指定验证者与可撤销重加密的可搜索加密方案  被引量：1

作　　者：徐潜[1] 谭成翔[1] 樊志杰[1] 冯俊 朱文烨 校娅 Xu Qian;Tan Chengxiang;Fan Zhijie;Feng Jun;Zhu Wenye;and Xiao Ya(College of Electronics and Information Engineering , Tongji University , Shanghai 201804)

机构地区：[1]同济大学电子与信息工程学院,上海201804

出　　处：《计算机研究与发展》2018年第5期994-1013,共20页Journal of Computer Research and Development

基　　金：国家重点研发计划项目(2017YFB0802302)~~

摘　　要：隐藏向量加密(hidden vector encryption,HVE)作为一种谓词加密策略,不仅可以对解密密钥进行细粒度的控制,同时也支持对关键词的合取和子集等范围搜索,因此可以被应用在诸如电子健康记录等系统中,以保护用户敏感数据并提供密文检索功能.然而,目前已有的隐藏向量加密策略均未考虑离线关键词测试攻击和可撤销的代理访问控制.针对这一问题,提出了一种支持指定验证者和基于时间的可撤销代理重加密的高效的隐藏向量加密方案.代理人可以在数据拥有者指定的时间区间内访问密文数据,而当超过预定的时间后,代理权限将被自动撤销.由于只有指定的验证者可以执行验证操作,使得方案可以有效地抵御离线关键词测试攻击.提出的可搜索加密方案不仅在标准模型下面对选择关键词、选择时间攻击是可证明安全的,同时,搜索令牌的尺寸、重加密算法的时间复杂度以及验证操作的双线性对运算次数均限定在O(1)常数界限内.因此,方案具有较好的安全性和实用效率.Hidden vector encryption（HVE）is a notable case of predicate encryption that enables the fine-grained control on the decryption key and supports the conjunctive keyword search and range queries on encrypted data.Such a technology can play an important role in the electronic health record（EHR）system since it incorporates the security protection and the convenience searchable functions on the sensitive medical records.However,all the existing HVE schemes cannot provide designed tester and automatically delegation function while requiring a low communication and computation overhead.In this paper,an efficient HVE scheme with designed tester and timing controlled proxy reencryption is proposed.The delegatee can perform search operation on the re-encryption ciphertext during a certain period of time specified by the delegator,and the search authority can be revoked automatically after the effective time period.Since only the designed tester can test whether the given query tokens match the ciphertext,the proposed scheme can also resist the off-line keyword guessing（KG）attack.Moreover,our scheme is proved secure against chosen keyword and chosen time attack in the standard model and maintains a relatively low asymptotic complexity because it only requires a token size of O（1）and O（1）bilinear pairing computations in the test process.

关 键 词：可搜索加密 隐藏向量加密 指定验证者 代理重加密 代理权限可撤销 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]