多用户环境的区块链可搜索加密方案  被引量：1

作　　者：翟社平 张瑞婷[1] 杨锐 曹永强 ZHAI Sheping;ZHANG Ruiting;YANG Rui;CAO Yongqiang(School of Computer Science and Technology,Xi’an University of Posts and Telecommunications,Xi’an 710121,China;Shaanxi Key Laboratory of Network Data Analysis and Intelligent Processing,Xi’an University of Posts and Telecommunications,Xi’an 710121,China)

机构地区：[1]西安邮电大学计算机学院,陕西西安710121 [2]西安邮电大学陕西省网络数据分析与智能处理重点实验室,陕西西安710121

出　　处：《西安电子科技大学学报》2024年第4期151-169,共19页Journal of Xidian University

基　　金：国家自然科学基金(61373116);工业和信息化部通信软科学项目(2018-R-26);陕西省重点研发项目(2022GY-038);陕西省教育厅科学研究项目(18JK0697);陕西省教育厅科学研究计划项目(18JK0697);陕西省社会科学基金(2016N008);西安市社会科学规划基金(17X63);西安邮电大学研究生创新基金(CXJJYL2022036)。

摘　　要：如何在失去明文原有特性的加密数据上执行搜索,并实现数据共享,是可搜索加密技术研究的重点问题。针对传统非对称可搜索加密方案中存在的难以支持多用户多关键词搜索、半诚实第三方搜索服务、授权管理中心化的问题,提出了一种基于区块链的多用户环境可搜索加密方案。首先,将传统非对称可搜索加密方案与条件广播代理重加密技术相结合,通过为用户组加密密文、验证用户授权和为满足条件的用户重加密搜索结果,从而实现多用户环境下秘密数据的安全搜索与可控共享;其次,在联盟链上调用智能合约执行多关键词密文搜索,降低半诚实的第三方不实搜索风险,并采用改进的算法选举共识节点轮换担任授权管理者,减少传统中心权威机构单点故障或遭受恶意攻击等威胁;最后,通过分析方案的安全性、正确性等,证明方案能有效改进传统方案中存在的问题。相关仿真结果显示,与现有可搜索加密方案相比,文中方案在保证数据搜索隐私性方面具有明显优势,同时计算开销相对较低。How to perform search and realize data sharing on encrypted data that have lost the original features of a plaintext is the key issue in the research on searchable encryption technology.In view of the problems existing in traditional asymmetric searchable encryption schemes,it is difficult to support multi-user multi-keyword search,semi-honest third-party search service,and centralized authorization management,so this paper proposes a searchable encryption scheme for multi-user environment based on blockchain.First,the traditional asymmetric searchable encryption scheme is combined with conditional broadcast proxy re-encryption technology.By encrypting the ciphertext for user groups,verifying user authorization and re-encrypting search results for users meeting the conditions,the secure search and controllable sharing of secret data is realized in multi-user environment.Second,smart contracts are called on the alliance chain to perform multi-keyword ciphertext search,thus reducing the risk of semi-honest third-party false search,and the improved PBFT algorithm is used to elect consensus nodes to rotate as authorization managers,thereby reducing the threat of single point failure or malicious attacks of traditional central authorities.Finally,by analyzing the security and correctness of the scheme,it is shown that the scheme can effectively improve the problems existing in the traditional scheme.Simulation shows that compared with the existing searchable encryption schemes,the proposed scheme has obvious advantages in ensuring the privacy of data search,with the computing cost relatively low.

关 键 词：可搜索加密 条件广播代理重加密 区块链 共识算法 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]