compared with the prior art, the present invention has the following advantages:

第一,本发明由于考虑到明文和密钥的相关的情况,采用消息依赖于密钥KDM对称加密方案对明文进行加密,在出现密钥管理漏洞时,可以抵抗密钥相关攻击,提高了钱包文件的安全性。First, because the present invention considers the correlation between the plaintext and the key, the message depends on the key KDM symmetric encryption scheme to encrypt the plaintext. When a key management loophole occurs, it can resist key-related attacks and improve the security of the wallet. Document Security.

第二,本发明由于采用单用户对文件进行加密、上传及下载,所以避免了与其他用户共享密钥时存在的密钥泄露问题。Second, because the present invention uses a single user to encrypt, upload and download files, it avoids the key leakage problem that exists when sharing keys with other users.

附图说明Description of drawings

图1为本发明的实现流程图;Fig. 1 is the realization flowchart of the present invention;

图2为本发明中处理明文文件的示意图;Fig. 2 is a schematic diagram of processing plaintext files in the present invention;

图3为本发明中下载并解密密文的示意图。Fig. 3 is a schematic diagram of downloading and decrypting ciphertext in the present invention.

具体实施方式detailed description

下面结合附图对本发明做进一步的描述。The present invention will be further described below in conjunction with the accompanying drawings.

参照图1,本发明的具体步骤如下。With reference to Fig. 1, concrete steps of the present invention are as follows.

步骤1,初始化。Step 1, initialization.

授权中心确定第一安全参数λ、第二安全参数k、第三安全参数γ、关键字个数的参量τ和伯努利分布的参量θ=2;定义明文矩阵的消息长度l、维数N、分组长度m,分别为l=l(λ)、N=N(λ)、m=m(λ);授权中心定义纠错码的生成矩阵为G=Gm×l,设置解纠错码的个数为d=(θ+σ)·m,根据生成矩阵G和解纠错码个数d选取一组二进制线性纠错码D,其中,Gm×l表示生成矩阵为m×l阶,σ是(0,1)区间上选取的固定值;The authorization center determines the first security parameter λ, the second security parameter k, the third security parameter γ, the parameter τ of the number of keywords and the parameter θ=2- λ of the Bernoulli distribution; the message length l and dimension of the plaintext matrix are defined The number N and the packet length m are respectively l=l(λ), N=N(λ), m=m(λ); the authorization center defines the generation matrix of the error correction code as G=G m×l , and sets the decorrection The number of error codes is d=(θ+σ) m, and a group of binary linear error correction codes D is selected according to the generator matrix G and the number d of error correction codes, where G m×l means that the generator matrix is m×l order, σ is a fixed value selected on the (0,1) interval;

对于任意比特串K∈{0,1}γ,授权中心定义PK(x)是{0,1}τ区间上的伪随机置换函数族,定义FK(x)是定义域为{0,1}τ、值域为{0,1}γ的第一伪随机函数族,定义GK(x)是定义域为[1,n]、值域为{0,1}的第二伪随机函数族;For any bit string K∈{0,1} γ , the authorization center defines P K (x) as a family of pseudorandom permutation functions on the interval {0,1} τ , and defines F K (x) as a domain of {0, 1} τ , the first family of pseudorandom functions with a range of {0,1} γ , define G K (x) as the second family of pseudorandom functions with a domain of [1,n] and a range of {0,1} function family;

授权中心公开纠错码D、生成矩阵G、伪随机置换函数族PK(x)、第一伪随机函数族FK(x)、第二伪随机函数族GK(x)和公共参数{l,m,N,θ}。The authorization center discloses the error correction code D, the generator matrix G, the pseudo-random permutation function family P K (x), the first pseudo-random function family F K (x), the second pseudo-random function family G K (x) and public parameters { l,m,N,θ}.

步骤2,身份注册。Step 2, identity registration.

用户将个人身份信息提交给授权中心,授权中心审核该用户提交的身份信息是否真实,若真实,则执行步骤(3),否则,拒绝注册。The user submits the personal identity information to the authorization center, and the authorization center checks whether the identity information submitted by the user is true, and if true, executes step (3); otherwise, refuses to register.

步骤3,密钥分发。Step 3, key distribution.

(3a)授权中心定义有限域选取矩阵作为用户加密明文的对称密钥,其中,是整数环,2是素数;(3a) Authorization center defines limited fields selection matrix As the symmetric key for the user to encrypt the plaintext, where, is an integer ring, 2 is a prime number;

(3b)授权中心利用消息认证码的密钥生成算法HMAC-KeyGen(1k)为用户生成消息认证码HMAC操作所需的密钥kmac(3b) The authorization center uses the key generation algorithm HMAC-KeyGen(1 k ) of the message authentication code to generate the key k mac required for the operation of the message authentication code HMAC for the user:

kmac=HMAC-KeyGen(1k),k mac = HMAC-KeyGen(1 k ),

其中,k是授权中心选取的第二安全参数;Wherein, k is the second security parameter selected by the authorization center;

(3c)授权中心通过安全信道将消息{S||kmac||γ||τ}发送给用户;(3c) The authorization center sends the message {S||k mac ||γ||τ} to the user through a secure channel;

(3d)用户将对称密钥S、消息认证码HMAC的密钥kmac、第三安全参数γ和关键字个数的参量τ秘密保存。(3d) The user keeps the symmetric key S, the key k mac of the message authentication code HMAC, the third security parameter γ and the parameter τ of the number of keywords in secret.

步骤4,处理明文文件。Step 4, process the plaintext file.

设定用户需要加密的明文文件总数为n,每个明文文件用εj表示,1≤j≤n,Set the total number of plaintext files that the user needs to encrypt as n, each plaintext file is represented by ε j , 1≤j≤n,

参照图2,用户处理明文文件εj的步骤如下:Referring to Figure 2, the steps for the user to process the plaintext file ε j are as follows:

(4a)用户对明文文件εj中的明文矩阵进行分块,定义每个明文矩阵块为根据对称密钥S加密每个明文矩阵块M,获得对应的密文矩阵块W=(A,C),将明文文件εj所有的密文矩阵块W级联起来,得到明文文件εj对应的密文文件ψj(4a) The user blocks the plaintext matrix in the plaintext file ε j , and defines each plaintext matrix block as Encrypt each plaintext matrix block M according to the symmetric key S to obtain the corresponding ciphertext matrix block W=(A, C), and concatenate all the ciphertext matrix blocks W of the plaintext file ε j to obtain the corresponding plaintext file ε j The ciphertext file ψ j ;

其中,A是从中随机选取的系数矩阵,C=A·S+E+G·M,S是对称密钥,G是纠错码D的生成矩阵,E是从Berθ m×N中随机选取的噪声矩阵,Berθ表示{0,1}上的伯努利分布,1的概率为θ,0的概率为1-θ;where A is from The coefficient matrix randomly selected in , C=A S+E+G M, S is the symmetric key, G is the generation matrix of the error correction code D, E is the noise matrix randomly selected from Ber θ m×N , Ber θ represents the Bernoulli distribution on {0,1}, the probability of 1 is θ, and the probability of 0 is 1-θ;

(4b)用户根据消息认证码HMAC密钥kmac和密文文件ψj,利用下式计算密文文件ψj的消息认证标签Tj(4b) The user calculates the message authentication label T j of the ciphertext file ψ j according to the message authentication code HMAC key k mac and the ciphertext file ψ j :

Tj=HMAC(kmacj);T j = HMAC(k macj );

(4c)用户按如下步骤为明文文件εj生成索引比特串Ij(4c) The user generates the index bit string I j for the plaintext file ε j according to the following steps:

(4c1)用户随机均匀选取第一秘密值s∈{0,1}γ、第二秘密值r∈{0,1}γ,生成一个可记录2τ个关键字(i,wi)的索引字典,其中,i为标号,i∈[1,2τ],wi为关键字,wi∈{0,1}*,*表示任意长度,将索引字典和两个秘密值s、r秘密保存;(4c1) The user randomly and uniformly selects the first secret value s∈{0,1} γ and the second secret value r∈{0,1} γ to generate an index that can record 2 τ keywords (i,w i ) Dictionary, where i is a label, i∈[1,2 τ ], w i is a keyword, w i ∈ {0,1} * , * means any length, and the index dictionary and two secret values s, r secret save;

(4c2)用户根据第一秘密值s选取伪随机置换函数族PK(x)中的伪随机置换函数Ps(x),根据第二秘密值r选取第一伪随机函数族FK(x)中的函数Fr(x);(4c2) The user selects the pseudorandom permutation function P s (x) in the pseudorandom permutation function family P K (x) according to the first secret value s, and selects the first pseudorandom function family F K (x) according to the second secret value r ) function F r (x);

(4c3)用户计算下标值ri=Fr(i),i∈[1,2τ],根据ri的值选取第二伪随机函数族GK(x)中的函数Gri(x);(4c3) The user calculates the subscript value r i =F r (i), i∈[1,2 τ ], and selects the function G ri (x) in the second pseudorandom function family G K (x) according to the value of r i );

(4c4)用户根据εj中是否包含关键字wi,为明文文件εj生成一个2τ长的初始比特串Ij′:( 4c4 ) The user generates a 2τ-long initial bit string I j ′ for the plaintext file ε j according to whether ε j contains the keyword w i :

若明文文件εj包含关键字wi,则置初始比特串Ij′的第Ps(i)位为1,即Ij′[Ps(i)]=1;If the plaintext file ε j contains the keyword w i , then set the P s (i) bit of the initial bit string I j ′ to 1, that is, I j ′[P s (i)]=1;

若明文文件εj不包含关键字wi,则置初始比特串Ij′的第Ps(i)位为0,即Ij′[Ps(i)]=0;If the plaintext file ε j does not contain the keyword w i , then set the P s (i) bit of the initial bit string I j ′ to 0, that is, I j ′[P s (i)]=0;

遍历i的所有值,得到初始比特串Ij′;Traverse all the values of i to get the initial bit string I j ′;

(4c5)用户将初始比特串Ij′第i位的值与函数值Gri(j)进行异或操作,即得到索引比特串Ij的第i位的值,遍历i的所有值,得到索引比特串Ij(4c5) The user performs an XOR operation on the value of the i-th bit of the initial bit string I j ′ and the function value G ri (j), that is Obtain the value of the i-th bit of the index bit string I j , traverse all the values of i, and obtain the index bit string I j .

步骤5,数据上传。Step 5, data upload.

(5a)用户通过安全的信道,将消息认证码密钥kmac发送给云服务器,并将消息{Ij||ψj||Tj}上传至云服务器,其中,1≤j≤n,n为明文文件总数,||表示级联符号;(5a) The user sends the message authentication code key k mac to the cloud server through a secure channel, and uploads the message {I j ||ψ j ||T j } to the cloud server, where 1≤j≤n, n is the total number of plaintext files, || represents the concatenation symbol;

(5b)云服务器利用消息认证码HMAC的验证算法Verify(),对每个密文文件进行完整性验证,验证结果用vj表示,即vj=Verify(kmacj,Tj),其中,1≤j≤n,n为明文文件总数;(5b) The cloud server uses the verification algorithm Verify() of the message authentication code HMAC to verify the integrity of each ciphertext file, and the verification result is represented by v j , that is, v j = Verify(k macj ,T j ) , where, 1≤j≤n, n is the total number of plaintext files;

若vj=1,表明ψj在上传过程中未被篡改,则云服务器接收该消息,并将索引字符串Ij保存到索引字符串集合I中,同时向用户返回“ψj上传成功”的通知;If v j = 1, it means that ψ j has not been tampered with during the upload process, then the cloud server receives the message, saves the index string I j in the index string set I, and returns "ψ j uploaded successfully" to the user announcement of;

若vj=0,表明ψj在上传过程中被篡改,则云服务器拒绝接收该消息,并向用户返回“ψj上传错误”的通知;If v j = 0, it indicates that ψ j has been tampered with during the upload process, then the cloud server refuses to receive the message, and returns a notification of "ψ j upload error" to the user;

(5c)用户根据收到的通知内容确定是否上传成功:(5c) The user determines whether the upload is successful according to the content of the notification received:

若用户接收到“ψj上传成功”的通知,表明ψj已经成功上传至云服务器;If the user receives the notification "ψ j uploaded successfully", it means that ψ j has been successfully uploaded to the cloud server;

若用户接收到“ψj上传错误”的通知,则返回步骤(5a)。If the user receives the notification of "ψ j upload error", return to step (5a).

步骤6,下载密文并解密。Step 6, download the ciphertext and decrypt it.

参照图3,本步骤的具体实现如下:Referring to Figure 3, the specific implementation of this step is as follows:

(6a)用户生成需下载文件中的关键字wμ的陷门并上传至云服务器:(6a) The user generates a trapdoor for the keyword w μ in the file to be downloaded And upload to the cloud server:

(6a1)用户从索引字典中找到与关键字wμ对应的标号μ;(6a1) The user finds the label μ corresponding to the keyword w μ from the index dictionary;

(6a2)用户根据第一秘密值s选取伪随机置换函数族PK(x)中的伪随机置换函数Ps(x),根据第二秘密值r选取第一伪随机函数族FK(x)中的函数Fr(x);(6a2) The user selects the pseudorandom permutation function P s (x) in the pseudorandom permutation function family P K (x) according to the first secret value s, and selects the first pseudorandom function family F K (x) according to the second secret value r ) function F r (x);

(6a3)用户根据标号μ计算置换标号p=Ps(μ);(6a3) The user calculates the replacement label p=P s (μ) according to the label μ;

(6a4)用户根据置换标号p计算函数索引值f=Fr(p);(6a4) The user calculates the function index value f=F r (p) according to the replacement label p;

(6a5)用置换标号p和函数索引值f,构成陷门 (6a5) Use the permutation label p and the function index value f to form a trapdoor

(6b)云服务器根据陷门对已存储的文件索引比特串集合I进行匹配检索:(6b) The cloud server according to the trapdoor Carry out matching retrieval to the stored file index bit string set I:

(6b1)云服务器将索引比特串Ij中置换标号p对应的位值与函数值Gf(j)进行异或操作,即得到初始比特串Ij′中置换标号p对应的位值,其中,p是陷门中的置换标号,f是陷门中的函数索引值,Gf(x)是根据f的值从第二伪随机函数族GK(x)中选取的伪随机函数,Ij′[p]表示初始比特串Ij′中置换标号p对应的位值,Ij[p]表示索引比特串Ij中置换标号p对应的位值,表示异或操作;(6b1) The cloud server performs an XOR operation on the bit value corresponding to the replacement label p in the index bit string I j and the function value G f (j), that is Get the bit value corresponding to the replacement label p in the initial bit string I j ′, where p is a trapdoor The permutation label in , f is the trapdoor The function index value in , G f (x) is a pseudo-random function selected from the second pseudo-random function family G K (x) according to the value of f, and I j ′[p] represents the permutation in the initial bit string I j ′ The bit value corresponding to the label p, I j [p] represents the bit value corresponding to the replacement label p in the index bit string I j , Indicates XOR operation;

(6b2)云服务器遍历j的所有值,若存在j∈[1,n],使得初始比特串Ij′中置换标号p对应的位值为1,即Ij′[p]=1,则匹配成功,云服务器给用户返回相应的密文ψ,继续步骤(6c);若不存在,则匹配失败,云服务器给用户返回“检索失败”的通知;(6b2) The cloud server traverses all values of j, if j∈[1,n] exists, so that the bit value corresponding to the replacement label p in the initial bit string I j ′ is 1, that is, I j ′[p]=1, then If the matching is successful, the cloud server returns the corresponding ciphertext ψ to the user, and continues to step (6c); if it does not exist, the matching fails, and the cloud server returns a notification of "retrieval failure" to the user;

(6c)用户解密密文ψ获得对应的明文文件ε:(6c) The user decrypts the ciphertext ψ to obtain the corresponding plaintext file ε:

(6c1)用户根据对称密钥S和密文文件ψ中的每一个密文矩阵块W=(A,C),计算中间矩阵Q:(6c1) The user calculates the intermediate matrix Q according to the symmetric key S and each ciphertext matrix block W=(A,C) in the ciphertext file ψ:

Q=C-A·S;Q=C-A·S;

(6c2)用户对中间矩阵Q的每一列调用纠错码D进行解码,得到相应的明文矩阵块M;(6c2) The user calls the error correction code D to decode each column of the intermediate matrix Q, and obtains the corresponding plaintext matrix block M;

(6c3)用户将所有的明文矩阵块M级联起来,得到对应的明文文件ε。(6c3) The user concatenates all plaintext matrix blocks M to obtain the corresponding plaintext file ε.

以上描述仅是本发明的一个具体实例,不构成对本发明的任何限制,显然对于本领域的专业人员来说,在了解了本发明内容和原理后,都可能在不背离本发明原理、结构的情况下,进行形式和细节上的各种修正和改变,但是这些基于本发明思想的修正和改变仍在本发明的权利要求保护范围之内。The above description is only a specific example of the present invention, and does not constitute any limitation to the present invention. Obviously, for those skilled in the art, after understanding the content and principle of the present invention, it is possible without departing from the principle and structure of the present invention. In some cases, various modifications and changes in form and details are made, but these modifications and changes based on the idea of the present invention are still within the protection scope of the claims of the present invention.

Claims (6)

1. the privacy data encryption method of key is depended on based on message, is comprised the steps:
(1) initialize:
(1a) authorization center determines the first security parameter λ, the second security parameter k, the 3rd security parameter γ, the ginseng of keyword number Amount τ and parameter θ=2 of Bernoulli Jacob's distribution, the message-length l of definition plaintext matrix, dimension N, respectively block length m, l=l (λ), N=N (λ), m=m (λ);
(1b) generator matrix that authorization center defines error correcting code is G=Gm×l, the number for arranging solution error correcting code is d=(θ+σ) m, Error correcting code number d is conciliate according to generator matrix G and chooses one group of binary linear error correcting code D, wherein, Gm×lExpression generator matrix is m × l ranks, σ be (0, the 1) fixed value chosen on interval;
(1c) for any Bit String K ∈ { 0,1 }γ, authorization center definition PKX () is { 0,1 }τPseudo-random permutation letter on interval Number race, defines FKX it is { 0,1 } that () is domain of definitionτ, codomain be { 0,1 }γThe first pseudo-random function race, define GKX () is definition The second pseudo-random function race that domain is [1, n], codomain is { 0,1 };
(1d) authorization center discloses error correcting code D, generator matrix G, pseudo-random permutation family of functions PK(x), the first pseudo-random function race FK (x), the second pseudo-random function race GK(x) and common parameter { l, m, N, θ };
(2) identity registration:
(2a) personally identifiable information is submitted to authorization center by user;
(2b) authorization center audits whether the identity information that the user submits to is true, if truly, execution step (3) otherwise, is refused Register absolutely;
(3) key distribution:
(3a) authorization center defines finite fieldChoose matrixAs the symmetrical of user encryption plaintext Key, wherein,It is integer item, 2 is prime number;
(3b) key k of the authorization center for needed for user generates message authentication code HMAC operationsmac
(3c) authorization center by safe lane by message S | | kmac| | γ | | τ } it is sent to user;
Wherein, S is the symmetric key of user encryption plaintext, and γ is the 3rd security parameter, and τ is the parameter of keyword number, | | table Show cascade symbol;
(3d) user is by symmetric key S, message authentication code HMAC key kmac, the 3rd security parameter γ and keyword number ginseng Amount τ is secret to be preserved;
(4) process clear text file:
(4a) user encryption clear text file εjWhen, piecemeal is carried out to its plaintext matrix, defining each plaintext matrix block isWherein, 1≤j≤n, n are clear text file sum;
(4b) user encrypts each plaintext matrix block M according to symmetric key S, obtains corresponding ciphertext matrix block W:
W=(A, C),
Wherein, A be fromIn the coefficient matrix that randomly selects, C=A S+E+G M, S are symmetric keys, and G is error correcting code D Generator matrix, E is from Berθ m×NIn the noise matrix that randomly selects, BerθRepresent { 0,1 } on Bernoulli Jacob distribution, 1 it is general Rate is θ, and 0 probability is 1- θ;
(4c) by clear text file εjAll of ciphertext matrix block W cascades up, and obtains clear text file εjCorresponding cryptograph files ψj
(4d) user is according to message authentication code HMAC key kmacWith cryptograph files ψjCalculate cryptograph files ψjMessage authentication tag Tj
Tj=HMAC (kmacj),
Wherein, HMAC () represents message authentication tag generating algorithm;
(4e) user uniformly chooses the first secret value s ∈ { 0,1 } at randomγ, the second secret value r ∈ { 0,1 }γ, generating one can remember Record 2τIndividual keyword (i, wi) index dictionary, will index dictionary and two secret values s, r are secret preserves;
Wherein, i is label, i ∈ [1,2τ], wiFor keyword, wi∈{0,1}*, * represents random length;
(4f) user generates clear text file εjIndex bit string Ij
(5) data are uploaded:
(5a) channel of the user by safety, by authentication code key kmacIt is sent to Cloud Server, and by message { Ij||ψj|| TjCloud Server is uploaded to, wherein, 1≤j≤n, n are clear text file sum, | | represent cascade symbol;
(5b) Cloud Server carries out integrity verification, the result v according to the following formula to each cryptograph filesjRepresent:
vj=Verify (kmacj,Tj),
Wherein, 1≤j≤n, n are that clear text file is total, and Verify () represents the verification algorithm of message authentication code HMAC;
If vj=1, show ψjIt is not tampered with upload procedure, then the cloud server message, and by index character string IjProtect It is stored in index character set of strings I, while returning " ψ to userjUpload successfully " notice;
If vj=0, show ψjIt is tampered in upload procedure, then Cloud Server rejects the message, and returns " ψ to userj The notice of upload mistake ";
(5c) user determines whether to upload successfully according to the content of announcement for receiving:
If user receives " ψjUpload successfully " notice, show ψjIt has been successfully uploaded to Cloud Server;
If user receives " ψjUpload mistake " notice, then return to step (5a);
(6) download ciphertext and decrypt:
(6a) user generates the keyword w that need to be downloaded in fileμTrapdoorAnd it is uploaded to Cloud Server;
(6b) Cloud Server is according to trapdoorFile index bit set of strings I to having stored carries out matching retrieval, if matching into Work(, Cloud Server return corresponding ciphertext ψ to user, continue step (6c);If it fails to match, Cloud Server is returned to user The notice of " retrieval failure ";
(6c) user's decrypting ciphertext ψ obtains corresponding clear text file ε.
2. method according to claim 1, it is characterised in that authorization center is that user generates message authentication in step (3b) Key k needed for code HMAC operationsmac, calculate according to the following formula:
kmac=HMAC-KeyGen (1k),
Wherein, k be authorization center choose the second security parameter, HMAC-KeyGen (1k) represent that the key of message authentication code is generated Algorithm, kmacIt is the authentication code key for generating.
3. method according to claim 1, it is characterised in that user generates clear text file ε in step (4f)jIndex word Symbol string Ij, carry out as follows:
(4f1) user chooses pseudo-random permutation family of functions P according to the first secret value sKPseudo-random permutation function P in (x)s(x), First pseudo-random function race F is chosen according to the second secret value rKFunction F in (x)r(x);
(4f2) calculate subscript value ri=Fr(i), i ∈ [1,2τ], according to riValue choose the second pseudo-random function race GKIn (x) Function
(4f3) user is according to εjIn whether include keyword wi, it is clear text file εjGenerate one 2τLong bits of original string I 'j
If clear text file εjComprising keyword wi, then put bits of original string I 'jPsI () position is 1, i.e. I 'j[Ps(i)]=1;
If clear text file εjNot comprising keyword wi, then put bits of original string I 'jPsI () position is 0, i.e. I 'j[Ps(i)]=0;
The all values of traversal i, obtain bits of original string Ij′;
(4f4) user is by bits of original string IjThe value function value of ' i-th bitXor operation is carried out, i.e.,Obtain index bit string IjI-th bit value, i ∈ [1,2τ],Represent xor operation;
The all values of traversal i, obtain index bit string Ij
4. method according to claim 1, it is characterised in that user generates the key that need to be downloaded in file in step (6a) Word wμTrapdoorCarry out as follows:
(6a1) user is found and keyword w from index dictionaryμCorresponding label μ;
(6a2) user chooses pseudo-random permutation family of functions P according to the first secret value sKPseudo-random permutation function P in (x)s(x), First pseudo-random function race F is chosen according to the second secret value rKFunction F in (x)r(x);
(6a3) user calculates displacement label p=P according to label μs(μ);
(6a4) user calculates index functions value f=F according to displacement label pr(p);
(6a5) with displacement label p and index functions value f, constitute trapdoor
5. method according to claim 1, it is characterised in that Cloud Server is according to trapdoor in step (6b)To depositing File index bit set of strings I of storage carries out matching retrieval, carries out as follows:
(6b1) Cloud Server is by index bit string IjMiddle displacement corresponding place value function values G of label pfJ () carries out xor operation, I.e.Obtain bits of original string I 'jThe middle displacement corresponding place values of label p, wherein, p is trapdoorIn Displacement label, f is trapdoorIn index functions value, GfX () is from the second pseudo-random function race G according to the value of fKIn (x) The pseudo-random function of selection, I 'j[p] represents bits of original string I 'jThe middle displacement corresponding place values of label p, Ij[p] represents index ratio Special string IjThe middle displacement corresponding place values of label p,Represent xor operation;
(6b2) Cloud Server travels through all values of j, if there is j ∈ [1, n] so that bits of original string I 'jMiddle displacement label p correspondences Place value be 1, i.e. I 'j[p]=1, then the match is successful;If not existing, it fails to match.
6. method according to claim 1, it is characterised in that it is right that the user's decrypting ciphertext ψ described in step (6c) is obtained Clear text file ε answered, is carried out as follows:
(6c1) user calculates middle square according to each ciphertext matrix block W=(A, C) in symmetric key S and cryptograph files ψ Battle array Q:
Q=C-A S;
(6c2) user calls error correcting code D to decode every string of intermediary matrix Q, obtains corresponding plaintext matrix block M;
(6c3) all of plaintext matrix block M is cascaded up by user, obtains corresponding clear text file ε.
CN201610948549.2A 2016-11-02 2016-11-02 A message-dependent key-based encryption method for private data Active CN106534092B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201610948549.2A CN106534092B (en) 2016-11-02 2016-11-02 A message-dependent key-based encryption method for private data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201610948549.2A CN106534092B (en) 2016-11-02 2016-11-02 A message-dependent key-based encryption method for private data

Publications (2)

Publication Number Publication Date
CN106534092A true CN106534092A (en) 2017-03-22
CN106534092B CN106534092B (en) 2019-07-02

Family

ID=58292868

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201610948549.2A Active CN106534092B (en) 2016-11-02 2016-11-02 A message-dependent key-based encryption method for private data

Country Status (1)

Country Link
CN (1) CN106534092B (en)

Cited By (24)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107301544A (en) * 2017-06-26 2017-10-27 北京泛融科技有限公司 A kind of safe Wallet System of block chain
CN107395349A (en) * 2017-08-16 2017-11-24 深圳国微技术有限公司 A kind of block chain network cryptographic key distribution method based on self-certified public key system
CN107634989A (en) * 2017-08-25 2018-01-26 中积有限公司 A kind of cloud wallet construction method and server
TWI622949B (en) * 2017-05-26 2018-05-01 富邦金融控股股份有限公司 Know your customer (kyc) data marking dispute relief system with multiple secret key and method thereof
CN108011885A (en) * 2017-12-07 2018-05-08 北京科技大学 A kind of E-mail encryption method and system based on group cipher system
CN108846297A (en) * 2018-07-16 2018-11-20 佛山伊苏巨森科技有限公司 A method of distributing and retrieve data in the block chain network with peer node
CN109104270A (en) * 2018-09-21 2018-12-28 华南理工大学 A kind of insincere cloud center resources sharing method based on Hill operation and chaos
CN109104392A (en) * 2017-06-21 2018-12-28 杨树桃 A kind of safe Wallet System of block chain
CN109361663A (en) * 2018-10-10 2019-02-19 中航信托股份有限公司 A kind of correlation technique, system and relevant apparatus accessing encryption data
CN109586894A (en) * 2018-11-16 2019-04-05 重庆邮电大学 The encryption method of data in OPC UA edge calculations is realized based on pseudo-random permutation
CN109951453A (en) * 2019-02-26 2019-06-28 符安文 A kind of safe encryption method based on block chain
CN110012007A (en) * 2019-04-02 2019-07-12 国网新疆电力有限公司电力科学研究院 Dispatching method and dispatching system of circular shuttle based on location data encryption
WO2019136959A1 (en) * 2018-01-12 2019-07-18 深圳壹账通智能科技有限公司 Data processing method and device, computer device and storage medium
CN110138749A (en) * 2019-04-23 2019-08-16 华为技术有限公司 Data security protection method and related equipment
CN110232080A (en) * 2019-05-23 2019-09-13 智慧谷(厦门)物联科技有限公司 A kind of method for quickly retrieving based on block chain
CN110610105A (en) * 2019-09-25 2019-12-24 郑州轻工业学院 An authentication method for 3D model files based on secret sharing in cloud environment
CN111600948A (en) * 2020-05-14 2020-08-28 北京安御道合科技有限公司 Cloud platform application and data security processing method, system, storage medium and program based on identification password
WO2020233624A1 (en) * 2019-05-20 2020-11-26 创新先进技术有限公司 Receipt storage method and node employing transaction type in combination with event function type
CN112134939A (en) * 2020-09-16 2020-12-25 许永宾 Block city cloud platform based on smart city
CN112311781A (en) * 2020-10-23 2021-02-02 西安电子科技大学 Encryption method with safe forward and backward direction and recoverable keyword shielding
CN114884700A (en) * 2022-04-18 2022-08-09 华中科技大学 Searchable public key encryption batch processing method and system for resisting keyword guessing attack
CN115996120A (en) * 2023-03-22 2023-04-21 江西经济管理干部学院 A computer data encryption and decryption method and system based on a mobile storage device
CN118368062A (en) * 2024-06-19 2024-07-19 江西曼荼罗软件有限公司 Data transmission method, system, storage medium and equipment based on shared secret key
CN119249462A (en) * 2024-12-04 2025-01-03 浙江蚂蚁密算科技有限公司 A method, device and storage medium for judging tampering of ciphertext data

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104320262A (en) * 2014-11-05 2015-01-28 中国科学院合肥物质科学研究院 User public key address binding, searching and verifying method and system based on crypto currency open account book technology
CN104618366A (en) * 2015-01-27 2015-05-13 西安电子科技大学 System and method for security management of Internet archives based on attributes
CN104836790A (en) * 2015-03-30 2015-08-12 西安电子科技大学 Linked storage fine-grained access control model based on attribute encryption and timestamp

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104320262A (en) * 2014-11-05 2015-01-28 中国科学院合肥物质科学研究院 User public key address binding, searching and verifying method and system based on crypto currency open account book technology
CN104618366A (en) * 2015-01-27 2015-05-13 西安电子科技大学 System and method for security management of Internet archives based on attributes
CN104836790A (en) * 2015-03-30 2015-08-12 西安电子科技大学 Linked storage fine-grained access control model based on attribute encryption and timestamp

Cited By (33)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
TWI622949B (en) * 2017-05-26 2018-05-01 富邦金融控股股份有限公司 Know your customer (kyc) data marking dispute relief system with multiple secret key and method thereof
CN108965228A (en) * 2017-05-26 2018-12-07 富邦金融控股股份有限公司 Dispute relief system with KYC data mark of multiple keys and method thereof
CN108965228B (en) * 2017-05-26 2020-08-28 富邦金融控股股份有限公司 Dispute relief system and method for KYC data tokenization with multiple keys
CN109104392A (en) * 2017-06-21 2018-12-28 杨树桃 A kind of safe Wallet System of block chain
CN107301544A (en) * 2017-06-26 2017-10-27 北京泛融科技有限公司 A kind of safe Wallet System of block chain
CN107395349A (en) * 2017-08-16 2017-11-24 深圳国微技术有限公司 A kind of block chain network cryptographic key distribution method based on self-certified public key system
CN107634989A (en) * 2017-08-25 2018-01-26 中积有限公司 A kind of cloud wallet construction method and server
CN108011885A (en) * 2017-12-07 2018-05-08 北京科技大学 A kind of E-mail encryption method and system based on group cipher system
CN108011885B (en) * 2017-12-07 2020-12-15 北京科技大学 An email encryption method and system based on group cryptography
WO2019136959A1 (en) * 2018-01-12 2019-07-18 深圳壹账通智能科技有限公司 Data processing method and device, computer device and storage medium
CN108846297A (en) * 2018-07-16 2018-11-20 佛山伊苏巨森科技有限公司 A method of distributing and retrieve data in the block chain network with peer node
CN109104270A (en) * 2018-09-21 2018-12-28 华南理工大学 A kind of insincere cloud center resources sharing method based on Hill operation and chaos
CN109361663B (en) * 2018-10-10 2021-05-28 中航信托股份有限公司 Method, system and device for accessing encrypted data
CN109361663A (en) * 2018-10-10 2019-02-19 中航信托股份有限公司 A kind of correlation technique, system and relevant apparatus accessing encryption data
CN109586894A (en) * 2018-11-16 2019-04-05 重庆邮电大学 The encryption method of data in OPC UA edge calculations is realized based on pseudo-random permutation
CN109951453A (en) * 2019-02-26 2019-06-28 符安文 A kind of safe encryption method based on block chain
CN110012007B (en) * 2019-04-02 2021-02-26 国网新疆电力有限公司营销服务中心(资金集约中心、计量中心) Annular shuttle vehicle scheduling method and system based on position data encryption
CN110012007A (en) * 2019-04-02 2019-07-12 国网新疆电力有限公司电力科学研究院 Dispatching method and dispatching system of circular shuttle based on location data encryption
CN110138749A (en) * 2019-04-23 2019-08-16 华为技术有限公司 Data security protection method and related equipment
WO2020233624A1 (en) * 2019-05-20 2020-11-26 创新先进技术有限公司 Receipt storage method and node employing transaction type in combination with event function type
CN110232080A (en) * 2019-05-23 2019-09-13 智慧谷(厦门)物联科技有限公司 A kind of method for quickly retrieving based on block chain
CN110610105A (en) * 2019-09-25 2019-12-24 郑州轻工业学院 An authentication method for 3D model files based on secret sharing in cloud environment
CN111600948A (en) * 2020-05-14 2020-08-28 北京安御道合科技有限公司 Cloud platform application and data security processing method, system, storage medium and program based on identification password
CN112134939A (en) * 2020-09-16 2020-12-25 许永宾 Block city cloud platform based on smart city
CN112311781B (en) * 2020-10-23 2021-11-12 西安电子科技大学 A forward-backward secure encryption method with recoverable keyword masking
CN112311781A (en) * 2020-10-23 2021-02-02 西安电子科技大学 Encryption method with safe forward and backward direction and recoverable keyword shielding
CN114884700A (en) * 2022-04-18 2022-08-09 华中科技大学 Searchable public key encryption batch processing method and system for resisting keyword guessing attack
CN114884700B (en) * 2022-04-18 2023-04-28 华中科技大学 Searchable public key encryption batch processing method and system for resisting key guessing attack
CN115996120A (en) * 2023-03-22 2023-04-21 江西经济管理干部学院 A computer data encryption and decryption method and system based on a mobile storage device
CN115996120B (en) * 2023-03-22 2023-09-29 江西经济管理干部学院 A computer data encryption and decryption method and system based on mobile storage devices
CN118368062A (en) * 2024-06-19 2024-07-19 江西曼荼罗软件有限公司 Data transmission method, system, storage medium and equipment based on shared secret key
CN118368062B (en) * 2024-06-19 2024-09-06 江西曼荼罗软件有限公司 Data transmission method, system, storage medium and equipment based on shared secret key
CN119249462A (en) * 2024-12-04 2025-01-03 浙江蚂蚁密算科技有限公司 A method, device and storage medium for judging tampering of ciphertext data

Also Published As

Publication number Publication date
CN106534092B (en) 2019-07-02

Similar Documents

Publication Publication Date Title
CN106534092B (en) A message-dependent key-based encryption method for private data
AU2018367363B2 (en) Processing data queries in a logically sharded data store
US10873450B2 (en) Cryptographic key generation for logically sharded data stores
US11552787B2 (en) Key exchange schemes with addressable elements
US6959394B1 (en) Splitting knowledge of a password
EP3694143B1 (en) Enabling access to data
CA2497561A1 (en) Method and system of securely escrowing private keys in a public key infrastructure
CN102138300A (en) Message authentication code pre-computation with applications to secure memory
CN107222483A (en) A kind of method of the electronic document network memory management of many access levels
CA3065767C (en) Cryptographic key generation for logically sharded data stores
Chidambaram et al. Enhancing the security of customer data in cloud environments using a novel digital fingerprinting technique
Goel et al. LEOBAT: Lightweight encryption and OTP based authentication technique for securing IoT networks
US20150205970A1 (en) Data encryption using an external arguments encryption algorithm
Jones et al. Information security: A coordinated strategy to guarantee data security in cloud computing
CN114826702B (en) Database access password encryption method and device and computer equipment
Pavani et al. Data security and privacy issues in cloud environment
CN116488855B (en) Lightweight property rights confirmation system and method based on chain storage structure encryption technology
Jabbar et al. Design and implementation of hybrid EC-RSA security algorithm based on TPA for cloud storage
CN117254927A (en) Public key encryption method and system for preventing leakage and hiding attribute based on edge calculation
Vignesh et al. Secure data deduplication system with efficient and reliable multi-key management in cloud storage
Mursalat et al. Column-Level Database Encryption Using Rijndael Algorithm and Dynamic Key on Learning Management System
Selvakumar et al. Secure Sharing of Data in Private Cloud by RSA-OAEP Algorithm
Reddy et al. Data Storage on Cloud using Split-Merge and Hybrid Cryptographic Techniques
CN118764196B (en) Multi-party broadcast encryption method, device and equipment based on MPT tree
CN114900288B (en) Industrial environment authentication method based on edge service

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant