多接收者证书基可搜索加密方案

Multi-Recipient Certificate-Based Searchable Encryption Scheme

可搜索加密作为一种加密原语,允许用户在云存储服务器中搜索文件的同时确保原始文件的机密性.证书基可搜索加密在实现密文检索的基础上,解决了证书管理、密钥托管、安全信道等问题.然而,已有的证书基可搜索加密要么使用耗时的双线性映射操作,要么无法满足发送者匿名特性.同时其仅考虑单个接收者,致使多个接收者场景下效率低,不能满足现实需求.为解决上述不足,基于椭圆曲线密码学,利用密钥交换思想和数字签名技术,本文提出多接收者证书基可搜索加密方案.对于相同数据,方案中发送者仅仅执行一次加密,即可使得多个接收者能够同时进行搜索.同时,发送者使用自己的私钥和证书生成密文,导致敌手无法生成有效密文发动关键词猜测攻击,确保了搜索陷门的安全性.本文所提方案中搜索陷门仅由一个群元素组成,同时没有泄露发送者的身份信息实现了匿名性.安全性分析表明,在随机预言机模型中,基于计算性Diffie-Hellman假设,本文所提方案能够满足适应性选择关键词攻击的不可区分性和适应性关键词猜测攻击的不可区分性.性能分析表明,与相关方案相比,本文所提方案实现了低的计算代价和通信代价,更加适用于云存储环境下的多用户服务场景.

With the development of cloud computing,more and more data are outsourced to cloud servers for the purpose of freeing up local storage resources.Taking the privacy problem into account,the data are typically encrypted before outsourcing.However,the encryption operation will break the structure of underlying data,making the retrieval function limited.Searchable encryption(SE),as an encryption primitive,allows users to search encrypted files in cloud storage servers while ensuring the security of the original files.Although public-key encryption with keyword search(PEKS)solves the ciphertext retrieval problem in the public key scenario,it suffers from the inherent certificate management problem in the traditional public key infrastructure setting.Subsequently,scholars have solved this problem by combining PEKS with identity-based cryptography(IBC)or certificateless cryptography(CLC).However,IBC and CLC also have the key escrow or secure channel problem.The former means that the private keys of all users will be leaked once the private key generator in IBC is compromised.The latter implies that the(partial)private key of the user needs to be transmitted over a secure channel in IBC and CLS.Certificate-based searchable encryption(CBSE)solves the problems of certificate management,key escrow,and secure channel on the basis of realizing ciphertext retrieval.Nevertheless,existing CBSE schemes either use time-consuming bilinear pairing operations resulting in efficiency problems or use the sender’s identity information as part of the search trapdoor,which leads to the failure to meet the property of sender anonymity.At the same time,existing schemes only consider the situation where a single recipient performs the search function,which leads to inefficiency in the scenario of multiple recipients and does not meet the practical requirements.In order to solve the above problems,based on elliptic curve cryptography,the multi-recipient certificate-based searchable encryption(MRCBSE)scheme is put forward using the key exchange protocol and digital signature technology.In the proposed scheme,for the same data,the sender only needs to perform the encryption operation once to generate a ciphertext that can be searched by multiple recipients at the same time.Also,the sender generates the ciphertext using its own private key and certificate,such that the adversaries cannot produce a valid ciphertext to launch the keyword guessing attack,ensuring the security of the search trapdoor.The search trapdoor of the proposed scheme consists of only one group element and does not reveal the identity information of the sender,thus achieving the property of sender anonymity.The formal definition and the corresponding security model of MRCBSE are given.Subsequently,based on the computational Diffie-Hellman assumption,the proposed scheme is proved to satisfy the indistinguishability under adaptive chosen keyword attack and the indistinguishability under adaptive keyword guessing attack in random oracle.Performance analysis results show that,in comparison with the related schemes,the proposed scheme not only has obvious advantages in terms of computation cost and communication cost but also realizes more security features,meaning that it is more suitable for multi-user service scenarios in cloud storage environments.