共查询到19条相似文献,搜索用时 31 毫秒
1.
2.
3.
属性代理重加密机制既能实现数据共享又能实现数据转发,但这种机制通常并不支持数据检索功能,阻碍了属性代理重加密的发展应用。为了解决这一问题,该文提出一个支持关键词搜索的密文策略的属性代理重加密方案。通过将密钥分为属性密钥和搜索密钥,不仅可以实现关键词可搜索,而且实现了代理重加密。在验证阶段,云服务器既执行关键词验证,又可以对原始密文和重加密密文进行部分解密,从而减轻用户的计算负担。通过安全性分析,该方案可以实现数据安全性、检索分离、关键词隐藏和抗共谋攻击。 相似文献
4.
聂旭云;成驰;耿聪;廖泽宇;焦丽华;陈瑞东;陈大江 《通信学报》2025,46(3):131-143
为了解决现有多用户可搜索加密方案无法隐藏访问模式和搜索模式、抵抗关键词猜测等攻击的问题,提出了一种全新的支持多用户、多关键词搜索的公钥可搜索加密方案。该方案能够在分布式系统中支持多写者/多读者功能,并利用安全比特分解(SBD)协议,多密钥隐私保护外包计算(EPOM)和随机引入假阳性的方法,实现对访问模式与搜索模式的隐藏。同时,该方案支持多写者/多读者表示每个用户加密和上传数据,并搜索所有经授权的加密数据。该方案可通过在多个服务器上并行搜索来加速搜索处理,并仅需为所有读者维护一份加密索引。理论分析和实验结果表明,所提方案在满足陷门和密文的不可区分、多类布尔搜索、搜索和访问模式隐私的前提下,执行效率接近同类型的公钥可搜索加密最优方案。 相似文献
5.
提出一种支持直接撤销的属性基加密方案,首先给出支持直接撤销的属性基加密定义和安全模型,其次给出具体的支持撤销的密文策略——属性基加密方案并对安全性进行证明,最后,与其他方案对比显示,该方案在密文和密钥长度方面都有所减少。该方案可以实现对用户进行即时撤销,当且仅当用户所拥有的属性满足密文的访问结构且不在用户撤销列表内时,才能使用自己的私钥解密出明文。 相似文献
6.
张克君;王文彬;徐少飞;于新颖;王钧;李鹏程;钱榕 《通信学报》2024,45(9):244-257
针对一对多模型下共享数据细粒度访问控制、密文密钥的安全共享和更新等问题,提出了一种面向云存储且支持代理重加密的多关键词属性基可搜索加密方案。增加节点信息改进访问树结构,实现对密文数据读写权限的细粒度访问控制;对查询关键词进行属性基加密优化处理,实现陷门信息不可区分性和限制不同用户的检索能力;利用重加密方法更新密文及密钥,解决已撤销用户恶意访问隐私数据带来的系统安全问题;设计了一种基于区块链的安全性验证算法来识别第三方托管隐私数据被攻击篡改的问题。基于DBDH困难问题和DDH困难问题,推理证明了所提方案能够满足自适应关键词密文安全和陷门安全。实验结果表明,该方案在密钥生成、陷门生成、关键词索引生成和正确性验证阶段能够保证隐私数据及密钥安全,同时相比于同类方案,在时间开销方面具有更高效率。 相似文献
7.
在可搜索加密的云服务中,数据拥有者往往更希望将数据文件以密文的形式分别存储到多个云服务器,从而提高授权用户对云端数据的检索效率以及对大型数据的处理能力。基于此,该文提出一种基于云存储的多服务器多关键词多用户可搜索加密方案,该方案被证明是IND-CKA(adaptive Chosen Keyword Attack)安全的,且同时具备关键词陷门的安全性。相对于单服务器可搜索加密,该方案在保证数据机密性的前提下能够对其进行高效检索,并能够在关键字索引中不完全包含所检索的多个关键词或者不存在某个文件包含所有被检索的多个关键词的情况下,更精确地进行检索。 相似文献
8.
为解决传统公钥密码体制下的可搜索加密方案检索效率低、关键词索引存储开销大、索引不支持动态更新等问题,基于计数布隆过滤器良好的空间和时间效率判断元素是否属于某个集合的特性,将此特性应用于可搜索加密建立关键词索引,即将关键词集合映射到一个二进制向量中,从而降低关键词存储开销;同时,利用计数布隆过滤器可删除的特性实现关键词索引的动态更新。此外,为防止敌手通过统计分析手段从二进制向量中推断出关键词明文信息,将二进制向量利用置换进行盲化,然后将置换利用属性加密进行秘密共享,合法用户正确生成关键词陷门后,服务商基于用户的关键词陷门帮助用户完成关键词匹配查询。最后,安全性分析和仿真实验证明了方案的安全性和高效性。 相似文献
9.
现有的多关键词的检索研究集中在支持关键词的精确匹配,文中提出一个支持语义扩展查询的多关键词密文检索方案,基于信息内容计算方法同时考虑到关键词与文档的关系引入TF-IDF技术实现语义扩展;采用平衡二叉树的索引结构,使用安全k近邻算法加密索引向量和语义扩展查询向量,确保计算出准确的相关性得分,实现多关键词排序搜索。通过进行索引和陷门的机密性、查询无关联性等安全性分析表明,本文实现的检索方案是安全的,可以防止内部威胁。 相似文献
10.
针对现有的可搜索加密算法在多用户环境中密钥管理难度大并且缺乏细粒度访问控制机制的问题,利用基于密文策略的属性加密机制(CP-ABE, ciphertext-policy attribute based encryption)实现了对隐藏关键词可搜索加密方案的细粒度访问控制。数据拥有者可以为其在第三方服务器中存储的加密指定灵活的访问策略,只有自身属性满足该访问策略的用户才有权限对数据进行检索和解密。同时还能够实现对用户的增加与撤销。安全性分析表明方案不仅可以有效地防止隐私数据的泄露,还可以隐藏关键词的信息,使得第三方服务器在提供检索功能的同时无法窃取用户的任何敏感信息。方案的效率分析表明,该系统的检索效率仅为数十微秒,适合在大型应用系统中使用。 相似文献
11.
大多数可搜索加密方案仅支持对单关键词集的搜索,且数据使用者不能迅速对云服务器返回的密文进行有效性判断,同时考虑到云服务器具有较强的计算能力,可能会对关键词进行猜测,且没有对数据使用者的身份进行验证。针对上述问题,该文提出一个对数据使用者身份验证的抗关键词猜测的授权多关键词可搜索加密方案。方案中数据使用者与数据属主给授权服务器进行授权,从而验证数据使用者是否为合法用户;若验证通过,则授权服务器利用授权信息协助数据使用者对云服务器返回的密文进行有效性检测;同时数据使用者利用服务器的公钥和伪关键词对关键词生成陷门搜索凭证,从而保证关键词的不可区分性。同时数据属主在加密时,利用云服务器的公钥、授权服务器的公钥以及数据使用者的公钥,可以防止合谋攻击。最后在随机预言机模型下证明了所提方案的安全性,并通过仿真实验验证,所提方案在多关键词环境下具有较好的效率。 相似文献
12.
The security of cascade ciphers, in which by definition the keys of the component ciphers are independent, is considered.
It is shown by a counterexample that the intuitive result, formally stated and proved in the literature, that a cascade is
at least as strong as the strongest component cipher, requires the uninterestingly restrictive assumption that the enemy cannot
exploit information about the plaintext statistics. It is proved, for very general notions of breaking a cipher and of problem
difficulty, that a cascade is at least as difficult to break as the first component cipher. A consequence of this result is
that if the ciphers commute, then a cascade is at least as difficult to break as the most-difficult-to-break component cipher,
i.e., the intuition that a cryptographic chain is at least as strong as its strongest link is then provably correct. It is
noted that additive stream ciphers do commute, and this fact is used to suggest a strategy for designing secure practical
ciphers. Other applications in cryptology are given of the arguments used to prove the cascade cipher result.
The results of this paper were presented in part at the 1990 IEEE Symposium on Information Theory, January 14–19, 1990, San
Diego, California. 相似文献
13.
Eiichiro Fujisaki Tatsuaki Okamoto David Pointcheval Jacques Stern 《Journal of Cryptology》2004,17(2):81-104
Recently Victor Shoup noted that there is a gap in the widely believed security
result of OAEP against adaptive chosen-ciphertext attacks. Moreover, he showed
that, presumably, OAEP cannot be proven secure from the one-wayness of the underlying
trapdoor permutation. This paper establishes another result on the security of OAEP.
It proves that OAEP offers semantic security against adaptive chosen-ciphertext attacks,
in the random oracle model, under the partial-domain one-wayness of the underlying
permutation. Therefore, this uses a formally stronger assumption. Nevertheless, since
partial-domain one-wayness of the RSA function is equivalent to its (full-domain) onewayness,
it follows that the security of RSA-OAEP can actually be proven under the
sole RSA assumption, although the reduction is not tight. 相似文献
14.
KU Peng TANG Yong JIANG Wenbin JIN Hai ZOU Deqing 《电子学报:英文版》2014,23(4):655-660
Ciphertext-policy attribute-based encryp- tion (CP-ABE) allows a user with some attributes to decrypt the ciphertexts associated with these at- tributes. Though several CP-ABE schemes with the con- stant size ciphertext were proposed to reduce the commu- nication cost, their master public and secret keys still have the size linear in the total number of attributes. These schemes are unpractical for the attribute-scalable and many-attributes scenario. A new CP-ABE scheme is pro- posed. Each attribute is mapped to a mathematical value by a combination method. The master public and secret keys of the proposed CP-ABE scheme have the size linear in the binary size of a hash function's range. It has the comparable performance with existing schemes in the aspects like the time costs of encryption and decryption, the expressiveness of access policy and the provable security. 相似文献
15.
Qinlong HUANG;Zhaofeng MA;Yixian YANG;Jingyi FU;Xinxin NIU 《电子学报:英文版》2015,24(4):862-868
Ciphertext-policy attribute-based encryption (CP-ABE) is becoming a promising solution to guarantee data security in cloud computing. In this paper, we present an attribute-based secure data sharing scheme with Efficient revocation (EABDS) in cloud computing. Our scheme first encrypts data with Data encryption key (DEK) using symmetric encryption and then encrypts DEK based on CP-ABE, which guarantees the data confidentiality and achieves fine-grained access control. In order to solve the key escrow problem in current attribute based data sharing schemes, our scheme adopts additively homomorphic encryption to generate attribute secret keys of users by attribute authority in cooperation with key server, which prevents attribute authority from accessing the data by generating attribute secret keys alone. Our scheme presents an immediate attribute revocation method that achieves both forward and backward security. The computation overhead of user is also reduced by delegating most of the decryption operations to the key server. The security and performance analysis results show that our scheme is more secure and efficient. 相似文献
16.
Yan ZHU;Ruyun YU;E CHEN;Dijiang HUANG 《电子学报:英文版》2019,28(3):445-456
In this paper our objective is to explore approaches of secure group-oriented communication with designation and revocation mechanisms simultaneously. We present a new scheme of Revocation-based broadcast encryption (RBBE) which is designed on Dan Boneh et al.'s scheme with the designation mechanism proposed in 2005. We combine two above-mentioned schemes into a new cryptosystem, called Dual-mode broadcast encryption (DMBE). Based on these work, we reach the following conclusions. We use the DMBE scheme as an example to show that it is feasible to construct a broadcast encryption scheme that supports designation and revocation mechanisms simultaneously. The cryptosystem with dual modes is more efficient than that with single mode over computational costs, and the performance is improved to at most O(⌈N/2⌉), where N is the total number of users in the system. We prove completely that both the RBBE scheme and the DMBE scheme are semantically secure against chosen plaintext attack with full collusion under the decisional bilinear Diffie-Hellman exponent assumption. 相似文献
17.
Attribute revocation is inevitable and also important for Attribute-Based Encryption (ABE) in practice. However, little attention has been paid to this issue, and it remains one of the main obstacles for the application of ABE. Most of existing ABE schemes support attribute revocation work under indirect revocation model such that all the user's private keys will be affected when the revocation events occur. Though some ABE schemes have realized revocation under direct revocation model such that the revocation list is embedded in the ciphertext and none of the user's private keys will be affected by revocation, they mostly focused on the user revocation that revokes the user's whole attributes, or they can only be proven to be selectively secure. In this paper, we first define a model of adaptively secure ABE supporting the attribute revocation under direct revocation model. Then we propose a Key-Policy ABE (KP-ABE) scheme and a Ciphertext-Policy ABE (CP-ABE) scheme on composite order bilinear groups. Finally, we prove our schemes to be adaptively secure by employing the methodology of dual system encryption. 相似文献
18.
Xi Sun Hao Wang Xiu Fu Hong Qin Mei Jiang Likun Xue Xiaochao Wei 《Digital Communications & Networks》2021,7(2):277-283
With the development of big data and cloud computing technology, more and more users choose to store data on cloud servers, which brings much convenience to their management and use of data, and also the risk of data leakage. A common method to prevent data leakage is to encrypt the data before uploading it, but the traditional encryption method is often not conducive to data sharing and querying. In this paper, a new kind of Attribute-Based Encryption (ABE) scheme, which is called the Sub-String Searchable ABE (SSS-ABE) scheme, is proposed for the sharing and querying of the encrypted data. In the SSS-ABE scheme, the data owner encrypts the data under an access structure, and only the data user who satisfies the access structure can query and decrypt it. The data user can make a substring query on the whole ciphertext without setting keywords in advance. In addition, the outsourcing method is also introduced to reduce the local computation of the decryption process so that the outsourcing SSS-ABE scheme can be applied to IoT devices. 相似文献
19.
Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and Extensions 总被引:2,自引:0,他引:2
Michel Abdalla Mihir Bellare Dario Catalano Eike Kiltz Tadayoshi Kohno Tanja Lange John Malone-Lee Gregory Neven Pascal Paillier Haixia Shi 《Journal of Cryptology》2008,21(3):350-391
We identify and fill some gaps with regard to consistency (the extent to which false positives are produced) for public-key
encryption with keyword search (PEKS). We define computational and statistical relaxations of the existing notion of perfect
consistency, show that the scheme of Boneh et al. (Advances in Cryptology—EUROCRYPT 2004, ed. by C. Cachin, J. Camenisch,
pp. 506–522, 2004) is computationally consistent, and provide a new scheme that is statistically consistent. We also provide a transform of
an anonymous identity-based encryption (IBE) scheme to a secure PEKS scheme that, unlike the previous one, guarantees consistency.
Finally, we suggest three extensions of the basic notions considered here, namely anonymous hierarchical identity-based encryption,
public-key encryption with temporary keyword search, and identity-based encryption with keyword search.
An extended abstract of this paper appears in Advances in Cryptology—CRYPTO 2005, ed. by V. Shoup, Santa Barbara, California, August 14–18, 2005, Lecture Notes in Computer Science, vol. 3621 (Springer,
Berlin, 2005), pp. 205–222. This is the full version. 相似文献