52results about How to "Resistant to Collusion Attacks" patented technology

The invention discloses a user-oriented cloud storage data integrity protection method. The method includes the steps of 1, uploading, wherein a user side segments and numbers a file to generate intra-block redundancy check codes, the hash value of each file block is calculated and saved as a range-based 2-3 tree, the hash values are linked into one value and signed with private keys, and inter-block redundancy check codes are generated and encrypted with stream substitution secret keys; 2, verification, wherein a cloud management node sends a verification request to a corresponding cloud storage server, corresponding original data and algebraic signatures of the inter-block redundancy check codes corresponding to the original data are calculated and returned to the user side for data integrity verification, and the step 3 is executed if data destruction is found; 3, recovery, wherein the user side acquires all the file blocks on corresponding branch trees from a cloud side according to tree information and performs error recovery on the file blocks through erasure codes of the file blocks. According to the method, integrity verification and recovery are performed on the dynamic data stored in the cloud side from the user perspective.

The invention discloses a combining method and system for protecting power utilization privacy and integrity in a smart power grid. According to the method, a smart electric meter arranged for a user is used for recording and reporting the power consumption of the user in real time; a gateway having computing capability is responsible for a data combining function and a relay function; a control center is used for collecting, processing and analyzing the real-time power consumption data of each user, and providing reliable services; a credible center is used for managing a whole system. The method comprises a system initialization stage (1), a user data reporting stage (2), a security data combining stage (3) and combined data recovery extremism (4). By adopting the combining method and system, a safe data combining system is implemented, and the power utilization privacy of the user is protected; meanwhile, the integrity of data is ensured, namely, data communication errors are detected and reported technically, the user is prevented from reporting illegally with a false name, and the reported power consumption is prevented from being illegally captured, modified, faked and the like.

The invention discloses a ciphertext poly attribute base encryption method having an efficient attribute revocation capability. The method successively comprises the following steps: (1) system establishment, (2) attribute administrator establishment, (3) user private key generation, (4) encryption, (5) decryption, (6) attribute administrator upgrading, (&)user upgrading, and (8) re-encryption. The method has the advantages of less users related in the revocation process, small revocation cost, high revocation efficiency and the like.

The present invention provides an encryption system and method for resisting re-encryption key leakage and capable of cancelling attributes. The method comprises: 1, setting the parameters of an encryption system; 2, generating the main private key and the public key of the encryption system; 3, generating a user private key; 4, building a re-encryption key tree; 5, generating a cryptograph file; 6, cancelling attributes; 7, performing re-encryption agency; 8, accessing the cryptograph file; 9, determining whether the update position of the cryptograph file is 1 or not; 10, decrypting an un-updating cryptograph file; 11, updating the private key; 12, decrypting the update cryptograph file; and 13, quitting the encryption system. Through adoption of a dual-agency re-encryption server model, the encryption system and method for resisting re-encryption key leakage and capable of cancelling attributes can resist the leakage of the re-encryption key. When the attributes are cancelled, an attribute user group is employed to construct the re-encryption key tree so as to effectively, timely and accurately cancel the indirect attributes. When the encryption is performed, the secret is dispersed to resist the conspiracy attack.

The invention belongs to the field of information retrieval and the technical field of its database structure, and discloses a revocable data sharing method based on fog calculation. When a user revocation occurs, it is not necessary to update the keys of other unrevoked users and re-encrypt the ciphertext, only the conversion key of the revoked user needs to be deleted; after the conversion key is deleted, the cloud server cannot perform partial decryption operations for the revoked user, thereby realizing the user's revocation. When an attribute revocation occurs, the keys of all affected users in the system needs to be updated and the ciphertext is re-encrypted to ensure that other users may still decrypt the ciphertext as usual. The invention realizes the data access control in the data network system, has the advantages such as high system access efficiency, low computational cost, and support for dynamic user rights management, and may be used for protecting the privacy data of the user in the data network, reducing the calculation cost of the user, and dynamically managing the authority of the user in the system.

The invention belongs to the technical field of Internet of Vehicles crowd sensing. The invention provides an Internet of Vehicles crowd sensing incentive method with a privacy protection characteristic based on blockchain, and aims to solve the problems that the privacy protection means of an existing Internet of Vehicles crowd sensing incentive method mostly depend on a third party, the hidden danger of privacy disclosure exists, and the problem of award distribution fairness is solved. According to the method, through an anonymous identity authentication mechanism, a winner selection mechanism for protecting privacy, a fairness-enhanced reward payment scheme and an intelligent contract, the problems of single-point faults, collusion attacks and the like existing in a centralized excitation method are solved; a lightweight privacy protection scheme without the assistance of a trusted third party is realized, and the vehicle identity and bidding privacy are protected; and the fairness of the bidder selection and reward allocation algorithm is enhanced.

The invention discloses a multi-mechanism attribute-based encryption method supporting strategy dynamic updating. The method comprises the seven steps of system initialization, attribute mechanism initialization, secret key generation, data encryption, decryption, dynamic updating secrete key generation and dynamic ciphertext updating. An anonymous secret key distributing protocol is introduced to generate a private key for a user, privacy of the user is effectively protected, and collusion attack of an attribute mechanism is resisted. In addition, a dynamic strategy updating algorithm is adopted, strategy updating of any type is supported, and calculation and communication overhead in traditional strategy updating is greatly reduced. The method is low in communication overhead, supports privacy protection and strategy updating and can be applied to a cloud storage environment.

The invention belongs to the field of security authentication in the network space security discipline, and relates to a Byzantine fault-tolerant consensus method based on a distributed key. The method comprises the steps that super nodes participating in consensus are selected, and system common parameters are generated; generating a system public and private key pair and public and private keysof the candidate nodes in a mutual interaction authentication mode according to the public parameters sent by the system; selecting a main node from the super nodes to initiate a proposal request, andstarting a new round of consensus; the secondary node performs individual verification and aggregation verification on the proposal request, and finally determines whether to agree to send the block;after receiving the block, the common node completes time triggering to continue the consensus of the next round, and in the process, if the auxiliary node waits for the case proposal request timeoutor the case proposal response timeout of the main node, the auxiliary node broadcasts the view change request and replaces the main node; according to the invention, the efficiency of reaching the consensus process can be greatly improved.

The invention discloses a homomorphic encryption-based virtual asset anonymous ranking method. The main objective of the invention is to solve the problems of user privacy disclosure and the narrow range of single-client ciphertext ranking which are caused by a condition that a private key is directly handed over to a proxy server in the prior art. The implementation process of the method includes the following steps that: 1) a system is initialized, and the signature public and private key and some public parameters of an authorization center (CA) are determined; 2) a user carries out identity registration application in the authorization center (CA); 3) the authorization center (CA) issue a key to the registered user; 4) the user uses his or her own key to participate in asset ranking and directly encrypts his or her asset data through a learning with error (LWE)-based homomorphic encryption algorithm, and ciphertexts are processed, the ranking of virtual assets is realized. With the method of the invention adopted, the protection of the privacy of the user can be realized, and the universality and anti-conspiracy attack ability of ciphertext ranking can be improved. The method can be used for asset supervision in a bitcoin network.

The invention discloses a distributed attribute-based encryption method supporting fine-grit attribute revocation on lattice, and belongs to the field of the information security. The method comprisesthe following steps: at the system initialization stage: the linear secret sharing is performed on a target vector at a system initialization stage, a sub-secret sharing value is served as a privatekey of a corresponding attribute authorization mechanism, and the attribute authorization mechanism establishes the corresponding binary revocation tree for the managed system attribute; at the user attribute key and the update key generation stage: the attribute authorization mechanism obtains the secondary sub-secret sharing value of the user attribute by using secondary linear secret sharing, and the computes the user attribute key and the user attribute update key through a primary image extraction algorithm and a left-sampling algorithm; at the encryption stage: an encryption party computes the ciphertext of the message by using the Gaussian noise, the encrypted and preprocessed noise vector and the system public parameter; at the decryption: a decryption party decrypts the ciphertextby using the user attribute key and the user attribute update key. The method disclosed by the invention is high in security, flexible in access policy and supports the fine-grit attribute permissionrevocation.

The invention provides a safe data sharing method in a cloud environment. The safe data sharing method is provided in allusion to a problem of encrypted data access control in the cloud storage environment by combining CP-ABE (ciphertext-policy attribute-based encryption). According to the method, a problem of trusted third party dependency in a CP-ABE algorithm is solved through combining a symmetric key of a cloud storage center and a asymmetric private key of an authorized agency; secondly, user unique identification is added to an attribute private key of a user so as to enable a sharing mechanism to resist collusion attacks from illegal users; and finally, revocation of the user is completed through updating the symmetric key, the backward security of shared data is ensured, and the updating efficiency is improved.

The invention relates to a distributed multi-authorization-party ciphertext policy attribute-based encryption method for medium confusion, which is characterized in that when a new attribute authorization center is added into a system, the new attribute authorization center is secretly distributed with a pseudorandom function PRF (.). In order to prevent collusion of users who possess all relevantattributes in a certain relevant attribute management domain, a trusted medium (MDR) is employed in this system. A data owner generates a ciphertext CT including a obfuscation function. Because the secure DO is used, online interaction does not need to be maintained. Similarly, the DO transmits a key to the MDR, where the key is a function variable for receiving a key skU obtained by the user U from the MDR. The skU is calculated from a PRF (.), a GidU of U, or the like. U has the ability to calculate a function, but does not reveal the internal program secret. Wherein I represents a set of AAs serial numbers of an attribute authorization center for managing U attributes, if the identity IDU of U is confirmed, a corresponding private key USKj is issued to the user U, and the MDR sends a private key skU to the user U. And finally, the U decrypts the ciphertext CT by using USKj (j belongs to I).

A multivariable-based proxy re-signature method capable of resisting conspiracy attacks comprises the steps of system generation, key generation, re-signature key generation, trustee A signature generation, agent re-signature generation, and re-signature correctness verification. As two random keys (H<*>A and H<*>B) used by a trustee A and a trustee B in proxy re-signature are generated by adopting a trusted third party, and are used for generating new re-signature keys respectively, an agent converts a signature of the trustee A to a certain message into a signature of the trustee B to the same message by using the corresponding new re-signature key, and the confidentiality of the random keys is high, whether the trustee B and the agent or the trustee A and the agent cannot conspire to acquire the private key of the other trustee, that is, the conspiracy attacks can be resisted effectively. The multivariable-based proxy re-signature method is high in efficiency, safe, reliable, and capable of resisting the conspiracy attacks of the trustee A and the agent or the agent and the trustee B, and can be used in proxy re-signature.

The invention provides a convolutional neural network image classification method based on homomorphic encryption, which is used for solving the technical problems that privacy information is easy to leak and collusion attacks cannot be resisted in the prior art, and comprises the following steps: constructing a multi-party deep learning scene model; initializing encryption parameters by the parameter server; enabling each user to generate a public key and a private key of the user; enabling the parameter server to generate a public key and a private key of the parameter server; enabling the auxiliary server to generate a public key and a private key of the auxiliary server and a joint public key; enabling each user to obtain a training image sample set and a test image sample set; enabling the parameter server to construct a convolutional neural network model and initialize training parameters; enabling the user P to obtain and upload a gradient vector ciphertext; enabling the parameter server to aggregate the gradient ciphertext vectors; enabling the parameter server and the auxiliary server to perform homomorphic re-encryption on the aggregation gradient vector ciphertext; enabling the user P to obtain a training result of the convolutional neural network model; and enabling each user to obtain an image classification result.