基于区块链的动态可验证对称可搜索加密方案

对称可搜索加密(symmetric searchable encryption, SSE)能实现密文数据的检索而不泄露用户隐私, 在云存储领域得到了广泛的研究与应用. 然而, 在SSE方案中, 半诚实或者不诚实的服务器可能篡改文件中的数据, 返回给用户不可信的文件, 因此对这些文件进行验证是十分必要的. 现有的可验证SSE方案大多是用户本地进行验证, 恶意用户可能会伪造验证结果, 无法保证验证的公平性. 基于以上考虑, 提出一种基于区块链的动态可验证对称可搜索加密方案(verifiable dynamic symmetric searchable encryption, VDSSE); VDSSE采用对称加密实现动态更新过程中的前向安全; 在此基础上, 利用区块链实现搜索结果的验证, 验证过程中, 提出一种新的验证标签——Vtag, 利用Vtag的累积性实现验证信息的压缩存储, 降低验证信息在区块链上的存储开销, 并能够有效支持SSE方案的动态验证. 由于区块链具有不可篡改的性质, 验证的公平性得以保证. 最后, 对VDSSE进行实验评估和安全性分析, 验证方案的可行性和安全性.

Verifiable Dynamic Searchable Symmetric Encryption Based on Blockchain

Symmetric searchable encryption (SSE) can retrieve encrypted data without disclosing user privacy and has been widely studied and applied in cloud storage. However, in SSE schemes, semi-honest or dishonest servers may tamper with the data in files and return the untrusted files to users, so it is necessary to verify these files. Most existing verifiable SSE schemes are verified by the users locally, and malicious users may forge verification results, which cannot ensure verification fairness. To this end, this study proposes a verifiable dynamic symmetric searchable encryption scheme based on blockchain, VDSSE). VDSSE employs symmetric encryption to achieve forward security in the dynamic updating, and on this basis, the blockchain is utilized to verify the search results. During the verification, a new verification tag, Vtag, is proposed. The accumulation of Vtag is leveraged to compress the verification information, reduce the storage cost of verification information on the blockchain, and effectively support the dynamic verification of SSE schemes. Finally, experimental evaluation and security analysis are conducted on VDSSE to verify the feasibility and security of the scheme.