1. A searchable public key encryption method with key updating and ciphertext sharing functions is characterized by comprising the following steps:

step A, generating a global parameter set of a system according to a safety parameter;

b, generating a public and private key of the ciphertext storage server according to the global parameter set of the system;

step C, according to the global parameter set of the system, a user generates a private and public key of the user, and the user comprises a data owner and an authorized data user;

step D, according to a global parameter set of the system, a public key of a data owner, a public key of a ciphertext storage server and a keyword associated with the data ciphertext, the data owner generates an index ciphertext and attaches the index ciphertext to the data ciphertext;

e, generating an index ciphertext re-encryption key by the data owner and the authorized data user in an interactive mode according to the global parameter set of the system, the private key of the data owner and the private key of the authorized data user;

step F, according to the global parameter set, the ciphertext re-encryption key and the index ciphertext of the data owner of the system, the ciphertext storage server generates a shared index ciphertext which can be retrieved by an authorized data user;

g, according to the global parameter set of the system, the private key of the user, the public key of the ciphertext storage server and the keyword to be searched, the user generates a search trapdoor;

step H, according to a global parameter set of the system, a private key of the ciphertext storage server, the index ciphertext and the search trapdoor, the ciphertext storage server tests whether the index ciphertext is matched with the search trapdoor, namely whether key words contained in the index ciphertext and the search trapdoor are the same or not, wherein the index ciphertext is an index ciphertext of a data owner or a shared index ciphertext for an authorized data user; if the index ciphertext is successfully matched with the search trapdoor, the ciphertext storage server sends a data ciphertext corresponding to the index ciphertext to the user; otherwise, the ciphertext storage server ignores the data ciphertext corresponding to the index ciphertext;

step I, according to a global parameter set of a system, a current private key used by a data owner and a new private key to be started by the data owner, and the data owner generates an index ciphertext updating key;

and step J, updating the key and the original index ciphertext of the data owner according to the global parameter set of the system, the index ciphertext of the data owner, and the original index ciphertext by the ciphertext storage server to generate a new index ciphertext.

2. The searchable public key encryption method with the key updating and ciphertext sharing functions according to claim 1, wherein the specific process of the step a is as follows:

a1, generating system parameters, and finding out the safety parameter lambda belonged to Z⁺Generating a lambda-bit prime number q, a q-factorial cyclic group G and a q-factorial cyclic group G_TAnd defining a bilinear map f_bp:G×G→G_TWherein Z is⁺Is a set of positive integers, f_bp:G×G→G_TIs the multiplication cycle group G and the Cartesian product of itself G to the multiplication cycle group G_TOf (2), i.e. bilinear mapping f_bp:G×G→G_TIs that the function z is f_bp(x, y) wherein x, y ∈ G is an independent variable, and z ∈ G_TIs a dependent variable;

a2, selecting a generator G from a multiplication loop group G;

step A3, defining three hash functions H, G → G, H₁:{0,1}^*→G，H₂:G_T→{0,1}^lWherein l ∈ Z⁺H is the hash function of multiplication cycle group G to multiplication cycle group G, H₁Is {0,1}^*Hash function to multiplication loop group G, H₂Is a multiplication cycle group G_THash function to binary symbol string of length l, {0,1}^*Is a set of binary symbol strings of non-fixed length, {0,1}^lIs a set of binary symbol strings of length l;

step a4, generating a global parameter set prms ═ { q, G ] of the system_T,f_bp,g,H,H₁,H₂}。

3. The searchable public key encryption method with the key updating and ciphertext sharing functions according to claim 2, wherein the specific process of the step B is as follows:

global parameter set prms { q, G according to the system_T,f_bp,g,H,H₁,H₂The ciphertext storage server is in the setIn the method, own private key SK is randomly selected_SA, and calculates its own public key PK_S＝g^aWherein

4. The searchable public key encryption method with the key update and ciphertext sharing function according to claim 2, wherein the specific process of step C is as follows:

global parameter set prms { q, G according to the system_T,f_bp,g,H,H₁,H₂Users are in the setIn the method, own private key SK is randomly selected_U＝x_UAnd calculates its own public keyThe public and private keys currently used by the data owner and the new public and private keys to be enabled are respectively expressed as (PK)_DO,SK_DO) Andthe public and private key representation of the authorized data user is (PK)_AU,SK_AU)。

5. The searchable public key encryption method with the key updating and ciphertext sharing functions according to claim 4, wherein the specific process of the step D is as follows:

step D1, according to the system global parameter set prms ═ { q, G ═ q_T,f_bp,g,H,H₁,H₂The data owner according to its own public key PK_DOPublic key PK of ciphertext storage server_SAnd a keyword w associated with the data ciphertext to be transmitted, randomly selecting an integerGenerating a bilinear mapping value t ═ f_bp(PK_S,H₁(w))^rWherein H is₁(w) is a hash function H₁The hash value of the output keyword w;

step D2, calculating the first part a ═ (PK) of the index ciphertext_DO)^rAnd a second part B ═ H of the index ciphertext₂(t)；

Step D3, sender combination A, B generates index ciphertext CT_w,DOI.e. indexing the ciphertext CT_w,DOAnd (A, B) is then appended to the data ciphertext and sent to the ciphertext storage server.

6. The searchable public key encryption method with the key updating and ciphertext sharing functions according to claim 5, wherein the specific process of the step E is as follows:

step E1, according to the system global parameter set prms ═ { q, G ═ q_T,f_bp,g,H,H₁,H₂The data owner randomly selects an integerUsing its own private key SK_DOCalculating t₁＝n SK_DOmod p is used as an interactive value between the user and the authorized data user and then is sent to the authorized data user;

step E2, the authorized data user receivest₁Then, use its private key SK_AUCalculating t₂＝SK_AU/t₁As an interactive value with the data owner, and then sending the interactive value to the data owner;

step E3, the data owner receives t₂Then, an index ciphertext re-encryption key rk is calculated by using a random integer n_DO→AU＝nt₂And then sends it to the ciphertext storage server.

7. The searchable public key encryption method with the key updating and ciphertext sharing functions according to claim 6, wherein the specific process of the step F is as follows:

global parameter set prms { q, G according to the system_T,f_bp,g,H,H₁,H₂And the ciphertext storage server re-encrypts the key rk according to the index ciphertext_DO→AUAnd index ciphertext CT of data owner_w,DORecalculating the first part of the index ciphertext (a, B)Generating shared index ciphertext CT_w,AU＝(A',B)。

8. The searchable public key encryption method with the key updating and ciphertext sharing functions according to claim 7, wherein the specific process of the step G is as follows:

step G1, according to the system global parameter set prms ═ { q, G ═ q_T,f_bp,g,H,H₁,H₂}, the user randomly selects an integerCalculating a first portion T of a search trapdoor₁＝g^r'；

Step G2, the user utilizes the private key SK_UPublic key PK of ciphertext storage server_SAnd a keyword w' to be searched, calculating a second part of the search trapdoorWherein H₁(w') is a hash function H₁The hash value of the output key word w',ciphertext storage server public key PK output for Hash function H_SThe hash value of the power of r';

step G3, user combination T₁And T₂Generating search trapdoors T_w'I.e. search for trapdoors T_w'＝(T₁,T₂) And then sent to the ciphertext storage server.

9. The searchable public key encryption method with the key updating and ciphertext sharing functions according to claim 8, wherein the specific process of step H is as follows:

global parameter set prms { q, G according to the system_T,f_bp,g,H,H₁,H₂}, index ciphertext CT_w,UAnd searching for a trapdoor T_w'＝(T₁,T₂) Wherein the index ciphertext CT_w,UIndex ciphertext CT that is a data owner_w,DO(a, B) or a shared index cryptogram CT to an authorized data user_w,AUThat is (a', B), the ciphertext storage server uses its own private key SK_SChecking equation Y H a₂(e(X,(T₂/H(T₁ ^a))^a) If the equation is true, it indicates that the index ciphertext and the search trapdoor match, and the index ciphertext CT is used_w,UThe corresponding data cipher text is sent to the searcher; otherwise, the matching test fails, and the index ciphertext CT is ignored_w,U；

The specific process of step I is as follows:

global parameter set prms { q, G according to the system_T,f_bp,g,H,H₁,H₂Data owner according to current private key SK_DOAnd a new private key to be enabledGenerating an index ciphertext update keyThen sending the data to a ciphertext storage server;

the specific process of step J is as follows:

global parameter set prms { q, G according to the system_T,f_bp,g,H,H₁,H₂}, index cipher text update key UK of data owner_DOAnd index ciphertext CT_w,DOWhen the index ciphertext is not the first portion of the index ciphertext, the ciphertext storage server may re-compute the index ciphertextGenerating a new index ciphertext

10. A searchable public key encryption system with key update and ciphertext sharing functions, comprising:

the system parameter generating module is used for generating a global parameter set of the system according to the input security parameters;

the cipher text storage server public and private key generation module is used for generating a public and private key of the cipher text storage server according to the global parameter set of the system;

the system comprises a user public and private key generation module, a user public and private key generation module and a user public and private key generation module, wherein the user public and private key generation module is used for generating a public and private key of a user according to a global parameter set of the system, and the user comprises a data owner and an authorized data user;

the index ciphertext generating module is used for generating an index ciphertext by the data owner according to a global parameter set of the system, a public key of the data owner, a public key of the ciphertext storage server and a keyword associated with the data ciphertext;

the index ciphertext re-encryption key generation module is used for generating an index ciphertext re-encryption key according to a global parameter set of the system, a private key of a data owner and a private key of an authorized data user, and interaction of the data owner and the authorized data user;

the shared index ciphertext generating module is used for generating an index ciphertext which can be retrieved by an authorized data user according to a global parameter set, an index ciphertext re-encryption key and an index ciphertext of a data owner of the system;

the search trap door generation module is used for generating a search trap door by the user according to the global parameter set of the system, the private key of the user, the public key of the ciphertext storage server and the keyword to be searched;

the ciphertext retrieval module is used for testing whether the index ciphertext is matched with the search trapdoor or not according to a global parameter set of the system, a private key of the ciphertext storage server, the index ciphertext and the search trapdoor, namely testing whether key words contained in the index ciphertext and the search trapdoor are the same or not, wherein the index ciphertext is an index ciphertext of a data owner or a shared index ciphertext for an authorized data user; if the index ciphertext is successfully matched with the search trapdoor, the ciphertext storage server sends a data ciphertext corresponding to the index ciphertext to the user; otherwise, the ciphertext storage server ignores the data ciphertext corresponding to the index ciphertext;

the index ciphertext updating key generation module is used for generating an index ciphertext updating key by the data owner according to the global parameter set of the system, the current private key used by the data owner and the new private key to be started;

and the index ciphertext updating module is used for updating the original index ciphertext of the data owner by the ciphertext storage server according to the global parameter set of the system, the index ciphertext updating key of the data owner and the original index ciphertext of the data owner to generate a new index ciphertext.

Background

To solve the problem of encrypted data retrieval, Song et al proposed a searchable encryption technique in 2000. The novel cryptographic technology overcomes the defect that the traditional cryptographic technology cannot directly search the ciphertext, and quickly draws attention and researches in the cryptology field. However, the searchable encryption proposed by Song et al is based on a symmetric cryptosystem, and thus has key management and key distribution problems. In 2004, Boneh et al first proposed a searchable public key encryption method. The method enables the user to authorize the untrusted ciphertext storage server to detect whether the ciphertext sent to the user and encrypted by the public key of the user contains the specific keyword, thereby effectively solving the problem of ciphertext retrieval in the public key cryptosystem.

The security of a cryptographic system depends mainly on the confidentiality of the secret key. Once the secret key is revealed, the security of the whole cryptographic system is compromised. The first proposed method for solving the secret key leakage problem is: the secret key is divided into a number of partial keys which are stored in a number of different devices. However, this approach not only increases the deployment cost of the cryptographic system, but also consumes significant computing resources. Since cryptographic calculations often need to be performed on some insecure or volatile device, secret key leakage is inevitable. Some of the proposed methods of cryptologists are no longer limited to preventing the secret key leakage from occurring, but rather to mitigate the harm they bring after the secret key leakage has occurred to the extent possible. In the aspect of searchable public key encryption, Anada et al put forward a method for searchable encryption of a public key with a key updating function for the first time in 2018 to solve the problem of leakage of a private key of a user. In this method, the user can revoke the old public and private keys and enable the new public and private keys at the initial time of each system cycle. In order to update the ciphertext stored on the ciphertext storage server, the user either downloads all the ciphertexts and completes the re-encryption locally; or the old private key is sent to the ciphertext storage server, the ciphertext storage server decrypts the old index ciphertext to obtain a keyword, and the new public key is used for encrypting the keyword to obtain a new ciphertext. It is easy to see that the method has the following disadvantages in ciphertext updating: if the user downloads all the ciphertexts to complete the cipher text updating locally, high communication, calculation and storage expenses are inevitably generated; however, if the ciphertext storage server completes the updating of the index ciphertext, the keyword information is inevitably exposed to the ciphertext storage server, and therefore, the privacy of the keyword cannot be protected. In addition, in the method proposed by Anada et al, the search trapdoor needs to be transmitted to the ciphertext storage server through a secure channel, otherwise the indistinguishable security of the keyword ciphertext cannot be guaranteed. Building a secure channel typically requires a significant amount of computational overhead and communication load and is therefore clearly unsuitable for certain applications.

Disclosure of Invention

In order to solve the technical problems mentioned in the background art, the invention provides a searchable public key encryption method and a searchable public key encryption system with the key updating and ciphertext sharing functions, which not only support the user key updating function and effectively overcome the problem of private key leakage, but also realize that the ciphertext can be updated and shared on a ciphertext storage server without decryption, and play a role in protecting information resources of a user on the ciphertext storage server from unauthorized access. In addition, the problem that the search trapdoor needs to be transmitted through a safe channel is overcome.

In order to achieve the technical purpose, the technical scheme of the invention is as follows:

a searchable public key encryption method with key updating and ciphertext sharing functions comprises the following steps:

step A, generating a global parameter set of a system according to a safety parameter;

b, generating a public and private key of the ciphertext storage server according to the global parameter set of the system;

step C, according to the global parameter set of the system, a user generates a private and public key of the user, and the user comprises a data owner and an authorized data user;

step D, according to a global parameter set of the system, a public key of a data owner, a public key of a ciphertext storage server and a keyword associated with the data ciphertext, the data owner generates an index ciphertext and attaches the index ciphertext to the data ciphertext;

e, generating an index ciphertext re-encryption key by the data owner and the authorized data user in an interactive mode according to the global parameter set of the system, the private key of the data owner and the private key of the authorized data user;

step F, according to the global parameter set, the ciphertext re-encryption key and the index ciphertext of the data owner of the system, the ciphertext storage server generates a shared index ciphertext which can be retrieved by an authorized data user;

g, according to the global parameter set of the system, the private key of the user, the public key of the ciphertext storage server and the keyword to be searched, the user generates a search trapdoor;

step H, according to a global parameter set of the system, a private key of the ciphertext storage server, the index ciphertext and the search trapdoor, the ciphertext storage server tests whether the index ciphertext is matched with the search trapdoor, namely whether key words contained in the index ciphertext and the search trapdoor are the same or not, wherein the index ciphertext is an index ciphertext of a data owner or a shared index ciphertext for an authorized data user; if the index ciphertext is successfully matched with the search trapdoor, the ciphertext storage server sends a data ciphertext corresponding to the index ciphertext to the user; otherwise, the ciphertext storage server ignores the data ciphertext corresponding to the index ciphertext;

step I, according to a global parameter set of a system, a current private key used by a data owner and a new private key to be started by the data owner, and the data owner generates an index ciphertext updating key;

and step J, updating the key and the original index ciphertext of the data owner according to the global parameter set of the system, the index ciphertext of the data owner, and the original index ciphertext by the ciphertext storage server to generate a new index ciphertext.

Further, the specific process of step a is as follows:

a1, generating system parameters, and finding out the safety parameter lambda belonged to Z⁺Generating a lambda-bit prime number q, a q-factorial cyclic group G and a q-factorial cyclic group G_TAnd defineDefining a bilinear map f_bp:G×G→G_TWherein Z is⁺Is a set of positive integers, f_bp:G×G→G_TIs the multiplication cycle group G and the Cartesian product of itself G to the multiplication cycle group G_TOf (2), i.e. bilinear mapping f_bp:G×G→G_TIs that the function z is f_bp(x, y) wherein x, y ∈ G is an independent variable, and z ∈ G_TIs a dependent variable;

a2, selecting a generator G from a multiplication loop group G;

step A3, defining three hash functions H, G → G, H₁:{0,1}^*→G，H₂:G_T→{0,1}^lWherein l ∈ Z⁺H is the hash function of multiplication cycle group G to multiplication cycle group G, H₁Is {0,1}^*Hash function to multiplication loop group G, H₂Is a multiplication cycle group G_THash function to binary symbol string of length l, {0,1}^*Is a set of binary symbol strings of non-fixed length, {0,1}^lIs a set of binary symbol strings of length l;

step a4, generating a global parameter set prms ═ { q, G ] of the system_T,f_bp,g,H,H₁,H₂}。

Further, the specific process of step B is as follows:

global parameter set prms { q, G according to the system_T,f_bp,g,H,H₁,H₂The ciphertext storage server is in the setIn the method, own private key SK is randomly selected_SA, and calculates its own public key PK_S＝g^aWherein

Further, the specific process of step C is as follows:

global parameter set prms { q, G according to the system_T,f_bp,g,H,H₁,H₂Users are in the setIn the method, own private key SK is randomly selected_U＝x_UAnd calculates its own public keyThe public and private keys currently used by the data owner and the new public and private keys to be enabled are respectively expressed as (PK)_DO,SK_DO) Andthe public and private key representation of the authorized data user is (PK)_AU,SK_AU)。

Further, the specific process of step D is as follows:

step D1, according to the system global parameter set prms ═ { q, G ═ q_T,f_bp,g,H,H₁,H₂The data owner according to its own public key PK_DOPublic key PK of ciphertext storage server_SAnd a keyword w associated with the data ciphertext to be transmitted, randomly selecting an integerGenerating a bilinear mapping value t ═ f_bp(PK_S,H₁(w))^rWherein H is₁(w) is a hash function H₁The hash value of the output keyword w;

step D2, calculating the first part a ═ (PK) of the index ciphertext_DO)^rAnd a second part B ═ H of the index ciphertext₂(t)；

Step D3, sender combination A, B generates index ciphertext CT_w,DOI.e. indexing the ciphertext CT_w,DOAnd (A, B) is then appended to the data ciphertext and sent to the ciphertext storage server.

Further, the specific process of step E is as follows:

step E1, according to the system global parameter set prms ═ { q, G ═ q_T,f_bp,g,H,H₁,H₂Data owner randomizationSelecting an integerUsing its own private key SK_DOCalculating t₁＝nSK_DOmod p is used as an interactive value between the user and the authorized data user and then is sent to the authorized data user;

step E2, the authorized data user receives t₁Then, use its private key SK_AUCalculating t₂＝SK_AU/t₁As an interactive value with the data owner, and then sending the interactive value to the data owner;

step E3, the data owner receives t₂Then, an index ciphertext re-encryption key rk is calculated by using a random integer n_DO→AU＝nt₂And then sends it to the ciphertext storage server.

Further, the specific process of step F is as follows:

global parameter set prms { q, G according to the system_T,f_bp,g,H,H₁,H₂And the ciphertext storage server re-encrypts the key rk according to the index ciphertext_DO→AUAnd index ciphertext CT of data owner_w,DORecalculating the first part of the index ciphertext (a, B)Generating shared index ciphertext CT_w,AU＝(A',B)。

Further, the specific process of step G is as follows:

step G1, according to the system global parameter set prms ═ { q, G ═ q_T,f_bp,g,H,H₁,H₂}, the user randomly selects an integerCalculating a first portion T of a search trapdoor₁＝g^r'；

Step G2, the user utilizes the private key SK_UPublic key PK of ciphertext storage server_SAnd the keywords w' to be searched for, calculatingSearching for a second portion of a trapdoorWherein H₁(w') is a hash function H₁The hash value of the output key word w',ciphertext storage server public key PK output for Hash function H_SThe hash value of the power of r';

step G3, user combination T₁And T₂Generating search trapdoors T_w'I.e. search for trapdoors T_w'＝(T₁,T₂) And then sent to the ciphertext storage server.

Further, the specific process of step H is as follows:

global parameter set prms { q, G according to the system_T,f_bp,g,H,H₁,H₂}, index ciphertext CT_w,UAnd searching for a trapdoor T_w'＝(T₁,T₂) Wherein the index ciphertext CT_w,UIndex ciphertext CT that is a data owner_w,DO(a, B) or a shared index cryptogram CT to an authorized data user_w,AUThat is (a', B), the ciphertext storage server uses its own private key SK_SChecking equation Y H a₂(e(X,(T₂/H(T₁ ^a))^a) If the equation is true, it indicates that the index ciphertext and the search trapdoor match, and the index ciphertext CT is used_w,UThe corresponding data cipher text is sent to the searcher; otherwise, the matching test fails, and the index ciphertext CT is ignored_w,U；

The specific process of step I is as follows:

global parameter set prms { q, G according to the system_T,f_bp,g,H,H₁,H₂Data owner according to current private key SK_DOAnd a new private key to be enabledGenerating an index ciphertext update keyThen sending the data to a ciphertext storage server;

the specific process of step J is as follows:

global parameter set prms { q, G according to the system_T,f_bp,g,H,H₁,H₂}, index cipher text update key UK of data owner_DOAnd index ciphertext CT_w,DOWhen the index ciphertext is not the first portion of the index ciphertext, the ciphertext storage server may re-compute the index ciphertextGenerating a new index ciphertext

A searchable public key encryption system with key update and ciphertext sharing functionality, comprising:

the system parameter generating module is used for generating a global parameter set of the system according to the input security parameters;

the cipher text storage server public and private key generation module is used for generating a public and private key of the cipher text storage server according to the global parameter set of the system;

the system comprises a user public and private key generation module, a user public and private key generation module and a user public and private key generation module, wherein the user public and private key generation module is used for generating a public and private key of a user according to a global parameter set of the system, and the user comprises a data owner and an authorized data user;

the index ciphertext generating module is used for generating an index ciphertext by the data owner according to a global parameter set of the system, a public key of the data owner, a public key of the ciphertext storage server and a keyword associated with the data ciphertext;

the index ciphertext re-encryption key generation module is used for generating an index ciphertext re-encryption key according to a global parameter set of the system, a private key of a data owner and a private key of an authorized data user, and interaction of the data owner and the authorized data user;

the shared index ciphertext generating module is used for generating an index ciphertext which can be retrieved by an authorized data user according to a global parameter set, an index ciphertext re-encryption key and an index ciphertext of a data owner of the system;

the search trap door generation module is used for generating a search trap door by the user according to the global parameter set of the system, the private key of the user, the public key of the ciphertext storage server and the keyword to be searched;

the ciphertext retrieval module is used for testing whether the index ciphertext is matched with the search trapdoor or not according to a global parameter set of the system, a private key of the ciphertext storage server, the index ciphertext and the search trapdoor, namely testing whether key words contained in the index ciphertext and the search trapdoor are the same or not, wherein the index ciphertext is an index ciphertext of a data owner or a shared index ciphertext for an authorized data user; if the index ciphertext is successfully matched with the search trapdoor, the ciphertext storage server sends a data ciphertext corresponding to the index ciphertext to the user; otherwise, the ciphertext storage server ignores the data ciphertext corresponding to the index ciphertext;

the index ciphertext updating key generation module is used for generating an index ciphertext updating key by the data owner according to the global parameter set of the system, the current private key used by the data owner and the new private key to be started;

and the index ciphertext updating module is used for updating the original index ciphertext of the data owner by the ciphertext storage server according to the global parameter set of the system, the index ciphertext updating key of the data owner and the original index ciphertext of the data owner to generate a new index ciphertext.

Adopt the beneficial effect that above-mentioned technical scheme brought:

firstly, the invention provides a ciphertext updating function for maintaining the key word privacy, and the key word privacy is effectively protected because the index ciphertext does not need to be decrypted in the updating process of the index ciphertext and the ciphertext storage server does not know the key word information in the key word ciphertext.

Secondly, the invention uses the public keys of the receiver and the appointed storage server to generate the index ciphertext, only the appointed ciphertext storage server can execute the test operation, thereby eliminating the requirement of searching the safe channel in the trap door transmission. Since only the designated storage server can perform the matching test operation using its private key, even if an external attacker intercepts the search trapdoor, the indistinguishability of the index ciphertext cannot be destroyed.

Finally, the present invention provides ciphertext sharing functionality. The data owner can encrypt the index ciphertext again by using the index ciphertext re-encryption key sent by the authorized ciphertext storage server to convert the index ciphertext into the index ciphertext which can be directly retrieved by other users. Therefore, other users can directly access and retrieve the ciphertext shared by the data owner on the ciphertext storage server.

Drawings

FIG. 1 is an overall flow diagram of the present invention;

FIG. 2 is a detailed flow chart of the present invention;

FIG. 3 is a schematic diagram of the system of the present invention.

Detailed Description

The technical scheme of the invention is explained in detail in the following with the accompanying drawings.

The searchable public key encryption method with the key updating and ciphertext sharing functions provided by the invention can be realized by utilizing bilinear mapping, and the basic knowledge of the bilinear mapping is firstly briefly introduced below.

Let q be prime number, G be q factorial cyclic group, G_TFor a q-factorial cyclic group, G is the generator of the multiplicative cyclic group G. If defined in multiplication cycle group G and multiplication cycle group G_TA mapping of f_bp:G×G→G_TThe mapping is said to be an efficient bilinear mapping if the following three properties are met. Wherein f is_bp:G×G→G_TIs the multiplication cycle group G and the Cartesian product of itself G to the multiplication cycle group G_TOf (2), i.e. bilinear mapping f_bp:G×G→G_TIs that the function z is f_bp(x, y) where x, y ∈ G are arguments, z ∈ G_TIs a dependent variable.

An efficient bilinear map f_bp:G×G→G_TThe following three properties need to be satisfied:

(1) bilinear: for arbitrarySatisfy f_bp(g^m,gⁿ)＝f_bp(g,g)^mn；

(2) Non-degradability:whereinRepresenting multiplication cycle groups G_TA unit cell of (1);

(3) calculability: for any oneThere is an algorithmically efficient calculation of f_bp(g^m,gⁿ). Wherein, the concept of the group and the cycle group is as follows: let G be the group, if there is an element G e G such that G ═ GⁿIf | n ∈ Z } (or G { ng | n ∈ Z }), G is called a multiplication cycle group (or an addition cycle group), and G is called a generator of the group G. If the generator G has an order q (i.e., q is the smallest positive integer having G to be raised to a power equal to the unit elements of the group G), then G is called a q-order cyclic group. In addition to this, the present invention is,wherein Z_qRefers to the remaining class of integer modulus q, i.e. Z_q＝{0,1,...,q-1}。

According to the above description of bilinear pairings, the searchable public key encryption method with key update and ciphertext sharing functions provided by the present invention is further described with reference to the accompanying drawings and implementation examples, but is not limited to the present invention.

The method of the invention relates to the following users:

(1) a system parameter generation center: the only trusted third party in the system is responsible for generating the global parameter set of the system;

(2) the ciphertext storage server: the system is responsible for generating own public and private keys, generating a new index ciphertext and a shared index ciphertext and storing the ciphertexts in the system; after receiving the search trap, searching the ciphertext and sending the ciphertext meeting the requirement to the user;

(3) the data owner: the key encryption method comprises the steps of generating an initial public and private key, an index ciphertext updating key and an index ciphertext re-encryption key, encrypting data to be sent into a data ciphertext, encrypting a keyword associated with the data into the index ciphertext and attaching the index ciphertext to the data ciphertext to send to a ciphertext storage server, generating a search trapdoor of the keyword to be searched, sending the trapdoor to the ciphertext storage server, and authorizing the ciphertext storage server to retrieve the received ciphertext through the search trapdoor. (ii) a

(4) Authorized data users: the method is used for generating a public key and a private key of the user, generating a search trap door of a keyword to be searched, sending the trap door to a ciphertext storage server, and authorizing the ciphertext storage server to retrieve the received ciphertext through the search trap door.

With reference to fig. 1 and 2, the steps of the method of the invention are described in detail as follows:

a searchable public key encryption method with key update and ciphertext sharing functions, the method comprising:

a, according to the safety parameters, a system parameter generation center generates a global parameter set of a system;

b, generating a public and private key of the ciphertext storage server according to the global parameter set of the system;

step C, according to the global parameter set of the system, a user generates a private and public key of the user, and the user comprises a data owner and an authorized data user;

step D, according to a global parameter set of the system, a public key of a data owner, a public key of a ciphertext storage server and a key word associated with a data ciphertext, the data owner generates an index ciphertext and attaches the index ciphertext to the data ciphertext to form a retrievable ciphertext;

e, generating an index ciphertext re-encryption key by the data owner and the authorized data user in an interactive mode according to the global parameter set of the system, the private key of the data owner and the private key of the authorized data user;

step F, according to the global parameter set, the index ciphertext re-encryption key and the index ciphertext of the data owner of the system, the ciphertext storage server generates a shared index ciphertext which can be retrieved by an authorized data user;

g, according to a global parameter set of the system, a private key of a user, a public key of a ciphertext storage server and a keyword to be searched, the user generates a search trapdoor, and the user comprises a data owner and an authorized data user;

and step H, according to the global parameter set of the system, the private key of the ciphertext storage server, the index ciphertext and the search trapdoor, the ciphertext storage server tests whether the index ciphertext is matched with the search trapdoor, namely tests whether the key words contained in the index ciphertext and the search trapdoor are the same, wherein the index ciphertext can be the index ciphertext of a data owner or the index ciphertext shared by an authorized data user. If the index ciphertext is successfully matched with the search trapdoor, the ciphertext storage server sends a data ciphertext corresponding to the index ciphertext to the user; otherwise, the ciphertext storage server ignores the data ciphertext corresponding to the index ciphertext;

step I, according to a global parameter set of a system, a currently used private key of a data owner and a new private key to be started by the data owner, and the data owner generates an index ciphertext updating key;

and step J, updating the key and the original index ciphertext of the data owner according to the global parameter set of the system, the index ciphertext of the data owner, and the original index ciphertext by the ciphertext storage server to generate a new index ciphertext.

Preferably, the detailed steps of the step A are as follows:

step A.1, the system parameter generation center belongs to Z according to the safety parameter lambda⁺Generating a lambda-bit prime number q, a q-factorial cyclic group G and a q-factorial cyclic group G_TAnd defining a bilinear map f_bp:G×G→G_TWherein Z is⁺Is a set of positive integers, f_bp:G×G→G_TIs the multiplication cycle group G and the Cartesian product of itself G to the multiplication cycle groupG_TOf (2), i.e. bilinear mapping f_bp:G×G→G_TIs that the function z is f_bp(x, y) wherein x, y ∈ G is an independent variable, and z ∈ G_TIs a dependent variable;

step A.2, selecting a generator G from the multiplication cyclic group G;

step A.3, defining three hash functions H, G → G, H₁:{0,1}^*→G，H₂:G_T→{0,1}^lWherein l ∈ Z⁺H is the hash function of multiplication cycle group G to multiplication cycle group G, H₁Is {0,1}^*Hash function to multiplication loop group G, H₂Is a multiplication cycle group G_THash function to binary symbol string of length l, {0,1}^*Is a set of binary symbol strings of non-fixed length, {0,1}^lIs a set of binary symbol strings of length l;

step a.4, generating a global parameter set prms of the system as { q, G ═ q_T,f_bp,g,H,H₁,H₂}。

Preferably, the detailed steps of the step B are as follows: global parameter set prms { q, G according to the system_T,f_bp,g,H,H₁,H₂The ciphertext storage server is in the setIn the method, own private key SK is randomly selected_SA, and calculates its own public key PK_S＝g^a。

Preferably, the detailed steps of step C are as follows: global parameter set prms { q, G according to the system_T,f_bp,g,H,H₁,H₂Users are in the setIn the method, own private key SK is randomly selected_U＝x_UAnd calculates its own public keyPublic and private keys currently used by data owner and data to be openedThe new public and private keys are respectively expressed as (PK)_DO,SK_DO) Andthe public and private key representation of the authorized data user is (PK)_AU,SK_AU)。

Preferably, the detailed steps of step D are as follows:

step d.1, according to the global parameter set prms of the system { q, G ═ q_T,f_bp,g,H,H₁,H₂The data owner according to its own public key PK_DOPublic key PK of ciphertext storage server_SAnd a keyword w associated with the data ciphertext to be transmitted, randomly selecting an integerGenerating a bilinear mapping value t ═ f_bp(PK_S,H₁(w))^rWherein H is₁(w) is a hash function H₁The hash value of the output keyword w;

step d.2, calculate first part a ═ (PK) of index cipher text_DO)^rAnd a second part B ═ H of the index ciphertext₂(t)；

D.3, the sender combines A and B to generate an index ciphertext CT_w,DOI.e. indexing the ciphertext CT_w,DOThe data ciphertext is added to the data ciphertext and then transmitted to the ciphertext storage server.

Preferably, the detailed steps of step E are as follows:

step e.1, according to the global parameter set prms of the system { q, G ═ q_T,f_bp,g,H,H₁,H₂The data owner randomly selects an integerUsing its own private key SK_DOCalculating t₁＝nSK_DOmod p as its interaction value with the authorized data user and then sends it to the authorized data user;

step E.2, authorized data user receives t₁Then, use its private key SK_AUCalculating t₂＝SK_AU/t₁As his interaction value with the data owner, and then sends it to the data owner;

step E.3, data owner receives t₂Then, an index ciphertext re-encryption key rk is calculated by using a random integer n_DO→AU＝nt₂And then sends it to the ciphertext storage server.

Preferably, the detailed steps of step F are as follows: global parameter set prms { q, G according to the system_T,f_bp,g,H,H₁,H₂And the ciphertext storage server re-encrypts the key rk according to the index ciphertext_DO→AUAnd index ciphertext CT of data owner_w,DORecalculating the first part of the index ciphertext (a, B)Generating shared index ciphertext CT_w,AUCommon index ciphertext CT ═ (a', B)_w,AUThe term (a ', B) is composed of two parts, a' and B.

Preferably, the detailed steps of step G are as follows:

step g.1, according to the global parameter set prms of the system { q, G ═ q_T,f_bp,g,H,H₁,H₂}, the user randomly selects an integerCalculating a first portion T of a search trapdoor₁＝g^r'；

G.2, the user utilizes the private key SK of the user_UPublic key PK of ciphertext storage server_SAnd a keyword w' to be searched, calculating a second part of the search trapdoorWherein H₁(w') is a hash function H₁The hash value of the output key word w',ciphertext storage server public key PK output for Hash function H_SThe hash value of the power of r';

step G.3, user combination T₁And T₂Generating search trapdoors T_w'I.e. search for trapdoors T_w'＝(T₁,T₂) From T₁And T₂The two parts are formed and then sent to the ciphertext storage server.

Preferably, the detailed steps of step H are as follows: global parameter set prms { q, G according to the system_T,f_bp,g,H,H₁,H₂}, index ciphertext CT_w,U(X, Y) and search trapdoor T_w'＝(T₁,T₂) Wherein the index ciphertext CT_w,UIndex ciphertext CT which may be the owner of the data (X, Y)_w,DOThe index cipher text CT shared by authorized data users may be (a, B)_w,AUThat is (a', B), the ciphertext storage server uses its own private key SK_SChecking equation Y H a₂(e(X,(T₂/H(T₁ ^a))^a) Whether or not it is true). If the equality is true, the index ciphertext is matched with the search trapdoor, and the index ciphertext CT is used_w,UThe corresponding data cipher text is sent to the searcher; otherwise, the matching test fails, and the index ciphertext CT is ignored_w,U。

Preferably, the detailed steps of step I are as follows: global parameter set prms { q, G according to the system_T,f_bp,g,H,H₁,H₂Data owner according to current private key SK_DOAnd a new private key to be enabledGenerating an index ciphertext update keyAnd then sends it to the ciphertext storage server.

Preferably, the detailed steps of step J are as follows: according to the global parameters of the systemSet prms ═ q, G_T,f_bp,g,H,H₁,H₂}, index cipher text update key UK of data owner_DOAnd index ciphertext CT_w,DOWhen the index ciphertext is not the first portion of the index ciphertext, the ciphertext storage server may re-compute the index ciphertextGenerating a new index ciphertextI.e. new index ciphertextIs composed of two parts A' and B.

Referring to fig. 3, the present invention further provides a searchable public key encryption system having a key update and ciphertext sharing function, which includes a system initialization module, a ciphertext storage server public and private key generation module, a user public and private key generation module, an index ciphertext re-encryption key generation module, a shared index ciphertext generation module, a search trapdoor generation module, a ciphertext retrieval module, an index ciphertext update key generation module, and an index ciphertext update module, and the specific details are as follows:

the system parameter generating module is used for generating a global parameter set of the system according to the input security parameters;

the cipher text storage server public and private key generation module is used for generating a public and private key of the cipher text storage server according to the global parameter set of the system;

the user public and private key generating module is used for generating a public and private key of a user according to the global parameter set of the system, wherein the user comprises a data owner and an authorized data user;

the index ciphertext generating module is used for generating an index ciphertext by the data owner according to a global parameter set of the system, a public key of the data owner, a public key of the ciphertext storage server and a keyword associated with the data ciphertext;

the index ciphertext re-encryption key generation module is used for generating an index ciphertext re-encryption key according to the global parameter set of the system, the private key of the data owner and the private key of the authorized data user, and the interaction of the data owner and the authorized data user;

the shared index ciphertext generating module is used for generating an index ciphertext which can be searched by an authorized data user by the ciphertext storage server according to the global parameter set, the index ciphertext re-encryption key and the index ciphertext of the data owner of the system;

the search trap door generation module is used for generating a search trap door by a user according to a global parameter set of the system, a private key of the user, a public key of the ciphertext storage server and a keyword to be searched, and the user comprises a data owner and an authorized data user;

and the ciphertext retrieval module is used for testing whether the index ciphertext is matched with the search trapdoor or not according to the global parameter set of the system, the private key of the ciphertext storage server, the index ciphertext and the search trapdoor, namely testing whether the key words contained in the index ciphertext and the search trapdoor are the same or not, wherein the index ciphertext can be the index ciphertext of a data owner or the index ciphertext shared by an authorized data user. If the index ciphertext is successfully matched with the search trapdoor, the ciphertext storage server sends a data ciphertext corresponding to the index ciphertext to the user; otherwise, the ciphertext storage server ignores the data ciphertext corresponding to the index ciphertext;

the index ciphertext updating key generation module is used for generating an index ciphertext updating key by the data owner according to the global parameter set of the system, the current private key used by the data owner and the new private key to be started;

and the index ciphertext updating module is used for updating the original index ciphertext of the data owner by the ciphertext storage server according to the global parameter set of the system, the index ciphertext updating key of the data owner and the original index ciphertext of the data owner to generate a new index ciphertext.

The embodiments are only for illustrating the technical idea of the present invention, and the technical idea of the present invention is not limited thereto, and any modifications made on the basis of the technical scheme according to the technical idea of the present invention fall within the scope of the present invention.