云环境下基于属性的多关键字可搜索加密方案

可搜索加密技术可在不解密数据密文的同时实现密文关键字的检索,很好地保护了数据存储方的隐私。针对目前大多数可搜索加密方案无法支持用户自定义搜索策略的问题,提出了一种安全、高效、可支持任意表达的基于属性可搜索加密方案。该方案首先基于LSSS搜索结构,支持任意合取、析取或单调布尔表达式的多关键字搜索策略,用户使用私钥为LSSS搜索策略生成陷门,云服务器通过陷门可以搜索包含满足特定关键字搜索策略的密文;其次,通过与基于属性加密方案结合,可以实现对云中加密数据的细粒度访问控制;另外,该方案通过将关键字拆分成关键字名和关键字值以及“线性拆分”技术,使得攻击者无法从密文和陷门中推测出关键字值敏感信息;最后,通过将部分解密工作转移到云服务器来降低用户的计算负担。基于DBDH、(q-2)和判定线性假设证明了所提方案的安全性,理论分析和实验结果也表明了该方案的有效性。

Expressive Attribute-based Searchable Encryption Scheme in Cloud Computing

Searchable encryption technology can realize keyword search without decrypting the data,and thus well protects user’sprivate information.Aiming at the problem that most current searchable encryption schemes cannot support user-defined search strategies,this paper proposes an attribute-based searchable encryption scheme which is secure,efficient and can support arbitrary search expressions.Firstly,the scheme,based on LSSS access structure,allows keyword search policy to be represented by conjunction,disjunction or any monotone Boolean expression,user generates trapdoor for LSSS search policy by utilizing the private key,and cloud server can search ciphertexts that satisfy specific keywords search policy through trapdoor.Secondly,it can realize fine-grained access control of encrypted data in cloud through combining with attribute-based encryption scheme.In addition,attackers cannot infer the sensitive information of keyword values from ciphertext and trapdoor by splitting keywords into keyword names and values through“linear splitting”technology.Finally,the computing burden of users is reduced due to part of decryption work is transfered to cloud server.The security of the proposed scheme is proved based on BDHE,(q-2)assumption.Theoretical analysis and experimental results also show that the scheme is effective.