支持模式隐藏的多关键词公钥可搜索加密方案  

作　　者：聂旭云[1,2] 成驰 耿聪 廖泽宇 焦丽华 陈瑞东 陈大江 NIE Xuyun;CHENG Chi;GENG Cong;LIAO Zeyu;JIAO Lihua;CHEN Ruidong;CHEN Dajiang(School of Information and Software Engineering,University of Electronic Science and Technology of China,Chengdu 610054,China;Sichuan Provincial Key Laboratory of Network and Data Security,Chengdu 611731,China;School of Computer Science&Engineering,University of Electronic Science and Technology of China,Chengdu 611731,China)

机构地区：[1]电子科技大学信息与软件工程学院,四川成都610054 [2]网络与数据安全四川省重点实验室,四川成都611731 [3]电子科技大学计算机科学与工程学院,四川成都611731

出　　处：《通信学报》2025年第3期131-143,共13页Journal on Communications

基　　金：国家重点研发计划基金资助项目(No.2023YFB3106402)。

摘　　要：为了解决现有多用户可搜索加密方案无法隐藏访问模式和搜索模式、抵抗关键词猜测等攻击的问题,提出了一种全新的支持多用户、多关键词搜索的公钥可搜索加密方案。该方案能够在分布式系统中支持多写者/多读者功能,并利用安全比特分解(SBD)协议,多密钥隐私保护外包计算(EPOM)和随机引入假阳性的方法,实现对访问模式与搜索模式的隐藏。同时,该方案支持多写者/多读者表示每个用户加密和上传数据,并搜索所有经授权的加密数据。该方案可通过在多个服务器上并行搜索来加速搜索处理,并仅需为所有读者维护一份加密索引。理论分析和实验结果表明,所提方案在满足陷门和密文的不可区分、多类布尔搜索、搜索和访问模式隐私的前提下,执行效率接近同类型的公钥可搜索加密最优方案。To address the limitations of existing multi-user searchable encryption(SE)schemes that fail to hide access patterns,search patterns,and resist keyword guessing attacks,a novel public-key searchable encryption scheme was proposed supporting multi-user and multi-keyword searches.Multi-writer/multi-reader functionality was enabled in distributed systems and employed three key techniques:the secure bit decomposition(SBD)protocol,efficient privacypreserving outsourced calculation framework with multiple key(EPOM),and randomly introducing false positives to achieve access pattern and search pattern hiding.Each user was allowed to encrypt/upload data and search all authorized encrypted data by the multi-writer/multi-reader capability.The search processing through parallel search across multiple servers was accelerated while maintaining only one encrypted index for all readers.Theoretical analysis and experimental results demonstrate that the proposed scheme satisfies the indistinguishability of trapdoors and ciphertext,supports multi-type Boolean searches,preserves search and access pattern privacy,and achieves execution efficiency comparable to state-of-the-art public-key SE schemes.

关 键 词：模式隐藏 多关键词 多写者/多读者 公钥可搜索加密 数据共享安全 

分 类 号：TP309[自动化与计算机技术—计算机系统结构]