System and method for secure sharing of medical data using attribute-based encryption and private set intersection
By combining attribute encryption and privacy set intersection technology in the IoMT system and outsourcing computing tasks to cloud servers, the computational burden and privacy data leakage problems of resource-constrained terminal devices are solved, and efficient and secure medical data sharing is achieved.
Patent Information
- Authority / Receiving Office
- CN · China
- Patent Type
- Applications(China)
- Current Assignee / Owner
- GUANGXI NORMAL UNIV
- Filing Date
- 2026-03-17
- Publication Date
- 2026-06-12
Smart Images

Figure CN122204451A_ABST
Abstract
Description
Technical Field
[0001] This invention relates to the field of secure data sharing, specifically a secure medical data sharing system and method based on the intersection of attribute encryption and privacy sets. Background Technology
[0002] In recent years, with the deep integration of IoT, big data, and cloud computing technologies in the medical field, Internet of Medical Technology (IoMT) has effectively achieved real-time acquisition and remote monitoring of patient physiological data through the extensive integration of various medical sensors and mobile terminals. However, in the existing IoMT system architecture, the storage of massive amounts of medical data and large-scale computing tasks heavily rely on outsourced cloud servers. Since the cloud environment is typically assumed to be a semi-honest or untrustworthy third-party entity, this highly centralized processing model causes highly sensitive medical privacy data to be directly removed from the data owner's security domain, thus facing severe security threats such as unauthorized access, illegal privacy leaks, and malicious data tampering. How to achieve secure sharing and accurate computing of medical data while ensuring data privacy has become a core issue in the current large-scale application of IoMT. Currently, Attribute-Based Encryption (ABE) technology can provide fine-grained access control, and privacy set intersection technology can protect user privacy when sharing user data, and has been widely used in medical data sharing scenarios. However, in resource-constrained environments such as IoMT, existing technologies still have the following shortcomings:
[0003] First, ABE encryption and decryption involve a large number of bilinear pairings and modular exponentiation operations. The computational complexity increases linearly with the number of attributes. Resource-constrained IoT terminal devices cannot independently undertake complex computational tasks, resulting in performance bottlenecks.
[0004] Second, existing attribute-based keyword search schemes mostly employ deterministic trapdoor generation mechanisms, where the same keyword generates the same search token, making them vulnerable to statistical analysis and internal keyword guessing attacks, thus posing a risk of privacy breaches for users.
[0005] Third, while the Privacy Set Intersection (PSI) protocol can enhance retrieval privacy, the existing PSI protocol has extremely low coupling with the ABE mechanism, resulting in cumbersome system communication rounds and an extremely heavy computational load. In complex scenarios involving large-scale datasets and multi-attribute policies, it is difficult to achieve both data intersection computation and fine-grained authorized access on resource-constrained mobile devices. Summary of the Invention
[0006] The purpose of this invention is to address the technical problems in existing medical IoT terminal devices, such as limited resources leading to excessive computational overhead in data sharing schemes, easy leakage of retrieval privacy, and insufficient resistance to internal keyword guessing attacks. This invention provides a medical data secure sharing system and method based on attribute-based encryption and privacy set intersection (PSI). This system and method, by integrating Attribute-Based Encryption (ABE) and Privacy Set Intersection (PSI) technologies, outsources highly complex computational tasks to cloud servers, effectively decoupling attribute computation from data computation, reducing the computational load on IoT terminal devices, and thus constructing a data sharing architecture that balances high security and lightweight design.
[0007] The technical solution to achieve the objective of this invention is:
[0008] A medical data security sharing system based on the intersection of attribute encryption and privacy sets includes a key generation center (KGC), a data owner (DU), a data user (DO), and a cloud server (CS).
[0009] The key generation center, as the system administrator, is used to perform system initialization, generate and publish public system parameters and store the master key, and generate initial attribute private keys for registered data users according to their attribute sets.
[0010] The data owner is responsible for collecting medical IoT data, performing data encryption and keyword index construction, uploading the encrypted ciphertext and unintentional index to the cloud server, and interacting with the data user to generate a search token. During the entire process of generating the search token, the data owner cannot know the content of the data user's query.
[0011] The data user is used to apply for attribute private keys, generate conversion keys and local decryption private keys, interact with the data owner to generate search tokens, and receive and finally decrypt part of the decrypted ciphertext.
[0012] The cloud server is used to store encrypted data and indexes, perform keyword matching and outsourced decryption, and return partially decrypted ciphertext to data users. Due to the unintentional nature of OKVS, the cloud server cannot infer keyword information from the index. Since the conversion key does not have complete decryption capabilities, the cloud server also cannot recover the plaintext.
[0013] A method for a secure medical data sharing system based on the intersection of the aforementioned attribute encryption and privacy sets includes the following steps:
[0014] Step S1, System Initialization: The key generation center is constructed with a large prime number as its order. bilinear group and and bilinear mapping Random selection generator and two hash functions , Select As the master key and All are random numbers. It is composed of integers The finite field formed; computation Used to decrypt the recovery key; outputs the system public key. and master key ;
[0015] Step S2, Data Encryption and Index Construction: Data Owner Selection LSSS matrix of order and row mapping function Randomly select encrypted random vector Calculate shares For the LSSS matrix Select random numbers for each row in the data. Generate ciphertext component Based on OPRF private key For each keyword Generate key-value pairs Through OKVS encoding algorithm Generate an unintentional index from all key-value pairs of keywords. , ciphertext component and index Uploaded to the cloud server;
[0016] Step S3, User Private Key Generation: The key generation center generates a private key for each data user based on their attribute set. Random selection , It is composed of integers The constructed multiplicative finite group is used to compute the initial attribute private key. And send it to the data user;
[0017] Step S4, Key Generation: The data user selects a random number. Calculate the conversion key Send to the cloud server; retain the local decryption private key. ;
[0018] Step S5, Search Token Generation: Data users select blinding factors. For each query keyword Calculate the blinding value And send it to the data owner; the data owner uses the OPRF private key. calculate And return it to the data user; the data user obtains a search token after deblinding. Set up the tokens Send to the cloud server;
[0019] Step S6, Outsourced Decryption and Query: The cloud server performs OKVS decoding operation on each search token. ,when Valid ciphertext can be retrieved. After the ciphertext query is completed, decryption continues. Verify whether the user attribute set meets the LSSS access policy. If it does, calculate the reconstruction coefficient. Make ; Using the conversion key Perform an aggregate bilinear pairing operation to generate partially decrypted ciphertext. , will Returned to the data user;
[0020] Step S7, Local Decryption: The data user uses the decryption private key stored locally. Using a symmetric key Symmetrically decrypt the ciphertext components in the ciphertext component to obtain the original plaintext. .
[0021] The specific steps for system initialization in step S1 are as follows:
[0022] Input security parameters at the key generation center Constructing a large prime number bilinear group and and bilinear mapping Randomly select generator and two collision-resistant hash functions , Random selection As the master key ,calculate , Used to bind user parameters and output the system public key. and master key .
[0023] The specific steps for data encryption and index construction in step S2 are as follows:
[0024] Enter public key Keyword set Randomly select a symmetric key For each keyword Generate a corresponding tag ,choose LSSS matrix Mapping function Will Map rows to attributes and select random vectors. Calculate the share of each row Random selection The component for calculating and generating ciphertext is Generate ciphertext components: , , For each row :( , );
[0025] For each keyword Generate a corresponding tag Using the corresponding tags in the ciphertext For the value, construct key-value pairs Apply the OKVS encoding algorithm to the set of key-value pairs of all keywords. Generate unintentional indexes Then the ciphertext component and index Send to the cloud server.
[0026] The initial attribute private key in step S3 =( , , In step S4, the key is converted. ={ , , }
[0027] The specific steps for generating the search token in step S5 are as follows:
[0028] An interactive protocol between data users and data owners, executing the DH-OPRF protocol. Data user: For each query keyword... Data users randomly select Blinding the data to obtain ; Blinden the set of values Send to the data owner;
[0029] Data owner: Receiver Then, using the locally stored OPRF private key Calculate the response value , response set Returned to the data user, data user: calculation Eliminate blindness factors Obtain the set of search tokens Throughout the entire process of obtaining the search token, the data owner cannot know the plaintext of the query keywords, and the data user cannot know the OPRF private key. Set up the tokens Send to the cloud server.
[0030] The specific steps for outsourced decryption and querying in step S6 are as follows:
[0031] Entering an unintentional index and encrypted components Token set , conversion key Keyword matching: for each query token Perform OKVS decoding operation If the return value is ⊥, the keyword does not match, and the process continues with the next token; when Valid ciphertext can be retrieved. After the ciphertext retrieval is completed, decryption will continue.
[0032] Attribute validation: Validate user attribute sets Does it meet the LSSS access policy? If satisfied, then calculate the reconstruction coefficients. , It can outsource the decryption of pre-decrypted ciphertext;
[0033] Outsourced decryption: using conversion keys Perform aggregate calculations: Output part decrypted ciphertext Send it to the data user.
[0034] The specific steps for local decryption in step S7 are as follows:
[0035] Input part decrypts the ciphertext and local decryption factor ,calculate Using the calculated and ciphertext components Recover the symmetric key Complete the symmetric key Extraction, using Symmetric decryption is performed on the ciphertext component to obtain the original plaintext medical data.
[0036] This technical solution decouples attribute computation from data computation by outsourcing most computational tasks to cloud servers, significantly reducing the computational burden on resource-constrained terminals. Regarding index tokens, the DH-OPRF protocol is introduced for interactive search token generation, effectively resisting internal keyword guessing attacks and ensuring that data owners cannot know the query content, thus protecting search privacy. During the cloud server search phase, the OKVS algorithm is used to construct an unintentional index of keywords, preventing the semi-honest cloud server from inferring any keyword information from the index. This technical solution designs a fine-grained access control mechanism combining an LSSS matrix and a two-step decryption mechanism. The cloud server only uses the conversion key to generate a partial decryption ciphertext, and the data user ultimately extracts the symmetric key locally to restore the original medical data, fundamentally ensuring data security. Attached Figure Description
[0037] Figure 1 This is a framework diagram of an embodiment;
[0038] Figure 2 Flowchart for an embodiment;
[0039] Figure 3 This is a comparison chart of the time overhead of the key generation stage between the example and existing technologies;
[0040] Figure 4 This is a comparison chart of the time overhead of the data encryption stage between the embodiment and the prior art;
[0041] Figure 5 This is a comparison chart of the time overhead of the trapdoor generation stage between the embodiment and the prior art;
[0042] Figure 6 This is a comparison chart of the time cost of the search phase between the example and the prior art. Detailed Implementation
[0043] The present invention will be further described below with reference to the accompanying drawings and embodiments, but this is not intended to limit the scope of the invention.
[0044] Example:
[0045] This example demonstrates a medical data security sharing solution that integrates outsourced ABE (Automatic Data Entry) and lightweight PSI (Power Supply Integration) for the medical IoT (Internet of Things) scenario. It effectively achieves the synergy of fine-grained access control, query privacy protection, and efficient computing.
[0046] Reference Figure 1 , Figure 2 A medical data security sharing system based on the intersection of attribute encryption and privacy sets includes a key generation center (KGC), a data owner (DU), a data user (DO), and a cloud server (CS).
[0047] The key generation center, as the system administrator, is used to perform system initialization, generate and publish the system public parameter PK and store the master key MSK, and generate initial attribute private keys for registered data users according to their attribute sets.
[0048] The data owner can be a hospital or a wearable medical device gateway, responsible for collecting patients' medical data, performing data encryption and keyword index construction, uploading the encrypted ciphertext and inadvertent index to the cloud server, and interacting with the data user via the DH-OPRF protocol when receiving a search request, using the locally stored OPRF private key. Assist in generating search tokens, and the data owner cannot know the content of the data user's query during the entire process of generating search tokens;
[0049] The data user can be a researcher, a relevant hospital, or a medical institution with legal authority. They apply to the Key Generation Center (KGC) for an initial private key corresponding to their attribute set, outsource the computational burden to the cloud server through a conversion key generation algorithm, interact with the data owner to execute the DH-OPRF protocol to generate a search token, submit the token and conversion key to the cloud server, and complete the final decryption locally after receiving part of the decrypted ciphertext.
[0050] The cloud server is considered a semi-honest but curious entity that strictly follows the protocol process but attempts to infer data content. It is used to store encrypted data and indexes, receive search tokens and conversion keys submitted by data users, perform keyword matching and outsourced decryption, and return partially decrypted ciphertext to data users. Due to the unintentional nature of OKVS, the cloud server cannot infer keyword information from the index. Since the conversion key does not have complete decryption capabilities, the cloud server also cannot recover the plaintext.
[0051] A method for a secure medical data sharing system based on the intersection of the aforementioned attribute encryption and privacy sets includes the following steps:
[0052] Step S1, System Initialization: Input security parameters at the key generation center. Constructing a large prime number bilinear group and and bilinear mapping Randomly select generator and two collision-resistant hash functions , Random selection As the master key ,calculate , Used to bind user parameters and output the system public key. and master key ;
[0053] Step S2, Data Encryption and Index Construction: Input Public Key Keyword set Randomly select a symmetric key For each keyword Generate a corresponding tag ,choose LSSS matrix Mapping function Will Map rows to attributes and select random vectors. Calculate the share of each row Random selection The component for calculating and generating ciphertext is Generate ciphertext components: , , For each row :( , );
[0054] For each keyword Generate a corresponding tag Using the corresponding tags in the ciphertext For the value, construct key-value pairs Apply the OKVS encoding algorithm to the set of key-value pairs of all keywords. Generate unintentional indexes Then the ciphertext component and index Send to the cloud server;
[0055] Step S3, User Private Key Generation: The key generation center generates a private key for each data user based on their attribute set. Random selection , It is composed of integers The constructed multiplicative finite group is used to compute the initial attribute private key. =( , , Output the initial attribute private key. And send it to the data user;
[0056] Step S4, Key Generation: Input the initial attribute private key Data users select random numbers Calculate the conversion key ={ , , The data is then sent to a cloud server for outsourced decryption; the data user retains the local decryption private key. This key will not be disclosed to any party; the key conversion can only achieve partial decryption and does not have the ability to recover the plaintext.
[0057] Step S5, Search Token Generation: An interactive protocol of DH-OPRF is executed between the data user and the data owner. Data user: For each query keyword... Data users randomly select Blinding the data to obtain ; Blinden the set of values Send to the data owner;
[0058] Data owner: Receiver Then, using the locally stored OPRF private key Calculate the response value , response set Returned to the data user, data user: calculation Eliminate blindness factors Obtain the search token Throughout the entire process of obtaining the search token, the data owner cannot know the plaintext of the query keywords, and the data user cannot know the OPRF private key. Set up the tokens Send to cloud server;
[0059] Step S6, Outsourced Decryption and Query: Input Unintentional Index and encrypted components Token set , conversion key Keyword matching: for each token Perform OKVS decoding operation If the return value is ⊥, the keyword does not match, and the process continues with the next token; when The valid ciphertext can be retrieved. After the ciphertext retrieval is completed, decryption will continue.
[0060] Attribute validation: Validate user attribute sets Does it meet the LSSS access policy? If satisfied, then calculate the reconstruction coefficients. , It can outsource the decryption of pre-decrypted ciphertext;
[0061] Outsourced decryption: using conversion keys Perform aggregate calculations: Output part decrypted ciphertext Send to data users;
[0062] Step S7, Local Decryption: Input part of the decrypted ciphertext and local decryption factor ,calculate Using the calculated and ciphertext components Recover the symmetric key Complete the symmetric key Extraction, using Symmetric decryption is performed on the ciphertext component to obtain the original plaintext medical data.
[0063] This embodiment references prior art 1 (ALI M, MOHAJERI J, SADEGHI MR, et al. Attrib-ute-based fine-grained access control for outscored private setintersection computation[J / OL]. Information Sciences, 2020, 536: 222-243.).
[0064] This embodiment references prior art 2 (SHI Y, QIU S. Delegated Key-PolicyAttribute-Based Set Intersection over Outsourced Encrypted Data Sets for CloudIoT[J / OL]. Security and Communication Networks, 2021, 2021: 1-11).
[0065] This embodiment references prior art 3 (Guo Rui, Yang Xin, Jia Chenyang, et al. Searchable attribute encryption scheme supporting policy hiding in cloud-assisted medical IoT [J]. Journal of Cryptology (Chinese and English), 2025, 12 (01): 49-68.).
[0066] Combination Figures 3 to 6 This embodiment will be explained by comparing the method of this example with the prior art 1, 2, and 3 in terms of time overhead in the key generation stage, data encryption stage, trapdoor generation stage, and search stage, respectively. Figure 3 , Figure 4 , Figure 5 and Figure 6 As shown, the overall effect of this example is better than that of the existing technology.
Claims
1. A medical data secure sharing system based on the intersection of attribute encryption and privacy sets, characterized in that, This includes key generation centers, data owners, data users, and cloud servers. The key generation center is used for system initialization, generating public system parameters and master key, and generating initial attribute private keys for data users; The data owner is used to collect medical IoT data, perform data encryption and keyword index construction, upload encrypted text and unintentional index to the cloud server, and interact with data users to generate search tokens. The data user is used to apply for attribute private keys, generate conversion keys and local decryption private keys, interact with the data owner to generate search tokens, and receive and finally decrypt part of the decrypted ciphertext. The cloud server is used to store encrypted data and indexes, perform keyword matching and outsourced decryption, and return partially decrypted ciphertext to data users.
2. A method for secure sharing of medical data based on the intersection of attribute encryption and privacy sets, characterized in that, The medical data secure sharing system based on the intersection of attribute encryption and privacy sets, as described in claim 1, includes the following steps: Step S1, System Initialization: The key generation center is constructed with a large prime number as its order. bilinear group and and bilinear mapping Random selection generator and two hash functions , ; Select As the master key and All are random numbers. It is composed of integers Constructed finite field; computation Used to decrypt the recovery key; outputs the system public key. and master key ; Step S2, Data Encryption and Index Construction: Data Owner Selection LSSS matrix of order and row mapping function Randomly select encrypted random vector Calculate shares For the LSSS matrix Select random numbers for each row in the data. Generate ciphertext component Based on OPRF private key For each keyword Generate key-value pairs Through OKVS encoding algorithm Generate an unintentional index for all key-value pairs of keywords. , ciphertext component and index Uploaded to the cloud server; Step S3, User Private Key Generation: The key generation center generates a private key for each data user based on their attribute set. Random selection , It is composed of integers The constructed multiplicative finite group is used to compute the initial attribute private key. And send it to the data user; Step S4, Key Generation: The data user selects a random number. Calculate the conversion key Send to the cloud server; retain the local decryption private key. ; Step S5, Search Token Generation: Data users hold a set of query keywords. Selecting blinding factors For each query keyword Calculate the blinding value And send it to the data owner; the data owner uses the OPRF private key. calculate And return it to the data user; the data user obtains a search token after deblinding. Token set Send the token set to the cloud server; Step S6, Outsourced Decryption and Query: The cloud server performs OKVS decoding operation on each search token. ,when If valid ciphertext is found, continue with decryption; verify whether the user attribute set satisfies the LSSS access policy, and if so, calculate the reconstruction coefficient. Make ; Using the conversion key Perform an aggregate bilinear pairing operation to generate partially decrypted ciphertext. , will Returned to the data user; Step S7, Local Decryption: The data user uses the decryption private key stored locally. Using a symmetric key Symmetrically decrypt the ciphertext components in the ciphertext component to obtain the original plaintext. .
3. The method for secure sharing of medical data based on the intersection of attribute encryption and privacy sets according to claim 2, characterized in that, The specific steps for system initialization in step S1 are as follows: Input security parameters at the key generation center Constructing a large prime number bilinear group and and bilinear mapping Randomly select generator and two collision-resistant hash functions , Random selection As the master key ,calculate , Used to bind user parameters and output the system public key. and master key .
4. The method for secure sharing of medical data based on the intersection of attribute encryption and privacy sets according to claim 2, characterized in that, The specific steps for data encryption and index construction in step S2 are as follows: Enter public key Keyword set Randomly select a symmetric key For each keyword Generate a corresponding tag ,choose LSSS matrix Mapping function Will Map rows to attributes and select random vectors. Calculate the share of each row Random selection The component for calculating and generating ciphertext is Generate ciphertext components: , , For each row :( , ); For each keyword Generate a corresponding tag Using the corresponding tags in the ciphertext For the value, construct key-value pairs Apply the OKVS encoding algorithm to the set of key-value pairs of all keywords. Generate unintentional indexes Then the ciphertext component and index Send to the cloud server.
5. A method for secure sharing of medical data based on the intersection of attribute encryption and privacy sets according to claim 2, characterized in that, The initial attribute private key in step S3 =( , , In step S4, the key is converted. ={ , , } 6. A method for secure sharing of medical data based on the intersection of attribute encryption and privacy sets according to claim 2, characterized in that, The specific steps for generating the search token in step S5 are as follows: An interactive protocol between data users and data owners, executing the DH-OPRF protocol. Data user: For each query keyword... Data users randomly select Blinding the data to obtain ; Blinden the set of values Send to the data owner; Data owner: Receiver Then, using the locally stored OPRF private key Calculate the response value , response set Returned to the data user, data user: calculation Eliminate blindness factors Obtain the set of search tokens Throughout the entire process of obtaining the search token, the data owner cannot know the plaintext of the query keywords, and the data user cannot know the OPRF private key. Set up the tokens Send to the cloud server.
7. A method for secure sharing of medical data based on the intersection of attribute encryption and privacy sets according to claim 2, characterized in that, The specific steps for outsourced decryption and querying in step S6 are as follows: Entering an unintentional index and encrypted components Token set , conversion key ; Keyword matching: for each query token Perform OKVS decoding operation If the return value is ⊥, the keyword does not match, and the process continues with the next token; when If valid ciphertext can be found, decryption will continue after the ciphertext search is completed. Attribute validation: Validate user attribute sets Does it meet the LSSS access policy? ; If satisfied, then calculate the reconstruction coefficients. , ; It can outsource the decryption of the pre-decrypted ciphertext; Outsourced decryption: using conversion keys Perform aggregate calculations: Output part decrypted ciphertext Send it to the data user.
8. A method for secure sharing of medical data based on the intersection of attribute encryption and privacy sets according to claim 2, characterized in that, The specific steps for local decryption in step S7 are as follows: Input part decrypts the ciphertext and local decryption factor ,calculate Using the calculated and ciphertext components Recover the symmetric key Complete the symmetric key Extraction, using Symmetric decryption is performed on the ciphertext component to obtain the original plaintext medical data.