Verifiable Multi-keyword Search Encryption Scheme with Attribute Revocation
-
摘要:
近年来,可搜索加密技术及细粒度访问控制的属性加密在云存储环境下得到广泛应用。考虑到现存的基于属性的可搜索加密方案存在仅支持单关键词搜索而不支持属性撤销的问题,以及单关键词搜索可能造成返回搜索结果部分错误并导致计算和宽带资源浪费的缺陷,该文提出一种支持属性撤销的可验证多关键词搜索加密方案。该方案允许用户检测云服务器搜索结果的正确性,同时在细粒度访问控制结构中支持用户属性的撤销,且在属性撤销过程中不需要更新密钥和重加密密文。该文在随机预言机模型下基于判定性线性假设被证明具有抵抗选择关键词集攻击安全性及关键词隐私性,同时从理论和实验两方面分析验证了该方案具有较高的计算效率与存储效率。
Abstract:In recent years, searchable encryption technology and fine-grained access control attribute encryption is widely used in cloud storage environment. Considering that the existing searchable attribute-based encryption schemes have some flaws: It only support single-keyword search without attribute revocation. The single-keyword search may result in the waste of computing and broadband resources due to the partial retrieval from search results. A verifiable multi-keyword search encryption scheme that supports revocation of attributes is proposed. The scheme allows users to detect the correctness of cloud server search results while supporting the revocation of user attributes in a fine-grained access control structure without updating the key or re-encrypting the ciphertext during revocation stage. The aforementioned scheme is proved by the deterministic linearity hypothesis, and the relevant analysis results indicate that it can resist the attacks of keyword selection and the privacy of keywords in the random oracle model with high computational efficiency and storage effectiveness.
-
Key words:
- Searchable encryption /
- Attribute revocation /
- Multi-keyword search /
- Provable security
-
表 1 功能比较
下载: 导出CSV
表 2 存储代价比较
方案 系统建立算法 密钥生成算法 加密算法 陷门生成算法 文献[6] $\left(4 + \sum\limits_{i = 1}^N {{n_i}} \right)|G| + \left(2 + \sum\limits_{i = 1}^N {{n_i}} \right)|{Z_p}|$ $(2N + 2)|G|$ $(2N + 2)|G|$ $(2N + 1)|G| + |{Z_p}|$ 文献[9] $9|G| + 5|{Z_p}|$ $|G| + |{Z_p}|$ $(5m + 2)|G|$ $(6l + 2)|G| + |M|$ 文献[12] $(3N + 2)|G| + (3N + 1)|{Z_p}|$ $(2N + 1)|G| + |{Z_p}|$ $(N + 2)|G|$ $(2N + 1)|G| + |{Z_p}|$ 本文方案 $7|G| + (|S| + 3)|{Z_p}|$ $(2|S| + 2)|G| + |{Z_p}|$ $(|S| + m + 2)|G|$ $(|S| + 4)|G|$
下载: 导出CSV
表 3 计算代价比较
方案 系统建立算法 密钥生成算法 加密算法 陷门生成算法 搜索算法 验证算法 文献[6] $\left(2 + \sum\limits_{i = 1}^N {{n_i}} \right)E$ $(2N + 2)E$ $(2N + 2)E$ $(2N + 1)E$ $E + (2N + 1)P$ — 文献[9] $5E$ $E$ $(6m + 3)E$ $(15l + 3)E$ $(l + 1)E + (6l + 1)P$ — 文献[12] $\left(3N + 1\right)E + P$ $(2N + 3)E$ $(N + 2)E$ $(2N + 1)E$ $E + (N + 1)P$ — 本文方案 $3E$ $(2|S| + 2)E$ $(|S| + 3)E$ $(2|S| + 3)E$ $E + 3P$ $(\varphi + 1)E + 2P$
下载: 导出CSV
-
SONG D X, WAGNER D, and PERRIG A. Practical techniques for searches on encrypted data[C]. 2000 IEEE Symposium on Security and Privacy, Berkeley, USA, 2008: 44–55. doi: 10.1109/SECPRI.2000.848445. BONEH D, CRESCENZO G D, OSTROVSKY R, et al. Public key encryption with keyword search[C]. International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2004: 506–522. doi: 10.1007/978-3-540-24676-3_30. CURTMOLA R, GARAY J, KAMARA S, et al. Searchable symmetric encryption: Improved definitions and efficient constructions[C]. Proceedings of the 13th ACM Conference on Computer and Communications Security, Alexandria, USA, 2006: 79–88. doi: 10.1145/1180405.1180417. 李双, 徐智茂. 基于属性的可搜索加密方案[J]. 计算机学报, 2014, 37(5): 1018–1024. doi: 10.3724/SP.J.1016.2014.01017LI Shuang and XU Zhimao. Attribute-based public encryption with keyword search[J]. Chinese Journal of Computers, 2014, 37(5): 1018–1024. doi: 10.3724/SP.J.1016.2014.01017 YANG Yang and MA Maode. Conjunctive keyword search with designated tester and timing enabled proxy re-encryption function for E-Health clouds[J]. IEEE Transactions on Information Forensics and Security, 2017, 11(4): 746–759. doi: 10.1109/TIFS.2015.2509912 QIU Shuo, LIU Jiqiang, SHI Yanfeng, et al. Hidden policy ciphertext-policy attribute-based encryption with keyword search against keyword guessing attack[J]. Science China (Information Sciences) , 2017, 60(5): 1–12. doi: 10.1007/s11432-015-5449-9 MIAO Yinbin, MA Jianfeng, WEI Fushan, et al. VCSE: Verifiable conjunctive keywords search over encrypted data without secure-channel[J]. Peer-to-Peer Networking and Applications, 2017, 10(4): 995–1007. doi: 10.1007/s12083-016-0458-z MIAO Yinbin, MA Jianfeng, JIANG Qi, et al. Verifiable keyword search over encrypted cloud data in smart city[J]. Computers and Electrical Engineering, 2017, 65(1): 90–101. doi: 10.1016/j.compeleceng.2017.06.021 CUI Hui, WAN Zhiguo, DENG R H, et al. Efficient and expressive keyword search over encrypted data in the cloud[J]. IEEE Transactions on Dependable and Secure Computing, 2016, 15(3): 409–422. doi: 10.1109/TDSC.2016.2599883 LI Runhe, ZHENG Dong, ZHANG Yinghui, et al. Attribute-based encryption with multi-keyword search[C]. IEEE Second International Conference on Data Science in Cyberspace, Shenzhen, China, 2017: 172–177. doi: 10.1109/DSC.2017.97. 王尚平, 余小娟, 张亚玲. 具有两个可撤销属性列表的密钥策略的属性加密方案[J]. 电子与信息学报, 2016, 38(6): 1406–1411. doi: 10.11999/JEIT150845WANG Shangping, YU Xiaojuan, and ZHANG Yaling. Revocable key-policy attribute-based encryption scheme with two revocation lists[J]. Journal of Electronics &Information Technology, 2016, 38(6): 1406–1411. doi: 10.11999/JEIT150845 SUN Wenhai, YU Shucheng, LOU Wenjing, et al. Protecting your right: Verifiable attribute-based keyword search with fine-grained owner-enforced search authorization in the cloud[J]. IEEE Transactions on Parallel and Distributed Systems, 2016, 27(4): 1187–1198. doi: 10.1109/TPDS.2014.2355202 陈燕俐, 杨华山. 可支持属性撤销的基于CP-ABE可搜索加密方案[J]. 重庆邮电大学学报(自然科学版), 2016, 28(4): 545–554. doi: 10.3979/j.issn.1673-825X.2016.04.016CHEN Yanli and YANG Huashan. CP-ABE based searchable encryption with attribute revocation[J]. Journal of Chongqing University of Posts and Telecommunications (Natural Science Edition) , 2016, 28(4): 545–554. doi: 10.3979/j.issn.1673-825X.2016.04.016 GOYAL V, PANDEY O, SAHAI A, et al. Attribute-based encryption for fine-grained access control of encrypted data[C]. Proceedings of the 13th ACM Conference on Computer and Communications Security, Alexandria, USA, 2006: 89–98. doi: 10.1145/1180405.1180418. ZHENG Qingji, XU Shouhuai, and ATENIESE G. VABKS: Verifiable attribute-based keyword search over outsourced encrypted data[C]. IEEE INFOCOM, Toronto, Canada, 2014: 522–530. doi: 10.1109/INFOCOM.2014.6847976. -
下载:
计量
- 文章访问数: 1865
- HTML全文浏览量: 687
- PDF下载量: 84
- 被引次数: 0
