Anonymous messaging method, system, message receiving device, and storage medium
By outsourcing the message verification computation of the recipient to the cloud server and using the detection private key to generate blinding and verification computation data, the communication overhead problem of the recipient when verifying false positive messages is solved, and efficient anonymous message transmission is achieved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- HUNAN UNIV
- Filing Date
- 2023-08-08
- Publication Date
- 2026-07-10
AI Technical Summary
In existing anonymous messaging methods, the communication overhead for the receiver when verifying false positive messages is significant, requiring a large amount of computation and message retrieval.
By outsourcing the recipient's verification calculation to a cloud server, blinded calculation data and verification calculation data are generated using the detection private key. The cloud server performs the calculation and returns the result. After verification by the recipient, false positive messages are excluded.
It reduces the communication overhead of the receiver, improves computing efficiency and overall system efficiency, reduces maintenance costs, and ensures privacy and security.
Smart Images

Figure CN116886410B_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the field of information security technology, and in particular relates to an anonymous message transmission method, system, message receiving device, and storage medium. Background Technology
[0002] Anonymous communication techniques can achieve anonymous communication and privacy protection through complex cryptographic primitives or by adding large-scale obfuscation traffic. Compared to proposing new cryptographic primitives to reduce computational overhead, using new schemes to reduce communication overhead is more feasible. For the problem of high communication overhead, a scheme called Fuzzy Message Detection (FMD) was proposed in (Beck G, Len J, Miers I, et al. Fuzzy Message Detection [C] / / Computer and Communications Security. ACM, 2021.). This scheme allows the receiver to generate a dedicated detection key that can identify messages with a certain false positive rate. However, in the FMD scheme, the receiver only sends a portion of its private key to the server for outsourced retrieval. While this reduces the number of messages the receiver needs to retrieve to some extent, the correctness of false positive messages still needs to be verified by the receiver. Since the receiver needs to retrieve all false positive messages during the verification process, the communication overhead remains significant. Summary of the Invention
[0003] Therefore, it is necessary to provide an anonymous message transmission method, system, message receiving device, and storage medium that can reduce the communication overhead of the receiver, in order to address the above-mentioned technical problems.
[0004] This invention provides an anonymous message passing method, comprising:
[0005] A detection private key is sent to a cloud server, which then retrieves the corresponding message set based on the detection private key and returns it. The detection private key includes at least one private key component of the message receiving device's private key, and the number of private key components determines the false positive rate of the message set.
[0006] Based on the private key, blind calculation data and verification calculation data for each message to be received are generated and sent to the cloud server. The cloud server calculates the blind calculation data and verification calculation data to obtain the blind calculation result and the verification calculation result and returns them.
[0007] When the verification calculation result is determined to be correct, false positive messages to be received are excluded from the message set based on the blinding calculation result, and the true messages to be received are obtained.
[0008] In one embodiment, the step of generating blinded computation data and verification computation data for each message to be received based on the private key includes:
[0009] Using a blinding factor, the private key and the message to be received are processed to generate blinding calculation data, and the r-th power of the blinding calculation data is taken as the corresponding verification calculation data;
[0010] The formula for generating the blinded computation data is as follows:
[0011]
[0012] Among them, α i (1≤i≤m) represents the m private key components corresponding to the private key of the message receiving device, where m=γ-n, γ is the total component length of the private key, and n is the component length of the detection private key; u i (1≤i≤m) represents the message flag bit of the message to be received returned by the cloud server; the right side represents the base and the expression after the exponentiation of multiple product exponents after blinding, g is the generator of the cyclic group to which each component of the private key belongs, and w i (1≤i≤m), x i (1≤i≤m), k3, h1, y1, and t1 are random numbers generated during the blinding process.
[0013] In one embodiment, the step of excluding false positive messages from the message set based on the blinding calculation result to obtain the true messages to be received includes:
[0014] Compare whether the blind calculation result and the verification bit corresponding to the message to be received are equal;
[0015] If they are not equal, the message to be received is a false positive; if they are equal, the message to be received is a genuine message to be received.
[0016] In one embodiment, the verification bit of the message to be received is calculated by the message sending device based on the public key of the message receiving device and then bound to the message to be received; the calculation formula for the verification bit F is as follows:
[0017] F = pk1 r1 pk2 r1 …pk m r1
[0018] Among them, pk i (1≤i≤m) represents the m public key components of the public key corresponding to the message receiving device, and r1 is the random number used by the message sending device to encrypt the message to be received.
[0019] In one embodiment, the method further includes: when it is determined that the verification calculation result is incorrect, regenerating blinded calculation data and verification calculation data corresponding to the message to be received and sending them to the cloud server for verifiable outsourced calculation.
[0020] An anonymous messaging method, applied to cloud servers, includes:
[0021] The device receives a detection private key sent by a message receiving device; wherein the detection private key includes at least one private key component corresponding to the private key of the message receiving device.
[0022] A message set is obtained by retrieving the messages to be received corresponding to the message receiving device based on the detection private key; the false positive rate of the message set is determined by the number of private key components in the detection private key;
[0023] The message set is returned to the message receiving device, which generates blinded calculation data and verification calculation data for each message to be received based on the private key.
[0024] Based on the blinded calculation data and the verification calculation data, calculations are performed to obtain the blinded calculation results and the verification calculation results.
[0025] The blinding calculation result and the verification calculation result are sent to the message receiving device. When the message receiving device determines that the verification calculation result is correct, the message receiving device excludes false positive messages from the message set based on the blinding calculation result and obtains the true messages to be received.
[0026] In one embodiment, the step of retrieving the message set corresponding to the message receiving device based on the detection private key includes:
[0027] Based on the detection private key, fuzzy message detection is performed on the encrypted message broadcast by the message sending device to obtain a message set consisting of messages to be received by the message receiving device; wherein, the encrypted message is obtained by the message sending device using the public key of the message receiving device.
[0028] An anonymous messaging system includes: a message sending device, a message receiving device, and a cloud server;
[0029] The message sending device broadcasts an encrypted message to be received to the cloud server;
[0030] The message receiving device sends a detection private key to the cloud server; wherein, the detection private key includes at least one private key component of the message receiving device's private key;
[0031] The cloud server retrieves the message set corresponding to the message receiving device from all the messages to be received based on the detection private key, and returns the message set to the message receiving device; the false positive rate of the message set is determined by the number of private key components.
[0032] The message receiving device generates blinded calculation data and verification calculation data for each message to be received based on the private key and sends them to the cloud server.
[0033] The cloud server performs calculations on the blinding calculation data and the verification calculation data to obtain the blinding calculation result and the verification calculation result, and returns them to the message receiving device.
[0034] When the message receiving device determines that the verification calculation result is correct, it excludes false positive messages from the message set based on the blinding calculation result, and obtains the true messages to be received.
[0035] The present invention also provides a message receiving device, the message receiving device including a processor and a memory, the memory storing a computer program, and the processor executing the computer program to implement the steps of the anonymous message passing method described above.
[0036] The present invention also provides a computer-readable storage medium having a computer program stored thereon, wherein the computer program, when executed by a processor, implements the steps of the anonymous message passing method described in any of the preceding claims.
[0037] The aforementioned anonymous message transmission method, system, message receiving device, and storage medium involve the message receiving device outsourcing the computational work of verifying the authenticity and false positives of each message in the message set to a third-party cloud server. The message receiving device then verifies and identifies the computational results of the cloud server and discards false positive messages that the cloud server cannot distinguish. This reduces its own communication overhead by outsourcing a large amount of computation. Attached Figure Description
[0038] Figure 1 This is a schematic diagram of the structure of an anonymous messaging system in one embodiment;
[0039] Figure 2 This is a flowchart illustrating an anonymous message passing method in one embodiment;
[0040] Figure 3 A graph showing the receiver's computation time under different total number of messages in a simulation experiment of one embodiment;
[0041] Figure 4 A graph showing the receiver's computation time under different false positive rates in a simulation experiment of one embodiment;
[0042] Figure 5 This is a graph showing the receiver's computation time under different message sizes and actual message numbers in a simulation experiment of one embodiment. Detailed Implementation
[0043] To make the objectives, technical solutions, and advantages of this invention clearer, the invention will be further described in detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative and not intended to limit the invention.
[0044] This application provides an anonymous message passing method, which is applied to a message receiving device. The method will be described below using a message receiving device as an example.
[0045] Specifically, the message receiving device sends a detection private key (DSK) to the cloud server. The cloud server then uses the DSK to retrieve the corresponding messages to be received, obtains the message set, and returns it. The DSK includes at least one private key component of the message receiving device's private key (sk), and the number of private key components determines the false positive rate of the message set. Next, the message receiving device generates blinded calculation data and verification calculation data for each message to be received based on the private key (sk) and sends them to the cloud server. The cloud server performs calculations on the blinded calculation data and verification calculation data to obtain the blinded calculation result and returns it. Finally, when the message receiving device determines that the verification calculation result is correct, it excludes false positive messages from the message set based on the blinded calculation result, obtaining the true messages to be received.
[0046] Therefore, the message receiving device in this application embodiment outsources the calculation of the true and false positives of each message in the verification message set to a third-party cloud server through an outsourced computing scheme. The message receiving device then verifies and identifies the calculation results of the cloud server and discards false positive messages that the cloud server cannot distinguish. In this way, it reduces its own communication overhead by outsourcing a large amount of computing.
[0047] like Figure 1 The diagram shows a schematic of an anonymous messaging system. The system includes a message sending device 101, a message receiving device 102, and a cloud server 103.
[0048] The message sending device 101 and message receiving device 102 communicate with the cloud server 103 to achieve information and data interaction. The message sending device 101 is the message sender S, representing the party sending the message. The message receiving device 102 is the message receiver R, representing the party receiving the message.
[0049] It should be understood that the roles of sender S and receiver R are for the same message, but for different messages, their roles may be any of them.
[0050] like Figure 2 The diagram shows a flowchart of an anonymous message passing method. The following section, in conjunction with... Figure 1 The anonymous messaging system shown Figure 2 The anonymous message passing method shown in this application embodiment is described, and includes steps S201 to S207.
[0051] S201, the message sending device 101 encrypts the message to be sent to the message receiving device 102, and broadcasts the encrypted message to be received to the cloud server 103.
[0052] In this process, message sending device 101 uses the public key published by message receiving device 102 to encrypt the message using an asymmetric encryption algorithm. (Public key pk) FMD The function expression is:
[0053] pk FMD =(pk1,……,pk γ )
[0054] Among them, pk1~pk γ This refers to all γ components in the public key of the receiver R.
[0055] In some embodiments, in order to ensure that no party other than the intended message receiving device 102 knows which public key is used to encrypt the message, that is, to prevent the message recipient from being disclosed, the message receiving device 102 uses the ElGamal public key encryption algorithm to generate a public key and a private key. Then, the message sending device 101 uses the public key generated by the message receiving device 102 to encrypt the message that needs to be encrypted to generate a flag ciphertext, which is the message to be received in this embodiment of the application, thereby achieving the purpose of anonymity for the recipient.
[0056] Additionally, message sending device 101 can submit unencrypted plaintext messages to the storage service provider (SSP) for storage and obtain an address tag returned by the SSP. This address tag is then encrypted and appended to the content broadcast to cloud server 103. The SSP comprises multiple storage nodes, each representing a storage location. Subsequently, after receiving the actual message, message receiving device 102 can decrypt the address tag to retrieve the corresponding plaintext message from the SSP.
[0057] S202, message receiving device 102 sends detection private key DSK to cloud server 103.
[0058] The detection private key DSK is used to instruct the cloud server 103 to perform message retrieval. This can be understood as the message receiving device 102 sending a retrieval request carrying the detection private key DSK to the cloud server 103. The detection private key DSK is generated by the message receiving device 102 based on its own private key. The function expression for the detection key DSK is:
[0059] (sk1,……,sk n → DSK
[0060] In the above formula, → represents the encryption process, sk1~sk n Let n be the n components out of all γ components in the private key sk of receiver R, i.e., 0 ≤ n ≤ γ, such that the detection key DSK is relative to the public key pk of receiver R. FMD The detection conditions are weakened to allow cloud server 103 to generate a message set containing both genuine messages to be received and false positives when performing message retrieval tasks based on the detection key DSK. In other words, the false positive rate of the messages in the message set is determined by the number of private key components included in the detection private key DSK. The expression for calculating the false positive rate is:
[0061] p=2 -n (0≤n≤γ)
[0062] In the above formula, p represents the false positive rate, n is the number of private key components in the detection key DSK, and γ is the number of components in the public and private keys of the receiver R, i.e., the total number of components in the receiver's key. In practical use, the number of components in the detection key DSK and the number of components in the public and private keys of the receiver R can be determined based on the total number of messages, the number of users, and the receiver's expected traffic.
[0063] By calculating the false positive rate p as described above, a trade-off between privacy and efficiency can be achieved. Since the false positive rate directly affects the number of false positive messages that the receiver R needs to retrieve, but cannot be chosen too low to avoid privacy breaches, selecting an appropriate false positive rate ensures both high efficiency and high privacy for the user in message detection.
[0064] In some embodiments, when the message receiving device 102 sends the detection private key DSK to the cloud server 103, it may also send the matching conditions for message retrieval. These matching conditions may include at least one constraint condition among message retrieval scope and retrieval time, thereby limiting the retrieval scope or retrieval time. Additionally, a timestamp and the signature of the recipient R may also be sent along with the detection private key DSK.
[0065] S203, the cloud server 103 retrieves the message set corresponding to the message receiving device 102 from the message set to be received based on the detection private key DSK, and returns the message set to the message receiving device 102.
[0066] Specifically, after receiving the detection private key DSK from the message receiving device 102, the cloud server 103 responds to the request and performs a message retrieval task. Based on the detection private key DSK, the cloud server 103 retrieves messages that may belong to the receiving device 102 from the messages to be received broadcast from each message sending device 101 to the cloud server 103, and forms a message set to return to the message receiving device 102.
[0067] Since the detection private key (DSK) only includes the private key component of the receiver's (R) private key, the message set may contain both genuine messages to be received and a certain number of false positive messages. The false positive rate is determined by the number of private key components included in the DSK.
[0068] In some embodiments, the cloud server 103 can use the fuzzy detection method FMD to retrieve and generate a message set consisting of real messages to be received and false positive messages to be received based on the detection private key DSK.
[0069] S204, the message receiving device 102 generates blinded calculation data and verification calculation data for each message to be received based on the private key and sends them to the cloud server 103.
[0070] S205, cloud server 103 performs calculations on blinding calculation data and verification calculation data to obtain blinding calculation results and verification calculation results, and returns them to message receiving device 102.
[0071] Specifically, after receiving the message set, the message receiving device 102 utilizes a cloud server for outsourced computation based on the concept of Verifiable Outsourcing. Verifiable Outsourcing refers to a mechanism that allows customers to verify the computational processes or data operations performed by a third-party service provider (Outsourcing Provider) during the outsourcing of computational tasks or data, ensuring that the provider's actions meet customer requirements and expectations. The core idea is to ensure the correctness and security of computational processes and data operations by constructing verification mechanisms. Through these mechanisms, customers can verify the computational processes and data operations performed by the service provider, thereby ensuring that the provider's actions meet customer requirements and expectations, and protecting data privacy and security.
[0072] Based on this, the message receiving device 102 generates corresponding blinded calculation data and verification calculation data for each message to be received in the message set based on its own private key and sends them to the cloud server 103.
[0073] The blinded computation data is computation data that has been blinded and outsourced to cloud server 103 for computation. The verification computation data is computation data that has been blinded and sent to cloud server 103 for computation to verify the accuracy of the outsourced computation. Since both the blinded and verification computation data already include the specific computation tasks and methods, cloud server 103 can directly perform computations upon receiving them. Therefore, cloud server 103 performs computations directly based on the received blinded and verification computation data, obtaining the blinded computation result and the verification computation result, respectively. Then, cloud server 103 returns the blinded computation result and the verification computation result to message receiving device 102.
[0074] In some embodiments, S204 generates blinded computation data and verification computation data for each message to be received based on the private key, including: generating blinded computation data using a blinding factor on the blinded private key and the message to be received, and taking the power of r of the blinded computation data as the corresponding verification computation data.
[0075] Specifically, data blinding can be achieved through blinding factor pairs, which are of the form (k, g) k (mod p). Where p is a large prime number, k is a random number within the range of p, and g is the generator of the cyclic group to which each component of the private key belongs. The purpose of generating the blind factor is to prevent g from being derived from k, p, and g. k The result modulo p. Currently, a lookup table method can be used, where a pair of random, independent blind factor pairs is calculated via a trusted server and then loaded into the memory of the message receiving device 102. Another method is for the message receiving device 102 to calculate the blind factor pairs using an algorithm; the most commonly used method is to generate the blind factor pairs using the EBPV generation algorithm.
[0076] The formula for generating blinded computational data is as follows:
[0077]
[0078] Among them, α i (1≤i≤m) represents the m private key components of the private key sk corresponding to the message receiving device 102, where m=γ-n, γ is the total component length of the private key, and n is the component length of the detected private key; u i (1≤i≤m) represents the message flag bit of the message to be received returned by cloud server 103; the right side represents the base and the expression after the exponentiation of multiple product exponents after blinding, g is the generator of the cyclic group to which each private key component belongs, and wi (1≤i≤m), x i (1≤i≤m), k3, h1, y1, and t1 are random numbers generated during the blinding process. The subscript of the random number k indicates the number of blinding factor pairs; 3 indicates that 3 blinding factor pairs were generated.
[0079] In this embodiment of the application, the verification data for outsourced computation is implemented using powers of r. That is, the specific verification value is the actual calculated value raised to the power of r, which means taking the power of r of the blinded computation data as the corresponding verification computation data. Taking the data before blinding as an example, the expression for the verification computation data is shown below:
[0080]
[0081] The left side shows the values that need to be calculated before blinding (calculated data before blinding), and the right side shows the values used for verification before blinding (verification calculation data before blinding). Therefore, the specific verification value is the actual calculated value raised to the power of r.
[0082] The values calculated on both sides of the above equation are modulo results. According to the properties of modulo operations, the outsourced calculation results on both sides are equal. This conclusion is used by the message receiving device to verify the correctness of the cloud server's calculation results. Furthermore, when the message receiving end verifies the cloud server's calculation result as correct using the verification calculation data, it can exclude false positive messages from the message set based on the blinded calculation result, thus obtaining the true messages to be received. Conversely, when the message receiving end verifies the cloud server's calculation result as incorrect using the verification calculation data, the message receiving end regenerates the blinded calculation data and verification calculation data for the message to be received and sends them to the cloud server to re-perform verifiable outsourced calculations for that message.
[0083] Therefore, since the calculation results in the outsourcing process are all modulo operations, the security of outsourced computation relies on the difficulty of retrieving the original data from the modulo, especially when the original data is broken down into several parts containing random numbers known only to the user. Thus, as long as the message receiving device 102 and the cloud server 103 correctly execute the protocol, the computation task can be outsourced correctly and securely.
[0084] In step S206, the message receiving device 102 determines whether the verification calculation result is correct. If the message receiving device 102 determines that the verification calculation result is correct, it proceeds to step S207. If the message receiving device 102 determines that the verification calculation result is incorrect, it returns to step S204.
[0085] S207, based on the blinding calculation results, exclude false positive messages to be received from the message set to obtain the true messages to be received.
[0086] Specifically, after verifying the correctness of the outsourced calculation by the cloud server 103, the message receiving device 102 can retrieve its own true message to be received from the message set through the blinded calculation result, thereby eliminating false positive messages to be received. The verification of the calculation result's correctness can be obtained by the message receiving device 102 itself; that is, if the result calculated by the message receiving device 102 equals the verification calculation result returned by the cloud server 103, it indicates correctness; otherwise, it indicates incorrectness.
[0087] In some embodiments, verifying the authenticity of a message to be received from the message set can be achieved by calculating the verification bit F by the message sending device 101. That is, S207 may include: the message receiving device 102 comparing whether the blinded calculation result corresponding to the message to be received and the verification bit are equal; if they are not equal, the message to be received is a false positive message to be received; if they are equal, the message to be received is an authentic message to be received.
[0088] The formula for calculating the verification bit F is as follows:
[0089] F = pk1 r1 pk2 r1 …pk m r1
[0090] pk i (1≤i≤m) represents the m public key components of the public key corresponding to the message receiving device 102, and r1 is the random number used by the message sending device 101 to encrypt the message to be received, with the relationship between g and the message flag bit u being g. r1 =u.
[0091] The equation for calculating the public and private keys of message receiving device 102 is pk = g ɑ Furthermore, F = pk1 can be transformed and combined through equation manipulation. r1 pk2 r1 …pk m r1 Transform into In other words, receiver R according to The process verifies whether the message to be received belongs to the sender, thus obtaining the actual message. The verification bit F is a value that the sender S needs to calculate when sending the message. It is calculated using the public key of the receiver R and then sent to cloud server 103 along with the message. When the receiver R receives a correct blinded calculation result from cloud server 103, it can simultaneously verify whether the message belongs to it using the verification bit F returned by cloud server 103.
[0092] Therefore, cloud server 103 is the executor of message retrieval and outsourced computing. When cloud server 103 receives a message retrieval request from message receiving device 102, it uses the detection private key DSK to decrypt the ciphertext of the flags in all received message information to find the messages that meet the conditions to be received. The relevant information of these messages is packaged into a message set, which includes real messages and false positive messages. However, since cloud server 103 uses the existing fuzzy message detection method FMD to perform detection transactions based on the detection key DSK, it cannot distinguish between real messages and false positive messages.
[0093] Furthermore, this application employs an outsourced computing scheme, outsourcing all the work of the receiver R in detecting and computing messages to an untrusted third party, namely a cloud server. The receiver R can then verify and identify false positive messages based on the computation results received from the third party, discarding those that the third party cannot distinguish. Thus, by outsourcing a significant portion of the receiver's computation, its own communication overhead is reduced.
[0094] Meanwhile, this application utilizes verifiable outsourced computing technology to ensure the correctness of calculations performed by cloud servers from untrusted third parties. Privacy and security are effectively guaranteed throughout the entire process of message encryption, detection, and verification without the need for a trusted third party. This technology can significantly reduce the cost of outsourced computing while resolving trust issues between clients and servers. Furthermore, it can improve the efficiency of the entire computing process, reduce the time required to complete tasks, thereby increasing the overall efficiency of the system and reducing maintenance costs.
[0095] In some embodiments, after verifying the ownership of the message to be received, if the plaintext message corresponding to the message to be received is stored in a storage service provider (SSP), the message receiving device 102 can decrypt the message from the SSP to obtain its own message. Based on this, the message receiving device 102 extracts the plaintext message corresponding to the message to be received, including the following steps 1 to 4.
[0096] Step 1: The message receiving device 102 extracts the encrypted address tag from the actual message to be received.
[0097] Step 2: The message receiving device 102 decrypts the address tag to obtain the original address tag.
[0098] Step 3: The message receiving device 102 obtains the encrypted message corresponding to the message to be received from the storage service provider SSP based on the original address tag.
[0099] Step 4: The message receiving device 102 uses its private key to decrypt the ciphertext message to obtain the original plaintext message.
[0100] The address tag is obtained by the message sending device 101 when sending the plaintext message to the storage service provider (SSP), and is also attached to the broadcast content when broadcasting the message to be encrypted to the cloud server 103. Furthermore, the message receiving device can obtain the data step by step and decrypt it to obtain the plaintext message based on this address tag.
[0101] In addition, in order to verify the anonymous message passing method provided in the embodiments of this application, the embodiments of this application adopted simulation experiments for verification. Specifically, benchmarking tools based on the Python language were used to evaluate the performance of message detection, and Python was used to simulate the interaction process of entities in an untrusted network.
[0102] like Figure 3 As shown, with a false positive rate of 3.125% and 5000 clients sending messages on the network, the anonymous messaging method provided in this application requires approximately 62 seconds to retrieve one email from the real recipient among 5000 emails. This is about 53% faster than directly using the FMD scheme to retrieve real messages. This is because when the number of false positive messages is large, the FMD scheme requires users to verify and process this large number of false positive messages, resulting in a higher computational overhead compared to outsourced computation schemes. Figure 4 It is shown that, with a fixed number of messages, the overhead required for detection by the method in this embodiment gradually increases with the increase of the false positive rate. Furthermore, Figure 5The impact of the actual number and size of messages on time latency can be evaluated. Using a more intuitive condition, such as when a receiver actually receives 5 messages, the time latency increases with the message size. Furthermore, the larger the message size, the more pronounced the advantage of the outsourced computation scheme becomes. For messages larger than 32KB, the time latency is significantly lower than the FMD scheme. With increasing message size, the FMD scheme's receiver computation time increases, while the outsourced computation scheme shows a relatively stable computation time across different message sizes, without rapid growth. When the actual number of messages received by the receiver is changed to 10, the proportion of real messages in the user's outsourced computation results increases, meaning the computational overhead during retrieval increases, and the total time latency increases. This shows that the receiver's computational overhead with the outsourced computation scheme is mainly related to the actual number of messages to be received. In the simulation experiments of this application, using the same residual settings as the existing fuzzy message detection method FMD, with a total message count of 1000, the time latency for detecting and calculating messages was tested under three false alarm rates. When the false positive rate is 3.125%, the processing time for a single message is 1.047 seconds. When the false positive rate is 0.781%, the processing time for a single message is 0.957 seconds. When the false positive rate is 0.098%, the processing time for a single message is 0.881 seconds. In the method of this application embodiment, the message detection task and the message calculation task are outsourced to a third-party cloud server, reducing the overhead of users retrieving and verifying messages. In summary, the method of this application embodiment can realize an anonymous message delivery method that outsources the message detection task and the message calculation task to a third-party cloud server, and has the advantages of low communication overhead, security and reliability, and high throughput.
[0103] It should be understood that, although Figure 2 The steps in the flowchart are shown sequentially as indicated by the arrows, but these steps are not necessarily executed in the order indicated by the arrows. Unless otherwise specified herein, there is no strict order in which these steps are executed, and they can be performed in other orders. Figure 2 At least some of the steps in the process may include multiple steps or multiple stages. These steps or stages are not necessarily completed at the same time, but may be executed at different times. The execution order of these steps or stages is not necessarily sequential, but may be executed in turn or alternately with other steps or at least some of the steps or stages in other steps.
[0104] In one embodiment, a message receiving device is provided, which may be a terminal or a server, including a processor, memory, and a network interface. The processor of the message receiving device provides computing and control capabilities. The memory of the message receiving device includes a non-volatile storage medium and internal memory. The non-volatile storage medium stores an operating system and computer programs. The internal memory provides an environment for the operation of the operating system and computer programs in the non-volatile storage medium. The database of the message receiving device is used to store data. The network interface of the message receiving device is used to communicate with external terminals via a network connection. When the computer program is executed by the processor, it implements a method for anonymous message transmission. Exemplarily, the computer program may be divided into one or more modules, one or more of which are stored in memory and executed by the processor to complete the present invention. The one or more modules may be a series of computer program instruction segments capable of performing specific functions, which describe the execution process of the computer program in a computer device. The processor can be a Central Processing Unit (CPU), or other general-purpose processors, digital signal processors (DSPs), application-specific integrated circuits (ASICs), field-programmable gate arrays (FPGAs), or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components, etc. A general-purpose processor can be a microprocessor or any conventional processor. The processor is the control center of the computer device, connecting various parts of the computer device via various interfaces and lines.
[0105] The memory can be used to store the computer programs and / or modules. The processor implements various functions of the message receiving device by running or executing the computer programs and / or modules stored in the memory and by calling data stored in the memory. The memory may mainly include a program storage area and a data storage area. The program storage area may store the operating system, applications required for at least one function, etc.; the data storage area may store data created based on the use of the mobile phone, etc. In addition, the memory may include high-speed random access memory, and may also include non-volatile memory, such as hard disk, memory, plug-in hard disk, smart media card (SMC), secure digital card (SD), flash card, at least one disk storage device, flash memory device, or other volatile solid-state storage device.
[0106] The technical features of the above embodiments can be combined in any way. For the sake of brevity, not all possible combinations of the technical features in the above embodiments are described. However, as long as there is no contradiction in the combination of these technical features, they should be considered to be within the scope of this specification.
[0107] The embodiments described above are merely illustrative of several implementation methods of this application, and while the descriptions are relatively specific and detailed, they should not be construed as limiting the scope of the invention patent. It should be noted that those skilled in the art can make various modifications and improvements without departing from the concept of this application, and these all fall within the protection scope of this application. Therefore, the protection scope of this patent application should be determined by the appended claims.
Claims
1. An anonymous message passing method, characterized in that, Applied to message receiving devices, including: A detection private key is sent to a cloud server, which then retrieves the corresponding message set based on the detection private key and returns it. The detection private key includes at least one private key component of the message receiving device's private key, and the number of private key components determines the false positive rate of the message set. Based on the private key, blinded computation data and verification computation data for each message to be received are generated and sent to the cloud server. The cloud server then performs calculations on the blinded computation data and verification computation data to obtain blinded computation results and returns them. The step of generating blinded computation data and verification computation data for each message to be received includes: using a blinding factor to blind the private key and the message to be received to generate blinded computation data, and taking the r-th power of the blinded computation data as the corresponding verification computation data. The formula for generating the blinded computation data is as follows: ; Among them, α i (1≤i≤m) represents the m private key components corresponding to the private key of the message receiving device, where m=γ-n, γ is the total length of the private key components, and n is the length of the detected private key component; u i (1≤i≤m) represents the message flag bit of the message to be received returned by the cloud server; the right side represents the base and the expression after the exponentiation of multiple product exponents after blinding, g is the generator of the cyclic group to which each component of the private key belongs, and w i (1≤i≤m), x i (1≤i≤m), k3, h1, y1, and t1 are random numbers generated during the blinding process; When the verification calculation result is determined to be correct, false positive messages to be received are excluded from the message set based on the blinding calculation result to obtain the true messages to be received. This includes: comparing whether the blinding calculation result and the verification bit corresponding to the message to be received are equal; if they are not equal, the message to be received is a false positive message to be received; if they are equal, the message to be received is a true message to be received; the verification bit of the message to be received is calculated by the message sending device based on the public key of the message receiving device and then bound to the message to be received; the calculation formula for the verification bit F is as follows: F=pk1 r1 pk2 r1 ...pk m r1 Among them, pk i (1≤i≤m) represents the m public key components of the public key corresponding to the message receiving device, and r1 is the random number used by the message sending device to encrypt the message to be received.
2. The method according to claim 1, characterized in that, The method further includes: when it is determined that the verification calculation result is incorrect, regenerating blinded calculation data and verification calculation data corresponding to the message to be received and sending them to the cloud server for verifiable outsourced calculation.
3. An anonymous message passing method, characterized in that, The cloud server applied to any one of claims 1-2 includes: The device receives a detection private key sent by a message receiving device; wherein the detection private key includes at least one private key component corresponding to the private key of the message receiving device. A message set is obtained by retrieving the messages to be received corresponding to the message receiving device based on the detection private key; the false positive rate of the message set is determined by the number of private key components in the detection private key; The message set is returned to the message receiving device, which generates blinded calculation data and verification calculation data for each message to be received based on the private key. Based on the blinded calculation data and the verification calculation data, calculations are performed to obtain the blinded calculation results and the verification calculation results. The blinding calculation result and the verification calculation result are sent to the message receiving device. When the message receiving device determines that the verification calculation result is correct, the message receiving device excludes false positive messages from the message set based on the blinding calculation result and obtains the true messages to be received.
4. The method according to claim 3, characterized in that, The step of retrieving the message set corresponding to the message receiving device based on the detection private key includes: Based on the detection private key, fuzzy message detection is performed on the messages to be received broadcast by the message sending device to obtain a message set consisting of messages to be received corresponding to the message receiving device; wherein, the messages to be received are obtained by the message sending device using the public key of the message receiving device.
5. An anonymous messaging system, characterized in that, include: Used to implement the message sending device, message receiving device, and cloud server corresponding to any of the methods in claims 1-2 and claims 3-4; The message sending device broadcasts an encrypted message to be received to the cloud server; The message receiving device sends a detection private key to the cloud server; wherein, the detection private key includes at least one private key component of the message receiving device's private key; The cloud server retrieves the message set corresponding to the message receiving device from all the messages to be received based on the detection private key, and returns the message set to the message receiving device; the false positive rate of the message set is determined by the number of private key components. The message receiving device generates blinded calculation data and verification calculation data for each message to be received based on the private key and sends them to the cloud server. The cloud server performs calculations on the blinding calculation data and the verification calculation data to obtain the blinding calculation result and the verification calculation result, and returns them to the message receiving device. When the message receiving device determines that the verification calculation result is correct, it excludes false positive messages from the message set based on the blinding calculation result, and obtains the true messages to be received.
6. A message receiving device, comprising a processor and a memory, wherein the memory stores a computer program, characterized in that, The processor is used to implement the anonymous message passing method according to any one of claims 1-2 when executing the computer program.
7. A computer-readable storage medium having a computer program stored thereon, characterized in that, When the computer program is executed by a processor, it implements the anonymous message passing method according to any one of claims 1-2.