A decentralized multi-authority searchable ciphertext-policy attribute-based encryption method
By constructing a decentralized, multi-authority searchable ciphertext policy attribute-based encryption method, it supports data retrieval and attribute revocation in ciphertext, solving the problems of poor user search experience and untimely permission management in existing technologies, and achieving efficient data sharing and security management.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Patents(China)
- Current Assignee / Owner
- XIDIAN UNIV
- Filing Date
- 2024-07-31
- Publication Date
- 2026-06-19
AI Technical Summary
The existing decentralized multi-authority CP-ABE solution does not support data retrieval in encrypted text, especially multi-keyword retrieval, and does not support attribute revocation, resulting in a poor user search experience and untimely permission management.
A decentralized, multi-authority searchable ciphertext policy attribute-based encryption method is constructed to support data retrieval in ciphertext, especially multi-keyword retrieval, and to realize attribute revocation when user permissions change. Single-keyword and multi-keyword retrieval functions and attribute revocation functions are constructed by defining the interaction process of four entities and basic algorithms.
It enables efficient data retrieval in encrypted text, improves the user search experience, reduces communication overhead, and supports timely revocation of user permissions, thereby improving the stability and security of the system.
Smart Images

Figure CN118827035B_ABST
Abstract
Description
Technical Field
[0001] This invention belongs to the field of data encryption technology, specifically relating to a decentralized multi-authority searchable ciphertext policy attribute-based encryption (CP-ABSE) method, which is applicable to medical databases with strict privacy requirements and can simply and efficiently perform attribute-based encryption on data such as electronic medical records (EMR). Background Technology
[0002] With the development of cloud services, smart wearable devices, and the Internet of Things (IoT), EMR (Electronic Medical Records), composed of patients' historical disease data and big data collected through medical diagnostic equipment and smart wearable devices, has gained infrastructure support for practical applications. Cloud services can provide EMR with low-cost, high-performance computing power and massive storage resources, facilitating resource allocation and task management for medical institutions and individuals in the cloud. However, traditional cloud services store EMR in plaintext, which poses a risk of user privacy leakage. Therefore, in a cloud service environment, information must be encrypted before being exposed. However, encryption destroys the original semantic information, making it impossible to use EMR data conveniently and efficiently, such as for keyword search and statistics. To effectively utilize encrypted data, many ABSE (Searchable Attribute-Based Encryption) schemes with fine-grained access control and keyword retrieval capabilities have been proposed. In the single-authority CP-ABSE (Searchable Ciphertext Policy Attribute-Based Encryption) scheme, only a single authorizing authority distributes attributes and keys to users. However, in practical applications, users need to interact with different authorizing authorities. For example, suppose a patient wants to transfer to a hospital with better resources. He will be dealing with two different authorized agencies (i.e., hospitals). If the doctors at the new hospital can access the patient's EMR information from the other hospitals, they can avoid some redundant tests and learn more about the patient's health.
[0003] The CP-ABSE (Multi-Authorization Agency) scheme alleviates this problem, allowing multiple authorization agencies to authorize their respective attributes to users. For example... Figure 1 In the illustrated EMR sharing scenario, multiple hospitals (i.e., Attribute Authorities, AAs) provide EMR services. Patients (i.e., users) can encrypt their medical records using a public key and upload them to a cloud server. When a patient needs to transfer to another hospital for better medical resources, the EMR can be securely shared. As long as the access policy defined in the ciphertext is followed, medical experts from different hospitals (i.e., data users) can search and access the encrypted medical record information stored on the cloud server, thereby enabling joint diagnosis of the patient. Clearly, as... Figure 2 The single-authorization agency solution shown in (a) cannot handle this scenario.
[0004] However, as Figure 2The CP-ABSE scheme with multiple authorizing authorities shown in (b) has a drawback: the generation of initial parameters and user certificate verification rely on a central server. However, in practical applications, the performance and failure of the central server can lead to the collapse of the entire system. Some research has introduced decentralized blockchains to replace the central server; however, this only improves robustness and computational performance, and the blockchain as a whole can still be considered a central server. In a true decentralized multiple authorizing authority scheme, each authorizing authority does not need to interact with a third party. As a supplement to the aforementioned CP-ABSE scheme, the DMA-CP-ABE (Decentralized Multiple Authorizing Authority Attribute-Based Encryption) scheme has been proposed. [1]-[5] It supports any authorized institution independently distributing keys and authentication certificates to users, eliminating the need for a central server to provide global authentication of identity IDs and other information for other authorized institutions. While existing technologies have solved some problems, challenges remain in practical applications. For example, providing attribute revocation, single-keyword search, and multi-keyword search functions is crucial. Specifically:
[0005] (1) Data retrieval in encrypted text is not supported, including multi-keyword retrieval. The expressive multi-keyword search function can avoid sequential searching for each keyword and the occurrence of irrelevant results, thereby reducing communication overhead and improving the user search experience.
[0006] (2) When a user’s permissions expire or access permissions change, the access control system should have the function of revoking attributes in a timely manner. The above scheme does not support attribute revocation.
[0007] References
[0008] [1]LEWKO A, WATERS B. Decentralizing attribute-based encryption[C] / / Annual international conference on the theory and applications ofcryptographic techniques. Springer, 2011: 568-588.
[0009] [2]SANDOR VKA, LIN Y, LI X, et al. Efficient decentralized multi-authority attribute based encryption for mobile cloud data storage[J]. Journal of Network and Computer Applications, 2019, 129: 25-36.
[0010] [3]DATTA P, KOMARGODSKI I, WATERS B. Decentralized multi-authorityabe for dnf s from lwe [C] / / Annual international conference on the theory and applications of cryptographic techniques. Springer, 2021: 177-209.
[0011] [4]DATTA P, KOMARGODSKI I, WATERS B. Decentralized multi-authorityabe for nc 1 from bdh [J]. Journal of Cryptology, 2023, 36(2): 1432-1378.
[0012] [5]DATTA P, KOMARGODSKI I, WATERS B. Fully adaptive decentralizedmulti-authority abe[C] / / Annual International Conference on the Theory andApplications of Cryptographic Techniques. Springer, 2023: 447-478. Summary of the Invention
[0013] The purpose of this invention is to address the problems in the prior art by providing a decentralized, multi-authority searchable ciphertext policy attribute-based encryption method that supports data retrieval within the ciphertext, improves retrieval efficiency, enhances the user search experience, and supports attribute revocation to address user permission expiration or changes in access permissions.
[0014] To achieve the above objectives, the present invention provides the following technical solution:
[0015] Firstly, a decentralized, multi-authority searchable ciphertext policy attribute-based encryption method is provided, including:
[0016] Define four distinct entities, including the data owner (DO), the user (DU), the cloud server (CS), and one or more authorizing agencies (AA), and establish a decentralized multi-authorizing agency attribute-based encrypted DMA-CP-ABE system model.
[0017] The basic algorithm is defined based on the actual interaction process between the entities.
[0018] By using basic algorithms, single-keyword retrieval and multi-keyword retrieval functions are constructed to enable data retrieval in encrypted text.
[0019] A basic algorithm is used to construct an attribute revocation function to revoke attributes when a user's permissions expire or access permissions change.
[0020] Preferably, in the decentralized multi-authority attribute-based encryption DMA-CP-ABE system model:
[0021] A cloud server (CS) is a semi-honest entity; it honestly performs the tasks assigned to it.
[0022] User DU is also a semi-honest entity that attempted to access unauthorized data through a collusive attack;
[0023] The data owner (DO) and the authorizing agency (AA) are fully trustworthy entities that honestly perform their duties.
[0024] Preferably, in the decentralized multi-authority attribute-based encryption DMA-CP-ABE system model:
[0025] The Data Owner (DO) is the owner of the data stored in the cloud server (CS). The Data Owner (DO) is responsible for defining access policies, controlling the access permissions of the user (DU), and encrypting, uploading, and managing the data. When encrypting the data, the Data Owner (DO) generates the corresponding index and defines specific access policies. In addition, the Data Owner (DO) determines which attribute should be revoked when attribute revocation is implemented.
[0026] User DU is an entity that retrieves and decrypts data by generating trapdoors and keys;
[0027] The cloud server CS supports a variety of services, including data search, computing and storage. Whenever a user DU initiates a search query through a trapdoor, if the access policy matches the user DU's attributes and the trapdoor's keyword is the same as the ciphertext's keyword, the cloud server CS will return the search results.
[0028] The authorizing body AA is responsible for generating the public parameters and keys in the system.
[0029] As a preferred approach, the basic algorithms defined based on the actual interaction process between the entities include GlobalSetup, AuthoritySetup, Encrypt, KeyGen, TrapdoorGen, and Search.
[0030] As a preferred approach, the steps for constructing a single-keyword retrieval function using a basic algorithm include:
[0031] The algorithm input is a security parameter. Shared LSSS access policy with linear secrets medium matrix Maximum number of columns The algorithm outputs global parameters. ,in, , It is a prime number of order. cyclic group yes generator, From the group Join the group Bilinear mapping function, , It is a hash function. It is a global identifier that satisfies the following conditions: and , It refers to the number of authorized institutions;
[0032] The algorithm input is the authorizing agency index. and global parameters The output is the public and private keys generated by the authorized agency AA. The generated public and private keys are as follows:
[0033]
[0034] In the formula, All are randomly selected sequences of positive integers, with a size of . Each element in the sequence belongs to a ring. The subscript u indicates that the sequence corresponds to the u-th authorized agency; , It is a prime number, a set Modulus of integer The remaining class ring;
[0035] The algorithm's input is global parameters. Plain text Keywords Access policies and authorized agency public keys The algorithm first randomly generates a set. , sum vector ,in, , It is a set of randomly generated positive integers, and each element in the set belongs to a ring. The sizes of the sets are respectively and , It is a size of A vector, where each element of the vector belongs to the ring. ;
[0036] The ciphertext output by the algorithm is as follows: ,in, , Represents the set {0,1,..., -1}, , , , , Enc is a symmetric encryption function; It refers to the number of authorized institutions. The number of rows is The matrix, the number of columns is the GlobalSetUp input parameter. , Representative matrix The OK, This represents the element in the i-th row and j-th column of M; It is a mapping function that maps each row of the matrix to an attribute. It means The i-th row represents the attribute, i.e., the index of the organization;
[0037] The algorithm input is a user-defined global identifier. Authorized Authority Public Key and global parameters The algorithm output is the user key. In the formula, ;
[0038] The algorithm input is global parameters. Keywords and user key account Output the generated trapdoor: ,in , , ,in, It is a randomly selected positive integer;
[0039] This represents the cumulative multiplication operator, which multiplies the values of the expression following the symbol. It is a concatenation operator that combines the values on both sides of the symbol. Represents g Powers, and other parameters with the same expression form have the same meaning. This represents the division operator, which divides the value before the sign by the value after the sign.
[0040] The algorithm input is global parameters. ciphertext User key and trapdoor The algorithm output is ciphertext. If the user If the attributes satisfy the access policy, the cloud server CS will perform the following operations to find the ciphertext containing the keyword in the trapdoor:
[0041]
[0042] in, Cloud server CS check inequality Is it true? If true, return 0. Otherwise, return empty, i.e. .
[0043] Preferably, the linear secret sharing LSSS access policy In this system, each authorized agency (AA) manages one attribute, and the number of authorized agencies is [number missing]. There are a total of One attribute, The number of rows is The number of columns in the matrix is determined during the initialization phase. Input parameters .
[0044] Preferably, the steps for constructing a multi-keyword retrieval function using the basic algorithm, in addition to including the same global initialization settings (GlobalSetup), authorization configuration (AuthoritySetup), and key generation (KeyGen) as those for constructing a single-keyword retrieval function, also include:
[0045] The algorithm's input is global parameters. Plain text Keyword set Access policies and authorized agency public keys ,in, It represents the number of plaintexts; the algorithm's output is the ciphertext. First, generate randomly: , and The output ciphertext is as follows:
[0046]
[0047] in, , , , , , , It is a symmetric encryption function. ;
[0048] The algorithm's input is global parameters. User key account and keyword set The algorithm's output is a trapdoor. First, select randomly. The output trapdoor is ,in:
[0049]
[0050] ,
[0051] In the formula, The accumulator symbol indicates that the value of the expression following the symbol is accumulated.
[0052] The algorithm's input is global parameters. ciphertext User key and trapdoor The algorithm's output is the matched ciphertext. If the user If the attributes satisfy the access policy, the cloud server CS will perform the following operations to find the ciphertext containing the keyword in the trapdoor:
[0053]
[0054] in, Cloud server CS check inequality Is it true? If true, return 0. Otherwise, return empty, i.e. .
[0055] As a preferred approach, the steps for constructing an attribute cancellation function using a basic algorithm include:
[0056] When an attribute is revoked, the data owner (DO) will have the attribute value revoked. and user global identifier Send to the appropriate authorized agency ,receive( , After that, the corresponding authorized agency The Update_KeyGen algorithm is executed to generate an update key parameter. Then, the corresponding authorizing agency Update the corresponding user keys and send them to the data owner (DO); simultaneously, the relevant authorizing authority... Update the corresponding key parameters Send to cloud server CS; receive updated key parameters Afterwards, the cloud server CS uses the updated key parameters. The data is re-encrypted; among which, ;
[0057] The data owner (DO) received the revoked attribute. Subsequently, the relevant authorized agencies Random selection Then generate and update key parameters. , broken down as ,in , From A randomly selected positive integer; the corresponding authorizing body. Update key parameters Distribute to users and cloud servers This allows for updating the key and re-encrypting the data.
[0058] The corresponding authorized agency Use update parameters Update user DU's key component And generate an updated key. ,in:
[0059]
[0060] The corresponding authorized agencies Send the updated key to user DU ;
[0061] From the relevant authorized agency Received parameters Afterwards, the cloud server CS re-encrypted all attributes. The relevant ciphertext, therefore, cannot be decrypted by the key associated with the revoked attribute; cloud server CS uses Generate new ciphertext: ,in:
[0062] .
[0063] Secondly, a decentralized, multi-authority searchable ciphertext policy attribute-based encryption system is provided, including:
[0064] The system model building module is used to define four different entities, including the data owner DO, the user DU, the cloud server CS, and one or more authorized agencies AA, to build a decentralized multi-authority agency attribute-based encrypted DMA-CP-ABE system model;
[0065] The basic algorithm definition module is used to define basic algorithms based on the actual interaction process between entities.
[0066] The data retrieval module is used to construct single-keyword retrieval and multi-keyword retrieval functions using basic algorithms to enable data retrieval in encrypted text.
[0067] The attribute revocation module is used to construct an attribute revocation function using basic algorithms, which revokes attributes when a user's permissions expire or access permissions change.
[0068] Thirdly, a computer-readable storage medium is provided, the computer-readable storage medium storing at least one instruction, which, when executed by a processor, implements the decentralized multi-authority searchable ciphertext policy attribute-based encryption method as described in the first aspect.
[0069] Compared with the prior art, the present invention has at least the following beneficial effects:
[0070] The decentralized multi-authority searchable ciphertext policy attribute-based encryption method proposed in this invention supports decentralized multi-authority systems. In practical applications, users need to obtain authorization from multiple institutions to enable data sharing among them. Furthermore, it supports data retrieval within the ciphertext, avoiding decryption and resulting in more accurate searches. The powerful multi-keyword search function avoids sequential searches of each keyword and the generation of irrelevant results, thus reducing communication overhead and improving the user search experience. Simultaneously, it supports attribute revocation, allowing users to promptly revoke attributes when their permissions expire or access permissions change. Attached Figure Description
[0071] To more clearly illustrate the technical solutions in the embodiments of this application, the drawings used in the description of the embodiments or the prior art will be briefly introduced below. Obviously, the drawings described below are only some embodiments of this application. For those skilled in the art, other drawings can be obtained based on these drawings without creative effort.
[0072] Figure 1 A schematic diagram of EMR sharing in existing electronic medical cloud technologies;
[0073] Figure 2 Flowchart illustrating the differences between the decentralized multi-authority CP-ABSE method of this invention and existing methods:
[0074] (a) Schematic diagram of key distribution for a single authorizing authority; (b) Schematic diagram of key distribution for multiple authorizing authorities;
[0075] (c) Schematic diagram of key distribution for the decentralized multi-authority CP-ABSE method according to an embodiment of the present invention;
[0076] Figure 3 A model diagram of a decentralized multi-authority attribute-based encryption DMA-CP-ABE system established in this embodiment of the invention;
[0077] Figure 4 The present invention provides a schematic diagram illustrating the basic algorithm defined based on the actual interaction process between entities. Detailed Implementation
[0078] In the following description, specific details such as particular system architectures and techniques are set forth for illustrative purposes and not for limitation, in order to provide a thorough understanding of the embodiments of this application. However, those skilled in the art will understand that this application may also be implemented in other embodiments without these specific details. In other instances, detailed descriptions of well-known systems, apparatuses, circuits, and methods have been omitted so as not to obscure the description of this application with unnecessary detail.
[0079] Please see Figure 2 (c) and Figure 3 This invention proposes a decentralized, multi-authority searchable ciphertext policy attribute-based encryption method, which specifically includes the following steps:
[0080] Define four distinct entities, including the data owner (DO), the user (DU), the cloud server (CS), and one or more authorizing agencies (AA), and establish a decentralized multi-authorizing agency attribute-based encrypted DMA-CP-ABE system model.
[0081] The basic algorithm is defined based on the actual interaction process between the entities.
[0082] By using basic algorithms, single-keyword retrieval and multi-keyword retrieval functions are constructed to enable data retrieval in encrypted text.
[0083] A basic algorithm is used to construct an attribute revocation function to revoke attributes when a user's permissions expire or access permissions change.
[0084] In the decentralized multi-authority attribute-based encryption DMA-CP-ABE system model described in this embodiment of the invention:
[0085] A cloud server (CS) is a semi-honest entity; it honestly performs the tasks assigned to it.
[0086] User DU is also a semi-honest entity that attempted to access unauthorized data through a collusive attack;
[0087] The data owner (DO) and the authorizing agency (AA) are fully trustworthy entities that honestly perform their duties.
[0088] Furthermore, the functions of the four different entities are as follows:
[0089] 1) Data Owner: The data owner (DO) is the owner of the data stored in the cloud server (CS). The data owner (DO) is responsible for defining access policies, controlling the access permissions of the user (DU), and encrypting, uploading, and managing the data. When encrypting the data, the data owner (DO) generates the corresponding index and defines specific access policies. In addition, the data owner (DO) determines which attribute should be revoked when implementing attribute revocation.
[0090] 2) User: User DU is an entity that retrieves and decrypts data by generating trapdoors and keys;
[0091] 3) Cloud Server: The cloud server CS supports a variety of services, including data search, computing and storage. Whenever user DU initiates a search query through the trapdoor, if the access policy matches the attributes of user DU and the key of the trapdoor is the same as the key of the ciphertext, the cloud server CS will return the search results.
[0092] 4) Authorizing Authority: Authorizing Authority AA is responsible for generating public parameters and keys in the system.
[0093] The basic algorithms defined based on the actual interaction process between entities include GlobalSetup, AuthoritySetup, Encrypt, KeyGen, TrapdoorGen, and Search.
[0094] Please see Figure 4 The single-keyword retrieval function constructed using basic algorithms includes:
[0095] The algorithm input is a security parameter. Shared LSSS access policy with linear secrets medium matrix Maximum number of columns The algorithm outputs global parameters. ,in, , It is a prime number of order. cyclic group yes generator, From the group Join the group Bilinear mapping function, , It is a hash function. It is a global identifier that satisfies the following conditions: and , It refers to the number of authorized institutions;
[0096] The algorithm input is the authorizing agency index. and global parameters The output is the public and private keys generated by the authorized agency AA. The generated public and private keys are as follows:
[0097]
[0098] In the formula, All are randomly selected sequences of positive integers, with a size of . Each element in the sequence belongs to a ring. The subscript u indicates that the sequence corresponds to the u-th authorized agency; , It is a prime number, a set Modulus of integer The remaining class ring;
[0099] The algorithm's input is global parameters. Plain text Keywords Access policies and authorized agency public keys The algorithm first randomly generates a set. , sum vector ,in, , It is a set of randomly generated positive integers, and each element in the set belongs to a ring. The sizes of the sets are respectively and , It is a size of A vector, where each element of the vector belongs to the ring. ;
[0100] The ciphertext output by the algorithm is as follows: ,in, , Represents the set {0,1,..., -1}, , , , , Enc is a symmetric encryption function; It refers to the number of authorized institutions. The number of rows is The matrix, the number of columns is the GlobalSetUp input parameter. , Representative matrix The OK, This represents the element in the i-th row and j-th column of M; It is a mapping function that maps each row of the matrix to an attribute. It means The i-th row represents the attribute, i.e., the index of the organization;
[0101] The algorithm input is a user-defined global identifier. Authorized Authority Public Key and global parameters The algorithm output is the user key. In the formula, ;
[0102] The algorithm input is global parameters. Keywords and user key account Output the generated trapdoor: ,in , , ,in, It is a randomly selected positive integer;
[0103] This represents the cumulative multiplication operator, which multiplies the values of the expression following the symbol. It is a concatenation operator that combines the values on both sides of the symbol. Represents g Powers, and other parameters with the same expression form have the same meaning. This represents the division operator, which divides the value before the sign by the value after the sign.
[0104] The algorithm input is global parameters. ciphertext User key and trapdoor The algorithm output is ciphertext. If the user If the attributes satisfy the access policy, the cloud server CS will perform the following operations to find the ciphertext containing the keyword in the trapdoor:
[0105]
[0106] in, Cloud server CS check inequality Is it true? If true, return 0. Otherwise, return empty, i.e. .
[0107] The Linear Secret Shared LSSS Access Policy In this system, each authorized agency (AA) manages one attribute, and the number of authorized agencies is [number missing]. There are a total of One attribute, The number of rows is The number of columns in the matrix is determined during the initialization phase. Input parameters .
[0108] The steps for constructing a multi-keyword retrieval function using the basic algorithm include the same global initialization settings (GlobalSetup), authorization configuration (AuthoritySetup), and key generation (KeyGen) as those for constructing a single-keyword retrieval function. The differences are as follows:
[0109] The algorithm's input is global parameters. Plain text Keyword set Access policies and authorized agency public keys ,in, It represents the number of plaintexts; the algorithm's output is the ciphertext. First, generate randomly: , and The output ciphertext is as follows:
[0110]
[0111] in, , , , , , , It is a symmetric encryption function. ;
[0112] The algorithm's input is global parameters. User key account and keyword set The algorithm's output is a trapdoor. First, select randomly. The output trapdoor is ,in:
[0113]
[0114] ,
[0115] In the formula, The accumulator symbol indicates that the value of the expression following the symbol is accumulated.
[0116] The algorithm's input is global parameters. ciphertext User key and trapdoor The algorithm's output is the matched ciphertext. If the user If the attributes satisfy the access policy, the cloud server CS will perform the following operations to find the ciphertext containing the keyword in the trapdoor:
[0117]
[0118] in, Cloud server CS check inequality Is it true? If true, return 0. Otherwise, return empty, i.e. .
[0119] Constructing attribute undo functionality using basic algorithms includes:
[0120] When an attribute is revoked, the data owner (DO) will have the attribute value revoked. and user global identifier Send to the appropriate authorized agency ,receive( , After that, the corresponding authorized agency The Update_KeyGen algorithm is executed to generate an update key parameter. Then, the corresponding authorizing agency Update the corresponding user keys and send them to the data owner (DO); simultaneously, the relevant authorizing authority... Update the corresponding key parameters Send to cloud server CS; receive updated key parameters Afterwards, the cloud server CS uses the updated key parameters. The data is re-encrypted; among which, ;
[0121] The data owner (DO) received the revoked attribute. Subsequently, the relevant authorized agencies Random selection Then generate and update key parameters. , broken down as ,in , From A randomly selected positive integer; the corresponding authorizing body. Update key parameters Distribute to users and cloud servers This allows for updating the key and re-encrypting the data.
[0122] The corresponding authorized agency Use update parameters Update user DU's key component And generate an updated key. ,in:
[0123]
[0124] The corresponding authorized agencies Send the updated key to user DU ;
[0125] From the relevant authorized agency Received parameters Afterwards, the cloud server CS re-encrypted all attributes. The relevant ciphertext, therefore, cannot be decrypted by the key associated with the revoked attribute; cloud server CS uses Generate new ciphertext: ,in:
[0126] .
[0127] Compared to existing decentralized multi-authority CP-ABE solutions, this invention supports data retrieval within encrypted text: searching for keywords directly within the encrypted text without decryption improves retrieval efficiency and enhances user experience. In particular, the multi-keyword retrieval function further improves the user search experience while reducing communication overhead. It also supports attribute revocation: when a user's permissions expire or access permissions change, the access control system should promptly revoke the user's ability to access data related to that attribute.
[0128] Another embodiment of the present invention also proposes a decentralized, multi-authority searchable ciphertext policy attribute-based encryption system, comprising:
[0129] The system model building module is used to define four different entities, including the data owner DO, the user DU, the cloud server CS, and one or more authorized agencies AA, to build a decentralized multi-authority agency attribute-based encrypted DMA-CP-ABE system model;
[0130] The basic algorithm definition module is used to define basic algorithms based on the actual interaction process between entities.
[0131] The data retrieval module is used to construct single-keyword retrieval and multi-keyword retrieval functions using basic algorithms to enable data retrieval in encrypted text.
[0132] The attribute revocation module is used to construct an attribute revocation function using basic algorithms, which revokes attributes when a user's permissions expire or access permissions change.
[0133] Another embodiment of the present invention provides a computer-readable storage medium storing at least one instruction that, when executed by a processor, implements the decentralized multi-authority searchable ciphertext policy attribute-based encryption method described in this embodiment of the invention.
[0134] The computer program includes computer program code, which can be in the form of source code, object code, executable file, or some intermediate form. The computer-readable storage medium can include any entity or device capable of carrying the computer program code, a medium, a USB flash drive, a portable hard drive, a magnetic disk, an optical disk, a computer memory, a read-only memory, a random access memory, an electrical carrier signal, a telecommunication signal, and a software distribution medium, etc. It should be noted that the content included in the computer-readable medium can be appropriately added or removed according to the requirements of legislation and patent practice in the jurisdiction. For example, in some jurisdictions, according to legislation and patent practice, the computer-readable medium does not include electrical carrier signals and telecommunication signals. For ease of explanation, the above content only shows the parts related to the embodiments of the present invention; for specific technical details not disclosed, please refer to the method section of the embodiments of the present invention. This computer-readable storage medium is non-transitory and can be stored in storage devices formed by various electronic devices, enabling the execution process described in the method of the embodiments of the present invention.
[0135] Those skilled in the art will understand that embodiments of the present invention can be provided as methods, systems, or computer program products. Therefore, the present invention can take the form of a completely hardware embodiment, a completely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present invention can take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) containing computer-usable program code.
[0136] This invention is described with reference to flowchart illustrations and / or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It should be understood that each block of the flowchart illustrations and / or block diagrams, and combinations of blocks in the flowchart illustrations and / or block diagrams, can be implemented by computer program instructions. These computer program instructions can be provided to a processor of a general-purpose computer, special-purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, generate instructions for implementing the flowchart illustrations and / or block diagrams. Figure 1 One or more processes and / or boxes Figure 1 A device that provides the functions specified in one or more boxes.
[0137] These computer program instructions may also be stored in a computer-readable storage medium that can direct a computer or other programmable data processing device to function in a particular manner, such that the instructions stored in the computer-readable storage medium produce an article of manufacture including instruction means, which are implemented in a process Figure 1 One or more processes and / or boxes Figure 1 The function specified in one or more boxes.
[0138] These computer program instructions may also be loaded onto a computer or other programmable data processing equipment to cause a series of operational steps to be performed on the computer or other programmable equipment to produce a computer-implemented process, thereby providing instructions that execute on the computer or other programmable equipment for implementing the process. Figure 1 One or more processes and / or boxes Figure 1 The steps of the function specified in one or more boxes.
[0139] Finally, it should be noted that the above embodiments are only used to illustrate the technical solutions of the present invention and not to limit it. Although the present invention has been described in detail with reference to the above embodiments, those skilled in the art should understand that modifications or equivalent substitutions can still be made to the specific implementation of the present invention. Any modifications or equivalent substitutions that do not depart from the spirit and scope of the present invention should be covered within the scope of protection of the claims of the present invention.
Claims
1. A decentralized, multi-authority searchable ciphertext policy attribute-based encryption method, characterized in that, include: Define four distinct entities, including the data owner (DO), user (DU), cloud server (CS), and one or more authorizing agencies (AA), and establish a decentralized multi-authorizing agency attribute-based encrypted DMA-CP-ABE system model. The basic algorithm is defined based on the actual interaction process between the entities. By using basic algorithms, single-keyword retrieval and multi-keyword retrieval functions are constructed to enable data retrieval in encrypted text. A basic algorithm is used to construct an attribute revocation function to revoke attributes when a user's permissions expire or access permissions change. The basic algorithms defined based on the actual interaction process between entities include GlobalSetup, AuthoritySetup, Encrypt, KeyGen, TrapdoorGen, and Search. The steps for constructing a single-keyword retrieval function using basic algorithms include: The algorithm input is a security parameter. Shared LSSS access policy with linear secrets medium matrix Maximum number of columns The algorithm outputs global parameters. ,in, , It is a prime number of order. cyclic group yes generator, From the group Join the group Bilinear mapping function, , It is a hash function. It is a global identifier that satisfies the following conditions: and , It refers to the number of authorized institutions; : Algorithm input is the authority index and global parameters , output is the public and private keys generated by the authority AA, the generated public and private keys are as follows: In the formula, All are randomly selected sequences of positive integers, with a size of . Each element in the sequence belongs to a ring. The subscript u indicates that the sequence corresponds to the u-th authorized agency; , It is a prime number, a set Modulus of integer The remaining class ring; The algorithm's input is global parameters. Plain text Keywords Access policies and authorized agency public key The algorithm first randomly generates a set. , sum vector ,in, , It is a set of randomly generated positive integers, and each element in the set belongs to a ring. The sizes of the sets are respectively and , It is a size of A vector, where each element of the vector belongs to the ring. ; The ciphertext output by the algorithm is as follows: ,in, , Represents the set {0,1,..., -1}, , , , , Enc is a symmetric encryption function; It refers to the number of authorized institutions. The number of rows is The matrix, the number of columns is the GlobalSetUp input parameter. , Representative matrix The OK, This represents the element in the i-th row and j-th column of M; It is a mapping function that maps each row of the matrix to an attribute. It means The i-th row represents the attribute, i.e., the index of the organization; The algorithm input is a user-defined global identifier. Authorized Authority Public Key and global parameters The algorithm output is the user key. In the formula, ; The algorithm input is global parameters. Keywords and user key account Output the generated trapdoor: ,in , , ,in, It is a randomly selected positive integer; This represents the cumulative multiplication operator, which multiplies the values of the expression following the symbol. It is a concatenation operator that combines the values on both sides of the symbol. Represents g Powers, and other parameters with the same expression form have the same meaning. This represents the division operator, which divides the value before the sign by the value after the sign. The algorithm input is global parameters. ciphertext User key and trapdoor The algorithm output is ciphertext. If the user If the attributes satisfy the access policy, the cloud server CS will perform the following operations to find the ciphertext containing the keyword in the trapdoor: in, Cloud server CS check inequality Is it true? If true, return 0. Otherwise, return empty, i.e. .
2. The method of claim 1, wherein, In the decentralized multi-authority attribute-based cryptographic DMA-CP-ABE system model: A cloud server (CS) is a semi-honest entity; it honestly performs the tasks assigned to it. User DU is also a semi-honest entity that attempted to access unauthorized data through a collusive attack; The data owner (DO) and the authorizing agency (AA) are fully trustworthy entities that honestly perform their duties.
3. The method of claim 1, wherein, In the decentralized multi-authority attribute-based cryptographic DMA-CP-ABE system model: The Data Owner (DO) is the owner of the data stored in the cloud server (CS). The Data Owner (DO) is responsible for defining access policies, controlling the access permissions of the user (DU), and encrypting, uploading, and managing the data. When encrypting the data, the Data Owner (DO) generates the corresponding index and defines specific access policies. In addition, the Data Owner (DO) determines which attribute should be revoked when attribute revocation is implemented. User DU is an entity that retrieves and decrypts data by generating trapdoors and keys; The cloud server CS supports a variety of services, including data search, computing and storage. Whenever a user DU initiates a search query through a trapdoor, if the access policy matches the user DU's attributes and the trapdoor's keyword is the same as the ciphertext's keyword, the cloud server CS will return the search results. The Authorized Authority (AA) is responsible for generating the public parameters and keys in the system.
4. The method of claim 1, wherein, The Linear Secret Shared LSSS Access Policy In this system, each authorized agency (AA) manages one attribute, and the number of authorized agencies is [number missing]. There are a total of One attribute, The number of rows is The number of columns in the matrix is determined during the initialization phase. Input parameters .
5. The decentralized multi-authority searchable ciphertext policy attribute-based encryption method according to claim 1, characterized in that, The steps for constructing a multi-keyword retrieval function using the basic algorithm, in addition to the same global initialization settings (GlobalSetup), authorization configuration (AuthoritySetup), and key generation (KeyGen) as those for constructing a single-keyword retrieval function, also include: The algorithm's input is global parameters. Plain text Keyword set Access policies and authorized agency public keys ,in, It represents the number of plaintexts; the algorithm's output is the ciphertext. First, generate randomly: , and The output ciphertext is as follows: in, , , , , , , It is a symmetric encryption function. ; The algorithm's input is global parameters. User key account and keyword set The algorithm's output is a trapdoor. First, select randomly. The output trapdoor is ,in: , In the formula, The accumulator symbol indicates that the value of the expression following the symbol is accumulated. The algorithm's input is global parameters. ciphertext User key and trapdoor The algorithm's output is the matched ciphertext. If the user If the attributes satisfy the access policy, the cloud server CS will perform the following operations to find the ciphertext containing the keyword in the trapdoor: wherein, , the cloud server CS checks whether the inequality is true; if true, it returns , otherwise it returns empty, i.e. .
6. The method of claim 1, wherein, The steps for constructing an attribute undo function using a basic algorithm include: When an attribute is revoked, the data owner (DO) will have the attribute value revoked. and user global identifier Send to the appropriate authorized agency ,receive( , After that, the corresponding authorized agency The Update_KeyGen algorithm is executed to generate an update key parameter. Then, the corresponding authorizing agency Update the corresponding user keys and send them to the data owner (DO); simultaneously, the relevant authorizing authority... Update the corresponding key parameters Send to cloud server CS; receive updated key parameters Afterwards, the cloud server CS uses the updated key parameters. The data is re-encrypted; among which, ; The data owner (DO) received the revoked attribute. Subsequently, the relevant authorized agencies Random selection Then generate update key parameters , broken down as ,in , From A randomly selected positive integer; the corresponding authorizing body. Update key parameters Distribute to users and cloud servers This allows for updating the key and re-encrypting the data. The corresponding authorized agency Use update parameters Update user DU's key component And generate an updated key. ,in: Corresponding authorization authority Sending updated key to user DU ; From the relevant authorized agency Received parameters Afterwards, the cloud server CS re-encrypted all attributes. The relevant ciphertext, therefore, cannot be decrypted by the key associated with the revoked attribute; cloud server CS uses Generate new ciphertext: ,in: 。 7. A decentralized, multi-authority searchable ciphertext policy attribute-based encryption system, characterized in that, include: The system model building module is used to define four different entities, including the data owner DO, the user DU, the cloud server CS, and one or more authorized agencies AA, to build a decentralized multi-authority agency attribute-based encrypted DMA-CP-ABE system model; The basic algorithm definition module is used to define basic algorithms based on the actual interaction process between entities. The data retrieval module is used to construct single-keyword retrieval and multi-keyword retrieval functions using basic algorithms to enable data retrieval in encrypted text. The attribute revocation module is used to construct an attribute revocation function using basic algorithms, which revokes attributes when a user's permissions expire or access permissions change. The basic algorithms defined based on the actual interaction process between entities include GlobalSetup, AuthoritySetup, Encrypt, KeyGen, TrapdoorGen, and Search. The steps for constructing a single-keyword retrieval function using basic algorithms include: The algorithm input is a security parameter. Shared LSSS access policy with linear secrets medium matrix Maximum number of columns The algorithm outputs global parameters. ,in, , It is a prime number of order. cyclic group yes generator, From the group Join the group Bilinear mapping function, , It is a hash function. It is a global identifier that satisfies the following conditions: and , It refers to the number of authorized institutions; The algorithm input is the authorizing agency index. and global parameters The output is the public and private keys generated by the authorized agency AA. The generated public and private keys are as follows: In the formula, All are randomly selected sequences of positive integers, with a size of . Each element in the sequence belongs to a ring. The subscript u indicates that the sequence corresponds to the u-th authorized agency; , It is a prime number, a set Modulus of integer The remaining class ring; The algorithm's input is global parameters. Plain text Keywords Access policies and authorized agency public keys The algorithm first randomly generates a set. , sum vector ,in, , It is a set of randomly generated positive integers, and each element in the set belongs to a ring. The sizes of the sets are respectively and , It is a size of A vector, where each element of the vector belongs to the ring. ; The ciphertext output by the algorithm is as follows: ,in, , Represents the set {0,1,..., -1}, , , , , Enc is a symmetric encryption function; It refers to the number of authorized institutions. The number of rows is The matrix, the number of columns is the GlobalSetUp input parameter. , Representative matrix The OK, This represents the element in the i-th row and j-th column of M; It is a mapping function that maps each row of the matrix to an attribute. It means The i-th row represents the attribute, i.e., the index of the organization; The algorithm input is a user-defined global identifier. Authorized Authority Public Key and global parameters The algorithm output is the user key. In the formula, ; The algorithm input is global parameters. Keywords and user key account Output the generated trapdoor: ,in , , ,in, It is a randomly selected positive integer; This represents the cumulative multiplication operator, which multiplies the values of the expression following the symbol. It is a concatenation operator that combines the values on both sides of the symbol. Represents g Powers, and other parameters with the same expression form have the same meaning. This represents the division operator, which divides the value before the sign by the value after the sign. The algorithm input is global parameters. ciphertext User key and trapdoor The algorithm output is ciphertext. If the user If the attributes satisfy the access policy, the cloud server CS will perform the following operations to find the ciphertext containing the keyword in the trapdoor: wherein, , the cloud server CS checks whether the inequality is true; if true, it returns , otherwise it returns empty, i.e. .
8. A computer-readable storage medium, characterized in that, The computer-readable storage medium stores at least one instruction that, when executed by a processor, implements the decentralized multi-authority searchable ciphertext policy attribute-based encryption method as described in any one of claims 1 to 6.