可撤销的多关键字公钥可搜索加密方案

在云计算应用中，为保证隐私数据安全，用户需要将数据在本地加密后再上传至云服务器。可搜索加密技术允许用户直接检索服务器上的加密数据，获得检索权限的用户往往可以无限制地检索密文。在现实应用中，用户密钥的丢失及恶意攻击容易对隐私数据产生安全威胁，用户不应该持续保持对数据的检索能力。为此，提出了一个支持用户检索权限撤销的公钥可搜索加密方案。将系统的整个生命周期划分为不同时段，下个时段的密文由上个时段的密文进化而来，通过密文进化及时间密钥的分发控制实现用户权限的撤销。方案在支持多关键字检索的同时降低方案的计算开销，并且撤销用户对此前时刻所有密文的检索能力，保证密文的前向安全性。

Multi-keyword public key searchable encryption scheme with keyword revocation

In cloud computing applications, users need to encrypt data locally before uploading it to the cloud server to ensure the security of private data. Searchable encryption technology allows users to directly search encrypted data on the server. Users with search permission can search ciphertext without limitation. In practical applications, the loss of user key and malicious attacks are easy to cause security threats to private data, and users should not keep the ability to retrieve data. This paper proposed a public-key searchable encryption scheme that supported the revocation of user retrieval rights. It divided the whole life cycle of the system into different periods. The ciphertext in the next period was evolved from the ciphertext in the last period. It revoked the user permission through the ciphertext evolution and time key distribution control. The scheme supports multi-keyword retrieval, reduces the computing cost, and cancels the search ability of all ciphertexts at the previous time to ensure the forward security of ciphertexts.