CN-115834200-B - Attribute-based searchable encrypted data sharing method based on blockchain

Abstract

The invention discloses a blockchain-based attribute-based searchable encrypted data sharing method which comprises the following steps that each data owner D i calculates own public parameters and a master secret key, simultaneously aggregates the own public parameters to generate system public parameters, the data owners generate own aggregated private keys for the data owners according to attribute sets of DUs of the data users, the data owners encrypt private data files of the data owners by adopting a symmetric encryption algorithm, a secure search index is built, the data users generate a search trapdoor, an intelligent contract searches the search trapdoor and the secure searchable index, whether access control strategies of the trapdoor and the ciphertext keyword index are matched or not is verified, and the data users decrypt the encrypted private data files to obtain the secure private data files. According to the invention, each data user only needs to maintain one private key, and a single trapdoor is used for each search, so that the method has the advantages of high efficiency, tamper resistance, low local storage overhead, fine granularity access control, privacy protection and the like.

Inventors

• ZHANG WEI
• WANG RUI
• CHEN YUNFANG

Assignees

• 南京邮电大学

Dates

Publication Date

20260505

Application Date

20221123

Claims (9)

1. 1. The attribute-based searchable encrypted data sharing method based on the blockchain is characterized by comprising the following steps: S10, initializing a system, wherein each data owner Calculating own public parameters and a master secret key, and simultaneously aggregating the public parameters to generate system public parameters; s20, generating an aggregation private key according to an attribute set of a data user DU, wherein the step S20 is specifically as follows: s21, each data owner Using self-master keys 、 Calculation of And send it to a particular data owner, which calculates intermediate parameters 、 And The specific calculation formula is as follows: ; ; (1); s22, according to the intermediate parameters Generating a first key parameter for a data user whose attribute set is U ; S23, each data owner Selecting a random number Calculation of And To a particular data owner who calculates intermediate parameters And Wherein Belongs to integer groups ; An integer group that is modulo p; s24, utilizing the intermediate parameters 、 Calculating a second key parameter of the data user Third key parameter And a fourth key parameter Wherein Belonging to the set of attributes U, Is a hash function; s25, the data owner generates an aggregate private key according to the four key parameters And returns it to the data user DU through a secure channel; s30, encrypting the data file and the keyword index; S40, constructing a safe searchable index, namely realizing the searchable safe index by using an inverted index structure, wherein the inverted index consists of a dictionary and an inverted list and comprises a lookup table, a search array and a linked list; S50, generating a search trapdoor, encrypting the key word q of interest by the data user DU according to the received aggregation private key, and generating the search trapdoor to upload to the blockchain; s60, searching, wherein the data user DU submits a query trapdoor, the search intelligent contract is used for performing linear search on the security searchable index, whether the access control strategy of the search trapdoor and the ciphertext keyword index are matched or not is checked, and the successfully matched result is completely sent to the verification intelligent contract; S70, verifying, namely verifying whether the keywords in the ciphertext keyword index are identical to the query keywords in the trapdoor or not by the intelligent contract, if the matching is successful, sending identifiers of the corresponding files to the cloud server, and simultaneously verifying the integrity of a cloud return result; S80, decrypting; the data user DU is decrypted using a symmetric key.
2. 2. The method according to claim 1, wherein step S10 is specifically as follows: S11, defining a bilinear mapping And selecting a symmetric cryptographic algorithm Two hash functions 、 , wherein, Is a bilinear map of the image that is to be mapped, And Is a group of two multiplication cycles, Is a symmetric encryption algorithm that is used to encrypt the data, Is a symmetric decryption algorithm that is used to decrypt the data, An integer group that is modulo p; s12, each data owner Selecting two random numbers And Calculation of And And to other data owners, when each data owner All are received And , , Calculation of , Wherein 、 Belongs to integer groups , Is that Is the prime number of the generator Is a multiplication group And Is the order of (2); s13, each data owner , Selecting a random number Calculation of Respectively sent to And Generating self master key For data owners Will then Is sent to And While Will be Is sent to And And (2) and , Wherein Belongs to integer groups ; S14, public system public parameters At the same time the data owner Secret self master key 。
3. 3. The method according to claim 2, wherein the specific steps of step S30 are: S31, data owner Selection of As a symmetric key, use is made of Data file Encrypting to obtain an encrypted data file Wherein Is a symmetric encryption algorithm; s32, uploading the encrypted data file to a cloud server by a data owner, uploading ciphertext hash to a block chain, and returning a storage address to the data owner by the cloud server; S33, the data owner extracts the index key w from the data file F and defines an access strategy Encrypting the key w, wherein Is a matrix with l rows and n columns, Is an internal mapping function, is a matrix Is arranged in each row of (1) To attributes Each attribute in a matrix The unique rows are corresponding to the rows; s34, selecting a random number by the data owner And n-1 random values Form a random vector For a matrix Is arranged in each row of (1) , Calculation of Wherein For secret values to be shared, belonging to integer groups , Is a matrix Is the first of (2) ; S35, data owner use Encrypting the keyword w and calculating a first keyword index parameter Second keyword index parameter And a third key index parameter Wherein Is a bilinear map of the image that is to be mapped, Is that Is used for generating the generation element of (a), Belongs to integer groups , As a function of the hash-up, As the secret value it is possible to use, Belonging to , Is an internal mapping function; s36, the data owner generates the ciphertext keyword index by the keyword index parameter Uploading to the blockchain.
4. 4. A method according to claim 3, wherein step S40 is specifically: S41, initializing, scanning data files and constructing a dictionary For each keyword w Construction of Wherein To scan the collection of all keys of a data file, A set of all data file identifiers mapped for the key w; s42, constructing a lookup table which allows for each linked list Positioning and decrypting the first element of the table, each entry in the table corresponding to a key w The entry consists of < value, address >, the value field contains the index key And Decryption key of the first element of (a), address represents Memory address of the first element of (1), wherein For scanning a collection of all keys of a data file, a linked list Stored in an array Is a set of nodes; S43, establishing a search array For each keyword w Defining the node structure of the linked list as , Due to Each element of (2) contains an associated Thus decrypting the corresponding file identifier stored in the available node and the decryption key and location of the next node until the node is empty, where " "Is a character string connector and, The w is the first keyword Data file Is used to determine the file identifier of the file, Is the first The decryption key of the individual key nodes, Is the first Address information of the individual key nodes in the table, Representing the total number of all data file identifiers mapped by the key w.
5. 5. The method according to claim 4, wherein step S50 is specifically: s51, the data user gathers the private key according to the received Selecting a random number Calculating intermediate parameters , , Wherein Belongs to integer groups U is an attribute set of a data user; S52, data user calculation And encrypts its hash value as the first search trapdoor parameter Second search trapdoor parameters And a third search trapdoor parameter Where q is the key that the data user wants to query, 、 、 、 Is an integer group The random number on the random number is used for the random number, Is a multiplication loop group Arbitrary of the generator of (a) Belonging to attribute set U; s53, the data user calculates the search trapdoor according to the search trapdoor parameters And sent to the blockchain.
6. 6. The method according to claim 5, wherein step S60 is specifically: S61, submitting a query trapdoor by the data user, wherein the search intelligent contract in the blockchain performs linear search on the safe searchable index by using the query trapdoor, if The attribute set U in (1) does not satisfy the relation Associated with Matching with the index ciphertext of the next keyword; s62, if Property set satisfaction in (1) Associated with And sending all the successful matching results to the verification intelligent contract.
7. 7. The method according to claim 6, wherein step S70 is specifically: s71 defining a Is a subset of Based on And The search algorithm calculates a set of constants So that Wherein Is the ith row of the LSSS matrix, if U satisfies the sum Associated with Detecting whether the detected keywords q and w are matched according to the matching rules, wherein the matching rules are as follows: ; S72, if the matching is successful, generating a decryption key of the first node in the linked list corresponding to the keyword queried by the decryption lookup table, because Each element of (2) contains an associated So that the corresponding file identifier stored in the available node, the decryption key and the position of the next node are decrypted until the node is empty, and the corresponding found file identifier set is sent to the cloud server; and S73, the cloud server sends the ciphertext file set to the blockchain, and the data ciphertext is sent to the user by verifying the integrity of the intelligent contract detection data.
8. 8. A computer-readable storage medium having stored thereon a computer program, wherein the program when executed by a processor performs the steps in the blockchain-based attribute-based searchable encrypted data sharing method as in any of claims 1-7.
9. 9. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor performs the steps in the blockchain-based attribute-based searchable encryption data sharing method as recited in any of claims 1-7 when the program is executed.

Description

Attribute-based searchable encrypted data sharing method based on blockchain Technical Field The invention belongs to the technical field of blockchain privacy protection and ciphertext data security sharing, and particularly relates to a blockchain-based attribute-based searchable encrypted data sharing method. Background With the explosive growth of data and the development of cloud computing, more and more organizations outsource the data and services to the cloud, reduce the local computing and storage cost, and consider the unreliable cloud server and the privacy security requirement of user data, the data needs to be encrypted before uploading, in this environment, users can encounter the problem that keywords cannot be searched in massive data, and the flexibility of file sharing in the cloud environment is limited to a certain extent. The proposal of the searchable encryption technology realizes the completion of the search of the encrypted data through the keywords under the condition of not revealing the privacy of the user data, so that a great amount of network and calculation expenditure can be saved for the user, but the data user can acquire the ciphertext data of any interested keyword from the server, the data owner can not realize the fine granularity access to the data, and the combination of the searchable encryption technology and the attribute-based encryption technology can realize the effective ciphertext keyword search and the fine granularity access control. In a multi-data owner environment, for existing attribute-based searchable encryption schemes, the data owners are reluctant to share the master keys that maintain their own privacy and data security with others, so the data users must maintain multiple private keys from different data owners, creating a heavy private key management burden, while the data users need to submit multiple trapdoors using different private keys to retrieve data, which would result in high communication and search costs. Cloud servers are semi-honest and curious entities, there are situations where a part of the service fee is returned or incorrect search results are not correctly calculated or spoofed, and at the same time the user may claim to be incorrect after obtaining the correct results and refuse to pay the service fee, resulting in a phenomenon of unfair service-payment. Disclosure of Invention Aiming at the defects of the prior art, the invention provides a block chain-based attribute-based searchable encryption data sharing method, which is used for reducing system communication and searching expenditure and realizing safe sharing of private data. To solve at least one of the above technical problems, according to an aspect of the present invention, there is provided a blockchain-based attribute-based searchable encrypted data sharing method, including the steps of: s10, initializing a system, wherein each data owner D i calculates own public parameters and a master key, and simultaneously aggregates the respective public parameters to generate system public parameters; S20, generating an aggregation private key according to an attribute set of the data user DU; s30, encrypting the data file and the keyword index; S40, constructing a safe searchable index, namely realizing the searchable safe index by using an inverted index structure, wherein the inverted index consists of a dictionary and an inverted list and comprises a lookup table, a search array and a linked list; S50, generating a search trapdoor, encrypting the key word q of interest by the data user DU according to the received aggregation private key, and generating the search trapdoor to upload to the blockchain; s60, searching, wherein the data user DU submits a query trapdoor, the search intelligent contract is used for performing linear search on the security searchable index, whether the access control strategy of the search trapdoor and the ciphertext keyword index are matched or not is checked, and the successfully matched result is completely sent to the verification intelligent contract; S70, verifying, namely verifying whether the keywords in the ciphertext keyword index are identical to the query keywords in the trapdoor or not by the intelligent contract, if the matching is successful, sending identifiers of the corresponding files to the cloud server, and simultaneously verifying the integrity of a cloud return result; S80, decrypting; the data user DU is decrypted using a symmetric key. Further, the step S10 specifically includes: s11, defining a bilinear map e, G 1×G1→G2, and selecting a symmetric cryptographic algorithm SE= (SE.Enc, SE.Dec) and two hash functions H 1：{0,1}*→G1、H2：{0,1}*→Zp*, wherein e is the bilinear map, G 1 and G 2 are two multiplication cycle groups, SE.Enc is a symmetric encryption algorithm, SE.Dec is a symmetric decryption algorithm, and Z p* is an integer group of modulo p; S12, each data owner D i selects two random numbers alpha i and a i