A hidden strategy based on decentralized attribute-based encryption method

By adopting decentralized registration attribute management and dual-system encryption technology, the problems of key escrow, single point of failure, cross-domain management and privacy leakage in existing attribute searchable encryption schemes are solved, and the synergistic optimization of security, scalability and efficient retrieval is achieved.

CN122247608APending Publication Date: 2026-06-19NANTONG UNIV

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
NANTONG UNIV
Filing Date
2026-03-30
Publication Date
2026-06-19

AI Technical Summary

Technical Problem

Existing attribute-based searchable encryption schemes suffer from key escrow risks and single points of failure. Centralized management is difficult to adapt to distributed application scenarios, access policies expose sensitive information in plaintext, search keywords lack protection, and privacy protection measures sacrifice search efficiency.

Method used

It adopts decentralized registration attribute management, introduces multiple independent authoritative institutions, allows users to generate attribute public and private keys, and uses dual-system encryption and hash function technology to hide access strategies and keywords, thereby achieving a unified representation of attribute features and data features.

Benefits of technology

It eliminates the risks of key escrow and single point of failure, supports distributed management of cross-domain attributes, realizes privacy protection of access policies and keywords, and improves the scalability and retrieval and decryption efficiency of the system.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122247608A_ABST
    Figure CN122247608A_ABST
Patent Text Reader

Abstract

This application discloses a searchable encryption method based on decentralized registration attributes, belonging to the fields of decentralized attribute-based encryption and searchable encryption technology. It includes: S1. System initialization; S2. User keyword key generation; S3. Generation of system keyword master public key and user auxiliary decryption key; S4. Encrypting the data to be shared and the keyword; S5. Retrieving and decrypting the ciphertext. This application constructs a decentralized attribute management architecture, supporting users to independently register and generate attribute public and private keys, with multiple attribute authorities managing their respective attributes. Simultaneously, it employs dual-system encryption and hash function technology to hide access policies and keyword privacy information in the ciphertext. This invention can achieve secure retrieval and fine-grained authorization of shared data in ciphertext state while protecting the privacy of search keywords, effectively overcoming the practical problem of a single institution's difficulty in centrally managing cross-domain attributes.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application belongs to the field of searchable encryption technology, specifically relating to a hiding strategy based on a decentralized registration attribute retrieval encryption method. Background Technology

[0002] With the rapid development of cloud computing and big data technologies, more and more individuals and enterprises are choosing to encrypt sensitive data and outsource its storage to cloud servers to reduce local management costs. However, while traditional data encryption technologies ensure data confidentiality, they pose serious challenges to data retrieval and sharing. How to achieve efficient and secure keyword retrieval in encrypted form has become one of the core issues urgently needing resolution in the cloud security field. Against this backdrop, searchable encryption technology has emerged, allowing servers to directly search for keywords in encrypted data without revealing plaintext information. Simultaneously, to achieve fine-grained access control over shared data, attribute-based encryption technology has been introduced. This allows data owners to define access policies that restrict data decryption to users meeting specific attribute sets (such as job title or department). The attribute-based searchable encryption scheme, combining these two approaches, provides flexible authorization and retrieval functions while ensuring confidential data sharing. However, existing attribute-based searchable encryption schemes still face a series of technical bottlenecks and security vulnerabilities in practical applications.

[0003] First, existing attribute-based searchable encryption schemes suffer from key escrow risks and single points of failure, meaning there exists a single, centralized authority responsible for generating and managing keys for all users. This centralized architecture not only leads to heavy computational burdens and performance bottlenecks (single point of failure risk), but also, if this authority is compromised, all keys in the entire system will be leaked. Furthermore, the key generation process often involves users' private information; relying entirely on a single authority violates the principle of least privilege, posing a security risk related to key escrow.

[0004] Secondly, in existing attribute-based searchable encryption schemes, attribute management is typically handled by a single central authority, meaning that all user attribute keys are uniformly generated and issued by this centralized institution. However, this centralized management model is ill-suited for real-world distributed application scenarios. For example, in cross-organizational data sharing, user attributes (such as identity, qualifications, and roles) are often managed by multiple independent institutions (such as governments, schools, and companies). A single institution cannot uniformly verify and issue these complex cross-domain attributes, resulting in poor system scalability and difficulty in supporting multi-party distributed network environments. To address this challenge, this invention proposes a searchable encryption method based on decentralized attribute registration, which introduces multiple attribute authorities to manage their respective attributes and supports user self-registration to generate attribute public and private keys. This effectively overcomes the drawbacks of centralized attribute management and significantly improves system scalability and security.

[0005] Furthermore, existing attribute-based searchable encryption schemes face a dual challenge in practical applications. First, access policies are often appended to ciphertext in plaintext form, containing sensitive information such as "R&D Department" and "Senior Manager," which directly exposes the potential leakage of the data recipient's identity or the intrinsic value of the data. Simultaneously, if user-submitted search keywords (trapdoors) lack effective protection, cloud servers can infer the user's query intent through frequency analysis and other methods, severely infringing on user privacy. Second, existing privacy protection measures often sacrifice search efficiency and struggle to flexibly match data features with user attributes, further limiting the practicality and scalability of the solutions. To address these issues, this invention proposes an efficient privacy protection mechanism. This method first uniformly represents user attribute features and data features as keywords and seamlessly integrates them into the ciphertext's access policy, laying the foundation for subsequent efficient matching. Based on this, the data provider employs dual-system encryption and hash function technology to ensure the ciphertext remains searchable while hiding access policy and keyword privacy information. When a user initiates a search request, the cloud server can accurately match and return encrypted text that meets the conditions according to the access policy without leaking keyword privacy, thereby significantly improving the efficiency of retrieval and decryption while ensuring privacy and security.

[0006] Addressing the drawbacks of centralized architecture in existing attribute-based searchable encryption schemes, the core technical challenge of this invention is how to simultaneously resolve the contradiction between key escrow and single point of failure risk, the challenge of centralized cross-domain attribute management, and the conflict between privacy protection and retrieval efficiency in a decentralized environment. Specifically, existing schemes typically rely on a single global authority for key generation and attribute management. This centralized model not only threatens system stability due to single point of failure, but also poses a serious security risk if the authority is compromised, leading to the leakage of all system keys. Furthermore, a single authority struggles to uniformly verify and issue user attributes managed separately by multiple independent parties (such as governments, schools, and enterprises) in cross-organizational scenarios, severely restricting the system's scalability and usability. On the other hand, existing schemes face a dual dilemma in privacy protection: access policies expose sensitive information in plaintext, search keywords (trapdoors) are vulnerable to frequency analysis attacks, and conventional privacy protection methods often sacrifice retrieval efficiency, making it difficult to balance security and performance. Summary of the Invention

[0007] This application provides a hiding strategy based on a decentralized registration attribute retrieval encryption method to solve the above-mentioned technical problems.

[0008] To address the aforementioned technical problems, this application adopts the following technical solution: a method for encrypted retrieval based on decentralized registration attributes using a concealment strategy, comprising:

[0009] S1. System initialization: Obtain the system's public parameter set and encryption public key set, and publish them in the system bulletin board;

[0010] S2. Based on the system bulletin board, obtain the public parameters, calculate the keyword private key and keyword public key in the public parameters, and then send them to the corresponding keyword authority.

[0011] S3. Based on the public keys and identity identifiers of all users of the keyword managed by the keyword authority, generate the keyword's master public key and user-assisted decryption keys;

[0012] S4. Based on the keywords extracted from the data to be shared, formulate corresponding access policies, download the master public key of the keyword corresponding to the access policy, calculate the data ciphertext and symmetric key ciphertext, and upload them to the cloud server;

[0013] S5. Based on the user's search request, the cloud server sequentially matches the keyword access policy in the ciphertext according to the user's keyword set, obtains the keyword private key, auxiliary decryption key and public parameters, and decrypts the ciphertext to obtain authorized shared data; if the keyword access policy is not satisfied, the cloud server returns a search failure message.

[0014] Furthermore, the method in step S1 includes:

[0015] S11. Set system security parameters λ, authority management agency identifier set AU, user identifier set GID, keyword set W, access policy set, set the total number of slots, and generate a composite order bilinear cyclic group and subgroups;

[0016] S12. Randomly select parameters to calculate common parameters, and set the keyword set and hash function;

[0017] S13. For each slot index and key, select random numbers to calculate the corresponding parameters and generate a vector;

[0018] S14. Select random number calculation parameters for the combination of slot index and key, and construct a hash function for the user's unique identifier;

[0019] S15. Set the set of encrypted public keys, the set of system public parameters, and the message space, and publish them to the system bulletin board.

[0020] Furthermore, the method in step S2 includes:

[0021] S21. The user selects an unoccupied slot index, identity identifier, and keyword, obtains public parameters, and selects a random number to calculate the keyword private key and cross-item;

[0022] S22. The user secretly stores the keyword private key, generates the keyword public key, and sends it to the corresponding keyword authority.

[0023] S23. The user generates public-private key pairs for all keywords, keeps the private key set privately, and distributes the public key to the corresponding keyword authority.

[0024] Furthermore, the method in step S3 includes:

[0025] S31. The keyword authority receives the user's public key and identity identifier, and calculates the keyword master public key and the user's auxiliary decryption key;

[0026] S32. Keyword aggregation: Keyword vectors for all slots;

[0027] S33. The authoritative keyword organization constructs the user's auxiliary decryption key and the keyword master public key, publishes the keyword master public key, and distributes the keys.

[0028] S34. All key authorities shall perform the above steps to complete the generation of all master public keys and the distribution of auxiliary keys.

[0029] Furthermore, the method in step S4 includes:

[0030] S41. Formulate the access strategy, and define the access matrix, row label function, and composite function;

[0031] S42. Randomly select a symmetric key to encrypt the data, and use the encryption public key and the master public key of the keyword to encrypt the symmetric key;

[0032] S43. Select the key vector and calculate the symmetric key ciphertext. Calculate the corresponding parameters for each row of the access matrix, generate the symmetric key ciphertext, and upload it to the cloud server.

[0033] Furthermore, the method in step S5 includes:

[0034] S51. The user sends a keyword search request, and the cloud server iterates through the keyword access strategies that match the encrypted text;

[0035] S52. If the keyword access policy is not satisfied, return failure; if the keyword access policy is satisfied, return the corresponding ciphertext, and the user calculates the keyword vector to obtain the keyword private key, auxiliary decryption key, and public parameters.

[0036] S53. Based on the private key, auxiliary decryption key, and public parameters, execute a symmetric decryption algorithm to obtain authorized shared data.

[0037] The beneficial effects of this application are as follows: By introducing multiple independent attribute authorities and allowing users to independently register and generate attribute public and private keys, the power of key generation and management is decentralized, fundamentally eliminating key escrow issues and avoiding the threat of single points of failure to the overall security and availability of the system. This application supports multiple authorities managing attribute sets within their respective domains. This decentralized attribute management model can flexibly adapt to distributed network environments with multiple participants, allowing the system to expand to new attribute domains or connect to new authorities without reconstructing the overall architecture, demonstrating good scalability and practical application value. This application employs dual-system encryption and hash function technology, uniformly hiding access policies and keywords as inherent components of the ciphertext, preventing cloud servers and unauthorized users from obtaining any policy content or keyword information, fundamentally preventing privacy leaks. Attached Figure Description

[0038] Figure 1 This is a flowchart illustrating an embodiment of the hiding strategy of this application based on a decentralized registration attribute retrieval encryption method;

[0039] Figure 2 This application's hiding strategy is based on a linear relationship graph between encryption time and authority number in one embodiment of a decentralized registration attribute retrieval encryption method;

[0040] Figure 3 This application's hiding strategy is based on a linear relationship graph between retrieval time and authority number in an embodiment of a decentralized registration attribute retrieval encryption method;

[0041] Figure 4 This is a graph showing the linear relationship between decryption time and authority number in an embodiment of the decentralized registration attribute retrieval encryption method based on the concealment strategy of this application. Detailed Implementation

[0042] To make the objectives, technical solutions, and advantages of the present invention clearer, the present invention will be further described in detail below with reference to specific embodiments.

[0043] Numerous specific details are set forth in the following description in order to provide a full understanding of the invention. However, the invention may also be practiced in other ways than those described herein, and therefore the invention is not limited to the specific embodiments disclosed in the following specification.

[0044] See Figure 1 , Figure 1 This is a flowchart illustrating an embodiment of the hiding strategy of this application based on a decentralized registration attribute retrieval encryption method. The method includes:

[0045] S1. System Initialization: The platform administrator sets security parameters, defines the keyword authority set, user identifier set, keyword set and access policy set on the keywords, sets the total number of slots, calculates the system public parameter set and encryption public key set, and publishes the system public parameter set and encryption public key set in the system bulletin board.

[0046] Specifically, the method in step S1 includes:

[0047] S11. Set the system security parameter λ, the set of authoritative management agency identifiers AU, the set of user identifiers GID, the set of keywords W, and the set of access policies. Set the total number of slots and generate a composite order bilinear cyclic group and its subgroups.

[0048] Specifically, the platform administrator (PM) sets the system security parameters to λ, the set of authoritative management organization identifiers to AU, the set of user identifiers to GID, the set of keywords to W, and the set of access policies for keywords to [missing information]. Assume that each keyword is used at most once in the access strategy, and the maximum number of keywords in the access strategy is P. Let the total number of system slots be L, and let a set... Configure a composite order bilinear group generator. Run and generate a composite order bilinear cyclic group. ,in, Given 5 distinct large prime numbers, , and Both are bilinear groups of order N, where g is a generator of group G and a bilinear mapping. ,set up , , , , The order of group G is respectively subgroups, set ,in, Subgroups The generator.

[0049] S12. Randomly select parameters to calculate common parameters, and set the keyword set and hash function.

[0050] Specifically, random selection ,calculate , Random selection Set a keyword set Hash function , It is a positive integer.

[0051] S13. For each slot index and key, select random numbers to calculate the corresponding parameters and generate a vector.

[0052] Specifically, for each slot index value Choose a random number ,calculate , For each keyword , , Choose a random number ,calculate Set a vector ;

[0053] S14. Select random number calculation parameters for the slot index and key combination, and construct a hash function for the user's unique identifier.

[0054] Specifically, for each slot index value and each keyword , and When selecting a random number ,calculate Set a vector Construct a hash function F: Where gid is the user's unique identifier.

[0055] S15. Set the set of encrypted public keys, the set of system public parameters, and the message space, and publish them to the system bulletin board.

[0056] Specifically, set up a set of encrypted public keys. A system common parameter set gpp and a message space are ;in,

[0057] ;

[0058] The system's public parameter set gpp and encryption public key set gep are published in the system bulletin board for other entities to download.

[0059] S2. User Key Generation: When a user registers for the first time, they select a slot index and identity identifier, obtain public parameters from the bulletin board, calculate the corresponding private key and public key for each keyword they own, secretly save the private key, and send the public key, slot index, and identity identifier to the corresponding keyword authority.

[0060] Specifically, the method in step S2 includes:

[0061] S21. The user selects an unoccupied slot index, identity identifier, and keyword, obtains public parameters, and selects a random number to calculate the keyword private key and cross term.

[0062] Specifically, when a user DR registers with the system for the first time, it selects an unoccupied slot index. Given an identity identifier gid and several keywords, the user corresponding to slot index i is denoted as... Assuming the user Having the kth keyword Based on the attribute characteristics, obtain the public parameter set gpp from the system announcement bar, and select a random number. calculate For each slot index , Calculate cross terms .

[0063] S22. The user secretly stores the keyword private key, generates the keyword public key, and sends it to the corresponding keyword authority.

[0064] Specifically, assuming authoritative institutions Manage this keyword , Secretly store its keyword private key Set the keyword public key , and its key public key Slot index i and unique identifier gid send keywords to authoritative institutions .

[0065] S23. The user generates public-private key pairs for all keywords, keeps the private key set privately, and distributes the public key to the corresponding keyword authority.

[0066] Specifically, assuming the user The set containing keywords is , Steps S21 and S22 can be used to calculate other keyword public keys and keyword private keys, and their keyword private key sets can be secretly stored. and the set of public keys for keywords The public key for the keywords is distributed to the corresponding Keyword Authority (AU).

[0067] S3. Generate the system keyword master public key and user auxiliary decryption key: Each authoritative institution manages one keyword. After receiving all user public keys and identity identifiers for the keyword it manages, it aggregates all user keyword public keys, calculates the master public key for the keyword and the user's auxiliary decryption key, publishes the system keyword master public key to the bulletin board, and distributes the auxiliary decryption key to the corresponding user.

[0068] Specifically, the method in step S3 includes:

[0069] S31. The keyword authority receives the user's public key and identity identifier, and calculates the keyword master public key and the user's auxiliary decryption key.

[0070] Specifically, each Keyword Authority (AU) receives the attribute public key and user identifier of a currently legitimate user in the system, and calculates the system master public key for the keywords it manages and the user's auxiliary decryption key. Assume the Keyword Authority... Received all users Key public key set and identity identifier set back, Using gpp, where the following equation is used:

[0071] ;

[0072] calculate:

[0073] (1);

[0074] S32. Keyword aggregation: Keyword vectors for all slots.

[0075] Specifically, keyword authority agencies Aggregate the keyword vectors of all slots:

[0076] (2).

[0077] S33. The authoritative keyword authority constructs the user's auxiliary decryption key and the keyword master public key, publishes the keyword master public key, and distributes the keys.

[0078] Specifically, the authority of each keyword Constructing users Attribute-assisted decryption key and its management keywords Key public key ,Will Send to the corresponding and the key master public key Published in the system announcement section;

[0079] S34. All key authorities shall perform the above steps to complete the generation of all master public keys and the distribution of auxiliary keys.

[0080] Specifically, since each keyword authority manages only one keyword, all keyword authorities run steps S31 to S33 to obtain the master public key of the keyword they manage, and send the user's attribute auxiliary decryption key to the corresponding user.

[0081] S4. Encrypt the data to be shared and the keywords: The data provider extracts the keywords from the data to be shared, formulates the corresponding access policy, downloads the master public key of the keyword corresponding to the access policy from the system bulletin board, calculates the data ciphertext and symmetric key ciphertext, and uploads the data ciphertext and symmetric key ciphertext to the cloud server.

[0082] Specifically, the method in step S4 includes:

[0083] S41. Formulate the access strategy, and define the access matrix, row label function, and composite function.

[0084] Specifically, the data provider (DSP) provides the shared data to be retrieved. Develop appropriate access policies , among which, access matrix It is a row number A matrix with n columns , It is an injective row labeling function that maps the l-th row of an access matrix M to a specific key. Composite function It is a mapping that maps the l-th row of the access matrix M to a fixed length of The binary string.

[0085] S42. Randomly select a symmetric key to encrypt the data, and use the encryption public key and the master public key of the keyword to encrypt the symmetric key.

[0086] Specifically, first, a symmetric key is randomly selected. Calculate encrypted data ,in, This is the AES symmetric encryption algorithm. It utilizes a public key. and keywords public key Encrypt the symmetric key K.

[0087] S43. Select the key vector and calculate the symmetric key ciphertext. Calculate the corresponding parameters for each row of the access matrix, generate the symmetric key ciphertext, and upload it to the cloud server.

[0088] Specifically, random selection Set a column vector Random selection Set a column vector The superscript of the vector here Representing the transpose of a vector, compute the ciphertext of the symmetric key K: , For each row of the access matrix M Choose a random number Random selection ,calculate , ,in, The l-th row vector of the access matrix yields the symmetric key ciphertext. The symmetric key ciphertext Send to the cloud server CS.

[0089] S5. Retrieve and decrypt ciphertext: The user sends a retrieval request to the cloud server. The cloud server matches the keywords in the ciphertext with the access policy according to the user's keyword set, and sends the ciphertext that meets the access policy to the user. The user uses their keyword private key, auxiliary decryption key and system public parameters to decrypt the ciphertext to obtain authorized shared data. If the keyword set does not meet the access policy, the cloud server returns a retrieval failure message.

[0090] Specifically, the method in step S5 includes:

[0091] S51. The user sends a keyword search request, and the cloud server iterates through the keyword access strategies that match the encrypted text.

[0092] Specifically, assuming Having a set of keywords is, Send a keyword encrypted search request to the cloud server CS The cloud server CS uses the key set S to analyze each ciphertext. Access strategy Perform the matching sequentially.

[0093] S52. If the keyword access policy is not satisfied, return failure; if the keyword access policy is satisfied, return the corresponding ciphertext, and the user calculates the keyword vector to obtain the keyword private key, auxiliary decryption key, and public parameters.

[0094] Specifically, if S does not satisfy the access strategy for all key-ciphertext encryption... CS will send the failed retrieval message to Otherwise, CS will handle all requests that satisfy the access policy. ciphertext Send to Assuming , , It was taken from M and The submatrix formed by the row vectors corresponding to the row labels. Because satisfy , Calculate a vector , making ,right Index of each row ,in ,Right now The first in Line, calculate:

[0095] (3);

[0096] (4);

[0097] in, Representative vector The j-th component in.

[0098] S53. Based on the private key, auxiliary decryption key, and public parameters, execute a symmetric decryption algorithm to obtain authorized shared data.

[0099] Specifically, Execute symmetric cryptography decryption algorithms Obtain the corresponding shared dataset .

[0100] See Figure 2 In this embodiment, from the perspective of encryption time, the encryption process of messages and keywords consists of slot-specific components and keyword-specific components. The slot-specific components involve a fixed number of group multiplications and exponential operations, and their computational overhead is relatively stable. However, the computational complexity of the keyword-specific components is directly related to the number of keyword authority institutions involved in the access strategy. Therefore, the overall encryption time increases positively correlated with the increase of the number of keyword authority institutions.

[0101] See Figure 3 The retrieval time was analyzed. The computational cost of the retrieval process is mainly determined by the number of authoritative keywords, specifically, the number of multiplication, exponentiation, and group pairing operations increases with the number of keywords. Experimental results show that retrieval time has an approximately linear relationship with the number of keywords in the access strategy. To obtain more accurate observational data, the number of keywords in the access strategy was set to start from 6 and increase in increments of 2 to 20. The corresponding results are shown below. Figure 3 As shown.

[0102] See Figure 4 This embodiment further analyzes the decryption time. Experiments show that the decryption overhead is significantly affected by the number of authoritative keywords. As the number of keywords in the access strategy increases, the decryption time involving group pairing operations increases linearly. In the experiment, the number of keywords was set to range from 6 to 20, with a step size of 2. The results are as follows: Figure 4 As shown.

[0103] Compared with the prior art, the beneficial effects of the present invention are as follows:

[0104] First, it eliminates the risks of key escrow and single points of failure. Traditional solutions rely on a single central authority for global key management. If this authority is compromised or malfunctions, the entire system faces the risk of key leakage or service paralysis. This invention introduces multiple independent attribute-based authorities, with users registering and generating attribute public and private keys themselves. This decentralizes the power of key generation and management, fundamentally eliminating the key escrow problem and avoiding the threat of single points of failure to the overall security and availability of the system.

[0105] Secondly, it achieves distributed autonomous management of cross-domain attributes, significantly improving the system's scalability. Addressing the limitations of traditional solutions where a single institution struggles to uniformly verify and issue complex attributes across organizations and domains (such as identities, academic qualifications, and job titles issued by governments, schools, and enterprises respectively), this invention supports multiple authoritative institutions managing attribute sets within their respective domains. This decentralized attribute management model can flexibly adapt to distributed network environments with multiple participants, allowing the system to expand to new attribute domains or connect to new authoritative institutions without requiring a complete architecture reconstruction, demonstrating excellent scalability and practical application value.

[0106] Third, while ensuring privacy and security, this invention achieves dual concealment of access policies and search keywords. In existing solutions, access policies are often appended to ciphertext in plaintext form. Sensitive information contained within (such as "R&D Department" and "Senior Manager") can easily lead to the leakage of the data recipient's identity or the value of the data. Simultaneously, if user-submitted search keywords (trapdoors) lack protection, the cloud server can infer the query intent through frequency analysis and other methods. This invention employs dual-system encryption and hash function technology to uniformly hide access policies and keywords as inherent components of the ciphertext. This prevents the cloud server and unauthorized users from obtaining any policy content or keyword information, fundamentally preventing privacy leaks.

[0107] Fourth, it balances privacy protection with search and decryption efficiency, solving the problem of balancing security and performance in traditional solutions. Existing privacy protection measures often sacrifice search efficiency and struggle to flexibly match data features with user attributes. This invention lays the foundation for efficient matching by unifying attribute features and data features as keywords and integrating them into the access policy. Based on this, the cloud server can accurately filter ciphertext according to the hidden policy without decrypting trapdoors and keywords. After obtaining the ciphertext, the user can quickly decrypt it using their private key. The entire process achieves efficient search and decryption while protecting privacy, avoiding performance degradation caused by enhanced security.

[0108] Fifth, it enhances the overall security and user controllability of the system. By independently registering and generating attribute public and private keys with multiple authoritative institutions, users not only reduce excessive reliance on a single institution but also improve their control over their own attribute keys. Simultaneously, the introduction of multiple authorities means that attackers would need to compromise multiple independent institutions simultaneously to compromise system security, significantly improving the system's resistance to attacks.

[0109] In summary, this invention systematically solves the problems of key escrow, single point of failure, difficulties in cross-domain attribute management, access policy and keyword privacy leakage, and low retrieval efficiency in existing technologies through decentralized attribute management, unified attribute-data keyword representation, dual-system encryption and hash function privacy hiding, and efficient retrieval and decryption processes. It achieves synergistic optimization of security, scalability, and efficiency.

[0110] The above description is merely an embodiment of this application and does not limit the patent scope of this application. Any equivalent structural or procedural transformations made using the content of this application's specification and drawings, or direct or indirect applications in other related technical fields, are similarly included within the patent protection scope of this application.

Claims

1. A hiding strategy based on a decentralized registration attribute retrieval encryption method, characterized in that, include: S1. System initialization: Obtain the system's public parameter set and encryption public key set, and publish them in the system bulletin board; S2. Based on the system bulletin board, obtain public parameters, calculate the keyword private key and keyword public key in the public parameters, and then send them to the corresponding keyword authority. S3. Based on the public keys and identity identifiers of all users of the keyword managed by the keyword authority, generate the keyword's master public key and user-assisted decryption key; S4. Based on the keywords extracted from the data to be shared, formulate corresponding access policies, download the master public key of the keywords corresponding to the access policies, calculate the data ciphertext and symmetric key ciphertext, and upload them to the cloud server; S5. Based on the user's search request, the cloud server sequentially matches the keyword access policy in the ciphertext according to the user's keyword set, obtains the keyword private key, the auxiliary decryption key and the public parameters, and decrypts the ciphertext to obtain authorized shared data; wherein, if the keyword access policy is not satisfied, the cloud server returns a search failure message.

2. The method according to claim 1, characterized in that, The method of step S10 includes: S11. Set system security parameters λ, authority management agency identifier set AU, user identifier set GID, keyword set W, access policy set, set the total number of slots, and generate a composite order bilinear cyclic group and subgroups; S12. Randomly select parameters to calculate the common parameters, and set the keyword set and hash function; S13. For each slot index and key, select random numbers to calculate the corresponding parameters and generate a vector; S14. Select random number calculation parameters for the slot index and key combination, and construct a user unique identifier hash function; S15. Set up the encryption public key set, the system public parameter set, and the message space, and publish them to the system bulletin board.

3. The method according to claim 1, characterized in that, The method of step S2 includes: S21. The user selects an unoccupied slot index, identity identifier, and keyword, obtains the public parameters, and selects a random number to calculate the keyword private key and cross-item; S22. The user secretly stores the private key of the keyword, generates the public key of the keyword, and sends it to the corresponding authoritative authority of the keyword. S23. The user generates public-private key pairs for all keywords, secretly stores the private key set, and distributes the public key to the corresponding keyword authority.

4. The method according to claim 1, characterized in that, The method of step S3 includes: S31. The keyword authority receives the user's public key and identity identifier, and calculates the keyword master public key and the user's auxiliary decryption key; S32. The keyword aggregates the keyword vectors of all slots; S33. The keyword authority constructs the user's auxiliary decryption key and the keyword master public key, publishes the keyword master public key, and distributes the keys; S34. All the aforementioned key authorities shall perform the above steps to complete the generation of all primary public keys and the distribution of auxiliary keys.

5. The method according to claim 1, characterized in that, The method of step S4 includes: S41. Formulate the access strategy, and define the access matrix, row label function, and composite function; S42. Randomly select a symmetric key to encrypt data, and use the encryption public key and the master public key of the keyword to encrypt the symmetric key; S43. Select the keyword vector and calculate the symmetric key ciphertext. Calculate the corresponding parameters for each row of the access matrix, generate the symmetric key ciphertext, and upload it to the cloud server.

6. The method according to claim 1, characterized in that, The method of step S5 includes: S51. The user sends a keyword search request, and the cloud server iterates through the keyword access strategy that matches the encrypted text; S52. If the keyword access strategy is not satisfied, return failure; if the keyword access strategy is satisfied, return the corresponding ciphertext, and the user calculates the keyword vector to obtain the keyword private key, the auxiliary decryption key, and the public parameters. S53. Based on the keyword private key, the auxiliary decryption key, and the public parameters, execute a symmetric decryption algorithm to obtain the authorized shared data.