支持结果验证的多服务器动态可搜索加密方案  被引量：5

作　　者：何雨 田有亮[1,2,3] 万良 杨力[4] HE Yu;TIAN Youliang;WAN Liang;YANG Li(College of Computer Science and Technology,Guizhou University,Guiyang 550025,China;State Key Laboratory of Public Big Data,Guizhou University,Guiyang 550025,China;Institute of Cryptography and Date Security,Guizhou University,Guiyang 550025,China;School of Computer Science and Technology,Xidian University,Xi’an 710071,China)

机构地区：[1]贵州大学计算机科学与技术学院,贵州贵阳550025 [2]贵州省公共大数据重点实验室,贵州贵阳550025 [3]贵州大学密码学与数据安全研究所,贵州贵阳550025 [4]西安电子科技大学计算机科学与技术学院,陕西西安710071

出　　处：《西安电子科技大学学报》2022年第5期189-200,共12页Journal of Xidian University

基　　金：国家自然科学基金(61662009,61772008);贵州省科技重大专项计划(20183001);国家自然科学基金联合基金重点支持项目(U1836205);贵州省科技计划(黔科合基础[2019]1098);贵州省高层次创新型人才项目(黔科合平台人才[2020]6008)。

摘　　要：针对传统单服务器可搜索加密方案检索效率不高以及服务器单点故障问题,基于Shamir-秘密共享的思想,结合智能合约,构造了一个支持结果验证的多云服务器可搜索加密方案。首先,使用Shamir-秘密共享技术,将数据拆分成多个不同的数据块,分别加密存储在各个独立的服务器上,构造一个多云服务器可搜索加密模型,防止服务器单点故障导致数据大量丢失的问题,实现数据安全分布存储和高效查询;其次,利用智能合约自动执行的特点,构造查询结果的验证方法,通过签订合约来实现查询结果的验证,解决半可信的云服务器模型下返回结果的正确性难以保证的问题。另外,引入分块矩阵,对更新的数据构造子矩阵,以降低更新文档后查询的计算开销,并且通过添加虚假关键字信息,防止云服务器的猜测攻击,保证更新数据的安全。最后,通过安全性分析和实验分析表明,本方案在有效保护数据隐私的同时,与其他方案相比,减少了索引生成时间,并且检索效率更高。Aiming at the low retrieval efficiency and the single point of failure(SPOF)of the traditional single-server searchable encryption scheme,this paper constructs a multi-cloud server searchable encryption scheme supporting result verification based on Shamir-secret sharing and intelligent contract.First of all,the Shamir-secret sharing technology is used to split data into multiple different data blocks,which are encrypted and stored on each independent server,and a multi-cloud server searchable encryption model is constructed to prevent the problem of massive data loss caused by SPOF and realize safe distributed storage and efficient query of data.Furthermore,using the characteristics of automatic execution of smart contracts to construct a verification method for query results,the verification of query results is realized by signing a contract,which solves the problem that the correctness of the returned results under the semi-trusted cloud server model is difficult to guarantee.In addition,we introduce a block matrix to construct a sub-matrix for the updated data to reduce the computational cost of query after updating documents,and by adding false keyword information,guessing attacks on cloud servers are prevented,and the security of updated data is guaranteed.Finally,the security analysis and experimental analysis show that the scheme can effectively protect data privacy while reducing the index generation time,and achieve a higher retrieval efficiency compared with other schemes.

关 键 词：可搜索加密 智能合约 多服务器 Shamir-秘密共享 分块矩阵 

分 类 号：TP309.7[自动化与计算机技术—计算机系统结构]