阅读说明：本技术 一种基于区块链的密文检索公平支付方法及系统 (Ciphertext retrieval fair payment method and system based on block chain ) 是由 杨旸 林鸿瑞 郭文忠 刘西蒙 郑相涵 邹剑 于 2019-09-17 设计创作，主要内容包括：本发明涉及一种基于区块链的密文检索公平支付方法及系统,包括数据拥有者、数据用户、云平台、以及部署在区块链上的智能合约；数据拥有者的加密数据通过智能合约授权给一个以上的数据用户进行检索和解密；数据用户当满足授权条件并且在智能合约中存储有足够的搜索费用时能够发起搜索请求；所述智能合约验证云服务器返回的搜索结果的正确性和完整性,验证通过后,所述云服务器将相关度最高的k个搜索结果返回给数据用户。本发明能够进一步解决公平支付的问题。(The invention relates to a cipher text retrieval fair payment method and system based on a block chain, which comprises a data owner, a data user, a cloud platform and an intelligent contract arranged on the block chain; the encrypted data of the data owner is authorized to more than one data user to retrieve and decrypt through an intelligent contract; the data user can initiate a search request when the authorization condition is met and enough search fee is stored in the intelligent contract; and the intelligent contract verifies the correctness and the integrity of the search results returned by the cloud server, and after the verification is passed, the cloud server returns the k search results with the highest correlation degree to the data user. The invention can further solve the problem of fair payment.)

1. A cipher text retrieval fair payment system based on a block chain is characterized by comprising a data owner, a data user, a cloud platform and an intelligent contract deployed on the block chain;

the encrypted data of the data owner is authorized to more than one data user to retrieve and decrypt through an intelligent contract; the data user can initiate a search request when the authorization condition is met and enough search fee is stored in the intelligent contract; and the intelligent contract verifies the correctness and the integrity of the search results returned by the cloud server, and after the verification is passed, the cloud server returns the k search results with the highest correlation degree to the data user.

2. The block chain based ciphertext retrieval fair payment system of claim 1, wherein the data owner owns a set of files to be outsourced to the cloud platform, the data owner extracts the set of keywords from the files and encrypts them into the encryption index, and encrypts the files and sends the ciphertext and the encryption index to the cloud platform for remote storage; the data owner can authorize the right to a certain data user to query and earn the user's query fee;

before the data user initiates a search request, the data user needs to obtain the authorization of a data owner; the data user submits the generated search trapdoor to the cloud platform through the intelligent contract, if the search result returned by the cloud platform passes the verification of the intelligent contract, the data user pays service fee to the cloud platform and pays message fee to the data owner, otherwise, the data user does not pay any fee;

the cloud platform stores the encrypted index and the encrypted file of the data owner by using a cloud storage service and provides an online search service for data users; the cloud platform executes search operation by using the encryption index, and returns correct and complete first k most relevant search results to the data user so as to earn service fee;

the block chain records verification data by using an intelligent contract, so that the intelligent contract can verify the correctness and the integrity of a search result returned by the cloud platform; data owners and data users deploy more than one intelligent contract on the blockchain to perform functions including user management, fair payment, and searching.

3. The block chain-based ciphertext retrieval fair payment system of claim 1, wherein the intelligent contract comprises a user management contract, a fair payment contract, and a user interface contract; the user management contract and the fair payment contract are deployed to an Etherhouse by a data owner; the interaction of the intelligent contract comprises the following steps:

the data user stores the Ethernet money with the value of fe into an deposit pool of a fair payment contract;

the data user sends a search trap door to the fair payment contract and attaches the contract address of the user interface of the data user;

the fair payment contract calls a user management contract, and whether a data user is an authorized user or not and whether the data user has enough Ethernet money in a deposit pool or not is checked to initiate a search operation; if the current data user is an authorized user and enough Ethernet coins are in the deposit pool to initiate a search operation, a fair payment contract is broadcasted to search the trap door, and then the cloud platform receives the search trap door, executes the search operation and returns a search result;

the fair payment contract verifies the search result of the cloud platform through a verification key stored in advance;

if the output of the verification function in the fair payment contract is true, transferring the information fee and the service fee from the deposit pool to the data owner and the cloud platform respectively, and calling a user interface contract to receive a search result; otherwise, the search fee in the deposit pool is returned to the data user.

4. The block chain-based ciphertext retrieval fair payment system of claim 2, wherein the data owner extracts the keyword set from the files and encrypts it into the encryption index, and simultaneously encrypts the files and sends the ciphertext and the encryption index to the cloud platform for remote storage specifically:

data owner from a cleartext document collectionIn each document, more than one keyword is extracted to form a total keyword dictionaryRealizing multi-keyword sequencing search by adopting a data structure of an inverted index; representing a set of identifiers of files containing a set W of search keywords as The document identifiers in (1) are sorted by domain-weighted score;

the data owner assembles the plaintext document using the symmetric encryption algorithm SEnc with key ekEncrypted into a set of ciphertext documentsThe data owner will encryptThe index is set asFinally will beOutsourcing to a cloud platform for storage; wherein the content of the first and second substances,for encryption Is a lookup table having a structure of<key,value>Wherein the key field stores the output of the pseudo-random function and the value contains the tuple<value,proof>Wherein, the value field stores the address of the encrypted file identifier set, and the proof field stores the verification data of the multi-keyword sequencing search result.

5. The block chain-based ciphertext retrieval fair payment system of claim 1, wherein the data owner makes the data user lose the search authority granted by the data owner by marking the current data user as an illegal user in an intelligent contract.

6. A method for ciphertext retrieval fair payment system based on the block chain of any one of claims 1-5, wherein the method for providing data owner, data user and cloud platform comprises the following steps:

generating system parameters and a key by a data owner;

extracting a keyword set from the plain text document by a data owner and generating a corresponding encrypted keyword index; the data owner encrypts the file by using a symmetric encryption algorithm, and then outsources the encryption index and the ciphertext document to the cloud platform;

a data owner deploys an intelligent contract on a block chain to perform user management and fair payment, and records data required by verification operation in the intelligent contract to realize public verification and fair payment;

the data user requests the search authority, the data owner uses the user management contract in the intelligent contract to grant the search authority to the data user, and then the data owner grants the search key to the data user;

the data user deploys an intelligent contract for searching related functions, the data user generates a multi-keyword search trapdoor by using a search key, and sends the multi-keyword search trapdoor to a block chain and triggers a fair payment contract in the intelligent contract; before a data user initiates a search request, the data user needs to store enough search fee in an intelligent contract; if the data user is an authorized user and sufficient search cost is paid, the intelligent contract automatically broadcasts a search trapdoor in the block chain, and the cloud platform receives the search trapdoor;

the cloud platform executes a search operation according to the monitored search trapdoor, and returns the document identifier of k before the relevance ranking to the intelligent contract for verification;

according to verification data provided by a data owner, a fair payment contract verifies the correctness and completeness of a search result returned by a cloud platform; if the search result is correct and complete, the fair payment contract automatically uses the search fee pre-paid by the data user to pay the information fee to the cloud platform and pay the service fee to the data owner;

after the verification is passed, the cloud platform sends the ciphertext document to the data user; and after receiving the ciphertext file from the cloud platform, the data user decrypts the ciphertext file.

Technical Field

The invention relates to the technical field of searchable encryption and fair payment, in particular to a ciphertext retrieval fair payment method and system based on a block chain.

Background

With the development of cloud computing, more and more enterprises and individuals utilize the innovative technology to migrate a large amount of data and computing tasks to a cloud platform to save local storage and computing resources. While the cloud platform provides remote storage and computing services for users, privacy issues of user data are gradually emerging. The cloud platform can access and use user data at any time without limitation. In order to guarantee the availability of data in a cloud platform and guarantee the safety, a searchable encryption technology becomes a research hotspot of cloud computing, and the technology can achieve the purposes of data confidentiality and information retrieval at the same time. However, most searchable encryption schemes currently support only single keyword searches, and the cloud platform does not rank the returned search results. A practical searchable encryption scheme should allow users to search for documents containing multiple keywords and return the most relevant files to save network bandwidth.

However, current searchable encryption schemes also face a new paradigm of attack, and cloud servers may fraudulently perform search operations (to save computing resources) and send incorrect or incomplete search results to users. In the business model using the search service after paying the search fee, the user must pay the service fee to the cloud platform even if the above scenario occurs. If the business model is changed to use the service first and then pay the search service fee, even if a dishonest or malicious user receives a correct and complete search result, the user can defaecate the cloud platform and refuse to pay the service fee. To solve the above problem, current searchable encryption schemes require the participation of an authority to resolve the payment problem. However, the payment method relying on the trusted third party has certain limitations: a fully trusted party (e.g. a bank) needs to be introduced to handle payment problems fairly; the trusted third party may not have the ability to verify the correctness of the search results or other outsourced computing operations; the privacy of the data owner, user, may be compromised by trusted third parties. Therefore, a practical searchable encryption scheme should ensure fair payment between data owners, users, and the cloud platform. In recent years, there has been a great deal of research interest in verifiable and searchable encryption schemes designed for encrypted data that can verify the correctness and integrity of search results. Although many verification techniques (such as homomorphic MAC or RSA accumulators) can detect dishonest behavior of the cloud platform, they do not work properly without a trusted third party. To address this problem, Hu et al propose a searchable encryption scheme based on blockchains: the scheme stores the search index in the intelligent contract, and the search algorithm is executed by the intelligent contract instead of the cloud platform. Similar methods have been used by Chen et al, Wang et al and Wu et al: the search operation of the smart contract is always trusted and can return correct results, so that the results do not need to be verified. To store a large index in a blockchain, these schemes must divide a complex searchable index into thousands of blocks and store in thousands of blockchain transaction transactions (due to the low storage capacity of each transaction). And these transactions must be uploaded to the blockchain one after the other (rather than in a concurrent manner), which takes a significant amount of time. The three schemes utilize the EtherFang intelligent contracts to execute the whole search algorithm, and because the intelligent contracts are high in execution cost, a large amount of time and Ethernet money expenses are caused. These solutions are therefore less scalable and more costly. To achieve fair payment with searchable encryption, Zhang et al has devised a fair payment system using a bitcoin-based timed commitment protocol, which uses input and output scripts of bitcoins to verify the integrity and correctness of search results, but the scheme consumes a considerable amount of bitcoins during its operation, and the bitcoins are too expensive, and smart contracts for bitcoins are not complete and too limited in functionality. Cai et al have devised a timed payment agreement using an etherhouse intelligent contract to fairly implement a search service first and then payment business process in a searchable encryption scheme. The solution of Cai does not execute the authentication algorithm unless the user applies for an arbitration request. When the user is not satisfied with the result returned by the cloud platform, the user can lift the arbitration request, each arbitration node independently executes the judgment process after receiving the arbitration request, and the arbitration node realizes the keyword search algorithm again to verify whether the search result is correct. Finally, the individual arbitration results are summarized into an arbitration intelligence contract. And finally, making a final decision by the arbitration contract according to all arbitration results, namely whether the cloud platform cheats. It can be seen that the Cai scheme wastes a significant amount of computational resources in the arbitration process.

The advent of blockchain technology has introduced a new decentralized payment model to address these problems, which is not under the control of any central authority. An intelligent contract in a blockchain is an automatically executed contract whose terms (agreement between buyer and seller) are written directly into the code lines of a computer. Smart contracts allow trusted transactions and agreements between anonymous parties without the involvement of a central authority, a legal system. Therefore, the blockchain and the intelligent contracts are suitable for performing verification operations in the searchable encryption system to achieve fair payment among the cloud platform, the user and the data owner.

Current blockchain-based searchable encryption schemes achieve fair payment using built-in payment functions of blockchains, but these schemes do not support multi-keyword search, top-k ordering, and publicly verifiable functions, and therefore, these schemes are not practical.

Disclosure of Invention

In view of the above, the present invention provides a block chain-based ciphertext retrieval fair payment method and system, which can further solve the problem of fair payment.

The invention is realized by adopting the following scheme: a ciphertext retrieval fair payment system based on a block chain comprises a data owner, a data user, a cloud platform and an intelligent contract arranged on the block chain;

the encrypted data of the data owner is authorized to more than one data user to retrieve and decrypt through an intelligent contract; the data user can initiate a search request when the authorization condition is met and enough search fee is stored in the intelligent contract; and the intelligent contract verifies the correctness and the integrity of the search results returned by the cloud server, and after the verification is passed, the cloud server returns the k search results with the highest correlation degree to the data user.

Further, the data owner owns a group of files to be outsourced to the cloud platform, extracts the keyword set from the files and encrypts the keyword set into an encryption index, and simultaneously encrypts the files and sends the ciphertext and the encryption index to the cloud platform for remote storage; the data owner can authorize the right to a certain data user to query and earn the user's query fee;

before the data user initiates a search request, the data user needs to obtain the authorization of a data owner; the data user submits the generated search trapdoor to the cloud platform through the intelligent contract, if the search result returned by the cloud platform passes the verification of the intelligent contract, the data user pays service fee to the cloud platform and pays message fee to the data owner, otherwise, the data user does not pay any fee;

the cloud platform stores the encrypted index and the encrypted file of the data owner by using a cloud storage service and provides an online search service for data users; the cloud platform executes search operation by using the encryption index, and returns correct and complete first k most relevant search results to the data user so as to earn service fee;

the block chain records verification data by using an intelligent contract, so that the intelligent contract can verify the correctness and the integrity of a search result returned by the cloud platform; data owners and data users deploy more than one intelligent contract on the blockchain to perform functions including user management, fair payment, and searching.

Further, the intelligent contract comprises a user management contract, a fair payment contract, and a user interface contract; the user management contract and the fair payment contract are deployed to an Etherhouse by a data owner; the interaction of the intelligent contract comprises the following steps:

the data user stores the Ethernet money with the value of fe into an deposit pool of a fair payment contract;

the data user sends a search trap door to the fair payment contract and attaches the contract address of the user interface of the data user;

the fair payment contract calls a user management contract, and whether a data user is an authorized user or not and whether the data user has enough Ethernet money in a deposit pool or not is checked to initiate a search operation; if the current data user is an authorized user and enough Ethernet coins are in the deposit pool to initiate a search operation, a fair payment contract is broadcasted to search the trap door, and then the cloud platform receives the search trap door, executes the search operation and returns a search result;

the fair payment contract verifies the search result of the cloud platform through a verification key stored in advance;

if the output of the verification function in the fair payment contract is true, transferring the information fee and the service fee from the deposit pool to the data owner and the cloud platform respectively, and calling a user interface contract to receive a search result; otherwise, the search fee in the deposit pool is returned to the data user.

Further, the data owner extracts the keyword set from the files and encrypts the keyword set into the encryption index, and simultaneously encrypts the files and sends the ciphertext and the encryption index to the cloud platform for remote storage specifically:

data owner from a cleartext document collectionIn each document, more than one keyword is extracted to form a total keyword dictionaryRealizing multi-keyword sequencing search by adopting a data structure of an inverted index; representing a set of identifiers of files containing a set W of search keywords as The document identifiers in (1) are sorted by domain-weighted score;

the data owner assembles the plaintext document using the symmetric encryption algorithm SEnc with key ekEncrypted into a set of ciphertext documentsThe data owner sets the encryption index toFinally will beOutsourcing to a cloud platform for storage; wherein the content of the first and second substances,for encryption The structure of the lookup table is < key, value >, wherein the key field stores the output of a pseudo-random function, the value comprises a tuple < value, proof, wherein the value field stores the address of an encrypted file identifier set, and the proof field stores the verification data of the multi-keyword ordering search result.

Further, the data owner makes the data user lose the search authority given by the data owner by marking the current data user as an illegal user in the intelligent contract.

The invention also provides a ciphertext retrieval fair payment system method based on the block chain, which provides a data owner, a data user and a cloud platform and comprises the following steps:

generating system parameters and a key by a data owner;

extracting a keyword set from the plain text document by a data owner and generating a corresponding encrypted keyword index; the data owner encrypts the file by using a symmetric encryption algorithm, and then outsources the encryption index and the ciphertext document to the cloud platform;

a data owner deploys an intelligent contract on a block chain to perform user management and fair payment, and records data required by verification operation in the intelligent contract to realize public verification and fair payment;

the data user requests the search authority, the data owner uses the user management contract in the intelligent contract to grant the search authority to the data user, and then the data owner grants the search key to the data user;

the data user deploys an intelligent contract for searching related functions, the data user generates a multi-keyword search trapdoor by using a search key, and sends the multi-keyword search trapdoor to a block chain and triggers a fair payment contract in the intelligent contract; before a data user initiates a search request, the data user needs to store enough search fee in an intelligent contract; if the data user is an authorized user and sufficient search cost is paid, the intelligent contract automatically broadcasts a search trapdoor in the block chain, and the cloud platform receives the search trapdoor;

the cloud platform executes a search operation according to the monitored search trapdoor, and returns the document identifier of k before the relevance ranking to the intelligent contract for verification;

according to verification data provided by a data owner, a fair payment contract verifies the correctness and completeness of a search result returned by a cloud platform; if the search result is correct and complete, the fair payment contract automatically uses the search fee pre-paid by the data user to pay the information fee to the cloud platform and pay the service fee to the data owner;

after the verification is passed, the cloud platform sends the ciphertext document to the data user; and after receiving the ciphertext file from the cloud platform, the data user decrypts the ciphertext file.

Compared with the prior art, the invention has the following beneficial effects:

1. the invention can realize high-efficiency fair payment retrieval: the present invention designs a verifiable multi-key retrieval system to implement (based on domain-weighted scoring) top-k ranking searches, where only the most relevant encrypted files are returned to the user. Meanwhile, a multi-keyword inverted index data structure is adopted, and an efficient lookup table is provided. The search efficiency of the present invention increases as the number of keywords increases rather than the total number of documents.

2. The invention can realize flexible system expansion: in the invention, one data owner corresponds to any plurality of users, and the total number and the identity of the users do not need to be determined in the system establishing stage, so that new users can be added in the system at any time. Moreover, the number of common parameters in the system does not grow linearly with the number of users. No matter how many users the system supports, no additional communication and storage overhead is incurred. In cloud computing platforms, this feature is very important for an increasing number of users.

3. The invention can realize high-efficiency verifiable search: the cloud platform stores the documents of the users and executes the search tasks of the users, the block chain executes the verification operation of the users and automatically realizes fair payment, no third party is required to participate in the process, and the users only need to run a lightweight symmetric decryption algorithm to complete final decryption operation.

4. The invention can realize a safe ciphertext retrieval mechanism: the data owner has full authority to manage the search authority of the data without the need for a trusted key generation center. When a user wants to retrieve data of a data owner, the user needs to apply a search key to the data owner, and the data owner needs to add the identity of the user to a legal user list of the smart contract. Even if the user sells his search key to other users in the interest of the user, the other users still cannot perform the retrieval operation, and the user can initiate the search request only if the user has the search key and the legal identity in the smart contract at the same time.

5. The invention has an efficient user recall mechanism: once the data owner wants to withdraw the search authority of a certain user, the data owner only needs to call the user management intelligent contract to mark the user as an illegal user, and the recall mechanism has high efficiency.

6. The invention has the advantages of decentralization: in order to eliminate the cheating behavior that a trusted third party in a centralized system favors one party for benefits, the invention designs a searchable encryption verification algorithm based on a block chain technology to solve the problem of verifiability of search results. The data owner uploads the verification key to the intelligent contract, so that the intelligent contract has the capability of verifying the search result returned by the cloud platform, and any party cannot change the verification result of the intelligent contract. Therefore, the verification operation and the fair payment protocol of the retrieval system do not depend on any trusted third party, so that the fully decentralized fair payment retrieval system is realized.

Drawings

Fig. 1 is a schematic diagram of a system according to an embodiment of the present invention.

FIG. 2 is a schematic diagram of a contract-only workflow according to an embodiment of the present invention.

Fig. 3 is a code framework of a Fair Payment Contract (FPC) according to an embodiment of the present invention.

Fig. 4 is a code framework of a User Management Contract (UMC) according to an embodiment of the invention.

FIG. 5 is a code framework for a User Interface Contract (UIC) of an embodiment of the present invention.

Detailed Description

The invention is further explained below with reference to the drawings and the embodiments.

It should be noted that the following detailed description is exemplary and is intended to provide further explanation of the disclosure. Unless defined otherwise, all technical and scientific terms used herein have the same meaning as commonly understood by one of ordinary skill in the art to which this application belongs.

It is noted that the terminology used herein is for the purpose of describing particular embodiments only and is not intended to be limiting of example embodiments according to the present application. As used herein, the singular forms "a", "an" and "the" are intended to include the plural forms as well, and it should be understood that when the terms "comprises" and/or "comprising" are used in this specification, they specify the presence of stated features, steps, operations, devices, components, and/or combinations thereof, unless the context clearly indicates otherwise.

As shown in fig. 1 and fig. 2, the present embodiment provides a block chain-based ciphertext retrieval fair payment system, which includes a Data Owner (DO), a Data User (DU), a Cloud Platform (CP), and an intelligent contract deployed on a block chain;

the encrypted data of the data owner is authorized to more than one data user to retrieve and decrypt through an intelligent contract; the data user can initiate a search request when the authorization condition is met and enough search fee is stored in the intelligent contract; and the intelligent contract verifies the correctness and the integrity of the search results returned by the cloud server, and after the verification is passed, the cloud server returns the k search results with the highest correlation degree to the data user.

The symbolic variable descriptions of this example are shown in the table below.

In this embodiment, the data owner owns a group of files to be outsourced to the cloud platform, the data owner extracts a keyword set from the files and encrypts the keyword set into an encryption index, and simultaneously encrypts the files and sends a ciphertext and the encryption index to the cloud platform for remote storage; the data owner can authorize the right to a certain data user to query and earn the user's query fee;

before the data user initiates a search request, the data user needs to obtain the authorization of a data owner; the data user submits the generated search trapdoor to the cloud platform through the intelligent contract, if the search result returned by the cloud platform passes the verification of the intelligent contract, the data user pays service fee to the cloud platform and pays message fee to the data owner, otherwise, the data user does not pay any fee;

the cloud platform stores the encrypted index and the encrypted file of the data owner by using a cloud storage service and provides an online search service for data users; the cloud platform executes search operation by using the encryption index, and returns correct and complete first k most relevant search results to the data user so as to earn service fee;

the block chain records verification data by using an intelligent contract, so that the intelligent contract can verify the correctness and the integrity of a search result returned by the cloud platform; data owners and data users deploy more than one intelligent contract on the blockchain to perform functions including user management, fair payment, and searching.

In this embodiment, the smart contracts include user management contracts, fair payment contracts, and user interface contracts; the user management contract and the fair payment contract are deployed to an Etherhouse by a data owner; the interaction of the intelligent contract comprises the following steps:

the data user stores the Ethernet money with the value of fe into an deposit pool of a fair payment contract;

the data user sends a search trap door to the fair payment contract and attaches the contract address of the user interface of the data user;

the fair payment contract calls a user management contract, and whether a data user is an authorized user or not and whether the data user has enough Ethernet money in a deposit pool or not is checked to initiate a search operation; if the current data user is an authorized user and enough Ethernet coins are in the deposit pool to initiate a search operation, a fair payment contract is broadcasted to search the trap door, and then the cloud platform receives the search trap door, executes the search operation and returns a search result;

the fair payment contract verifies the search result of the cloud platform through a verification key stored in advance;

if the output of the verification function in the fair payment contract is true, transferring the information fee and the service fee from the deposit pool to the data owner and the cloud platform respectively, and calling a user interface contract to receive a search result; otherwise, the search fee in the deposit pool is returned to the data user.

In this embodiment, the specific steps of extracting a keyword set from files and encrypting the keyword set into an encryption index by the data owner, and simultaneously encrypting the files and sending a ciphertext and the encryption index to the cloud platform for remote storage are as follows:

data owner from a cleartext document collectionIn each document, more than one keyword is extracted to form a total keyword dictionaryRealizing multi-keyword sequencing search by adopting a data structure of an inverted index; representing a set of identifiers of files containing a set W of search keywords as The document identifiers in (1) are sorted by domain-weighted score;

the data owner assembles the plaintext document using the symmetric encryption algorithm SEnc with key ekEncrypted into a set of ciphertext documentsThe data owner sets the encryption index toFinally will beOutsourcing to a cloud platform for storage; wherein the content of the first and second substances,for encryption The structure of the lookup table is < key, value >, wherein the key field stores the output of a pseudo-random function, the value comprises a tuple < value, proof, wherein the value field stores the address of an encrypted file identifier set, and the proof field stores the verification data of the multi-keyword ordering search result.

In this embodiment, the data owner makes the data user lose the search authority given by the data owner by marking the current data user as an illegal user in the smart contract.

The embodiment also provides a ciphertext retrieval fair payment system method based on the block chain, which provides a data owner, a data user and a cloud platform, and comprises the following steps:

generating system parameters and a key by a data owner;

extracting a keyword set from the plain text document by a data owner and generating a corresponding encrypted keyword index; the data owner encrypts the file by using a symmetric encryption algorithm, and then outsources the encryption index and the ciphertext document to the cloud platform;

a data owner deploys an intelligent contract on a block chain to perform user management and fair payment, and records data required by verification operation in the intelligent contract to realize public verification and fair payment;

the data user requests the search authority, the data owner uses the user management contract in the intelligent contract to grant the search authority to the data user, and then the data owner grants the search key to the data user;

the data user deploys an intelligent contract for searching related functions, the data user generates a multi-keyword search trapdoor by using a search key, and sends the multi-keyword search trapdoor to a block chain and triggers a fair payment contract in the intelligent contract; before a data user initiates a search request, the data user needs to deposit enough search fees (including message fees and service fees) in an intelligent contract; if the data user is an authorized user and sufficient search cost is paid, the intelligent contract automatically broadcasts a search trapdoor in the block chain, and the cloud platform receives the search trapdoor;

the cloud platform executes a search operation according to the monitored search trapdoor, and returns the document identifier of k before the relevance ranking to the intelligent contract for verification;

according to verification data provided by a data owner, a fair payment contract verifies the correctness and completeness of a search result returned by a cloud platform; if the search result is correct and complete, the fair payment contract automatically pays the information fee to the cloud platform by using the search fee pre-paid by the data user and pays the service fee to the data owner (according to a predefined distribution proportion); otherwise, the search fee of the data user is returned to the account of the data user;

after the verification is passed, the cloud platform sends the ciphertext document to the data user; and after receiving the ciphertext file from the cloud platform, the data user decrypts the ciphertext file.

In particular, the present embodiment describes in detail several key steps with respect to the above-described system and method.

In the phase of system set-up, i.e. (1) in fig. 1, the input security parameters λ, DO select a pseudo-random function (PRF)And message authentication code function (MAC)Where d is the length of the document identifier and λ is a standard MAC function (e.g., SHA256 based HMAC). DO chooses a key space ofThe symmetric encryption/decryption algorithm of (1) pair SEnc/SDec. DO sets public parameters to

In the key generation stage, when the DO wants to share own document, the DO inputs a security parameter λ and runs a key generation algorithm KeyGen to generate an encryption key, and searches the key sk and the verification key vk. As shown in the workflow (1) of fig. 1. The specific algorithm is as follows:

KeyGen(1^λ) → (ek, sk, vk): inputting security parameters lambda and DO to randomly select key k₁,κ₂∈_R{0,1}^λAnd a symmetric encryption keyDefinition sk ═ k₁，vk＝κ₂。

During the encryption phase, the encrypted files of the DO may be searched by many users. In this phase, the DO collects from the cleartext documentChinese extracted keyword dictionaryAnd constructing an encryption index by using skDO uses ek to aggregate cleartext documentsEncrypted into a set of ciphertext documentsDO using vk as encryption indexVerification data proof is generated. After the above operations are completed, the DO deploys the user management contract and fair payment contract to the blockchain. Operation as shown in figure 1Schemes (2) - (3).

DO from a set of plaintext documentsIn each document, extracting a plurality of keywords to form a total keyword dictionaryFirst, the present invention employs a data structure of an inverted index to implement a multi-keyword ranking search. The following table is an example of an inverted index structure that supports three keywords. Assume that three sets of keywords are represented asThe keywords are arranged in a dictionary order. If the DU wants to query less than three keywords, the search keyword set W needs to be expanded: will contain a set of keywords (w)_i) Extend to (w)_i,w_i,w_i) (ii) a Will contain a set of two keywords (w)_i,w_j) Extend to (w)_i,w_j,w_j)。

The present invention represents a set of identifiers for files containing a set of search keywords W as The document identifiers in (1) are scored by domain weightAnd (6) sorting.

Based on the above inverted index, the DO uses the search key sk ═ k₁And the authentication key vk ═ k₂To construct an encryption index containing the authentication data Proof. Encryption index by look-up tableAnd an encrypted set of file identifiersAnd (4) forming. Lookup tableCan be expressed as < key, value >. Wherein the key field stores the output of the pseudo-random function γ κ, the value field includes the tuple < value, proof >, wherein the value field stores the address of the encrypted set of file identifiers, and the proof field stores the verification data of the multi-keyword ordered search result.

The detailed construction is as follows: for each keyword set W, DO in the inverted indexAnd is provided withWhereinIs the set of top k highest domain weighted scores document identifiers. MarkRecord as a setThe address of (2). If the number of documents containing the keyword W is beta and beta<k, thenAnd isCollectionIs encrypted intoDO uses symmetric encryption algorithm SEnc with key ek to assemble the plaintext documentEncrypted into a set of ciphertext documentsDO sets the encryption index toFinally will beAnd outsourcing the data to a cloud platform for storage.

Then DO deploys Fair Payment Contract (FPC) into the ethernet house and validates the authentication key vk ═ k @₂Recorded into the FPC. The FPC, which is a core component in this embodiment, is responsible for checking whether each DU initiating a search request is an authorized user, recording and broadcasting the search trapdoor by the FPC, verifying the search result of the CP, and finally realizing fair payment. After FPC is deployed, DO deploys User Management Contracts (UMC) to register authorized users. The code structure of FPC and UMC is shown in fig. 3 and 4.

In the trapdoor generation phase, the DU deploys search-related intelligent contracts on the blockchain and requests search authority from the DO. If DO allows, the DO grants the search key sk to the DU (workflow 4 shown in FIG. 1). The DU uses the search key sk to generate a multi-keyword search trapdoor from the multi-keyword set W and uploads it to the FPC (workflow 5-1 shown in fig. 1). The FPC checks the validity of the search trapdoor and sends the search trapdoor to the CP for processing if the trapdoor closing rule (workflow 5-2 shown in fig. 1).

The trapdoor generation algorithm is performed by the DU. When a DU first requests a search service from a CP, it first requests a search right from a DO. If the request is allowed, the DO grants the search key sk to the DU and adds the Etherhouse address of the DU to a set of authorized users in a User Management Contract (UMC). The DU generates a multi-keyword search trapdoor token using the search key sk. The DU then deploys the User Interface Contract (UIC) and deposits an ethernet coin into the FPC deposit pool (associated with his own account). In particular, DU generates multi-keyword search trapdoorsThe DU calls the initRequest () function of FPC to upload the trapgate to FPC. After receiving the search trapdoor, the FPC calls the UMC to check if the DU is an authorized user. If the DU is an authorized user, and the DU has sufficient Ether money in the deposit pool of the FPC. The FPC throws the ethernet event token to inform the CP to perform the search operation. The UIC is used to receive verified search results from the FPC. The code structure of the UIC is shown in fig. 5.

In the search phase, the CP uses the encrypted indexAnd search trapdoor token, CP outputs the most relevant search result set of k(as workflow 6 shown in fig. 1).

After the CP catches the event thrown by the FPC, the CP analyzes the event into a tupleAnd performs a search operation with this tuple. In a look-up tableIn, CP usageSearchingAndfor eachCP through calculationRecovery file identifier F_j(W). Followed by CP transmissionAndthe FPC is subjected to the following verification process.

In the verification stage, the intelligent contract utilizes a verification secret key vk stored in the intelligent contract, verification data Proof, search trapdoor token and search resultsThe intelligent contract verifies the correctness and completeness of the result. If the search result is valid, the contract FPC output 1 is fairly paid and the information/service charge is transferred to the Ethernet house address of the DO/CP. Otherwise, the contract outputs 0 and returns the search fee to the DU (shown as workflow 7 in FIG. 1).The process is run independently by a Fair Payment Contract (FPC). FPC reception setLater, the FPC verifies the set of identifiersCorrectness and completeness of the operation. Assuming that the verification data received by FPC from CP is Proof, the search trapdoor obtained from DU isFPC recalculationAnd verifies whether Proof is true. If the above formula is true, the FPC transfers the search fee from the deposit pool to the DO and the CP (as the information fee and the service fee, respectively) according to a predefined distribution proportion, and sends the search result to the UIC intelligent contract. Otherwise, the FPC transfers the search fee back to the DU's own account.

In the decryption stage, the ciphertext set is input in the stageAnd a symmetric encryption key ek, DU recovery plaintext set D_k(W). As shown in the workflow (8) of fig. 1. : DU gets search results returned by CPDecrypting the ciphertext document by using the symmetric key ek to obtain

Preferably, the total amount of ethernet coins owned by the FPC account is recorded as dispose pool in this embodiment. The present embodiment utilizes intelligent contracts to validate search results from the CP, which will ensure the integrity and correctness of the search results. The intelligent contract interaction flow in this embodiment is shown in fig. 2, and includes the following steps:

(1) the DO negotiates with the CP about the search fee and the distribution ratio of the search fee. Then, the DO deploys the FPC and the UMC to the Etherhouse, and the DU deploys the UIC to the Etherhouse.

(2) DU stores the Ethernet money with value fe into the deposit pool of FPC.

(3) The DU sends a search trapdoor to the FPC and attaches its UIC address.

(4) The FPC calls the UMC to check if the DU is an authorized user and if the DU has enough ethernet coins in the deposit pool to initiate a search operation.

(5) And if the conditions in the step (4) are met, the FPC broadcasts to search for the trapdoors, then the CP receives the trapdoors, and the CP returns the search results after executing the search operation.

(6) The FPC verifies the search result of the CP by the verification key stored in the FPC.

(7) And if the verification function output in the FPC is true, transferring the information fee and the service fee from the deposit pool destination pool to the DO and the CP respectively, and calling the UIC to receive the search result. (the search fee of the DU is divided into a service fee and an information fee by a predefined distribution ratio).

(8) Otherwise, the search fee in the deposit pool will be returned to the DU.

Therein, the DO deploys a User Management Contract (UMC) to manage an authorized user list userList that maps user etherhouse addresses to boolean values ("1" for authorized user addresses and "0" for revoked user addresses). The DO can add/delete users by calling addUser/removeUser functions in the UMC, which functions can only be executed by the DO. The FPC calls a verifyUser function to carry out user identity authentication. The code framework of UMC is shown in fig. 4.

Wherein when the DO and the CP negotiate the search fee (sum of the information fee and the service fee) and the distribution ratio of the information fee and the service fee. And the DO deploys a Fair Payment Contract (FPC), and the FPC verifies the search results of the search trapdoors submitted by the DU, wherein once the CP provides wrong search results or does not provide complete search results, the search results are rejected by the FPC, and the CP does not obtain any cost. Once the search results provided by the CP are verified to be complete and correct by the FPC, the FPC transfers information fees to the DO and transfers service fees to the CP according to the distribution proportion from the deposit pool. Thus, the CP cannot intentionally return partial or erroneous search results to save computational resources. Conversely, if the CP provides the correct search results, automatic payment in the deposit pool will be triggered. Thus, the DU cannot interrupt the payment process because the DU's deposit is automatically deducted from his FPC deposit pool after the CP provides the correct search results. The code frame of the FPC is shown in fig. 3. The FPC provides the following three interfaces:

deposint () → balance value: the DU calls this function to transfer certain ethernet coins from his external account to the FPC deposit pool. When the FPC receives the DU deposit, it will update the account balance for this user.

initRequest (token, address) → Ethereum event: the DU calls this function to request search services. The initRequest function will check the validity of the caller DU by calling the verifyUser function in UMC. If the address of the DU is an element of the set of authorized users userList in the UMC and the DU has enough Ether coins in the deposit pool, the initRequest function issues an EtherFang event associated with this trapdoor. The CP listens for events sent by the FPC. The CP receives and parses the event into a tuple (userAddr, token), which is used as input to the search function. After the search operation is completed, the CP calls a verifyresultfrmcp function in the FPC to verify the result and obtain the service fee.

verifyResultFromCP (userAddr, identifiers, proof) → Boolean: the function is called by the CP, and if the search result of the CP is verified to be complete and correct, the FPC transfers the total amount of fee x payment to DO, and transfers the total amount of fee x (1-payment) to the CP. Otherwise, the search fee will be returned to the DU. Finally, the function calls the receiveResults function of the UIC associated with userAddr to save the search results. In fig. 3, the present invention assumes that CP and DO share the search fee, i.e., the distribution ratio of the search fee is 1: 1.

Preferably, in the point-to-point network of the Ethernet workshop, the server can monitor the events sent by the Ethernet workshop by running a web3.js library of JavaScript, so that the transaction can be easily tracked. There may be a security risk if the CP uses the event to return the search results. Each person listening to the blockchain may obtain some search results without using any authentication mechanism. To address this problem, the present embodiment introduces a User Interface Contract (UIC) for DU deployment. Once the search results pass the integrity and correctness verification, the FPC will call the UIC to record the search results. Only the creator (data owner) of the UIC has the right to call the receiveResults function to receive correct and error-free search results sent by the FPC; the DU may also call the getSearchResults function to get the search results stored on the UIC. The code framework of the UIC is shown in fig. 5.

In particular, the present embodiment relates to domain weighted scoring, and the term frequency is a parameter for evaluating the importance of a keyword in a documentAnd (4) counting. However, one document has different areas (e.g., title, abstract, and body), and keywords appearing in different areas have different importance. For example, keywords in the title are more important than keywords in the summary, and keywords in the body text are the least important than other areas. The present embodiment calculates the correlation score using the domain-weighted score. Assuming a set of documents, each having t regions, the regions are weighted by g₁,…,g_t∈[0,1]So thatFor i is more than or equal to 1 and less than or equal to t, let s_iFor a Boolean value where the keyword w matches (or does not match) the ith region of the document F, the domain weighted score is defined asFor keyword set W ═ W₁,…,w_m) The domain weighted score is

In particular, the present embodiment relates to inverted indexing. An inverted index is an efficient information retrieval data structure for accelerating the search process, which stores a mapping from keywords to a set of documents (containing the keywords). An example of an inverted index is shown in the following table, where the first row indicates that the key w is contained₁Has an identifier of F₁,F₂,F₃And so on.

In particular, a smart contract is actually a digitized legal contract that is represented by a computer-implemented program. The intelligent contract may establish a trust relationship between participants without the need for a Trusted Third Party (TTP). Due to the lack of programmable digital systems, smart contracts were not turned into reality by the concept for the first time until the advent of bitcoin and etherhouse platforms. The scripting language of bitcoin is the first imperfect version of the intelligent contract, which lacks graphic-integrity and high scalability. In contrast to bitcoin, etherhouses are called programmable blockchains. The EtherFang does not predefine a set of script contents like the bitcoin, but allows the user to write complex intelligent contracts according to actual needs. The Etherhouse platform allows external users to invoke intelligent contracts for contract accounts to implement specific functionality. Both external accounts and contract accounts are identified by a 20 byte hexadecimal string, such as 0xca35b7d915458ef540ade6068dfe2f44e8fa733 c. The etherhouse smart contracts are stored on the etherhouse blockchain in bytecode format and executed in an Etherhouse Virtual Machine (EVM). An intelligent contract may contain multiple functions. Thus, an intelligent contract caller needs an Application Binary Interface (ABI) to specify which function in the contract to call and the format of the output. In an ether house, the user can control his/her external account with the private key, for example remitting ethernet money to another address. The embodiment uses the intelligent contract as a fair arbitrator to verify the integrity and correctness of the search result provided by the CP, and ensures fair payment among the data owner, the cloud platform and the user.

The existing retrieval system generally has the problem of online fair payment: if the user pays the retrieval fee first and then obtains the service, the cloud platform may not return a correct search result in order to save the computing resources; if the user obtains the service first and then pays, the user may intentionally not pay the service fee after the cloud platform returns the correct search result, and great cheating hidden danger exists. The embodiment designs a verifiable multi-keyword sequencing retrieval system based on a block chain, and the system utilizes an intelligent contract to verify the correctness and the integrity of a search result. The invention realizes automatic fair payment among the cloud platform, the data owner and the user by utilizing the automatic verification function of the intelligent contract on the search result. And the cloud server returns the documents with the highest relevance according to the search request. The invention realizes the secure data sharing of multiple users, and the encrypted data of the data owner can be authorized to multiple users to carry out secure retrieval and decryption through the intelligent contract. The invention can prevent cheating behaviors of any user and cloud platform in the retrieval system and ensure that all participants using the retrieval system can not generate economic loss.

As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.

The present application is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the application. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.

These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.

The foregoing is directed to preferred embodiments of the present invention, other and further embodiments of the invention may be devised without departing from the basic scope thereof, and the scope thereof is determined by the claims that follow. However, any simple modification, equivalent change and modification of the above embodiments according to the technical essence of the present invention are within the protection scope of the technical solution of the present invention.