Identity-based Public Key Keyword Searchable Encryption Scheme with Denial Authentication
-
摘要: 云存储技术的发展实现了资源共享,为用户节省了数据管理开销。可搜索加密技术,既保护用户隐私又支持密文检索,方便了用户查找云端密文数据。现有的公钥关键字可搜索加密方案虽然支持身份认证,但未实现否认的属性。为了更好地保护发送者的身份隐私,该文将否认认证与公钥关键字可搜索加密技术相结合,提出一种基于身份的具有否认认证的关键字可搜索加密方案(IDAPKSE)。在该方案中,发送者上传密文后,能够对自己上传密文这一通信行为进行否认,与此同时,接收者可以确认密文数据的来源,但是,即使与第三方合作,接收者也不能向第三方证明其所掌握的事实。在随机预言模型下,基于双线性Diffie-Hellman(BDH)和决策双线性Diffie-Hellman(DBDH)数学困难问题,证明了该文方案满足不可伪造性、密文和陷门的不可区分性。Abstract: The development of cloud storage technology achieves resource sharing, which reduces users data management overhead. Searchable encryption technology protects users privacy and supports ciphertext retrieval, making it easy for users to find encrypted data in the cloud. Although existing public key searchable encryption schemes support authentication, the denial property is not implemented. To protect better the senders identity privacy, an Identity-based Public Key keyword Searchable Encryption scheme with Denial Authentication (IDAPKSE) is proposed. In the proposed scheme, the sender uploads the ciphertext and has the ability to deny that he or she uploaded the ciphertext to the cloud server. At the same time, the receiver can confirm the origin of the ciphertext, however, even with the cooperation of a third party, the receiver can not prove the facts in his/her possession to the third party. Under the random oracle model, based on the Bilinear Diffie-Hellman(BDH) and Decisional Bilinear Diffie-Hellman(DBDH) assumptions, the proposed scheme satisfies unforgeability of the ciphertexts, and indistinguishability of ciphertexts and trapdoors.
-
Key words:
- Privacy of identity /
- Denial of authentication /
- Searchable encryption
-
表 2 计算量对比
表 3 不同操作的基本运算耗费时间(ms)
TH TE TM TP 时间 3.301 2.864 0.135 3.658 -
[1] 白利芳, 祝跃飞, 芦斌. 云数据存储安全审计研究及进展[J]. 计算机科学, 2020, 47(10): 290–300. doi: 10.11896/jsjkx.191000111BAI Lifang, ZHU Yuefei, and LU Bin. Research and development of data storage security audit in cloud[J]. Computer Science, 2020, 47(10): 290–300. doi: 10.11896/jsjkx.191000111 [2] 韩培义, 刘川意, 王佳慧, 等. 面向云存储的数据加密系统与技术研究[J]. 通信学报, 2020, 41(8): 55–65. doi: 10.11959/j.issn.1000-436x.2020140HAN Peiyi, LIU Chuanyi, WANG Jiahui, et al. Research on data encryption system and technology for cloud storage[J]. Journal on Communications, 2020, 41(8): 55–65. doi: 10.11959/j.issn.1000-436x.2020140 [3] YANG Ningbin, XU Shumei, and QUAN Zhou. An efficient public key searchable encryption scheme for mobile smart terminal[J]. IEEE Access, 2020, 8: 77940–77950. doi: 10.1109/ACCESS.2020.2989628 [4] BONEH D, DI CRESCENZO G, OSTROVSKY R, et al. Public key encryption with keyword search[C]. International Conference on the Theory and Applications of Cryptographic Techniques, Interlaken, Switzerland, 2004: 506–522. doi: 10.1007/978-3-540-24676-3_30. [5] BYUN J W, RHEE H S, PARK H A, et al. Off-line keyword guessing attacks on recent keyword search schemes over encrypted data[C]. The 3rd VLDB Workshop on Secure Data Management, Seoul, South Korea, 2006: 75–83. doi: 10.1007/11844662_6. [6] LU Yang and LI Jiguo. Efficient searchable public key encryption against keyword guessing attacks for cloud-based EMR systems[J]. Cluster Computing, 2019, 22(1): 285–299. doi: 10.1007/s10586-018-2855-y [7] LIN Qun, YAN Hongyang, HUANG Zhengan, et al. An ID-based linearly homomorphic signature scheme and its application in blockchain[J]. IEEE Access, 2018, 6: 20632–20640. doi: 10.1109/ACCESS.2018.2809426 [8] WU T Y, TSAI T T, and TSENG Y M. Efficient searchable ID-based encryption with a designated server[J]. Annals of Telecommunications-Annales Des Télécommunications, 2014, 69(7/8): 391–402. doi: 10.1007/s12243-013-0398-z [9] 王少辉, 韩志杰, 肖甫, 等. 指定测试者的基于身份可搜索加密方案[J]. 通信学报, 2014, 35(7): 22–32. doi: 10.3969/j.issn.1000-436x.2014.07.003WANG Shaohui, HAN Zhijie, XIAO Fu, et al. Identity-based searchable encryption scheme with a designated tester[J]. Journal on Communications, 2014, 35(7): 22–32. doi: 10.3969/j.issn.1000-436x.2014.07.003 [10] HUANG Qiong and LI Hongbo. An efficient public-key searchable encryption scheme secure against inside keyword guessing attacks[J]. Information Sciences, 2017, 403/404: 1–14. doi: 10.1016/j.ins.2017.03.038 [11] BAEK J, SAFAVI-NAINI R, and SUSILO W. Public key encryption with keyword search revisited[C]. 2008 International Conference on Computational Science and its Applications, Perugia, Italy, 2008: 1249–1259. doi: 10.1007/978-3-540-69839-5_96. [12] LI Hongbo, HUANG Qiong, SHEN Jian, et al. Designated-server identity-based authenticated encryption with keyword search for encrypted emails[J]. Information Sciences, 2019, 481: 330–343. doi: 10.1016/j.ins.2019.01.004 [13] LU Yang and LI Jiguo. Constructing designated server public key encryption with keyword search schemes withstanding keyword guessing attacks[J]. International Journal of Communication Systems, 2019, 32(3): e3862. doi: 10.1002/dac.3862 [14] DWORK C, NAOR M, and SAHAI A. Concurrent Zero-knowledge[J]. Journal of the ACM, 2004, 51(6): 851–898. doi: 10.1145/1039488.1039489 [15] LI Fagen, ZHENG Zhaohui, and JIN Chunhua. Identity-based deniable authenticated encryption and its application to e-mail system[J]. Telecommunication Systems, 2016, 62(4): 625–639. doi: 10.1007/s11235-015-0099-1 [16] WU Weifeng and LI Fagen. An efficient identity-based deniable authenticated encryption scheme[J]. KSII Transactions on Internet and Information Systems, 2015, 9(5): 1904–1919. doi: 10.3837/tiis.2015.05.020 [17] POINTCHEVAL D and STERN J. Security arguments for digital signatures and blind signatures[J]. Journal of Cryptology, 2000, 13(3): 361–396. doi: 10.1007/s001450010003 [18] PBC Library. The pairing-based cryptography library[EB/OL]. http://crypto.stanford.edu/pbc/, 2015.