支持关键字更新的基于属性可搜索加密方案

ATTRIBUTE-BASED SEARCHABLE ENCRYPTION SCHEME WITH SUPPORTING KEYWORD UPDATES

针对云存储环境中重要通知、广播消息、数据共享等敏感性较高的数据访问控制需求,提出和设计出一种适用于云存储环境支持关键字更新的可搜索加密方案。方案中的文件明文采用基于属性的加密算法,可以实现文件密文只加密一次就可被多个用户私钥搜索,避免了针对不同用户数据拥有者需要多次加密的问题,降低了网络开销。但是现有的基于属性的可搜索加密方案无法实现文件索引的更新,针对此问题,采用带计数器的布隆过滤器对文件关键字进行处理,能够允许用户在索引密文中添加或者删除关键字,实现文件索引的动态更新,提高了检索效率。给出方案的正确性分析、安全分析以及效率分析。分析结果表明:文件索引和陷门经过带计数器的布隆过滤器并进行向量加密后,的确能够实现增加和删除关键字;采用对称加密的思想对文件和索引进行加密后,明文和索引也都是安全的;通过与其他方案的计算量和适应性对比,可以发现方案的计算量较低,适应性强。

Aiming at the high sensitive data access control requirements such as important notification,broadcast message and data sharing in cloud storage environment,a searchable encryption scheme was proposed and designed to support keyword updating in cloud storage environment.The file in the scheme adopted the attribute-based encryption algorithm plaintext,and achieved that the file ciphertext could be searched by multiple user private keys only once by encrypting.It avoided the need for multiple user data owners need to encrypt multiple times and reduced network overhead.However,existing attribute-based searchable encryption schemes did not allow file index updates.In order to solve this problem,we used the Bloom filter with counter to process the keyword of the file,which allowed users to add or delete the keyword in the index ciphertext,to dynamically update the file index and improved the retrieval efficiency.The correctness analysis,safety analysis and efficiency analysis were given.The analysis results showed that the file index and trapdoor could indeed add and delete keywords after passing through a Bloom filter with a counter and performing vector encryption.With the idea of symmetric encryption to encrypt files and indexes,both plaintext and index were also safe.Comparing with the computation and adaptability of other schemes,it could be found that the computational complexity of the scheme was low and the adaptability was strong.