基于区块链的多关键字细粒度可搜索加密方案

doi:10.3969/j.issn.1671-1122.2021.02.005

摘要/Abstract

摘要：

密文策略下基于属性的关键字搜索（CP-ABKS）技术可以对加密的数据实现细粒度控制和检索。现有CP-ABKS方案较少考虑云服务器的恶意行为和搜索过程的公平支付,且通常只支持单关键字密文检索。对此,文章提出基于区块链的多关键字细粒度可搜索加密方案。利用密文策略下基于属性的加密技术满足多用户检索,实现了细粒度访问控制和访问策略隐藏。结合区块链技术避免了恶意云服务器对索引的篡改,使用智能合约保障了用户和数据拥有者之间的公平支付。此外,文章方案还实现了多关键字检索,且无需第三方验证实体就可以保证用户得到正确的检索结果。安全性分析表明文中方案能够保证关键字和访问策略的不可区分性,并通过性能评估验证了该方案在保证效率的同时具有更优的功能。

关键词: 区块链, 基于属性的加密, 多关键字, 可搜索加密

Abstract:

Ciphertext-policy attribute-based keyword search (CP-ABKS) technology can achieve fine-grained control and retrieval of encrypted data. However, the existing CP-ABKS scheme seldom considered the malicious behavior of the cloud server and the fair payment of the search process, and usually only supported single-keyword ciphertext retrieval. This paper proposes a multi-keyword fine-grained searchable encryption scheme based on blockchain. The use of ciphertext policy attribute-based encryption (CP-ABE) technology satisfies multi-user retrieval and realizes fine-grained access control and access policy hiding. The combination of blockchain technology prevents malicious cloud servers from tampering with the index, and the use of smart contracts ensures fair payment between users and data owners. In addition, the scheme also implements multi-keyword retrieval, and can ensure that users get correct retrieval results without the need for a third-party verification entity. The security analysis shows that the proposed scheme can guarantee the indistinguishability of keywords and access policies, and the performance evaluation verifies that the scheme has better functions while ensuring efficiency.

Key words: blockchain, ABE, multi-keyword, searchable encryption

中图分类号:

TP309

张应辉, 朱甜, 郑东. 基于区块链的多关键字细粒度可搜索加密方案[J]. 信息网络安全, 2021, 21(2): 34-44.

ZHANG Yinghui, ZHU Tian, ZHENG Dong. Multi-keyword Fine-grained Searchable Encryption Scheme Based on Blockchain[J]. Netinfo Security, 2021, 21(2): 34-44.

图/表 6

图1

表1

表2

图2

图3

图4

参考文献 33

[1]	LI Jianqiang, WANG Shulan, LI Yuan, et al. An Efficient Attribute-based Encryption Scheme with Policy Update and File Update in Cloud Computing[J]. IEEE Transactions on Industrial Informatics, 2019,15(12): 6500-6509.
[2]	SONG D X, WAGNER D, PERRIG A. Practical Techniques for Searches on Encrypted Data[C]//IEEE. Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000, May 14-17, 2000, Berkeley, CA, USA. New York: IEEE, 2000: 44-55.
[3]	MIAO Yinbin, MA Jianfeng, LIU Ximeng, et al. Lightweight Fine-grained Search over Encrypted Data in Fog Computing[J]. IEEE Transactions on Services Computing, 2018,12(5): 772-785.
[4]	MIAO Yinbin, MA Jianfeng, LIU Ximeng, et al. Practical Attribute-based Multi-keyword Search Scheme in Mobile Crowdsourcing[J]. IEEE Internet of Things Journal, 2017,5(4): 3008-3018.
[5]	BETHENCOURT J, SAHAI A, WATERS B. Ciphertext-policy Attribute-based Encryption[C]//IEEE. 2007 IEEE Symposium on Security and Privacy (SP'07), May 20-23, 2007, Berkeley, CA, USA. New York: IEEE, 2007: 321-334.
[6]	PHUONG T V X, YANG Guoming, SUSILO W. Hidden Ciphertext Policy Attribute-based Encryption under Standard Assumptions[J]. IEEE Transactions on Information Forensics and Security, 2015,11(1): 35-45.
[7]	QIU Shuo, LIU Jiqiang, SHI Yanfeng, et al. Hidden Policy Ciphertext-policy Attribute-based Encryption with Keyword Search against Keyword Guessing Attack[J]. Science China Information Sciences, 2017,60(5): 130-141.
[8]	MIAO Yinbin, LIU Ximeng, CHOO K K R, et al. Privacy-preserving Attribute-based Keyword Search in Shared Multi-owner Setting[EB/OL]. https://ieeexplore.ieee.org/document/8634881, 2019-02-05.
[9]	MIAO Yinbin, DENG R, LIU Ximeng, et al. Multi-authority Attribute-based Keyword Search over Encrypted Cloud Data[EB/OL]. https://ieeexplore.ieee.org/document/8798730, 2019-08-14.
[10]	MIAO Yinbin, MA Jianfeng, LIU Ximeng, et al. M2-ABKS: Attribute-based Multi-keyword Search over Encrypted Personal Health Records in Multi-owner Setting[J]. Journal of Medical Systems, 2016,40(11): 246. URL pmid: 27696175
[11]	MIAO Yinbin, MA Jianfeng, LIU Ximeng, et al. Attribute-based Keyword Search over Hierarchical Data in Cloud Computing[J]. IEEE Transactions on Services Computing, 2017,13(6): 985-998.
[12]	SUN Wenhai, YU Shucheng, LOU Wenjing, et al. Protecting Your Right: Verifiable Attribute-based Keyword Search with Fine-grained Owner-enforced Search Authorization in the Cloud[J]. IEEE Transactions on Parallel and Distributed Systems, 2014,27(4): 1187-1198.
[13]	SUN Jin, REN Lili, WANG Shangping, et al. Multi-keyword Searchable and Data Verifiable Attribute-based Encryption Scheme for Cloud Storage[EB/OL]. https://ieeexplore.ieee.org/document/8718276, 2020-05-20.
[14]	KHAN M A, SALAH K. IOT Security: Review, Blockchain Solutions, and Open Challenges[EB/OL]. https://doi.org/10.1016/j.future, 2020-05-12.
[15]	NIU Shufen, CHEN Lixia, WANG Jinfeng, et al. Electronic Health Record Sharing Scheme with Searchable Attribute-based Encryption on Blockchain[EB/OL]. https://ieeexplore.ieee.org/document/8931605, 2019-12-12.
[16]	ZHANG Yinghui, DENG R H, SHU Jiangang, et al. TKSE: Trustworthy Keyword Search over Encrypted Data with Two-side Verifiability via Blockchain[EB/OL]. https://ieeexplore.ieee.org/document/8374038, 2018-06-06.
[17]	YANG Xiaodong, CHEN Guilan, WANG Meiding, et al. Multi-keyword Certificateless Searchable Public Key Authenticated Encryption Scheme Based on Blockchain[EB/OL]. https://ieeexplore.ieee.org/document/9183912, 2020-09-01.
[18]	ZHENG Dong, ZHAO Qinglan, ZHANG Yinghui. A Brief Overview on Cryptography[J]. Journal of Xi'an University of Posts and Telecommunications, 2013,18(6): 1-10.
	郑东, 赵庆兰, 张应辉. 密码学综述[J]. 西安邮电大学学报, 2013,18(6): 1-10.
[19]	HUR J. Improving Security and Efficiency in Attribute-based Data Sharing[J]. IEEE Transactions on Knowledge and Data Engineering, 2011,25(10): 2271-2282.
[20]	GAO Jian, ZENG Kang, JIN Hengzhan, et al. Data Access Control Scheme Based on CP-ABE in Cloud Storage[J]. Journal of Northeastern University (Natural Science), 2015,36(10): 1416-1421.
	高健, 曾康, 金恒展, 等. 基于CP-ABE的云存储数据访问控制方案[J]. 东北大学学报(自然科学版), 2015,36(10): 1416-1421.
[21]	NISHIDE T, YONEYAMA K, OHTA K. Attribute-based Encryption with Partially Hidden Encryptor-specified Access Structures[C]//Springer. International Conference on Applied Cryptography and Network Security, June 3-6, 2008, New York, NY, USA. Berlin: Springer, 2008: 111-129.
[22]	BONEH D, DI Crescenzo G, OSTROVSKY R, et al. Public Key Encryption with Keyword Search[C]//Springer. International Conference on the Theory and Applications of Cryptographic Techniques, May 2-6, 2004, Interlaken, Switzerland. Berlin: Springer, 2004: 506-522.
[23]	LI Jiguo, LIN Xiaonan, ZHANG Yichen, et al. KSF-OABE: Outsourced Attribute-based Encryption with Keyword Search Function for Cloud Storage[J]. IEEE Transactions on Services Computing, 2016,10(5): 715-725.
[24]	ZHENG Qingji, XU Shouhuai, ATENIESE G. VABKS: Verifiable Attribute-based Keyword Search over Outsourced Encrypted Data[C]// IEEE. IEEE INFOCOM 2014-IEEE Conference on Computer Communications, April 27-May 2, 2014, Toronto, ON, Canada. New York: IEEE, 2014: 522-530.
[25]	MIAO Yinbin, LIU Ximeng, CHOO K K R, et al. Fair and Dynamic Data Sharing Framework in Cloud-assisted Internet of Everything[J]. IEEE Internet of Things Journal, 2019,6(4): 7201-7212. doi: 10.1109/JIoT.6488907 URL
[26]	ZHANG Wei, LIN Yaping, XIAO Sheng, et al. Privacy Preserving Ranked Multi-keyword Search for Multiple Data Owners in Cloud Computing[J]. IEEE Transactions on Computers, 2015,65(5): 1566-1577.
[27]	MIAO Yinbin, WENG Jian, LIU Ximeng, et al. Enabling Verifiable Multiple Keywords Search over Encrypted Cloud Data[EB/OL]. https://doi.org/10.1016/j.ins.2018.06.066, 2020-10-10.
[28]	LI Huige, ZHANG Fangguo, HE Jiejie, et al. A Searchable Symmetric Encryption Scheme using Blockchain[EB/OL]. https://arxiv.org/pdf/1711.01030.pdf, 2017-11-18.
[29]	YAN Xixi, YUAN Xiaohan, TANG Yongli, et al. Verifiable Attribute-based Searchable Encryption Scheme Based on Blockchain[J]. Journal on Communications, 2020,41(2): 187-198.
	闫玺玺, 原笑含, 汤永利, 等. 基于区块链且支持验证的属性基搜索加密方案[J]. 通信学报, 2020,41(2): 187-198.
[30]	DU Ruizhong, TAN Ailun, TIAN Junfeng. Public Key Searchable Encryption Scheme Based on Blockchain[J]. Journal on Communications, 2020,41(4): 114-122.
	杜瑞忠, 谭艾伦, 田俊峰. 基于区块链的公钥可搜索加密方案[J]. 通信学报, 2020,41(4): 114-122.
[31]	GOYAL R, HOHENBERGER S, KOPPULA V, et al. A Generic Approach to Constructing and Proving Verifiable Random Functions[EB/OL]. https://arxiv.org/pdf/1711.01030.pdf, 2017-11-05.
[32]	ZIPPEL R. Probabilistic Algorithms for Sparse Polynomials[C]// Springer. International Symposium on Symbolic and Algebraic Manipulation, June 30, 1979, Marseille, France. Berlin: Springer, 1979: 216-226.
[33]	SCHWARTZ J T. Fast Probabilistic Algorithms for Verification of Polynomial Identities[J]. Journal of the ACM (JACM), 1980,27(4): 701-717.

方案	细粒度访问控制	访问策略隐藏	多个关键字	区块链	公平支付
文献[7]方案	√	√	×	×	×
文献[8]方案	√	√	×	×	×
文献[15]方案	√	×	√	√	×
文献[17]方案	×	×	√	√	√
文献[24]方案	√	×	×	×	×
文献[28]方案	×	×	√	√	×
本文方案	√	√	√	√	√

方案	密钥生成阶段	索引生成阶段	搜索令牌生成阶段	搜索阶段
文献[7]方案	$(1+2\|R\|){{\Gamma }_{E}}+{{\Gamma }_{{{E}_{0}}}}$	$(1+2\|R\|){{\Gamma }_{E}}+2{{\Gamma }_{{{E}_{0}}}}$	$(1+2\|R\|){{\Gamma }_{E}}$	$(1+2\|R\|){{\Gamma }_{P}}+{{\Gamma }_{{{E}_{0}}}}$
文献[24]方案	$(2+2\|R\|){{\Gamma }_{E}}+\|R\|{{\Gamma }_{{{h}_{1}}}}$	$(4+2\|R\|){{\Gamma }_{E}}+\|R\|{{\Gamma }_{{{h}_{1}}}}$	$(4+2\|R\|){{\Gamma }_{E}}$	$(3+2\|R\|){{\Gamma }_{P}}+\|R\|{{\Gamma }_{{{E}_{0}}}}$
本文方案	$(4+2\|R\|){{\Gamma }_{E}}+{{\Gamma }_{{{E}_{0}}}}+{{\Gamma }_{{{h}_{1}}}}$	$(\|\gamma \|+\|R\|+\sum\limits_{a=1}^{R}{{{R}_{a}}}){{\Gamma }_{E}}+{{\Gamma }_{{{E}_{0}}}}$	$(1+2\|R\|){{\Gamma }_{E}}$	$(1+2\|R\|){{\Gamma }_{P}}+{{\Gamma }_{{{E}_{0}}}}$