支持联合查询和交叉模式隐藏的结构加密  

作　　者：杨紫依 马昌社[1] 谢南江 YANG Ziyi;MA Changshe;XIE Nanjiang(School of Computer Science,South China Normal University,Guangzhou 510631,China)

机构地区：[1]华南师范大学计算机学院,广东广州510631

出　　处：《网络与信息安全学报》2024年第3期175-187,共13页Chinese Journal of Network and Information Security

基　　金：国家自然科学基金项目(62072192,U2336209)。

摘　　要：结构加密属于可搜索加密中在性能、安全性和查询表达能力之间权衡得较好的方案,不仅保护了云存储数据的隐私,且支持对密文数据库进行多种类型的查询。2013年提出的不经意交叉索引(oblivious cross-tag,OXT)方案支持多关键字联合查询,但令牌的计算与通信开销均为线性复杂度,近年来提出的联合过滤(ConjFilter)方案降低了令牌开销,减少了支持布尔查询的结构加密方案的隐私泄露,但导致不同查询之间的交叉泄露。为了防止出现联合查询泄露问题,提出了基于随机置换和计数器加密模式的转换密钥加密(transformable key encryption,TKE)方案,该方案可以在服务端不解密密文的条件下,把一个密钥加密的密文转换为另一个密钥加密的密文,且不泄露除转换模式之外的其他任何信息。基于该方案设计了支持联合查询的加密多映射方案可转换密钥过滤器(transformable key filter,TK-Filter),其与ConjFilter方案具有几乎相同的通信开销和存储开销,且能有效防止不同查询之间的交叉泄露。实验分析结果表明,TK-Filter在各种规模的数据集上相较ConjFilter减少了58%到86%的初始化时间,提高了34%到41%的搜索效率。Structured encryption,a specialized form of searchable encryption,has been recognized for offering improved tradeoffs between performance,security,and expressiveness.It is designed to protect the privacy of cloud storage data and supports a variety of queries on the ciphertext database.The structured encryption scheme OXT,token computation and search communication overheads.The ConjFilter scheme,more recently introduced,was aimed at decreasing the token overhead and reducing privacy leakage for structured encryption schemes that support Boolean queries.However,it was observed that this scheme resulted in cross-leakage between different queries.To address this issue,a transformed key encryption(TKE)scheme,based on random permutation and counter encryption modes was proposed.In essence,the TKE scheme was capable of converting ciphertext encrypted by one key into ciphertext encrypted by another key,without the need for decrypting the ciphertext at the serving side and without disclosing any information beyond the transformation modes.Utilizing this scheme,an encrypted multi-map scheme,transformable key filter(TK-Filter),was designed to support conjunctive queries.This scheme was reported to have nearly identical communication and storage overhead as the ConjFilter scheme but effectively prevented cross-leakage between different queries.Experimental analysis results show that TK-Filter reduces the initialization time by 58%to 86%and improves the search efficiency by 34%to 41%compared to ConjFilter across datasets of various sizes.

关 键 词：结构加密 联合查询 交叉泄露 计数器加密模式 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]