基于可更新加密的保护搜索模式的动态可搜索加密方案  被引量：1

作　　者：徐承志 徐磊[2] 许春根[2] XU Chengzhi;XU Lei;XU Chungen(School of Computer Science and Technology,Nanjing University of Science and Technology,Nanjing 210094,China;School of Mathematics and Statistics,Nanjing University of Science and Technology,Nanjing 210094,China)

机构地区：[1]南京理工大学计算机科学与工程学院,南京210094 [2]南京理工大学数学与统计学院,南京210094

出　　处：《计算机科学》2024年第3期340-350,共11页Computer Science

基　　金：国家自然科学基金(62202228,62072240);江苏省自然科学基金(BK20210330)。

摘　　要：动态可搜索对称加密(Dynamic Searchable Symmetric Encryption,DSSE)技术作为静态可搜索加密技术的拓展,因解决了数据密态场景下的安全检索问题并支持数据动态更新而备受关注。众所周知,目前大多数DSSE方案会泄露一些额外的信息以寻求更好的效率,如搜索模式与访问模式。最近的研究表明,这些泄露的信息面临着严重的安全问题,拥有数据库背景知识的敌手可能利用这些泄露信息恢复查询或重构数据库。由于这些泄露是伴随着查询的过程泄露出来的,因此不少学者提出在搜索时更新加密数据库来降低上述潜在的风险,即用户下载搜索到的密文数据到本地,解密后重新加密再上传到云服务器端。但这种方法会导致巨大的客户端通信、存储和计算开销。针对这一问题,提出了一种基于可更新加密的保护搜索模式的DSSE方案,该方案可以在不泄露数据隐私的情况下直接在服务器端进行数据更新,从而降低传统更新方法的通信开销以及客户端的计算开销。安全性分析表明,所提方案能有效保护搜索模式泄露;性能分析表明,所提方案相比传统利用更新密文方法保护搜索模式的方案能有效降低通信开销。在关键词匹配100个文档的情况下,与下载到本地重加密重传方式相比,所提方案的通信开销降低了70.92%。Dynamic searchable symmetric encryption(DSSE)technology,as an extension of static searchable encryption,has attracted much attention because it solves the problem of secure retrieval over encrypted data and supports data dynamicity.For practicality concerns,most current DSSE schemes leak extra information(e.g.,search patterns and access patterns)to fast search.Recent studies show that this leaked information poses serious security problems,the adversary with background know-ledge of the database may exploit the leaked information to recover the query or reconstruct the database.Since this information reveals along with the query process,scholars propose to refresh the encrypted database after the query to reduce the above potential risks.However,this approach leads to huge client-side communication,storage,and computation overheads.Because the client needs to download the results locally,decrypt them,re-encrypt them and finally upload them to the cloud.To address this problem,this paper proposes a new updatable DSSE scheme that hides all the above information including access pattern,search pattern.The scheme can update data directly at the server side without disclosing data privacy,thus reducing the communication overhead of traditional update methods of the client side.The security analysis shows that this scheme can hide the search pattern effectively.In addition,the communication cost of the proposed scheme is also significantly degraded when compared with the traditional scheme that executes ciphertext refreshing by the client.For example,in the case of keywords matching 100 documents,compared with downloading to local re-encryption and retransmission,the communication overhead of this scheme is reduced by 70.92%.

关 键 词：动态可搜索加密 可更新加密 前向安全 搜索模式 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]