信息网络安全 ›› 2023, Vol. 23 ›› Issue (5): 32-40.doi: 10.3969/j.issn.1671-1122.2023.05.004

• 技术研究 • 上一篇    下一篇

基于可验证秘密共享的多关键词可搜索加密方案

秦宝东1(), ,陈从正1, ,何俊杰1, 郑东1,2   

  1. 1.西安邮电大学网络空间安全学院,西安 710121
    2.青海师范大学计算机学院,西宁 810008
  • 收稿日期:2023-02-19 出版日期:2023-05-10 发布日期:2023-05-15
  • 通讯作者: 秦宝东 E-mail:qinbaodong@xupt.edu.cn
  • 作者简介:秦宝东(1982—),男,江苏,教授,博士,主要研究方向为密码学与信息安全|陈从正(1996—),男,陕西,硕士研究生,主要研究方向为公钥可搜索加密|何俊杰(1997—),男,陕西,硕士研究生,主要研究方向为公钥可搜索加密|郑东(1964—),男,山西,教授,博士,主要研究方向为密码学与信息安全
  • 基金资助:
    国家自然科学基金(62072371);青海省基础研究计划基金资助项目(2020-ZJ-701)

Multi-Keyword Searchable Encryption Scheme Based on Verifiable Secret Sharing

QIN Baodong1(), CHEN Congzheng1, HE Junjie1, ZHENG Dong1,2   

  1. 1. School of Cyberspace Security, Xi’an University of Posts and Telecommunications, Xi’an 710121, China
    2. The college of Computer, Qinghai Normal University, Xining 810008, China
  • Received:2023-02-19 Online:2023-05-10 Published:2023-05-15
  • Contact: QIN Baodong E-mail:qinbaodong@xupt.edu.cn

摘要:

可搜索加密技术在云存储技术快速发展的环境下已经被广泛应用于数据安全与个人信息保护的实施办法中,并作为研究热点被国内外众多学者关注。密码体制的安全性依赖密钥的保密,然而目前大多可搜索加密方案都需要用户自行管理密钥,存在密钥泄露和遗失的风险,影响加密方案的安全性,同时也限制了需要使用不同设备的用户。文章针对可搜索加密的密钥管理问题,基于可验证秘密共享提出了一种密钥可重构的多关键词可搜索加密方案,用户只需依赖自己的生物特征和预设口令即可完成数据的外包和检索,摆脱了自行管理密钥的困扰。方案满足选择关键词不可区分和身份认证两个安全属性,确保只有口令正确且生物特征与模板足够接近的情况下才能完成数据的外包和检索,用户特征的正确性由服务器端计算并验证,且无法得到关于用户的原始生物特征、密钥和关键词等隐私信息。

关键词: 多可搜索加密, 生物特征, 可验证秘密共享, 密钥管理

Abstract:

With the rapid development of cloud storage technology, searchable encryption technology has been widely used in the implementation of data security and personal information protection, and has been paid attention by many scholars at home and abroad as a research hotspot. The security of the encryption system depends on the confidentiality of the key. However, at present, most searchable encryption schemes require users to manage the key by themselves. There is a risk of key leakage and loss, which affects the security of the encryption scheme, and also limits users who need to use different devices. Aiming at the key management problem of searchable encryption, the paper proposed a key reconfigurable multi-keyword searchable encryption scheme based on verifiable secret sharing. Users only need to rely on their biometrics and password to complete data outsourcing and retrieval, and get rid of the problem of self-managed keys. The scheme meets the two security attributes of selecting keywords indistinguishable and identity authentication, and ensures that data outsourcing and retrieval can be completed only when the password is correct and the biometrics are close enough to the template. The correctness of user characteristics is calculated and verified by the server, and privacy information such as the user's original biometrics, keys and keywords cannot be obtained.

Key words: multi-searchable encryption, biometric, verifiable secret sharing, key management

中图分类号: