摘要
云存储技术因其使用便捷、性价比高等优势得以迅速发展,越来越多用户将个人数据外包至第三方云服务器存储。虽然数据加密存储可有效保护数据安全和用户隐私,但传统的对称/非对称加密技术会影响数据检索和使用。可搜索加密是一种特殊的加密技术,一经提出便备受关注,在保障数据机密性的同时可提供数据检索功能。目前,国内外学者提出了大量可搜索加密方案,但现有方案都基于国外密码算法设计,尚未见基于国产商用密码算法的可搜索加密方案在国内外刊物上公开发表,不符合我国密码核心技术自主可控的要求。为了丰富国产商用密码算法在可搜索加密方面的研究,满足云存储领域的数据安全检索需求,本文以SM9标识加密算法为基础,构造了一种公钥可搜索加密方案(SM9-PEKS)。在q-ABDHE安全假设和随机谕言模型下,本文首先证明SM9标识加密算法的匿名性,进而证明SM9-PEKS方案的安全性。理论分析和编程实现结果表明,与常用经典的公钥可搜索加密方案相比,本文方案在增加64字节通信代价的情况下,可至少降低31.31%的计算开销。最后,提出了未来可能的研究方向。
Cloud storage technology has developed rapidly due to its flexible use and high cost performance, more and more users outsource their personal data to third-party cloud servers in order to save local storage resources and use data more conveniently. A large number of security risks appear while storing data, the data that usually need to be encrypted then stored to effectively protect data security and user privacy, but traditional symmetric/asymmetric encryption technology affects data efficient retrieval and use. Searchable encryption is a special cryptographic technology that not only guarantees data confidentiality but also provides convenient and secure data retrieval service. Searchable encryption has attracted widespread attention of scholars as soon as it was proposed. At present, domestic and foreign scholars have proposed a large number of searchable encryption schemes, but the existing schemes are based on foreign cryptographic algorithms. After our extensive research, there is no searchable encryption schemes based on domestic commercial cryptography algorithm has been published in domestic and foreign academic journals, which does not meet the requirements of security and independent control of cryptography core technology. In order to enrich the research of domestic commercial cryptographic algorithms in searchable encryption, and meet the security retrieval needs of data stored in the cloud servers,this article firstly adapts the SM9 identity-based encryption algorithm to construct a public key searchable encryption scheme(SM9-PEKS). Then, we prove the anonymity of SM9 identity-based encryption algorithm in the random oracle model based on the security assumption of q-ABDHE, followed by the security of the proposed SM9-PEKS. Theoretical analysis and programming implementation results show that, this scheme has a good balance between safety and efficiency.Compared with the classic commonly used PEKS schemes, the SM9-PEKS can reduce the computational overhead by at least 31.31% under extra communication cost of 64 bytes. Finally, the possible future research directions are proposed.
作者
蒲浪
林超
伍玮
何德彪
PU Lang;LIN Chao;WU Wei;HE Debiao(College of Computer and Cyber Security,Fujian Normal University,Fuzhou 350117,China;School of Mathematics and Statistics,Fujian Normal University,Fuzhou 350117,China;School of Cyber Science and Engineering,Wuhan University,Wuhan 430072,China)
出处
《信息安全学报》
CSCD
2023年第1期108-118,共11页
Journal of Cyber Security
基金
国家自然科学基金(No.62102089,No.62032005,No.61872089,No.61972294)
中央高校基本科研业务费专项资金(No.2042021kf1030)
湖北省自然科学基金(No.2017CFA007)
福建省自然科学基金(No.2020J02016)资助。
关键词
SM9算法
公钥可搜索加密
标识密码
匿名性
SM9 algorithm
public key encryption with keyword search
identity-based cryptography
anonymity