Attribute-based searchable encryption method against keyword-guessing attack based on sm9

By constructing a system master key and public parameters based on the SM9 identifier cryptography algorithm, a user private key with both identity relevance and attribute association is generated. A collusion-resistant search trapdoor mechanism is designed to solve the problem that ciphertext policy attribute-based searchable encryption schemes in smart grids are vulnerable to keyword guessing attacks. This achieves secure, controllable, and efficient ciphertext retrieval, adapting to the dynamic permission changes of smart grids.

CN122179095APending Publication Date: 2026-06-09GUILIN UNIV OF ELECTRONIC TECH +1

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
GUILIN UNIV OF ELECTRONIC TECH
Filing Date
2026-03-16
Publication Date
2026-06-09

AI Technical Summary

Technical Problem

Existing encrypted policy attribute-based searchable encryption schemes are vulnerable to keyword guessing attacks on the server side in smart grids, leading to the leakage of user search patterns and sensitive information. They also suffer from high computational overhead, high storage costs, and inflexible dynamic management of user attributes, making it difficult to meet the requirements for autonomous and controllable security.

Method used

The system master key and public parameters are constructed using the SM9 identifier cryptography algorithm. User private keys with both identity relevance and attribute association are generated. Combined with message authentication and access tree strategy, a collusion-resistant search trapdoor mechanism is designed to ensure that the server cannot perform offline keyword enumeration and guessing.

Benefits of technology

It enables secure, controllable, and efficient encrypted retrieval while ensuring data confidentiality and user privacy, resisting keyword guessing attacks, adapting to dynamic permission changes in smart grids, reducing computing and storage costs, and meeting the requirements of independent controllability.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122179095A_ABST
    Figure CN122179095A_ABST
Patent Text Reader

Abstract

This invention provides an attribute-based searchable encryption method based on SM9 to resist keyword guessing attacks. It aims to address the security flaws of existing solutions, which are vulnerable to server-side keyword guessing attacks during encrypted retrieval. By cryptographically binding and randomizing user identity identifiers, attribute sets, and keywords, a complete encryption, retrieval, and verification mechanism is constructed. Its core lies in reconstructing the security trapdoor generation and verification process using the SM9 algorithm, preventing the server from offline enumerating and guessing keywords without proper attribute permission verification. This achieves secure, controllable, and efficient encrypted retrieval while ensuring data confidentiality and user privacy, meeting the urgent needs of smart grids for secure and autonomously controllable data sharing technologies.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of data security technology, and in particular to a data security retrieval method in a smart grid environment. More specifically, it is a ciphertext policy attribute-based searchable encryption method based on the SM9 identifier cryptography algorithm that resists keyword guessing attacks. Background Technology

[0002] With the widespread adoption of smart grids, system data is surging, and user permission structures are becoming increasingly complex and dynamic, posing challenges to traditional access control mechanisms. To achieve secure and controllable sharing of massive amounts of encrypted data, Policy-Based Searchable Encryption (CP-ABSE) has become a research hotspot. However, in this architecture, a powerful server can launch a keyword guessing attack by repeatedly submitting guessed keywords to generate search tokens for matching tests. If successful, this attack directly leaks user search patterns and associated sensitive information, seriously threatening data privacy and security. Therefore, designing a novel CP-ABSE scheme that effectively resists such attacks while maintaining efficiency has become a core challenge for secure data sharing in smart grids.

[0003] Currently, the mainstream improvement methods for enhancing the security of the CP-ABSE scheme mainly follow the following technical routes: constructing search tokens with trapdoor indistinguishability so that the server cannot distinguish tokens corresponding to different keywords; designing token generation mechanisms that resist guessing attacks and increase the difficulty of offline testing; or combining techniques such as anonymous key strategies to improve overall security by concealing access policies or user attribute information.

[0004] While existing technologies offer various enhancement approaches, they suffer from shortcomings in areas such as cryptographic autonomy, security model completeness, operational efficiency, dynamic management capabilities, and deep integration with complex application scenarios. These limitations hinder the practical deployment and application value of the CP-ABSE scheme, which resists keyword guessing attacks, in smart grids. Based on core cryptographic technologies, most existing solutions rely on internationally accepted cryptographic algorithms and standards, failing to integrate my country's independent commercial cryptographic algorithm system. This poses potential risks in critical information infrastructure sectors, making it difficult to meet the strategic requirements of technological autonomy and security control, and facing compliance obstacles in practical deployment. Secondly, regarding the completeness of security models and protection, most solutions rely on overly idealized assumptions, failing to fully characterize the real threat capabilities of malicious internal servers with powerful computing resources in smart grids. Their security proofs often only hold true under limited attack models. Furthermore, these solutions largely focus on resisting keyword guessing attacks themselves, lacking coordinated consideration of multiple security attributes such as user attribute privacy, access policy hiding, and forward and backward security, resulting in weaknesses in the overall security protection system. From a practical efficiency perspective, existing solutions generally employ complex cryptographic constructions, such as involving numerous bilinear pairing operations, multi-round interaction protocols, or bloated ciphertext and token data structures. This leads to a significant increase in computational overhead during encryption, retrieval, and decryption, while also raising communication and storage costs. The smart grid environment encompasses a massive number of resource-constrained terminal devices and latency-sensitive real-time services; such high performance overhead severely restricts the feasibility of large-scale application of these solutions. Furthermore, user attributes and permissions in the smart grid are constantly changing, and existing solutions generally lack efficient and secure real-time attribute revocation mechanisms, or the revocation methods employed are flawed in terms of security, efficiency, or management complexity, failing to flexibly adapt to frequent permission changes while ensuring forward and backward security. Finally, most existing research is limited to theoretical model optimization, lacking sufficient adaptability to the complex cloud-edge-device collaborative architecture, diverse business flows, and multiple participating entities of the smart grid in practice, easily leading to functional mismatches and integration difficulties during implementation. Summary of the Invention

[0005] To address the vulnerability of existing attribute-based searchable encryption schemes to keyword guessing attacks launched by servers with powerful computing capabilities when deployed in environments such as smart grids, leading to the leakage of user search patterns and sensitive information, this invention provides an attribute-based searchable encryption method based on SM9 to resist keyword guessing attacks. This method reconstructs the attribute-based searchable encryption method using the national standard SM9 identifier cryptography algorithm, achieving secure retrieval resistant to keyword guessing attacks. It can effectively resist such attacks and meets the requirements of independent controllability.

[0006] The technical solution to achieve the objective of this invention is:

[0007] An attribute-based searchable encryption method based on SM9 that resists keyword guessing attacks includes the following steps:

[0008] (1) Constructing the system master key and public parameters based on the SM9 identifier cryptosystem: using security parameters As input, generate public parameters for the system;

[0009] (2) Generating a key: When generating a private key for a user, the user's unique identifier and its attribute set are deeply bound by cryptographic methods, and a randomization factor is introduced to generate a collusive user private key that has both identity relevance and attribute relevance.

[0010] (3) Data encryption: The keywords are encapsulated using the SM9 identifier encryption mechanism and combined with message authentication to ensure data confidentiality and integrity;

[0011] (4) Generate search trapdoor: Attribute-based encryption is performed based on the access tree strategy to generate a search trapdoor. Its private key, keyword and random factor are tightly combined, so that the trapdoor has the characteristics of randomization and user identity binding.

[0012] (5) After receiving the search trap, the server must first verify whether the user attributes meet the access control policy of the ciphertext. Only after the verification is passed can the information in the trap be used to perform keyword matching test with the ciphertext. This ensures that the server cannot perform offline keyword enumeration and guessing without the legitimate user's permission, thus achieving secure and verifiable ciphertext retrieval.

[0013] Further:

[0014] Step (1) involves generating public parameters, including:

[0015] 1) First, select the bilinear pair group. ,in Let N be a cyclic group of prime numbers, and define... Generator Homomorphic mappings also exist. satisfy ;

[0016] 2) Select the SM9 standard hash function: Used to identify mappings, preserving attribute hash functions. And added key derivation functions and message authentication code function ;

[0017] 3) Select the private key generation function identifier Randomly select the KGC master private key. Calculate the master public key ;

[0018] 4) Definition Output the complete set of attributes; output system parameters. Master key Master key Ultimately, the algorithm publicly discloses the master public key and secretly stores the master private key.

[0019] Step (2) involves generating the key, which includes:

[0020] 1) Define ID as a user representation. For user attribute set:

[0021] 2) Generate a component representing the private key: calculate If t=0, the initialization steps are re-executed; otherwise, the SM9 standard private key is calculated. ;

[0022] 3) Generate attribute-related components: randomly select calculate For each attribute Random selection ,calculate , ;

[0023] 4) Output the user's private key By binding the identifier private key to the attribute component using a random number r, and simultaneously introducing randomization into the attribute component. To resist a coordinated attack.

[0024] The data encryption in step (3) includes:

[0025] 1) Random selection and random messages :

[0026] 2) Keyword encryption: calculation , ;

[0027] 3) Calculation Derive a key from u using KDF: The partition K is Encryption key length and MAC key length, calculation , ;

[0028] 4) Attribute-based encryption: For a leaf node v in the access tree T, calculate the secret share based on the secret value s. ,calculate , ;

[0029] 5) Output ciphertext The random message m needs to be stored or sent to the server along with the ciphertext for subsequent testing and verification.

[0030] Step (4) involves generating the search trapdoor, which includes:

[0031] 1) Random selection ;

[0032] 2) Calculate the keyword trapdoor component: Calculate ,like Then regenerate the user key; otherwise, calculate... ;

[0033] 3) Attribute trapdoor component: For each ,calculate , ;

[0034] 4) Output trapdoor .

[0035] Step (5) involves verifying whether the user attributes meet the access control policy for the encrypted data, including:

[0036] 1) Attribute verification: For the attribute set in the trapdoor Select a subset of attributes that satisfy the access tree T. For each attribute Find the corresponding leaf node ,calculate

[0037]

[0038] Recover the root node value using the secret sharing combinatorial algorithm. ;

[0039] 2) Keyword verification: Calculation Using KDF derived keys: Divided into and Decryption ,verify and ;

[0040] 3) If recovery is successful If the keyword verification passes, return 1; otherwise, return 0.

[0041] The beneficial effects of this invention are as follows: By using the above method, the security flaw of the prior art, which is susceptible to server-side keyword guessing attacks during encrypted retrieval, is solved. By cryptographically binding and randomizing user identity identifiers, attribute sets, and keywords, a complete encryption, retrieval, and verification mechanism is constructed. The security trapdoor generation and verification process is reconstructed using the SM9 algorithm, preventing the server from offline enumerating and guessing keywords without passing attribute permission verification. This enables secure, controllable, and efficient encrypted retrieval while ensuring data confidentiality and user privacy, meeting the urgent needs of smart grids for secure and autonomously controllable data sharing technologies. Attached Figure Description

[0042] Figure 1 This is a flowchart of the attribute-based searchable encryption method based on SM9 to resist keyword guessing attacks, as described in this invention.

[0043] Figure 2 This is a system architecture diagram of the attribute-based searchable encryption method based on SM9 that resists keyword guessing attacks, as presented in this invention. Detailed Implementation

[0044] The present invention will now be further described with reference to the accompanying drawings.

[0045] refer to Figure 1-2 This invention relates to an attribute-based searchable encryption method based on SM9 that resists keyword guessing attacks, comprising the following stages:

[0046] (1) System initialization and key generation stage: The system master key and public parameters are constructed based on the SM9 identifier cryptosystem. When generating a private key for a user, the user's unique identifier and attribute set are deeply bound by cryptographic methods, and a randomization factor is introduced to generate a collusive user private key that has both identity relevance and attribute correlation.

[0047] (2) Data encryption and trapdoor generation stage: A dual encryption structure was designed. On the one hand, the keywords are encapsulated using the SM9 identifier encryption mechanism and combined with message authentication to ensure data confidentiality and integrity; on the other hand, attribute-based encryption is performed based on the access tree strategy. When a user generates a search trapdoor, their private key, keywords, and random factors are tightly combined, giving the trapdoor the characteristics of randomization and user identity binding.

[0048] (3) Secure retrieval execution phase: After receiving the search trap, the server first needs to verify whether the user attributes meet the access control policy of the encrypted text. Only after the verification is passed can the information in the trap be used to perform keyword matching tests with the encrypted text. This process ensures that the server cannot perform offline keyword enumeration and guessing without the legitimate user's permissions, thereby realizing secure and verifiable encrypted text retrieval.

[0049] The specific plans for each stage are as follows:

[0050] (1) : based on safety parameters As input, generate public parameters for the system. First, select the bilinear pair group. ,in Let N be a cyclic group of prime numbers, and define... Generator Homomorphic mappings also exist. satisfy Choose the SM9 standard hash function: Used to identify mappings, preserving attribute hash functions. And added key derivation functions and message authentication code function Select the private key generation function identifier. Randomly select the KGC master private key. Calculate the master public key .definition This is the complete set of attributes. Output system parameters. Master key Master key Ultimately, the algorithm publishes the master public key and stores the master private key secretly.

[0051] (2) Define ID as a user representation. For user attribute sets.

[0052] ① Generate a component representing the private key. Calculate... If t=0, the initialization steps are re-executed; otherwise, the SM9 standard private key is calculated. .

[0053] ② Generate attribute-related components. Randomly select. calculate For each attribute Random selection ,calculate , .

[0054] Output user private key By binding the identifier's private key to the attribute component using a random number r, and simultaneously introducing randomization into the attribute component... To resist a coordinated attack.

[0055] (3) Random selection and random messages .

[0056] ① Keyword encryption. Calculation. , .

[0057] calculate Derive a key from u using KDF: The partition K is Encryption key length and MAC key length, calculation , .

[0058] ② Attribute-based encryption. For a leaf node v in the access tree T, calculate the secret share based on the secret value s. ,calculate , .

[0059] Output ciphertext The random message m needs to be stored or sent to the server along with the ciphertext for subsequent testing and verification.

[0060] (4) Random selection .

[0061] ① Calculate the keyword trapdoor component. ,like Then regenerate the user key; otherwise, calculate... .

[0062] ②Attribute trapdoor component. For each ,calculate , .

[0063] Output trapdoor .

[0064] (5) .

[0065] ① Attribute validation. For the attribute set in the trapdoor. Select a subset of attributes that satisfy the access tree T. For each attribute Find the corresponding leaf node ,calculate

[0066]

[0067] Recover the root node value using the secret sharing combinatorial algorithm. .

[0068] ② Keyword verification. Calculation. Using KDF derived keys: Divided into and Decryption ,verify and .

[0069] ③ If recovery is successful If the keyword verification passes, return 1; otherwise, return 0.

Claims

1. An attribute-based searchable encryption method based on SM9 that resists keyword guessing attacks, characterized by: Includes the following steps: (1) Constructing the system master key and public parameters based on the SM9 identifier cryptosystem: using security parameters As input, generate public parameters for the system; (2) Generating a key: When generating a private key for a user, the user's unique identifier and its attribute set are deeply bound by cryptographic methods, and a randomization factor is introduced to generate a collusive user private key that has both identity relevance and attribute relevance. (3) Data encryption: The keywords are encapsulated using the SM9 identifier encryption mechanism and combined with message authentication to ensure data confidentiality and integrity; (4) Generate search trapdoor: Attribute-based encryption is performed based on the access tree strategy to generate a search trapdoor. Its private key, keyword and random factor are tightly combined, so that the trapdoor has the characteristics of randomization and user identity binding. (5) After receiving the search trap, the server must first verify whether the user attributes meet the access control policy of the ciphertext. Only after the verification is passed can the information in the trap be used to perform keyword matching test with the ciphertext. This ensures that the server cannot perform offline keyword enumeration and guessing without the legitimate user's permission, thus achieving secure and verifiable ciphertext retrieval.

2. The attribute-based searchable encryption method based on SM9 to resist keyword guessing attacks according to claim 1, characterized in that: Step (1) involves generating public parameters, including: 1) First, select the bilinear pair group. ,in Let N be a cyclic group of prime numbers, and define Generator Homomorphisms also exist. satisfy ; 2) Select the SM9 standard hash function: Used to identify mappings, preserving attribute hash functions. And added key derivation functions and message authentication code function ; 3) Select the private key generation function identifier Randomly select the KGC master private key. Calculate the master public key ; 4) Definition Output the complete set of attributes; output system parameters. Master key Master key Ultimately, the algorithm publishes the master public key and stores the master private key secretly.

3. The attribute-based searchable encryption method based on SM9 to resist keyword guessing attacks according to claim 1, characterized in that: Step (2) involves generating the key, which includes: 1) Define ID as a user representation. For user attribute set: 2) Generate a component representing the private key: calculate If t=0, the initialization steps are re-executed; otherwise, the SM9 standard private key is calculated. ; 3) Generate attribute-related components: randomly select calculate For each attribute Random selection ,calculate , ; 4) Output the user's private key By binding the identifier private key to the attribute component using a random number r, and simultaneously introducing randomization into the attribute component. To resist a coordinated attack.

4. The attribute-based searchable encryption method based on SM9 to resist keyword guessing attacks according to claim 1, characterized in that: The data encryption in step (3) includes: 1) Random selection and random messages : 2) Keyword encryption: calculation , ; 3) Calculation Derive a key from u using KDF: The partition K is Encryption key length and MAC key length, calculation , ; 4) Attribute-based encryption: For a leaf node v in the access tree T, calculate the secret share based on the secret value s. ,calculate , ; 5) Output ciphertext The random message m needs to be stored or sent to the server along with the ciphertext for subsequent testing and verification.

5. The attribute-based searchable encryption method based on SM9 to resist keyword guessing attacks according to claim 1, characterized in that: Step (4) involves generating the search trapdoor, which includes: 1) Random selection ; 2) Calculate the keyword trapdoor component: Calculate ,like Then regenerate the user key; otherwise, calculate... ; 3) Attribute trapdoor component: For each ,calculate , ; 4) Output trapdoor .

6. The attribute-based searchable encryption method based on SM9 to resist keyword guessing attacks according to claim 1, characterized in that: Step (5) involves verifying whether the user attributes meet the access control policy for the encrypted data, including: 1) Attribute verification: For the attribute set in the trapdoor Select a subset of attributes that satisfy the access tree T. For each attribute Find the corresponding leaf node ,calculate ; Recover the root node value using the secret sharing combinatorial algorithm. ; 2) Keyword verification: Calculation Using KDF derived keys: Divided into and Decryption ,verify and ; 3) If recovery is successful If the keyword verification passes, return 1; otherwise, return 0.