A searchable encryption method based on keyword threshold fault tolerance and collaboration trapdoor
By generating a fault-tolerant keyword set and a collaborative trapdoor mechanism, combined with bilinear pairing verification and audit tags, the problem of no search results caused by user input errors is solved, enabling efficient and secure encrypted data retrieval in the cloud, and improving search hit rate and security.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- CHUZHOU UNIV
- Filing Date
- 2026-03-30
- Publication Date
- 2026-06-05
Smart Images

Figure CN122160158A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of information security technology, and in particular to a searchable encryption method based on keyword threshold fault tolerance and collaborative trapdoors. Background Technology
[0002] With the development of cloud computing and data circulation, governments, enterprises, and research institutions are outsourcing the storage of a large number of business documents and data to the cloud to reduce local storage and maintenance costs. To prevent cloud storage service providers or external attackers from stealing sensitive information, existing systems typically encrypt document content before uploading to the cloud. However, traditional encryption leads to difficulties in retrieving encrypted data: users cannot quickly search and filter data by keywords without downloading and decrypting all the data, significantly reducing the availability of cloud data and business efficiency.
[0003] To address the usability issues of encrypted data, searchable encryption (SE) technology has been proposed both domestically and internationally, enabling cloud-based keyword matching and retrieval without decrypting document content. Existing SE systems primarily include Symmetric Searchable Encryption (SSE) and Public Key Searchable Encryption (PEKS), which can address the challenges of encrypted retrieval to a certain extent.
[0004] However, in actual use, user search input is often affected by factors such as spelling errors and accidental key presses. Traditional exact keyword matching is prone to results that are not found, resulting in encrypted data being searchable but unusable, creating a significant usability gap.
[0005] To address the real-world problem of user input errors, existing research has proposed fuzzy keyword retrieval strategies, such as using edit distance, wildcard expansion, and candidate word generation to improve retrieval error tolerance. However, in real-world encrypted data retrieval scenarios, systems typically need to meet various engineering constraints. On one hand, to reduce the risk of single-point abuse of retrieval or decryption permissions, mechanisms such as threshold cryptography, multi-party collaborative authorization, and group access control are often introduced, ensuring that retrieval traps or decryption operations are triggered jointly by multiple members. On the other hand, under the assumption of incomplete trust in the cloud, the system still needs the ability to verify the correctness and completeness of the returned results to prevent missed, incorrect, or tampered returns. The system also faces risks such as keyword guessing attacks and backdoors implanted by manufacturers, typically requiring anti-guessing designs or cryptographic reverse firewalls to reduce the probability of leakage.
[0006] Existing collaborative searchable encryption solutions that feature multi-party collaboration, resistance to keyword guessing attacks, resistance to backdoor attacks, and verifiable results often only target precise keywords and do not take into account situations where users have no search results due to spelling errors.
[0007] Therefore, a technical solution is needed for cloud-based encrypted data sharing and retrieval scenarios. This solution should provide an effective keyword error-tolerant retrieval mechanism to address user input errors and maintain usability under constraints such as multi-party collaborative trapdoor generation, verifiable results, resistance to keyword guessing attacks, and resistance to backdoor attacks, thereby improving the actual usability of encrypted data retrieval. Summary of the Invention
[0008] The purpose of this invention is to solve the problems in the prior art and propose a searchable encryption method based on keyword threshold fault tolerance and collaborative trapdoor. This method can provide an effective keyword fault tolerance retrieval mechanism for user input errors and maintain usability under constraints such as multi-party collaborative trapdoor generation, verifiable results, resistance to keyword guessing attacks and backdoor attacks, thereby improving the actual use effect of encrypted data retrieval.
[0009] To achieve the above objectives, the present invention adopts the following technical solution: like Figure 1-2 As shown, a searchable encryption method based on keyword threshold tolerance and collaborative trapdoors includes: Step S1: The trusted administrator (TA) generates system public parameters and a master key, then distributes the key or key share to the data owner and user search group respectively, and sets threshold parameters. ; Step S2: The data owner generates a fault-tolerant keyword set based on the standard keyword set according to preset letter proximity relationships. And establish a threshold-tolerant keyword library; Step S3: The derived keyword server group jointly generates a key for the fault-tolerant keyword set. Perform derivation processing to obtain threshold-tolerant derived keywords; Step S4: The data owner encrypts the document to generate encrypted document text, constructs an encrypted index based on threshold-tolerant derived keywords, and uploads the encrypted document text, encrypted index, and audit tags to the cloud server for storage. Step S5: User query input, if the threshold condition is met In the event of collaborative generation of search trapdoors, these trapdoors are submitted to the cloud server. Step S6: The cloud server performs a matching operation on the encrypted index based on the search trapdoor, and returns the encrypted document and the corresponding audit tag to the auditor; Step S7: The auditor performs integrity verification on the encrypted document returned by the cloud server based on the audit label, and decrypts the verified encrypted document.
[0010] Furthermore, the specific steps of step S1 include: Step S11: The trusted administrator TA performs system initialization, then inputs the security level parameter λ to determine the password parameter size, and generates public parameters, master public key MPK and master private key MSK. Then, the master public key MPK is broadcast to the data owner, user search group, keyword derivation server group and auditor, and the master private key MSK is securely distributed to the data owner and user search group according to the preset access control policy. Step S12: The trusted administrator (TA) generates the minimum number of collaborating members required for a valid query trapdoor based on the user's search group. And the minimum number of servers required for the keyword derivation server group to participate in keyword derivation. Set threshold parameters, then generate random polynomials that satisfy the threshold parameters, and allocate polynomial shares to user search groups and keyword derivation server groups, so that at least the number of shares corresponding to the threshold parameters are reconstructed to obtain effective query traps and derived keywords.
[0011] Furthermore, the specific steps of step S2 include: Step S21: Based on the preset letter proximity relationship, perform fault-tolerant letter replacement on each standard keyword in the standard keyword set extracted from the encrypted document to generate a fault-tolerant keyword set corresponding to the standard keyword set. ; Step S22: Set the keyword tolerance set The mapping is applied to encrypted documents containing corresponding standard keywords, ensuring that when a user enters a query keyword, if that keyword belongs to the keyword fault-tolerant set... If the specified keyword is selected, the encrypted document corresponding to the standard keyword will be returned.
[0012] Furthermore, the specific steps of step S3 include: Step S31: Data owner's set of keywords for fault tolerance Randomize the fault-tolerant keywords in the middle to obtain intermediate keywords; Step S32: The intermediate key is randomized by the cryptographic reverse firewall to obtain the randomized intermediate key; Step S33: Distribute the randomized intermediate keywords to the derived keyword server group, where no less than t1 servers aggregate them to form aggregated keywords, which are then returned to the client through a cryptographic reverse firewall to obtain threshold-tolerant derived keywords.
[0013] Furthermore, the specific steps of step S4 include: Step S41: The data owner and the cryptographic reverse firewall work together to generate an unbiased random number; Step S42: The data owner generates encrypted text of the document to be uploaded; Step S43: Construct an encrypted index associated with the document based on standard keywords and derived keywords with threshold tolerance; Step S44: The data owner generates an audit label for each document to verify the document's integrity; Step S45: The data owner uploads the encrypted document, encrypted index, and audit tag to the cloud server for storage.
[0014] Furthermore, the specific steps of step S5 include: Step S51: Search for the keywords entered by the user, and then perform derivation processing on the keywords through the user's search groups to generate derived search keywords; Step S52: When the number of users participating in the collaboration reaches a preset threshold parameter, multiple users in the user search group jointly reconstruct the key based on their respective private keys to generate the complete key; Step S53: The user search group generates a search trapdoor based on the complete key and derived search keywords, and submits it to the cloud server.
[0015] Furthermore, the private key held by each user is:
[0016] in , These are the group member polynomials, Indicates the identity of a group member.
[0017] Furthermore, step 6 specifically includes the following steps: Step 61: The cloud server performs a bilinear pairing operation between the search trap sent by the user and the encrypted index without decryption, and obtains the successfully matched keywords; Step 62: Return the successfully matched keywords, their corresponding encrypted documents, and the corresponding audit tags to the auditor.
[0018] Furthermore, step 7 specifically includes the following steps: Step S71: The auditor performs integrity verification on the encrypted document returned by the cloud server according to the set rules, including integrity verification of the encrypted document content, and outputs audit failure evidence and discards the data when the verification fails. Step S72: When verification is successful, output an audit report and output the search results and the verified encrypted document to the search users in the user search group; Step S73: Search for the user to decrypt the verified encrypted document.
[0019] Compared with existing technologies, the advantages of this invention are: 1. This invention achieves efficient retrieval in encrypted environments without disclosing the plaintext content of documents through a bilinear pairing-based matching verification mechanism, and employs a threshold-tolerance mechanism to generate a set of tolerance keywords corresponding to the standard keyword set based on preset letter proximity relationships. And the keyword fault tolerance set By mapping the encrypted documents to the corresponding standard keywords, the problem of spelling errors commonly found in actual searches is effectively solved, thereby improving the search hit rate and usability.
[0020] 2. This invention also avoids the risks of single-point key concentration and single-point abuse by using threshold collaborative trapdoor generation and key share distribution. It is suitable for cross-departmental and cross-organizational shared retrieval scenarios. By introducing verifiable audit tags and third-party auditing mechanisms, the querying party can verify the integrity and correctness of the results returned by the cloud and detect missed, incorrect, or tampered returns. At the same time, by combining a randomized derivation mechanism that resists keyword guessing and cryptographic reverse firewall re-randomization processing, the risk of information leakage caused by cloud-based curious inference and backdoors is reduced, thereby achieving a better comprehensive balance between security, availability, and verifiability. Attached Figure Description
[0021] Figure 1 The flowchart presents a searchable encryption method based on keyword threshold fault tolerance and cooperative trapdoor proposed in this invention.
[0022] Figure 2 The figure shows an application example of the searchable encryption method based on keyword threshold tolerance and cooperative trapdoor proposed in this invention. Detailed Implementation
[0023] The invention will now be further explained with reference to the accompanying drawings.
[0024] like Figure 1 As shown, this invention provides a searchable encryption method based on keyword threshold tolerance and cooperative trapdoors, comprising: Step S1: The trusted administrator TA generates system public parameters and master key, and then distributes the key or key share to the data owner DO and the user search group R respectively, and sets the threshold parameters; Step S2: The data owner (DO) generates a fault-tolerant keyword set based on the standard keyword set according to a preset fault-tolerant threshold. And establish a threshold-tolerant keyword library; Step S3: The derived keyword server group jointly generates a key for the fault-tolerant keyword set. Perform derivation processing to obtain threshold-tolerant derived keywords; Step S4: The data owner DO encrypts the document to generate document ciphertext, constructs an encrypted index based on threshold-tolerant derived keywords, and uploads the document ciphertext, encrypted index, and audit tags to the cloud server for storage. Step S5: User query input, collaboratively generate search trapdoors if threshold conditions are met, and submit to the cloud server; Step S6: The cloud server performs a matching operation on the encrypted index based on the search trapdoor, and returns the encrypted document and the corresponding audit tag to the auditor; Step S7: The auditor performs integrity verification on the encrypted document returned by the cloud server based on the audit label, and decrypts the verified encrypted document.
[0025] In step S1, the trusted administrator TA initializes the system, generating the master public key MPK and the master private key MSK. Some parameters used in the initialization process are as follows:
[0026] The trusted administrator (TA) selects the security parameter λ, chooses the multiplicative cyclic group G with an order of a very large prime number p, where p is a λ-bit prime number, and uses bilinear pairing. satisfy Five generators are randomly selected from G. From a finite field Randomly select 4 values and calculate. , , , ;TA chooses hash function (i∈[0,6]), where Responsible for mapping keywords to group elements. Responsible for mapping group elements to finite fields middle, Responsible for generating random numbers in the collaborative cryptographic reverse firewall. Responsible for mapping fault-tolerant keyword derivatives to a finite domain , Responsible for matching results The elements in the domain become field elements that can be used in polynomial operations. Responsible for generating symmetric keys. It is responsible for binding the key components of the ciphertext together with the polynomial coefficients.
[0027] Trusted administrator (TA) outputs the master public key and the master private key Give the polynomial used by the group members:
[0028] TA for each group member Randomly select a number in a finite field And calculate the private key for each group member. , , , ,in, Represents the private key The publicly verified value, For the identity tags of members, It is a private key based on the group identity tag.
[0029] In step 2, the data owner (DO) generates a fault-tolerant keyword library based on the proximity of letters on the keyboard to the standard keywords extracted from the document. The proximity of letters is shown in the table below:
[0030] Based on the fault-tolerant substitution of adjacent letters, the extracted set of standard keywords for the document is processed. Generate a set of fault-tolerant keywords τ is the threshold, which is set by the data owner DO. This threshold is the number of replaceable letters in the standard keywords.
[0031] In step 3, for any one of the fault-tolerant keywords... The data owner DO selects a random number r and performs the first randomization. Send to cryptographic reverse firewall Cryptographic reverse firewall Select a random number d and re-enter... Second randomization Forwarded to each derived keyword server Each derived keyword server right Perform partial signature and return to the cryptographic reverse firewall Then it is returned to the data owner DO, who aggregates the derandomized content into threshold-tolerant derived keywords. The signature method is as follows: Each keyword server , , This refers to the number of keyword servers, randomly selected. , Belongs to a limited Domain, and each keyword server selects a polynomial:
[0032] calculate , And send it to other keyword servers. Meanwhile, Will Secretly sent to the corresponding , ,when After receiving the message, verify and Check if they are equal, and calculate. and These are respectively used as the key share and the corresponding public share of the keyword server. calculate and store ,maintain .
[0033] Each right Sign it and get Signature value Forward it to the cryptographic reverse firewall , right Derandomization It is returned to the data owner DO, and here the data owner DO receives it. ( Post-verification , here yes The corresponding public key share, if there is indivual If the verification is successful, then the data owner DO has control over this data. indivual Perform derandomized aggregation calculations to obtain ,in If the equation is satisfied ,in, express The aggregated public key shares represent If the aggregate signature is correct, the keyword server derivation is successful; otherwise, it indicates that the keyword server generation failed. The data owner (DO) calculates the threshold for fault-tolerant derivation keywords. PRF is a pseudo-random function. For each fault-tolerant keyword, the above steps are repeated to generate derived keywords for this operation.
[0034] In step 4, the data owner DO first communicates with the cryptographic reverse firewall. Generate an unbiased random number that prevents backdoor attacks through interactive methods. , Random selection and give a promise and c and Send to the data owner DO, the data owner DO selects... and will Send to This is used to check and verify whether the random numbers are correct, and the data owner (DO) checks whether the following conditions are met. If true, then DO accepts. calculate and output .
[0035] The data owner DO calculates the first common component of the index. Calculate the second common component of the index. Simultaneously calculate keywords index entries , Mark the index corresponding to file m as For user sets And for each file m, the data owner DO selects a random number. And calculate ,in, It is a public random item that forms the basis of file encryption, which is then used with a symmetric encryption key. , This represents the key length of the symmetric encryption algorithm. forward 1 bit, symmetric encryption of file m is obtained Calculate the encrypted body of the file , yes Total bit length, for each ( Users, data owners And construct the polynomial:
[0036] Finally, the data owner, DO, calculates the encrypted binding verification value. and ciphertext validity verification item and use This represents the ciphertext of each file.
[0037] After completing the above, the data owner (DO) generates audit labels to verify file integrity: Here, 'i' represents the identity of the data owner, DO. This is the identity identifier for document m. After completing the above steps, the data owner DO will... Send to cryptographic reverse firewall ,in ,in, A collection of encrypted document indexes. Represents a collection of encrypted documents. Cryptographic reverse firewall. verify Whether or not If they are equal, then Will Send it to the cloud server for storage, and the cloud server will verify it upon receipt.
[0038] In step 5, the search is performed using the keywords entered by the user. Keywords The user searches the group R members and executes the fault-tolerant keyword set in step S3, which is owned by DO. Perform the same derivation process to obtain derived search keywords. The user selects a random number. And calculate the two temporary public variables A and D generated by the random number for this query. , Then each user j in R ( Calculate the Lagrange interpolation coefficients , , ,in, and This represents user j's local contribution to the trapdoor, used for subsequent calculations, and then at least by... Individual users collaboratively generate trapdoor components: .
[0039] Users in search group R will search for trapdoors. Output to the cloud server.
[0040] In step 6, the cloud server receives the trapdoor. Then, verify whether the submitted trapdoor matches the index. Perform a match:
[0041] Then, the cloud server will display the search results. Output to the auditor.
[0042] In step 7, assume the returned set is The auditor will conduct an audit of each Random selection And send a challenge message to CS. Then the cloud server calculates , , and will The results are then sent to the auditor, who checks the completeness of the search results. If the result is true, the auditor will return the result to R; otherwise, the auditor will reject the result.
[0043] After receiving the results, each user in R calculates: And verify whether it is satisfied: If verification fails, output a termination message; otherwise, continue calculating the identity binding value recovered by the current receiver under the current ciphertext. , ,if If the search is successful, output termination information; otherwise, the search user is available. This will decrypt the returned document.
[0044] As is known from common technical knowledge, this invention can be implemented through other embodiments that do not depart from its spirit or essential characteristics. Therefore, the disclosed embodiments described above are merely illustrative and not exhaustive. All modifications within the scope of this invention or its equivalents are included in this invention.
Claims
1. A searchable encryption method based on keyword threshold tolerance and collaborative trapdoors, characterized in that, include: Step S1: The trusted administrator (TA) generates system public parameters and a master key, then distributes the key or key share to the data owner and user search group respectively, and sets threshold parameters. ; Step S2: The data owner generates a fault-tolerant keyword set based on the standard keyword set according to preset letter proximity relationships. And establish a threshold-tolerant keyword library; Step S3: The derived keyword server group jointly generates a key for the fault-tolerant keyword set. Perform derivation processing to obtain threshold-tolerant derived keywords; Step S4: The data owner encrypts the document to generate encrypted document text, constructs an encrypted index based on threshold-tolerant derived keywords, and uploads the encrypted document text, encrypted index, and audit tags to the cloud server for storage. Step S5: User query input, if the threshold parameter is met... In the event of collaborative generation of search trapdoors, these trapdoors are submitted to the cloud server. Step S6: The cloud server performs a matching operation on the encrypted index based on the search trapdoor, and returns the encrypted document and the corresponding audit tag to the auditor; Step S7: The auditor performs integrity verification on the encrypted document returned by the cloud server based on the audit label, and decrypts the verified encrypted document.
2. The searchable encryption method based on keyword threshold fault tolerance and cooperative trapdoor as described in claim 1, characterized in that: The specific steps of step S1 include: Step S11: The trusted administrator TA performs system initialization, then inputs the security level parameter λ to determine the password parameter size, and generates public parameters, master public key MPK and master private key MSK. Then, the master public key MPK is broadcast to the data owner, user search group, keyword derivation server group and auditor, and the master private key MSK is securely distributed to the data owner and user search group according to the preset access control policy. Step S12: The trusted administrator (TA) generates the minimum number of collaborating members required for a valid query trapdoor based on the user's search group. And the minimum number of servers required for the keyword derivation server group to participate in keyword derivation. Set threshold parameters, then generate random polynomials that satisfy the threshold parameters, and allocate polynomial shares to user search groups and keyword derivation server groups, so that at least the number of shares corresponding to the threshold parameters are reconstructed to obtain effective query traps and derived keywords.
3. The searchable encryption method based on keyword threshold fault tolerance and cooperative trapdoor as described in claim 1, characterized in that: The specific steps of step S2 include: Step S21: Based on the preset letter proximity relationship, perform fault-tolerant letter replacement on each standard keyword in the standard keyword set extracted from the encrypted document to generate a fault-tolerant keyword set corresponding to the standard keyword set. ; Step S22: Set the keyword tolerance set The mapping is applied to encrypted documents containing corresponding standard keywords, ensuring that when a user enters a query keyword, if that keyword belongs to the keyword fault-tolerant set... If the specified keyword is selected, the encrypted document corresponding to the standard keyword will be returned.
4. The searchable encryption method based on keyword threshold fault tolerance and cooperative trapdoor as described in claim 1, characterized in that: The specific steps of step S3 include: Step S31: Data owner's set of keywords for fault tolerance Randomize the fault-tolerant keywords in the middle to obtain intermediate keywords; Step S32: The intermediate key is randomized by the cryptographic reverse firewall to obtain the randomized intermediate key; Step S33: Distribute the randomized intermediate keywords to the derived keyword server group, where no less than t1 servers aggregate them to form aggregated keywords, which are then returned to the client through a cryptographic reverse firewall to obtain threshold-tolerant derived keywords.
5. The searchable encryption method based on keyword threshold fault tolerance and cooperative trapdoor as described in claim 4, characterized in that: The specific steps of step S4 include: Step S41: The data owner and the cryptographic reverse firewall work together to generate an unbiased random number; Step S42: The data owner generates encrypted text of the document to be uploaded; Step S43: Construct an encrypted index associated with the document based on standard keywords and derived keywords with threshold tolerance; Step S44: The data owner generates an audit label for each document to verify the document's integrity; Step S45: The data owner uploads the encrypted document, encrypted index, and audit tag to the cloud server for storage.
6. The searchable encryption method based on keyword threshold fault tolerance and cooperative trapdoor as described in claim 5, characterized in that: The specific steps of step S5 include: Step S51: Search for the keywords entered by the user, and then perform derivation processing on the keywords through the user's search groups to obtain the generated derived search keywords; Step S52: When the number of users participating in the collaboration reaches a preset threshold parameter, multiple users in the user search group jointly reconstruct the key based on their respective private keys to generate the complete key; Step S53: The user search group generates a search trapdoor based on the complete key and derived search keywords, and submits it to the cloud server.
7. The searchable encryption method based on keyword threshold fault tolerance and cooperative trapdoors according to claim 6, characterized in that, The private key held by each user is: in , These are the group member polynomials, Indicates the identity of a group member.
8. The searchable encryption method based on keyword threshold fault tolerance and cooperative trapdoor as described in claim 6, characterized in that: Step 6 specifically includes the following steps: Step 61: The cloud server performs a bilinear pairing operation between the search trap sent by the user and the encrypted index without decryption, and obtains the successfully matched keywords; Step 62: Return the successfully matched keywords, their corresponding encrypted documents, and the corresponding audit tags to the auditor.
9. The searchable encryption method based on keyword threshold fault tolerance and cooperative trapdoor as described in claim 8, characterized in that: Step 7 specifically includes the following steps: Step S71: The auditor performs integrity verification on the encrypted document returned by the cloud server based on the audit label, including integrity verification of the encrypted document content, and outputs audit failure evidence and discards the document data when the verification fails. Step S72: When verification is successful, output an audit report and output the search results and the verified encrypted document to the search users in the user search group; Step S73: Search for the user to decrypt the verified encrypted document.