支持结果验证的多服务器动态可搜索加密方案

doi:10.19665/j.issn1001-2400.2022.05.022

西安电子科技大学学报 ›› 2022, Vol. 49 ›› Issue (5): 189-200.doi: 10.19665/j.issn1001-2400.2022.05.022

• 计算机科学与技术 & 人工智能 • 上一篇下一篇

支持结果验证的多服务器动态可搜索加密方案

何雨^1,²(),田有亮^1,^2,³(),万良^1,²(),杨力⁴()

1．贵州大学计算机科学与技术学院,贵州贵阳 550025
2．贵州省公共大数据重点实验室,贵州贵阳 550025
3．贵州大学密码学与数据安全研究所,贵州贵阳 550025
4．西安电子科技大学计算机科学与技术学院,陕西西安 710071

收稿日期:2021-09-17 出版日期:2022-10-20 发布日期:2022-11-17
作者简介:何雨(1996—),男,贵州大学硕士研究生,E-mall:yuhe15797677109@163.com；|田有亮(1982—),男,教授,博士,E-mail:youliangtian@163.com；|万良(1974—),男,教授,博士,E-mail:lwan@gzu.edu.cn；|杨力(1977—),男,教授,博士,E-mail:yangli@xidian.edu.cn
基金资助:
国家自然科学基金(61662009);国家自然科学基金(61772008);贵州省科技重大专项计划(20183001);国家自然科学基金联合基金重点支持项目(U1836205);贵州省科技计划(黔科合基础[2019]1098);贵州省高层次创新型人才项目(黔科合平台人才[2020]6008)

Multi-server dynamic searchable encryption scheme supporting result verification

HE Yu^1,²(),TIAN Youliang^1,^2,³(),WAN Liang^1,²(),YANG Li⁴()

1. College of Computer Science and Technology,Guizhou University,Guiyang 550025,China
2. State Key Laboratory of Public Big Data,Guizhou University,Guiyang 550025,China
3. Institute of Cryptography and Date Security,Guizhou University,Guiyang 550025,China
4. School of Computer Science and Technology,Xidian University,Xi’an 710071,China

Received:2021-09-17 Online:2022-10-20 Published:2022-11-17

摘要/Abstract

摘要：

针对传统单服务器可搜索加密方案检索效率不高以及服务器单点故障问题,基于Shamir-秘密共享的思想,结合智能合约,构造了一个支持结果验证的多云服务器可搜索加密方案。首先,使用Shamir-秘密共享技术,将数据拆分成多个不同的数据块,分别加密存储在各个独立的服务器上,构造一个多云服务器可搜索加密模型,防止服务器单点故障导致数据大量丢失的问题,实现数据安全分布存储和高效查询;其次,利用智能合约自动执行的特点,构造查询结果的验证方法,通过签订合约来实现查询结果的验证,解决半可信的云服务器模型下返回结果的正确性难以保证的问题。另外,引入分块矩阵,对更新的数据构造子矩阵,以降低更新文档后查询的计算开销,并且通过添加虚假关键字信息,防止云服务器的猜测攻击,保证更新数据的安全。最后,通过安全性分析和实验分析表明,本方案在有效保护数据隐私的同时,与其他方案相比,减少了索引生成时间,并且检索效率更高。

关键词: 可搜索加密, 智能合约, 多服务器, Shamir-秘密共享, 分块矩阵

Abstract:

Aiming at the low retrieval efficiency and the single point of failure(SPOF) of the traditional single-server searchable encryption scheme,this paper constructs a multi-cloud server searchable encryption scheme supporting result verification based on Shamir-secret sharing and intelligent contract.First of all,the Shamir-secret sharing technology is used to split data into multiple different data blocks,which are encrypted and stored on each independent server,and a multi-cloud server searchable encryption model is constructed to prevent the problem of massive data loss caused by SPOF and realize safe distributed storage and efficient query of data.Furthermore,using the characteristics of automatic execution of smart contracts to construct a verification method for query results,the verification of query results is realized by signing a contract,which solves the problem that the correctness of the returned results under the semi-trusted cloud server model is difficult to guarantee.In addition,we introduce a block matrix to construct a sub-matrix for the updated data to reduce the computational cost of query after updating documents,and by adding false keyword information,guessing attacks on cloud servers are prevented,and the security of updated data is guaranteed.Finally,the security analysis and experimental analysis show that the scheme can effectively protect data privacy while reducing the index generation time,and achieve a higher retrieval efficiency compared with other schemes.

Key words: searchable encryption, smart contract, multi-server, Shamir-secret sharing, block matrix

中图分类号:

TP309.7

何雨,田有亮,万良,杨力. 支持结果验证的多服务器动态可搜索加密方案[J]. 西安电子科技大学学报, 2022, 49(5): 189-200.

HE Yu,TIAN Youliang,WAN Liang,YANG Li. Multi-server dynamic searchable encryption scheme supporting result verification[J]. Journal of Xidian University, 2022, 49(5): 189-200.

图/表 8

图1

表1

系统参数"

参数	含义	参数	含义
F= $f 1, f 2, f 3, …, f n$	文档集合	B_i	根据关键字集合生成的向量
C= $c 1, c 2, c 3, …, c n$	对F的加密文档集合	B	根据查询关键字集合生成的向量
W= $w 1, w 2, w 3, …, w m$	关键词集合	I	安全索引
Q= $q 1, q 2, …, q i$	查询关键字集合	T	根据查询关键字生成的陷门
F_k	查询结果解密文档	R	查询计算得到的相关结果

表1

图2

图3

图4

图5

图6

图7

参考文献 24

[1]	SONG D X, WAGNER D, PERRIG A. Practical Techniques for Searches on Encrypted Data[C]// Proceeding 2000 IEEE Symposium on Security and Privacy.S&P 2000. Piscataway: IEEE, 2000:44-55.
[2]	GOH E J. Secure Indexes[J]. IACR Cryptology ePrint Archive, 2003, 2003:216.
[3]	CURTMOLA R, GARAY J, KAMARA S, et al. Searchable Symmetric Encryption:Improved Definitions and Efficient Constructions[C]// The 13th ACM Conference on Computer and Communications Security. New York: ACM, 2006:79-88.
[4]	CHANG Y C, MITZENMACHER M. Privacy Preserving Keyword Searches on Remote Encrypted Data[C]// International Conference on Applied Cryptography and Network Security. Berlin: Springer, 2005:442-455.
[5]	FU Z, WU X, GUAN C, et al. Toward Efficient Multi-Keyword Fuzzy Search over Encrypted Outsourced Data with Accuracy Improvement[J]. IEEE Transactions on Information Forensics and Security, 2016, 11(12):2706-2716. doi: 10.1109/TIFS.2016.2596138
[6]	CONG W, REN K, YU S, et al. Achieving Usable and Privacy-Assured Similarity Search over Outsourced Cloud Data[C]// IEEE INFOCOM. Piscataway: IEEE, 2012:451-459.
[7]	BALLARD L, KAMARA S, MONROSE F. Achieving Efficient Conjunctive Keyword Searches over Encrypted Data[C]// International Conference on Information and Communications Security. Berlin: Springer, 2005:414-426.
[8]	闫玺玺, 赵强, 汤永利, 等. 支持灵活访问控制的多关键字搜索加密方案[J]. 西安电子科技大学学报, 2022, 49(1):55-66.
	YAN Xixi, ZHAO Qiang, TANG Yongli, et al. Multi-Keyword Search Encryption Scheme Supporting Flexible Access Control[J]. Journal of Xidian University, 2022, 49(1):55-66.
[9]	GOLLE P, STADDON J, WATERS B. Secure Conjunctive Keyword Search over Encrypted Data[C]// International Conference on Applied Cryptography and Network Security. Berlin: Springer, 2004:31-45.
[10]	CASH D, GRUBBS P, PERRYE J, et al. Leakage-Abuse Attacks Against Searchable Encryption[C]// The 22nd ACM SIGSAC Conference on Computer and Communications Security. New York: ACM. 2015:668-679.
[11]	JIN L, QIAN W, CONG W, et al. Fuzzy Keyword Search over Encrypted Data in Cloud Computing[C]// IEEE INFOCOM. Piscataway: IEEE, 2010:441-445.
[12]	王恺璇, 李宇溪, 周福才, 等. 面向多关键字的模糊密文搜索方法[J]. 计算机研究与发展, 2017, 54(2):348-360.
	WANG Kaixuan, LI Yuxi, ZHOU Fucai, et al. Multi-Keyword-Oriented Fuzzy Ciphertext Search Method[J]. Journal of Computer Research and Development, 2017, 54(2):348-360.
[13]	BOSCH C, PETER A, LEENDERS B, et al. Distributed Searchable Symmetric Encryption[C]// 2014 Twelfth Annual International Conference on Privacy,Security and Trust. Piscataway: IEEE, 2014:330-337.
[14]	ISHAI Y, KUSHILEVITZ E, LU S, et al. Private Large-Scale Databases with Distributed Searchable Symmetric Encryption[C]// Cryptographers’ Track at the RSA Conference. Berlin: Springer, 2016:90-107.
[15]	ORENCIK C, SELCUK A, SAVAS E, et al. Multi-Keyword Search over Encrypted Data with Scoring and Search Pattern Obfuscation[J]. International Journal of Information Security, 2016, 15(3):251-269. doi: 10.1007/s10207-015-0294-9
[16]	ZHANG W, LIN Y, XIAO S, et al. Secure Distributed Keyword Search in Multiple Clouds[C]// 2014 IEEE 22nd International Symposium of Quality of Service. Piscataway: IEEE, 2014:370-379.
[17]	POH G S, MOHAMAD M S, CHIN J J. Searchable Symmetric Encryption over Multiple Servers[J]. Cryptography and Communications, 2018, 10(1):139-158. doi: 10.1007/s12095-017-0232-y
[18]	ZHANG C, FU S, AO W. A Blockchain Based Searchable Encryption Scheme for Multiple Cloud Storage[C]// International Symposium on Cyberspace Safety and Security. Berlin: Springer, 2019:585-600.
[19]	杜瑞忠, 王一, 田俊峰. 一种支持动态可验证的密文检索方案[J]. 西安电子科技大学学报, 2022: 49(1):35-46.
	DU Ruizhong, WANG Yi, TIAN Junfeng. A Ciphertext Search Scheme Supporting Dynamic and Verifiable[J]. Journal of Xidian University, 2022, 49(1):35-46.
[20]	ZHANG Y, DENG R H, SHU J, et al. TKSE:Trustworthy keyword Search over Encrypted Data with Two-Side Verifiability Via Blockchain[J]. IEEE Access, 2018, 6:31077-31087. doi: 10.1109/ACCESS.2018.2844400
[21]	WANG S, ZHANG Y, ZHANG Y. A Blockchain-Based Framework for Data Sharing with Fine-Grained Access Control in Decentralized Storage Systems[J]. IEEE Access, 2018, 6:38437-38450. doi: 10.1109/ACCESS.2018.2851611
[22]	LI H, TIAN H, ZHANG F, et al. Blockchain-Based Searchable Symmetric Encryption Scheme[J]. Computers & Electrical Engineering, 2019, 73:32-45.
[23]	SHAMIR A. How to Share a Secret[J]. Communications of the ACM, 1979, 22(11):612-613. doi: 10.1145/359168.359176
[24]	SZABO N. Formalizing and Securing Relationships on Public Networks[J]. First Monday, 1997, 2(9):1-21.

支持结果验证的多服务器动态可搜索加密方案

Multi-server dynamic searchable encryption scheme supporting result verification

RichHTML

PDF (PC)

赞

可视化

摘要/Abstract

引用本文

使用本文

图/表 8

参考文献 24

相关文章 12

Metrics

本文评价

推荐阅读 0

[1]	闫玺玺,赵强,汤永利,李莹莹,李静然. 支持灵活访问控制的多关键字搜索加密方案[J]. 西安电子科技大学学报, 2022, 49(1): 55-66.
[2]	王凯文,王树兰,王海燕,丁勇. 一种支持属性撤销的top-k多关键词密文检索方案[J]. 西安电子科技大学学报, 2022, 49(1): 26-34.
[3]	李雪莲,张夏川,高军涛,向登梅. 支持属性和代理重加密的区块链数据共享方案[J]. 西安电子科技大学学报, 2022, 49(1): 1-16.
[4]	王慧,王励成,柏雪,刘清华,沈晓鹰. 区块链隐私保护和扩容关键技术研究[J]. 西安电子科技大学学报, 2020, 47(5): 28-39.
[5]	李涵,张晨,黄荷姣,郭宇. 一种支持前向安全更新和验证的加密搜索算法[J]. 西安电子科技大学学报, 2020, 47(5): 48-56.
[6]	苗银宾;马建峰;张俊伟;刘志全. 高效的可验证多关键字密文检索[J]. 西安电子科技大学学报, 2017, 44(4): 18-23+68.
[7]	伍祈应;马建峰;李辉;苗银宾. 无证书连接关键字密文检索[J]. 西安电子科技大学学报, 2017, 44(3): 55-60.
[8]	苗银宾;马建峰;刘志全;魏福山;王绪安. 关键字域可变的可验证密文检索[J]. 西安电子科技大学学报, 2017, 44(1): 52-58.
[9]	李昊星;李凤华;宋承根;苏铓;刘歆. 支持多关键字的可搜索公钥加密方案[J]. J4, 2015, 42(5): 20-25.
[10]	朱旭东;李晖;郭祯. 云计算环境下加密图像检索[J]. J4, 2014, 41(2): 151-158.
[11]	万涛;廖维川;马建峰. 面向多服务器架构的认证协议分析与改进[J]. J4, 2013, 40(6): 174-179.
[12]	江兆林;邓方安;刘三阳. 鳞状循环因子矩阵逆矩阵的求法[J]. J4, 2003, 30(3): 415-420.